gnupg.git
2 years agogpgscm: Fix detection of unbalanced parenthesis.
Justus Winter [Tue, 6 Sep 2016 14:35:40 +0000 (16:35 +0200)]
gpgscm: Fix detection of unbalanced parenthesis.

* tests/gpgscm/main.c (load): Print error message.
* tests/gpgscm/scheme.c (opexe_0): Correctly report nesting level when
loading files.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Fix test.
Justus Winter [Tue, 6 Sep 2016 14:45:56 +0000 (16:45 +0200)]
tests: Fix test.

* tests/openpgp/multisig.scm: Add missing parenthesis.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent: Terminate on deletion of the socket file (Linux only).
Werner Koch [Tue, 6 Sep 2016 08:53:45 +0000 (10:53 +0200)]
agent: Terminate on deletion of the socket file (Linux only).

* configure.ac (AC_CHECK_FUNCS): Chec for inotify_init.
* agent/gpg-agent.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
(handle_connections) [HAVE_INOTIFY_INIT]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Speed up the test suite.
Justus Winter [Mon, 5 Sep 2016 15:17:24 +0000 (17:17 +0200)]
tests: Speed up the test suite.

* tests/openpgp/run-tests.scm (test::run-sync): Pass additional
arguments to the test.
(test::run-sync-quiet): Likewise.
(test::run-async): Likewise.
(run-tests-{parallel,sequential}-isolated): Create a tarball of the
gnupghome, then extract it for each test.
* tests/openpgp/setup.scm: Refactor into functions, add an interface
to tar-up the created environment, and untar it multiple times.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Restore a simpler variant of 'gnupg_wait_process'.
Justus Winter [Mon, 5 Sep 2016 13:34:44 +0000 (15:34 +0200)]
common: Restore a simpler variant of 'gnupg_wait_process'.

* common/exechelp-posix.c (gnupg_wait_process): Use the code prior to
5ba4f604.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Fix error handling.
Justus Winter [Mon, 5 Sep 2016 13:33:51 +0000 (15:33 +0200)]
common: Fix error handling.

* common/exechelp-posix.c (store_result): Use xtrymalloc.
(gnupg_wait_processes): Likewise, and check result.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: Don't add user attributes to the TOFU DB.
Neal H. Walfield [Mon, 5 Sep 2016 14:44:09 +0000 (16:44 +0200)]
g10: Don't add user attributes to the TOFU DB.

* g10/trustdb.c (tdb_get_validity_core): Skip user attributes.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agoagent: Silence --debug IPC output for connections from self.
Werner Koch [Mon, 5 Sep 2016 14:13:41 +0000 (16:13 +0200)]
agent: Silence --debug IPC output for connections from self.

* agent/command.c (server_local_s): Add fields 'greeting_seen' and
'connect_from_self'.
(io_monitor): Do not log connections from self.
(start_command_handler): Set flag 'connect_from_self'.
* agent/gpg-agent.c (check_own_socket_thread): Disable logging.
(do_start_connection_thread): Do not log conection start and
termination if IPC debugging is enabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Small improvement of the server's local state.
Werner Koch [Mon, 5 Sep 2016 12:43:42 +0000 (14:43 +0200)]
agent: Small improvement of the server's local state.

* agent/command.c (sserver_local_s): Change flags to use only one bit.
(option_handler): Make an atoi return 1 or 0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Refactor cross sig check code.
Neal H. Walfield [Fri, 2 Sep 2016 20:33:47 +0000 (22:33 +0200)]
g10: Refactor cross sig check code.

* g10/tofu.c (BINDING_NEW): New enum value.
(BINDING_CONFLICT): Likewise.
(BINDING_EXPIRED): Likewise.
(BINDING_REVOKED): Likewise.
(ask_about_binding): Move cross sig check from here...
(get_trust): ... and the conflict set building from here...
(build_conflict_set): ... to this new function.
(format_conflict_msg_part1): Replace parameter conflict with
conflict_set.  Drop parameter fingerprint.  Update callers.
(ask_about_binding): Drop unused parameter conflict and redundant
parameter bindings_with_this_email_count.  Rename parameter
bindings_with_this_email to conflict_set.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests: Update README.
Justus Winter [Mon, 5 Sep 2016 11:59:29 +0000 (13:59 +0200)]
tests: Update README.

* tests/openpgp/README: Update.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Pass flags to test driver.
Justus Winter [Mon, 5 Sep 2016 11:58:37 +0000 (13:58 +0200)]
tests: Pass flags to test driver.

* tests/openpgp/Makefile.am (xcheck): Pass flags to 'run-tests.scm'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Improve waiting for processes on POSIX.
Justus Winter [Mon, 5 Sep 2016 11:50:17 +0000 (13:50 +0200)]
common: Improve waiting for processes on POSIX.

* common/exechelp-posix.c (struct terminated_child): New definition.
(terminated_children): New variable.
(store_result): New function.
(get_result): Likewise.
(gnupg_wait_process): Store results that were not requested and
consider previously stored results.

waitpid(2) may return information about terminated children that we
did not yet request, and there is no portable way to wait for a
specific set of children.  As a workaround, we store the results of
children for later use.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Fix typo.
Justus Winter [Mon, 5 Sep 2016 09:22:10 +0000 (11:22 +0200)]
common: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodirmngr: Exclude D lines from the IPC debug output.
Werner Koch [Mon, 5 Sep 2016 10:50:35 +0000 (12:50 +0200)]
dirmngr: Exclude D lines from the IPC debug output.

* dirmngr/dirmngr.h: Include asshelp.h.
* dirmngr/server.c (server_local_s): Add inhibit_dara_logging fields.
(data_line_write): Implement logging inhibit.
(data_line_cookie_close): Print non-logged D lines.
(cmd_wkd_get, cmd_ks_get, cmd_ks_fetch): Do not log D lines.
(dirmngr_assuan_log_monitor): New.
* dirmngr/dirmngr.c (main): Register monitor function.
--

In particular with large keys the D lines clutter the log output and
make it unusable.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Add an assuan logging monitor.
Werner Koch [Mon, 5 Sep 2016 08:55:10 +0000 (10:55 +0200)]
common: Add an assuan logging monitor.

* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: New export filter drop-subkey.
Werner Koch [Mon, 5 Sep 2016 07:51:16 +0000 (09:51 +0200)]
gpg: New export filter drop-subkey.

* g10/import.c (impex_filter_getval): Add properties for key packets.
* g10/export.c (export_drop_subkey): New var.
(cleanup_export_globals): Release that var.
(parse_and_set_export_filter): Add filter "drop-subkey".
(apply_drop_subkey_filter): New.
(do_export_stream): Run that filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Add string operator gt,ge,le,lt to recsel.
Werner Koch [Mon, 5 Sep 2016 07:49:06 +0000 (09:49 +0200)]
common: Add string operator gt,ge,le,lt to recsel.

* common/recsel.c (recsel_parse_expr): Add them.
(recsel_dump): Print them.
(recsel_select): Evaluate them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Use a common filter_getval for import and export.
Werner Koch [Mon, 5 Sep 2016 06:31:25 +0000 (08:31 +0200)]
gpg: Use a common filter_getval for import and export.

* g10/import.c (filter_getval): Rename to ...
(impex_filter_getval): this.  Make global.
(apply_keep_uid_filter, apply_drop_sig_filter): Adjust.
* g10/export.c (filter_getval): Remove.
(apply_drop_sig_filter): Use impex_filter_getval.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoscd: Fix an action after card removal.
NIIBE Yutaka [Sat, 3 Sep 2016 06:27:30 +0000 (15:27 +0900)]
scd: Fix an action after card removal.

* scd/command.c (update_card_removed): Call apdu_close_reader here.

--

This is update of the commit 8fe81055762d9c9e6f03fb7853a985c94ef73ac3
It is better apdu_close_reader is called in update_card_removed.

The commit 1598a4476466822e7e9c757ac471089d3db4b545 introduced a
regression, it doesn't close the reader after removal of the card, while
the code before the commit call apdu_close_reader in do_reset.
So, this fix.

GnuPG-bug-id: 2449
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agopo: Fix line ending mismatch in Japanese translation.
Werner Koch [Fri, 2 Sep 2016 14:59:49 +0000 (16:59 +0200)]
po: Fix line ending mismatch in Japanese translation.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Add framework for policy flags.
Werner Koch [Fri, 2 Sep 2016 14:54:42 +0000 (16:54 +0200)]
wks: Add framework for policy flags.

* tools/call-dirmngr.c (wkd_get_policy_flags): New.
* tools/gpg-wks.h (struct policy_flags_s, policy_flags_t): New.
* tools/wks-util.c (wks_parse_policy): New.
* tools/gpg-wks-client.c (command_send): Get the policy flags to show
a new info line.
* tools/gpg-wks-server.c (get_policy_flags): New.
(process_new_key): get policy flag and add a stub for "auth-submit".
(command_list_domains): Check policy flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Add --policy-flags option to WKD_GET.
Werner Koch [Fri, 2 Sep 2016 14:52:17 +0000 (16:52 +0200)]
dirmngr: Add --policy-flags option to WKD_GET.

* dirmngr/server.c (cmd_wkd_get): Add new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Check read errors in name-value.c
Werner Koch [Fri, 2 Sep 2016 13:33:34 +0000 (15:33 +0200)]
common: Check read errors in name-value.c

* common/name-value.c: Check for read errors.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoscd: Release the card reader after card removal.
NIIBE Yutaka [Fri, 2 Sep 2016 05:45:26 +0000 (14:45 +0900)]
scd: Release the card reader after card removal.

* scd/command.c (update_reader_status_file): Call apdu_close_reader.

--

GnuPG-bug-id: 2651
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Clean up unused shutdown method.
NIIBE Yutaka [Fri, 2 Sep 2016 04:58:33 +0000 (13:58 +0900)]
scd: Clean up unused shutdown method.

* scd/apdu.c (shutdown_ccid_reader, apdu_shutdown_reader): Remove.
(reset_ccid_reader): Don't set shutdown_reader.
* scd/ccid-driver.c (ccid_shutdown_reader): Remove.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: invoke scdaemon with --homedir.
NIIBE Yutaka [Fri, 2 Sep 2016 04:41:19 +0000 (13:41 +0900)]
agent: invoke scdaemon with --homedir.

* agent/call-scd.c (start_scd): Supply --homedir option when it's not
default homedir.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agopo: Update Japanese translation.
NIIBE Yutaka [Fri, 2 Sep 2016 01:08:02 +0000 (10:08 +0900)]
po: Update Japanese translation.

2 years agog10: End transaction earlier.
Neal H. Walfield [Thu, 1 Sep 2016 21:31:53 +0000 (23:31 +0200)]
g10: End transaction earlier.

* g10/tofu.c (ask_about_binding): End the transaction earlier.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Don't consider cross-signed keys to be in conflict.
Neal H. Walfield [Thu, 1 Sep 2016 21:31:18 +0000 (23:31 +0200)]
g10: Don't consider cross-signed keys to be in conflict.

* g10/tofu.c (cross_sigs): New function.
(ask_about_binding): If apparently conflicting keys are cross signed,
then don't mark them as conflicting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
If two keys are cross signed, then the same person (probably)
controlled them both.  In this case, don't raise a TOFU conflict.
This usually occurs when someone transitions to a new key.  When that
person rotates to a third key, she will typically only cross sign it
with the second key.  As such, we check this transitively to avoid
declaring a conflict between the 1st and 3rd key.

2 years agogpg: Avoid homedir creation by --list-config
Werner Koch [Thu, 1 Sep 2016 17:22:48 +0000 (19:22 +0200)]
gpg: Avoid homedir creation by --list-config

* g10/gpg.c (main): Do not register a key for the list config
commands.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Simplify code to print VALIDSIG.
Werner Koch [Thu, 1 Sep 2016 14:34:08 +0000 (16:34 +0200)]
gpg: Simplify code to print VALIDSIG.

* g10/mainproc.c (check_sig_and_print): Use hexfingerprint and
write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Add new function write_status_printf.
Werner Koch [Thu, 1 Sep 2016 14:33:21 +0000 (16:33 +0200)]
gpg: Add new function write_status_printf.

* g10/cpr.c (write_status_printf): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Fix printing of pubkey algo in --verbose signature verify.
Werner Koch [Thu, 1 Sep 2016 14:00:06 +0000 (16:00 +0200)]
gpg: Fix printing of pubkey algo in --verbose signature verify.

* g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
change the semantics.  Also clear the other R_ args on function entry,
use gpg_error() and change retturn type to gpg_error_t.
* g10/mainproc.c (do_check_sig): Add arg R_PK.
(list_node): Pass NULL for new arg.
(check_sig_and_print): Rework to make use of the returned PK.
--

The output

gpg: textmode signature, digest algorithm SHA256, key algorithm rsa2048

showed the pubkey algo of the primary key which was surprising.
Changed to print the algo of the subkey used for verification.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Fix typo.
Neal H. Walfield [Thu, 1 Sep 2016 12:31:55 +0000 (14:31 +0200)]
g10: Fix typo.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: When asking about a TOFU binding conflict, default to unknown.
Neal H. Walfield [Thu, 1 Sep 2016 12:31:31 +0000 (14:31 +0200)]
g10: When asking about a TOFU binding conflict, default to unknown.

* g10/tofu.c (ask_about_binding): Default to unknown.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Add support for TRUST_NEVER.
Neal H. Walfield [Thu, 1 Sep 2016 11:29:56 +0000 (13:29 +0200)]
g10: Add support for TRUST_NEVER.

* g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
returned by the TOFU trust model.
(do_we_trust_pre): Print a different message if TRUSTLEVEL is
TRUST_NEVER.
(check_signatures_trust): Improve comment.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Improve text.
Neal H. Walfield [Thu, 1 Sep 2016 11:17:54 +0000 (13:17 +0200)]
g10: Improve text.

* g10/tofu.c (show_statistics): Improve the text (key and user id, not
just key).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Remove unused parameter.
Neal H. Walfield [Thu, 1 Sep 2016 11:17:06 +0000 (13:17 +0200)]
g10: Remove unused parameter.

* g10/tofu.c (show_statistics): Remove unused parameter sig_exclude.
Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agogpg: Copy the correct digest for use by TOFU.
Werner Koch [Thu, 1 Sep 2016 10:41:27 +0000 (12:41 +0200)]
gpg: Copy the correct digest for use by TOFU.

* g10/mainproc.c (do_check_sig): Use the current digest algo.
--

Note that the digest context may have several algos enabled, which is
is case if keys with different hash preferences signed the data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Be careful to not be in a transaction during long operations
Neal H. Walfield [Thu, 1 Sep 2016 10:42:44 +0000 (12:42 +0200)]
g10: Be careful to not be in a transaction during long operations

* g10/tofu.c (begin_transaction): New parameter only_batch.  If set,
only start a batch transaction if there is none and one has been
requested.  Update callers.
(tofu_suspend_batch_transaction): New function.
(tofu_resume_batch_transaction): Likewise.
(ask_about_binding): Take a ctrl_t, not a tofu_dbs_t.  Update
callers.  Gather statistics within a transaction.  Suspend any batch
transaction when getting user input.
(get_trust): Take a ctrl_t, not a tofu_dbs_t.  Update callers.
Enclose in a transaction.
(tofu_get_validity): Use a batch transaction, not a normal
transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests: Run test requiring the network only in maintainer-mode.
Werner Koch [Thu, 1 Sep 2016 09:18:10 +0000 (11:18 +0200)]
tests: Run test requiring the network only in maintainer-mode.

* dirmngr/Makefile.am (noinst_PROGRAMS, TESTS): Add module_net_tests.
(module_tests): Move t-dns-test to ...
(module_net_tests): here.
--

Debian-bug-id: 836259
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Send a final message to the user.
Werner Koch [Wed, 31 Aug 2016 16:54:09 +0000 (18:54 +0200)]
wks: Send a final message to the user.

* tools/gpg-wks-server.c (send_congratulation_message): New.
(check_and_publish): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Relax permission check for the top directory.
Werner Koch [Wed, 31 Aug 2016 14:39:55 +0000 (16:39 +0200)]
wks: Relax permission check for the top directory.

* tools/gpg-wks-server.c: Allow S_IXOTH for the top directory.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: On a TOFU conflict, show whether the uids are expired or revoked
Neal H. Walfield [Wed, 31 Aug 2016 15:52:50 +0000 (17:52 +0200)]
g10: On a TOFU conflict, show whether the uids are expired or revoked

* g10/tofu.c (struct signature_stats): Add fields is_expired and
is_revoked.
(signature_stats_prepend): Clear *stats when allocating it.
(ask_about_binding): Also show whether the user ids are expired or
revoked.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agodoc: Add a help text for tofu.conflict.
Neal H. Walfield [Wed, 31 Aug 2016 12:17:13 +0000 (14:17 +0200)]
doc: Add a help text for tofu.conflict.

* doc/help.txt (.gpg.tofu.conflict): New help text.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Always trust ultimately trusted keys.
Neal H. Walfield [Wed, 31 Aug 2016 11:53:36 +0000 (13:53 +0200)]
g10: Always trust ultimately trusted keys.

* g10/tofu.c (get_trust): Always return TRUST_ULTIMATE for ultimately
trusted keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Fix error detection.
Neal H. Walfield [Wed, 31 Aug 2016 10:11:58 +0000 (12:11 +0200)]
g10: Fix error detection.

* g10/tofu.c: first_seen == 0 is not an error.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 0f1f02ac
Regression-due-to: 45bb9a2a

2 years agog10: Update a key's TOFU policy in a transaction.
Neal H. Walfield [Wed, 31 Aug 2016 09:40:33 +0000 (11:40 +0200)]
g10: Update a key's TOFU policy in a transaction.

* g10/tofu.c (tofu_set_policy): Do the update in a transaction.
* g10/gpg.c (main): Do a TOFU policy update in a batch transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Fix the show old policy functionality when changing a TOFU policy.
Neal H. Walfield [Wed, 31 Aug 2016 09:39:35 +0000 (11:39 +0200)]
g10: Fix the show old policy functionality when changing a TOFU policy.

* g10/tofu.c (record_binding): Fix the show old policy functionality.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Drop unused argument.
Neal H. Walfield [Wed, 31 Aug 2016 08:58:18 +0000 (10:58 +0200)]
g10: Drop unused argument.

* g10/tofu.c (begin_transaction): Remove unused option only_batch.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agogpg: Move state local to tofu.c to a private structure.
Neal H. Walfield [Wed, 31 Aug 2016 08:47:05 +0000 (10:47 +0200)]
gpg: Move state local to tofu.c to a private structure.

* g10/gpg.h (struct server_control_s.tofu): Move fields in_transaction
and batch_update_started from here...
* g10/tofu.c (struct tofu_dbs_s): ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agogpg: Avoid name spaces clash with future sqlite versions (2).
Neal H. Walfield [Wed, 31 Aug 2016 08:12:53 +0000 (10:12 +0200)]
gpg: Avoid name spaces clash with future sqlite versions (2).

* g10/gpgsql.h (gpgsql_arg_type): Rename SQLITE_ARG_END to
GPGSQL_ARG_END, SQLITE_ARG_INT to GPGSQL_ARG_INT, SQLITE_ARG_LONG_LONG
to GPGSQL_ARG_LONG_LONG, SQLITE_ARG_STRING to GPGSQL_ARG_STRING, and
SQLITE_ARG_BLOB to GPGSQL_ARG_BLOB.

--
This commit completes the work started in b1ba460.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agogpg: Fix regression in gpgv's printing of the keyid.
Werner Koch [Wed, 31 Aug 2016 06:37:51 +0000 (08:37 +0200)]
gpg: Fix regression in gpgv's printing of the keyid.

* g10/keyid.c (keystr): Take care of KF_NONE != KF_DEFAULT.
--

Debian-bug-id: 836144
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Improve TOFU batch update code.
Neal H. Walfield [Tue, 30 Aug 2016 13:37:45 +0000 (15:37 +0200)]
g10: Improve TOFU batch update code.

* g10/gpg.h (tofu): Rename field batch_update_ref to
batch_updated_wanted.
* g10/tofu.c (struct tofu_dbs_s): Rename field batch_update to
in_batch_transaction.
(begin_transaction): Only end an extant batch transaction if we are
not in a normal transaction.  When ending a batch transaction, really
end it.  Update ctrl->tofu.batch_update_started when starting a batch
transaction.
(end_transaction): Only release a batch transaction if ONLY_BATCH is
true.  When releasing a batch transaction, assert that there is no
open normal transaction.  Only allow DBS to be NULL if ONLY_BATCH is
true.
(tofu_begin_batch_update): Don't update
ctrl->tofu.batch_update_started.
(opendbs): Call end_transaction unconditionally.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Improve TOFU debugging output and some comments.
Neal H. Walfield [Tue, 30 Aug 2016 10:33:23 +0000 (12:33 +0200)]
g10: Improve TOFU debugging output and some comments.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.
Neal H. Walfield [Tue, 30 Aug 2016 10:36:55 +0000 (12:36 +0200)]
g10: If a key has no valid user ids, change TOFU to return TRUST_NEVER.

* g10/tofu.c (tofu_get_validity): If a key has no valid (non-expired)
user ids, change TOFU to return TRUST_NEVER.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Change tofu_register & tofu_get_validity to process multiple uids.
Neal H. Walfield [Mon, 29 Aug 2016 14:16:44 +0000 (16:16 +0200)]
g10: Change tofu_register & tofu_get_validity to process multiple uids.

* g10/tofu.c (tofu_register): Take a list of user ids, not a single
user id.  Only register the bindings, don't compute the trust.  Thus,
change return type to an int and remove the may_ask parameter.  Update
callers.
(tofu_get_validity): Take a list of user ids, not a single user id.
Update callers.  Observe signatures made by expired user ids, but
don't include them in the trust calculation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Support nested transactions on the TOFU DB.
Neal H. Walfield [Mon, 29 Aug 2016 13:13:45 +0000 (15:13 +0200)]
g10: Support nested transactions on the TOFU DB.

* g10/gpg.h (struct server_control_s): New field in_transaction.
* g10/tofu.c (struct tofu_dbs_s): Remove fields savepoint_inner and
savepoint_inner_commit.
(begin_transaction): Increment CTRL->TOFU.IN_TRANSACTION.  Name the
savepoint according to the nesting level.
(end_transaction): Name the savepoint according to the nesting level.
Decrement CTRL->TOFU.IN_TRANSACTION.
(rollback_transaction): Likewise.  Only ever rollback a non-batch
transaction.
(opendbs): Assert that there are no outstanding transactions.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Print the info text in more situations.
Neal H. Walfield [Tue, 30 Aug 2016 09:29:52 +0000 (11:29 +0200)]
g10: Print the info text in more situations.

* g10/tofu.c (ask_about_binding): Print the info text when the policy
is ask and there are multiple bindings with the email address.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Print the formatted text.
Neal H. Walfield [Tue, 30 Aug 2016 09:28:17 +0000 (11:28 +0200)]
g10: Print the formatted text.

* g10/tofu.c (ask_about_binding): Print the formatted text, not the
unformatted text.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: When showing a user id's trust, pass the current signature.
Neal H. Walfield [Mon, 29 Aug 2016 12:05:16 +0000 (14:05 +0200)]
g10: When showing a user id's trust, pass the current signature.

* g10/mainproc.c (check_sig_and_print): Consistently pass SIG to
get_validity.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agow32: Fix build regression due to 2aa0701.
Werner Koch [Mon, 29 Aug 2016 18:05:02 +0000 (20:05 +0200)]
w32: Fix build regression due to 2aa0701.

* common/logging.c (fun_writer): Always declare 'name_for_err'.
--

Regression-due-to: 2aa0701013f703ad93e17da3345c493c08aa04ee
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpgconf: Print the plain socket directory with --list-dirs.
Werner Koch [Mon, 29 Aug 2016 09:53:06 +0000 (11:53 +0200)]
gpgconf: Print the plain socket directory with --list-dirs.

* tools/gpgconf.c (list_dirs): Add plain socketdir out.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Add a default socket name feature.
Werner Koch [Mon, 29 Aug 2016 09:45:47 +0000 (11:45 +0200)]
common: Add a default socket name feature.

* common/logging.c (log_set_socket_dir_cb): New.
(socket_dir_cb): New.
(set_file_fd): Allow "socket://".
(fun_writer): Implement default socket name.
* common/init.c (_init_common_subsystems): Register default socket.
--

This change allows the use of

log-file socket://

in any configuration file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Make decryption of -R work w/o --try-secret-key or --default-key.
Werner Koch [Mon, 29 Aug 2016 05:55:06 +0000 (07:55 +0200)]
gpg: Make decryption of -R work w/o --try-secret-key or --default-key.

* g10/getkey.c (enum_secret_keys): At state 3 enumerate the keys in all
cases not just when --try-all-secrets is used.
--

Regression-due-to: 82b90eee100cf1c9680517059b2d35e295dd992a
Reported-by: Carola Grunwald
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Fix false negatives in Ed25519 signature verification.
Werner Koch [Thu, 25 Aug 2016 13:18:51 +0000 (15:18 +0200)]
gpg: Fix false negatives in Ed25519 signature verification.

* g10/pkglue.c (pk_verify): Fix Ed25519 signatrue values.
* tests/openpgp/verify.scm (msg_ed25519_rshort): New
(msg_ed25519_sshort): New.
("Checking that a valid Ed25519 signature is verified as such"): New.
--

About one out of 256 signature won't verify due to stripped zero
bytes.  See the source comment for details.

Reported-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Rename an odd named function.
Werner Koch [Thu, 25 Aug 2016 13:16:32 +0000 (15:16 +0200)]
common: Rename an odd named function.

* common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519.
(openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519.  Change
callers.

--

We use "cv25519" everywhere else and thus the test function should not
have a surprising name.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: New option --with-tofu-info.
Werner Koch [Thu, 25 Aug 2016 07:26:36 +0000 (09:26 +0200)]
gpg: New option --with-tofu-info.

* g10/gpg.c (oWithTofuInfo): New.
(opts): Add --with-tofu-info.
(main): Set opt.with_tofu_info.
* g10/options.h (struct opt): Add field WITH_TOFU_INFO.
* g10/tofu.c (show_statistics): Add optional arg OUTFP and enter
special mode if not NULL.  Change all callers.
(tofu_write_tfs_record): New.
* g10/keylist.c (list_keyblock_colon): Do not print the tofu policy as
part of the "uid" record.  Print a new "tfs" record if the new option
is set.
* tests/openpgp/tofu.scm (getpolicy): Change from UID to TFS record.
--

A separate option is required to avoid slowing down key listings.
Foer example the current code takes for a keylisting in tofu+pgp mode
17 seconds while it takes more than 5 minutes if the option is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Change TOFU_STATS to return timestamps.
Werner Koch [Wed, 24 Aug 2016 17:56:14 +0000 (19:56 +0200)]
gpg: Change TOFU_STATS to return timestamps.

* g10/tofu.c (write_stats_status): Add arg FP to print a colon
formated line.  Adjust for changed TOFU_STATS interface.
(show_statistics): Let the query return timestamps and use
gnupg_get-time to compute the "time ago" values.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Guarantee that gnupg_get_time does not return an error.
Werner Koch [Wed, 24 Aug 2016 16:37:55 +0000 (18:37 +0200)]
common: Guarantee that gnupg_get_time does not return an error.

* common/gettime.c (gnupg_get_time): Abor if time() failed.
(gnupg_get_isotime): Remove now useless check.
(make_timestamp): Remove check becuase we already checked this modulo
the faked time thing.
--

In reality a call foo = time (NULL) can never fail because the only
defined error is EFAULT, but we don't provide a buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Add command --supported to gpg-wks-client.
Werner Koch [Wed, 24 Aug 2016 13:48:21 +0000 (15:48 +0200)]
wks: Add command --supported to gpg-wks-client.

* tools/gpg-wks-client.c (aSupported): New.
(opts): Add --supported.
(parse_arguments): Ditto.
(main): Call command_supported.
(command_supported): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Some additional source comments
Werner Koch [Wed, 24 Aug 2016 13:31:44 +0000 (15:31 +0200)]
doc: Some additional source comments

--

2 years agocommon: Change license of mbox-util to LGPLv2.1+.
Werner Koch [Mon, 22 Aug 2016 18:44:23 +0000 (20:44 +0200)]
common: Change license of mbox-util to LGPLv2.1+.

--

Noet that the code has entirely been written by me.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Install gpg-wks-client under libexec
Werner Koch [Mon, 22 Aug 2016 15:05:00 +0000 (17:05 +0200)]
wks: Install gpg-wks-client under libexec

* tools/Makefile.am (bin_PROGRAMS): Move gpg-wks-client to ...
(libexec_PROGRAMS): ...here.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Remove unused vars in simple-pwquery.
Werner Koch [Mon, 22 Aug 2016 09:09:42 +0000 (11:09 +0200)]
common: Remove unused vars in simple-pwquery.

* common/simple-pwquery.c (agent_send_option): Remove unused vars.
(simple_query): Ditto.
(agent_open): Ditto.  Return RC on error.
(simple_pwquery): Remove unused vars.  Remove shadowing of 'p'.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoPost release updates.
Werner Koch [Thu, 18 Aug 2016 16:23:28 +0000 (18:23 +0200)]
Post release updates.

--

2 years agoRelease 2.1.15 gnupg-2.1.15
Werner Koch [Thu, 18 Aug 2016 15:14:48 +0000 (17:14 +0200)]
Release 2.1.15

2 years agoUpdate NEWS.
Werner Koch [Thu, 18 Aug 2016 14:58:19 +0000 (16:58 +0200)]
Update NEWS.

--

2 years agopo: Auto update
Werner Koch [Thu, 18 Aug 2016 14:57:40 +0000 (16:57 +0200)]
po: Auto update

--

2 years agopo: Add init.c to POTFILES.in
Werner Koch [Thu, 18 Aug 2016 14:56:41 +0000 (16:56 +0200)]
po: Add init.c to POTFILES.in

--

2 years agopo: Update German translation
Werner Koch [Thu, 18 Aug 2016 14:52:58 +0000 (16:52 +0200)]
po: Update German translation

2 years agopo: Update Norwegian translation.
Åka Sikrom [Thu, 18 Aug 2016 14:40:59 +0000 (16:40 +0200)]
po: Update Norwegian translation.

2 years agopo: Update Russian translation
Ineiev [Thu, 18 Aug 2016 14:36:34 +0000 (16:36 +0200)]
po: Update Russian translation

2 years agogpg: Add import filter "drop-sig".
Werner Koch [Thu, 18 Aug 2016 14:15:49 +0000 (16:15 +0200)]
gpg: Add import filter "drop-sig".

* g10/import.c (import_drop_sig): New variable.
(cleanup_import_globals): Release that.
(parse_and_set_import_filter): Add filter "drop-sig".
(filter_getval): Implement properties for drop-sig.
(apply_drop_sig_filter): New.
(import_one): Apply that filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Add comments on how to parse --list-colons output.
Werner Koch [Thu, 18 Aug 2016 10:41:55 +0000 (12:41 +0200)]
doc: Add comments on how to parse --list-colons output.

--

GnuPG-bug-id: 2437

2 years agodirmngr: Remove all system daemon features.
Werner Koch [Thu, 18 Aug 2016 09:23:40 +0000 (11:23 +0200)]
dirmngr: Remove all system daemon features.

* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this.  Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature.  Remove system dameon
feature.  Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--

We are now starting dirmngr as needed as a user daemon.  The
deprecated system daemon mode does not anymore make sense.  In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: New option --sender
Werner Koch [Thu, 18 Aug 2016 08:08:34 +0000 (10:08 +0200)]
gpg: New option --sender

* g10/options.h (struct opt): Add field 'sender_list'.
* g10/gpg.c: Include mbox-util.h.
(oSender): New.
(opts): Add option "--sender".
(main): Parse option.
--

This option will eventually be used for more advanced purposes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Allow import of overly large keys.
Werner Koch [Tue, 16 Aug 2016 17:06:28 +0000 (19:06 +0200)]
agent: Allow import of overly large keys.

* agent/command.c (MAXLEN_KEYDATA): Double the size.
--

Debian-bug-id: 834447
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog13: Allow the use of a g13tab label for --mount.
Werner Koch [Sun, 14 Aug 2016 18:23:12 +0000 (20:23 +0200)]
g13: Allow the use of a g13tab label for --mount.

* g13/mount.c (g13_mount_container): Do not run the first access check
if syshelp is required.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog13: Implement --umount for dm-crypt.
Werner Koch [Sun, 14 Aug 2016 18:17:51 +0000 (20:17 +0200)]
g13: Implement --umount for dm-crypt.

* g13/g13.c (main): Implement command --umount.
* g13/mount.c (g13_umount_container): use the syshelper if needed.
* g13/backend.c (be_umount_container): New.
* g13/be-dmcrypt.c (be_dmcrypt_umount_container): New.
* g13/call-syshelp.c (call_syshelp_run_umount): New.
* g13/sh-cmd.c (cmd_umount): New.
(register_commands): Register UMOUNT.
* g13/sh-dmcrypt.c (sh_dmcrypt_umount_container): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog13: Fix double free bug.
Werner Koch [Sat, 13 Aug 2016 17:42:18 +0000 (19:42 +0200)]
g13: Fix double free bug.

* g13/sh-cmd.c (cmd_mount, cmd_resume): Do not xfree TIUPLES.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog13: Consider g13tab for a mount command.
Werner Koch [Sat, 13 Aug 2016 17:27:28 +0000 (19:27 +0200)]
g13: Consider g13tab for a mount command.

* g13/sh-cmd.c (cmd_getkeyblob): New.
(register_commands): Register it.
* g13/call-syshelp.c (getkeyblob_data_cb): New.
(call_syshelp_get_keyblob): New.
* g13/mount.c: Include callsyshelp.h.
(g13_mount_container): Ask syshelp whether the filename is managed by
g13tab.  Call syshelp to get the encrypted keyblob in this case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog13: Move some function around.
Werner Koch [Sat, 13 Aug 2016 15:39:28 +0000 (17:39 +0200)]
g13: Move some function around.

* g13/keyblob.c (g13_keyblob_decrypt): Move to ...
* g13/server.c: to here.
* g13/suspend.c, g13/mount.c: Include server.h.
* g13/Makefile.am (g13_syshelp_SOURCES): Add keyblob.c
--

This is done to be able to use keyblob read code in syshelp w/o
requiring linking to call-gpg.c

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog13: New command --find-device.
Werner Koch [Sat, 13 Aug 2016 10:49:54 +0000 (12:49 +0200)]
g13: New command --find-device.

* common/status.h (STATUS_BLOCKDEV: New.
* g13/call-syshelp.c: Include "call-syshelp.h".
(finddevice_status_cb, call_syshelp_find_device): New.
* g13/g13.c (aFindDevice): New.
(opts): Add "--find-device".
(main): Implement --find-device.
* g13/sh-cmd.c (cmd_finddevice): New.
(register_commands): Register new command.
--

This might be useful for scripting.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoAvoid leading ": " in the log output when there are no prefixes.
Daniel Kahn Gillmor [Fri, 12 Aug 2016 05:37:58 +0000 (01:37 -0400)]
Avoid leading ": " in the log output when there are no prefixes.

* common/logging.c (do_logv): When no prefixes have been requested,
omit the ": " separator, since there is nothing on the left-hand
side of it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoCall log_set_prefix() with human-readable labels.
Daniel Kahn Gillmor [Fri, 12 Aug 2016 05:37:57 +0000 (01:37 -0400)]
Call log_set_prefix() with human-readable labels.

* agent/preset-passphrase.c, agent/protect-tool.c, dirmngr/dirmngr.c
* dirmngr/t-http.c, g10/gpg.c, g10/gpgv.c, g13/g13-syshelp.c
* g13/g13.c, kbx/kbxutil.c, scd/scdaemon.c, sm/gpgsm.c
* tests/gpgscm/main.c, tools/gpg-check-pattern.c
* tools/gpg-connect-agent.c, tools/gpgconf.c, tools/gpgtar.c
* tools/symcryptrun.c: Invoke log_set_prefix() with
human-readable labels.

--

Some invocations of log_set_prefix() were done with raw numeric values
instead of values that humans can understand.  Use symbolic
representations instead of numeric for better readability.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agogpg: New option --input-size-hint.
Werner Koch [Thu, 11 Aug 2016 19:31:12 +0000 (21:31 +0200)]
gpg: New option --input-size-hint.

* g10/options.h: Include stdint.h.
(struct opt): Add field 'input_size_hint'.
* g10/gpg.c (oInputSizeHint): New.
(opts): Add --input-size-hint.
(main): Set opt.input_size_hint.
* g10/progress.c (write_status_progress): Use the hint.
--

This is a prerequisite to fix
GnuPG-bug-id: 2368

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: New function string_to_u64.
Werner Koch [Thu, 11 Aug 2016 18:46:51 +0000 (20:46 +0200)]
common: New function string_to_u64.

* common/stringhelp.c (string_to_u64): New.
* dirmngr/http.c (longcounter_t): Remove.
(struct cookie_s): Change content_length to uint64_t.
(parse_response): Use string_to_u64.
--

Meanwhile we allow some C99 features including stdint.h.  Thus we can
simplify things now.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Remove compatibility code.
Justus Winter [Thu, 11 Aug 2016 11:03:16 +0000 (13:03 +0200)]
common: Remove compatibility code.

* common/Makefile.am: Drop deleted files.
* common/w32-afunix.c: Delete file.
* common/w32-afunix.h: Likewise.

GnuPG-bug-id: 2408
Signed-off-by: Justus Winter <justus@g10code.com>