1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-27 11:10:13 +01:00

8366 Commits

Author SHA1 Message Date
Justus Winter
154af876f0
gpgscm: Merge 'opexe_1'.
* tests/gpgscm/scheme.c (opexe_1): Merge into 'opexe_0'.
* tests/gpgscm/opdefines.h: Adapt.
--

Having separate functions to execute opcodes reduces our ability to
thread the code and prevents the dispatch_table from being moved to
rodata.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-10 14:57:13 +02:00
NIIBE Yutaka
170660ed11 agent: Use "ll" length specifier when time_t is larger.
* agent/command.c (cmd_keytocard): Use KEYTOCARD_TIMESTAMP_FORMAT.

--

On a big-endian 32-bit platform which uses 64-bit time_t, it might go
wrong.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-10 15:04:57 +09:00
NIIBE Yutaka
7501f2e9c4 scd: Relax a condition for p15 driver.
* scd/app-p15.c (read_ef_aodf): Fix.

--

Fixes-commit: 3c1ad96f1ce838daf2d861b33e6611f6d3043d25
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-10 13:18:30 +09:00
NIIBE Yutaka
3c1ad96f1c scd: Relax a condition for p15 driver.
* scd/app-p15.c (read_ef_aodf): Remove possibly redundant condition.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-10 12:59:29 +09:00
NIIBE Yutaka
34199ef677 scd: Remove "special transport" support.
* scd/ccid-driver.c (transports, my_sleep, prepare_special_transport)
(writen): Remove.
(ccid_dev_scan, ccid_dev_scan_finish, ccid_get_BAI): Only for USB.
(ccid_open_reader, do_close_reader, bulk_out, bulk_in, abort_cmd)
(ccid_poll, ccid_transceive): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-10 12:25:06 +09:00
Justus Winter
8640fa880d
gpgscm: Allocate small integers in the rodata section.
* tests/gpgscm/Makefile.am (gpgscm_SOURCES): Add new file.
* tests/gpgscm/scheme-private.h (struct cell): Move number to the top
of the union so that we can initialize it.
(struct scheme): Remove 'integer_segment'.
* tests/gpgscm/scheme.c (initialize_small_integers): Remove function.
(small_integers): New variable.
(MAX_SMALL_INTEGER): Compute.
(mk_small_integer): Adapt.
(mark): Avoid marking objects already marked.  This allows us to run
the algorithm over objects in the rodata section if they are already
marked.
(scheme_init_custom_alloc): Remove initialization.
(scheme_deinit): Remove deallocation.
* tests/gpgscm/small-integers.h: New file.
--

Allocate small integers from a fixed pool in the rodata section.  This
spares us the initialization, and deduplicates integers across
different processes.  It also makes the integers immutable, increasing
memory safety.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-07 13:50:20 +02:00
Justus Winter
c9c3fe8832
gpgscm: Make global data constant when possible.
* tests/gpgscm/scheme-private.h (struct scheme): Make 'vptr' const.
* tests/gpgscm/scheme.c (num_zero): Statically initialize and turn
into constant.
(num_one): Likewise.
(charnames): Change type so that it can be stored in rodata.
(is_ascii_name): Adapt slightly.
(assign_proc): Make argument const char *.
(op_code_info): Make some fields const char *.
(tests): Make const.
(dispatch_table): Make const.  At least it can be made read-only after
relocation.
(Eval_Cycle): Adapt slightly.
(vtbl): Make const.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-07 13:11:31 +02:00
Justus Winter
56638c28ad
gpgscm: Remove arbitrary limit on number of cell segments.
* tests/gpgscm/scheme-private.h (struct scheme): Remove fixed-size
arrays for cell segments, replace them with a pointer to the new
'struct cell_segment' instead.
* tests/gpgscm/scheme.c (struct cell_segment): New definition.
(_alloc_cellseg): Allocate the header within the segment, return a
pointer to the header.
(_dealloc_cellseg): New function.
(alloc_cellseg): Insert the segments into a list.
(_get_cell): Allocate a new segment if less than a quarter of
CELL_SIGSIZE is recovered during garbage collection.
(initialize_small_integers): Adapt callsite.
(gc): Walk the list of segments.
(scheme_init_custom_alloc): Remove initialization of removed field.
(scheme_deinit): Adapt deallocation.
--

Previously the number of cells that could be allocated was a
compile-time limit.  Remove this limit.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-07 13:11:30 +02:00
Justus Winter
bf8b5e9042
gpgscm: Fix compact vector encoding.
* tests/gpgscm/scheme-private.h (struct cell): Use uintptr_t for
'_flags'.  This way, '_flags' has the size of a machine word.
--

The compact vector representation introduced in 49e2ae65 requires that
we can tell apart pointers and type flags.  This did not work on
64-bit big-endian architectures.

Fixes a crash on 64-bit big-endian architectures.

Hat-tip-to: gniibe
Fixes-commit: 49e2ae65e892f93be7f87cfaae3392b50a99e4b1
Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-07 12:27:47 +02:00
Werner Koch
9c9fde1495
doc: Explain the '>' in a key listing.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-07 10:26:55 +02:00
Werner Koch
547bc01d57
gpg: Fix printing of offline taken subkey.
* g10/keylist.c (list_keyblock_print): Set SECRET to 2 and not 0x32.
--

Reported-by: Danielle McLean <dani@00dani.me>
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-07 10:13:09 +02:00
NIIBE Yutaka
cc420d3488 scd: Internal CCID reader cleanup.
* scd/ccid-reader.c (scan_usb_device): Only for scan mode, so, rename
from scan_or_find_usb_device.
(scan_devices): Likewise.  Remove support of special transport types.
(ccid_get_reader_list): Simplify.
(abort_cmd): Fix error return.
(send_escape_cmd): Fix for RESULTLEN == NULL.
(ccid_transceive_secure): Remove unnecessary var updates.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-07 13:30:35 +09:00
NIIBE Yutaka
3c93595d70 scd: Don't keep CCID reader open when card is not available.
* scd/apdu.c (open_ccid_reader): Fail if no ATR.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-07 12:18:16 +09:00
NIIBE Yutaka
ebe12be034 agent: Serialize access to passphrase cache.
* agent/cache.c (encryption_lock): Remove.
(cache_lock): New.  Now, we have coarse grain lock to serialize
entire cache access.
(initialize_module_cache): Use CACHE_LOCK.
(init_encryption, new_data): Remove ENCRYPTION_LOCK.
(agent_flush_cache, agent_put_cache, agent_get_cache): Lock the cache.

--

GnuPG-bug-id: 3027
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-07 08:39:26 +09:00
Justus Winter
f1dc34f502
gpgscm: Avoid mutating integer.
* tests/gpgscm/scheme.c (opexe_5): Do not modify the integer in-place
while printing an vector.  Integer objects may be shared, so they must
not be mutated.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-06 16:24:49 +02:00
Justus Winter
b83903f59e
gpgscm: Initialize unused slots in vectors.
* tests/gpgscm/scheme.c (get_vector_object): Initialize unused slots
at the end of vectors.
--

They should not be used for anything, but let's just initialize them
to something benign to be sure.

GnuPG-bug-id: 3014
Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-06 16:21:48 +02:00
Justus Winter
23f00f109d
tests: Fix distcheck.
* tests/Makefile.am (SUBDIRS): Add 'pkits' again.  Simply dropping it
makes 'make distcheck' unhappy.
* tests/pkits/Makefile.am (TESTS): Remove all tests.
--

Disable the 'pkits' tests in a way that keeps 'make distcheck' happy.
To run tests individually, do

  make -Ctests/pkits check TESTS=some-test

GnuPG-bug-id: 3067
Fixes-commit: af1c1a57e46a00a32d83c1a58c5f3ef6f4a1c1d1
Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-06 15:20:43 +02:00
Justus Winter
af1c1a57e4
tests: Disable 'pkits' test suite.
* tests/Makefile.am (SUBDIRS): Drop 'pkits'.
* tests/pkits/common.sh: Fix locating 'PKITS_data.tar.bz2'.
* tests/pkits/inittests: Likewise.
--

These tests are unmaintained and broken, and were previously only run
when doing in-tree builds, hence nobody noticed that they were badly
broken.

GnuPG-bug-id: 3067
Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-06 14:31:54 +02:00
Justus Winter
94645311f8
tests: Make test more robust.
* tests/openpgp/4gb-packet.scm: Skip if we do not have BZIP2.
* tests/openpgp/defs.scm (have-compression-algo?): New function.

GnuPG-bug-id: 3028
Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-06 12:36:00 +02:00
Justus Winter
01e84d429a
tests: Fix setup of ephemeral home directories.
* tests/openpgp/defs.scm (with-ephemeral-home-directory): Set
GNUPGHOME and cwd to the ephemeral directory before calling the setup
function.

GnuPG-bug-id: 3047
Fixes-commit: 32b75fb7743f35936d7014fce33c90ba97dfa374
Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-05 15:22:42 +02:00
Justus Winter
32b75fb774
tests: Fix setup of ephemeral home directories.
* tests/openpgp/defs.scm (with-ephemeral-home-directory): Create
configuration files when we enter the context.
* tests/openpgp/setup.scm: Do not use an ephemeral home directory.
Tests should always use the cwd.
* tests/gpgsm/setup.scm: Likewise.
* tests/gpgsm/export.scm: Add explicit constructor function.
* tests/openpgp/decrypt-session-key.scm: Likewise.
* tests/openpgp/decrypt-unwrap-verify.scm: Likewise.
--

Previously, ephemeral homedirectories lacked a configuration, hence
GnuPG tried to start backend daemons using their installed locations.
Fix this by explicitly creating a suitable configuration.

GnuPG-bug-id: 3047
Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-04 18:52:06 +02:00
Justus Winter
6261611d37
gpgscm: Fix copying values.
* tests/gpgscm/scheme.c (copy_value): New function.
(mk_tagged_value): Use new function.
(opexe_4): Likewise for OP_SAVE_FORCED.
--

Occasionally, we need to copy a value from one location in the storage
to another.  Scheme objects are fine.  Some primitive objects,
however, require finalization, usually to free resources.

For these values, we either make a copy or acquire a reference.

Fixes e.g. a double free if a delayed expression evaluating to a
string is forced.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-04 18:48:51 +02:00
Justus Winter
a80d4a9b50
gpgscm: Simplify get-output-string operation.
* tests/gpgscm/scheme.c (opexe_4): Simplify 'get-output-string'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-04 18:19:35 +02:00
Justus Winter
d858096c99
gpgscm: Simplify substring operation.
* tests/gpgscm/scheme.c (opexe_2): Simplify 'substring'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-04 15:04:42 +02:00
NIIBE Yutaka
685438bf6f po: Update Japanese translation.
--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-04 10:48:09 +09:00
NIIBE Yutaka
5744d2038b agent: Minor fix for get_client_pid.
* agent/command-ssh.c (get_client_pid): Use 0 to initialize.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-04 10:39:00 +09:00
Werner Koch
943176c732
Post release updates.
--
2017-04-03 21:54:53 +02:00
Werner Koch
e7eb9b12de
Release 2.1.20
Signed-off-by: Werner Koch <wk@gnupg.org>
gnupg-2.1.20
2017-04-03 20:59:47 +02:00
Werner Koch
3533b85440
dirmngr: New option --disable-ipv6
* dirmngr/dirmngr.h (struct opt): Add field 'disable_ipv6'.
* dirmngr/dirmngr.c (oDisableIPv6): New const.
(opts): New option --disable-ipv6.
(parse_rereadable_options): Set that option.
* dirmngr/dns-stuff.c (opt_disable_ipv6): New var.
(set_dns_disable_ipv6): New.
(resolve_name_standard): Make use of it.
* dirmngr/ks-engine-finger.c (ks_finger_fetch): Take care of
OPT.DISABLE_IPV6.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
(send_request): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ocsp.c (do_ocsp_request): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:56:12 +02:00
Werner Koch
fce36d7ec8
dirmngr,w32: Silence the 'certificate already cached' message.
* dirmngr/certcache.c (load_certs_from_w32_store): Silenece an info
message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:34:21 +02:00
Werner Koch
cc32ddbcba
dirmngr: Handle EIO which is sometimes returned by cookie functions.
* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle EIO.
--

Suggested-by: Andre Heinecke
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:23:18 +02:00
Werner Koch
35c843c815
dirmngr: Always print a warning for a missing /etc/hosts.
* dirmngr/dns-stuff.c (libdns_init): No Windows specific handling of a
missing /etc/hosts.
--

My last comment on this was flawed.  Windows seems to always have its
version of /etc/hosts.  Only the en passant fixed bad escaping led me
assume that this was the case.  Thanks to Andre for complaining about
my comment remark.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:20:49 +02:00
Werner Koch
5d873f288e
dirmngr: Do not assume that /etc/hosts exists.
* dirmngr/dns-stuff.c (libdns_init): Do not bail out.
--

A standard Windows installation does not have a hosts file and thus we
can't bail out here.  We should also not bail out on a Unix system
because /etc/hosts is just one method in  nsswitch.conf.

Fixes-commit: 88f1505f0613894d5544290a170119eb538921e5
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 20:06:57 +02:00
Werner Koch
c6b5611c23
po: Auto-update.
--
2017-04-03 17:12:26 +02:00
Werner Koch
c7be01dae9
po: Update the German translation
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 17:11:24 +02:00
Ineiev
661d22c128
po: Update Russian translation
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 17:03:36 +02:00
Werner Koch
608124af2c
doc: Add two example profiles.
--
2017-04-03 16:54:43 +02:00
Werner Koch
d23052b04e
gpgconf: Add --enable-extended-key-format for the agent.
* tools/gpgconf-conf.c: Add option.
* agent/gpg-agent.c (main) <aGPGConfList>: Add option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 16:54:43 +02:00
Justus Winter
90932bdad6
gpgscm: Slightly improve the procedure dispatch.
* tests/gpgscm/scheme.c (procnum): Procedures always have an integer
number, so we can safely use the cheaper 'ivalue_unchecked'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-04-03 11:53:19 +02:00
Werner Koch
3f6d949011
gpg: Handle critical marked 'Reason for Revocation'.
* g10/parse-packet.c (can_handle_critical): Add
SIGSUBPKT_REVOC_REASON.
--

Some software seems to mark that subpacket as criticial.  Although gpg
has no special treatment for a revocation reasons (except for
--list-packets) we can accept a criticial marked anyway.  There are no
mandatary rules specified on how to handle a revocation reason.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-03 08:51:52 +02:00
Werner Koch
d24375271b
agent: Use OCB for key protection with --enable-extended-key-format.
* agent/protect.c (PROT_DEFAULT_TO_OCB): Remove macro.
(agent_protect): Make the default protection mode depend on the extend
key format option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-02 20:02:55 +02:00
Werner Koch
0039d7107b
kbx: Unify blob reading functions.
* kbx/keybox-file.c (_keybox_read_blob): Remove.
(_keybox_read_blob2): Rename to ....
(_keybox_read_blob): this.  Make arg options.  Change all callers.
* kbx/keybox-search.c (keybox_search): Factor fopen call out to ...
(open_file): new.
(keybox_seek): Als use open_file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-04-01 11:10:47 +02:00
Werner Koch
5556eca5ac
gpg: Avoid multiple open calls to the keybox file.
* g10/keydb.h (KEYDB_HANDLE): Move typedef to ...
* g10/gpg.h: here.
(struct server_control_s): Add field 'cached_getkey_kdb'.
* g10/gpg.c (gpg_deinit_default_ctrl): Release that keydb handle.
* g10/getkey.c (getkey_end): Cache keydb handle.
(get_pubkey): Use cached keydb handle.
* kbx/keybox-search.c (keybox_search_reset): Use lseek instead of
closing the file.
--

Before this patch a "gpg --check-sigs" opened and closed the keybox
file for almost every signature check.  By caching the keydb handle
and using lseek(2) this can be limited to just 2 times.  This might
speed up things on Windows.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 21:27:16 +02:00
Werner Koch
aca5f494a8
gpg: Pass CTRL also to getkey_end.
* g10/getkey.c (getkey_end): Add arg CTRL.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:35:28 +02:00
Werner Koch
3a10de3bfd
gpg: Print more stats for the keydb and the signature cache.
* g10/sig-check.c (sig_check_dump_stats): New.
(cache_stats): New struct.
(check_key_signature2): Update stats.
* g10/gpg.c (g10_exit): Call new function.
* g10/keydb.c (kid_not_found_cache_count): Replace by ...
(kid_not_found_stats): ... new struct.  Change users.
(keydb_stats): New struct.  Update the counters.
(keydb_dump_stats): Print all stats.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:08:23 +02:00
Werner Koch
52ba5e67ca
gpg: Assert that an opaque parameter is really what we expect.
* g10/gpg.h (SERVER_CONTROL_MAGIC): New const.
(server_control_s): Add field 'magic'.
* g10/gpg.c (gpg_init_default_ctrl): Init MAGIC.
* g10/import.c (impex_filter_getval): Assert MAGIC.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:33 +02:00
Werner Koch
8f2671d2cc
gpg: Pass CTRL to many more functions.
--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:20 +02:00
Justus Winter
5e89144cbc
gpg: Consistent use of preprocessor conditionals.
* g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking
DEBUG_PARSE_PACKET.  This fixes the build with '#define
DEBUG_PARSE_PACKET 0'.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-30 16:13:45 +02:00
Justus Winter
214fa90122
common: Avoid undefined behavior.
* common/iobuf.c (iobuf_read_line): Do not consider 'length' if
'buffer' is NULL.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-30 16:13:43 +02:00
Werner Koch
a6142dbdbc
gpg: Remove the use of the signature information from a KBX.
* g10/keydb.c (keyblock_cache): Remove field SIGSTATUS.
(keyblock_cache_clear): Adjust for that removal.
(parse_keyblock_image): Remove arg SIGSTATUS.  Remove the signature
cache setting; this is now done in the parser.
(keydb_get_keyblock): Do not set SIGSTATUS.
(build_keyblock_image): Remove arg SIGSTATUS and simplify.  Change
caller.
* kbx/keybox-blob.c: Explain that the signature information is not
anymore used.
(_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change
callers.
* kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS
and change callers.
* kbx/keybox-update.c (keybox_insert_keyblock): Likewise.
--

This thing was too complicated and has been replaced by the new ring
trust packet code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 16:01:55 +02:00