1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

1061 Commits

Author SHA1 Message Date
Werner Koch
1dfe71c62b
gpg: Support decryption of the new AEAD packet
* common/openpgpdefs.h (aead_algo_t): New.
(pkttype_t): Add PKT_ENCRYPTED_AEAD.
* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
AEAD.
(aead_set_nonce_and_ad): New.
(aead_checktag): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/dek.h (DEK): Add field use_aead.  Turn use_mdc,
algo_info_printed, and symmetric into bit flags.
* g10/mainproc.c (struct mainproc_context): Add field
seen_pkt_encrypted_aead.
(release_list): Clear it.
(have_seen_pkt_encrypted_aead): New.
(symkey_decrypt_seskey): Support AEAD.
(proc_symkey_enc): Ditto.
(proc_encrypted): Ditto.
(proc_plaintext): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(openpgp_aead_algo_info): New.
* g10/packet.h (PKT_symkey_enc): Add field use_aead.
(PKT_user_id): Add field flags.aead
(PKT_public_key): Ditto.
(PKT_encrypted): Add fields for AEAD.
* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
(parse_symkeyenc): Support AEAD.
(parse_encrypted): Ditto.
(dump_sig_subpkt): Dump AEAD preference packet.
(parse_encrypted_aead): New.
--

This patch allows to decrypt data encrypted using the new AEAD
mechanism as specified in rfc4880bis.  Although preferences are used
to enable this new mode, it is useful to have at least a decryption
option in case a user switches between GnuPG 2.2 and newer versions.

The new AEAD mechanism is much faster than the current CFB+MDC and
thus 2.2 will allow faster decryption of symmetric only decryption.

This patch is based on the current master (2.3) code base and includes
a few other patches.  In particular
commit 44be675b759d27bac310c2de8bae1b7882a26b65
(gpg: More check for symmetric key encryption.)
is included.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:25:55 +02:00
Werner Koch
4d37cc72b8
common: New function to map hash algo names.
* common/sexputil.c (hash_algo_to_string): New.
--

Libgcrypt expects lowercase names and it is cumbersome to downcase
those retrieved via gcry_md_algo_name.  It is easier and also faster
to use a dedicated map function.
2020-04-15 15:43:00 +02:00
Werner Koch
471b06e91b
scd:p15: Fix decrypt followed by sign problem for D-Trust cards.
* scd/iso7816.c (iso7816_select_mf): New.
* scd/app-p15.c (card_product_t): New.
(struct app_local_s): Add field 'card_product'.
(read_ef_tokeninfo): Detect D-Trust card.
(prepare_verify_pin): Switch to D-Trust AID.
(do_decipher): Restore a SE for D-TRust cards.  Change the padding
indicator to 0x81.

* common/percent.c (percent_data_escape): new.  Taken from master.
--

Using what I learned from a USB trace running the Governikus Signer
Software on Windows this fixes the left over problem with the new
D-Trust card support.

Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.  This required to add the percent_data_escape
function we introduced in master on 2018-07-02:

    commit 58baf40af641f8cbf597e508a292e85ae94688f1
    common: New function percent_data_escape.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-15 15:31:56 +02:00
Werner Koch
e730444e7b
scd:p15: Support signing with CardOS 5 cards.
* scd/app-help.c (app_help_get_keygrip_string_pk): Add optional arg
r_pkey and change all callers.
(app_help_get_keygrip_string): Ditto.
* scd/app-p15.c (struct cdf_object_s): Use bit flags
(struct aodf_object_s): Ditto.  Add field 'fid'.
(struct prkdf_object_s): Ditto.  Add fields keygrip, keyalgo, and
keynbits.
(parse_certid): Allow a keygrip instead of a certid aka keyref.
(read_ef_aodf): Store the FID.
(keygripstr_from_prkdf): Rename to ...
(keygrip_from_prkdf): this.  Remove arg r_gripstr and implement cache.
Change callers to directly use the values from the object.  Also store
the algo and length of the key ion the object.
(keyref_from_keyinfo): New. Factored out code.
(do_sign): Support SHA-256 and >2048 bit RSA keys.
common/scd:p15: Support signing with CardOS 5 cards.
* common/util.h (KEYGRIP_LEN): New.
--

This has been tested with a D-Trust card featuring 3072 bit keys.
Note that non-repudiation key for a qualified signature does not yet
work because we do not yet support rsaPSS padding.  Thus a gpgsm
--learn shows a couple of Bad Signature errors for this key.

Signed-off-by: Werner Koch <wk@gnupg.org>

Back ported from master:
- Removed do_with_keygrip
- Added KEYGRIP_LEN
- app_help_get_keygrip_string_pk actually added.
- Move keygrip_from_prkdf in do_sign before the verification.
  It used to work in master only because there it is implictly
  called prior to signing by do_with_keygrip

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-01 16:00:31 +02:00
Werner Koch
1424c12e4c
sm: Consider certificates w/o CRL DP as valid.
* sm/certchain.c (is_cert_still_valid): Shortcut if tehre is no DP.
* common/audit.c (proc_type_verify): Print "n/a" if a cert has no
distribution point.
* sm/gpgsm.h (opt): Add field enable_issuer_based_crl_check.
* sm/gpgsm.c (oEnableIssuerBasedCRLCheck): New.
(opts): Add option --enable-issuer-based-crl-check.
(main): Set option.
--

If the issuer does not provide a DP and the user wants such an issuer,
we expect that a certificate does not need revocation checks.  The new
option --enable-issuer-based-crl-check can be used to revert to the
old behaviour which requires that a suitable LDAP server has been
configured to lookup a CRL by issuer.

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from master)
2020-03-27 21:20:13 +01:00
Werner Koch
b27d30df62
Copyright notice updates et al.
--
2020-03-19 15:48:12 +01:00
Werner Koch
d79ebee64e
gpg: New option --include-key-block.
* common/openpgpdefs.h (SIGSUBPKT_KEY_BLOCK): New.
* g10/gpg.c (oIncludeKeyBlock): New.
(opts): New option --include-key-block.
(main): Implement.
* g10/options.h (opt): New flag include_key_block.
* g10/parse-packet.c (dump_sig_subpkt): Support SIGSUBPKT_KEY_BLOCK.
(parse_one_sig_subpkt): Ditto.
(can_handle_critical): Ditto.
* g10/sign.c (mk_sig_subpkt_key_block): New.
(write_signature_packets): Call it for data signatures.
--

This patch adds support for a to be proposed OpenPGP ferature:

  Introduce the Key Block subpacket to align OpenPGP with CMS.

  This new subpacket may be used similar to the CertificateSet of
  CMS (RFC-5652) and thus allows to start encrypted communication
  after having received a signed message.  In practice a stripped down
  version of the key should be including having only the key material
  and the self-signatures which are really useful and shall be used by
  the recipient to reply encrypted.

  #### Key Block

  (1 octet with value 0, N octets of key data)

  This subpacket MAY be used to convey key data along with a signature
  of class 0x00, 0x01, or 0x02.  It MUST contain the key used to create
  the signature; either as the primary key or as a subkey.  The key
  SHOULD contain a primary or subkey capable of encryption and the
  entire key must be a valid OpenPGP key including at least one User ID
  packet and the corresponding self-signatures.

  Implementations MUST ignore this subpacket if the first octet does not
  have a value of zero or if the key data does not represent a valid
  transferable public key.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:38:09 +01:00
Werner Koch
e952026e19
sm: Remove left over debug output.
--
2020-02-17 11:38:23 +01:00
Werner Koch
38f819bd6d
gpgsm: Fix import of some CR,LF ternminated certificates
* common/ksba-io-support.c (base64_reader_cb): Detect the END tag and
don't just rely on the padding chars.  This could happen only with
CR+LF termnmated PEM files.  Also move the detection into the invalid
character detection branch for a minor parser speedup.
--

GnuPG-bug-id: 4847
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 6248739799fd4a877529089375e2a4103d33e6f4)
2020-02-15 19:21:35 +01:00
Werner Koch
21d9bd8b87
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:37:34 +01:00
Werner Koch
47f514fde6
common: Also protect log_inc_errorcount against counter overflow.
* common/logging.c (log_inc_errorcount): Also protect against
overflow.
(log_error): Call log_inc_errorcount instead of directly bumping the
counter.
--

We already had an overflow checking for log_error but not for the
silent increment function.

This is basically the same fix we have in libgpg-error
(libgpg-error commit d72c1ddfde09ffa69745ec2439c5a16d15e2202f)

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 14:55:53 +01:00
Werner Koch
a265d3997a
gpgconf,w32: Print a warning for a suspicious homedir.
* tools/gpgconf.c (list_dirs): Check whether the homedir has been
taken from the registry.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 7f12fb55f9757cd68147eca8f162c85378538405)
2020-01-17 14:28:13 +01:00
Werner Koch
0353cb0a5e
common: Extend function pubkey_algo_string.
* common/sexputil.c (pubkey_algo_string): Add arg R_ALGOID.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f952226043824cbbeb8517126b5266926121c4e8)

Removed the changes in gpg-card which is not part of 2.2

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-21 10:23:05 +02:00
NIIBE Yutaka
6e6078c8d0 common: Fix line break handling, finding a space.
* common/name-value.c (assert_raw_value): Correctly find a space.

--

Cherry-pick master commit of:
	f588dd8d1766de48c90a5501cf2d537f256d003e

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-08-12 10:46:26 +09:00
Werner Koch
d9b31d3a20
gpg: Allow deletion of subkeys with --delete-[secret-]key.
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--

GnuPG-bug-id: 4457
2019-05-27 11:41:35 +02:00
NIIBE Yutaka
ee766b2b5d common: Fix AWK portability.
* common/Makefile.am: Use pkg_namespace.
* common/mkstrtable.awk: Use pkg_namespace.  Regexp fix.

--

Cherry-picked from master commit:
	b6f0b0efa19e0434024bc16e246032b613fd448a

GnuPG-bug-Bug: 4459
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-04-16 13:27:44 +09:00
NIIBE Yutaka
6e422b5135 common: Fix gnupg_wait_processes.
* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
even if we already see an error.

--

Cherry-picked master commit of:
	eeb3da6eb717ed6a1a1069a7611eb37503e8672d

The value stored by waitpid for exit code is encoded;  It requires
decoded by WEXITSTATUS macro, regardless of an error.

For example, when one of processes is already exited and another is
still running, it resulted wrong value of in r_exitcodes[n].

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-02-19 15:49:55 +09:00
Werner Koch
7922e2dd1c
Release 2.2.13 2019-02-12 16:30:31 +01:00
Werner Koch
d29d73264f
common: Provide function to get public key algo names in our format.
* common/sexputil.c (pubkey_algo_string): New.
--

The new gpg format for public key algorithms is useful at other places
as well.  Thus we make this new function available.  Note that the
code we use in gpg is not based on s-expressions and thus a new
function was required.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 03bf8e967adb2dd13329ba1089deb419d49e55c0)

Not yet used in 2.2 but will likely be needed by future backports.
2019-02-11 10:59:35 +01:00
Werner Koch
ee8d1a9e6c
common: New functions get_option_value and ascii_strupr.
* common/server-help.c (get_option_value): New.
* common/stringhelp.c (ascii_strupr): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e2f18023b3b3b7e55b35218f65e37448d1011172)

This might come handy when we eventually backport other changes.
2019-02-11 10:59:34 +01:00
Werner Koch
b78f293cf0
common: Provide some convenient OpenPGP related constants.
* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
(OPENPGP_MAX_NSKEY): New.
(OPENPGP_MAX_NSIG): New.
(OPENPGP_MAX_NENC): New.
* g10/packet.h: Define PUBKEY_MAX using the new consts.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
2019-01-29 20:18:52 +01:00
Werner Koch
dddbb26155
common: New helper functions for OpenPGP curve OIDs.
* common/openpgp-oid.c (openpgp_oidbuf_to_str): Factor most code out
to ...
(openpgp_oidbuf_to_str): new.
(openpgp_oidbuf_is_ed25519): New.
(openpgp_oidbuf_is_cv25519): New.
--

At some places it is more convenient (and faster) to directly work on
buffers and avoid the way via opaque MPIs.  These 3 new functions
allow for that.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 4a1558d0c7190cf13d35385e47291a7aa121be3e)
2019-01-29 20:17:29 +01:00
Jussi Kivilinna
ebd434a45e
common/iobuf: fix memory wiping in iobuf_copy
* common/iobuf.c (iobuf_copy): Wipe used area of buffer instead of
first sizeof(char*) bytes.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit 654e353d9b20f10fa275e7ae10cc50480654f079)
2018-12-05 08:25:48 +01:00
Jussi Kivilinna
21fdef6963
common: Use platform memory zeroing function for wipememory
* common/mischelp.h (wipememory): Replace macro with function
prototype.
(wipememory2): Remove.
* common/mischelp.c (wipememory): New.
* configure.ac (AC_CHECK_FUNCS): Check for 'explicit_bzero' and
remove duplicated checks.
--

In new wipememory function, memory is cleared through platform
provided secure memory zeroing function, SecureZeroMemory
or explicit_bzero.

If none of these is available, memset is called through
volatile function pointer to so that compiler won't optimize
away the call.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
(cherry picked from commit 2a650772b4e1c78a4fd20bc88433930e5551fe9c)
2018-12-05 08:23:57 +01:00
Werner Koch
e53253485c
agent: Fix possible uninitalized use of CTX in simple_pwquery.
* common/simple-pwquery.c (agent_open): Clear CTX even on early error.
--

GnuPG-bug-id: 4223
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit bafcf7095159493a656382997f8b0d0bb11a20e8)
2018-10-24 20:30:17 +02:00
NIIBE Yutaka
8f844ae1cd common: Fix gnupg_reopen_std.
* common/sysutils.c (gnupg_reopen_std): Use fcntl instead of fstat.

--

Cherry-pick from master commit of:
	50b02dba2060a8969da47b18d9c0ecdccbd30db4

When gpg was invoked by a Perl web application on FreeBSD, fstat in
gnupg_reopen_std failed with EBADF.  Using fcntl, which is considered
lighter than fstat, it works fine.  Since uur purpose is to check if
file descriptor is valid or not, lighter operation is better.

Reported-by: Marcin Gryszkalis <mg@fork.pl>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-02 14:31:56 +09:00
NIIBE Yutaka
0383e7fed7 common: Use iobuf_get_noeof to avoid undefined behaviors.
* common/iobuf.c (block_filter): Use iobuf_get_noeof.

--

Cherry-pick from master commit of:
	f80346f42df4bdc7d0a9741c3922129aceae4f81

When singed integer has negative value, left shift computation is
undefined in C.

GnuPG-bug-id: 4093
Reported-by: Philippe Antoine
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-10 13:59:14 +09:00
NIIBE Yutaka
f0fdee2e24 Fix use of strncpy, which is actually good to use memcpy.
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.

--

Cherry-pick of master commit of:
	625ced6e672daa892d334323cce6b3d42a6f929f

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-06 11:46:20 +09:00
Werner Koch
38eb7c360b
assuan: Fix exponential decay for first second.
* common/asshelp.c (wait_for_sock): Round SECSLEFT.
* dirmngr/dirmngr.c (main): Take care of --debug-wait also in dameon
mode.
* common/sysutils.c (gnupg_usleep) [HAVE_NANOSLEEP]: Fix nanosleep use.
--

Without the rounding we saw in verbose mose

 [...]to come up ... (5s)
 [...]to come up ... (4s)

immediately without the expected one second delay.  Waiting for the
next seconds did not work if nanosleep was used due to improper passed
parameters in gnupg_usleep.

Adding --debug-wait for dirmngr in daemon mode is required to test
this change.

GnuPG-bug-id: 3490
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0cfdd3b57d592fb6baa7dafe8fde124e8a6c7798)
Fixes-commit: 1189df2cd7d4b6896ba22aa204c159ff2a425ead
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28 16:47:38 +02:00
Daniel Kahn Gillmor
1189df2cd7
assuan: Use exponential decay for first 1s of spinlock.
* common/asshelp.c (wait_for_sock): instead of checking the socket
every second, we check 10 times in the first second (with exponential
decay).
--

This cuts the wall clock time for the standard test suite roughly by
half.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 149041b0b917f4298239fe18b5ebd5ead71584a6)
2018-08-28 16:41:47 +02:00
Daniel Kahn Gillmor
a22a55b994
assuan: Reorganize waiting for socket.
* common/asshelp.c (wait_for_sock): New function, collecting
codepaths from...
(start_new_gpg_agent) here and...
(start_new_dirmngr) here.
--

This has no functional change, but makes it easier to make this
function more efficient.

GnuPG-bug-id: 3490
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
(cherry picked from commit 0471ff9d3bf8d6b9a359f3c426d70d0935066907)
2018-08-28 16:41:35 +02:00
Werner Koch
4f59187a17
common: New function to validate domain names.
* common/mbox-util.c (is_valid_domain_name): New.
* common/t-mbox-util.c (run_dns_test): New test.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit ddee9f9409fb5a089883eab0fadef7b9b7e61e72)
2018-07-29 18:39:32 +02:00
Werner Koch
f7f3043653
gpg: Fix "Too many open files" when using --multifile.
* common/miscellaneous.c (is_file_compressed): Don't cache the file.
--

This seems to be a pretty old bug.  The fix is easy and also reveals
that -z0 can be used as a workaround.

GnuPG-bug-id: 3951
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-02 19:03:07 +02:00
Andre Heinecke
3bd793256e
common,w32: Hide spawned processes by default
* common/exechelp-w32.c (gnupg_spawn_process): Use SW_HIDE
instead of SW_MINIMIZE.

--
Spawning minimized shows icons in the task bar so users
see that background processes are started, which is unusual.

I'm pretty sure that the intention of the code was to hide
the window if not in spawn debug mode. This is also what
GPGME does.

This fixes dirmngr_ldap process windows and other
spurious reports about e.g. a gpgv console window from
loadswdb.

GnuPG-Bug-Id: T3937
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-05-02 14:07:39 +02:00
Werner Koch
6da7aa1e7c
gpg,w32: Fix empty homedir when only a drive letter is used.
* common/homedir.c (copy_dir_with_fixup): New.
(default_homedir): Use here.
(gnupg_set_homedir): And here .
--

This actually fixes a couple of cases for Windows.  Both --home-dir
and GNUPGHOME.  The interpretation of "c:" -> "c:/" might not be the
correct one but because we need an absolute dir anyway it is the less
surprising one.  Note that this does not include a full syntax check
and fixup and thus it is very well possible that the result is not an
absolute directory.

GnuPG-bug-id: 3720
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 14:44:21 +02:00
Werner Koch
05c55ee260
agent: New OPTION pretend-request-origin
* common/shareddefs.h (request_origin_t): New.
* common/agent-opt.c (parse_request_origin): New.
(str_request_origin): New.
* agent/command.c (option_handler): Implement new option.
--

This allows to pretend that a request originated from the extra or
browser socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 08:37:14 +01:00
Werner Koch
9581a65ccc
Release 2.2.5
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-22 15:32:36 +01:00
Werner Koch
f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
Werner Koch
f3ba66781a
kbx: Simplify by removing custom memory functions.
* kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
(_keybox_malloc, _keybox_calloc, keybox_realloc)
(_keybox_free): Remove.
(keybox_file_rename): Remove.  Was not used.
* sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
* kbx/kbxutil.c (main): Ditto.
* kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
remove convenience macros.
* common/logging.h (return_if_fail): New.  Originally from
keybox-defs.h but now using log_debug.
(return_null_if_fail): Ditto.
(return_val_if_fail): Ditto.
(never_reached): Ditto.
--

Originally the KBX code was written to allow standalone use.  However
this required lot of ugliness like separate memory allocators and
such.  It also precludes the use of some standard functions from
common due to their use of the common gnupg malloc functions.
Dropping all that makes things easier.  Minor disadvantages: the kbx
call done for gpg will now use gcry malloc fucntions and not the
standard malloc functions.  This might be a bit slower but removing
them even fixes a possible bug in keybox_tmp_names which is used in
gpg and uses gpg's xfree which is actually gcry_free.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-22 12:55:46 +01:00
Werner Koch
290348e349
common: Use larger buffer for homedir in case of 64 bit UIDs.
* common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
bytes for "/gnupg".
--

The temporary buffer was to short for the extra "/gnupg".  However the
20 bytes for the UID is large enough for all 32 bit UIDs and would
only fail (detected) if  a 64 bit UID is used.

Fixes-commit: 17efcd2a2acdc3b7f00711272aa51e5be2476921
Reported-by: Rainer Perske.
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-20 15:37:29 +01:00
Werner Koch
17efcd2a2a
build: New configure option --enable-run-gnupg-user-socket.
* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
--

This allows to build GnuPG with an extra socketdir below /run.  See
https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033250.html
for a longer explanation why this is sometimes useful.

Suggested-by: Rainer Perske
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 09:42:43 +01:00
Werner Koch
ddd54d8210
Revert: build: Do not define logging.h constants for ...
---

This reverts commit 2fedf8583bcc493f587c90bc9632d25dfd10bd10.

We better solve this on the libgpg-error side.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-08 13:27:36 +01:00
Werner Koch
2fedf8583b
build: Do not define logging.h constants for libgpg-error dev versions.
* common/logging.h [GPGRT_LOG_WITH_PREFIX]: Do not define the log
constants.
--

logging.h uses constants we plan to use for future versions of
libgpg-error.  My dev version already has the logging functions and
thus I run into a conflict.  This patch protects against this and make
the GnuPG work with later libgpg-error versions.

It was not the best idea to use constants from a planned libgpg-error
in the first place.  The actual problem are the enums, the macros
won't harm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-07 14:53:49 +01:00
NIIBE Yutaka
0e5bd473a0
common: Accept the Z-suffix for yymmddThhmmssZ format.
* common/gettime.c (isotime_p): Accept the Z suffix.

--

The intention is use for human interface.

GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit ba8afc4966cca1f6aaf9b2a9bfc3220782306c2b)
2017-11-01 18:35:29 +01:00
Werner Koch
a21ca77988
indent: Wrap overlong lines in argparse.c
--
2017-08-01 08:28:01 +02:00
Werner Koch
6502bb0d2a
gpg: Tweak compliance checking for verification
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--

We should be able to verify all signatures.  So we only print a
warning.  That is the same beheavour as for untrusted keys etc.

GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-27 16:22:36 +02:00
Werner Koch
a0d0cbee76
gpg,sm: Fix compliance checking for decryption.
* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check.  We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto.  Use the same string as in gpg
so that we have only one translation.
--

We always allow decryption and print only a note if the key was not
complaint at the encryption site.

GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-27 13:56:38 +02:00
Werner Koch
24c7aa0d58
common: Strip trailing slashes from the homedir.
* common/homedir.c (default_homedir): Strip trailing slashes.
(gnupg_set_homedir): Ditto.

--

is_gnupg_default_homedir() does not ignore trailing slashes when
comparing directory names.  This can lead to multiple agents started
on the same directory if the homedir was specified with --homedir or
GNUPGHOME without or with a number of slashes.

We now make sure that the home directory name never ends in a
slash (except for the roo of course).

GnuPG-bug-id: 3295
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 15:22:48 +02:00
Werner Koch
226f143ca0
common: New functions gnupg_daemon_rootdir and gnupg_chdir.
* common/sysutils.c (gnupg_chdir): New.
* common/homedir.c (gnupg_daemon_rootdir): New.
* agent/gpg-agent.c (main): Use these functions instead chdir("/").
* dirmngr/dirmngr.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-25 12:43:37 +02:00
Werner Koch
bddc2e04f1
common: New function print_utf9_string.
* common/miscellaneous.c (print_utf8_string): New.
--

This is a simple convenience function.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-20 18:13:40 +02:00
NIIBE Yutaka
84146b3ec4 common: logstream fix.
* common/logging.c (set_file_fd): Don't close es_stderr.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-07-20 16:37:56 +09:00
Marcus Brinkmann
f17862d47d common: Allow abbreviations of standard options.
* argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
macros.
(ARGPARSE_end): Add some placeholders for standard options.
* argparse.c (arg_parse): Fill in missing standard options so
default machinery works.  Check for standard options in new way.
Do not write out standard options for --dump-options.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 1747
2017-07-18 18:08:25 +02:00
Werner Koch
a149afe338
gpg,sm: Check compliance of the RNG.
* common/compliance.c (gnupg_rng_is_compliant): New.
* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
* sm/call-agent.c (start_agent) [W32]: Ditto.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* g10/sign.c (do_sign): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
--

Under Windows we need to check that the Jitter RNG is active in de-vs
mode.  Under Linux this is not necessary because /dev/random can be
scrutinized and is believed to provide enough entropy.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17 15:53:16 +02:00
Werner Koch
849467870e
common: New function split_fields_colon.
* common/stringhelp.c (split_fields_colon): New.
* common/t-stringhelp.c (test_split_fields_colon): New test.
(main): Call that test.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-17 15:53:16 +02:00
Werner Koch
1ead1ca818
agent: Shutdown on removal of the home directory.
* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--

GnuPG-bug-id: 3218

Note that we should add this also to dirmngr.  And for non-Linux
systems a stat in ticker should be implemented.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 13:20:42 +02:00
Werner Koch
f31dc2540a
gpg,gpgsm: Emit status code ENCRYPTION_COMPLIANCE_MODE.
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--

This status code allows to report whether an encryption operation was
compliant to de-vs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-23 12:01:20 +02:00
Werner Koch
3621dbe525
gpg,gpgsm: Fix compliance check for DSA and avoid an assert.
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check.  Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check.  Replace
assert by debug message.

--

Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative.  Better use a boolean test.

The assert could have lead to a regression for no good reason.  Not
being compliant is better than breaking existing users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 19:57:11 +02:00
Werner Koch
6cc4702767
indent: Always use "_(" and not "_ (" to mark translatable strings.
--

This makes greping much easier and we have done that since ever.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 19:57:11 +02:00
Werner Koch
3419a339d9
Change license of some files to LGPLv2.1.
* COPYING.LIB: Rename to COPYING.LGPL3.
* COPYING.LGPL21: New.
* COPYING.GPL2: New.
* Makefile.am: Distribute them.
* AUTHORS: Update license pointers.  Add BSI as copyright holder.
* common/compliance.c, common/compliance.h: Add BSI copyright notice.
Break overlong lines.
* dirmngr/loadswdb.c: Add BSI copyright notices.
* dirmngr/server.c: Ditto.
* tools/call-dirmngr.c: Change license to LGPLv2.1.  Add BSI
copyright notice.
* tools/call-dirmngr.h: Ditto.
* tools/gpg-wks-client.c: Ditto.
* tools/gpg-wks-server.c: Ditto.
* tools/gpg-wks.h: Ditto.
* tools/mime-maker.c: Ditto.
* tools/mime-maker.h: Ditto.
* tools/mime-parser.c: Ditto.
* tools/mime-parser.h: Ditto.
* tools/send-mail.c: Ditto.
* tools/send-mail.h: Ditto.
* tools/wks-receive.c: Ditto.
* tools/wks-util.c: Ditto.
* tools/rfc822parse.c, tools/rfc822parse.h: Change license to LGPLv2.1.
--

For better deployment it seems to be better to make the Web Key
Directory code more easily available.

Some code was been developed under contract of the BSI.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-19 12:42:13 +02:00
Justus Winter
6e23416fe6
gpg: Disable compliance module for other GnuPG components.
* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
false if the module is not initialized.
(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
not initialized.
(gnupg_status_compliance_flag): Do not assert that the module is
initialized.
(gnupg_parse_compliance_option): Likewise.
(gnupg_compliance_option_string): Likewise.
--

This implements a default policy for modules not explicitly using the
compliance module.  The default policy is to allow all algorithms, but
mark none of them as compliant.

Fixes gpgv.

GnuPG-bug-id: 3210
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-19 11:00:04 +02:00
Werner Koch
7c91b48f0e
common: Fix -Wswitch warning.
* common/compliance.c (gnupg_digest_is_allowed): Don't include
GCRY_MD_WHIRLPOOL because it is not a digest_algo_t.
--

Note that Whirlpool is not used anywhere in gpg or gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-06-13 09:01:24 +02:00
Justus Winter
a64a55e104
common,gpg,sm: Restrict the use of algorithms according to CO_DE_VS.
* common/compliance.c (gnupg_pk_is_allowed): New function.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* common/compliance.h (enum pk_use_case): New definition.
(gnupg_pk_is_allowed): New prototype.
(gnupg_cipher_is_allowed): Likewise.
(gnupg_digest_is_allowed): Likewise.
* g10/decrypt-data.c (decrypt_data): Restrict use of algorithms using
the new predicates.
* g10/encrypt.c (encrypt_crypt): Likewise.
* g10/gpg.c (main): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sig-check.c (check_signature2): Likewise.
* g10/sign.c (do_sign): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/encrypt.c (gpgsm_encrypt): Likewise.
* sm/gpgsm.c (main): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

With this change, policies can effectively restrict what algorithms
are used for different purposes.  The algorithm policy for CO_DE_VS is
implemented.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-08 14:22:54 +02:00
Justus Winter
e051e39615
common: Add cipher mode to compliance predicate.
* common/compliance.c (gnupg_cipher_is_compliant): Add mode parameter.
* common/compliance.h (gnupg_cipher_is_compliant): Likewise.
* g10/mainproc.c (proc_encrypted): Adapt callsite.
* sm/decrypt.c (gpgsm_decrypt): Likewise.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:44 +02:00
Justus Winter
21fc2508c9
common,gpg,sm: Initialize compliance module.
* common/compliance.c (gnupg_initialize_compliance): New function.
* common/compliance.h (gnupg_initialize_compliance): New prototype.
* g10/gpg.c (main): Use the new function.
* sm/gpgsm.c (main): Likewise.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:54:42 +02:00
Justus Winter
f440cf73ea
common,gpg: Move the compliance option printer.
* common/compliance.c (gnupg_compliance_option_string): New function.
* common/compliance.h (gnupg_compliance_option_string): New prototype.
* g10/encrypt.c (write_pubkey_enc_from_list): Update callsite.
* g10/gpg.c (main): Likewise.
* g10/keyedit.c (keyedit_menu): Likewise.
* g10/pkclist.c (build_pk_list): Likewise.
* g10/main.h (compliance_option_string): Remove prototype.
* g10/misc.c (compliance_option_string): Remove function.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:32 +02:00
Justus Winter
842d233d40
common,gpg,sm: Move the compliance option parser.
* common/compliance.c (gnupg_parse_compliance_option): New function.
* common/compliance.h (struct gnupg_compliance_option): New type.
(gnupg_parse_compliance_option): New prototype.
* g10/gpg.c (parse_compliance_option): Remove function.
(compliance_options): New variable.
(main): Adapt callsite.
* sm/gpgsm.c (main): Use the new common function.
* sm/gpgsm.h (opt): New field 'compliance'.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:31 +02:00
Justus Winter
216f0804c1
common,g10: Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-06 16:08:45 +02:00
Justus Winter
be8ca88526
gpg: Report compliance with CO_DE_VS.
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--

When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD.  This information will be picked up by the frontend and
presented to the user.

GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 13:16:18 +02:00
Justus Winter
3b70f62423
common: Improve checking for compliance with CO_DE_VS.
* common/compliance.c (gnupg_pk_is_compliant): Only certain RSA key
sizes are compliant.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 12:26:17 +02:00
Justus Winter
8a012280e0
gpg,common: Move the compliance framework.
* common/Makefile.am (common_sources): Add new files.
* common/compliance.c: New file.  Move 'gnupg_pk_is_compliant' here,
and tweak it to not rely on types private to gpg.
* common/compliance.h: New file.  Move the compliance enum here.
* g10/keylist.c (print_compliance_flags): Adapt callsite.
* g10/main.h (gnupg_pk_is_compliant): Remove prototype.
* g10/misc.c (gnupg_pk_is_compliant): Remove function.
* g10/options.h (opt): Use the new compliance enum.
* sm/keylist.c (print_compliance_flags): Use the common functions.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-01 12:09:43 +02:00
Justus Winter
3a07a69dfc
common: Correctly render SHA256-based ssh fingerprints.
* common/ssh-utils.c (dummy_realloc): New function.
(dummy_free): Likewise.
(get_fingerprint): Prepend the fingerprint with the name of the digest
algorithm.  Correctly render SHA256-based ssh fingerprints.
* common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
(main): Add an option to dump the keys to gather fingerprints, also
print the SHA256 fingerprint for keys given as arguments, and check
the SHA256 fingerprints of the test keys.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-24 17:07:13 +02:00
Justus Winter
3ac1a9d3a0
common: Support different digest algorithms for ssh fingerprints.
* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
(ssh_get_fingerprint{,_string}): Likewise.
* common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
* common/t-ssh-utils.c (main): Adapt accordingly.
* agent/command-ssh.c (agent_raw_key_from_file): Likewise.
(ssh_identity_register): Likewise.
* agent/command.c (do_one_keyinfo): Likewise.
* agent/findkey.c (modify_description): Likewise.
--
This lays the foundation to support other algorithms.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-24 17:01:48 +02:00
Werner Koch
00b7767bc6
common: Let format_text return an error.
* common/stringhelp.c (format_text): Return NULL on error.
* common/t-stringhelp.c (test_format_text): Adjust for change.
* g10/gpgcompose.c (show_help): Abort on out of core.
* g10/tofu.c (ask_about_binding): Abort on format_text error.
(show_statistics): Ditto.
(show_warning): Ditto.
--

For better re-usability function in common/ shot  better not use
xmalloc functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-05-15 09:58:27 +02:00
Justus Winter
f4365790da
tests: Make it possible to run all tests using our infrastructure.
* Makefile.am (TESTS_ENVIRONMENT): New variable.
(check-all): New phony target to run all tests.
* tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
whether the GPGME test suite is available instead of exiting the
process.
* tests/gpgscm/init.scm (export): New macro.
* tests/gpgscm/tests.scm (run-tests): New function.
(load-tests): Likewise.
* tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
of tests to 'all-tests.scm'.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.
* tests/gpgme/Makefile.am: To select the tests to run, use the
variable 'TESTS'.  This harmonizes the interface with the automake
test suite.
* tests/gpgsm/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.
* tests/openpgp/README: Likewise.
* agent/all-tests.scm: New file.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
* tests/gpgme/all-tests.scm: Likewise.
* tests/gpgsm/all-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/run-tests.scm: Likewise.
--

This change allows us to run all tests in parallel and write one XML
report capturing the results of every test.  It also lays the
foundation to parametrize test suites.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-11 18:12:37 +02:00
NIIBE Yutaka
0ce94a9698 g10, sm, dirmngr, common: Add comment for fall through.
* common/b64dec.c (b64dec_proc): Comment to clarify.
* dirmngr/cdblib.c (cdb_make_put): Use same pattern to clarify.
* dirmngr/dirmngr-client.c (read_pem_certificate): Likewise.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Likewise.
* g10/armor.c (unarmor_pump): Likewise.
* g10/gpg.c (main): Likewise.
* g10/import.c (read_block): Likewise.
* g10/keygen.c (make_backsig): Likewise.
* g10/pkclist.c (check_signatures_trust):  Likewise.
* sm/gpgsm.c (main): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-10 11:13:12 +09:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
NIIBE Yutaka
74258278ef common, g10: Fix enumeration types.
* common/openpgpdefs.h (CIPHER_ALGO_PRIVATE10, PUBKEY_ALGO_PRIVATE10)
(DIGEST_ALGO_PRIVATE10, COMPRESS_ALGO_PRIVATE10): New.
* g10/misc.c (map_pk_gcry_to_openpgp): Add type conversion.
(map_cipher_openpgp_to_gcry, openpgp_cipher_algo_name)
(openpgp_pk_test_algo2, map_md_openpgp_to_gcry)
(pubkey_get_npkey): Add default handling.

--

Compilers may emit code assuming the maximum value of enum type.
According to OpenPGP specification, there are cases for private uses.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-13 12:54:52 +09:00
NIIBE Yutaka
7b4edf14bb common: Simplify format_text.
* common/stringhelp.c (format_text): Don't allow IN_PLACE formatting.
* common/stringhelp.h: Change the API with no IN_PLACE.
* common/t-stringhelp.c (test_format_text): Follow the change.
* g10/gpgcompose.c (show_help): Likewise.
* g10/tofu.c (format_conflict_msg_part1, ask_about_binding)
(show_statistics, show_warning): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-12 14:47:30 +09:00
NIIBE Yutaka
456c5cdb2d common: Portability fix for logging.c.
* common/logging.c (S_IRGRP, S_IWGRP, S_IROTH, S_IWOTH): Avoid
duplicated definition.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-11 11:53:52 +09:00
Justus Winter
214fa90122
common: Avoid undefined behavior.
* common/iobuf.c (iobuf_read_line): Do not consider 'length' if
'buffer' is NULL.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-30 16:13:43 +02:00
Justus Winter
caf0091553
common: Fix connecting to the agent.
* common/homedir.c (_gnupg_socketdir_internal): Fix error handling.
--

Prior to 26086b36 the non-existance of the socket directory was
considered an error if a non-default home directory is used.  Since
26086b36 we now create the directory on demand, but the function still
returned the fallback path.  This made the agent bind the socket in
the socket directory, and the client trying to connect to the socket
in the home directory.

Fixes-commit: 26086b362ff47d21b1abefaf674a6464bf0a8921
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-27 16:21:02 +02:00
Werner Koch
0b3770c421
gpg: Improve check for already compressed packets.
* common/miscellaneous.c (is_openpgp_compressed_packet): New.
(is_file_compressed): Rerad 2 more bytes and call new function.

--

Note that this does not yet allow to detect compressed data piped to
gpg.  This requires a proper read-ahead in iobuf.c which is
complicated due to the auto-removal of filter functions.  Thus such an
read-ahead needs to be done in the I/O backend of iobuf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-24 11:51:44 +01:00
Werner Koch
26086b362f
common: Implicitly do a gpgconf --create-socketdir.
* common/homedir.c (_gnupg_socketdir_internal): Create the
sub-directory.
--

Although there is no auto cleanup (yet) this should be helpful.  Let's
see whether possibly leaving stale directories around is better than
running into trouble when --create-socketdir was not used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-23 17:57:31 +01:00
NIIBE Yutaka
b9ab733fc0 common: Fix warning for portability.
* common/localename.c (do_nl_locale_name): We don't use CATEGORY.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 10:42:46 +09:00
Justus Winter
e064c75b08
common,tools: Always escape newlines when escaping data.
* common/stringhelp.c (do_percent_escape): Always escape newlines.
* tools/gpgconf-comp.c (gc_percent_escape): Likewise.
--
Newlines always pose a problem for a line-based communication format.

GnuPG-bug-id: 2387
Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-02 09:31:11 +01:00
Werner Koch
246b27921b
build: Add kludge for "make distcheck" in a release build.
* configure.ac: New option --enable-gnupg-builddir-envvar.
(ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define.
* common/homedir.c (gnupg_set_builddir_from_env): Consider
ENABLE_GNUPG_BUILDDIR_ENVVAR.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ...
(AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof.  Add option
--enable-gnupg-builddir-envvar.

--

Our regression test suite makes use of the envvar GNUPG_BUILDDIR.  Now
the code in gnupg for evaluating this envvar is only included in a
development version (that is one with a "-betaNNN" suffix).  For a
real release the envvar is not considered.  However during a "make
distcheck" a "make check" is done for the build directory.  Without
defining that envar we would try to run binaries in the install
directory ("_inst" sub-directory) which are not yet installed at that
time.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-01 18:40:05 +01:00
Werner Koch
2bbdeb8ee8
gpg: Allow creating keys using an existing ECC key.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Remove arg R_ALGO.
Change to return the algo id.  Reimplement using get_pk_algo_from_key.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Ditto.
--

GnuPG-bug-id: 2976
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-01 13:36:01 +01:00
Werner Koch
1192449207
w32: Make pipes really pollable.
* common/exectool.c (gnupg_exec_tool_stream) [W32]: Use _get_osfhandle
to print the fd for the command line.
* common/exechelp-w32.c (create_pipe_and_estream): Use es_sysopen so
that the streams are actually pollable.
--

This addresses two bugs:

 - Using the "-&@INEXTRA@" kludges requires that we pass the value of
   the handle on the command line and not the libc fd.

 - gpgrt_poll requires the use of the ReadFile/WriteFile backend which
   is currently only used when the stream has been created with
   gpgrt_sysopen.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-28 09:39:10 +01:00
Werner Koch
55b6c2595a
Clarify text of LGPLv2+/GPLv2+ licensed files.
--
2017-02-24 13:48:28 +01:00
Werner Koch
effa80e0b5
gpg: Emit new status DECRYPTION_KEY
* common/status.h (STATUS_DECRYPTION_KEY): New.
* g10/pubkey-enc.c (get_it): Emit that status.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-23 19:59:21 +01:00
Yuri Chornoivan
24cf0606b4 Clean up word replication.
--

This fixes extra word repetitions (like "the the" or "is is") in the
code and docs.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-21 13:11:46 -05:00
Werner Koch
3e9512e557
common: New function log_logv_with_prefix.
* common/logging.c (do_logv): Add arg 'prefmt' and print it.  Chnage
call callers to pass NULL.
(log_logv_with_prefix): New.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-20 17:22:59 +01:00
Werner Koch
e1dfd86236
common: Rename remaining symbols in ksba-io-support.
* common/ksba-io-support.c (gpgsm_reader_eof_seen): Rename to ...
(gnupg_ksba_reader_eof_seen): this.  Change all callers.
(gpgsm_destroy_reader): Rename to ...
(gnupg_ksba_destroy_reader): this.  Change all callers.
(gpgsm_finish_writer): Rename to ...
(gnupg_ksba_finish_writer): this.  Change all callers.
(gpgsm_destroy_writer): Rename to ...
(gnupg_ksba_destroy_writer): this.  Change all callers.
* common/ksba-io-support.c (struct base64_context_s): Rename to ...
(gnupg_ksba_io_s): this.
* common/ksba-io-support.h (base64_context_s): Ditto.
(Base64Context): Rename this typedef to ...
(gnupg_ksba_io_t): this.  Change all users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 17:21:05 +01:00
Werner Koch
28c31524be
common: Remove gpgsm dependencies from ksba-io-support.
* common/ksba-io-support.c: Include ksba-io-support.h instead of
../sm/gpgsm.h.  Include util.h.
(writer_cb_parm_s): Remove const from 'pem_name'.
(gpgsm_destroy_writer): Free 'pem_name'.
(gpgsm_create_reader): Rename to ...
(gnupg_ksba_create_reader): this.  Replace args CTRL and
ALLOW_MULTI_PEM by a new arg FLAGS.  Change the code to evaluate
FLAGS.  Change all callers to pass the FLAGS.
(gpgsm_create_writer): Rename to ...
(gnupg_ksba_create_writer): this.  Replace arg CTRL by new arg FLAGS.
Add arg PEM_NAME.  Evaluate FLAGS.  Store a copy of PEM_NAME.  Change
all callers to pass the FLAGS and PEM_NAME.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 16:22:07 +01:00
Werner Koch
919e76b407
common: Change license of ksba-io-support.c
* common/ksba-io-support.c: Change from GPLv3+ to LGPLv3+/GPLv2+.
--

According to the sm/ChangeLog-2011 and the git log all code has been
written by me or g10 Code employees.  Also changed the copyright
notices so that the file can be sued separately.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 14:18:03 +01:00
Werner Koch
04bfa6fe65
sm,common: Move ksba reader and writer support to common/.
* sm/base64.c: Rename to ...
* common/ksba-io-support.c: this.
* common/ksba-io-support.h: New.
* common/Makefile.am (common_sources): Add new files.
* sm/Makefile.am (gpgsm_SOURCES): Remove base64.c

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 14:07:27 +01:00
Daniel Kahn Gillmor
8810314e37 common: Avoid warning about implicit declaration of gnupg_fd_valid.
* common/logging.c: Add #include "sysutils.h".

--

Without this, we see:

logging.c:573:9: warning: implicit declaration of function \
  ‘gnupg_fd_valid’ [-Wimplicit-function-declaration]
   if (! gnupg_fd_valid (fd))
         ^~~~~~~~~~~~~~

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-02-08 12:05:08 -05:00
Justus Winter
6823ed4658
gpg,common: Make sure that all fd given are valid.
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--

Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.

During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.

In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).

This is a potential data destruction issue for all writable file
descriptor options:

   --status-fd
   --attribute-fd
   --logger-fd

It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:

   --override-session-key-fd
   --passphrase-fd
   --command-fd

Fixes this by checking whether the fd is valid early on before using
it.

GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <justus@g10code.com>
2017-02-08 14:28:49 +01:00
Werner Koch
707c47f559
Update copyright notices for 2017.
--

Also some http:// -> https:// fixes.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 19:16:55 +01:00
Werner Koch
af5979a42b
Fix format string errors and some missing error case initialization.
* common/logging.c (do_logv): Remove extra parentheses in comparison.

* dirmngr/dns-stuff.c (resolve_addr_libdns): Init RES so that
dns_res_close is given a defined value in the error case.

* dirmngr/http.c (cookie_read, cookie_write) [HTTP_USE_NTBTLS]: Fix
format string char.

* dirmngr/ks-engine-hkp.c (ks_hkp_help): Remove duplicate "const".
* dirmngr/ks-engine-http.c (ks_http_help): Ditto.
* dirmngr/ks-engine-kdns.c (ks_kdns_help): Ditto.
* dirmngr/ks-engine-ldap.c (ks_ldap_help): Ditto.

* scd/app-p15.c (send_keypairinfo, do_getattr): Fix format string
char.
* tools/gpgconf-comp.c (gpg_agent_runtime_change): Init PID for the
error case.
(scdaemon_runtime_change): Ditto.
(dirmngr_runtime_change): Ditto.

* tools/gpgconf.c (query_swdb): Init VALUE_SIZE_UL.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-23 16:33:01 +01:00
Werner Koch
e031b3c16c
common: Fix buffer copy code again.
* common/exectool.c (my_error_from_errno): Remove.
(copy_buffer_do_copy): Do without var RC.
(copy_buffer_flush): Ditto.  Use ERRNO instead of es_write return
code.
(gnupg_exec_tool): Correctly return errors from es_read.
--

Fixes-commit: 55c9212a2338bf0b07c8cf3a69bcedaa28d48d43
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-19 14:58:23 +01:00
Damien Goutte-Gattat
3daeef702b gpg: Allow to freeze faked system time.
* g10/gpg.c (main): If the parameter for --faked-system-time
ends with a '!', freeze time at the specified point.
* common/gettime.c (gnupg_set_time): Allow to freeze the time
at an arbitrary time instead of only the current time.
* doc/gpg.texi: Update documentation for --faked-system-time.
--

This patch allows the user to modify the behavior of the
--faked-system-time option: by appending a '!' to the parameter,
time in GnuPG will be frozen at the specified time, instead of
advancing normally from that time onward.

Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
2017-01-19 10:39:06 +01:00
Werner Koch
55c9212a23
common: Clarify use of vars in buffer copy code.
* common/exectool.c (my_error_from_errno): New.
(copy_buffer_do_copy): Use separate vars for errno values and
gpg-error values for clarity.  s/assert/log_assert/.
(copy_buffer_flush): Ditto.
(gnupg_exec_tool_stream): Use gpg_err_code when testing.
--

NB: It is surprising that es_write seems not to set ERRNO but only
returns the ERRNO value.  Need to check whether this is really the
case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-19 09:59:08 +01:00
Justus Winter
34fa2d79a0 common: Fix flushing copy buffers.
* common/exectool.c (copy_buffer_flush): Write and flush the data, but
do not hide EAGAIN from the caller.
(gnupg_exec_tool_stream): Retry on EAGAIN.

GnuPG-bug-id: 2425
Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-18 18:24:51 +01:00
Werner Koch
bae42e5437
common: Remove unused function tty_print_string.
* common/ttyio.c (tty_print_string): Rename to ...
(do_print_string): this.  Make local.  Simplify FP case by using
print_utf8_buffer.  Change caller.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-17 10:19:06 +01:00
Werner Koch
5c0777e1ca
tests: Fix t-gettime for a time_t of 64 and a long of 32 bit.
* configure.ac (AC_CHECK_HEADERS): Add stdint.h.
* common/t-gettime.c: Include stdint.h.
(UINTMAX_C): Define replacement.
(test_isotime2epoch): Use UINTMAX_C for the >32 bit constants.
--

This is for example the case on 32 bit OpenBSD.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-12 10:39:19 +01:00
Werner Koch
088d71d367
common: New function log_debug_with_string.
* common/logging.c (do_logv): Factor some code out to ...
(print_prefix): new.
(log_logv): Add arg EXTRASTRING and print it.  Change all callers to
pass NULL for it.
(log_debug_with_string): New.  Uses EXTRASTRING.
--

This function can be used to print a human readable buffer in addition
to a log message to the log stream.  This function will keep all lines
together and prefix them with ">> ".

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-11 10:42:44 +01:00
Daniel Kahn Gillmor
7249ab0f95 common: Avoid unnecessary ambiguity in argparse.
* common/argparse.c (find_long_option): Avoid unnecessary ambiguity.
--

If two struct ARGPARSE_OPTS share a prefix in their long_opt name, but
have the exact same short_opt and flags, they are aliases and not
distinct options.  Avoid reporting this as an ambiguity, so that (for
example) both --clearsign and --clear-sign can be invoked as --clear.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Debian-Bug-Id: 850475
2017-01-11 02:32:20 -05:00
Justus Winter
bfd6a49012 common: Fix fallback code.
* common/logging.c (_log_assert): Fix the variant for compilers that
do not support __FUNCTION__.
* common/logging.h (_log_assert): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-10 12:31:46 +01:00
Werner Koch
8d774904c8
agent,w32: Fix annoying output to DebugView.
* agent/gpg-agent.c (startup_fd_list): Do not define for W32.
(main) [W32]: Do not call get_all_open_fds.
--

GnuPG-bug-id: 2267
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-06 18:47:53 +01:00
Werner Koch
6170eb8090
Silence two -Wlogical-op warnings.
* common/tlv.c (parse_ber_header): Avoid compiler warning about a
duplicate condition.
* tools/gpgtar-create.c (pattern_valid_p): Likewise.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-05 20:43:40 +01:00
Justus Winter
a1e0d4a1e7 common: Turn assertions into expressions.
* common/logging.h (log_assert): Turn this into an expression so it
can be used in expressions.

Signed-off-by: Justus Winter <justus@g10code.com>
2017-01-02 18:23:34 +01:00
Werner Koch
6b84ecbf31
Replace use of variable-length-arrays.
* common/t-iobuf.c (main): Replace variable-length-array.
* g10/gpgcompose.c (mksubpkt_callback): Ditto.
(encrypted): Ditto.
* g10/t-stutter.c (log_hexdump): Ditto.
(oracle_test): Ditto.
* g10/tofu.c (get_policy): Ditto.  Use "%zu" for size_t.
* scd/app-openpgp.c (ecc_writekey): Replace variable-length-array.
Check for zero length OID_LEN.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-02 13:29:18 +01:00
Werner Koch
6204f8104f
tests: Avoid skipping exectool tests.
* common/t-exectool.c (test_executing_true): Try also /usr/bin/true.
(test_executing_false): Try also /usr/bin/false.
--

Reported-by: Nelson H. F. Beebe
  I then ran a test on all our test lab systems, and found that
  /bin/false is missing on DragonFlyBSD, FreeBSD, GhostBSD,
  HardenedBSD, Mac OS X, MidnightBSD, Minix, one version of MirBSD,
  NetBSD, OpenBSD, PacBSD, PCBSD, and TrueOS.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-20 18:39:30 +01:00
Werner Koch
e384405b6e
Remove unused debug flags and add "dns" and "network".
* g10/options.h (DBG_CARD_IO_VALUE, DBG_CARD_IO): Remove.
* g10/gpg.c (debug_flags): Remove "cardio".
* agent/agent.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* agent/gpg-agent.c (debug_flags): Remove "command".
* scd/scdaemon.h (DBG_COMMAND_VALUE, DBG_COMMAND): Remove.
* scd/scdaemon.c (debug_flags): Remove "command".
* dirmngr/dirmngr.h (DBG_DNS_VALUE, DBG_DNS): New.
(DBG_NETWORK_VALUE, DNG_NETWORK): New.
* dirmngr/dirmngr.c (debug_flags): Add "dns" and "network".
--

Note that "dns" and "network" are not yet used but will soon be added
to dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-19 09:41:15 +01:00
Justus Winter
ca1e9749bf common: Support locating components in the build tree.
* common/homedir.c (gnupg_build_directory): New variable.
(gnupg_module_name_called): Likewise.
(gnupg_set_builddir): New function.
(gnupg_set_builddir_from_env): Likewise.
(gnupg_module_name): Support locating components in the build tree.
* common/util.h (gnupg_set_builddir): New prototype.
* tests/openpgp/defs.scm (tools): Drop 'gpg and 'gpg-agent.
(tool): Rename to 'tool-hardcoded.
(gpg-conf): New function, with accessors for the results.
(gpg-components): New variable.
(tool): New function.
* tools/gpgconf.c (enum cmd_and_opt_values): New key.
(opts): New option '--build-prefix'.
(main): Handle new option.
--

This change makes sure that the components from the build tree are
used, and not some older installed version in PATH.  It also lets us
make GPGME use components from the build tree, making it possible to
execute GPGME's test suite with them.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-14 16:41:18 +01:00
Justus Winter
d6e332422f common: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-12-14 16:41:18 +01:00
Werner Koch
aae68a3ccd
common: Add replacements for error codes from gpg-error 1.26.
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-14 15:57:16 +01:00
Werner Koch
5c7d582228
common: Skip the Byte Order Mark in conf files.
* common/argparse.c (optfile_parse): Detect and skip the UTF-8 BOM.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-08 20:25:48 +01:00
Werner Koch
ce29272e24
gpg: New option --default-new-key-algo.
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

This new option is intended to be used in the forthcoming
--set-profile command of gpgconf.  It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-12-02 19:47:40 +01:00
Werner Koch
60b4982836
gpg,sm: Merge the two versions of check_special_filename.
* sm/gpgsm.c (check_special_filename): Move to ..
* common/sysutils.c (check_special_filename): here.  Add arg
NOTRANSLATE.
(allow_special_filenames): New local var.
(enable_special_filenames): New public functions.
* sm/gpgsm.c (allow_special_filenames): Remove var.
(main): Call enable_special_filenames instead of setting the var.
(open_read, open_es_fread, open_es_fwrite): Call
check_special_filename with 0 for NOTRANSLATE.
* common/iobuf.c (special_names_enabled): Remove var.
(iobuf_enable_special_filenames): Remove func.
(check_special_filename): Remove func.
(iobuf_is_pipe_filename): Call new version of the function with
NOTRANSLATE set.
(do_open): Ditto.
* g10/gpg.c (main): Call enable_special_filenames instead of
iobuf_enable_special_filenames.
* g10/gpgv.c (main): Ditto.
--

Note that we keep the iobuf.c:translate_file_handle because it is a
bit different (for whatever reasons) than the translate function from
sysutils.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-29 16:54:36 +01:00
Werner Koch
c4506a3f15
common: Rename keybox_file_rename to gnupg_rename_file.
* kbx/keybox-util.c (keybox_file_rename): Rename to ...
* common/sysutils.c (gnupg_rename_file): this.  Change all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-16 17:43:59 +01:00
Justus Winter
7cbb080384 common,w32: Simplify locking.
* common/asshelp.c (lock_spawning): Use the same code on Windows that
we use on all other platforms.
(unlock_spawning): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-11-08 16:01:53 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
488b183811
common: Improve compare_string_versions.
* common/stringhelp.c: Include limits.h.
(compare_version_strings): Change semantics to behave like strcmp.
Include the patch lebel in the comparison.  Allow checking a single
version string.
* common/t-stringhelp.c (test_compare_version_strings): Adjust test
vectors and a few new vectors.
* g10/call-agent.c (warn_version_mismatch): Adjust to new sematics.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-02 17:58:11 +01:00
Werner Koch
ad491ceec6
common: New function gnupg_usleep.
* configure.ac (HAVE_NANOSLEEP): Test for nanosleep.
* common/sysutils.c: Always include time.h.
(gnupg_usleep): New.
--

This function has been compiled from nPth and Libassuan.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-31 12:24:45 +01:00
Werner Koch
ece9ade4b4
common: Add GNUPG_MODULE_NAME_GPGV.
* common/util.h (GNUPG_MODULE_NAME_GPGV): New.
* common/homedir.c (gnupg_module_name): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-27 19:56:42 +02:00
Justus Winter
445f0c13d7 Fix typos.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 14:59:56 +02:00
Werner Koch
a9c8b5fbe7
common: Remove debug output from gnupg_get_socket_name.
* common/sysutils.c (gnupg_get_socket_name): Remove debug message and
use my_error_from_syserror.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-27 09:27:37 +02:00
NIIBE Yutaka
8b3d0d1a36 common: Fix gnupg_inotify_has_name, differently.
* common/sysutils.c (gnupg_inotify_has_name): Use void * to stop the
warning.

--
According to the man page of inotify(7), it is aligned by null bytes.
So, bc28f320fa6f5b9fcdb73dba5e6c582daf7992c5 is reverted.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-27 15:43:18 +09:00
Daniel Kahn Gillmor
6316b28e89 agent,common: move get_socket_name() into common.
* agent/gpg-agent.c (get_socket_name): move to ...
* common/sysutils.c (gnupg_get_socket_name): ... here.

--
This allows us to use the same functionality in dirmngr as well.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-27 10:37:17 +09:00
NIIBE Yutaka
bc28f320fa common: Fix gnupg_inotify_has_name.
* common/sysutils.c (gnupg_inotify_has_name): Take care of the
alignment.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-27 10:16:48 +09:00
Werner Koch
ece13f177d
common: Use GPG_ERR_INV_VALUE instead of GPG_ERR_EINVAL.
* common/sysutils.c (gnupg_inotify_watch_socket): Return
GPG_ERR_INV_VALUE for a missing socket name and set proper error
source.
--

By using a different value we can easier see whether the error is due
to a system call or from GnuPG code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-26 09:02:10 +02:00
Daniel Kahn Gillmor
3b5f5e0eb0 common: avoid segfault
* common/sysutils.c (gnupg_inotify_watch_socket): return EINVAL if
  socket_name is NULL, rather than segfaulting
--
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-10-26 14:16:06 +09:00
Werner Koch
7983f87587
common: Use strconcat in gnupg_setenv.
* common/sysutils.c (gnupg_setenv): Replace malloc+stpcpy by
strconcat.  Indent cpp conditionals.
(gnupg_unsetenv): Indent cpp conditionals.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-25 08:59:44 +02:00
NIIBE Yutaka
945e7ab0dd common: Fix openpgp_is_curve_supported.
* common/openpgp-oid.c (openpgp_is_curve_supported): Support both of
canonical name of the curve and alias.

--
Only alias (the name for print) was allowed before this change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-24 11:20:14 +09:00
NIIBE Yutaka
6e85ac77af Fix use cases of snprintf.
* agent/call-pinentry.c, agent/call-scd.c, agent/command.c,
build-aux/speedo/w32/g4wihelp.c, common/get-passphrase.c,
dirmngr/dirmngr.c, g10/call-agent.c, g10/cpr.c, g10/keygen.c,
g10/openfile.c, g10/passphrase.c, scd/app-openpgp.c, scd/scdaemon.c,
sm/call-agent.c, sm/call-dirmngr.c, sm/certreqgen.c: Fix assuming C99.

--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-21 12:04:46 +09:00
Justus Winter
8c7c4faf3d common,w32: Fix setting environment variables on Windows.
* common/sysutils.c (gnupg_setenv): Also update the environment block
maintained by the C runtime.
(gnupg_unsetenv): Likewise.
* tests/gpgscm/ffi.c (do_setenv): Fix error handling.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-20 17:01:24 +02:00
Justus Winter
8dce5ee55a common: Fix copying data to estreams.
* common/exectool.c (copy_buffer_do_copy): Correctly account for
partially written data in the event of errors.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-18 18:54:49 +02:00
Justus Winter
05a1e41233 common,w32: Communicate with child in non-blocking mode.
* common/exechelp-w32.c (gnupg_spawn_process): Open streams in
non-blocking mode if requested.

Fixes-commit: 83811e3f1f0c615b2b63bafdb49a35a0fc198088
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-18 18:54:49 +02:00
Justus Winter
f2d39a6d05 common,w32: Extend gnupg_create_inbound_pipe et al.
* common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
create a stream if reqested.
(gnupg_create_inbound_pipe): Use the extended function to open the
stream if requested.
(gnupg_create_outbound_pipe): Likewise.
(gnupg_create_pipe): Update call site.

Fixes-commit: 5d991e333a1885adc40abd9d00c01fec4bd5d9d7
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-18 18:54:49 +02:00
Justus Winter
727ca74bb9 common,w32: Make use of default_errsource in exechelp.
* common/exechelp-posix.c (my_error_from_syserror, my_error): New.
Use them instead of gpg_error and gpg_error_from_syserror.

Fixes-commit: 96c7901ec1c79be732570811223d3ea54875abfe
Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-18 18:54:49 +02:00
Werner Koch
2f7d4c38c9
agent: Move inotify code to common and improve it.
* common/sysutils.c: Include sys/inotify.h.
(my_error_from_syserror, my_error): New.
(gnupg_inotify_watch_socket): New.
(gnupg_inotify_has_name): New.
* agent/gpg-agent.c: Do not include sys/inotify.h.
(my_inotify_is_name): Remove.
(handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
the new functions.
--

When removing not a simple socket file but the entire directory the
old code missed most events and thus did not worked properly.

IN_DELETE_SELF has also been added to the watch list to detect a
removal of the directory.  However, in all tests that event was not
triggered.  The only way it could be triggered was by not watching
the socket dir but an arbitary directory and rmdir that.

GnuPG-bug-id: 2756
Signed-off-by: Werner Koch <wk@gnupg.org>
2016-10-15 21:35:05 +02:00
NIIBE Yutaka
fc0b392e76 agent, dirmngr, scd: Fix init_common_subsystems.
* common/init.c (_init_common_subsystems): Don't call
gpgrt_set_syscall_clamp in this function.
* agent/gpg-agent.c, dirmngr/dirmngr.c, scd/scdaemon.c: Call
gpgrt_set_syscall_clamp after npth_init.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2016-10-07 10:45:22 +09:00
Justus Winter
4aadc751f2 common: Avoid pointer arithmetic on string literals.
* common/gettime.c (rfctimestamp): Use indexing instead.
* common/signal.c (got_fatal_signal): Likewise.
2016-10-06 14:48:52 +02:00
Justus Winter
6054e8aaec build: Fix build against libiconv.
* agent/Makefile.am: Add INCICONV and LIBICONV.
* common/Makefile.am: Likewise.
* tools/Makefile.am: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-30 17:45:59 +02:00
Justus Winter
2b23a321ac common: Correctly handle modules relying on npth.
* common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
(with_npth_sources): New variable.
(libcommonpth_a_SOURCES): Use the new variable.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-27 15:54:56 +02:00
Daniel Kahn Gillmor
0d67241e31 Fix more spelling
* NEWS, acinclude.m4, agent/command-ssh.c, agent/command.c,
  agent/gpg-agent.c, agent/keyformat.txt, agent/protect-tool.c,
  common/asshelp.c, common/b64enc.c, common/recsel.c, doc/DETAILS,
  doc/HACKING, doc/Notes, doc/TRANSLATE, doc/dirmngr.texi,
  doc/faq.org, doc/gpg-agent.texi, doc/gpg.texi, doc/gpgsm.texi,
  doc/instguide.texi, g10/armor.c, g10/gpg.c, g10/keyedit.c,
  g10/mainproc.c, g10/pkclist.c, g10/tofu.c, g13/sh-cmd.c,
  g13/sh-dmcrypt.c, kbx/keybox-init.c, m4/pkg.m4, sm/call-dirmngr.c,
  sm/gpgsm.c, tests/Makefile.am, tests/gpgscm/Manual.txt,
  tests/gpgscm/scheme.c, tests/openpgp/gpgv-forged-keyring.scm,
  tests/openpgp/multisig.test, tests/openpgp/verify.scm,
  tests/pkits/README, tools/applygnupgdefaults,
  tools/gpg-connect-agent.c, tools/mime-maker.c, tools/mime-parser.c:
  minor spelling cleanup.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2016-09-17 16:00:37 +09:00
Justus Winter
c97bde2dfe common: Restore a simpler variant of 'gnupg_wait_process'.
* common/exechelp-posix.c (gnupg_wait_process): Use the code prior to
5ba4f604.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-05 17:26:50 +02:00
Justus Winter
845e2cc201 common: Fix error handling.
* common/exechelp-posix.c (store_result): Use xtrymalloc.
(gnupg_wait_processes): Likewise, and check result.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-09-05 17:26:50 +02:00