gnupg.git
2 years agobuild: Fix build against libiconv.
Justus Winter [Fri, 30 Sep 2016 10:34:31 +0000 (12:34 +0200)]
build: Fix build against libiconv.

* agent/Makefile.am: Add INCICONV and LIBICONV.
* common/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent: Enable restricted, browser, and ssh socket by default.
Justus Winter [Thu, 15 Sep 2016 12:47:00 +0000 (14:47 +0200)]
agent: Enable restricted, browser, and ssh socket by default.

* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
'browser-socket', enable ssh socket by default, but do not emit the
'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
* doc/gpg-agent.texi: Update documentation.
--

This change enables the restricted, browser, and ssh socket by
default.  Note that in all cases, the user has to do some additional
configuration to her setup to make use of these features.  Therefore,
this should not break any existing setups, but makes it simpler to
discover and use these features.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agow32: Fix STARTTLS on LDAP connections.
Justus Winter [Fri, 30 Sep 2016 08:57:32 +0000 (10:57 +0200)]
w32: Fix STARTTLS on LDAP connections.

* dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
<winldap.h>.

GnuPG-bug-id: 1338
Debian-bug-id: 623526
Fixes-commit: 9e6f8a55
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agowks: Partly implement draft-koch-openpgp-webkey-service-02.
Werner Koch [Thu, 29 Sep 2016 15:55:32 +0000 (17:55 +0200)]
wks: Partly implement draft-koch-openpgp-webkey-service-02.

* tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New.
* tools/wks-receive.c: Include rfc822parse.h.
(struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and
MULTIPART_MIXED_SEEN.
(decrypt_data): Add --no-options.
(verify_signature): Ditto.
(new_part): Check for Wks-Draft-Version header.  Take care of text
parts.
(wks_receive): Set Parser and pass a flag value to RESULT_CB.
* tools/gpg-wks-client.c (read_confirmation_request): New.
(main) <aRead>: Call read_confirmation_request instead of
process_confirmation_request.
(command_receive_cb): Ditto.  Add arg FLAGS..
(decrypt_stream_status_cb, decrypt_stream): New.
(command_send): Set header Wks-Draft-Version.
* tools/gpg-wks-server.c (struct server_ctx_s): Add field
DRAFT_VERSION_2.
(sign_stream_status_cb, sign_stream): New.
(command_receive_cb): Set draft flag.
(send_confirmation_request): Rework to implement protocol draft
version 2.

* tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New.
(DBG_MIME, DBG_PARSER, DBG_CRYPTO): New.  Use instead of a plain
opt.debug where useful.
* tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser".
* tools/gpg-wks-server.c (debug_flags): Ditto.
--

If a client supporting the version 2 of the protocol is used, it will
tell this the server using a mail header.  An old server will ignore
that but a recent server will use the new protocol.  Next task is to
actually write draft-02.

There are still a lot of FIXMEs - take care.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Convey signeddata also to the part_data callback in mime-parser.
Werner Koch [Thu, 29 Sep 2016 15:59:09 +0000 (17:59 +0200)]
tools: Convey signeddata also to the part_data callback in mime-parser.

* tools/mime-parser.c (mime_parser_parse): Factor some code out to ...
(process_part_data): new.
((mime_parser_parse): Also call process_part_data for signed data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Allow retrieval of signed data from mime-maker.
Werner Koch [Thu, 29 Sep 2016 15:38:06 +0000 (17:38 +0200)]
tools: Allow retrieval of signed data from mime-maker.

* tools/mime-maker.c (find_part): New.
(mime_maker_get_part): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Change mime-maker to write out CR,LF.
Werner Koch [Thu, 29 Sep 2016 10:29:27 +0000 (12:29 +0200)]
tools: Change mime-maker to write out CR,LF.

* tools/mime-maker.c (struct part_s): Add field PARTID.
(struct mime_maker_context_s): Add field PARTID_COUNTER.
(dump_parts): Print part ids.
(mime_maker_add_header): Assign PARTID.
(mime_maker_add_container): Ditto.
(mime_maker_get_partid): New.
(write_ct_with_boundary): Remove.
(add_header): Strip trailing white spaces.
(write_header): Remove trailing spaces trimming.  Add arg BOUNDARY.
Handle emdedded LFs.
(write_gap, write_boundary, write_body): New.
(write_tree): Use new functions.
--

These changes prepare for forthcoming enhancements.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Simplify the mime-maker container creation.
Werner Koch [Thu, 29 Sep 2016 08:20:38 +0000 (10:20 +0200)]
tools: Simplify the mime-maker container creation.

* tools/mime-maker.c (struct part_s): Remove field MEDIATYPE.
(release_parts): Ditto.
(dump_parts): Print a body line only if tehre is a body.
(mime_maker_add_header): Check for body or container.
(mime_maker_add_container): Remove arg MEDIATYPE.  Change all callers.
(mime_maker_end_container): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Give mime parser callbacks access to the rfc822 parser.
Werner Koch [Thu, 29 Sep 2016 06:11:32 +0000 (08:11 +0200)]
tools: Give mime parser callbacks access to the rfc822 parser.

* tools/mime-parser.c (mime_parser_context_s): Add field MSG.
(parse_message_cb): Set it.
(mime_parser_rfc822parser): New.
* tools/mime-parser.h: Declare rfc822parse_t for the new prototype.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Fix STARTTLS on LDAP connections.
Justus Winter [Thu, 29 Sep 2016 12:17:24 +0000 (14:17 +0200)]
dirmngr: Fix STARTTLS on LDAP connections.

* dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo.
--
Courtesy of pkgsrc contributor fhajny.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpg: Improve WKD by importing only the requested UID.
Werner Koch [Wed, 28 Sep 2016 13:35:31 +0000 (15:35 +0200)]
gpg: Improve WKD by importing only the requested UID.

* g10/keyserver.c: Include mbox-util.h.
(keyserver_import_wkd): Do not use the global import options but
employ an import filter.
--

We also make sure that an mbox has been passed to keyserver_import_wkd
so it may also be called with a complete user id (which is currently
not the case).

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Reject import if an import filter removed all user ids.
Werner Koch [Wed, 28 Sep 2016 13:32:04 +0000 (15:32 +0200)]
gpg: Reject import if an import filter removed all user ids.

* g10/import.c (any_uid_left): New.
(import_one): Check that a UID is left.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Make import filter data object more flexible.
Werner Koch [Wed, 28 Sep 2016 11:39:09 +0000 (13:39 +0200)]
gpg: Make import filter data object more flexible.

* g10/main.h (import_filter_t): New.
* g10/import.c (struct import_filter_s): Declare struct.
(import_keep_uid, import_drop_sig): Replace by ...
(import_filter): new.  Adjust all users.
(cleanup_import_globals): Move code to ...
(release_import_filter): new.
(save_and_clear_import_filter): New.
(restore_import_filter): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Make sure that internal key import is done with a binary stream.
Werner Koch [Wed, 28 Sep 2016 11:36:28 +0000 (13:36 +0200)]
gpg: Make sure that internal key import is done with a binary stream.

* g10/import.c (import_keys_internal): Open stream in binary mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agobuild: Do not link gpg-connect-agent against npth.
Justus Winter [Tue, 27 Sep 2016 15:45:52 +0000 (17:45 +0200)]
build: Do not link gpg-connect-agent against npth.

* tools/Makefile.am: Do not link gpg-connect-agent against npth.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agobuild: Fix check for resolver library on macOS.
Justus Winter [Tue, 27 Sep 2016 15:18:15 +0000 (17:18 +0200)]
build: Fix check for resolver library on macOS.

* configure.ac: Check for the mangled name of 'dn_skipname' first.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Correctly handle modules relying on npth.
Justus Winter [Tue, 27 Sep 2016 13:54:56 +0000 (15:54 +0200)]
common: Correctly handle modules relying on npth.

* common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
(with_npth_sources): New variable.
(libcommonpth_a_SOURCES): Use the new variable.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent, sm: Set CTX after start_agent.
NIIBE Yutaka [Tue, 27 Sep 2016 05:45:21 +0000 (14:45 +0900)]
agent, sm: Set CTX after start_agent.

* g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
* sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
(gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
(gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
(gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
(gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
(gpgsm_agent_export_key): Likewise.

--

Reported-by: Rainer Perske
GnuPG-bug-id: 2699
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: Removal of no-libgcrypt.o.
NIIBE Yutaka [Tue, 27 Sep 2016 05:21:08 +0000 (14:21 +0900)]
dirmngr: Removal of no-libgcrypt.o.

* dirmngr/Makefile.am (dirmngr_ldap_LDADD): Remove no-libgcrypt.o.

--

Thanks to Rainer Perske who located the issue.

GnuPG-bug-id: 2698
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This is a fix for the commit: 49829c29e541546084950b8a153067db371d101a

2 years agoagent: Allow only specific digest size for ECDSA.
NIIBE Yutaka [Tue, 27 Sep 2016 05:01:18 +0000 (14:01 +0900)]
agent: Allow only specific digest size for ECDSA.

* agent/pksign.c (do_encode_dsa): Fix validation of digest size.

--

Thanks to Steven Noonan <steven@uplinklabs.net> who offers patches
and a test case.

GnuPG-bug-id: 2702
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: When adding a user id, make sure the keyblock has been prepared.
Neal H. Walfield [Thu, 22 Sep 2016 19:32:31 +0000 (21:32 +0200)]
g10: When adding a user id, make sure the keyblock has been prepared.

* g10/keyedit.c (keyedit_quick_adduid): Call merge_keys_and_selfsig on
KEYBLOCK before adding the user id.
* tests/openpgp/quick-key-manipulation.scm: Make sure that the key
capabilities don't change when adding a user id.
(key-data): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 2697

2 years agotests: Add documentation, make interactive debugging possible.
Justus Winter [Tue, 20 Sep 2016 13:29:57 +0000 (15:29 +0200)]
tests: Add documentation, make interactive debugging possible.

* tests/openpgp/README: Add documentation about debugging and
interfacing with GnuPG.
* tests/openpgp/run-tests.scm (test::run-sync): Hand stdin to the
child so that we can use a repl in the tests.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Drop the old shell-based tests.
Justus Winter [Tue, 20 Sep 2016 09:34:42 +0000 (11:34 +0200)]
tests: Drop the old shell-based tests.

--
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Port the quick key manipulation test to Scheme.
Justus Winter [Tue, 20 Sep 2016 12:33:16 +0000 (14:33 +0200)]
tests: Port the quick key manipulation test to Scheme.

* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/quick-key-manipulation.scm: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Remove list of tests from the test runner.
Justus Winter [Tue, 20 Sep 2016 09:17:10 +0000 (11:17 +0200)]
tests: Remove list of tests from the test runner.

* tests/openpgp/run-tests.scm: Drop hardcoded list.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Reduce runtime of excessive test.
Justus Winter [Tue, 20 Sep 2016 08:44:57 +0000 (10:44 +0200)]
tests: Reduce runtime of excessive test.

* tests/openpgp/conventional-mdc.scm: Use only two plaintexts when
iterating over all cipher algorithms.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodirmngr: Fix type.
Justus Winter [Tue, 20 Sep 2016 08:19:44 +0000 (10:19 +0200)]
dirmngr: Fix type.

* dirmngr/dns-stuff.c (get_dns_cert): Fix type in fallback code.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodirmngr: Open file CRL's in binary mode
Andre Heinecke [Thu, 25 Aug 2016 16:15:52 +0000 (18:15 +0200)]
dirmngr: Open file CRL's in binary mode

* dirmngr/crlcache.c (crl_cache_load): Open file in binary mode.

--
This fixes conversion bugs with binary CRL's on Windows.

GnuPG-bug-id: issue2448
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2 years agodoc: Fix a xref usage.
NIIBE Yutaka [Tue, 20 Sep 2016 07:17:09 +0000 (16:17 +0900)]
doc: Fix a xref usage.

2 years agodoc: Do not end section names with "."
Ineiev [Fri, 4 Mar 2016 14:45:19 +0000 (14:45 +0000)]
doc: Do not end section names with "."

2 years agodoc: Add a few extra coding standard notes.
Werner Koch [Tue, 20 Sep 2016 06:55:04 +0000 (08:55 +0200)]
doc: Add a few extra coding standard notes.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Fix fix "Not(e) that you can(not) abbreviate".
Werner Koch [Tue, 20 Sep 2016 06:32:25 +0000 (08:32 +0200)]
doc: Fix fix "Not(e) that you can(not) abbreviate".

--

The commands --help, --version, --dump-options are special in that
they can't be abbreciated on the command line.  This is to avoid
problems with regular options with the same prefix.

Fixes-commit: 0a27d8a57c4c990fcada4278a1ce2e6fc9043e9
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: minor fix for @xref.
NIIBE Yutaka [Tue, 20 Sep 2016 06:41:36 +0000 (15:41 +0900)]
doc: minor fix for @xref.

* doc/yat2m.c (proc_texi_cmd): Captalize "see" for xref.

2 years agodoc: Implement simple '@ref'erences.
Justus Winter [Mon, 19 Sep 2016 13:25:01 +0000 (15:25 +0200)]
doc: Implement simple '@ref'erences.

* doc/yat2m.c (proc_texi_cmd): Handle '@ref'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodoc: Fix full stops.
Ineiev [Fri, 4 Mar 2016 16:13:14 +0000 (16:13 +0000)]
doc: Fix full stops.

* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/instguide.texi, doc/scdaemon.texi, doc/specify-user-id.texi,
doc/tools.texi: Fix.

2 years agodoc: Fix spacings.
Ineiev [Fri, 4 Mar 2016 15:20:47 +0000 (15:20 +0000)]
doc: Fix spacings.

* doc/debugging.texi, doc/dirmngr.texi, doc/gpg-agent.texi,
doc/gpg.texi, doc/tools.texi: Fix.

2 years agodoc: Improve markup.
Ineiev [Fri, 4 Mar 2016 16:38:09 +0000 (16:38 +0000)]
doc: Improve markup.

* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/howto-create-a-server-cert.texi, doc/scdaemon.texi,
doc/specify-user-id.texi, doc/tools.texi: Fix.

2 years agodoc: Replace rfc0123 with RFC-0123.
Ineiev [Fri, 4 Mar 2016 16:34:23 +0000 (16:34 +0000)]
doc: Replace rfc0123 with RFC-0123.

* doc/gpg.texi, doc/gpgsm.texi, doc/specify-user-id.texi: Fix.

2 years agodoc: Add missing description of datafile.
Ineiev [Fri, 4 Mar 2016 16:30:30 +0000 (16:30 +0000)]
doc: Add missing description of datafile.

* doc/gpg.texi: Fix.

2 years agodoc: Replace UTF8 with UTF-8.
Ineiev [Fri, 4 Mar 2016 16:29:37 +0000 (16:29 +0000)]
doc: Replace UTF8 with UTF-8.

* doc/gpg.texi: Fix.

2 years agodoc: Fix mistakes.
Ineiev [Fri, 4 Mar 2016 16:27:21 +0000 (16:27 +0000)]
doc: Fix mistakes.

* doc/dirmngr.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/howto-create-a-server-cert.texi,
doc/scdaemon.texi, doc/tools.texi: Fix.

2 years agodoc: Eliminate inconsistent UK English.
Ineiev [Fri, 4 Mar 2016 16:00:51 +0000 (16:00 +0000)]
doc: Eliminate inconsistent UK English.

* doc/dirmngr.texi, doc/gpg-agent.texi, doc/scdaemon.texi,
doc/tools.texi: Fix.

2 years agodoc: Use the right reference commands.
Ineiev [Fri, 4 Mar 2016 15:51:22 +0000 (15:51 +0000)]
doc: Use the right reference commands.

* doc/debugging.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/tools.texi: Fix.

2 years agodoc: Fix "Not(e) that you can(not) abbreviate".
Ineiev [Fri, 4 Mar 2016 15:46:08 +0000 (15:46 +0000)]
doc: Fix "Not(e) that you can(not) abbreviate".

* doc/dirmngr.texi, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi: Fix.

2 years agodoc: Fix typos.
Ineiev [Fri, 4 Mar 2016 15:20:47 +0000 (15:20 +0000)]
doc: Fix typos.

* doc/debugging.texi, doc/dirmngr.texi, doc/glossary.texi
* doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi
* doc/instguide.texi, doc/opt-homedir.texi, doc/scdaemon.texi
* doc/specify-user-id.texi, doc/tools.texi: Fix.

2 years agodoc: Fix Martin Hellman's name.
Ineiev [Fri, 4 Mar 2016 14:33:39 +0000 (14:33 +0000)]
doc: Fix Martin Hellman's name.

* doc/contrib.texi: Fix.

2 years agotests: Refine the repl function.
Justus Winter [Mon, 19 Sep 2016 16:45:44 +0000 (18:45 +0200)]
tests: Refine the repl function.

* tests/gpgscm/repl.scm (repl): Add an argument 'environment'.
(interactive-repl): Add an optional argument 'environment'.
--

With this change, we can drop

  (interactive-repl (current-environment))

anywhere into the code and do some interactive debugging.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Implement interpreter shutdown using exceptions.
Justus Winter [Mon, 19 Sep 2016 16:42:36 +0000 (18:42 +0200)]
tests: Implement interpreter shutdown using exceptions.

* tests/gpgscm/ffi.c (ffi_init): Rename 'exit' to '_exit'.
* tests/gpgscm/ffi.scm (*interpreter-exit*): New variable.
(throw): New function.
(exit): New function.
--
This allows a proper cleanup of resources.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Correctly handle exceptions in resource handling macros.
Justus Winter [Mon, 19 Sep 2016 15:24:03 +0000 (17:24 +0200)]
tests: Correctly handle exceptions in resource handling macros.

* tests/gpgscm/tests.scm (letfd): Correctly release resources when an
exception is thrown.
(with-working-directory): Likewise.
(with-temporary-working-directory): Likewise.
(lettmp): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Refine exception handling.
Justus Winter [Mon, 19 Sep 2016 15:19:00 +0000 (17:19 +0200)]
tests: Refine exception handling.

* tests/gpgscm/init.scm (catch): Bind all arguments to '*error*' in
the error handler, update and fix comment.
(*error-hook*): Revert to original definition.
* tests/gpgscm/tests.scm (tr:do): Adapt accordingly.
* tests/openpgp/issue2419.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Use descriptive temporary file names.
Justus Winter [Mon, 19 Sep 2016 13:59:19 +0000 (15:59 +0200)]
tests: Use descriptive temporary file names.

* tests/gpgscm/ffi.c (do_get_isotime): New function.
(ffi_init): Add parameter 'scriptname', bind new function and
scriptname.
* tests/gpgscm/ffi.h (ffi_init): Update prototype.
* tests/gpgscm/main.c (main): Hand in the script name.
* tests/gpgscm/tests.scm (mkdtemp): Use current time and script name
for the names of temporary directories.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpg: Fix regression in fingerprint printing.
Werner Koch [Mon, 19 Sep 2016 15:47:56 +0000 (17:47 +0200)]
gpg: Fix regression in fingerprint printing.

* g10/keylist.c (list_keyblock_print): Do not depend calling
print_fingerprint on opt.keyid_format.
--

Regression-due-to: d757009a24eb856770fc3a3729e2f21f54d2a618
Debian-bug-id: 838153
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Silence diagnostics about starting housekeeping.
Werner Koch [Mon, 19 Sep 2016 09:47:29 +0000 (11:47 +0200)]
dirmngr: Silence diagnostics about starting housekeeping.

* dirmngr/dirmngr.c (housekeeping_thread): Print info only in very
verbose mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Fix memory leak.
Justus Winter [Mon, 19 Sep 2016 10:32:50 +0000 (12:32 +0200)]
g10: Fix memory leak.

* g10/tofu.c (build_conflict_set): Free 'kb_all'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agobuild: Distribute fake pinentries.
Werner Koch [Mon, 19 Sep 2016 08:01:31 +0000 (10:01 +0200)]
build: Distribute fake pinentries.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Update license information.
Werner Koch [Mon, 19 Sep 2016 08:03:07 +0000 (10:03 +0200)]
doc: Update license information.

* tests/fake-pinentries/COPYING: Rename to  ...
* COPYING.CC0: this.  Add a note on the scope of this license.
* COPYING.LIB: Add a note on the scope of this license.
* AUTHORS (License): Mention CC) license.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpgscm: Fix gcrypt version check.
Werner Koch [Mon, 19 Sep 2016 06:41:51 +0000 (08:41 +0200)]
gpgscm: Fix gcrypt version check.

* tests/gpgscm/main.c (main): Check against required and not installed
version.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Avoid malloc failure due to no key signatures
Werner Koch [Mon, 19 Sep 2016 06:27:23 +0000 (08:27 +0200)]
gpg: Avoid malloc failure due to no key signatures

* g10/keyedit.c (check_all_keysigs): Check early for no key
signatures.  Use xtrycalloc.
--

GnuPG-bug-id: 2690
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Clarify forward-compatible expectations
Daniel Kahn Gillmor [Sat, 17 Sep 2016 15:34:35 +0000 (11:34 -0400)]
doc: Clarify forward-compatible expectations

--
Encourage better parsers/interpreters of with-colons
and status-fd output.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoFix comment and format.
NIIBE Yutaka [Sat, 17 Sep 2016 07:16:41 +0000 (16:16 +0900)]
Fix comment and format.

* agent/protect-tool.c (main): Fix comment.
* doc/DETAILS (colon listings): Fix list.
* tests/openpgp/multisig.test: Fix comment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoFix more spelling
Daniel Kahn Gillmor [Thu, 15 Sep 2016 18:21:15 +0000 (14:21 -0400)]
Fix more spelling

* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agomove some file encodings to UTF-8
Daniel Kahn Gillmor [Thu, 15 Sep 2016 17:34:10 +0000 (13:34 -0400)]
move some file encodings to UTF-8

* dirmgnr/cdblib.c: comment used unnecesary hyphenation
* dirmngr/crlcache.h: comment was iso-8859-1
* doc/contrib.text: list contributors using UTF-8 (now we can
  acknowledge many more people using their preferred orthography)

At least one other files remains in a non-UTF-8 encoding, which i'm
not sure what to do with:

 - build-aux/speedo/w32/inst.nsi is ISO-8859-1, but maybe Windows needs
   it that way?

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agog10: On failure, propagate the return code.
Neal H. Walfield [Fri, 16 Sep 2016 13:32:03 +0000 (15:32 +0200)]
g10: On failure, propagate the return code.

* g10/tofu.c (tofu_register_encryption): If get_trust fails, set RC.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Improve some comments and a string.
Neal H. Walfield [Fri, 16 Sep 2016 13:31:10 +0000 (15:31 +0200)]
g10: Improve some comments and a string.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Don't ignore failure. On failure, rollback.
Neal H. Walfield [Fri, 16 Sep 2016 13:18:56 +0000 (15:18 +0200)]
g10: Don't ignore failure.  On failure, rollback.

* g10/tofu.c (tofu_set_policy): If record_binding fails, fail.  If the
function fails, rollback the transaction.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Load the key block if the supplied user id list is NULL.
Neal H. Walfield [Fri, 16 Sep 2016 13:17:51 +0000 (15:17 +0200)]
g10: Load the key block if the supplied user id list is NULL.

* g10/tofu.c (tofu_register_encryption): Load the key block if
USER_ID_LIST is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Use the accessor functions for accessing and comparing key ids
Neal H. Walfield [Fri, 16 Sep 2016 13:10:11 +0000 (15:10 +0200)]
g10: Use the accessor functions for accessing and comparing key ids

* g10/tofu.c (get_trust): Use the pk_main_keyid accessor function.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.
(tofu_set_policy): Likewise and also use pk_keyid and keyid_cmp.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agopo: convert localizations to UTF-8
Daniel Kahn Gillmor [Thu, 15 Sep 2016 17:49:05 +0000 (13:49 -0400)]
po: convert localizations to UTF-8

* po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po: convert to UTF-8

This was an automated conversion process, using:

   for x in po/{it,et,pl,ro,gl,es,el,sk,pt,eo,hu}.po; do
       cs=$(grep charset= $x | cut -f2 -d= | cut -f1 -d\\)
       iconv -f $cs -t UTF-8 < $x >$x.tmp
       sed "s/$cs/UTF-8/" < $x.tmp > $x
       rm -f $x.tmp
   done

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoscd: Add support of ECC pubkey attribute.
NIIBE Yutaka [Fri, 16 Sep 2016 06:20:32 +0000 (15:20 +0900)]
scd: Add support of ECC pubkey attribute.

* scd/app-openpgp.c (ECC_FLAG_PUBKEY): New.
(send_key_attr, get_public_key, ecc_writekey, do_auth, do_decipher)
(parse_algorithm_attribute): Check ECC_FLAG_DJB_TWEAK.
(build_ecc_privkey_template): Add ECC_Q and ECC_Q_LEN.
Support offering public key when ECC_FLAG_PUBKEY sets.
(ecc_writekey): Supply ECC_Q and ECC_Q_LEN.
(parse_algorithm_attribute): Parse pubkey-required byte.

--

OpenPGPcard protocol specification version 3.2 supports algorithm
attributes for ECC key which specifies public key data is required for
"keytocard" command.  This change supports the feature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Add missing header.
Justus Winter [Thu, 15 Sep 2016 12:46:06 +0000 (14:46 +0200)]
g10: Add missing header.

* g10/trustdb.c: Include 'mbox-util.h'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: Only consider bindings matching the signer's user id.
Neal H. Walfield [Thu, 15 Sep 2016 10:21:15 +0000 (12:21 +0200)]
g10: Only consider bindings matching the signer's user id.

* g10/trustdb.c (tdb_get_validity_core): If the signer's user id
subpacket is present, only consider matching user ids.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Don't include the signature when printing a binding's validity.
Neal H. Walfield [Thu, 15 Sep 2016 10:19:29 +0000 (12:19 +0200)]
g10: Don't include the signature when printing a binding's validity.

* g10/mainproc.c (check_sig_and_print): When printing information
about a binding don't include the current signature.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests/fake-pinentries: fake pinentries for downstream developers.
Daniel Kahn Gillmor [Wed, 14 Sep 2016 19:55:13 +0000 (15:55 -0400)]
tests/fake-pinentries: fake pinentries for downstream developers.

* tests/fake-pinentries/README.txt and
  tests/fake-pinentries/fake-pinentry.{sh,py,pl,php}}: New public
  domain (CC0) files to encourage better test suite practices from
  downstream developers.
* tests/fake-pinentries/COPYING (new): a copy of
  https://creativecommons.org/publicdomain/zero/1.0/legalcode.txt

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agospelling: conenction should be connection
Daniel Kahn Gillmor [Wed, 14 Sep 2016 21:21:19 +0000 (17:21 -0400)]
spelling: conenction should be connection

* dirmngr/server.c, sm/server.c: s/conenction/connection/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agospelling: correct achived to achieved
Daniel Kahn Gillmor [Wed, 14 Sep 2016 21:23:09 +0000 (17:23 -0400)]
spelling: correct achived to achieved

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agotests/gpgscm: Fix use of pointer.
NIIBE Yutaka [Thu, 15 Sep 2016 00:17:59 +0000 (09:17 +0900)]
tests/gpgscm: Fix use of pointer.

* tests/gpgscm/scheme-private.h (struct scheme): Use (void *) for
alloc_seg.
* tests/gpgscm/scheme.c (alloc_cellseg): Use (void *) for cp.  Use
(void *) for coercion of address calculation.

--

In old C language, (char *) means an address.  In modern C, it's
specifically an address with alignment=1.  It's good to use (void *) for
an address, because newer compiler emits warnings.  Note: in this
particular case, it is just a warning and the code is safe against
invalid alignment, though.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Fix whitespace.
Neal H. Walfield [Wed, 14 Sep 2016 13:21:14 +0000 (15:21 +0200)]
g10: Fix whitespace.

* g10/tofu.c (show_statistics): Fix whitespace.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Correctly compute the euclidean distance.
Neal H. Walfield [Wed, 14 Sep 2016 13:20:33 +0000 (15:20 +0200)]
g10: Correctly compute the euclidean distance.

* g10/tofu.c (write_stats_status): Correctly compute the euclidean
distance.
(show_statistics): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Change the default TOFU policy for UTKs to good.
Neal H. Walfield [Wed, 14 Sep 2016 13:19:18 +0000 (15:19 +0200)]
g10: Change the default TOFU policy for UTKs to good.

* g10/tofu.c (get_trust): Change the default TOFU policy for UTKs to
good.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Add missing static qualifier.
Neal H. Walfield [Wed, 14 Sep 2016 13:18:25 +0000 (15:18 +0200)]
g10: Add missing static qualifier.

* g10/tofu.c (cross_sigs): Add missing static qualifier.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Default to the "good" TOFU policy for keys signed by a UTK.
Neal H. Walfield [Wed, 14 Sep 2016 13:17:27 +0000 (15:17 +0200)]
g10: Default to the "good" TOFU policy for keys signed by a UTK.

* g10/tofu.c (signed_by_utk): New function.
(get_trust): If a key is signed by an ultimately trusted key, then
set any bindings to good.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agogpg: Emit a new error status line in --quick-adduid.
Werner Koch [Wed, 14 Sep 2016 08:59:18 +0000 (10:59 +0200)]
gpg: Emit a new error status line in --quick-adduid.

* g10/keyedit.c (menu_adduid): Emit an ERROR status for an existsing
user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Allow use of "default" algo for--quick-addkey.
Werner Koch [Wed, 14 Sep 2016 07:46:10 +0000 (09:46 +0200)]
gpg: Allow use of "default" algo for--quick-addkey.

* g10/keygen.c (quick_generate_keypair): Write a status error.
(parse_algo_usage_expire): Set a default curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Improve usability of --quick-gen-key.
Werner Koch [Tue, 13 Sep 2016 09:30:54 +0000 (11:30 +0200)]
gpg: Improve usability of --quick-gen-key.

* g10/keygen.c (FUTURE_STD_): New constants.
(parse_expire_string): Handle special keywords.
(parse_algo_usage_expire): Allow "future-default".  Simplify call to
parse_expire_string.
(quick_generate_keypair): Always allow an expiration date.  Replace
former "test-default" by "future-default".
--

Using an expiration date is pretty common, thus we now allow the
creation of a standard key with expiration date.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Minor fix to the usbmon debugging tool.
Werner Koch [Tue, 13 Sep 2016 06:26:56 +0000 (08:26 +0200)]
tools: Minor fix to the usbmon debugging tool.

--
* tools/ccidmon.c (GNUPG_NAME): Define if not defined.
(digitp, hexdigitp): Change to our common semantics.

--
Note that this tool only exists in the repo.

GnuPG-bug-id: 2678
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Avoid mixing up status and colon line output.
Werner Koch [Mon, 12 Sep 2016 15:42:50 +0000 (17:42 +0200)]
gpg: Avoid mixing up status and colon line output.

* g10/keylist.c (list_keyblock_colon): Avoid calling functions which
trigger a status line output before having printed a LF.
--

Status lines like KEY_CONSIDERED and KEYEPXIRED were messing up the
colons output, like here:

  pub:[GNUPG:] KEY_CONSIDERED 94A5C9A03C2FE5CA3B095D8E1FDF723CF46[...]

Reported-by: Andreas Stieger <astieger@suse.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Simplify tofu test.
Justus Winter [Mon, 12 Sep 2016 09:07:48 +0000 (11:07 +0200)]
tests: Simplify tofu test.

* tests/openpgp/tofu.scm: Simplify now that we only have one db
format.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoPortability build fix.
Ben Kibbey [Sat, 10 Sep 2016 17:42:09 +0000 (13:42 -0400)]
Portability build fix.

* kbx/Makefile.am: Add NETLIBS.
* dirmngr/Makefile.am: Ditto for dirmngr_ldap.
--

Fixes OpenIndiana (Solaris) builds.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2 years agoFix symbol conflict.
Ben Kibbey [Sat, 10 Sep 2016 17:42:09 +0000 (13:42 -0400)]
Fix symbol conflict.

* g10/gpgcompose.c: Rename struct siginfo to signinfo.
--

Fixes android-ndk and OpenIndiana (Solaris) builds.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
2 years agogpg: print fingerprint regardless of keyid-format
Daniel Kahn Gillmor [Thu, 8 Sep 2016 12:47:04 +0000 (14:47 +0200)]
gpg: print fingerprint regardless of keyid-format

* g10/keylist.c (print_fingerprint): use compact format independent of
  keyid-format; (print_key_line): always print the fingerprint

--

The choice of fingerprint display should be independent of the
keyid-format.

Currently, the representation of the fingerprint changes depending on
whether the user has specified --keyid-format to anything besides
"none".  (this is common, for example, if someone happens to have
"keyid-format long" in their gpg.conf for interoperability with older
versions of gpg)

With this changeset, keyid-format governs only the format of the
displayed keyID, while the fingerprint display is governed only by the
fingerprint options:

 [default]::
    compact fpr of pubkey only
 --with-fingerprint::
    human-readable form of fpr of pubkey only
 --with-fingerprint --with-fingerprint::
    human-readable form of pubkey and subkey
 --with-subkey-fingerprint:
    compact fpr for pubkey and subkeys

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agogpg: Remove option --yes from gpgv
Werner Koch [Thu, 8 Sep 2016 12:34:07 +0000 (14:34 +0200)]
gpg: Remove option --yes from gpgv

* g10/gpgv.c (opts): Remove --yes.
(main): Always set opt.ANSWER_YES.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Add options --output and --yes to gpgv.
Werner Koch [Thu, 8 Sep 2016 08:50:51 +0000 (10:50 +0200)]
gpg: Add options --output and --yes to gpgv.

* g10/gpgv.c (oOutput, oAnswerYes): New.
(opts): Add --output and --yes.
(main): Implement options.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Make --output work with --verify.
Werner Koch [Wed, 7 Sep 2016 22:45:45 +0000 (00:45 +0200)]
gpg: Make --output work with --verify.

* g10/mainproc.c (proc_plaintext): Handle opt.output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Terminate on deletion of the socket file (Linux only).
Werner Koch [Wed, 7 Sep 2016 10:36:48 +0000 (12:36 +0200)]
dirmngr: Terminate on deletion of the socket file (Linux only).

* dirmngr/dirmngr.c [HAVE_INOTIFY_INIT]: Include sys/inotify.h.
(oDisableCheckOwnSocket): New.
(opts): Add --disable-check-own-socket.
(disable_check_own_socket): New var.
(parse_rereadable_options): Set that var.
(my_inotify_is_name) [HAVE_INOTIFY_INIT]: New.
(handle_connections) [HAVE_INOTIFY_INIT]: New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Use the time a signature was seen, not the embedded time, for stats
Neal H. Walfield [Wed, 7 Sep 2016 09:17:47 +0000 (11:17 +0200)]
g10: Use the time a signature was seen, not the embedded time, for stats

* g10/tofu.c (ask_about_binding): Use the time that a signature was
seen, not allegedly generated, when generating statistics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests: Don't use --tofu-db-format.
Neal H. Walfield [Wed, 7 Sep 2016 09:02:51 +0000 (11:02 +0200)]
tests: Don't use --tofu-db-format.

* tests/openpgp/tofu.scm: Remove use of --tofu-db-format, which is
deprecated.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Check for a new binding a bit later.
Neal H. Walfield [Wed, 7 Sep 2016 08:53:28 +0000 (10:53 +0200)]
g10: Check for a new binding a bit later.

* g10/tofu.c (build_conflict_set): Check for the current key after
looking for conflicts and removing any '!'.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 1f1f56e6

2 years agog10: Change TOFU code to respect --faked-system-time.
Neal H. Walfield [Wed, 7 Sep 2016 08:28:39 +0000 (10:28 +0200)]
g10: Change TOFU code to respect --faked-system-time.

* g10/tofu.c (record_binding): New parameter now.  Update callers.
Don't use SQLite's strftime('%s','now') to get the current time, use
NOW.
(ask_about_binding): Likewise.
(get_trust): New parameter now.  Update callers.
(show_statistics): Likewise.
(tofu_register_signature): Don't use SQLite's strftime('%s','now') to
get the current time, use gnupg_get_time().
(tofu_register_encryption): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Use the correct conversion function.
Neal H. Walfield [Wed, 7 Sep 2016 08:06:58 +0000 (10:06 +0200)]
g10: Use the correct conversion function.

* g10/tofu.c (show_statistics): Use string_to_ulong, not
string_to_long.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 875ac921

2 years agog10: Add missing sqrtu32.h and sqrtu32.c.
Neal H. Walfield [Wed, 7 Sep 2016 06:55:17 +0000 (08:55 +0200)]
g10: Add missing sqrtu32.h and sqrtu32.c.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 875ac92.