gnupg.git
3 years agoPost release updates.
Werner Koch [Thu, 10 Sep 2015 19:05:27 +0000 (21:05 +0200)]
Post release updates.

--

3 years agoRelease 2.1.8. gnupg-2.1.8
Werner Koch [Thu, 10 Sep 2015 14:40:37 +0000 (16:40 +0200)]
Release 2.1.8.

3 years agotests: Silence the 5gb-packet test.
Werner Koch [Thu, 10 Sep 2015 16:07:20 +0000 (18:07 +0200)]
tests: Silence the 5gb-packet test.

* tests/openpgp/4gb-packet.test: Send output to /dev/null.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Fix make distcheck problem.
Werner Koch [Thu, 10 Sep 2015 16:11:58 +0000 (18:11 +0200)]
g10: Fix make distcheck problem.

* g10/test.c: Include string.h.
(prepend_srcdir): New.  Taken from Libgcrypt.
(test_free): New.
* g10/t-keydb.c (do_test): Malloc the filename.
* g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR
(EXTRA_DIST): Add t-keydb-keyring.kbx.
--

Using SOURCE_DIR should in general work but we have seen problems when
doing this in Libgcrypt.  Using the srcdir variable gives us anyway
more flexibility and aligns with the way we do it in tests/openpgp.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Improve portability of the new test driver.
Werner Koch [Thu, 10 Sep 2015 15:43:13 +0000 (17:43 +0200)]
g10: Improve portability of the new test driver.

* g10/test.c: Include stdio.h and stdlib.h.
(verbose): New.
(print_results): Rename to exit_tests.
(main): Remove atexit and call exit_tests.  Set verbose.
(ASSERT, ABORT): Call exit_tests instead of exit.
--

Calling exit from an exit handler is undefined behaviour.  It works on
Linux but other systems will hit an endless loop.  That is indeed
unfortunate but we can't do anything about it.  Calling _exit() would
be possible but that may lead to other problems.  Thus we change to
call a custom exit function :-(.

Using "make check verbose=1" is supported by tests/openpgp and thus
we add the same mechanism here.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Auto-update
Werner Koch [Thu, 10 Sep 2015 14:22:49 +0000 (16:22 +0200)]
po: Auto-update

--

3 years agopo: Update Russian translation
Ineiev [Thu, 10 Sep 2015 14:16:39 +0000 (16:16 +0200)]
po: Update Russian translation

--

3 years agodirmngr: Allow sending much larger keyblocks.
Werner Koch [Wed, 9 Sep 2015 13:41:25 +0000 (15:41 +0200)]
dirmngr: Allow sending much larger keyblocks.

* dirmngr/server.c (MAX_CERT_LENGTH): Increase to 16k.
(MAX_KEYBLOCK_LENGTH): Increase to 20M.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Minor comment fixes.
Werner Koch [Wed, 9 Sep 2015 13:14:20 +0000 (15:14 +0200)]
doc: Minor comment fixes.

--

3 years agoscd: Force key attribute change for writekey.
NIIBE Yutaka [Mon, 7 Sep 2015 04:49:47 +0000 (13:49 +0900)]
scd: Force key attribute change for writekey.

* scd/app-openpgp.c (change_rsa_keyattr): New.
(change_keyattr_from_string): Use change_rsa_keyattr.
(rsa_writekey): Call change_rsa_keyattr when different size.
(ecc_writekey): Try to change key attribute.

3 years agoscd: KEYNO cleanup.
NIIBE Yutaka [Mon, 7 Sep 2015 04:09:01 +0000 (13:09 +0900)]
scd: KEYNO cleanup.

* scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
(change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
(compare_fingerprint, check_against_given_fingerprint): KEYNO starts
from 0.

3 years agog10: Remove unused field req_algo.
Neal H. Walfield [Tue, 1 Sep 2015 12:53:47 +0000 (14:53 +0200)]
g10: Remove unused field req_algo.

* g10/packet.h (PKT_public_key): Remove unused field req_algo.  Remove
users.
* g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
Remove users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Use a symbolic constant instead of a literal.
Neal H. Walfield [Tue, 1 Sep 2015 08:40:04 +0000 (10:40 +0200)]
g10: Use a symbolic constant instead of a literal.

* g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
(new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
(release_key_hash_table): Likewise.
(test_key_hash_table): Likewise.
(add_key_hash_table): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Add test for keydb as well as new testing infrastructure.
Neal H. Walfield [Wed, 2 Sep 2015 13:07:06 +0000 (15:07 +0200)]
g10: Add test for keydb as well as new testing infrastructure.

* g10/Makefile.am (EXTRA_DIST): Add test.c.
(AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"".
(module_tests): Add t-keydb.
(t_keydb_SOURCES): New variable.
(t_keydb_LDADD): Likewise.
* g10/t-keydb.c: New file.
* g10/t-keydb-keyring.kbx: New file.
* g10/test-stubs.c: New file.
* g10/test.c: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Make the keyblock cache per-handle rather than global.
Neal H. Walfield [Mon, 31 Aug 2015 11:57:07 +0000 (13:57 +0200)]
g10: Make the keyblock cache per-handle rather than global.

* g10/keydb.c (keyblock_cache): Don't declare this variable.  Instead...
(struct keyblock_cache): ... turn its type into this first class
object...
(struct keydb_handle): ... and instantiate it once per database
handle.  Update all users.
(keydb_rebuild_caches): Don't invalidate the keyblock cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: If iobuf_seek fails when reading from the cache, do a hard read.
Neal H. Walfield [Wed, 2 Sep 2015 08:33:26 +0000 (10:33 +0200)]
g10: If iobuf_seek fails when reading from the cache, do a hard read.

* g10/keydb.c (keydb_get_keyblock): If the iobuf_seek fails when
reading from the cache, then simply clear the cache and try reading
from the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoiobuf: Reduce verbosity of test.
Neal H. Walfield [Wed, 2 Sep 2015 08:30:59 +0000 (10:30 +0200)]
iobuf: Reduce verbosity of test.

* common/t-iobuf.c (main): Reduce verbosity.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoiobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.
Neal H. Walfield [Wed, 2 Sep 2015 08:24:33 +0000 (10:24 +0200)]
iobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.

* common/iobuf.h (enum iobuf_use): Add new member, IOBUF_INPUT_TEMP.
* common/iobuf.c (iobuf_temp_with_content): Create the iobuf as an
IOBUF_INPUT_TEMP, not an IOBUF_INPUT buffer.  Assert that LENGTH ==
A->D.SIZE.
(iobuf_push_filter2): If A is an IOBUF_INPUT_TEMP, then make the new
filter an IOBUF_INPUT filter and set its buffer size to
IOBUF_BUFFER_SIZE.
(underflow): If A is an IOBUF_INPUT_TEMP, then just return EOF; don't
remove already read data.
(iobuf_seek): If A is an IOBUF_INPUT_TEMP, don't discard the buffered
data.
(iobuf_alloc): Allow USE == IOBUF_INPUT_TEMP.
(pop_filter): Allow USE == IOBUF_INPUT_TEMP.
(iobuf_peek): Allow USE == IOBUF_INPUT_TEMP.
(iobuf_writebyte): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_write): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_writestr): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_flush_temp): Fail if USE == IOBUF_INPUT_TEMP.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Introduce a new iobuf type, IOBUF_INPUT_TEMP.  Use this for the iobuf
created by iobuf_temp_with_content instead of IOBUF_INPUT.  This was
necessary so that seeking and peeking correctly work on this type of
iobuf.  In particular, seeking didn't work because we discarded the
buffered data and peeking didn't work because we discarded data which
was already read, which made seeking later impossible.

3 years agoiobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.
Neal H. Walfield [Wed, 2 Sep 2015 07:56:09 +0000 (09:56 +0200)]
iobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.

* common/iobuf.h (enum iobuf_use): Rename IOBUF_TEMP to
IOBUF_OUTPUT_TEMP.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoiobuf: Use a first-class enum.
Neal H. Walfield [Tue, 1 Sep 2015 20:17:23 +0000 (22:17 +0200)]
iobuf: Use a first-class enum.

* common/iobuf.h (enum iobuf_use): Name the IOBUF_OUTPUT, etc. enum.
(struct iobuf_struct): Change the field use's type to it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoiobuf: Fix test.
Neal H. Walfield [Tue, 1 Sep 2015 20:13:45 +0000 (22:13 +0200)]
iobuf: Fix test.

* common/t-iobuf.c (content_filter): If there is nothing to read,
don't forget to set *LEN to 0.
(main): Fix checks.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoagent: Protect commit 135b1e3 against misbehaving Libgcrypt.
Werner Koch [Tue, 1 Sep 2015 05:39:28 +0000 (07:39 +0200)]
agent: Protect commit 135b1e3 against misbehaving Libgcrypt.

* agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove option --no-sig-create-check.
Werner Koch [Mon, 31 Aug 2015 22:07:24 +0000 (00:07 +0200)]
gpg: Remove option --no-sig-create-check.

* g10/gpg.c (opts): Remove --no-sig-create-check.
* g10/options.h (struct opt): Remove field no_sig_create_check.
* g10/sign.c (do_sign): Always check unless it is RSA and we are using
Libgcrypt 1.7.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Assume an utf-8 locale on iconv errors.
Werner Koch [Mon, 31 Aug 2015 18:29:28 +0000 (20:29 +0200)]
common: Assume an utf-8 locale on iconv errors.

* common/utf8conv.c (handle_iconv_error): Use utf-8 as fallback.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Fix regression in building argpase.c standalone.
Werner Koch [Mon, 31 Aug 2015 18:21:43 +0000 (20:21 +0200)]
common: Fix regression in building argpase.c standalone.

* common/argparse.c (is_native_utf8) [GNUPG_MAJOR_VERSION]: New.

3 years agoTypo fixes
Werner Koch [Fri, 28 Aug 2015 03:05:37 +0000 (05:05 +0200)]
Typo fixes

--

3 years agog10: Don't leak memory if we fail to initialize a new database handle.
Neal H. Walfield [Mon, 31 Aug 2015 09:22:14 +0000 (11:22 +0200)]
g10: Don't leak memory if we fail to initialize a new database handle.

* g10/keydb.c (keydb_new): If we fail to open a keyring or keybox
correctly release all resources.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Improve interface documentation of the keydb API.
Neal H. Walfield [Mon, 31 Aug 2015 09:14:21 +0000 (11:14 +0200)]
g10: Improve interface documentation of the keydb API.

* g10/keydb.c: Improve code comments and documentation of internal
interfaces.  Improve documentation of public APIs and move that to...
* g10/keydb.h: ... this file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Don't cache search results if the search didn't scan the whole DB.
Neal H. Walfield [Mon, 31 Aug 2015 07:47:58 +0000 (09:47 +0200)]
g10: Don't cache search results if the search didn't scan the whole DB.

* g10/keydb.c (struct keydb_handle): Add new field is_reset.
(keydb_new): Initialize hd->is_reset to 1.
(keydb_locate_writable): Set hd->is_reset to 1.
(keydb_search): Set hd->is_reset to 0.  Don't cache a key not found if
the search started from the beginning of the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Have keydb_search_first call keydb_search_reset before searching.
Neal H. Walfield [Mon, 31 Aug 2015 07:22:23 +0000 (09:22 +0200)]
g10: Have keydb_search_first call keydb_search_reset before searching.

* g10/keydb.c (keydb_search_first): Reset the handle before starting
the search.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
This bug hasn't shown up yet in practice, because keydb_search_first
is always called immediately after a keydb_new.  This changes cleans
up the semantics and will hopefully prevent future bugs.

3 years agog10: Remove unused parameter.
Neal H. Walfield [Fri, 28 Aug 2015 14:22:59 +0000 (16:22 +0200)]
g10: Remove unused parameter.

* g10/keydb.h (keydb_locate_writable): Remove unused parameter
reserved.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoagent: Fix SSH public key for EdDSA.
NIIBE Yutaka [Mon, 31 Aug 2015 06:15:03 +0000 (15:15 +0900)]
agent: Fix SSH public key for EdDSA.

* agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40.

3 years agog10: Simplify cache. Only include data that is actually used.
Neal H. Walfield [Wed, 26 Aug 2015 10:22:24 +0000 (12:22 +0200)]
g10: Simplify cache.  Only include data that is actually used.

* g10/keydb.c (struct kid_list_s): Rename from this...
(struct kid_not_found_cache_bucket): ... to this.  Update users.
Remove field state.
(kid_list_t): Remove type.
(KID_NOT_FOUND_CACHE_BUCKETS): Define.  Use this instead of a literal.
(kid_found_table): Rename from this...
(kid_not_found_cache_bucket): ... to this.  Update users.
(kid_found_table_count): Rename from this...
(kid_not_found_cache_count): ... to this.  Update users.
(kid_not_found_p): Only return whether a key with the specified key id
is definitely not in the database.
(kid_not_found_insert): Remove parameter found.  Update callers.
(keydb_search): Only insert a key id in the not found cache if it is
not found.  Rename local variable once_found to already_in_cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Commit e0873a33 started tracking whether key ids where definitely in
the database.  This information is, however, never used and thus just
unnecessarily inflates the cache.  This patch effectively reverts that
change (however, e0873a33 contains two separate changes and this only
reverts that change).

3 years agoAdd configure option --enable-build-timestamp.
Werner Koch [Tue, 25 Aug 2015 19:08:27 +0000 (21:08 +0200)]
Add configure option --enable-build-timestamp.

* configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
--

This is based on
libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554
but changed to be disabled by default.  Check there for some
background.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Emit ERROR status for key signing failures.
Werner Koch [Tue, 25 Aug 2015 13:06:40 +0000 (15:06 +0200)]
gpg: Emit ERROR status for key signing failures.

* g10/keyedit.c (sign_uids): Write an ERROR status for a signing
failure.
(menu_adduid, menu_addrevoker, menu_revsig): Ditto.
(menu_revuid, menu_revkey, menu_revsubkey): Ditto.
--

This change helps GPA to show better error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Print a new FAILURE status after most commands.
Werner Koch [Tue, 25 Aug 2015 07:03:31 +0000 (09:03 +0200)]
gpg: Print a new FAILURE status after most commands.

* common/status.h (STATUS_FAILURE): New.
* g10/cpr.c (write_status_failure): New.
* g10/gpg.c (main): Call write_status_failure for all commands which
print an error message here.
* g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
set the pinentry mode.
--

This status line can be used similar to the error code returned by
commands send over the Assuan interface in gpgsm.  We don't emit them
in gpgsm because there we already have that Assuan interface to return
proper error code.  This change helps GPGME to return better error
codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Raise the maximum password length. Don't hard code it.
Neal H. Walfield [Mon, 24 Aug 2015 14:14:09 +0000 (16:14 +0200)]
agent: Raise the maximum password length.  Don't hard code it.

* agent/agent.h (MAX_PASSPHRASE_LEN): Define.
* agent/command-ssh.c (ssh_identity_register): Use it instead of a
hard-coded literal.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
* agent/findkey.c (unprotect): Likewise.
* agent/genkey.c (agent_ask_new_passphrase): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
GnuPG-bug-id: 2038

3 years agosm: Support secret key export via the Assuan interface.
Werner Koch [Mon, 24 Aug 2015 10:43:00 +0000 (12:43 +0200)]
sm: Support secret key export via the Assuan interface.

* sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agopo: Grammar fix for the German translation.
Werner Koch [Mon, 24 Aug 2015 07:31:24 +0000 (09:31 +0200)]
po: Grammar fix for the German translation.

--
Reported-by: Thomas Bellmann
4 years agodirmngr: Allow sending of Zack's key.
Werner Koch [Sun, 23 Aug 2015 19:16:39 +0000 (21:16 +0200)]
dirmngr: Allow sending of Zack's key.

* dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix regression in packet parser from Aug 19.
Werner Koch [Sun, 23 Aug 2015 10:17:43 +0000 (12:17 +0200)]
gpg: Fix regression in packet parser from Aug 19.

* g10/parse-packet.c (parse): Use an int to compare to -1.  Use
buf32_to_ulong.
--

Regression-due-to: 0add91ae1ca3718e8140af09294c595f47c958d3
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Show not found keys with --locate-key --verbose.
Werner Koch [Sun, 23 Aug 2015 09:56:17 +0000 (11:56 +0200)]
gpg: Show not found keys with --locate-key --verbose.

* g10/keylist.c (locate_one): Print a diagnostic for a not-found key.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Don't incorrectly reject 4 GB - 1 sized packets.
Neal H. Walfield [Fri, 21 Aug 2015 09:55:15 +0000 (11:55 +0200)]
common: Don't incorrectly reject 4 GB - 1 sized packets.

* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
Add the constraint that the type must be 63.
* kbx/keybox-openpgp.c (next_packet): Likewise.
* tests/openpgp/4gb-packet.asc: New file.
* tests/openpgp/4gb-packet.test: New file.
* tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
(TEST_FILES): Add 4gb-packet.asc.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Don't assume on-disk layout matches in-memory layout.
Neal H. Walfield [Fri, 21 Aug 2015 08:38:41 +0000 (10:38 +0200)]
common: Don't assume on-disk layout matches in-memory layout.

* g10/packet.h (PKT_signature): Change revkey's type from a struct
revocation_key ** to a struct revocation_key *.  Update users.

--
revkey was a pointer into the raw data.  But, C doesn't guarantee that
there is no padding.  Thus, we copy the data.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Don't incorrectly copy packets with partial lengths.
Neal H. Walfield [Fri, 21 Aug 2015 07:47:57 +0000 (09:47 +0200)]
common: Don't incorrectly copy packets with partial lengths.

* g10/parse-packet.c (parse): We don't handle copying packets with a
partial body length to an output stream.  If this occurs, log an error
and abort.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Check parameters more rigorously.
Neal H. Walfield [Fri, 21 Aug 2015 07:35:09 +0000 (09:35 +0200)]
common: Check parameters more rigorously.

* g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
NULL.
(copy_all_packets): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Don't continuing processing on error.
Neal H. Walfield [Fri, 21 Aug 2015 07:32:58 +0000 (09:32 +0200)]
common: Don't continuing processing on error.

* g10/parse-packet.c (dbg_parse_packet): Also return if parse returns
an error.
(parse_packet): Likewise.
(dbg_search_packet): Likewise.
(search_packet): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Better respect the packet's length when reading it.
Neal H. Walfield [Fri, 21 Aug 2015 07:28:49 +0000 (09:28 +0200)]
common: Better respect the packet's length when reading it.

* g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
underflow.  Be more careful that a read doesn't read more data than
PKTLEN says is available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agodoc: Remove C++ style comments and update HACKING.
Werner Koch [Thu, 20 Aug 2015 15:42:55 +0000 (17:42 +0200)]
doc: Remove C++ style comments and update HACKING.

--

4 years agopo: Add lost translation of validity strings.
Werner Koch [Thu, 20 Aug 2015 14:37:45 +0000 (16:37 +0200)]
po: Add lost translation of validity strings.

* po/POTFILES.in (trust.c): Add missing file.
* po/de.po: Changed German validity strings.
* doc/help.de.txt: Ditto.
--

Note that I replaced "uneingeschr√§nkt" in de.po to "ultimativ" to
make the output better readable.

4 years agog10/parse-packet.c:parse: Try harder to not ignore an EOF.
Neal H. Walfield [Wed, 19 Aug 2015 11:41:12 +0000 (13:41 +0200)]
g10/parse-packet.c:parse: Try harder to not ignore an EOF.

* g10/parse-packet.c (parse): Be more robust: make sure to process any
EOF.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10/parse-packet.c: Replace literal with symbolic expression.
Neal H. Walfield [Wed, 19 Aug 2015 11:38:20 +0000 (13:38 +0200)]
g10/parse-packet.c: Replace literal with symbolic expression.

* g10/parse-packet.c (dump_hex_line): Use sizeof rather than the
buffer's size.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoAdd documentation for g10/parse-packet.c.
Neal H. Walfield [Wed, 19 Aug 2015 11:36:13 +0000 (13:36 +0200)]
Add documentation for g10/parse-packet.c.

* g10/packet.h: Add documentation for functions defined in
parse-packet.c.
* g10/parse-packet.c: Improve comments for many functions.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10/packet.h: Remove unused argument from enum_sig_subpkt.
Neal H. Walfield [Wed, 19 Aug 2015 09:45:24 +0000 (11:45 +0200)]
g10/packet.h: Remove unused argument from enum_sig_subpkt.

* g10/packet.h (enum_sig_subpkt): Remove argument RET_N.  Update
callers.
* g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.

--
Remove the RET_N argument, because it is unused and because it is
meaningless: it's not clear whether it is an offset into SIG->HASHED
or SIG->UNHASHED.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.
Neal H. Walfield [Tue, 18 Aug 2015 08:33:06 +0000 (10:33 +0200)]
g10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.

* g10/parse-packet.c (mpi_read): Improve documentation.  Correctly
handle an EOF.  On overflow, correctly return the number of bytes read
from the pipeline.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Make control flow more obvious.
Neal H. Walfield [Mon, 17 Aug 2015 11:00:32 +0000 (13:00 +0200)]
common/iobuf.c: Make control flow more obvious.

* common/iobuf.c (iobuf_read): Make control flow more obvious.
(iobuf_get_filelength): Likewise.
(iobuf_get_fd): Likewise.
(iobuf_seek): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Add some sanity checks to catch programmer bugs.
Neal H. Walfield [Mon, 17 Aug 2015 10:52:20 +0000 (12:52 +0200)]
common/iobuf.c: Add some sanity checks to catch programmer bugs.

* common/iobuf.c (iobuf_alloc): Check that BUFSIZE is not 0.
(iobuf_readbyte): Check that A is an input filter.  Check that the
amount of read data is at most the amount of buffered data.
(iobuf_read): Check that A is an input filter.
(iobuf_writebyte): Check that A is not an input filter.
(iobuf_writestr): Check that A is not an input filter.
(iobuf_flush_temp): Check that A is not an input filter.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c:iobuf_write_temp: Elide redundant code.
Neal H. Walfield [Mon, 17 Aug 2015 10:40:53 +0000 (12:40 +0200)]
common/iobuf.c:iobuf_write_temp: Elide redundant code.

* common/iobuf.c (iobuf_write_temp): Don't repeat iobuf_flush_temp.
Use it directly.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Have iobuf_writestr use iobuf_write, not iobuf_writebyte
Neal H. Walfield [Mon, 17 Aug 2015 10:33:29 +0000 (12:33 +0200)]
common/iobuf.c: Have iobuf_writestr use iobuf_write, not iobuf_writebyte

* common/iobuf.c (iobuf_write): Don't write a byte at a time.  Use
iobuf_write.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf: Improve documentation and code comments.
Neal H. Walfield [Mon, 17 Aug 2015 10:30:04 +0000 (12:30 +0200)]
common/iobuf: Improve documentation and code comments.

common/iobuf.h: Improve documentation and code comments.
common/iobuf.c: Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Adjust buffer size of filters in front of temp filters.
Neal H. Walfield [Mon, 17 Aug 2015 10:29:15 +0000 (12:29 +0200)]
common/iobuf.c: Adjust buffer size of filters in front of temp filters.

* common/iobuf.c (iobuf_push_filter2): If the head filter is a temp
filter, use IOBUF_BUFFER_SIZE for the new filter.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Buffered data should not be processed by new filters.
Neal H. Walfield [Mon, 17 Aug 2015 09:56:42 +0000 (11:56 +0200)]
common/iobuf.c: Buffered data should not be processed by new filters.

* common/iobuf.c (iobuf_push_filter2): If the pipeline is an output or
temp pipeline, the new filter shouldn't assume ownership of the old
head's internal buffer: the data was written before the filter was
added.
* common/t-iobuf.c (double_filter): New function.
(main): Add test cases for the above bug.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.
Neal H. Walfield [Fri, 14 Aug 2015 11:19:22 +0000 (13:19 +0200)]
common/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.

* common/iobuf.c (iobuf_temp_to_buffer): Flush each filter in the
pipeline and copy the data from the last (not the first) filter's
internal buffer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.
Neal H. Walfield [Fri, 14 Aug 2015 09:18:18 +0000 (11:18 +0200)]
common/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.

* common/iobuf.c (do_open): New function, which is a generalization of
iobuf_open, iobuf_Create, iobuf_openrw.
(iobuf_open): Call do_open.
(iobuf_create): Likewise.
(iobuf_openrw): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.h: Remove iobuf_open_fd_or_name.
Neal H. Walfield [Thu, 13 Aug 2015 14:09:15 +0000 (16:09 +0200)]
common/iobuf.h: Remove iobuf_open_fd_or_name.

* common/iobuf.h (iobuf_open_fd_or_name): Remove prototype.  Replace
use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
* common/iobuf.c (iobuf_open): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Rename iobuf_flush and make it a static function.
Neal H. Walfield [Thu, 13 Aug 2015 13:53:11 +0000 (15:53 +0200)]
common/iobuf.c: Rename iobuf_flush and make it a static function.

* common/iobuf.h (iobuf_flush): Remove prototype.
* common/iobuf.c (filter_flush): New static prototype.
(iobuf_flush): Rename...
(filter_flush): ... to this.  Make static.  Simplify code.  Update
callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails
Neal H. Walfield [Thu, 13 Aug 2015 08:08:32 +0000 (10:08 +0200)]
common/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails

* common/iobuf.c (iobuf_cancel): Don't abort freeing a pipeline if
freeing a filter fails.  This needs to a memory leak.  Instead, keep
freeing and return the error code of the first filter that fails.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Improve iobuf_peek.
Neal H. Walfield [Wed, 12 Aug 2015 20:57:58 +0000 (22:57 +0200)]
common/iobuf.c: Improve iobuf_peek.

* common/iobuf.c (underflow): Take additional parameter
clear_pending_eof.  If not set, don't clear a pending eof when
returning EOF.  Update callers.
(iobuf_peek): Fill the internal buffer, if needed, to be able to
better satisfy any request.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: When requested, fill the buffer even if it is not empty.
Neal H. Walfield [Wed, 12 Aug 2015 20:10:37 +0000 (22:10 +0200)]
common/iobuf.c: When requested, fill the buffer even if it is not empty.

* common/iobuf.c (underflow): Don't require that the buffer be empty.
When called, fill any available space.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/t-iobuf.c: Add a test case for multiple EOFs.
Neal H. Walfield [Wed, 12 Aug 2015 09:44:59 +0000 (11:44 +0200)]
common/t-iobuf.c: Add a test case for multiple EOFs.

common/t-iobuf.c (main): Add a test case for multiple EOFs in an INPUT
pipeline.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Better respect boundary conditions in iobuf_read_line.
Neal H. Walfield [Wed, 12 Aug 2015 00:19:05 +0000 (02:19 +0200)]
common/iobuf.c: Better respect boundary conditions in iobuf_read_line.

* common/iobuf.c (iobuf_read_line): Be more careful with boundary
conditions.
* common/iobuf.h: Include <gpg-error.h>.
* common/t-iobuf.c: New file.
* common/Makefile.am (module_tests): Add t-iobuf.
(t_mbox_util_LDADD): New variable.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Fix filter type for iobuf_temp_with_content.
Neal H. Walfield [Wed, 12 Aug 2015 10:03:23 +0000 (12:03 +0200)]
common/iobuf.c: Fix filter type for iobuf_temp_with_content.

* common/iobuf.c (iobuf_temp_with_content): Set the filter type to
IOBUF_INPUT, not IOBUF_TEMP, which is only for output filters that
write into a dynamic buffer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.h: Remove unimplemented prototypes.
Neal H. Walfield [Mon, 10 Aug 2015 13:04:52 +0000 (15:04 +0200)]
common/iobuf.h: Remove unimplemented prototypes.

* common/iobuf.h (iobuf_unread): Remove unimplemented prototype.
(iobuf_clear_eof): Likewise.
(iobuf_append): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Refactor code to not need the desc field.
Neal H. Walfield [Sun, 9 Aug 2015 14:57:42 +0000 (16:57 +0200)]
common/iobuf.c: Refactor code to not need the desc field.

* common/iobuf.h (struct iobuf_struct): Remove field desc.
* common/iobuf.c (iobuf_desc): New function.  When a filter's
description is needed, use this instead of the filter's desc field.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.h: Clarify semantics of nofast. Simplify implementation.
Neal H. Walfield [Sun, 9 Aug 2015 14:53:51 +0000 (16:53 +0200)]
common/iobuf.h: Clarify semantics of nofast.  Simplify implementation.

* common/iobuf.h (struct iobuf_struct): Clarify semantics of nofast.
Simplify use of nofast to implement just these semantics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Remove dead code (directfp).
Neal H. Walfield [Sun, 9 Aug 2015 14:50:42 +0000 (16:50 +0200)]
common/iobuf.c: Remove dead code (directfp).

* common/iobuf.h (struct iobuf_struct): Remove field directfp.  Remove
all uses of it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Remove dead code (opaque).
Neal H. Walfield [Sun, 9 Aug 2015 14:49:04 +0000 (16:49 +0200)]
common/iobuf.c: Remove dead code (opaque).

* common/iobuf.h (struct iobuf_struct): Remove field opaque.  Remove
all uses of it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.h: Replace further use of literals with symbolic constants.
Neal H. Walfield [Sun, 9 Aug 2015 08:52:34 +0000 (10:52 +0200)]
common/iobuf.h: Replace further use of literals with symbolic constants.

* common/iobuf.c: Move BLOCK_FILTER_INPUT,
BLOCK_FILTER_OUTPUT_BLOCK_FILTER_TEMP from here...
* common/iobuf.h: ... to here and rename to IOBUF_INPUT, IOBUF_OUTPUT
and IOBUF_TEMP, respectively.  Where appropriate, use these macros
instead of a literal.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agogpg: Avoid linking to Libksba
Werner Koch [Mon, 17 Aug 2015 14:13:25 +0000 (16:13 +0200)]
gpg: Avoid linking to Libksba

* kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
* sm/Makefile.am (AM_CPPFLAGS): Define it here.
(common_libs): Change to libkeybox509.a
* g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
(gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
* kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
(libkeybox509_a_SOURCES): New.
(libkeybox_a_CFLAGS): New.
(libkeybox509_a_CFLAGS): New.
(kbxutil_CFLAGS): New.
* kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
as unused.
--

There is no real need to link to Libksba in gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoFix pinentry loopback and passphrase contraints.
Ben Kibbey [Sun, 16 Aug 2015 17:46:59 +0000 (13:46 -0400)]
Fix pinentry loopback and passphrase contraints.

* agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
pinentry loopback mode.
* agent/genkey.c (check_passphrase_constraints): Immediately return when
pinentry mode is loopback.

--
Fixes endless loop when inquiring a passphrase with
pinentry-mode=loopback that may not satisfy passphrase contraints.

4 years agoFix sending INQUIRE_MAXLEN for symmetric data.
Ben Kibbey [Sun, 16 Aug 2015 16:23:21 +0000 (12:23 -0400)]
Fix sending INQUIRE_MAXLEN for symmetric data.

* g10/passphrase.c (passphrase_to_dek_ext): Write the status message.

4 years agoInform a user about inquire length limit.
Ben Kibbey [Fri, 17 Apr 2015 01:00:30 +0000 (21:00 -0400)]
Inform a user about inquire length limit.

* common/status.h (INQUIRE_MAXLEN): New.
* g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
client when inquiring a passphrase over pinentry-loopback.

--
This is to inform a user about the maximum length of a passphrase. The
limit is the same that gpg-agent uses.

4 years agoAllow --gen-key to inquire a passphrase.
Ben Kibbey [Tue, 14 Apr 2015 22:48:57 +0000 (18:48 -0400)]
Allow --gen-key to inquire a passphrase.

* g10/gpg.c (main): test for --command-fd during --gen-key parse.

When --command-fd is set then imply --batch to let gpg inquire a
passphrase rather than requiring a pinentry.

4 years agoPost release updates.
Werner Koch [Tue, 11 Aug 2015 14:13:39 +0000 (16:13 +0200)]
Post release updates.

--

4 years agoRelease 2.1.7 gnupg-2.1.7
Werner Koch [Tue, 11 Aug 2015 11:54:29 +0000 (13:54 +0200)]
Release 2.1.7

4 years agopo: Auto update.
Werner Koch [Tue, 11 Aug 2015 11:54:00 +0000 (13:54 +0200)]
po: Auto update.

--

4 years agopo: Update German translation
Werner Koch [Tue, 11 Aug 2015 11:53:00 +0000 (13:53 +0200)]
po: Update German translation

--

4 years agodoc: Improve documentation of VALIDSIG
Daniel Kahn Gillmor [Tue, 11 Aug 2015 04:01:26 +0000 (00:01 -0400)]
doc: Improve documentation of VALIDSIG

--

4 years agoagent: fix ECC key handling.
NIIBE Yutaka [Mon, 10 Aug 2015 10:13:13 +0000 (19:13 +0900)]
agent: fix ECC key handling.

* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): CURVE is the name of curve.

4 years agocommon/iobuf.c: Replace use of literals with symbolic constants.
Neal H. Walfield [Sat, 8 Aug 2015 11:09:00 +0000 (13:09 +0200)]
common/iobuf.c: Replace use of literals with symbolic constants.

* common/iobuf.c (BLOCK_FILTER_INPUT): Define.  Where appropriate, use
this instead of a literal.
(BLOCK_FILTER_OUTPUT): Likewise.
(BLOCK_FILTER_TEMP): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agogpg: Allow gpgv to work with a trustedkeys.kbx file.
Werner Koch [Fri, 7 Aug 2015 13:53:56 +0000 (15:53 +0200)]
gpg: Allow gpgv to work with a trustedkeys.kbx file.

* g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
* g10/keydb.c (keydb_add_resource): Take care of new flag.
* g10/gpgv.c (main): Use new flag.
--

GnuPG-bug-id: 2025
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add option --force to the DELETE_KEY command.
Werner Koch [Fri, 7 Aug 2015 10:55:29 +0000 (12:55 +0200)]
agent: Add option --force to the DELETE_KEY command.

* agent/findkey.c (agent_delete_key): Add arg "force".
* agent/command.c (cmd_delete_key): Add option --force.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Change alias for Curve25519 to "cv25519".
Werner Koch [Fri, 7 Aug 2015 07:37:49 +0000 (09:37 +0200)]
common: Change alias for Curve25519 to "cv25519".

* common/openpgp-oid.c (oidtable): Change alias.
--

This is a cosmetic change so that common and expected common
algorithms line up nicely in a keylisting.  For example:

  pub   ed25519/C68CE6D1ED0319C8 2015-08-06
  uid                 [ultimate] Curve25519 Test 150806.1
  sub   cv25519/49238B9F0712C9BF 2015-08-06
  sub   rsa2048/8AEAF74014699D2C 2015-08-06
  sub   cv25519/8EC3776830B08736 2015-08-06

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Remove duplicated printing of the curve name in "sub" lines.
Werner Koch [Thu, 6 Aug 2015 16:12:31 +0000 (18:12 +0200)]
gpg: Remove duplicated printing of the curve name in "sub" lines.

* g10/keylist.c (list_keyblock_print): Do not print extra curve name.
--

This was cruft from the time before we changed to the new algo/size
string.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Add commands "fpr *" and "grip" to --edit-key.
Werner Koch [Thu, 6 Aug 2015 16:00:12 +0000 (18:00 +0200)]
gpg: Add commands "fpr *" and "grip" to --edit-key.

* g10/keyedit.c (cmdGRIP): New.
(cmds): Add command "grip".
(keyedit_menu) <cmdFPR>: Print subkeys with argument "*".
(keyedit_menu) <cmdGRIP>: Print keygrip.
(show_key_and_fingerprint): Add arg "with_subkeys".
(show_key_and_grip): New.
* g10/keylist.c (print_fingerprint): Add mode 4.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Adjust UID line indentation for common key algos.
Werner Koch [Thu, 6 Aug 2015 15:09:27 +0000 (17:09 +0200)]
gpg: Adjust UID line indentation for common key algos.

* g10/keylist.c (list_keyblock_print): Change UID line indentation
* g10/mainproc.c (list_node): Ditto.
--

Due to the new keyalgo/size format the UID was not anymore printed
properly aligned to the creation date.  Although we can't do that in
any case, this change does it for common algos like "rsa2048",
"dsa2048", and "ed25519".

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoCurve25519 support.
NIIBE Yutaka [Thu, 6 Aug 2015 08:00:41 +0000 (17:00 +0900)]
Curve25519 support.

* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.

4 years agocommon: extend API of openpgp_oid_to_curve for canonical name.
NIIBE Yutaka [Thu, 6 Aug 2015 07:44:03 +0000 (16:44 +0900)]
common: extend API of openpgp_oid_to_curve for canonical name.

* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.

--

Change the function so that caller can select canonical name of curve
or name for printing.  Suggested by wk.

4 years agoscd: Fix ecc_oid.
NIIBE Yutaka [Tue, 4 Aug 2015 23:17:46 +0000 (08:17 +0900)]
scd: Fix ecc_oid.

* scd/app-openpgp.c (ecc_oid): Call with OIDBUF.

4 years agoscd: Fix ECC support.
NIIBE Yutaka [Tue, 4 Aug 2015 22:59:50 +0000 (07:59 +0900)]
scd: Fix ECC support.

* scd/app-openpgp.c (send_key_attr): Send KEYNO.
(get_public_key): Fix SEXP composing.
(ecc_writekey): Fix OID length calculation.
(ecc_oid): Prepend the length before query.
(parse_algorithm_attribute): Handle the case the curve is not available.