gnupg.git
2 years agogpgscm: Fix error message.
Justus Winter [Tue, 8 Nov 2016 13:47:43 +0000 (14:47 +0100)]
gpgscm: Fix error message.

* tests/gpgscm/ffi.c (do_wait_processes): Fix and improve error
messages.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests,w32: Make cleanup more robust.
Justus Winter [Tue, 8 Nov 2016 13:11:23 +0000 (14:11 +0100)]
tests,w32: Make cleanup more robust.

* tests/openpgp/run-tests.scm (run-tests-parallel): Catch errors when
removing the working directory.  On Windows this can fail if there is
still a process using one of the files there.
(run-tests-sequential): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Simplify locking.
Justus Winter [Tue, 8 Nov 2016 13:05:46 +0000 (14:05 +0100)]
common,w32: Simplify locking.

* common/asshelp.c (lock_spawning): Use the same code on Windows that
we use on all other platforms.
(unlock_spawning): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Write a log file for each test.
Justus Winter [Mon, 7 Nov 2016 16:44:34 +0000 (17:44 +0100)]
tests: Write a log file for each test.

* tests/openpgp/Makefile.am (CLEANFILES): Delete logs.
* tests/openpgp/run-tests.scm (test::run-sync): Write logs.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Generalize splice to write to multiple sinks.
Justus Winter [Mon, 7 Nov 2016 16:40:43 +0000 (17:40 +0100)]
gpgscm: Generalize splice to write to multiple sinks.

* tests/gpgscm/ffi.c (ordinal_suffix): New function.
(do_splice): Generalize splice to write to multiple sinks.
* tests/gpgscm/lib.scm (splice): Document this fact.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Drop 'len' argument from splice.
Justus Winter [Mon, 7 Nov 2016 15:59:15 +0000 (16:59 +0100)]
gpgscm: Drop 'len' argument from splice.

* tests/gpgscm/ffi.c (do_splice): Drop 'len' argument, no-one uses it.
* tests/gpgscm/lib.scm (splice): Document foreign function.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Move environment creation and teardown into each test.
Justus Winter [Mon, 7 Nov 2016 15:21:21 +0000 (16:21 +0100)]
tests: Move environment creation and teardown into each test.

* tests/gpgscm/tests.scm (log): New function.
* tests/openpgp/run-tests.scm (run-tests-parallel): Do not run the
startup and teardown scripts.
(run-tests-sequential): Likewise.
* tests/openpgp/setup.scm: Move all functions...
* tests/openpgp/defs.scm: ... here and make them less verbose.
(setup-environment): New function.
(setup-legacy-environment): Likewise.
(start-agent): Make less verbose, run 'stop-agent' at interpreter
exit.
(stop-agent): Make less verbose.
* tests/openpgp/finish.scm: Drop file.
* tests/openpgp/Makefile.am (EXTRA_DIST): Drop removed file.
* tests/openpgp/4gb-packet.scm: Use 'setup-environment' or
'setup-legacy-environment' as appropriate.
* tests/openpgp/armdetach.scm: Likewise.
* tests/openpgp/armdetachm.scm: Likewise.
* tests/openpgp/armencrypt.scm: Likewise.
* tests/openpgp/armencryptp.scm: Likewise.
* tests/openpgp/armor.scm: Likewise.
* tests/openpgp/armsignencrypt.scm: Likewise.
* tests/openpgp/armsigs.scm: Likewise.
* tests/openpgp/clearsig.scm: Likewise.
* tests/openpgp/conventional-mdc.scm: Likewise.
* tests/openpgp/conventional.scm: Likewise.
* tests/openpgp/decrypt-dsa.scm: Likewise.
* tests/openpgp/decrypt.scm: Likewise.
* tests/openpgp/default-key.scm: Likewise.
* tests/openpgp/detach.scm: Likewise.
* tests/openpgp/detachm.scm: Likewise.
* tests/openpgp/ecc.scm: Likewise.
* tests/openpgp/encrypt-dsa.scm: Likewise.
* tests/openpgp/encrypt.scm: Likewise.
* tests/openpgp/encryptp.scm: Likewise.
* tests/openpgp/export.scm: Likewise.
* tests/openpgp/finish.scm: Likewise.
* tests/openpgp/genkey1024.scm: Likewise.
* tests/openpgp/gpgtar.scm: Likewise.
* tests/openpgp/gpgv-forged-keyring.scm: Likewise.
* tests/openpgp/import.scm: Likewise.
* tests/openpgp/issue2015.scm: Likewise.
* tests/openpgp/issue2417.scm: Likewise.
* tests/openpgp/issue2419.scm: Likewise.
* tests/openpgp/key-selection.scm: Likewise.
* tests/openpgp/mds.scm: Likewise.
* tests/openpgp/multisig.scm: Likewise.
* tests/openpgp/quick-key-manipulation.scm: Likewise.
* tests/openpgp/seat.scm: Likewise.
* tests/openpgp/shell.scm: Likewise.
* tests/openpgp/signencrypt-dsa.scm: Likewise.
* tests/openpgp/signencrypt.scm: Likewise.
* tests/openpgp/sigs-dsa.scm: Likewise.
* tests/openpgp/sigs.scm: Likewise.
* tests/openpgp/ssh.scm: Likewise.
* tests/openpgp/tofu.scm: Likewise.
* tests/openpgp/use-exact-key.scm: Likewise.
* tests/openpgp/verify.scm: Likewise.
* tests/openpgp/version.scm: Likewise.
* tests/openpgp/issue2346.scm: Likewise and simplify.
--

The previous Bourne Shell-based test suite created the environment
before running all tests, and tore it down after executing them.  When
we created the Scheme-based test suite, we kept this design at first,
but introduced a way to run each test in its own environment to
prevent tests from interfering with each other.  Nevertheless, every
test started out with the same environment.

Move the creation of the test environment into each test.  This gives
us finer control over the environment each test is run in.  It also
makes it possible to run each test by simply executing it using gpgscm
without the use of the runner.  Furthermore, it has the neat
side-effect of speeding up the test suite if run in parallel.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Do not allow tests to be run in a shared environment.
Justus Winter [Mon, 7 Nov 2016 13:57:51 +0000 (14:57 +0100)]
tests: Do not allow tests to be run in a shared environment.

* tests/openpgp/README: Update.
* tests/openpgp/run-tests.scm (run-tests-parallel-shared): Drop
function.
(run-tests-parallel-isolated): Rename to 'run-tests-parallel'.
(run-tests-sequential-shared): Drop function.
(run-tests-sequential-isolated): Rename to 'run-tests-sequential'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Fix build.
Justus Winter [Mon, 7 Nov 2016 13:09:07 +0000 (14:09 +0100)]
tests: Fix build.

* tests/openpgp/Makefile.am: Drop dependency on 'mk-tdata'.

Fixes: 70215ff470c82d144e872057dfa5a478cc9195f2
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agowks: Encrypt all client mails also the target key,
Werner Koch [Mon, 7 Nov 2016 13:04:47 +0000 (14:04 +0100)]
wks: Encrypt all client mails also the target key,

* tools/gpg-wks-client.c (encrypt_response): Add arg FINGERPRINT.
(send_confirmation_response): Ditto.
(process_confirmation_request): Parse out fingerprint and pass
send_confirmation_response.
--

This is useful for debugging the protocol and to avoid surprises when
the sender tries to open a message from the Sent folder.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests,tools: Reimplement 'mk-tdata' in Scheme.
Justus Winter [Mon, 7 Nov 2016 11:28:07 +0000 (12:28 +0100)]
tests,tools: Reimplement 'mk-tdata' in Scheme.

* tests/openpgp/defs.scm (tools): Drop 'mk-tdata'.
* tests/openpgp/setup.scm (make-test-data): New function.
* tests/openpgp/verify.scm: Avoid 'mk-tdata'.
* tools/Makefile.am (noinst_PROGRAMS): Drop 'mk-tdata'.
* tools/mk-tdata.c: Drop file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm,w32: Provide schemish file handling for binary files.
Justus Winter [Mon, 7 Nov 2016 12:12:01 +0000 (13:12 +0100)]
gpgscm,w32: Provide schemish file handling for binary files.

* tests/gpgscm/lib.scm (call-with-binary-input-file): New function.
(call-with-binary-output-file): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Add support for pseudo-random numbers.
Justus Winter [Mon, 7 Nov 2016 11:21:26 +0000 (12:21 +0100)]
gpgscm: Add support for pseudo-random numbers.

* tests/gpgscm/ffi.c (do_getpid): New function.
(do_srandom): Likewise.
(random_scaled): Likewise.
(do_random): Likewise.
(do_make_random_string): Likewise.
(ffi_init): Expose the new functions.
* tests/gpgscm/lib.scm: Document the new functions.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: Fix crash.
Justus Winter [Mon, 7 Nov 2016 11:53:17 +0000 (12:53 +0100)]
g10: Fix crash.

* g10/getkey.c (get_best_pubkey_byname): If 'get_pubkey_byname' does
not return a getkey context, then it can return at most one key,
therefore there is nothing to rank.  Also, always initialize '*retctx'
to be on the safe side.

GnuPG-bug-id: 2828
Fixes: ab89164be02012f1bf159c971853b8610e966301
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoChange all http://www.gnu.org in license notices to https://
Werner Koch [Sat, 5 Nov 2016 11:02:19 +0000 (12:02 +0100)]
Change all gnu.org in license notices to https://

--

2 years agoindent: Move comments inside the block.
Werner Koch [Fri, 4 Nov 2016 13:51:19 +0000 (14:51 +0100)]
indent: Move comments inside the block.

--

This fixes a few

  if (foo)
    /* A comment
       with several
       lines.  */
    {
    }

Which has the problem that the block is visually not related to the
"if" and might thus falsely be considered a standalone block.

Also adds a asterisk on the left side of longer comments.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpgscm: Fix printing strings containing zero bytes.
Justus Winter [Fri, 4 Nov 2016 12:45:30 +0000 (13:45 +0100)]
gpgscm: Fix printing strings containing zero bytes.

* tests/gpgscm/scheme.c (atom2str): Fix computing the length of Scheme
strings.  Scheme strings can contain zero bytes.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm: Implement 'atexit'.
Justus Winter [Fri, 4 Nov 2016 11:08:20 +0000 (12:08 +0100)]
gpgscm: Implement 'atexit'.

* tests/gpgscm/ffi.scm (throw): Run *run-atexit-handlers* when
terminating the interpreter.
(*atexit-handlers*): New variable.
(*run-atexit-handlers*): New function.
(atexit): Likewise.
* tests/gpgscm/main.c (main): Run *run-atexit-handlers* at normal
interpreter shutdown.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoscd: Fix length error for READKEY.
NIIBE Yutaka [Fri, 4 Nov 2016 06:34:35 +0000 (15:34 +0900)]
scd: Fix length error for READKEY.

* scd/app-openpgp.c (do_readkey): Decrement the length.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Add --advanced option for READKEY.
NIIBE Yutaka [Fri, 4 Nov 2016 04:45:57 +0000 (13:45 +0900)]
scd: Add --advanced option for READKEY.

* scd/command.c (cmd_readkey) : Support ADVANCED arg.
* scd/app.c (app_readcert): Add ADVANCED arg.
* scd/app-openpgp.c (do_readkey): Implement ADVANCED arg.
* scd/app-nks.c (do_readkey): Error return with GPG_ERR_NOT_SUPPORTED.

--
"SCD READKEY --advanced OPENPGP.3" returns key in advanced format.
With this suport, poldi-ctrl will be no longer needed.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: Extend the PINENTRY_LAUNCHED inquiry and status.
Werner Koch [Thu, 3 Nov 2016 19:07:56 +0000 (20:07 +0100)]
agent: Extend the PINENTRY_LAUNCHED inquiry and status.

* agent/call-pinentry.c (start_pinentry): Get flavor and version and
pass it to agent_inq_pinentry_launched.
* agent/command.c (agent_inq_pinentry_launched): Add arg EXTRA.
* g10/server.c (gpg_proxy_pinentry_notify): Print a new diagnostic.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Improve and unify key selection for -r and --locate-keys.
Justus Winter [Thu, 27 Oct 2016 16:48:51 +0000 (18:48 +0200)]
g10: Improve and unify key selection for -r and --locate-keys.

* g10/getkey.c (struct pubkey_cmp_cookie): New type.
(key_is_ok, uid_is_ok, subkey_is_ok): New functions.
(pubkey_cmp): Likewise.
(get_best_pubkey_byname): Likewise.
* g10/keydb.h (get_best_pubkey_byname): New prototype.
* g10/keylist.c (locate_one): Use the new function.
* g10/pkclist.c (find_and_check_key): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add new test.
(TEST_FILES): Add new files.
* tests/openpgp/key-selection.scm: New file.
* tests/openpgp/key-selection/0.asc: Likewise.
* tests/openpgp/key-selection/1.asc: Likewise.
* tests/openpgp/key-selection/2.asc: Likewise.
* tests/openpgp/key-selection/3.asc: Likewise.
* tests/openpgp/key-selection/4.asc: Likewise.
--

When a name resembling a mail address is given to either --locate-keys
or --recipient, rank the search results and use only the most relevant
key.

This also lets us query which key will be used for encryption using
--locate-keys.  However, note that --locate-keys may also return keys
incapable of encryption, though it will prefer keys that have an
encryption subkey.

GnuPG-bug-id: 2359
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgscm,tests: Add new functions to the test environment.
Justus Winter [Thu, 3 Nov 2016 13:37:15 +0000 (14:37 +0100)]
gpgscm,tests: Add new functions to the test environment.

* tests/gpgscm/lib.scm (first, last, powerset): New functions.
* tests/gpgscm/tests.scm (interactive-shell): New function.
* tests/openpgp/Makefile.am (EXTRA_DIST): Add new file.
* tests/openpgp/README: Document 'interactive-shell'.
* tests/openpgp/shell.scm: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agogpgconf: Add a new field to the --query-swdb output.
Werner Koch [Thu, 3 Nov 2016 09:58:19 +0000 (10:58 +0100)]
gpgconf: Add a new field to the --query-swdb output.

* tools/gpgconf.c (query_swdb): Insert new field with the installed
version.  Check that the supplied version does not contain a colon.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpgconf: Add command --query-swdb.
Werner Koch [Wed, 2 Nov 2016 16:54:32 +0000 (17:54 +0100)]
gpgconf: Add command --query-swdb.

* tools/gpgconf.c (aQuerySWDB): New.
(opts): Add --query-swdb.
(valid_swdb_name_p): New.
(query_swdb): New.
(main): Implement command --query-swdb.
--

Right now this command is not very useful because dimngr has not yet
been changed to create the swdb.lst.  For manual tests the swdb.lst
file from the Net can be used with these additional lines:

  .filedate 20161102T130337
  .verified 20161102T150000

2 years agocommon: Improve compare_string_versions.
Werner Koch [Wed, 2 Nov 2016 15:24:58 +0000 (16:24 +0100)]
common: Improve compare_string_versions.

* common/stringhelp.c: Include limits.h.
(compare_version_strings): Change semantics to behave like strcmp.
Include the patch lebel in the comparison.  Allow checking a single
version string.
* common/t-stringhelp.c (test_compare_version_strings): Adjust test
vectors and a few new vectors.
* g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpgscm: Fix inclusion of readline header.
Justus Winter [Wed, 2 Nov 2016 12:06:06 +0000 (13:06 +0100)]
gpgscm: Fix inclusion of readline header.

* tests/gpgscm/ffi.c: Define magic macro to prevent the completion
function from redefined.

GnuPG-bug-id: 2824
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agobuild: Fix misspelled dirmngr.
Daniel Kahn Gillmor [Tue, 1 Nov 2016 00:24:33 +0000 (20:24 -0400)]
build: Fix misspelled dirmngr.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoSpelling: correct spelling of "passphrase".
Daniel Kahn Gillmor [Fri, 28 Oct 2016 19:06:11 +0000 (15:06 -0400)]
Spelling: correct spelling of "passphrase".

There were several different variant spellings of "passphrase".  This
should fix them all for all English text.

I did notice that po/it.po contains multiple instances of
"passhprase", which also looks suspect to me, but i do not know
Italian, so i did not try to correct it.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agog10,w32: Fix build on Windows.
Justus Winter [Wed, 2 Nov 2016 11:45:18 +0000 (12:45 +0100)]
g10,w32: Fix build on Windows.

* g10/tofu.c (begin_transaction): Use the new 'gnupg_usleep'.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon: New function gnupg_usleep.
Werner Koch [Mon, 31 Oct 2016 11:20:33 +0000 (12:20 +0100)]
common: New function gnupg_usleep.

* configure.ac (HAVE_NANOSLEEP): Test for nanosleep.
* common/sysutils.c: Always include time.h.
(gnupg_usleep): New.
--

This function has been compiled from nPth and Libassuan.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agow32: Fix PKG_CONFIG_LIBDIR in --build-w32
Andre Heinecke [Mon, 31 Oct 2016 10:17:16 +0000 (11:17 +0100)]
w32: Fix PKG_CONFIG_LIBDIR in --build-w32

* autogen.sh: Point pkg-config to the right location.

--
PKG_CONFIG_LIBDIR is located to usually be /usr/lib/pkgconfig so
in our case it should also point directly to the pkgconfig location
and not the prefix. This fixes gnutls and sqlite detection.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2 years agog10: Avoid gratuitious SQLite aborts and starving writers.
Neal H. Walfield [Mon, 31 Oct 2016 02:02:36 +0000 (19:02 -0700)]
g10: Avoid gratuitious SQLite aborts and starving writers.

* g10/tofu.c: Include <time.h>, <utime.h>, <fcntl.h> and <unistd.h>.
(tofu_dbs_s): Add fields want_lock_file and want_lock_file_ctime.
(begin_transaction): Only yield if DBS->WANT_LOCK_FILE_CTIME has
changed since we took the lock.  Don't use gpgrt_yield to yield, but
sleep for 100ms.  After taking the batch lock, update
DBS->WANT_LOCK_FILE_CTIME.  Also take the batch lock the first time we
take the real lock.  When taking the real lock, use immediate not
deferred mode to avoid gratuitious aborts.
(end_transaction): When dropping the outermost real lock, drop the
batch lock.
(busy_handler): New function.
(opendbs): Set the busy handler to it when opening the DB.  Initialize
CTRL->TOFU.DBS->WANT_LOCK_FILE.
(tofu_closedbs): Free DBS->WANT_LOCK_FILE.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
By default, SQLite defers transactions until they are actually needed.
A consequence of this is that if we have two readers and both decide
to do a write, then one has to abort.  To avoid this problem, we can
make the outermost transaction an immediate transaction.  This has the
disadvantage that we only allow a single reader at a time, but at
least we don't have gratuitous aborts anymore.

A second problem is that SQLite apparently doesn't actually create a
queue of waiters.  The result is that doing a sched_yield between
dropping and retaking the batch transaction is not enough to allow the
other process to make progress.  Instead, we need to wait a
while (emperically: 100ms seems reasonable).  To avoid waiting when
there is no contention, we use a new file's timestamp to signal that
there is a waiter.

2 years agog10: Avoid reading in keys when possible.
Neal H. Walfield [Sun, 30 Oct 2016 18:03:51 +0000 (11:03 -0700)]
g10: Avoid reading in keys when possible.

* g10/tofu.c (build_conflict_set): If CONFLICT_SET contains a single
element, don't bother to check for cross sigs.  Add parameter PK.
Update callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2 years agog10: Fix bit setting.
Neal H. Walfield [Sun, 30 Oct 2016 17:54:21 +0000 (10:54 -0700)]
g10: Fix bit setting.

* g10/tofu.c (build_conflict_set): Fix bit setting.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Fixes-commit: 1f1f56e606c1cb28eec68c60bd8bcb7ab30805de

2 years agogpg: Enable the Issuer Fingerprint from rfc4880bis
Werner Koch [Fri, 28 Oct 2016 19:01:23 +0000 (21:01 +0200)]
gpg: Enable the Issuer Fingerprint from rfc4880bis

* g10/build-packet.c (build_sig_subpkt_from_sig): Always write the new
Issuer Fingerprint sub-packet.
* g10/mainproc.c (check_sig_and_print): Always consider that
sub-packet.
--

The specs for this sub-packet have been pushed to the OpenPGP WG's
repo today.

See-also: https://mailarchive.ietf.org/arch/msg/\
openpgp/GvPo2eSL9GW9WcGhOocY7KBa9FY

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Fix signature checking.
Werner Koch [Thu, 27 Oct 2016 18:35:28 +0000 (20:35 +0200)]
dirmngr: Fix signature checking.

* dirmngr/server.c: Include cpparray.h.
(verify_swdb_parm_s): New.
(verify_swdb_status_cb): New.
(cmd_versioncheck): Use gpgv to correclty verify the signature.
Rename some variable to comply with GNU standards.
--

Relying on the return code of gpg is not a robust way to check
signatures.  We better use our dedicated tool.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Verify multiple detached signatures with different hash algos.
Werner Koch [Thu, 27 Oct 2016 17:51:56 +0000 (19:51 +0200)]
gpg: Verify multiple detached signatures with different hash algos.

* g10/mainproc.c (proc_tree): Loose check.  Enable all algos.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Add GNUPG_MODULE_NAME_GPGV.
Werner Koch [Thu, 27 Oct 2016 09:45:01 +0000 (11:45 +0200)]
common: Add GNUPG_MODULE_NAME_GPGV.

* common/util.h (GNUPG_MODULE_NAME_GPGV): New.
* common/homedir.c (gnupg_module_name): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agog10: Fix iteration over getkey results.
Justus Winter [Thu, 27 Oct 2016 13:31:30 +0000 (15:31 +0200)]
g10: Fix iteration over getkey results.

* g10/getkey.c (getkey_next): Return the public key in PK even if
RET_KEYBLOCK is NULL.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoFix typos.
Justus Winter [Thu, 27 Oct 2016 12:58:01 +0000 (14:58 +0200)]
Fix typos.

--
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agog10: Assert preconditions.
Justus Winter [Thu, 27 Oct 2016 12:43:29 +0000 (14:43 +0200)]
g10: Assert preconditions.

* g10/getkey.c (get_pubkey_byname): Assert preconditions.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodirmngr: Do not implement --supervised in Windows.
Werner Koch [Thu, 27 Oct 2016 07:27:03 +0000 (09:27 +0200)]
dirmngr: Do not implement --supervised in Windows.

* dirmngr/dirmngr.c (opts) [W32]: Remove --supervised.
(main) [W32]: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Remove debug output from gnupg_get_socket_name.
Werner Koch [Thu, 27 Oct 2016 07:13:36 +0000 (09:13 +0200)]
common: Remove debug output from gnupg_get_socket_name.

* common/sysutils.c (gnupg_get_socket_name): Remove debug message and
use my_error_from_syserror.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: ADNS error handling fix.
NIIBE Yutaka [Thu, 27 Oct 2016 07:22:26 +0000 (16:22 +0900)]
dirmngr: ADNS error handling fix.

* dirmngr/dns-stuff.c (resolve_name_adns, get_dns_cert, get_dns_cname):
Use gpg_error and gpg_err_code_from_errno to compose the error value.

--
This fixes commits 6f1d8123d61b3efac94b4c61ee75bd947790ba42.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agogpg: Convey --quick option to dirmngr for --auto-key-retrieve.
Werner Koch [Thu, 27 Oct 2016 06:44:19 +0000 (08:44 +0200)]
gpg: Convey --quick option to dirmngr for --auto-key-retrieve.

* g10/call-dirmngr.c (gpg_dirmngr_ks_get): Add arg 'quick'.
(gpg_dirmngr_wkd_get): Ditto.
* g10/keyserver.c (keyserver_get): Add arg 'quick'.
(keyserver_get_chunk): Add arg 'quick'.
(keyserver_import_fprint): Ditto.  Change callers to pass 0 for it.
(keyserver_import_keyid): Ditto.
(keyserver_import_wkd): Ditto.
* g10/mainproc.c (check_sig_and_print): Call the 3 fucntions with
QUICK set.
--

Note that this option has not yet been implemented by dirmngr.
Dirmngr will simply ignore it for now.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Fix gnupg_inotify_has_name, differently.
NIIBE Yutaka [Thu, 27 Oct 2016 06:37:47 +0000 (15:37 +0900)]
common: Fix gnupg_inotify_has_name, differently.

* common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the
warning.

--
According to the man page of inotify(7), it is aligned by null bytes.
So, bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5 is reverted.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: More ADNS error fix.
NIIBE Yutaka [Thu, 27 Oct 2016 06:01:42 +0000 (15:01 +0900)]
dirmngr: More ADNS error fix.

* dirmngr/dns-stuff.c (get_dns_cert, getsrv, get_dns_cname): Fix return
value.

--
GnuPG-bug-id: 2745
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: Fix error return for ADNS.
NIIBE Yutaka [Thu, 27 Oct 2016 05:49:17 +0000 (14:49 +0900)]
dirmngr: Fix error return for ADNS.

* dirmngr/dns-stuff.c (resolve_name_adns): Use RET for return value.

--
There are cases where libadns returns an error without setting the
variable ERRNO.

GnuPG-bug-id: 2745
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Fix ECDH, clarifying the format.
NIIBE Yutaka [Thu, 27 Oct 2016 03:59:49 +0000 (12:59 +0900)]
g10: Fix ECDH, clarifying the format.

* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
it's short.  Clarify the format.  Handle other prefixes correctly.

--
With the scdaemon's change, there is no case NBYTES < SECRET_X_SIZE.
This fixes the break of ECDH with X25519.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Add 0x41 prefix for x-coordinate only result.
NIIBE Yutaka [Thu, 27 Oct 2016 02:56:18 +0000 (11:56 +0900)]
scd: Add 0x41 prefix for x-coordinate only result.

* scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
prefix 0x41.

--
Card should return fixed size bytes, either in format of
(04 || X || Y) or (X, x-coordinate only).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: ECDH shared point format.
Arnaud Fontaine [Tue, 25 Oct 2016 11:43:08 +0000 (13:43 +0200)]
g10: ECDH shared point format.

* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
ECDH shared point format.

--
This handles the case where the result comes from scdaemon.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
2 years agodirmngr: Implement --supervised command (for systemd, etc).
Daniel Kahn Gillmor [Wed, 26 Oct 2016 20:37:08 +0000 (16:37 -0400)]
dirmngr: Implement --supervised command (for systemd, etc).

* dirmngr/dirmngr.c (main): Add new --supervised command, which is a
mode designed for running under a process supervision system like
systemd or runit.
* doc/dirmngr.texi: document --supervised option.

--

"dirmngr --supervised" is a way to invoke dirmngr such that a system
supervisor like systemd can provide socket-activated startup, log
management, and scheduled shutdown.

When running in this mode, dirmngr:

 * Does not open its own listening socket; rather, it expects to be
   given a listening socket on file descriptor 3.

 * Does not detach from the invoking process, staying in the
   foreground instead.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoagent,common: move get_socket_name() into common.
Daniel Kahn Gillmor [Wed, 26 Oct 2016 20:37:07 +0000 (16:37 -0400)]
agent,common: move get_socket_name() into common.

* agent/gpg-agent.c (get_socket_name): move to ...
* common/sysutils.c (gnupg_get_socket_name): ... here.

--
This allows us to use the same functionality in dirmngr as well.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agodirmngr: report actual socket name.
Daniel Kahn Gillmor [Wed, 26 Oct 2016 20:37:06 +0000 (16:37 -0400)]
dirmngr: report actual socket name.

* dirmngr/dirmngr.[ch] (dirmngr_get_current_socket_name): new function
to report known socket name.
* dirmngr/server.c (cmd_getinfo): use dirmngr_get_current_socket_name
to report correct socket name.

--

This fixes the output of 'getinfo socket_name' when dirmngr is invoked
with --socket-name.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agocommon: Fix gnupg_inotify_has_name.
NIIBE Yutaka [Thu, 27 Oct 2016 01:16:48 +0000 (10:16 +0900)]
common: Fix gnupg_inotify_has_name.

* common/sysutils.c (gnupg_inotify_has_name): Take care of the
alignment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: Fix help string and argument.
NIIBE Yutaka [Thu, 27 Oct 2016 00:18:29 +0000 (09:18 +0900)]
dirmngr: Fix help string and argument.

* dirmngr/server.c (hlp_versioncheck): Add a newline.
(cmd_versioncheck): Fix argument.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: Fix hang due to deferred thread initialization.
Werner Koch [Wed, 26 Oct 2016 08:24:41 +0000 (10:24 +0200)]
dirmngr: Fix hang due to deferred thread initialization.

* dirmngr/dirmngr.c (main): Call ldap_wrapper_launch_thread after
thread_init.
--

Fixes-commit: eda17649f8bd3b8ce7bfc00a3c11cbcae63c845d
Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Avoid double error message.
Werner Koch [Wed, 26 Oct 2016 07:10:29 +0000 (09:10 +0200)]
agent: Avoid double error message.

* agent/gpg-agent.c (map_supervised_sockets): Shorten error message.
Remove unneeded diagnostic.
--

get_socket_name already prints error messages and thus there is not
need to print another one.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.
Werner Koch [Wed, 26 Oct 2016 07:02:10 +0000 (09:02 +0200)]
common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.

* common/sysutils.c (gnupg_inotify_watch_socket): Return
GPG_ERR_INV_VALUE for a missing socket name and set proper error
source.
--

By using a different value we can easier see whether the error is due
to a system call or from GnuPG code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agotests: Improve portability of fake-pinentry.
Werner Koch [Wed, 26 Oct 2016 06:34:18 +0000 (08:34 +0200)]
tests: Improve portability of fake-pinentry.

* tests/openpgp/fake-pinentry.c: Make all functions static.
(get_passphrase): s/unlink/remove/ because that is standard C.
(spacep): Rename to whitespace and change all callers.
(main): Move macro out of if-then chain.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodoc: Fix spelling of "internal".
Daniel Kahn Gillmor [Wed, 26 Oct 2016 01:43:57 +0000 (21:43 -0400)]
doc: Fix spelling of "internal".

--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoagent: --supervised mode improvements.
Daniel Kahn Gillmor [Wed, 26 Oct 2016 03:55:08 +0000 (23:55 -0400)]
agent: --supervised mode improvements.

* agent/gpg-agent.c (map_supervised_socket): if the agent is running
  in --supervised mode and is not actually given LISTEN_FDNAMES
  directives, require at least fd 3 to be open for listening.
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agocommon: avoid segfault
Daniel Kahn Gillmor [Wed, 26 Oct 2016 03:55:07 +0000 (23:55 -0400)]
common: avoid segfault

* common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if
  socket_name is NULL, rather than segfaulting
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2 years agoagent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.
Justus Winter [Tue, 25 Oct 2016 15:07:08 +0000 (17:07 +0200)]
agent,tests,w32: Fix relaying pinentry user data, fix fake-pinentry.

* agent/call-pinentry.c (start_pinentry): Also send the user data
using an Assuan 'OPTION' command.
* tests/openpgp/fake-pinentry.c (get_passphrase): Fix updating
passphrase file.
(spacep): Include newline characters.
(rstrip): New function.
(main): Handle Windows line endings.  Handle the userdata option, and
restart with the new options.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Do not autostart gpg-agents on teardown.
Justus Winter [Tue, 25 Oct 2016 15:06:05 +0000 (17:06 +0200)]
tests: Do not autostart gpg-agents on teardown.

* tests/openpgp/defs.c (stop-agent): Use '--no-autostart' when calling
gpg-connect-agent.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agodirmngr: Allow command VERSIONCHECK to handle 3 part version numbers.
Werner Koch [Tue, 25 Oct 2016 07:38:01 +0000 (09:38 +0200)]
dirmngr: Allow command VERSIONCHECK to handle 3 part version numbers.

* dirmngr/server.c (parse_version_string): Add arg MICRO and set it.
(cmp_version): Extend to handle the MICRO part.
(confucius_mktmpdir): Rename to my_mktmpdir.
(my_mktmpdir): xstrconcat does not fail; use strconcat.
(fetch_into_tmpdir): Improve error checking.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agocommon: Use strconcat in gnupg_setenv.
Werner Koch [Tue, 25 Oct 2016 06:59:44 +0000 (08:59 +0200)]
common: Use strconcat in gnupg_setenv.

* common/sysutils.c (gnupg_setenv): Replace malloc+stpcpy by
strconcat.  Indent cpp conditionals.
(gnupg_unsetenv): Indent cpp conditionals.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agogpg: Replace two sprintf calls.
Werner Koch [Mon, 24 Oct 2016 11:12:05 +0000 (13:12 +0200)]
gpg: Replace two sprintf calls.

* g10/keygen.c (print_status_key_created): Use snprintf for now.
(ask_expire_interval): Replace xmalloc and sprintf by xasprintf.
--

Future updates: Replace code like

   r = xcalloc (1, sizeof *r + 20 );
   r->key = pKEYLENGTH;
   sprintf( r->u.value, "%u", info.key_attr[0].nbits);

by something like

   r = new_r_with_value ("%u", info.key_attr[0].nbits);
   r->key = pKEYLENGTH;

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Minor cleanup for recent change in findkey.c
Werner Koch [Mon, 24 Oct 2016 11:01:06 +0000 (13:01 +0200)]
agent: Minor cleanup for recent change in findkey.c

* agent/findkey.c (agent_write_private_key): Avoid label name error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agoagent: Slightly change structure of cmd_readkey.
Werner Koch [Mon, 24 Oct 2016 10:55:21 +0000 (12:55 +0200)]
agent: Slightly change structure of cmd_readkey.

* agent/command.c (cmd_readkey): Avoid a leave label in the middle of
the code.  Remove the special return.
--

This helps to get better debug output.

The set_error macro which is used by parse_keygrip merely sets the
error code into the Assuan context.  It is thus no problem anymore to
call leave_cmd after having used set_error.  This might havve been
diffferent in the past.

Signed-off-by: Werner Koch <wk@gnupg.org>
2 years agodirmngr: Fix segfault in VERSIONCHECK.
Kai Michaelis [Mon, 24 Oct 2016 10:29:05 +0000 (12:29 +0200)]
dirmngr: Fix segfault in VERSIONCHECK.

* dirmngr/server.c (cmd_versioncheck): The VERSIONCHECK command crashes
when called without program version.

2 years agoscd: Use canonical curve name of libgcrypt.
NIIBE Yutaka [Mon, 24 Oct 2016 02:22:44 +0000 (11:22 +0900)]
scd: Use canonical curve name of libgcrypt.

* scd/app-openpgp.c (send_key_attr): Use curve instead of OID.
(ecdh_params): New.
(ecc_read_pubkey): Use ecdh_params.  Use curve name.
(ecc_writekey): Likewise.
(ecc_curve): Rename from ecc_oid.
(parse_algorithm_attribute): Use ecc_curve.
* g10/call-agent.c (learn_status_cb): Use openpgp_is_curve_supported to
intern the curve name string.
* g10/card-util.c (card_status): Conver curve name to alias for print.
--
Now, sdcaemon answer for KEY-ATTR is in the canonical curve name
instead of the alias.  Since it is used of key generation for
card encryption key with backup, it should be canonical name.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agocommon: Fix openpgp_is_curve_supported.
NIIBE Yutaka [Mon, 24 Oct 2016 02:20:14 +0000 (11:20 +0900)]
common: Fix openpgp_is_curve_supported.

* common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
canonical name of the curve and alias.

--
Only alias (the name for print) was allowed before this change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Fix card keygen for decryption.
NIIBE Yutaka [Sun, 23 Oct 2016 22:52:40 +0000 (07:52 +0900)]
g10: Fix card keygen for decryption.

* g10/keygen.c (do_generate_keypair): Fix arguments.

--

Reported-by: Grumpy
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: More card key generation change.
NIIBE Yutaka [Fri, 21 Oct 2016 23:45:35 +0000 (08:45 +0900)]
g10: More card key generation change.

* g10/keygen.c (gen_card_key): Add back ALGO as the second argument.
Don't get ALGO by KEY-ATTR by this function.  It's caller to provide
ALGO.  Don't do that by both of caller and callee.
(generate_keypair): Only put paramerters needed.  Use parameters
for ALGO to call gen_card_key.
(generate_card_subkeypair): Get ALGO and call gen_card_key with it.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Write first keybox record in binary mode
Andre Heinecke [Fri, 21 Oct 2016 12:59:26 +0000 (14:59 +0200)]
g10: Write first keybox record in binary mode

* g10/keydb.c (maybe_create_keyring_or_box): Open in binary mode.

--
This fixes keybox corruption on windows.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2 years agog10,scd: Fix ECC keygen.
NIIBE Yutaka [Fri, 21 Oct 2016 12:37:04 +0000 (21:37 +0900)]
g10,scd: Fix ECC keygen.

* g10/keygen.c (generate_keypair): For card key generation, fill
parameters by KEY-ATTR.

* scd/app-openpgp.c (ecc_read_pubkey): OID should be freed at last,
after its reference by OIDBUF is finished.
(ecc_writekey): Likewise.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: Fix segfault changing key attr.
NIIBE Yutaka [Fri, 21 Oct 2016 07:27:46 +0000 (16:27 +0900)]
scd: Fix segfault changing key attr.

* asc/app-openpgp.c (change_keyattr_from_string): Release after
allocated.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Don't ask keysize for for non-RSA card.
NIIBE Yutaka [Fri, 21 Oct 2016 05:15:05 +0000 (14:15 +0900)]
g10: Don't ask keysize for for non-RSA card.

* g10/card-util.c (card_status): Bug fix for keyno.
(ask_card_rsa_keysize, do_change_rsa_keysize): Rename.
(generate_card_keys): Only ask keysize when RSA.
(card_generate_subkey): Likewise.

--

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: Support ECC for gen_card_key.
NIIBE Yutaka [Fri, 21 Oct 2016 04:59:09 +0000 (13:59 +0900)]
g10: Support ECC for gen_card_key.

* g10/keygen.c (gen_card_key): Remove the first argument of ALGO.
(do_generate_keypair, generate_card_subkeypair): Follow the change.

--
ALGO is determined by the key attribute of the card.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoFix use cases of snprintf.
NIIBE Yutaka [Fri, 21 Oct 2016 03:04:46 +0000 (12:04 +0900)]
Fix use cases of snprintf.

* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: Fix saving with FORCE=1.
NIIBE Yutaka [Fri, 21 Oct 2016 01:57:29 +0000 (10:57 +0900)]
agent: Fix saving with FORCE=1.

* agent/findkey.c (agent_write_private_key): Recover from an error of
GPG_ERR_ENOENT when FORCE=1 and it is opened with "rb+".

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agotests: Simplify test.
Justus Winter [Thu, 20 Oct 2016 14:54:06 +0000 (16:54 +0200)]
tests: Simplify test.

* tests/openpgp/quick-key-manipulation.scm: Avoid creating a temporary
home directory, just make the uids unique.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Flush stdout in the fake pinentry.
Justus Winter [Thu, 20 Oct 2016 14:50:11 +0000 (16:50 +0200)]
tests: Flush stdout in the fake pinentry.

* tests/openpgp/fake-pinentry.c (reply): Flush stdout.

Fixes-commit: 94504b3d5af126abb591dedda1ca0f0970822f55
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Fix setting environment variables on Windows.
Justus Winter [Thu, 20 Oct 2016 14:45:18 +0000 (16:45 +0200)]
common,w32: Fix setting environment variables on Windows.

* common/sysutils.c (gnupg_setenv): Also update the environment block
maintained by the C runtime.
(gnupg_unsetenv): Likewise.
* tests/gpgscm/ffi.c (do_setenv): Fix error handling.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests,w32: Cope with Windows line endings.
Justus Winter [Thu, 20 Oct 2016 14:41:18 +0000 (16:41 +0200)]
tests,w32: Cope with Windows line endings.

* tests/openpgp/issue2015.scm: Rstrip line before comparison.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agotests: Create and remove socket directories.
Justus Winter [Thu, 20 Oct 2016 09:37:26 +0000 (11:37 +0200)]
tests: Create and remove socket directories.

* tests/openpgp/defs.scm (start-agent): Move function here and create
the socket directory prior to starting the agent.
(stop-agent): Move function here and remove the socket directory.
* tests/openpgp/finish.scm: Adapt.
* tests/openpgp/setup.scm: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoagent, g10: Fix keygen.
NIIBE Yutaka [Thu, 20 Oct 2016 11:01:46 +0000 (20:01 +0900)]
agent, g10: Fix keygen.

* agent/command.c (cmd_readkey): Get length after card_readkey.
* g10/keygen.c (gen_card_key): Fix off-by-one error.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: GENKEY updates the public key in APP.
NIIBE Yutaka [Thu, 20 Oct 2016 07:25:47 +0000 (16:25 +0900)]
scd: GENKEY updates the public key in APP.

* scd/app-openpgp.c (rsa_read_pubkey, ecc_read_pubkey): New.
(read_public_key): New.
(get_public_key, do_genkey): Use read_public_key.

--

With this change, since GENKEY updates the public key (pk[keyno].key) in
APP, READKEY will be possible after the command even for the old
card (version <= 0x0100).

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agog10: smartcard keygen change.
NIIBE Yutaka [Thu, 20 Oct 2016 04:30:47 +0000 (13:30 +0900)]
g10: smartcard keygen change.

* g10/call-agent.c (scd_genkey_cb_append_savedbytes): Remove.
(scd_genkey_cb): Only handle KEY-CREATED-AT and PROGRESS.
(agent_scd_genkey): Remove INFO argument.  CREATETIME is now in/out
argument.
(agent_readkey): Use READKEY --card instead of SCD READKEY.
* g10/keygen.c (gen_card_key): Use READKEY --card command of the agent
to retrieve public key information from card and let the agent make
a file for private key with shadow info.
--

This change removes gpg's KEY-DATA handling for SCD GENKEY.  Information
with KEY-DATA is simply not used.  Instead, it is read by READKEY --card
command of gpg-agent.  This can consolidate public key handling in a
single method by READKEY.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoagent: Add --card option for READKEY.
NIIBE Yutaka [Thu, 20 Oct 2016 03:05:15 +0000 (12:05 +0900)]
agent: Add --card option for READKEY.

* agent/findkey.c (agent_write_shadow_key): New.
* agent/command-ssh.c (card_key_available): Use agent_write_shadow_key.
* agent/learncard.c (agent_handle_learn): Likewise.
* agent/command.c (cmd_readkey): Add --card option.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agodirmngr: improve VERSIONCHECK
Kai Michaelis [Wed, 19 Oct 2016 14:19:29 +0000 (16:19 +0200)]
dirmngr: improve VERSIONCHECK

Replace strtok_r() and code formatting. Use code from libgpg-error for
version comparison.

2 years agocommon: Fix copying data to estreams.
Justus Winter [Tue, 18 Oct 2016 15:57:19 +0000 (17:57 +0200)]
common: Fix copying data to estreams.

* common/exectool.c (copy_buffer_do_copy): Correctly account for
partially written data in the event of errors.

Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Communicate with child in non-blocking mode.
Justus Winter [Tue, 18 Oct 2016 12:04:54 +0000 (14:04 +0200)]
common,w32: Communicate with child in non-blocking mode.

* common/exechelp-w32.c (gnupg_spawn_process): Open streams in
non-blocking mode if requested.

Fixes-commit: 83811e3f1f0c615b2b63bafdb49a35a0fc198088
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Extend gnupg_create_inbound_pipe et al.
Justus Winter [Tue, 18 Oct 2016 11:55:12 +0000 (13:55 +0200)]
common,w32: Extend gnupg_create_inbound_pipe et al.

* common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
create a stream if reqested.
(gnupg_create_inbound_pipe): Use the extended function to open the
stream if requested.
(gnupg_create_outbound_pipe): Likewise.
(gnupg_create_pipe): Update call site.

Fixes-commit: 5d991e333a1885adc40abd9d00c01fec4bd5d9d7
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agocommon,w32: Make use of default_errsource in exechelp.
Justus Winter [Tue, 18 Oct 2016 12:01:53 +0000 (14:01 +0200)]
common,w32: Make use of default_errsource in exechelp.

* common/exechelp-posix.c (my_error_from_syserror, my_error): New.
Use them instead of gpg_error and gpg_error_from_syserror.

Fixes-commit: 96c7901ec1c79be732570811223d3ea54875abfe
Signed-off-by: Justus Winter <justus@g10code.com>
2 years agoscd: Support ECC key generation.
NIIBE Yutaka [Tue, 18 Oct 2016 13:46:37 +0000 (22:46 +0900)]
scd: Support ECC key generation.

* scd/app-openpgp.c (get_public_key): Fix a message.
(change_keyattr_from_string, ecc_writekey): Call mpi_release sooner.
(do_genkey): Add ECC support.

--

In OpenPGP card specification 3.0, ECC is introduced.  So far, do_genkey
only supported RSA.  Since KDF spec. is needed to calculate the
fingerprint, it is hard coded in app-openpgp.c.  But it's defined by
OpenPGP ECC (RFC-6637), and card does nothing with KDF in fact.

Co-authored-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoscd: minor cleanup to merge other works.
NIIBE Yutaka [Tue, 18 Oct 2016 11:40:09 +0000 (20:40 +0900)]
scd: minor cleanup to merge other works.

* scd/iso7816.c (do_generate_keypair): Use const char * for DATA.
(iso7816_generate_keypair, iso7816_read_public_key): Likewise.
* scd/app-openpgp.c (get_public_key): Follow the change.
(do_genkey): Ditto.  Use ERR instead of RC.  Use u32 for CREATED_AT.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2 years agoRegister DCO for Arnaud Fontaine
Werner Koch [Tue, 18 Oct 2016 09:18:47 +0000 (11:18 +0200)]
Register DCO for Arnaud Fontaine

--

Signed-off-by: Werner Koch <wk@gnupg.org>