gnupg.git
4 years agog10: Avoid an unnecessary copy.
Neal H. Walfield [Wed, 23 Sep 2015 18:50:03 +0000 (20:50 +0200)]
g10: Avoid an unnecessary copy.

* g10/sig-check.c (signature_check2): Avoid copying PK to RET_PK.
Instead, directly use the provided storage.  If none is provided
allocate some.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agossh: Fix fingerprint computation for EdDSA key.
NIIBE Yutaka [Tue, 29 Sep 2015 06:33:59 +0000 (15:33 +0900)]
ssh: Fix fingerprint computation for EdDSA key.

* common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
* common/t-ssh-utils.c (sample_keys): Add a new key.

--

Also adding Ed25519 test key.

4 years agoagent: RSA signature verification by gpg-agent.
NIIBE Yutaka [Tue, 29 Sep 2015 00:49:44 +0000 (09:49 +0900)]
agent: RSA signature verification by gpg-agent.

* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.

--

RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary.  Newer libgcrypt does so.  For older libgcrypt and
smartcards, gpg-agent does signature verification.

4 years agocommon: Provide two new error code replacements.
Werner Koch [Mon, 28 Sep 2015 16:13:37 +0000 (18:13 +0200)]
common: Provide two new error code replacements.

* common/util.h (GPG_ERR_FALSE, GPG_ERR_TRUE): Rew replcements.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodoc,w32: Fix compiler warnings.
Werner Koch [Mon, 28 Sep 2015 16:12:44 +0000 (18:12 +0200)]
doc,w32: Fix compiler warnings.

--

4 years agocommon: Change calling convention for gnupg_spawn_process.
Werner Koch [Mon, 28 Sep 2015 16:10:21 +0000 (18:10 +0200)]
common: Change calling convention for gnupg_spawn_process.

* common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
(GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
numbers.
* common/exechelp.h (gnupg_spawn_process): Change function to not take
an optional stream for stdin but to return one.
* common/exechelp-posix.c (gnupg_spawn_process): Implement change.
(create_pipe_and_estream): Add args outbound and nonblock.
* common/exechelp-w32.c (gnupg_spawn_process): Implement change.
--

In 2.1 this function is only used at one place and the stdin parameter
is not used.  Thus this change is trivial for the callers but along
with estream's new es_poll it is overall simpler to use.

Note that the Windows version has not been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoscd: Handle error correctly.
NIIBE Yutaka [Mon, 28 Sep 2015 04:41:59 +0000 (13:41 +0900)]
scd: Handle error correctly.

* scd/apdu.c (apdu_connect): Initialize variables and check an error
of apdu_get_status_internal.

4 years agossh: Add 256, 384 and 521 bit test keys for the fingerprint.
Werner Koch [Tue, 22 Sep 2015 08:01:31 +0000 (10:01 +0200)]
ssh: Add 256, 384 and 521 bit test keys for the fingerprint.

* common/t-ssh-utils.c (sample_keys): Add 3 new keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agossh: Fix fingerprint computation for 384 bit ECDSA keys.
Werner Koch [Tue, 22 Sep 2015 07:28:35 +0000 (09:28 +0200)]
ssh: Fix fingerprint computation for 384 bit ECDSA keys.

* common/ssh-utils.c (get_fingerprint): Fix hashed string.
--

That was an obvious c+p bug which should have been caught by a test
case.

GnuPG-bug-id: 2075
Debian-bug-id: 795636

4 years agoagent: Fix importing ECC key.
NIIBE Yutaka [Sat, 19 Sep 2015 08:45:17 +0000 (17:45 +0900)]
agent: Fix importing ECC key.

* agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
parameters are stored as opaque.
(apply_protection): ARRAY members are all normal, non-opaque MPI.
(extract_private_key): Get public key as normal, non-opaque MPI.
Remove support of ECC key with '(flags param)'.
Remove support of "ecdsa" and "ecdh" keys of our experiment.

4 years agoscd: Fix KEYTOCARD handling for ECC key.
NIIBE Yutaka [Sat, 19 Sep 2015 07:27:36 +0000 (16:27 +0900)]
scd: Fix KEYTOCARD handling for ECC key.

* scd/app-openpgp.c (ecc_writekey): Only public key can be native
format.

4 years agocommon: Add new function strlist_length.
Neal H. Walfield [Fri, 18 Sep 2015 23:25:54 +0000 (01:25 +0200)]
common: Add new function strlist_length.

* common/strlist.c (strlist_length): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agogpgconf: Change displayed name of Dirmngr to "Network Manager".
Werner Koch [Fri, 18 Sep 2015 14:19:34 +0000 (16:19 +0200)]
gpgconf: Change displayed name of Dirmngr to "Network Manager".

* tools/gpgconf-comp.c (gc_component): Change printed name.
--

All network access is handled by Dirmngr so at least in the GUI
option dialog we should acknowledge that by changing the name to an
issuer to understand term.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodirmngr: Add option --use-tor as a stub.
Werner Koch [Fri, 18 Sep 2015 14:17:11 +0000 (16:17 +0200)]
dirmngr: Add option --use-tor as a stub.

* dirmngr/dirmngr.h (opt): Add field "use_tor".
* dirmngr/dirmngr.c (oUseTor): New.
(opts): Add --use-tor.
(parse_rereadable_options): Set option.
(main): Tell gpgconf about that option.

* dirmngr/crlfetch.c (crl_fetch): Pass TOR flag to the http module and
return an error if LDAP is used in TOR mode.
(ca_cert_fetch): Return an error in TOR mode.
(start_cert_fetch): Ditto.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Pass TOR flag to the
http module.
* dirmngr/ks-engine-hkp.c (send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_get): Return an error in TOR mode.
(ks_ldap_search): Ditto.
(ks_ldap_put): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.  Also pass TOR flag to the
http module.

* dirmngr/server.c (option_handler): Add "honor-keyserver-url-used".
(cmd_dns_cert): Return an error in TOR mode.
(cmd_getinfo): Add subcommand "tor"
* tools/gpgconf-comp.c (gc_options_dirmngr): Add TOR group.
--

More work is required to actually make --use-tor useful.  For now it
returns an error for almost all network access but as soon as we have
added the TOR feature to the http module some parts will start to
work.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Report a conflict between honor-keyserver-url and TOR.
Werner Koch [Fri, 18 Sep 2015 14:07:39 +0000 (16:07 +0200)]
gpg: Report a conflict between honor-keyserver-url and TOR.

* g10/call-dirmngr.c (create_context): Send option and print a verbose
error.
--

It is in general a bad idea to use honor-keyserver-url but if Dirmngr
is running in TOR mode we should not allow this option at all.  We let
Dirmngr know about the use of this option and let Dirmngr tell use
whether TOR mode is active so that we can print a hint to disable that
keyserver option.

A future extension in gpgconf may disable that option directly but a
user may still override that and thus we better check.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agohttp: Add flag to force use of TOR (part 1)
Werner Koch [Fri, 18 Sep 2015 13:58:26 +0000 (15:58 +0200)]
http: Add flag to force use of TOR (part 1)

* common/http.h (HTTP_FLAG_FORCE_TOR): New.
* common/http.c (http_raw_connect, send_request): Detect flag and
return an error for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agopo: Update Japanese translation.
NIIBE Yutaka [Thu, 17 Sep 2015 08:08:27 +0000 (17:08 +0900)]
po: Update Japanese translation.

4 years agoscd: Fix ccid-driver timeout for OpenPGPcard v2.1.
NIIBE Yutaka [Thu, 17 Sep 2015 02:21:44 +0000 (11:21 +0900)]
scd: Fix ccid-driver timeout for OpenPGPcard v2.1.

* scd/ccid-driver.c (CCID_CMD_TIMEOUT): New.
(ccid_transceive_apdu_level, ccid_transceive): Use.

--

It is reported that key generation causes timeout with OpenPGPcard
v2.1.  Ideally, timeout value could be determined at run-time by
examining card's ATR.  Compile-time fixed value is OK for internal
CCID driver.

4 years agoagent: New option --pinentry-invisible-char.
Werner Koch [Wed, 16 Sep 2015 19:24:14 +0000 (21:24 +0200)]
agent: New option --pinentry-invisible-char.

* agent/gpg-agent.c (oPinentryInvisibleChar): New.
(opts): Add option.
(parse_rereadable_options): Set option.
* agent/agent.h (opt): Add field pinentry_invisible_char.
* agent/call-pinentry.c (start_pinentry): Pass option to pinentry.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agog13: Move some code to a separate module.
Werner Koch [Mon, 14 Sep 2015 16:49:32 +0000 (18:49 +0200)]
g13: Move some code to a separate module.

* g13/g13-common.c, g13/g13-common.h: New.
* g13/Makefile.am (g13_SOURCES): Add new files.
* g13/g13.c (g13_errors_seen): Move to g13-common.c.
(cmdline_conttype): New.
(main): Use g13_init_signals and g13_install_emergency_cleanup.
(emergency_cleanup, g13_exit): Move to g13-common.c.
* g13/g13.h: Move OPT and some other code to g13-common.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix skip function dummy parameter.
Werner Koch [Wed, 16 Sep 2015 17:02:35 +0000 (19:02 +0200)]
gpg: Fix skip function dummy parameter.

* g10/trustdb.c (search_skipfnc): Fix dummy argument
--

This is required due to the prototype change in
commit 9acbeac23668a1d0dabca27d7825430d76e095c2

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Change last commit to avoid extra translations.
Werner Koch [Wed, 16 Sep 2015 16:55:27 +0000 (18:55 +0200)]
gpg: Change last commit to avoid extra translations.

* g10/keyedit.c (keyedit_menu): Do not print usage hints in expert
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agog10: Improve error message.
Neal H. Walfield [Wed, 16 Sep 2015 13:03:40 +0000 (15:03 +0200)]
g10: Improve error message.

* g10/keyedit.c (keyedit_menu): When complaining that a user ID or key
must be selected, indicate what command to use to do this.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Be more careful when merging self-signed data.
Neal H. Walfield [Wed, 16 Sep 2015 13:01:45 +0000 (15:01 +0200)]
g10: Be more careful when merging self-signed data.

* g10/getkey.c (merge_selfsigs_main): Stop looking for self-signed
data belonging to the public key when we encounter an attribute packet
or a subkey packet, not just a user id packet.  When looking for
self-signed data belonging to a user id packet, stop when we see a
user attribute packet.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Simplify some complicated boolean expressions.
Neal H. Walfield [Wed, 16 Sep 2015 12:11:56 +0000 (14:11 +0200)]
g10: Simplify some complicated boolean expressions.

* g10/getkey.c (finish_lookup): Simplify logic.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Also mark revoked and expired keys as unusable.
Neal H. Walfield [Wed, 16 Sep 2015 12:05:03 +0000 (14:05 +0200)]
g10: Also mark revoked and expired keys as unusable.

* g10/getkey.c (skip_unusable): Also mark the key as unusable if it
has been revoked or has expired.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Release resources when returning an error in get_seckey.
Neal H. Walfield [Wed, 16 Sep 2015 12:03:50 +0000 (14:03 +0200)]
g10: Release resources when returning an error in get_seckey.

* g10/getkey.c (get_seckey): If the key doesn't have a secret key,
release *PK.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Improve documentation and comments for getkey.c.
Neal H. Walfield [Wed, 16 Sep 2015 12:01:48 +0000 (14:01 +0200)]
g10: Improve documentation and comments for getkey.c.

* g10/getkey.c: Improve documentation and comments for most
functions.  Move documentation for public functions from here...
* g10/keydb.h: ... to here.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Remove unused function have_any_secret_key.
Neal H. Walfield [Wed, 16 Sep 2015 11:44:40 +0000 (13:44 +0200)]
g10: Remove unused function have_any_secret_key.

* g10/getkey.c (have_any_secret_key): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Bring cache semantics closer to non-cache semantics.
Neal H. Walfield [Wed, 16 Sep 2015 11:13:46 +0000 (13:13 +0200)]
g10: Bring cache semantics closer to non-cache semantics.

* g10/getkey.c (get_pubkey_fast): When reading from the cache, only
consider primary keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Break out of the loop earlier.
Neal H. Walfield [Tue, 15 Sep 2015 13:21:17 +0000 (15:21 +0200)]
g10: Break out of the loop earlier.

* g10/getkey.c (have_secret_key_with_kid): Once we find the relevent
key or subkey, stop searching.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Only a single key or subkey will ever be selected per keyblock.

4 years agog10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT
Neal H. Walfield [Tue, 15 Sep 2015 12:45:18 +0000 (14:45 +0200)]
g10: Don't skip legacy keys if the search mode is KEYDB_SEARCH_MODE_NEXT

* g10/getkey.c (lookup): Also don't skip legacy keys if the search
mode is KEYDB_SEARCH_MODE_NEXT.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
We currently don't skip keys if the search mode is
KEYDB_SEARCH_MODE_FIRST.  Since we change KEYDB_SEARCH_MODE_FIRST to
KEYDB_SEARCH_MODE_NEXT (to avoid a reset), it only makes sense to have
the same semantics for KEYDB_SEARCH_MODE_NEXT.

4 years agog10: Remove unused function get_seckeyblock_byfprint.
Neal H. Walfield [Mon, 14 Sep 2015 19:24:57 +0000 (21:24 +0200)]
g10: Remove unused function get_seckeyblock_byfprint.

* g10/keydb.h (get_seckeyblock_byfprint): Remove prototype.
* g10/getkey.c (get_seckeyblock_byfprint): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Remove unused function get_seckey_byfprint.
Neal H. Walfield [Mon, 14 Sep 2015 19:22:31 +0000 (21:22 +0200)]
g10: Remove unused function get_seckey_byfprint.

* g10/keydb.h (get_seckey_byfprint): Remove prototype.
* g10/getkey.c (get_seckey_byfprint): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Simplify get_seckey_byname: it was never called with NAME not NULL.
Neal H. Walfield [Mon, 14 Sep 2015 19:14:00 +0000 (21:14 +0200)]
g10: Simplify get_seckey_byname: it was never called with NAME not NULL.

* g10/keydb.h (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this.  Drop the parameter name.  Update
users.
* g10/getkey.c (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this.  Drop the parameter name.  Drop the
code which assumed that NAME is not NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Eliminate the redundant function get_keyblock_byfprint.
Neal H. Walfield [Mon, 14 Sep 2015 18:55:59 +0000 (20:55 +0200)]
g10: Eliminate the redundant function get_keyblock_byfprint.

* g10/keydb.h (get_keyblock_byfprint): Remove prototype.  Replace use
of this function with get_pubkey_byfprint.
* g10/getkey.c (get_pubkey_byname): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Simplify semantics of get_pubkey_byname.
Neal H. Walfield [Mon, 14 Sep 2015 18:38:07 +0000 (20:38 +0200)]
g10: Simplify semantics of get_pubkey_byname.

* g10/getkey.c (get_pubkey_byname): If R_KEYBLOCK is not NULL, return
the keyblock in R_KEYBLOCK independent of whether PK is set or not.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Currently, no caller invokes get_pubkey_byname with PK==NULL and
R_KEYBLOCK != NULL.  Thus, this change does not change any behavior.

4 years agog10: Eliminate the redundant function get_pubkey_byname.
Neal H. Walfield [Mon, 14 Sep 2015 13:43:52 +0000 (15:43 +0200)]
g10: Eliminate the redundant function get_pubkey_byname.

* g10/getkey.c (get_pubkey_byname): Remove function.
(lookup): Replace use of get_pubkey_byname by get_pubkey_byfprint.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Eliminate the redundant function get_pubkey_end.
Neal H. Walfield [Mon, 14 Sep 2015 13:31:25 +0000 (15:31 +0200)]
g10: Eliminate the redundant function get_pubkey_end.

* g10/keydb.h (get_pubkey_end): Remove declaration.  Replace use of
function with getkey_end.
* g10/getkey.c (get_pubkey_byname): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Eliminate the redundant function get_pubkey_next.
Neal H. Walfield [Mon, 14 Sep 2015 13:22:25 +0000 (15:22 +0200)]
g10: Eliminate the redundant function get_pubkey_next.

* g10/keydb.h (get_pubkey_next): Remove prototype.
* g10/getkey.c (get_pubkey_next): Remove function.
* g10/keylist.c (locate_one): Use getkey_next instead of
get_pubkey_next.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agokbx: Change skipfnc's prototype so that we can provide all information.
Neal H. Walfield [Mon, 14 Sep 2015 09:27:43 +0000 (11:27 +0200)]
kbx: Change skipfnc's prototype so that we can provide all information.

* kbx/keybox-search-desc.h (struct keydb_search_desc.skipfnc): Change
third parameter to be the index of the user id packet in the keyblock
rather than the packet itself.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
The keybox code doesn't work directly with keyblocks.  As such, the
matched user packet is not readily available to pass to
DESC[n].SKIPFNC.  But, we do know the index of the user id packet that
matched.  Thus, pass that instead.  If the skip function needs the
user id packet, it can use the key id to look up the key block and
find the appropriate packet.

4 years agog10: Remove unused prototype (get_pubkey_byfpr).
Neal H. Walfield [Thu, 10 Sep 2015 11:50:44 +0000 (13:50 +0200)]
g10: Remove unused prototype (get_pubkey_byfpr).

* g10/keydb.h (get_pubkey_byfpr): Remove unused prototype.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Remove unused function (get_pubkey_bynames).
Neal H. Walfield [Wed, 9 Sep 2015 19:22:08 +0000 (21:22 +0200)]
g10: Remove unused function (get_pubkey_bynames).

* g10/keydb.h (get_pubkey_bynames): Remove prototype.
* g10/getkey.c (get_pubkey_bynames): Remove function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Simplify code. Turn struct getkey_ctx_s.found_key into an argument
Neal H. Walfield [Wed, 9 Sep 2015 19:04:57 +0000 (21:04 +0200)]
g10: Simplify code.  Turn struct getkey_ctx_s.found_key into an argument

* g10/getkey.c (struct getkey_ctx_s): Remove field found_key.
(lookup): Add argument ret_found_key.  If not NULL, set it to the
found key.  Update callers.
(pk_from_block): Add argument found_key.  Use it instead of
CTX->FOUND_KEY.  Update callers.
(finish_lookup): Return a KBNODE (the found key) instead of an int.
Don't set CTX->FOUND_KEY.  Return the found key instead.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Remove unused field struct getkey_ctx_s.kbpos.
Neal H. Walfield [Wed, 9 Sep 2015 18:18:22 +0000 (20:18 +0200)]
g10: Remove unused field struct getkey_ctx_s.kbpos.

* g10/getkey.c (struct getkey_ctx_s): Remove field kbpos.
(getkey_end): Don't clear CTX->KBPOS.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Simplify code: remove field struct getkey_ctx_s.keyblock.
Neal H. Walfield [Wed, 9 Sep 2015 18:04:32 +0000 (20:04 +0200)]
g10: Simplify code: remove field struct getkey_ctx_s.keyblock.

* g10/getkey.c (struct getkey_ctx_s): Remove field keyblock.
(finish_lookup): Add parameter keyblock.  Update caller to pass this.
(lookup): Add new local variable keyblock.  Use this instead of
ctx->keyblock for referencing the keyblock.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoagent: Fix registering SSH Key of Ed25519.
NIIBE Yutaka [Wed, 16 Sep 2015 01:37:38 +0000 (10:37 +0900)]
agent: Fix registering SSH Key of Ed25519.

* agent/command-ssh.c (stream_read_string): Add the prefix of 0x40.

--

GnuPG-bug-id: 2096

4 years agopo: Update Japanese translation.
NIIBE Yutaka [Tue, 15 Sep 2015 06:12:56 +0000 (15:12 +0900)]
po: Update Japanese translation.

4 years agoPost release updates.
Werner Koch [Thu, 10 Sep 2015 19:05:27 +0000 (21:05 +0200)]
Post release updates.

--

4 years agoRelease 2.1.8. gnupg-2.1.8
Werner Koch [Thu, 10 Sep 2015 14:40:37 +0000 (16:40 +0200)]
Release 2.1.8.

4 years agotests: Silence the 5gb-packet test.
Werner Koch [Thu, 10 Sep 2015 16:07:20 +0000 (18:07 +0200)]
tests: Silence the 5gb-packet test.

* tests/openpgp/4gb-packet.test: Send output to /dev/null.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agog10: Fix make distcheck problem.
Werner Koch [Thu, 10 Sep 2015 16:11:58 +0000 (18:11 +0200)]
g10: Fix make distcheck problem.

* g10/test.c: Include string.h.
(prepend_srcdir): New.  Taken from Libgcrypt.
(test_free): New.
* g10/t-keydb.c (do_test): Malloc the filename.
* g10/Makefile.am (AM_CPPFLAGS): Remove -DSOURCE_DIR
(EXTRA_DIST): Add t-keydb-keyring.kbx.
--

Using SOURCE_DIR should in general work but we have seen problems when
doing this in Libgcrypt.  Using the srcdir variable gives us anyway
more flexibility and aligns with the way we do it in tests/openpgp.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agog10: Improve portability of the new test driver.
Werner Koch [Thu, 10 Sep 2015 15:43:13 +0000 (17:43 +0200)]
g10: Improve portability of the new test driver.

* g10/test.c: Include stdio.h and stdlib.h.
(verbose): New.
(print_results): Rename to exit_tests.
(main): Remove atexit and call exit_tests.  Set verbose.
(ASSERT, ABORT): Call exit_tests instead of exit.
--

Calling exit from an exit handler is undefined behaviour.  It works on
Linux but other systems will hit an endless loop.  That is indeed
unfortunate but we can't do anything about it.  Calling _exit() would
be possible but that may lead to other problems.  Thus we change to
call a custom exit function :-(.

Using "make check verbose=1" is supported by tests/openpgp and thus
we add the same mechanism here.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agopo: Auto-update
Werner Koch [Thu, 10 Sep 2015 14:22:49 +0000 (16:22 +0200)]
po: Auto-update

--

4 years agopo: Update Russian translation
Ineiev [Thu, 10 Sep 2015 14:16:39 +0000 (16:16 +0200)]
po: Update Russian translation

--

4 years agodirmngr: Allow sending much larger keyblocks.
Werner Koch [Wed, 9 Sep 2015 13:41:25 +0000 (15:41 +0200)]
dirmngr: Allow sending much larger keyblocks.

* dirmngr/server.c (MAX_CERT_LENGTH): Increase to 16k.
(MAX_KEYBLOCK_LENGTH): Increase to 20M.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodoc: Minor comment fixes.
Werner Koch [Wed, 9 Sep 2015 13:14:20 +0000 (15:14 +0200)]
doc: Minor comment fixes.

--

4 years agoscd: Force key attribute change for writekey.
NIIBE Yutaka [Mon, 7 Sep 2015 04:49:47 +0000 (13:49 +0900)]
scd: Force key attribute change for writekey.

* scd/app-openpgp.c (change_rsa_keyattr): New.
(change_keyattr_from_string): Use change_rsa_keyattr.
(rsa_writekey): Call change_rsa_keyattr when different size.
(ecc_writekey): Try to change key attribute.

4 years agoscd: KEYNO cleanup.
NIIBE Yutaka [Mon, 7 Sep 2015 04:09:01 +0000 (13:09 +0900)]
scd: KEYNO cleanup.

* scd/app-openpgp.c (get_public_key, send_keypair_info, do_readkey)
(change_keyattr, change_keyattr_from_string, ecc_writekey, do_genkey)
(compare_fingerprint, check_against_given_fingerprint): KEYNO starts
from 0.

4 years agog10: Remove unused field req_algo.
Neal H. Walfield [Tue, 1 Sep 2015 12:53:47 +0000 (14:53 +0200)]
g10: Remove unused field req_algo.

* g10/packet.h (PKT_public_key): Remove unused field req_algo.  Remove
users.
* g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
Remove users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Use a symbolic constant instead of a literal.
Neal H. Walfield [Tue, 1 Sep 2015 08:40:04 +0000 (10:40 +0200)]
g10: Use a symbolic constant instead of a literal.

* g10/trustdb.c (KEY_HASH_TABLE_SIZE): Define.
(new_key_hash_table): Use KEY_HASH_TABLE_SIZE instead of a literal.
(release_key_hash_table): Likewise.
(test_key_hash_table): Likewise.
(add_key_hash_table): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Add test for keydb as well as new testing infrastructure.
Neal H. Walfield [Wed, 2 Sep 2015 13:07:06 +0000 (15:07 +0200)]
g10: Add test for keydb as well as new testing infrastructure.

* g10/Makefile.am (EXTRA_DIST): Add test.c.
(AM_CPPFLAGS): Add -DSOURCE_DIR="\"$(srcdir)\"".
(module_tests): Add t-keydb.
(t_keydb_SOURCES): New variable.
(t_keydb_LDADD): Likewise.
* g10/t-keydb.c: New file.
* g10/t-keydb-keyring.kbx: New file.
* g10/test-stubs.c: New file.
* g10/test.c: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Make the keyblock cache per-handle rather than global.
Neal H. Walfield [Mon, 31 Aug 2015 11:57:07 +0000 (13:57 +0200)]
g10: Make the keyblock cache per-handle rather than global.

* g10/keydb.c (keyblock_cache): Don't declare this variable.  Instead...
(struct keyblock_cache): ... turn its type into this first class
object...
(struct keydb_handle): ... and instantiate it once per database
handle.  Update all users.
(keydb_rebuild_caches): Don't invalidate the keyblock cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: If iobuf_seek fails when reading from the cache, do a hard read.
Neal H. Walfield [Wed, 2 Sep 2015 08:33:26 +0000 (10:33 +0200)]
g10: If iobuf_seek fails when reading from the cache, do a hard read.

* g10/keydb.c (keydb_get_keyblock): If the iobuf_seek fails when
reading from the cache, then simply clear the cache and try reading
from the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoiobuf: Reduce verbosity of test.
Neal H. Walfield [Wed, 2 Sep 2015 08:30:59 +0000 (10:30 +0200)]
iobuf: Reduce verbosity of test.

* common/t-iobuf.c (main): Reduce verbosity.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoiobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.
Neal H. Walfield [Wed, 2 Sep 2015 08:24:33 +0000 (10:24 +0200)]
iobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.

* common/iobuf.h (enum iobuf_use): Add new member, IOBUF_INPUT_TEMP.
* common/iobuf.c (iobuf_temp_with_content): Create the iobuf as an
IOBUF_INPUT_TEMP, not an IOBUF_INPUT buffer.  Assert that LENGTH ==
A->D.SIZE.
(iobuf_push_filter2): If A is an IOBUF_INPUT_TEMP, then make the new
filter an IOBUF_INPUT filter and set its buffer size to
IOBUF_BUFFER_SIZE.
(underflow): If A is an IOBUF_INPUT_TEMP, then just return EOF; don't
remove already read data.
(iobuf_seek): If A is an IOBUF_INPUT_TEMP, don't discard the buffered
data.
(iobuf_alloc): Allow USE == IOBUF_INPUT_TEMP.
(pop_filter): Allow USE == IOBUF_INPUT_TEMP.
(iobuf_peek): Allow USE == IOBUF_INPUT_TEMP.
(iobuf_writebyte): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_write): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_writestr): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_flush_temp): Fail if USE == IOBUF_INPUT_TEMP.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Introduce a new iobuf type, IOBUF_INPUT_TEMP.  Use this for the iobuf
created by iobuf_temp_with_content instead of IOBUF_INPUT.  This was
necessary so that seeking and peeking correctly work on this type of
iobuf.  In particular, seeking didn't work because we discarded the
buffered data and peeking didn't work because we discarded data which
was already read, which made seeking later impossible.

4 years agoiobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.
Neal H. Walfield [Wed, 2 Sep 2015 07:56:09 +0000 (09:56 +0200)]
iobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.

* common/iobuf.h (enum iobuf_use): Rename IOBUF_TEMP to
IOBUF_OUTPUT_TEMP.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoiobuf: Use a first-class enum.
Neal H. Walfield [Tue, 1 Sep 2015 20:17:23 +0000 (22:17 +0200)]
iobuf: Use a first-class enum.

* common/iobuf.h (enum iobuf_use): Name the IOBUF_OUTPUT, etc. enum.
(struct iobuf_struct): Change the field use's type to it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoiobuf: Fix test.
Neal H. Walfield [Tue, 1 Sep 2015 20:13:45 +0000 (22:13 +0200)]
iobuf: Fix test.

* common/t-iobuf.c (content_filter): If there is nothing to read,
don't forget to set *LEN to 0.
(main): Fix checks.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoagent: Protect commit 135b1e3 against misbehaving Libgcrypt.
Werner Koch [Tue, 1 Sep 2015 05:39:28 +0000 (07:39 +0200)]
agent: Protect commit 135b1e3 against misbehaving Libgcrypt.

* agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Remove option --no-sig-create-check.
Werner Koch [Mon, 31 Aug 2015 22:07:24 +0000 (00:07 +0200)]
gpg: Remove option --no-sig-create-check.

* g10/gpg.c (opts): Remove --no-sig-create-check.
* g10/options.h (struct opt): Remove field no_sig_create_check.
* g10/sign.c (do_sign): Always check unless it is RSA and we are using
Libgcrypt 1.7.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Assume an utf-8 locale on iconv errors.
Werner Koch [Mon, 31 Aug 2015 18:29:28 +0000 (20:29 +0200)]
common: Assume an utf-8 locale on iconv errors.

* common/utf8conv.c (handle_iconv_error): Use utf-8 as fallback.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Fix regression in building argpase.c standalone.
Werner Koch [Mon, 31 Aug 2015 18:21:43 +0000 (20:21 +0200)]
common: Fix regression in building argpase.c standalone.

* common/argparse.c (is_native_utf8) [GNUPG_MAJOR_VERSION]: New.

4 years agoTypo fixes
Werner Koch [Fri, 28 Aug 2015 03:05:37 +0000 (05:05 +0200)]
Typo fixes

--

4 years agog10: Don't leak memory if we fail to initialize a new database handle.
Neal H. Walfield [Mon, 31 Aug 2015 09:22:14 +0000 (11:22 +0200)]
g10: Don't leak memory if we fail to initialize a new database handle.

* g10/keydb.c (keydb_new): If we fail to open a keyring or keybox
correctly release all resources.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Improve interface documentation of the keydb API.
Neal H. Walfield [Mon, 31 Aug 2015 09:14:21 +0000 (11:14 +0200)]
g10: Improve interface documentation of the keydb API.

* g10/keydb.c: Improve code comments and documentation of internal
interfaces.  Improve documentation of public APIs and move that to...
* g10/keydb.h: ... this file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Don't cache search results if the search didn't scan the whole DB.
Neal H. Walfield [Mon, 31 Aug 2015 07:47:58 +0000 (09:47 +0200)]
g10: Don't cache search results if the search didn't scan the whole DB.

* g10/keydb.c (struct keydb_handle): Add new field is_reset.
(keydb_new): Initialize hd->is_reset to 1.
(keydb_locate_writable): Set hd->is_reset to 1.
(keydb_search): Set hd->is_reset to 0.  Don't cache a key not found if
the search started from the beginning of the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10: Have keydb_search_first call keydb_search_reset before searching.
Neal H. Walfield [Mon, 31 Aug 2015 07:22:23 +0000 (09:22 +0200)]
g10: Have keydb_search_first call keydb_search_reset before searching.

* g10/keydb.c (keydb_search_first): Reset the handle before starting
the search.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
This bug hasn't shown up yet in practice, because keydb_search_first
is always called immediately after a keydb_new.  This changes cleans
up the semantics and will hopefully prevent future bugs.

4 years agog10: Remove unused parameter.
Neal H. Walfield [Fri, 28 Aug 2015 14:22:59 +0000 (16:22 +0200)]
g10: Remove unused parameter.

* g10/keydb.h (keydb_locate_writable): Remove unused parameter
reserved.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoagent: Fix SSH public key for EdDSA.
NIIBE Yutaka [Mon, 31 Aug 2015 06:15:03 +0000 (15:15 +0900)]
agent: Fix SSH public key for EdDSA.

* agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40.

4 years agog10: Simplify cache. Only include data that is actually used.
Neal H. Walfield [Wed, 26 Aug 2015 10:22:24 +0000 (12:22 +0200)]
g10: Simplify cache.  Only include data that is actually used.

* g10/keydb.c (struct kid_list_s): Rename from this...
(struct kid_not_found_cache_bucket): ... to this.  Update users.
Remove field state.
(kid_list_t): Remove type.
(KID_NOT_FOUND_CACHE_BUCKETS): Define.  Use this instead of a literal.
(kid_found_table): Rename from this...
(kid_not_found_cache_bucket): ... to this.  Update users.
(kid_found_table_count): Rename from this...
(kid_not_found_cache_count): ... to this.  Update users.
(kid_not_found_p): Only return whether a key with the specified key id
is definitely not in the database.
(kid_not_found_insert): Remove parameter found.  Update callers.
(keydb_search): Only insert a key id in the not found cache if it is
not found.  Rename local variable once_found to already_in_cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Commit e0873a33 started tracking whether key ids where definitely in
the database.  This information is, however, never used and thus just
unnecessarily inflates the cache.  This patch effectively reverts that
change (however, e0873a33 contains two separate changes and this only
reverts that change).

4 years agoAdd configure option --enable-build-timestamp.
Werner Koch [Tue, 25 Aug 2015 19:08:27 +0000 (21:08 +0200)]
Add configure option --enable-build-timestamp.

* configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
--

This is based on
libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554
but changed to be disabled by default.  Check there for some
background.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Emit ERROR status for key signing failures.
Werner Koch [Tue, 25 Aug 2015 13:06:40 +0000 (15:06 +0200)]
gpg: Emit ERROR status for key signing failures.

* g10/keyedit.c (sign_uids): Write an ERROR status for a signing
failure.
(menu_adduid, menu_addrevoker, menu_revsig): Ditto.
(menu_revuid, menu_revkey, menu_revsubkey): Ditto.
--

This change helps GPA to show better error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Print a new FAILURE status after most commands.
Werner Koch [Tue, 25 Aug 2015 07:03:31 +0000 (09:03 +0200)]
gpg: Print a new FAILURE status after most commands.

* common/status.h (STATUS_FAILURE): New.
* g10/cpr.c (write_status_failure): New.
* g10/gpg.c (main): Call write_status_failure for all commands which
print an error message here.
* g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
set the pinentry mode.
--

This status line can be used similar to the error code returned by
commands send over the Assuan interface in gpgsm.  We don't emit them
in gpgsm because there we already have that Assuan interface to return
proper error code.  This change helps GPGME to return better error
codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Raise the maximum password length. Don't hard code it.
Neal H. Walfield [Mon, 24 Aug 2015 14:14:09 +0000 (16:14 +0200)]
agent: Raise the maximum password length.  Don't hard code it.

* agent/agent.h (MAX_PASSPHRASE_LEN): Define.
* agent/command-ssh.c (ssh_identity_register): Use it instead of a
hard-coded literal.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
* agent/findkey.c (unprotect): Likewise.
* agent/genkey.c (agent_ask_new_passphrase): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
GnuPG-bug-id: 2038

4 years agosm: Support secret key export via the Assuan interface.
Werner Koch [Mon, 24 Aug 2015 10:43:00 +0000 (12:43 +0200)]
sm: Support secret key export via the Assuan interface.

* sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agopo: Grammar fix for the German translation.
Werner Koch [Mon, 24 Aug 2015 07:31:24 +0000 (09:31 +0200)]
po: Grammar fix for the German translation.

--
Reported-by: Thomas Bellmann
4 years agodirmngr: Allow sending of Zack's key.
Werner Koch [Sun, 23 Aug 2015 19:16:39 +0000 (21:16 +0200)]
dirmngr: Allow sending of Zack's key.

* dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Fix regression in packet parser from Aug 19.
Werner Koch [Sun, 23 Aug 2015 10:17:43 +0000 (12:17 +0200)]
gpg: Fix regression in packet parser from Aug 19.

* g10/parse-packet.c (parse): Use an int to compare to -1.  Use
buf32_to_ulong.
--

Regression-due-to: 0add91ae1ca3718e8140af09294c595f47c958d3
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Show not found keys with --locate-key --verbose.
Werner Koch [Sun, 23 Aug 2015 09:56:17 +0000 (11:56 +0200)]
gpg: Show not found keys with --locate-key --verbose.

* g10/keylist.c (locate_one): Print a diagnostic for a not-found key.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Don't incorrectly reject 4 GB - 1 sized packets.
Neal H. Walfield [Fri, 21 Aug 2015 09:55:15 +0000 (11:55 +0200)]
common: Don't incorrectly reject 4 GB - 1 sized packets.

* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
Add the constraint that the type must be 63.
* kbx/keybox-openpgp.c (next_packet): Likewise.
* tests/openpgp/4gb-packet.asc: New file.
* tests/openpgp/4gb-packet.test: New file.
* tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
(TEST_FILES): Add 4gb-packet.asc.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Don't assume on-disk layout matches in-memory layout.
Neal H. Walfield [Fri, 21 Aug 2015 08:38:41 +0000 (10:38 +0200)]
common: Don't assume on-disk layout matches in-memory layout.

* g10/packet.h (PKT_signature): Change revkey's type from a struct
revocation_key ** to a struct revocation_key *.  Update users.

--
revkey was a pointer into the raw data.  But, C doesn't guarantee that
there is no padding.  Thus, we copy the data.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Don't incorrectly copy packets with partial lengths.
Neal H. Walfield [Fri, 21 Aug 2015 07:47:57 +0000 (09:47 +0200)]
common: Don't incorrectly copy packets with partial lengths.

* g10/parse-packet.c (parse): We don't handle copying packets with a
partial body length to an output stream.  If this occurs, log an error
and abort.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Check parameters more rigorously.
Neal H. Walfield [Fri, 21 Aug 2015 07:35:09 +0000 (09:35 +0200)]
common: Check parameters more rigorously.

* g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
NULL.
(copy_all_packets): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Don't continuing processing on error.
Neal H. Walfield [Fri, 21 Aug 2015 07:32:58 +0000 (09:32 +0200)]
common: Don't continuing processing on error.

* g10/parse-packet.c (dbg_parse_packet): Also return if parse returns
an error.
(parse_packet): Likewise.
(dbg_search_packet): Likewise.
(search_packet): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon: Better respect the packet's length when reading it.
Neal H. Walfield [Fri, 21 Aug 2015 07:28:49 +0000 (09:28 +0200)]
common: Better respect the packet's length when reading it.

* g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
underflow.  Be more careful that a read doesn't read more data than
PKTLEN says is available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agodoc: Remove C++ style comments and update HACKING.
Werner Koch [Thu, 20 Aug 2015 15:42:55 +0000 (17:42 +0200)]
doc: Remove C++ style comments and update HACKING.

--

4 years agopo: Add lost translation of validity strings.
Werner Koch [Thu, 20 Aug 2015 14:37:45 +0000 (16:37 +0200)]
po: Add lost translation of validity strings.

* po/POTFILES.in (trust.c): Add missing file.
* po/de.po: Changed German validity strings.
* doc/help.de.txt: Ditto.
--

Note that I replaced "uneingeschr√§nkt" in de.po to "ultimativ" to
make the output better readable.

4 years agog10/parse-packet.c:parse: Try harder to not ignore an EOF.
Neal H. Walfield [Wed, 19 Aug 2015 11:41:12 +0000 (13:41 +0200)]
g10/parse-packet.c:parse: Try harder to not ignore an EOF.

* g10/parse-packet.c (parse): Be more robust: make sure to process any
EOF.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10/parse-packet.c: Replace literal with symbolic expression.
Neal H. Walfield [Wed, 19 Aug 2015 11:38:20 +0000 (13:38 +0200)]
g10/parse-packet.c: Replace literal with symbolic expression.

* g10/parse-packet.c (dump_hex_line): Use sizeof rather than the
buffer's size.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.