gnupg.git
21 months agogpg: New option --key-origin.
Werner Koch [Thu, 13 Jul 2017 15:28:32 +0000 (17:28 +0200)]
gpg: New option --key-origin.

* g10/keydb.h (KEYORG_): Rename to KEYORG_.
* g10/packet.h (PKT_user_id): Rename field keysrc to keyorg.  Adjust
users.
(PKT_public_key): Ditto.
(PKT_ring_trust): Ditto.
* g10/options.h (struct opt): Add field key_origin.
* g10/getkey.c (parse_key_origin): New.
* g10/gpg.c (oKeyOrigin): New.
(opts): Add "keys-origin".
(main): Set option.

Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agodoc: Document gnupg version requirement for gpg-preset-passphrase.
Marcus Brinkmann [Thu, 13 Jul 2017 15:12:42 +0000 (17:12 +0200)]
doc: Document gnupg version requirement for gpg-preset-passphrase.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2331

21 months agogpgscm: Make loading of modules less verbose.
Justus Winter [Thu, 13 Jul 2017 14:29:25 +0000 (16:29 +0200)]
gpgscm: Make loading of modules less verbose.

* tests/gpgscm/main.c (load): Increase logging threshold.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpgscm: Make it impossible to catch '*interpreter-exit*'.
Justus Winter [Tue, 11 Jul 2017 14:07:39 +0000 (16:07 +0200)]
gpgscm: Make it impossible to catch '*interpreter-exit*'.

* tests/gpgscm/init.scm (throw'): Make it impossible to catch
'*interpreter-exit*'.  This fixes 'exit' (and with it 'fail') inside
'catch' statements.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agodirmngr: Fix license note in server.c
Werner Koch [Wed, 12 Jul 2017 10:37:16 +0000 (12:37 +0200)]
dirmngr: Fix license note in server.c

--

This double license note was accidentally added while only wanting to
add another copyright line.

Fixes-commit: 3419a339d9c4e800bf30e9021e05982d8c1021c1
Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agotofu: Compare squares instead of square roots.
Marcus Brinkmann [Thu, 6 Jul 2017 11:52:24 +0000 (13:52 +0200)]
tofu: Compare squares instead of square roots.

* g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and
sqrtu32.c.
* g10/sqrtu32.h, g10/sqrtu32.c: Removed files.
* g10/tofu.c: Compare squares instead of square roots.
--
The original code is a factor 11.5 slower than using libm's sqrt(),
which in turn is a factor 3.5 slower than using one multiplication
on the other side of the comparison.  Also, it's much simpler now.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
21 months agospeedo: Provide a vagrantfile to test speedo in an isolated VM.
Marcus Brinkmann [Mon, 10 Jul 2017 12:25:59 +0000 (14:25 +0200)]
speedo: Provide a vagrantfile to test speedo in an isolated VM.

* build-aux/Vagrantfile: New file.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
21 months agodoc: Improve TOFU documentation.
Neal H. Walfield [Thu, 6 Jul 2017 19:15:45 +0000 (21:15 +0200)]
doc: Improve TOFU documentation.

* doc/gpg.texi: Improve TOFU documentation.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Teemu Likonen <tlikonen@iki.fi>
21 months agodoc: Fix typo.
Justus Winter [Thu, 6 Jul 2017 10:56:06 +0000 (12:56 +0200)]
doc: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
21 months agodoc: minor clarification
Daniel Shahaf [Wed, 5 Jul 2017 20:55:53 +0000 (16:55 -0400)]
doc: minor clarification

---
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
21 months agoagent: Use MAX_PASSPHRASE_LEN (255) also for the loopback.
Werner Koch [Wed, 5 Jul 2017 09:54:45 +0000 (11:54 +0200)]
agent: Use MAX_PASSPHRASE_LEN (255) also for the loopback.

* agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
* agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
--

Note that in genkey() max_length is set to MAX_PASSPHRASE_LEN + 1
because in agent_askpin() decrements that value before conveying it to
the loopback.

GnuPG-bug-id: 3254
Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agodoc: Update yat2m to take care of SOURCE_DATE_EPOCH.
Werner Koch [Wed, 5 Jul 2017 07:14:38 +0000 (09:14 +0200)]
doc: Update yat2m to take care of SOURCE_DATE_EPOCH.

* doc/yat2m.c (main): Set a default for OPT_DATE.

Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agodoc: Prefer an installed version of yat2m
Werner Koch [Wed, 5 Jul 2017 08:49:13 +0000 (10:49 +0200)]
doc: Prefer an installed version of yat2m

* configure.ac (YAT2M): Check for tool.
* doc/Makefile.am (yat2m-stamp): Use installed tool if possible.
--

21 months agodoc: Document obsolete option in gpgsm. Closes T2231.
Marcus Brinkmann [Sat, 1 Jul 2017 12:28:08 +0000 (14:28 +0200)]
doc: Document obsolete option in gpgsm.  Closes T2231.

* doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2231

21 months agoagent: Fix option --debug-wait
Werner Koch [Wed, 28 Jun 2017 06:44:27 +0000 (08:44 +0200)]
agent: Fix option --debug-wait

* agent/gpg-agent.c (opts): Typo fix.
--

Regression-due-to: ccee34736b57a42ec4bdcb0d3181bdc6a08b0fff
GnuPG-bug-id: 3225
Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agoagent: Support unprotected ssh keys.
Justus Winter [Mon, 26 Jun 2017 12:54:39 +0000 (14:54 +0200)]
agent: Support unprotected ssh keys.

* agent/command-ssh.c (ssh_key_to_protected_buffer): If the empty
passphrase is supplied, do not protect the key.

GnuPG-bug-id: 2856
Signed-off-by: Justus Winter <justus@g10code.com>
21 months agotests: Improve test.
Justus Winter [Mon, 26 Jun 2017 10:51:28 +0000 (12:51 +0200)]
tests: Improve test.

* tests/openpgp/ssh-export.scm: Split output at any whitespace.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agoagent: Shutdown on removal of the home directory.
Werner Koch [Fri, 23 Jun 2017 11:20:42 +0000 (13:20 +0200)]
agent: Shutdown on removal of the home directory.

* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--

GnuPG-bug-id: 3218

Note that we should add this also to dirmngr.  And for non-Linux
systems a stat in ticker should be implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agobuild: Add missing LIBASSUAN_CFLAGS to dirmngr/.
Werner Koch [Fri, 23 Jun 2017 10:00:28 +0000 (12:00 +0200)]
build: Add missing LIBASSUAN_CFLAGS to dirmngr/.

* dirmngr/Makefile.am (t_http_CFLAGS): Add LIBASSUAN_CFLAGS.
(t_ldap_parse_uri_CFLAGS): Ditto.
(t_dns_stuff_CFLAGS): Ditto.
--

GnuPG-bug-id: 2424
Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agogpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
Werner Koch [Tue, 20 Jun 2017 07:25:56 +0000 (09:25 +0200)]
gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.

* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--

This status code allows to report whether an encryption operation was
compliant to de-vs.

Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agoindent,i18n: Make some new strings translatable. Wrap too long lines.
Werner Koch [Tue, 20 Jun 2017 06:31:07 +0000 (08:31 +0200)]
indent,i18n: Make some new strings translatable.  Wrap too long lines.

--

21 months agogpg: Close cached keydb handle in gpgv.
Justus Winter [Wed, 21 Jun 2017 13:51:10 +0000 (15:51 +0200)]
gpg: Close cached keydb handle in gpgv.

* g10/gpgv.c (main): Close cached handle.

Fixes-commit: 5556eca5acd46983bff0b38a1ffbc2f07fbaba9f
Signed-off-by: Justus Winter <justus@g10code.com>
21 months agotests: Add test for gpgv.
Justus Winter [Wed, 21 Jun 2017 10:18:24 +0000 (12:18 +0200)]
tests: Add test for gpgv.

* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/gpgv.scm: New file.
* tests/openpgp/signed-messages.scm: Likewise.
* tests/openpgp/verify.scm: Move the signed messages to the new file
and load it.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpg: Fix printing keyserver URLs and notation data.
Justus Winter [Wed, 21 Jun 2017 13:02:20 +0000 (15:02 +0200)]
gpg: Fix printing keyserver URLs and notation data.

* g10/keylist.c (show_keyserver_url): Print to 'fp', not to 'stdout'.
(show_notation): Likewise.
--

Fixes the fact that if mode == -1, all text except for the labels is
written to the tty, but the label is written to stdout, which is
buffered.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agodirmngr: Properly handle SRV records.
Justus Winter [Tue, 20 Jun 2017 14:27:59 +0000 (16:27 +0200)]
dirmngr: Properly handle SRV records.

* dirmngr/ks-engine-hkp.c (enum ks_protocol): New type.
(struct hostinfo_s): New flags indicating whether we already did a
A lookup, or a SRV lookup per protocol.  Turn 'port' into an array.
(create_new_hostinfo): Initialize new fields.
(add_host): Update the port for the given protocol.
(map_host): Simplify hosttable lookup misses.  Check the SRV records
for both protocols on demand, do the A lookup just once.  Return the
correct port.
--

Previously, if a host had both a SRV record for hkp and hkps, the
wrong port was used for the protocol that was used second, because the
hostinfo did not store a port per protocol, and the hosttable does not
discriminate between hosts using the protocol.

Fix this by querying the SRV records on demand, storing a port per
protocol, and returning the right port.

GnuPG-bug-id: 3033
Signed-off-by: Justus Winter <justus@g10code.com>
21 months agodirmngr: Refactor variable-sized array code.
Justus Winter [Tue, 20 Jun 2017 12:54:17 +0000 (14:54 +0200)]
dirmngr: Refactor variable-sized array code.

* dirmngr/ks-engine-hkp.c (struct hostinfo_s): Add explicit length and
size fields.
(MAX_POOL_SIZE): New macro.
(create_new_hostinfo): Initialize new fields.
(host_in_pool_p): Adapt.
(select_random_host): Likewise.
(add_host): Likewise.  Move the resizing logic here.
(hostinfo_sort_pool): New function.
(map_host): Simplify.  Move the resizing logic away from here.
(ks_hkp_mark_host): Adapt.
(ks_hkp_print_hosttable): Likewise.
--

The current code assumes that the pool array is only filled when the
hostinfo object is created.  This patch removes that limitation.

GnuPG-bug-id: 3033
Signed-off-by: Justus Winter <justus@g10code.com>
21 months agodirmngr: Fix typo.
Justus Winter [Tue, 20 Jun 2017 11:34:12 +0000 (13:34 +0200)]
dirmngr: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpg: Fix error handling.
Justus Winter [Tue, 20 Jun 2017 08:46:52 +0000 (10:46 +0200)]
gpg: Fix error handling.

* g10/keygen.c (generate_subkeypair): Handle errors from pinentry.
--

Previously, when generating a subkey, gpg would ask for the passphrase
of the primary key.  If that dialog is canceled, gpg would ask a
second time for a passphrase to protect the new subkey.

Fix this by handling the error.

GnuPG-bug-id: 3212
Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpg,gpgsm: Fix compliance check for DSA and avoid an assert.
Werner Koch [Mon, 19 Jun 2017 15:50:02 +0000 (17:50 +0200)]
gpg,gpgsm: Fix compliance check for DSA and avoid an assert.

* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check.  Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check.  Replace
assert by debug message.

--

Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative.  Better use a boolean test.

The assert could have lead to a regression for no good reason.  Not
being compliant is better than breaking existing users.

Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agoindent: Always use "_(" and not "_ (" to mark translatable strings.
Werner Koch [Mon, 19 Jun 2017 15:42:50 +0000 (17:42 +0200)]
indent: Always use "_(" and not "_ (" to mark translatable strings.

--

This makes greping much easier and we have done that since ever.

Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agogpgscm: Limit the number of parallel jobs.
Justus Winter [Mon, 19 Jun 2017 14:31:25 +0000 (16:31 +0200)]
gpgscm: Limit the number of parallel jobs.

* ffi.c (do_wait_processes): Suppress the timeout error.
* tests.scm (semaphore): New definition.
(test-pool): Only run a bounded number of tests in parallel.
(test::started?): New function.
(run-tests-parallel): Do not report results, do not start the tests.
(run-tests-sequential): Adapt.
(run-tests): Parse the number of parallel jobs.
--

This change limits the number of tests that are run in parallel.  This
way we do not overwhelm the operating systems' scheduler.  As a
side-effect, we also get more accurate runtime information, and it
will be easy to implement timeouts on top of this.

Use TESTFLAGS to limit the number of jobs:

    $ make check-all TESTFLAGS=--parallel=16

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpgscm: Improve option parsing.
Justus Winter [Mon, 19 Jun 2017 14:29:08 +0000 (16:29 +0200)]
gpgscm: Improve option parsing.

* tests/gpgscm/tests.scm (flag): Accept arguments of the form
'--foo=bar'.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpgscm: Improve error handling of foreign functions.
Justus Winter [Mon, 19 Jun 2017 14:24:18 +0000 (16:24 +0200)]
gpgscm: Improve error handling of foreign functions.

* tests/gpgscm/ffi.scm (ffi-fail): Do not needlessly join the error
message.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agogpgscm: Improve error reporting.
Justus Winter [Mon, 19 Jun 2017 14:13:24 +0000 (16:13 +0200)]
gpgscm: Improve error reporting.

* tests/gpgscm/init.scm (throw'): Guard against 'args' being atomic.
* tests/gpgscm/scheme.c (Eval_Cycle): Remove any superfluous colons in
error messages.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agotests: Run the OpenPGP tests using the new extended key format.
Justus Winter [Mon, 19 Jun 2017 08:17:57 +0000 (10:17 +0200)]
tests: Run the OpenPGP tests using the new extended key format.

* tests/openpgp/all-tests.scm: Generalize a bit, and also add a
variant that uses the new extended key format.
* tests/openpgp/defs.scm (create-gpghome): Conditionally enable the
new extended key format.

Signed-off-by: Justus Winter <justus@g10code.com>
21 months agoChange license of some files to LGPLv2.1.
Werner Koch [Mon, 19 Jun 2017 10:37:52 +0000 (12:37 +0200)]
Change license of some files to LGPLv2.1.

* COPYING.LIB: Rename to COPYING.LGPL3.
* COPYING.LGPL21: New.
* COPYING.GPL2: New.
* Makefile.am: Distribute them.
* AUTHORS: Update license pointers.  Add BSI as copyright holder.
* common/compliance.c, common/compliance.h: Add BSI copyright notice.
Break overlong lines.
* dirmngr/loadswdb.c: Add BSI copyright notices.
* dirmngr/server.c: Ditto.
* tools/call-dirmngr.c: Change license to LGPLv2.1.  Add BSI
copyright notice.
* tools/call-dirmngr.h: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpg-wks.h: Ditto.
* tools/mime-maker.c: Ditto.
* tools/mime-maker.h: Ditto.
* tools/mime-parser.c: Ditto.
* tools/mime-parser.h: Ditto.
* tools/send-mail.c: Ditto.
* tools/send-mail.h: Ditto.
* tools/wks-receive.c: Ditto.
* tools/wks-util.c: Ditto.
* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
--

For better deployment it seems to be better to make the Web Key
Directory code more easily available.

Some code was been developed under contract of the BSI.

Signed-off-by: Werner Koch <wk@gnupg.org>
21 months agogpg: Disable compliance module for other GnuPG components.
Justus Winter [Mon, 19 Jun 2017 09:00:04 +0000 (11:00 +0200)]
gpg: Disable compliance module for other GnuPG components.

* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
false if the module is not initialized.
(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
not initialized.
(gnupg_status_compliance_flag): Do not assert that the module is
initialized.
(gnupg_parse_compliance_option): Likewise.
(gnupg_compliance_option_string): Likewise.
--

This implements a default policy for modules not explicitly using the
compliance module.  The default policy is to allow all algorithms, but
mark none of them as compliant.

Fixes gpgv.

GnuPG-bug-id: 3210
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Check and fix keys on import.
Justus Winter [Tue, 13 Jun 2017 13:35:01 +0000 (15:35 +0200)]
gpg: Check and fix keys on import.

* doc/gpg.texi: Document the new import option.
* g10/gpg.c (main): Make the new option default to yes.
* g10/import.c (parse_import_options): Parse the new option.
(import_one): Act on the new option.
* g10/options.h (IMPORT_REPAIR_KEYS): New macro.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Refactor key checking and fixing.
Justus Winter [Tue, 13 Jun 2017 13:34:03 +0000 (15:34 +0200)]
gpg: Refactor key checking and fixing.

* g10/Makefile.am (gpg_sources): Add new files.
* g10/gpgcompose.c (keyedit_print_one_sig): New stub.
* g10/keyedit.c (sig_comparison): Move to new module.
(check_all_keysigs): Likewise.
(fix_keyblock): Adapt callsite.
(keyedit_menu): Likewise.
* g10/key-check.c: New file.
* g10/key-check.h: Likewise.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Refactor keyedit module.
Justus Winter [Tue, 13 Jun 2017 13:27:43 +0000 (15:27 +0200)]
gpg: Refactor keyedit module.

* g10/Makefile.am (gpg_SOURCES): Add new file.
* g10/keyedit.c (NODFLG_*): Move flags to the new header file.
(print_one_sig): Export symbol and rename accordingly.
(print_and_check_one_sig): Adapt accordingly.
(check_all_keysigs): Likewise.
* g10/keyedit.h: New file.
* g10/main.h: Drop declarations, include new header.

GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agodirmngr: Implement querying nameservers over IPv6.
Justus Winter [Tue, 13 Jun 2017 09:33:06 +0000 (11:33 +0200)]
dirmngr: Implement querying nameservers over IPv6.

* dirmngr/dns.c (dns_so_check): Reinitialize sockets on address family
mismatch.
(enum dns_res_state): New states for querying over IPv6.
(dns_res_exec): Implement the new states by copying and modifying the
IPv4 variants.  Branch to their respective counterparts if the current
list of resolvers using the current address family is exhausted.
--

This allows dirmngr to resolve names on systems where the nameservers
are only reachable via IPv6.

GnuPG-bug-id: 2990
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Disable keydb handle caching only for W32
Werner Koch [Tue, 13 Jun 2017 07:05:40 +0000 (09:05 +0200)]
gpg: Disable keydb handle caching only for W32

* g10/getkey.c (getkey_end) [!W32]: Re-enable caching.
--

This change limits of the effects of commit
d3d640b9cc98dd0d06b49a2e4d46eb67af96fe29 to W32 system.

GnuPG-bug-id: 3097
Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agopo: Make a string translatable.
Werner Koch [Tue, 13 Jun 2017 07:02:12 +0000 (09:02 +0200)]
po: Make a string translatable.

--

22 months agocommon: Fix -Wswitch warning.
Werner Koch [Tue, 13 Jun 2017 07:01:24 +0000 (09:01 +0200)]
common: Fix -Wswitch warning.

* common/compliance.c (gnupg_digest_is_allowed): Don't include
GCRY_MD_WHIRLPOOL because it is not a digest_algo_t.
--

Note that Whirlpool is not used anywhere in gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpg: Send gpgcompose --help output to stdout, not stderr.
Neal H. Walfield [Sun, 11 Jun 2017 12:10:46 +0000 (14:10 +0200)]
gpg: Send gpgcompose --help output to stdout, not stderr.

* g10/gpgcompose.c (show_help): Send gpgcompose --help output to
stdout, not stderr.

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
22 months agogpg: Improve some output of gpgcompose.
Neal H. Walfield [Sun, 11 Jun 2017 12:07:02 +0000 (14:07 +0200)]
gpg: Improve some output of gpgcompose.

22 months agogpg: Support 'gpgcompose --encrypted-pop --help'
Neal H. Walfield [Sun, 11 Jun 2017 12:00:22 +0000 (14:00 +0200)]
gpg: Support 'gpgcompose --encrypted-pop --help'

* g10/gpgcompose.c (encrypted_pop_options): New variable.
(encrypted_pop): Support the --help option.

Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
22 months agogpg: Remove dead code.
Neal H. Walfield [Sun, 11 Jun 2017 11:58:44 +0000 (13:58 +0200)]
gpg: Remove dead code.

* g10/gpgcompose.c (filter_pop): F->PKTTYPE will never be
PKT_ENCRYPTED_MDC.
(encrypted_pop): Likewise and there is no option --encrypted-mdc-pop.

22 months agoartwork: Add new banner.
Marcus Brinkmann [Thu, 8 Jun 2017 15:54:08 +0000 (17:54 +0200)]
artwork: Add new banner.

* artwork/banner/banner-full.png: New file.
* artwork/banner/banner-rectangle.png: New file.
* artwork/banner/banner.svg: New file.
* artwork/banner/Bungee-Regular.ttf: New file.
* artwork/banner/Raleway-license.txt: New file.
* artwork/banner/banner-half.png: New file.
* artwork/banner/banner-skyscraper.png: New file.
* artwork/banner/Bungee-license.txt: New file.
* artwork/banner/Raleway-ExtraBold.ttf: New file.
* artwork/banner/Raleway-SemiBold.ttf: New file.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
22 months agocommon,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
Justus Winter [Tue, 6 Jun 2017 14:01:40 +0000 (16:01 +0200)]
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.

* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

With this change, policies can effectively restrict what algorithms
are used for different purposes.  The algorithm policy for CO_DE_VS is
implemented.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Fix computation of compliance with CO_DE_VS.
Justus Winter [Thu, 8 Jun 2017 11:55:47 +0000 (13:55 +0200)]
gpg: Fix computation of compliance with CO_DE_VS.

* g10/mainproc.c (proc_encrypted): Symmetric encryption is also in
compliance with CO_DE_VS.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agodirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.
Werner Koch [Thu, 8 Jun 2017 07:30:48 +0000 (09:30 +0200)]
dirmngr: Implement HTTP connect timeouts of 15 or 2 seconds.

* dirmngr/dirmngr.c (oConnectTimeout, oConnectQuickTimeout): New
enums.
(opts): New options --connect-timeout and --connect-quick-timeout.
(DEFAULT_CONNECT_TIMEOUT): New.
(DEFAULT_CONNECT_QUICK_TIMEOUT): New.
(parse_rereadable_options): Handle new options.
(post_option_parsing): New.  Use instead of direct calls to
set_debug() and set_tor_mode ().
(main): Setup default timeouts.
(dirmngr_init_default_ctrl): Set standard connect timeout.
* dirmngr/dirmngr.h (opt): New fields connect_timeout and
connect_quick_timeout.
(server_control_s): New field timeout.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass timeout to
http_raw_connect.
* dirmngr/ks-engine-hkp.c (send_request): Call
http_session_set_timeout.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/server.c (cmd_wkd_get, cmd_ks_search, cmd_ks_get)
(cmd_ks_fetch): Implement --quick option.
--

The standard connect timeouts are way to long so we add a timeout to
the connect calls.  Also implement the --quick option which is already
used by gpg for non-important requests (e.g. looking up a key for
verification).

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodirmngr: Allow a timeout for HTTP and other TCP connects.
Werner Koch [Thu, 8 Jun 2017 06:23:06 +0000 (08:23 +0200)]
dirmngr: Allow a timeout for HTTP and other TCP connects.

* dirmngr/http.c: Include fcntl.h.
(http_session_s): Add field 'connect_timeout'.
(http_session_new): Clear that.
(http_session_set_timeout): New function.
(my_wsagetlasterror) [W32]: New.
(connect_with_timeout): New function.
(connect_server): Add arg 'timeout' and call connect_with_timeout.
(send_request): Add arg 'timeout' and pass it to connect_server.
(http_raw_connect): Add arg 'timeout'.
(http_open): Pass TIMEOUT from the session to connect_server.
--

Note that the non-blocking connect we implement is traditional a
pretty non-portable thing due to slighly different semantics.  The
code uses the strategy W. Richard Stevens suggested in 1998.
Hopefully current OS versions got it all right.

The code has not been tested on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agogpg: Avoid failure exit when scdaemon is disabled but not needed.
Werner Koch [Mon, 5 Jun 2017 09:57:02 +0000 (11:57 +0200)]
gpg: Avoid failure exit when scdaemon is disabled but not needed.

* g10/call-agent.c (warn_version_mismatch): Use log_info if error is
"not supported".
--

This fix may make the fix for
GnuPG-bug-id: 3192
even more robust.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agocommon: Add cipher mode to compliance predicate.
Justus Winter [Wed, 7 Jun 2017 14:09:07 +0000 (16:09 +0200)]
common: Add cipher mode to compliance predicate.

* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agocommon,gpg,sm: Initialize compliance module.
Justus Winter [Wed, 7 Jun 2017 13:38:50 +0000 (15:38 +0200)]
common,gpg,sm: Initialize compliance module.

* common/compliance.c (gnupg_initialize_compliance): New function.
* common/compliance.h (gnupg_initialize_compliance): New prototype.
* g10/gpg.c (main): Use the new function.
* sm/gpgsm.c (main): Likewise.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agocommon,gpg: Move the compliance option printer.
Justus Winter [Wed, 7 Jun 2017 10:33:36 +0000 (12:33 +0200)]
common,gpg: Move the compliance option printer.

* common/compliance.c (gnupg_compliance_option_string): New function.
* common/compliance.h (gnupg_compliance_option_string): New prototype.
* g10/encrypt.c (write_pubkey_enc_from_list): Update callsite.
* g10/gpg.c (main): Likewise.
* g10/keyedit.c (keyedit_menu): Likewise.
* g10/pkclist.c (build_pk_list): Likewise.
* g10/main.h (compliance_option_string): Remove prototype.
* g10/misc.c (compliance_option_string): Remove function.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agocommon,gpg,sm: Move the compliance option parser.
Justus Winter [Wed, 7 Jun 2017 09:50:54 +0000 (11:50 +0200)]
common,gpg,sm: Move the compliance option parser.

* common/compliance.c (gnupg_parse_compliance_option): New function.
* common/compliance.h (struct gnupg_compliance_option): New type.
(gnupg_parse_compliance_option): New prototype.
* g10/gpg.c (parse_compliance_option): Remove function.
(compliance_options): New variable.
(main): Adapt callsite.
* sm/gpgsm.c (main): Use the new common function.
* sm/gpgsm.h (opt): New field 'compliance'.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Improve compliance with CO_DE_VS.
Justus Winter [Thu, 1 Jun 2017 13:14:19 +0000 (15:14 +0200)]
gpg: Improve compliance with CO_DE_VS.

* g10/gpg.c (set_compliance_option): The specification, section 4.1.1,
forbids the use of encryption without integrity protection.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agospeedo: Fix a minor memleak in the installer
Andre Heinecke [Wed, 7 Jun 2017 13:30:14 +0000 (15:30 +0200)]
speedo: Fix a minor memleak in the installer

* build-aux/speedo/w32/g4wihelp.c (path_remove): Free path_new on
early return.

--
It's a weird condition in a once run function in a throwaway
process but -- yeah. It's a memleak and static analysis can
see it.

GnuPG-Bug-Id: T3197
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
22 months agospeedo: Fix source tar call ambiguity
Andre Heinecke [Tue, 6 Jun 2017 14:38:02 +0000 (16:38 +0200)]
speedo: Fix source tar call ambiguity

* build-aux/speedo.mk (dist-source): Expand exclude-vc to
exclude-vcs.

--
Tar 1.29 also has exclude-vcs-ignores so this became
ambiguous.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
22 months agocommon,g10: Fix typos.
Justus Winter [Tue, 6 Jun 2017 12:48:01 +0000 (14:48 +0200)]
common,g10: Fix typos.

--
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Report compliance with CO_DE_VS.
Justus Winter [Tue, 30 May 2017 12:30:24 +0000 (14:30 +0200)]
gpg: Report compliance with CO_DE_VS.

* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information will be picked up by the frontend and
presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agocommon: Improve checking for compliance with CO_DE_VS.
Justus Winter [Thu, 1 Jun 2017 09:56:42 +0000 (11:56 +0200)]
common: Improve checking for compliance with CO_DE_VS.

* common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key
sizes are compliant.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg,common: Move the compliance framework.
Justus Winter [Wed, 31 May 2017 12:33:45 +0000 (14:33 +0200)]
gpg,common: Move the compliance framework.

* common/Makefile.am (common_sources): Add new files.
* common/compliance.c: New file.  Move 'gnupg_pk_is_compliant' here,
and tweak it to not rely on types private to gpg.
* common/compliance.h: New file.  Move the compliance enum here.
* g10/keylist.c (print_compliance_flags): Adapt callsite.
* g10/main.h (gnupg_pk_is_compliant): Remove prototype.
* g10/misc.c (gnupg_pk_is_compliant): Remove function.
* g10/options.h (opt): Use the new compliance enum.
* sm/keylist.c (print_compliance_flags): Use the common functions.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Fix compliance computation.
Justus Winter [Wed, 31 May 2017 12:24:04 +0000 (14:24 +0200)]
gpg: Fix compliance computation.

* g10/misc.c (gnupg_pk_is_compliant): Compare against CO_RFC2440, not
RFC2440 which is actually a predicate.

Fixes-commit: fe0b37e123ded51cc5f4cb5e3547fdfbce37a43e
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agosm: Simplify code.
Justus Winter [Wed, 31 May 2017 10:51:56 +0000 (12:51 +0200)]
sm: Simplify code.

* sm/verify.c (gpgsm_verify): Simplify by using a newer gcrypt
interface.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agosm: Fix typo.
Justus Winter [Wed, 31 May 2017 10:12:42 +0000 (12:12 +0200)]
sm: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agodoc: Improve documentation.
Justus Winter [Wed, 31 May 2017 10:11:56 +0000 (12:11 +0200)]
doc: Improve documentation.

* doc/gpgsm.texi: Mention that '--with-key-data' implies
'--with-colons'.

Signed-off-by: Justus Winter <justus@g10code.com>
22 months agoagent: Fix error from do_encryption.
NIIBE Yutaka [Wed, 31 May 2017 09:42:55 +0000 (18:42 +0900)]
agent: Fix error from do_encryption.

* agent/protect.c (do_encryption): Don't mask failure of OUTBUF
allocation.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agoscd: Fix error code on failure at usb_init.
NIIBE Yutaka [Wed, 31 May 2017 01:05:36 +0000 (10:05 +0900)]
scd: Fix error code on failure at usb_init.

* scd/ccid-driver.c (ccid_dev_scan): Return GPG_ERR_ENODEV.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agoscd: Handle a failure of libusb_init.
NIIBE Yutaka [Wed, 31 May 2017 00:49:54 +0000 (09:49 +0900)]
scd: Handle a failure of libusb_init.

* scd/ccid-driver.c (ccid_get_reader_list, ccid_dev_scan): Handle
failure.

--

Reported-by: Yuriy M. Kaminskiy <yumkam@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agogpg: Fix typos.
Justus Winter [Mon, 29 May 2017 13:23:36 +0000 (15:23 +0200)]
gpg: Fix typos.

--
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agogpg: Disable keydb handle caching
Andre Heinecke [Tue, 30 May 2017 08:22:35 +0000 (10:22 +0200)]
gpg: Disable keydb handle caching

* g10/getkey.c (getkey_end): Disable caching of the open keydb
handle.

--
This created a big regression for Windows because the keyring
is only released after the global ctrl is released. So if an operation
does a getkey and then tries to modify the keyring it will fail on
Windows with a sharing violation. We need to modify all
keyring write operations to also take the ctrl and close the
cached_getkey_kdb handle to make writing work. See:
https://dev.gnupg.org/T3097

GnuPG-Bug-Id: T3097

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
22 months agoagent: Fix memory leaks.
NIIBE Yutaka [Tue, 30 May 2017 04:56:20 +0000 (13:56 +0900)]
agent: Fix memory leaks.

* agent/divert-scd.c (ask_for_card): Free WANT_KID and WANT_SN_DISP.
* agent/gpg-agent.c (create_server_socket): Free UNADDR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agodirmngr: This towel should better detect a changed resolv.conf.
Werner Koch [Thu, 25 May 2017 18:26:54 +0000 (20:26 +0200)]
dirmngr: This towel should better detect a changed resolv.conf.

* dirmngr/dns-stuff.c (resolv_conf_changed_p): Fix initialization time
issue.
--

Fixes-commit: b5f356e9fba2d99909f8f54d7b7e6836bed87b68
Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agodirmngr: Re-init libdns resolver on towel change of resolv.conf
Werner Koch [Thu, 25 May 2017 09:33:07 +0000 (11:33 +0200)]
dirmngr: Re-init libdns resolver on towel change of resolv.conf

* dirmngr/dns-stuff.c: Include sys/stat.h.
(RESOLV_CONF_NAME): New macro to replace a string.
(resolv_conf_changed_p): New.
(libdns_init): Call new function
(libdns_res_open): Ditto.
--

Don't panic.  This is a simple change
Suggested-by: Stefan B├╝hler <stbuehler@web.de>
to avoid complicated if-up.d hooks to reload resolv.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
22 months agoagent: Make digest algorithms for ssh fingerprints configurable.
Justus Winter [Wed, 24 May 2017 15:48:42 +0000 (17:48 +0200)]
agent: Make digest algorithms for ssh fingerprints configurable.

* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--

OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256.  This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agoagent: Write both ssh fingerprints to 'sshcontrol' file.
Justus Winter [Wed, 24 May 2017 15:29:31 +0000 (17:29 +0200)]
agent: Write both ssh fingerprints to 'sshcontrol' file.

* agent/command-ssh.c (add_control_entry): Hand in the key, write both
the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
when adding ssh keys.
(ssh_identity_register): Adapt callsite.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agocommon: Correctly render SHA256-based ssh fingerprints.
Justus Winter [Wed, 24 May 2017 15:03:58 +0000 (17:03 +0200)]
common: Correctly render SHA256-based ssh fingerprints.

* common/ssh-utils.c (dummy_realloc): New function.
(dummy_free): Likewise.
(get_fingerprint): Prepend the fingerprint with the name of the digest
algorithm.  Correctly render SHA256-based ssh fingerprints.
* common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
(main): Add an option to dump the keys to gather fingerprints, also
print the SHA256 fingerprint for keys given as arguments, and check
the SHA256 fingerprints of the test keys.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agocommon: Support different digest algorithms for ssh fingerprints.
Justus Winter [Fri, 4 Dec 2015 14:19:07 +0000 (15:19 +0100)]
common: Support different digest algorithms for ssh fingerprints.

* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
(ssh_get_fingerprint{,_string}): Likewise.
* common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
* common/t-ssh-utils.c (main): Adapt accordingly.
* agent/command-ssh.c (agent_raw_key_from_file): Likewise.
(ssh_identity_register): Likewise.
* agent/command.c (do_one_keyinfo): Likewise.
* agent/findkey.c (modify_description): Likewise.
--
This lays the foundation to support other algorithms.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agoRegister DCO for William L. Thomson Jr.
Justus Winter [Tue, 23 May 2017 13:47:29 +0000 (15:47 +0200)]
Register DCO for William L. Thomson Jr.

--
Signed-off-by: Justus Winter <justus@g10code.com>
22 months agoagent: Add const qualifier for read-only table.
NIIBE Yutaka [Mon, 22 May 2017 21:42:44 +0000 (06:42 +0900)]
agent: Add const qualifier for read-only table.

* agent/call-pinentry.c (start_pinentry): Add const to tbl.
* agent/command-ssh.c (request_specs): Add const.
(ssh_key_types): Likewise.
(request_spec_lookup): Add const to the return value and SPEC.
(ssh_request_process): Likewise.
* agent/protect.c (protect_info): Add const.
(agent_unprotect): Add const to algotable.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
22 months agog10: Fix default-key selection for signing, possibly by card.
NIIBE Yutaka [Mon, 22 May 2017 00:27:36 +0000 (09:27 +0900)]
g10: Fix default-key selection for signing, possibly by card.

* g10/call-agent.c (warn_version_mismatch): Revert.
(start_agent): Suppress version mismatch if relevant.
* g10/getkey.c (get_seckey_default_or_card): New.
* g10/skclist.c (build_sk_list): Use get_seckey_default_or_card.

--

The change of 97a2394, which prefers available card than default key
specified is too strong.

Fixes-commit: 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
23 months agodoc: Fix spellings.
Daniel Kahn Gillmor [Thu, 18 May 2017 20:34:37 +0000 (16:34 -0400)]
doc: Fix spellings.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
23 months agodocs: Point to https://dev.gnupg.org/ .
Daniel Kahn Gillmor [Thu, 18 May 2017 19:05:57 +0000 (15:05 -0400)]
docs: Point to https://dev.gnupg.org/ .

Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/.  Since
the project has transitioned to a better workflow for supporting
contributions, we should ensure that our documentation points to the
right place.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
23 months agogpgscm: Fix checking for opcode arguments.
Justus Winter [Wed, 17 May 2017 14:10:37 +0000 (16:10 +0200)]
gpgscm: Fix checking for opcode arguments.

* tests/gpgscm/scheme.c (Eval_Cycle): Update 'pcd' after dispatching
an instruction.

Fixes-commit: 9c6407d17e0cb9f4a370b1b83e7816577ec7d29d
Signed-off-by: Justus Winter <justus@g10code.com>
23 months agotests: Fix agent teardown in release builds.
Justus Winter [Wed, 17 May 2017 10:14:55 +0000 (12:14 +0200)]
tests: Fix agent teardown in release builds.

* tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which
will properly use the '--build-prefix' argument to make gpgconf use
tools from the build directory.

GnuPG-bug-id: 3165
Fixes-commit: 2c9d9ac55ea455a5ec26428989dced0311ed46cc
Signed-off-by: Justus Winter <justus@g10code.com>
23 months agog10: Fix gpgcompose.c.
NIIBE Yutaka [Wed, 17 May 2017 01:14:43 +0000 (10:14 +0900)]
g10: Fix gpgcompose.c.

* g10/gpgcompose.c (show_help): Check return value.

--

Fixes-commit: 00b7767bc6fe309aa20375c859ebf708cfc7b9ea
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
23 months agog10: Suppress error for card availability check.
NIIBE Yutaka [Wed, 17 May 2017 00:46:06 +0000 (09:46 +0900)]
g10: Suppress error for card availability check.

* g10/call-agent.c (start_agent): Add semantics for card; Suppress
error for card check.
(warn_version_mismatch): Ignore an error for scdaemon.
(agent_scd_serialno): Call start_agent with
FLAG_FOR_CARD_SUPPRESS_ERRORS.

--

GnuPG-bug-id: 3165
Fixes-commit: 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
23 months agotests: Configure the environments to use scdaemon from build tree.
Justus Winter [Tue, 16 May 2017 14:07:25 +0000 (16:07 +0200)]
tests: Configure the environments to use scdaemon from build tree.

* tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree
when writing a 'gpg-agent.conf'.
* tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/openpgp/defs.scm: Likewise.
--

As of 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 gpg may query the
scdaemon for a signing key to use.  To make sure that the agent calls
the right scdaemon, we provide the path explicitly in the
'gpg-agent.conf' that is used in the tests, similar to what we do for
the agent itself and the pinentry.

GnuPG-bug-id: 3165
Signed-off-by: Justus Winter <justus@g10code.com>
23 months agoPost release updates
Werner Koch [Mon, 15 May 2017 15:21:58 +0000 (17:21 +0200)]
Post release updates

--

23 months agoRelease 2.1.21 gnupg-2.1.21
Werner Koch [Mon, 15 May 2017 14:11:09 +0000 (16:11 +0200)]
Release 2.1.21

Signed-off-by: Werner Koch <wk@gnupg.org>
23 months agopo: Auto-update
Werner Koch [Mon, 15 May 2017 14:04:06 +0000 (16:04 +0200)]
po: Auto-update

--

23 months agopo: Update German translation
Werner Koch [Mon, 15 May 2017 14:00:37 +0000 (16:00 +0200)]
po: Update German translation

23 months agogpg: Do not mark ", " translatable.
Werner Koch [Mon, 15 May 2017 13:56:46 +0000 (15:56 +0200)]
gpg: Do not mark ", " translatable.

* g10/tofu.c (ask_about_binding): Remove useless translation markers.
--

Translation and in particular punctuation marks can only be translated
with context.  Thus making a sole comma translatable is useless.

Signed-off-by: Werner Koch <wk@gnupg.org>
23 months agodirmngr,w32: Fix ldap crl read on windows
Andre Heinecke [Wed, 26 Apr 2017 07:39:06 +0000 (09:39 +0200)]
dirmngr,w32: Fix ldap crl read on windows

Summary:
* dirmngr/ldap-wrapper-ce.c (outstream_cookie_s): Add buffer_read_pos.
(buffer_get_data): Use seperate read pos.

--
Using a single buffer pos for reading and writing caused the read
to return 0 as it read from the end of the buffer. Now we use
a seperate reader position.

Differential: D427

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
23 months agocommon: Let format_text return an error.
Werner Koch [Mon, 15 May 2017 07:58:27 +0000 (09:58 +0200)]
common: Let format_text return an error.

* common/stringhelp.c (format_text): Return NULL on error.
* common/t-stringhelp.c (test_format_text): Adjust for change.
* g10/gpgcompose.c (show_help): Abort on out of core.
* g10/tofu.c (ask_about_binding): Abort on format_text error.
(show_statistics): Ditto.
(show_warning): Ditto.
--

For better re-usability function in common/ shot  better not use
xmalloc functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
23 months agotests: Also run all OpenPGP tests using keyrings.
Justus Winter [Thu, 11 May 2017 15:17:12 +0000 (17:17 +0200)]
tests: Also run all OpenPGP tests using keyrings.

* tests/openpgp/all-tests.scm: Run each test twice, once with public
keys stored in a keybox, once with a keyring.
* tests/openpgp/defs.scm (create-gpghome): Create a public keyring to
make GnuPG use that instead of creating a keybox if '--use-keyring' is
given.
* tests/openpgp/setup.scm: Fix flag handling and usage.
--

This parametrizes the OpenPGP tests.  With this change, the test suite
is able to detect problems with the keyring store, e.g. like the one
fixed in 22739433e98be80e46fe7d01d52a9627c1aebaae.

GnuPG-bug-id: 3080
Signed-off-by: Justus Winter <justus@g10code.com>
23 months agotests: Make it possible to run all tests using our infrastructure.
Justus Winter [Mon, 20 Mar 2017 09:30:08 +0000 (10:30 +0100)]
tests: Make it possible to run all tests using our infrastructure.

* Makefile.am (TESTS_ENVIRONMENT): New variable.
(check-all): New phony target to run all tests.
* tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
whether the GPGME test suite is available instead of exiting the
process.
* tests/gpgscm/init.scm (export): New macro.
* tests/gpgscm/tests.scm (run-tests): New function.
(load-tests): Likewise.
* tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
of tests to 'all-tests.scm'.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.
* tests/gpgme/Makefile.am: To select the tests to run, use the
variable 'TESTS'.  This harmonizes the interface with the automake
test suite.
* tests/gpgsm/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.
* tests/openpgp/README: Likewise.
* agent/all-tests.scm: New file.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
* tests/gpgme/all-tests.scm: Likewise.
* tests/gpgsm/all-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/run-tests.scm: Likewise.
--

This change allows us to run all tests in parallel and write one XML
report capturing the results of every test.  It also lays the
foundation to parametrize test suites.

Signed-off-by: Justus Winter <justus@g10code.com>