gnupg.git
13 months agog10: Unattended key generation "Key-Grip" and "Subkey-Grip".
NIIBE Yutaka [Wed, 1 Nov 2017 01:19:35 +0000 (10:19 +0900)]
g10: Unattended key generation "Key-Grip" and "Subkey-Grip".

* g10/keygen.c (pSUBKEYGRIP): New.
(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
(do_generate_keypair): Support pSUBKEYGRIP.

--

In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.

GnuPG-bug-id: 3478
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agog10: Simplify "factory-reset" procedure.
NIIBE Yutaka [Mon, 30 Oct 2017 02:59:11 +0000 (11:59 +0900)]
g10: Simplify "factory-reset" procedure.

* g10/card-util.c (factory_reset): Simplify.

--

In this summer, I got report about old code before this change didn't
work with newer Yubikey.  I got another report test version of OpenPGP
card V3.3 implementation didn't work, either.  Then, I confirmed that
according to the OpenPGP card specification, the procedure of old code
is not expected by its author.

This change simplify "factory-reset" as simple.

Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
change.  That's because the factory-reset feature of Gnuk was
introduced by reading the implementation of GnuPG, instead of reading
the specification.  Gnuk 1.2.5 and later works well.  All OpenPGPcard
implementations I have work well (2.0, 2.1, 2.2, test version of 3).

GnuPG-bug-id: 3286
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Fri, 27 Oct 2017 11:56:15 +0000 (13:56 +0200)]
Merge branch 'STABLE-BRANCH-2-2' into master

--
Resolved Conflicts:
configure.ac - Adjust due to new log_clock otions

13 months agoagent: Clean up pinentry access locking.
NIIBE Yutaka [Fri, 27 Oct 2017 00:54:48 +0000 (09:54 +0900)]
agent: Clean up pinentry access locking.

* agent/agent.h (struct server_control_s): Rename PINENTRY_ACTIVE.
* agent/call-pinentry.c (entry_owner): Remove.
(agent_reset_query): Use thread private object of PINENTRY_ACTIVE.
(unlock_pinentry): Add CTRL to arguments to access thread private.
Check and decrement PINENTRY_ACTIVE for recursive use.
(start_pinentry): Check and increment PINENTRY_ACTIVE for recursion.
(agent_askpin): Follow the change of unlock_pinentry API.
(agent_get_passphrase, agent_get_confirmation): Likewise.
(agent_show_message, agent_popup_message_start): Likewise.
(agent_popup_message_stop, agent_clear_passphrase): Likewise.

--

We use the member PINENTRY_ACTIVE as a thread private object.
It's only valid for a single thread at a time.

It would be possible to have a thread shared object of
PINENTRY_ACTIVE, keeping ENTRY_OWNER for distinguishing its
owner (which is also a thread shared object).  But, in this case,
access to ENTRY_OWNER is tricky (only comparison to accessing thread
would be OK with no lock), or we need to introduce another lock for
accessing ENTRY_OWNER, which complicates the code too much.

So, simply have a thread private object for recursive pinentry access.

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agoagent: Allow recursive use of pinentry.
NIIBE Yutaka [Thu, 26 Oct 2017 05:40:38 +0000 (14:40 +0900)]
agent: Allow recursive use of pinentry.

* agent/agent.h (struct server_control_s): Add pinentry_level.
* agent/call-pinentry.c (agent_popup_message_stop): Not clear
ENTRY_CTX here.
(unlock_pinentry): Handle recursion.  Clear ENTRY_CTX here.
(start_pinentry): Allow recursive use.

--

GnuPG-bug-id: 3190
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agoagent, tests: Support --disable-scdaemon build case.
NIIBE Yutaka [Thu, 26 Oct 2017 02:24:39 +0000 (11:24 +0900)]
agent, tests: Support --disable-scdaemon build case.

* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agoFix comment of configure.
NIIBE Yutaka [Thu, 26 Oct 2017 02:19:45 +0000 (11:19 +0900)]
Fix comment of configure.

* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agoagent, tests: Support --disable-scdaemon build case.
NIIBE Yutaka [Thu, 26 Oct 2017 02:24:39 +0000 (11:24 +0900)]
agent, tests: Support --disable-scdaemon build case.

* agent/command.c (cmd_scd): Support !BUILD_WITH_SCDAEMON.
* tests/openpgp/defs.scm (create-gpghome): Likewise.
* tests/gpgsm/gpgsm-defs.scm (create-gpgsmhome): Likewise.

--

We could modify gpg-agent to remove all support of scdaemon, with no
inclusion of call-scd.c, divert-scd.c, and learncard.c, but it would
not be worth to do that.

GnuPG-bug-id: 3316
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agoFix comment of configure.
NIIBE Yutaka [Thu, 26 Oct 2017 02:19:45 +0000 (11:19 +0900)]
Fix comment of configure.

* configure.ac (BUILD_WITH_DIRMNGR): Comment fix.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agogpg: Avoid superfluous sig check info during import.
Werner Koch [Tue, 24 Oct 2017 19:11:38 +0000 (21:11 +0200)]
gpg: Avoid superfluous sig check info during import.

* g10/key-check.c (print_info): New.
(key_check_all_keysigs): Print sig checking results only in debug
mode.  Prettify the stats info and suppress them in quiet mode.

--

This also makes usable stats by prefixing them with the key and the
program name.

GnuPG-bug-id: 3397
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agobuild: New configure option --enable-werror
Werner Koch [Tue, 24 Oct 2017 16:42:37 +0000 (18:42 +0200)]
build: New configure option --enable-werror

* configure.ac: Implement that option.
--

This can be used as a workaround in case of bogus autoconf tests.

GnuPG-bug-id: 2423
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agobuild: Do not mess with CFLAGS in configure.
Werner Koch [Tue, 24 Oct 2017 16:34:28 +0000 (18:34 +0200)]
build: Do not mess with CFLAGS in configure.

* configure.ac: Do not mess with the user provided CFLAGS.
--

A problem was claimed with some configure tests if the user provided
CFLAGS=-Werror.  The commit introducing this

Fixes-commit: 02eb9fc9d5863abcfed6af704e618f8cac7cc2e8

does not mention a concrete case.  Anyway, messing with CFLAGS is a
bad idea because configure tests will then test something different
than what is used later (cf. autoconf manual).  Tests which depend on
the whether -Werror is used needsto be fixed.

Note that in certain cases we modify CFLAGS.  This is only done for
some configure options or if the platform requires the use of special
compiler flags (e.g. on HP/UX).

GnuPG-bug-id: 2423

13 months agosm: Do not expect X.509 keyids to be unique
Rainer Perske [Tue, 24 Oct 2017 15:29:04 +0000 (17:29 +0200)]
sm: Do not expect X.509 keyids to be unique

* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
(run_command_inq_cb): Ditto.
* sm/gpgsm.c (main): Pass false.
* sm/server.c (cmd_passwd): Pass false.

--

As described in my report T1644, it is possible that multiple
certificates exist with the same Distinguished Name and the same key.
In this case, verifying S/MIME signatures and other actions fail with
"certificate not found: Ambiguous name". For details see the bug
report.

To circumvent the problem, I am patching GnuPG since 2014 so that in
this case the newest of the ambiguous certificates is used.

This is not an ultimate solution of the problem: You should try every
certificate with the same DN until verification succeeds or until all
certificates fail, and if multiple certificates of a chain are
ambiguous you even have to check every combination. You may even
consider checking the keyUsage attributes of the ambiguous certificates
to reduce the number of combinations.

But in the existing case of the certificates in the German Research
Network (DFN) PKI where the newest one is the valid one and all
ambiguous certificates have the same keyUsage attributes, this patch
has proven to be sufficient over the last three years.

With every GnuPG update, I have adapted the patch, luckily I never
needed to change anything except line numbers.

GnuPG-bug-id: 1644

ChangeLog log written by wk, comment taken from mail.  Signed-off line
was missing in the plain diff.  However the mail with the patch and
the DCO posted as reply to that mail were both signed.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agoRegister DCO for Rainer Perske
Werner Koch [Tue, 24 Oct 2017 15:14:56 +0000 (17:14 +0200)]
Register DCO for Rainer Perske

--

13 months agogpgconf: Ignore non-installed components with --apply-profile.
Werner Koch [Tue, 24 Oct 2017 10:01:07 +0000 (12:01 +0200)]
gpgconf: Ignore non-installed components with --apply-profile.

* tools/gpgconf-comp.c (retrieve_options_from_program): Add arg
only_installed.
(gc_component_retrieve_options): Use this if we want to process all
components.
--

Note that this also also ignores them in --with-defaults.  This is
useful for systems which come without scdaemon.

GnuPG-bug-id: 3313
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Improve the "secret key available" notice in keyedit.c
Werner Koch [Tue, 24 Oct 2017 08:56:13 +0000 (10:56 +0200)]
gpg: Improve the "secret key available" notice in keyedit.c

* g10/keyedit.c (KEYEDIT_NEED_SUBSK): New.
(cmds): Add this flag to keytocard, bkuptocard, expire, and passwd.
(keyedit_menu): Check whether only subkeys are available and take care
of that in the command check and in the HELP listing.  Also print a
different notice if only subkeys are available.
--

Print "Secret key is available" and the bailing out in all commands
which require the _primary_ secret key was surprising.  Now we print
another notice and adjust the checks.

GnuPG-bug-id: 3463
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Remove unused flags from keyedit.c.
Werner Koch [Tue, 24 Oct 2017 07:31:49 +0000 (09:31 +0200)]
gpg: Remove unused flags from keyedit.c.

* g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove.
(cmds): Remove them.
--

These flags were cruft from the time we had to switch between secret
and public key view.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodoc: Fix "SEE ALSO" section of gpgv.
Werner Koch [Fri, 20 Oct 2017 06:56:39 +0000 (08:56 +0200)]
doc: Fix "SEE ALSO" section of gpgv.

--

13 months agogpg: Fix creating on-disk subkey with on-card primary key.
Werner Koch [Thu, 19 Oct 2017 16:10:37 +0000 (18:10 +0200)]
gpg: Fix creating on-disk subkey with on-card primary key.

* g10/keygen.c (generate_subkeypair): Ignore error code issued for
trying to verify a card based key.
--

We try to verify the primary key and thus seed the passphrase cache
before generating the subkey.  However, the verification does not yet
work for on-card keys and thus the PASSWD --verify send to the agent
returns an error.  This patch detects this error and continues without
a seeded passphrase cache.  After all that pre-seeding is just a
convenience.

GnuPG-bug-id: 3280
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Print sec/sbb with --import-option import-show or show-only.
Werner Koch [Thu, 19 Oct 2017 15:12:36 +0000 (17:12 +0200)]
gpg: Print sec/sbb with --import-option import-show or show-only.

* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--

Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported.  If the secret key
already exists locally another suffix might be printed.  The upshot is
that the suffix has no usefulness.

GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Make --dry-run and show-only work for secret keys.
Werner Koch [Thu, 19 Oct 2017 15:05:39 +0000 (17:05 +0200)]
gpg: Make --dry-run and show-only work for secret keys.

* g10/import.c (import_secret_one): Check for dry-run before
transferring keys.
--

The use of --dry-run or --import-option show-only had no effect when
importing a secret key and the public key already existed.  If the
public key did not exist an error message inhibited the import of the
secret key.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodirmngr: Do not follow https-to-http redirects.
Damien Goutte-Gattat [Sun, 8 Oct 2017 16:30:52 +0000 (17:30 +0100)]
dirmngr: Do not follow https-to-http redirects.

* dirmngr/ks-engine-http.c (ks_http_fetch): Forbid redirects from
a https URI to a http URI.
--

GnuPG-bug-id: 3436
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
13 months agog10: Fix find_and_check_key for multiple keyrings.
NIIBE Yutaka [Thu, 19 Oct 2017 02:08:24 +0000 (11:08 +0900)]
g10: Fix find_and_check_key for multiple keyrings.

* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.

--

When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring.  Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.

Thanks to Guido Günther for the use case and the log.

Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agogpg: Keep a lock during the read-update/insert cycle in import.
Werner Koch [Wed, 18 Oct 2017 16:28:52 +0000 (18:28 +0200)]
gpg: Keep a lock during the read-update/insert cycle in import.

* g10/keydb.c (keydb_handle): New field 'keep_lock'.
(keydb_release): Clear that flag.
(keydb_lock): New function.
(unlock_all): Skip if KEEP_LOCK is set.
* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
requested.
--

That change is straightforward.  It helps to avoid the race condition
that another gpg process inserts a key while the first process is
between the search and the insert.

A similar change is due for gpgsm.

Note that the key edit operations may still suffer from a race.

GnuPG-bug-id: 3446

13 months agogpg: Improve keydb handling in the main import function.
Werner Koch [Wed, 18 Oct 2017 15:52:41 +0000 (17:52 +0200)]
gpg: Improve keydb handling in the main import function.

* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle.  Remove the now surplus keyblock fetch in the merge branch.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Simplify keydb handling of the main import function.
Werner Koch [Wed, 18 Oct 2017 11:09:47 +0000 (13:09 +0200)]
gpg: Simplify keydb handling of the main import function.

* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agosm: Fix colon listing of fields > 12 in crt records.
Werner Koch [Tue, 17 Oct 2017 18:56:55 +0000 (20:56 +0200)]
sm: Fix colon listing of fields > 12 in crt records.

* sm/keylist.c (print_capabilities): Move colon printing ...
(list_cert_colon): to here.
--

Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agoagent: Send pinentry the uid of connecting process where possible.
Daniel Kahn Gillmor [Sun, 5 Feb 2017 07:12:25 +0000 (02:12 -0500)]
agent: Send pinentry the uid of connecting process where possible.

* agent/agent.h (server_control_s): Add field 'client_uid'.
* agent/call-pinentry.c (start_pinentry): Add uid field to assuan
option "owner" sent to pinentry.
* agent/command-ssh.c (peer_info_s): New static struct.
(get_client_pid): Rename to...
(get_client_info): Here, and extract uid in addition to pid.
(start_command_handler_ssh): Use get_client_info() instead of
get_client_pid().
* agent/command.c (start_command_handler): Try assuan_get_peercred,
and only fall back to assuan_get_pid when assuan_get_peercred fails.

--

This also requires an update to pinentry to handle the new uid field.
Distributing the uid as well as the pid makes it harder for a
different user on the same machine to take advantage of any race
conditions between when a requesting process might ask for something
that needs pinentry, and when pinentry gets around to inspecting the
state of that process.

We put the uid before the nodename because the uid is guaranteed to be
a integer (represented in decimal), which makes it much simpler to
parse past than the potentially arbitrarily structured nodename.

Use a / instead of whitespace to delimit pid/uid at Werner's request.

If we were willing to depend on the nodename being
whitespace-delimited (as the current, unreleased pinentry code does),
then we could add the uid after the nodename.  But since no released
pinentry depends on this option anyway, i think we should make the
more conservative, easily-parseable choice and put the user ID first.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
13 months agog10: Fix find_and_check_key for multiple keyrings.
NIIBE Yutaka [Thu, 19 Oct 2017 02:08:24 +0000 (11:08 +0900)]
g10: Fix find_and_check_key for multiple keyrings.

* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.

--

When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring.  Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.

Thanks to Guido Günther for the use case and the log.

Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agogpg: Keep a lock during the read-update/insert cycle in import.
Werner Koch [Wed, 18 Oct 2017 16:28:52 +0000 (18:28 +0200)]
gpg: Keep a lock during the read-update/insert cycle in import.

* g10/keydb.c (keydb_handle): New field 'keep_lock'.
(keydb_release): Clear that flag.
(keydb_lock): New function.
(unlock_all): Skip if KEEP_LOCK is set.
* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
requested.
--

That change is straightforward.  It helps to avoid the race condition
that another gpg process inserts a key while the first process is
between the search and the insert.

A similar change is due for gpgsm.

Note that the key edit operations may still suffer from a race.

GnuPG-bug-id: 3446

13 months agogpg: Improve keydb handling in the main import function.
Werner Koch [Wed, 18 Oct 2017 15:52:41 +0000 (17:52 +0200)]
gpg: Improve keydb handling in the main import function.

* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle.  Remove the now surplus keyblock fetch in the merge branch.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Simplify keydb handling of the main import function.
Werner Koch [Wed, 18 Oct 2017 11:09:47 +0000 (13:09 +0200)]
gpg: Simplify keydb handling of the main import function.

* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Fix wrong Tofu DB consistency check.
Werner Koch [Wed, 18 Oct 2017 11:55:56 +0000 (13:55 +0200)]
gpg: Fix wrong Tofu DB consistency check.

* g10/tofu.c (build_conflict_set): Do not assume MAX_FINGERPRINT_LEN
is the size of the fingerprint.
--

This problem was exhibited by
commit ecbbafb88d920e713439b6b1b8e1b41a6f8d0e38.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg,sm: New option --with-key-screening.
Werner Koch [Tue, 17 Oct 2017 19:10:19 +0000 (21:10 +0200)]
gpg,sm: New option --with-key-screening.

* common/pkscreening.c: New.
* common/pkscreening.h: New.
* common/Makefile.am (common_sources): Add them.
* g10/gpg.c (opts): New option --with-key-screening.
* g10/options.h (struct opt): New field with_key_screening.
* g10/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(list_keyblock_print): Call it.
(print_compliance_flags): Call it.
* sm/gpgsm.c (opts): New option --with-key-screening.
* sm/gpgsm.h (scruct opt): New field with_key_screening.
* sm/keylist.c:  Include pkscreening.h.
(print_pk_screening): New.
(print_compliance_flags): Call it.  Add new arg cert.
(list_cert_colon): Pass arg cert
(list_cert_std): Call print_pk_screening.
* sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
--

This new option can be used to detect ROCA affected keys.  To scan an
entire keyring and print the affected fingerprints use this:

  gpg -k --with-key-screening --with-colons | gawk -F: \
       '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next};
        $1=="fpr" && found {print $10}; {found=0}'

The same works for gpgsm.  Note that we need gawk due to the "\<" in
the r.e.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agosm: Fix colon listing of fields > 12 in crt records.
Werner Koch [Tue, 17 Oct 2017 18:56:55 +0000 (20:56 +0200)]
sm: Fix colon listing of fields > 12 in crt records.

* sm/keylist.c (print_capabilities): Move colon printing ...
(list_cert_colon): to here.
--

Fixes-commit: 7af008bfe1641938a6c2c995cb065829fa05a693
Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agogpg: Fix comparison.
Neal H. Walfield [Fri, 6 Oct 2017 09:51:39 +0000 (11:51 +0200)]
gpg: Fix comparison.

* g10/gpgcompose.c (literal_name): Complain if passed zero arguments,
not one or fewer.

Signed-off-by: Neal H. Walfield <neal@walfield.org>
14 months agogpg: Workaround for junk after --trusted-key.
Werner Koch [Thu, 28 Sep 2017 12:10:12 +0000 (14:10 +0200)]
gpg: Workaround for junk after --trusted-key.

* g10/trust.c (register_trusted_key): Cut off everthing starting as a
hash sign.
--

This problem is fallout from
commit f99830b72812395da5451152bdd2f2d90a7cb7fb
which fixes
GnuPG-bug-id: 1206

The same could happen with other options taking keyids but we won't
change that because a trailing '#' does not indicate a comment.  So
this is really only a workaround and eventually we will
deprecate --trusted-key anyway or require a fingerprint as a value.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agodoc: Make --check-sigs more prominent.
Werner Koch [Wed, 27 Sep 2017 15:18:55 +0000 (17:18 +0200)]
doc: Make --check-sigs more prominent.

--

It seems people are using --list-sigs instead of --check-sigs and do
not realize that the signatures are not checked at all.  We better
highlight the use of --check-sigs to avoid this UI problem.

Suggested-by: Andrew Gallagher
Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agodoc: Make --check-sigs more prominent.
Werner Koch [Wed, 27 Sep 2017 15:18:55 +0000 (17:18 +0200)]
doc: Make --check-sigs more prominent.

--

It seems people are using --list-sigs instead of --check-sigs and do
not realize that the signatures are not checked at all.  We better
highlight the use of --check-sigs to avoid this UI problem.

Suggested-by: Andrew Gallagher
Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agogpg: Prepare for a longer fingerprint
Werner Koch [Wed, 27 Sep 2017 07:42:13 +0000 (09:42 +0200)]
gpg: Prepare for a longer fingerprint

* g10/card-util.c (change_cafpr): Use MAX_FINGERPRINT_LEN.
* g10/cipher.c (write_header): Use snprintf.
* g10/gpg.h (MAX_FINGERPRINT_LEN): Change to 32.
(MAX_FORMATTED_FINGERPRINT_LEN): Change to 59
* g10/keyid.c (format_hexfingerprint): Add v5 fingerprint format.
* g10/tofu.c (get_policy): Use MAX_FINGERPRINT_LEN for the buffer but
keep the raw length for now.
--

Note that this patch only increases the size of the buffer and adds a
new formatting for v5 fingerprints.  Moe work is required to fix
internal data structures like those in trustdb.gpg and the tofu
tables.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agocommon: Add constant KEYGRIP_LEN.
Werner Koch [Wed, 27 Sep 2017 07:33:14 +0000 (09:33 +0200)]
common: Add constant KEYGRIP_LEN.

* common/util.h (KEYGRIP_LEN): New.
* g10/call-agent.c (agent_probe_any_secret_key): Use that constant.
* g10/keyid.c (keygrip_from_pk): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agogpg: Let --debug clock time sign and verify.
Werner Koch [Wed, 27 Sep 2017 05:58:02 +0000 (07:58 +0200)]
gpg: Let --debug clock time sign and verify.

* configure.ac (ENABLE_LOG_CLOCK): New ac_define and option.
* common/logging.c (log_clock): Use ENABLE_LOG_CLOCK to enable
timestamp printing.
* g10/call-agent.c (agent_pksign): Time signing.
* g10/sig-check.c (check_signature_end_simple): Time verification.
--

Timing for verification is limited to data signatures because this is
the most common thing to evaluate.  We should consider to change
log_clock to printf style so that we could print the signature class
and other info.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Tue, 26 Sep 2017 10:00:03 +0000 (12:00 +0200)]
Merge branch 'STABLE-BRANCH-2-2' into master

--

Signed-off-by: Werner Koch <wk@gnupg.org>
Conflicts:
NEWS - include release info from 2.2.1
configure.ac - keep master.

14 months agopo: Remove trailing colon from a German pinentry string.
Werner Koch [Tue, 26 Sep 2017 09:52:18 +0000 (11:52 +0200)]
po: Remove trailing colon from a German pinentry string.

--

14 months agog10: Select a secret key by checking availability under gpg-agent.
NIIBE Yutaka [Tue, 26 Sep 2017 02:02:05 +0000 (11:02 +0900)]
g10: Select a secret key by checking availability under gpg-agent.

* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
by agent_probe_secret_key.
(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.

--

GnuPG-bug-id: 1967
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
14 months agopo: Fix German translation.
Werner Koch [Sun, 24 Sep 2017 07:56:26 +0000 (09:56 +0200)]
po: Fix German translation.

--

Reported-by: engelmarkus
14 months agoagent: Fix cancellation handling for scdaemon.
NIIBE Yutaka [Wed, 20 Sep 2017 01:42:28 +0000 (10:42 +0900)]
agent: Fix cancellation handling for scdaemon.

* agent/call-scd.c (cancel_inquire): Remove.
(agent_card_pksign, agent_card_pkdecrypt, agent_card_writekey)
(agent_card_scd): Don't call cancel_inquire.

--

Since libassuan 2.1.0, cancellation command "CAN" is handled within
the library, by assuan_transact.  So, cancel_inquire just caused
spurious "CAN" command to scdaemon which resulted an error.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
14 months agoscd: Distinguish cancel by user and protocol error.
NIIBE Yutaka [Wed, 20 Sep 2017 01:06:43 +0000 (10:06 +0900)]
scd: Distinguish cancel by user and protocol error.

* scd/apdu.h (SW_HOST_CANCELLED): New.
* scd/apdu.c (host_sw_string): Support SW_HOST_CANCELLED.
(pcsc_error_to_sw): Return SW_HOST_CANCELLED for PCSC_E_CANCELLED.
* scd/iso7816.c (map_sw): Return GPG_ERR_INV_RESPONSE for
SW_HOST_ABORTED and GPG_ERR_CANCELED for SW_HOST_CANCELLED.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
14 months agocommon: Accept the Z-suffix for yymmddThhmmssZ format.
NIIBE Yutaka [Tue, 19 Sep 2017 07:09:05 +0000 (16:09 +0900)]
common: Accept the Z-suffix for yymmddThhmmssZ format.

* common/gettime.c (isotime_p): Accept the Z suffix.

--

The intention is use for human interface.

GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
14 months agoPost release updates
Werner Koch [Tue, 19 Sep 2017 06:34:36 +0000 (08:34 +0200)]
Post release updates

--

14 months agoRelease 2.2.1 gnupg-2.2.1
Werner Koch [Tue, 19 Sep 2017 06:13:44 +0000 (08:13 +0200)]
Release 2.2.1

14 months agocommon: Fix gnupg_wait_processes.
NIIBE Yutaka [Tue, 19 Sep 2017 03:28:43 +0000 (12:28 +0900)]
common: Fix gnupg_wait_processes.

* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
even if we already see an error.

--

The value stored by waitpid for exit code is encoded;  It requires
decoded by WEXITSTATUS macro, regardless of an error.

For example, when one of processes is already exited and another is
still running, it resulted wrong value of in r_exitcodes[n].

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
14 months agodirmngr: Use system certs if --hkp-cacert is not used.
Werner Koch [Mon, 18 Sep 2017 20:49:05 +0000 (22:49 +0200)]
dirmngr: Use system certs if --hkp-cacert is not used.

* dirmngr/certcache.c (any_cert_of_class): New var.
(put_cert): Set it.
(cert_cache_deinit): Clear it.
(cert_cache_any_in_class): New func.
* dirmngr/http-ntbtls.c (gnupg_http_tls_verify_cb): Add hack to
override empty list of HKP certs.
--

This patch carries the changes for GNUTLS from commit
7c1613d41566f7d8db116790087de323621205fe over to NTBTLS.  NTBTLS works
quite different and thus we need to do it this way.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agopo: Minor Grammar update of the Greek translation
Dimitris Maroulidis [Mon, 18 Sep 2017 14:23:43 +0000 (16:23 +0200)]
po: Minor Grammar update of the Greek translation

--
GnuPG-bug-id: 3409

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agowks: Create a new user id if provider wants mailbox-only.
Werner Koch [Mon, 18 Sep 2017 13:37:21 +0000 (15:37 +0200)]
wks: Create a new user id if provider wants mailbox-only.

* tools/gpg-wks-client.c (get_key): Add arg 'exact'.
(add_user_id): New.
(command_send): Create new user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agowks: Send only the newest UID to the server.
Werner Koch [Mon, 18 Sep 2017 10:52:20 +0000 (12:52 +0200)]
wks: Send only the newest UID to the server.

* tools/wks-util.c (list_key_status_cb): Rename to key_status_cb.
(wks_filter_uid): New.
(wks_list_key): Allow FPR to be NULL.  Return an error if no
fingerprint was found.
* tools/gpg-wks-server.c (process_new_key)
(check_and_publish): Remove now useless extra check for FPR.
* tools/gpg-wks-client.c (command_check): Ditto.
(command_send): Filter out the newest uid.
--

This fixes the case of having several userids with all the the same
mailbox.  Now we use the latest user id created.  This patch is also a
prerequisite to automatically create a new user id for providers with
the mailbox-only policy.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agowks: Print the UID creation time with gpg-wks-client --check.
Werner Koch [Mon, 18 Sep 2017 09:31:36 +0000 (11:31 +0200)]
wks: Print the UID creation time with gpg-wks-client --check.

* tools/gpg-wks.h (uidinfo_list_s): Add field 'created'.
* tools/wks-util.c (append_to_uidinfo_list): Add arf 'created'.
(wks_list_key): Pass timestamp to append_to_uidinfo_list.
* tools/gpg-wks-client.c (command_check): Print UID creation time.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agowks: Use dedicated type to convey user ids.
Werner Koch [Mon, 18 Sep 2017 09:16:07 +0000 (11:16 +0200)]
wks: Use dedicated type to convey user ids.

* tools/gpg-wks.h (uidinfo_list_s, uidinfo_list_t): New.
* tools/wks-util.c (append_to_uidinfo_list): New.
(free_uidinfo_list): New.
(wks_list_key): Change arg r_mboxes to uidinfo_list_t.  Use
append_to_uidinfo_list.
* tools/gpg-wks-server.c (sserver_ctx_s): Replace strlist_t by
uidinfo_list_t.
(process_new_key): Ditto.
(check_and_publish): Ditto.
(command_receive_cb): Replace free_strlist by free_uidinfo_list.
* tools/gpg-wks-client.c (command_check): Replace strlist_t by
uidinfo_list_t.  Also print user id in verbose mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agogpgv: Initialize compliance checker.
Werner Koch [Wed, 13 Sep 2017 07:18:15 +0000 (09:18 +0200)]
gpgv: Initialize compliance checker.

* g10/gpgv.c (main): Call gnupg_initialize_compliance.
--

The compliance checker needs to be initialize so that it won't let
spit out a "not suitable" message.  We use the module name of gpg.
Because there is no option to change the compliance mode in gpgv we
will always be in the default (CO_GNUPG) mode.  It also does not make
much sense to have it here because gpgv expects a "curated" keyring.

GnuPG-bug-id: 3404
Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agowks: Add hack for the broken posteo system
Werner Koch [Tue, 12 Sep 2017 16:08:09 +0000 (18:08 +0200)]
wks: Add hack for the broken posteo system

* tools/gpg-wks-client.c (command_send): Additional hack for posteo.
Check the protocol-version flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agowks: Add new policy flag protocol-version
Werner Koch [Tue, 12 Sep 2017 16:05:00 +0000 (18:05 +0200)]
wks: Add new policy flag protocol-version

* tools/gpg-wks.h (policy_flags_s): Add field protocol_version.
* tools/wks-util.c (wks_parse_policy): Add new policy flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agogpg: Fix "Fix key generation with only an email part".
Werner Koch [Tue, 12 Sep 2017 12:38:44 +0000 (14:38 +0200)]
gpg: Fix "Fix key generation with only an email part".

* g10/keygen.c (proc_parameter_file): Don't check the result of
stpcpy.
--

Fixes-commit: 7089dcc54099a4909ce7d386c07ab87e1398e2eb
Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agowks: Use unencrypted draft-1 mode for posteo.de
Werner Koch [Tue, 12 Sep 2017 12:32:29 +0000 (14:32 +0200)]
wks: Use unencrypted draft-1 mode for posteo.de

* tools/gpg-wks-client.c (command_send): Allow sending in draft-1
mode.
--

Obviously Posteo did not implement the current draft and thus it was
not possible to send a request to them.  This hack uses the old method
for posteo.de.  Not sending it encrypted is okay here because they use
authenticated sending anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agotools: New function mime_maker_add_body_data.
Werner Koch [Tue, 12 Sep 2017 12:29:04 +0000 (14:29 +0200)]
tools: New function mime_maker_add_body_data.

* tools/mime-maker.c (mime_maker_add_body_data): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agosm: Move qualified.txt from datadir into sysconfdir
Alon Bar-Lev [Fri, 1 Sep 2017 19:19:26 +0000 (22:19 +0300)]
sm: Move qualified.txt from datadir into sysconfdir

* doc/Makefile.am: Move qualified.txt into examples.
* doc/qualified.txt: Move into examples, remove trailing spaces.
* doc/examples/README: Document qualified.txt.
* doc/gpgsm.texi: Move qualified.txt from datadir into sysconfdir.
* sm/qualified.c (read_list): Move qualified.txt from datadir into
sysconfdir.
--

The qualified.txt is maintained by Administrator it is a configuration
file. In the past it was a hybrid, provided by package and controlled
by the Administrator, however, it is no longer maintained by package.

Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com>
15 months agotests: Fix a test which specifies expiration date.
NIIBE Yutaka [Fri, 8 Sep 2017 05:21:29 +0000 (14:21 +0900)]
tests: Fix a test which specifies expiration date.

* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.

--

This is a bug fix for Amelia Earhart who is probably in UTC-12.

When expiration date is specified, GnuPG interprets it as noon of the
date in local time.

Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day.  When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.

GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
15 months agoscd: Fix for large ECC keys.
NIIBE Yutaka [Tue, 29 Aug 2017 05:35:47 +0000 (14:35 +0900)]
scd: Fix for large ECC keys.

* scd/app-openpgp.c (do_decipher): Support larger length.

--

Reported-by: Achim Pietig <achim@pietig.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
15 months agogpg: Fix key generation with only an email part.
Werner Koch [Mon, 11 Sep 2017 09:29:13 +0000 (11:29 +0200)]
gpg: Fix key generation with only an email part.

* g10/keygen.c (proc_parameter_file): Special case the email only
case.
--

Using a parameter file like

  %ask-passphrase
  key-type:      RSA
  key-length:    2048
  key-usage:     sign
  subkey-type:   RSA
  subkey-length: 2048
  subkey-usage:  encrypt
  name-email:    foo@example.org

with "gpg --gen-key --patch" the result was this key

  pub   rsa2048 2017-09-11 [SC]
        63A8C1BA12CC289A0E8072C971C7F8D4A18CE0BE
  uid           [ultimate]  <foo@example.org>
  sub   rsa2048 2017-09-11 [E]

At least the the extra leading space the left angle bracket is wrong.
Further some mail providers reject keys which consist of more than
just a plain mail address.  Using just a mail address is anyway the
new new suggested content for a user id.  With this patch the key
will be

  pub   rsa2048 2017-09-11 [SC]
        B302343C20EA6DECDB6A155135352F2520397080
  uid           [ultimate] foo@example.org
  sub   rsa2048 2017-09-11 [E]

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agoagent: compile-time configuration of s2k calibration.
Daniel Kahn Gillmor [Fri, 8 Sep 2017 21:08:57 +0000 (17:08 -0400)]
agent: compile-time configuration of s2k calibration.

* configure.ac: add --with-agent-s2k-calibration=MSEC, introduces
AGENT_S2K_CALIBRATION (measured in milliseconds)
* agent/protect.c (calibrate_s2k_count): Calibrate based on
AGENT_S2K_CALIBRATION.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
GnuPG-bug-id: 3399

15 months agogpg: default to AES-256.
Daniel Kahn Gillmor [Thu, 7 Sep 2017 23:04:00 +0000 (19:04 -0400)]
gpg: default to AES-256.

* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.

--

It's 2017, and pretty much everyone has AES-256 available.  Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive).  AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
15 months agogpg: default to 3072-bit RSA keys.
Daniel Kahn Gillmor [Thu, 7 Sep 2017 22:41:10 +0000 (18:41 -0400)]
gpg: default to 3072-bit RSA keys.

* agent/command.c (hlp_genkey): update help text to suggest the use of
3072 bits.
* doc/wks.texi: Make example match default generation.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): update to
rsa3072/cert,sign+rsa3072/encr, and fix neighboring comment,
(gen_rsa, get_keysize_range): update default from 2048 to 3072).
* g10/keyid.c (pubkey_string): update comment so that first example
is the default 3072-bit RSA.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0015-gpg-default-to-3072-bit-RSA-keys.patch

15 months agogpgsm: default to 3072-bit keys.
Daniel Kahn Gillmor [Thu, 7 Sep 2017 22:39:37 +0000 (18:39 -0400)]
gpgsm: default to 3072-bit keys.

* doc/gpgsm.texi, doc/howto-create-a-server-cert.texi: : update
default to 3072 bits.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): update default to
3072 bits.
* sm/certreqgen.c (proc_parameters): update default to 3072 bits.
* sm/gpgsm.c (main): print correct default_pubkey_algo.

--

3072-bit RSA is widely considered to be 128-bit-equivalent security.
This is a sensible default in 2017.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Gbp-Pq: Topic update-defaults
Gbp-Pq: Name 0014-gpgsm-default-to-3072-bit-keys.patch

15 months agotests: Fix a test which specifies expiration date.
NIIBE Yutaka [Fri, 8 Sep 2017 05:21:29 +0000 (14:21 +0900)]
tests: Fix a test which specifies expiration date.

* tests/openpgp/quick-key-manipulation.scm: Fix expiration time
comparison.

--

This is a bug fix for Amelia Earhart who is probably in UTC-12.

When expiration date is specified, GnuPG interprets it as noon of the
date in local time.

Before this fix, the test compared the value by 2145916800 which is
2038-01-01 00:00:00 in UTC with allowance of 1 day.  When the test
was ran in UTC-12 timezone, it failed because of noon in the timezone
is midnight of the next day in UTC.

GnuPG-bug-id: 3393
Reported-by: Daniel Kahn Gillmor
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
15 months agoscd: Fix for large ECC keys.
NIIBE Yutaka [Tue, 29 Aug 2017 05:35:47 +0000 (14:35 +0900)]
scd: Fix for large ECC keys.

* scd/app-openpgp.c (do_decipher): Support larger length.

--

Reported-by: Achim Pietig <achim@pietig.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
15 months agoPost release updates
Werner Koch [Mon, 28 Aug 2017 09:57:17 +0000 (11:57 +0200)]
Post release updates

--

15 months agoPost release updates gnupg-2.3-base
Werner Koch [Mon, 28 Aug 2017 09:56:14 +0000 (11:56 +0200)]
Post release updates

--

15 months agoRelease 2.2.0 gnupg-2.2.0
Werner Koch [Mon, 28 Aug 2017 09:18:26 +0000 (11:18 +0200)]
Release 2.2.0

15 months agopo: Auto update
Werner Koch [Mon, 28 Aug 2017 09:17:39 +0000 (11:17 +0200)]
po: Auto update

--

15 months agoscd: Convey the correct length for Le
Werner Koch [Sun, 27 Aug 2017 14:42:52 +0000 (16:42 +0200)]
scd: Convey the correct length for Le

* scd/app-openpgp.c (determine_rsa_response): Round bits up.
--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Arnaud wrote:

  Actually, when the incorrect expected response length (i.e. Le
  field) is transmitted to the card, the card's answer is missing a
  byte (i.e. ...  6101) so an additional command has to be sent to the
  card to retrieve the last byte. Using the correct length avoids to
  send the additional command to retrieve the missing byte, when the
  computed length is wrong.

Note that an value of 65537 for E is pretty standard and thus we can
avoid the 6101 return code inmost cases.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agogpg: Fix memory leak while running --check-trustdb.
Werner Koch [Thu, 24 Aug 2017 20:06:59 +0000 (22:06 +0200)]
gpg: Fix memory leak while running --check-trustdb.

* g10/trustdb.c (update_min_ownertrust): Free PK.
--

This bug was revealed by the new trust-pgp-2.scm test.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agogpg: Fix memory leak in sig-check.
Werner Koch [Thu, 24 Aug 2017 18:26:19 +0000 (20:26 +0200)]
gpg: Fix memory leak in sig-check.

* g10/sig-check.c (check_signature_over_key_or_uid): Remove useless
condition.  Actually free when SIGNER was allocated by us.
--

SIGNER_ALLOCATED never received a value of -1 but that was tested.

IF SIGNER_ALLOCATED was 2 the memory was never freed:

  if (signer_allocated == 1)
    if (signer_allocated == 2)
      free()

Fixes-commit: 44cdb9d73f1a0b7d2c8483a119b9c4d6caabc1ec

This function needs to be audited more thoroughly.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agoindent: Change comment style on two functions
Werner Koch [Thu, 24 Aug 2017 17:19:23 +0000 (19:19 +0200)]
indent: Change comment style on two functions

--

This is to make those function better readable.

  if (foo)
     /* Comment */
     {

     }

is bad style because it requires extra time to notice the begin of the
block and vice versa when noticing the block it is not clear whether
this is an conditioned or unconditioned block.

Having asterisks on the left is better for view impaired people and
for b/w printouts.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agobuild: Remove obsolete option from autogen.rc
Werner Koch [Thu, 24 Aug 2017 15:44:02 +0000 (17:44 +0200)]
build: Remove obsolete option from autogen.rc

* autogen.rc: Remove --enable-gpg2-is-gpg.
--

This option is now the default.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agogpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".
Werner Koch [Wed, 23 Aug 2017 14:45:20 +0000 (16:45 +0200)]
gpgconf: Swap "auto-key-retrieve" and "no-auto-key-retrieve".

* g10/gpg.c (gpgconf_list): Announce "auto-key-retrieve".
(main): Simplify setting of KEYSERVER_AUTO_KEY_RETRIEVE.
* tools/gpgconf-comp.c: Make "no-auto-key-retrieve" invisible.  Make
"auto-key-retrieve" an expert option.
--

This basically reverts 9bb13a0e819334681caca38c9074bd7bfc04e45e
because --no-auto-key-retrieve is again the default.  Note that we
allow both options for the sake of profiles.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agotests: Do not run trust-pgp-4.scm
Werner Koch [Wed, 23 Aug 2017 13:16:52 +0000 (15:16 +0200)]
tests: Do not run trust-pgp-4.scm

* tests/openpgp/Makefile.am (XTESTS): Remove test.
(EXTRA_DIST): Add test file.
--

There are two problems with this test: First a syntax error in the
file name so that the test was not used at all.  Second the test
currently returns FAIL.

Fixes-commit: c23a69970ba38edae9d3b2603825d18fbb732423
Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agobuild: Change SWDB tag "gnupg21" to "gnupg22".
Werner Koch [Wed, 23 Aug 2017 12:50:03 +0000 (14:50 +0200)]
build: Change SWDB tag "gnupg21" to "gnupg22".

* configure.ac (GNUPG_SWDB_TAG): New ac_define.  Set it to "gnupg22".
* tools/gpgconf.c (query_swdb): Use it.
* build-aux/speedo.mk: Change tag "gnupg21" to "gnupg22".
* Makefile.am (distcheck-hook): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agopo: Update Norwegian translation
Åka Sikrom [Wed, 23 Aug 2017 12:19:01 +0000 (14:19 +0200)]
po: Update Norwegian translation

Signed-off-by: Werner Koch <wk@gnupg.org>
15 months agoagent: Fix string translation for Windows
Andre Heinecke [Wed, 23 Aug 2017 09:02:28 +0000 (11:02 +0200)]
agent: Fix string translation for Windows

* agent/agent.h (L_): Define agent_Lunderscore when simple
gettext is used.

--
This fixes a regression introduced by b3286af3 ENABLE_NLS
is not defined if we use simple gettext and not gettext.

GnuPG-Bug-Id: T3364
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
15 months agopo: Update Japanese translation
NIIBE Yutaka [Tue, 22 Aug 2017 02:24:31 +0000 (11:24 +0900)]
po: Update Japanese translation

15 months agotests: Add tests for the PGP trust model.
Damien Goutte-Gattat [Wed, 19 Jul 2017 20:17:29 +0000 (22:17 +0200)]
tests: Add tests for the PGP trust model.

* tests/openpgp/trust-pgp-1.scm: New file.
* tests/openpgp/trust-pgp-2.scm: New file.
* tests/openpgp/trust-pgp-3.scm: New file.
* tests/openpgp/trust-pgp-4.scm: New file.
* tests/openpgp/trust-pgp/common.scm: New file.
* tests/openpgp/trust-pgp/scenario1.asc: New file.
* tests/openpgp/trust-pgp/scenario2.asc: New file.
* tests/openpgp/trust-pgp/scenario3.asc: New file.
* tests/openpgp/trust-pgp/scenario4.asc: New file.
* tests/openpgp/trust-pgp/alice.sec.asc: New file.
* tests/openpgp/trust-pgp/bobby.sec.asc: New file.
* tests/openpgp/trust-pgp/carol.sec.asc: New file.
* tests/openpgp/trust-pgp/david.sec.asc: New file.
* tests/openpgp/trust-pgp/frank.sec.asc: New file.
* tests/openpgp/trust-pgp/grace.sec.asc: New file.
* tests/openpgp/trust-pgp/heidi.sec.asc: New file.
* tests/openpgp/Makefile.am (XTESTS): Add new tests.
(TEST_FILES): Add new files.
(EXTRA_DIST): Add new common file.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
15 months agotests: Move some functions into a common module.
Damien Goutte-Gattat [Wed, 19 Jul 2017 20:17:28 +0000 (22:17 +0200)]
tests: Move some functions into a common module.

* tests/openpgp/tofu.scm (gettrust): Moved to the common defs.scm
module.
(checktrust): Likewise.
* tests/openpgp/defs.scm (gettrust): New function.
(checktrust): Likewise.
--

These functions will be re-used by the tests for the PGP trust
model.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
15 months agogpgconf: Make WoT settings configurable by gpgconf.
Damien Goutte-Gattat [Mon, 21 Aug 2017 14:48:11 +0000 (16:48 +0200)]
gpgconf: Make WoT settings configurable by gpgconf.

* tools/gpgconf-comp.c (gc_options_gpg): Add max-cert-depth,
completes-needed, and marginals-needed options.
* g10/gpg.c (gpgconf_list): Likewise.
--

Some tests to come for the PGP trust model will need to manipulate
these parameters.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
15 months agogpgscm: Fix -Wimplicit-fallthrough warnings.
Justus Winter [Mon, 21 Aug 2017 12:49:29 +0000 (14:49 +0200)]
gpgscm: Fix -Wimplicit-fallthrough warnings.

* tests/gpgscm/scheme.c (CASE): Rearrange so that the case statement
is at the front.
(Eval_Cycle): Improve fallthrough annotations.

Signed-off-by: Justus Winter <justus@g10code.com>
16 months agogpg: default to --no-auto-key-retrieve.
Daniel Kahn Gillmor [Fri, 11 Aug 2017 06:26:52 +0000 (02:26 -0400)]
gpg: default to --no-auto-key-retrieve.

* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--

This is a partial reversion of
7e1fe791d188b078398bf83c9af992cb1bd2a4b3.  Werner and i discussed it
earlier today, and came to the conclusion that:

 * the risk of metadata leakage represented by a default
   --auto-key-retrieve, both in e-mail (as a "web bug") and in other
   contexts where GnuPG is used to verified signatures, is quite high.

 * the advantages of --auto-key-retrieve (in terms of signature
   verification) can sometimes be achieved in other ways, such as when
   a signed message includes a copy of its own key.

 * when those other ways are not useful, a graphical, user-facing
   application can still offer the user the opportunity to choose to
   fetch the key; or it can apply its own policy about when to set
   --auto-key-retrieve, without needing to affect the defaults.

Note that --auto-key-retrieve is specifically about signature
verification.  Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate.  This change
does not touch the --auto-key-locate default of "local,wkd".  The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
16 months agopo: Update Russian translation
Ineiev [Sat, 5 Aug 2017 12:27:44 +0000 (12:27 +0000)]
po: Update Russian translation

--

There was a small merge conflict.  I hope I did not mess it up. -wk

16 months agotests: Improve documentation.
Justus Winter [Thu, 10 Aug 2017 10:04:43 +0000 (12:04 +0200)]
tests: Improve documentation.

* tests/openpgp/README: Add quickstart instructions, how to use
shell.scm, remove no longer used MKDATA.

Signed-off-by: Justus Winter <justus@g10code.com>
16 months agog10: Write status error on error of --quick-revoke-uid.
Marcus Brinkmann [Wed, 9 Aug 2017 16:35:56 +0000 (18:35 +0200)]
g10: Write status error on error of --quick-revoke-uid.

* g10/keyedit.c (keyedit_quick_revuid): Write status error on error.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2963

16 months agoPost release updates gnupg-2.2-base
Werner Koch [Wed, 9 Aug 2017 14:58:47 +0000 (16:58 +0200)]
Post release updates

--

16 months agoRelease 2.1.23 gnupg-2.1.23
Werner Koch [Wed, 9 Aug 2017 13:52:48 +0000 (15:52 +0200)]
Release 2.1.23

Signed-off-by: Werner Koch <wk@gnupg.org>
16 months agopo: Auto-update
Werner Koch [Wed, 9 Aug 2017 13:45:40 +0000 (15:45 +0200)]
po: Auto-update

--