gnupg.git
17 months agoRelease 2.1.20 gnupg-2.1.20
Werner Koch [Mon, 3 Apr 2017 18:59:47 +0000 (20:59 +0200)]
Release 2.1.20

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agodirmngr: New option --disable-ipv6
Werner Koch [Mon, 3 Apr 2017 18:56:12 +0000 (20:56 +0200)]
dirmngr: New option --disable-ipv6

* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agodirmngr,w32: Silence the 'certificate already cached' message.
Werner Koch [Mon, 3 Apr 2017 18:34:13 +0000 (20:34 +0200)]
dirmngr,w32: Silence the 'certificate already cached' message.

* dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info
message.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agodirmngr: Handle EIO which is sometimes returned by cookie functions.
Werner Koch [Mon, 3 Apr 2017 18:23:18 +0000 (20:23 +0200)]
dirmngr: Handle EIO which is sometimes returned by cookie functions.

* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO.
--

Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agodirmngr: Always print a warning for a missing /etc/hosts.
Werner Koch [Mon, 3 Apr 2017 18:20:27 +0000 (20:20 +0200)]
dirmngr: Always print a warning for a missing /etc/hosts.

* dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a
missing /etc/hosts.
--

My last comment on this was flawed.  Windows seems to always have its
version of /etc/hosts.  Only the en passant fixed bad escaping led me
assume that this was the case.  Thanks to Andre for complaining about
my comment remark.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agodirmngr: Do not assume that /etc/hosts exists.
Werner Koch [Mon, 3 Apr 2017 17:10:50 +0000 (19:10 +0200)]
dirmngr: Do not assume that /etc/hosts exists.

* dirmngr/dns-stuff.c (libdns_init): Do not bail out.
--

A standard Windows installation does not have a hosts file and thus we
can't bail out here.  We should also not bail out on a Unix system
because /etc/hosts is just one method in  nsswitch.conf.

Fixes-commit: 88f1505f0613894d5544290a170119eb538921e5
Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agopo: Auto-update.
Werner Koch [Mon, 3 Apr 2017 15:12:26 +0000 (17:12 +0200)]
po: Auto-update.

--

17 months agopo: Update the German translation
Werner Koch [Mon, 3 Apr 2017 15:11:24 +0000 (17:11 +0200)]
po: Update the German translation

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agopo: Update Russian translation
Ineiev [Mon, 3 Apr 2017 15:03:36 +0000 (17:03 +0200)]
po: Update Russian translation

--

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agodoc: Add two example profiles.
Werner Koch [Mon, 3 Apr 2017 14:53:01 +0000 (16:53 +0200)]
doc: Add two example profiles.

--

17 months agogpgconf: Add --enable-extended-key-format for the agent.
Werner Koch [Mon, 3 Apr 2017 14:52:37 +0000 (16:52 +0200)]
gpgconf: Add --enable-extended-key-format for the agent.

* tools/gpgconf-conf.c: Add option.
* agent/gpg-agent.c (main) <aGPGConfList>: Add option.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpgscm: Slightly improve the procedure dispatch.
Justus Winter [Thu, 30 Mar 2017 10:19:01 +0000 (12:19 +0200)]
gpgscm: Slightly improve the procedure dispatch.

* tests/gpgscm/scheme.c (procnum): Procedures always have an integer
number, so we can safely use the cheaper 'ivalue_unchecked'.

Signed-off-by: Justus Winter <justus@g10code.com>
17 months agogpg: Handle critical marked 'Reason for Revocation'.
Werner Koch [Mon, 3 Apr 2017 06:51:52 +0000 (08:51 +0200)]
gpg: Handle critical marked 'Reason for Revocation'.

* g10/parse-packet.c (can_handle_critical): Add
SIGSUBPKT_REVOC_REASON.
--

Some software seems to mark that subpacket as criticial.  Although gpg
has no special treatment for a revocation reasons (except for
--list-packets) we can accept a criticial marked anyway.  There are no
mandatary rules specified on how to handle a revocation reason.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agoagent: Use OCB for key protection with --enable-extended-key-format.
Werner Koch [Sun, 2 Apr 2017 18:02:55 +0000 (20:02 +0200)]
agent: Use OCB for key protection with --enable-extended-key-format.

* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
(agent_protect): Make the default protection mode depend on the extend
key format option.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agokbx: Unify blob reading functions.
Werner Koch [Sat, 1 Apr 2017 09:10:47 +0000 (11:10 +0200)]
kbx: Unify blob reading functions.

* kbx/keybox-file.c (_keybox_read_blob): Remove.
(_keybox_read_blob2): Rename to ....
(_keybox_read_blob): this.  Make arg options.  Change all callers.
* kbx/keybox-search.c (keybox_search): Factor fopen call out to ...
(open_file): new.
(keybox_seek): Als use open_file.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Avoid multiple open calls to the keybox file.
Werner Koch [Fri, 31 Mar 2017 18:44:05 +0000 (20:44 +0200)]
gpg: Avoid multiple open calls to the keybox file.

* g10/keydb.h (KEYDB_HANDLE): Move typedef to ...
* g10/gpg.h: here.
(struct server_control_s): Add field 'cached_getkey_kdb'.
* g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle.
* g10/getkey.c (getkey_end): Cache keydb handle.
(get_pubkey): Use cached keydb handle.
* kbx/keybox-search.c (keybox_search_reset): Use lseek instead of
closing the file.
--

Before this patch a "gpg --check-sigs" opened and closed the keybox
file for almost every signature check.  By caching the keydb handle
and using lseek(2) this can be limited to just 2 times.  This might
speed up things on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Pass CTRL also to getkey_end.
Werner Koch [Fri, 31 Mar 2017 18:35:28 +0000 (20:35 +0200)]
gpg: Pass CTRL also to getkey_end.

* g10/getkey.c (getkey_end): Add arg CTRL.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Print more stats for the keydb and the signature cache.
Werner Koch [Fri, 31 Mar 2017 18:03:43 +0000 (20:03 +0200)]
gpg: Print more stats for the keydb and the signature cache.

* g10/sig-check.c (sig_check_dump_stats): New.
(cache_stats): New struct.
(check_key_signature2): Update stats.
* g10/gpg.c (g10_exit): Call new function.
* g10/keydb.c (kid_not_found_cache_count): Replace by ...
(kid_not_found_stats): ... new struct.  Change users.
(keydb_stats): New struct.  Update the counters.
(keydb_dump_stats): Print all stats.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Assert that an opaque parameter is really what we expect.
Werner Koch [Fri, 31 Mar 2017 18:06:54 +0000 (20:06 +0200)]
gpg: Assert that an opaque parameter is really what we expect.

* g10/gpg.h (SERVER_CONTROL_MAGIC): New const.
(server_control_s): Add field 'magic'.
* g10/gpg.c (gpg_init_default_ctrl): Init MAGIC.
* g10/import.c (impex_filter_getval): Assert MAGIC.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Pass CTRL to many more functions.
Werner Koch [Fri, 31 Mar 2017 18:03:52 +0000 (20:03 +0200)]
gpg: Pass CTRL to many more functions.

--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Consistent use of preprocessor conditionals.
Justus Winter [Thu, 30 Mar 2017 10:35:18 +0000 (12:35 +0200)]
gpg: Consistent use of preprocessor conditionals.

* g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking
DEBUG_PARSE_PACKET.  This fixes the build with '#define
DEBUG_PARSE_PACKET 0'.

Signed-off-by: Justus Winter <justus@g10code.com>
17 months agocommon: Avoid undefined behavior.
Justus Winter [Thu, 30 Mar 2017 13:44:35 +0000 (15:44 +0200)]
common: Avoid undefined behavior.

* common/iobuf.c (iobuf_read_line): Do not consider 'length' if
'buffer' is NULL.

Signed-off-by: Justus Winter <justus@g10code.com>
17 months agogpg: Remove the use of the signature information from a KBX.
Werner Koch [Thu, 30 Mar 2017 13:18:45 +0000 (15:18 +0200)]
gpg: Remove the use of the signature information from a KBX.

* g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
(keyblock_cache_clear): Adjust for that removal.
(parse_keyblock_image): Remove arg SIGSTATUS.  Remove the signature
cache setting; this is now done in the parser.
(keydb_get_keyblock): Do not set SIGSTATUS.
(build_keyblock_image): Remove arg SIGSTATUS and simplify.  Change
caller.
* kbx/keybox-blob.c: Explain that the signature information is not
anymore used.
(_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
callers.
* kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
and change callers.
* kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
--

This thing was too complicated and has been replaced by the new ring
trust packet code.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Fix actual leak and possible leaks in the packet parser.
Werner Koch [Thu, 30 Mar 2017 14:01:52 +0000 (16:01 +0200)]
gpg: Fix actual leak and possible leaks in the packet parser.

* g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
pointer to its struct.
(init_parse_packet): Adjust for LAST_PKT not being a pointer.
* g10/parse-packet.c (parse): Ditto. Free the last packet before
storing a new one in case of a deep link.
(parse_ring_trust): Adjust for LAST_PKT not being a pointer.
* g10/free-packet.c (free_packet): Ditto.
* g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
--

Fixes-commit: afa86809087909a8ba2f9356588bf90cc923529c
Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Fix export porting of zero length user ID packets.
Werner Koch [Thu, 30 Mar 2017 08:35:20 +0000 (10:35 +0200)]
gpg: Fix export porting of zero length user ID packets.

* g10/build-packet.c (do_user_id): Avoid indeterminate length header.
--

We are able to import such user ids but when exporting them the
exported data could not be imported again because the parser bails out
on invalid keyrings.  This is now fixed and should be backported.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Revamp reading and writing of ring trust packets.
Werner Koch [Thu, 30 Mar 2017 07:07:02 +0000 (09:07 +0200)]
gpg: Revamp reading and writing of ring trust packets.

* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this.  Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META.  Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants.  They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto.  Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta.  Remove special treatment
of ring trust packets and initialization of the signature caches.
--

This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes.  Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.

Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".

The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately.  Thus only the parser sees
the ring trust packets.  Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet.  That
function writes a ring trust packet when the needed information is
available.

As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Extend free_packet to handle a packet parser context.
Werner Koch [Wed, 29 Mar 2017 09:57:40 +0000 (11:57 +0200)]
gpg: Extend free_packet to handle a packet parser context.

* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
FREE_LAST_PKT.
(init_parse_packet): Clear them.
(deinit_parse_packet): New macro.  Change all users if
init_parse_packet to also call this macro.
* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
packet copies in the context.  Change all callers.
* g10/parse-packet.c (parse): Store certain packets in the parse
context.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agoindent: Re-indent function free-packet.
Werner Koch [Wed, 29 Mar 2017 09:28:30 +0000 (11:28 +0200)]
indent: Re-indent function free-packet.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Change parse_packet to take a context.
Werner Koch [Wed, 29 Mar 2017 08:02:40 +0000 (10:02 +0200)]
gpg: Change parse_packet to take a context.

* g10/packet.h (struct parse_packet_ctx_s): New.
(parse_packet_ctx_t): New type.
(init_parse_packet): New macro.
* g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
a parse context.  Change all callers to provide a context instead of
directly supplying the input stream.
(search_packet, dbg_search_packet): Ditto.
(copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
(copy_some_packets, dbg_copy_some_packets): Ditto.
(skip_some_packets, dbg_skip_some_packets): Ditto.
--

We will need this change to handle ring packets inside the parser.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agogpg: Export ring trust packets in backup mode.
Werner Koch [Wed, 29 Mar 2017 06:44:52 +0000 (08:44 +0200)]
gpg: Export ring trust packets in backup mode.

* g10/export.c (write_keyblock_to_output): Export ring trust packets.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agoindent: Re-indent parts of build-packet.c
Werner Koch [Wed, 29 Mar 2017 06:43:04 +0000 (08:43 +0200)]
indent: Re-indent parts of build-packet.c

--

17 months agotests,w32: Fix importing the extra key for GPGME's keylist test.
Justus Winter [Tue, 28 Mar 2017 14:51:18 +0000 (16:51 +0200)]
tests,w32: Fix importing the extra key for GPGME's keylist test.

* tests/gpgme/wrap.scm: Qualify the tests name with the extension for
executables (if any).

Signed-off-by: Justus Winter <justus@g10code.com>
17 months agogpg: Prepare for listing last_update and key origin data.
Werner Koch [Tue, 28 Mar 2017 07:37:18 +0000 (09:37 +0200)]
gpg: Prepare for listing last_update and key origin data.

* g10/keylist.c (list_keyblock_colon): Add empty fields 19 and 20.

--

We add them now to early catch error in parsers which arbitrary limit
the number of fields in --with-colon listings.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agotests: Fix distcheck.
Justus Winter [Tue, 28 Mar 2017 10:22:18 +0000 (12:22 +0200)]
tests: Fix distcheck.

* tests/openpgp/Makefile.am (sample_msgs): Add all missing sample
messages.

Fixes-commit: 211d71f19c24da94f4c58014606125c1a29d86a2
Signed-off-by: Justus Winter <justus@g10code.com>
17 months agotests: Add test for '--decrypt --unwrap'.
Justus Winter [Tue, 28 Mar 2017 10:07:32 +0000 (12:07 +0200)]
tests: Add test for '--decrypt --unwrap'.

* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/decrypt-unwrap-verify.scm: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
17 months agog10: Fix memory leak.
Justus Winter [Tue, 28 Mar 2017 10:10:28 +0000 (12:10 +0200)]
g10: Fix memory leak.

* g10/decrypt-data.c (decrypt_data): Free 'filename'.

Signed-off-by: Justus Winter <justus@g10code.com>
17 months agocommon: Fix connecting to the agent.
Justus Winter [Mon, 27 Mar 2017 14:14:20 +0000 (16:14 +0200)]
common: Fix connecting to the agent.

* common/homedir.c (_gnupg_socketdir_internal): Fix error handling.
--

Prior to 26086b36 the non-existance of the socket directory was
considered an error if a non-default home directory is used.  Since
26086b36 we now create the directory on demand, but the function still
returned the fallback path.  This made the agent bind the socket in
the socket directory, and the client trying to connect to the socket
in the home directory.

Fixes-commit: 26086b362ff47d21b1abefaf674a6464bf0a8921
Signed-off-by: Justus Winter <justus@g10code.com>
17 months agog10: Support specifying SERIALNO for --card-status.
NIIBE Yutaka [Mon, 27 Mar 2017 05:02:01 +0000 (14:02 +0900)]
g10: Support specifying SERIALNO for --card-status.

* g10/gpg.c (main): Allow an argument for --card-status.
* g10/card-util.c (current_card_status): Rename from card_status.
(card_status): New, which supports multiple cards.
(get_one_name): Use current_card_status.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: Change the order of applications when accessed.
NIIBE Yutaka [Mon, 27 Mar 2017 04:56:02 +0000 (13:56 +0900)]
scd: Change the order of applications when accessed.

* scd/app.c (select_application): Move the app to top.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agoscd: Fix timeout handling for key generation.
NIIBE Yutaka [Mon, 27 Mar 2017 02:25:00 +0000 (11:25 +0900)]
scd: Fix timeout handling for key generation.

* scd/ccid-driver.c (CCID_CMD_TIMEOUT): Back to original value.
(CCID_CMD_TIMEOUT_LONGER): New.
(ccid_transceive): Add kludge for key generation.

--

At key generation of longer key size, OpenPGP card sends back "time
extension" with BWI=100, which is unusual value in the protocol and it
actually requires host having longer timeout like 43 seconds.

Reported-by: Szczepan Zalega <szczepan@nitrokey.com>
Fixes-commit: 6510df3a7cd2b5bf44fac1e4d50ee54b8c897daa
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
17 months agogpg: Improve check for already compressed packets.
Werner Koch [Fri, 24 Mar 2017 10:51:44 +0000 (11:51 +0100)]
gpg: Improve check for already compressed packets.

* common/miscellaneous.c (is_openpgp_compressed_packet): New.
(is_file_compressed): Rerad 2 more bytes and call new function.

--

Note that this does not yet allow to detect compressed data piped to
gpg.  This requires a proper read-ahead in iobuf.c which is
complicated due to the auto-removal of filter functions.  Thus such an
read-ahead needs to be done in the I/O backend of iobuf.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agoagent: New option --enable-extended-key-format.
Werner Koch [Fri, 24 Mar 2017 09:30:17 +0000 (10:30 +0100)]
agent: New option --enable-extended-key-format.

* agent/gpg-agent.c (oEnableExtendedKeyFormat): New const.
(opts): New option --enable-extended-key-format.
(parse_rereadable_options): Set option
* agent/findkey.c (write_extended_private_key): Add arg 'update'.
(agent_write_private_key): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
17 months agoagent: New option --stub-only for DELETE_KEY
Werner Koch [Fri, 24 Mar 2017 08:02:02 +0000 (09:02 +0100)]
agent: New option --stub-only for DELETE_KEY

* agent/findkey.c (agent_delete_key): Add arg 'only_stubs'.
* agent/command.c (cmd_delete_key): Add option --stub-only.
--

This option can be used to savely remove stub keys.

18 months agocommon: Implicitly do a gpgconf --create-socketdir.
Werner Koch [Thu, 23 Mar 2017 08:38:19 +0000 (09:38 +0100)]
common: Implicitly do a gpgconf --create-socketdir.

* common/homedir.c (_gnupg_socketdir_internal): Create the
sub-directory.
--

Although there is no auto cleanup (yet) this should be helpful.  Let's
see whether possibly leaving stale directories around is better than
running into trouble when --create-socketdir was not used.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agotests: Use gpgconf to stop the agent.
Werner Koch [Thu, 23 Mar 2017 10:45:17 +0000 (11:45 +0100)]
tests: Use gpgconf to stop the agent.

* tests/openpgp/defs.scm (stop-agent): Swap order of actions.  Kill
all daemons using gpgconf.
* tools/gpgconf.c (main) <aRemoveSocketDir>: Try to remove known
socketfails on rmdir failure.  Do no fail for ENONET.
--

Killing all daemons is not really required but it does not harm to be
prepared for the future.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agogpgscm: Make test cleanup more robust.
Justus Winter [Thu, 23 Mar 2017 09:55:34 +0000 (10:55 +0100)]
gpgscm: Make test cleanup more robust.

* tests/gpgscm/tests.scm (mkdtemp-autoremove): New function that
cleans up at interpreter shutdown.
(run-tests-parallel): Use the new function.
(run-tests-sequential): Likewise.
(make-environment-cache): Execute setup with an temporary working
directory.
--

Make sure to remove all resources created in the filesystem even if
the test runner is interrupted.  Make sure to remove anything that the
setup script creates.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agotests: Test '--quick-set-primary-uid'.
Justus Winter [Tue, 21 Mar 2017 15:21:49 +0000 (16:21 +0100)]
tests: Test '--quick-set-primary-uid'.

* tests/openpgp/quick-key-manipulation.scm: Test
'--quick-set-primary-uid'.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agotests,w32: Use GetTempPath to get the path for temporary files.
Justus Winter [Tue, 21 Mar 2017 14:52:47 +0000 (15:52 +0100)]
tests,w32: Use GetTempPath to get the path for temporary files.

* tests/gpgscm/ffi.c (do_get_temp_path): New function.
(ffi_init): Make function available.
* tests/gpgscm/tests.scm (mkdtemp): Use the new function.

Fixes-commit: 06f1f163e96f1039304fd3cf565cf9de1ca45849
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agogpg: New command --quick-set-primary-uid.
Werner Koch [Tue, 21 Mar 2017 13:47:21 +0000 (14:47 +0100)]
gpg: New command --quick-set-primary-uid.

* g10/gpg.c (aQuickSetPrimaryUid): New const.
(opts): New command --quick-set-primary-uid.
(main): Implement it.
* g10/keyedit.c (keyedit_quick_adduid): Factor some code out to ...
(quick_find_keyblock): new func.
(keyedit_quick_revuid): Use quick_find_keyblock.
(keyedit_quick_set_primary): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agodirmngr: Fix error handling.
Justus Winter [Tue, 21 Mar 2017 13:22:13 +0000 (14:22 +0100)]
dirmngr: Fix error handling.

* dirmngr/dns-stuff.c (libdns_init): Convert error before printing it.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agodirmngr: Load the hosts file into libdns.
Justus Winter [Tue, 21 Mar 2017 13:18:25 +0000 (14:18 +0100)]
dirmngr: Load the hosts file into libdns.

* dirmngr/dns-stuff.c (libdns_init): Actually load the hosts file into
libdns.
--

Previously, connecting to key servers specified in /etc/hosts was not
possible because libdns' hosts structure was initialized, but not
filled with the content of the hosts file.

GnuPG-bug-id: 2977
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agotests: Create temporary directories in '/tmp'.
Justus Winter [Tue, 21 Mar 2017 12:15:38 +0000 (13:15 +0100)]
tests: Create temporary directories in '/tmp'.

* tests/gpgscm/tests.scm (mkdtemp): Create temporary directories in
'/tmp' on UNIX, or in '%Temp' on Windows.
* tests/migrations/common.scm (run-test): Turn error into a warning.
* tests/openpgp/defs.scm (start-agent): Likewise.
--

This fixes the problem of GnuPG components being unable to communicate
because of too long GnuPG home directories in important build
environments like the Debian build servers despite the use of socket
directories.

This reverts d75d20909d9f60d33ffd210def92278c0f383aad.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agotests: Remove debugging remnants.
Justus Winter [Mon, 20 Mar 2017 09:23:55 +0000 (10:23 +0100)]
tests: Remove debugging remnants.

* tests/gpgme/gpgme-defs.scm (run-python-tests?): Remove 'trace's.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agotests: Fail if we cannot create the socket directory.
Justus Winter [Mon, 20 Mar 2017 11:21:43 +0000 (12:21 +0100)]
tests: Fail if we cannot create the socket directory.

* tests/migrations/common.scm (run-test): Turn warning into an error.
* tests/openpgp/defs.scm (start-agent): Likewise.
--

We use separate directories to create the sockets in so that the
absolute path to the every socket fits into sun_path.

Fixes-commit: 7e19786a5ddef637d1d9d21593fecf5a36b6f372
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agogpg: Add new field no 18 to the colon listing.
Werner Koch [Mon, 20 Mar 2017 09:09:40 +0000 (10:09 +0100)]
gpg: Add new field no 18 to the colon listing.

* g10/misc.c (gnupg_pk_is_compliant): New.
* g10/keylist.c (print_compliance_flags): New.
(list_keyblock_colon): Call it here.
* sm/keylist.c (print_compliance_flags): New.
(list_cert_colon): Call it here.
--

This patch is to convey information about DE_VS compliant keys to the
caller.  The double digit value is used so that parsers do the right
thing and don't just look for a single digit.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agogpg: Remove unused stuff.
Werner Koch [Mon, 20 Mar 2017 07:38:54 +0000 (08:38 +0100)]
gpg: Remove unused stuff.

* g10/OPTIONS: Remove.
* g10/options.h (struct opt): Remove 'shm_coprocess'.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agotests: Add test for issue 2959.
Neal H. Walfield [Fri, 17 Mar 2017 18:31:09 +0000 (19:31 +0100)]
tests: Add test for issue 2959.

* tests/openpgp/tofu.scm: Add test for --tofu-default-policy=ask.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
18 months agogpg: Make sure the conflict set includes the current key.
Neal H. Walfield [Fri, 17 Mar 2017 12:36:51 +0000 (13:36 +0100)]
gpg: Make sure the conflict set includes the current key.

* g10/tofu.c (get_trust): Sanity check CONFLICT_SET after calling
get_policy.  If POLICY is 'auto' and the default policy is 'ask', make
sure CONFLICT_SET includes the current key.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2959
Debian-bug-id: 854829

Signed-off-by: Neal H. Walfield <neal@g10code.com>
18 months agodirmngr: Ignore warning alerts in the GNUTLS handshake.
Werner Koch [Fri, 17 Mar 2017 11:46:09 +0000 (12:46 +0100)]
dirmngr: Ignore warning alerts in the GNUTLS handshake.

* dirmngr/http.c (send_request) [GNUTLS]: Don't bail out on warning
alerts.
--

GnuPG-bug-id: 2833
Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agogpgscm: Simplify hash tables.
Justus Winter [Thu, 16 Mar 2017 16:18:01 +0000 (17:18 +0100)]
gpgscm: Simplify hash tables.

* tests/gpgscm/scheme.c (oblist_add_by_name): We now always get a
slot.  Simplify accordingly.
(oblist_find_by_name): Always return the slot.
(vector_elem_slot): New function.
(new_slot_spec_in_env): We now always get a slot.  Remove parameter
'env'.  Simplify accordingly.
(find_slot_spec_in_env): Always return a slot.
(new_slot_in_env): Adapt callsite.
(opexe_0): Likewise.
(opexe_1): Likewise.
(scheme_define): Likewise.
--

Now that the ill-devised immediate values framework is gone, there is
no need to tag the pointers in vectors anymore.  Therefore, we can
always return a pointer to the slot in the hash table lookup
functions.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agogpgscm: Remove framework for immediate values.
Justus Winter [Thu, 16 Mar 2017 15:58:00 +0000 (16:58 +0100)]
gpgscm: Remove framework for immediate values.

* tests/gpgscm/scheme.c (IMMEDIATE_TAG): Remove macro.
(is_immediate): Likewise.
(set_immediate): Likewise.
(clr_immediate): Likewise.
(enum scheme_types): Set the LSB in every value.
(fill_vector): Adapt.
(vector_elem): Likewise.
(set_vector_elem): Likewise.
(mark): Likewise.
(gc): Test for the LSB to tell typeflags apart from pointers stored in
the same memory location.
--

Supporting immediate values would require invasive changes to the
interpreter and is likely not worth the trouble.  On the other hand,
tagging pointers in vectors complicated the hash table implementation
needlessly.  Therefore, I remove this again.

This fixes a crash on big endian architectures.

GnuPG-bug-id: 2996
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agoagent,g10: Remove redundant SERIALNO request.
NIIBE Yutaka [Thu, 16 Mar 2017 05:32:51 +0000 (14:32 +0900)]
agent,g10: Remove redundant SERIALNO request.

* agent/learncard.c (agent_handle_learn): Don't call
agent_card_serialno.  Get the serialno in status response.
* g10/call-agent.c (agent_scd_learn): Don't request "SCD SERIALNO".
(agent_scd_serialno): New.
(card_cardlist_cb, agent_scd_cardlist): New.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agotests: Fix using tools from the build directory.
Justus Winter [Wed, 15 Mar 2017 13:36:27 +0000 (14:36 +0100)]
tests: Fix using tools from the build directory.

* tests/openpgp/defs.scm (gpg-conf'): Explicitly pass the build prefix
to gpgconf here...
(gpg-components): ... instead of only here.
--

Previously, gpgconf was not invoked with '--build-prefix' when
changing the configuration.  This made tests using this facility fail
(e.g. the TOFU test).  This only affected release builds, because in
development builds gpgconf picks up the build prefix from the
environment.

GnuPG-bug-id: 2979
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agotests: Dump the tools that the tests are going to use.
Justus Winter [Wed, 15 Mar 2017 11:34:04 +0000 (12:34 +0100)]
tests: Dump the tools that the tests are going to use.

* tests/openpgp/setup.scm: Dump the tools that the tests are going to
use.  This will help us diagnose problems with the tests picking the
wrong paths in the future.

GnuPG-bug-id: 2979
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agobuild: Remove '--disable-tools' configuration option.
Justus Winter [Wed, 15 Mar 2017 09:51:03 +0000 (10:51 +0100)]
build: Remove '--disable-tools' configuration option.

* Makefile.am (SUBDIRS): Unconditionally include 'tools'.
* configure.ac: Remove '--disable-tools' configuration option.
--
gpgconf is a core component nowadays and is always required.

GnuPG-bug-id: 2993
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agog10: Fix check of serialno.
NIIBE Yutaka [Wed, 15 Mar 2017 07:50:48 +0000 (16:50 +0900)]
g10: Fix check of serialno.

* g10/card-util.c (card_status): Fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agog10: Remove unused function.
NIIBE Yutaka [Wed, 15 Mar 2017 07:48:01 +0000 (16:48 +0900)]
g10: Remove unused function.

* g10/call-agent.c (select_openpgp): Remove.

--

By this change, the function get_serialno_cb will be also unused.  But
please don't remove the function, because it will be soon used.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agotests: Fix running python condition.
NIIBE Yutaka [Wed, 15 Mar 2017 07:45:18 +0000 (16:45 +0900)]
tests: Fix running python condition.

* tests/gpgme/gpgme-defs.scm (run-python-tests?): We need Python.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agotests: Skip Python tests if the bindings are not built.
Justus Winter [Tue, 14 Mar 2017 11:45:29 +0000 (12:45 +0100)]
tests: Skip Python tests if the bindings are not built.

* tests/gpgme/wrap.scm (python): Move variable...
* tests/gpgme/gpgme-defs.scm (python): ... here.
(run-python-tests?): New function.
* tests/gpgme/run-tests.scm: Only run Python tests if the bindings can
be located in GPGME's build directory.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agodoc: Explain in README how to create /run/user directories.
Werner Koch [Tue, 14 Mar 2017 11:34:23 +0000 (12:34 +0100)]
doc: Explain in README how to create /run/user directories.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agogpg: Flush stdout before printing stats with --check-sigs.
Werner Koch [Mon, 13 Mar 2017 16:42:08 +0000 (17:42 +0100)]
gpg: Flush stdout before printing stats with --check-sigs.

* g10/keylist.c (print_signature_stats): Flush stdout.
(list_keyblock_colon): Use es_flush instead of fflush.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agotests: Run the tests for the Python bindings of GPGME.
Justus Winter [Thu, 9 Mar 2017 13:33:02 +0000 (14:33 +0100)]
tests: Run the tests for the Python bindings of GPGME.

* tests/gpgme/gpgme-defs.scm (create-file): Write lines.
(create-gpgmehome): Extend function to create the right environment
for the Python tests.
* tests/gpgme/run-tests.scm: Make an environment cache for the Python
tests and enable them.
* tests/gpgme/wrap.scm: Do not hardcode the path of the Python
interpreter.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agotests: Rework environment setup.
Justus Winter [Thu, 9 Mar 2017 12:26:06 +0000 (13:26 +0100)]
tests: Rework environment setup.

* tests/gpgscm/tests.scm (test::scm): Add a setup argument.
(test::binary): Likewise.
(run-tests-parallel): Remove setup parameter.
(run-tests-sequential): Likewise.
(make-environment-cache): New function that handles the cache
protocol.
* tests/gpgme/run-tests.scm: Adapt accordingly.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.
--
This change allows us to have different environments for tests.  This
is needed to run more GPGME tests, and to increase concurrency while
running all tests.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agowks: Put stdout into binary mode for Windows at another place.
Werner Koch [Wed, 8 Mar 2017 16:48:55 +0000 (17:48 +0100)]
wks: Put stdout into binary mode for Windows at another place.

* tools/wks-util.c (wks_send_mime): Set stdout to binary.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agowks: Put stdout into binary mode for Windows.
Werner Koch [Wed, 8 Mar 2017 16:23:31 +0000 (17:23 +0100)]
wks: Put stdout into binary mode for Windows.

* tools/send-mail.c (send_mail_to_file): Call es_set_binary.
--

Without that, output to stdout via --send is mangled: The "\r\n" is
translated to "\r\r\n" which is bad because other
software (e.g. Thunderbird) translates this again to "\n\n" and thus
put all mail header liens after the first into the body.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agobuild: Use macOS' compatibility macros to enable all features.
Justus Winter [Wed, 8 Mar 2017 12:29:39 +0000 (13:29 +0100)]
build: Use macOS' compatibility macros to enable all features.

* configure.ac: On macOS, use the compatibility macros to expose every
feature of the libc.  This is the equivalent of _GNU_SOURCE on GNU
libc.
--
Not defining this leads to compilation errors or superfluous warnings
on macOS.

GnuPG-bug-id: 2910
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agog10: Move more flags into the flag bitfield.
Justus Winter [Wed, 8 Mar 2017 10:01:22 +0000 (11:01 +0100)]
g10: Move more flags into the flag bitfield.

* g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
'is_expired' into the flags bitfield, and drop the prefix.
* g10/call-dirmngr.c: Adapt accordingly.
* g10/export.c: Likewise.
* g10/getkey.c: Likewise.
* g10/import.c: Likewise.
* g10/kbnode.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyserver.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
--

This patch has been created by applying the following semantic patch:

    @@
    expression E;
    @@
    -E->is_expired
    +E->flags.expired

    @@
    expression E;
    @@
    -E->is_primary
    +E->flags.primary

    @@
    expression E;
    @@
    -E->is_revoked
    +E->flags.revoked

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agodirmngr: Do not put a keyserver into a new dirmngr.conf
Werner Koch [Wed, 8 Mar 2017 10:34:41 +0000 (11:34 +0100)]
dirmngr: Do not put a keyserver into a new dirmngr.conf

* g10/dirmngr-conf.skel: Do not define keyservers.
--

18 months agodoc: Add a note to the trust model direct.
Werner Koch [Wed, 8 Mar 2017 09:46:09 +0000 (10:46 +0100)]
doc: Add a note to the trust model direct.

* doc/gpg.texi (GPG Configuration Options): Add note.  Chnage Index
from trust-mode:foo to trust-model:foo.

18 months agoRevert "build: Improve CFLAGS handling."
Justus Winter [Tue, 7 Mar 2017 14:34:35 +0000 (15:34 +0100)]
Revert "build: Improve CFLAGS handling."

This reverts commit 4b57359ef3ce0b87e15889e12ef0fcd23f62dcb4.

18 months agobuild: Improve CFLAGS handling.
Justus Winter [Tue, 7 Mar 2017 14:20:19 +0000 (15:20 +0100)]
build: Improve CFLAGS handling.

* configure.ac: Strip any flags matching '-Werror' from CFLAGS before
running the tests, and add them back later on.
--
Previously, the tests were run with empty CFLAGS.  This caused
problems, e.g. on Fedora mmap was not detected due to some missing
CFLAGS while running the tests.

GnuPG-bug-id: 2423
Fixes-commit: 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agogpgscm: Use system strlwr if available.
Michael Haubenwallner [Tue, 7 Mar 2017 12:54:49 +0000 (13:54 +0100)]
gpgscm: Use system strlwr if available.

* tests/gpgscm/scheme.c: Define local strlwr only when HAVE_STRLWR is
not defined in config.h.
* tests/gpgscm/scheme-config.h: Remove hack.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agogpg: Do not allow the user to revoke the last valid UID.
Justus Winter [Thu, 2 Mar 2017 13:14:55 +0000 (14:14 +0100)]
gpg: Do not allow the user to revoke the last valid UID.

* g10/keyedit.c (keyedit_quick_revuid): Merge self signatures, then
make sure that we do not revoke the last valid UID.
(menu_revuid): Make sure that we do not revoke the last valid UID.
* tests/openpgp/quick-key-manipulation.scm: Demonstrate that
'--quick-revoke-uid' can not be used to revoke the last valid UID.

GnuPG-bug-id: 2960
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agotools: Removal of -Icommon.
NIIBE Yutaka [Tue, 7 Mar 2017 11:38:22 +0000 (20:38 +0900)]
tools: Removal of -Icommon.

* tools/gpg-wks-server.c: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agoMore change for common.
NIIBE Yutaka [Tue, 7 Mar 2017 11:32:09 +0000 (20:32 +0900)]
More change for common.

* g10, scd, test, tools: Follow the change of removal of -Icommon.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agoRemove -I option to common.
NIIBE Yutaka [Tue, 7 Mar 2017 11:21:23 +0000 (20:21 +0900)]
Remove -I option to common.

* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agotests: Avoid overflowing signed 32 bit time_t.
Justus Winter [Tue, 7 Mar 2017 11:18:59 +0000 (12:18 +0100)]
tests: Avoid overflowing signed 32 bit time_t.

* tests/openpgp/quick-key-manipulation.scm: Use expiration times in
the year 2038 instead of 2105 to avoid overflowing 32 bit time_t.
time_t is used internally to parse the expiraton time from the iso
timestamp.

GnuPG-bug-id: 2988
Signed-off-by: Justus Winter <justus@g10code.com>
18 months agoagent: Resolve conflict of util.h.
NIIBE Yutaka [Tue, 7 Mar 2017 10:22:48 +0000 (19:22 +0900)]
agent: Resolve conflict of util.h.

* agent/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* agent/call-pinentry.c, agent/call-scd.c: Follow the change.
* agent/command-ssh.c, agent/command.c, agent/cvt-openpgp.c: Ditto.
* agent/divert-scd.c, agent/findkey.c, agent/genkey.c: Ditto.
* agent/gpg-agent.c, agent/pksign.c, agent/preset-passphrase.c: Ditto.
* agent/protect-tool.c, agent/protect.c, agent/trustlist.c: Ditto.
* agent/w32main.c: Ditto.

--

For openpty function, we need to include util.h on some OS.
We also have util.h in common/, so this change is needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agodoc: Replace README.maint content.
Werner Koch [Tue, 7 Mar 2017 09:30:13 +0000 (10:30 +0100)]
doc: Replace README.maint content.

--

18 months agoagent: Add include files.
NIIBE Yutaka [Tue, 7 Mar 2017 05:22:34 +0000 (14:22 +0900)]
agent: Add include files.

* agent/command-ssh.c: Add sys/socket.h and sys/un.h.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agoagent: Fix get_client_pid for portability.
NIIBE Yutaka [Tue, 7 Mar 2017 05:01:17 +0000 (14:01 +0900)]
agent: Fix get_client_pid for portability.

* configure.ac: Simply check getpeerucred and ucred.h, and structure
members.
* agent/command-ssh.c: Include ucred.h.
(get_client_pid) [HAVE_STRUCT_SOCKPEERCRED_PID]: Use sockpeercred
structure for OpenBSD.
[LOCAL_PEERPID]: Use LOCAL_PEERPID for macOS.
[LOCAL_PEEREID]: Use LOCAL_PEEREID for NetBSD.
[HAVE_GETPEERUCRED]: Use getpeerucred for OpenSolaris.

--

This change also addresses following bug.

GnuPG-bug-id: 2981.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agocommon: Fix warning for portability.
NIIBE Yutaka [Tue, 7 Mar 2017 01:42:46 +0000 (10:42 +0900)]
common: Fix warning for portability.

* common/localename.c (do_nl_locale_name): We don't use CATEGORY.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agotools: More portable for openpty use.
NIIBE Yutaka [Tue, 7 Mar 2017 01:29:37 +0000 (10:29 +0900)]
tools: More portable for openpty use.

* configure.ac (AC_CHECK_HEADERS): Add util.h libutil.h and termios.h.
* tools/symcryptrun.c: Include those headers.

--

This is for OpenBSD and FreeBSD.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agoscd: Close THE_EVENT handle.
NIIBE Yutaka [Tue, 7 Mar 2017 01:19:40 +0000 (10:19 +0900)]
scd: Close THE_EVENT handle.

* scd/scdaemon.c (handle_connections): Close the handle.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agotests: Harmonize temporary and socket directory handling.
Justus Winter [Mon, 6 Mar 2017 16:16:41 +0000 (17:16 +0100)]
tests: Harmonize temporary and socket directory handling.

* tests/gpgscm/tests.scm (mkdtemp): Do not magically obey the
environment variable 'TMP', make sure to always return an absolute
path.
* tests/gpgme/Makefile.am (TMP): Drop variable.
(TESTS_ENVIRONMENT): Drop 'TMP'.
* tests/gpgme/gpgme-defs.scm (create-gpgmehome): Start the agent.  Do
not create private key store, the agent does that for us.
* tests/gpgsm/Makefile.am (TMP): Drop variable.
(TESTS_ENVIRONMENT): Drop 'TMP'.
* tests/gpgme/gpgme-defs.scm (create-gpgsmhome): Start the agent.  Do
not create private key store, the agent does that for us.
* tests/migrations/Makefile.am (TMP): Drop variable.
(TESTS_ENVIRONMENT): Drop 'TMP'.
* tests/migrations/common.scm (gpgconf): New variable.
(run-test): Create and remove socket directory.
* tests/migrations/extended-pkf.scm (src-tarball): Remove variable.
(setup): Remove function.
(trigger-migration): Likewise.
Use 'run-test' to execute the test.
* tests/migrations/from-classic.scm (src-tarball): Remove variable.
(setup): Remove function.
Use 'run-test' to execute the tests.
* tests/openpgp/Makefile.am (TMP): Drop variable.
(TESTS_ENVIRONMENT): Drop 'TMP'.
* tests/openpgp/README: Do not mention 'TMP'.
* tests/openpgp/defs.scm (with-home-directory): New macro.
(create-legacy-gpghome): Do not create private key store, the agent
does that for us.
(start-agent): Make sure to terminate the right agent with 'atexit'.
--

Previously, the test suite relied upon creating home directories in
'/tmp'.  This has been problematic in some build environments,
although POSIX mandates that '/tmp' must be available.

We now rely on 'gpgconf --create-socketdir' to create a suitable
socket directory for us.  This allows us to get rid of some cruft.  It
also aligns the environment the tests are run in closer with the
environment that we intend that GnuPG runs in.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agogpgscm: Fix creation of temporary directories.
Justus Winter [Mon, 6 Mar 2017 16:14:58 +0000 (17:14 +0100)]
gpgscm: Fix creation of temporary directories.

* tests/gpgscm/ffi.c (do_mkdtemp): Use a larger buffer for the
template.

Signed-off-by: Justus Winter <justus@g10code.com>
18 months agowks: Set published keys world-readable.
Werner Koch [Mon, 6 Mar 2017 12:21:50 +0000 (13:21 +0100)]
wks: Set published keys world-readable.

* tools/gpg-wks-server.c (check_and_publish): Set the permissions.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agogpg: Fix attempt to double free an UID structure.
Werner Koch [Sun, 5 Mar 2017 22:24:15 +0000 (23:24 +0100)]
gpg: Fix attempt to double free an UID structure.

* g10/getkey.c (get_best_pubkey_byname): Set released .UID to NULL.
--

Phil Pennock reported an assertion failure when doing

  % gpg --auto-key-locate dane --locate-keys someone
  gpg: Ohhhh jeeee: Assertion "uid->ref > 0" in \
         free_user_id failed (free-packet.c:310)

on his keyring.  This patch is not tested but a good guess.

Signed-off-by: Werner Koch <wk@gnupg.org>
18 months agoscd: Fix compiler warnings for app-openpgp.c.
NIIBE Yutaka [Mon, 6 Mar 2017 06:14:18 +0000 (15:14 +0900)]
scd: Fix compiler warnings for app-openpgp.c.

* scd/app-openpgp.c (retrieve_key_material): Remove touching I.
(do_change_pin): Make sure going to leave if PINVALUE == 0.
(rsa_writekey): Emit simpler log.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
18 months agoscd: More cleanup of old code.
NIIBE Yutaka [Mon, 6 Mar 2017 05:59:02 +0000 (14:59 +0900)]
scd: More cleanup of old code.

* scd/app-dinsig.c (do_sign): Remove assignment to HASHALGO.
* scd/app-p15.c (parse_keyusage_flags): Remove assign to MASK.
(read_ef_aodf): Likewise.
(read_ef_cdf): Change the control to parse_error.
* scd/app-sc-hsm.c (parse_keyusage_flags): Remove assign to MASK.
(read_ef_prkd): Remove assign to S.
(read_ef_prkd): Check if PRKDF is not null.
(read_ef_cd): Likewise for CDF.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>