gnupg.git
3 years agogpg: Add --weak-digest to gpgv's help screen.
Werner Koch [Wed, 18 May 2016 15:00:03 +0000 (17:00 +0200)]
gpg: Add --weak-digest to gpgv's help screen.

--

Suggested-by: Daniel Kahn Gillmor
3 years agodirmngr: Adjust the WKD lookup to specs version -01.
Werner Koch [Wed, 18 May 2016 07:46:22 +0000 (09:46 +0200)]
dirmngr: Adjust the WKD lookup to specs version -01.

* dirmngr/server.c (cmd_wkd_get): Remove second occurrence of the
domain part.
--

This change updates gnupg to comply with
draft-koch-openpgp-webkey-service-01

3 years agogpg: Emit new status line KEY_CONSIDERED.
Werner Koch [Fri, 13 May 2016 14:24:59 +0000 (16:24 +0200)]
gpg: Emit new status line KEY_CONSIDERED.

* common/status.h (STATUS_KEY_CONSIDERED): New.
* g10/getkey.c: Include status.h.
(LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
(finish_lookup): Add arg R_FLAGS.  Count expired and revoked keys and
set flag.  Check a requested usage before checking for expiraion or
revocation.
(print_status_key_considered): New.
(lookup): Print new status.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Fix signature checking.
NIIBE Yutaka [Wed, 11 May 2016 10:27:03 +0000 (19:27 +0900)]
g10: Fix signature checking.

* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
walk_kbnode.

--

Thanks to Vincent Brillault (Feandil).

GnuPG-bug-id: 2351
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agogpg: Allow unattended deletion of secret keys.
Werner Koch [Tue, 10 May 2016 09:01:42 +0000 (11:01 +0200)]
gpg: Allow unattended deletion of secret keys.

* agent/command.c (cmd_delete_key): Make the --force option depend on
--disallow-loopback-passphrase.
* g10/call-agent.c (agent_delete_key): Add arg FORCE.
* g10/delkey.c (do_delete_key): Pass opt.answer_yes to
agent_delete_key.
--

Unless the agent has been configured with
--disallow-loopback-passpharse an unattended deletion of a secret key
is now possible with gpg by using --batch _and_ --yes.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix buglet in the check_all_keysigs function.
Werner Koch [Mon, 9 May 2016 19:07:40 +0000 (21:07 +0200)]
gpg: Fix buglet in the check_all_keysigs function.

* g10/keyedit.c (sig_comparison): Actually compare the pubkey
algorithms.
--

This fixes two bugs: The first was a typo which led to us comparing A
with A.  The second problem was the use of an assert at a place where
this can't be asserted: Two signature may have different algorithms;
they won't verify but after all it is about corrupted signatures.

Reported-by: Guilhem Moulin <guilhem@fripost.org>
GnuPG-bug-id: 2236
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Request a "save" after cmd "check" fixed something.
Werner Koch [Mon, 9 May 2016 18:57:20 +0000 (20:57 +0200)]
gpg: Request a "save" after cmd "check" fixed something.

* g10/keyedit.c (keyedit_menu) <cmdCHECK>: Set modified.
--

Reported-by: Guilhem Moulin <guilhem@fripost.org>
GnuPG-bug-id: 2236
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Update Japanese translation.
NIIBE Yutaka [Mon, 9 May 2016 06:05:29 +0000 (15:05 +0900)]
po: Update Japanese translation.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agoPost release updates.
Werner Koch [Wed, 4 May 2016 14:49:19 +0000 (16:49 +0200)]
Post release updates.

--

3 years agoRelease 2.1.12 gnupg-2.1.12
Werner Koch [Wed, 4 May 2016 13:59:11 +0000 (15:59 +0200)]
Release 2.1.12

3 years agospeedo,w32: Remove the installation directory page.
Werner Koch [Wed, 4 May 2016 13:08:17 +0000 (15:08 +0200)]
speedo,w32: Remove the installation directory page.

* build-aux/speedo/w32/inst.nsi (MUI_PAGE_DIRECTORY): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix const char pointer mismatch with gettext.
Werner Koch [Wed, 4 May 2016 12:40:16 +0000 (14:40 +0200)]
gpg: Fix const char pointer mismatch with gettext.

* g10/tofu.c (get_trust): Use const char *.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agospeedo: Build sqlite with static-libgcc.
Werner Koch [Wed, 4 May 2016 12:39:20 +0000 (14:39 +0200)]
speedo: Build sqlite with static-libgcc.

* build-aux/speedo/patches/sqlite.patch: New.
* Makefile.am (EXTRA_DIST): Add file.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agospeedo: Also try patch files w/o version number.
Werner Koch [Wed, 4 May 2016 12:31:46 +0000 (14:31 +0200)]
speedo: Also try patch files w/o version number.

* build-aux/speedo.mk (SPKG_template): Try such a patch file.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agospeedo,w32: Install sqlite
Andre Heinecke [Wed, 4 May 2016 10:22:38 +0000 (12:22 +0200)]
speedo,w32: Install sqlite

* build-aux/speedo/w32/inst.nsi (-sqlite, -un.sqlite): New.

3 years agospeedo,w32: Fix uninstallation
Andre Heinecke [Wed, 4 May 2016 10:00:56 +0000 (12:00 +0200)]
speedo,w32: Fix uninstallation

* build-aux/speedo/w32/inst.nsi (-un.gnupg): Delete distsigkey and
dirmngr-conf.skel

3 years agospeedo,w32: Install localisation
Andre Heinecke [Wed, 4 May 2016 09:24:18 +0000 (11:24 +0200)]
speedo,w32: Install localisation

* build-aux/speedo/w32/inst.nsi (-libgpg-error, GnuPG): Install l10n.
(-un.libgpg-error, -un.gnupg): Uninstall l10n files.

3 years agopo: Auto-update
Werner Koch [Wed, 4 May 2016 09:38:47 +0000 (11:38 +0200)]
po: Auto-update

--

3 years agotests: Disable the migrations tests
Werner Koch [Wed, 4 May 2016 09:31:27 +0000 (11:31 +0200)]
tests: Disable the migrations tests

* tests/Makefile.am (SUBDIRS): Remove migrations.
* configure.ac (AC_CONFIG_FILES): Remove migrations Makefile.
--

The tests introduced with commit defbc70b require some non-portable
tools like mktemp and basename.  They further fail with "make
distcheck".  Removed for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Update Russian translation
Ineiev [Wed, 4 May 2016 09:16:48 +0000 (11:16 +0200)]
po: Update Russian translation

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Update German translation.
Werner Koch [Wed, 4 May 2016 09:14:11 +0000 (11:14 +0200)]
po: Update German translation.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoSome minor string changes and fixed a printf format.
Werner Koch [Wed, 4 May 2016 09:04:43 +0000 (11:04 +0200)]
Some minor string changes and fixed a printf format.

* g10/build-packet.c (notation_value_to_human_readable_string): Use
%zu for size_t.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Update config.{guess,sub} to 2016-04-02 and 2016-03-30.
Werner Koch [Wed, 4 May 2016 07:25:39 +0000 (09:25 +0200)]
build: Update config.{guess,sub} to 2016-04-02 and 2016-03-30.

* build-aux/config.guess: Update.
* build-aux/config.sub: Update.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Make --allow-loopback-pinentry the default.
Werner Koch [Wed, 4 May 2016 07:24:18 +0000 (09:24 +0200)]
agent: Make --allow-loopback-pinentry the default.

* agent/gpg-agent.c (oNoAllowLoopbackPinentry): New.
(opts): Add --no-allow-loopback-pinentry.  Hide
description of --allow-loopback-pinentry.
(parse_rereadable_options): Set opt.allow_loopback_pinentry by
default.
(main): Replace allow-loopback-pinentry by no-allow-loopback-pinentry
in the gpgconf list.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Ditto.
--

Given that a user can anyway change that options in the gpg-agent.conf
file and that gpg needs to be invoked with --pinentry-mode=loopback
the former default does not make much sense - in that option is useful
at all.  There was a discussion of this topic on gnupg-devel in April
without a clear result.  So we try this new default and just in case
real problems are found for the majority of installations, we can
revert that.  The new default is also aligned with GnuPG's policy to
make its use easier and only require users with very high security
standards to tweak certain options (those users have anyway modeled
their threat model and configured their software according to this).

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Print https URLs in help messages.
Werner Koch [Tue, 3 May 2016 13:55:08 +0000 (15:55 +0200)]
common: Print https URLs in help messages.

* common/argparse.c (strusage): Print https URLS.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agotests: Silence output of some tests.
Werner Koch [Tue, 3 May 2016 09:26:06 +0000 (11:26 +0200)]
tests: Silence output of some tests.

* common/t-exechelp.c (print_open_fds): Silence non-verbose output.
(test_close_all_fds): Ditto.
* common/t-session-env.c (show_stdnames): Indent output.
* g10/test.c (TEST): Silence non-verbose okay output.
(exit_tests): Ditto.
* tools/gpg-zip.in (tar_verbose_opt): Add option --quiet.
* tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet.
* tests/openpgp/mds.test: Indent MD5 notice.
* tests/openpgp/version.test: Indent --version output.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.
Werner Koch [Tue, 3 May 2016 08:26:55 +0000 (10:26 +0200)]
gpg: Emit status lines TOFU_STATS and TOFU_STATS_LONG.

* g10/tofu.c (NO_WARNING_THRESHOLD): Rename to BASIC_TRUST_THRESHOLD.
(FULL_TRUST_THRESHOLD): New.
(write_stats_status): New.
(show_statistics): Call new function.  Print TOFU_STATS_LONG.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Extend TRUST_foo status lines with the trust model.
Werner Koch [Mon, 2 May 2016 17:10:59 +0000 (19:10 +0200)]
gpg: Extend TRUST_foo status lines with the trust model.

* g10/trustdb.h (TRUST_FLAG_TOFU_BASED): New.
* g10/trustdb.c (trust_model_string): Lowercase the strings.  Add arg
"model" and change callers to call with OPT.TRUST_MODEL.
* g10/tofu.c (tofu_wot_trust_combine): Set TRUST_FLAG_TOFU_BASED.
* g10/pkclist.c (write_trust_status): New.
(check_signatures_trust): Call new function.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Improve line wrapping for a tofu message.
Werner Koch [Mon, 2 May 2016 11:17:08 +0000 (13:17 +0200)]
gpg: Improve line wrapping for a tofu message.

* g10/tofu.c (time_ago_str): Mark non-breakable spaces.
(show_statistics): Remove marks.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Re-format some tofu messages.
Werner Koch [Mon, 2 May 2016 07:48:19 +0000 (09:48 +0200)]
gpg: Re-format some tofu messages.

* common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS)
(STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New.
* g10/tofu.c (NO_WARNING_THRESHOLD): New.
(record_binding, tofu_register): Take care of --dry-run.
(show_statistics): Print STATUS_TOFU_USER.  Reformat some messages.
Fix the ngettext/strcmp thing.  Use log_string instead of log_info.
Use NO_WARNING_THRESHOLD constant.
(get_trust): Use format_text and print a compact fingerprint.

--

The use of log_string makes long messages better readable; instead of

  gpg: Warning: if you think you've seen more[...]
  key, then this key might be a forgery!  Car[...]
  address for small variations.  If the key i[...]

we now have

  gpg: Warning: if you think you've seen more[...]
       key, then this key might be a forgery![...]
       address for small variations.  If the [...]

We also put the key information after the message and not between the
user id and the last used info like here:

  gpg: Verified 7 messages signed by "Werner Koch <werner@eifzilla.de>"
       in the past 4 days, 16 hours.
       The most recent message was verified 3 days, 13 hours ago.
       (key: 8061 5870 F5BA D690 3336  [...] 1E42 B367, policy: auto)

This also makes the key info a separate translatable string.

Further a compact version of the fingerprint (hex w/o spaces) is
printed in some messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Add a comment about the goals of the agent.
Werner Koch [Sun, 1 May 2016 18:04:39 +0000 (20:04 +0200)]
doc: Add a comment about the goals of the agent.

--

3 years agoscd: More fix of error return path.
NIIBE Yutaka [Mon, 2 May 2016 06:56:02 +0000 (15:56 +0900)]
scd: More fix of error return path.

* scd/command.c (open_card): Return GPG_ERR_ENODEV on the failure of
apdu_connect.

--

GnuPG-bug-id: 2306
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agocommon: Extend log_string to indent lines.
Werner Koch [Fri, 29 Apr 2016 19:45:15 +0000 (21:45 +0200)]
common: Extend log_string to indent lines.

* common/logging.c (do_logv): Add indentation when called via
log_string.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Factor some code code out of tofu.c
Werner Koch [Fri, 29 Apr 2016 13:41:10 +0000 (15:41 +0200)]
gpg: Factor some code code out of tofu.c

* g10/tofu.c (string_to_long): New.
(string_to_ulong): New.
(get_single_unsigned_long_cb): Replace strtol/strtoul by new function.
(get_single_long_cb): Ditto.
(signature_stats_collect_cb):  Ditto.
(get_policy): Ditto.
(show_statistics): Ditto.  Uese es_free instead of free.
--

There is one minor semantic change: We now accept "nnn.0" always.  The
old code did not checked for ".0: in show_statistics.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Fix name of gpg's option --tofu-policy
Werner Koch [Fri, 29 Apr 2016 09:05:55 +0000 (11:05 +0200)]
doc: Fix name of gpg's option --tofu-policy

--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove all assert.h and s/assert/log_assert/.
Werner Koch [Fri, 29 Apr 2016 09:05:24 +0000 (11:05 +0200)]
gpg: Remove all assert.h and s/assert/log_assert/.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Improve log_assert.
Werner Koch [Fri, 29 Apr 2016 09:04:04 +0000 (11:04 +0200)]
common: Improve log_assert.

* common/logging.c (bug_at): Do not i18n the string.
(_log_assert): New.
* common/logging.h (log_assert): Use new function and pass line
information.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Fix error return path.
NIIBE Yutaka [Thu, 28 Apr 2016 03:43:48 +0000 (12:43 +0900)]
scd: Fix error return path.

* scd/ccid-driver.c (bulk_in): Remove EAGAIN handling.
Handle LIBUSB_ERROR_NO_DEVICE to return CCID_DRIVER_ERR_NO_READER.

--

GnuPG-bug-id: 2306
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agoscd: Fix memory leaks.
NIIBE Yutaka [Wed, 27 Apr 2016 15:08:08 +0000 (00:08 +0900)]
scd: Fix memory leaks.

* scd/ccid-driver.c (scan_or_find_usb_device): Return on
LIBUSB_ERROR_NO_MEM.  Free CONFIG before return except on error.
(scan_or_find_devices): Free device list.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agogpg: Add experimental AKL method "wkd" and option --with-wkd-hash.
Werner Koch [Wed, 27 Apr 2016 06:34:29 +0000 (08:34 +0200)]
gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.

* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method.  Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt):  Add field 'with_wkd_hash'.
(AKL_WKD): New.

* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--

The Web Key Directory is an experimental feature to retrieve a key via
https.  It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.

For example the URI to lookup the key for Joe.Doe@Example.ORG is:

    https://example.org/.well-known/openpgpkey/
    hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q

(line has been wrapped for rendering purposes).  The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part.  The
address wk@gnupg.org can be used for testing.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Add experimental command WKD_GET.
Werner Koch [Wed, 27 Apr 2016 06:20:25 +0000 (08:20 +0200)]
dirmngr: Add experimental command WKD_GET.

* dirmngr/server.c (cmd_wkd_get): New.
(register_commands): Add command WKD_GET.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Use system provided root CAs with KS_FETCH.
Werner Koch [Wed, 27 Apr 2016 06:18:37 +0000 (08:18 +0200)]
dirmngr: Use system provided root CAs with KS_FETCH.

* dirmngr/ks-engine-http.c (ks_http_fetch): Use HTTP_FLAG_TRUST_SYS.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agohttp: Allow to request system defined CAs for TLS.
Werner Koch [Tue, 26 Apr 2016 19:57:56 +0000 (21:57 +0200)]
http: Allow to request system defined CAs for TLS.

* dirmngr/http.h (HTTP_FLAG_TRUST_DEF, HTTP_FLAG_TRUST_SYS): New.
* dirmngr/http.c (http_session_new): Add arg "flags".
* dirmngr/ks-engine-hkp.c (send_request): Use new flag
HTTP_FLAG_TRUST_DEF for the new arg of http_session_new.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/t-http.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Add OpenPGP card vendor 0x2342.
Werner Koch [Tue, 26 Apr 2016 13:51:46 +0000 (15:51 +0200)]
gpg: Add OpenPGP card vendor 0x2342.

--

3 years agocommon: Minor fixes for the new private-keys.c.
Werner Koch [Mon, 25 Apr 2016 16:14:12 +0000 (18:14 +0200)]
common: Minor fixes for the new private-keys.c.

* common/private-keys.c (my_error_from_syserror): New.  Use it in
place of gpg_error_from_syserror.
(_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp.
(pkc_parse): Use xtrystrdup and append_to_strlist_try as intended.

(_pkc_add): Add braces around if-statement.
--

We should have a macro so that we do not need to define a wrapper
function like my_error_from_syserror in files where it is needed.  I
am not sure about a proper name, "my_" seems to be the easiest
replacement.  Note that the global DEFAULT_ERRSOURCE is relatively new
to replace the need to convey the error source in function calls; we
want that function from common/ return the error source of the main
binary.

We require that a key is ASCII and thus we better use ascii_strcasecmp
to avoid problems with strange locales.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Explain use of common error variable names.
Werner Koch [Mon, 25 Apr 2016 15:49:46 +0000 (17:49 +0200)]
doc: Explain use of common error variable names.

--

3 years agocommon: Use new function to print a failure of xtrymalloc.
Werner Koch [Mon, 25 Apr 2016 15:26:57 +0000 (17:26 +0200)]
common: Use new function to print a failure of xtrymalloc.

* common/miscellaneous.c (xoutofcore): New.
* common/strlist.c (append_to_strlist): Use instead of abort.
(append_to_strlist_try): Use xtrymalloc instead of xmalloc.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Drop unused variables, fix warnings.
Justus Winter [Thu, 21 Apr 2016 13:23:04 +0000 (15:23 +0200)]
common: Drop unused variables, fix warnings.

--
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Add support for the new extended private key format.
Justus Winter [Fri, 8 Apr 2016 17:21:12 +0000 (19:21 +0200)]
common: Add support for the new extended private key format.

* agent/findkey.c (write_extended_private_key): New function.
(agent_write_private_key): Detect if an existing file is in extended
format and update the key within if it is.
(read_key_file): Handle the new format.
* agent/keyformat.txt: Document the new format.
* common/Makefile.am: Add the new files.
* common/private-keys.c: New file.
* common/private-keys.h: Likewise.
* common/t-private-keys.c: Likewise.
* common/util.h (alphap, alnump): New macros.
* tests/migrations: Add test demonstrating that we can cope with the
new format.

--
GnuPG 2.3+ will use a new format to store private keys that is both
more flexible and easier to read and edit by human beings.  The new
format stores name,value-pairs using the common mail and http header
convention.

This patch adds the parser and support code and prepares GnuPG 2.1 for
the new format.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Add 'free_strlist_wipe' which wipes memory.
Justus Winter [Thu, 21 Apr 2016 10:59:59 +0000 (12:59 +0200)]
common: Add 'free_strlist_wipe' which wipes memory.

* common/strlist.c (free_strlist_wipe): New function.
* common/strlist.h (free_strlist_wipe): New prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Add 'append_to_strlist_try' which can fail.
Justus Winter [Thu, 21 Apr 2016 10:36:04 +0000 (12:36 +0200)]
common: Add 'append_to_strlist_try' which can fail.

* common/strlist.c (append_to_strlist): Use the new function.
(append_to_strlist_try): New function.
* common/strlist.h (append_to_strlist_try): New prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agoagent: Convert key format document to org.
Justus Winter [Wed, 13 Apr 2016 12:25:30 +0000 (14:25 +0200)]
agent: Convert key format document to org.

* agent/keyformat.txt: Convert to org mode.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Make migration test more robust and silent.
Justus Winter [Thu, 21 Apr 2016 12:36:21 +0000 (14:36 +0200)]
tests: Make migration test more robust and silent.

* tests/migrations/from-classic.test: Fix in-tree build, silence test.

Fixes-commit: defbc70b
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agow32: Use --enable-gpg2-is-gpg by default.
Werner Koch [Thu, 21 Apr 2016 07:18:10 +0000 (09:18 +0200)]
w32: Use --enable-gpg2-is-gpg by default.

* autogen.rc: Add option also for plain Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agow32: Replace libiconv DLL by iconv feature of libgpg-error.
Werner Koch [Thu, 21 Apr 2016 07:17:11 +0000 (09:17 +0200)]
w32: Replace libiconv DLL by iconv feature of libgpg-error.

* configure.ac: Do nor require libiconv for W32.
* common/utf8conv.c [W32]: Do not incluce iconv.h.  Request
libgpg-error iconv macros.
(jnlib_iconv): Use ICONV_CONST macro.
* build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv.
* build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Sanitize permissions of the private key directory.
Justus Winter [Wed, 20 Apr 2016 12:55:45 +0000 (14:55 +0200)]
agent: Sanitize permissions of the private key directory.

* agent/gpg-agent.c (create_private_keys_directory): Set permissions.
* common/sysutils.c (modestr_to_mode): New function.
(gnupg_mkdir): Use new function.
(gnupg_chmod): New function.
* common/sysutils.h (gnupg_chmod): New prototype.
* tests/migrations/from-classic.test: Test migration with existing
directory.

GnuPG-bug-id: 2312
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Test the migration from a classic GnuPG home directory.
Justus Winter [Wed, 20 Apr 2016 12:48:12 +0000 (14:48 +0200)]
tests: Test the migration from a classic GnuPG home directory.

* configure.ac: Add new directory.
* tests/Makefile.am (SUBDIRS): Likewise.
* tests/migrations/Makefile.am: New file.
* tests/migrations/from-classic.gpghome/pubring.gpg.asc: Likewise.
* tests/migrations/from-classic.gpghome/secring.gpg.asc: Likewise.
* tests/migrations/from-classic.gpghome/trustdb.gpg.asc: Likewise.
* tests/migrations/from-classic.test: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agospeedo: Use swdb.lst to define the SQLite version.
Werner Koch [Wed, 20 Apr 2016 09:02:39 +0000 (11:02 +0200)]
speedo: Use swdb.lst to define the SQLite version.

* build-aux/speedo.mk: Change sqlite to use our mirror and the
swdb.lst file.
* build-aux/speedo/w32/inst.nsi: gpg is now build and installed as
gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Improve UID selction of --quick-sign-key.
Werner Koch [Tue, 19 Apr 2016 15:47:24 +0000 (17:47 +0200)]
gpg: Improve UID selction of --quick-sign-key.

* g10/keyedit.c (keyedit_quick_sign): Improve UID selection and print
error for non-found userids.
--

GnuPG-bug-id: 2315

3 years agogpg: Avoid debug like output at start of --edit-key.
Werner Koch [Tue, 19 Apr 2016 15:45:27 +0000 (17:45 +0200)]
gpg: Avoid debug like output at start of --edit-key.

* g10/keyedit.c (check_all_keysigs): Print info only after something
has been modified.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodirmngr: Fix https never reported in general help
Andre Heinecke [Fri, 15 Apr 2016 15:50:07 +0000 (17:50 +0200)]
dirmngr: Fix https never reported in general help

* dirmngr/ks-engine-http.c (ks_hkp_help): Also print https
when supported and no uri provided.

--
Wrong reporting was pointed out by K_F, again.

3 years agodirmngr: Fix https incorrectly reported in help
Andre Heinecke [Fri, 15 Apr 2016 15:19:40 +0000 (17:19 +0200)]
dirmngr: Fix https incorrectly reported in help

* dirmngr/ks-engine-http.c (ks_hkp_help): Only print https if tls
is supported.

--
Wrong reporting was pointed out by K_F. Check is the same as
in ks-engine-hkp.c

3 years agopo: Fix a string in de.po.
Werner Koch [Fri, 15 Apr 2016 09:46:10 +0000 (11:46 +0200)]
po: Fix a string in de.po.

--

With commit b3378b3a56fc90ba8ae38e6298b23a378305af32 from July 2014 we
use strconcat instead of sprintf for the string and thus we need to
remove one level of percent escaping.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Fix regression due to recent commit 4159567.
Werner Koch [Thu, 14 Apr 2016 10:16:51 +0000 (12:16 +0200)]
agent: Fix regression due to recent commit 4159567.

* agent/protect.c (do_encryption): Fix CBC hashing.
--

The buggy code included an extra closing parenthesis before
the (protected-at) term in the CBC hashing.  We now do it by
explicitly hashing the protected stuff and append the rest of the
expression instead of a fixed closing parenthesis.  Note that the OCB
hashing only differs that it does no include the protected part.

Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Allow gpg-protect-tool to handle openpgp-native protection.
Werner Koch [Thu, 14 Apr 2016 10:28:48 +0000 (12:28 +0200)]
agent: Allow gpg-protect-tool to handle openpgp-native protection.

* agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
agent_unprotect.
(main): Allocate a simple CTRL object and pass it to
read_and_unprotect.
(convert_from_openpgp_native): Remove stub.
(agent_key_available, agent_get_cache): New stubs.
(agent_askpin): New emulation for the one in call-pinentry.c.
(agent_write_private_key): New to dump key.
* agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agotests: Set fake-pinentry's stdout and stdin to _IOLBF.
Werner Koch [Thu, 14 Apr 2016 07:08:50 +0000 (09:08 +0200)]
tests: Set fake-pinentry's stdout and stdin to _IOLBF.

* tests/openpgp/fake-pinentry.c (main): Call setvbuf.  Show passphrase
at startup.  Increase buffer.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Implement new protection mode openpgp-s2k3-ocb-aes.
Werner Koch [Tue, 12 Apr 2016 12:37:26 +0000 (14:37 +0200)]
agent: Implement new protection mode openpgp-s2k3-ocb-aes.

* agent/protect.c (agent_protect): Add arg use_ocb.  Change all caller
to pass -1 for default.
* agent/protect-tool.c: New option --debug-use-ocb.
(oDebugUseOCB): New.
(opt_debug_use_ocb): New.
(main): Set option.
(read_and_protect): Implement option.

* agent/protect.c (OCB_MODE_SUPPORTED): New macro.
(PROT_DEFAULT_TO_OCB): New macro.
(do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
and timestamp_exp_len.  Implement OCB.
(agent_protect): Change to support OCB.
(do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
Implement OCB.
(merge_lists): Allow NULL for sha1hash.
(agent_unprotect): Change to support OCB.
(agent_private_key_type): Remove debug output.
--

Instead of using the old OpenPGP way of appending a hash of the
plaintext and encrypt that along with the plaintext, the new scheme
uses a proper authenticated encryption mode.  See keyformat.txt for a
description.  Libgcrypt 1.7 is required.

This mode is not yet enabled because there would be no way to return
to an older GnuPG version.  To test the new scheme use
gpg-protect-tool:

 ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
 ./gpg-protect-tool -av -P abc -u <prot.key

Any key from the private key storage should work.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Note that the persistant passphrase format is unimplemented.
Werner Koch [Tue, 12 Apr 2016 12:20:53 +0000 (14:20 +0200)]
doc: Note that the persistant passphrase format is unimplemented.

--

3 years agoindent: Help Emacs not to get confused by conditional compilation.
Werner Koch [Mon, 11 Apr 2016 08:24:15 +0000 (10:24 +0200)]
indent: Help Emacs not to get confused by conditional compilation.

* agent/protect.c (calibrate_get_time) [W32]: Use separate function
calls for W32 and W32CE.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Point to RFC-4880 for keyedit subcommand "tsign".
Werner Koch [Fri, 8 Apr 2016 07:49:15 +0000 (09:49 +0200)]
doc: Point to RFC-4880 for keyedit subcommand "tsign".

--

GnuPG-bug-id: 2283

3 years agog10: Fix exporting secret keys of certain sizes.
Justus Winter [Thu, 7 Apr 2016 11:55:42 +0000 (13:55 +0200)]
g10: Fix exporting secret keys of certain sizes.

* g10/build-packet.c (do_key): Do not use the header length specified
by the public key packet from the keyring, but let 'write_header2'
compute the required length.
--
Specifically exporting RSA keys of length 1024 failed, as the encoded
public key packet requires 141 bytes a length that fits into one byte,
but the secret key is significantly larger, making the export fail.

GnuPG-bug-id: 2307
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Fix typo.
Justus Winter [Thu, 7 Apr 2016 11:51:26 +0000 (13:51 +0200)]
g10: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agodoc: Update help.ru.txt
Ineiev [Wed, 6 Apr 2016 16:42:31 +0000 (18:42 +0200)]
doc: Update help.ru.txt

--

3 years agoRevert "g10: Support armored keyrings in gpgv."
Justus Winter [Wed, 6 Apr 2016 09:34:11 +0000 (11:34 +0200)]
Revert "g10: Support armored keyrings in gpgv."

This reverts commit abb352de51bc964c06007fce43ed6f6caea87c15.

3 years agodirmngr: Autodetect PEM format in dirmngr-client.
Justus Winter [Tue, 5 Apr 2016 14:01:05 +0000 (16:01 +0200)]
dirmngr: Autodetect PEM format in dirmngr-client.

* dirmngr/dirmngr-client.c (init_asctobin): New function.
(main): Move the initialization code to the new function.
(read_pem_certificate): Initialize base64 table.
(read_certificate): Try to decode certificates given in files as PEM
first.

GnuPG-bug-id: 1844
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agobuild: Fix for: Build gpgcompose only in maintainer mode
Werner Koch [Tue, 5 Apr 2016 13:24:56 +0000 (15:24 +0200)]
build: Fix for: Build gpgcompose only in maintainer mode

* g10/Makefile.am (noinst_PROGRAMS): Always add module_tests.
--

Fixes-commit: 4b5341d

3 years agodoc: Install gpg and gpgv man pages under the correct name.
Werner Koch [Tue, 5 Apr 2016 13:15:28 +0000 (15:15 +0200)]
doc: Install gpg and gpgv man pages under the correct name.

* doc/mkdefsinc.c (main): Add double include guard.  Set variable
gpgtwohack. Define macros gpgname and gpgvname.
* doc/gpg.texi: Remove macro definition for gpgname.  Use Texinfo var
gpgtwohack to prepare the man pages.  Use @gpgname everywhere.
* doc/gpgv.texi: Likewise.
* doc/Makefile.am (myman_pages): Remove gpg2.1 and gpgv2.1 but add
them depending on USE_GPG2_HACK.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Build gpgcompose only in maintainer mode
Werner Koch [Tue, 5 Apr 2016 09:18:45 +0000 (11:18 +0200)]
build: Build gpgcompose only in maintainer mode

* g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose only in maintainer
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Replace use of "gpg2" by GPG_NAME
Werner Koch [Tue, 5 Apr 2016 09:10:09 +0000 (11:10 +0200)]
gpg: Replace use of "gpg2" by GPG_NAME

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoNow build "gpg" binary but install as "gpg2"
Werner Koch [Mon, 4 Apr 2016 15:42:24 +0000 (17:42 +0200)]
Now build "gpg" binary but install as "gpg2"

* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--

Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agotests: Add missing file.
Werner Koch [Mon, 4 Apr 2016 16:38:53 +0000 (18:38 +0200)]
tests: Add missing file.

* tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc.
--

Fixes-commit: 785a7f463ec4e937304ce1263c5e6a46e8079137

3 years agog10: Support armored keyrings in gpgv.
Justus Winter [Mon, 4 Apr 2016 15:05:50 +0000 (17:05 +0200)]
g10: Support armored keyrings in gpgv.

* doc/gpgv.texi: Document the feature.
* g10/Makefile.am (gpgv2_SOURCES): Add dearmor.c.
* g10/dearmor.c (dearmor_file): Add sink argument.
* g10/gpg.c (main): Adapt accordingly.
* g10/gpgv.c (make_temp_dir): New function.
(main): De-armor keyrings.
* g10/main.h (dearmor_file): Adapt prototype.

GnuPG-bug-id: 2290
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Fix default key test.
Justus Winter [Mon, 4 Apr 2016 11:10:28 +0000 (13:10 +0200)]
tests: Fix default key test.

* tests/openpgp/default-key.test: Avoid using the option
'--trust-model' unconditionally.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agopo: Fix misleading german translation.
Justus Winter [Fri, 1 Apr 2016 14:38:24 +0000 (16:38 +0200)]
po: Fix misleading german translation.

--
GnuPG-bug-id: 2239
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agobuild: Check for conflicting trust model options.
Justus Winter [Fri, 1 Apr 2016 12:53:48 +0000 (14:53 +0200)]
build: Check for conflicting trust model options.

* configure.ac: Disable TOFU if configured without trust models, and
check for conflicting options.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Remove option --always-trust if compiled without trust models.
Justus Winter [Fri, 1 Apr 2016 12:51:56 +0000 (14:51 +0200)]
g10: Remove option --always-trust if compiled without trust models.

* g10/gpg.c (opts): Remove option --always-trust if compiled without
trust models.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agospeedo,w32: Build libsqlite3.
Justus Winter [Thu, 31 Mar 2016 15:51:39 +0000 (17:51 +0200)]
speedo,w32: Build libsqlite3.

* build-aux/speedo.mk (speedo_spkgs): Add libsqlite3 on w32.
(libsqlite3_ver): New variable.
(speedo_pkg_libsqlite3_tar): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Use gpg-error abstraction of sched_yield.
Justus Winter [Thu, 31 Mar 2016 15:23:31 +0000 (17:23 +0200)]
g10: Use gpg-error abstraction of sched_yield.

* g10/tofu.c (begin_transaction): Use 'gpgrt_yield'.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpg: Fix NULL-segv for missing tofu DB.
Werner Koch [Tue, 29 Mar 2016 11:30:19 +0000 (13:30 +0200)]
gpg: Fix NULL-segv for missing tofu DB.

* g10/tofu.c (opendb): Guard call to timeout function.
--

GnuPG-bug-id: 2294

Fix not tested but is pretty obvious.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Improve message when asking for key capabilities.
Werner Koch [Tue, 22 Mar 2016 19:24:52 +0000 (20:24 +0100)]
gpg: Improve message when asking for key capabilities.

* g10/keygen.c (ask_key_flags): Improve message.
--

Because the curve is only selected after the capabilities are queried
we do not know whether ECDSA or EdDSA will eventually be used.  When
printing the possible capabilities we now use print "ECDSA/EdDSA" for
the algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove the extra prompt for Curve25519.
Werner Koch [Tue, 22 Mar 2016 18:55:25 +0000 (19:55 +0100)]
gpg: Remove the extra prompt for Curve25519.

* g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
(ask_curve): Use a fixed table of curve names and reserve a slot for
Curve448.  Simplify CurveNNNN/EdNNNN switching.
(ask_curve): Remove the Curve25519 is non-standard prompt.
--

Given that ECC generation is only available in export mode and that
gpg will in any case support our current ed2559/cv25519 definition the
extra prompt does not make anymore sense.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Silence trustdb computation with --quiet.
Werner Koch [Sat, 19 Mar 2016 13:43:18 +0000 (14:43 +0100)]
gpg: Silence trustdb computation with --quiet.

* g10/trustdb.c (validate_keys): Do not print log_info stuff in quiet
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agosm: Always create a keybox header when creating a new keybox.
Werner Koch [Thu, 17 Mar 2016 14:15:48 +0000 (15:15 +0100)]
sm: Always create a keybox header when creating a new keybox.

* sm/keydb.c (maybe_create_keybox): Create the header blob.
--

This is required so that g10/keydb.c can properly detect that a keybox
file is actually there.  Just writing a 0 zero length keybox file is
not sufficient because a file with that name may also be an old-style
OpenPGP keyring.

GnuPG-bug-id: 2275
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Improve documentation of --enable-large-rsa.
Neal H. Walfield [Thu, 17 Mar 2016 10:13:57 +0000 (11:13 +0100)]
doc: Improve documentation of --enable-large-rsa.

* doc/gpg.texi (--enable-large-rsa): Improve text.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Bernhard Reiter <bernhard@intevation.de>
3 years agoagent: allow removal of the shadowed key.
NIIBE Yutaka [Wed, 16 Mar 2016 23:37:58 +0000 (08:37 +0900)]
agent: allow removal of the shadowed key.

* agent/findkey.c (agent_delete_key): Remove the key when asked.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agog10: Add const qualifier.
NIIBE Yutaka [Wed, 16 Mar 2016 02:52:41 +0000 (11:52 +0900)]
g10: Add const qualifier.

* g10/gpgcompose.c (show_help): Those are strings not to be modified.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agogpg: Do not rely on a certain evaluation order.
Werner Koch [Tue, 15 Mar 2016 08:22:24 +0000 (09:22 +0100)]
gpg: Do not rely on a certain evaluation order.

* g10/keyedit.c (print_and_check_one_sig): Call check_key_signature
before derefing IS_SELFSIG.
--

Fixes-commit: 5fbd80579aea0f75ca1d2700515c5b8747a75c7d
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoscd: Add manufacturer id 0x000a
Werner Koch [Mon, 14 Mar 2016 16:49:36 +0000 (17:49 +0100)]
scd: Add manufacturer id 0x000a

* g10/card-util.c (get_manufacturer): Add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agog10: Silence message if --quiet is given.
Kevin J. McCarthy [Thu, 10 Mar 2016 11:41:06 +0000 (12:41 +0100)]
g10: Silence message if --quiet is given.

* g10/getkey.c (parse_def_secret_key): Silence message if --quiet is
given.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpg: Add a new test.
Neal H. Walfield [Tue, 8 Mar 2016 13:08:15 +0000 (14:08 +0100)]
gpg: Add a new test.

* g10/Makefile.am (EXTRA_DIST): Add t-stutter-data.asc.
(module_tests): Add t-stutter.
(t_stutter_SOURCES): New variable.
(t_stutter_LDADD): New variable.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Add a test to check that the Mister and Zuccerato attack described in
"An Attack on CFB Mode Encryption As Used by OpenPGP" works.