* common/sysutils.c (gnupg_setenv): Also update the environment block
maintained by the C runtime.
(gnupg_unsetenv): Likewise.
* tests/gpgscm/ffi.c (do_setenv): Fix error handling.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/exectool.c (copy_buffer_do_copy): Correctly account for
partially written data in the event of errors.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/exechelp-w32.c (do_create_pipe): Rename, add arguments, and
create a stream if reqested.
(gnupg_create_inbound_pipe): Use the extended function to open the
stream if requested.
(gnupg_create_outbound_pipe): Likewise.
(gnupg_create_pipe): Update call site.
Fixes-commit: 5d991e333a
Signed-off-by: Justus Winter <justus@g10code.com>
* common/exechelp-posix.c (my_error_from_syserror, my_error): New.
Use them instead of gpg_error and gpg_error_from_syserror.
Fixes-commit: 96c7901ec1
Signed-off-by: Justus Winter <justus@g10code.com>
* common/sysutils.c: Include sys/inotify.h.
(my_error_from_syserror, my_error): New.
(gnupg_inotify_watch_socket): New.
(gnupg_inotify_has_name): New.
* agent/gpg-agent.c: Do not include sys/inotify.h.
(my_inotify_is_name): Remove.
(handle_connections): Remove HAVE_INOTIFY_INIT protected code and use
the new functions.
--
When removing not a simple socket file but the entire directory the
old code missed most events and thus did not worked properly.
IN_DELETE_SELF has also been added to the watch list to detect a
removal of the directory. However, in all tests that event was not
triggered. The only way it could be triggered was by not watching
the socket dir but an arbitary directory and rmdir that.
GnuPG-bug-id: 2756
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/Makefile.am (common_sources): Drop 'call-gpg.{c,h}'.
(with_npth_sources): New variable.
(libcommonpth_a_SOURCES): Use the new variable.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/exechelp-posix.c (struct terminated_child): New definition.
(terminated_children): New variable.
(store_result): New function.
(get_result): Likewise.
(gnupg_wait_process): Store results that were not requested and
consider previously stored results.
waitpid(2) may return information about terminated children that we
did not yet request, and there is no portable way to wait for a
specific set of children. As a workaround, we store the results of
children for later use.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/asshelp.c (my_log_monitor): New var.
(my_libassuan_log_handler): Run that monitor.
(setup_libassuan_logging): Add arg to set a log monitor and change all
callers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (oid_crv25519): Rename to oid_cv25519.
(openpgp_oid_is_crv25519): Rename to openpgp_oid_is_cv25519. Change
callers.
--
We use "cv25519" everywhere else and thus the test function should not
have a surprising name.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gettime.c (gnupg_get_time): Abor if time() failed.
(gnupg_get_isotime): Remove now useless check.
(make_timestamp): Remove check becuase we already checked this modulo
the faked time thing.
--
In reality a call foo = time (NULL) can never fail because the only
defined error is EFAULT, but we don't provide a buffer.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dirmngr.h (opts): Remove fields 'system_service' and
'system_daemon'.
* common/homedir.c (dirmngr_sys_socket_name): Remove.
(dirmngr_user_socket_name): Rename to ...
(dirmngr_socket_name): this. Change call callers.
* common/asshelp.c (start_new_dirmngr): Remove the system socket
feature.
* tools/gpgconf.c (list_dirs): Do not print "dirmngr-sys-socket".
* sm/server.c (gpgsm_server): Adjust for removed system socket feature.
* dirmngr/server.c (cmd_getinfo): Ditto.
(cmd_killdirmngr): Remove check for system daemon.
(cmd_reloaddirmngr): Ditto.
* dirmngr/dirmngr.c (USE_W32_SERVICE): Remove macro.
(aService): Remove.
(opts): Remove --service.
(w32_service_control): Remove.
(real_main, call_real_main) [W32]: Remove wrapper.
(main): Remove Windows system service feature. Remove system dameon
feature. Use only the "~/.gnupg/dirmngr_ldapservers.conf" file.
* dirmngr/certcache.c (load_certs_from_dir): Remove warning in the
system dameon case.
* dirmngr/crlcache.c (DBDIR_D): Always use "~/.gnupg/crls.d".
* dirmngr/ocsp.c (validate_responder_cert): Do not call
validate_cert_chain which was used only in system daemon mode.
* dirmngr/validate.c (validate_cert_chain): Always use the code.
--
We are now starting dirmngr as needed as a user daemon. The
deprecated system daemon mode does not anymore make sense. In case a
system wide daemon is required, it is better to setup a dedicated
account to run dirmngr and tweak socket permissions accordingly.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (do_logv): When no prefixes have been requested,
omit the ": " separator, since there is nothing on the left-hand
side of it.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* common/stringhelp.c (string_to_u64): New.
* dirmngr/http.c (longcounter_t): Remove.
(struct cookie_s): Change content_length to uint64_t.
(parse_response): Use string_to_u64.
--
Meanwhile we allow some C99 features including stdint.h. Thus we can
simplify things now.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/init.c (init_common_subsystems): Initialize libgcrypt.
* dirmngr/Makefile.am (dirmngr_ldap): Link with libgcrypt.
--
Most other modules already call gcry_check_version() after
init_common_subsystems() so may as well move initialization of libgcrypt
to here. Also fixes a warning in the system log from gpgconf --homedir.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
* common/util.h (get_pk_algo_from_key): New.
* common/sexputil.c (get_pk_algo_from_key): The implementation.
* agent/gpg-agent.c: Remove include of openpgpdefs.h.
* agent/command-ssh.c (struct ssh_key_type_spec): Use integer ALGO.
(ssh_key_types): Update with GCRY_PK_*.
(make_cstring, sexp_extract_identifier): Remove.
(sexp_key_construct): Use gcry_pk_algo_name to get ALGO string.
(ssh_key_to_blob): Use cadr to get value list.
(ssh_key_type_lookup): Lookup with integer ALGO.
(ssh_receive_key): Follow the change of ssh_key_type_lookup.
(ssh_send_key_public): Likewise. Use get_pk_algo_from_key to get ALGO.
--
This fixes the regresson introduced by the commit
894789c329.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* README, agent/command.c, agent/keyformat.txt, common/i18n.c,
common/iobuf.c, common/keyserver.h, dirmngr/cdblib.c,
dirmngr/ldap-wrapper.c, doc/DETAILS, doc/TRANSLATE,
doc/announce-2.1.txt, doc/gpg.texi, doc/gpgsm.texi,
doc/scdaemon.texi, doc/tools.texi, doc/whats-new-in-2.1.txt,
g10/export.c, g10/getkey.c, g10/import.c, g10/keyedit.c, m4/ksba.m4,
m4/libgcrypt.m4, m4/ntbtls.m4, po/ca.po, po/cs.po, po/da.po,
po/de.po, po/el.po, po/eo.po, po/es.po, po/et.po, po/fi.po,
po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po,
po/nb.po, po/pl.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po,
po/sv.po, po/tr.po, po/uk.po, po/zh_CN.po, po/zh_TW.po,
scd/app-p15.c, scd/ccid-driver.c, scd/command.c, sm/gpgsm.c,
sm/sign.c, tools/gpgconf-comp.c, tools/gpgtar.h: replace "Allow to"
with clearer text.
In standard English, the normal construction is "${XXX} allows ${YYY}
to" -- that is, the subject (${XXX}) of the sentence is allowing the
object (${YYY}) to do something. When the object is missing, the
phrasing sounds awkward, even if the object is implied by context.
There's almost always a better construction that isn't as awkward.
These changes should make the language a bit clearer.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* common/util.h: Factor prototypes from signal.c out to ...
* common/utilproto.h: new.
* common/Makefile.am (common_sources): Add new file.
Signed-off-by: Werner Koch <wk@gnupg.org>
Previously, iobuf_peek on a file smaller than 'buflen' would hang.
* common/iobuf.c (underflow): Generalize by adding a target parameter.
(iobuf_peek): Use this to prevent looping here.
* tests/openpgp/Makefile.am (TESTS): Add new test.
* tests/openpgp/setup.scm (dearmor): Move function...
* tests/openpgp/defs.scm (dearmor): ... here.
* tests/openpgp/issue2419.scm: New file.
* tests/openpgp/samplemsgs/issue2419.asc: Likewise.
GnuPG-bug-id: 2419
Signed-off-by: Justus Winter <justus@g10code.com>
* common/exectool.c (copy_buffer_shred): Make passing NULL a nop.
(gnupg_exec_tool_stream): Allocate copy buffers from the heap.
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/protect.c (OCB_MODE_SUPPORTED): Remove macro.
(do_encryption): Always support OCB.
(do_decryption): Ditto.
(agent_unprotect): Ditto.
* dirmngr/server.c (is_tor_running): Unconditionally build this.
--
Although not technically required, it is easier to require them to
avoid bug reports due to too old library versions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gettime.c (rfctimestamp): New.
--
It is surprisingly hard to create an RFC-2822 compliant Date value.
The problem is that strftime uses the current locale but the RFC
requires that the English names are used. This code is pretty simply
and avoid the extra problem of figuring out the correct timezone;
instead UTC is used. For the planned use case this is anyway better.
Signed-off-by: Werner Koch <wk@gnupg.org>
Fixes intermittent gpgtar failures.
* common/exectool.c (copy_buffer_do_copy): Initialize 'nwritten'.
(gnupg_exec_tool_stream): Loop until all data is copied.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/name-value.c (struct name_value_container): Add field
'private_key_mode'.
(my_error): New. Use instead of gpg_error.
(nvc_new_private_key): New.
(nve_release): Add arg 'private_key_mode'.
(nvc_release): Call nve_release with private_key_mode flag.
(nvc_delete): Ditto.
(_nvc_add): Do no special case "Key:" in non-private_key_mode.
(nvc_get_private_key): Return error in non-private_key_mode.
(nvc_set_private_key): Ditto.
(nvc_parse): Factor all code out to ...
(do_nvc_parse): new. Add arg 'for_private_key'.
(nvc_parse_private_key): New.
* agent/findkey.c (write_extended_private_key): Replace nvc_parse by
nvc_parse_private_key.
(read_key_file): Ditto.
* common/t-name-value.c (private_key_mode): New variable.
(my_nvc_new): New. Replace all callers.
(test_key_extraction): Take mode in account.
(run_tests): Ditto.
(run_modification_tests): Ditto.
(parse): Ditto.
(main): Add option --parse and rename --parse to --parse-key.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/name-value.c, common/name-value.h: Rename symbol prefixes
from "pkc_" to "nvc_" and from "pke_" to "nve_". Change all callers.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/private-keys.c: Rename to name-value.c.
* common/private-keys.h: Rename to name-value.h. Chage all users.
* common/t-private-keys.c: Rename to t-name-value.c.
* common/Makefile.am: Adjust accordingly.
--
The module is cool enough to be used for other purposes as well. Thus
we better change the name.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
* g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
insert the issuer fpr if needed.
* g10/sign.c (write_signature_packets): Pass signing key.
(make_keysig_packet): Ditto.
(update_keysig_packet): Ditto.
* g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
(parse_one_sig_subpkt): Detect issuer fpr.
(can_handle_critical): Add issuer fpr.
* g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
* g10/gpgv.c (keyserver_import_fprint): New stub.
* g10/test-stubs.c (keyserver_import_fprint): New stub.
--
This support is enabled with the --rfc4880bis option and intended to
test to recently proposed issuer fpr.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (create_server_socket): Call chmod before listen.
* scd/scdaemon.c (create_server_socket): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
--
This is just in case of a improperly set umask. Note that a connect
requires a write permissions.
* common/homedir.c: Include sys/stat.h and zb32.h.
(w32_portable_app, w32_bin_is_bin): Change type from int to byte.
(non_default_homedir): New.
(is_gnupg_default_homedir): New.
(default_homedir): Set non_default_homedir.
(gnupg_set_homedir): Set non_default_homedir and make
the_gnupg_homedir and absolute directory name.
(gnupg_homedir): Return an absolute directory name.
(_gnupg_socketdir_internal): New.
(gnupg_socketdir): Implement /run/user/ based sockets.
* tools/gpg-connect-agent.c (get_var_ext): Replace now obsolete
make_filename by xstrdup.
* tools/gpgconf.c (main): Sue gnupg_homedir for the "homedir:" output.
--
If a [/var]/run/user/$(id -u)/ directory exists, a gnupg subdir is
created as needed and the permissions of the directories are checked.
If that all matches that directory name is returned instead of the
homedir.
To cope with non standard homedirs (via GNUPGHOME or --homedir) the
SHA-1 hash of the homedir is computed, left truncated to 120 bits,
zBase-32 encoded, prefixed with "d.", and appended to
"[/var]/run/user/$(id -u)/gnupg/". If that directory exists and has
proper permissions it is returned as socket dir - if not the homedir
is used. Due to cleanup issues, this directory will not be
auto-created but needs to be created by the user in advance.
The required permissions are: directory owned by the user, group and
others bits not set.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c: Include openpgpdefs.h.
(oidtable): Add field pubkey_algo.
(openpgp_is_curve_supported): New.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exectool.h (exec_tool_status_cb_t): New.
* common/exectool.c: Include missing exectool.h.
(read_and_log_buffer_t): Replace array by pointer.
(gnupg_exec_tool_stream): Add args 'status_cb' and 'status_cb_value'.
Change all callers to pass NULL for them. Malloc buffer for
FDERRSTATE.
(read_and_log_stderr): Implement status_fd feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-posix.c (do_exec): Add arg 'except' and pass to
close_all_fds.
(gnupg_spawn_process): Add arg 'except'. Change callers to pass NULL
for it.
* common/exechelp-w32.c (gnupg_spawn_process): Add dummy arg 'except'.
* common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
* common/exectool.c (copy_buffer_do_copy): Allow NULL for SINK.
(gnupg_exec_tool_stream): Add arg 'inextra'. Change callers to pass
NULL for it. Allow NULL for OUTPUT.
--
This hack is a first step to allow calling gpg for verification of
signatures.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-posix.c [__linux__]: Include dirent.h.
(get_max_fds) [__linux__]: Return the actual used highest fd.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exechelp-posix.c (my_error_from_syserror, my_error): New.
Use them instead of gpg_error and gpg_error_from_syserror.
(create_pipe_and_estream): Remove arg ERRSOURCE and fix use of
OUTBOUND which has a wrong name. Adjust callers.
(gnupg_spawn_process): Remove arg ERRSOURCE and replace by use of
DEFAULT_ERRSOURCE.
* common/exechelp-w32.c (gnupg_spawn_process): Ditto.
* common/exechelp-w32ce.c (gnupg_spawn_process): Ditto.
* common/exectool.c (gnupg_exec_tool_stream): Do not pass
GPG_ERROR_FROM_SYSERROR.
* tools/gpgconf-comp.c (gc_component_check_options): Ditto.
(retrieve_options_from_program): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_KEY_CONSIDERED): New.
* g10/getkey.c: Include status.h.
(LOOKUP_NOT_SELECTED, LOOKUP_ALL_SUBKEYS_EXPIRED): New.
(finish_lookup): Add arg R_FLAGS. Count expired and revoked keys and
set flag. Check a requested usage before checking for expiraion or
revocation.
(print_status_key_considered): New.
(lookup): Print new status.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_TOFU_USER, STATUS_TOFU_STATS)
(STATUS_TOFU_STATS_SHORT, STATUS_TOFU_STATS_LONG): New.
* g10/tofu.c (NO_WARNING_THRESHOLD): New.
(record_binding, tofu_register): Take care of --dry-run.
(show_statistics): Print STATUS_TOFU_USER. Reformat some messages.
Fix the ngettext/strcmp thing. Use log_string instead of log_info.
Use NO_WARNING_THRESHOLD constant.
(get_trust): Use format_text and print a compact fingerprint.
--
The use of log_string makes long messages better readable; instead of
gpg: Warning: if you think you've seen more[...]
key, then this key might be a forgery! Car[...]
address for small variations. If the key i[...]
we now have
gpg: Warning: if you think you've seen more[...]
key, then this key might be a forgery![...]
address for small variations. If the [...]
We also put the key information after the message and not between the
user id and the last used info like here:
gpg: Verified 7 messages signed by "Werner Koch <werner@eifzilla.de>"
in the past 4 days, 16 hours.
The most recent message was verified 3 days, 13 hours ago.
(key: 8061 5870 F5BA D690 3336 [...] 1E42 B367, policy: auto)
This also makes the key info a separate translatable string.
Further a compact version of the fingerprint (hex w/o spaces) is
printed in some messages.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (bug_at): Do not i18n the string.
(_log_assert): New.
* common/logging.h (log_assert): Use new function and pass line
information.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/private-keys.c (my_error_from_syserror): New. Use it in
place of gpg_error_from_syserror.
(_pkc_add, pkc_lookup, pke_next_value): Use ascii_strcasecmp.
(pkc_parse): Use xtrystrdup and append_to_strlist_try as intended.
(_pkc_add): Add braces around if-statement.
--
We should have a macro so that we do not need to define a wrapper
function like my_error_from_syserror in files where it is needed. I
am not sure about a proper name, "my_" seems to be the easiest
replacement. Note that the global DEFAULT_ERRSOURCE is relatively new
to replace the need to convey the error source in function calls; we
want that function from common/ return the error source of the main
binary.
We require that a key is ASCII and thus we better use ascii_strcasecmp
to avoid problems with strange locales.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/miscellaneous.c (xoutofcore): New.
* common/strlist.c (append_to_strlist): Use instead of abort.
(append_to_strlist_try): Use xtrymalloc instead of xmalloc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/findkey.c (write_extended_private_key): New function.
(agent_write_private_key): Detect if an existing file is in extended
format and update the key within if it is.
(read_key_file): Handle the new format.
* agent/keyformat.txt: Document the new format.
* common/Makefile.am: Add the new files.
* common/private-keys.c: New file.
* common/private-keys.h: Likewise.
* common/t-private-keys.c: Likewise.
* common/util.h (alphap, alnump): New macros.
* tests/migrations: Add test demonstrating that we can cope with the
new format.
--
GnuPG 2.3+ will use a new format to store private keys that is both
more flexible and easier to read and edit by human beings. The new
format stores name,value-pairs using the common mail and http header
convention.
This patch adds the parser and support code and prepares GnuPG 2.1 for
the new format.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/strlist.c (append_to_strlist): Use the new function.
(append_to_strlist_try): New function.
* common/strlist.h (append_to_strlist_try): New prototype.
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac: Do nor require libiconv for W32.
* common/utf8conv.c [W32]: Do not incluce iconv.h. Request
libgpg-error iconv macros.
(jnlib_iconv): Use ICONV_CONST macro.
* build-aux/speedo/w32/inst.nsi [!WITH_GUI]: Do not install libiconv.
* build-aux/speedo.mk (speedo_spkgs) [!WITH_GUI]: Likewise.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (create_private_keys_directory): Set permissions.
* common/sysutils.c (modestr_to_mode): New function.
(gnupg_mkdir): Use new function.
(gnupg_chmod): New function.
* common/sysutils.h (gnupg_chmod): New prototype.
* tests/migrations/from-classic.test: Test migration with existing
directory.
GnuPG-bug-id: 2312
Signed-off-by: Justus Winter <justus@g10code.com>
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--
Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/iobuf.c (pop_filter): Rename from this...
(iobuf_pop_filter): ... to this. Don't mark it as static.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* common/iobuf.c (iobuf_copy): Change buffer size from 1 MB to 32 KB.
--
Change suggested by Werner based on the observation that other buffers
are of a similar size.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/build-packet.c (do_symkey_enc): Use iobuf_write instead of
iobuf_put in a loop. Use iobuf_copy instead of iobuf_read and
iobuf_write in a loop. Move the memory wiping from here...
* common/iobuf.c (iobuf_copy): ... to here.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* common/exechelp-posix.c (gnupg_create_pipe): New function.
* common/exechelp-w32.c (INHERIT_{READ,WRITE,BOTH}): New macros.
(create_inheritable_pipe): Generalize so that both ends can be
inherited.
(do_create_pipe): Rename argument accordingly.
(gnupg_create_{in,out}bound_pipe): Use new flags.
(gnupg_create_pipe): New function.
(gnupg_spawn_process): Use new flags.
* common/exechelp-w32ce.c (gnupg_create_pipe): New stub.
* common/exechelp.h (gnupg_create_pipe): New prototype.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/exechelp-w32.c (gnupg_wait_process): Do not print an error if
the exit code can be returned. This makes the Windows version behave
like the POSIX version.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/homedir.c (check_portable_app): Remove error message.
--
It is sometimes useful to install just gpgv and no other parts. Our
test for a portable application returned an error if gpgconf is not
installed. That error is not required but was merely a debug aid.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/utf8conv.c (wchar_to_utf8): Factor code out to ...
(wchar_to_cp): new.
(utf8_to_wchar): Factor code out to ...
(cp_to_wchar): new.
(wchar_to_native): New.
(native_to_wchar): New.
* tools/gpgtar-create.c (fillup_entry_w32): Use native_to_wchar.
(scan_directory): Use wchar_to_native.
--
Gpgtar needs to handle filenames in the local 8 bit encoding on
Windows as it uses the 8 bit file io functions.
GnuPG-bug-id: 1624, 1746
Patch from bug 1624 modified to fit into GnuPG 2.1 by wk.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_WARNING): New.
* g10/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
* g10/call-dirmngr.c: Include status.h.
(warn_version_mismatch): New.
(create_context): Call warn function.
* sm/call-agent.c (warn_version_mismatch): New.
(start_agent): Call warn function.
(gpgsm_agent_learn): Call warn function.
* sm/call-dirmngr.c (warn_version_mismatch): New.
(prepare_dirmngr): Call warn function.
--
We have seen too often bug reports which are due to still running old
versions of the daemons. To catch this problematic use we now print
warning messages and also provide the warning via the status
interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/stringhelp.c (parse_version_number): New.
(parse_version_string): New.
(compare_version_strings): New.
* common/t-stringhelp.c (test_compare_version_strings): New.
(main): Call test. Return ERRCOUNT instead of 0.
--
The code for that function is based on code from libgcrypt. Similar
code is in all GnuPG related libraries this function is
a candidates for inclusion in libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/asshelp.c: Include membuf.h.
(get_assuan_server_version): New.
* g10/call-agent.c (agent_get_version): Use new function.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/b64enc.c (b64enc_finish): Remove var assignment which is not
used later.
* common/iobuf.c (file_filter): Ditto.
* common/tlv.c (do_find_tlv): Ditto.
* common/userids.c (classify_user_id): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h (server_control_s, ctrl_t): Move to ...
* common/fwddecl.h: New file.
* common/call-gpg.h: Replace typedef by fwddecl.h. Change include
protection macro name.
* common/Makefile.am (common_sources): Add fwddecl.h.
--
It seems some compilers do not grok a re-declaration. Thus we factor
it out into a separate file and use the include protection macro to
protect against re-declaration.
GnuPG-bug-id: 2200
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/call-gpg.c (my_error_from_syserror, my_error_from_errno): New.
Use these wrappers.
* common/exectool.c (my_error_from_syserror): New. Use these
wrappers.
--
Function in common should use the error source of the component which
links them. The global variable DEFAULT_ERRSOURCE is set early by
each component to make this possible.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.c: Change from GPLv3 to LGPLv3+/GPLv2+.
* common/status.h: Ditto.
* common/yesno.c: Ditto.
* common/common-defs.h: Ditto.
* common/gettime.h: Ditto.
* common/keyserver.h: Ditto.
--
This is shared code and trivial enough to allow use under GPLv2+ so to
allow use by GPLv2only software. Some of the headers are simply
adjusted to the license of their implementation.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exectool.c, common/exectool.h: Change license.
--
We always try to use this license for shared code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sh-exectool.c: Rename to exectool.c.
* common/sh-exectool.h: Rename to exectool.h.
* common/Makefile.am (common_sources): Adjust for rename.
* common/exectool.c (sh_exec_tool_stream): Rename to
gnupg_exec-tool-stream.
(sh_exec_tool): Rename to gnupg_exec_tool.
* tools/gpgtar-create.c (gpgtar_create): Adjust for changes.
* tools/gpgtar-extract.c: Adjust for changes.
* tools/gpgtar-list.c: Adjust for changes.
--
The "sh-" presifx is used by g13 for system helpers which are used by
processes created via userv. A generic function in common/ should
also have a generic name.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Remove replacement macros for libgpg-error<1.21.
* common/types.h: Ditto.
* common/mischelp.h: Ditto.
* common/t-mapstrings.c: Include t-support.h before stringhelp.h
* common/t-stringhelp.c: Ditto.
* common/t-support.h: Always include gpg-error.h.
* kbx/keybox-search.c: Do not include stringhelp.h so that keybox-defs
comes first.
--
This patch enhances commit d6e0149 from Dec 10.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sh-exectool.c (struct copy_buffer): Add infrastructure for
copying between streams.
(copy_buffer_{init,shred,do_copy,flush}): New functions.
(sh_exec_tool_stream): Rework 'sh_exec_tool' to operate on streams.
(nop_free): New function.
(sh_exec_tool): Express this in terms of 'sh_exec_tool_stream'.
* common/sh-exectool.h (sh_exec_tool_stream): New prototype.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/asshelp.c (start_new_gpg_agent): Do not i18n string.
(start_new_dirmngr): Ditto.
* g10/mainproc.c (proc_encrypted): Ditto. Print only if debug is
enabled.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (check_user_ids): If the search description describes a
keyid or fingerprint and ends in a '!', include the '!' in the
rewritten description.
* common/userids.c (classify_user_id): Accept keyids and fingerprints
ending in '!'.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Kristian Fiskerstrand
<kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: f99830b7
Fixes-commit: e8c53fca
* common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the
declaration was already fixed by a previous change.
* dirmngr/server.c (cmd_getinfo): Use assuan_fd_t.
--
Note that this matters only for Windows and it does not harm as long
as we can only build for 32 bit Windows withsizeof(int)==sizeof(void*).
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t.
* dirmngr/server.c (data_line_cookie_write): Ditto.
* sm/certdump.c (format_name_writer): Ditto.
* sm/server.c (data_line_cookie_write): Ditto.
* dirmngr/http.c (cookie_read, cookie_write): Ditto.
--
See the release notes of libgpg-error 1.15 for background info on
gpgrt_ssize_t.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/call-gpg.c (gpg_{en,de}crypt_blob): Move most of the code
into two new functions, _gpg_encrypt and _gpg_decrypt.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/Makefile.am (common_sources): Add files.
* g13/call-gpg.c: Move to 'common' and adapt slightly. Add a
parameter to let callees override the gpg program to execute.
* g13/call-gpg.h: Likewise.
* g13/Makefile.am (g13_SOURCES): Drop files.
* g13/create.c (encrypt_keyblob): Hand in the gpg program to execute.
* g13/mount.c (decrypt_keyblob): Likewise.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/stringhelp.c (format_text): New function.
* common/t-stringhelp.c (stresc): New function.
(test_format_text): New function. Test format_text.
* g10/tofu.c (get_trust): Use format_text to reflow long texts.
(show_statistics): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len. Process at most LEN bytes.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* common/asshelp.h: Include 'util.h'.
* dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect
to the dirmngr.
(start_dirmngr): Drop now unused declaration and function.
--
Signed-off-by: Justus Winter <justus@g10code.com>
GnuPG-bug-id: 1843
* common/iobuf.c (iobuf_esopen): Initialize 'len' as 'file_es_filter'
will make use of it.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/userids.c (classify_user_id): Avoid underflow. Use spacep to
also trim tabs.
--
This is actually not fully consistent because the now used
trim_trailing_spaces uses the locale dependent isspace and not spacep.
Given that the use of isspace is anyway problematic we should check
whether we can chnage trim_trailing_spaces.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/userids.c (classify_user_id): Trim any trailing whitespace.
Before assuming that a hexstring corresponds to a key id or
fingerprint, make sure that it is NUL terminated.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1206
Debian-bug-id: 575084
* common/util.h (zb32_encode): Move prototype to ...
* common/zb32.h: new. Include this for all callers of zb32_encode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/srv.c: Merge into dirmngr/dns-stuff.c. Delete file.
* common/srv.h: Merge into dirmngr/dns-stuff.h. Delete file.
* common/Makefile.am (common_sources): Remove srv.c and srv.h.
* g10/keyserver.c: Do not include srv.h. The code using it is anyway
disabled.
* dirmngr/http.c: Remove header srv.h and stubs.
* dirmngr/t-dns-stuff.c: Add option --srv.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/mkdir_p.c (gnupg_amkdir_p): Use make_filename_try on the
first directory component as well.
--
If there is only a single directory component, then tilde expansion
won't be done.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* common/mkdir_p.c (gnupg_amkdir_p): Also strdup first item. Return
an error on malloc failure.
(gnupg_mkdir_p): Fix type of dirs and tmp_dirs.
--
The code was correct but it inhibits type checking. Instead of
casting it seems easier to simply allocate also the the first item in
DIRS.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/http.c: Move to ../dirmngr/.
* common/http.h: Move to ../dirmngr/.
* common/t-http.c: Move to ../dirmngr/.
* common/tls-ca.pem: Move to ../dirmngr/.
* common/Makefile.am: Do not build libcommontls.a libcommontlsnpth.a.
Remove http.c related stuff.
* po/POTFILES.in: Move http.c to dirmngr/.
* dirmngr/Makefile.am (EXTRA_DIST): Add tls-ca.pem.
(module_maint_tests): New.
(noinst_PROGRAMS): Add module_maint_tests.
(dirmngr_SOURCES): Add http.c and http.h.
(dirmngr_LDADD): Remove libcommontlsnpth.
(t_common_ldadd): Ditto.
(t_http_SOURCES, t_http_CFLAGS, t_http_LDADD): New.
(t_ldap_parse_uri_SOURCES): Add http.c.
(t_ldap_parse_uri_CFLAGS): Build without npth.
($(PROGRAMS)): Do not require libcommontls.a libcommontlsnpth.a.
* dirmngr/dirmngr.h, dirmngr/ks-engine.h: Fix include of http.h.
--
All network access is done via dirmngr and thus http.c should be
there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/mkdir_p.h (mkdir_p): Rename from this...
(gnupg_mkdir_p): ... to this. Change directory_component's type from
char * to const char *.
(amkdir_p): Rename from this...
(gnupg_amkdir_p): ... to this. Change directory_component's type from
char * to const char *.
* common/mkdir_p.c (mkdir_p): Rename from this...
(gnupg_mkdir_p): ... to this. Change directory_component's type from
char * to const char *.
(amkdir_p): Rename from this...
(gnupg_amkdir_p): ... to this. Change directory_component's type from
char * to const char *.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/http.c (send_request): Fix handling for hostname:port string.
--
The first pass to parse_uri should already do a scheme check so
that a hostname:port string is detected as invlaid and the retry
code actually takes effect and adds a http://
GnuPG-bug-id: 2109
* common/mkdir_p.c: Change license and comment debug statements.
(amkdir_p, mkdir_p): Fail on malloc error and use default_errsource to
build an error code. Change return value to gpg_error_t.
(amkdir_p): Use gnupg_mkdir.
* common/membuf.c: Include util.h first to avoid redefined macro
warnings.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.h: Include <gpg-error.h>.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
logging.h uses estream_t and as such should directly include
<gpg-error.h>.
* common/ssh-utils.c (get_fingerprint): Handle the prefix of 0x40.
* common/t-ssh-utils.c (sample_keys): Add a new key.
--
Also adding Ed25519 test key.
* common/exechelp.h (GNUPG_SPAWN_NONBLOCK): New.
(GNUPG_SPAWN_RUN_ASFW, GNUPG_SPAWN_DETACHED): Macro to replace the
numbers.
* common/exechelp.h (gnupg_spawn_process): Change function to not take
an optional stream for stdin but to return one.
* common/exechelp-posix.c (gnupg_spawn_process): Implement change.
(create_pipe_and_estream): Add args outbound and nonblock.
* common/exechelp-w32.c (gnupg_spawn_process): Implement change.
--
In 2.1 this function is only used at one place and the stdin parameter
is not used. Thus this change is trivial for the callers but along
with estream's new es_poll it is overall simpler to use.
Note that the Windows version has not been tested.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/ssh-utils.c (get_fingerprint): Fix hashed string.
--
That was an obvious c+p bug which should have been caught by a test
case.
GnuPG-bug-id: 2075
Debian-bug-id: 795636
* common/http.h (HTTP_FLAG_FORCE_TOR): New.
* common/http.c (http_raw_connect, send_request): Detect flag and
return an error for now.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/iobuf.h (enum iobuf_use): Add new member, IOBUF_INPUT_TEMP.
* common/iobuf.c (iobuf_temp_with_content): Create the iobuf as an
IOBUF_INPUT_TEMP, not an IOBUF_INPUT buffer. Assert that LENGTH ==
A->D.SIZE.
(iobuf_push_filter2): If A is an IOBUF_INPUT_TEMP, then make the new
filter an IOBUF_INPUT filter and set its buffer size to
IOBUF_BUFFER_SIZE.
(underflow): If A is an IOBUF_INPUT_TEMP, then just return EOF; don't
remove already read data.
(iobuf_seek): If A is an IOBUF_INPUT_TEMP, don't discard the buffered
data.
(iobuf_alloc): Allow USE == IOBUF_INPUT_TEMP.
(pop_filter): Allow USE == IOBUF_INPUT_TEMP.
(iobuf_peek): Allow USE == IOBUF_INPUT_TEMP.
(iobuf_writebyte): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_write): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_writestr): Fail if USE == IOBUF_INPUT_TEMP.
(iobuf_flush_temp): Fail if USE == IOBUF_INPUT_TEMP.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
Introduce a new iobuf type, IOBUF_INPUT_TEMP. Use this for the iobuf
created by iobuf_temp_with_content instead of IOBUF_INPUT. This was
necessary so that seeking and peeking correctly work on this type of
iobuf. In particular, seeking didn't work because we discarded the
buffered data and peeking didn't work because we discarded data which
was already read, which made seeking later impossible.
* common/iobuf.h (enum iobuf_use): Name the IOBUF_OUTPUT, etc. enum.
(struct iobuf_struct): Change the field use's type to it.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/t-iobuf.c (content_filter): If there is nothing to read,
don't forget to set *LEN to 0.
(main): Fix checks.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/status.h (STATUS_FAILURE): New.
* g10/cpr.c (write_status_failure): New.
* g10/gpg.c (main): Call write_status_failure for all commands which
print an error message here.
* g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't
set the pinentry mode.
--
This status line can be used similar to the error code returned by
commands send over the Assuan interface in gpgsm. We don't emit them
in gpgsm because there we already have that Assuan interface to return
proper error code. This change helps GPGME to return better error
codes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/iobuf.c (iobuf_read): Make control flow more obvious.
(iobuf_get_filelength): Likewise.
(iobuf_get_fd): Likewise.
(iobuf_seek): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (iobuf_alloc): Check that BUFSIZE is not 0.
(iobuf_readbyte): Check that A is an input filter. Check that the
amount of read data is at most the amount of buffered data.
(iobuf_read): Check that A is an input filter.
(iobuf_writebyte): Check that A is not an input filter.
(iobuf_writestr): Check that A is not an input filter.
(iobuf_flush_temp): Check that A is not an input filter.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (iobuf_push_filter2): If the head filter is a temp
filter, use IOBUF_BUFFER_SIZE for the new filter.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (iobuf_push_filter2): If the pipeline is an output or
temp pipeline, the new filter shouldn't assume ownership of the old
head's internal buffer: the data was written before the filter was
added.
* common/t-iobuf.c (double_filter): New function.
(main): Add test cases for the above bug.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (iobuf_temp_to_buffer): Flush each filter in the
pipeline and copy the data from the last (not the first) filter's
internal buffer.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (do_open): New function, which is a generalization of
iobuf_open, iobuf_Create, iobuf_openrw.
(iobuf_open): Call do_open.
(iobuf_create): Likewise.
(iobuf_openrw): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.h (iobuf_open_fd_or_name): Remove prototype. Replace
use with either iobuf_open or iobuf_fdopen_nc, as appropriate.
* common/iobuf.c (iobuf_open): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (iobuf_cancel): Don't abort freeing a pipeline if
freeing a filter fails. This needs to a memory leak. Instead, keep
freeing and return the error code of the first filter that fails.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (underflow): Take additional parameter
clear_pending_eof. If not set, don't clear a pending eof when
returning EOF. Update callers.
(iobuf_peek): Fill the internal buffer, if needed, to be able to
better satisfy any request.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (underflow): Don't require that the buffer be empty.
When called, fill any available space.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (iobuf_read_line): Be more careful with boundary
conditions.
* common/iobuf.h: Include <gpg-error.h>.
* common/t-iobuf.c: New file.
* common/Makefile.am (module_tests): Add t-iobuf.
(t_mbox_util_LDADD): New variable.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c (iobuf_temp_with_content): Set the filter type to
IOBUF_INPUT, not IOBUF_TEMP, which is only for output filters that
write into a dynamic buffer.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.h (struct iobuf_struct): Remove field desc.
* common/iobuf.c (iobuf_desc): New function. When a filter's
description is needed, use this instead of the filter's desc field.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.h (struct iobuf_struct): Clarify semantics of nofast.
Simplify use of nofast to implement just these semantics.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/iobuf.c: Move BLOCK_FILTER_INPUT,
BLOCK_FILTER_OUTPUT_BLOCK_FILTER_TEMP from here...
* common/iobuf.h: ... to here and rename to IOBUF_INPUT, IOBUF_OUTPUT
and IOBUF_TEMP, respectively. Where appropriate, use these macros
instead of a literal.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/status.h (INQUIRE_MAXLEN): New.
* g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN.
client when inquiring a passphrase over pinentry-loopback.
--
This is to inform a user about the maximum length of a passphrase. The
limit is the same that gpg-agent uses.
* common/iobuf.c (BLOCK_FILTER_INPUT): Define. Where appropriate, use
this instead of a literal.
(BLOCK_FILTER_OUTPUT): Likewise.
(BLOCK_FILTER_TEMP): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/openpgp-oid.c (oidtable): Change alias.
--
This is a cosmetic change so that common and expected common
algorithms line up nicely in a keylisting. For example:
pub ed25519/C68CE6D1ED0319C8 2015-08-06
uid [ultimate] Curve25519 Test 150806.1
sub cv25519/49238B9F0712C9BF 2015-08-06
sub rsa2048/8AEAF74014699D2C 2015-08-06
sub cv25519/8EC3776830B08736 2015-08-06
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.
--
When libgcrypt has Curve25519, GnuPG now supports Curve25519.
* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.
--
Change the function so that caller can select canonical name of curve
or name for printing. Suggested by wk.
* common/i18n.c (USE_MSGCACHE): New.
(msgcache) [!USE_MSGCACHE]: Do not define.
(i18n_localegettext): Repalce #if conditions by USE_MSGCACHE.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--
Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places. For now we need repalcement
macros, though.
* common/i18n.c (msg_cache_s, msg_cache_head_s): New.
(msgcache): New.
(i18n_localegettext): Implement locale dependent lookup.
--
This is the second and final part of the change to use the gpg
provided locale for Pinentry strings. It does not yet work on
Windows, though.
This commit should resolve
Debian-bug-id: 788983
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/session-env.c (stdenvnames): Add DBUS_SESSION_BUS_ADDRESS.
--
pinentry-gnome3 talks to the gcr prompter via dbus. Without this
environment variable, it can't find the correct session to talk to.
* agent/agent.h (LunderscorePROTO): New.
* common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
* common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
i18n_localegettext. Expand LunderscorePROTO.
* agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
again to keep the old translations.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
* common/i18n.c (i18n_localegettext): New stub.
* common/i18n.h: Expand the LunderscoreIMPL macro.
* agent/agent.h (L_): New.
(LunderscoreIMPL): New.
* agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
caller.
* agent/findkey.c (try_unprotect_cb): Add local var ctrl.
* agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
by xtrystrdup to avoid gcc warning. Unfortinately this changes the
string.
(agent_ask_new_passphrase): Cleanup the use of initial_errtext.
--
Static strings in gpg-agent need to be translated according to the
locale set by the caller. This is required so that a gpg-agent can be
started in one locale and a gpg can be run in another. If we don't do
this the static strings (prompt, buttons) are not or in the wrong
locale translated while dynamic strings (e.g. key description) uses
the locale of gpg.
This is only the first part of the change the actual local switching
still needs to be implemented.
Debian-bug-id: 788983
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.h: Rename JNLIB_LOG_* to GPGRT_LOG_*.
* common/mischelp.h: Rename JNLIB_GCC_* to GPGRT_GCC_*.
--
JNLIB has no more meaning. Thus we switch to a GPGRT_ prefix in
anticipation that some code may eventually be moved to libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/libjnlib-config.h: Remove.
* common/common-defs.h (getenv) [HAVE_GETENV]: New. From removed
header.
(getpid) [HAVE_W32CE_SYSTEM]: New. From removed header.
* common/argparse.c: Include util.h and common-defs.h. Replace
jnlib_ macro names for non-GNUPG builds by x* names.
* common/dotlock.c: Ditto.
* common/logging.c: Include util.h and common-defs.h. Replace jnlib_
symbol names by x* names.
* common/strlist.c: Ditto.
* common/utf8conv.c: Ditto.
* common/w32-reg.c: Ditto.
* common/mischelp.c: Ditto. Also remove _jnlib_free.
* common/stringhelp.c: Ditto.
(JNLIB_LOG_WITH_PREFIX): Do not depend on this macro.
* common/logging.h (JNLIB_LOG_WITH_PREFIX): Do not depend on this
macro.
--
This is part 1 of the patches to merge the jnlib files into common/.
It does not make much sense to keep jnlib/ files separate. They are
not often use elsewhere and maintaining the complex marcos stuff is
too troublesome for the future.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/dns-cert.h: Move to ../dirmngr/.
* common/dns-cert.c: Move to ../dirmngr/. Change args to return the
key as a buffer.
* common/t-dns-cert.c: Move to ../dirmngr/.
* common/pka.c, common/pka.h, common/t-pka.c: Remove.
* dirmngr/server.c (data_line_cookie_write): Factor code out to
data_line_write and make it a wrapper for that.
(data_line_write): New.
(cmd_dns_cert): New.
(register_commands): Register new command.
* g10/Makefile.am (LDADD): Remove DNSLIBS.
* g10/call-dirmngr.c (dns_cert_parm_s): New.
(dns_cert_data_cb, dns_cert_status_cb): New.
(gpg_dirmngr_dns_cert): New.
(gpg_dirmngr_get_pka): New.
* g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function.
* g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by
gpg_dirmngr_dns_cert.
(keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka.
* g10/mainproc.c: Include call-dirmngr.h.
(pka_uri_from_sig): Add CTX arg. Replace get_pka_info by
gpg_dirmngr_get_pka.
--
With this patch gpg does not do any network access itself but uses
dirmngr for that. Note that we need to keep linking to NETLIBS due to
the logging code and because we need TCP for our socket emulation
under Windows. Probably also required for Solaris etc.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/convert.c (hex2str): Set ERRNO. Return adjusted COUNT.
--
hex2str is only used at one place for in-place converting an hex
encoded passphrase. This change does not affect this use. The change
is however useful to use the function for in-place conversion of
arbitrary hex encoded strings.
Take care for in-place conversion of a hex string encoding binary data
you need to use it this way:
if (hex2str (string, string, strlen (string) + 1, &length)
oops ("probably out of memory but see ERRNO");
for (i=0; i < length; i++)
foo (string[i));
Note that strlen() + 1.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/Makefile.am (t_jnlib_src): Remove t-support.c.
--
Since test programs are linked to libgcrypt and libgpg-error, there
is no need to include t-support.c.
GnuPG-bug-id: 1862, 1915
* g10/options.h (KEYSERVER_HTTP_PROXY): New.
(KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove.
(KEYSERVER_TIMEOUT): New.
* common/keyserver.h (KEYSERVER_TIMEOUT): Remove.
* g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files"
and "keep-temp-files". Add "http-proxy" and "timeout".
(parse_keyserver_options): Remove 1.2 compatibility option
"honor-http_proxy". Remove "use-temp-files" and "keep-temp-files"
code.
--
Note that many of these options where implicitly used by passing any
unknown option down to the former keyserver helpers. The don't exist
anymore thus we need to make them explicit. Another patch will convey
them to dirmngr. Temp files are not anymore used thus they can be
removed and will be ignored when used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gettime.c (gnupg_gmtime): New.
(gnupg_get_isotime): Use it. Also take care of an gmtime_t returning
an error.
--
The fix in gnupg_get_isotime is only to cover up a theoretical broken
time (e.g. a value of (time_t)(-2) which is not mapped beyond 2038 on
32 bit systems).
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gettime.c (isotime_human_p): Add arg date_only.
(isodate_human_to_tm): New.
* common/t-gettime.c (test_isodate_human_to_tm): New.
(main): Call new test.
--
This function in intended as replacement for
strptime (foo, "%Y-%m-%d", &bar)
which is not available under Windows.
* common/gettime.h (parse_timestamp): New declaration.
* common/gettime.c (_win32_timegm): New function imported from
gpgme/src/conversion.c:_gpgme_timegm.
(parse_timestamp): New function imported from
gpgme/src/conversion.c:_gpgme_parse_timestamp.
--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
* common/stringhelp.h (strsplit): New declaration.
* common/stringhelp.c (strsplit): New function.
* common/t-stringhelp.c (test_strsplit): New function.
(main): Call it here.
--
Signed-off-by: Neal H. Walfield <neal@g10code.de>
* common/mbox-util.c (mem_count_chr): New.
(my_memstr): New.
(has_invalid_email_chars): Change args to work on a buffer.
(is_valid_mailbox_mem): New.
(is_valid_mailbox): Rewrite to use is_valid_mailbox_mem.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/http.c (send_request): Set the requested for SNI.
* dirmngr/ks-engine-hkp.c (map_host): Return the poolname and not
the selecting a host.
--
GnuPG-bug-id: 1792
Thanks to davidw for figuring out the problem.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/argparse.c (show_help): Take care of flag value
(usage): Ditto.
--
It is common that the long usage note starts with the short usage
note. The new flag feature allows to combine both.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_oid_to_str): Take care of
gcry_mpi_get_opaque returning NULL. Remove useless condition !BUF.
--
It is possible that an opaque MPI stores just a NULL pointer. Take
care of that before incrementing the pointer. We return an error in
this case because at least a length byte is required.
Found due to hint from stack 0.3:
bug: anti-simplify
model: |
%tobool15 = icmp ne i8* %incdec.ptr, null, !dbg !567
--> true
stack:
- /home/wk/s/gnupg/common/openpgp-oid.c:220:0
ncore: 1
core:
- /home/wk/s/gnupg/common/openpgp-oid.c:212:0
- pointer overflow
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/dns-cert.c (get_dns_cert): Make r_key optional.
* common/pka.c: Rewrite for the new hash based lookup.
* common/t-pka.c: New.
* configure.ac: Remove option --disable-dns-pka.
(USE_DNS_PKA): Remove ac_define.
* g10/getkey.c (parse_auto_key_locate): Always include PKA.
--
Note that although PKA is now always build, it will only work if
support for looking up via DNS has not been disabled.
The new PKA only works with the IPGP DNS certtype and shall be used
only to retrieve the fingerprint and optional the key for the first
time. Due to the security problems with DNSSEC the former assumption
to validate the key using DNSSEC is not anymore justified. Instead an
additional layer (e.g. Trust-On-First-Use) needs to be implemented to
track change to the key. Having a solid way of getting a key matching
a mail address is however a must have.
More work needs to go into a redefinition of the --verify-options
pka-lookups and pka-trust-increase. The auto-key-locate mechanism
should also be able to continue key fetching with another methods once
the fingerprint has been retrieved with PKA.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all
callers.
(CERTTYPE_): Move constants to ...
* common/dns-cert.h: here as DNS_CERTTYPE_.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mailbox.c: Move to ...
* common/mbox-util.c: new file.
* common/mbox-util.h: New. Include where needed.
* g10/t-mailbox.c: Move to ...
* common/t-mbox-util.c: new file.
--
This will make it easier to use the code by other modules in common/.
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a388 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (get_default_pinentry_name): New.
(gnupg_module_name): Use that for the default pinentry.
(gnupg_module_name_flush_some): New.
* agent/gpg-agent.c (agent_sighup_action): Flush some module names.
* agent/call-pinentry.c (start_pinentry): Do not modify
opt.pinentry_program.
--
The idea with this change is that under Windows we can install a
simple native Windows pinentry as "pinentry-basic" and a full GUI
version may then later install pinentry-gtk etc which would then
automatically be used.
Unfortunately installing another pinentry from a different package
would clobber the GnuPG core directory which is not nice. To fix that
we would need to agree on standard installation directories for GUIs
to also look there.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (w32_rootdir): Use Unicode fucntion not only for
WinCE.
--
This uses the same code We used for WindowsCE. It has not been tested
with a Unicode requiring installation directory.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (list_config): Replace print_sanitized_string2 by
es_write_sanitized.
* common/stringhelp.c (print_sanitized_buffer2): Remove.
(print_sanitized_buffer, print_sanitized_utf8_buffer): Remove.
(print_sanitized_utf8_buffer, print_sanitized_utf8_string): Remove.
(print_sanitized_string): Remove.
* sm/certdump.c (print_dn_part, print_dn_parts): Remove arg FP.
(pretty_print_sexp, gpgsm_print_name2, gpgsm_print_name): Remove.
--
Mixing stdio and estream is never a good idea. This fix also allows
us to remove a lot of garbage.
Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
GnuPG-bug-id: 1822
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/iobuf.c: (iobuf_open): initialize len
--
In iobuf_open, IOBUFCTRL_DESC and IOBUFCTRL_INIT commands are invoked
(via file_filter()) on fcx, passing in a pointer to an uninitialized
len.
With these two commands, file_filter doesn't actually do anything with
the value of len, so there's no actual risk of use of uninitialized
memory in the code as it stands.
However, some static analysis tools might flag this situation with a
warning, and initializing the value doesn't hurt anything, so i think
this trivial cleanup is warranted.
Debian-Bug-Id: 773469
* common/dotlock.c: (dotlock_create_unix) avoid double-close()
in unusual situations.
--
close(2) says:
close() should not be retried after an EINTR since this may
cause a reused descriptor from another thread to be closed.
Before this patch was applied, if close(fd) failed with EINTR, it
would be closed again in the write_failed: block.
It could also have been closed a second time in the case that
(use_hardlinks_p (h->tname)) evaluated to something other than 0 or 1.
This patch avoids both of those scenarios.
Note that close() could still be called twice on the same file
descriptor if the first close(fd) fails but errno is not EINTR. I'm
not sure the right thing to do in that scenario. An alternate
resolution could be to unequivocally set fd to -1 after the first
failed close(fd), avoiding the errno == EINTR test.
Debian-Bug-Id: 773423
* agent/command-ssh.c (setup_ssh_env): Move code to ...
* agent/gpg-agent.c (agent_copy_startup_env): .. new function. Change
calllers.
* agent/command.c (start_command_handler): Call that fucntion for
restricted connections.
--
A remote connection is and should not be able to setup the local
session environment. However, unless --keep-display is used we would
be left without an environment and thus pinentry can't be used. The
fix is the same as used for ssh-agent connection: We use the default
environment as used at the startup of the agent.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/util.h (GPG_ERR_OBJ_TERM_STATE): New.
* scd/iso7816.c (map_sw): Add this error code.
* scd/app-openpgp.c (do_getattr): Return the life cycle indicator.
* scd/app.c (select_application): Allow a return value of
GPG_ERR_OBJ_TERM_STATE.
* scd/scdaemon.c (set_debug): Print the DBG_READER value.
* g10/call-agent.c (start_agent): Print a status line for the
termination state.
(agent_scd_learn): Make arg "info" optional.
(agent_scd_apdu): New.
* g10/card-util.c (send_apdu): New.
(factory_reset): New.
(card_edit): Add command factory-reset.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/http.c (send_request): Print TLS alert info
(connect_server): Detect bogus DNS entry.
--
1. Prints the TLS alert description.
2. Detect case where the DNS returns an IP address but the server is
not reachable at this address. This may happen for a server which
is reachable only at IPv6 but but the local machine has no full
IPv6 configuration.
* agent/agent.h (opt): Add field extra_socket.
(server_control_s): Add field restricted.
* agent/command.c: Check restricted flag on many commands.
* agent/gpg-agent.c (oExtraSocket): New.
(opts): Add option --extra-socket.
(socket_name_extra): New.
(cleanup): Cleanup that socket name.
(main): Implement oExtraSocket.
(create_socket_name): Add arg homedir and change all callers.
(create_server_socket): Rename arg is_ssh to primary and change
callers.
(start_connection_thread): Take ctrl as arg.
(start_connection_thread_std): New.
(start_connection_thread_extra): New.
(handle_connections): Add arg listen_fd_extra and replace the
connection starting code by parameterized loop.
* common/asshelp.c (start_new_gpg_agent): Detect the use of the
restricted mode and don't fail on sending the pinentry environment.
* common/util.h (GPG_ERR_FORBIDDEN): New.
* common/openpgp-oid.c (openpgp_oid_to_str): Fix unsigned underflow.
* common/t-openpgp-oid.c (BADOID): New.
(test_openpgp_oid_to_str): Add test cases.
--
The code has an obvious error by not considering invalid encoding for
arc-2. A first byte of 0x80 can be used to make a value of less then
80 and we then subtract 80 from that value as required by the OID
encoding rules. Due to the unsigned integer this results in a pretty
long value which won't fit anymore into the allocated buffer.
The fix is obvious. Also added a few simple test cases. Note that we
keep on using sprintf instead of snprintf because managing the
remaining length of the buffer would probably be more error prone than
assuring that the buffer is large enough. Getting rid of sprintf
altogether by using direct conversion along with membuf_t like code
might be possible.
Reported-by: Hanno Böck
Signed-off-by: Werner Koch <wk@gnupg.org>
Ported from libksba commit f715b9e156dfa99ae829fc694e5a0abd23ef97d7
* common/argparse.c (initialize): Use correct value.
--
This avoids a dead path in the argparse code.
It's not clear that this is needed, however, since
ARGPARSE_AMBIGUOUS_COMMAND is never actually used in the code.
Another approach would be to trim out ARGPARSE_AMBIGUOUS_COMMAND
entirely.
* gl/: Remove entire tree.
* configure.ac: Remove gnulib tests and the gl/ Makefile.
(setenv): Add to AC_CHECK_FUNCS.
* autogen.rc (extra_aclocal_flags): Set to empty.
* Makefile.am (ACLOCAL_AMFLAGS): Remove -I gl/m4
(SUBDIRS): Remove gl/.
* agent/Makefile.am (common_libs): Remove ../gl/gnulib.a
* common/Makefile.am (t_common_ldadd): Ditto.
* dirmngr/Makefile.am (dirmngr_LDADD): Ditto.
(dirmngr_ldap_LDADD, dirmngr_client_LDADD): Ditto.
* g10/Makefile.am (needed_libs): Ditto.
* g13/Makefile.am (g13_LDADD): Ditto.
* kbx/Makefile.am (kbxutil_LDADD): Ditto.
($(PROGRAMS)): Ditto.
* scd/Makefile.am (scdaemon_LDADD): Ditto.
* sm/Makefile.am (common_libs): Ditto.
* tools/Makefile.am (common_libs, commonpth_libs): Ditto.
* agent/gpg-agent.c: Remove "mkdtemp.h"
* g10/exec.c: Ditto.
* scd/scdaemon.c: Ditto.
* tools/symcryptrun.c: Ditto.
* common/sysutils.c: Remove "setenv.h"
* common/t-timestuff.c: Use putenv if setenv is not available.
--
gnulib has always been a cause of trouble in GnuPG because we used
only a very few functions and the complex include machinery of gnulib
is quite complex and the cause for many build problems for example on
OS X. This is not gnulib's fault but due to our limited use of gnulib
and that we only rarely update the gnulib code to avoid regressions.
In part two we will address the functions
mkdtemp
setenv
unsetenv
strpbrk
which may bot be implemented on all platforms. They are not required
on a libc based system.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/http.c (write_server) [W32]: Rework to use send() instead of
write even when build with npth.
(cookie_read) [W32]: Rework to use recv() instead of read even when
build with npth.
* configure.ac <adns>: Use adns_free as probe function for libadns.
(HAVE_ADNS_FREE): Remove bogus tests to set this and remove the macro.
(ADNSLIBS): Do not ac_subst - it is only used within configure.
--
adns_free is required on Windows anyway (for robustness reasons) and
it has been around for so long now that we do not need a separate
test. An upstream adns 1.5 has meanwhile been release but I doubt that
this has the required Windows code - and it is not libtool based
anyway.
--
Also fixed some of my own copyright notices due to the termination of
my assignment. The one displayed by --version is kept at FSF because
we had contributors in 2014 with FSF assignments and it gives the FSF
some visibility.
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/argparse.h (ARGPARSE_INVALID_ARG): New.
* common/argparse.c: Include limits h and errno.h.
(initialize): Add error strings for new error constant.
(set_opt_arg): Add range checking.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (opt): Remove field use_standard_socket.
* agent/command.c (cmd_killagent): Always allow killing.
* agent/gpg-agent.c (main): Turn --{no,}use-standard-socket and
--write-env-file into dummy options. Always return true for
--use-standard-socket-p. Do not print the GPG_AGENT_INFO envvar
setting or set that envvar.
(create_socket_name): Simplify by removing non standard socket
support.
(check_for_running_agent): Ditto.
* common/asshelp.c (start_new_gpg_agent): Remove GPG_AGENT_INFO use.
* common/simple-pwquery.c (agent_open): Ditto.
* configure.ac (GPG_AGENT_INFO_NAME): Remove.
* g10/server.c (gpg_server): Do not print the AgentInfo comment.
* g13/server.c (g13_server): Ditto.
* sm/server.c (gpgsm_server): Ditto.
* tools/gpgconf.c (main): Simplify by removing non standard socket
support.
--
The indented fix to allow using a different socket than the one in the
gnupg home directory is to change Libassuan to check whether the
socket files exists as a regualr file with a special keyword to
redirect to another socket file name.
* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--
This is only the configure stuff. If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
* common/exechelp-posix.c: Remove weak pragmas.
* common/sexputil.c (make_canon_sexp_from_rsa_pk): Remove double
const.
--
We do not use Pth anymore and thus there is no more need for the weak
pragmas.
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--
In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.
* common/http.c (http_session_ref): Allow for NULL arg.
--
We always test for a an existing session and thus passing NULL as
session object should be allowed.
Reported-by: Jens Lechtenboerger
* common/openpgp-oid.c (struct oidtable): New.
(openpgp_curve_to_oid): Rewrite and allow OID as input.
(openpgp_oid_to_curve): Make use of the new table.
--
Due to the previous change we now usually store the OID with the
private key and not the name. Thus during import we do not anymore
need to map the name to an oid but can use the oid directly. We fix
that by extending openpgp_curve_to_oid to allow an oidstr as input.
* common/estream-printf.c, common/estream-printf.h: Change license.
* common/estream.c, common/estream.h: Ditto.
--
g10 Code is the sole copyright holder of Libestream and thus as CEO I
have the rights to to change the license. This copy here in GnuPG is
currently the most current one thus the change is recorded in this
repository. This change is also deemed valid for all older versions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/t-timestuff.c (test_timegm): Use timegm if available.
(main): Set TX to UTC if timegm is not available.
--
On OpenBSD 5.3 i386 that test failed due to the use of mktime.
Reported-by: Claus Assmann
* common/iobuf.c (direct_open): Add arg MODE700.
(iobuf_create): Ditto.
* g10/openfile.c (open_outfile): Add arg RESTRICTEDPERM. Change call
callers to pass 0 for it.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Here pass true for new
arg.
* g10/export.c (do_export): Pass true for new arg if SECRET is true.
--
GnuPG-bug-id: 1653.
Note that this works only if --output has been used.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.
* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--
The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte. With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte. Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".
The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
* common/http.c (http_open): Add arg httphost.
(http_open_document): Pass NULL for httphost.
(send_request): Add arg httphost. If given, use HTTPHOST instead of
SERVER. Use https with a proxy if requested.
(http_verify_server_credentials): Do not stop at the first error
message.
* dirmngr/ocsp.c (do_ocsp_request): Adjust call to http_open.
* keyserver/curl-shim.c (curl_easy_perform): Ditto.
* dirmngr/ks-engine-http.c (ks_http_fetch): Ditto.
* dirmngr/ks-engine-hkp.c (ks_hkp_help): Ditto.
* common/Makefile.am ($(PROGRAMS)): New rule
(t_http_LDADD): Use libcommontls.a without directory prefix.
* dirmngr/Makefile.am ($(PROGRAMS)): New rule.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey. Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp): Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.
* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
"NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.
* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
* common/http.c (http_session_t): Add field "refcount".
(_my_socket_new, _my_socket_ref, _my_socket_unref): Add debug code.
(send_request, my_npth_read, my_npth_write): Use SOCK object for the
transport ptr.
(http_session_release): Factor all code out to ...
(session_unref): here. Deref SOCK.
(http_session_new): Init refcount and transport ptr.
(http_session_ref): New. Ref and unref all assignments.
--
Having the reference counted session objects makes it easier for the
application to pass around only an estream. Without that the
application would need to implement an es_onclose machinery for the
session object.
* configure.ac (HAVE_NPTH): New ac_define.
* common/estream.c: Use USE_NPTH instead of HAVE_NPTH.
* common/http.c: Ditto. Replace remaining calls to pth by npth calls.
(connect_server): Remove useless _().
* common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c: Use HAVE_PTH to include npth.h.
* common/init.c (_init_common_subsystems): Remove call to pth_init.
* common/sysutils.c (gnupg_sleep): Use npth_sleep.
* scd/ccid-driver.c (my_sleep): Ditto.
--
USE_NPTH is used in case were we may build with and without nPth. The
missing definition HAVE_NPTH didn't allowed us to build outher sources
with nPTh support.
* src/estream.c (estream_internal): Add field SAMETHREAD.
(init_stream_lock, lock_stream, trylock_stream, unlock_stream): Use it.
(parse_mode): Add arg SAMETHREAD and parse that keyword.
(es_initialize): Rename to ...
(init_stream_obj): this. Add arg SAMETHREAD.
(es_create): Add arg SAMETHREAD. Call init_stream_lock after
init_stream_obj.
(doreadline): Call es_create with samethread flag.
(es_fopen, es_mopen, es_fopenmem, es_fopencookie, do_fdopen)
(do_fpopen, do_w32open): Implement "samethread" keyword.
(es_freopen): Take samthread flag from old stream.
(es_tmpfile): Call es)_create w/o samethread.
--
Note: Unfortunately es_tmpfile has no mode arg so that we can't use
samethread.
* agent/gpg-agent.c (main): Make sure homedir is absolute.
* common/asshelp.c (lock_spawning): Create lock file with an absolute
name.
(start_new_gpg_agent): Use an absolute name for the socket and pass
option --homedir to the agent.
(start_new_dirmngr): Use an absolute name for the --homedir.
--
This patch makes gpg's --homedir option behave again like in older
versions. This is done by starting a new agent for each different
home directory. Note that this assumes --use-standard-socket is used
which is the default for 2.1.
* common/estream.c (es_freopen): Remove useless check for STREAM.
* kbx/keybox-blob.c (_keybox_create_x509_blob): Remove useless check
for BLOB.
* tools/sockprox.c (run_proxy): Do not fclose(NULL).
--
Found by Hans-Christoph Steiner with cppcheck.
* common/mischelp.h (JNLIB_GCC_HAVE_PUSH_PRAGMA): New.
* dirmngr/dirmngr.c (handle_tick): Factor time check out to ...
(time_for_housekeeping_p): new.
--
I am not sure whether that y2038 hack is really useful but it might
make me smile in my retirement.
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg. Adjust all users. Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--
It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key. This is helpful if
the keyserver is actually a pool of keyservers. This patch does this.
* common/mischelp.h (JNLIB_GCC_A_PRINTF): Use __gnu_printf__
(JNLIB_GCC_A_NR_PRINTF): Ditto.
--
Our printf supports most of the GNU features and thus we can silence
the warnings from mingw.
* agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
(start_pinentry): Ditto.
* common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
* common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
prototypes on Windows and some other platforms.
* common/logging.c (fun_writer): Declare addrbuf only if needed.
* g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
* g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
mode.
* g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
by -1 as temporary hack for Windows.
* g10/export.c (do_export): Ditto.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
* g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
--
The gpg server mode is not actual working and thus we can avoid the
warnings by explicitly disabling the mode. We keep it working under
Unix, though.
* common/estream.c (ESTREAM_MUTEX_UNLOCK): Use int dummy dummy
functions.
(ESTREAM_MUTEX_INITIALIZE): Ditto.
--
GnuPG-bug-id: 1566
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 571bcd4662)
Reolved conflicts:
common/estream.c
Warning: estream.c still uses pth_mutex_* which is definitely wrong.
Needs to be investigated.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support. Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--
This patch enables support for Putty. It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file. It
also works with a smartcard key.
May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 9f32499f99)
Resolved conflicts:
NEWS
agent/agent.h
agent/gpg-agent.c: Convert from pth to npth.
common/sysutils.c
common/sysutils.h
* jnlib/argparse.h (ARGPARSE_OPT_IGNORE): New.
(ARGPARSE_TYPE_MASK): New, for internal use.
(ARGPARSE_ignore): New.
* jnlib/argparse.c (optfile_parse, arg_parse): Replace remaining
constants by macros.
(optfile_parse): Implement ARGPARSE_OPT_IGNORE.
(arg_parse): Exclide ignore options from --dump-options.
--
In addition to the ignore-invalid-option (commit 41d56433) it is often
useful to mark options in a configuration which as NOP. For example
options which have no more function at all but can be expected to be
found in existing conf files. Such an option (or command) may now be
given as
ARGPARSE_ignore (300, "obsolete-option")
The 300 is merely used as a non-valid single option name much like
group names or the 500+n values used for long options.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 54c54e2824)
Resolved conflicts:
common/argparse.c: Fixed.
* common/utf8conv.c: Remove dynload.h.
(load_libiconv): Remove. Remove all calls to it.
--
The iconv functions are standard feature on most systems and in any
case libiconv can be used to provide the functions. The old code used
to dlopen iconv.dll on Windows. This goes back to GnuPG-1 which was
designed as a one-binary program without any hard dependencies.
GnuPG2 however demands a lot of libraries anyway and thus there is no
more need for the fragile code to load a possible wrong version of
iconv.dll at runtime.
* g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
* g10/options.h (struct opt): Add field legacy_list_mode.
* g10/keydb.h (PUBKEY_STRING_SIZE): New.
* g10/keyid.c (pubkey_string): New.
* g10/import.c (import_one, import_secret_one): Use pubkey_string.
* g10/keylist.c (print_seckey_info): Ditto.
(print_pubkey_info, print_card_key_info): Ditto.
(list_keyblock_print): Ditto.
* g10/mainproc.c (list_node): Ditto.
* g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
* g10/keyedit.c (show_key_with_all_names): Ditto. Also change the
format.
(show_basic_key_info): Ditto.
* common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
(openpgp_oid_to_curve): Downcase "ed25519"
--
For ECC it seems to be better to show the name of the curve and not
just the size of the prime field. The curve name does not anymore fit
into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length
format does not work either. Thus the new format uses
"rsa2048" - RSA with 2048 bit
"elg1024" - Elgamal with 1024 bit
"ed25519" - ECC using the curve Ed25519.
"E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
unless --legacy-list-mode is given. In does not anymore line up
nicely in columns thus I expect further changes to this new format.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and
use enums for the arg and return value.
(map_cipher_gcry_to_openpgp): Ditto.
(openpgp_cipher_blocklen): Use constant macros.
(openpgp_cipher_test_algo): Use mapping function and prepare to
disable algorithms.
(openpgp_cipher_algo_name): Do not use Libgcrypt.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace
CGRY_CIPHER_* by CIPHER_ALGO_*.
* common/openpgpdefs.h (cipher_algo_t): Remove unused
CIPHER_ALGO_DUMMY.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Remove check for uint64 and UINT64_C.
* include/types.h: Remove u64 stuff.
* common/types.h: Ditto.
--
There have been relicts from GnuPG-1.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for
Ed25519. Add brainpool OIDs.
(openpgp_oid_to_curve): Ditto.
--
This change is required to the change in Libgcrypt. Note that we will
likely use a different OpenPGP algorithm ID for EdDSA and thus the
current Ed25519 implementation will not stay with us.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/membuf.c (put_membuf_printf): New.
--
This is just a convenience function for easier code readability.
Signed-off-by: Werner Koch <wk@gnupg.org>
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.
* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New. Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case. Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--
Be warned that this code is subject to further changes and that the
format will very likely change before a release. There are also known
bugs and missing code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.
* g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY. Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--
This is a more general fix for the nested compression packet bug. In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream. This patch also reduces the
number of error messages for the non-import case.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 35e40e2d51)
Resolved conflicts:
common/iobuf.c
g10/mainproc.c
* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
(check_portable_app) [W32]: New.
(standard_homedir, default_homedir) [W32]: Support the portable flag.
(w32_rootdir, w32_commondir) [W32]: Ditto.
(gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
* common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
* common/logging.c (no_registry): New variable.
(log_set_prefix, log_get_prefix): Set/get that variable.
(do_logv): Do not check the registry if that variable is set.
--
Beware: This code has not been tested because it is not yet possible
to build GnuPG 2.1 for Windows. However, the code will be the base
for an implementation in 2.0.
A portable use of GnuPG under Windows means that GnuPG uses a home
directory depending on the location of the actual binary. No registry
variables are considered. The portable mode is enabled if in the
installation directory of the the binary "gpgconf.exe" and a
file "gpgconf.ctl" are found. The latter file is empty or consists
only of empty or '#' comment lines.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/init.c (mem_cleanup_item_t): New.
(run_mem_cleanup): New.
(_init_common_subsystems): Add an atexit for it.
(register_mem_cleanup_func): New.
* g10/kbnode.c (cleanup_registered): New.
(release_unused_nodes): New.
(alloc_node): Call register_mem_cleanup_func.
--
It is often time consuming to figure out whether still allocated
memory at process termination is fine (e.g. a cache) or a problem. To
help for that register_mem_cleanup_func may now be used to cleanup
such memory. The run time of the program will be longer; if that
turns out to be a problem we can change the code to only run in
debugging mode.
* common/agent-opt.c: New.
* common/shareddefs.h: New.
* common/Makefile.am: Add new files.
* agent/agent.h: Include shareddefs.h.
(pinentry_mode_t): Factor out to shareddefs.h.
* agent/command.c (option_handler): Use parse_pinentry_mode.
* common/iobuf.c (iobuf_seek): Fix for temp streams.
* g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls.
* g10/keydb.c (dump_search_desc): New.
(enum_keyblock_states, struct keyblock_cache): New.
(keyblock_cache_clear): New.
(keydb_get_keyblock, keydb_search): Implement a keyblock cache.
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_rebuild_caches, keydb_search_reset): Clear the cache.
--
Gpg uses the key database at several places without a central
coordination. This leads to several scans of the keybox for the same
key. To improve that we now use a simple cache to store a retrieved
keyblock in certain cases. In theory this caching could also be done
for old keyrings, but it is a bit more work and questionable whether
it is needed; the keybox scheme is anyway much faster than keyrings.
Using a keybox with 20000 384 bit ECDSA/ECHD keypairs and a 252 byte
sample text we get these values for encrypt and decrypt operations on
an Core i5 4*3.33Ghz system. The option --trust-model=always is used.
Times are given in milliseconds wall time.
| | enc | dec | dec,q |
|-----------+-----+-----+-------|
| key 1 | 48 | 96 | 70 |
| key 10000 | 60 | 98 | 80 |
| key 20000 | 69 | 106 | 88 |
| 10 keys | 540 | 290 | 70 |
The 10 keys test uses a mix of keys, the first one is used for
decryption but all keys are looked up so that information about are
printed. The last column gives decryption results w/o information
printing (--quiet).
The keybox is always scanned sequentially without using any index. By
adding an index to the keybox it will be possible to further reduce
the time required for keys stored to the end of the file.
* common/logging.c (log_clock): New.
* g10/gpg.c (set_debug): Print clock debug flag.
* g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
--
To actually use log_clock you need to enable the code in
logginc.c:log_check() and link against librt. --debug 4096 may then
be used to enable it at runtime.
* common/argparse.c (iio_item_def_s, IIO_ITEM_DEF): New.
(initialize): Init field IIO_LIST.
(ignore_invalid_option_p): New.
(ignore_invalid_option_add): New.
(ignore_invalid_option_clear): New.
(optfile_parse): Implement meta option.
--
This option is currently of no use. However, as soon as it has been
deployed in all stable versions of GnuPG, it will allow the use of the
same configuration file with an old and a new version of GnuPG. For
example: If a new version implements the option "foobar", and a user
uses it in gpg.conf, an old version of gpg would bail out with the
error "invalid option". To avoid that the following line can be put
above that option in gpg.conf
ignore-invalid-option foobar
This meta option may be given several times or several option names
may be given as arguments (space delimited). Note that this option is
not available on the command line.
* common/utf8conv.c [HAVE_ANDROID_SYSTEM]: Do not include iconv.h.
(iconv_open, iconv_close, load_libiconv) [HAVE_ANDROID_SYSTEM]: New
dummy functions.
(set_native_charset) [HAVE_ANDROID_SYSTEM]: Force use of "utf-8".
(jnlib_iconv_open) [HAVE_ANDROID_SYSTEM]: Act the same as under W32.
(jnlib_iconv) [HAVE_ANDROID_SYSTEM]: Ditto.
(jnlib_iconv_close) [HAVE_ANDROID_SYSTEM]: Ditto.
--
Co-authored-by: Hans of Guardian <hans@guardianproject.info>
* agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
(struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
(ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
(ssh_signature_encoder_t): Add arg spec and adjust all callers.
(ssh_signature_encoder_ecdsa): New.
(sexp_key_construct, sexp_key_extract, ssh_receive_key)
(ssh_convert_key_to_blob): Support ecdsa.
(ssh_identifier_from_curve_name): New.
(ssh_send_key_public): Retrieve and pass the curve_name.
(key_secret_to_public): Ditto.
(data_sign): Add arg SPEC and change callers to pass it.
(ssh_handler_sign_request): Get the hash algo from SPEC.
* common/ssh-utils.c (get_fingerprint): Support ecdsa.
* agent/protect.c (protect_info): Add flag ECC_HACK.
(agent_protect): Allow the use of the "curve" parameter.
* agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.
* agent/command-ssh.c (ssh_key_grip): Print a better error code.
--
The 3 standard curves are now supported in gpg-agent's ssh-agent
protocol implementation. I tested this with all 3 curves and keys
generated by OpenSSH 5.9p1.
Using existing non-ssh generated keys will likely fail for now. To fix
this, the code should first undergo some more cleanup; then the fixes
are pretty straightforward. And yes, the data structures are way too
complicated.
* configure.ac (HAVE_BROKEN_TTYNAME): New ac_define set for Android
systems.
* common/util.h (gnupg_ttyname): New macro. Change all callers of
ttyname to use this macro instead.
(ttyname) [W32]: Rename to _gnupg_ttyname and use also if
HAVE_BROKEN_TTYNAME is defined.
* common/simple-pwquery.c (agent_send_all_options): Keep on using
ttyname unless HAVE_BROKEN_TTYNAME is set. This is because this file
may be used standalone.
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
* g10/keygen.c (keygen_set_std_prefs): Include IDEA only in PGP2
compatibility mode.
* g10/misc.c (idea_cipher_warn): Remove. Also remove all callers.
* common/status.h (STATUS_RSA_OR_IDEA): Remove. Do not emit this
status anymore.
--
To keep the number of actually used algorithms low, we want to support
IDEA only in a basically read-only way (unless --pgp2 is used during
key generation). It does not make sense to suggest the use of this
old 64 bit blocksize algorithm. However, there is old data available
where it might be helpful to have IDEA available.
* common/Makefile.am (CLEANFILES): Rename to MAINTAINERCLEANFILES.
--
In general this is not required because automake does this for files
in BUILT_SOURCES anyway. However, having them in CLEANFILES is wrong.
This is bug#1398.
GnuPG requires that options are given before other arguments. This
can sometimes be confusing. We now print a warning if we found an
argument looking alike a long option without being preceded by the
stop option. This is bug#1343.
* common/argparse.h (ARGPARSE_FLAG_STOP_SEEN): New.
* common/argparse.c (arg_parse): Set new flag.
* g10/gpg.c (main): Print the warning.
* agent/gpg-agent.c (main): Ditto.
* dirmngr/dirmngr.c (main): Ditto.
* g13/g13.c (main): Ditto.
* scd/scdaemon.c (main): Ditto.
* sm/gpgsm.c (main): Ditto.
* tools/gpg-connect-agent.c (main): Ditto.
* tools/gpgconf.c (main): Ditto.
For the shared code parts it is cumbersome to pass an error sourse
variable to each function. Its value is always a constant for a given
binary and thus a global variable makes things a lot easier than the
former macro stuff.
* common/init.c (default_errsource): New global var.
(init_common_subsystems): Rename to _init_common_subsystems. Set
DEFAULT_ERRSOURCE.
* common/init.h: Assert value of GPG_ERR_SOURCE_DEFAULT.
(init_common_subsystems): New macro.
* common/util.h (default_errsource): Add declaration.
* kbx/keybox-defs.h: Add some GPG_ERR_SOURCE_DEFAULT trickery.
* common/estream-printf.c (_ESTREAM_PRINTF_MALLOC): Remove.
(_ESTREAM_PRINTF_FREE): Remove.
(_ESTREAM_PRINTF_REALLOC): New.
(fixed_realloc) [!_ESTREAM_PRINTF_REALLOC]): New.
(estream_vasprintf): Use my_printf_realloc instead of my_printf_malloc
and my_printf_free.
(dynamic_buffer_out): Use my_printf_realloc instead of realloc.
--
This bug will never happen in current GnuPG/Libgcrypt because we use
the standard memory allocation functions via Libgcrypt. However, when
used in other environments it would mess up the heap for an asprintf
with an output length larger than ~512 bytes.
This change might help to c+p a fingerprint from an HTML page without
being enclosed in a "pre" tag.
* common/userids.c (classify_user_id): Skip a second blank in the
middle of a fingerprint.
* common/dotlock.c (use_hardlinks_p, dotlock_take_unix): Check return
value of link().
* g13/g13.c: Make sure err is initialized.
* scd/scdaemon.c (main) [!USE_GCRY_THREAD_CBS]: Do not define ERR.
* scd/scdaemon.c (oDebugAssuanLogCats): New.
(opts): Add option --debug-assuan-log-cats.
(main): Implement option.
* common/asshelp.c (set_libassuan_log_cats): New.
--
The old way of setting the logging categories with an environment
variable is awkward if sdaemon is spawned from a running gpg-agent.
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
* common/dns-cert.c: Remove iobuf.h.
(get_dns_cert): Rename to _get_dns_cert. Remove MAX_SIZE arg. Change
iobuf arg to a estream-t. Rewrite function to make use of estream
instead of iobuf. Require all parameters. Return an gpg_error_t
error instead of the type. Add arg ERRSOURCE.
* common/dns-cert.h (get_dns_cert): New macro to pass the error source
to _gpg_dns_cert.
* common/t-dns-cert.c (main): Adjust for changes in get_dns_cert.
* g10/keyserver.c (keyserver_import_cert): Ditto.
* doc/gpg.texi (GPG Configuration Options): Remove max-cert-size.
- It is now more portable and may be used outside of GnuPG
- vfat file systems are now supported.
- The use of link(2) is more robust.
- Wrote extensive documentation.
Since 2009-12-08 gpg was not able to find email addresses indicated
by a leading '<'. This happened when I merged the user id
classification code of gpgsm and gpg.
To better cope with round robin pooled A records like keys.gnupg.net
we need to keep some information on unresponsive hosts etc. What we
do now is to resolve the hostnames, remember them and select a random
one. If a host is dead it will be marked and a different one
selected. This is intended to solve the problem of long timeouts due
to unresponsive hosts.
The code is not yet finished but selection works.
The basic network code from http.c is used for finger. This keeps the
network related code at one place and we are able to use the somewhat
matured code form http.c. Unfortunately I had to enhance the http
code for more robustness and probably introduced new bugs.
Test this code using
gpg --fetch-key finger:wk@g10code.com
(I might be the last user of finger ;-)
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
DECRYPTION_INFO <mdc_method> <sym_algo>
Print information about the symmetric encryption algorithm and
the MDC method. This will be emitted even if the decryption
fails.
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week. Adjusted my own ChangeLog
entries to be consistent with that entry.
Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future. "git diff -b" is useful
to read the actual changes ;-).
The ECC-INTEGRATION-2-1 branch can be closed now.
Import and export of secret keys does now work. Encryption has been
fixed to be compatible with the sample messages.
This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
Changed order of some conditional to make to put the special case into
the true branch. Indentation changes. Minor other changes to make the
ECC code more similar to the rest of our code.
It builds but many sefltests still fail. Need to fix that before
using it with an ECDH enabled libgcrypt.
[/]
2011-01-21 Werner Koch <wk@g10code.com>
* configure.ac: Need Libgcrypt 1.4.6 due to AESWRAP.
(HAVE_GCRY_PK_ECDH): Add new test.
[agent/]
2011-01-21 Werner Koch <wk@g10code.com>
* cvt-openpgp.c (GCRY_PK_ECDH) [!HAVE_GCRY_PK_ECDH]: New.
[include/]
2011-01-21 Werner Koch <wk@g10code.com>
* cipher.h (GCRY_PK_USAGE_CERT): Remove compatibility macros
because we now require libgcrypt 1.4.6.
(GCRY_PK_ECDH): Add replacement.
The following works:
gpg2 --gen-key (ECC)
gpg2 --list-keys
gpg2 --list-packets ~/.gnupg/pubring.gpg
gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>
ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
2010-04-20 Marcus Brinkmann <marcus@g10code.de>
* logging.c (do_log_ignore_arg): New helper function.
(log_string): Use it to remove ugly volatile hack that causes gcc
warning.
(log_flush): Likewise.
* sysutils.c (gnupg_unsetenv) [!HAVE_W32CE_SYSTEM]: Return something.
(gnupg_setenv) [!HAVE_W32CE_SYSTEM]: Likewise.
* pka.c (get_pka_info): Solve strict aliasing rule violation.
* t-exechelp.c (test_close_all_fds): Use dummy variables to
silence gcc warning.
kbx/
2010-04-20 Marcus Brinkmann <marcus@g10code.de>
* keybox-update.c [!HAVE_DOSISH_SYSTEM]: Include
../common/sysutils.h even then to silence gcc warning about
missing declaration of gnupg_remove.
tools/
2010-04-20 Marcus Brinkmann <marcus@g10code.de>
* gpgconf-comp.c (option_check_validity): Use dummy variables to
silence gcc warning.