gnupg.git
5 months agoRelease 2.1.22 gnupg-2.1.22
Werner Koch [Fri, 28 Jul 2017 16:59:04 +0000 (18:59 +0200)]
Release 2.1.22

5 months agopo: Auto-update
Werner Koch [Fri, 28 Jul 2017 16:55:14 +0000 (18:55 +0200)]
po: Auto-update

--

5 months agopo: Update German translation
Werner Koch [Fri, 28 Jul 2017 16:51:27 +0000 (18:51 +0200)]
po: Update German translation

5 months agoagent: Make --ssh-fingerprint-digest re-readable.
Werner Koch [Fri, 28 Jul 2017 16:23:34 +0000 (18:23 +0200)]
agent: Make --ssh-fingerprint-digest re-readable.

* agent/gpg-agent.c (main): Move oSSHFingerprintDigest to ...
(parse_rereadable_options): here.
(opts): Change its description.
(main) <aGPGConfList>: Include this option.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add option at expert
level.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg,sm: String changes for compliance diagnostics.
Werner Koch [Fri, 28 Jul 2017 15:46:43 +0000 (17:46 +0200)]
gpg,sm: String changes for compliance diagnostics.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: For OCB key files return Bad Passprase instead of Checksum Error.
Werner Koch [Fri, 28 Jul 2017 09:40:56 +0000 (11:40 +0200)]
agent: For OCB key files return Bad Passprase instead of Checksum Error.

* agent/protect.c (do_decryption): Map error checksum to bad
passpharse protection

* agent/call-pinentry.c (unlock_pinentry): Don't munge the error
source for corrupted protection.
--

GnuPG-bug-id: 3266
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Minor rework for better readibility of get_best_pubkey_byname.
Werner Koch [Fri, 28 Jul 2017 09:08:32 +0000 (11:08 +0200)]
gpg: Minor rework for better readibility of get_best_pubkey_byname.

* g10/getkey.c (get_best_pubkey_byname): Change return type to
gpg_error_t.  Use var name err instead of rc.  Move a
gpg_error_from_syserror closer to the call.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Fix segv in get_best_pubkey_byname.
Werner Koch [Fri, 28 Jul 2017 08:58:59 +0000 (10:58 +0200)]
gpg: Fix segv in get_best_pubkey_byname.

* g10/getkey.c (get_best_pubkey_byname): Init NEW.
--

We call free_user_id on NEW.uid and thus it needs to be initialized.

This fixes the ref-count or invisible segv bug from
GnuPG-bug-id: 3266

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: Minor cleanup (mostly for documentation).
Werner Koch [Fri, 28 Jul 2017 08:37:33 +0000 (10:37 +0200)]
agent: Minor cleanup (mostly for documentation).

* agent/command.c (cmd_pksign): Change var name 'rc' to 'err'.
* agent/findkey.c (read_key_file): Ditto.  Change return type to
gpg_error_t.  On es_fessk failure return a correct error code.
(agent_key_from_file): Change var name 'rc' to 'err'.
* agent/pksign.c (agent_pksign_do): Ditto.  Change return type to
gpg_error_t.  Return a valid erro code on malloc failure.
(agent_pksign): Ditto.  Change return type to gpg_error_t.  replace
xmalloc by xtrymalloc.
* agent/protect.c (calculate_mic): Change return type to gpg_error_t.
(do_decryption): Ditto.  Do not init RC.
(merge_lists): Change return type to gpg_error_t.
(agent_unprotect): Ditto.
(agent_get_shadow_info): Ditto.
--

While code starring for bug 3266 I found two glitches and also changed
var name for easier reading.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Tweak compliance checking for verification
Werner Koch [Thu, 27 Jul 2017 14:22:36 +0000 (16:22 +0200)]
gpg: Tweak compliance checking for verification

* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--

We should be able to verify all signatures.  So we only print a
warning.  That is the same beheavour as for untrusted keys etc.

GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg,sm: Allow encryption (with warning) to any key in de-vs mode.
Werner Koch [Thu, 27 Jul 2017 12:54:50 +0000 (14:54 +0200)]
gpg,sm: Allow encryption (with warning) to any key in de-vs mode.

* g10/encrypt.c (encrypt_crypt): Do not abort for a non-compliant key.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--

GnuPG-bug-id: 3306
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg,sm: Fix compliance checking for decryption.
Werner Koch [Thu, 27 Jul 2017 11:56:38 +0000 (13:56 +0200)]
gpg,sm: Fix compliance checking for decryption.

* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check.  We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto.  Use the same string as in gpg
so that we have only one translation.
--

We always allow decryption and print only a note if the key was not
complaint at the encryption site.

GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoindent: Wrap an overlong line.
Werner Koch [Thu, 27 Jul 2017 09:41:40 +0000 (11:41 +0200)]
indent: Wrap an overlong line.

--

Folks, please set your editors to 80 columns to notice such flaws.

5 months agogpg: Avoid output to the tty during import.
Werner Koch [Thu, 27 Jul 2017 09:37:00 +0000 (11:37 +0200)]
gpg: Avoid output to the tty during import.

* g10/key-check.c (key_check_all_keysigs): Add arg mode and change all
output calls to use it.
* g10/keyedit.c (keyedit_print_one_sig): Add arg fp and chnage all
output calls to use it.
(keyedit_menu): Adjust for changes.
* g10/gpgcompose.c (keyedit_print_one_sig): Add dummy arg fp.
* g10/import.c (import_one): Call key_check_all_keysigs with output to
the log stream.
--

Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035
GnuPG-bug-id: 3288
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agog10: Make sure exactly one fingerprint is output with --quick-gen-key.
Marcus Brinkmann [Wed, 26 Jul 2017 16:06:29 +0000 (18:06 +0200)]
g10: Make sure exactly one fingerprint is output with --quick-gen-key.

* g10/keygen.c (do_generate_keypair): Only set fpr in
list_keyblock_direct invocation if neither --fingerprint nor
--with-fingerprints are given.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2741

5 months agodoc: Add man pages form gpg-wks-server and gpg-wks-client.
Werner Koch [Wed, 26 Jul 2017 15:51:03 +0000 (17:51 +0200)]
doc: Add man pages form gpg-wks-server and gpg-wks-client.

* doc/wks.texi: New.
* doc/gnupg.texi: Include wks.texi.
* doc/Makefile.am (gnupg_TEXINFOS): Add wks.texi.
(myman_pages): Add new man pages.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agowks: Fix program names in the usage diagnostics.
Werner Koch [Wed, 26 Jul 2017 15:45:28 +0000 (17:45 +0200)]
wks: Fix program names in the usage diagnostics.

* tools/gpg-wks-client.c (my_strusage): Add case 12.
* tools/gpg-wks-server.c (my_strusage): Add case 12:

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agowks: Add stubs for new gpg-wks-server commands.
Werner Koch [Wed, 26 Jul 2017 15:49:39 +0000 (17:49 +0200)]
wks: Add stubs for new gpg-wks-server commands.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodoc: Update vsnfd profile example
Andre Heinecke [Wed, 26 Jul 2017 13:48:02 +0000 (15:48 +0200)]
doc: Update vsnfd profile example

* doc/examples/vsnfd.prf: Use rsa3072

--
This brings it in line with the requested default for vsnfd.

5 months agodirmngr: Do not use a blocking connect in Tor mode.
Werner Koch [Wed, 26 Jul 2017 11:48:27 +0000 (13:48 +0200)]
dirmngr: Do not use a blocking connect in Tor mode.

* dirmngr/http.c (http_raw_connect): Disable the timeout in Tor mode.
(send_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Auto-enable Tor on startup or reload.
Werner Koch [Wed, 26 Jul 2017 08:58:15 +0000 (10:58 +0200)]
dirmngr: Auto-enable Tor on startup or reload.

* dirmngr/dirmngr.c (dirmngr_use_tor): Test for Tor availibility.
--

GnuPG-bug-id: 2935
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent,dirmngr: Check for homedir removal also using stat(2).
Werner Koch [Wed, 26 Jul 2017 08:02:52 +0000 (10:02 +0200)]
agent,dirmngr: Check for homedir removal also using stat(2).

* agent/gpg-agent.c (have_homedir_inotify): New var.
(reliable_homedir_inotify): New var.
(main):  Set reliable_homedir_inotify.
(handle_tick): Call stat on the homedir.
(handle_connections): Mark availibility of the inotify watch.
* dirmngr/dirmngr.c (handle_tick): Call stat on the homedir.
(TIMERTICK_INTERVAL_SHUTDOWN): New.
(handle_connections): Depend tick interval on the shutdown state.
--

The stat call is used on systems which do not support inotify and also
when we assume that the inotify does not work reliable.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoagent: Lengthen timertick interval on Unix to 4 seconds.
Werner Koch [Wed, 26 Jul 2017 07:55:51 +0000 (09:55 +0200)]
agent: Lengthen timertick interval on Unix to 4 seconds.

* agent/gpg-agent.c (TIMERTICK_INTERVAL): Same value for Windows and
Unix.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocommon: Strip trailing slashes from the homedir.
Werner Koch [Tue, 25 Jul 2017 13:22:48 +0000 (15:22 +0200)]
common: Strip trailing slashes from the homedir.

* common/homedir.c (default_homedir): Strip trailing slashes.
(gnupg_set_homedir): Ditto.

--

is_gnupg_default_homedir() does not ignore trailing slashes when
comparing directory names.  This can lead to multiple agents started
on the same directory if the homedir was specified with --homedir or
GNUPGHOME without or with a number of slashes.

We now make sure that the home directory name never ends in a
slash (except for the roo of course).

GnuPG-bug-id: 3295
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agow32: Also change the directory on daemon startup.
Werner Koch [Tue, 25 Jul 2017 10:52:33 +0000 (12:52 +0200)]
w32: Also change the directory on daemon startup.

* agent/gpg-agent.c (main): Always to the chdir.
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Note that only dirmngr did not call the chdir with --no-detach.  thus
we kept it this way.

Tested gpg-agent by checking the properties shown by procexp.

Gnupg-bug-id: 2670
Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agocommon: New functions gnupg_daemon_rootdir and gnupg_chdir.
Werner Koch [Tue, 25 Jul 2017 10:24:01 +0000 (12:24 +0200)]
common: New functions gnupg_daemon_rootdir and gnupg_chdir.

* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoRevert "w32: Change directory on daemon startup."
Werner Koch [Tue, 25 Jul 2017 10:19:08 +0000 (12:19 +0200)]
Revert "w32: Change directory on daemon startup."

--
This reverts commit 78ebc62604d77600b9865950610717d28c6027a2.
Gnupg-bug-id: 2670

5 months agogpg: Update key origin info during import merge.
Werner Koch [Tue, 25 Jul 2017 09:23:08 +0000 (11:23 +0200)]
gpg: Update key origin info during import merge.

* g10/import.c (update_key_origin): New.
(merge_blocks): Add arg curtime.
(import_one): Pass curtime to merge_blocks.  Call update_key_origin.
--

We probably need to refine the rules on how this is done.  But it is a
start.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Store key origin for new userids during import merge.
Werner Koch [Tue, 25 Jul 2017 08:19:12 +0000 (10:19 +0200)]
gpg: Store key origin for new userids during import merge.

* g10/import.c (apply_meta_data): Rename to ...
(insert_key_origin): this.  Factor code out to ...
(insert_key_origin_pk, insert_key_origin_uid): new funcs.
(import_one): Move insert_key_origin behind clean_key.
(merge_blocks): Add args options, origin, and url.
(append_uid): Rename to ...
(append_new_uid): this.  Add args options, curtime, origin, and url.
Call insert_key_origin_uid for new UIDs.
--

This is a straightforward change to handle new user ids.

How to test:

With an empty keyring run

  gpg --with-key-origin --locate-key \
      --auto-key-locate clear,nodefault,wkd  wk@gnupg.org

and then append a new keyid using

  gpg --with-key-origin --locate-key \
      --auto-key-locate clear,nodefault,wkd  wk@g10code.com

Works with my current key 80615870F5BAD690333686D0F2AD85AC1E42B367.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Add annotation for fallthrough.
NIIBE Yutaka [Tue, 25 Jul 2017 02:49:23 +0000 (11:49 +0900)]
dirmngr: Add annotation for fallthrough.

* dirmngr/dns.c: Add /* FALL THROUGH */ to clarify.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agodoc: Use @var for meta variables in gpg.texi
Werner Koch [Mon, 24 Jul 2017 19:29:51 +0000 (21:29 +0200)]
doc: Use @var for meta variables in gpg.texi

--

This results in more standrard man pages.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Extend --key-origin to take an optional URL arg.
Werner Koch [Mon, 24 Jul 2017 19:07:03 +0000 (21:07 +0200)]
gpg: Extend --key-origin to take an optional URL arg.

* g10/getkey.c (parse_key_origin): Parse appended URL.
* g10/options.h (struct opt): Add field 'key_origin_url'.
* g10/gpg.c (main) <aImport>: Pass that option to import_keys.
* g10/import.c (apply_meta_data): Extend for file and url.
* g10/keyserver.c (keyserver_fetch): Pass the url to
import_keys_es_stream.
--

Example:

  gpg --key-origin url,myscheme://bla --import FILE

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Store key origin info for new keys from a keyserver
Werner Koch [Mon, 24 Jul 2017 18:47:41 +0000 (20:47 +0200)]
gpg: Store key origin info for new keys from a keyserver

* g10/keyserver.c (keyserver_get_chunk): Use KEYORG_KS if request was
done by fingerprint.
* g10/import.c (apply_meta_data): Implement that.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Store key origin info for new DANE and WKD retrieved keys.
Werner Koch [Mon, 24 Jul 2017 18:05:28 +0000 (20:05 +0200)]
gpg: Store key origin info for new DANE and WKD retrieved keys.

* g10/import.c (apply_meta_data): Remove arg 'merge'.  Add arg 'url'.
Implement WKD and DANE key origin.
(import_keys_internal): Add arg 'url' and change all callers.
(import_keys_es_stream): Ditto.
(import): Ditto.
(import_one): Ditto.
* g10/keylist.c (list_keyblock_print): Fix update URL printing.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return
the SOURCE.  Pass ks_status_cb to assuan_transact.
* g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to
the import function.
--

Note that this only for new keys.  Merging this info will be added
soon.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agogpg: Filter keys received via DANE
Werner Koch [Mon, 24 Jul 2017 17:35:45 +0000 (19:35 +0200)]
gpg: Filter keys received via DANE

* g10/keyserver.c (keyserver_import_cert): Use an import filter in
DANE mode.
--

We only want to see the user ids requested via DANE and not any
additional ids.  This filter enables this in the same way we do this
in WKD.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: Print a SOURCE status for WKD requests.
Werner Koch [Mon, 24 Jul 2017 16:21:11 +0000 (18:21 +0200)]
dirmngr: Print a SOURCE status for WKD requests.

* dirmngr/server.c (cmd_wkd_get): Print a SOURCE status.
--

This status allows to see whether the the WKD requests has been
resolved from the standard address or from a SRV record derived one.
We return only host and port and not the .well-known suffix because
that is obvious.  HTTP redirects are not taken in account because they
may chnage at any time due to load balancing etc and not relevant for
gpg which may use the URL to detect changes in the WKD results.

For example my current setup returns

    S SOURCE https://wkd.gnupg.org

for wk@gnupg.org.  Without a SRV record

    S SOURCE https://gnupg.org

would have been returned.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agodirmngr: New function dirmngr_status_printf.
Werner Koch [Mon, 24 Jul 2017 16:14:37 +0000 (18:14 +0200)]
dirmngr: New function dirmngr_status_printf.

* dirmngr/server.c (dirmngr_status_printf): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agog10: Make sure to emit NEED_PASSPHRASE on --import of secret key.
Marcus Brinkmann [Mon, 24 Jul 2017 15:18:42 +0000 (17:18 +0200)]
g10: Make sure to emit NEED_PASSPHRASE on --import of secret key.

* call-agent.h (agent_import_key): Add keyid parameters.
* call-agent.c (agent_import_key): Set keyid parameters.
* import.c (transfer_secret_keys): Pass keyid parameters.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2667

5 months agow32: Change directory on daemon startup.
Marcus Brinkmann [Mon, 24 Jul 2017 14:31:55 +0000 (16:31 +0200)]
w32: Change directory on daemon startup.

* agent/gpg-agent.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* dirmngr/dirmngr.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.
* scd/scdaemon.c [HAVE_W32_SYSTEM]: Include <direct.h>.
(main) [HAVE_W32_SYSTEM]: Change working directory to \.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2670

5 months agog10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.
Marcus Brinkmann [Mon, 24 Jul 2017 14:03:25 +0000 (16:03 +0200)]
g10: Make sure to emit NEED_PASSPHRASE on --export-secret-key.

* call-agent.h (agent_export_key): Add keyid parameters.
* call-agent.c (agent_export_key): Set keyid parameters.
* export.c (receive_seckey_from_agent): Pass keyid parameters.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2667

5 months agodoc: Revert the bug reporting address to bugs.gnupg.org
Werner Koch [Mon, 24 Jul 2017 08:41:30 +0000 (10:41 +0200)]
doc: Revert the bug reporting address to bugs.gnupg.org

--

dev.gnupg org is the development platform but the canonical bug
address is and has always been bugs.gnupg.org.  We should keep on
using this address for the case that we switch the tracker again or
split it off the development system.

That is also the reason why we should keep on communicating a plain
bug number without the 'T' prefix.

Signed-off-by: Werner Koch <wk@gnupg.org>
5 months agoscd: Use unsigned int for fields.
NIIBE Yutaka [Mon, 24 Jul 2017 07:10:22 +0000 (16:10 +0900)]
scd: Use unsigned int for fields.

* scd/app-openpgp.c (data_objects): Use unsigned ints.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agodirmngr: More minor fix.
NIIBE Yutaka [Mon, 24 Jul 2017 07:09:11 +0000 (16:09 +0900)]
dirmngr: More minor fix.

* dirmngr/http.c (send_request): Care the case of !USE_TLS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agodirmngr: More minor fixes.
NIIBE Yutaka [Mon, 24 Jul 2017 06:35:34 +0000 (15:35 +0900)]
dirmngr: More minor fixes.

* dirmngr/http.c (http_verify_server_credentials): Duplicated const.
* dirmngr/ldap.c (parse_one_pattern): Add comment.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agodirmngr: Minor fix for Windows.
NIIBE Yutaka [Mon, 24 Jul 2017 06:28:36 +0000 (15:28 +0900)]
dirmngr: Minor fix for Windows.

* dirmngr/http.c (connect_with_timeout): Use FD2INT.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
5 months agoagent: Minor fix for Windows.
NIIBE Yutaka [Mon, 24 Jul 2017 06:26:20 +0000 (15:26 +0900)]
agent: Minor fix for Windows.

* agent/command-ssh.c (serve_mmapped_ssh_request): Add const
qualifier.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agog10: Avoid caching passphrase for failed symmetric encryption.
Marcus Brinkmann [Fri, 21 Jul 2017 18:01:10 +0000 (20:01 +0200)]
g10: Avoid caching passphrase for failed symmetric encryption.

* g10/mainproc.c (proc_encrypted): If error code is GPG_ERR_CIPHER_ALGO,
assume the symmetric passphrase was wrong and invalidate the cache.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2270

6 months agogpg: Extend --quick-set-expire to allow subkey expiration setting.
Werner Koch [Fri, 21 Jul 2017 12:12:55 +0000 (14:12 +0200)]
gpg: Extend --quick-set-expire to allow subkey expiration setting.

* g10/keyedit.c (keyedit_quick_set_expire): Add new arg subkeyfprs.
(menu_expire): Rename arg force_mainkey to unattended and allow
unattended changing of subkey expiration.
* g10/gpg.c (main): Extend --quick-set-expire.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agogpg: Fix possible double free of the card serialno.
Werner Koch [Fri, 21 Jul 2017 15:48:40 +0000 (17:48 +0200)]
gpg: Fix possible double free of the card serialno.

* g10/free-packet.c (copy_public_key): Copy fields serialno and
updateurl.
--

The PK->serialno is used to get the version of the card to decide
whether it does support other algorithms than SHA-1.  This value is
cached but no deep copy was done when calling copy_public_key.

Bug detected by importing some public keys and then importing a secret
key which led to a double free.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agogpg: Use macros to check the signature class.
Werner Koch [Fri, 21 Jul 2017 15:38:03 +0000 (17:38 +0200)]
gpg: Use macros to check the signature class.

* g10/import.c: Use the extistin macros for better readability.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agog10: Clean keyblock on initial commit.
Marcus Brinkmann [Fri, 21 Jul 2017 14:03:04 +0000 (16:03 +0200)]
g10: Clean keyblock on initial commit.

* g10/import.c (import_one): If option import-clean is set,
also clean on initial import, not only for merge.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2401

6 months agoscd: Fix SEGV in CCID driver.
NIIBE Yutaka [Fri, 21 Jul 2017 04:26:53 +0000 (13:26 +0900)]
scd: Fix SEGV in CCID driver.

* scd/ccid-driver.c (intr_cb): Only kick the loop for removal.
(bulk_in): Don't set POWERED_OFF when interrupt transfer is enabled.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agog10: Don't limit at the frontend side for card capability.
NIIBE Yutaka [Fri, 21 Jul 2017 02:22:38 +0000 (11:22 +0900)]
g10: Don't limit at the frontend side for card capability.

* g10/card-util.c (MAX_GET_DATA_FROM_FILE): New.
(get_data_from_file): Use MAX_GET_DATA_FROM_FILE.
(change_url, change_login, change_private_do): Don't limit.

--

V3.3 card support longer data for URL, Login and Private DOs.
It's scdaemon which knows that.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agoscd: Add debug message for v3 card.
NIIBE Yutaka [Fri, 21 Jul 2017 02:21:19 +0000 (11:21 +0900)]
scd: Add debug message for v3 card.

* scd/app-openpgp.c (show_caps): Output more messages.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agodoc: Clarify wording of export-attributes.
Marcus Brinkmann [Thu, 20 Jul 2017 17:10:42 +0000 (19:10 +0200)]
doc: Clarify wording of export-attributes.

* doc/gpg.texi: Clarify wording of export-attributes.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2228

6 months agoindent: Improve readability of some comments in getkey.c
Werner Koch [Thu, 20 Jul 2017 16:35:46 +0000 (18:35 +0200)]
indent: Improve readability of some comments in getkey.c

--

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agogpg: New option --with-key-origin.
Werner Koch [Thu, 20 Jul 2017 15:27:48 +0000 (17:27 +0200)]
gpg: New option --with-key-origin.

* g10/getkey.c (parse_key_origin): Factor list out as ...
(key_origin_list): new struct.
(key_origin_string): New.
* g10/gpg.c (oWithKeyOrigin): New const.
(opts): New option --with-key-origin.
(main): Implement option.
* g10/options.h (struct opt): New flag with_key_origin.
* g10/keylist.c (list_keyblock_print): Print key origin info.
(list_keyblock_colon): Ditto.

6 months agocommon: New function print_utf9_string.
Werner Koch [Thu, 20 Jul 2017 15:20:17 +0000 (17:20 +0200)]
common: New function print_utf9_string.

* common/miscellaneous.c (print_utf8_string): New.
--

This is a simple convenience function.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agodoc: Comment fixes and one trailing comma fix.
Werner Koch [Thu, 20 Jul 2017 12:49:07 +0000 (14:49 +0200)]
doc: Comment fixes and one trailing comma fix.

--

6 months agogpg: Make function mk_datestr public.
Werner Koch [Thu, 20 Jul 2017 11:36:44 +0000 (13:36 +0200)]
gpg: Make function mk_datestr public.

* g10/keydb.h (MK_DATESTR_SIZE): New.
* g10/keyid.c (mk_datestr): Make public.  Add arg bufsize and use
snprintf.  Change arg atime to u32.
(datestr_from_pk): Simplify.
(datestr_from_sig): Ditto.
(expirestr_from_pk): Ditto.
(expirestr_from_sig): Ditto.
(revokestr_from_pk): Ditto.
--

Note that this also reduces the size of the static buffers from 16 to
11 which is sufficient for the string.  In the past we added the 5
extra bytes to cope for bugs in gmtime which is now handles by
snprintf.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agog10: Return proper error when gpg-agent fails to start during probe.
Marcus Brinkmann [Thu, 20 Jul 2017 15:41:49 +0000 (17:41 +0200)]
g10: Return proper error when gpg-agent fails to start during probe.

* g10/getkey.c (lookup): Return immediately on any other error than
GPG_ERR_NO_SECKEY from agent_probe_any_secret_key.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2204

6 months agoscd: Support longer data length for special DOs for v3 card.
NIIBE Yutaka [Thu, 20 Jul 2017 08:27:21 +0000 (17:27 +0900)]
scd: Support longer data length for special DOs for v3 card.

* scd/app-openpgp.c (data_objects): Special DOs like "Login Data",
"URL", "Private DO N" can be longer size >= 256.
(struct app_local_s): Define bits for v3 card.
(get_cached_data): Use extcap.max_special_do for special DOs.
(app_select_openpgp): Detect if extcap_v3, kdf_do, and other bits.

--

GnuPG-bug-id: 3262
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agocommon: logstream fix.
NIIBE Yutaka [Thu, 20 Jul 2017 07:37:56 +0000 (16:37 +0900)]
common: logstream fix.

* common/logging.c (set_file_fd): Don't close es_stderr.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agodnsmngr: Fix use of CPP.
NIIBE Yutaka [Thu, 20 Jul 2017 04:19:18 +0000 (13:19 +0900)]
dnsmngr: Fix use of CPP.

* dirmngr/dns.c (HAVE_STATIC_ASSERT, HAVE___ATOMIC_FETCH_ADD)
(DNS_HAVE_SOCKADDR_UN, HAVE_SOCK_NONBLOCK): Don't use defined
to be expanded for expression evaluation.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agodirmngr: Forbid redirects from .onion to clearnet URIs.
Justus Winter [Wed, 19 Jul 2017 14:02:05 +0000 (16:02 +0200)]
dirmngr: Forbid redirects from .onion to clearnet URIs.

* dirmngr/ks-engine-hkp.c (send_request): Forbid redirects from .onion
to clearnet URIs.
* dirmngr/ks-engine-http.c (ks_http_fetch): Likewise.
--
This protects users from misconfigured .onion services.

GnuPG-bug-id: 3087
Signed-off-by: Justus Winter <justus@g10code.com>
6 months agogpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.
Werner Koch [Wed, 19 Jul 2017 11:03:43 +0000 (13:03 +0200)]
gpg: Avoid asking by fpr and then by keyid during auto-key-retrieve.

* g10/mainproc.c (check_sig_and_print): Track key server request via
fingerprint.
--

New signatures carry the fingerprint and thus --auto-key-retrieve tries
to lookup the key by fingerprint.  If that failed it used to also ask
the same thing by KEYID - but the keyid is part of the fingerprint and
thus it will either get no response or the wrong key back.  We can
easily avoid this.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agodirmngr: Implement TLS over http proxies.
Justus Winter [Wed, 19 Jul 2017 09:12:14 +0000 (11:12 +0200)]
dirmngr: Implement TLS over http proxies.

* dirmngr/http.c (send_request): If a http proxy is to be used, and we
want to use TLS, try to use the CONNECT method to get a connection to
the target server.

GnuPG-bug-id: 2940
Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodirmngr: Log http response in debug mode.
Justus Winter [Wed, 19 Jul 2017 09:10:26 +0000 (11:10 +0200)]
dirmngr: Log http response in debug mode.

* dirmngr/http.c (parse_response): Log http response in debug mode.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodirmngr: Amend TLS handling.
Justus Winter [Wed, 19 Jul 2017 09:07:59 +0000 (11:07 +0200)]
dirmngr: Amend TLS handling.

* dirmngr/http.c (http_wait_response): Get the 'use_tls' flag from the
write cookie, not from the URI.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodirmngr: Fix connecting to http proxies.
Justus Winter [Wed, 19 Jul 2017 10:12:49 +0000 (12:12 +0200)]
dirmngr: Fix connecting to http proxies.

* dirmngr/http.c (send_request): Do not use the 'srvtag' intended for
the target host to connect to the http proxy.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodirmngr: Fix handling of proxy URIs.
Justus Winter [Tue, 18 Jul 2017 15:24:21 +0000 (17:24 +0200)]
dirmngr: Fix handling of proxy URIs.

* dirmngr/http.c (send_request): We do not support socks4.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agogpgconf: Make vars read-only explicitly.
NIIBE Yutaka [Wed, 19 Jul 2017 04:43:23 +0000 (13:43 +0900)]
gpgconf: Make vars read-only explicitly.

* tools/gpgconf-comp.c (gc_backend, gc_arg_type, gc_level, gc_flag)
(gc_component): Add const qualifier.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agoFix usage of ARGPARSE_OPTS.
NIIBE Yutaka [Wed, 19 Jul 2017 04:41:18 +0000 (13:41 +0900)]
Fix usage of ARGPARSE_OPTS.

* agent/gpg-agent.c, agent/preset-passphrase.c,
dirmngr/dirmngr-client.c, dirmngr/dirmngr_ldap.c, kbx/kbxutil.c,
tools/gpg-check-pattern.c, tools/gpgconf.c, tools/gpgsplit.c,
tools/symcryptrun.c: Use ARGPARSE_end.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
6 months agocommon: Allow abbreviations of standard options.
Marcus Brinkmann [Tue, 18 Jul 2017 16:08:25 +0000 (18:08 +0200)]
common: Allow abbreviations of standard options.

* argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
macros.
(ARGPARSE_end): Add some placeholders for standard options.
* argparse.c (arg_parse): Fill in missing standard options so
default machinery works.  Check for standard options in new way.
Do not write out standard options for --dump-options.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 1747

6 months agogpgscm,w32: Fix testing for absolute paths.
Justus Winter [Tue, 18 Jul 2017 14:15:45 +0000 (16:15 +0200)]
gpgscm,w32: Fix testing for absolute paths.

* tests/gpgscm/main.c (path_absolute_p): New function.
(load): Use new function.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodirmngr: Honor http keyserver URLs.
Justus Winter [Tue, 18 Jul 2017 10:53:55 +0000 (12:53 +0200)]
dirmngr: Honor http keyserver URLs.

* dirmngr/http.c (parse_uri): Keep an unmodified copy of the URI.
* dirmngr/http.h (struct parsed_uri_s): New field 'original'.
* dirmngr/ks-action.c (ks_action_get): Properly handle http and https
URLs.
--

If a key has a http or https URL as preferred keyserver, fetch the key
from there.  Previously, dirmngr unconditionally interpreted these
URLs as hkp servers.

GnuPG-bug-id: 2924
Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodirmngr: Fix memory leak.
Justus Winter [Tue, 18 Jul 2017 11:47:53 +0000 (13:47 +0200)]
dirmngr: Fix memory leak.

* dirmngr/http.c (parse_uri): Properly free partial results.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodirmngr: Fix memory leak.
Justus Winter [Tue, 18 Jul 2017 11:39:29 +0000 (13:39 +0200)]
dirmngr: Fix memory leak.

* dirmngr/http.c (http_release_parsed_uri): Free 'params'.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agogpg,sm: Check compliance of the RNG.
Werner Koch [Mon, 17 Jul 2017 13:52:26 +0000 (15:52 +0200)]
gpg,sm: Check compliance of the RNG.

* common/compliance.c (gnupg_rng_is_compliant): New.
* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
* sm/call-agent.c (start_agent) [W32]: Ditto.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* g10/sign.c (do_sign): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
--

Under Windows we need to check that the Jitter RNG is active in de-vs
mode.  Under Linux this is not necessary because /dev/random can be
scrutinized and is believed to provide enough entropy.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agoagent: New GETINFO sub-command jent_active.
Werner Koch [Mon, 17 Jul 2017 12:08:00 +0000 (14:08 +0200)]
agent: New GETINFO sub-command jent_active.

* agent/command.c (cmd_getinfo): Implement it for gcrypt >= 1.8.
--

For the de-vs compliance of gpg we need to check whether the Jitter
RNG is used on Windows.  This change allows to test this for
gpg-agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agocommon: New function split_fields_colon.
Werner Koch [Mon, 17 Jul 2017 11:00:44 +0000 (13:00 +0200)]
common: New function split_fields_colon.

* common/stringhelp.c (split_fields_colon): New.
* common/t-stringhelp.c (test_split_fields_colon): New test.
(main): Call that test.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agotests: Improve 'shell.scm' script.
Justus Winter [Fri, 14 Jul 2017 10:59:00 +0000 (12:59 +0200)]
tests: Improve 'shell.scm' script.

* tests/openpgp/defs.scm (create-file): Unlink file first.
* tests/openpgp/shell.scm: Ask whether to import legacy test keys or
not, and whether to drop 'batch' from the configuration.  Add paths to
all the programs to 'PATH'.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agogpgscm: Library improvements.
Justus Winter [Fri, 14 Jul 2017 10:57:41 +0000 (12:57 +0200)]
gpgscm: Library improvements.

* tests/gpgscm/repl.scm (prompt-yes-no?): New function.
* tests/gpgscm/tests.scm (pathsep-split): Likewise.
(pathsep-join): Likewise.
(with-path): Use the new function.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agogpgscm: Fail early if the test setup fails.
Justus Winter [Fri, 14 Jul 2017 10:55:01 +0000 (12:55 +0200)]
gpgscm: Fail early if the test setup fails.

* tests/gpgscm/tests.scm (make-environment-cache): Check status code
of setup script.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agogpg: Fix importing keys.
Justus Winter [Fri, 14 Jul 2017 09:17:49 +0000 (11:17 +0200)]
gpg: Fix importing keys.

* g10/import.c (import_one): Fix error handling.

Fixes-commit: 330212efb927c119bb5135856f8582c0e4e2e6b7
Signed-off-by: Justus Winter <justus@g10code.com>
6 months agogpg: Pass key origin values to import functions.
Werner Koch [Thu, 13 Jul 2017 16:22:36 +0000 (18:22 +0200)]
gpg: Pass key origin values to import functions.

* g10/import.c (import_keys_stream): Remove this unused function.
(import_keys_internal): Add arg origin.
(import_keys): Ditto.
(import_keys_es_stream): Ditto.
(import): Ditto.
(import_one): Ditto.
(apply_meta_data): New stub.
(import_secret_one): Pass 0 for ORIGIN.
* g10/keyserver.c (keyserver_get_chunk): For now pass 0 for ORIGIN.
(keyserver_fetch): Add arg origin.
(keyserver_import_cert): Pass KEYORG_DANE for ORIGIN.
(keyserver_import_wkd): Pass KEYORG_WKD for ORIGIN.
* g10/gpg.c (main): Pass OPT.KEY_ORIGIN to import_keys and
keyserver_fetch.
* g10/card-util.c (fetch_url): Pass KEYORG_URL for ORIGIN.
--

This is just the framework; applying the meta data will be done in
another commit.

GnuPG-bug-id: 3252
Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agogpg: New option --key-origin.
Werner Koch [Thu, 13 Jul 2017 15:28:32 +0000 (17:28 +0200)]
gpg: New option --key-origin.

* g10/keydb.h (KEYORG_): Rename to KEYORG_.
* g10/packet.h (PKT_user_id): Rename field keysrc to keyorg.  Adjust
users.
(PKT_public_key): Ditto.
(PKT_ring_trust): Ditto.
* g10/options.h (struct opt): Add field key_origin.
* g10/getkey.c (parse_key_origin): New.
* g10/gpg.c (oKeyOrigin): New.
(opts): Add "keys-origin".
(main): Set option.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agodoc: Document gnupg version requirement for gpg-preset-passphrase.
Marcus Brinkmann [Thu, 13 Jul 2017 15:12:42 +0000 (17:12 +0200)]
doc: Document gnupg version requirement for gpg-preset-passphrase.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2331

6 months agogpgscm: Make loading of modules less verbose.
Justus Winter [Thu, 13 Jul 2017 14:29:25 +0000 (16:29 +0200)]
gpgscm: Make loading of modules less verbose.

* tests/gpgscm/main.c (load): Increase logging threshold.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agogpgscm: Make it impossible to catch '*interpreter-exit*'.
Justus Winter [Tue, 11 Jul 2017 14:07:39 +0000 (16:07 +0200)]
gpgscm: Make it impossible to catch '*interpreter-exit*'.

* tests/gpgscm/init.scm (throw'): Make it impossible to catch
'*interpreter-exit*'.  This fixes 'exit' (and with it 'fail') inside
'catch' statements.

Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodirmngr: Fix license note in server.c
Werner Koch [Wed, 12 Jul 2017 10:37:16 +0000 (12:37 +0200)]
dirmngr: Fix license note in server.c

--

This double license note was accidentally added while only wanting to
add another copyright line.

Fixes-commit: 3419a339d9c4e800bf30e9021e05982d8c1021c1
Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agotofu: Compare squares instead of square roots.
Marcus Brinkmann [Thu, 6 Jul 2017 11:52:24 +0000 (13:52 +0200)]
tofu: Compare squares instead of square roots.

* g10/Makefile.am (tofu_source) [USE_TOFU]: Remove sqrtu32.h and
sqrtu32.c.
* g10/sqrtu32.h, g10/sqrtu32.c: Removed files.
* g10/tofu.c: Compare squares instead of square roots.
--
The original code is a factor 11.5 slower than using libm's sqrt(),
which in turn is a factor 3.5 slower than using one multiplication
on the other side of the comparison.  Also, it's much simpler now.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
6 months agospeedo: Provide a vagrantfile to test speedo in an isolated VM.
Marcus Brinkmann [Mon, 10 Jul 2017 12:25:59 +0000 (14:25 +0200)]
speedo: Provide a vagrantfile to test speedo in an isolated VM.

* build-aux/Vagrantfile: New file.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
6 months agodoc: Improve TOFU documentation.
Neal H. Walfield [Thu, 6 Jul 2017 19:15:45 +0000 (21:15 +0200)]
doc: Improve TOFU documentation.

* doc/gpg.texi: Improve TOFU documentation.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Teemu Likonen <tlikonen@iki.fi>
6 months agodoc: Fix typo.
Justus Winter [Thu, 6 Jul 2017 10:56:06 +0000 (12:56 +0200)]
doc: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
6 months agodoc: minor clarification
Daniel Shahaf [Wed, 5 Jul 2017 20:55:53 +0000 (16:55 -0400)]
doc: minor clarification

---
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
6 months agoagent: Use MAX_PASSPHRASE_LEN (255) also for the loopback.
Werner Koch [Wed, 5 Jul 2017 09:54:45 +0000 (11:54 +0200)]
agent: Use MAX_PASSPHRASE_LEN (255) also for the loopback.

* agent/call-pinentry.c (agent_get_passphrase): Reduce maximum
passphrase length as conveyed to the loopback to MAX_PASSPHRASE_LEN.
* agent/genkey.c (agent_ask_new_passphrase): Extend the maximum
passphrase as conveyed to the loopback to MAX_PASSPHRASE_LEN.
--

Note that in genkey() max_length is set to MAX_PASSPHRASE_LEN + 1
because in agent_askpin() decrements that value before conveying it to
the loopback.

GnuPG-bug-id: 3254
Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agodoc: Update yat2m to take care of SOURCE_DATE_EPOCH.
Werner Koch [Wed, 5 Jul 2017 07:14:38 +0000 (09:14 +0200)]
doc: Update yat2m to take care of SOURCE_DATE_EPOCH.

* doc/yat2m.c (main): Set a default for OPT_DATE.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 months agodoc: Prefer an installed version of yat2m
Werner Koch [Wed, 5 Jul 2017 08:49:13 +0000 (10:49 +0200)]
doc: Prefer an installed version of yat2m

* configure.ac (YAT2M): Check for tool.
* doc/Makefile.am (yat2m-stamp): Use installed tool if possible.
--

6 months agodoc: Document obsolete option in gpgsm. Closes T2231.
Marcus Brinkmann [Sat, 1 Jul 2017 12:28:08 +0000 (14:28 +0200)]
doc: Document obsolete option in gpgsm.  Closes T2231.

* doc/gpgsm.texi: Mark --prefer-system-dirmngr as obsolete.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2231