gnupg.git
2 years agoscd: Use canonical curve name of libgcrypt.
NIIBE Yutaka [Mon, 24 Oct 2016 02:22:44 +0000 (11:22 +0900)]
scd: Use canonical curve name of libgcrypt.

* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
(ecdh_params): New.
(ecc_read_pubkey): Use ecdh_params.  Use curve name.
(ecc_writekey): Likewise.
(ecc_curve): Rename from ecc_oid.
(parse_algorithm_attribute): Use ecc_curve.
* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
intern the curve name string.
* g10/card-util.c (card_status): Conver curve name to alias for print.
--
Now, sdcaemon answer for KEY-ATTR is in the canonical curve name
instead of the alias.  Since it is used of key generation for
card encryption key with backup, it should be canonical name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agocommon: Fix openpgp_is_curve_supported.
NIIBE Yutaka [Mon, 24 Oct 2016 02:20:14 +0000 (11:20 +0900)]
common: Fix openpgp_is_curve_supported.

* common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
canonical name of the curve and alias.

--
Only alias (the name for print) was allowed before this change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Fix card keygen for decryption.
NIIBE Yutaka [Sun, 23 Oct 2016 22:52:40 +0000 (07:52 +0900)]
g10: Fix card keygen for decryption.

* g10/keygen.c (do_generate_keypair): Fix arguments.

--

Reported-by: Grumpy
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: More card key generation change.
NIIBE Yutaka [Fri, 21 Oct 2016 23:45:35 +0000 (08:45 +0900)]
g10: More card key generation change.

* g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
Don't get ALGO by KEY-ATTR by this function.  It's caller to provide
ALGO.  Don't do that by both of caller and callee.
(generate_keypair): Only put paramerters needed.  Use parameters
for ALGO to call gen_card_key.
(generate_card_subkeypair): Get ALGO and call gen_card_key with it.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Write first keybox record in binary mode
Andre Heinecke [Fri, 21 Oct 2016 12:59:26 +0000 (14:59 +0200)]
g10: Write first keybox record in binary mode

* g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.

--
This fixes keybox corruption on windows.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2 years agog10,scd: Fix ECC keygen.
NIIBE Yutaka [Fri, 21 Oct 2016 12:37:04 +0000 (21:37 +0900)]
g10,scd: Fix ECC keygen.

* g10/keygen.c (generate_keypair): For card key generation, fill
parameters by KEY-ATTR.

* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
after its reference by OIDBUF is finished.
(ecc_writekey): Likewise.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Fix segfault changing key attr.
NIIBE Yutaka [Fri, 21 Oct 2016 07:27:46 +0000 (16:27 +0900)]
scd: Fix segfault changing key attr.

* asc/app-openpgp.c (change_keyattr_from_string): Release after
allocated.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Don't ask keysize for for non-RSA card.
NIIBE Yutaka [Fri, 21 Oct 2016 05:15:05 +0000 (14:15 +0900)]
g10: Don't ask keysize for for non-RSA card.

* g10/card-util.c (card_status): Bug fix for keyno.
(ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
(generate_card_keys): Only ask keysize when RSA.
(card_generate_subkey): Likewise.

--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Support ECC for gen_card_key.
NIIBE Yutaka [Fri, 21 Oct 2016 04:59:09 +0000 (13:59 +0900)]
g10: Support ECC for gen_card_key.

* g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
(do_generate_keypair, generate_card_subkeypair): Follow the change.

--
ALGO is determined by the key attribute of the card.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoFix use cases of snprintf.
NIIBE Yutaka [Fri, 21 Oct 2016 03:04:46 +0000 (12:04 +0900)]
Fix use cases of snprintf.

* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: Fix saving with FORCE=1.
NIIBE Yutaka [Fri, 21 Oct 2016 01:57:29 +0000 (10:57 +0900)]
agent: Fix saving with FORCE=1.

* agent/findkey.c (agent_write_private_key): Recover from an error of
GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agotests: Simplify test.
Justus Winter [Thu, 20 Oct 2016 14:54:06 +0000 (16:54 +0200)]
tests: Simplify test.

* tests/openpgp/quick-key-manipulation.scm: Avoid creating a temporary
home directory, just make the uids unique.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Flush stdout in the fake pinentry.
Justus Winter [Thu, 20 Oct 2016 14:50:11 +0000 (16:50 +0200)]
tests: Flush stdout in the fake pinentry.

* tests/openpgp/fake-pinentry.c (reply): Flush stdout.

Fixes-commit: 94504b3d5af126abb591dedda1ca0f0970822f55
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Fix setting environment variables on Windows.
Justus Winter [Thu, 20 Oct 2016 14:45:18 +0000 (16:45 +0200)]
common,w32: Fix setting environment variables on Windows.

* common/sysutils.c (gnupg_setenv): Also update the environment block
maintained by the C runtime.
(gnupg_unsetenv): Likewise.
* tests/gpgscm/ffi.c (do_setenv): Fix error handling.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests,w32: Cope with Windows line endings.
Justus Winter [Thu, 20 Oct 2016 14:41:18 +0000 (16:41 +0200)]
tests,w32: Cope with Windows line endings.

* tests/openpgp/issue2015.scm: Rstrip line before comparison.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Create and remove socket directories.
Justus Winter [Thu, 20 Oct 2016 09:37:26 +0000 (11:37 +0200)]
tests: Create and remove socket directories.

* tests/openpgp/defs.scm (start-agent): Move function here and create
the socket directory prior to starting the agent.
(stop-agent): Move function here and remove the socket directory.
* tests/openpgp/finish.scm: Adapt.
* tests/openpgp/setup.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent, g10: Fix keygen.
NIIBE Yutaka [Thu, 20 Oct 2016 11:01:46 +0000 (20:01 +0900)]
agent, g10: Fix keygen.

* agent/command.c (cmd_readkey): Get length after card_readkey.
* g10/keygen.c (gen_card_key): Fix off-by-one error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: GENKEY updates the public key in APP.
NIIBE Yutaka [Thu, 20 Oct 2016 07:25:47 +0000 (16:25 +0900)]
scd: GENKEY updates the public key in APP.

* scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
(read_public_key): New.
(get_public_key, do_genkey): Use read_public_key.

--

With this change, since GENKEY updates the public key (pk[keyno].key) in
APP, READKEY will be possible after the command even for the old
card (version <= 0x0100).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: smartcard keygen change.
NIIBE Yutaka [Thu, 20 Oct 2016 04:30:47 +0000 (13:30 +0900)]
g10: smartcard keygen change.

* g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
(scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
(agent_scd_genkey): Remove INFO argument.  CREATETIME is now in/out
argument.
(agent_readkey): Use READKEY --card instead of SCD READKEY.
* g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
to retrieve public key information from card and let the agent make
a file for private key with shadow info.
--

This change removes gpg's KEY-DATA handling for SCD GENKEY.  Information
with KEY-DATA is simply not used.  Instead, it is read by READKEY --card
command of gpg-agent.  This can consolidate public key handling in a
single method by READKEY.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: Add --card option for READKEY.
NIIBE Yutaka [Thu, 20 Oct 2016 03:05:15 +0000 (12:05 +0900)]
agent: Add --card option for READKEY.

* agent/findkey.c (agent_write_shadow_key): New.
* agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
* agent/learncard.c (agent_handle_learn): Likewise.
* agent/command.c (cmd_readkey): Add --card option.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: improve VERSIONCHECK
Kai Michaelis [Wed, 19 Oct 2016 14:19:29 +0000 (16:19 +0200)]
dirmngr: improve VERSIONCHECK

Replace strtok_r() and code formatting. Use code from libgpg-error for
version comparison.

2 years agocommon: Fix copying data to estreams.
Justus Winter [Tue, 18 Oct 2016 15:57:19 +0000 (17:57 +0200)]
common: Fix copying data to estreams.

* common/exectool.c (copy_buffer_do_copy): Correctly account for
partially written data in the event of errors.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Communicate with child in non-blocking mode.
Justus Winter [Tue, 18 Oct 2016 12:04:54 +0000 (14:04 +0200)]
common,w32: Communicate with child in non-blocking mode.

* common/exechelp-w32.c (gnupg_spawn_process): Open streams in
non-blocking mode if requested.

Fixes-commit: 83811e3f1f0c615b2b63bafdb49a35a0fc198088
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Extend gnupg_create_inbound_pipe et al.
Justus Winter [Tue, 18 Oct 2016 11:55:12 +0000 (13:55 +0200)]
common,w32: Extend gnupg_create_inbound_pipe et al.

* common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
create a stream if reqested.
(gnupg_create_inbound_pipe): Use the extended function to open the
stream if requested.
(gnupg_create_outbound_pipe): Likewise.
(gnupg_create_pipe): Update call site.

Fixes-commit: 5d991e333a1885adc40abd9d00c01fec4bd5d9d7
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Make use of default_errsource in exechelp.
Justus Winter [Tue, 18 Oct 2016 12:01:53 +0000 (14:01 +0200)]
common,w32: Make use of default_errsource in exechelp.

* common/exechelp-posix.c (my_error_from_syserror, my_error): New.
Use them instead of gpg_error and gpg_error_from_syserror.

Fixes-commit: 96c7901ec1c79be732570811223d3ea54875abfe
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoscd: Support ECC key generation.
NIIBE Yutaka [Tue, 18 Oct 2016 13:46:37 +0000 (22:46 +0900)]
scd: Support ECC key generation.

* scd/app-openpgp.c (get_public_key): Fix a message.
(change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
(do_genkey): Add ECC support.

--

In OpenPGP card specification 3.0, ECC is introduced.  So far, do_genkey
only supported RSA.  Since KDF spec. is needed to calculate the
fingerprint, it is hard coded in app-openpgp.c.  But it's defined by
OpenPGP ECC (RFC-6637), and card does nothing with KDF in fact.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: minor cleanup to merge other works.
NIIBE Yutaka [Tue, 18 Oct 2016 11:40:09 +0000 (20:40 +0900)]
scd: minor cleanup to merge other works.

* scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
(iso7816_generate_keypair, iso7816_read_public_key): Likewise.
* scd/app-openpgp.c (get_public_key): Follow the change.
(do_genkey): Ditto.  Use ERR instead of RC.  Use u32 for CREATED_AT.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoRegister DCO for Arnaud Fontaine
Werner Koch [Tue, 18 Oct 2016 09:18:47 +0000 (11:18 +0200)]
Register DCO for Arnaud Fontaine

--

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpgscm: Initialize nesting stack.
Justus Winter [Fri, 14 Oct 2016 09:17:50 +0000 (11:17 +0200)]
gpgscm: Initialize nesting stack.

* tests/gpgscm/scheme.c (scheme_init_custom_alloc): Initialize nesting
stack.

Fixes-commit: f2249b737055f84842778285bbeff5e61fa55225
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodoc: Document how to manually shut down gpg-agent.
Daniel Kahn Gillmor [Fri, 14 Oct 2016 16:42:24 +0000 (12:42 -0400)]
doc: Document how to manually shut down gpg-agent.

* doc/gpg-agent.texi: document "gpgconf --kill gpg-agent" for manual
  agent termination.

This was requested in a side-comment in https://bugs.debian.org/840669

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agodoc: Point gpg-agent(1) at the right gpg manpage in SEE ALSO.
Daniel Kahn Gillmor [Fri, 14 Oct 2016 06:23:37 +0000 (02:23 -0400)]
doc: Point gpg-agent(1) at the right gpg manpage in SEE ALSO.

* doc/gpg-agent.texi (SEE ALSO): refer to @gpgname, instead of
  hard-coding "gpg2".

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoscd: Fix keytocard for ECC.
NIIBE Yutaka [Mon, 17 Oct 2016 03:02:28 +0000 (12:02 +0900)]
scd: Fix keytocard for ECC.

* scd/app-openpgp.c (build_ecc_privkey_template): Size can be greater
than 128 when it comes with public key for curve of larger field.

--

Reported-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agogpgconf: Fix for --homedir.
NIIBE Yutaka [Mon, 17 Oct 2016 02:36:45 +0000 (11:36 +0900)]
gpgconf: Fix for --homedir.

* tools/gpgconf-comp.c (gpg_agent_runtime_change,
scdaemon_runtime_change, dirmngr_runtime_change): Provide the homedir
arguments by --homedir when it's not default.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: Use straightforward names for the default socket names.
Werner Koch [Sun, 16 Oct 2016 20:30:26 +0000 (22:30 +0200)]
agent: Use straightforward names for the default socket names.

* configure.ac (GPG_AGENT_SOCK_NAME): Change name to *.extra.
(GPG_AGENT_EXTRA_SOCK_NAME): Change name to *browser.
--

There has been quite some fuzz about the naming of the (new) default
socket files.  The used names do not match the names of the option.
Because these are just names we now change the names to match the
names of the options instead of changing the option names to something
we can't agree upon.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Move inotify code to common and improve it.
Werner Koch [Sat, 15 Oct 2016 19:35:05 +0000 (21:35 +0200)]
agent: Move inotify code to common and improve it.

* common/sysutils.c: Include sys/inotify.h.
(my_error_from_syserror, my_error): New.
(gnupg_inotify_watch_socket): New.
(gnupg_inotify_has_name): New.
* agent/gpg-agent.c: Do not include sys/inotify.h.
(my_inotify_is_name): Remove.
(handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
the new functions.
--

When removing not a simple socket file but the entire directory the
old code missed most events and thus did not worked properly.

IN_DELETE_SELF has also been added to the watch list to detect a
removal of the directory.  However, in all tests that event was not
triggered.  The only way it could be triggered was by not watching
the socket dir but an arbitary directory and rmdir that.

GnuPG-bug-id: 2756
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: use gnupg_mkdtemp instead of mkstemp
Kai Michaelis [Fri, 14 Oct 2016 16:16:43 +0000 (18:16 +0200)]
dirmngr: use gnupg_mkdtemp instead of mkstemp

MinGW on debian does not support mkstemp.

2 years agodirmngr: add VERSIONCHECK command
Kai Michaelis [Thu, 13 Oct 2016 15:43:47 +0000 (17:43 +0200)]
dirmngr: add VERSIONCHECK command

Given an application name and version VERSIONCHECK fetches the software
version list from version.gnupg.org, verifies the signature and returns
whenever the given version is older (UPDATE), current (CURRENT) or newer
(ROLLBACK).

2 years agotests: Use shorter filenames.
Neal H. Walfield [Thu, 13 Oct 2016 19:38:50 +0000 (21:38 +0200)]
tests: Use shorter filenames.

* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg: Rename from this...
* tests/openpgp/tofu/cross-sigs/EC38277E-1.gpg: .. to this.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: Rename from this...
* tests/openpgp/tofu/cross-sigs/EC38277E-1.txt: .. to this.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: Rename from this...
* tests/openpgp/tofu/cross-sigs/EC38277E-2.gpg: .. to this.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: Rename from this...
* tests/openpgp/tofu/cross-sigs/EC38277E-2.txt: .. to this.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: Rename from this...
* tests/openpgp/tofu/cross-sigs/EC38277E-3.txt: .. to this.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: Rename from
  this...
* tests/openpgp/tofu/cross-sigs/EC38277E-secret.gpg: .. to this.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: Rename from this...
* tests/openpgp/tofu/cross-sigs/871C2247-1.gpg: .. to this.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: Rename from this...
* tests/openpgp/tofu/cross-sigs/871C2247-1.txt: .. to this.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: Rename from this...
* tests/openpgp/tofu/cross-sigs/871C2247-2.gpg: .. to this.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: Rename from this...
* tests/openpgp/tofu/cross-sigs/871C2247-2.txt: .. to this.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: Rename from this...
* tests/openpgp/tofu/cross-sigs/871C2247-3.gpg: .. to this.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: Rename from this...
* tests/openpgp/tofu/cross-sigs/871C2247-3.txt: .. to this.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: Rename from this...
* tests/openpgp/tofu/cross-sigs/871C2247-4.gpg: .. to this.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: Rename from
  this...
* tests/openpgp/tofu/cross-sigs/871C2247-secret.gpg: .. to this.
* tests/openpgp/Makefile.am (TEST_FILES): Update accordingly.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixed-commit: d2d936fbe86d61b89cead95df633b2b575690e05

2 years agog10: Be more careful when checking if a binding is signed by a UTK.
Neal H. Walfield [Thu, 13 Oct 2016 18:54:06 +0000 (20:54 +0200)]
g10: Be more careful when checking if a binding is signed by a UTK.

* g10/tofu.c (signed_by_utk): When checking if a key is signed by an
ultimately trusted key, only consider the signatures on the specified
user id.
* tests/openpgp/tofu.scm: Add test for the above.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests: Add test data to TEST_FILES.
Neal H. Walfield [Thu, 13 Oct 2016 12:26:53 +0000 (14:26 +0200)]
tests: Add test data to TEST_FILES.

* tests/openpgp/Makefile.am (TEST_FILES): Add new test data.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 4c0389f8eb19ae7dfd9c5d784a629b386d93cc5c

2 years agog10: Be more careful when checking cross signatures.
Neal H. Walfield [Thu, 13 Oct 2016 10:44:59 +0000 (12:44 +0200)]
g10: Be more careful when checking cross signatures.

* g10/tofu.c (cross_sigs): When checking cross signatures, only
consider the signatures on the specified user id.
* tests/openpgp/tofu.scm: Add test for the above.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.gpg:
  New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  1938C3A0E4674B6C217AC0B987DB2814EC38277E-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-1.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-2.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-3.txt: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-4.gpg: New file.
* tests/openpgp/tofu/cross-sigs/
  DC463A16E42F03240D76E8BA8B48C6BD871C2247-secret.gpg: New file.
* tests/openpgp/tofu/cross-sigs/README: New file.

--
Signed-off-by: Neal H. Walfield
2 years agog10: Still check if the key is an UTK or cross signed in batch mode.
Neal H. Walfield [Thu, 13 Oct 2016 10:38:19 +0000 (12:38 +0200)]
g10: Still check if the key is an UTK or cross signed in batch mode.

* g10/tofu.c (get_trust): If POLICY is ask, but we can't ask, don't
bail immediately.  Instead, check if the key in question is an
ultimately trusted key or cross signed.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL
Neal H. Walfield [Thu, 13 Oct 2016 10:32:03 +0000 (12:32 +0200)]
g10: If an sqlite operation fails, map the error code to GPG_ERR_GENERAL

* g10/tofu.c (get_policy): If an sqlite operation fails, map the error
  code to GPG_ERR_GENERAL.
(ask_about_binding): Likewise.
(build_conflict_set): Likewise.
(get_trust): Likewise.
(show_statistics): Likewise.
(tofu_register_signature): Likewise.
(tofu_register_encryption): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agotests: Remove support for deprecated functionality.
Neal H. Walfield [Thu, 13 Oct 2016 10:30:12 +0000 (12:30 +0200)]
tests: Remove support for deprecated functionality.

* tests/openpgp/tofu.scm: Don't remove tofu.d.  It's deprecated.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: When changing a TOFU binding's policy, update the conflict info
Neal H. Walfield [Wed, 12 Oct 2016 19:42:10 +0000 (21:42 +0200)]
g10: When changing a TOFU binding's policy, update the conflict info

* g10/tofu.c (record_binding): Take an additional argument, CONFLICT.
Set the binding's conflict accordingly.  Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Make a singular string singular.
Neal H. Walfield [Wed, 12 Oct 2016 19:40:03 +0000 (21:40 +0200)]
g10: Make a singular string singular.

* g10/tofu.c (ask_about_binding): Make the singular string singular.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Correctly determine whether a binding has a conflict.
Neal H. Walfield [Wed, 12 Oct 2016 19:39:12 +0000 (21:39 +0200)]
g10: Correctly determine whether a binding has a conflict.

* g10/tofu.c (build_conflict_set): A binding has a conflict is
conflict is *not* NULL, not if it is NULL.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Fix a column's type in TOFU DB.
Neal H. Walfield [Wed, 12 Oct 2016 19:37:34 +0000 (21:37 +0200)]
g10: Fix a column's type in TOFU DB.

* g10/tofu.c (initdb): Change policy from a boolean to an integer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Note: sqlite ignores type information so this change has no real
impact.

2 years agotests: Rework test environment setup.
Justus Winter [Fri, 7 Oct 2016 14:17:49 +0000 (16:17 +0200)]
tests: Rework test environment setup.

* tests/openpgp/setup.scm: Import one keyring at a time.  This works
around a yet to be investigated hang on Windows.  It is also much
prettier.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Improve handling of Windows newlines.
Justus Winter [Fri, 7 Oct 2016 14:16:15 +0000 (16:16 +0200)]
tests: Improve handling of Windows newlines.

* tests/gpgscm/lib.scm (string-split-newlines): New function.
* tests/openpgp/default-key.scm: Use new function.
* tests/openpgp/defs.scm: Likewise.
* tests/openpgp/export.scm: Likewise.
* tests/openpgp/import.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Improve test of low-level functions.
Justus Winter [Fri, 7 Oct 2016 14:13:08 +0000 (16:13 +0200)]
gpgscm: Improve test of low-level functions.

* tests/gpgscm/t-child.c: Print large amounts of data.
* tests/gpgscm/t-child.scm: Test that this works.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Improve path handling.
Justus Winter [Fri, 7 Oct 2016 10:53:25 +0000 (12:53 +0200)]
gpgscm: Improve path handling.

* tests/gpgscm/ffi.c (ffi_init): New Scheme variable '*win32*'.
* tests/gpgscm/tests.scm (canonical-path): Correctly handle paths with
drive letter on Windows.  Use 'path-join'.
(path-expand): Use 'path-join'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotools: Fix error handling.
Justus Winter [Fri, 7 Oct 2016 10:52:09 +0000 (12:52 +0200)]
tools: Fix error handling.

* tools/gpgtar-create.c (gpgtar_create): Do not crash if opening the
tarball failed.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent: Fix get_socket_name.
NIIBE Yutaka [Fri, 7 Oct 2016 10:00:10 +0000 (19:00 +0900)]
agent: Fix get_socket_name.

* agent/gpg-agent.c (get_socket_name): Fix the size of copying.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoRevert "g10: Fix singular term."
Werner Koch [Fri, 7 Oct 2016 05:59:21 +0000 (07:59 +0200)]
Revert "g10: Fix singular term."

--

This reverts commit b0d2526bc4e5c663eeffe04500420c70cee98712.

The number of format elements may not change in ngettext.  The entire
construct is anyway wrong because ngettext is passed a different value
than what is used in the printf.

We need to rework the use of most strings in tofu.c.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Put extra parens around bit tests.
Werner Koch [Fri, 7 Oct 2016 05:54:38 +0000 (07:54 +0200)]
gpg: Put extra parens around bit tests.

* g10/options.h (DBG_MPI): New.
* g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
* g10/parse-packet.c (set_packet_list_mode): Use dbg macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent, dirmngr, scd: Fix init_common_subsystems.
NIIBE Yutaka [Fri, 7 Oct 2016 01:45:22 +0000 (10:45 +0900)]
agent, dirmngr, scd: Fix init_common_subsystems.

* common/init.c (_init_common_subsystems): Don't call
gpgrt_set_syscall_clamp in this function.
* agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
gpgrt_set_syscall_clamp after npth_init.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agocommon: Avoid pointer arithmetic on string literals.
Justus Winter [Thu, 6 Oct 2016 12:48:52 +0000 (14:48 +0200)]
common: Avoid pointer arithmetic on string literals.

* common/gettime.c (rfctimestamp): Use indexing instead.
* common/signal.c (got_fatal_signal): Likewise.

2 years agog10: Fix singular term.
Justus Winter [Thu, 6 Oct 2016 12:33:20 +0000 (14:33 +0200)]
g10: Fix singular term.

* g10/tofu.c (ask_about_binding): Fix singular message.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: Use appropriate variant of 'abs'.
Justus Winter [Thu, 6 Oct 2016 12:32:10 +0000 (14:32 +0200)]
g10: Use appropriate variant of 'abs'.

* g10/tofu.c (ask_about_binding): Use 'labs' instead of 'abs'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agosm: Remove statement without effect.
Justus Winter [Thu, 6 Oct 2016 12:30:56 +0000 (14:30 +0200)]
sm: Remove statement without effect.

* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Remove statement without
effect.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: Fix testing for debug flag.
Justus Winter [Thu, 6 Oct 2016 12:17:55 +0000 (14:17 +0200)]
g10: Fix testing for debug flag.

* g10/parse-packet.c (set_packet_list_mode): Fix testing for debug
flag.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotools: Improve error handling.
Justus Winter [Thu, 6 Oct 2016 12:17:03 +0000 (14:17 +0200)]
tools: Improve error handling.

* tools/gpg-wks-server.c (copy_key_as_binary): Initialize 'argv'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Update callsite of 'gnupg_spawn_process'.
Justus Winter [Thu, 6 Oct 2016 12:13:18 +0000 (14:13 +0200)]
gpgscm: Update callsite of 'gnupg_spawn_process'.

* tests/gpgscm/ffi.c (do_spawn_process): Adapt to the changes to
'gnupg_spawn_process'.

Fixes-commit: 44a32455
Fixes-commit: 96c7901e
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agowks: Send key encrypted as required by draft -02
Werner Koch [Wed, 5 Oct 2016 12:38:37 +0000 (14:38 +0200)]
wks: Send key encrypted as required by draft -02

* tools/gpg-wks-client.c (get_key): Encrypt.
(encrypt_response): Take care of --fake-submission-addr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Add option --fake-submission-addr to gpg-wks-client.
Werner Koch [Wed, 5 Oct 2016 09:51:32 +0000 (11:51 +0200)]
wks: Add option --fake-submission-addr to gpg-wks-client.

* tools/gpg-wks-client.c (oFakeSubmissionAddr): New.
(opts): Add option --fake-submission-addr.
(fake_submission_addr): New variable.
(parse_arguments): Set it.
(command_send): Use --fake-submission-addr.
--

This option is useful for testing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Another minor fix to map_supervised_sockets.
Werner Koch [Wed, 5 Oct 2016 09:48:59 +0000 (11:48 +0200)]
agent: Another minor fix to map_supervised_sockets.

* agent/gpg-agent.c (map_supervised_sockets): Remove debug message.
Provide correct fd in the second error case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Fix npth + supervised mode problem.
Werner Koch [Wed, 5 Oct 2016 07:13:27 +0000 (09:13 +0200)]
agent: Fix npth + supervised mode problem.

* agent/gpg-agent.c (main): Initialize modules in supervised mode.
--

It was probably my fault.  I had to rebase my patches to take in the
npth patches but for some reason my addition of initialize_modules got
lost.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Fix error handling in map_supervised_sockets
Daniel Kahn Gillmor [Wed, 5 Oct 2016 04:23:11 +0000 (00:23 -0400)]
agent: Fix error handling in map_supervised_sockets

* agent/gpg-agent.c (map_supervised_sockets): the file descriptor to
  close on error is fd, not i.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoagent: Streamline the supervised mode code.
Werner Koch [Tue, 4 Oct 2016 15:02:49 +0000 (17:02 +0200)]
agent: Streamline the supervised mode code.

* agent/gpg-agent.c (get_socket_path): Rename to ...
(get_socket_name): this.  This is to comply with the GNU coding guide.
Use xtrymalloc instead of malloc.  Do not build for W32.
(map_supervised_sockets): Use strtokenize and set the the socket names
here.
(main): Adjust for above change.  Do not close the socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Adjust cleanup for supervised mode. Fix for W32.
Werner Koch [Tue, 4 Oct 2016 14:57:55 +0000 (16:57 +0200)]
agent: Adjust cleanup for supervised mode.  Fix for W32.

* agent/gpg-agent.c (opts) [W32]: Remove option --supervised.
(is_supervised): Move from main() to global.
(inhibit_socket_removal): New.
(cleanup): Take care of supervise mode and INHIBIT_SOCKET_REMOVAL.
(check_own_socket_thread): Set INHIBIT_SOCKET_REMOVAL instead of
seting the socket names to empty.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Adjust supervised mode for the new default socket names.
Werner Koch [Tue, 4 Oct 2016 09:23:18 +0000 (11:23 +0200)]
agent: Adjust supervised mode for the new default socket names.

* agent/gpg-agent.c (main): In supervised mode do not provide default
socket names.  Unset DISPLAY and INSIDE_EMACS.  Use log_error and
agent_exit.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Implement --supervised command (for systemd, etc).
Daniel Kahn Gillmor [Fri, 12 Aug 2016 05:37:59 +0000 (01:37 -0400)]
agent: Implement --supervised command (for systemd, etc).

* agent/gpg-agent.c (get_socket_path): New function for POSIX systems
to return the path for a provided unix-domain socket.
(map_supervised_sockets): New function to inspect $LISTEN_FDS and
$LISTEN_FDNAMES and map them to the specific functionality offered by
the agent.
(main): Add --supervised command.  When used, listen on already-open
file descriptors instead of opening our own.
* doc/gpg-agent.texi: Document --supervised option.

--

"gpg-agent --supervised" is a way to invoke gpg-agent such that a
system supervisor like systemd can provide socket-activated startup,
log management, and scheduled shutdown.

When running in this mode, gpg-agent:

 * Does not open its own listening socket; rather, it expects to be
   given a listening socket on incoming file descriptors.

 * Does not detach from the invoking process, staying in the
   foreground instead.  Unless otherwise specified, logs are sent to
   stderr.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agobuild,w32: Unconditionally build tests.
Justus Winter [Fri, 30 Sep 2016 14:22:40 +0000 (16:22 +0200)]
build,w32: Unconditionally build tests.

* configure.ac (run_tests, RUN_TESTS, RUN_GPG_TESTS): Remove
variables.  They are misleadingly named, as they inhibit building the
tests.  There is no reason not to build the tests even when
cross-compiling, as they are only run if one does 'make check'.
* Makefile: Adapt accordingly.
* tests/Makefile.am: Adapt accordingly.  Avoid building 'asschk' on
Windows as it uses non-portable functions.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests,w32: Do not expose 'glob' to gpgscm.
Justus Winter [Tue, 4 Oct 2016 10:59:18 +0000 (12:59 +0200)]
tests,w32: Do not expose 'glob' to gpgscm.

* tests/gpgscm/ffi.c (do_glob): Remove function.
(ffi_init): Likewise.
--
'glob' is not available on mingw, and portability is the whole point
of gpgscm.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests,w32: Avoid using 'glob'.
Justus Winter [Tue, 4 Oct 2016 10:46:00 +0000 (12:46 +0200)]
tests,w32: Avoid using 'glob'.

* tests/openpgp/setup.scm: Avoid 'glob' which is not available on
mingw.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotools: Ignore existing directories in gpgtar.
Justus Winter [Tue, 4 Oct 2016 10:44:14 +0000 (12:44 +0200)]
tools: Ignore existing directories in gpgtar.

* tools/gpgtar-extract.c (extract_directory): Ignore existing
directories now that we have '--directory'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent, dirmngr, scd: npth_init must be after fork.
NIIBE Yutaka [Tue, 4 Oct 2016 00:01:13 +0000 (09:01 +0900)]
agent, dirmngr, scd: npth_init must be after fork.

* agent/gpg-agent.c (thread_init_once, initialize_modules): New.
(main): Make sure no daemonizing-fork call after npth_init, and no npth
calls before npth_init, with care of npth calls by assuan hooks.
* dirmngr/dirmngr.c (thread_init): New.
(main): Make sure npth_init must not be called before daemonizing fork.
* scd/scdaemon.c (main): Likewise.

--

It is simply the best for nPth not to allow the daemonizing fork after
npth_init, because semantics and implementations of forked child process
in a threaded application is a difficult corner case.

GnuPG-bug-id: 1779
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: Remove the warning for the GKR hijacking.
Werner Koch [Fri, 30 Sep 2016 17:38:03 +0000 (19:38 +0200)]
agent: Remove the warning for the GKR hijacking.

* g10/call-agent.c (check_hijacking): Remove.
(start_agent): Remove call.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Create the extra sockets in the standard socket dir.
Werner Koch [Fri, 30 Sep 2016 17:21:51 +0000 (19:21 +0200)]
agent: Create the extra sockets in the standard socket dir.

* agent/gpg-agent.c (main): Take the socketdir in account for the
default sockets.
* tools/gpgconf.c (list_dirs): Add "agent-extra-socket" and
"agent-browser-socket".

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Kludge to allow disabling of the extra sockets.
Werner Koch [Fri, 30 Sep 2016 16:49:16 +0000 (18:49 +0200)]
agent: Kludge to allow disabling of the extra sockets.

* agent/gpg-agent.c (main): Check for special socket names.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agowks: Avoid long trustdb checks.
Werner Koch [Fri, 30 Sep 2016 14:58:10 +0000 (16:58 +0200)]
wks: Avoid long trustdb checks.

* tools/wks-receive.c (verify_signature): Use --always-trust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agobuild: Fix build against libiconv.
Justus Winter [Fri, 30 Sep 2016 10:34:31 +0000 (12:34 +0200)]
build: Fix build against libiconv.

* agent/Makefile.am: Add INCICONV and LIBICONV.
* common/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent: Enable restricted, browser, and ssh socket by default.
Justus Winter [Thu, 15 Sep 2016 12:47:00 +0000 (14:47 +0200)]
agent: Enable restricted, browser, and ssh socket by default.

* agent/gpg-agent.c (main): Provide defaults for 'extra-socket' and
'browser-socket', enable ssh socket by default, but do not emit the
'SSH_AUTH_SOCK' variable unless it has been explicitly requested.
* configure.ac (GPG_AGENT_{EXTRA,BROWSER}_SOCK_NAME): New definitions.
* doc/gpg-agent.texi: Update documentation.
--

This change enables the restricted, browser, and ssh socket by
default.  Note that in all cases, the user has to do some additional
configuration to her setup to make use of these features.  Therefore,
this should not break any existing setups, but makes it simpler to
discover and use these features.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agow32: Fix STARTTLS on LDAP connections.
Justus Winter [Fri, 30 Sep 2016 08:57:32 +0000 (10:57 +0200)]
w32: Fix STARTTLS on LDAP connections.

* dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix build against
<winldap.h>.

GnuPG-bug-id: 1338
Debian-bug-id: 623526
Fixes-commit: 9e6f8a55
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agowks: Partly implement draft-koch-openpgp-webkey-service-02.
Werner Koch [Thu, 29 Sep 2016 15:55:32 +0000 (17:55 +0200)]
wks: Partly implement draft-koch-openpgp-webkey-service-02.

* tools/gpg-wks.h (WKS_RECEIVE_DRAFT2): New.
* tools/wks-receive.c: Include rfc822parse.h.
(struct receive_ctx_s): Add fields PARSER, DRAFT_VERSION_2, and
MULTIPART_MIXED_SEEN.
(decrypt_data): Add --no-options.
(verify_signature): Ditto.
(new_part): Check for Wks-Draft-Version header.  Take care of text
parts.
(wks_receive): Set Parser and pass a flag value to RESULT_CB.
* tools/gpg-wks-client.c (read_confirmation_request): New.
(main) <aRead>: Call read_confirmation_request instead of
process_confirmation_request.
(command_receive_cb): Ditto.  Add arg FLAGS..
(decrypt_stream_status_cb, decrypt_stream): New.
(command_send): Set header Wks-Draft-Version.
* tools/gpg-wks-server.c (struct server_ctx_s): Add field
DRAFT_VERSION_2.
(sign_stream_status_cb, sign_stream): New.
(command_receive_cb): Set draft flag.
(send_confirmation_request): Rework to implement protocol draft
version 2.

* tools/gpg-wks.h (DBG_MIME_VALUE, DBG_PARSER_VALUE): New.
(DBG_MIME, DBG_PARSER, DBG_CRYPTO): New.  Use instead of a plain
opt.debug where useful.
* tools/gpg-wks-client.c (debug_flags): Add "mime" and "parser".
* tools/gpg-wks-server.c (debug_flags): Ditto.
--

If a client supporting the version 2 of the protocol is used, it will
tell this the server using a mail header.  An old server will ignore
that but a recent server will use the new protocol.  Next task is to
actually write draft-02.

There are still a lot of FIXMEs - take care.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Convey signeddata also to the part_data callback in mime-parser.
Werner Koch [Thu, 29 Sep 2016 15:59:09 +0000 (17:59 +0200)]
tools: Convey signeddata also to the part_data callback in mime-parser.

* tools/mime-parser.c (mime_parser_parse): Factor some code out to ...
(process_part_data): new.
((mime_parser_parse): Also call process_part_data for signed data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Allow retrieval of signed data from mime-maker.
Werner Koch [Thu, 29 Sep 2016 15:38:06 +0000 (17:38 +0200)]
tools: Allow retrieval of signed data from mime-maker.

* tools/mime-maker.c (find_part): New.
(mime_maker_get_part): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Change mime-maker to write out CR,LF.
Werner Koch [Thu, 29 Sep 2016 10:29:27 +0000 (12:29 +0200)]
tools: Change mime-maker to write out CR,LF.

* tools/mime-maker.c (struct part_s): Add field PARTID.
(struct mime_maker_context_s): Add field PARTID_COUNTER.
(dump_parts): Print part ids.
(mime_maker_add_header): Assign PARTID.
(mime_maker_add_container): Ditto.
(mime_maker_get_partid): New.
(write_ct_with_boundary): Remove.
(add_header): Strip trailing white spaces.
(write_header): Remove trailing spaces trimming.  Add arg BOUNDARY.
Handle emdedded LFs.
(write_gap, write_boundary, write_body): New.
(write_tree): Use new functions.
--

These changes prepare for forthcoming enhancements.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Simplify the mime-maker container creation.
Werner Koch [Thu, 29 Sep 2016 08:20:38 +0000 (10:20 +0200)]
tools: Simplify the mime-maker container creation.

* tools/mime-maker.c (struct part_s): Remove field MEDIATYPE.
(release_parts): Ditto.
(dump_parts): Print a body line only if tehre is a body.
(mime_maker_add_header): Check for body or container.
(mime_maker_add_container): Remove arg MEDIATYPE.  Change all callers.
(mime_maker_end_container): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotools: Give mime parser callbacks access to the rfc822 parser.
Werner Koch [Thu, 29 Sep 2016 06:11:32 +0000 (08:11 +0200)]
tools: Give mime parser callbacks access to the rfc822 parser.

* tools/mime-parser.c (mime_parser_context_s): Add field MSG.
(parse_message_cb): Set it.
(mime_parser_rfc822parser): New.
* tools/mime-parser.h: Declare rfc822parse_t for the new prototype.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Fix STARTTLS on LDAP connections.
Justus Winter [Thu, 29 Sep 2016 12:17:24 +0000 (14:17 +0200)]
dirmngr: Fix STARTTLS on LDAP connections.

* dirmngr/ks-engine-ldap.c (my_ldap_connect): Fix unfortunate typo.
--
Courtesy of pkgsrc contributor fhajny.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpg: Improve WKD by importing only the requested UID.
Werner Koch [Wed, 28 Sep 2016 13:35:31 +0000 (15:35 +0200)]
gpg: Improve WKD by importing only the requested UID.

* g10/keyserver.c: Include mbox-util.h.
(keyserver_import_wkd): Do not use the global import options but
employ an import filter.
--

We also make sure that an mbox has been passed to keyserver_import_wkd
so it may also be called with a complete user id (which is currently
not the case).

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Reject import if an import filter removed all user ids.
Werner Koch [Wed, 28 Sep 2016 13:32:04 +0000 (15:32 +0200)]
gpg: Reject import if an import filter removed all user ids.

* g10/import.c (any_uid_left): New.
(import_one): Check that a UID is left.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Make import filter data object more flexible.
Werner Koch [Wed, 28 Sep 2016 11:39:09 +0000 (13:39 +0200)]
gpg: Make import filter data object more flexible.

* g10/main.h (import_filter_t): New.
* g10/import.c (struct import_filter_s): Declare struct.
(import_keep_uid, import_drop_sig): Replace by ...
(import_filter): new.  Adjust all users.
(cleanup_import_globals): Move code to ...
(release_import_filter): new.
(save_and_clear_import_filter): New.
(restore_import_filter): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Make sure that internal key import is done with a binary stream.
Werner Koch [Wed, 28 Sep 2016 11:36:28 +0000 (13:36 +0200)]
gpg: Make sure that internal key import is done with a binary stream.

* g10/import.c (import_keys_internal): Open stream in binary mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agobuild: Do not link gpg-connect-agent against npth.
Justus Winter [Tue, 27 Sep 2016 15:45:52 +0000 (17:45 +0200)]
build: Do not link gpg-connect-agent against npth.

* tools/Makefile.am: Do not link gpg-connect-agent against npth.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agobuild: Fix check for resolver library on macOS.
Justus Winter [Tue, 27 Sep 2016 15:18:15 +0000 (17:18 +0200)]
build: Fix check for resolver library on macOS.

* configure.ac: Check for the mangled name of 'dn_skipname' first.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: Correctly handle modules relying on npth.
Justus Winter [Tue, 27 Sep 2016 13:54:56 +0000 (15:54 +0200)]
common: Correctly handle modules relying on npth.

* common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
(with_npth_sources): New variable.
(libcommonpth_a_SOURCES): Use the new variable.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent, sm: Set CTX after start_agent.
NIIBE Yutaka [Tue, 27 Sep 2016 05:45:21 +0000 (14:45 +0900)]
agent, sm: Set CTX after start_agent.

* g10/call-agent.c (agent_keytocard): Assign parm.ctx after start_agent.
* sm/call-agent.c (gpgsm_agent_pksign, gpgsm_scd_pksign)
(gpgsm_agent_readkey, gpgsm_agent_scd_serialno)
(gpgsm_agent_scd_keypairinfo, gpgsm_agent_marktrusted)
(gpgsm_agent_passwd, gpgsm_agent_get_confirmation)
(gpgsm_agent_ask_passphrase, gpgsm_agent_keywrap_key)
(gpgsm_agent_export_key): Likewise.

--

Reported-by: Rainer Perske
GnuPG-bug-id: 2699
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>