gnupg.git
3 years agoiobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.
Neal H. Walfield [Wed, 2 Sep 2015 08:24:33 +0000 (10:24 +0200)]
iobuf: Add the IOBUF_INPUT_TEMP type to improve input temp handling.

* common/iobuf.h (enum iobuf_use): Add new member, IOBUF_INPUT_TEMP.
* common/iobuf.c (iobuf_temp_with_content): Create the iobuf as an
IOBUF_INPUT_TEMP, not an IOBUF_INPUT buffer.  Assert that LENGTH ==
A->D.SIZE.
(iobuf_push_filter2): If A is an IOBUF_INPUT_TEMP, then make the new
filter an IOBUF_INPUT filter and set its buffer size to
IOBUF_BUFFER_SIZE.
(underflow): If A is an IOBUF_INPUT_TEMP, then just return EOF; don't
remove already read data.
(iobuf_seek): If A is an IOBUF_INPUT_TEMP, don't discard the buffered
data.
(iobuf_alloc): Allow USE == IOBUF_INPUT_TEMP.
(pop_filter): Allow USE == IOBUF_INPUT_TEMP.
(iobuf_peek): Allow USE == IOBUF_INPUT_TEMP.
(iobuf_writebyte): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_write): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_writestr): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_flush_temp): Fail if USE == IOBUF_INPUT_TEMP.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Introduce a new iobuf type, IOBUF_INPUT_TEMP.  Use this for the iobuf
created by iobuf_temp_with_content instead of IOBUF_INPUT.  This was
necessary so that seeking and peeking correctly work on this type of
iobuf.  In particular, seeking didn't work because we discarded the
buffered data and peeking didn't work because we discarded data which
was already read, which made seeking later impossible.

3 years agoiobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.
Neal H. Walfield [Wed, 2 Sep 2015 07:56:09 +0000 (09:56 +0200)]
iobuf: Rename IOBUF_TEMP to IOBUF_OUTPUT_TEMP.

* common/iobuf.h (enum iobuf_use): Rename IOBUF_TEMP to
IOBUF_OUTPUT_TEMP.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoiobuf: Use a first-class enum.
Neal H. Walfield [Tue, 1 Sep 2015 20:17:23 +0000 (22:17 +0200)]
iobuf: Use a first-class enum.

* common/iobuf.h (enum iobuf_use): Name the IOBUF_OUTPUT, etc. enum.
(struct iobuf_struct): Change the field use's type to it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoiobuf: Fix test.
Neal H. Walfield [Tue, 1 Sep 2015 20:13:45 +0000 (22:13 +0200)]
iobuf: Fix test.

* common/t-iobuf.c (content_filter): If there is nothing to read,
don't forget to set *LEN to 0.
(main): Fix checks.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoagent: Protect commit 135b1e3 against misbehaving Libgcrypt.
Werner Koch [Tue, 1 Sep 2015 05:39:28 +0000 (07:39 +0200)]
agent: Protect commit 135b1e3 against misbehaving Libgcrypt.

* agent/command-ssh.c (ssh_key_to_blob): Check DATALEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Remove option --no-sig-create-check.
Werner Koch [Mon, 31 Aug 2015 22:07:24 +0000 (00:07 +0200)]
gpg: Remove option --no-sig-create-check.

* g10/gpg.c (opts): Remove --no-sig-create-check.
* g10/options.h (struct opt): Remove field no_sig_create_check.
* g10/sign.c (do_sign): Always check unless it is RSA and we are using
Libgcrypt 1.7.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Assume an utf-8 locale on iconv errors.
Werner Koch [Mon, 31 Aug 2015 18:29:28 +0000 (20:29 +0200)]
common: Assume an utf-8 locale on iconv errors.

* common/utf8conv.c (handle_iconv_error): Use utf-8 as fallback.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Fix regression in building argpase.c standalone.
Werner Koch [Mon, 31 Aug 2015 18:21:43 +0000 (20:21 +0200)]
common: Fix regression in building argpase.c standalone.

* common/argparse.c (is_native_utf8) [GNUPG_MAJOR_VERSION]: New.

3 years agoTypo fixes
Werner Koch [Fri, 28 Aug 2015 03:05:37 +0000 (05:05 +0200)]
Typo fixes

--

3 years agog10: Don't leak memory if we fail to initialize a new database handle.
Neal H. Walfield [Mon, 31 Aug 2015 09:22:14 +0000 (11:22 +0200)]
g10: Don't leak memory if we fail to initialize a new database handle.

* g10/keydb.c (keydb_new): If we fail to open a keyring or keybox
correctly release all resources.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Improve interface documentation of the keydb API.
Neal H. Walfield [Mon, 31 Aug 2015 09:14:21 +0000 (11:14 +0200)]
g10: Improve interface documentation of the keydb API.

* g10/keydb.c: Improve code comments and documentation of internal
interfaces.  Improve documentation of public APIs and move that to...
* g10/keydb.h: ... this file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Don't cache search results if the search didn't scan the whole DB.
Neal H. Walfield [Mon, 31 Aug 2015 07:47:58 +0000 (09:47 +0200)]
g10: Don't cache search results if the search didn't scan the whole DB.

* g10/keydb.c (struct keydb_handle): Add new field is_reset.
(keydb_new): Initialize hd->is_reset to 1.
(keydb_locate_writable): Set hd->is_reset to 1.
(keydb_search): Set hd->is_reset to 0.  Don't cache a key not found if
the search started from the beginning of the database.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agog10: Have keydb_search_first call keydb_search_reset before searching.
Neal H. Walfield [Mon, 31 Aug 2015 07:22:23 +0000 (09:22 +0200)]
g10: Have keydb_search_first call keydb_search_reset before searching.

* g10/keydb.c (keydb_search_first): Reset the handle before starting
the search.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
This bug hasn't shown up yet in practice, because keydb_search_first
is always called immediately after a keydb_new.  This changes cleans
up the semantics and will hopefully prevent future bugs.

3 years agog10: Remove unused parameter.
Neal H. Walfield [Fri, 28 Aug 2015 14:22:59 +0000 (16:22 +0200)]
g10: Remove unused parameter.

* g10/keydb.h (keydb_locate_writable): Remove unused parameter
reserved.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agoagent: Fix SSH public key for EdDSA.
NIIBE Yutaka [Mon, 31 Aug 2015 06:15:03 +0000 (15:15 +0900)]
agent: Fix SSH public key for EdDSA.

* agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40.

3 years agog10: Simplify cache. Only include data that is actually used.
Neal H. Walfield [Wed, 26 Aug 2015 10:22:24 +0000 (12:22 +0200)]
g10: Simplify cache.  Only include data that is actually used.

* g10/keydb.c (struct kid_list_s): Rename from this...
(struct kid_not_found_cache_bucket): ... to this.  Update users.
Remove field state.
(kid_list_t): Remove type.
(KID_NOT_FOUND_CACHE_BUCKETS): Define.  Use this instead of a literal.
(kid_found_table): Rename from this...
(kid_not_found_cache_bucket): ... to this.  Update users.
(kid_found_table_count): Rename from this...
(kid_not_found_cache_count): ... to this.  Update users.
(kid_not_found_p): Only return whether a key with the specified key id
is definitely not in the database.
(kid_not_found_insert): Remove parameter found.  Update callers.
(keydb_search): Only insert a key id in the not found cache if it is
not found.  Rename local variable once_found to already_in_cache.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Commit e0873a33 started tracking whether key ids where definitely in
the database.  This information is, however, never used and thus just
unnecessarily inflates the cache.  This patch effectively reverts that
change (however, e0873a33 contains two separate changes and this only
reverts that change).

3 years agoAdd configure option --enable-build-timestamp.
Werner Koch [Tue, 25 Aug 2015 19:08:27 +0000 (21:08 +0200)]
Add configure option --enable-build-timestamp.

* configure.ac (BUILD_TIMESTAMP): Set to "<none>" by default.
--

This is based on
libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554
but changed to be disabled by default.  Check there for some
background.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Emit ERROR status for key signing failures.
Werner Koch [Tue, 25 Aug 2015 13:06:40 +0000 (15:06 +0200)]
gpg: Emit ERROR status for key signing failures.

* g10/keyedit.c (sign_uids): Write an ERROR status for a signing
failure.
(menu_adduid, menu_addrevoker, menu_revsig): Ditto.
(menu_revuid, menu_revkey, menu_revsubkey): Ditto.
--

This change helps GPA to show better error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Print a new FAILURE status after most commands.
Werner Koch [Tue, 25 Aug 2015 07:03:31 +0000 (09:03 +0200)]
gpg: Print a new FAILURE status after most commands.

* common/status.h (STATUS_FAILURE): New.
* g10/cpr.c (write_status_failure): New.
* g10/gpg.c (main): Call write_status_failure for all commands which
print an error message here.
* g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
set the pinentry mode.
--

This status line can be used similar to the error code returned by
commands send over the Assuan interface in gpgsm.  We don't emit them
in gpgsm because there we already have that Assuan interface to return
proper error code.  This change helps GPGME to return better error
codes.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agoagent: Raise the maximum password length. Don't hard code it.
Neal H. Walfield [Mon, 24 Aug 2015 14:14:09 +0000 (16:14 +0200)]
agent: Raise the maximum password length.  Don't hard code it.

* agent/agent.h (MAX_PASSPHRASE_LEN): Define.
* agent/command-ssh.c (ssh_identity_register): Use it instead of a
hard-coded literal.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise.
* agent/findkey.c (unprotect): Likewise.
* agent/genkey.c (agent_ask_new_passphrase): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
GnuPG-bug-id: 2038

3 years agosm: Support secret key export via the Assuan interface.
Werner Koch [Mon, 24 Aug 2015 10:43:00 +0000 (12:43 +0200)]
sm: Support secret key export via the Assuan interface.

* sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agopo: Grammar fix for the German translation.
Werner Koch [Mon, 24 Aug 2015 07:31:24 +0000 (09:31 +0200)]
po: Grammar fix for the German translation.

--
Reported-by: Thomas Bellmann
3 years agodirmngr: Allow sending of Zack's key.
Werner Koch [Sun, 23 Aug 2015 19:16:39 +0000 (21:16 +0200)]
dirmngr: Allow sending of Zack's key.

* dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Fix regression in packet parser from Aug 19.
Werner Koch [Sun, 23 Aug 2015 10:17:43 +0000 (12:17 +0200)]
gpg: Fix regression in packet parser from Aug 19.

* g10/parse-packet.c (parse): Use an int to compare to -1.  Use
buf32_to_ulong.
--

Regression-due-to: 0add91ae1ca3718e8140af09294c595f47c958d3
Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agogpg: Show not found keys with --locate-key --verbose.
Werner Koch [Sun, 23 Aug 2015 09:56:17 +0000 (11:56 +0200)]
gpg: Show not found keys with --locate-key --verbose.

* g10/keylist.c (locate_one): Print a diagnostic for a not-found key.

Signed-off-by: Werner Koch <wk@gnupg.org>
3 years agocommon: Don't incorrectly reject 4 GB - 1 sized packets.
Neal H. Walfield [Fri, 21 Aug 2015 09:55:15 +0000 (11:55 +0200)]
common: Don't incorrectly reject 4 GB - 1 sized packets.

* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
Add the constraint that the type must be 63.
* kbx/keybox-openpgp.c (next_packet): Likewise.
* tests/openpgp/4gb-packet.asc: New file.
* tests/openpgp/4gb-packet.test: New file.
* tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
(TEST_FILES): Add 4gb-packet.asc.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Don't assume on-disk layout matches in-memory layout.
Neal H. Walfield [Fri, 21 Aug 2015 08:38:41 +0000 (10:38 +0200)]
common: Don't assume on-disk layout matches in-memory layout.

* g10/packet.h (PKT_signature): Change revkey's type from a struct
revocation_key ** to a struct revocation_key *.  Update users.

--
revkey was a pointer into the raw data.  But, C doesn't guarantee that
there is no padding.  Thus, we copy the data.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Don't incorrectly copy packets with partial lengths.
Neal H. Walfield [Fri, 21 Aug 2015 07:47:57 +0000 (09:47 +0200)]
common: Don't incorrectly copy packets with partial lengths.

* g10/parse-packet.c (parse): We don't handle copying packets with a
partial body length to an output stream.  If this occurs, log an error
and abort.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Check parameters more rigorously.
Neal H. Walfield [Fri, 21 Aug 2015 07:35:09 +0000 (09:35 +0200)]
common: Check parameters more rigorously.

* g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
NULL.
(copy_all_packets): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Don't continuing processing on error.
Neal H. Walfield [Fri, 21 Aug 2015 07:32:58 +0000 (09:32 +0200)]
common: Don't continuing processing on error.

* g10/parse-packet.c (dbg_parse_packet): Also return if parse returns
an error.
(parse_packet): Likewise.
(dbg_search_packet): Likewise.
(search_packet): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
3 years agocommon: Better respect the packet's length when reading it.
Neal H. Walfield [Fri, 21 Aug 2015 07:28:49 +0000 (09:28 +0200)]
common: Better respect the packet's length when reading it.

* g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
underflow.  Be more careful that a read doesn't read more data than
PKTLEN says is available.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agodoc: Remove C++ style comments and update HACKING.
Werner Koch [Thu, 20 Aug 2015 15:42:55 +0000 (17:42 +0200)]
doc: Remove C++ style comments and update HACKING.

--

4 years agopo: Add lost translation of validity strings.
Werner Koch [Thu, 20 Aug 2015 14:37:45 +0000 (16:37 +0200)]
po: Add lost translation of validity strings.

* po/POTFILES.in (trust.c): Add missing file.
* po/de.po: Changed German validity strings.
* doc/help.de.txt: Ditto.
--

Note that I replaced "uneingeschr√§nkt" in de.po to "ultimativ" to
make the output better readable.

4 years agog10/parse-packet.c:parse: Try harder to not ignore an EOF.
Neal H. Walfield [Wed, 19 Aug 2015 11:41:12 +0000 (13:41 +0200)]
g10/parse-packet.c:parse: Try harder to not ignore an EOF.

* g10/parse-packet.c (parse): Be more robust: make sure to process any
EOF.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10/parse-packet.c: Replace literal with symbolic expression.
Neal H. Walfield [Wed, 19 Aug 2015 11:38:20 +0000 (13:38 +0200)]
g10/parse-packet.c: Replace literal with symbolic expression.

* g10/parse-packet.c (dump_hex_line): Use sizeof rather than the
buffer's size.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agoAdd documentation for g10/parse-packet.c.
Neal H. Walfield [Wed, 19 Aug 2015 11:36:13 +0000 (13:36 +0200)]
Add documentation for g10/parse-packet.c.

* g10/packet.h: Add documentation for functions defined in
parse-packet.c.
* g10/parse-packet.c: Improve comments for many functions.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10/packet.h: Remove unused argument from enum_sig_subpkt.
Neal H. Walfield [Wed, 19 Aug 2015 09:45:24 +0000 (11:45 +0200)]
g10/packet.h: Remove unused argument from enum_sig_subpkt.

* g10/packet.h (enum_sig_subpkt): Remove argument RET_N.  Update
callers.
* g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.

--
Remove the RET_N argument, because it is unused and because it is
meaningless: it's not clear whether it is an offset into SIG->HASHED
or SIG->UNHASHED.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agog10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.
Neal H. Walfield [Tue, 18 Aug 2015 08:33:06 +0000 (10:33 +0200)]
g10/parse-packet.c:mpi_read: Detect EOF and correct boundary conditions.

* g10/parse-packet.c (mpi_read): Improve documentation.  Correctly
handle an EOF.  On overflow, correctly return the number of bytes read
from the pipeline.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Make control flow more obvious.
Neal H. Walfield [Mon, 17 Aug 2015 11:00:32 +0000 (13:00 +0200)]
common/iobuf.c: Make control flow more obvious.

* common/iobuf.c (iobuf_read): Make control flow more obvious.
(iobuf_get_filelength): Likewise.
(iobuf_get_fd): Likewise.
(iobuf_seek): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Add some sanity checks to catch programmer bugs.
Neal H. Walfield [Mon, 17 Aug 2015 10:52:20 +0000 (12:52 +0200)]
common/iobuf.c: Add some sanity checks to catch programmer bugs.

* common/iobuf.c (iobuf_alloc): Check that BUFSIZE is not 0.
(iobuf_readbyte): Check that A is an input filter.  Check that the
amount of read data is at most the amount of buffered data.
(iobuf_read): Check that A is an input filter.
(iobuf_writebyte): Check that A is not an input filter.
(iobuf_writestr): Check that A is not an input filter.
(iobuf_flush_temp): Check that A is not an input filter.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c:iobuf_write_temp: Elide redundant code.
Neal H. Walfield [Mon, 17 Aug 2015 10:40:53 +0000 (12:40 +0200)]
common/iobuf.c:iobuf_write_temp: Elide redundant code.

* common/iobuf.c (iobuf_write_temp): Don't repeat iobuf_flush_temp.
Use it directly.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Have iobuf_writestr use iobuf_write, not iobuf_writebyte
Neal H. Walfield [Mon, 17 Aug 2015 10:33:29 +0000 (12:33 +0200)]
common/iobuf.c: Have iobuf_writestr use iobuf_write, not iobuf_writebyte

* common/iobuf.c (iobuf_write): Don't write a byte at a time.  Use
iobuf_write.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf: Improve documentation and code comments.
Neal H. Walfield [Mon, 17 Aug 2015 10:30:04 +0000 (12:30 +0200)]
common/iobuf: Improve documentation and code comments.

common/iobuf.h: Improve documentation and code comments.
common/iobuf.c: Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Adjust buffer size of filters in front of temp filters.
Neal H. Walfield [Mon, 17 Aug 2015 10:29:15 +0000 (12:29 +0200)]
common/iobuf.c: Adjust buffer size of filters in front of temp filters.

* common/iobuf.c (iobuf_push_filter2): If the head filter is a temp
filter, use IOBUF_BUFFER_SIZE for the new filter.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Buffered data should not be processed by new filters.
Neal H. Walfield [Mon, 17 Aug 2015 09:56:42 +0000 (11:56 +0200)]
common/iobuf.c: Buffered data should not be processed by new filters.

* common/iobuf.c (iobuf_push_filter2): If the pipeline is an output or
temp pipeline, the new filter shouldn't assume ownership of the old
head's internal buffer: the data was written before the filter was
added.
* common/t-iobuf.c (double_filter): New function.
(main): Add test cases for the above bug.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.
Neal H. Walfield [Fri, 14 Aug 2015 11:19:22 +0000 (13:19 +0200)]
common/iobuf.c: Flush the pipeline in iobuf_temp_to_buffer.

* common/iobuf.c (iobuf_temp_to_buffer): Flush each filter in the
pipeline and copy the data from the last (not the first) filter's
internal buffer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.
Neal H. Walfield [Fri, 14 Aug 2015 09:18:18 +0000 (11:18 +0200)]
common/iobuf.c: Combine iobuf_open, iobuf_create and iobuf_openrw.

* common/iobuf.c (do_open): New function, which is a generalization of
iobuf_open, iobuf_Create, iobuf_openrw.
(iobuf_open): Call do_open.
(iobuf_create): Likewise.
(iobuf_openrw): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.h: Remove iobuf_open_fd_or_name.
Neal H. Walfield [Thu, 13 Aug 2015 14:09:15 +0000 (16:09 +0200)]
common/iobuf.h: Remove iobuf_open_fd_or_name.

* common/iobuf.h (iobuf_open_fd_or_name): Remove prototype.  Replace
use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
* common/iobuf.c (iobuf_open): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Rename iobuf_flush and make it a static function.
Neal H. Walfield [Thu, 13 Aug 2015 13:53:11 +0000 (15:53 +0200)]
common/iobuf.c: Rename iobuf_flush and make it a static function.

* common/iobuf.h (iobuf_flush): Remove prototype.
* common/iobuf.c (filter_flush): New static prototype.
(iobuf_flush): Rename...
(filter_flush): ... to this.  Make static.  Simplify code.  Update
callers.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails
Neal H. Walfield [Thu, 13 Aug 2015 08:08:32 +0000 (10:08 +0200)]
common/iobuf.c: Don't abort freeing a pipeline if freeing a filter fails

* common/iobuf.c (iobuf_cancel): Don't abort freeing a pipeline if
freeing a filter fails.  This needs to a memory leak.  Instead, keep
freeing and return the error code of the first filter that fails.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Improve iobuf_peek.
Neal H. Walfield [Wed, 12 Aug 2015 20:57:58 +0000 (22:57 +0200)]
common/iobuf.c: Improve iobuf_peek.

* common/iobuf.c (underflow): Take additional parameter
clear_pending_eof.  If not set, don't clear a pending eof when
returning EOF.  Update callers.
(iobuf_peek): Fill the internal buffer, if needed, to be able to
better satisfy any request.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: When requested, fill the buffer even if it is not empty.
Neal H. Walfield [Wed, 12 Aug 2015 20:10:37 +0000 (22:10 +0200)]
common/iobuf.c: When requested, fill the buffer even if it is not empty.

* common/iobuf.c (underflow): Don't require that the buffer be empty.
When called, fill any available space.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/t-iobuf.c: Add a test case for multiple EOFs.
Neal H. Walfield [Wed, 12 Aug 2015 09:44:59 +0000 (11:44 +0200)]
common/t-iobuf.c: Add a test case for multiple EOFs.

common/t-iobuf.c (main): Add a test case for multiple EOFs in an INPUT
pipeline.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Better respect boundary conditions in iobuf_read_line.
Neal H. Walfield [Wed, 12 Aug 2015 00:19:05 +0000 (02:19 +0200)]
common/iobuf.c: Better respect boundary conditions in iobuf_read_line.

* common/iobuf.c (iobuf_read_line): Be more careful with boundary
conditions.
* common/iobuf.h: Include <gpg-error.h>.
* common/t-iobuf.c: New file.
* common/Makefile.am (module_tests): Add t-iobuf.
(t_mbox_util_LDADD): New variable.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Fix filter type for iobuf_temp_with_content.
Neal H. Walfield [Wed, 12 Aug 2015 10:03:23 +0000 (12:03 +0200)]
common/iobuf.c: Fix filter type for iobuf_temp_with_content.

* common/iobuf.c (iobuf_temp_with_content): Set the filter type to
IOBUF_INPUT, not IOBUF_TEMP, which is only for output filters that
write into a dynamic buffer.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.h: Remove unimplemented prototypes.
Neal H. Walfield [Mon, 10 Aug 2015 13:04:52 +0000 (15:04 +0200)]
common/iobuf.h: Remove unimplemented prototypes.

* common/iobuf.h (iobuf_unread): Remove unimplemented prototype.
(iobuf_clear_eof): Likewise.
(iobuf_append): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Refactor code to not need the desc field.
Neal H. Walfield [Sun, 9 Aug 2015 14:57:42 +0000 (16:57 +0200)]
common/iobuf.c: Refactor code to not need the desc field.

* common/iobuf.h (struct iobuf_struct): Remove field desc.
* common/iobuf.c (iobuf_desc): New function.  When a filter's
description is needed, use this instead of the filter's desc field.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.h: Clarify semantics of nofast. Simplify implementation.
Neal H. Walfield [Sun, 9 Aug 2015 14:53:51 +0000 (16:53 +0200)]
common/iobuf.h: Clarify semantics of nofast.  Simplify implementation.

* common/iobuf.h (struct iobuf_struct): Clarify semantics of nofast.
Simplify use of nofast to implement just these semantics.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Remove dead code (directfp).
Neal H. Walfield [Sun, 9 Aug 2015 14:50:42 +0000 (16:50 +0200)]
common/iobuf.c: Remove dead code (directfp).

* common/iobuf.h (struct iobuf_struct): Remove field directfp.  Remove
all uses of it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.c: Remove dead code (opaque).
Neal H. Walfield [Sun, 9 Aug 2015 14:49:04 +0000 (16:49 +0200)]
common/iobuf.c: Remove dead code (opaque).

* common/iobuf.h (struct iobuf_struct): Remove field opaque.  Remove
all uses of it.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agocommon/iobuf.h: Replace further use of literals with symbolic constants.
Neal H. Walfield [Sun, 9 Aug 2015 08:52:34 +0000 (10:52 +0200)]
common/iobuf.h: Replace further use of literals with symbolic constants.

* common/iobuf.c: Move BLOCK_FILTER_INPUT,
BLOCK_FILTER_OUTPUT_BLOCK_FILTER_TEMP from here...
* common/iobuf.h: ... to here and rename to IOBUF_INPUT, IOBUF_OUTPUT
and IOBUF_TEMP, respectively.  Where appropriate, use these macros
instead of a literal.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agogpg: Avoid linking to Libksba
Werner Koch [Mon, 17 Aug 2015 14:13:25 +0000 (16:13 +0200)]
gpg: Avoid linking to Libksba

* kbx/keybox.h (KEYBOX_WITH_X509): Do not define.
* sm/Makefile.am (AM_CPPFLAGS): Define it here.
(common_libs): Change to libkeybox509.a
* g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS.
(gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS
* kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a.
(libkeybox509_a_SOURCES): New.
(libkeybox_a_CFLAGS): New.
(libkeybox509_a_CFLAGS): New.
(kbxutil_CFLAGS): New.
* kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args
as unused.
--

There is no real need to link to Libksba in gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoFix pinentry loopback and passphrase contraints.
Ben Kibbey [Sun, 16 Aug 2015 17:46:59 +0000 (13:46 -0400)]
Fix pinentry loopback and passphrase contraints.

* agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
pinentry loopback mode.
* agent/genkey.c (check_passphrase_constraints): Immediately return when
pinentry mode is loopback.

--
Fixes endless loop when inquiring a passphrase with
pinentry-mode=loopback that may not satisfy passphrase contraints.

4 years agoFix sending INQUIRE_MAXLEN for symmetric data.
Ben Kibbey [Sun, 16 Aug 2015 16:23:21 +0000 (12:23 -0400)]
Fix sending INQUIRE_MAXLEN for symmetric data.

* g10/passphrase.c (passphrase_to_dek_ext): Write the status message.

4 years agoInform a user about inquire length limit.
Ben Kibbey [Fri, 17 Apr 2015 01:00:30 +0000 (21:00 -0400)]
Inform a user about inquire length limit.

* common/status.h (INQUIRE_MAXLEN): New.
* g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
client when inquiring a passphrase over pinentry-loopback.

--
This is to inform a user about the maximum length of a passphrase. The
limit is the same that gpg-agent uses.

4 years agoAllow --gen-key to inquire a passphrase.
Ben Kibbey [Tue, 14 Apr 2015 22:48:57 +0000 (18:48 -0400)]
Allow --gen-key to inquire a passphrase.

* g10/gpg.c (main): test for --command-fd during --gen-key parse.

When --command-fd is set then imply --batch to let gpg inquire a
passphrase rather than requiring a pinentry.

4 years agoPost release updates.
Werner Koch [Tue, 11 Aug 2015 14:13:39 +0000 (16:13 +0200)]
Post release updates.

--

4 years agoRelease 2.1.7 gnupg-2.1.7
Werner Koch [Tue, 11 Aug 2015 11:54:29 +0000 (13:54 +0200)]
Release 2.1.7

4 years agopo: Auto update.
Werner Koch [Tue, 11 Aug 2015 11:54:00 +0000 (13:54 +0200)]
po: Auto update.

--

4 years agopo: Update German translation
Werner Koch [Tue, 11 Aug 2015 11:53:00 +0000 (13:53 +0200)]
po: Update German translation

--

4 years agodoc: Improve documentation of VALIDSIG
Daniel Kahn Gillmor [Tue, 11 Aug 2015 04:01:26 +0000 (00:01 -0400)]
doc: Improve documentation of VALIDSIG

--

4 years agoagent: fix ECC key handling.
NIIBE Yutaka [Mon, 10 Aug 2015 10:13:13 +0000 (19:13 +0900)]
agent: fix ECC key handling.

* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): CURVE is the name of curve.

4 years agocommon/iobuf.c: Replace use of literals with symbolic constants.
Neal H. Walfield [Sat, 8 Aug 2015 11:09:00 +0000 (13:09 +0200)]
common/iobuf.c: Replace use of literals with symbolic constants.

* common/iobuf.c (BLOCK_FILTER_INPUT): Define.  Where appropriate, use
this instead of a literal.
(BLOCK_FILTER_OUTPUT): Likewise.
(BLOCK_FILTER_TEMP): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
4 years agogpg: Allow gpgv to work with a trustedkeys.kbx file.
Werner Koch [Fri, 7 Aug 2015 13:53:56 +0000 (15:53 +0200)]
gpg: Allow gpgv to work with a trustedkeys.kbx file.

* g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New.
* g10/keydb.c (keydb_add_resource): Take care of new flag.
* g10/gpgv.c (main): Use new flag.
--

GnuPG-bug-id: 2025
Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoagent: Add option --force to the DELETE_KEY command.
Werner Koch [Fri, 7 Aug 2015 10:55:29 +0000 (12:55 +0200)]
agent: Add option --force to the DELETE_KEY command.

* agent/findkey.c (agent_delete_key): Add arg "force".
* agent/command.c (cmd_delete_key): Add option --force.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon: Change alias for Curve25519 to "cv25519".
Werner Koch [Fri, 7 Aug 2015 07:37:49 +0000 (09:37 +0200)]
common: Change alias for Curve25519 to "cv25519".

* common/openpgp-oid.c (oidtable): Change alias.
--

This is a cosmetic change so that common and expected common
algorithms line up nicely in a keylisting.  For example:

  pub   ed25519/C68CE6D1ED0319C8 2015-08-06
  uid                 [ultimate] Curve25519 Test 150806.1
  sub   cv25519/49238B9F0712C9BF 2015-08-06
  sub   rsa2048/8AEAF74014699D2C 2015-08-06
  sub   cv25519/8EC3776830B08736 2015-08-06

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Remove duplicated printing of the curve name in "sub" lines.
Werner Koch [Thu, 6 Aug 2015 16:12:31 +0000 (18:12 +0200)]
gpg: Remove duplicated printing of the curve name in "sub" lines.

* g10/keylist.c (list_keyblock_print): Do not print extra curve name.
--

This was cruft from the time before we changed to the new algo/size
string.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Add commands "fpr *" and "grip" to --edit-key.
Werner Koch [Thu, 6 Aug 2015 16:00:12 +0000 (18:00 +0200)]
gpg: Add commands "fpr *" and "grip" to --edit-key.

* g10/keyedit.c (cmdGRIP): New.
(cmds): Add command "grip".
(keyedit_menu) <cmdFPR>: Print subkeys with argument "*".
(keyedit_menu) <cmdGRIP>: Print keygrip.
(show_key_and_fingerprint): Add arg "with_subkeys".
(show_key_and_grip): New.
* g10/keylist.c (print_fingerprint): Add mode 4.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Adjust UID line indentation for common key algos.
Werner Koch [Thu, 6 Aug 2015 15:09:27 +0000 (17:09 +0200)]
gpg: Adjust UID line indentation for common key algos.

* g10/keylist.c (list_keyblock_print): Change UID line indentation
* g10/mainproc.c (list_node): Ditto.
--

Due to the new keyalgo/size format the UID was not anymore printed
properly aligned to the creation date.  Although we can't do that in
any case, this change does it for common algos like "rsa2048",
"dsa2048", and "ed25519".

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoCurve25519 support.
NIIBE Yutaka [Thu, 6 Aug 2015 08:00:41 +0000 (17:00 +0900)]
Curve25519 support.

* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.

--

When libgcrypt has Curve25519, GnuPG now supports Curve25519.

4 years agocommon: extend API of openpgp_oid_to_curve for canonical name.
NIIBE Yutaka [Thu, 6 Aug 2015 07:44:03 +0000 (16:44 +0900)]
common: extend API of openpgp_oid_to_curve for canonical name.

* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.

--

Change the function so that caller can select canonical name of curve
or name for printing.  Suggested by wk.

4 years agoscd: Fix ecc_oid.
NIIBE Yutaka [Tue, 4 Aug 2015 23:17:46 +0000 (08:17 +0900)]
scd: Fix ecc_oid.

* scd/app-openpgp.c (ecc_oid): Call with OIDBUF.

4 years agoscd: Fix ECC support.
NIIBE Yutaka [Tue, 4 Aug 2015 22:59:50 +0000 (07:59 +0900)]
scd: Fix ECC support.

* scd/app-openpgp.c (send_key_attr): Send KEYNO.
(get_public_key): Fix SEXP composing.
(ecc_writekey): Fix OID length calculation.
(ecc_oid): Prepend the length before query.
(parse_algorithm_attribute): Handle the case the curve is not available.

4 years agogpg: Fix duplicate key import due to legacy key in keyring.
Werner Koch [Tue, 4 Aug 2015 15:32:08 +0000 (17:32 +0200)]
gpg: Fix duplicate key import due to legacy key in keyring.

* g10/keydb.c (keydb_search_fpr): Skip legacy keys.
--

A test case for this problem can be found at
GnuPG-bug-id: 2031

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Properly handle legacy keys while looking for a secret key.
Werner Koch [Tue, 4 Aug 2015 10:28:17 +0000 (12:28 +0200)]
gpg: Properly handle legacy keys while looking for a secret key.

* g10/getkey.c (have_secret_key_with_kid): Skip legacy keys.
--

This fixes
GnuPG-bug-id: 2031

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodoc: Two typo fixes.
Hugo Roy [Mon, 3 Aug 2015 10:34:15 +0000 (12:34 +0200)]
doc: Two typo fixes.

--

4 years agogpg: Fix endless loop for expired keys given by fpr.
Werner Koch [Fri, 31 Jul 2015 10:02:08 +0000 (12:02 +0200)]
gpg: Fix endless loop for expired keys given by fpr.

* g10/getkey.c (lookup): Disable keydb caching when continuing a
search.
--

Caches are Fierce Creatures.

Reported-by: Patrick Brunschwig
4 years agogpg: Do not return "Legacy Key" from lookup if a key is expired.
Werner Koch [Wed, 29 Jul 2015 14:10:54 +0000 (16:10 +0200)]
gpg: Do not return "Legacy Key" from lookup if a key is expired.

* g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY.
--

If an expired key is directly followed by a legacy key in the keyring,
the lookup function incorrectly returned "legacy key" instead of
"unusable key".  We fix it by handling not found identical to a legacy
key if the last finish lookup failed.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agodoc: Document that gpg --edit-key's toggle is a nop.
Werner Koch [Wed, 29 Jul 2015 13:46:40 +0000 (15:46 +0200)]
doc: Document that gpg --edit-key's toggle is a nop.

--

4 years agogpg: Indicate secret keys and cards in a key-edit listing.
Werner Koch [Tue, 28 Jul 2015 16:21:47 +0000 (18:21 +0200)]
gpg: Indicate secret keys and cards in a key-edit listing.

* g10/keyedit.c (sign_uids): Add arg "ctrl".
(show_key_with_all_names_colon): Ditto.
(show_key_with_all_names): Ditto.

* g10/keyedit.c (show_key_with_all_names): Print key record
indicators by checking with gpg-agent.
(show_key_with_all_names): Ditto.  May now also print sec/sbb.
--

This also fixes a problem in the --with-colons mode.  Before this
patch the --with-colons output of --edit-key always showed pub/sub
regardless of the old toogle state.  Now it also prints sec/sbb.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agogpg: Remove the edit-key toggle command.
Werner Koch [Tue, 28 Jul 2015 15:43:29 +0000 (17:43 +0200)]
gpg: Remove the edit-key toggle command.

* g10/keyedit.c (cmds): Remove helptext from "toggle".
(keyedit_menu): Remove "toggle" var and remove the sub/pub check
against toggle.
--

Because it is now easily possible to have only secret keys for some of
the main/subkeys the current check on whether any secret is available
is not really useful.  A finer grained check should eventually be
implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agocommon,w32: Avoid unused var warning about msgcache.
Werner Koch [Tue, 28 Jul 2015 15:38:44 +0000 (17:38 +0200)]
common,w32: Avoid unused var warning about msgcache.

* common/i18n.c (USE_MSGCACHE): New.
(msgcache) [!USE_MSGCACHE]: Do not define.
(i18n_localegettext): Repalce #if conditions by USE_MSGCACHE.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agow32: Try more places to find an installed Pinentry.
Werner Koch [Tue, 28 Jul 2015 10:52:26 +0000 (12:52 +0200)]
w32: Try more places to find an installed Pinentry.

* common/homedir.c (get_default_pinentry_name): Re-implement to
support several choices for Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
4 years agoscd: Fix size_t/unsigned int mismatch.
Werner Koch [Sun, 26 Jul 2015 10:55:53 +0000 (12:55 +0200)]
scd: Fix size_t/unsigned int mismatch.

* scd/app-openpgp.c (ecc_writekey): Use extra var n.

4 years agoReplace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
Werner Koch [Sun, 26 Jul 2015 10:50:16 +0000 (12:50 +0200)]
Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.

* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--

Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places.  For now we need repalcement
macros, though.

4 years agoscd: support any curves defined by libgcrypt.
NIIBE Yutaka [Sat, 25 Jul 2015 03:09:23 +0000 (12:09 +0900)]
scd: support any curves defined by libgcrypt.

* g10/call-agent.h (struct agent_card_info_s): Add curve field.
* g10/call-agent.c (learn_status_cb): Use curve name.
* g10/card-util.c (card_status): Show pubkey name.
* scd/app-openpgp.c (struct app_local_s): Record OID and flags.
(store_fpr): Use ALGO instead of key type.
(send_key_attr): Use curve name instead of OID.
(get_public_key): Clean up by OID to curve name.
(ecc_writekey): Support any curves in libgcrypt.
(do_genkey, do_auth, ): Follow the change.
(ecc_oid): New.
(parse_algorithm_attribute): Show OID here.

4 years agodoc: Document scissor line for commit logs
Werner Koch [Thu, 23 Jul 2015 13:01:40 +0000 (15:01 +0200)]
doc: Document scissor line for commit logs

--

4 years agobuild: ignore scissor line for the commit-msg hook
Peter Wu [Thu, 9 Jul 2015 15:11:33 +0000 (17:11 +0200)]
build: ignore scissor line for the commit-msg hook

* build-aux/git-hooks/commit-msg: Stop processing more lines when the
  scissor line is encountered.
--
This allows the command `git commit -v` to work even if the code is
longer than 72 characters. Note that comments are already ignored by the
previous line.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
4 years agoscd: Format change to specify "rsa2048" for KEY-ATTR.
NIIBE Yutaka [Thu, 23 Jul 2015 05:10:03 +0000 (14:10 +0900)]
scd: Format change to specify "rsa2048" for KEY-ATTR.

* g10/card-util.c (do_change_keysize): Put "rsa".
* scd/app-openpgp.c (change_keyattr, change_keyattr_from_string):
Change the command format.
(rsa_writekey): Check key type.
(do_writekey): Remove "ecdh" and "ecdsa" support which was available
in experimental libgcrypt before 1.6.0.

4 years agodoc: Add a comment to --set-filename.
Werner Koch [Wed, 22 Jul 2015 14:41:22 +0000 (16:41 +0200)]
doc: Add a comment to --set-filename.

--