5 years agohttp: Allow overriding of the Host header.
Werner Koch [Fri, 16 May 2014 18:58:58 +0000 (20:58 +0200)]
http: Allow overriding of the Host header.

* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost.  If given, use HTTPHOST instead of
SERVER.  Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.

5 years agogpg: Fix uninitialized access to search descindex with gpg keyboxes.
Werner Koch [Wed, 14 May 2014 14:32:49 +0000 (16:32 +0200)]
gpg: Fix uninitialized access to search descindex with gpg keyboxes.

* kbx/keybox-search.c (keybox_search): Add arg  R_DESCINDEX.  Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.

This only affects the new keybox for OpenPGP keys in 2.1.  The bug
exhibited itself by running GPA's backup command on Windows.

5 years agow32: Make make_absfilename work with drive letters.
Werner Koch [Wed, 14 May 2014 08:26:30 +0000 (10:26 +0200)]
w32: Make make_absfilename work with drive letters.

* common/stringhelp.c (do_make_filename) [HAVE_DRIVE_LETTERS]: Fix.

5 years agogpg: Remove useless diagnostic in MDC verification.
Werner Koch [Wed, 14 May 2014 06:55:58 +0000 (08:55 +0200)]
gpg: Remove useless diagnostic in MDC verification.

* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to

5 years agogpg: Fix glitch entering a full expiration time.
Werner Koch [Wed, 14 May 2014 06:49:37 +0000 (08:49 +0200)]
gpg: Fix glitch entering a full expiration time.

* g10/keygen.c (ask_expire_interval): Get the current time after the

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639

5 years agoagent: Fix import of non-protected gpg keys.
Werner Koch [Thu, 8 May 2014 08:24:36 +0000 (10:24 +0200)]
agent: Fix import of non-protected gpg keys.

* agent/cvt-openpgp.c (do_unprotect): Return an s-exp also for
non-protected keys.
(convert_from_openpgp_main): Do not call agent_askpin for a
non-protected key.

5 years agoMake more use of *_NAME macros.
Werner Koch [Wed, 7 May 2014 16:18:27 +0000 (18:18 +0200)]
Make more use of *_NAME macros.

* common/argparse.c (show_help): Map description string.

5 years agoagent: Fix auth key comment handling.
NIIBE Yutaka [Thu, 8 May 2014 02:46:38 +0000 (11:46 +0900)]
agent: Fix auth key comment handling.

* agent/command-ssh.c (ssh_send_key_public): Handle the case with no

5 years agoMake -jN work again.
Werner Koch [Wed, 7 May 2014 14:37:15 +0000 (16:37 +0200)]
Make -jN work again.

* common/ ($(PROGRAMS)): New rule
(t_http_LDADD): Use libcommontls.a without directory prefix.
* dirmngr/ ($(PROGRAMS)): New rule.

5 years agogpg: Print the key algorithm/curve with signature info.
Werner Koch [Wed, 7 May 2014 13:05:34 +0000 (15:05 +0200)]
gpg: Print the key algorithm/curve with signature info.

* g10/mainproc.c (check_sig_and_print): Print the name and curve.

5 years agogpg: Fix memleak in signature verification of bogus keys.
Werner Koch [Wed, 7 May 2014 12:36:34 +0000 (14:36 +0200)]
gpg: Fix memleak in signature verification of bogus keys.

* g10/mainproc.c (check_sig_and_print): Factor common code out to ...
(print_good_bad_signature): here.

P was not released if the key had no user id.

5 years agogpg: Fix indendation of check_sig_and_print.
Werner Koch [Wed, 7 May 2014 12:08:16 +0000 (14:08 +0200)]
gpg: Fix indendation of check_sig_and_print.


5 years agogpg: Mark experimental algorithms in the key listing.
Werner Koch [Wed, 7 May 2014 11:39:28 +0000 (13:39 +0200)]
gpg: Mark experimental algorithms in the key listing.

* g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
Print a note for experimental algorithms.
* g10/misc.c (print_pubkey_algo_note): Fix warning message.

5 years agogpg: Finish experimental support for Ed25519.
Werner Koch [Wed, 7 May 2014 11:16:32 +0000 (13:16 +0200)]
gpg: Finish experimental support for Ed25519.

* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey.  Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp):  Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.

* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
 "NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.

* tests/openpgp/ecc.test: Provide the "ecc" passphrase.

5 years agokbx: Add experimental support for EDDSA.
Werner Koch [Wed, 7 May 2014 10:39:43 +0000 (12:39 +0200)]
kbx: Add experimental support for EDDSA.

* kbx/keybox-openpgp.c (parse_key): Use algo constants and add
experimental support for EdDSA.

5 years agoagent: Remove greeting message.
Werner Koch [Wed, 7 May 2014 06:51:11 +0000 (08:51 +0200)]
agent: Remove greeting message.

* agent/gpg-agent.c (main): Remove greeting.  Make --no-greeting a

5 years agoUse "samethread" mode keyword for some es_fopenmem.
Werner Koch [Tue, 6 May 2014 07:49:26 +0000 (09:49 +0200)]
Use "samethread" mode keyword for some es_fopenmem.

* dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* scd/atr.c (atr_dump): Ditto.

5 years agodirmngr: Add support for hkps keyservers.
Werner Koch [Mon, 5 May 2014 14:09:45 +0000 (16:09 +0200)]
dirmngr: Add support for hkps keyservers.

* dirmngr/dirmngr.c: Include gnutls.h.
(opts): Add --gnutls-debug and --hkp-cacert.
(opt_gnutls_debug, my_gnutls_log): New.
(set_debug): Set gnutls log level.
(parse_rereadable_options): Register a CA file.
(main): Init GNUTLS.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Support hkps.
(send_request): Ditto.

5 years agohttp: Add reference counting to the session object.
Werner Koch [Mon, 5 May 2014 14:06:42 +0000 (16:06 +0200)]
http: Add reference counting to the session object.

* common/http.c (http_session_t): Add field "refcount".
(_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
(send_request, my_npth_read, my_npth_write): Use SOCK object for the
transport ptr.
(http_session_release): Factor all code out to ...
(session_unref): here.  Deref SOCK.
(http_session_new): Init refcount and transport ptr.
(http_session_ref): New.  Ref and unref all assignments.

Having the reference counted session objects makes it easier for the
application to pass around only an estream.  Without that the
application would need to implement an es_onclose machinery for the
session object.

5 years agohttp: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.
Werner Koch [Fri, 2 May 2014 13:37:02 +0000 (15:37 +0200)]
http: Add HTTP_FLAG_FORCE_TLS and http_get_tls_info.

* common/http.c (http_parse_uri): Factor code out to ...
(parse_uri): here.  Add arg FORCE_TLS.
(do_parse_uri): Ditto.  Implement flag.
(http_get_tls_info): New.
(http_register_tls_ca): Allow clearing of the list.
(send_request): Use a default verification function.
* common/http.h (HTTP_FLAG_FORCE_TLS): New.
* common/t-http.c (main): Add several command line options.

5 years agocommon: Fix test for openpgp_oid_is_ed25519.
Werner Koch [Fri, 2 May 2014 12:07:03 +0000 (14:07 +0200)]
common: Fix test for openpgp_oid_is_ed25519.

* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): Add correct

5 years agohttp: Revamp TLS API.
Werner Koch [Fri, 2 May 2014 08:33:19 +0000 (10:33 +0200)]
http: Revamp TLS API.


* common/http.h (http_session_t): New.
* common/http.c: Remove compatibility for gnutls < 3.0.
(http_session_s): New.
(cookie_s): Replace gnutls_session_t by http_session_t.
(tls_callback, tls_ca_certlist): New variables.
(my_socket_unref): Add preclose args.
(my_npth_read, my_npth_write): New.
(make_header_line): Fix bug using int* instead of char*.
(http_register_tls_callback): New.
(http_register_tls_ca): New.
(http_session_new): New.
(http_session_release): New.
(http_get_header_names): New.
(escape_data): Add hack to escape in forms mode.
(send_request) [HTTP_USE_GNUTLS]: Support SNI.
(send_request) [HTTP_USE_GNUTLS]: Fix use of make_header_line.
(send_gnutls_bye): New.
(cookie_close): Make use of preclose feature.
(http_verify_server_credentials): New.
(main) [TEST]: Remove test code.
* common/t-http.c: New.
* common/tls-ca.pem: New.
* common/ (tls_sources): New. Move http code to here.
(libcommontls_a_SOURCES): New.
(libcommontlsnpth_a_SOURCES): New.
(EXTRA_DIST): Add tls-ca.pem
(module_maint_tests): Add t-http.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.

* dirmngr/ (dirmngr_LDADD): Add libcommontlsnpth.

This new TLS API for http.c is much more flexible than the crude old

5 years agocommon: Cleanup the use of USE_NPTH and HAVE_NPTH macros.
Werner Koch [Fri, 2 May 2014 06:06:10 +0000 (08:06 +0200)]
common: Cleanup the use of USE_NPTH and HAVE_NPTH macros.

* (HAVE_NPTH): New ac_define.
* common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
* common/http.c: Ditto.  Replace remaining calls to pth by npth calls.
(connect_server): Remove useless _().
* common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
* common/init.c (_init_common_subsystems): Remove call to pth_init.
* common/sysutils.c (gnupg_sleep): Use npth_sleep.
* scd/ccid-driver.c (my_sleep): Ditto.

USE_NPTH is used in case were we may build with and without nPth.  The
missing definition HAVE_NPTH didn't allowed us to build outher sources
with nPTh support.

5 years agoestream: Implement "samethread" mode keyword.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Implement "samethread" mode keyword.

* src/estream.c (estream_internal): Add field SAMETHREAD.
(init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
(parse_mode): Add arg SAMETHREAD and parse that keyword.
(es_initialize): Rename to ...
(init_stream_obj): this.  Add arg SAMETHREAD.
(es_create): Add arg SAMETHREAD.  Call init_stream_lock after
(doreadline): Call es_create with samethread flag.
(es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
(do_fpopen, do_w32open): Implement "samethread" keyword.
(es_freopen): Take samthread flag from old stream.
(es_tmpfile): Call es)_create w/o samethread.

Note: Unfortunately es_tmpfile has no mode arg so that we can't use

5 years agoestream: Fix deadlock in es_fileno.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Fix deadlock in es_fileno.

* src/estream.c (es_fileno_unlocked): Call the unlocked functions.

5 years agoestream: Add debug code to the lock functions.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Add debug code to the lock functions.

* common/estream.c (dbg_lock_0, dbg_lock_1, dbg_lock_1): New.

5 years agoestream: Replace locking macros by functions.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Replace locking macros by functions.

* common/estream.c: Replace most macros.

The macros were too hard to read and actually blew up the source.

5 years agoestream: Migrate from Pth to nPth.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
estream: Migrate from Pth to nPth.


Actually the mutex stuff was never used since we switched to nPth.

5 years agogpg: Minor doc enhancement
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Minor doc enhancement


5 years agoECC Fixes.
NIIBE Yutaka [Mon, 28 Apr 2014 01:36:16 +0000 (10:36 +0900)]
ECC Fixes.

* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.

5 years agogpg: Pass --homedir to gpg-agent.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Pass --homedir to gpg-agent.

* agent/gpg-agent.c (main): Make sure homedir is absolute.
* common/asshelp.c (lock_spawning): Create lock file with an absolute
(start_new_gpg_agent): Use an absolute name for the socket and pass
option --homedir to the agent.
(start_new_dirmngr): Use an absolute name for the --homedir.

This patch makes gpg's --homedir option behave again like in older
versions.  This is done by starting a new agent for each different
home directory.  Note that this assumes --use-standard-socket is used
which is the default for 2.1.

5 years agocommon: Add functions make_absfilename and make_absfilename_try.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
common: Add functions make_absfilename and make_absfilename_try.

* common/stringhelp.c (do_make_filename): Add modes 2 and 3.
(make_absfilename): New.
(make_absfilename_try): New.

5 years agocommon: Add function gnupg_getcwd.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
common: Add function gnupg_getcwd.

* tools/gpg-connect-agent.c (gnu_getcwd): Move to ...
* common/sysutils.c (gnupg_getcwd): .. here.
* tools/gpg-connect-agent.c (get_var_ext): Use gnupg_getcwd.

5 years agogpg: Print a warning if GKR has hijacked gpg-agent.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Print a warning if GKR has hijacked gpg-agent.

* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.

Note that GUIs may use the gpg status line

[GNUPG:] ERROR check_hijacking 33554509

to detect this and print an appropriate warning.

5 years agogpg: New %U expando for the photo viewer.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: New %U expando for the photo viewer.

* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.

This makes is possible to extract all photos ids from a key to
different files.

5 years agocommon: Add z-base-32 encoder.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
common: Add z-base-32 encoder.

* common/zb32.c: New.
* common/t-zb32.c: New.
* common/ (common_sources): Add zb82.c
(module_tests): Add t-zb32.

5 years agoTwo minor code cleanups and one NULL deref on error fix.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
Two minor code cleanups and one NULL deref on error fix.

* common/estream.c (es_freopen): Remove useless check for STREAM.
* kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
for BLOB.
* tools/sockprox.c (run_proxy): Do not fclose(NULL).

Found by Hans-Christoph Steiner with cppcheck.

5 years agogpg: Re-enable secret key deletion.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Re-enable secret key deletion.

* g10/call-agent.c (agent_delete_key): New.
* g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
* g10/passphrase.c (gpg_format_keydesc): Support new format.
* g10/delkey.c (do_delete_key): Add secret key deletion.

5 years agogpg: Re-indent a file.
Werner Koch [Tue, 15 Apr 2014 13:29:45 +0000 (15:29 +0200)]
gpg: Re-indent a file.

* g10/delkey.c: Re-indent.
(do_delete_key, delete_keys): Change return type top gpg_error_t.

5 years agogpg: Fix regression in secret key export.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
gpg: Fix regression in secret key export.

* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
* g10/export.c (do_export_stream): Provide a proper prompt to the

NB: The export needs more work, in particular the ECC algorithms.

5 years agogpg: Change pinentry prompt to talk about "secret key".
Werner Koch [Mon, 14 Apr 2014 12:40:18 +0000 (14:40 +0200)]
gpg: Change pinentry prompt to talk about "secret key".

* g10/passphrase.c (gpg_format_keydesc): Add mode 2.  Change strings.
(FORMAT_KEYDESC_EXPORT): New.  Use them for clarity.

The use of the term "certificate" was more confusing than helpful.

5 years agoagent: Add command DELETE_KEY.
Werner Koch [Tue, 15 Apr 2014 14:40:48 +0000 (16:40 +0200)]
agent: Add command DELETE_KEY.

* agent/command.c (cmd_delete_key): New.
* agent/findkey.c (modify_description): Add '%C' feature.
(remove_key_file): New.
(agent_delete_key): New.
* agent/command-ssh.c (search_control_file): Make arg R_DISABLE

* Require libgpg-error 1.13.

5 years agoscd: EdDSA support.
NIIBE Yutaka [Wed, 9 Apr 2014 00:30:19 +0000 (09:30 +0900)]
scd: EdDSA support.

* scd/app-openpgp.c (KEY_TYPE_EDDSA, CURVE_ED25519): New.
(struct app_local_s): Add eddsa.
(get_algo_byte, store_fpr): Support KEY_TYPE_EDDSA.
(get_ecc_key_parameters, get_curve_name): Support CURVE_ED25519.
(send_key_attr, get_public_key): Support KEY_TYPE_EDDSA.
(build_ecc_privkey_template): Rename as it supports both of
(ecc_writekey): Rename.  Support CURVE_ED25519, too.
(do_writekey): Follow the change of ecc_writekey.
(do_auth): Support KEY_TYPE_EDDSA.
(parse_ecc_curve): Support CURVE_ED25519.  Bug fix for other curves.
(parse_algorithm_attribute): Bug fix for ECDH.  Support EdDSA.

5 years agodirmngr: Fix compiler warning.
Werner Koch [Tue, 8 Apr 2014 15:06:02 +0000 (17:06 +0200)]
dirmngr: Fix compiler warning.

* common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
* dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
(time_for_housekeeping_p): new.

I am not sure whether that y2038 hack is really useful but it might
make me smile in my retirement.

5 years agogpgconf: Add command --launch.
Werner Koch [Tue, 8 Apr 2014 13:55:51 +0000 (15:55 +0200)]
gpgconf: Add command --launch.

* tools/gpgconf.c: Add command --launch.
* tools/gpgconf-comp.c (gc_component_launch): New.

Signed-off-by: Werner Koch <>
5 years agoscd: Silent compiler warnings about unused variables.
Werner Koch [Tue, 8 Apr 2014 08:01:36 +0000 (10:01 +0200)]
scd: Silent compiler warnings about unused variables.

* scd/app-openpgp.c (build_ecdsa_privkey_template): Mark unused arg.
(ecdh_writekey): Mark unused args.

Signed-off-by: Werner Koch <>
5 years agoagent: Support EdDSA.
NIIBE Yutaka [Tue, 8 Apr 2014 03:15:20 +0000 (12:15 +0900)]
agent: Support EdDSA.

* agent/pksign.c (agent_pksign_do): Handle EdDSA signature.

5 years agog10: EdDSA support.
NIIBE Yutaka [Tue, 8 Apr 2014 02:59:39 +0000 (11:59 +0900)]
g10: EdDSA support.

* g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key.
* g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA.
* common/openpgp-oid.c (oid_ed25519): Update.

5 years agoagent: EdDSA support for SSH.
NIIBE Yutaka [Fri, 4 Apr 2014 07:33:00 +0000 (16:33 +0900)]
agent: EdDSA support for SSH.

* agent/command-ssh.c (ssh_signature_encoder_eddsa): Signature is
two 32-byte opaque data which should not be interpreted as number.

5 years agogpg: Add commands --quick-sign-key and --quick-lsign-key.
Werner Koch [Thu, 27 Mar 2014 15:33:40 +0000 (16:33 +0100)]
gpg: Add commands --quick-sign-key and --quick-lsign-key.

* g10/gpg.c (main): Add commands --quick-sign-key and
* g10/keyedit.c (sign_uids): Add args FP and QUICK.
(keyedit_quick_sign): New.
(show_key_with_all_names): Add arg NOWARN.

5 years agoChange some keyedit functions to allow printing to arbitrary streams.
Werner Koch [Thu, 27 Mar 2014 11:59:55 +0000 (12:59 +0100)]
Change some keyedit functions to allow printing to arbitrary streams.

* common/ttyio.c (tty_print_string): Add optional arg FP. Change all
(tty_print_utf8_string2): Ditto.
* g10/keyedit.c (show_prefs):  Ditto.
(show_key_with_all_names_colon): Ditto.
(show_names): Ditto.
* g10/keylist.c (print_revokers): Ditto.
(print_fingerprint): Ditto.

5 years agoagent: Replace es_mopen by es_fopenmem for ssh.
Werner Koch [Sun, 23 Mar 2014 12:42:53 +0000 (13:42 +0100)]
agent: Replace es_mopen by es_fopenmem for ssh.

* agent/command-ssh.c (ssh_read_key_public_from_blob): Use
(ssh_handler_request_identities): Ditto.
(ssh_request_process): Ditto.

es_fopenmem is easier to understand than the more general function
es_mopen.  Thus we better use the former for clarity.

5 years agoagent: Put ssh key type as comment into sshcontrol.
Werner Koch [Sat, 22 Mar 2014 20:28:35 +0000 (21:28 +0100)]
agent: Put ssh key type as comment into sshcontrol.

* agent/command-ssh.c (ssh_key_type_spec): Add field name.
(ssh_key_types): Add human readable names.
(add_control_entry): Add arg SPEC and print key type as comment.
(ssh_identity_register): Add arg SPEC.
(ssh_handler_add_identity): Add var SPEC and pass ssh_receive_key.

5 years agoagent: Support the Ed25519 signature algorithm for ssh.
Werner Koch [Sat, 22 Mar 2014 20:12:46 +0000 (21:12 +0100)]
agent: Support the Ed25519 signature algorithm for ssh.

* agent/command-ssh.c (SPEC_FLAG_IS_EdDSA): New.
(ssh_key_types): Add entry for ssh-ed25519.
(ssh_identifier_from_curve_name): Move to the top.
(stream_read_skip): New.
(stream_read_blob): New.
(ssh_signature_encoder_rsa): Replace MPIS array by an s-exp and move
the s-exp parsing to here.
(ssh_signature_encoder_dsa): Ditto.
(ssh_signature_encoder_ecdsa): Ditto.
(ssh_signature_encoder_eddsa): New.
(sexp_key_construct): Rewrite.
(ssh_key_extract): Rename to ...
(ssh_key_to_blob): .. this and rewrite most of it.
(ssh_receive_key): Add case for EdDSA.
(ssh_convert_key_to_blob, key_secret_to_public): Remove.
(ssh_send_key_public): Rewrite.
(ssh_handler_request_identities): Simplify.
(data_sign): Add rename args.  Add new args HASH and HASHLEN.  Make
use of es_fopenmen and es_fclose_snatch.  Remove parsing into MPIs
which is now doe in the sgnature encoder functions.
(ssh_handler_sign_request): Take care of Ed25519.
(ssh_key_extract_comment): Rewrite using gcry_sexp_nth_string.

To make the code easier readable most of the Ed25591 work has been
done using a new explicit code path.  Warning: Libgcrypt 1.6.1 uses a
non optimized implementation for Ed25519 and timing attacks might be

While working on the code I realized that it could need more rework;
it is at some places quite baroque and more complicated than needed.
Given that we require Libgcrypt 1.6 anyway, we should make more use of
modern Libgcrypt functions.

5 years agoagent: Cleanups to prepare implementation of Ed25519.
Werner Koch [Sat, 22 Mar 2014 19:51:16 +0000 (20:51 +0100)]
agent: Cleanups to prepare implementation of Ed25519.

* agent/cvt-openpgp.c: Remove.
(convert_to_openpgp): Use gcry_sexp_extract_param.
* agent/findkey.c (is_eddsa): New.
(agent_is_dsa_key, agent_is_eddsa_key): Check whether ecc means EdDSA.
* agent/pksign.c (agent_pksign_do): Add args OVERRIDEDATA and

* common/ssh-utils.c (is_eddsa): New.
(get_fingerprint): Take care or EdDSA.

5 years agotools: Fix NULL deref in gpg-connect-agent.
Werner Koch [Tue, 18 Mar 2014 15:49:38 +0000 (16:49 +0100)]
tools: Fix NULL deref in gpg-connect-agent.

* tools/gpg-connect-agent.c (handle_inquire): Do not pass NULL to

5 years agodirmngr: Resurrect hosts in the HKP hosttable.
Werner Koch [Tue, 18 Mar 2014 10:07:05 +0000 (11:07 +0100)]
dirmngr: Resurrect hosts in the HKP hosttable.

* dirmngr/dirmngr.c (HOUSEKEEPING_INTERVAL): New.
(housekeeping_thread): New.
(handle_tick): Call new function.
* dirmngr/ks-engine-hkp.c (RESURRECT_INTERVAL): New.
(struct hostinfo_s): Add field died_at and set it along with the dead
(ks_hkp_print_hosttable): Print that info.
(ks_hkp_housekeeping): New.

The resurrection gives the host a chance to get back to life the next
time a new host is selected.

5 years agocommon: New function elapsed_time_string.
Werner Koch [Tue, 18 Mar 2014 10:02:50 +0000 (11:02 +0100)]
common: New function elapsed_time_string.

* common/gettime.c (elapsed_time_string): New.

5 years agogpg: Reject signatures made with MD5.
Werner Koch [Mon, 17 Mar 2014 16:54:36 +0000 (17:54 +0100)]
gpg: Reject signatures made with MD5.

* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/ Add allow_weak_digest_algos to gpg.conf.

5 years agogpg: Make --auto-key-locate work again with keyservers.
Werner Koch [Mon, 17 Mar 2014 14:39:33 +0000 (15:39 +0100)]
gpg: Make --auto-key-locate work again with keyservers.

* dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
* g10/keyserver.c (keyserver_import_name): Implement.
(keyserver_get): Use exact mode for name based import.
(keyserver_get): Add args R_FPR and R_FPRLEN.  Change all callers.

5 years agogpg: New mechanism "clear" for --auto-key-locate.
Werner Koch [Mon, 17 Mar 2014 14:36:15 +0000 (15:36 +0100)]
gpg: New mechanism "clear" for --auto-key-locate.

* g10/getkey.c (parse_auto_key_locate): Implement "clear".

5 years agogpg-connect-agent: Make it easier to connect to the dirmngr.
Werner Koch [Fri, 14 Mar 2014 18:25:58 +0000 (19:25 +0100)]
gpg-connect-agent: Make it easier to connect to the dirmngr.

* tools/gpg-connect-agent.c: Add options --dirmngr and

5 years agodirmngr: Make use of IPv4 and IPV6 more explicit.
Werner Koch [Fri, 14 Mar 2014 16:00:10 +0000 (17:00 +0100)]
dirmngr: Make use of IPv4 and IPV6 more explicit.

* common/http.c (connect_server): Handle the new flags.
* common/http.h (HTTP_FLAG_IGNORE_IPv4, HTTP_FLAG_IGNORE_IPv4): New.
* dirmngr/ks-engine-hkp.c (map_host): Add arg r_httpflags.
(make_host_part): Ditto.
(send_request): Add arg httpflags.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Handle httpflags.

5 years agodirmngr: Do not use brackets around legacy IP addresses.
Werner Koch [Fri, 14 Mar 2014 15:22:54 +0000 (16:22 +0100)]
dirmngr: Do not use brackets around legacy IP addresses.

* dirmngr/ks-engine-hkp.c (my_getnameinfo): Change args to take a
complete addrinfo.  Bracket only v6 addresses.  Change caller.

5 years agogpg: Print the actual used keyserver address.
Werner Koch [Fri, 14 Mar 2014 15:12:54 +0000 (16:12 +0100)]
gpg: Print the actual used keyserver address.

* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg.  Adjust all users.  Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.

It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key.  This is helpful if
the keyserver is actually a pool of keyservers.  This patch does this.

5 years agodirmngr: Default to a user socket name and enable autostart.
Werner Koch [Wed, 12 Mar 2014 18:33:30 +0000 (19:33 +0100)]
dirmngr: Default to a user socket name and enable autostart.

* common/homedir.c (dirmngr_socket_name): Rename to
(dirmngr_user_socket_name): New.
* common/asshelp.c (start_new_dirmngr): Handle sys and user dirmngr
* dirmngr/dirmngr.c (main): Ditto.
* dirmngr/server.c (cmd_getinfo): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* dirmngr/dirmngr-client.c (start_dirmngr): Likewise.
* tools/gpgconf.c (main): Print "dirmngr-sys-socket" with --list-dirs.

* (USE_DIRMNGR_AUTO_START): Set by default.

5 years agogpg: Add option --dirmngr-program.
Werner Koch [Wed, 12 Mar 2014 17:24:52 +0000 (18:24 +0100)]
gpg: Add option --dirmngr-program.

* g10/gpg.c: Add option --dirmngr-program.
* g10/options.h (struct opt): Add field dirmngr_program.
* g10/call-dirmngr.c (create_context): Use new var.

* dirmngr/dirmngr.c: Include gc-opt-flags.h.
(main): Remove GC_OPT_FLAG_*.
* tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
* common/gc-opt-flags.h: here.

5 years agodirmngr: Detect dead keyservers and try another one.
Werner Koch [Wed, 12 Mar 2014 13:32:34 +0000 (14:32 +0100)]
dirmngr: Detect dead keyservers and try another one.

* dirmngr/ks-action.c (ks_action_resolve): Rename var for clarity.
(ks_action_search, ks_action_put): Ditto.
(ks_action_get): Consult only the first server which retruned some

* dirmngr/ks-engine-hkp.c (SEND_REQUEST_RETRIES): New.
(map_host): Add arg CTRL and call dirmngr_tick.
(make_host_part): Add arg CTRL.
(mark_host_dead): Allow the use of an URL.
(handle_send_request_error): New.
(ks_hkp_search, ks_hkp_get, ks_hkp_put): Mark host dead and retry on

5 years agoComment typo fixes
Werner Koch [Wed, 12 Mar 2014 13:27:50 +0000 (14:27 +0100)]
Comment typo fixes


5 years agohttp: Add a flag to the URL parser indicating a literal v6 address.
Werner Koch [Wed, 12 Mar 2014 13:26:41 +0000 (14:26 +0100)]
http: Add a flag to the URL parser indicating a literal v6 address.

* common/http.h (struct parsed_uri_t): Add field v6lit.
* common/http.c (do_parse_uri): Set v6lit.

5 years agoscd: writekey support of ECC.
NIIBE Yutaka [Wed, 12 Mar 2014 08:25:33 +0000 (17:25 +0900)]
scd: writekey support of ECC.

* scd/app-openpgp.c (CURVE_SEC_P256K1, get_algo_byte): New.
(store_fpr): Support ECC keys with varargs.
(get_ecc_key_parameters, get_curve_name): Support secp256k1.
(parse_ecc_curve): Likewise.
(build_ecdsa_privkey_template, rsa_writekey, ecdsa_writekey): New.
(ecdh_writekey): New.  Not implemented yet.
(do_writekey): Call rsa_writekey, ecdsa_writekey, or ecdh_writekey.
(do_genkey): Follow the change of store_fpr.

Signed-off-by: NIIBE Yutaka <>
5 years agodirmngr: Put brackets around IP addresses in the hosttable.
Werner Koch [Tue, 11 Mar 2014 17:02:29 +0000 (18:02 +0100)]
dirmngr: Put brackets around IP addresses in the hosttable.

* dirmngr/ks-engine-hkp.c (EAI_OVERFLOW): Provide a substitute.
(my_getnameinfo): New.
(map_host): Use it.

5 years agodirmngr: Add command option to mark hosts as dead or alive.
Werner Koch [Tue, 11 Mar 2014 15:19:41 +0000 (16:19 +0100)]
dirmngr: Add command option to mark hosts as dead or alive.

* dirmngr/server.c (cmd_killdirmngr): Factor some code out to ...
(check_owner_permission): here.
(cmd_keyserver): Add options --dead and --alive.
* dirmngr/ks-engine-hkp.c (host_in_pool_p): New.
(ks_hkp_mark_host): New.

Also removed the warning that the widnows part has not yet been done.
AFAICS, the current mingw supports the all used socket functions.

5 years agodirmngr: Make Assuan output of keyblocks easier readable
Werner Koch [Tue, 11 Mar 2014 13:27:58 +0000 (14:27 +0100)]
dirmngr: Make Assuan output of keyblocks easier readable

* dirmngr/server.c (data_line_cookie_write): Print shorter data lines
in verbose mode.

5 years agodirmngr: Fix HKP host selection code.
Werner Koch [Tue, 11 Mar 2014 13:26:39 +0000 (14:26 +0100)]
dirmngr: Fix HKP host selection code.

* dirmngr/server.c (cmd_keyserver): Add option --resolve and change
--print-hosttable to --hosttable.
* dirmngr/ks-action.c (ks_printf_help): New.
(ks_action_resolve): New.
* dirmngr/ks-engine-hkp.c (select_random_host): Fix selection.
(ks_hkp_print_hosttable): Print to assuan stream.
(map_host): Remove debug code.  Add arg FORCE_SELECT.  Return numeric
IP addr if it can't be resolved.
(make_host_part): Add arg FORCE_SELECT; change callers to pass false.
(ks_hkp_resolve): New.

The new options for the keyserver command are useful for debugging.
For example:

  $ tools/gpg-connect-agent -S /usr/local/var/run/gnupg/S.dirmngr \
          'keyserver hkp://' \
          'keyserver' \
          'keyserver --resolve --hosttable' /bye


  S #
  S # http://2001:41d0:1:e673::1:11371
  S # hosttable (idx, ipv4, ipv6, dead, name):
  S #   0
  S #   .   --> 10 11 12 1 5 8 7 4* 2 9 6 3
  S #   1 4
  S #   2 4 6
  S #   3 4 6
  S #   4 4
  S #   5 4
  S #   6 4
  S #   7 4
  S #   8 4 6
  S #   9 4 6
  S #  10 4
  S #  11   6   2001:4d88:1ffc:477::7
  S #  12   6   2a00:1280:8000:2:1:8:0:1
  S #  13
  S #   .   --> 23 28* 30 17 22 8 7 27 25 14 21 20 19 29 [...]
  S #  14 4
  S #  15 4
  S #  16 4
  S #  17 4
  S #  18 4
  S #  19 4
  S #  20 4
  S #  21 4
  S #  22 4
  S #  23   6   2001:1608:21:6:84:200:66:125
  S #  24   6
  S #  25   6
  S #  26   6
  S #  27   6
  S #  28   6   2001:41d0:1:e673::1
  S #  29   6
  S #  30   6   2403:4200:401:10::13
  S #  31   6

5 years agoList readline support in configure summary
Werner Koch [Tue, 11 Mar 2014 08:24:16 +0000 (09:24 +0100)]
List readline support in configure summary

* m4/readline.m4: Set gnupg_cv_have_readline.
* Add readline support to summary output.

Readline is an optional feature which is build if the readline
development files are available on the build systems.  Too often they
are missing on a (new) build machine which at least makes debugging
Backport useful code from fixes for bug 1447.

* Cehck for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl

We do not have keyserver helpers anymore but this fixes may come handy

5 years agoagent: API change of agent_key_from_file.
NIIBE Yutaka [Tue, 4 Mar 2014 02:54:59 +0000 (11:54 +0900)]
agent: API change of agent_key_from_file.

* agent/findkey.c (agent_key_from_file): Always return S-expression.
* agent/command.c (cmd_passwd): Distinguish by SHADOW_INFO.
(cmd_export_key): Likewise.  Free SHADOW_INFO.
(cmd_keytocard): Likewise.  Release S_SKEY.
* agent/pkdecrypt.c (agent_pkdecrypt): Likewise.
* agent/pksign.c (agent_pksign_do): Likewise.  Use the S-expression to
know the key type.

Signed-off-by: NIIBE Yutaka <>
5 years agoBackport useful code from fixes for bug 1447.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
Backport useful code from fixes for bug 1447.

* Cehck for inet_ntop.
* m4/libcurl.m4: Provide a #define for the version of the curl

We do not have keyserver helpers anymore but this fixes may come handy

5 years agoscd: acquire lock in new_reader_slot.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
scd: acquire lock in new_reader_slot.

* scd/apdu.c (new_reader_slot): Acquire lock.
(open_ct_reader, open_pcsc_reader_direct, open_pcsc_reader_wrapped)
(open_ccid_reader, open_rapdu_reader): Release lock.
(lock_slot, trylock_slot, unlock_slot): Move more to the top.

Fixes a test case of:
   No libpcsclite1 installed.
   Run gpg-agent
   Run command "gpg-connect-agent learn /bye" with no card/token
   Sometimes it fails: ERR 100663356 Not supported <SCD>
   While it should be always: ERR 100663404 Card error <SCD>

(cherry picked from commit 4f557cb9c2ebe274d6aacc60a09cd919055d01ed)

Resolved conflicts:
scd/apdu.c: pth/npth changes. Move lock helpers to the top.
                    Take care of removed pcsc_no_service.

5 years agoComment fixes.
Werner Koch [Fri, 16 Nov 2012 09:35:33 +0000 (10:35 +0100)]
Comment fixes.


Reported-by: Daniel Kahn Gillmor
(cherry picked from commit 7db5c81e3a40b60e146f29c6744a33fd1b88c090)

5 years agoDo not require libiconv for Android.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
Do not require libiconv for Android.

* (require_iconv): New.  Set to false for android.
(AM_ICONV): Run only if required.

5 years agodirmmgr: Use a portability wrapper for struct timeval.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
dirmmgr: Use a portability wrapper for struct timeval.

* dirmngr/dirmngr_ldap.c [W32]: Include winber.h.
(my_ldap_timeval_t): New.

5 years agoSilence more warnings about unused vars and args.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
Silence more warnings about unused vars and args.

* dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
* dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
* dirmngr/dirmngr.c (w32_service_control): Mark unused args.
(call_real_main): New.
(main) [W32]: Use new function to match prototype.
(real_main) [W32]: Mark unused vars.
(handle_signal) [W32]: Do not build the function at all.
(handle_connections) [W32]: Do not define signo.
* dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
* g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.

5 years agodirmngr: Simplify strtok macro.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
dirmngr: Simplify strtok macro.

* dirmngr/ldap-url.c (ldap_utf8_strtok): Remove unused r3d arg.
(ldap_str2charray): Remove lasts.

I have no clue why an utf8 version was planned to be used.  Do the
LDAP folks really assume that eventually non-ascii delimiters might be
used?  Simplified it to silence the warning about an used helper var.

5 years agoUse attribute __gnu_printf__ also in estream header files.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
Use attribute __gnu_printf__ also in estream header files.

* common/estream-printf.h: Use attribute gnu_printf.
* common/estream.h: Ditto.

5 years agoUse attribute __gnu_printf__ with our estream-printf functions.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
Use attribute __gnu_printf__ with our estream-printf functions.

* common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__

Our printf supports most of the GNU features and thus we can silence
the warnings from mingw.

5 years agow32: Silence warnings about unused vars.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
w32: Silence warnings about unused vars.

* agent/gpg-agent.c (main) [W32]: Mark unused vars.
* sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
* g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
* scd/scdaemon.c (main) [W32]: Ditto.
(handle_connections) [W32]: Ditto.
(handle_signal) [W32]: Do not build the function at all.
* scd/apdu.c (pcsc_send_apdu_direct): Ditto.
(connect_pcsc_card): s/long/pcsc_dword_t/.
(open_pcsc_reader_direct): Remove var listlen.

5 years agow32: Fix a potential problem in gpgconf's gettext.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
w32: Fix a potential problem in gpgconf's gettext.

* tools/gpgconf-comp.c (my_dgettext) [USE_SIMPLE_GETTEXT]: Make sure
to return something even DOMAIN is not given.

5 years agoSilence several warnings when building under Windows.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
Silence several warnings when building under Windows.

* agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
(start_pinentry): Ditto.
* common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
* common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
prototypes on Windows and some other platforms.
* common/logging.c (fun_writer): Declare addrbuf only if needed.
* g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
* g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
* g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
by -1 as temporary hack for Windows.
* g10/export.c (do_export): Ditto.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
* g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.

The gpg server mode is not actual working and thus we can avoid the
warnings by explicitly disabling the mode.  We keep it working under
Unix, though.

5 years agow32: Include winsock2.h to silence warnings.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
w32: Include winsock2.h to silence warnings.

5 years agogl: Avoid warning about shadowing an arg.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
gl: Avoid warning about shadowing an arg.

* gl/setenv.c (KNOWN_VALUE): s/value/_v/.

5 years agocommon: Fix build problem with Sun Studio compiler.
Werner Koch [Fri, 15 Nov 2013 08:08:58 +0000 (09:08 +0100)]
common: Fix build problem with Sun Studio compiler.

* common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy

GnuPG-bug-id: 1566
Signed-off-by: Werner Koch <>
(cherry picked from commit 571bcd4662a351cfa55bbf1a79ed1bc26da5780f)

Reolved conflicts:

Warning: estream.c still uses pth_mutex_* which is definitely wrong.
         Needs to be investigated.

5 years agogpg: Do not require a trustdb with --always-trust.
Werner Koch [Fri, 11 Oct 2013 07:25:58 +0000 (09:25 +0200)]
gpg: Do not require a trustdb with --always-trust.

* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(tdb_get_ownertrust): Ditto.
(tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts): Ditto.
(tdb_cache_disabled_value): Ditto.
(tdb_check_trustdb_stale): Ditto.
(tdb_get_validity_core): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <>
(cherry picked from commit 1a0eeaacd1bf09fe5125dbc3f56016bc20f3512e)

Resolved conflicts:
g10/trustdb.c: Manually apply changes due to changed
                       function names.

Note that this also includes the fix for clear_ownertrust, see
GnuPG-bug-id: 1622.

5 years agogpg: Print a "not found" message for an unknown key in --key-edit.
Werner Koch [Fri, 4 Oct 2013 16:34:56 +0000 (18:34 +0200)]
gpg: Print a "not found" message for an unknown key in --key-edit.

* g10/keyedit.c (keyedit_menu): Print message.

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <>
(cherry picked from commit 0bf54e60d31389812d05c3fd29bece876204561d)

Resolved conflicts:
g10/keyedit.c: Fix white spaces

5 years agogpg: Protect against rogue keyservers sending secret keys.
Werner Koch [Fri, 4 Oct 2013 11:44:39 +0000 (13:44 +0200)]
gpg: Protect against rogue keyservers sending secret keys.

* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
* g10/import.c (import_secret_one): Deny import if flag is set.

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <>
(cherry picked from commit e7abed3448c1c1a4e756c12f95b665b517d22ebe)

Resolved conflicts:

5 years agoagent: Fix UPDATESTARTUPTTY for ssh.
Werner Koch [Mon, 19 Aug 2013 09:44:59 +0000 (11:44 +0200)]
agent: Fix UPDATESTARTUPTTY for ssh.

* agent/command-ssh.c (setup_ssh_env): Fix env setting.

gniibe reported this to gnupg-devel on 2012-07-04:

  (2) UPDATESTARTUPTTY doesn't work to switch TTY for pinentry for


  Current implementation:

      In the function start_command_handler_ssh, the logic puts
      priority on ctrl->session_env which is initialized by
      agent_init_default_ctrl.  There are always GPG_TTY and TERM
      defined, because lines around 968 in gpg-agent.c, it says:

   /* Make sure that we have a default ttyname. */

      While UPDATESTARTUPTTY updates opt.startup_env, it doesn't
      affect at all.

  Here is a patch to point the issue.  Tested and works for me.

Signed-off-by: Werner Koch <>
(cherry picked from commit 9f5578c29adba6d4f7d3650121d07322c2f8d254)

5 years agogpgv: Init Libgcrypt to avoid syslog warning.
Werner Koch [Mon, 19 Aug 2013 09:22:11 +0000 (11:22 +0200)]
gpgv: Init Libgcrypt to avoid syslog warning.

* g10/gpgv.c (main): Check libgcrypt version and disable secure

GnuPG-bug-id: 1376
Signed-off-by: Werner Koch <>
(cherry picked from commit 3966eb244518d5612385d35a5149f7164a9fb707)

Resolved conflicts:

5 years agoImprove libcurl detection.
Werner Koch [Tue, 6 Aug 2013 08:31:54 +0000 (10:31 +0200)]
Improve libcurl detection.

* m4/libcurl.m4: Do not use AC_PATH_PROG if --with-libcurl as been
given.  Suggested by John Marshall.

GnuPG-bug-id: 1510
(cherry picked from commit 110b52fffa77b339e6d59eba939408f7e87e7138)

5 years agogpg: Remove legacy keyserver examples from the template conf file.
Werner Koch [Tue, 6 Aug 2013 08:04:12 +0000 (10:04 +0200)]
gpg: Remove legacy keyserver examples from the template conf file.

* g10/options.skel: Update.

(cherry picked from commit f3c5cc8bcd37e38b5d65db6a50466e22d03d1f0c)

5 years agow32: Define WINVER only if needed.
Werner Koch [Fri, 7 Mar 2014 08:46:44 +0000 (09:46 +0100)]
w32: Define WINVER only if needed.

* common/sysutils.c (WINVER): Define only if less that 5.0.