gnupg.git
3 years agogpg: Add --encrypt-to-default-key.
Neal H. Walfield [Tue, 3 Nov 2015 22:39:46 +0000 (23:39 +0100)]
gpg: Add --encrypt-to-default-key.

* g10/getkey.c (parse_def_secret_key): Drop the static qualifier and
export the function.
* g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey.
(opts): Handle oEncryptToDefaultKey.
(main): Likewise.
* g10/options.h (opt): Add field encrypt_to_default_key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 807

3 years agogpg: Allow multiple --default-key options. Take the last available key.
Neal H. Walfield [Tue, 3 Nov 2015 22:15:27 +0000 (23:15 +0100)]
gpg: Allow multiple --default-key options.  Take the last available key.

* g10/getkey.c (parse_def_secret_key): New function.
(get_seckey_default): Add parameter ctrl.  Update callers.  Use
parse_def_secret_key to get the default secret key, if any.
(getkey_byname): Likewise.
(enum_secret_keys): Likewise.
* g10/options.h (opt): Change def_secret_key's type from a char * to a
strlist_t.
* g10/gpg.c (main): When processing --default-key, add the key to
OPT.DEF_SECRET_KEY.
* g10/gpgv.c (get_session_key): Add parameter ctrl.  Update callers.
* g10/mainproc.c (proc_pubkey_enc): Likewise.
(do_proc_packets): Likewise.
* g10/pkclist.c (default_recipient): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sign.c (clearsign_file): Likewise.
(sign_symencrypt_file): Likewise.
* g10/skclist.c (build_sk_list): Likewise.
* g10/test-stubs.c (get_session_key): Likewise.

--
Signed-off-by: Neal H. Walield <neal@g10code.com>
GnuPG-bug-id: 806

3 years agoscd: Fix error handling with libusb-compat library.
NIIBE Yutaka [Wed, 4 Nov 2015 12:07:49 +0000 (21:07 +0900)]
scd: Fix error handling with libusb-compat library.

* scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE.

--

With libusb-compat library, the error is different than original
libusb.  (The libusb-compat library is used by Fedora.)

3 years agoscd: fix change_keyattr.
NIIBE Yutaka [Wed, 4 Nov 2015 01:48:59 +0000 (10:48 +0900)]
scd: fix change_keyattr.

* scd/app-openpgp.c (change_keyattr_from_string): Fix parsing.

3 years agogpg: Change out of core error message.
Werner Koch [Tue, 3 Nov 2015 22:15:57 +0000 (23:15 +0100)]
gpg: Change out of core error message.

* g10/tofu.c (fingerprint_str): Die with the error code returned by
the failed function.
(time_ago_str): Ditto.  Do not make a comma translatable.
(fingerprint_format): Use "%zu" for a size_t.
--

Also wrapped some long strings.

In general we should not use log_fatal or use xmalloc functions but
properly return an error code and use xtrymalloc like functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Make translation easier.
Werner Koch [Tue, 3 Nov 2015 19:44:14 +0000 (20:44 +0100)]
gpg: Make translation easier.

* g10/import.c (import_secret_one): Split info string for easier
translation.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Also show when the most recently signed message was observed.
Neal H. Walfield [Tue, 3 Nov 2015 15:26:25 +0000 (16:26 +0100)]
gpg: Also show when the most recently signed message was observed.

* g10/tofu.c (show_statistics): Also show when the most recently
signed message was observed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Suggested-by: MFPA <2014-667rhzu3dc-lists-groups@riseup.net>
3 years agogpg: Split a utility function out of a large function.
Neal H. Walfield [Tue, 3 Nov 2015 15:24:08 +0000 (16:24 +0100)]
gpg: Split a utility function out of a large function.

* g10/tofu.c (show_statistics): Break the time delta to string code
into...
(time_ago_str): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Fix message formatting.
Neal H. Walfield [Tue, 3 Nov 2015 14:51:29 +0000 (15:51 +0100)]
gpg: Fix message formatting.

* g10/tofu.c (get_trust): Fix message formatting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Don't store formatting fingerprints in the TOFU DB.
Neal H. Walfield [Tue, 3 Nov 2015 14:43:03 +0000 (15:43 +0100)]
gpg: Don't store formatting fingerprints in the TOFU DB.

* g10/tofu.c (fingerprint_pp): Split this function into...
(fingerprint_str): ... this function...
(fingerprint_format): ... and this function.
(record_binding): Store the unformatted fingerprint in the DB.  Only
use the formatting fingerprint when displaying a message to the user.
(get_trust): Likewise.
(show_statistics): Likewise.
(tofu_register): Likewise.
(tofu_get_validity): Likewise.
(tofu_set_policy): Likewise.
(tofu_get_policy): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agog10: notify a user when importing stub is skipped.
NIIBE Yutaka [Mon, 2 Nov 2015 05:33:38 +0000 (14:33 +0900)]
g10: notify a user when importing stub is skipped.

* g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED
when stub_key_skipped.
(import_secret_one): Notify a user, suggesting --card-status.

--

Migration to 2.1 might be confusing with smartcard.  With this patch,
a user can learn to run gpg ---card-status.

Thanks to intrigeri for the report.

Debian-bug-id: 795881

3 years agogpg: Consider newlines to be whitespace in an SQL statement.
Neal H. Walfield [Sat, 31 Oct 2015 00:49:32 +0000 (01:49 +0100)]
gpg: Consider newlines to be whitespace in an SQL statement.

* g10/sqlite.c (sqlite3_stepx): When making sure that there is no
second SQL statement, ignore newlines.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Improve t-zb32 to be used for manual encoding.
Werner Koch [Fri, 30 Oct 2015 11:40:22 +0000 (12:40 +0100)]
common: Improve t-zb32 to be used for manual encoding.

* common/t-support.h (no_exit_on_fail, errcount): New.
(fail): Bump errcount.
* common/t-zb32.c (main): Add options to allow manual use.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add separate header for zb32.c.
Werner Koch [Fri, 30 Oct 2015 11:33:40 +0000 (12:33 +0100)]
common: Add separate header for zb32.c.

* common/util.h (zb32_encode): Move prototype to ...
* common/zb32.h: new.  Include this for all callers of zb32_encode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoUse of some C99 features is now permitted.
Werner Koch [Thu, 29 Oct 2015 14:03:55 +0000 (15:03 +0100)]
Use of some C99 features is now permitted.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Display the correct error message.
Neal H. Walfield [Thu, 29 Oct 2015 09:09:58 +0000 (10:09 +0100)]
gpg: Display the correct error message.

* g10/trustdb.c (validate_keys): If tdbio_update_version_record fails,
RC does not contain the error code.  Save the error code in rc2 and
use that.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Eliminate a memory leak.
Neal H. Walfield [Thu, 29 Oct 2015 09:01:43 +0000 (10:01 +0100)]
gpg: Eliminate a memory leak.

* g10/trustdb.c (validate_key_list): Don't leak the keyblocks on
failure.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Remove unused prototype.
Neal H. Walfield [Thu, 29 Oct 2015 08:58:02 +0000 (09:58 +0100)]
gpg: Remove unused prototype.

g10/keyring.h (keyring_locate_writable): Remove unused prototype.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Eliminate a memory leak.
Neal H. Walfield [Thu, 29 Oct 2015 08:57:00 +0000 (09:57 +0100)]
gpg: Eliminate a memory leak.

* g10/gpg.c (main): Don't leak OPT.DEF_RECIPIENT.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Fix keyring support.
Neal H. Walfield [Thu, 29 Oct 2015 08:52:56 +0000 (09:52 +0100)]
gpg: Fix keyring support.

* g10/keydb.c (keydb_rebuild_caches): Only mark the cached as prepared
if it is actually prepared, which it only is if the resource is a
keybox.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.
Neal H. Walfield [Thu, 29 Oct 2015 08:36:36 +0000 (09:36 +0100)]
gpg: Change sqlite3_stepx to pass the sqlite3_stmt * to the callback.

* g10/sqlite.h (enum sqlite_arg_type): Add SQLITE_ARG_BLOB.
(sqlite3_stepx_callback): New declaration.
(sqlite3_stepx): Change the callback's type to sqlite3_stepx_callback,
which passes an additional parameter, the sqlite3_stmt *.  Update
users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Move sqlite helper functions into their own file.
Neal H. Walfield [Wed, 28 Oct 2015 12:12:27 +0000 (13:12 +0100)]
gpg: Move sqlite helper functions into their own file.

* g10/tofu.c (sqlite3_exec_printf): Move from here...
* g10/sqlite.c (sqlite3_exec_printf): ... to this new file.  Don't
mark as static.
* g10/tofu.c (sqlite3_stepx): Move from here...
* g10/sqlite.c (sqlite3_stepx): ... to this new file.  Don't
mark as static.
* g10/tofu.c (enum sqlite_arg_type): Move from here...
* g10/sqlite.h (enum sqlite_arg_type): ... to this new file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodoc: Don't install gpg-zip.1.
NIIBE Yutaka [Thu, 29 Oct 2015 01:26:04 +0000 (10:26 +0900)]
doc: Don't install gpg-zip.1.

* doc/Makefile.am (myman_pages): Remove gpg-zip.1.
(DISTCLEANFILES): Add gpg-zip.1.

--

Thanks to Thomas Klausner.

GnuPG-bug-id: 2095

3 years agosm: Allow combination of usage flags --gen-key.
Werner Koch [Wed, 28 Oct 2015 17:57:53 +0000 (18:57 +0100)]
sm: Allow combination of usage flags --gen-key.

* sm/certreqgen.c (create_request): Re-implement building of the
key-usage extension.
--

GnuPG-bug-id: 2029
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Document some changed default options.
Damien Goutte-Gattat [Wed, 28 Oct 2015 07:09:49 +0000 (08:09 +0100)]
doc: Document some changed default options.

* doc/gpg.texi: Update the description of some options which are
  now enabled by default.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
3 years agodirmngr: Fix NULL-deref while loading a CRL.
Werner Koch [Wed, 28 Oct 2015 10:57:00 +0000 (11:57 +0100)]
dirmngr: Fix NULL-deref while loading a CRL.

* dirmngr/crlcache.c (crl_parse_insert): Set error before leaping to
failure.
--

GnuPG-bug-id: 2082
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoFix typos
Daniel Kahn Gillmor [Tue, 27 Oct 2015 21:09:43 +0000 (17:09 -0400)]
Fix typos

--

3 years agoagent: Clarify agent's KEYWRAP_KEY description.
Daniel Kahn Gillmor [Tue, 27 Oct 2015 21:09:40 +0000 (17:09 -0400)]
agent: Clarify agent's KEYWRAP_KEY description.

--

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agodirmngr: Minor cleanup of the SRV RR code.
Werner Koch [Wed, 28 Oct 2015 09:14:07 +0000 (10:14 +0100)]
dirmngr: Minor cleanup of the SRV RR code.

* dirmngr/dns-stuff.c: Include unistd.h.
(getsrv): Run srand only once.
* dirmngr/t-dns-stuff.c (main): Allow passing another name for --srv
and change output format.

3 years agodirmngr: Add a getaddrinfo wrapper backend using ADNS.
Werner Koch [Wed, 28 Oct 2015 07:55:01 +0000 (08:55 +0100)]
dirmngr: Add a getaddrinfo wrapper backend using ADNS.

* dirmngr/dns-stuff.c: Replace all use of default_errsource.
(my_adns_init): Move to top.
(resolve_name_adns): New.
(resolve_dns_name) [USE_ADNS]: Divert to new func.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Do not call an extra get_validity if no-show-uid-validity is used.
Werner Koch [Mon, 26 Oct 2015 19:36:16 +0000 (20:36 +0100)]
gpg: Do not call an extra get_validity if no-show-uid-validity is used.

* g10/mainproc.c (check_sig_and_print): Do not call the informational
get_validity if we are not going to use it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Ensure all weak digest rejection notices are shown
Daniel Kahn Gillmor [Fri, 23 Oct 2015 21:46:57 +0000 (17:46 -0400)]
gpg: Ensure all weak digest rejection notices are shown

* g10/main.h: Add rejection_shown flag to each weakhash struct
* g10/misc.c (print_digest_algo_note, additional_weak_digest): Do not
treat MD5 separately; (print_digest_rejected_note): Use
weakhash.rejection_shown instead of static shown.
* g10/options.h (opt): Change from additional_weak_digests to
weak_digests.
* g10/sig-check.c: Do not treat MD5 separately.
* g10/gpg.c (main): Explicitly set MD5 as weak.
* g10/gpgv.c (main): Explicitly set MD5 as weak.

--

Previously, only one weak digest rejection message was shown, of
whichever was the first type encountered.  This meant that if "gpg
--weak-digest SHA224" encountered both an MD5 digest and a SHA224
digest, it would only show the user that the MD5 digest was rejected.

In order to let the user know which algorithms were rejected, we
needed to move the "shown" flag into a per-weak-algorithm location.
Given this additional complication, it made no sense to continue to
treat MD5 specially, so it is added as a default weak algorithm in the
same opt.weak_digests data structure as any other.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agow32: Make it build again if Tofu support is not available.
Werner Koch [Mon, 26 Oct 2015 15:38:41 +0000 (16:38 +0100)]
w32: Make it build again if Tofu support is not available.

* g10/keylist.c (public_key_list) [!USE_TOFU]: Do not call tofu
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Add example Tor hidden service.
Werner Koch [Mon, 26 Oct 2015 15:32:32 +0000 (16:32 +0100)]
dirmngr: Add example Tor hidden service.

--

3 years agodirmngr: Support Tor hidden services.
Werner Koch [Mon, 26 Oct 2015 15:32:03 +0000 (16:32 +0100)]
dirmngr: Support Tor hidden services.

* dirmngr/dns-stuff.c (is_onion_address): New.
* dirmngr/ks-engine-hkp.c (hostinfo_s): Add field "onion".
(map_host): Special case onion addresses.
(ks_hkp_print_hosttable): Print an 'O' for an onion address.
* dirmngr/http.c (connect_server): Special case onion addresses.
--

Note that this requires the latest libassuan from git.  Onion addresses
are always support regardless of the --use-tor flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr,w32: Remove gethostbyname hack and make it build again.
Werner Koch [Mon, 26 Oct 2015 14:53:31 +0000 (15:53 +0100)]
dirmngr,w32: Remove gethostbyname hack and make it build again.

* dirmngr/http.c (connect_server) [W32]: Remove gethostbyname hack;
we require getaddrinfo anyway.
* dirmngr/dns-stuff.c (AI_ADDRCONFIG): Add replacement if not defined.
(map_eai_to_gpg_error) [W32]: Take care of unsupported codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Make sure we only have a single SQL statement.
Neal H. Walfield [Mon, 26 Oct 2015 12:41:07 +0000 (13:41 +0100)]
gpg: Make sure we only have a single SQL statement.

* g10/tofu.c (sqlite3_stepx): Make sure SQL only contains a single SQL
statement.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: When the TOFU DB is in batch mode, periodically drop the locks.
Neal H. Walfield [Mon, 26 Oct 2015 12:36:12 +0000 (13:36 +0100)]
gpg: When the TOFU DB is in batch mode, periodically drop the locks.

* g10/tofu.c: Include <sched.h>.
(batch_update_started): New variable.
(begin_transaction): If we've been in batch mode for a while, then
commit any extant batch transactions.
(tofu_begin_batch_update): If we are not in batch mode, initialize
batch_update_started.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Add workaround for broken getaddrinfo.
Werner Koch [Sun, 25 Oct 2015 15:38:07 +0000 (16:38 +0100)]
dirmngr: Add workaround for broken getaddrinfo.

* dirmngr/dns-stuff.c (resolve_name_standard): On failure retry by
first resolving the CNAME.
(get_dns_cname): New.

* dirmngr/t-dns-stuff.c (main): Add option --cname.
--

At least the getaddrinfo implementation in glibc 2.19-13 from Debian
returns EAI_NONAME if the CNAME points to a too long list of A/AAAA
addresses.  Looking at the wire the data is correctly returned from
the server but getaddrinfo seems to get confused by truncation and
retry.  To fix this we resolve the CNAME again and call getaddrinfo
again with the canonical name.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Better handle systems without IPv6 or IPv4.
Werner Koch [Sat, 24 Oct 2015 14:27:47 +0000 (16:27 +0200)]
dirmngr: Better handle systems without IPv6 or IPv4.

* dirmngr/dns-stuff.c (resolve_name_standard): Use AI_ADDRCONFIG.

3 years agodirmngr: Replace use of getnameinfo by resolve_dns_addr.
Werner Koch [Sat, 24 Oct 2015 10:25:17 +0000 (12:25 +0200)]
dirmngr: Replace use of getnameinfo by resolve_dns_addr.

* dirmngr/ks-engine-hkp.c (my_getnameinfo): Remove.
(map_host): Use resolve_dns_addr.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Implement a getnameinfo wrapper.
Werner Koch [Sat, 24 Oct 2015 14:27:47 +0000 (16:27 +0200)]
dirmngr: Implement a getnameinfo wrapper.

* dirmngr/dns-stuff.h (DNS_NUMERICHOST): New.
(DNS_WITHBRACKET): New.
* dirmngr/dns-stuff.c (resolve_name_standard): Factor code out to...
(map_eai_to_gpg_error): new.
(resolve_addr_standard): New.
(resolve_dns_addr): New.

* dirmngr/ks-engine-hkp.c (is_ip_address): Move to ...
* dirmngr/dns-stuff.c (is_ip_address): here.  Add support for non
bracketed v6 addresses.

* dirmngr/t-dns-stuff.c: Remove header netdb.h.
(main): Add option --bracket.  Use resolve_dns_name instead of
getnameinfo.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Provide an interface to patch TOFU updates.
Neal H. Walfield [Fri, 23 Oct 2015 15:23:17 +0000 (17:23 +0200)]
gpg: Provide an interface to patch TOFU updates.

* g10/tofu.c (struct db): Rename begin_transaction to savepoint_batch.
Rename end_transaction to savepoint_batch_commit.  Update users.
Remove field rollback.  Add fields savepoint_inner and
savepoint_inner_commit.  Add field batch_update.
(dump_cache): New function.
(batch_update): New variable.
(begin_transaction). New function.
(end_transaction): New function.
(rollback_transaction): New function.
(tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.
(closedb): End any pending batch transaction.
(closedbs): Assert that none of the DBs have a started batch
transaction if we not in batch mode.
(record_binding): Use the begin_transaction, end_transaction and
rollback_transaction functions instead of including the SQL inline.
Also start a batch mode transaction if we are using the flat format.
(tofu_register): Use the begin_transaction, end_transaction and
rollback_transaction functions instead of including the SQL inline.
* g10/gpgv.c (tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.
* g10/test-stubs.c (tofu_begin_batch_update): New function.
(tofu_end_batch_update): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Cache prepared SQL queries and open DB connections.
Neal H. Walfield [Fri, 23 Oct 2015 11:42:50 +0000 (13:42 +0200)]
gpg: Cache prepared SQL queries and open DB connections.

* g10/tofu.c: Include <stdarg.h>.
(prepares_saved) [DEBUG_TOFU_CACHE]: New variable.
(queries) [DEBUG_TOFU_CACHE]: New variable.
(struct db): Add fields prevp, begin_transaction, end_transaction,
rollback, record_binding_get_old_policy, record_binding_update,
record_binding_update2, get_policy_select_policy_and_conflict,
get_trust_bindings_with_this_email, get_trust_gather_other_user_ids,
get_trust_gather_other_keys, register_already_seen, and
register_insert.
[DEBUG_TOFU_CACHE]: Add field hits.
(STRINGIFY): New macro.
(STRINGIFY2): New macro.
(enum sqlite_arg_type): New enum.
(sqlite3_stepx): New function.
(combined_db): Remove variable.
(opendb): Don't cache the combined db.
(struct dbs): New struct.  Update users to use this as the head of the
local DB list rather than overloading struct db.
(unlink_db): New function.
(link_db): New function.
(db_cache): New variable.
(db_cache_count): New variable.
(DB_CACHE_ENTRIES): Define.
(getdb): If the dbs specific cache doesn't include the DB, look at
DB_CACHE.  Only if that also doesn't include the DB open the
corresponding DB.
(closedb): New function.
(opendbs): Don't open the combined DB.  Just return an initialized
struct dbs.
(closedbs): Don't close the dbs specific dbs.  Attach them to the
front of DB_CACHE.  If DB_CACHE contains more than DB_CACHE_ENTRIES,
close enough dbs from the end of the DB_CACHE list such that DB_CACHE
only contains DB_CACHE_ENTRIES.  Don't directly close the dbs, instead
use the new closedb function.
[DEBUG_TOFU_CACHE]: Print out some statistics.
(record_binding): Use sqlite3_stepx instead of sqlite3_exec or
sqlite3_exec_printf.
(get_policy): Likewise.
(get_trust): Likewise.
(tofu_register): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Return the DBs meta-handle rather than the sqlite3 handle.
Neal H. Walfield [Wed, 21 Oct 2015 19:16:43 +0000 (21:16 +0200)]
gpg: Return the DBs meta-handle rather than the sqlite3 handle.

* g10/tofu.c (getdb): Return a struct db * instead of an sqlite *.
Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Use the proper type.
Neal H. Walfield [Wed, 21 Oct 2015 18:24:27 +0000 (20:24 +0200)]
gpg: Use the proper type.

* g10/options.h: Include "tofu.h".
(opt.tofu_default_policy): Change type to enum tofu_policy.
* g10/gpgv.c (enum tofu_policy): Don't redeclare.
* g10/test-stubs.c (enum tofu_policy): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Implement Tor mode for SRV RRs.
Werner Koch [Thu, 22 Oct 2015 08:14:10 +0000 (10:14 +0200)]
dirmngr: Implement Tor mode for SRV RRs.

* dirmngr/dns-stuff.c (get_dns_cert): Factor adns init out to...
(my_adns_init): new.
(getsrv)[USE_ADNS]: Use my_adns_init.
(getsrv)[!USE_ADNS]: Return an error if Tor mode is active.

* dirmngr/t-dns-stuff.c: Add option --use-tor.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Do not use MAXDNAME.
Werner Koch [Thu, 22 Oct 2015 07:52:51 +0000 (09:52 +0200)]
dirmngr: Do not use MAXDNAME.

* dirmngr/dns-stuff.c (getsrv): Replace MAXDNAME.
* dirmngr/dns-stuff.h (MAXDNAME): Remove.
(struct srventry): Use a fixed value instead of MAXDNAME.
* dirmngr/http.c (connect_server): Use DIMof instead of MAXDNAME.
Malloc a helper array.

--

Depending on the order of included headers it might be that we allocate
the array with a different size than what we test against in another
module.  To make it more robust we use the actual known size of
checking.

A better would be to use a linked list and avoid these large arrays.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoMove SRV RR code from common/ to dirmngr/.
Werner Koch [Thu, 22 Oct 2015 07:22:41 +0000 (09:22 +0200)]
Move SRV RR code from common/ to dirmngr/.

* common/srv.c: Merge into dirmngr/dns-stuff.c.  Delete file.
* common/srv.h: Merge into dirmngr/dns-stuff.h.  Delete file.
* common/Makefile.am (common_sources): Remove srv.c and srv.h.
* g10/keyserver.c: Do not include srv.h.  The code using it is anyway
disabled.
* dirmngr/http.c: Remove header srv.h and stubs.
* dirmngr/t-dns-stuff.c: Add option --srv.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Use the new DNS wrapper for the HTTP module.
Werner Koch [Wed, 21 Oct 2015 20:41:12 +0000 (22:41 +0200)]
dirmngr: Use the new DNS wrapper for the HTTP module.

* dirmngr/t-http.c (main): Init assuan sockets.
* dirmngr/http.c: Include dns-stuff.h.
(connect_server)[!HAVE_GETADDRINFO]: Remove all code.
(connect_server): Change to use resolve_dns_name.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Allow use of http.c if USE_NPTH is not defined.
Werner Koch [Wed, 21 Oct 2015 20:38:21 +0000 (22:38 +0200)]
dirmngr: Allow use of http.c if USE_NPTH is not defined.

* dirmngr/http.c (send_request): Always set the gnutls pull/push
functions.
(my_npth_read): Rename to ...
(my_gnutls_read) .. this.  Use system read if !USE_NPTH.
(my_npth_write): Rename to ...
(my_gnutls_write) .. this.  Use system write if !USE_NPTH.
--

This is necessary to run t-http because we once switched to a ref
counted object with the socket descriptor.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Check that getaddrinfo is available.
Werner Koch [Wed, 21 Oct 2015 20:11:59 +0000 (22:11 +0200)]
dirmngr: Check that getaddrinfo is available.

* dirmngr/Makefile.am (t_http_SOURCES): Add dns-stuff.c.
(t_ldap_parse_uri_SOURCES): Ditto.
* dirmngr/dns-stuff.c: Bail out if neither ADNS nor getaddrinfo is
available.
--

We used to have replacement code for getaddrinfo and thus check for it
in configure.  However, this was for the old http and dns-cert code
from common/.  For dirmngr I made liberal use of getaddrinfo w/o
without checking.  Just in case someone tries to build on an old
platform we now error our with a suitable #error.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add a new OpenPGP card vendor.
Werner Koch [Wed, 21 Oct 2015 16:23:25 +0000 (18:23 +0200)]
gpg: Add a new OpenPGP card vendor.

--

3 years agoChange capitalization of TOR to Tor.
Werner Koch [Wed, 21 Oct 2015 16:14:24 +0000 (18:14 +0200)]
Change capitalization of TOR to Tor.

--

3 years agodirmngr: Use the new DNS wrapper for the HKP engine.
Werner Koch [Wed, 21 Oct 2015 15:46:21 +0000 (17:46 +0200)]
dirmngr: Use the new DNS wrapper for the HKP engine.

* dirmngr/ks-engine-hkp.c (my_getnameinfo): Change arg type to
dns_addrinfo_t.
(map_host): Replace getaddrinfo by resolve_dns_name.
--

Note that we still need to replace getnameinfo so that the PTR lookup
is either suppressed or also done via ADNS.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Implement a getaddrinfo wrapper.
Werner Koch [Wed, 21 Oct 2015 15:55:56 +0000 (17:55 +0200)]
dirmngr: Implement a getaddrinfo wrapper.

* dirmngr/dns-stuff.h: Include some header files.
(dns_addinfo_t, dns_addrinfo_s): New.
* dirmngr/dns-stuff.c: Always include DNS related headers.
(free_dns_addrinfo): New.
(resolve_name_standard): New.
(resolve_dns_name): New.

* dirmngr/t-dns-stuff.c: Include netdb.h.
(main): Keep old default mode with no args but else print outout of
resolve_dns_name.  Revamp option parser.
--

This wrapper allows us to switch to ADNS and thus Tor for standard
name resultion.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add more replacement error codes.
Werner Koch [Wed, 21 Oct 2015 15:38:33 +0000 (17:38 +0200)]
common: Add more replacement error codes.

* common/util.h (GPG_ERR_SERVER_FAILED): New.
(GPG_ERR_NO_KEY): New.
(GPG_ERR_NO_NAME): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: If the saved trust model is unknown, default to tofu+pgp.
Neal H. Walfield [Wed, 21 Oct 2015 11:37:11 +0000 (13:37 +0200)]
gpg: If the saved trust model is unknown, default to tofu+pgp.

* g10/trustdb.c (init_trustdb): If the saved trust model is unknown,
default to tofu+pgp instead of pgp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Don't accidentally free UTK_LIST.
Neal H. Walfield [Wed, 21 Oct 2015 11:36:12 +0000 (13:36 +0200)]
gpg: Don't accidentally free UTK_LIST.

* g10/trustdb.c (validate_keys): Don't free UTK_LIST.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: When evaluating trust reg exps, treat tofu+pgp like pgp.
Neal H. Walfield [Wed, 21 Oct 2015 11:31:00 +0000 (13:31 +0200)]
gpg: When evaluating trust reg exps, treat tofu+pgp like pgp.

* g10/trustdb.c (validate_one_keyblock): When checking trust regular
expressions, treat the tofu+pgp trust model the same as the pgp trust
model.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: If a key is ultimate trusted, return that in the tofu model.
Neal H. Walfield [Wed, 21 Oct 2015 11:35:27 +0000 (13:35 +0200)]
gpg: If a key is ultimate trusted, return that in the tofu model.

* g10/tofu.c (get_trust): If the policy is auto or none, check if the
key is ultimately trusted.  If so, return that.
(tofu_register): If the key is ultimately trusted, don't show any
statistics.
(tofu_get_validity): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Andre Heinecke <aheinecke@intevation.de>
3 years agogpg: Keep the trust DB up to date for the tofu and tofu+pgp models.
Neal H. Walfield [Wed, 21 Oct 2015 11:28:15 +0000 (13:28 +0200)]
gpg: Keep the trust DB up to date for the tofu and tofu+pgp models.

* g10/trustdb.c (init_trustdb): Recognize tofu and tofu+pgp as
possibly saved trust models.  Also register the ultimately trusted
keys if the trust model is tofu or tofu+pgp.
(check_trustdb): Don't skip if the trust model is tofu or tofu+pgp.
(update_trustdb): Likewise.
(tdb_check_trustdb_stale): Likewise.
(validate_keys): If the trust model is TOFU, just write out the
ultimately trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Factor out code into a standalone function.
Neal H. Walfield [Wed, 21 Oct 2015 10:52:56 +0000 (12:52 +0200)]
gpg: Factor out code into a standalone function.

* g10/trustdb.c (tdb_keyid_is_utk): New function.
(add_utk): Use it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Allow building with libassuan < 2.3.
Neal H. Walfield [Tue, 20 Oct 2015 18:53:40 +0000 (20:53 +0200)]
dirmngr: Allow building with libassuan < 2.3.

* dirmngr/http.c (send_request): Use newer assuan function only if
available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 4e42ad30

3 years agogpg: Make the tofu DB check and initialization atomic.
Neal H. Walfield [Tue, 20 Oct 2015 18:42:44 +0000 (20:42 +0200)]
gpg: Make the tofu DB check and initialization atomic.

* g10/tofu.c (initdb): Make the version check and the database
initialization atomic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Co-authored-by: Andre Heinecke <aheinecke@intevation.de>
3 years agobuild: Make --disable-g13 the default.
Werner Koch [Wed, 21 Oct 2015 08:34:41 +0000 (10:34 +0200)]
build: Make --disable-g13 the default.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Add --enable-g13.  Remove
--enable-gpgtar because that is enabled anyway.
* configure.ac: Do not build g13 by default.
--

The g13 part is not very useful for a standard user right now, thus do
not build it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Rename file dns-cert.c.
Werner Koch [Wed, 21 Oct 2015 08:29:02 +0000 (10:29 +0200)]
dirmngr: Rename file dns-cert.c.

* dirmngr/dns-cert.c: Rename to dirmngr/dns-stuff.c.
* dirmngr/dns-cert.h: Rename to dirmngr/dns-stuff.h and change
includers.
* dirmngr/t-dns-cert.c: Rename to dirmngr/t-dns-stuff.c.
* dirmngr/Makefile.am: Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add status code for use by g13.
Werner Koch [Wed, 21 Oct 2015 06:30:52 +0000 (08:30 +0200)]
common: Add status code for use by g13.

* common/status.h (STATUS_PLAINTEXT_FOLLOWS): New.

3 years agodirmngr: Prefer ADNS over system resolver.
Werner Koch [Tue, 20 Oct 2015 17:03:26 +0000 (19:03 +0200)]
dirmngr: Prefer ADNS over system resolver.

* configure.ac (HAVE_ADNS_IF_TORMODE): New ac_define.
(USE_DNS_CERT): Prefer ADNS over the system resolver.
* dirmngr/dns-cert.c (tor_mode): New global var.
(enable_dns_tormode): New func.
(get_dns_cert): Use DNS resolver at 8.8.8.8 in tor-mode.
* dirmngr/server.c (cmd_dns_cert): If supported allow DNS requests.

3 years agow32: Allow building again.
Werner Koch [Tue, 20 Oct 2015 15:33:18 +0000 (17:33 +0200)]
w32: Allow building again.

* dirmngr/http.c (connect_server): Fix called function name.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Allow building without SQLlite support.
Werner Koch [Tue, 20 Oct 2015 15:32:23 +0000 (17:32 +0200)]
build: Allow building without SQLlite support.

* configure.ac: Add option --dsiable-tofu and --disable-sqlite.
(NEED_SQLITE_VERSION): New var.
(USE_TOFU): New ac_define and am_conditional.
* autogen.sh (build-w32): Add PKG_CONFIG_LIBDIR to configure so that
pkg-config find the correct .pc file.

* g10/Makefile.am (tofu_source): New.  Build only if enabled.
* g10/gpg.c (parse_trust_model)[!USE_TOFU]: Disable tofu models.
(parse_tofu_policy)[!USE_TOFU]: Disable all.
(parse_tofu_db_format)[!USE_TOFU]: Disable all.
(main) <aTOFUPolicy>[!USE_TOFU]: Skip.
* g10/keyedit.c (show_key_with_all_names_colon)[!USE_TOFU]: Do not
call tofu functions.
* g10/keylist.c (list_keyblock_colon)[!USE_TOFU]: Ditto.
* g10/trustdb.c (tdb_get_validity_core)[!USE_TOFU]: Skip tofu
processing.
--

This allows to build a minimal version of GnuPG.  It is also currently
required to build for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Don't die immediately if the TOFU DB is locked.
Neal H. Walfield [Tue, 20 Oct 2015 13:12:23 +0000 (15:12 +0200)]
gpg: Don't die immediately if the TOFU DB is locked.

* g10/tofu.c (opendb): Don't die immediately if the DB is locked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Improve output.
Neal H. Walfield [Tue, 20 Oct 2015 12:53:29 +0000 (14:53 +0200)]
gpg: Improve output.

* g10/tofu.c (get_trust): Also show the binding when indicating a
conflict occurred.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Synchronize translation template.
Neal H. Walfield [Tue, 20 Oct 2015 12:52:39 +0000 (14:52 +0200)]
gpg: Synchronize translation template.

* g10/tofu.c (show_statistics): Synchronize translation template.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: When showing conflicts, also show bindings with no recorded sigs.
Neal H. Walfield [Tue, 20 Oct 2015 12:50:21 +0000 (14:50 +0200)]
gpg: When showing conflicts, also show bindings with no recorded sigs.

* g10/tofu.c (signature_stats_collect_cb): If the time_ago column is
NULL, then both time_ago and count should be 0.
(get_trust): Reverse the direction of the join so that we also get
statistics about bindings without any signatures.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Improve text.
Neal H. Walfield [Tue, 20 Oct 2015 11:42:20 +0000 (13:42 +0200)]
gpg: Improve text.

* g10/tofu.c (show_statistics): Improve text.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Suggested-by: Malte <malte@wk3.org>
3 years agogpg: Use the right variable to display the information.
Neal H. Walfield [Tue, 20 Oct 2015 11:40:37 +0000 (13:40 +0200)]
gpg: Use the right variable to display the information.

* g10/tofu.c (get_trust): Use the right variable to display the
conflicting key.

--
Signed-off-by: Neal H. Walfield <neal@walfield.org>
Reported-by: Andre Heinecke <aheinecke@intevation.de>
3 years agogpg: Make failing to create a directory a soft error.
Neal H. Walfield [Tue, 20 Oct 2015 10:22:00 +0000 (12:22 +0200)]
gpg: Make failing to create a directory a soft error.

* g10/tofu.c (getdb): Don't exit if we can't create the directory.
Just return an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agocommon: Make sure tilde expansion works for the mkdir functions.
Neal H. Walfield [Tue, 20 Oct 2015 10:10:03 +0000 (12:10 +0200)]
common: Make sure tilde expansion works for the mkdir functions.

* common/mkdir_p.c (gnupg_amkdir_p): Use make_filename_try on the
first directory component as well.

--
If there is only a single directory component, then tilde expansion
won't be done.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Remove unused prototype digest_algo_from_sig.
Neal H. Walfield [Tue, 20 Oct 2015 08:21:40 +0000 (10:21 +0200)]
gpg: Remove unused prototype digest_algo_from_sig.

* g10/packet.h (digest_algo_from_sig): Remove prototype without a
corresponding implementation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agodirmngr: Allow building with libassuan < 2.3.
Werner Koch [Mon, 19 Oct 2015 18:30:27 +0000 (20:30 +0200)]
dirmngr: Allow building with libassuan < 2.3.

* dirmngr/dirmngr.c (set_tor_mode): Use newer assuan function only if
available.
* dirmngr/http.c (http_raw_connect): Ditto.
--

Frankly we should require that but we can also wait for 2.4.0 and
switch then.

3 years agogpg: Fix --desig-revoke.
Neal H. Walfield [Mon, 19 Oct 2015 13:04:45 +0000 (15:04 +0200)]
gpg: Fix --desig-revoke.

* g10/revoke.c (gen_desig_revoke): Add additional parameter ctrl.
Check that the secret key is available.  If not, display an error
message.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: 8459bcf9

3 years agogpg: Improve function documentation and some comments.
Neal H. Walfield [Mon, 19 Oct 2015 09:15:00 +0000 (11:15 +0200)]
gpg: Improve function documentation and some comments.

* g10/main.h: Improve function documentation.
* g10/packet.h.h: Improve function documentation.
* g10/sig-check.c: Improve function documentation and some comments.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Improve and regularize naming of signature checking functions.
Neal H. Walfield [Mon, 19 Oct 2015 09:06:57 +0000 (11:06 +0200)]
gpg: Improve and regularize naming of signature checking functions.

* g10/packet.h (signature_check): Rename from this...
(check_signature): ... to this.  Update users.
(signature_check2): Rename from this...
(check_signature2): ... to this.  Update users.
* g10/sig-check.c (do_check): Rename from this...
(check_signature_end): ... to this.  Update users.
(do_check_messages): Rename from this...
(check_signature_metadata_validity): ... to this.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Mark local function as static.
Neal H. Walfield [Mon, 19 Oct 2015 08:51:05 +0000 (10:51 +0200)]
gpg: Mark local function as static.

* g10/tdbio.c (put_record_into_cache): Mark as static.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Print warning when rejecting weak digests
Daniel Kahn Gillmor [Mon, 19 Oct 2015 14:41:23 +0000 (10:41 -0400)]
gpg: Print warning when rejecting weak digests

* g10/misc.c (print_md5_rejected_note): Rename to ..
(print_digest_rejected_note): this.  Parameterize function to take an
enum gcry_md_algos.
* g10/sig-check.c: Use print_digest_rejected_note() when rejecting
signatures.

--

76afaed65e3b0ddfa4923cb577ada43217dd4b18 allowed extra --weak-digests,
but removed the one call to print_md5_rejected_note().  This replaces
and generalizes that warning.

Signed-Off-By: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agogpg: Add option --weak-digest to gpg and gpgv.
Daniel Kahn Gillmor [Sun, 18 Oct 2015 21:35:32 +0000 (17:35 -0400)]
gpg: Add option --weak-digest to gpg and gpgv.

* g10/options.h: Add additional_weak_digests linked list to opts.
* g10/main.h: Declare weakhash linked list struct and
additional_weak_digest() function to insert newly-declared weak
digests into opts.
* g10/misc.c: (additional_weak_digest): New function.
(print_digest_algo_note): Check for deprecated digests; use proper
gcry_md_algos type.
* g10/sig-check.c: (do_check): Reject weak digests in addition to MD5.
* g10/gpg.c: Add --weak-digest option to gpg.
* doc/gpg.texi: Document gpg --weak-digest option.
* g10/gpgv.c: Add --weak-digest option to gpgv.
* doc/gpgv.texi: Document gpgv --weak-digest option.

--
gpg and gpgv treat signatures made over MD5 as unreliable, unless the
user supplies --allow-weak-digests to gpg.  Signatures over any other
digest are considered acceptable.

Despite SHA-1 being a mandatory-to-implement digest algorithm in RFC
4880, the collision-resistance of SHA-1 is weaker than anyone would
like it to be.

Some operators of high-value targets that depend on OpenPGP signatures
may wish to require their signers to use a stronger digest algorithm
than SHA1, even if the OpenPGP ecosystem at large cannot deprecate
SHA1 entirely today.

This changeset adds a new "--weak-digest DIGEST" option for both gpg
and gpgv, which makes it straightforward for anyone to treat any
signature or certification made over the specified digest as
unreliable.

This option can be supplied multiple times if the operator wishes to
deprecate multiple digest algorithms, and will be ignored completely
if the operator supplies --allow-weak-digests (as before).

MD5 is still always considered weak, regardless of any further
--weak-digest options supplied.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Capitialized some comments, shorted a line in do_check, and changed
subject to name the option.  -wk

3 years agodirmngr: Make --use-tor work - still leaks DNS.
Werner Koch [Mon, 19 Oct 2015 11:12:24 +0000 (13:12 +0200)]
dirmngr: Make --use-tor work - still leaks DNS.

* dirmngr/dirmngr.c (set_tor_mode): New.
(main, reread_configuration): Call it.
* dirmngr/http.c (http_raw_connect, send_request): Check whether TOR
mode is enabled if the FORCE_TOR flag is given.
--

The patch for http.c is a sanity check because tor mode is anyway
global as long as the Assuan socket wrappers are used.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Use Assuan socket wrappers for http.c
Werner Koch [Mon, 19 Oct 2015 10:43:22 +0000 (12:43 +0200)]
dirmngr: Use Assuan socket wrappers for http.c

* dirmngr/http.c: Include assuan.h.  Changed all code taking a socket
descriptor from int to assuan_fd_t.
(my_unprotect, my_protect): New.
(my_connect): Remove.
(_my_socket_new, _my_socket_unref): use assuan_sock_close.
(connect_server): Use assuan_sock_connect, assuan_sock_new, and
assuan_sock_close.
* dirmngr/Makefile.am (t_common_ldadd): Add LIBASSUAN_LIBS.
--

This change prepares for the use of SOCKS5 with http.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix formatting.
Neal H. Walfield [Mon, 19 Oct 2015 08:36:21 +0000 (10:36 +0200)]
gpg: Fix formatting.

* g10/tofu.c (get_trust): Fix formatting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Don't forget to free some memory.
Neal H. Walfield [Mon, 19 Oct 2015 08:35:38 +0000 (10:35 +0200)]
gpg: Don't forget to free some memory.

* g10/tofu.c (tofu_register): Free SIG_DIGEST before returning.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: If a conflict occurs in batch mode, record that.
Neal H. Walfield [Mon, 19 Oct 2015 08:34:15 +0000 (10:34 +0200)]
gpg: If a conflict occurs in batch mode, record that.

* g10/tofu.c (get_trust): If a conflict occurs when MAY_ASK is false,
set conflict to the key.  When prompting the user, don't show the
conflicting key if the conflicting key is the current key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agogpg: Silence two more warnings.
Werner Koch [Sun, 18 Oct 2015 18:17:24 +0000 (20:17 +0200)]
gpg: Silence two more warnings.

* g10/trustdb.c (tdb_get_validity_core): Silence a warning.
* g10/tofu.c (tofu_register): Move SIG_DIGEST computation to the top
so that it is not uninitialized in case of an early error.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix harmless compiler warnings.
Werner Koch [Sun, 18 Oct 2015 18:07:26 +0000 (20:07 +0200)]
gpg: Fix harmless compiler warnings.

* g10/tofu.h (_tofu_GET_POLICY_ERROR): New.  This avoids warnings
about undefined enum values in a switch.
* g10/trustdb.h (_tofu_GET_TRUST_ERROR): New.
* g10/tofu.c (TIME_AGO_FUTURE_IGNORE): Move to the top.
(opendbs): Avoid compiler warning (use braces).
(GET_POLICY_ERROR): Replace define by enum _tofu_GET_POLICY_ERROR.
(get_policy): Remove assert.
(GET_TRUST_ERROR): Replace by _tofu_GET_TRUST_ERROR macro.
(show_statistics): Undef MIN_SECS et al. after use.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Avoid warning about const char ** assignment.
Werner Koch [Sun, 18 Oct 2015 17:37:41 +0000 (19:37 +0200)]
common: Avoid warning about const char ** assignment.

* common/mkdir_p.c (gnupg_amkdir_p): Also strdup first item.  Return
an error on malloc failure.
(gnupg_mkdir_p): Fix type of dirs and tmp_dirs.
--

The code was correct but it inhibits type checking.  Instead of
casting it seems easier to simply allocate also the the first item in
DIRS.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoMove http module from common/ to dirmngr/.
Werner Koch [Sun, 18 Oct 2015 18:07:44 +0000 (20:07 +0200)]
Move http module from common/ to dirmngr/.

* common/http.c: Move to ../dirmngr/.
* common/http.h: Move to ../dirmngr/.
* common/t-http.c: Move to ../dirmngr/.
* common/tls-ca.pem: Move to ../dirmngr/.
* common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
Remove http.c related stuff.
* po/POTFILES.in: Move http.c to dirmngr/.
* dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
(module_maint_tests): New.
(noinst_PROGRAMS): Add module_maint_tests.
(dirmngr_SOURCES): Add http.c and http.h.
(dirmngr_LDADD): Remove libcommontlsnpth.
(t_common_ldadd): Ditto.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
(t_ldap_parse_uri_SOURCES): Add http.c.
(t_ldap_parse_uri_CFLAGS): Build without npth.
($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
* dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
--

All network access is done via dirmngr and thus http.c should be
there.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Fix assert.
Neal H. Walfield [Sun, 18 Oct 2015 17:08:18 +0000 (19:08 +0200)]
g10: Fix assert.

* g10/tofu.c (get_trust): Fix assert.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Add TOFU support.
Neal H. Walfield [Sun, 18 Oct 2015 16:44:05 +0000 (18:44 +0200)]
g10: Add TOFU support.

* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Prefix the mkdir functions with gnupg_. Make args const.
Neal H. Walfield [Fri, 16 Oct 2015 14:30:46 +0000 (16:30 +0200)]
common: Prefix the mkdir functions with gnupg_.  Make args const.

* common/mkdir_p.h (mkdir_p): Rename from this...
(gnupg_mkdir_p): ... to this.  Change directory_component's type from
char * to const char *.
(amkdir_p): Rename from this...
(gnupg_amkdir_p): ... to this.  Change directory_component's type from
char * to const char *.
* common/mkdir_p.c (mkdir_p): Rename from this...
(gnupg_mkdir_p): ... to this.  Change directory_component's type from
char * to const char *.
(amkdir_p): Rename from this...
(gnupg_amkdir_p): ... to this.  Change directory_component's type from
char * to const char *.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocleanup: Fix confusion between gpg_error_t and gpg_err_code_t.
NIIBE Yutaka [Wed, 14 Oct 2015 09:57:26 +0000 (18:57 +0900)]
cleanup: Fix confusion between gpg_error_t and gpg_err_code_t.

* dirmngr/crlcache.c (hash_dbfile): Use gpg_error_t for ERR.
* kbx/keybox-update.c (keybox_set_flags): Call
gpg_err_code_from_syserror.