gnupg.git
3 years agoagent: fix agent_askpin.
NIIBE Yutaka [Fri, 9 Oct 2015 02:46:23 +0000 (11:46 +0900)]
agent: fix agent_askpin.

* agent/call-pinentry.c (agent_askpin): Fix off-by-one error.

3 years agoagent: Fix function return type for check_cb and agent_askpin.
NIIBE Yutaka [Fri, 9 Oct 2015 02:33:13 +0000 (11:33 +0900)]
agent: Fix function return type for check_cb and agent_askpin.

* agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
(start_pinentry, setup_qualitybar): Likewise.
(agent_askpin): Fix return value check of check_cb.
* agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
(ssh_identity_register): Fix return value check of agent_askpin.
* agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
* agent/findkey.c (try_unprotect_cb): Likewise.
* agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
(agent_ask_new_passphrase): Fix return value check of agent_askpin.

3 years agodirmngr: Default to http protocol for http-proxy
Andre Heinecke [Fri, 25 Sep 2015 09:43:16 +0000 (11:43 +0200)]
dirmngr: Default to http protocol for http-proxy

* common/http.c (send_request): Fix handling for hostname:port string.

--
The first pass to parse_uri should already do a scheme check so
that a hostname:port string is detected as invlaid and the retry
code actually takes effect and adds a http://

GnuPG-bug-id: 2109

3 years agospeedo: Add a w32-release target.
Werner Koch [Thu, 8 Oct 2015 16:24:26 +0000 (18:24 +0200)]
speedo: Add a w32-release target.

--

This simplifies building a release to:

  git tag -s gnupg-2.n.m
  ./autogen.sh --force
  cd ~/b/gnupg
  ~/s/gnupg/configure --enable-maintainer-mode
  make distcheck
  tar xJf gnupg-2.n.m.tar.bz2
  make -f gnupg-2.n.m/build-aux/speedo.mk w32-release
  gpg -sbvu KEYID gnupg-2.n.m.tar.bz2
  gpg -sbvu KEYID gnupg-w32-2.n.m-20151008.tar.xz
  gpg -sbvu KEYID gnupg-w32-2.n.m-20151008.exe
  scp gnupg-2.n.m.tar.bz2              $TARGET
  scp gnupg-w32-2.n.m-20151008.tar.xz  $TARGET
  scp gnupg-w32-2.n.m-20151008.exe     $TARGET

3 years agocommon: Allow building of mkdir_p.c for Windows.
Werner Koch [Thu, 8 Oct 2015 14:42:14 +0000 (16:42 +0200)]
common: Allow building of mkdir_p.c for Windows.

* common/mkdir_p.c: Change license and comment debug statements.
(amkdir_p, mkdir_p): Fail on malloc error and use default_errsource to
build an error code.  Change return value to gpg_error_t.
(amkdir_p): Use gnupg_mkdir.

* common/membuf.c: Include util.h first to avoid redefined macro
warnings.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add option --print-dane-records.
Werner Koch [Thu, 8 Oct 2015 13:04:45 +0000 (15:04 +0200)]
gpg: Add option --print-dane-records.

* g10/options.h (opt): Add field "print_dane_records".
* g10/gpg.c (oPrintDANERecords): new.
(opts): Add --print-dane-records.
(main): Set that option.
* g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
(do_export_stream): Add EXPORT_DANE_FORMAT handling.
* g10/keylist.c (list_keyblock_pka): Implement DANE record printing.

* g10/gpgv.c (export_pubkey_buffer): New stub.
* g10/test-stubs.c (export_pubkey_buffer): New stub.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoFix two unused/possible-uninitialized var warnings.
Werner Koch [Thu, 8 Oct 2015 12:58:26 +0000 (14:58 +0200)]
Fix two unused/possible-uninitialized var warnings.

--

3 years agogpg: Pass CTRL parameter to all key listing functions.
Werner Koch [Thu, 8 Oct 2015 12:55:07 +0000 (14:55 +0200)]
gpg: Pass CTRL parameter to all key listing functions.

* g10/keylist.c (public_key_list): Add arg CTRL.
(secret_key_list): Ditto.
(list_all, list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_pka): Ditto.
(list_keyblock): Ditto.
(list_keyblock_direct): Ditto.
* g10/keygen.c (proc_parameter_file): Add arg CTRL.
(read_parameter_file): Ditto.
(quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
(generate_keypair): Pass arg CTRL.
* g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
--

This will help use to implement the --server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove unfinished experimental code to export as S-expressions.
Werner Koch [Wed, 7 Oct 2015 14:55:15 +0000 (16:55 +0200)]
gpg: Remove unfinished experimental code to export as S-expressions.

* g10/options.h (EXPORT_SEXP_FORMAT): Remove.
(EXPORT_DANE_FORMAT): New.
* g10/export.c (parse_export_options): Remove "export-sexp-format".
(export_seckeys): Adjust for removed option.
(export_secsubkeys): Ditto.
(do_export): Prepare for DANE format.
(build_sexp, build_sexp_seckey): Remove.
(do_export_stream): Remove use of removed functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add new --auto-key-locate mechanism "dane".
Werner Koch [Tue, 6 Oct 2015 18:31:43 +0000 (20:31 +0200)]
gpg: Add new --auto-key-locate mechanism "dane".

* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Addlow fetching keys using OpenPGP DANE
Werner Koch [Tue, 6 Oct 2015 17:59:56 +0000 (19:59 +0200)]
dirmngr: Addlow fetching keys using OpenPGP DANE

* dirmngr/server.c (cmd_dns_cert): Add option --dane.
--

This implements draft-ietf-dane-openpgpkey-05.txt
To test this use

  $ gpg-connect-agent --dirmngr
  > /hex
  > dns_cert --dane wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Improve DNS code to retrieve arbitrary records.
Werner Koch [Tue, 6 Oct 2015 17:57:00 +0000 (19:57 +0200)]
dirmngr: Improve DNS code to retrieve arbitrary records.

* dirmngr/dns-cert.c (get_dns_cert): Add hack to retrieve arbitrary
resource records.
* dirmngr/dns-cert.h (DNS_CERTTYPE_RRBASE): New.
(DNS_CERTTYPE_RR61): New.
--

This has been tested with ADNS on Unix and with the standard
resolver.  Because ADNS works it should also work on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Change DNS code to make additions easier.
Werner Koch [Tue, 6 Oct 2015 15:34:13 +0000 (17:34 +0200)]
dirmngr: Change DNS code to make additions easier.

* dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow
adding more resource types.

3 years agodirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.
Werner Koch [Tue, 6 Oct 2015 11:55:38 +0000 (13:55 +0200)]
dirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.

* dirmngr/server.c (cmd_killdirmngr): Set assuan close flag.
(cmd_reloaddirmngr): Use check_owner_permission.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Typo fix in German translation.
Werner Koch [Tue, 6 Oct 2015 11:11:12 +0000 (13:11 +0200)]
po: Typo fix in German translation.

--

3 years agodirmngr: Do tilde expansion for --hkp-cacert.
Werner Koch [Tue, 6 Oct 2015 11:10:26 +0000 (13:10 +0200)]
dirmngr: Do tilde expansion for --hkp-cacert.

* dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
check for cert file existance in option --hkp-cacert.
--

GnuPG-bug-id: 2120
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fail decryption for AES etc message w/o MDC.
Werner Koch [Tue, 6 Oct 2015 07:40:57 +0000 (09:40 +0200)]
gpg: Fail decryption for AES etc message w/o MDC.

* g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
--

This change turns the missing MDC warning into an error if the message
has been encrypted using a cipher with a non-64 bit block length cipher
and it is not Twofish.

We can assume that such messages are created by code which should have
been able to create MDC packets.  AES was introduced with 1.0.3 on
2000-09-18 shortly after MDC (1.0.2 on 2000-07-12).  We need to
exclude Twofish because that might have been used before MDC.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Fix verification of signature for smartcard.
NIIBE Yutaka [Tue, 6 Oct 2015 06:10:25 +0000 (15:10 +0900)]
agent: Fix verification of signature for smartcard.

* agent/pksign.c (agent_pksign_do): Use public key smartcard.

--

Since gcry_pk_verify can't handle shadowed private key, public
key SEXP should be prepared for smartcard.

3 years agoagent: Fix non-allocation for pinentry_loopback.
NIIBE Yutaka [Mon, 5 Oct 2015 17:05:04 +0000 (02:05 +0900)]
agent: Fix non-allocation for pinentry_loopback.

* agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
be allocated by pinentry_loopback.

3 years agogpg: Install a dirmngr.conf file.
Werner Koch [Mon, 5 Oct 2015 17:48:47 +0000 (19:48 +0200)]
gpg: Install a dirmngr.conf file.

* g10/dirmngr-conf.skel: New.
* g10/Makefile.am (EXTRA_DIST): Add file.
(install-data-local, uninstall-local): Install that file.
* g10/openfile.c (copy_options_file): Add arg "name", return a value,
simplify with xstrconcat, and factor warning message out to:
(try_make_homedir): here.  Also install dirmngr.conf.
* g10/options.skel: Remove --keyserver entry.
--

The option --keyserver in gpg has been deprecated in favor of
--keyserver in dirmngr.conf.  Thus we need to install a skeleton file
for dirmngr to set a default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Deprecate the --keyserver option.
Werner Koch [Mon, 5 Oct 2015 15:52:28 +0000 (17:52 +0200)]
gpg: Deprecate the --keyserver option.

* g10/keyserver.c (keyserver_refresh): Change return type to
gpg_error_t.  Use gpg_dirmngr_ks_list to print the name of the
keyserver to use.
(keyserver_search): Do not print the "no keyserver" error
message.  The same error is anyway returned from dirmngr.
* g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
(ks_status_cb): Handle other status keywords.
(gpg_dirmngr_ks_list): New.
* tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
(gc_options_dirmngr): Add "Keyserver" group and "keyserver".
--

Along with the corresponding dirmngr change this option allows to
configure the keyserver only in dirmngr.conf.  Existing
configurations will continue to work.  However, GUIs using gpgconf
now the keyserver option under the dirmngr (aka Key Acquirer) tab
unless they are in export mode in which the keyserver option is also
show for gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Add option --keyserver.
Werner Koch [Mon, 5 Oct 2015 15:44:20 +0000 (17:44 +0200)]
dirmngr: Add option --keyserver.

* dirmngr/dirmngr.c (oKeyServer): New.
(opts): Add "keyserver".
(parse_rereadable_options): Parse that options
(main): Add option to the gpgconf list.
* dirmngr/dirmngr.h (opt): Add field "keyserver".
* dirmngr/server.c (ensure_keyserver): New.
(make_keyserver_item): New.  Factored out from
(cmd_keyserver): here.  Call ensure_keyserver.
(cmd_ks_search): Call ensure_keyserver.
(cmd_ks_get): Ditto.
(cmd_ks_fetch): Ditto.
(cmd_ks_put): Ditto.
--

This option specifies the keyserver to be used if the client does not
set another keyserver.  We want to fade out the use of --keyserver in
gpg.conf in favor of specifying it here.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Make clear that --use-tor is not yet ready for use.
Werner Koch [Mon, 5 Oct 2015 09:31:31 +0000 (11:31 +0200)]
dirmngr: Make clear that --use-tor is not yet ready for use.

* dirmngr/dirmngr.c (main): Print a warning if --use-tor has been
given.
* tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible.

3 years agopo: Update the German translation.
Werner Koch [Mon, 5 Oct 2015 09:17:40 +0000 (11:17 +0200)]
po: Update the German translation.

--

3 years agogpgconf: Change displayed name of Dirmngr to "Key Acquirer".
Werner Koch [Mon, 5 Oct 2015 09:08:34 +0000 (11:08 +0200)]
gpgconf: Change displayed name of Dirmngr to "Key Acquirer".

* tools/gpgconf-comp.c (gc_component): Change printed name.
--

All network access is handled by Dirmngr so at least in the GUI option
dialog we should acknowledge that by changing the name to an issuer to
understand term.  This is an update of
819bba75aaed11ecef2e274add173718358212b9 suggested by Neal Walfield.
The former term "Network Manager" conflicts with the well known GNOME
network manager tool.

3 years agotests: Two new OpenPGP test keys from E2E.
Werner Koch [Mon, 5 Oct 2015 08:58:00 +0000 (10:58 +0200)]
tests: Two new OpenPGP test keys from E2E.

--

3 years agoscd: Use Assuan macro instead of a number constant.
Werner Koch [Fri, 2 Oct 2015 10:21:31 +0000 (12:21 +0200)]
scd: Use Assuan macro instead of a number constant.

--

3 years agodirmngr: Fix use-after-free due to a realloc shrinking.
Werner Koch [Fri, 2 Oct 2015 09:31:45 +0000 (11:31 +0200)]
dirmngr: Fix use-after-free due to a realloc shrinking.

* dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer
after realloc.
--

vex01 reported and debugged the problem.

GnuPG-bug-id: 2107
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Fix alignment problem with the second passphrase struct.
Werner Koch [Thu, 1 Oct 2015 11:21:25 +0000 (13:21 +0200)]
agent: Fix alignment problem with the second passphrase struct.

* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
PI2.  Check return value of the malloc function.
* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
for PI2.  Wipe PI2.
--

For whatever stupid reasons I once allocated only one memory area and
split that into PI and PI2.  This is actually a common pattern with
malloc but here we used a made up object size and do not take the
extra alignment required into account.  One of these not yet hit by
a (sig)bus PC/VAX hacker bugs.

Instead of trying to fix the alignment, it is better to use a second
calloc for the second struct.

GnuPG-bug-id: 2112
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix a practical hang after use of --faked-system-time.
Werner Koch [Thu, 1 Oct 2015 15:59:03 +0000 (17:59 +0200)]
gpg: Fix a practical hang after use of --faked-system-time.

* g10/sign.c (update_keysig_packet): Bail out if we would need to long
for a new timestamp.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Print more info with "check selfsig".
Werner Koch [Thu, 1 Oct 2015 15:57:39 +0000 (17:57 +0200)]
gpg: Print more info with "check selfsig".

* g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
packets.

3 years agogpg: Add debug helper to --edit-keys's check sub-command.
Werner Koch [Thu, 1 Oct 2015 14:22:29 +0000 (16:22 +0200)]
gpg: Add debug helper to --edit-keys's check sub-command.

* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--

Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Fix strsplit.
NIIBE Yutaka [Wed, 30 Sep 2015 23:57:06 +0000 (08:57 +0900)]
common: Fix strsplit.

* common/stringhelp.c (strsplit): Fix arguments order.

3 years agocommon: Add mkdir_p.
Neal H. Walfield [Tue, 29 Sep 2015 12:12:00 +0000 (14:12 +0200)]
common: Add mkdir_p.

* common/mkdir_p.c: New file.
* common/mkdir_p.h: New file.
* common/Makefile.am (common_sources): Add mkdir_p.c and mkdir_p.h.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Remove unused files.
Neal H. Walfield [Tue, 29 Sep 2015 11:24:48 +0000 (13:24 +0200)]
common: Remove unused files.

* common/xmalloc.c: Remove file.
* common/xmalloc.h: Remove file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Include <gpg-error.h>.
Neal H. Walfield [Tue, 29 Sep 2015 11:20:26 +0000 (13:20 +0200)]
common: Include <gpg-error.h>.

* common/logging.h: Include <gpg-error.h>.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
logging.h uses estream_t and as such should directly include
<gpg-error.h>.

3 years agog10: Remove unused struct cmp_help_context_s.
Neal H. Walfield [Thu, 24 Sep 2015 12:11:13 +0000 (14:11 +0200)]
g10: Remove unused struct cmp_help_context_s.

* g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Avoid an unnecessary copy.
Neal H. Walfield [Wed, 23 Sep 2015 18:50:03 +0000 (20:50 +0200)]
g10: Avoid an unnecessary copy.

* g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
Instead, directly use the provided storage.  If none is provided
allocate some.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agossh: Fix fingerprint computation for EdDSA key.
NIIBE Yutaka [Tue, 29 Sep 2015 06:33:59 +0000 (15:33 +0900)]
ssh: Fix fingerprint computation for EdDSA key.

* common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
* common/t-ssh-utils.c (sample_keys): Add a new key.

--

Also adding Ed25519 test key.

3 years agoagent: RSA signature verification by gpg-agent.
NIIBE Yutaka [Tue, 29 Sep 2015 00:49:44 +0000 (09:49 +0900)]
agent: RSA signature verification by gpg-agent.

* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.

--

RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary.  Newer libgcrypt does so.  For older libgcrypt and
smartcards, gpg-agent does signature verification.

3 years agocommon: Provide two new error code replacements.
Werner Koch [Mon, 28 Sep 2015 16:13:37 +0000 (18:13 +0200)]
common: Provide two new error code replacements.

* common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc,w32: Fix compiler warnings.
Werner Koch [Mon, 28 Sep 2015 16:12:44 +0000 (18:12 +0200)]
doc,w32: Fix compiler warnings.

--

3 years agocommon: Change calling convention for gnupg_spawn_process.
Werner Koch [Mon, 28 Sep 2015 16:10:21 +0000 (18:10 +0200)]
common: Change calling convention for gnupg_spawn_process.

* common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
(GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
numbers.
* common/exechelp.h (gnupg_spawn_process): Change function to not take
an optional stream for stdin but to return one.
* common/exechelp-posix.c (gnupg_spawn_process): Implement change.
(create_pipe_and_estream): Add args outbound and nonblock.
* common/exechelp-w32.c (gnupg_spawn_process): Implement change.
--

In 2.1 this function is only used at one place and the stdin parameter
is not used.  Thus this change is trivial for the callers but along
with estream's new es_poll it is overall simpler to use.

Note that the Windows version has not been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Handle error correctly.
NIIBE Yutaka [Mon, 28 Sep 2015 04:41:59 +0000 (13:41 +0900)]
scd: Handle error correctly.

* scd/apdu.c (apdu_connect): Initialize variables and check an error
of apdu_get_status_internal.

3 years agossh: Add 256, 384 and 521 bit test keys for the fingerprint.
Werner Koch [Tue, 22 Sep 2015 08:01:31 +0000 (10:01 +0200)]
ssh: Add 256, 384 and 521 bit test keys for the fingerprint.

* common/t-ssh-utils.c (sample_keys): Add 3 new keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agossh: Fix fingerprint computation for 384 bit ECDSA keys.
Werner Koch [Tue, 22 Sep 2015 07:28:35 +0000 (09:28 +0200)]
ssh: Fix fingerprint computation for 384 bit ECDSA keys.

* common/ssh-utils.c (get_fingerprint): Fix hashed string.
--

That was an obvious c+p bug which should have been caught by a test
case.

GnuPG-bug-id: 2075
Debian-bug-id: 795636

3 years agoagent: Fix importing ECC key.
NIIBE Yutaka [Sat, 19 Sep 2015 08:45:17 +0000 (17:45 +0900)]
agent: Fix importing ECC key.

* agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
parameters are stored as opaque.
(apply_protection): ARRAY members are all normal, non-opaque MPI.
(extract_private_key): Get public key as normal, non-opaque MPI.
Remove support of ECC key with '(flags param)'.
Remove support of "ecdsa" and "ecdh" keys of our experiment.

3 years agoscd: Fix KEYTOCARD handling for ECC key.
NIIBE Yutaka [Sat, 19 Sep 2015 07:27:36 +0000 (16:27 +0900)]
scd: Fix KEYTOCARD handling for ECC key.

* scd/app-openpgp.c (ecc_writekey): Only public key can be native
format.

3 years agocommon: Add new function strlist_length.
Neal H. Walfield [Fri, 18 Sep 2015 23:25:54 +0000 (01:25 +0200)]
common: Add new function strlist_length.

* common/strlist.c (strlist_length): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agogpgconf: Change displayed name of Dirmngr to "Network Manager".
Werner Koch [Fri, 18 Sep 2015 14:19:34 +0000 (16:19 +0200)]
gpgconf: Change displayed name of Dirmngr to "Network Manager".

* tools/gpgconf-comp.c (gc_component): Change printed name.
--

All network access is handled by Dirmngr so at least in the GUI
option dialog we should acknowledge that by changing the name to an
issuer to understand term.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Add option --use-tor as a stub.
Werner Koch [Fri, 18 Sep 2015 14:17:11 +0000 (16:17 +0200)]
dirmngr: Add option --use-tor as a stub.

* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.

* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.  Also pass TOR flag to the
http module.

* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--

More work is required to actually make --use-tor useful.  For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Report a conflict between honor-keyserver-url and TOR.
Werner Koch [Fri, 18 Sep 2015 14:07:39 +0000 (16:07 +0200)]
gpg: Report a conflict between honor-keyserver-url and TOR.

* g10/call-dirmngr.c (create_context): Send option and print a verbose
error.
--

It is in general a bad idea to use honor-keyserver-url but if Dirmngr
is running in TOR mode we should not allow this option at all.  We let
Dirmngr know about the use of this option and let Dirmngr tell use
whether TOR mode is active so that we can print a hint to disable that
keyserver option.

A future extension in gpgconf may disable that option directly but a
user may still override that and thus we better check.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agohttp: Add flag to force use of TOR (part 1)
Werner Koch [Fri, 18 Sep 2015 13:58:26 +0000 (15:58 +0200)]
http: Add flag to force use of TOR (part 1)

* common/http.h (HTTP_FLAG_FORCE_TOR): New.
* common/http.c (http_raw_connect, send_request): Detect flag and
return an error for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Update Japanese translation.
NIIBE Yutaka [Thu, 17 Sep 2015 08:08:27 +0000 (17:08 +0900)]
po: Update Japanese translation.

3 years agoscd: Fix ccid-driver timeout for OpenPGPcard v2.1.
NIIBE Yutaka [Thu, 17 Sep 2015 02:21:44 +0000 (11:21 +0900)]
scd: Fix ccid-driver timeout for OpenPGPcard v2.1.

* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
(ccid_transceive_apdu_level, ccid_transceive): Use.

--

It is reported that key generation causes timeout with OpenPGPcard
v2.1.  Ideally, timeout value could be determined at run-time by
examining card's ATR.  Compile-time fixed value is OK for internal
CCID driver.

3 years agoagent: New option --pinentry-invisible-char.
Werner Koch [Wed, 16 Sep 2015 19:24:14 +0000 (21:24 +0200)]
agent: New option --pinentry-invisible-char.

* agent/gpg-agent.c (oPinentryInvisibleChar): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* agent/agent.h (opt): Add field pinentry_invisible_char.
* agent/call-pinentry.c (start_pinentry): Pass option to pinentry.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog13: Move some code to a separate module.
Werner Koch [Mon, 14 Sep 2015 16:49:32 +0000 (18:49 +0200)]
g13: Move some code to a separate module.

* g13/g13-common.c, g13/g13-common.h: New.
* g13/Makefile.am (g13_SOURCES): Add new files.
* g13/g13.c (g13_errors_seen): Move to g13-common.c.
(cmdline_conttype): New.
(main): Use g13_init_signals and g13_install_emergency_cleanup.
(emergency_cleanup, g13_exit): Move to g13-common.c.
* g13/g13.h: Move OPT and some other code to g13-common.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix skip function dummy parameter.
Werner Koch [Wed, 16 Sep 2015 17:02:35 +0000 (19:02 +0200)]
gpg: Fix skip function dummy parameter.

* g10/trustdb.c (search_skipfnc): Fix dummy argument
--

This is required due to the prototype change in
commit 9acbeac23668a1d0dabca27d7825430d76e095c2

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Change last commit to avoid extra translations.
Werner Koch [Wed, 16 Sep 2015 16:55:27 +0000 (18:55 +0200)]
gpg: Change last commit to avoid extra translations.

* g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Improve error message.
Neal H. Walfield [Wed, 16 Sep 2015 13:03:40 +0000 (15:03 +0200)]
g10: Improve error message.

* g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
must be selected, indicate what command to use to do this.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Be more careful when merging self-signed data.
Neal H. Walfield [Wed, 16 Sep 2015 13:01:45 +0000 (15:01 +0200)]
g10: Be more careful when merging self-signed data.

* g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
data belonging to the public key when we encounter an attribute packet
or a subkey packet, not just a user id packet.  When looking for
self-signed data belonging to a user id packet, stop when we see a
user attribute packet.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Simplify some complicated boolean expressions.
Neal H. Walfield [Wed, 16 Sep 2015 12:11:56 +0000 (14:11 +0200)]
g10: Simplify some complicated boolean expressions.

* g10/getkey.c (finish_lookup): Simplify logic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Also mark revoked and expired keys as unusable.
Neal H. Walfield [Wed, 16 Sep 2015 12:05:03 +0000 (14:05 +0200)]
g10: Also mark revoked and expired keys as unusable.

* g10/getkey.c (skip_unusable): Also mark the key as unusable if it
has been revoked or has expired.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Release resources when returning an error in get_seckey.
Neal H. Walfield [Wed, 16 Sep 2015 12:03:50 +0000 (14:03 +0200)]
g10: Release resources when returning an error in get_seckey.

* g10/getkey.c (get_seckey): If the key doesn't have a secret key,
release *PK.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Improve documentation and comments for getkey.c.
Neal H. Walfield [Wed, 16 Sep 2015 12:01:48 +0000 (14:01 +0200)]
g10: Improve documentation and comments for getkey.c.

* g10/getkey.c: Improve documentation and comments for most
functions.  Move documentation for public functions from here...
* g10/keydb.h: ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Remove unused function have_any_secret_key.
Neal H. Walfield [Wed, 16 Sep 2015 11:44:40 +0000 (13:44 +0200)]
g10: Remove unused function have_any_secret_key.

* g10/getkey.c (have_any_secret_key): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Bring cache semantics closer to non-cache semantics.
Neal H. Walfield [Wed, 16 Sep 2015 11:13:46 +0000 (13:13 +0200)]
g10: Bring cache semantics closer to non-cache semantics.

* g10/getkey.c (get_pubkey_fast): When reading from the cache, only
consider primary keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Break out of the loop earlier.
Neal H. Walfield [Tue, 15 Sep 2015 13:21:17 +0000 (15:21 +0200)]
g10: Break out of the loop earlier.

* g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
key or subkey, stop searching.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Only a single key or subkey will ever be selected per keyblock.

3 years agog10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT
Neal H. Walfield [Tue, 15 Sep 2015 12:45:18 +0000 (14:45 +0200)]
g10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT

* g10/getkey.c (lookup): Also don't skip legacy keys if the search
mode is KEYDB_SEARCH_MODE_NEXT.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
We currently don't skip keys if the search mode is
KEYDB_SEARCH_MODE_FIRST.  Since we change KEYDB_SEARCH_MODE_FIRST to
KEYDB_SEARCH_MODE_NEXT (to avoid a reset), it only makes sense to have
the same semantics for KEYDB_SEARCH_MODE_NEXT.

3 years agog10: Remove unused function get_seckeyblock_byfprint.
Neal H. Walfield [Mon, 14 Sep 2015 19:24:57 +0000 (21:24 +0200)]
g10: Remove unused function get_seckeyblock_byfprint.

* g10/keydb.h (get_seckeyblock_byfprint): Remove prototype.
* g10/getkey.c (get_seckeyblock_byfprint): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Remove unused function get_seckey_byfprint.
Neal H. Walfield [Mon, 14 Sep 2015 19:22:31 +0000 (21:22 +0200)]
g10: Remove unused function get_seckey_byfprint.

* g10/keydb.h (get_seckey_byfprint): Remove prototype.
* g10/getkey.c (get_seckey_byfprint): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Simplify get_seckey_byname: it was never called with NAME not NULL.
Neal H. Walfield [Mon, 14 Sep 2015 19:14:00 +0000 (21:14 +0200)]
g10: Simplify get_seckey_byname: it was never called with NAME not NULL.

* g10/keydb.h (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this.  Drop the parameter name.  Update
users.
* g10/getkey.c (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this.  Drop the parameter name.  Drop the
code which assumed that NAME is not NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Eliminate the redundant function get_keyblock_byfprint.
Neal H. Walfield [Mon, 14 Sep 2015 18:55:59 +0000 (20:55 +0200)]
g10: Eliminate the redundant function get_keyblock_byfprint.

* g10/keydb.h (get_keyblock_byfprint): Remove prototype.  Replace use
of this function with get_pubkey_byfprint.
* g10/getkey.c (get_pubkey_byname): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Simplify semantics of get_pubkey_byname.
Neal H. Walfield [Mon, 14 Sep 2015 18:38:07 +0000 (20:38 +0200)]
g10: Simplify semantics of get_pubkey_byname.

* g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
the keyblock in R_KEYBLOCK independent of whether PK is set or not.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Currently, no caller invokes get_pubkey_byname with PK==NULL and
R_KEYBLOCK != NULL.  Thus, this change does not change any behavior.

3 years agog10: Eliminate the redundant function get_pubkey_byname.
Neal H. Walfield [Mon, 14 Sep 2015 13:43:52 +0000 (15:43 +0200)]
g10: Eliminate the redundant function get_pubkey_byname.

* g10/getkey.c (get_pubkey_byname): Remove function.
(lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Eliminate the redundant function get_pubkey_end.
Neal H. Walfield [Mon, 14 Sep 2015 13:31:25 +0000 (15:31 +0200)]
g10: Eliminate the redundant function get_pubkey_end.

* g10/keydb.h (get_pubkey_end): Remove declaration.  Replace use of
function with getkey_end.
* g10/getkey.c (get_pubkey_byname): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Eliminate the redundant function get_pubkey_next.
Neal H. Walfield [Mon, 14 Sep 2015 13:22:25 +0000 (15:22 +0200)]
g10: Eliminate the redundant function get_pubkey_next.

* g10/keydb.h (get_pubkey_next): Remove prototype.
* g10/getkey.c (get_pubkey_next): Remove function.
* g10/keylist.c (locate_one): Use getkey_next instead of
get_pubkey_next.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agokbx: Change skipfnc's prototype so that we can provide all information.
Neal H. Walfield [Mon, 14 Sep 2015 09:27:43 +0000 (11:27 +0200)]
kbx: Change skipfnc's prototype so that we can provide all information.

* kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
third parameter to be the index of the user id packet in the keyblock
rather than the packet itself.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
The keybox code doesn't work directly with keyblocks.  As such, the
matched user packet is not readily available to pass to
DESC[n].SKIPFNC.  But, we do know the index of the user id packet that
matched.  Thus, pass that instead.  If the skip function needs the
user id packet, it can use the key id to look up the key block and
find the appropriate packet.

3 years agog10: Remove unused prototype (get_pubkey_byfpr).
Neal H. Walfield [Thu, 10 Sep 2015 11:50:44 +0000 (13:50 +0200)]
g10: Remove unused prototype (get_pubkey_byfpr).

* g10/keydb.h (get_pubkey_byfpr): Remove unused prototype.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Remove unused function (get_pubkey_bynames).
Neal H. Walfield [Wed, 9 Sep 2015 19:22:08 +0000 (21:22 +0200)]
g10: Remove unused function (get_pubkey_bynames).

* g10/keydb.h (get_pubkey_bynames): Remove prototype.
* g10/getkey.c (get_pubkey_bynames): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Simplify code. Turn struct getkey_ctx_s.found_key into an argument
Neal H. Walfield [Wed, 9 Sep 2015 19:04:57 +0000 (21:04 +0200)]
g10: Simplify code.  Turn struct getkey_ctx_s.found_key into an argument

* g10/getkey.c (struct getkey_ctx_s): Remove field found_key.
(lookup): Add argument ret_found_key.  If not NULL, set it to the
found key.  Update callers.
(pk_from_block): Add argument found_key.  Use it instead of
CTX->FOUND_KEY.  Update callers.
(finish_lookup): Return a KBNODE (the found key) instead of an int.
Don't set CTX->FOUND_KEY.  Return the found key instead.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Remove unused field struct getkey_ctx_s.kbpos.
Neal H. Walfield [Wed, 9 Sep 2015 18:18:22 +0000 (20:18 +0200)]
g10: Remove unused field struct getkey_ctx_s.kbpos.

* g10/getkey.c (struct getkey_ctx_s): Remove field kbpos.
(getkey_end): Don't clear CTX->KBPOS.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Simplify code: remove field struct getkey_ctx_s.keyblock.
Neal H. Walfield [Wed, 9 Sep 2015 18:04:32 +0000 (20:04 +0200)]
g10: Simplify code: remove field struct getkey_ctx_s.keyblock.

* g10/getkey.c (struct getkey_ctx_s): Remove field keyblock.
(finish_lookup): Add parameter keyblock.  Update caller to pass this.
(lookup): Add new local variable keyblock.  Use this instead of
ctx->keyblock for referencing the keyblock.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoagent: Fix registering SSH Key of Ed25519.
NIIBE Yutaka [Wed, 16 Sep 2015 01:37:38 +0000 (10:37 +0900)]
agent: Fix registering SSH Key of Ed25519.

* agent/command-ssh.c (stream_read_string): Add the prefix of 0x40.

--

GnuPG-bug-id: 2096

3 years agopo: Update Japanese translation.
NIIBE Yutaka [Tue, 15 Sep 2015 06:12:56 +0000 (15:12 +0900)]
po: Update Japanese translation.

3 years agoPost release updates.
Werner Koch [Thu, 10 Sep 2015 19:05:27 +0000 (21:05 +0200)]
Post release updates.

--

3 years agoRelease 2.1.8. gnupg-2.1.8
Werner Koch [Thu, 10 Sep 2015 14:40:37 +0000 (16:40 +0200)]
Release 2.1.8.

3 years agotests: Silence the 5gb-packet test.
Werner Koch [Thu, 10 Sep 2015 16:07:20 +0000 (18:07 +0200)]
tests: Silence the 5gb-packet test.

* tests/openpgp/4gb-packet.test: Send output to /dev/null.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Fix make distcheck problem.
Werner Koch [Thu, 10 Sep 2015 16:11:58 +0000 (18:11 +0200)]
g10: Fix make distcheck problem.

* g10/test.c: Include string.h.
(prepend_srcdir): New.  Taken from Libgcrypt.
(test_free): New.
* g10/t-keydb.c (do_test): Malloc the filename.
* g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR
(EXTRA_DIST): Add t-keydb-keyring.kbx.
--

Using SOURCE_DIR should in general work but we have seen problems when
doing this in Libgcrypt.  Using the srcdir variable gives us anyway
more flexibility and aligns with the way we do it in tests/openpgp.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Improve portability of the new test driver.
Werner Koch [Thu, 10 Sep 2015 15:43:13 +0000 (17:43 +0200)]
g10: Improve portability of the new test driver.

* g10/test.c: Include stdio.h and stdlib.h.
(verbose): New.
(print_results): Rename to exit_tests.
(main): Remove atexit and call exit_tests.  Set verbose.
(ASSERT, ABORT): Call exit_tests instead of exit.
--

Calling exit from an exit handler is undefined behaviour.  It works on
Linux but other systems will hit an endless loop.  That is indeed
unfortunate but we can't do anything about it.  Calling _exit() would
be possible but that may lead to other problems.  Thus we change to
call a custom exit function :-(.

Using "make check verbose=1" is supported by tests/openpgp and thus
we add the same mechanism here.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Auto-update
Werner Koch [Thu, 10 Sep 2015 14:22:49 +0000 (16:22 +0200)]
po: Auto-update

--

3 years agopo: Update Russian translation
Ineiev [Thu, 10 Sep 2015 14:16:39 +0000 (16:16 +0200)]
po: Update Russian translation

--

3 years agodirmngr: Allow sending much larger keyblocks.
Werner Koch [Wed, 9 Sep 2015 13:41:25 +0000 (15:41 +0200)]
dirmngr: Allow sending much larger keyblocks.

* dirmngr/server.c (MAX_CERT_LENGTH): Increase to 16k.
(MAX_KEYBLOCK_LENGTH): Increase to 20M.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Minor comment fixes.
Werner Koch [Wed, 9 Sep 2015 13:14:20 +0000 (15:14 +0200)]
doc: Minor comment fixes.

--

3 years agoscd: Force key attribute change for writekey.
NIIBE Yutaka [Mon, 7 Sep 2015 04:49:47 +0000 (13:49 +0900)]
scd: Force key attribute change for writekey.

* scd/app-openpgp.c (change_rsa_keyattr): New.
(change_keyattr_from_string): Use change_rsa_keyattr.
(rsa_writekey): Call change_rsa_keyattr when different size.
(ecc_writekey): Try to change key attribute.

3 years agoscd: KEYNO cleanup.
NIIBE Yutaka [Mon, 7 Sep 2015 04:09:01 +0000 (13:09 +0900)]
scd: KEYNO cleanup.

* scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
(change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
(compare_fingerprint, check_against_given_fingerprint): KEYNO starts
from 0.

3 years agog10: Remove unused field req_algo.
Neal H. Walfield [Tue, 1 Sep 2015 12:53:47 +0000 (14:53 +0200)]
g10: Remove unused field req_algo.

* g10/packet.h (PKT_public_key): Remove unused field req_algo.  Remove
users.
* g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
Remove users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Use a symbolic constant instead of a literal.
Neal H. Walfield [Tue, 1 Sep 2015 08:40:04 +0000 (10:40 +0200)]
g10: Use a symbolic constant instead of a literal.

* g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
(new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
(release_key_hash_table): Likewise.
(test_key_hash_table): Likewise.
(add_key_hash_table): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Add test for keydb as well as new testing infrastructure.
Neal H. Walfield [Wed, 2 Sep 2015 13:07:06 +0000 (15:07 +0200)]
g10: Add test for keydb as well as new testing infrastructure.

* g10/Makefile.am (EXTRA_DIST): Add test.c.
(AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"".
(module_tests): Add t-keydb.
(t_keydb_SOURCES): New variable.
(t_keydb_LDADD): Likewise.
* g10/t-keydb.c: New file.
* g10/t-keydb-keyring.kbx: New file.
* g10/test-stubs.c: New file.
* g10/test.c: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Make the keyblock cache per-handle rather than global.
Neal H. Walfield [Mon, 31 Aug 2015 11:57:07 +0000 (13:57 +0200)]
g10: Make the keyblock cache per-handle rather than global.

* g10/keydb.c (keyblock_cache): Don't declare this variable.  Instead...
(struct keyblock_cache): ... turn its type into this first class
object...
(struct keydb_handle): ... and instantiate it once per database
handle.  Update all users.
(keydb_rebuild_caches): Don't invalidate the keyblock cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.