gnupg.git
12 months agog10: Avoid accessing invalid expiration dates. justus/issue2826-0
Justus Winter [Mon, 2 Jan 2017 17:16:47 +0000 (18:16 +0100)]
g10: Avoid accessing invalid expiration dates.

* g10/sig-check.c (check_signature_metadata_validity): Avoid accessing
invalid expiration dates.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agog10: Use accessors for expiration dates of public keys.
Justus Winter [Mon, 2 Jan 2017 15:55:41 +0000 (16:55 +0100)]
g10: Use accessors for expiration dates of public keys.

* g10/Makefile.am (common_source): Add new file.
* g10/packet-functions.h: New file.
* g10/packet.h (PKT_public_key): New flag 'valid_expiredate'.
* g10/call-dirmngr.c: Apply the following semantic patch.
* g10/free-packet.c: Likewise.
* g10/getkey.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keygen.c: Likewise.  Here with small manual fixups.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/trustdb.c: Likewise.
--

    @@
    PKT_public_key *E;
    expression X;
    @@
    -E->expiredate = X
    +kb_pk_set_expiredate (E, X)

    @@
    PKT_public_key *E;
    @@
    -E->expiredate
    +kb_pk_expiredate (E)

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agog10: Use bitfield for flags of user ids.
Justus Winter [Mon, 2 Jan 2017 12:11:42 +0000 (13:11 +0100)]
g10: Use bitfield for flags of user ids.

* g10/packet.h (is_{primary,revoked,expired}): Move to the flags
bitfield.
* g10/call-dirmngr.c: Update all uses using the following semantic
patch.
* g10/export.c: Likewise.
* g10/getkey.c: Likewise.
* g10/import.c: Likewise.
* g10/kbnode.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyserver.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
--

I used Coccinelle and the following semantic patch to update the code:

    @@
    expression E;
    @@
    -E->is_expired
    +E->flags.expired

    @@
    expression E;
    @@
    -E->is_primary
    +E->flags.primary

    @@
    expression E;
    @@
    -E->is_revoked
    +E->flags.revoked

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agocommon: Turn assertions into expressions.
Justus Winter [Mon, 2 Jan 2017 15:30:45 +0000 (16:30 +0100)]
common: Turn assertions into expressions.

* common/logging.h (log_assert): Turn this into an expression so it
can be used in expressions.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agotests: Fix faked time in the TOFU test.
Justus Winter [Mon, 2 Jan 2017 15:37:02 +0000 (16:37 +0100)]
tests: Fix faked time in the TOFU test.

* tests/openpgp/tofu.scm (GPG): Fix time delta.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agog13: Improve printing of debug infos.
Werner Koch [Mon, 2 Jan 2017 12:30:37 +0000 (13:30 +0100)]
g13: Improve printing of debug infos.

* g13/g13tuple.c (all_printable): Make it work.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoReplace use of variable-length-arrays.
Werner Koch [Mon, 2 Jan 2017 12:29:18 +0000 (13:29 +0100)]
Replace use of variable-length-arrays.

* common/t-iobuf.c (main): Replace variable-length-array.
* g10/gpgcompose.c (mksubpkt_callback): Ditto.
(encrypted): Ditto.
* g10/t-stutter.c (log_hexdump): Ditto.
(oracle_test): Ditto.
* g10/tofu.c (get_policy): Ditto.  Use "%zu" for size_t.
* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
Check for zero length OID_LEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agobuild: Enable gcc warnings to detect non-portable code.
Werner Koch [Mon, 2 Jan 2017 11:59:10 +0000 (12:59 +0100)]
build: Enable gcc warnings to detect non-portable code.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpgscm: Fail if too many arguments are given.
Justus Winter [Thu, 22 Dec 2016 14:48:07 +0000 (15:48 +0100)]
gpgscm: Fail if too many arguments are given.

* tests/gpgscm/scheme.c (opexe_0): Enable check.
* tests/gpgscm/tests.scm (test::report): Remove superfluous argument.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agogpgscm: Add 'finally', rework all macros.
Justus Winter [Thu, 22 Dec 2016 13:42:50 +0000 (14:42 +0100)]
gpgscm: Add 'finally', rework all macros.

* tests/gpgscm/init.scm (finally): New macro.
* tests/gpgscm/tests.scm (letfd): Rewrite.
(with-working-directory): Likewise.
(with-temporary-working-directory): Likewise.
(lettmp): Likewise.
--

Rewrite all our macros using 'define-macro'. Use the new control flow
mechanism 'finally', or 'dynamic-wind' where appropriate.  Make sure
the macros are hygienic.  Reduce code duplication.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agogpgscm: Use boxed values for source locations.
Justus Winter [Thu, 22 Dec 2016 09:36:56 +0000 (10:36 +0100)]
gpgscm: Use boxed values for source locations.

* tests/gpgscm/scheme-private.h (struct port): Use boxed values for
filename and current line.  This allows us to use the same Scheme
object for labeling all expressions in a file.
* tests/gpgscm/scheme.c (file_push): Use boxed type for filename.
(mark): Mark location objects of port objects.
(gc): Mark location objects in the load stack.
(port_clear_location): New function.
(port_reset_current_line): Likewise.
(port_increment_current_line): Likewise.
(file_pop): Adapt accordingly.
(port_rep_from_filename): Likewise.
(port_rep_from_file): Likewise.
(port_close): Likewise.
(skipspace): Likewise.
(token): Likewise.
(_Error_1): Likewise.
(opexe_0): Likewise.
(opexe_5): Likewise.
(scheme_deinit): Likewise.
(scheme_load_file): Likewise.
(scheme_load_named_file): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agodoc: Remove warning that DNS is not routed via Tor
Werner Koch [Mon, 2 Jan 2017 09:39:59 +0000 (10:39 +0100)]
doc: Remove warning that DNS is not routed via Tor

--

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agodirmngr: Strip root zone suffix from libdns cname results.
Werner Koch [Mon, 2 Jan 2017 09:00:33 +0000 (10:00 +0100)]
dirmngr: Strip root zone suffix from libdns cname results.

* dirmngr/dns-stuff.c (resolve_name_libdns): Strip trailing dot.
(get_dns_cname_libdns): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoscd: Fix select_application.
NIIBE Yutaka [Fri, 30 Dec 2016 06:17:50 +0000 (15:17 +0900)]
scd: Fix select_application.

* scd/app.c (select_application): Fix the condition for open.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoscd: Fix card removal monitor.
NIIBE Yutaka [Fri, 30 Dec 2016 04:17:49 +0000 (13:17 +0900)]
scd: Fix card removal monitor.

* scd/app.c (app_reset): Call send_client_notification with REMOVAL.
(scd_update_reader_status_file): Likewise.
* scd/command.c (send_client_notifications): Distinguish removal.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoscd: Improve internal CCID driver.
NIIBE Yutaka [Thu, 29 Dec 2016 02:31:25 +0000 (11:31 +0900)]
scd: Improve internal CCID driver.

* scd/ccid-driver.c (scan_or_find_usb_device): Don't scan for
configuration but use active configuration.  Support alt_setting.
(scan_or_find_devices): Support alt_setting.
(ccid_open_reader): Support alt_setting.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoscd: Fix a race condition for new_reader_slot.
NIIBE Yutaka [Thu, 29 Dec 2016 01:07:43 +0000 (10:07 +0900)]
scd: Fix a race condition for new_reader_slot.

* scd/apdu.c (reader_table_lock, apdu_init): New.
(new_reader_slot): Serialize by reader_table_lock.
* scd/app.c (lock_app, unlock_app, app_new_register): Fix error code
usage.
(initialize_module_command): Call apdu_init.
* scd/scdaemon.c (main): Handle error for initialize_module_command.

--

This is a long standing bug.  There are two different things; The
serialization of allocating a new SLOT, and the serialization of using
the SLOT.  The latter was implemented in new_reader_slot by lock_slot.
However, the former was not done.  Thus, there was a possible race where
a same SLOT is allocated to multiple threads.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoscd: APP centric approach for device management.
NIIBE Yutaka [Wed, 28 Dec 2016 03:29:17 +0000 (12:29 +0900)]
scd: APP centric approach for device management.

* scd/app.c (lock_app): Rename from lock_reader and use internal field
of APP.
(unlock_app): Likewise.
(app_dump_state): Use APP.
(application_notify_card_reset): Remove.
(check_conflict): Change API for APP, instead of SLOT.
(check_application_conflict): Likewise.
(release_application_internal): New.
(app_reset): New.
(app_new_register): New.
(select_application): Change API for APP, instead of SLOT.
(deallocate_app, release_application): Modify for manage link.
(report_change): New.
(scd_update_reader_status_file): Moved from command.c and
use APP list, instead of VREADER.
(initialize_module_command): Moved from command.c.

* scd/command.c (TEST_CARD_REMOVAL): Remove.
(IS_LOCKED): Simplify.
(vreader_table): Remove.
(vreader_slot, update_card_removed): Remove.
(do_reset): Call app_reset.
(get_current_reader): Remove.
(open_card): Add SCAN arg.
(cmd_serialno): No retry, since retry is done in lower layer in apdu.c.
No do_reset, since it is done in lower layer.
Add clearing card_removed flag.
(cmd_disconnect): Call apdu_disconnect.
(send_client_notifications): Modify for APP.
(update_reader_status_file): Remove.

--

APP is the abstraction of the card application.  For management of
cards, it is better to focus on the APP instead of the physical reader.
This change makes support of multiple card/token easier.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoscd: Simplify monitoring card removal.
NIIBE Yutaka [Wed, 28 Dec 2016 02:14:29 +0000 (11:14 +0900)]
scd: Simplify monitoring card removal.

* scd/apdu.c (struct reader_table_s): Remove any_status, last_status,
status, and change_counter field.
(new_reader_slot, dump_reader_status, ct_activate_card, open_ct_reader)
(connect_pcsc_card, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, apdu_reset): Follow the change.
(ct_dump_reader_status): Remove.
(apdu_get_status_internal, apdu_get_status): Remove CHANGED arg.
(apdu_connect): Follow the change.
* scd/command.c (struct vreader_s): Remove reset_failed, any, and
changed field.
(cmd_getinfo, update_reader_status_file): Follow the change.

--

In the past, scdaemon monitors card insertion (as well as removal), so
the code has been complicated, and there has been duplication in two
layers.  Now, it only monitors card removal, it's now simplified.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoscd: Improve internal CCID driver.
NIIBE Yutaka [Tue, 27 Dec 2016 02:58:54 +0000 (11:58 +0900)]
scd: Improve internal CCID driver.

* scd/ccid-driver.c (scan_or_find_usb_device): Fix return value.
Support device with multiple CCID interfaces.  Fix the case with
READERNO.  Support partial string match of "reader-port" like PC/SC
driver.

--

I don't know any device with multiple CCID interfaces, though.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agodirmngr: Fix for --disable-libdns usage.
NIIBE Yutaka [Fri, 23 Dec 2016 07:05:01 +0000 (16:05 +0900)]
dirmngr: Fix for --disable-libdns usage.

* dirmngr/dns-stuff.c (enable_recursive_resolver, set_dns_nameserver)
(reload_dns_stuff): Conditionalize with USE_LIBDNS.
(get_h_errno_as_gpg_error): Map HOST_NOT_FOUND to GPG_ERR_NO_NAME.

--

get_dns_srv assumes error code of GPG_ERR_NO_NAME when no SRV record
available.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
GnuPG-bug-id: 2889

12 months agotools: Show a clearer error message if a server doesn't support WKS
Neal H. Walfield [Thu, 22 Dec 2016 15:06:13 +0000 (16:06 +0100)]
tools: Show a clearer error message if a server doesn't support WKS

* tools/gpg-wks-client.c (command_send): If we fail to lookup the
submission address, print a better error message.  If it is because
the corresponding file doesn't exist, provide the hint that the server
probably doesn't support WKS.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
12 months agowks: Let the client ignore missing policy flags.
Werner Koch [Thu, 22 Dec 2016 13:39:11 +0000 (14:39 +0100)]
wks: Let the client ignore missing policy flags.

* tools/gpg-wks-client.c (command_send): Ignore missing policy flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoscd: Clean up internal API for APP.
NIIBE Yutaka [Thu, 22 Dec 2016 12:14:26 +0000 (21:14 +0900)]
scd: Clean up internal API for APP.

* scd/app-common.h (app_readcert, app_readkey, app_setattr, app_sign,
app_auth, app_decipher, app_get_challenge, app_check_pin): Add CTRL as
the second argument.
* scd/app.c: Supply CTRL to lock_reader calls.
* scd/command.c (cmd_readcert, cmd_readkey, cmd_pksign, cmd_auth,
cmd_pkdecrypt, cmd_setattr, cmd_random, cmd_checkpin): Follow the
change.

--

APP is an abstraction of the "card application".  Most methods of APP
should have CTRL argument to report back progress to the session.  This
change fixes FIXMEs for missing CTRL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agogpgscm: Guard use of union member.
Justus Winter [Wed, 21 Dec 2016 15:14:45 +0000 (16:14 +0100)]
gpgscm: Guard use of union member.

* tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
before accessing filename.  Fixes a crash on 32-bit architectures.

Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
Signed-off-by: Justus Winter <justus@g10code.com>
12 months agotests: Avoid skipping exectool tests.
Werner Koch [Tue, 20 Dec 2016 17:38:12 +0000 (18:38 +0100)]
tests: Avoid skipping exectool tests.

* common/t-exectool.c (test_executing_true): Try also /usr/bin/true.
(test_executing_false): Try also /usr/bin/false.
--

Reported-by: Nelson H. F. Beebe
  I then ran a test on all our test lab systems, and found that
  /bin/false is missing on DragonFlyBSD, FreeBSD, GhostBSD,
  HardenedBSD, Mac OS X, MidnightBSD, Minix, one version of MirBSD,
  NetBSD, OpenBSD, PacBSD, PCBSD, and TrueOS.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agotests: Add test suite for gpgsm.
Justus Winter [Tue, 20 Dec 2016 13:05:10 +0000 (14:05 +0100)]
tests: Add test suite for gpgsm.

* configure.ac (AC_CONFIG_FILES): Add new file.
* tests/Makefile.am (SUBDIRS): Add new directory.
* tests/gpgsm/32100C27173EF6E9C4E9A25D3D69F86D37A4F939: New file.
* tests/gpgsm/Makefile.am: Likewise.
* tests/gpgsm/cert_dfn_pca01.der: Likewise.
* tests/gpgsm/cert_dfn_pca15.der: Likewise.
* tests/gpgsm/cert_g10code_test1.der: Likewise.
* tests/gpgsm/decrypt.scm: Likewise.
* tests/gpgsm/encrypt.scm: Likewise.
* tests/gpgsm/export.scm: Likewise.
* tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/gpgsm/import.scm: Likewise.
* tests/gpgsm/plain-1.cms.asc: Likewise.
* tests/gpgsm/plain-2.cms.asc: Likewise.
* tests/gpgsm/plain-3.cms.asc: Likewise.
* tests/gpgsm/plain-large.cms.asc: Likewise.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/gpgsm/setup.scm: Likewise.
* tests/gpgsm/shell.scm: Likewise.
* tests/gpgsm/sign.scm: Likewise.
* tests/gpgsm/verify.scm: Likewise.
--
The certificates and keys are taken from GPGME's test suite.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agotests: Add macro managing ephemeral home directories.
Justus Winter [Tue, 20 Dec 2016 15:24:12 +0000 (16:24 +0100)]
tests: Add macro managing ephemeral home directories.

* tests/openpgp/defs.scm (with-ephemeral-home-directory): New macro.
* tests/openpgp/setup.scm: Use the new macro.

12 months agotests: Move argument parser.
Justus Winter [Tue, 20 Dec 2016 13:01:35 +0000 (14:01 +0100)]
tests: Move argument parser.

* tests/gpgme/gpgme-defs.scm (flag): Move...
* tests/gpgscm/tests.scm: ... over here.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agotests: Add missing encrypted sample, cleanup samples handling.
Justus Winter [Tue, 20 Dec 2016 12:57:05 +0000 (13:57 +0100)]
tests: Add missing encrypted sample, cleanup samples handling.

* tests/openpgp/Makefile.am (TEST_FILES): Add new file.
* tests/openpgp/defs.scm (plain-files): Add 'plain-large'.
(all-files): New variable.
(create-sample-files): New function.
(create-legacy-gpghome): Use new function.
* tests/openpgp/plain-large.asc: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agoPost release updates.
Werner Koch [Tue, 20 Dec 2016 11:07:23 +0000 (12:07 +0100)]
Post release updates.

--

12 months agoRelease 2.1.17 gnupg-2.1.17
Werner Koch [Tue, 20 Dec 2016 10:25:45 +0000 (11:25 +0100)]
Release 2.1.17

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agopo: Auto-update.
Werner Koch [Tue, 20 Dec 2016 10:20:41 +0000 (11:20 +0100)]
po: Auto-update.

--

12 months agopo: Update German translation.
Werner Koch [Tue, 20 Dec 2016 10:16:38 +0000 (11:16 +0100)]
po: Update German translation.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agosm: Remove wrong example from gpgsm --help.
Werner Koch [Tue, 20 Dec 2016 10:15:34 +0000 (11:15 +0100)]
sm: Remove wrong example from gpgsm --help.

* sm/gpgsm.c (opts): Remove group 303.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agopo: Update one English string in Japanese translation.
Werner Koch [Tue, 20 Dec 2016 10:00:31 +0000 (11:00 +0100)]
po: Update one English string in Japanese translation.

--

12 months agodoc: Update NEWS
Werner Koch [Tue, 20 Dec 2016 09:55:31 +0000 (10:55 +0100)]
doc: Update NEWS

--

12 months agobuild: Update distributed signature key.
Werner Koch [Tue, 20 Dec 2016 09:22:05 +0000 (10:22 +0100)]
build: Update distributed signature key.

--

This update is required because gniibe prolonged his key.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agodirmngr: New option --resolver-timeout.
Werner Koch [Tue, 20 Dec 2016 08:53:58 +0000 (09:53 +0100)]
dirmngr: New option --resolver-timeout.

* dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New.
(opt_timeout): New var.
(set_dns_timeout): New.
(libdns_res_open): Set the default timeout.
(libdns_res_wait): Use configurable timeout.
(resolve_name_libdns): Ditto.

* dirmngr/dirmngr.c (oResolverTimeout): New const.
(opts): New option --resolver-timeout.
(parse_rereadable_options): Set that option.
(main) <aGPGConfList>: Add --nameserver and --resolver-timeout.
* tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout
and --nameserver.

* dirmngr/http.c (connect_server): Fix yesterday introduced bug in
error diagnostic.
--

This timeout is a pretty crude thing because libdns has a few other
internal timeouts as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agodirmngr: Fix problems with the getsrv function.
Werner Koch [Mon, 19 Dec 2016 22:27:02 +0000 (23:27 +0100)]
dirmngr: Fix problems with the getsrv function.

* dirmngr/dns-stuff.c (opt_debug, opt_verbose): New vars.
(set_dns_verbose): New func.
(libdns_switch_port_p): Add debug output.
(resolve_dns_name): Ditto.
(get_dns_cert): Ditto.
(get_dns_cname): Ditto.
(getsrv_libdns, getsrv_standard): Change SRVCOUNT to an unsigend int.
(getsrv): Rename to ...
((get_dns_srv): this.  Add arg R_COUNT and return an error.  Add debug
output.
* dirmngr/http.c: Adjust for chnaged getsrv().
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Ditto.  Call set_dns_verbose.
* dirmngr/dirmngr.c (parse_rereadable_options): Call set_dns_verbose.
--

Due to our switch to Libdns getsrv didn't worked correctly because it
returned -1 for an NXDOMAIN.  However, it is perfectly okay to have no
SRV record and thus we change the way this function is called to be
aligned with the other functions and also map NXDOMAIN to a zero SRV
record count.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agobuild: Add target to sign the windows installer.
Werner Koch [Mon, 19 Dec 2016 17:34:24 +0000 (18:34 +0100)]
build: Add target to sign the windows installer.

* build-aux/speedo.mk (w32-sign-installer): New.
(AUTHENTICODE_KEY): New.
(installer-from-source): Use cp instead of mv.  Factor code out to ...
(MKSWDB_commands): new macro.
(sign-installer): New.
--

Obviously this is more convenient then doing this all by hand.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agotests: Use the common test framework for the migration tests.
Justus Winter [Mon, 19 Dec 2016 16:28:43 +0000 (17:28 +0100)]
tests: Use the common test framework for the migration tests.

* tests/migrations/Makefile.am (reqired_pgms): Add 'gpgscm'.
(TESTS_ENVIRONMENT): Populate.
(TESTS): Rename to 'XTESTS'.
(xcheck): New target.
(EXTRA_DIST): Add new files.
(CLEANFILES): Remove log files.
* tests/migrations/common.scm: Honor 'verbose', fix paths.
* tests/migrations/run-tests.scm: New file.
* tests/migrations/setup.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agotests: Use sequential test runner if only one test is given.
Justus Winter [Mon, 19 Dec 2016 16:23:56 +0000 (17:23 +0100)]
tests: Use sequential test runner if only one test is given.

* tests/openpgp/run-tests.scm: Use sequential test runner if only one
test is given.
--

This allows one to set the environment variable TESTFLAGS to
'--parallel' and enjoy faster test execution times without interfering
with stdio when one works on a single test.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agopo: Some updates to the German translation.
Werner Koch [Mon, 19 Dec 2016 15:29:44 +0000 (16:29 +0100)]
po: Some updates to the German translation.

--

12 months agotypo: Fix a string in do_we_trust_pre.
Werner Koch [Mon, 19 Dec 2016 15:27:21 +0000 (16:27 +0100)]
typo: Fix a string in do_we_trust_pre.

--

12 months agodirmngr,w32: Hack around a select problem.
Werner Koch [Mon, 19 Dec 2016 15:37:50 +0000 (16:37 +0100)]
dirmngr,w32: Hack around a select problem.

* dirmngr/dns.c (FD_SETSIZE): Bump up to 1024.
(dns_poll): Return an error instead of hitting an assertion failure.
--

For unknown reasons socket() return fd with values 244, 252, 268.  The
latter is above the FD_SETSIZE of 256.  It seems that select has been
build with a highler FD_SETSIZE limit.  Bump up to a reasonable large
value.

A better solution would be to grab some code from npth_eselect to
replace select.  We could also use npth_eselect direclty in
dns-stuff.c instead of using dns_res_poll.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agotest: Extend TOFU tests to also check the days with signatures.
Neal H. Walfield [Mon, 19 Dec 2016 14:59:56 +0000 (15:59 +0100)]
test: Extend TOFU tests to also check the days with signatures.

* tests/openpgp/tofu.scm (GPGTIME): Define the "standard" base time.
(faketime): New function.
(days->seconds): Likewise.
(GPG): Use faketime.
(check-counts): Also check the number of expected days with signatures
and encryptions.  Update callers.  Extend tests.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
12 months agodoc: Clarify that delkey deletes public keys.
Justus Winter [Mon, 19 Dec 2016 14:40:16 +0000 (15:40 +0100)]
doc: Clarify that delkey deletes public keys.

--
GnuPG-bug-id: 2878
Signed-off-by: Justus Winter <justus@g10code.com>
12 months agotests: New test for --delete-[secret-]keys.
Justus Winter [Mon, 19 Dec 2016 14:33:55 +0000 (15:33 +0100)]
tests: New test for --delete-[secret-]keys.

* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/defs.scm (keys): New variable.
(have-public-key?): New function.
(have-secret-key?): Likewise.
(have-secret-key-file?): Likewise.
* tests/openpgp/delete-keys.scm: New file.
* tests/openpgp/quick-key-manipulation.scm: Move the accessors to
'defs.scm'.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agogpgscm: Change associativity of ::.
Justus Winter [Mon, 19 Dec 2016 14:29:07 +0000 (15:29 +0100)]
gpgscm: Change associativity of ::.

* tests/gpgscm/scheme.c (mk_atom): Change associativity of the ::
infix-operator.  This makes it possible to naturally express accessing
nested structures (e.g. a::b::c).

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agogpgscm: Display location when assertions fail.
Justus Winter [Mon, 19 Dec 2016 14:28:07 +0000 (15:28 +0100)]
gpgscm: Display location when assertions fail.

* tests/gpgscm/lib.scm (assert): Use location information if
available.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agogpgscm: Make exception handling more robust.
Justus Winter [Mon, 19 Dec 2016 14:25:52 +0000 (15:25 +0100)]
gpgscm: Make exception handling more robust.

* tests/gpgscm/init.scm (throw'): Check that args is a list.

Signed-off-by: Justus Winter <justus@g10code.com>
12 months agospeedo,w32: Use nsExec::ExecToLog to avoid popups
Andre Heinecke [Mon, 19 Dec 2016 14:10:44 +0000 (15:10 +0100)]
speedo,w32: Use nsExec::ExecToLog to avoid popups

* build-aux/speedo/w32/inst.nsi: Use ExecToLog instead of
ExecWait.

--
nsExec is a standard nsis call to spawn a process and
wait for it to finish. ExecToLog redirects stdout and stderr
of the process call and adds it to the log window instead
of opening a temporary console window.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
12 months agoRemove unused debug flags and add "dns" and "network".
Werner Koch [Mon, 19 Dec 2016 08:41:15 +0000 (09:41 +0100)]
Remove unused debug flags and add "dns" and "network".

* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
* g10/gpg.c (debug_flags): Remove "cardio".
* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* agent/gpg-agent.c (debug_flags): Remove "command".
* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* scd/scdaemon.c (debug_flags): Remove "command".
* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
(DBG_NETWORK_VALUE, DNG_NETWORK): New.
* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
--

Note that "dns" and "network" are not yet used but will soon be added
to dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agodirmngr: Fix setup of libdns for W32.
Werner Koch [Sat, 17 Dec 2016 20:54:45 +0000 (21:54 +0100)]
dirmngr: Fix setup of libdns for W32.

* configure.ac (DNSLIB) {W32]: Add -liphlpapi.
* dirmngr/dns-stuff.c [W32]: Include iphlpapi.h and define
WIN32_LEAN_AND_MEAN.
(libdns_init) [W32]: Use GetNetworkParams to get the nameserver.
* dirmngr/t-dns-stuff.c (init_sockets): New.
(main): Call it.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agopo: Fix Japanese translation.
NIIBE Yutaka [Sat, 17 Dec 2016 07:29:44 +0000 (16:29 +0900)]
po: Fix Japanese translation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agopo: Update Japanese translation.
NIIBE Yutaka [Sat, 17 Dec 2016 05:35:36 +0000 (14:35 +0900)]
po: Update Japanese translation.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agodirmngr: Auto-switch from Tor port to Torbrowser port.
Werner Koch [Fri, 16 Dec 2016 20:56:23 +0000 (21:56 +0100)]
dirmngr: Auto-switch from Tor port to Torbrowser port.

* dirmngr/dns-stuff.c (libdns_tor_port): New var.
(set_dns_nameserver): Clear that var.
(libdns_init): Init var to the default port.
(libdns_switch_port_p): New func.
(resolve_dns_name): Use function to switch the port
(get_dns_cert): Ditto.
(getsrv): Ditto.
(get_dns_cname): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: Use one context for all libdns queries.
Werner Koch [Fri, 16 Dec 2016 20:00:14 +0000 (21:00 +0100)]
dirmngr: Use one context for all libdns queries.

* dirmngr/dns-stuff.c (libdns_reinit_pending): New var.
(enable_recursive_resolver): Set var.
(set_dns_nameserver): Ditto.
(libdns_init): Avoid double initialization.
(libdns_deinit): New.
(reload_dns_stuff): New.
(libdns_res_open): Act upon LIBDNS_REINIT_PENDING.
* dirmngr/t-dns-stuff.c (main): Call reload_dns_stuff to release
memory.
* dirmngr/dirmngr.c (cleanup): Ditto.
(dirmngr_sighup_action): Call reload_dns_stuff to set
LIBDNS_REINIT_PENDING.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: Pass Tor credentials to libdns.
Werner Koch [Fri, 16 Dec 2016 19:25:02 +0000 (20:25 +0100)]
dirmngr: Pass Tor credentials to libdns.

* dirmngr/dns-stuff.c (tor_credentials): Replace by ...
(tor_socks_user, tor_socks_password): new vars.
(enable_dns_tormode): Set these new vars.
(libdns_res_open): Tell libdns the socks credentials.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: Factor common libdns code out.
Werner Koch [Fri, 16 Dec 2016 19:09:27 +0000 (20:09 +0100)]
dirmngr: Factor common libdns code out.

* dirmngr/dns-stuff.c (libdns_res_open): New.  Replace all libdns_init
and dns-res_open by a call to this func.
(libdns_res_submit): New wrapper.  Replace all dns_res_sumbit calls.
(libdns_res_wait): New function.
(resolve_name_libdns): Replace loop by libdns_res_wait.
(get_dns_cert_libdns): Ditto.
(getsrv_libdns): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodoc: Wrap a too long line in DETAILS.
Werner Koch [Fri, 16 Dec 2016 18:03:28 +0000 (19:03 +0100)]
doc: Wrap a too long line in DETAILS.

--

13 months agogpg,sm: A few more option for --gpgconf-list.
Werner Koch [Fri, 16 Dec 2016 15:02:02 +0000 (16:02 +0100)]
gpg,sm: A few more option for --gpgconf-list.

* g10/gpg.c (gpgconf_list): Add --compliance and
--default-new-key-algo.
(parse_compliance_option):
* sm/gpgsm.c (main) <gpgconf-list>: Add --enable-crl-checks.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpgconf: New command --apply-profile.
Werner Koch [Fri, 16 Dec 2016 15:00:15 +0000 (16:00 +0100)]
gpgconf: New command --apply-profile.

* tools/gpgconf.c (aApplyProfile): New.
(opts): New command --apply-profile.
(main): Implement that command.
* tools/gpgconf-comp.c (option_check_validity): Add arg VERBATIM.
(change_options_program): Ditto.
(change_one_value): Ditto.
(gc_component_change_options): Ditto.
(gc_apply_profile): New.

--

Here is an example for a profile

--8<---------------cut here---------------start------------->8---
# foo.prf - Sample profile

[gpg]
compliance de-vs
default-new-key-algo brainpoolP256r1+brainpoolP256r1

[gpgsm]
enable-crl-checks

[gpg-agent]
default-cache-ttl 900
max-cache-ttl [] 3600
no-allow-mark-trusted
no-allow-external-cache
enforce-passphrase-constraints
min-passphrase-len 9
min-passphrase-nonalpha 0

[dirmngr]
keyserver hkp://keys.gnupg.net
allow-ocsp
--8<---------------cut here---------------end--------------->8---

Note that flags inside of brackets are allowed after the option name.
The only defined flag for now is "[default]".  In case the value
starts with a bracket, it is possible to insert "[]" as a nop-flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpgconf: Fix --apply-defaults.
Werner Koch [Fri, 16 Dec 2016 13:25:47 +0000 (14:25 +0100)]
gpgconf: Fix --apply-defaults.

* tools/gpgconf-comp.c: Skip pinentry also in process_all mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodoc: Mention extra information in pinentry status lines.
Justus Winter [Fri, 16 Dec 2016 14:58:14 +0000 (15:58 +0100)]
doc: Mention extra information in pinentry status lines.

* doc/DETAILS: Mention that 'PINENTRY_LAUNCHED may carry extra
information.

Fixes-commit: c1ea0b577a468030d2b006317ba27fc1746c4b14
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agosm: Fix agent communication.
Justus Winter [Fri, 16 Dec 2016 14:50:17 +0000 (15:50 +0100)]
sm: Fix agent communication.

* sm/call-agent.c (gpgsm_agent_pksign): Fix passing the control handle
to the callback.
(gpgsm_scd_pksign): Likewise.
(gpgsm_agent_reaedkey): Likewise.

GnuPG-bug-id: 2874
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agodoc: Fix manual.
Neal H. Walfield [Fri, 16 Dec 2016 13:55:54 +0000 (14:55 +0100)]
doc: Fix manual.

* doc/gpg.texi: Remove comment about options being parsed in-order.
They aren't.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 7572d27

13 months agog10: Use total days, not total messages to compute TOFU validity
Neal H. Walfield [Fri, 16 Dec 2016 13:49:10 +0000 (14:49 +0100)]
g10: Use total days, not total messages to compute TOFU validity

* g10/tofu.c (write_stats_status): Use the number of days with
signatures / encryptions to compute the validity, not the total number
of signatures / encryptions.
(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
(FULL_TRUST_THRESHOLD): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
13 months agog10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days>
Neal H. Walfield [Fri, 16 Dec 2016 13:32:27 +0000 (14:32 +0100)]
g10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days>

* doc/DETAILS: Add SIGN-DAYS and ENCRYPT-DAYS to the TOFU_STATS status
line.
* g10/tofu.c (write_stats_status): Take additional parameters
signature_days and encryption_days.  Update callers.  Include them in
the tfs record and TOFU status lines.
(show_statistics): Compute the number of days on which we saw a
message signed by FINGERPRINT, and the number of days on which we
encrypted a message to it.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
13 months agodoc: Improve section on unattended key generation.
Justus Winter [Fri, 16 Dec 2016 12:52:03 +0000 (13:52 +0100)]
doc: Improve section on unattended key generation.

* doc/gpg.texi: Improve the subsection on unattended key generation by
suggesting the quick key manipulation interface as an alternative, and
by suggesting alternatives to '%pubring' and '%secring'.  Simplify
examples accordingly.

GnuPG-bug-id: 2400
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agodoc: Add documentation for programmatic use of GnuPG.
Justus Winter [Fri, 16 Dec 2016 12:49:16 +0000 (13:49 +0100)]
doc: Add documentation for programmatic use of GnuPG.

* doc/gpg.texi: New subsections on programmatic use of GnuPG,
ephemeral home directories, and the quick key manipulation interface.

Signed-off-by: Justus Winter <justus@g10code.com>
13 months agog10: On a TOFU conflict, write the conflicting keys to the status fd
Neal H. Walfield [Wed, 7 Dec 2016 09:11:46 +0000 (10:11 +0100)]
g10: On a TOFU conflict, write the conflicting keys to the status fd

* g10/tofu.c (ask_about_binding): Emit all of the conflicting keys and
their statistics on the status fd.
(get_trust): Likewise, if we don't call ask_about_binding.
(show_statistics): Have the caller pass the policy as returned by
get_policy.  Add argument only_status_fd and don't emit any output on
stdout if it is set.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
13 months agog10: Add missing space.
Neal H. Walfield [Tue, 13 Dec 2016 08:16:54 +0000 (09:16 +0100)]
g10: Add missing space.

* g10/tofu.c (tofu_register_encryption): Add missing space.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
13 months agog10: Avoid translating simple error messages.
Justus Winter [Thu, 15 Dec 2016 15:06:49 +0000 (16:06 +0100)]
g10: Avoid translating simple error messages.

* g10/gpg.c (main): Avoid translating arguments to 'wrong_args'.
--
Translating these messages is a burden for translators, and we only
have translations for very few of them as it is.

If we want to localize these messages, I'd suggest to translate the
placeholders (e.g. 'filename').

Signed-off-by: Justus Winter <justus@g10code.com>
13 months agog10: Rework the --quick-* interface.
Justus Winter [Thu, 15 Dec 2016 14:32:51 +0000 (15:32 +0100)]
g10: Rework the --quick-* interface.

* g10/gpg.c (opts): Rename options.
(main): Update errors.
* doc/gpg.texi: Update accordingly.
--
I decided not to keep the old versions as aliases in the documentation
because the interface is a fairly recent addition.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agog10: Rename 'card-edit' to 'edit-card'.
Justus Winter [Thu, 15 Dec 2016 13:50:10 +0000 (14:50 +0100)]
g10: Rename 'card-edit' to 'edit-card'.

* g10/gpg.c (opts): Rename option.
* g10/call-agent.c (agent_scd_learn): Update comment.
* doc/gpg.texi: Update accordingly.
--
This change has a surprising side effect.  Previously, --edit was an
alias for --edit-key, because the argument parser actually accepts
unique prefixes of all options.  With this change, however, --edit is
ambiguous.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agog10: Spell out --desig-revoke.
Justus Winter [Thu, 15 Dec 2016 12:59:48 +0000 (13:59 +0100)]
g10: Spell out --desig-revoke.

* g10/gpg.c (opts): Rename option.
* doc/gpg.texi: Update accordingly.
--
This is a rather long name, but I believe that this command is rarely
used, and in places where it is used frequently, the process is likely
automated.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agog10: Shorten unreasonably long option.
Justus Winter [Thu, 15 Dec 2016 12:01:03 +0000 (13:01 +0100)]
g10: Shorten unreasonably long option.

* g10/gpg.c (opts): Rename 'generate-revocation-certificate' to
'generate-revocation'.
* doc/gpg.texi: Update accordingly.
* po: Update translations.

GnuPG-bug-id: 2700
Fixes-commit: ec1bd3ae685e95563e38077ab3c1655fd55dea07
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agodoc: Add aliases of all changed options.
Justus Winter [Thu, 15 Dec 2016 11:44:52 +0000 (12:44 +0100)]
doc: Add aliases of all changed options.

* doc/gpg.texi: Add the old version of every option that was updated
with the last change set.
* doc/gpgsm.texi: Likewise.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agodirmngr: First patch to re-enable Tor support.
Werner Koch [Thu, 15 Dec 2016 09:59:36 +0000 (10:59 +0100)]
dirmngr: First patch to re-enable Tor support.

* dirmngr/dns-stuff.c (SOCKS_PORT, TOR_PORT, TOR_PORT2): New
constants.
(libdns_init): Start adding tor support.
(resolve_name_libdns): Pass socks hosts to dns_res_open.
(get_dns_cert_libdns): Ditto.
(getsrv_libdns): Ditto.
(get_dns_cname_libdns): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agobuild: Fix distcheck.
Justus Winter [Thu, 15 Dec 2016 10:02:24 +0000 (11:02 +0100)]
build: Fix distcheck.

* tests/gpgme/Makefile.am (CLEANFILES): New variable, clean test logs.

Signed-off-by: Justus Winter <justus@g10code.com>
13 months agotests: Reuse GPGME's tests.
Justus Winter [Thu, 17 Nov 2016 12:11:48 +0000 (13:11 +0100)]
tests: Reuse GPGME's tests.

* configure.ac (AC_CONFIG_FILES): Add new Makefile.
* tests/Makefile.am (SUBDIRS): Add new directory.
* tests/gpgme/Makefile.am: New file.
* tests/gpgme/gpgme-defs.scm: Likewise.
* tests/gpgme/run-tests.scm: Likewise.
* tests/gpgme/setup.scm: Likewise.
* tests/gpgme/wrap.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
13 months agocommon: Support locating components in the build tree.
Justus Winter [Wed, 14 Dec 2016 13:18:22 +0000 (14:18 +0100)]
common: Support locating components in the build tree.

* common/homedir.c (gnupg_build_directory): New variable.
(gnupg_module_name_called): Likewise.
(gnupg_set_builddir): New function.
(gnupg_set_builddir_from_env): Likewise.
(gnupg_module_name): Support locating components in the build tree.
* common/util.h (gnupg_set_builddir): New prototype.
* tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent.
(tool): Rename to 'tool-hardcoded.
(gpg-conf): New function, with accessors for the results.
(gpg-components): New variable.
(tool): New function.
* tools/gpgconf.c (enum cmd_and_opt_values): New key.
(opts): New option '--build-prefix'.
(main): Handle new option.
--

This change makes sure that the components from the build tree are
used, and not some older installed version in PATH.  It also lets us
make GPGME use components from the build tree, making it possible to
execute GPGME's test suite with them.

Signed-off-by: Justus Winter <justus@g10code.com>
13 months agotests: Rework check for trust models.
Justus Winter [Wed, 14 Dec 2016 10:45:52 +0000 (11:45 +0100)]
tests: Rework check for trust models.

* tests/openpgp/defs.scm (gpg-has-option?): New function.
(have-opt-always-trust): Use a simpler test for that option.  This way
that is less distracting when we run the tests with verbose=3.

Signed-off-by: Justus Winter <justus@g10code.com>
13 months agocommon: Fix typo.
Justus Winter [Wed, 14 Dec 2016 10:35:44 +0000 (11:35 +0100)]
common: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agodirmngr: New configure option --disable-libdns.
Werner Koch [Wed, 14 Dec 2016 14:36:25 +0000 (15:36 +0100)]
dirmngr: New configure option --disable-libdns.

* configure.ac: Add option --disable-libdns
(USE_LIBDNS): New ac_subst and am_conditional.
(USE_C99_CFLAGS): Set only if libdns is used.
* dirmngr/Makefile.am (dirmngr_SOURCES): Move dns.c and dns.h to ...
(dirmngr_SOURCES) [USE_LIBDNS0: here.
(t_common_src): Ditto.
* dirmngr/dirmngr.c (oRecursiveResolver): New constant.
(opts): New option "--recursive-resolver".
(parse_rereadable_options): Set option.
* dirmngr/t-dns-stuff.c (main): Add option --recursive-resolver.
* dirmngr/server.c (cmd_getinfo): Depend output of "dnsinfo" on the
new variables.
* dirmngr/dns-stuff.c: Include dns.h only if USE_DNSLIB is defined.
Also build and call dnslib functions only if USE_DNSLIB is defined.
(recursive_resolver): New var.
(enable_recursive_resolver): New func.
(recursive_resolver_p): New func.
--

In case users run into problems building GnuPG, the configure option
allows to disable that support and continue w/o Tor support using the
system resolver.

--recursive-resolver was easy enough to implement and may be useful in
some situation.  It does not fully work, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: Implement CERT record lookup via libdns.
Werner Koch [Wed, 14 Dec 2016 13:11:33 +0000 (14:11 +0100)]
dirmngr: Implement CERT record lookup via libdns.

* dirmngr/dns-stuff.c (get_dns_cert_libdns): New.
(get_dns_cert_standard): Fix URL malloc checking.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: Implement CNAME and SRV record lookup via libdns.
Werner Koch [Wed, 14 Dec 2016 09:47:53 +0000 (10:47 +0100)]
dirmngr: Implement CNAME and SRV record lookup via libdns.

* dirmngr/dns-stuff.c (dns_free): New macro.
(libdns): Move var to the top.
(libdns_error_to_gpg_error): Map error codes to the new gpg-error
codes.
(resolve_name_libdns): Restructure code.
(getsrv_libdns): New.
(get_dns_cname_libdns): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: Fix bugs in the standard resolver code.
Werner Koch [Wed, 14 Dec 2016 09:30:29 +0000 (10:30 +0100)]
dirmngr: Fix bugs in the standard resolver code.

* dirmngr/dns-stuff.c: Include dirmngr-err.h to set the correct error
source.
(get_h_errno_as_gpg_error): New.
(get_dns_cert_libdns): Fix error code.
(getsrv_libdns): Add arg R_COUNT and return an error code.
(getsrv_standard): Ditto.  Fix handling of res_query errors and
provide the correct size for the return buffer.
(getsrv): Adjust for changed worker functions.
(get_dns_cname_standard): Fix handling of res_query errors and provide
the correct size for the return buffer.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: Require a c99 compiler
Werner Koch [Wed, 14 Dec 2016 09:21:16 +0000 (10:21 +0100)]
dirmngr: Require a c99 compiler

* configure.ac (USE_C99_CFLAGS): New ac_subst.  Set to -std=gnu99 for
gcc.
* dirmngr/Makefile.am (AM_CFLAGS): Add USE_C99_CFLAGS.
(t_http_CFLAGS): Ditto.
(t_ldap_parse_uri_CFLAGS): Ditto.
(t_dns_stuff_CFLAGS): Ditto.
--

C99 and the GCC option is required for use with dns.c which makes
heavy use of C99 features.  We should consider to switch GnuPG
entirely to C99 but enable gcc warnings to detect features which are
not supported by not-real-c99 compilers and which makes audits
harder (VLA etc.).

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodoc: Add license notes for libdns.
Werner Koch [Wed, 14 Dec 2016 10:11:17 +0000 (11:11 +0100)]
doc: Add license notes for libdns.

* COPYING.other: New.
* Makefile.am (EXTRA_DIST): Add it.
* AUTHORS: Add info on libdns.
* build-aux/speedo/w32/pkg-copyright.txt: Add license terms.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agocommon: Add replacements for error codes from gpg-error 1.26.
Werner Koch [Wed, 14 Dec 2016 09:09:08 +0000 (10:09 +0100)]
common: Add replacements for error codes from gpg-error 1.26.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: New libdns snapshot
Justus Winter [Mon, 12 Dec 2016 15:48:41 +0000 (16:48 +0100)]
dirmngr: New libdns snapshot

13 months agodirmngr: Add basic libdns support
Justus Winter [Mon, 5 Dec 2016 16:31:37 +0000 (17:31 +0100)]
dirmngr: Add basic libdns support

* dirmngr/dns.c: New file.
* dirmngr/dns.h: New file.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add new files.
* dirmngr/dns-stuff.c: Include dns.h.xxx use libdns
(libdns): New global var for the libdns state.
(libdns_error_to_gpg_error): New.
(libdns_init): New.
(resolve_name_libdns): New.
(get_dns_cert_libdns): New stub.
(getsrv_libdns): New stub.
(get_dns_cname_libdns): New stub.

Signed-off-by: Justus Winter <justus@g10code.com>
13 months agodirmngr,build: Remove support for ADNS.
Justus Winter [Thu, 8 Dec 2016 11:51:52 +0000 (12:51 +0100)]
dirmngr,build: Remove support for ADNS.

* autogen.rc: Remove '--with-adns' argument.
* configure.ac: Remove check for ADNS.
* dirmngr/dns-stuff.c: Remove all code that uses ADNS.
* dirmngr/server.c (cmd_getinfo): Update status line.
* doc/dirmngr.texi: Do not mention ADNS.
--

We used ADNS to support queries over Tor.  However, our patch to ADNS
that adds Tor support was never accepted upstream.  Furthermore, there
are other shortcomings that let us to consider alternatives.

Signed-off-by: Justus Winter <justus@g10code.com>
13 months agodirmngr: Improve ntbtls support.
NIIBE Yutaka [Wed, 14 Dec 2016 07:17:03 +0000 (16:17 +0900)]
dirmngr: Improve ntbtls support.

* dirmngr/http.c [HTTP_USE_NTBTLS] (close_tls_session): Release.
(send_request): Call ntbtls_set_transport.
(cookie_read, cookie_write): Implement.
(cookie_close): Add initial implementation for ntbtls.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agog10,sm: Spell out --passwd.
Justus Winter [Tue, 13 Dec 2016 16:49:47 +0000 (17:49 +0100)]
g10,sm: Spell out --passwd.

* g10/gpg.c (opts): Spell out option.
* sm/gpgsm.c (opts): Likewise.
* doc/gpg.texi: Update accordingly.
* doc/gpgsm.texi: Likewise.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agog10: Spell out --gen-revoke.
Justus Winter [Tue, 13 Dec 2016 16:43:22 +0000 (17:43 +0100)]
g10: Spell out --gen-revoke.

* g10/gpg.c (opts): Spell out option.
* doc/gpg.texi: Update accordingly.
* po: Update translations.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>
13 months agog10: Spell out --full-gen-key.
Justus Winter [Fri, 9 Dec 2016 14:10:39 +0000 (15:10 +0100)]
g10: Spell out --full-gen-key.

* g10/gpg.c (opts): Spell out option.
(main): Likewise.
* g10/keygen.c (generate_keypair): Likewise.
* doc/gpg.texi: Update accordingly.

GnuPG-bug-id: 2700
Signed-off-by: Justus Winter <justus@g10code.com>