* g10/getkey.c (getkey_end): Disable caching of the open keydb
handle.
--
This created a big regression for Windows because the keyring
is only released after the global ctrl is released. So if an operation
does a getkey and then tries to modify the keyring it will fail on
Windows with a sharing violation. We need to modify all
keyring write operations to also take the ctrl and close the
cached_getkey_kdb handle to make writing work. See:
https://dev.gnupg.org/T3097
GnuPG-Bug-Id: T3097
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* dirmngr/dns-stuff.c: Include sys/stat.h.
(RESOLV_CONF_NAME): New macro to replace a string.
(resolv_conf_changed_p): New.
(libdns_init): Call new function
(libdns_res_open): Ditto.
--
Don't panic. This is a simple change
Suggested-by: Stefan Bühler <stbuehler@web.de>
to avoid complicated if-up.d hooks to reload resolv.conf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/agent.h (opt): New field 'ssh_fingerprint_digest'.
* agent/command-ssh.c (data_sign, ssh_identity_register): Honor the
option for strings used to communicate with the user.
* agent/findkey.c (agent_modify_description): Likewise.
* agent/gpg-agent.c (cmd_and_opt_values): New value.
(opts): New option '--ssh-fingerprint-digest'.
(parse_rereadable_options): Set the default to MD5 for now.
(main): Handle the new option.
* doc/gpg-agent.texi: Document the new option.
--
OpenSSH has transitioned from using MD5 to compute key fingerprints to
SHA256. This patch makes the digest used when communicating key
fingerprints to the user (e.g. in pinentry dialogs) configurable.
For now this patch conservatively defaults to MD5.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/command-ssh.c (add_control_entry): Hand in the key, write both
the MD5- and the SHA256-based fingerprint to the 'sshcontrol' file
when adding ssh keys.
(ssh_identity_register): Adapt callsite.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
* common/ssh-utils.c (dummy_realloc): New function.
(dummy_free): Likewise.
(get_fingerprint): Prepend the fingerprint with the name of the digest
algorithm. Correctly render SHA256-based ssh fingerprints.
* common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
(main): Add an option to dump the keys to gather fingerprints, also
print the SHA256 fingerprint for keys given as arguments, and check
the SHA256 fingerprints of the test keys.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/call-agent.c (warn_version_mismatch): Revert.
(start_agent): Suppress version mismatch if relevant.
* g10/getkey.c (get_seckey_default_or_card): New.
* g10/skclist.c (build_sk_list): Use get_seckey_default_or_card.
--
The change of 97a2394, which prefers available card than default key
specified is too strong.
Fixes-commit: 97a2394ecafaa6f58e4a1f70ecfd04408dc15606
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Replace mentions of bugs.gnupg.org with https://dev.gnupg.org/. Since
the project has transitioned to a better workflow for supporting
contributions, we should ensure that our documentation points to the
right place.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* tests/openpgp/defs.scm (start-agent,stop-agent): Use gpg-conf which
will properly use the '--build-prefix' argument to make gpgconf use
tools from the build directory.
GnuPG-bug-id: 3165
Fixes-commit: 2c9d9ac55ea455a5ec26428989dced0311ed46cc
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/gpgme/gpgme-defs.scm: Use the scdaemon from the build tree
when writing a 'gpg-agent.conf'.
* tests/gpgsm/gpgsm-defs.scm: Likewise.
* tests/openpgp/defs.scm: Likewise.
--
As of 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 gpg may query the
scdaemon for a signing key to use. To make sure that the agent calls
the right scdaemon, we provide the path explicitly in the
'gpg-agent.conf' that is used in the tests, similar to what we do for
the agent itself and the pinentry.
GnuPG-bug-id: 3165
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/tofu.c (ask_about_binding): Remove useless translation markers.
--
Translation and in particular punctuation marks can only be translated
with context. Thus making a sole comma translatable is useless.
Signed-off-by: Werner Koch <wk@gnupg.org>
Summary:
* dirmngr/ldap-wrapper-ce.c (outstream_cookie_s): Add buffer_read_pos.
(buffer_get_data): Use seperate read pos.
--
Using a single buffer pos for reading and writing caused the read
to return 0 as it read from the end of the buffer. Now we use
a seperate reader position.
Differential: D427
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* common/stringhelp.c (format_text): Return NULL on error.
* common/t-stringhelp.c (test_format_text): Adjust for change.
* g10/gpgcompose.c (show_help): Abort on out of core.
* g10/tofu.c (ask_about_binding): Abort on format_text error.
(show_statistics): Ditto.
(show_warning): Ditto.
--
For better re-usability function in common/ shot better not use
xmalloc functions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tests/openpgp/all-tests.scm: Run each test twice, once with public
keys stored in a keybox, once with a keyring.
* tests/openpgp/defs.scm (create-gpghome): Create a public keyring to
make GnuPG use that instead of creating a keybox if '--use-keyring' is
given.
* tests/openpgp/setup.scm: Fix flag handling and usage.
--
This parametrizes the OpenPGP tests. With this change, the test suite
is able to detect problems with the keyring store, e.g. like the one
fixed in 22739433e98be80e46fe7d01d52a9627c1aebaae.
GnuPG-bug-id: 3080
Signed-off-by: Justus Winter <justus@g10code.com>
* Makefile.am (TESTS_ENVIRONMENT): New variable.
(check-all): New phony target to run all tests.
* tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
whether the GPGME test suite is available instead of exiting the
process.
* tests/gpgscm/init.scm (export): New macro.
* tests/gpgscm/tests.scm (run-tests): New function.
(load-tests): Likewise.
* tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
of tests to 'all-tests.scm'.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.
* tests/gpgme/Makefile.am: To select the tests to run, use the
variable 'TESTS'. This harmonizes the interface with the automake
test suite.
* tests/gpgsm/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.
* tests/openpgp/README: Likewise.
* agent/all-tests.scm: New file.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
* tests/gpgme/all-tests.scm: Likewise.
* tests/gpgsm/all-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/run-tests.scm: Likewise.
--
This change allows us to run all tests in parallel and write one XML
report capturing the results of every test. It also lays the
foundation to parametrize test suites.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/t-stutter.c (do_test): Refer current_test_group_failed.
--
Since this test does not follow the framework of TEST/TEST_P/ABORT,
the variable is not used.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
instead of counting ourself.
* g10/packet.h (struct parse_packet_ctx_s): New field
'n_parsed_packets'.
(init_parse_packet): Initialize new field.
* g10/parse-packet.c (parse): Count packets.
--
The 'keyring' keystore depends on the number of packets for delete and
update operations. With the rework of the ring trust packets, the
trust packets were no longer properly accounted for leading to keyring
corruptions.
The 'keybox' store was not affected.
GnuPG-bug-id: 3123
GnuPG-bug-id: 3135
GnuPG-bug-id: 3144
Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/gpgscm/tests.scm (test-pool): Rework reporting. Filter using
the computed test status instead of the return value. Also print the
new categories 'failed expectedly' and 'passed unexpectedly'.
(test): If a test ends with a bang (!), it is expected to fail. Adapt
status, status-string, and xml accordingly.
--
Allow tests to be marked as being expected to fail by appending a bang
(!) to the tests name. If such a test fails, it will not be counted
as failure, but will still be prominently displayed in the report. If
it succeeds unexpectedly, this is counted as a failure.
Fixes T3134.
GnuPG-bug-id: 3134
Signed-off-by: Justus Winter <justus@g10code.com>
* build-aux/speedo/w32/inst.nsi (AddToPath): Move account
check here.
(PrintNonAdminWarning): Remove is_user_install variable.
--
The PrintNonAdminWarning is not called in silent mode so the
variable was never set.
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* tests/gpgscm/scheme-private.h (struct scheme): New field
'frame_freelist'.
* tests/gpgscm/scheme.c (enum scheme_types): New type 'T_FRAME'.
(type_to_string): Handle new type.
(settype): New macro.
(gc_disable): Make sure there is at least one frame in the free list.
(mark): Handle frame objects.
(finalize_cell): Likewise.
(dump_stack_initialize): Initialize free list.
(dump_stack_free): Simplify.
(frame_length): New variable.
(dump_stack_make_frame): New function.
(frame_slots): Likewise.
(frame_payload): New macro.
(dump_stack_allocate_frame): New function.
(dump_stack_deallocate_frame): Likewise.
(dump_stack_preallocate_frame): Likewise.
(_s_return): Unpack frame object and deallocate it.
(s_save): Wrap state in an frame object.
(dump_stack_mark): Mark the free list.
--
TinySCHEME being a SECD-machine needs to push frames onto the dump
stack. Previously, the dump stack was a list. This required four
cells for the spine, as well as up to one additional cell to encode
the current opcode. This was quite inefficient despite the fact that
we recovered the spine as well as the integer cell.
We introduce frame objects, which are a special variant of vectors of
length four. Since the length is fixed, this frees up the length
field of the vector object to store the unboxed opcode. A frame
object now fits in two cells.
Saving two or three cells is a mere byproduct, the performance gain
comes from increased locality, unboxed opcode representation, and the
ability to easily put the objects in a free list, keeping the garbage
collector out of the continuous motion of the virtual machine.
Signed-off-by: Justus Winter <justus@g10code.com>
* tests/gpgscm/scheme-private.h (struct scheme): Remove field 'op'.
* tests/gpgscm/scheme.c (opexe_0): Inline into 'Eval_Cycle'.
(_Error_1): Return the opcode to evaluate next.
(Error_1): Do not return, but set the opcode and goto dispatch.
(Error_0): Likewise.
(s_goto): Likewise.
(s_return): Likewise.
(s_return_enable_gc): Likewise.
(s_thread_to): Remove superfluous cast.
(_s_return): Return the opcode to evaluate next.
(scheme_init_custom_alloc): Adapt to removal of field 'op'.
Signed-off-by: Justus Winter <justus@g10code.com>
* build-aux/speedo/w32/g4wihelp.c (ENV_HK_USER, ENV_REG_USER):
New defines.
(path_add): Handle is_user_install variable. Don't abort
if Path reg key does not exist. Fix crash if Path reg key
does not contain a semicolon.
(path_remove): Handle is_user_install variable. Fix crash
if Path reg key does not exist.
* build-aux/speedo/w32/inst.nsi: Remove obsolete HAVE_STARTMENU
this was double guarded with WITH_GUI. Add Multiuser plugin and
defines for this. Use SHCTX instead of HKLM / HKCU.
(PrintNonAdminWarning): Only Warn and don't abort.
--
The default is still to install as Adminstrator system wide
but the user now has the option to explicitly install GnuPG without
Administrator rights. A warning will be shown in that case but
a user may continue.
A per user install is by default under %LOCALAPPDATA%\GnuPG
Related Task: T2971
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
* build-aux/speed/w32/inst.nsi: stop installing skeleton files.
* doc/gpg.texi: stop documenting skeleton files.
* g10/Makefile.am: stop installing skeleton files.
* g10/openfile.c (copy_options_file): Remove.
(try_make_homedir): do not call copy_options_file.
--
The defaults for gpg and dirmngr are good. Both programs should work
fine for the simple case without any config file. The skeleton config
files were being copied at first use (when the defaults are fine).
But when the user needs to fiddle with them (after they've become
sophisticated users), they're likely out of date because gpg has been
upgraded since then. So they're used for documentation, but they're
stale documentation, which is probably worse than a clean empty file.
GnuPG-bug-id: 3086
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/skclist.c (build_sk_list): Ask gpg-agent if card is available.
Then, use the card key if any.
--
GnuPG-bug-id: 1983
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>