gnupg.git
3 years agotests: Make ssh test more robust.
Justus Winter [Wed, 10 Aug 2016 05:58:24 +0000 (07:58 +0200)]
tests: Make ssh test more robust.

* tests/openpgp/ssh.scm: Drop the 'MD5:' which was not printed by
previous ssh versions.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agoagent: SSH support fix.
NIIBE Yutaka [Wed, 10 Aug 2016 04:51:14 +0000 (13:51 +0900)]
agent: SSH support fix.

* agent/command-ssh.c (ssh_handler_request_identities): Keep error
message same.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agoagent: Fix regression in recent ssh changes.
Werner Koch [Tue, 9 Aug 2016 15:44:54 +0000 (17:44 +0200)]
agent: Fix regression in recent ssh changes.

* agent/command-ssh.c (sexp_key_construct): Lowercase the algo name.
--

We need to use a lowercase version of the algo in S-expression.
Unfortunately Libgcrypt has no function for this, thus we need to
malloc and first.

Fixes-commit: ebf24e3
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Extend the PROGRESS line to give the used unit.
Werner Koch [Tue, 9 Aug 2016 14:22:24 +0000 (16:22 +0200)]
gpg: Extend the PROGRESS line to give the used unit.

* g10/progress.c (write_status_progress): Print the units parameter.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoCleanup initialization of libgcrypt.
Ben Kibbey [Mon, 8 Aug 2016 22:40:03 +0000 (18:40 -0400)]
Cleanup initialization of libgcrypt.

* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.

--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.

Signed-off-by: Ben Kibbey <bjk@luxsci.net>
3 years agoagent: SSH support improvement.
NIIBE Yutaka [Tue, 9 Aug 2016 02:42:20 +0000 (11:42 +0900)]
agent: SSH support improvement.

* agent/command-ssh.c (ssh_handler_request_identities): Skip a key with
error, not giving up to handle the request itself.
* agent/cvt-openpgp.c (extract_private_key): Support "ecdsa" key.

--

Note that "ecdsa" key is still in use by old versions of gpg-agent
through its SSH handling (until 2.1.14).  With old versions of
gpg-agent, adding ECDSA key by ssh-add command, "ecdsa" key will be
created.  So, "ecdsa" key should be supported.

For g10/gpg, "ecdsa" and "ecdh" was only used in some experimental
versions of libgcrypt, with parameters.  We now use "ecc" for all cases
in released versions.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agogpg: Cleanup of dek_to_passphrase function (part 2).
Werner Koch [Mon, 8 Aug 2016 16:45:29 +0000 (18:45 +0200)]
gpg: Cleanup of dek_to_passphrase function (part 2).

* g10/passphrase.c (passphrase_get): Remove arg KEYID.  Change arg
MODE to NOCACHE.
(passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO.  Split arg
MODE into CREATE and NOCACHE.  Change all callers and adjust stubs.
(passphrase_clear_cache): Remove args KEYID and ALGO.  They are not
used.  Change caller.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Cleanup of dek_to_passphrase function (part 1).
Werner Koch [Mon, 8 Aug 2016 15:42:37 +0000 (17:42 +0200)]
gpg: Cleanup of dek_to_passphrase function (part 1).

* g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and
CUSTPROMPT.  Merge into the passphrase_to_dek wrapper.
(passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT.
--

The function is nowadays only used for symmetric encryption.  Thus we
do not need all the former advanced stuff.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: More clean up of SSH support.
NIIBE Yutaka [Mon, 8 Aug 2016 09:46:44 +0000 (18:46 +0900)]
agent: More clean up of SSH support.

* common/util.h (get_pk_algo_from_key): New.
* common/sexputil.c (get_pk_algo_from_key): The implementation.
* agent/gpg-agent.c: Remove include of openpgpdefs.h.
* agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
(ssh_key_types): Update with GCRY_PK_*.
(make_cstring, sexp_extract_identifier): Remove.
(sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
(ssh_key_to_blob): Use cadr to get value list.
(ssh_key_type_lookup): Lookup with integer ALGO.
(ssh_receive_key): Follow the change of ssh_key_type_lookup.
(ssh_send_key_public): Likewise.  Use get_pk_algo_from_key to get ALGO.

--

This fixes the regresson introduced by the commit
894789c3299dc47a8c1ccaaa7070382f0fae0262.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agotests: Add openpgp/gpgv-forged-keyring.scm.
NIIBE Yutaka [Mon, 8 Aug 2016 04:24:02 +0000 (13:24 +0900)]
tests: Add openpgp/gpgv-forged-keyring.scm.

* tests/openpgp/gpgv-forged-keyring.scm: New.
* tests/openpgp/forged-keyring.gpg: New.
* tests/openpgp/Makefile.am (TESTS): Add gpgv-forged-keyring.scm.
* tests/openpgp/defs.scm (tools): Add GPGV.
(GPGV): New.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agoagent: Fix long standing regression tracking the connection count.
Werner Koch [Sat, 6 Aug 2016 08:14:17 +0000 (10:14 +0200)]
agent: Fix long standing regression tracking the connection count.

* agent/gpg-agent.c (get_agent_active_connection_count): New.
(do_start_connection_thread, start_connection_thread_ssh): Bump
ACTIVE_CONNECTIONS up and down.
* agent/command.c (cmd_getinfo): Add subcommand "connections".
--

The variable ACTIVE_CONNECTIONS is used to shutdown gpg-agent in a
friendly way.  Before we switched to nPth a Pth provided count of
threads was used for this.  During the migration to nPth
ACTIVE_CONNECTIONS was introduced and checked but never set.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Clean up SSH support.
NIIBE Yutaka [Sat, 6 Aug 2016 05:47:29 +0000 (14:47 +0900)]
agent: Clean up SSH support.

* agent/command-ssh.c (file_to_buffer): Remove.
(ssh_handler_request_identities): Use agent_public_key_from_file.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agogpg: Avoid publishing the GnuPG version by default
Daniel Kahn Gillmor [Thu, 4 Aug 2016 20:58:13 +0000 (16:58 -0400)]
gpg: Avoid publishing the GnuPG version by default

* g10/gpg.c (main): initialize opt.emit_version to 0
* doc/gpg.texi: document different default for --emit-version

--

The version of GnuPG in use is not particularly helpful.  It is not
cryptographically verifiable, and it doesn't distinguish between
significant version differences like 2.0.x and 2.1.x.

Additionally, it leaks metadata that can be used to distinguish users
from one another, and can potentially be used to target specific
attacks if there are known behaviors that differ between major
versions.

It's probably better to take the more parsimonious approach to
metadata production by default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agogpg: Make sure that keygrips are printed for each subkey.
Werner Koch [Thu, 4 Aug 2016 13:34:14 +0000 (15:34 +0200)]
gpg: Make sure that keygrips are printed for each subkey.

* g10/keylist.c (list_keyblock_colon): Print an emprty grip in case of
an error.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Always print the fingerprint in colons mode.
Werner Koch [Thu, 4 Aug 2016 13:01:42 +0000 (15:01 +0200)]
gpg: Always print the fingerprint in colons mode.

* g10/keylist.c (list_keyblock_colon): Remove arg FPR.  Always print
fingerprint records.  For secret keys always print keygrip records.
--

The fingerprint should always be used thus we should always print it.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agotests: Use gpgconf to set the ssh socket envvar.
Werner Koch [Thu, 4 Aug 2016 11:04:28 +0000 (13:04 +0200)]
tests: Use gpgconf to set the ssh socket envvar.

* tests/openpgp/ssh.scm ("SSH_AUTH_SOCK"): Use gpgconf.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgconf: Add limited support for -0.
Werner Koch [Thu, 4 Aug 2016 11:02:37 +0000 (13:02 +0200)]
gpgconf: Add limited support for -0.

* tools/gpgconf.h (opt): Add field 'null'.
* tools/gpgconf.c: Add option --null/-0.
(list_dirs): Use it here.
--

This option changes the delimites for --list-dir with arguments from
LF to Nul.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agotests: Update list of tests in Scheme test runner.
Justus Winter [Thu, 4 Aug 2016 10:10:47 +0000 (12:10 +0200)]
tests: Update list of tests in Scheme test runner.

* tests/openpgp/run-tests.scm: Add missing tests.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Fix path to fake-pinentry.
Justus Winter [Thu, 4 Aug 2016 10:09:52 +0000 (12:09 +0200)]
tests: Fix path to fake-pinentry.

* tests/openpgp/defs.scm: Correctly compute the path to fake-pinentry.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agopo: Update Japanese translation.
NIIBE Yutaka [Thu, 4 Aug 2016 08:31:13 +0000 (17:31 +0900)]
po: Update Japanese translation.

3 years agopo: update Japanese translation.
NIIBE Yutaka [Thu, 4 Aug 2016 08:02:20 +0000 (17:02 +0900)]
po: update Japanese translation.

3 years agog10: Fix checking key for signature validation.
NIIBE Yutaka [Thu, 4 Aug 2016 07:21:39 +0000 (16:21 +0900)]
g10: Fix checking key for signature validation.

* g10/sig-check.c (check_signature2): Not only subkey, but also primary
key should have flags.valid=1.

--

The tweak of gpgv in e32c575e0f3704e7563048eea6d26844bdfc494b only makes
sense with this change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agoReword feature description.
Justus Winter [Wed, 3 Aug 2016 15:00:40 +0000 (17:00 +0200)]
Reword feature description.

--
Suggested-by: Peter Gutmann
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agokbx: Add missing header file.
Justus Winter [Wed, 3 Aug 2016 14:58:32 +0000 (16:58 +0200)]
kbx: Add missing header file.

* kbx/keybox-update.c: Add missing header file.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agoMore cleanup of "allow to".
Daniel Kahn Gillmor [Tue, 2 Aug 2016 02:19:17 +0000 (22:19 -0400)]
More cleanup of "allow to".

* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
  common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
  dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
  doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
  doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
  g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
  m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
  po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
  po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
  po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
  po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
  scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
  sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
  with clearer text.

In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something.  When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.

These changes should make the language a bit clearer.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agodirmngr: Emit correct spelling of "superseded".
Daniel Kahn Gillmor [Tue, 2 Aug 2016 02:19:16 +0000 (22:19 -0400)]
dirmngr: Emit correct spelling of "superseded".

* dirmngr/crlcache.c (list_one_crl_entry): Spell superseded correctly.
* dirmngr/ocsp.c (ocsp_invalid): Likewise.

This might break some tools which parse the existing output and expect
misspellings, but i'm not sure there are many such tools, and we
should use standardized orthography going forward.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agoFix spelling and grammar.
Daniel Kahn Gillmor [Tue, 2 Aug 2016 02:19:15 +0000 (22:19 -0400)]
Fix spelling and grammar.

* agent/learncard.c: s/coccured/occurred/
* doc/dirmngr.texi: s/ommitted/omitted/, s/orginally/originally/,
  s/reponses/responses/i
* doc/gpg-agent.texi, doc/dirmngr.texi, doc/gpg.texi: Fix "allows
  to" to more conventional english usage.
* doc/tools.texi, g10/gpgcommpose.c, tests/openpgp/armor.scm,
  tests/openpgp/armor.test: s/occured/occurred/
* tools/gpgsplit.c: s/calcualting/calculating/
* sm/server.c: s/formated/formatted/

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 years agogpg,gpgsm: Block signals during keyring/keybox update.
Werner Koch [Wed, 3 Aug 2016 13:31:27 +0000 (15:31 +0200)]
gpg,gpgsm: Block signals during keyring/keybox update.

* kbx/keybox-util.c (keybox_file_rename): Add arg BLOCK_SIGNALS.
* kbx/keybox-update.c (rename_tmp_file): Block all signals when doing
a double rename.
* g10/keyring.c (rename_tmp_file): Block all signals during the double
rename.
--

This might fix
Debian-bug-id: 831510

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: New file utilproto.c
Werner Koch [Wed, 3 Aug 2016 13:27:03 +0000 (15:27 +0200)]
common: New file utilproto.c

* common/util.h: Factor prototypes from signal.c out to ...
* common/utilproto.h: new.
* common/Makefile.am (common_sources): Add new file.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgsm: Fix machine-readable key listing.
Justus Winter [Mon, 1 Aug 2016 10:32:36 +0000 (12:32 +0200)]
gpgsm: Fix machine-readable key listing.

* sm/keylist.c (list_cert_colon): Drop superfluous colon.

GnuPG-bug-id: 2432
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Distribute standalone test runner.
Justus Winter [Mon, 1 Aug 2016 09:08:43 +0000 (11:08 +0200)]
tests: Distribute standalone test runner.

* tests/openpgp/Makefile.am (EXTRA_DIST): Add missing file
'run-tests.scm'.

GnuPG-bug-id: 2431
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Fix distcheck.
Justus Winter [Thu, 28 Jul 2016 16:11:50 +0000 (18:11 +0200)]
tests: Fix distcheck.

* tests/openpgp/Makefile.am (sample_msgs): New variable.
(EXTRA_DIST): Also ship the sample msgs.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agobuild: Fix check for Android.
Fredrik Fornwall [Wed, 27 Jul 2016 10:31:19 +0000 (12:31 +0200)]
build: Fix check for Android.

* configure.ac: Match other Android targets as well.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Fix iobuf_peek corner case.
Justus Winter [Tue, 26 Jul 2016 16:29:01 +0000 (18:29 +0200)]
common: Fix iobuf_peek corner case.

Previously, iobuf_peek on a file smaller than 'buflen' would hang.

* common/iobuf.c (underflow): Generalize by adding a target parameter.
(iobuf_peek): Use this to prevent looping here.
* tests/openpgp/Makefile.am (TESTS): Add new test.
* tests/openpgp/setup.scm (dearmor): Move function...
* tests/openpgp/defs.scm (dearmor): ... here.
* tests/openpgp/issue2419.scm: New file.
* tests/openpgp/samplemsgs/issue2419.asc: Likewise.

GnuPG-bug-id: 2419
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpgscm: Do not shadow common function name in catch macro.
Justus Winter [Tue, 26 Jul 2016 16:35:58 +0000 (18:35 +0200)]
gpgscm: Do not shadow common function name in catch macro.

* tests/gpgscm/init.scm (catch): Do not shadow 'exit'.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Fix distcheck.
Justus Winter [Tue, 26 Jul 2016 14:03:06 +0000 (16:03 +0200)]
tests: Fix distcheck.

* tests/openpgp/Makefile.am (samplekeys): Add missing key.

Fixes-commit: 4ba11251
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpgscm: Make the verbose setting more useful.
Justus Winter [Tue, 26 Jul 2016 13:53:50 +0000 (15:53 +0200)]
gpgscm: Make the verbose setting more useful.

* tests/gpgscm/ffi.c (do_get_verbose): New function.
(do_set_verbose): Likewise.
(ffi_init): Turn *verbose* into a function, add *set-verbose!*.
* tests/gpgscm/tests.scm (call): Adapt accordingly.
(call-with-io): Dump output if *verbose* is high.
(pipe-do): Adapt accordingly.
* tests/openpgp/defs.scm: Set verbosity according to environment.
* tests/openpgp/run-tests.scm (test): Adapt accordingly.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Avoid excessive stack use.
Justus Winter [Tue, 26 Jul 2016 12:49:02 +0000 (14:49 +0200)]
common: Avoid excessive stack use.

* common/exectool.c (copy_buffer_shred): Make passing NULL a nop.
(gnupg_exec_tool_stream): Allocate copy buffers from the heap.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Rework resource cleanup when handling errors.
Justus Winter [Tue, 26 Jul 2016 12:31:11 +0000 (14:31 +0200)]
common: Rework resource cleanup when handling errors.

* common/exectool.c (gnupg_exec_tool_stream): Rework error handling.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agocommon: Add unit test for exectool.
Justus Winter [Tue, 26 Jul 2016 12:29:12 +0000 (14:29 +0200)]
common: Add unit test for exectool.

* common/Makefile.am: Build new test.
* common/t-exectool.c: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Fix key import statistics.
Justus Winter [Mon, 25 Jul 2016 10:41:28 +0000 (12:41 +0200)]
g10: Fix key import statistics.

'transfer_secret_keys' collects statistics on a subkey-basis, while
the other code does not.  This leads to inflated numbers when
importing secret keys.  E.g. 'count' is incremented by the main
parsing loop in 'import', and again in 'transfer_secret_keys', leading
to a total of 3 if one key with two secret subkeys is imported.

* g10/import.c (import_secret_one): Adjust to the fact that
'transfer_secret_keys' collects subkey statistics.
* tests/openpgp/Makefile.am (TESTS): Add new test.
* tests/openpgp/issue2346.scm: New file.
* tests/openpgp/samplekeys/issue2346.gpg: Likewise.

GnuPG-bug-id: 2346
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpgscm: Make function more general.
Justus Winter [Fri, 22 Jul 2016 15:42:17 +0000 (17:42 +0200)]
gpgscm: Make function more general.

* tests/gpgscm/tests.scm (in-srcdir): Accept more path fragments.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Properly ignore legacy keys in the keyring cache.
Justus Winter [Fri, 22 Jul 2016 11:29:26 +0000 (13:29 +0200)]
g10: Properly ignore legacy keys in the keyring cache.

* g10/keyring.c (keyring_rebuild_cache): Properly ignore legacy keys
in the keyring cache.
* tests/migrations/Makefile.am (TESTS): Add new test.
* tests/migrations/common.scm (GPG-no-batch): New variable.
(run-test): New function.
* tests/migrations/issue2276.scm: New file.
* tests/migrations/issue2276.tar.asc: Likewise.

GnuPG-bug-id: 2276
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Fix error handling.
Justus Winter [Thu, 21 Jul 2016 16:22:18 +0000 (18:22 +0200)]
g10: Fix error handling.

* g10/tofu.c (show_statistics): Fix error handling, 0 is a valid
duration.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Drop superfluous begin transaction.
Justus Winter [Thu, 21 Jul 2016 16:07:22 +0000 (18:07 +0200)]
g10: Drop superfluous begin transaction.

* g10/tofu.c (record_binding): We only need a transaction for the
split format.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpgscm: Make assert macro more accurate.
Justus Winter [Thu, 21 Jul 2016 16:05:58 +0000 (18:05 +0200)]
gpgscm: Make assert macro more accurate.

* tests/gpgscm/lib.scm (assert): Print the representation of the
failed expression.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpgscm: Make error message more useful.
Justus Winter [Thu, 21 Jul 2016 16:04:57 +0000 (18:04 +0200)]
gpgscm: Make error message more useful.

* tests/gpgscm/scheme.c (opexe_0): Include names of missing function
parameters in the error message.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Fix crash.
Justus Winter [Thu, 21 Jul 2016 09:49:33 +0000 (11:49 +0200)]
g10: Fix crash.

* g10/tofu.c (tofu_closedbs): Fix freeing database handles up to the
cache limit.  Previously, this would crash if db_cache_count == count.

Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agoscd: Fix card removal/reset on multiple contexts.
NIIBE Yutaka [Wed, 20 Jul 2016 02:35:05 +0000 (11:35 +0900)]
scd: Fix card removal/reset on multiple contexts.

* scd/app.c (application_notify_card_reset): Add message for debug.
*scd/command.c (update_card_removed): Call release_application and set
SLOT -1 here.
(struct server_local_s): Remove app_ctx_marked_for_release.
(do_reset): Don't mark release but call release_application here.
(open_card): Remove app_ctx_marked_for_release handling.
(update_reader_status_file): Don't set SLOT here, so that it can be
released the APP by application_notify_card_reset in
update_card_removed.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agoagent: Add known keys to sshcontrol.
Justus Winter [Tue, 19 Jul 2016 14:48:38 +0000 (16:48 +0200)]
agent: Add known keys to sshcontrol.

* agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
even if it is already in the private key store.
* tests/openpgp/ssh.scm: Test this.

GnuPG-bug-id: 2316
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Add test for ssh support.
Justus Winter [Tue, 19 Jul 2016 14:17:22 +0000 (16:17 +0200)]
tests: Add test for ssh support.

* tests/gpgscm/tests.scm (path-expand): New function.
* tests/openpgp/Makefile.am (TESTS): Add new test.
(sample_keys): Add new keys.
(CLEANFILES): Clean ssh socket and control file.
* tests/openpgp/fake-pinentry.c (main): Add a default passphrase.
* tests/openpgp/gpg-agent.conf.tmpl: Enable ssh support.
* tests/openpgp/samplekeys/ssh-dsa.key: New file.
* tests/openpgp/samplekeys/ssh-ecdsa.key: Likewise.
* tests/openpgp/samplekeys/ssh-ed25519.key: Likewise.
* tests/openpgp/samplekeys/ssh-rsa.key: Likewise.
* tests/openpgp/ssh.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agoscd: Fix race conditions for release_application.
NIIBE Yutaka [Tue, 19 Jul 2016 01:53:39 +0000 (10:53 +0900)]
scd: Fix race conditions for release_application.

* scd/command.c (do_reset, cmd_restart): Reset app_ctx before calling
release_application.

--

Thanks to Ben Warren for the report.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agoagent: Fix passphrase cache lookups.
Justus Winter [Mon, 18 Jul 2016 10:51:38 +0000 (12:51 +0200)]
agent: Fix passphrase cache lookups.

CACHE_MODE_ANY is supposed to match any cache mode except
CACHE_MODE_IGNORE, but the code used '==' to compare cache modes.

* agent/cache.c (cache_mode_equal): New function.
(agent_set_cache): Use the new function to compare cache modes.
(agent_get_cache): Likewise.
* tests/openpgp/Makefile.am (TESTS): Add new test.
* tests/openpgp/issue2015.scm: New file.

GnuPG-bug-id: 2015
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agobuild: Always build gpgtar.
Justus Winter [Fri, 15 Jul 2016 15:20:18 +0000 (17:20 +0200)]
build: Always build gpgtar.

We use gpgtar to unpack test data, hence we always build it.  If the
user opts out, we simply don't install it.

* configure.ac: Add comment.
* tests/migrations/Makefile.am (required_pgms): Make sure gpgtar is
built.
* tools/Makefile.am: Always build gpgtar, but do not install it if the
user used '--disable-gpgtar'.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agowks: Publish as binary file.
Werner Koch [Fri, 15 Jul 2016 15:20:43 +0000 (17:20 +0200)]
wks: Publish as binary file.

* tools/gpg-wks-server.c (copy_key_as_binary): New.
(check_and_publish): Use new function instead of rename.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgscm: Fix linking.
Justus Winter [Fri, 15 Jul 2016 10:28:46 +0000 (12:28 +0200)]
gpgscm: Fix linking.

* tests/gpgscm/Makefile.am: Add -lintl.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agog10: Fix building without trust models.
Justus Winter [Fri, 15 Jul 2016 10:12:34 +0000 (12:12 +0200)]
g10: Fix building without trust models.

* g10/pkclist.c (write_trust_status): Fall back to the previous
behavior.

Fixes-commit: ae188932
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agotests: Check for gpgtar.
Justus Winter [Fri, 15 Jul 2016 09:59:57 +0000 (11:59 +0200)]
tests: Check for gpgtar.

* tests/migrations/extended-pkf.scm: Skip test if gpgtar is not built.
* tests/migrations/from-classic.scm: Likewise.
* tests/openpgp/gpgtar.scm: Fix check for gpgtar.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agodoc: Update whats-new-in-2.1.txt
Werner Koch [Thu, 14 Jul 2016 16:55:00 +0000 (18:55 +0200)]
doc: Update whats-new-in-2.1.txt

--

Update it now so I won't forget to do it for the next release.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoPost release updates
Werner Koch [Thu, 14 Jul 2016 15:07:27 +0000 (17:07 +0200)]
Post release updates

--

3 years agoRelease 2.1.14 gnupg-2.1.14
Werner Koch [Thu, 14 Jul 2016 14:00:06 +0000 (16:00 +0200)]
Release 2.1.14

3 years agoMerge branch 'master' into STABLE-BRANCH-2-2
Werner Koch [Thu, 14 Jul 2016 13:58:56 +0000 (15:58 +0200)]
Merge branch 'master' into STABLE-BRANCH-2-2

3 years agopo: Auto-update translations
Werner Koch [Thu, 14 Jul 2016 13:56:26 +0000 (15:56 +0200)]
po: Auto-update translations

--

3 years agopo: Update the German translation
Werner Koch [Thu, 14 Jul 2016 13:55:40 +0000 (15:55 +0200)]
po: Update the German translation

3 years agodirmngr: fix handling of HTTP redirections
Damien Goutte-Gattat [Sun, 29 May 2016 14:55:42 +0000 (16:55 +0200)]
dirmngr: fix handling of HTTP redirections

* dirmngr/ks-engine-http.c (ks_http_fetch): Reinitialize HTTP session
when following a HTTP redirection.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
3 years agogpg: Remove options --print-dane-records and --print-pka-records.
Werner Koch [Thu, 14 Jul 2016 13:19:36 +0000 (15:19 +0200)]
gpg: Remove options --print-dane-records and --print-pka-records.

* g10/gpg.c (main): Remove options but print a dedicated warning.
* g10/options.h (struct opt): Remove fields 'print_dane_records' and
'print_pka_records'.
* g10/keylist.c (list_keyblock): Do not call list_keyblock_pka.
(list_keyblock_pka): Remove.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Complete update of the Norwegian translation
Åka Sikrom [Thu, 14 Jul 2016 12:20:56 +0000 (14:20 +0200)]
po: Complete update of the Norwegian translation

3 years agoUpdate Ukrainian translation
Yuri Chornoivan [Sun, 10 Jul 2016 12:34:11 +0000 (15:34 +0300)]
Update Ukrainian translation

3 years agoUpdate Russian translation.
Ineiev [Mon, 20 Jun 2016 15:47:52 +0000 (15:47 +0000)]
Update Russian translation.

3 years agogpg: Fix regression since 2.1 in --search-key with a fingerprint.
Werner Koch [Thu, 14 Jul 2016 12:00:37 +0000 (14:00 +0200)]
gpg: Fix regression since 2.1 in --search-key with a fingerprint.

* dirmngr/ks-engine-hkp.c (ks_hkp_search): Prefix fingerprint with 0x.
--

pre-2.1 made sure that the 0x prefix was put before the fingerprint so
that the search command works.  Actually --recv-key should be used
with a fingerprint but some users are using --search-key, probably to
use the interactive mode.

GnuPG-bug-id: 2412
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgscm: Use kludge to avoid improper use of ffi_schemify_name.
Werner Koch [Thu, 14 Jul 2016 08:52:03 +0000 (10:52 +0200)]
gpgscm: Use kludge to avoid improper use of ffi_schemify_name.

* tests/gpgscm/ffi.c (ffi_schemify_name): Use xstrdup instead of
strdup for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Require latest released libraries
Werner Koch [Thu, 14 Jul 2016 08:40:15 +0000 (10:40 +0200)]
build: Require latest released libraries

* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
(do_encryption): Always support OCB.
(do_decryption): Ditto.
(agent_unprotect): Ditto.
* dirmngr/server.c (is_tor_running): Unconditionally build this.
--

Although not technically required, it is easier to require them to
avoid bug reports due to too old library versions.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agobuild: Update config.{guess,sub} to {2016-05-15,2016-06-20}.
Werner Koch [Wed, 13 Jul 2016 16:57:19 +0000 (18:57 +0200)]
build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.

* build-aux/config.guess: Update.
* build-aux/config.sub: Update.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix regression due to the new --mimemode options.
Werner Koch [Wed, 13 Jul 2016 16:29:40 +0000 (18:29 +0200)]
gpg: Fix regression due to the new --mimemode options.

* g10/gpg.c (opts): Re-add oTextmodeShort.
--

Regression-due-to: e148c3caa90fbadba32bdbfea9513392e3aea598
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agotests: 3 more sample messages
Werner Koch [Wed, 13 Jul 2016 16:20:06 +0000 (18:20 +0200)]
tests: 3 more sample messages

--

3 years agogpg: Make --try-all-secrets work for hidden recipients
Daiki Ueno [Tue, 18 Aug 2015 07:57:44 +0000 (16:57 +0900)]
gpg: Make --try-all-secrets work for hidden recipients

* g10/getkey.c (enum_secret_keys): Really enumerate all secret
keys if --try-all-secrets is specified.
--

GnuPG-bug-id: 1985
Signed-off-by: Daiki Ueno <ueno@gnu.org>
- Add new arg CTRL to getkey_byname call.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Do not print a the short keyid if the high word is zero.
Werner Koch [Wed, 13 Jul 2016 15:19:56 +0000 (17:19 +0200)]
gpg: Do not print a the short keyid if the high word is zero.

* g10/keyid.c (format_keyid): Always returh long keyid ifor KF_LONG.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoMerge branch 'master' into STABLE-BRANCH-2-2
Werner Koch [Wed, 13 Jul 2016 13:11:46 +0000 (15:11 +0200)]
Merge branch 'master' into STABLE-BRANCH-2-2

--

3 years agogpg: New option --mimemode.
Werner Koch [Wed, 13 Jul 2016 11:31:12 +0000 (13:31 +0200)]
gpg: New option --mimemode.

* g10/gpg.c (oMimemode): New.
(opts): Add --mimemode.
(main): Use --mimemode only in rfc4880bis compliance mode.
* g10/options.h (struct opt): Add field "mimemode".
* g10/build-packet.c (do_plaintext): Allow for mode 'm'.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Use 'm' if requested.
* g10/plaintext.c (handle_plaintext): Handle 'm' mode.
* g10/sign.c (write_plaintext_packet): Handle 'm' mode.
(sign_file, sign_symencrypt_file): Use 'm' if requested.
--

Thsi patch prepares for a proposed change in RFC4880bis to support a
MIME flag.  A literal data packet with the mime flag set is handled
like a 't' or 'u' but CR are not removed.  The PLAINTEXT status line
will also indicate a MIME content.

If --mimemode is used without --rfc4880bis 't' will be used.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agowks: Use correct key for the confirmation
Werner Koch [Wed, 13 Jul 2016 10:12:21 +0000 (12:12 +0200)]
wks: Use correct key for the confirmation

* tools/gpg-wks-client.c (send_confirmation_response): Actually
encrypt to the recipient.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agowks: New server command --list-domains
Werner Koch [Wed, 13 Jul 2016 09:44:48 +0000 (11:44 +0200)]
wks: New server command --list-domains

* tools/gpg-wks-server.c (aListDomains): New.
(opts): Add --list-domains.
(parse_arguments): Implement.
(main): Ditto.  Use only one final diagnostic message.
(command_list_domains): New.
(check_and_publish): Remove directory creation.
(get_domain_list): New.
(expire_pending_confirmations): Rewrite using a list of directories.
(command_cron): Get domain list and pass to
expire_pending_confirmations.
--

  gpg-wks-server --list-domains

is required once to create the sub directories

3 years agoagent: Fix envvars for UPDATESTARTUPTTY.
NIIBE Yutaka [Wed, 13 Jul 2016 00:24:26 +0000 (09:24 +0900)]
agent: Fix envvars for UPDATESTARTUPTTY.

agent/command.c (cmd_updatestartuptty): Use session_env_list_stdenvnames
to get the list.

--

Debian-bug-id: 801247
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agog13: Fix memleak.
Werner Koch [Tue, 12 Jul 2016 21:04:39 +0000 (23:04 +0200)]
g13: Fix memleak.

* g13/g13tuple.c (create_tupledesc): Init refcount to 1.
--

The old code somehow assumed that calloc was used.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agowks: Add --cron command to gpg-wks-server.
Werner Koch [Tue, 12 Jul 2016 18:18:22 +0000 (20:18 +0200)]
wks: Add --cron command to gpg-wks-server.

* tools/gpg-wks-server.c (PENDING_TTL): New.
(expire_one_domain, expire_pending_confirmations): New.
(command_cron): New.
(main): Implement --cron.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agowks: Try to send an encrypted confirmation back.
Werner Koch [Tue, 12 Jul 2016 15:27:15 +0000 (17:27 +0200)]
wks: Try to send an encrypted confirmation back.

* tools/gpg-wks-client.c (encrypt_response_status_cb): New.
(encrypt_response): New.
(send_confirmation_response): Encrypt the response.

* tools/gpg-wks-server.c (send_confirmation_request): Use freeing of
BODY and BODYENC.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agowks: Also create DANE record.
Werner Koch [Tue, 12 Jul 2016 14:54:55 +0000 (16:54 +0200)]
wks: Also create DANE record.

* tools/gpg-wks-server.c (copy_key_as_dane): New.
(check_and_publish): Also publish as DANE record.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agodoc: Update import-export description.
Werner Koch [Tue, 12 Jul 2016 14:11:20 +0000 (16:11 +0200)]
doc: Update import-export description.

--

3 years agogpg: Extend import-option import-export to print PKA or DANE.
Werner Koch [Tue, 12 Jul 2016 13:09:18 +0000 (15:09 +0200)]
gpg: Extend import-option import-export to print PKA or DANE.

* g10/export.c (do_export_stream): Move PKA and DANE printing helper
code to ...
(print_pka_or_dane_records): this fucntion.
(write_keyblock_to_output): Add arg OPTIOSN and call
print_pka_or_dane_records if requested.
--

It is now possible to print a DANE record given a a file with a key
without importing the key first:

  gpg --export-options export-dane \
      --import-options import-export \
      --import-filter keep-uid='mbox =~ alpha' \
      --import FILE_WITH_KEY

Using the filter we only print a user id with the substring "alpha" in
the addr-spec.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Move a function from import.c to export.c.
Werner Koch [Tue, 12 Jul 2016 11:59:10 +0000 (13:59 +0200)]
gpg: Move a function from import.c to export.c.

* g10/import.c (write_keyblock_to_output): Move to ...
* g10/export.c (write_keyblock_to_output): here.  Add arg WITH_ARMOR.
Also make sure never to export ring trust packets.

3 years agoRegister DCO for Yann E. MORIN.
Werner Koch [Tue, 12 Jul 2016 11:57:49 +0000 (13:57 +0200)]
Register DCO for Yann E. MORIN.

--

3 years agodirmngr: Fix typo.
Daniel Kahn Gillmor [Mon, 11 Jul 2016 13:44:56 +0000 (15:44 +0200)]
dirmngr: Fix typo.

--
Signed-off-by: Justus Winter <justus@g10code.com>
3 years agogpgconf: Enhance --list-dirs.
Werner Koch [Mon, 11 Jul 2016 11:05:37 +0000 (13:05 +0200)]
gpgconf: Enhance --list-dirs.

* tools/gpgconf.c (main) <aListDir>: Factor code out to ...
(list_dirs): new.  Rewrite to use a table.  Allow selection of a
items.  Add "agent-ssh-socket".
--

This change makes the use of gpgconf in scripts easier.  For example,
to set the envvar with the name of the socket used by ssh, it is now
possible to do this:

  SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"

which guarantees that the right name is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgv: Tweak default options for extra security.
NIIBE Yutaka [Sat, 9 Jul 2016 01:20:02 +0000 (10:20 +0900)]
gpgv: Tweak default options for extra security.

* g10/gpgv.c (main): Set opt.no_sig _cache, so that it doesn't depend on
cached status.  Similarly, set opt.flags.require_cross_cert for backsig
validation for subkey signature.

--

It is common that an organization distributes binary keyrings with
signature cache (Tag 12, Trust Packet) and people use gpgv to validate
signature with such keyrings.  In such a use case, it is possible that
the key validation itself is skipped.

For the purpose of gpgv validation of signatures, we should not depend
on signature cache in keyrings (if any), but we should validate the key
by its self signature for primary key, and back signature for subkey.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
3 years agogpg: Add export options "export-pka" and "export-dane".
Werner Koch [Thu, 7 Jul 2016 15:02:58 +0000 (17:02 +0200)]
gpg: Add export options "export-pka" and "export-dane".

* g10/options.h (EXPORT_PKA_FORMAT): New.
* g10/keylist.c (list_keyblock_pka): Do not use DANE flag.
* g10/export.c: Include zb32.h.
(parse_export_options): Add options "export-pka" and "export-dane".
(do_export): Do not armor if either of these option is set.
(print_pka_or_dane_records): New.
(do_export_stream): Implement new options.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Split a too large export function.
Werner Koch [Thu, 7 Jul 2016 12:16:21 +0000 (14:16 +0200)]
gpg: Split a too large export function.

* g10/export.c (do_export_stream): Factor some code out to ...
(do_export_one_keyblock): new.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpgscm: Capture output of spawned processes.
Justus Winter [Thu, 7 Jul 2016 14:18:10 +0000 (16:18 +0200)]
gpgscm: Capture output of spawned processes.

* tests/gpgscm/tests.scm (call-check): Capture stdout and stderr, and
return stdout if the child exited successfully, or include stderr in
the error.
* tests/openpgp/version.scm: Demonstrate this by checking the stdout.

Signed-off-by: Justus Winter <justus@g10code.com>
3 years agodoc: Escape file names in generated macros.
Werner Koch [Wed, 6 Jul 2016 17:35:15 +0000 (19:35 +0200)]
doc: Escape file names in generated macros.

* doc/mkdefsinc.c (print_filename): New.
(main): Use it here.
--

Our Jenkins uses an @ in directory names and thus our builds break.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agowks: Let the server take the encrytion key from the file.
Werner Koch [Wed, 6 Jul 2016 13:50:57 +0000 (15:50 +0200)]
wks: Let the server take the encrytion key from the file.

* tools/gpg-wks-server.c (encrypt_stream): Change arg 'fingerprint' to
'keyfile'.
(store_key_as_pending): Add arg 'r_fname' to make of the keyfile.
(send_confirmation_request): Add arg 'keyfile'.
(process_new_key): Pass on the name of the keyfile.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: New options --recipient-file and --hidden-recipient-file.
Werner Koch [Wed, 6 Jul 2016 12:03:50 +0000 (14:03 +0200)]
gpg: New options --recipient-file and --hidden-recipient-file.

* g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
(opts): Add options --recipient-file and --hidden-recipient-file.
(main): Implement them.  Also remove duplicate code from similar
options.
* g10/keydb.h (PK_LIST_FROM_FILE): New.
(PK_LIST_SHIFT): Bump up.
* g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
(find_and_check_key): Add and implement arg FROM_FILE.
(build_pk_list): Pass new value for new arg.
* g10/getkey.c (get_pubkey_fromfile): New.
* g10/gpgv.c (read_key_from_file): New stub.
* g10/test-stubs.c (read_key_from_file): New stub.
* g10/server.c (cmd_recipient): Add flag --file.
* g10/import.c (read_key_from_file): New.

* tests/openpgp/defs.scm (key-file1): New.
(key-file2): New.
* tests/openpgp/setup.scm: Add their private keys and import the
key-file1.
* tests/openpgp/encrypt.scm: Add new test.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: New option --no-keyring.
Werner Koch [Wed, 6 Jul 2016 13:33:40 +0000 (15:33 +0200)]
gpg: New option --no-keyring.

* g10/gpg.c (oNoKeyring): New.
(opts): Add "--no-keyring".
(main): Do not register any keyring if the option is used.

Signed-off-by: Werner Koch <wk@gnupg.org>