gnupg.git
2 days agocard: Suppress error message by agent_scd_cardlist. master
NIIBE Yutaka [Wed, 12 Dec 2018 01:25:34 +0000 (10:25 +0900)]
card: Suppress error message by agent_scd_cardlist.

* g10/call-agent.c (agent_scd_cardlist): Add
FLAG_FOR_CARD_SUPPRESS_ERRORS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 days agoagent: Make the S2K calibration time runtime configurabe.
Werner Koch [Tue, 11 Dec 2018 17:12:51 +0000 (18:12 +0100)]
agent: Make the S2K calibration time runtime configurabe.

* agent/protect.c (s2k_calibration_time): New file global var.
(calibrate_s2k_count): Use it here.
(get_calibrated_s2k_count): Replace function static var by ...
(s2k_calibrated_count): new file global var.
(set_s2k_calibration_time): New function.
* agent/gpg-agent.c (oS2KCalibration): New const.
(opts): New option --s2k-calibration.
(parse_rereadable_options): Parse that option.
--

Note that using an unrelistic high value (like 60000) takes quite some
time for calibration.

GnuPG-bug-id: 3399
Signed-off-by: Werner Koch <wk@gnupg.org>
2 days agodirmngr: Retry another server from the pool on 502, 503, 504.
Werner Koch [Tue, 11 Dec 2018 12:39:41 +0000 (13:39 +0100)]
dirmngr: Retry another server from the pool on 502, 503, 504.

* dirmngr/ks-engine-hkp.c (handle_send_request_error): Add arg
http_status and handle it.
(ks_hkp_search): Get http_status froms end_request and pass on to
handle_send_request_error.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--

GnuPG-bug-id: 4175
Signed-off-by: Werner Koch <wk@gnupg.org>
2 days agodirmngr: New function http_status2string.
Werner Koch [Tue, 11 Dec 2018 12:24:21 +0000 (13:24 +0100)]
dirmngr: New function http_status2string.

* dirmngr/http.c (http_status2string): New.
--

Right now only the standard 5xx codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 days agogpg: In search-keys return "Not found" instead of "No Data".
Werner Koch [Tue, 11 Dec 2018 11:29:58 +0000 (12:29 +0100)]
gpg: In search-keys return "Not found" instead of "No Data".

* g10/keyserver.c (keyserver_search): Check for NO_DATA.
--

GnuPG-bug-id: 3830
Signed-off-by: Werner Koch <wk@gnupg.org>
3 days agotools: Use POSIX compatible arguments for find
Tomi Leppänen [Tue, 11 Dec 2018 07:42:33 +0000 (08:42 +0100)]
tools: Use POSIX compatible arguments for find

* tools/addgnupghome (filelist): Remove bashism.

9 days agog10: Fix print_pubkey_info new line output.
NIIBE Yutaka [Wed, 5 Dec 2018 07:44:59 +0000 (16:44 +0900)]
g10: Fix print_pubkey_info new line output.

* g10/keylist.c (print_pubkey_info): Reverse the condition.

--

This mistakes were introduced when replacing by estream.

It resulted 'gpg --card-status' from a process with no controlling
terminal fails.

Fixes-commit: fb2ba98963beea249474f5d6d7345cf9b4b7f570
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
9 days agowks: Fix filter expression syntax flaw.
Werner Koch [Tue, 4 Dec 2018 15:00:49 +0000 (16:00 +0100)]
wks: Fix filter expression syntax flaw.

* tools/wks-util.c (wks_get_key, wks_filter_uid): The filter
expression needs a space before the value.
(install_key_from_spec_file): Replace es_getline by es_read_line and
remove debug output.
--

A value of starting with '<' was considered an invalid operator due to
our tokenization method.

Signed-off-by: Werner Koch <wk@gnupg.org>
9 days agogpg: Prepare revocation keys for use with v5 keys.
Werner Koch [Tue, 4 Dec 2018 14:43:19 +0000 (15:43 +0100)]
gpg: Prepare revocation keys for use with v5 keys.

* g10/packet.h (struct revocation_key): Add field 'fprlen'.
* g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
keys.  Also fix reading of unitialized data at place where
MAX_FINGERPRINT_LEN is used.
* g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
Do an explicit compare to avoid reading unitialized data.
* g10/sig-check.c (check_revocation_keys): Use the fprlen.
* g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
reading unitialized data.
* g10/import.c (revocation_present): Use fprlen.
* g10/keyedit.c (show_key_with_all_names): Use fprlen.
(menu_addrevoker): Use fprlen.  Allow for v5 keys.
* g10/keygen.c (keygen_add_revkey): Use fprlen.
(parse_revocation_key): Allow for v5 keys.
* g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys.  Print a
better error message in case of bogus fingerprints.
* g10/keylist.c (print_revokers): Use fprlen.
--

The reading of uninitialized data is harmless but we better fix it to
make valgrind happy.  More serious was that we always passed
MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet
fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4.

Signed-off-by: Werner Koch <wk@gnupg.org>
9 days agowks: Allow reading of --install-key arguments from stdin.
Werner Koch [Tue, 4 Dec 2018 14:27:19 +0000 (15:27 +0100)]
wks: Allow reading of --install-key arguments from stdin.

* tools/wks-util.c (install_key_from_spec_file): New.
(wks_cmd_install_key): Call it.
* tools/gpg-wks-client.c (main): Allow --install-key w/o arguments.
* tools/gpg-wks-server.c (main): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
9 days agogpg: New list-option "show-only-fpr-mbox".
Werner Koch [Tue, 4 Dec 2018 11:32:28 +0000 (12:32 +0100)]
gpg: New list-option "show-only-fpr-mbox".

* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
* g10/keylist.c (list_keyblock_simple): New.
(list_keyblock): Call it.
(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
9 days agowks: Create sub-directories
Werner Koch [Tue, 4 Dec 2018 10:37:54 +0000 (11:37 +0100)]
wks: Create sub-directories

* tools/wks-util.c (wks_compute_hu_fname): Stat and create directory
if needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
9 days agowks: Add new commands --install-key and --remove-key to the client.
Werner Koch [Tue, 4 Dec 2018 09:31:42 +0000 (10:31 +0100)]
wks: Add new commands --install-key and --remove-key to the client.

* tools/gpg-wks-client.c (aInstallKey, aRemoveKey, oDirectory): New.
(opts): Add "--install-key", "--remove-key" and "-C".
(parse_arguments): Parse them.
(main): Check that the given directory exists.  Implement the new
commands.
--

These commands maybe useful to prepare a WKD directory on a non-Unix
box using the standard wks client.

Signed-off-by: Werner Koch <wk@gnupg.org>
9 days agowks: Move a few server functions to wks-util.
Werner Koch [Tue, 4 Dec 2018 08:45:42 +0000 (09:45 +0100)]
wks: Move a few server functions to wks-util.

* tools/gpg-wks-server.c (write_to_file): Move to ...
* tools/wks-util.c: here.
* tools/gpg-wks-server.c (compute_hu_fname): Move to ...
* tools/wks-util.c (wks_compute_hu_fname): here.
* tools/gpg-wks-server.c (fname_from_userid): Move to ...
* tools/wks-util.c (wks_fname_from_userid): here.
* tools/gpg-wks-server.c (command_install_key): Move to ...
* tools/wks-util.c (wks_cmd_install_key): here and change caller.
* tools/gpg-wks-server.c (command_remove_key): Move to ...
* tools/wks-util.c (wks_cmd_remove_key): here and change callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
10 days agobuild: Remove --with-*-prefix from configure_opts.
NIIBE Yutaka [Tue, 4 Dec 2018 03:32:01 +0000 (12:32 +0900)]
build: Remove --with-*-prefix from configure_opts.

* autogen.rc (configure_opts): Remove --with-*-prefix.

--

It seems that we haven't done cross-build for amd64 for a while,
we now use nPth instead of Pth.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 days agog10/mainproc: disable hash contexts when --skip-verify is used
Jussi Kivilinna [Sat, 1 Dec 2018 11:43:10 +0000 (13:43 +0200)]
g10/mainproc: disable hash contexts when --skip-verify is used

* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
opt.skip_verify is set.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
12 days agocommon/iobuf: fix memory wiping in iobuf_copy
Jussi Kivilinna [Sat, 1 Dec 2018 11:43:10 +0000 (13:43 +0200)]
common/iobuf: fix memory wiping in iobuf_copy

* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
first sizeof(char*) bytes.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
12 days agocommon/mischelp: use platform memory zeroing function for wipememory
Jussi Kivilinna [Sat, 1 Dec 2018 11:43:09 +0000 (13:43 +0200)]
common/mischelp: use platform memory zeroing function for wipememory

* common/mischelp.h (wipememory): Replace macro with function
prototype.
(wipememory2): Remove.
* common/mischelp.c (wipememory): New.
* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero'.
--

In new wipememory function, memory is cleared through platform
provided secure memory zeroing function, SecureZeroMemory
or explicit_bzero.

If none of these is available, memset is called through
volatile function pointer to so that compiler won't optimize
away the call.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
13 days agoscd: Add strerror to new error message.
Werner Koch [Fri, 30 Nov 2018 11:38:51 +0000 (12:38 +0100)]
scd: Add strerror to new error message.

* agent/call-scd.c (wait_child_thread): Add %s.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 days agogpg: Improve error message about failed keygrip computation.
Werner Koch [Fri, 30 Nov 2018 11:35:37 +0000 (12:35 +0100)]
gpg: Improve error message about failed keygrip computation.

* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 weeks agoscd: Serialize opening device by select_application.
NIIBE Yutaka [Wed, 28 Nov 2018 05:59:44 +0000 (14:59 +0900)]
scd: Serialize opening device by select_application.

* scd/app.c (app_new_register): Don't lock APP_LIST_LOCK here.
(select_application): Lock with APP_LIST_LOCK earlier.

--

What we want to do here is to serialize the call of
select_application.  In the old code, it was possible
that a call of select_application was blocked internally,
and then another call of select_application entered.

We can have a dedicated lock for call of select_application,
but it is easier to re-use APP_LIST_LOCK.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 weeks agoagent: Better serialization for scdaemon access.
NIIBE Yutaka [Tue, 27 Nov 2018 02:08:51 +0000 (11:08 +0900)]
agent: Better serialization for scdaemon access.

* agent/call-scd.c (unlock_scd): Move lock before accessing IN_USE.
(wait_child_thread): Add log_info for Windows, and fixed log_error
message.

--

The old code is still valid with cooperate threads, but this is
better.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 weeks agow32: Fix linkage of gpg-pair-tool
Andre Heinecke [Mon, 26 Nov 2018 12:05:26 +0000 (13:05 +0100)]
w32: Fix linkage of gpg-pair-tool

* tools/Makefile.am (gpg_pair_tool_LDADD): Add W32SOCKLIBS.

--
This is required because parts of libcommon depend on ws2_32.

2 weeks agoagent: Have a thread to wait for the child process of scdaemon.
NIIBE Yutaka [Mon, 26 Nov 2018 03:07:36 +0000 (12:07 +0900)]
agent: Have a thread to wait for the child process of scdaemon.

* agent/call-scd.c (wait_child_thread): New.
(start_scd): Create a thread for wait_child_thread.
(agent_scd_check_aliveness): Remove.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 weeks agoagent: Defer calling assuan_release when it's still in use.
NIIBE Yutaka [Mon, 26 Nov 2018 02:05:28 +0000 (11:05 +0900)]
agent: Defer calling assuan_release when it's still in use.

* agent/call-scd.c (struct scd_local_s): Remove LOCK, introduce IN_USE
and INVALID flags.
(unlock_scd): Call assuan_release when CTX is invalid.
(start_scd): Set IN_USE.
(agent_scd_check_aliveness): Don't call assuan_release when it's in use.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 weeks agoagent: Clean up SCDaemon management.
NIIBE Yutaka [Mon, 26 Nov 2018 01:37:02 +0000 (10:37 +0900)]
agent: Clean up SCDaemon management.

* agent/call-scd.c (struct scd_local_s): Remove ctrl_backlink.
(start_scd): Don't assign to the field.
(agent_scd_check_aliveness): Fix typo in comment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 weeks agodirmngr: Avoid possible CSRF attacks via http redirects.
Werner Koch [Thu, 22 Nov 2018 21:27:56 +0000 (22:27 +0100)]
dirmngr: Avoid possible CSRF attacks via http redirects.

* dirmngr/http.h (parsed_uri_s): Add fields off_host and off_path.
(http_redir_info_t): New.
* dirmngr/http.c (do_parse_uri): Set new fields.
(same_host_p): New.
(http_prepare_redirect): New.
* dirmngr/t-http-basic.c: New test.
* dirmngr/ks-engine-hkp.c (send_request): Use http_prepare_redirect
instead of the open code.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
--

With this change a http query will not follow a redirect unless the
Location header gives the same host.  If the host is different only
the host and port is taken from the Location header and the original
path and query parts are kept.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 weeks agodoc: Clarify use of clear and nodefault in the AKL.
Werner Koch [Wed, 21 Nov 2018 08:20:56 +0000 (09:20 +0100)]
doc: Clarify use of clear and nodefault in the AKL.

--

3 weeks agogpg: Start using OCB mode by default with Libgcrypt 1.9.
Werner Koch [Fri, 16 Nov 2018 08:19:10 +0000 (09:19 +0100)]
gpg: Start using OCB mode by default with Libgcrypt 1.9.

* g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
--

GnuPG-bug-id: 4259
Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agodoc: Add NEWS item from recent 2.2 releases.
Werner Koch [Fri, 16 Nov 2018 07:30:47 +0000 (08:30 +0100)]
doc: Add NEWS item from recent 2.2 releases.

--

4 weeks agocard: Display UIF setting.
NIIBE Yutaka [Thu, 15 Nov 2018 04:57:31 +0000 (13:57 +0900)]
card: Display UIF setting.

* g10/call-agent.h (agent_card_info_s): Add UIF fields.
* g10/call-agent.c (learn_status_cb): Put UIF DOs info.
* g10/card-util.c (current_card_status): Output for UIF.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 weeks agoscd: Make "learn" report about KDF data object.
NIIBE Yutaka [Thu, 15 Nov 2018 04:31:12 +0000 (13:31 +0900)]
scd: Make "learn" report about KDF data object.

* scd/app-openpgp.c (do_learn_status): Report KDF attr.
* g10/card-util.c (current_card_status): Output KDF for with_colons.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 weeks agocard: Display if KDF is enabled or not.
NIIBE Yutaka [Thu, 15 Nov 2018 03:19:02 +0000 (12:19 +0900)]
card: Display if KDF is enabled or not.

* g10/call-agent.h (kdf_do_enabled): New field.
* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
* g10/card-util.c (current_card_status): Inform the availability.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 weeks agoMerge branch 'seckey-sync-work' into master
Werner Koch [Wed, 14 Nov 2018 12:37:41 +0000 (13:37 +0100)]
Merge branch 'seckey-sync-work' into master

--

4 weeks agoRemove the gpg-zip script.
Werner Koch [Wed, 14 Nov 2018 12:17:49 +0000 (13:17 +0100)]
Remove the gpg-zip script.

* tools/gpg-zip.in: Remove.
* m4/tar-ustar.m4: Remove.
--

Note that the script was even not anymore installed.  See also
GnuPG-bug-id: 4252

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agoagent: Simplify agent_popup_message_stop.
NIIBE Yutaka [Wed, 14 Nov 2018 01:45:15 +0000 (10:45 +0900)]
agent: Simplify agent_popup_message_stop.

* agent/call-pinentry.c (agent_popup_message_stop): Just kill it.

--

By checking if it's alive or not, we can lower a risk of sending
SIGINT to a wrong process on unusual condition when PID is re-used to
a different process.

That's true, however, since it's alive usually, simply sending SIGINT
is enough here.

Note that here is a race condition for detecting if process is active
or not;  A process can die just after being detected alive.

Moreover, when the process of pinentry accidentally died already, it
should have caused return of assuan_transact and the thread of
popup_message_thread likely already set popup_finished=1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 weeks agodirmngr: Support the new WKD draft with the openpgpkey subdomain.
Werner Koch [Tue, 13 Nov 2018 10:35:39 +0000 (11:35 +0100)]
dirmngr: Support the new WKD draft with the openpgpkey subdomain.

* dirmngr/server.c (proc_wkd_get): Implement new openpgpkey subdomain
method.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agopo: Clarify a translator's note.
Werner Koch [Mon, 12 Nov 2018 17:13:31 +0000 (18:13 +0100)]
po: Clarify a translator's note.

--

4 weeks agobuild: Update libgcrypt.m4 and ntbtls.m4.
NIIBE Yutaka [Tue, 13 Nov 2018 02:37:37 +0000 (11:37 +0900)]
build: Update libgcrypt.m4 and ntbtls.m4.

* m4/libgcrypt.m4: Update from master.
* m4/ntbtls.m4: Update from master.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
4 weeks agodirmngr: Add FLUSHCRLs command
Andre Heinecke [Wed, 24 Oct 2018 08:40:42 +0000 (10:40 +0200)]
dirmngr: Add FLUSHCRLs command

Summary:
* dirmngr/crlcache.c (crl_cache_flush): Also deinit the cache.
* dirmngr/server.c (hlp_flushcrls, cmd_flushcrls): New.
(register_commands): Add FLUSHCRLS.

--
This allows it to flush the CRL cache of a running dirmngr
server. This can be useful to debug / analyze CRL issues.

GnuPG-Bug-Id: T3967

Differential Revision: https://dev.gnupg.org/D469

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
(cherry picked from commit 00321a025f90990a71b60b4689ede1f38fbde347)

4 weeks agocommon: Prepare for parsing mail sub-addresses.
Werner Koch [Mon, 12 Nov 2018 06:44:33 +0000 (07:44 +0100)]
common: Prepare for parsing mail sub-addresses.

* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement.  Change all callers to pass false for it.

* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--

Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it.  After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.

To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command

   t-mbox-util --verbose --filter

can be used; to output w/o sub-addresses add --no-sub.

GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agogpg: Fix format string in gpgcompose.c
Werner Koch [Sun, 11 Nov 2018 11:20:34 +0000 (12:20 +0100)]
gpg: Fix format string in gpgcompose.c

--

For size_t  use "%zu"
For ssize_t use "%zd"

Signed-off-by: Werner Koch <wk@gnupg.org>
4 weeks agocommon: Add --filter option to t-mbox-util.
Werner Koch [Sun, 11 Nov 2018 11:01:42 +0000 (12:01 +0100)]
common: Add --filter option to t-mbox-util.

* common/t-mbox-util.c (run_filter): New.
(main): Add option parser.

4 weeks agog10/mainproc: avoid extra hash contexts when decrypting AEAD input
Jussi Kivilinna [Fri, 9 Nov 2018 16:07:38 +0000 (18:07 +0200)]
g10/mainproc: avoid extra hash contexts when decrypting AEAD input

* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_aead'.
(release_list): Clear 'seen_pkt_encrypted_aead'.
(proc_encrypted): Set 'seen_pkt_encrypted_aead'.
(have_seen_pkt_encrypted_aead): New.
(proc_plaintext): Do not enable extra hash contexts when decryption
AEAD input.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agog10/armor: optimize radix64 to binary conversion
Jussi Kivilinna [Thu, 8 Nov 2018 19:31:12 +0000 (21:31 +0200)]
g10/armor: optimize radix64 to binary conversion

* g10/armor.c (asctobin): Larger look-up table for fast path.
(initialize): Update 'asctobin' initialization.
(radix64_read): Add fast path for radix64 to binary conversion.
--

This patch adds fast path for radix64 to binary conversion in
armored decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
               gpg process
armor:         user time    pipe transfer rate
 decrypt-aead:  9.8          200 MB/s
 decrypt-cfb:   11.9         168 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agog10/armor: optimize binary to radix64 conversion
Jussi Kivilinna [Thu, 8 Nov 2018 19:31:12 +0000 (21:31 +0200)]
g10/armor: optimize binary to radix64 conversion

* g10/armor.c (bintoasc): Change to read-only.
(initialize): Use const pointer for 'bintoasc'.
(armor_output_buf_as_radix64): New function for faster binary to
radix64 conversion.
(armor_filter): Use new conversion function.
--

This patch adds faster binary to radix64 conversion to speed up
armored encryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  2.7          523 MB/s
 encrypt-cfb:   6.7          264 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agog10/armor: use libgcrypt's CRC24 implementation
Jussi Kivilinna [Thu, 8 Nov 2018 19:31:12 +0000 (21:31 +0200)]
g10/armor: use libgcrypt's CRC24 implementation

* g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove.
(new_armor_context): Open libgcrypt CRC24 context.
(release_armor_context): Close CRC24 context.
(initialize): Remove CRC table generation.
(get_afx_crc): New.
(check_input, fake_packet, radix64_read, armor_filter): Update to use
CRC24 context.
* g10/filter.h (armor_filter_context_t): Replace crc intermediate value
with libgcrypt md context pointer.
--

This patch changes armor filter to use optimized CRC24 implementation
from libgcrypt to speed up encryption and decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc opt)
-----------------------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  8.7          211 MB/s
 decrypt-aead:  17.6         116 MB/s
 encrypt-cfb:   12.6         153 MB/s
 decrypt-cfb:   19.6         105 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agocommon/iobuf: optimize iobuf_read_line
Jussi Kivilinna [Thu, 8 Nov 2018 19:31:12 +0000 (21:31 +0200)]
common/iobuf: optimize iobuf_read_line

* common/iobuf.c (iobuf_read_line): Add fast path for finding '\n'
character in buffer.
--

This patch reduce per byte overhead in iobuf_read_line by avoiding
using iobuf_get when possible and use memchr to find '\n'. This
speeds armored decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf opt)
-------------------------
               gpg process
armor:         user time    pipe transfer rate
 decrypt-aead:  22.5         92 MB/s
 decrypt-cfb:   24.4         85 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agog10/armor: remove unused unarmor_pump code
Jussi Kivilinna [Thu, 8 Nov 2018 19:31:12 +0000 (21:31 +0200)]
g10/armor: remove unused unarmor_pump code

* g10/armor.c (unarmor_state_e, unarmor_pump_s, unarmor_pump_new)
(unarmor_pump_release, unarmor_pump): Remove.
* g10/filter.h (UnarmorPump, unarmor_pump_new, unarmor_pump_release)
(unarmor_pump): Remove.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agog10/armor: fix eof checks in radix64_read
Jussi Kivilinna [Thu, 8 Nov 2018 19:31:12 +0000 (21:31 +0200)]
g10/armor: fix eof checks in radix64_read

* g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead
of 'c == -1', as 'c' is never set to this value.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agog10/decrypt-data: use iobuf_read for higher performance
Jussi Kivilinna [Thu, 8 Nov 2018 19:31:12 +0000 (21:31 +0200)]
g10/decrypt-data: use iobuf_read for higher performance

* g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get
for reading data.
--

This patch reduces iobuf_read per byte processing overhead and speeds
up decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
       gpg process
no-armor:      user time    pipe transfer rate
 encrypt-aead:  1.02         1.0 GB/s
 decrypt-aead:  10.8         185 MB/s
 encrypt-cfb:   4.8          342 MB/s
 decrypt-cfb:   12.7         157 MB/s

               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt opt)
-------------------
               gpg process
no-armor:      user time    pipe transfer rate
 decrypt-aead:  7.3          263 MB/s
 decrypt-cfb:   9.3          211 MB/s

               gpg process
armor:         user time    pipe transfer rate
 decrypt-aead:  27.0         77 MB/s
 decrypt-cfb:   29.0         72 MB/s

Note: decryption results are much slower than encryption because of
extra SHA1 & RIPEMD160 hashing.

GnuPG-bug-id: 3786
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agog10/decrypt-data: use fill_buffer in more places
Jussi Kivilinna [Thu, 8 Nov 2018 19:31:12 +0000 (21:31 +0200)]
g10/decrypt-data: use fill_buffer in more places

* g10/decrypt-data.c (mdc_decode_filter, decode_filter): Use
fill_buffer.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
5 weeks agogpgcompose: Fix --sk-esk.
NIIBE Yutaka [Thu, 8 Nov 2018 11:52:38 +0000 (20:52 +0900)]
gpgcompose: Fix --sk-esk.

* g10/gpgcompose.c (sk_esk): Copy the result content correctly.
Don't forget to free the result.

--

Fixes-commit: 0131d4369a81a51bf7bb328cc81a3bb082ed1a94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agog10: Fix log_debug formatting.
NIIBE Yutaka [Thu, 8 Nov 2018 03:14:23 +0000 (12:14 +0900)]
g10: Fix log_debug formatting.

* g10/cipher-aead.c (do_flush): No cast is correct.
* g10/decrypt-data.c (aead_underflow): No cast needed.
Use "%j" for uint64_t for chunklen.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agog10: Fix print_keygrip for smartcard.
NIIBE Yutaka [Tue, 6 Nov 2018 06:28:43 +0000 (15:28 +0900)]
g10: Fix print_keygrip for smartcard.

* g10/card-util.c (print_keygrip): Use tty_fprintf.

--

Reported-by: Joey Pabalinas <joeypabalinas@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 weeks agowks: New option --with-colons for gpg-wks-client.
Werner Koch [Mon, 5 Nov 2018 19:58:27 +0000 (20:58 +0100)]
wks: New option --with-colons for gpg-wks-client.

* tools/gpg-wks.h (opt): Add field with_colons.
* tools/gpg-wks-client.c (oWithColons): New const.
(opts, parse_arguments): Add option --with-colons.
(main): Change aSupported to take several domains in --with-colons
mode.
(command_send): Factor policy getting code out to ...
(get_policy_and_sa): New function.
(command_supported): Make use of new function.
--

In addition to this the --create command now also supports a
submission address only in the policy file.  That means the
submission-address file is not anymore required and can be replaced by
the policy file.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 weeks agospeedo: Remove obsolete configure option of gpgme.
Werner Koch [Mon, 5 Nov 2018 11:47:44 +0000 (12:47 +0100)]
speedo: Remove obsolete configure option of gpgme.

* build-aux/speedo.mk (speedo_pkg_gpgme_configure): Remove
--disable-w32-qt option.
--

This option is obsolete since GPGME 1.7 (in 2016)

Signed-off-by: Werner Koch <wk@gnupg.org>
5 weeks agodirmngr: Fix LDAP port parsing.
Werner Koch [Mon, 5 Nov 2018 07:59:13 +0000 (08:59 +0100)]
dirmngr: Fix LDAP port parsing.

* dirmngr/misc.c (host_and_port_from_url): Fix bad port parsing and a
segv for a missing slash after the host name.
--

Reportted-by: Tomas Mraz
GnuPG-bug-id: 4230
Signed-off-by: Werner Koch <wk@gnupg.org>
6 weeks agobuild: Update *.m4 from libraries.
NIIBE Yutaka [Fri, 2 Nov 2018 04:06:43 +0000 (13:06 +0900)]
build: Update *.m4 from libraries.

* m4/gpg-error.m4: Update from master.
* m4/ksba.m4: Ditto.
* m4/libassuan.m4: Ditto.
* m4/libgcrypt.m4: Ditto.
* m4/npth.m4: Ditto.
* m4/ntbtls.m4: Ditto.

--

Do it again today.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agobuild: Update *.m4 from libraries.
NIIBE Yutaka [Tue, 30 Oct 2018 23:20:37 +0000 (08:20 +0900)]
build: Update *.m4 from libraries.

* m4/gpg-error.m4: Update from master.
* m4/ksba.m4: Ditto.
* m4/libassuan.m4: Ditto.
* m4/libgcrypt.m4: Ditto.
* m4/npth.m4: Ditto.
* m4/ntbtls.m4: Ditto.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 weeks agobuild: By default build wks-tools on all Unix platforms.
Werner Koch [Fri, 26 Oct 2018 12:54:52 +0000 (14:54 +0200)]
build: By default build wks-tools on all Unix platforms.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 weeks agowkd: Add option --directory to the server.
Werner Koch [Fri, 26 Oct 2018 12:44:32 +0000 (14:44 +0200)]
wkd: Add option --directory to the server.

* tools/gpg-wks-server.c (opts): Add '--directory',
(main): Explain how to set correct permissions.
(command_list_domains): Create an empty policy file and remove the
warning for an empty policy file.
--

Note that a policy file is meanwhile required and thus is is useful to
create it.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agokbx: Increase size of field for fingerprint.
NIIBE Yutaka [Fri, 26 Oct 2018 03:38:43 +0000 (12:38 +0900)]
kbx: Increase size of field for fingerprint.

* kbx/keybox-search-desc.h (fpr): Increase the size.

--

In the function keydb_search_fpr in g10/keydb.c, it is copied using
MAX_FINGERPRINT_LEN.  So, more size is required.

Fixes-commit: ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
7 weeks agoall: fix more spelling errors
Daniel Kahn Gillmor [Thu, 25 Oct 2018 20:52:58 +0000 (16:52 -0400)]
all: fix more spelling errors

7 weeks agoheaders: fix spelling
Daniel Kahn Gillmor [Thu, 25 Oct 2018 13:46:23 +0000 (09:46 -0400)]
headers: fix spelling

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
7 weeks agospeedo: Sign the windows installer with a timestamp.
Werner Koch [Thu, 25 Oct 2018 16:26:34 +0000 (18:26 +0200)]
speedo: Sign the windows installer with a timestamp.

--

7 weeks agodirmngr: Fix out of scope use of a var in the keyserver LDAP code.
Werner Koch [Thu, 25 Oct 2018 15:21:52 +0000 (17:21 +0200)]
dirmngr: Fix out of scope use of a var in the keyserver LDAP code.

* dirmngr/ks-engine-ldap.c (extract_attributes): Don't use a variabale
out of scope and cleanup the entire pgpKeySize block.
--

GnuPG-bug-id: 4229
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agog10,scd: Improve UIF support.
NIIBE Yutaka [Thu, 25 Oct 2018 07:20:20 +0000 (16:20 +0900)]
g10,scd: Improve UIF support.

* g10/call-agent.c (learn_status_cb): Parse "bt" flag.
* g10/call-agent.h: New member field "bt".
* g10/card-util.c (uif): Limit its access only when it is supported.
* scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
when there is a button.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
7 weeks agoall: fix spelling and typos
Daniel Kahn Gillmor [Wed, 24 Oct 2018 19:56:18 +0000 (15:56 -0400)]
all: fix spelling and typos

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
7 weeks agodoc: fix spelling mistakes
Daniel Kahn Gillmor [Wed, 24 Oct 2018 18:39:56 +0000 (14:39 -0400)]
doc: fix spelling mistakes

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
7 weeks agoagent: Fix possible uninitalized use of CTX in simple_pwquery.
Werner Koch [Wed, 24 Oct 2018 18:22:17 +0000 (20:22 +0200)]
agent: Fix possible uninitalized use of CTX in simple_pwquery.

* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
--

GnuPG-bug-id: 4223
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agoagent: Fix possible release of unitialize var in a genkey error case.
Werner Koch [Wed, 24 Oct 2018 18:16:26 +0000 (20:16 +0200)]
agent: Fix possible release of unitialize var in a genkey error case.

* agent/command.c (cmd_genkey): Initialize 'value'.
--

GnuPG-bug-id: 4222
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agossh: Fix possible infinite loop in case of an read error.
Werner Koch [Wed, 24 Oct 2018 18:11:33 +0000 (20:11 +0200)]
ssh: Fix possible infinite loop in case of an read error.

* agent/command-ssh.c (ssh_handler_add_identity): Handle other errors
than EOF.
--

GnuPG-bug-id: 4221
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agotools: Fix FILE memory leak in gpg-connect-agent.
Werner Koch [Wed, 24 Oct 2018 18:04:52 +0000 (20:04 +0200)]
tools: Fix FILE memory leak in gpg-connect-agent.

* tools/gpg-connect-agent.c (do_open): dup the fileno and close the
stream.

GnuPG-bug-id: 4220
Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agosm: Use the correct string in an error message.
Werner Koch [Wed, 24 Oct 2018 17:55:19 +0000 (19:55 +0200)]
sm: Use the correct string in an error message.

* sm/gpgsm.c (main): Fix error message.
--

GnuPG-bug-id: 4219

7 weeks agogpg: Unfinished support for v5 signatures.
Werner Koch [Wed, 24 Oct 2018 14:18:27 +0000 (16:18 +0200)]
gpg: Unfinished support for v5 signatures.

* g10/parse-packet.c (parse_signature): Allow for v5 signatures.
* g10/sig-check.c (check_signature_end_simple): Support the 64bit v5
byte count.
* g10/sign.c (hash_sigversion_to_magic): Ditto.
(write_signature_packets): Request v5 sig for v5 keys.  Remove useless
condition.
(make_keysig_packet): Request v5 sig for v5 keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agoindent: Modernize g10/sign.c
Werner Koch [Wed, 24 Oct 2018 14:00:20 +0000 (16:00 +0200)]
indent: Modernize g10/sign.c

--

7 weeks agodirmngr: Prepare for updated WKD specs with ?l= param
Werner Koch [Mon, 22 Oct 2018 18:13:08 +0000 (20:13 +0200)]
dirmngr: Prepare for updated WKD specs with ?l= param

* dirmngr/server.c (proc_wkd_get): Tack the raw local address to the
request.
--

We append the raw non-canonicalized local address part to the hash.
Servers who serve the requests from static files will ignore the
parameters and a test with posteo shows that also services using a
database ignore the parameter.  The general idea is that service
providers may use their own canonicalization rules.  The problem is
that we currently filter the returned key for the full mail address
and thus we will never see a key if the service did a different
canonicalization than we.  So consider this to be an experiment.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agoagent: Fix build regression for Windows.
Werner Koch [Mon, 22 Oct 2018 15:24:58 +0000 (17:24 +0200)]
agent: Fix build regression for Windows.

* agent/command-ssh.c (get_client_info): Turn client_uid into an int.
Fix setting of it in case of a failed getsocketopt.
* agent/command.c (start_command_handler): Fix setting of the pid and
uid for Windows.
--

Fixes-commit: 28aa6890588cc108639951bb4bef03ac17743046
which obviously was only added to master.

Signed-off-by: Werner Koch <wk@gnupg.org>
7 weeks agodirmngr: In verbose mode print the OCSP responder id.
Werner Koch [Mon, 22 Oct 2018 12:23:11 +0000 (14:23 +0200)]
dirmngr: In verbose mode print the OCSP responder id.

* dirmngr/ocsp.c (ocsp_isvalid): Print the responder id.

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agotools: Replace duplicated code in mime-maker.
Werner Koch [Mon, 15 Oct 2018 09:32:19 +0000 (11:32 +0200)]
tools: Replace duplicated code in mime-maker.

* tools/rfc822parse.c (HEADER_NAME_CHARS): New.  Taken from
mime-maker.c.
(rfc822_valid_header_name_p): New.  Based on code from mime-maker.c.
(rfc822_capitalize_header_name): New.  Copied from mime-maker.c.
(capitalize_header_name): Remove.  Replace calls by new func.
(my_toupper, my_strcasecmp): New.
* tools/mime-maker.c: Include rfc822parse.h.
(HEADER_NAME_CHARS, capitalize_header_name): Remove.
(add_header): Replace check and capitalization by new functions.
--

This is a straightforward change with two minor chnages:

- In rfc822parse.c the capitalization handles MIME-Version special.
- The check in mime-maker bow detects a zero-length name as invalid.

my_toupper and my_strcasecmp are introduced to allow standalone use
of that file.

Signed-off-by: Werner Koch <wk@gnupg.org>
8 weeks agoscd: Fix signing authentication status.
NIIBE Yutaka [Mon, 15 Oct 2018 02:10:15 +0000 (11:10 +0900)]
scd: Fix signing authentication status.

* scd/app-openpgp.c (do_sign): Clear DID_CHV1 after signing.

--

We have a corner case: In "not forced" situation and authenticated,
and it is changed to "forced", card implementaiton can actually accept
signing, but GnuPG requires authentication, because it is "forced".

GnuPG-bug-id: 4177
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agoagent: Fix message for ACK button.
NIIBE Yutaka [Fri, 12 Oct 2018 02:36:59 +0000 (11:36 +0900)]
agent: Fix message for ACK button.

* agent/divert-scd.c (getpin_cb): Display correct message.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agoscd: Support "acknowledge button" feature.
NIIBE Yutaka [Thu, 11 Oct 2018 06:41:49 +0000 (15:41 +0900)]
scd: Support "acknowledge button" feature.

* scd/apdu.c (set_prompt_cb): New member function.
(set_prompt_cb_ccid_reader): New function.
(open_ccid_reader): Initialize with set_prompt_cb_ccid_reader.
(apdu_set_prompt_cb): New.
* scd/app.c (lock_app, unlock_app): Add call to apdu_set_prompt_cb.
* ccid-driver.c (ccid_set_prompt_cb): New.
(bulk_in): Call ->prompt_cb when timer extension.
* scd/command.c (popup_prompt): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agoagent: Support --ack option for POPUPPINPADPROMPT.
NIIBE Yutaka [Thu, 11 Oct 2018 04:37:24 +0000 (13:37 +0900)]
agent: Support --ack option for POPUPPINPADPROMPT.

* agent/divert-scd.c (getpin_cb): Support --ack option.

--

We are now introducing "acknowledge button" feature to scdaemon,
so that we can support OpenPGPcard User Interaction Flag.

We will (re)use the mechanism of POPUPPINPADPROMPT for this.  Perhaps,
we will change the name of POPUPPINPADPROMPT, since it will be no
longer for PINPAD only.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agogpg: Don't take the a TOFU trust model from the trustdb,
Werner Koch [Wed, 10 Oct 2018 09:46:16 +0000 (11:46 +0200)]
gpg: Don't take the a TOFU trust model from the trustdb,

* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--

This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb.  This also requires that
the tofu trust model is requested on the command line.  If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,

GnuPG-bug-id: 4134

2 months agogpg: Fix extra check for sign usage of a data signature.
Werner Koch [Mon, 8 Oct 2018 14:14:17 +0000 (16:14 +0200)]
gpg: Fix extra check for sign usage of a data signature.

* g10/sig-check.c (check_signature_end_simple):
--

Obviously we should not ignore a back signature here.

Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agogpg: Make --skip-hidden-recipients work again.
Werner Koch [Mon, 8 Oct 2018 13:38:37 +0000 (15:38 +0200)]
gpg: Make --skip-hidden-recipients work again.

* g10/pubkey-enc.c (get_session_key): Take care of
opt.skip_hidden_recipients.
--
This was lost due to
Fixes-commit: ce2f71760155b71a71418fe145a557c99bd52290
GnuPG-bug-id: 4169

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agogpg: Add new card vendor
Werner Koch [Thu, 4 Oct 2018 07:57:03 +0000 (09:57 +0200)]
gpg: Add new card vendor

--

2 months agogpg: New options import-drop-uids and export-drop-uids.
Werner Koch [Tue, 2 Oct 2018 09:02:08 +0000 (11:02 +0200)]
gpg: New options import-drop-uids and export-drop-uids.

* g10/options.h (IMPORT_DROP_UIDS): New.
(EXPORT_DROP_UIDS): New.
* g10/import.c (parse_import_options): Add option "import-drop-uids".
(import_one): Don't bail out with that options and no uids found.
Also remove all uids.
(remove_all_uids): New.
* g10/export.c (parse_export_options): Add option "export-drop-uids".
(do_export_one_keyblock): Implement option.
--

These options are required for experiments with changes to the
keyserver infrastructure.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 months agocommon: Fix gnupg_reopen_std.
NIIBE Yutaka [Tue, 2 Oct 2018 05:22:24 +0000 (14:22 +0900)]
common: Fix gnupg_reopen_std.

* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.

--

When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF.  Using fcntl, which is considered
lighter than fstat, it works fine.  Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.

Reported-by: Marcin Gryszkalis <mg@fork.pl>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agog10,scd: Support UIF changing command.
NIIBE Yutaka [Thu, 27 Sep 2018 07:45:27 +0000 (16:45 +0900)]
g10,scd: Support UIF changing command.

* g10/card-util.c (uif, cmdUIF): New.
(card_edit): Add call to uif by cmdUIF.
* scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3.
(do_setattr): Likewise.
(do_learn_status): Learn UIF-1, UIF-2, and UIF-3.

--

GnuPG-bug-id: 4158
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 months agog10: Fix memory leak for --card-status.
NIIBE Yutaka [Tue, 18 Sep 2018 00:34:00 +0000 (09:34 +0900)]
g10: Fix memory leak for --card-status.

* g10/card-util.c (card_status): Release memory of serial number.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agog10: Fix another memory leak.
NIIBE Yutaka [Thu, 13 Sep 2018 23:11:45 +0000 (08:11 +0900)]
g10: Fix another memory leak.

* g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t.

--

The use of pubkey_t was wrong.  The use is just a list of keys, not
with keyblock.  With SK_LIST, release_sk_list releases memory by
free_public_key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agog10: Fix memory leak (more).
NIIBE Yutaka [Thu, 13 Sep 2018 23:02:16 +0000 (08:02 +0900)]
g10: Fix memory leak (more).

* g10/skclist.c (enum_secret_keys): Free SERIALNO on update.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agog10: Fix memory leak in enum_secret_keys.
NIIBE Yutaka [Thu, 13 Sep 2018 22:55:20 +0000 (07:55 +0900)]
g10: Fix memory leak in enum_secret_keys.

* g10/skclist.c (enum_secret_keys): Don't forget to call
free_public_key in the error return paths.

--

Reported-by: Philippe Antoine
GnuPG-bug-id: 4140
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agoRevert "dirmngr: hkp: Avoid potential race condition when some hosts die."
NIIBE Yutaka [Tue, 11 Sep 2018 05:04:37 +0000 (14:04 +0900)]
Revert "dirmngr: hkp: Avoid potential race condition when some hosts die."

This reverts commit 04b56eff118ec34432c368b87e724bce1ac683f9.

--

Now the access to hosttable is serialized correctly.

3 months agodirmngr: Serialize access to hosttable.
NIIBE Yutaka [Tue, 11 Sep 2018 04:54:49 +0000 (13:54 +0900)]
dirmngr: Serialize access to hosttable.

* dirmngr/dirmngr.h (ks_hkp_init): New.
* dirmngr/dirmngr.c (main): Call ks_hkp_init.
* dirmngr/ks-engine-hkp.c (ks_hkp_init): New.
(ks_hkp_mark_host): Serialize access to hosttable.
(ks_hkp_print_hosttable, make_host_part): Likewise.
(ks_hkp_housekeeping, ks_hkp_reload): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agocommon: Use iobuf_get_noeof to avoid undefined behaviors.
NIIBE Yutaka [Mon, 10 Sep 2018 04:44:47 +0000 (13:44 +0900)]
common: Use iobuf_get_noeof to avoid undefined behaviors.

* common/iobuf.c (block_filter): Use iobuf_get_noeof.

--

When singed integer has negative value, left shift computation is
undefined in C.

GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 months agoagent: Fix error code check from npth_mutex_init.
NIIBE Yutaka [Mon, 10 Sep 2018 00:16:50 +0000 (09:16 +0900)]
agent: Fix error code check from npth_mutex_init.

* agent/call-pinentry.c (initialize_module_call_pinentry): It's an
error when npth_mutex_init returns non-zero.

--

Actually, initialize_module_call_pinentry is only called once from
main.  So, this bug had no harm and having the static variable
INITIALIZED is not needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>