gnupg.git
3 years agoChange capitalization of TOR to Tor.
Werner Koch [Wed, 21 Oct 2015 16:14:24 +0000 (18:14 +0200)]
Change capitalization of TOR to Tor.

--

3 years agodirmngr: Use the new DNS wrapper for the HKP engine.
Werner Koch [Wed, 21 Oct 2015 15:46:21 +0000 (17:46 +0200)]
dirmngr: Use the new DNS wrapper for the HKP engine.

* dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
dns_addrinfo_t.
(map_host): Replace getaddrinfo by resolve_dns_name.
--

Note that we still need to replace getnameinfo so that the PTR lookup
is either suppressed or also done via ADNS.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Implement a getaddrinfo wrapper.
Werner Koch [Wed, 21 Oct 2015 15:55:56 +0000 (17:55 +0200)]
dirmngr: Implement a getaddrinfo wrapper.

* dirmngr/dns-stuff.h: Include some header files.
(dns_addinfo_t, dns_addrinfo_s): New.
* dirmngr/dns-stuff.c: Always include DNS related headers.
(free_dns_addrinfo): New.
(resolve_name_standard): New.
(resolve_dns_name): New.

* dirmngr/t-dns-stuff.c: Include netdb.h.
(main): Keep old default mode with no args but else print outout of
resolve_dns_name.  Revamp option parser.
--

This wrapper allows us to switch to ADNS and thus Tor for standard
name resultion.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add more replacement error codes.
Werner Koch [Wed, 21 Oct 2015 15:38:33 +0000 (17:38 +0200)]
common: Add more replacement error codes.

* common/util.h (GPG_ERR_SERVER_FAILED): New.
(GPG_ERR_NO_KEY): New.
(GPG_ERR_NO_NAME): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: If the saved trust model is unknown, default to tofu+pgp.
Neal H. Walfield [Wed, 21 Oct 2015 11:37:11 +0000 (13:37 +0200)]
gpg: If the saved trust model is unknown, default to tofu+pgp.

* g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
default to tofu+pgp instead of pgp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Don't accidentally free UTK_LIST.
Neal H. Walfield [Wed, 21 Oct 2015 11:36:12 +0000 (13:36 +0200)]
gpg: Don't accidentally free UTK_LIST.

* g10/trustdb.c (validate_keys): Don't free UTK_LIST.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
Neal H. Walfield [Wed, 21 Oct 2015 11:31:00 +0000 (13:31 +0200)]
gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.

* g10/trustdb.c (validate_one_keyblock): When checking trust regular
expressions, treat the tofu+pgp trust model the same as the pgp trust
model.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: If a key is ultimate trusted, return that in the tofu model.
Neal H. Walfield [Wed, 21 Oct 2015 11:35:27 +0000 (13:35 +0200)]
gpg: If a key is ultimate trusted, return that in the tofu model.

* g10/tofu.c (get_trust): If the policy is auto or none, check if the
key is ultimately trusted.  If so, return that.
(tofu_register): If the key is ultimately trusted, don't show any
statistics.
(tofu_get_validity): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Andre Heinecke <aheinecke@intevation.de>
3 years agogpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
Neal H. Walfield [Wed, 21 Oct 2015 11:28:15 +0000 (13:28 +0200)]
gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.

* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models.  Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Factor out code into a standalone function.
Neal H. Walfield [Wed, 21 Oct 2015 10:52:56 +0000 (12:52 +0200)]
gpg: Factor out code into a standalone function.

* g10/trustdb.c (tdb_keyid_is_utk): New function.
(add_utk): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Allow building with libassuan < 2.3.
Neal H. Walfield [Tue, 20 Oct 2015 18:53:40 +0000 (20:53 +0200)]
dirmngr: Allow building with libassuan < 2.3.

* dirmngr/http.c (send_request): Use newer assuan function only if
available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 4e42ad30

3 years agogpg: Make the tofu DB check and initialization atomic.
Neal H. Walfield [Tue, 20 Oct 2015 18:42:44 +0000 (20:42 +0200)]
gpg: Make the tofu DB check and initialization atomic.

* g10/tofu.c (initdb): Make the version check and the database
initialization atomic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Andre Heinecke <aheinecke@intevation.de>
3 years agobuild: Make --disable-g13 the default.
Werner Koch [Wed, 21 Oct 2015 08:34:41 +0000 (10:34 +0200)]
build: Make --disable-g13 the default.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13.  Remove
--enable-gpgtar because that is enabled anyway.
* configure.ac: Do not build g13 by default.
--

The g13 part is not very useful for a standard user right now, thus do
not build it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Rename file dns-cert.c.
Werner Koch [Wed, 21 Oct 2015 08:29:02 +0000 (10:29 +0200)]
dirmngr: Rename file dns-cert.c.

* dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c.
* dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change
includers.
* dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c.
* dirmngr/Makefile.am: Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add status code for use by g13.
Werner Koch [Wed, 21 Oct 2015 06:30:52 +0000 (08:30 +0200)]
common: Add status code for use by g13.

* common/status.h (STATUS_PLAINTEXT_FOLLOWS): New.

3 years agodirmngr: Prefer ADNS over system resolver.
Werner Koch [Tue, 20 Oct 2015 17:03:26 +0000 (19:03 +0200)]
dirmngr: Prefer ADNS over system resolver.

* configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
(USE_DNS_CERT): Prefer ADNS over the system resolver.
* dirmngr/dns-cert.c (tor_mode): New global var.
(enable_dns_tormode): New func.
(get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
* dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.

3 years agow32: Allow building again.
Werner Koch [Tue, 20 Oct 2015 15:33:18 +0000 (17:33 +0200)]
w32: Allow building again.

* dirmngr/http.c (connect_server): Fix called function name.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Allow building without SQLlite support.
Werner Koch [Tue, 20 Oct 2015 15:32:23 +0000 (17:32 +0200)]
build: Allow building without SQLlite support.

* configure.ac: Add option --dsiable-tofu and --disable-sqlite.
(NEED_SQLITE_VERSION): New var.
(USE_TOFU): New ac_define and am_conditional.
* autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
pkg-config find the correct .pc file.

* g10/Makefile.am (tofu_source): New.  Build only if enabled.
* g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
(parse_tofu_policy)[!USE_TOFU]: Disable all.
(parse_tofu_db_format)[!USE_TOFU]: Disable all.
(main) <aTOFUPolicy>[!USE_TOFU]: Skip.
* g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
call tofu functions.
* g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
* g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
processing.
--

This allows to build a minimal version of GnuPG.  It is also currently
required to build for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Don't die immediately if the TOFU DB is locked.
Neal H. Walfield [Tue, 20 Oct 2015 13:12:23 +0000 (15:12 +0200)]
gpg: Don't die immediately if the TOFU DB is locked.

* g10/tofu.c (opendb): Don't die immediately if the DB is locked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Improve output.
Neal H. Walfield [Tue, 20 Oct 2015 12:53:29 +0000 (14:53 +0200)]
gpg: Improve output.

* g10/tofu.c (get_trust): Also show the binding when indicating a
conflict occurred.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Synchronize translation template.
Neal H. Walfield [Tue, 20 Oct 2015 12:52:39 +0000 (14:52 +0200)]
gpg: Synchronize translation template.

* g10/tofu.c (show_statistics): Synchronize translation template.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: When showing conflicts, also show bindings with no recorded sigs.
Neal H. Walfield [Tue, 20 Oct 2015 12:50:21 +0000 (14:50 +0200)]
gpg: When showing conflicts, also show bindings with no recorded sigs.

* g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
NULL, then both time_ago and count should be 0.
(get_trust): Reverse the direction of the join so that we also get
statistics about bindings without any signatures.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Improve text.
Neal H. Walfield [Tue, 20 Oct 2015 11:42:20 +0000 (13:42 +0200)]
gpg: Improve text.

* g10/tofu.c (show_statistics): Improve text.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Suggested-by: Malte <malte@wk3.org>
3 years agogpg: Use the right variable to display the information.
Neal H. Walfield [Tue, 20 Oct 2015 11:40:37 +0000 (13:40 +0200)]
gpg: Use the right variable to display the information.

* g10/tofu.c (get_trust): Use the right variable to display the
conflicting key.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Reported-by: Andre Heinecke <aheinecke@intevation.de>
3 years agogpg: Make failing to create a directory a soft error.
Neal H. Walfield [Tue, 20 Oct 2015 10:22:00 +0000 (12:22 +0200)]
gpg: Make failing to create a directory a soft error.

* g10/tofu.c (getdb): Don't exit if we can't create the directory.
Just return an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Make sure tilde expansion works for the mkdir functions.
Neal H. Walfield [Tue, 20 Oct 2015 10:10:03 +0000 (12:10 +0200)]
common: Make sure tilde expansion works for the mkdir functions.

* common/mkdir_p.c (gnupg_amkdir_p): Use make_filename_try on the
first directory component as well.

--
If there is only a single directory component, then tilde expansion
won't be done.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Remove unused prototype digest_algo_from_sig.
Neal H. Walfield [Tue, 20 Oct 2015 08:21:40 +0000 (10:21 +0200)]
gpg: Remove unused prototype digest_algo_from_sig.

* g10/packet.h (digest_algo_from_sig): Remove prototype without a
corresponding implementation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Allow building with libassuan < 2.3.
Werner Koch [Mon, 19 Oct 2015 18:30:27 +0000 (20:30 +0200)]
dirmngr: Allow building with libassuan < 2.3.

* dirmngr/dirmngr.c (set_tor_mode): Use newer assuan function only if
available.
* dirmngr/http.c (http_raw_connect): Ditto.
--

Frankly we should require that but we can also wait for 2.4.0 and
switch then.

3 years agogpg: Fix --desig-revoke.
Neal H. Walfield [Mon, 19 Oct 2015 13:04:45 +0000 (15:04 +0200)]
gpg: Fix --desig-revoke.

* g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl.
Check that the secret key is available.  If not, display an error
message.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 8459bcf9

3 years agogpg: Improve function documentation and some comments.
Neal H. Walfield [Mon, 19 Oct 2015 09:15:00 +0000 (11:15 +0200)]
gpg: Improve function documentation and some comments.

* g10/main.h: Improve function documentation.
* g10/packet.h.h: Improve function documentation.
* g10/sig-check.c: Improve function documentation and some comments.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Improve and regularize naming of signature checking functions.
Neal H. Walfield [Mon, 19 Oct 2015 09:06:57 +0000 (11:06 +0200)]
gpg: Improve and regularize naming of signature checking functions.

* g10/packet.h (signature_check): Rename from this...
(check_signature): ... to this.  Update users.
(signature_check2): Rename from this...
(check_signature2): ... to this.  Update users.
* g10/sig-check.c (do_check): Rename from this...
(check_signature_end): ... to this.  Update users.
(do_check_messages): Rename from this...
(check_signature_metadata_validity): ... to this.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Mark local function as static.
Neal H. Walfield [Mon, 19 Oct 2015 08:51:05 +0000 (10:51 +0200)]
gpg: Mark local function as static.

* g10/tdbio.c (put_record_into_cache): Mark as static.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Print warning when rejecting weak digests
Daniel Kahn Gillmor [Mon, 19 Oct 2015 14:41:23 +0000 (10:41 -0400)]
gpg: Print warning when rejecting weak digests

* g10/misc.c (print_md5_rejected_note): Rename to ..
(print_digest_rejected_note): this.  Parameterize function to take an
enum gcry_md_algos.
* g10/sig-check.c: Use print_digest_rejected_note() when rejecting
signatures.

--

76afaed65e3b0ddfa4923cb577ada43217dd4b18 allowed extra --weak-digests,
but removed the one call to print_md5_rejected_note().  This replaces
and generalizes that warning.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agogpg: Add option --weak-digest to gpg and gpgv.
Daniel Kahn Gillmor [Sun, 18 Oct 2015 21:35:32 +0000 (17:35 -0400)]
gpg: Add option --weak-digest to gpg and gpgv.

* g10/options.h: Add additional_weak_digests linked list to opts.
* g10/main.h: Declare weakhash linked list struct and
additional_weak_digest() function to insert newly-declared weak
digests into opts.
* g10/misc.c: (additional_weak_digest): New function.
(print_digest_algo_note): Check for deprecated digests; use proper
gcry_md_algos type.
* g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
* g10/gpg.c: Add --weak-digest option to gpg.
* doc/gpg.texi: Document gpg --weak-digest option.
* g10/gpgv.c: Add --weak-digest option to gpgv.
* doc/gpgv.texi: Document gpgv --weak-digest option.

--
gpg and gpgv treat signatures made over MD5 as unreliable, unless the
user supplies --allow-weak-digests to gpg.  Signatures over any other
digest are considered acceptable.

Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC
4880, the collision-resistance of SHA-1 is weaker than anyone would
like it to be.

Some operators of high-value targets that depend on OpenPGP signatures
may wish to require their signers to use a stronger digest algorithm
than SHA1, even if the OpenPGP ecosystem at large cannot deprecate
SHA1 entirely today.

This changeset adds a new "--weak-digest DIGEST" option for both gpg
and gpgv, which makes it straightforward for anyone to treat any
signature or certification made over the specified digest as
unreliable.

This option can be supplied multiple times if the operator wishes to
deprecate multiple digest algorithms, and will be ignored completely
if the operator supplies --allow-weak-digests (as before).

MD5 is still always considered weak, regardless of any further
--weak-digest options supplied.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Capitialized some comments, shorted a line in do_check, and changed
subject to name the option.  -wk

3 years agodirmngr: Make --use-tor work - still leaks DNS.
Werner Koch [Mon, 19 Oct 2015 11:12:24 +0000 (13:12 +0200)]
dirmngr: Make --use-tor work - still leaks DNS.

* dirmngr/dirmngr.c (set_tor_mode): New.
(main, reread_configuration): Call it.
* dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
mode is enabled if the FORCE_TOR flag is given.
--

The patch for http.c is a sanity check because tor mode is anyway
global as long as the Assuan socket wrappers are used.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Use Assuan socket wrappers for http.c
Werner Koch [Mon, 19 Oct 2015 10:43:22 +0000 (12:43 +0200)]
dirmngr: Use Assuan socket wrappers for http.c

* dirmngr/http.c: Include assuan.h.  Changed all code taking a socket
descriptor from int to assuan_fd_t.
(my_unprotect, my_protect): New.
(my_connect): Remove.
(_my_socket_new, _my_socket_unref): use assuan_sock_close.
(connect_server): Use assuan_sock_connect, assuan_sock_new, and
assuan_sock_close.
* dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS.
--

This change prepares for the use of SOCKS5 with http.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix formatting.
Neal H. Walfield [Mon, 19 Oct 2015 08:36:21 +0000 (10:36 +0200)]
gpg: Fix formatting.

* g10/tofu.c (get_trust): Fix formatting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Don't forget to free some memory.
Neal H. Walfield [Mon, 19 Oct 2015 08:35:38 +0000 (10:35 +0200)]
gpg: Don't forget to free some memory.

* g10/tofu.c (tofu_register): Free SIG_DIGEST before returning.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: If a conflict occurs in batch mode, record that.
Neal H. Walfield [Mon, 19 Oct 2015 08:34:15 +0000 (10:34 +0200)]
gpg: If a conflict occurs in batch mode, record that.

* g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false,
set conflict to the key.  When prompting the user, don't show the
conflicting key if the conflicting key is the current key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Silence two more warnings.
Werner Koch [Sun, 18 Oct 2015 18:17:24 +0000 (20:17 +0200)]
gpg: Silence two more warnings.

* g10/trustdb.c (tdb_get_validity_core): Silence a warning.
* g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
so that it is not uninitialized in case of an early error.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix harmless compiler warnings.
Werner Koch [Sun, 18 Oct 2015 18:07:26 +0000 (20:07 +0200)]
gpg: Fix harmless compiler warnings.

* g10/tofu.h (_tofu_GET_POLICY_ERROR): New.  This avoids warnings
about undefined enum values in a switch.
* g10/trustdb.h (_tofu_GET_TRUST_ERROR): New.
* g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top.
(opendbs): Avoid compiler warning (use braces).
(GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR.
(get_policy): Remove assert.
(GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro.
(show_statistics): Undef MIN_SECS et al. after use.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Avoid warning about const char ** assignment.
Werner Koch [Sun, 18 Oct 2015 17:37:41 +0000 (19:37 +0200)]
common: Avoid warning about const char ** assignment.

* common/mkdir_p.c (gnupg_amkdir_p): Also strdup first item.  Return
an error on malloc failure.
(gnupg_mkdir_p): Fix type of dirs and tmp_dirs.
--

The code was correct but it inhibits type checking.  Instead of
casting it seems easier to simply allocate also the the first item in
DIRS.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoMove http module from common/ to dirmngr/.
Werner Koch [Sun, 18 Oct 2015 18:07:44 +0000 (20:07 +0200)]
Move http module from common/ to dirmngr/.

* common/http.c: Move to ../dirmngr/.
* common/http.h: Move to ../dirmngr/.
* common/t-http.c: Move to ../dirmngr/.
* common/tls-ca.pem: Move to ../dirmngr/.
* common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
Remove http.c related stuff.
* po/POTFILES.in: Move http.c to dirmngr/.
* dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
(module_maint_tests): New.
(noinst_PROGRAMS): Add module_maint_tests.
(dirmngr_SOURCES): Add http.c and http.h.
(dirmngr_LDADD): Remove libcommontlsnpth.
(t_common_ldadd): Ditto.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
(t_ldap_parse_uri_SOURCES): Add http.c.
(t_ldap_parse_uri_CFLAGS): Build without npth.
($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
* dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
--

All network access is done via dirmngr and thus http.c should be
there.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Fix assert.
Neal H. Walfield [Sun, 18 Oct 2015 17:08:18 +0000 (19:08 +0200)]
g10: Fix assert.

* g10/tofu.c (get_trust): Fix assert.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Add TOFU support.
Neal H. Walfield [Sun, 18 Oct 2015 16:44:05 +0000 (18:44 +0200)]
g10: Add TOFU support.

* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Prefix the mkdir functions with gnupg_. Make args const.
Neal H. Walfield [Fri, 16 Oct 2015 14:30:46 +0000 (16:30 +0200)]
common: Prefix the mkdir functions with gnupg_.  Make args const.

* common/mkdir_p.h (mkdir_p): Rename from this...
(gnupg_mkdir_p): ... to this.  Change directory_component's type from
char * to const char *.
(amkdir_p): Rename from this...
(gnupg_amkdir_p): ... to this.  Change directory_component's type from
char * to const char *.
* common/mkdir_p.c (mkdir_p): Rename from this...
(gnupg_mkdir_p): ... to this.  Change directory_component's type from
char * to const char *.
(amkdir_p): Rename from this...
(gnupg_amkdir_p): ... to this.  Change directory_component's type from
char * to const char *.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocleanup: Fix confusion between gpg_error_t and gpg_err_code_t.
NIIBE Yutaka [Wed, 14 Oct 2015 09:57:26 +0000 (18:57 +0900)]
cleanup: Fix confusion between gpg_error_t and gpg_err_code_t.

* dirmngr/crlcache.c (hash_dbfile): Use gpg_error_t for ERR.
* kbx/keybox-update.c (keybox_set_flags): Call
gpg_err_code_from_syserror.

3 years agopo: Update Japanese translation.
NIIBE Yutaka [Tue, 13 Oct 2015 02:37:09 +0000 (11:37 +0900)]
po: Update Japanese translation.

3 years agogpg: Try hard to use MDC also for sign+symenc.
Werner Koch [Mon, 12 Oct 2015 07:31:44 +0000 (09:31 +0200)]
gpg: Try hard to use MDC also for sign+symenc.

* g10/encrypt.c (use_mdc): Make it a global func.
* g10/sign.c (sign_symencrypt_file): Use that function to decide
whether to use an MDC.
* tests/openpgp/conventional-mdc.test: Add a simple test case.
--

We used --force-mdc in sign+symenc mode (-cs) only with --force-mdc.
That broke our assumption from commit 625e292 (GnuPG 2.1.9) that all
uses of modern ciphers are using MDC.

Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoPost release updates.
Werner Koch [Sat, 10 Oct 2015 09:49:32 +0000 (11:49 +0200)]
Post release updates.

--

3 years agoRelease 2.1.9 gnupg-2.1.9
Werner Koch [Fri, 9 Oct 2015 15:13:35 +0000 (17:13 +0200)]
Release 2.1.9

3 years agopo: Auto-update.
Werner Koch [Fri, 9 Oct 2015 15:13:21 +0000 (17:13 +0200)]
po: Auto-update.

--

3 years agopo: Fix two fuzzy strings in the Spansih translation
Werner Koch [Fri, 9 Oct 2015 15:11:05 +0000 (17:11 +0200)]
po: Fix two fuzzy strings in the Spansih translation

--

3 years agoagent: simplify agent_get_passphrase.
NIIBE Yutaka [Fri, 9 Oct 2015 02:55:18 +0000 (11:55 +0900)]
agent: simplify agent_get_passphrase.

* agent/call-pinentry.c (agent_get_passphrase): Simplify.

3 years agoagent: fix agent_askpin.
NIIBE Yutaka [Fri, 9 Oct 2015 02:46:23 +0000 (11:46 +0900)]
agent: fix agent_askpin.

* agent/call-pinentry.c (agent_askpin): Fix off-by-one error.

3 years agoagent: Fix function return type for check_cb and agent_askpin.
NIIBE Yutaka [Fri, 9 Oct 2015 02:33:13 +0000 (11:33 +0900)]
agent: Fix function return type for check_cb and agent_askpin.

* agent/call-pinentry.c (unlock_pinentry): Return gpg_error_t.
(start_pinentry, setup_qualitybar): Likewise.
(agent_askpin): Fix return value check of check_cb.
* agent/command-ssh.c (reenter_compare_cb): Return gpg_error_t.
(ssh_identity_register): Fix return value check of agent_askpin.
* agent/cvt-openpgp.c (try_do_unprotect_cb): Return gpg_error_t.
* agent/findkey.c (try_unprotect_cb): Likewise.
* agent/genkey.c (reenter_compare_cb): Return gpg_error_t.
(agent_ask_new_passphrase): Fix return value check of agent_askpin.

3 years agodirmngr: Default to http protocol for http-proxy
Andre Heinecke [Fri, 25 Sep 2015 09:43:16 +0000 (11:43 +0200)]
dirmngr: Default to http protocol for http-proxy

* common/http.c (send_request): Fix handling for hostname:port string.

--
The first pass to parse_uri should already do a scheme check so
that a hostname:port string is detected as invlaid and the retry
code actually takes effect and adds a http://

GnuPG-bug-id: 2109

3 years agospeedo: Add a w32-release target.
Werner Koch [Thu, 8 Oct 2015 16:24:26 +0000 (18:24 +0200)]
speedo: Add a w32-release target.

--

This simplifies building a release to:

  git tag -s gnupg-2.n.m
  ./autogen.sh --force
  cd ~/b/gnupg
  ~/s/gnupg/configure --enable-maintainer-mode
  make distcheck
  tar xJf gnupg-2.n.m.tar.bz2
  make -f gnupg-2.n.m/build-aux/speedo.mk w32-release
  gpg -sbvu KEYID gnupg-2.n.m.tar.bz2
  gpg -sbvu KEYID gnupg-w32-2.n.m-20151008.tar.xz
  gpg -sbvu KEYID gnupg-w32-2.n.m-20151008.exe
  scp gnupg-2.n.m.tar.bz2              $TARGET
  scp gnupg-w32-2.n.m-20151008.tar.xz  $TARGET
  scp gnupg-w32-2.n.m-20151008.exe     $TARGET

3 years agocommon: Allow building of mkdir_p.c for Windows.
Werner Koch [Thu, 8 Oct 2015 14:42:14 +0000 (16:42 +0200)]
common: Allow building of mkdir_p.c for Windows.

* common/mkdir_p.c: Change license and comment debug statements.
(amkdir_p, mkdir_p): Fail on malloc error and use default_errsource to
build an error code.  Change return value to gpg_error_t.
(amkdir_p): Use gnupg_mkdir.

* common/membuf.c: Include util.h first to avoid redefined macro
warnings.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add option --print-dane-records.
Werner Koch [Thu, 8 Oct 2015 13:04:45 +0000 (15:04 +0200)]
gpg: Add option --print-dane-records.

* g10/options.h (opt): Add field "print_dane_records".
* g10/gpg.c (oPrintDANERecords): new.
(opts): Add --print-dane-records.
(main): Set that option.
* g10/export.c (do_export): Remove EXPORT_DANE_FORMAT handling.
(do_export_stream): Add EXPORT_DANE_FORMAT handling.
* g10/keylist.c (list_keyblock_pka): Implement DANE record printing.

* g10/gpgv.c (export_pubkey_buffer): New stub.
* g10/test-stubs.c (export_pubkey_buffer): New stub.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoFix two unused/possible-uninitialized var warnings.
Werner Koch [Thu, 8 Oct 2015 12:58:26 +0000 (14:58 +0200)]
Fix two unused/possible-uninitialized var warnings.

--

3 years agogpg: Pass CTRL parameter to all key listing functions.
Werner Koch [Thu, 8 Oct 2015 12:55:07 +0000 (14:55 +0200)]
gpg: Pass CTRL parameter to all key listing functions.

* g10/keylist.c (public_key_list): Add arg CTRL.
(secret_key_list): Ditto.
(list_all, list_one): Ditto.
(locate_one): Ditto.
(list_keyblock_pka): Ditto.
(list_keyblock): Ditto.
(list_keyblock_direct): Ditto.
* g10/keygen.c (proc_parameter_file): Add arg CTRL.
(read_parameter_file): Ditto.
(quick_generate_keypair): Ditto.
(do_generate_keypair): Ditto.
(generate_keypair): Pass arg CTRL.
* g10/gpg.c (main): Pass arg CTRL to quick_generate_keypair.
--

This will help use to implement the --server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove unfinished experimental code to export as S-expressions.
Werner Koch [Wed, 7 Oct 2015 14:55:15 +0000 (16:55 +0200)]
gpg: Remove unfinished experimental code to export as S-expressions.

* g10/options.h (EXPORT_SEXP_FORMAT): Remove.
(EXPORT_DANE_FORMAT): New.
* g10/export.c (parse_export_options): Remove "export-sexp-format".
(export_seckeys): Adjust for removed option.
(export_secsubkeys): Ditto.
(do_export): Prepare for DANE format.
(build_sexp, build_sexp_seckey): Remove.
(do_export_stream): Remove use of removed functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add new --auto-key-locate mechanism "dane".
Werner Koch [Tue, 6 Oct 2015 18:31:43 +0000 (20:31 +0200)]
gpg: Add new --auto-key-locate mechanism "dane".

* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Addlow fetching keys using OpenPGP DANE
Werner Koch [Tue, 6 Oct 2015 17:59:56 +0000 (19:59 +0200)]
dirmngr: Addlow fetching keys using OpenPGP DANE

* dirmngr/server.c (cmd_dns_cert): Add option --dane.
--

This implements draft-ietf-dane-openpgpkey-05.txt
To test this use

  $ gpg-connect-agent --dirmngr
  > /hex
  > dns_cert --dane wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Improve DNS code to retrieve arbitrary records.
Werner Koch [Tue, 6 Oct 2015 17:57:00 +0000 (19:57 +0200)]
dirmngr: Improve DNS code to retrieve arbitrary records.

* dirmngr/dns-cert.c (get_dns_cert): Add hack to retrieve arbitrary
resource records.
* dirmngr/dns-cert.h (DNS_CERTTYPE_RRBASE): New.
(DNS_CERTTYPE_RR61): New.
--

This has been tested with ADNS on Unix and with the standard
resolver.  Because ADNS works it should also work on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Change DNS code to make additions easier.
Werner Koch [Tue, 6 Oct 2015 15:34:13 +0000 (17:34 +0200)]
dirmngr: Change DNS code to make additions easier.

* dirmngr/dns-cert.c (get_dns_cert) [!USE_ADNS]: Change loop to allow
adding more resource types.

3 years agodirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.
Werner Koch [Tue, 6 Oct 2015 11:55:38 +0000 (13:55 +0200)]
dirmngr: Make commands RELOADDIRMNGR and KILLDIRMNGR work properly.

* dirmngr/server.c (cmd_killdirmngr): Set assuan close flag.
(cmd_reloaddirmngr): Use check_owner_permission.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Typo fix in German translation.
Werner Koch [Tue, 6 Oct 2015 11:11:12 +0000 (13:11 +0200)]
po: Typo fix in German translation.

--

3 years agodirmngr: Do tilde expansion for --hkp-cacert.
Werner Koch [Tue, 6 Oct 2015 11:10:26 +0000 (13:10 +0200)]
dirmngr: Do tilde expansion for --hkp-cacert.

* dirmngr/dirmngr.c (parse_rereadable_options): Do tilde expansion and
check for cert file existance in option --hkp-cacert.
--

GnuPG-bug-id: 2120
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fail decryption for AES etc message w/o MDC.
Werner Koch [Tue, 6 Oct 2015 07:40:57 +0000 (09:40 +0200)]
gpg: Fail decryption for AES etc message w/o MDC.

* g10/mainproc.c (proc_encrypted): Fail for modern messages w/o MDC.
--

This change turns the missing MDC warning into an error if the message
has been encrypted using a cipher with a non-64 bit block length cipher
and it is not Twofish.

We can assume that such messages are created by code which should have
been able to create MDC packets.  AES was introduced with 1.0.3 on
2000-09-18 shortly after MDC (1.0.2 on 2000-07-12).  We need to
exclude Twofish because that might have been used before MDC.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Fix verification of signature for smartcard.
NIIBE Yutaka [Tue, 6 Oct 2015 06:10:25 +0000 (15:10 +0900)]
agent: Fix verification of signature for smartcard.

* agent/pksign.c (agent_pksign_do): Use public key smartcard.

--

Since gcry_pk_verify can't handle shadowed private key, public
key SEXP should be prepared for smartcard.

3 years agoagent: Fix non-allocation for pinentry_loopback.
NIIBE Yutaka [Mon, 5 Oct 2015 17:05:04 +0000 (02:05 +0900)]
agent: Fix non-allocation for pinentry_loopback.

* agent/call-pinentry.c (agent_get_passphrase): Don't allocate, it will
be allocated by pinentry_loopback.

3 years agogpg: Install a dirmngr.conf file.
Werner Koch [Mon, 5 Oct 2015 17:48:47 +0000 (19:48 +0200)]
gpg: Install a dirmngr.conf file.

* g10/dirmngr-conf.skel: New.
* g10/Makefile.am (EXTRA_DIST): Add file.
(install-data-local, uninstall-local): Install that file.
* g10/openfile.c (copy_options_file): Add arg "name", return a value,
simplify with xstrconcat, and factor warning message out to:
(try_make_homedir): here.  Also install dirmngr.conf.
* g10/options.skel: Remove --keyserver entry.
--

The option --keyserver in gpg has been deprecated in favor of
--keyserver in dirmngr.conf.  Thus we need to install a skeleton file
for dirmngr to set a default keyserver.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Deprecate the --keyserver option.
Werner Koch [Mon, 5 Oct 2015 15:52:28 +0000 (17:52 +0200)]
gpg: Deprecate the --keyserver option.

* g10/keyserver.c (keyserver_refresh): Change return type to
gpg_error_t.  Use gpg_dirmngr_ks_list to print the name of the
keyserver to use.
(keyserver_search): Do not print the "no keyserver" error
message.  The same error is anyway returned from dirmngr.
* g10/call-dirmngr.c (ks_status_parm_s): Add field "keyword".
(ks_status_cb): Handle other status keywords.
(gpg_dirmngr_ks_list): New.
* tools/gpgconf-comp.c (gc_options_gpg): Deprecate "keyserver".
(gc_options_dirmngr): Add "Keyserver" group and "keyserver".
--

Along with the corresponding dirmngr change this option allows to
configure the keyserver only in dirmngr.conf.  Existing
configurations will continue to work.  However, GUIs using gpgconf
now the keyserver option under the dirmngr (aka Key Acquirer) tab
unless they are in export mode in which the keyserver option is also
show for gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Add option --keyserver.
Werner Koch [Mon, 5 Oct 2015 15:44:20 +0000 (17:44 +0200)]
dirmngr: Add option --keyserver.

* dirmngr/dirmngr.c (oKeyServer): New.
(opts): Add "keyserver".
(parse_rereadable_options): Parse that options
(main): Add option to the gpgconf list.
* dirmngr/dirmngr.h (opt): Add field "keyserver".
* dirmngr/server.c (ensure_keyserver): New.
(make_keyserver_item): New.  Factored out from
(cmd_keyserver): here.  Call ensure_keyserver.
(cmd_ks_search): Call ensure_keyserver.
(cmd_ks_get): Ditto.
(cmd_ks_fetch): Ditto.
(cmd_ks_put): Ditto.
--

This option specifies the keyserver to be used if the client does not
set another keyserver.  We want to fade out the use of --keyserver in
gpg.conf in favor of specifying it here.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Make clear that --use-tor is not yet ready for use.
Werner Koch [Mon, 5 Oct 2015 09:31:31 +0000 (11:31 +0200)]
dirmngr: Make clear that --use-tor is not yet ready for use.

* dirmngr/dirmngr.c (main): Print a warning if --use-tor has been
given.
* tools/gpgconf-comp.c (gc_options_dirmngr): Make --use-tor invisible.

3 years agopo: Update the German translation.
Werner Koch [Mon, 5 Oct 2015 09:17:40 +0000 (11:17 +0200)]
po: Update the German translation.

--

3 years agogpgconf: Change displayed name of Dirmngr to "Key Acquirer".
Werner Koch [Mon, 5 Oct 2015 09:08:34 +0000 (11:08 +0200)]
gpgconf: Change displayed name of Dirmngr to "Key Acquirer".

* tools/gpgconf-comp.c (gc_component): Change printed name.
--

All network access is handled by Dirmngr so at least in the GUI option
dialog we should acknowledge that by changing the name to an issuer to
understand term.  This is an update of
819bba75aaed11ecef2e274add173718358212b9 suggested by Neal Walfield.
The former term "Network Manager" conflicts with the well known GNOME
network manager tool.

3 years agotests: Two new OpenPGP test keys from E2E.
Werner Koch [Mon, 5 Oct 2015 08:58:00 +0000 (10:58 +0200)]
tests: Two new OpenPGP test keys from E2E.

--

3 years agoscd: Use Assuan macro instead of a number constant.
Werner Koch [Fri, 2 Oct 2015 10:21:31 +0000 (12:21 +0200)]
scd: Use Assuan macro instead of a number constant.

--

3 years agodirmngr: Fix use-after-free due to a realloc shrinking.
Werner Koch [Fri, 2 Oct 2015 09:31:45 +0000 (11:31 +0200)]
dirmngr: Fix use-after-free due to a realloc shrinking.

* dirmngr/ks-engine-hkp.c (map_host): Do not use original pointer
after realloc.
--

vex01 reported and debugged the problem.

GnuPG-bug-id: 2107
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Fix alignment problem with the second passphrase struct.
Werner Koch [Thu, 1 Oct 2015 11:21:25 +0000 (13:21 +0200)]
agent: Fix alignment problem with the second passphrase struct.

* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
PI2.  Check return value of the malloc function.
* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
for PI2.  Wipe PI2.
--

For whatever stupid reasons I once allocated only one memory area and
split that into PI and PI2.  This is actually a common pattern with
malloc but here we used a made up object size and do not take the
extra alignment required into account.  One of these not yet hit by
a (sig)bus PC/VAX hacker bugs.

Instead of trying to fix the alignment, it is better to use a second
calloc for the second struct.

GnuPG-bug-id: 2112
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix a practical hang after use of --faked-system-time.
Werner Koch [Thu, 1 Oct 2015 15:59:03 +0000 (17:59 +0200)]
gpg: Fix a practical hang after use of --faked-system-time.

* g10/sign.c (update_keysig_packet): Bail out if we would need to long
for a new timestamp.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Print more info with "check selfsig".
Werner Koch [Thu, 1 Oct 2015 15:57:39 +0000 (17:57 +0200)]
gpg: Print more info with "check selfsig".

* g10/keyedit.c (print_and_check_one_sig): Print more Some sigsub
packets.

3 years agogpg: Add debug helper to --edit-keys's check sub-command.
Werner Koch [Thu, 1 Oct 2015 14:22:29 +0000 (16:22 +0200)]
gpg: Add debug helper to --edit-keys's check sub-command.

* g10/keyedit.c (print_and_check_one_sig): Add arg "extended" and
print an asterisk for the chosen selfsig.
(check_all_keysigs): Add arg "only_selfsig"
(keyedit_menu) <cmdCHECK>: Add optional arg "selfsig".
--

Using "check selfsig" prints only the self-signatures and indicates
the chosen selfsig with an asterisk.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Fix strsplit.
NIIBE Yutaka [Wed, 30 Sep 2015 23:57:06 +0000 (08:57 +0900)]
common: Fix strsplit.

* common/stringhelp.c (strsplit): Fix arguments order.

3 years agocommon: Add mkdir_p.
Neal H. Walfield [Tue, 29 Sep 2015 12:12:00 +0000 (14:12 +0200)]
common: Add mkdir_p.

* common/mkdir_p.c: New file.
* common/mkdir_p.h: New file.
* common/Makefile.am (common_sources): Add mkdir_p.c and mkdir_p.h.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Remove unused files.
Neal H. Walfield [Tue, 29 Sep 2015 11:24:48 +0000 (13:24 +0200)]
common: Remove unused files.

* common/xmalloc.c: Remove file.
* common/xmalloc.h: Remove file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Include <gpg-error.h>.
Neal H. Walfield [Tue, 29 Sep 2015 11:20:26 +0000 (13:20 +0200)]
common: Include <gpg-error.h>.

* common/logging.h: Include <gpg-error.h>.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
logging.h uses estream_t and as such should directly include
<gpg-error.h>.

3 years agog10: Remove unused struct cmp_help_context_s.
Neal H. Walfield [Thu, 24 Sep 2015 12:11:13 +0000 (14:11 +0200)]
g10: Remove unused struct cmp_help_context_s.

* g10/sig-check.c (struct cmp_help_context_s) Remove unused struct.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Avoid an unnecessary copy.
Neal H. Walfield [Wed, 23 Sep 2015 18:50:03 +0000 (20:50 +0200)]
g10: Avoid an unnecessary copy.

* g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
Instead, directly use the provided storage.  If none is provided
allocate some.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agossh: Fix fingerprint computation for EdDSA key.
NIIBE Yutaka [Tue, 29 Sep 2015 06:33:59 +0000 (15:33 +0900)]
ssh: Fix fingerprint computation for EdDSA key.

* common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
* common/t-ssh-utils.c (sample_keys): Add a new key.

--

Also adding Ed25519 test key.

3 years agoagent: RSA signature verification by gpg-agent.
NIIBE Yutaka [Tue, 29 Sep 2015 00:49:44 +0000 (09:49 +0900)]
agent: RSA signature verification by gpg-agent.

* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.

--

RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary.  Newer libgcrypt does so.  For older libgcrypt and
smartcards, gpg-agent does signature verification.

3 years agocommon: Provide two new error code replacements.
Werner Koch [Mon, 28 Sep 2015 16:13:37 +0000 (18:13 +0200)]
common: Provide two new error code replacements.

* common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc,w32: Fix compiler warnings.
Werner Koch [Mon, 28 Sep 2015 16:12:44 +0000 (18:12 +0200)]
doc,w32: Fix compiler warnings.

--

3 years agocommon: Change calling convention for gnupg_spawn_process.
Werner Koch [Mon, 28 Sep 2015 16:10:21 +0000 (18:10 +0200)]
common: Change calling convention for gnupg_spawn_process.

* common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
(GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
numbers.
* common/exechelp.h (gnupg_spawn_process): Change function to not take
an optional stream for stdin but to return one.
* common/exechelp-posix.c (gnupg_spawn_process): Implement change.
(create_pipe_and_estream): Add args outbound and nonblock.
* common/exechelp-w32.c (gnupg_spawn_process): Implement change.
--

In 2.1 this function is only used at one place and the stdin parameter
is not used.  Thus this change is trivial for the callers but along
with estream's new es_poll it is overall simpler to use.

Note that the Windows version has not been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Handle error correctly.
NIIBE Yutaka [Mon, 28 Sep 2015 04:41:59 +0000 (13:41 +0900)]
scd: Handle error correctly.

* scd/apdu.c (apdu_connect): Initialize variables and check an error
of apdu_get_status_internal.

3 years agossh: Add 256, 384 and 521 bit test keys for the fingerprint.
Werner Koch [Tue, 22 Sep 2015 08:01:31 +0000 (10:01 +0200)]
ssh: Add 256, 384 and 521 bit test keys for the fingerprint.

* common/t-ssh-utils.c (sample_keys): Add 3 new keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agossh: Fix fingerprint computation for 384 bit ECDSA keys.
Werner Koch [Tue, 22 Sep 2015 07:28:35 +0000 (09:28 +0200)]
ssh: Fix fingerprint computation for 384 bit ECDSA keys.

* common/ssh-utils.c (get_fingerprint): Fix hashed string.
--

That was an obvious c+p bug which should have been caught by a test
case.

GnuPG-bug-id: 2075
Debian-bug-id: 795636