gnupg.git
3 years agocommon/iobuf: Improve documentation and code comments.
Neal H. Walfield [Mon, 17 Aug 2015 10:30:04 +0000 (12:30 +0200)]
common/iobuf: Improve documentation and code comments.

common/iobuf.h: Improve documentation and code comments.
common/iobuf.c: Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Adjust buffer size of filters in front of temp filters.
Neal H. Walfield [Mon, 17 Aug 2015 10:29:15 +0000 (12:29 +0200)]
common/iobuf.c: Adjust buffer size of filters in front of temp filters.

* common/iobuf.c (iobuf_push_filter2): If the head filter is a temp
filter, use IOBUF_BUFFER_SIZE for the new filter.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Buffered data should not be processed by new filters.
Neal H. Walfield [Mon, 17 Aug 2015 09:56:42 +0000 (11:56 +0200)]
common/iobuf.c: Buffered data should not be processed by new filters.

* common/iobuf.c (iobuf_push_filter2): If the pipeline is an output or
temp pipeline, the new filter shouldn't assume ownership of the old
head's internal buffer: the data was written before the filter was
added.
* common/t-iobuf.c (double_filter): New function.
(main): Add test cases for the above bug.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.
Neal H. Walfield [Fri, 14 Aug 2015 11:19:22 +0000 (13:19 +0200)]
common/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.

* common/iobuf.c (iobuf_temp_to_buffer): Flush each filter in the
pipeline and copy the data from the last (not the first) filter's
internal buffer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.
Neal H. Walfield [Fri, 14 Aug 2015 09:18:18 +0000 (11:18 +0200)]
common/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.

* common/iobuf.c (do_open): New function, which is a generalization of
iobuf_open, iobuf_Create, iobuf_openrw.
(iobuf_open): Call do_open.
(iobuf_create): Likewise.
(iobuf_openrw): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.h: Remove iobuf_open_fd_or_name.
Neal H. Walfield [Thu, 13 Aug 2015 14:09:15 +0000 (16:09 +0200)]
common/iobuf.h: Remove iobuf_open_fd_or_name.

* common/iobuf.h (iobuf_open_fd_or_name): Remove prototype.  Replace
use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
* common/iobuf.c (iobuf_open): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Rename iobuf_flush and make it a static function.
Neal H. Walfield [Thu, 13 Aug 2015 13:53:11 +0000 (15:53 +0200)]
common/iobuf.c: Rename iobuf_flush and make it a static function.

* common/iobuf.h (iobuf_flush): Remove prototype.
* common/iobuf.c (filter_flush): New static prototype.
(iobuf_flush): Rename...
(filter_flush): ... to this.  Make static.  Simplify code.  Update
callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails
Neal H. Walfield [Thu, 13 Aug 2015 08:08:32 +0000 (10:08 +0200)]
common/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails

* common/iobuf.c (iobuf_cancel): Don't abort freeing a pipeline if
freeing a filter fails.  This needs to a memory leak.  Instead, keep
freeing and return the error code of the first filter that fails.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Improve iobuf_peek.
Neal H. Walfield [Wed, 12 Aug 2015 20:57:58 +0000 (22:57 +0200)]
common/iobuf.c: Improve iobuf_peek.

* common/iobuf.c (underflow): Take additional parameter
clear_pending_eof.  If not set, don't clear a pending eof when
returning EOF.  Update callers.
(iobuf_peek): Fill the internal buffer, if needed, to be able to
better satisfy any request.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: When requested, fill the buffer even if it is not empty.
Neal H. Walfield [Wed, 12 Aug 2015 20:10:37 +0000 (22:10 +0200)]
common/iobuf.c: When requested, fill the buffer even if it is not empty.

* common/iobuf.c (underflow): Don't require that the buffer be empty.
When called, fill any available space.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/t-iobuf.c: Add a test case for multiple EOFs.
Neal H. Walfield [Wed, 12 Aug 2015 09:44:59 +0000 (11:44 +0200)]
common/t-iobuf.c: Add a test case for multiple EOFs.

common/t-iobuf.c (main): Add a test case for multiple EOFs in an INPUT
pipeline.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Better respect boundary conditions in iobuf_read_line.
Neal H. Walfield [Wed, 12 Aug 2015 00:19:05 +0000 (02:19 +0200)]
common/iobuf.c: Better respect boundary conditions in iobuf_read_line.

* common/iobuf.c (iobuf_read_line): Be more careful with boundary
conditions.
* common/iobuf.h: Include <gpg-error.h>.
* common/t-iobuf.c: New file.
* common/Makefile.am (module_tests): Add t-iobuf.
(t_mbox_util_LDADD): New variable.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Fix filter type for iobuf_temp_with_content.
Neal H. Walfield [Wed, 12 Aug 2015 10:03:23 +0000 (12:03 +0200)]
common/iobuf.c: Fix filter type for iobuf_temp_with_content.

* common/iobuf.c (iobuf_temp_with_content): Set the filter type to
IOBUF_INPUT, not IOBUF_TEMP, which is only for output filters that
write into a dynamic buffer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.h: Remove unimplemented prototypes.
Neal H. Walfield [Mon, 10 Aug 2015 13:04:52 +0000 (15:04 +0200)]
common/iobuf.h: Remove unimplemented prototypes.

* common/iobuf.h (iobuf_unread): Remove unimplemented prototype.
(iobuf_clear_eof): Likewise.
(iobuf_append): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Refactor code to not need the desc field.
Neal H. Walfield [Sun, 9 Aug 2015 14:57:42 +0000 (16:57 +0200)]
common/iobuf.c: Refactor code to not need the desc field.

* common/iobuf.h (struct iobuf_struct): Remove field desc.
* common/iobuf.c (iobuf_desc): New function.  When a filter's
description is needed, use this instead of the filter's desc field.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.h: Clarify semantics of nofast. Simplify implementation.
Neal H. Walfield [Sun, 9 Aug 2015 14:53:51 +0000 (16:53 +0200)]
common/iobuf.h: Clarify semantics of nofast.  Simplify implementation.

* common/iobuf.h (struct iobuf_struct): Clarify semantics of nofast.
Simplify use of nofast to implement just these semantics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Remove dead code (directfp).
Neal H. Walfield [Sun, 9 Aug 2015 14:50:42 +0000 (16:50 +0200)]
common/iobuf.c: Remove dead code (directfp).

* common/iobuf.h (struct iobuf_struct): Remove field directfp.  Remove
all uses of it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.c: Remove dead code (opaque).
Neal H. Walfield [Sun, 9 Aug 2015 14:49:04 +0000 (16:49 +0200)]
common/iobuf.c: Remove dead code (opaque).

* common/iobuf.h (struct iobuf_struct): Remove field opaque.  Remove
all uses of it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon/iobuf.h: Replace further use of literals with symbolic constants.
Neal H. Walfield [Sun, 9 Aug 2015 08:52:34 +0000 (10:52 +0200)]
common/iobuf.h: Replace further use of literals with symbolic constants.

* common/iobuf.c: Move BLOCK_FILTER_INPUT,
BLOCK_FILTER_OUTPUT_BLOCK_FILTER_TEMP from here...
* common/iobuf.h: ... to here and rename to IOBUF_INPUT, IOBUF_OUTPUT
and IOBUF_TEMP, respectively.  Where appropriate, use these macros
instead of a literal.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agogpg: Avoid linking to Libksba
Werner Koch [Mon, 17 Aug 2015 14:13:25 +0000 (16:13 +0200)]
gpg: Avoid linking to Libksba

* kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
* sm/Makefile.am (AM_CPPFLAGS): Define it here.
(common_libs): Change to libkeybox509.a
* g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
(gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
* kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
(libkeybox509_a_SOURCES): New.
(libkeybox_a_CFLAGS): New.
(libkeybox509_a_CFLAGS): New.
(kbxutil_CFLAGS): New.
* kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
as unused.
--

There is no real need to link to Libksba in gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoFix pinentry loopback and passphrase contraints.
Ben Kibbey [Sun, 16 Aug 2015 17:46:59 +0000 (13:46 -0400)]
Fix pinentry loopback and passphrase contraints.

* agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
pinentry loopback mode.
* agent/genkey.c (check_passphrase_constraints): Immediately return when
pinentry mode is loopback.

--
Fixes endless loop when inquiring a passphrase with
pinentry-mode=loopback that may not satisfy passphrase contraints.

3 years agoFix sending INQUIRE_MAXLEN for symmetric data.
Ben Kibbey [Sun, 16 Aug 2015 16:23:21 +0000 (12:23 -0400)]
Fix sending INQUIRE_MAXLEN for symmetric data.

* g10/passphrase.c (passphrase_to_dek_ext): Write the status message.

3 years agoInform a user about inquire length limit.
Ben Kibbey [Fri, 17 Apr 2015 01:00:30 +0000 (21:00 -0400)]
Inform a user about inquire length limit.

* common/status.h (INQUIRE_MAXLEN): New.
* g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
client when inquiring a passphrase over pinentry-loopback.

--
This is to inform a user about the maximum length of a passphrase. The
limit is the same that gpg-agent uses.

3 years agoAllow --gen-key to inquire a passphrase.
Ben Kibbey [Tue, 14 Apr 2015 22:48:57 +0000 (18:48 -0400)]
Allow --gen-key to inquire a passphrase.

* g10/gpg.c (main): test for --command-fd during --gen-key parse.

When --command-fd is set then imply --batch to let gpg inquire a
passphrase rather than requiring a pinentry.

3 years agoPost release updates.
Werner Koch [Tue, 11 Aug 2015 14:13:39 +0000 (16:13 +0200)]
Post release updates.

--

3 years agoRelease 2.1.7 gnupg-2.1.7
Werner Koch [Tue, 11 Aug 2015 11:54:29 +0000 (13:54 +0200)]
Release 2.1.7

3 years agopo: Auto update.
Werner Koch [Tue, 11 Aug 2015 11:54:00 +0000 (13:54 +0200)]
po: Auto update.

--

3 years agopo: Update German translation
Werner Koch [Tue, 11 Aug 2015 11:53:00 +0000 (13:53 +0200)]
po: Update German translation

--

3 years agodoc: Improve documentation of VALIDSIG
Daniel Kahn Gillmor [Tue, 11 Aug 2015 04:01:26 +0000 (00:01 -0400)]
doc: Improve documentation of VALIDSIG

--

3 years agoagent: fix ECC key handling.
NIIBE Yutaka [Mon, 10 Aug 2015 10:13:13 +0000 (19:13 +0900)]
agent: fix ECC key handling.

* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): CURVE is the name of curve.

3 years agocommon/iobuf.c: Replace use of literals with symbolic constants.
Neal H. Walfield [Sat, 8 Aug 2015 11:09:00 +0000 (13:09 +0200)]
common/iobuf.c: Replace use of literals with symbolic constants.

* common/iobuf.c (BLOCK_FILTER_INPUT): Define.  Where appropriate, use
this instead of a literal.
(BLOCK_FILTER_OUTPUT): Likewise.
(BLOCK_FILTER_TEMP): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agogpg: Allow gpgv to work with a trustedkeys.kbx file.
Werner Koch [Fri, 7 Aug 2015 13:53:56 +0000 (15:53 +0200)]
gpg: Allow gpgv to work with a trustedkeys.kbx file.

* g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
* g10/keydb.c (keydb_add_resource): Take care of new flag.
* g10/gpgv.c (main): Use new flag.
--

GnuPG-bug-id: 2025
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Add option --force to the DELETE_KEY command.
Werner Koch [Fri, 7 Aug 2015 10:55:29 +0000 (12:55 +0200)]
agent: Add option --force to the DELETE_KEY command.

* agent/findkey.c (agent_delete_key): Add arg "force".
* agent/command.c (cmd_delete_key): Add option --force.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Change alias for Curve25519 to "cv25519".
Werner Koch [Fri, 7 Aug 2015 07:37:49 +0000 (09:37 +0200)]
common: Change alias for Curve25519 to "cv25519".

* common/openpgp-oid.c (oidtable): Change alias.
--

This is a cosmetic change so that common and expected common
algorithms line up nicely in a keylisting.  For example:

  pub   ed25519/C68CE6D1ED0319C8 2015-08-06
  uid                 [ultimate] Curve25519 Test 150806.1
  sub   cv25519/49238B9F0712C9BF 2015-08-06
  sub   rsa2048/8AEAF74014699D2C 2015-08-06
  sub   cv25519/8EC3776830B08736 2015-08-06

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove duplicated printing of the curve name in "sub" lines.
Werner Koch [Thu, 6 Aug 2015 16:12:31 +0000 (18:12 +0200)]
gpg: Remove duplicated printing of the curve name in "sub" lines.

* g10/keylist.c (list_keyblock_print): Do not print extra curve name.
--

This was cruft from the time before we changed to the new algo/size
string.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add commands "fpr *" and "grip" to --edit-key.
Werner Koch [Thu, 6 Aug 2015 16:00:12 +0000 (18:00 +0200)]
gpg: Add commands "fpr *" and "grip" to --edit-key.

* g10/keyedit.c (cmdGRIP): New.
(cmds): Add command "grip".
(keyedit_menu) <cmdFPR>: Print subkeys with argument "*".
(keyedit_menu) <cmdGRIP>: Print keygrip.
(show_key_and_fingerprint): Add arg "with_subkeys".
(show_key_and_grip): New.
* g10/keylist.c (print_fingerprint): Add mode 4.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Adjust UID line indentation for common key algos.
Werner Koch [Thu, 6 Aug 2015 15:09:27 +0000 (17:09 +0200)]
gpg: Adjust UID line indentation for common key algos.

* g10/keylist.c (list_keyblock_print): Change UID line indentation
* g10/mainproc.c (list_node): Ditto.
--

Due to the new keyalgo/size format the UID was not anymore printed
properly aligned to the creation date.  Although we can't do that in
any case, this change does it for common algos like "rsa2048",
"dsa2048", and "ed25519".

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoCurve25519 support.
NIIBE Yutaka [Thu, 6 Aug 2015 08:00:41 +0000 (17:00 +0900)]
Curve25519 support.

* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.

3 years agocommon: extend API of openpgp_oid_to_curve for canonical name.
NIIBE Yutaka [Thu, 6 Aug 2015 07:44:03 +0000 (16:44 +0900)]
common: extend API of openpgp_oid_to_curve for canonical name.

* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.

--

Change the function so that caller can select canonical name of curve
or name for printing.  Suggested by wk.

3 years agoscd: Fix ecc_oid.
NIIBE Yutaka [Tue, 4 Aug 2015 23:17:46 +0000 (08:17 +0900)]
scd: Fix ecc_oid.

* scd/app-openpgp.c (ecc_oid): Call with OIDBUF.

3 years agoscd: Fix ECC support.
NIIBE Yutaka [Tue, 4 Aug 2015 22:59:50 +0000 (07:59 +0900)]
scd: Fix ECC support.

* scd/app-openpgp.c (send_key_attr): Send KEYNO.
(get_public_key): Fix SEXP composing.
(ecc_writekey): Fix OID length calculation.
(ecc_oid): Prepend the length before query.
(parse_algorithm_attribute): Handle the case the curve is not available.

3 years agogpg: Fix duplicate key import due to legacy key in keyring.
Werner Koch [Tue, 4 Aug 2015 15:32:08 +0000 (17:32 +0200)]
gpg: Fix duplicate key import due to legacy key in keyring.

* g10/keydb.c (keydb_search_fpr): Skip legacy keys.
--

A test case for this problem can be found at
GnuPG-bug-id: 2031

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Properly handle legacy keys while looking for a secret key.
Werner Koch [Tue, 4 Aug 2015 10:28:17 +0000 (12:28 +0200)]
gpg: Properly handle legacy keys while looking for a secret key.

* g10/getkey.c (have_secret_key_with_kid): Skip legacy keys.
--

This fixes
GnuPG-bug-id: 2031

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Two typo fixes.
Hugo Roy [Mon, 3 Aug 2015 10:34:15 +0000 (12:34 +0200)]
doc: Two typo fixes.

--

3 years agogpg: Fix endless loop for expired keys given by fpr.
Werner Koch [Fri, 31 Jul 2015 10:02:08 +0000 (12:02 +0200)]
gpg: Fix endless loop for expired keys given by fpr.

* g10/getkey.c (lookup): Disable keydb caching when continuing a
search.
--

Caches are Fierce Creatures.

Reported-by: Patrick Brunschwig
3 years agogpg: Do not return "Legacy Key" from lookup if a key is expired.
Werner Koch [Wed, 29 Jul 2015 14:10:54 +0000 (16:10 +0200)]
gpg: Do not return "Legacy Key" from lookup if a key is expired.

* g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY.
--

If an expired key is directly followed by a legacy key in the keyring,
the lookup function incorrectly returned "legacy key" instead of
"unusable key".  We fix it by handling not found identical to a legacy
key if the last finish lookup failed.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Document that gpg --edit-key's toggle is a nop.
Werner Koch [Wed, 29 Jul 2015 13:46:40 +0000 (15:46 +0200)]
doc: Document that gpg --edit-key's toggle is a nop.

--

3 years agogpg: Indicate secret keys and cards in a key-edit listing.
Werner Koch [Tue, 28 Jul 2015 16:21:47 +0000 (18:21 +0200)]
gpg: Indicate secret keys and cards in a key-edit listing.

* g10/keyedit.c (sign_uids): Add arg "ctrl".
(show_key_with_all_names_colon): Ditto.
(show_key_with_all_names): Ditto.

* g10/keyedit.c (show_key_with_all_names): Print key record
indicators by checking with gpg-agent.
(show_key_with_all_names): Ditto.  May now also print sec/sbb.
--

This also fixes a problem in the --with-colons mode.  Before this
patch the --with-colons output of --edit-key always showed pub/sub
regardless of the old toogle state.  Now it also prints sec/sbb.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove the edit-key toggle command.
Werner Koch [Tue, 28 Jul 2015 15:43:29 +0000 (17:43 +0200)]
gpg: Remove the edit-key toggle command.

* g10/keyedit.c (cmds): Remove helptext from "toggle".
(keyedit_menu): Remove "toggle" var and remove the sub/pub check
against toggle.
--

Because it is now easily possible to have only secret keys for some of
the main/subkeys the current check on whether any secret is available
is not really useful.  A finer grained check should eventually be
implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon,w32: Avoid unused var warning about msgcache.
Werner Koch [Tue, 28 Jul 2015 15:38:44 +0000 (17:38 +0200)]
common,w32: Avoid unused var warning about msgcache.

* common/i18n.c (USE_MSGCACHE): New.
(msgcache) [!USE_MSGCACHE]: Do not define.
(i18n_localegettext): Repalce #if conditions by USE_MSGCACHE.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agow32: Try more places to find an installed Pinentry.
Werner Koch [Tue, 28 Jul 2015 10:52:26 +0000 (12:52 +0200)]
w32: Try more places to find an installed Pinentry.

* common/homedir.c (get_default_pinentry_name): Re-implement to
support several choices for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Fix size_t/unsigned int mismatch.
Werner Koch [Sun, 26 Jul 2015 10:55:53 +0000 (12:55 +0200)]
scd: Fix size_t/unsigned int mismatch.

* scd/app-openpgp.c (ecc_writekey): Use extra var n.

3 years agoReplace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
Werner Koch [Sun, 26 Jul 2015 10:50:16 +0000 (12:50 +0200)]
Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.

* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--

Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places.  For now we need repalcement
macros, though.

3 years agoscd: support any curves defined by libgcrypt.
NIIBE Yutaka [Sat, 25 Jul 2015 03:09:23 +0000 (12:09 +0900)]
scd: support any curves defined by libgcrypt.

* g10/call-agent.h (struct agent_card_info_s): Add curve field.
* g10/call-agent.c (learn_status_cb): Use curve name.
* g10/card-util.c (card_status): Show pubkey name.
* scd/app-openpgp.c (struct app_local_s): Record OID and flags.
(store_fpr): Use ALGO instead of key type.
(send_key_attr): Use curve name instead of OID.
(get_public_key): Clean up by OID to curve name.
(ecc_writekey): Support any curves in libgcrypt.
(do_genkey, do_auth, ): Follow the change.
(ecc_oid): New.
(parse_algorithm_attribute): Show OID here.

3 years agodoc: Document scissor line for commit logs
Werner Koch [Thu, 23 Jul 2015 13:01:40 +0000 (15:01 +0200)]
doc: Document scissor line for commit logs

--

3 years agobuild: ignore scissor line for the commit-msg hook
Peter Wu [Thu, 9 Jul 2015 15:11:33 +0000 (17:11 +0200)]
build: ignore scissor line for the commit-msg hook

* build-aux/git-hooks/commit-msg: Stop processing more lines when the
  scissor line is encountered.
--
This allows the command `git commit -v` to work even if the code is
longer than 72 characters. Note that comments are already ignored by the
previous line.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
3 years agoscd: Format change to specify "rsa2048" for KEY-ATTR.
NIIBE Yutaka [Thu, 23 Jul 2015 05:10:03 +0000 (14:10 +0900)]
scd: Format change to specify "rsa2048" for KEY-ATTR.

* g10/card-util.c (do_change_keysize): Put "rsa".
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Change the command format.
(rsa_writekey): Check key type.
(do_writekey): Remove "ecdh" and "ecdsa" support which was available
in experimental libgcrypt before 1.6.0.

3 years agodoc: Add a comment to --set-filename.
Werner Koch [Wed, 22 Jul 2015 14:41:22 +0000 (16:41 +0200)]
doc: Add a comment to --set-filename.

--

3 years agodoc: Improve documentation about VALIDSIG
Daniel Kahn Gillmor [Tue, 7 Jul 2015 16:00:16 +0000 (12:00 -0400)]
doc: Improve documentation about VALIDSIG

--

The claim that VALIDSIG is the same as GOODSIG is simply wrong.
Attempt to clarify it.  Also, the paragraph about primary-key-fpr and
sig-version was weirdly re-ordered during the org-mode conversion in
65eb98966a569a91c97d0c23ba5582a9a7558de0; repair it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agodoc: Clarify constraints on who modifies files in ~/.gnupg
Daniel Kahn Gillmor [Tue, 7 Jul 2015 13:16:41 +0000 (09:16 -0400)]
doc: Clarify constraints on who modifies files in ~/.gnupg

--

3 years agoAvoid a leading double slash in make_filename.
Werner Koch [Wed, 22 Jul 2015 09:05:32 +0000 (11:05 +0200)]
Avoid a leading double slash in make_filename.

* common/stringhelp.c (do_make_filename): Special case leading '/'.

3 years agoscd: change_keyattr_from_string for ECC.
NIIBE Yutaka [Tue, 21 Jul 2015 05:27:02 +0000 (14:27 +0900)]
scd: change_keyattr_from_string for ECC.

* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Support ECC.
(rsa_writekey): Don't change key attribute.

3 years agoscd: Use openpgpdefs.h for constants.
NIIBE Yutaka [Fri, 17 Jul 2015 00:34:47 +0000 (09:34 +0900)]
scd: Use openpgpdefs.h for constants.

* scd/app-openpgp.c: Include openpgpdefs.h.

3 years agoDon't segfault if the first 'auto-key-locate' option is 'clear'.
Neal H. Walfield [Thu, 16 Jul 2015 07:57:27 +0000 (09:57 +0200)]
Don't segfault if the first 'auto-key-locate' option is 'clear'.

* g10/getkey.c (free_akl): If AKL is NULL, just return.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Reported-by: Sami Farin.
GnuPG-bug-id: 2045

3 years agoagent: Support non-NLS build.
NIIBE Yutaka [Fri, 10 Jul 2015 00:21:32 +0000 (09:21 +0900)]
agent: Support non-NLS build.

* agent/agent.h: Use ENABLE_NLS and define L_() macro.

--

GnuPG-bug-id: 2032

This is a fix for e76d4c05b24211f3981ab69cddb3fccc17d21e0e.

3 years agoscd: Remove unused files.
NIIBE Yutaka [Thu, 9 Jul 2015 03:44:11 +0000 (12:44 +0900)]
scd: Remove unused files.

* scd/Makefile.am (sc_copykeys_*): Remove.
* scd/sc-copykeys.c: Remove.
* scd/pcsc-wrapper.c: Remove.
* scd/{card-common.h,card-dinsig.c,card-p15.c,card.c}: Remove.

--

sc-copykeys doesn't work any more because it's based on old API.
pcsc-wrapper has gone because of nPth which is compatible to pthreads.
The card* files are old files, now we have app*.

3 years agog10: Use canonical name for curve.
NIIBE Yutaka [Wed, 8 Jul 2015 06:05:06 +0000 (15:05 +0900)]
g10: Use canonical name for curve.

* g10/import.c (transfer_secret_keys): Use canonical name.
* common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error.
* g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/parse-packet.c (parse_key): Ditto.

3 years agodrop long-deprecated gpgsm-gencert.sh
Daniel Kahn Gillmor [Thu, 2 Jul 2015 19:10:49 +0000 (15:10 -0400)]
drop long-deprecated gpgsm-gencert.sh

 * tools/gpgsm-gencert.sh: remove deprecated script entirely.  It is
   fully replaced by gpgsm --gen-key
 * doc/tools.texi: remove gpgsm-gencert.sh documentation
 * .gitignore: no longer ignore gpgsm-gencert.sh manpage
 * doc/Makefile.am: quit making the manpage
 * tools/Makefile.am: quit distributing the script
 * doc/howto-create-a-server-cert.texi: overhaul documentation to use
   gpgsm --gen-key and tweak explanations

--

The commit deprecating gpgsm-gencert.sh
(81972ca7d53ff1996e0086702a09d4405bdc2a7e) dates back exactly 6 years.

 https://codesearch.debian.net/results/gpgsm-gencert.sh

suggests that in all of debian it is only referenced in documentation
(for poldi and scute) and example files (libept), and isn't actually
used directly anywhere.

Furthermore, trying to use gpgsm-gencert.sh to make a simple webserver
certificate-signing request failed for me, following the examples in
doc/howto-create-a-server-cert.texi exactly.

It's time we ripped off this band-aid :)

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agopo: Update Japanese translation.
NIIBE Yutaka [Thu, 2 Jul 2015 03:22:37 +0000 (12:22 +0900)]
po: Update Japanese translation.

3 years agoscd: Support AES decryption for OpenPGPcard v3.0.
NIIBE Yutaka [Thu, 2 Jul 2015 03:14:40 +0000 (12:14 +0900)]
scd: Support AES decryption for OpenPGPcard v3.0.

* scd/app-openpgp.c (do_decipher): Support AES decryption.

3 years agoPost release updates
Werner Koch [Wed, 1 Jul 2015 13:07:47 +0000 (15:07 +0200)]
Post release updates

--

3 years agoRelease 2.1.6 gnupg-2.1.6
Werner Koch [Wed, 1 Jul 2015 12:16:40 +0000 (14:16 +0200)]
Release 2.1.6

3 years agoagent: Unset INSIDE_EMACS on gpg-agent startup
Daiki Ueno [Wed, 1 Jul 2015 01:39:40 +0000 (10:39 +0900)]
agent: Unset INSIDE_EMACS on gpg-agent startup

* agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar.

--

The variable is set only temporarily when gpg is called from Emacs,
keeping it during the session makes no sense.

Signed-off-by: Daiki Ueno <ueno@gnu.org>
3 years agopo: Auto-update
Werner Koch [Wed, 1 Jul 2015 11:22:26 +0000 (13:22 +0200)]
po: Auto-update

--

3 years agopo: Update Russian translation
Ineiev [Wed, 1 Jul 2015 11:17:48 +0000 (13:17 +0200)]
po: Update Russian translation

--

3 years agopo: Update German translation
Werner Koch [Wed, 1 Jul 2015 11:12:02 +0000 (13:12 +0200)]
po: Update German translation

--

3 years agocommon: Implement i18n_localegettext.
Werner Koch [Wed, 1 Jul 2015 09:49:37 +0000 (11:49 +0200)]
common: Implement i18n_localegettext.

* common/i18n.c (msg_cache_s, msg_cache_head_s): New.
(msgcache): New.
(i18n_localegettext): Implement locale dependent lookup.
--

This is the second and final part of the change to use the gpg
provided locale for Pinentry strings.  It does not yet work on
Windows, though.

This commit should resolve
Debian-bug-id: 788983

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoPass DBUS_SESSION_BUS_ADDRESS for gnome3
Daniel Kahn Gillmor [Tue, 30 Jun 2015 16:41:29 +0000 (12:41 -0400)]
Pass DBUS_SESSION_BUS_ADDRESS for gnome3

* common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.
--

pinentry-gnome3 talks to the gcr prompter via dbus.  Without this
environment variable, it can't find the correct session to talk to.

3 years agoFlag the L_() function with attribute format_arg.
Werner Koch [Tue, 30 Jun 2015 20:28:41 +0000 (22:28 +0200)]
Flag the L_() function with attribute format_arg.

* agent/agent.h (LunderscorePROTO): New.
* common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
* common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
i18n_localegettext.  Expand LunderscorePROTO.
* agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
again to keep the old translations.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Use different translation func for Pinentry strings.
Werner Koch [Tue, 30 Jun 2015 19:58:02 +0000 (21:58 +0200)]
agent: Use different translation func for Pinentry strings.

* po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
* common/i18n.c (i18n_localegettext): New stub.
* common/i18n.h: Expand the LunderscoreIMPL macro.
* agent/agent.h (L_): New.
(LunderscoreIMPL): New.
* agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
caller.
* agent/findkey.c (try_unprotect_cb): Add local var ctrl.
* agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
by xtrystrdup to avoid gcc warning.  Unfortinately this changes the
string.
(agent_ask_new_passphrase): Cleanup the use of initial_errtext.
--

Static strings in gpg-agent need to be translated according to the
locale set by the caller.  This is required so that a gpg-agent can be
started in one locale and a gpg can be run in another.  If we don't do
this the static strings (prompt, buttons) are not or in the wrong
locale translated while dynamic strings (e.g. key description) uses
the locale of gpg.

This is only the first part of the change the actual local switching
still needs to be implemented.

Debian-bug-id: 788983
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoRemove obsolete file g10/comment.c.
Werner Koch [Tue, 30 Jun 2015 09:56:01 +0000 (11:56 +0200)]
Remove obsolete file g10/comment.c.

--

3 years agodoc: Updated HACKING.
Werner Koch [Tue, 30 Jun 2015 09:55:17 +0000 (11:55 +0200)]
doc: Updated HACKING.

--

Added used commit keywords.
Add some comments to the list of files.

3 years agogpg: Make show-sig-subpackets work again.
Werner Koch [Tue, 30 Jun 2015 09:01:16 +0000 (11:01 +0200)]
gpg: Make show-sig-subpackets work again.

* g10/gpg.c (parse_list_options): Fix offset for subpackets.
--

Regression-due-to: 7d0492075ea638607309b3ea6a792b0e95ea7d98
GnuPG-bug-id: 2008
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Improve a comment.
Werner Koch [Tue, 30 Jun 2015 08:34:56 +0000 (10:34 +0200)]
agent: Improve a comment.

--

3 years agoagent: Prepare for Libassuan with Cygwin support.
Werner Koch [Mon, 29 Jun 2015 19:26:09 +0000 (21:26 +0200)]
agent: Prepare for Libassuan with Cygwin support.

* agent/gpg-agent.c (create_server_socket): Add arg "cygwin".  Call
assuan_sock_set_flag if Assuan version is recent enough.
(main): Create ssh server socket with Cygwin flag set.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoShow passphrase constraints errors as password prompt errors
Neal H. Walfield [Thu, 18 Jun 2015 03:10:47 +0000 (00:10 -0300)]
Show passphrase constraints errors as password prompt errors

* agent/agent.h (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent.  Update callers.
* agent/genkey.c (check_passphrase_constraints): Add parameter
failed_constraint and remove parameter silent.  If FAILED_CONSTRAINT
is not NULL and OPT.ENFORCE_PASSPHRASE_CONSTRAINTS is FALSE, save the
error text in *FAILED_CONSTRAINT and don't call take_this_one_anyway
or take_this_one_anyway2.  If FAILED_CONSTRAINT is NULL, act as if
SILENT was set.
(agent_ask_new_passphrase): Change initial_errtext's type from a const
char * to a char *.  Pass it to check_passphrase_constraints.  If it
contains malloc's memory, free it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Based on a patch provided by Watson Yuuma Sato <yuuma.sato@gmail.com>
in issue 2018.

3 years agoImprove documentation for default-cache-ttl and default-cache-ttl-ssh.
Neal H. Walfield [Tue, 16 Jun 2015 14:16:57 +0000 (16:16 +0200)]
Improve documentation for default-cache-ttl and default-cache-ttl-ssh.

* doc/gpg-agent.texi (Agent Options): Improve documentation for
default-cache-ttl and default-cache-ttl-ssh.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agoDon't raise max-cache-ttl to default-cache-ttl.
Neal H. Walfield [Tue, 16 Jun 2015 14:13:51 +0000 (16:13 +0200)]
Don't raise max-cache-ttl to default-cache-ttl.

* agent/gpg-agent.c (finalize_rereadable_options): Don't raise
max-cache-ttl to default-cache-ttl.  Likewise for max-cache-ttl-ssh
and default-cache-ttl-ssh.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
This closes issue #2009.

3 years agoImprove the description of old packets with an indeterminate length.
Neal H. Walfield [Mon, 29 Jun 2015 13:50:48 +0000 (15:50 +0200)]
Improve the description of old packets with an indeterminate length.

* g10/parse-packet.c (parse): Make the description more accurate when
listing packets: old format packets don't support partial lengths,
only indeterminate lengths (RFC 4880, Section 4.2).

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
3 years agoagent: Add --verify to the PASSWD command.
Werner Koch [Mon, 29 Jun 2015 10:50:16 +0000 (12:50 +0200)]
agent: Add --verify to the PASSWD command.

* agent/command.c (cmd_passwd): Add option --verify.
--

GnuPG-bug-id: 1951
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent,w32: Do not create a useless socket with --enable-putty-support.
Werner Koch [Mon, 29 Jun 2015 10:24:58 +0000 (12:24 +0200)]
agent,w32: Do not create a useless socket with --enable-putty-support.

* agent/agent.h (opt): Remove field ssh_support.
* agent/gpg-agent.c (ssh_support): New.  Replace all opt.ssh_support
by this.
(main): Do not set ssh_support along with setting putty_support.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgsm: Add command option "offline".
Werner Koch [Mon, 29 Jun 2015 09:03:58 +0000 (11:03 +0200)]
gpgsm: Add command option "offline".

* sm/server.c (option_handler): Add "offline".
(cmd_getinfo): Ditto.
* sm/certchain.c (is_cert_still_valid):
(do_validate_chain):
* sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
of --disable-dirmngr.
* sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
ctrl->offline.
--

Adding this option makes it easier to implement the corresponding
feature in gpgme.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Support button flag and AES key data for OpenPGPcard v3.0.
NIIBE Yutaka [Fri, 26 Jun 2015 06:14:27 +0000 (15:14 +0900)]
scd: Support button flag and AES key data for OpenPGPcard v3.0.

* scd/app-openpgp.c (do_getattr, show_caps, app_select_openpgp):
Support button and symmetric decryption.
(do_setattr): Support setting AESKEY.

3 years agosm: Fix cert storage for ephemeral certs
Andre Heinecke [Wed, 24 Jun 2015 16:55:24 +0000 (18:55 +0200)]
sm: Fix cert storage for ephemeral certs

* sm/keydb.c (keydb_store_cert): Clear ephemeral flag for
existing certs if store should not be ephemeral.

--

Previously keydb_store_cert would ignore ephemeral certificates
when asked to store a non ephemeral certificate and insert
it again without the flags. This resulted in duplicated
certificates in the keybox.

GnuPG-bug-id: 1921
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
3 years agoAllow use of debug flag names for all tools.
Werner Koch [Tue, 23 Jun 2015 07:12:44 +0000 (09:12 +0200)]
Allow use of debug flag names for all tools.

* g13/g13.c: Make use of debug_parse_flag.
* scd/scdaemon.c: Ditto.
* sm/gpgsm.c: Ditto
* agent/gpg-agent.c: Ditto.  But do not terminate on "help"
* dirmngr/dirmngr.c: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Improve fucntion parse_debug_flag.
Werner Koch [Tue, 23 Jun 2015 07:10:56 +0000 (09:10 +0200)]
common: Improve fucntion parse_debug_flag.

* common/miscellaneous.c (parse_debug_flag): Add hack not to call
exit.  Add "none" and "all" flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: pinpad workaround for PC/SC implementations.
NIIBE Yutaka [Tue, 23 Jun 2015 01:10:15 +0000 (10:10 +0900)]
scd: pinpad workaround for PC/SC implementations.

* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
for TPDU card reader.

--

GnuPG-bug-id: 2003, 2004

This is needed for PC/SC on Debian Jessie.  Note that it's not only
for Cherry ST-2000, but also, for any TPDU card readers.

3 years agogpg: Allow debug flag names for --debug.
Werner Koch [Mon, 22 Jun 2015 19:01:10 +0000 (21:01 +0200)]
gpg: Allow debug flag names for --debug.

* g10/gpg.c (opts): Change arg for oDebug to a string.
(debug_flags): New; factored out from set_debug.
(set_debug): Remove "--debug-level help".  Use parse_debug_flag to
print the used flags.
(main): Use parse_debug_flag for oDebug.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add function parse_debug_flag
Werner Koch [Mon, 22 Jun 2015 18:54:23 +0000 (20:54 +0200)]
common: Add function parse_debug_flag

* common/miscellaneous.c (parse_debug_flag): New.
* common/util.h (struct debug_flags_s): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Add function strtokenize.
Werner Koch [Mon, 22 Jun 2015 17:28:33 +0000 (19:28 +0200)]
common: Add function strtokenize.

* common/stringhelp.c: Include assert.h.
(strtokenize): New.
* common/t-stringhelp.c (test_strtokenize): New.

Signed-off-by: Werner Koch <wk@gnupg.org>