* common/exectool.c (my_error_from_errno): Remove.
(copy_buffer_do_copy): Do without var RC.
(copy_buffer_flush): Ditto. Use ERRNO instead of es_write return
code.
(gnupg_exec_tool): Correctly return errors from es_read.
--
Fixes-commit: 55c9212a23
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): If the parameter for --faked-system-time
ends with a '!', freeze time at the specified point.
* common/gettime.c (gnupg_set_time): Allow to freeze the time
at an arbitrary time instead of only the current time.
* doc/gpg.texi: Update documentation for --faked-system-time.
--
This patch allows the user to modify the behavior of the
--faked-system-time option: by appending a '!' to the parameter,
time in GnuPG will be frozen at the specified time, instead of
advancing normally from that time onward.
Signed-off-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
* common/exectool.c (my_error_from_errno): New.
(copy_buffer_do_copy): Use separate vars for errno values and
gpg-error values for clarity. s/assert/log_assert/.
(copy_buffer_flush): Ditto.
(gnupg_exec_tool_stream): Use gpg_err_code when testing.
--
NB: It is surprising that es_write seems not to set ERRNO but only
returns the ERRNO value. Need to check whether this is really the
case.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exectool.c (copy_buffer_flush): Write and flush the data, but
do not hide EAGAIN from the caller.
(gnupg_exec_tool_stream): Retry on EAGAIN.
GnuPG-bug-id: 2425
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/gpg-agent.c (agent_libgcrypt_progress_cb): Reduce sleep time
from 100ms to 1ms or use gpgrt_yield when build against a recent
libgpg-error.
--
Debian-bug-id: 851298
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (app_get_serial_and_stamp): Remove.
(app_get_serialno): New.
(app_write_learn_status): Use send_status_direct.
(app_getattr): Use app_get_serialno for SERIALNO and
send with send_status_direct.
* scd/app-openpgp.c (do_getattr): Likewise.
* scd/command.c (cmd_serialno): Don't send TIMESTAMP of 0.
(cmd_learn): Likewise. Don't inquire with TIMESTAMP of 0.
--
In the SERIALNO protocol, timestamp used to be considered, but had never
used at all. In the new implementation, removed card/token is always
detected and connection becomes invalid, no timestamp is required any
more. Examined scute and poldi as well for this protocol change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keylist.c (show_policy_url): Implement MODE -1.
(show_keyserver_url): Ditto.
(show_notation): Ditto.
* g10/keyedit.c (print_one_sig): Print policy URL, keyserver URL and
notation data to the tty.
--
With this change the listing of signatures in the key edit menu does
now include policy URLs et al in order and not possible after leaving
the menu (it used to go to stdout and not the tty).
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/ttyio.c (tty_print_string): Rename to ...
(do_print_string): this. Make local. Simplify FP case by using
print_utf8_buffer. Change caller.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/trust.c (mark_usable_uid_certs): Allow use of secret key packets.
(clean_sigs_from_uid): Ditto.
(clean_uid_from_key): Ditto.
(clean_one_uid): Ditto.
(clean_key): Ditto.
--
Since 2.1 secret keys and public keys use identical data structure and
thus we should not restrict those key cleaning functions to work only
with public key packets. This change has no immediate effect but may
come handy in the future.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_dns_name): Move up in the file.
(resolve_addr_libdns): New.
(resolve_dns_addr): Divert to resolve_dns_addr.
--
In the old code reverse lookups where disabled in Tor mode. By
implementing the reverse lookups via libdns it is now possible to do
them also in Tor mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (resolve_name_libdns): USe flags AI_NUMERICHOST
for literal IP addresses.
(resolve_name_standard): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (is_ip_address): Make the return value depend on
the address family.
* dirmngr/ks-engine-hkp.c (map_host): Rename arg R_POOLNAME to
R_HTTPHOST because that is its purpose. Note that the former
behaviour of storing a NULL to indicate that it is not a pool has not
been used.
(make_host_part): Ditto.
(make_host_part): Make sure that literal v6 addresses are correclty
marked in the constructed URL.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/app.c (select_application): Add SERIALNO_BIN and SERIALNO_BIN_LEN
arguments. Return matched APP with a serial number when specified.
* scd/command.c (open_card): Modify for the implicit open only.
(open_card_with_request): New for explicit open and support match with a
serial number.
(cmd_serialno): Support --demand option.
(cmd_learn, cmd_readcert, cmd_readkey, cmd_pksign, cmd_pkauth)
(cmd_pkdecrypt, cmd_getattr, cmd_setattr, cmd_writecert, cmd_writekey)
(cmd_genkey, cmd_random, cmd_passwd, cmd_checkpin, cmd_apdu): Follow
the change of open_card.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keygen.c (keygen_set_std_prefs): Rename variable.
--
I consider it better not to use the name of a commonly used function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (AC_CHECK_HEADERS): Add stdint.h.
* common/t-gettime.c: Include stdint.h.
(UINTMAX_C): Define replacement.
(test_isotime2epoch): Use UINTMAX_C for the >32 bit constants.
--
This is for example the case on 32 bit OpenBSD.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns.c (EPROTO) ![EPROTO]: Define to EPROTONOSUPPORT.
--
This is the same replacement we use in Libassuan
(commit 8ab3b9273524bd344bdb90dd5d3bc8e5f53ead6e) to make it work on
OpenBSD and may other BSD based OSes.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (use_socks): New.
(my_sock_new_for_addr): New.
(connect_server): Replace assuan_sock_new by my_sock_new_for_addr.
--
Libassuan always uses 127.0.0.1 to connect to the local Tor proxy.
https.c used to create a socket for the actual address family and thus
the connect call in Libassuan fails when it tries to connect to a v6
address using a v4 socket.
It would be cleaner to have the my_sock_new_for_addr function as a
public interface in Libassuan; for now we need to duplicate some code.
from Libassuan.
GnuPG-bug-id: 2902
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.c (opt_verbose, opt_debug): New vars.
(http_set_verbose): New function.
(_my_socket_new): Add debug output.
(_my_socket_ref, _my_socket_unref, session_unref): Call log_debug if
OPT_DEBUG has ben set to 2 in a debugger.
(http_session_new, http_session_ref): Ditto.
(send_request, http_start_data): Print debug output for the request.
(parse_response): Change to use log_debug_string for the response.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/logging.c (do_logv): Factor some code out to ...
(print_prefix): new.
(log_logv): Add arg EXTRASTRING and print it. Change all callers to
pass NULL for it.
(log_debug_with_string): New. Uses EXTRASTRING.
--
This function can be used to print a human readable buffer in addition
to a log message to the log stream. This function will keep all lines
together and prefix them with ">> ".
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/argparse.c (find_long_option): Avoid unnecessary ambiguity.
--
If two struct ARGPARSE_OPTS share a prefix in their long_opt name, but
have the exact same short_opt and flags, they are aliases and not
distinct options. Avoid reporting this as an ambiguity, so that (for
example) both --clearsign and --clear-sign can be invoked as --clear.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Debian-Bug-Id: 850475
* doc/examples/systemd-user/*.service: Add ExecReload directives to
indicate the canonical way to reload the services.
GnuPG recommends reloading the agent and dirmngr with "gpgconf
--reload". if anyone is running them as systemd user services, they
might ask them to reload in the systemd way, so teach systemd the
right thing to do.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* tests/openpgp/Makefile.am (XTESTS): Add new test.
* tests/openpgp/defs.scm (percent-encode): New function.
(gpg-conf): Generalize so that we can feed stdin.
(gpg-config): New function.
* tests/openpgp/gpgconf.scm: New file.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/logging.c (_log_assert): Fix the variant for compilers that
do not support __FUNCTION__.
* common/logging.h (_log_assert): Likewise.
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/ks-engine-hkp.c (map_host): Chnage arg NO_SRV to SRVTAG.
(make_host_part): Rewrite.
--
This fixes a regression from 2.0 and 1.4 where these tags have been in
used since 2009. For whatever reason this was not ported to 2.1 and
"hkp" was always used.
GnuPG-bug-id: 2451
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/http.h (parsed_uri_s): Add field EXPLICIT_PORT.
* dirmngr/http.c (do_parse_uri): That it.
* dirmngr/ks-engine-hkp.c (map_host): Add arg NO_SRV.
(make_host_part): Ditto.
(ks_hkp_resolve): Set NO_SRV from EXPLICIT_PORT.
(ks_hkp_search): Ditto.
(ks_hkp_get): Ditto.
(ks_hkp_put): Ditto.
--
This implements the behaviour of the keyserver helpers from 1.4 and
2.0.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/server.c (cmd_wkd_get): Support SRV records.
--
This patch changes the way a WKD query is done. Now we first look for
a SRV record for service "openpgpkey" and port "tcp" under the
to-be-queried domain. If such a record was found and the target host
matches the to-be-queried domain or is a suffix to that domain, that
target host is used instead of the domain name. The SRV record also
allows to change the port and obviously can be used for
load-balancing.
For example a query for the submission address of example.org with the
SRV record specification
_openpgpkey._tcp IN SRV 0 0 0 wkd.foo.org.
IN SRV 0 0 0 wkd.example.net.
IN SRV 0 0 4711 wkd.example.org.
(queried using the name "_openpgpkey._tcp.example.org") would fetch
from this URL:
https://wkd.example.org:4711/.well-known/openpgpkey/submission-address
Note that the first two SRV records won't be used because foo.org and
example.net do not match example.org. We require that the target host
is identical to the domain or be a subdomain of it. This is so that
an attacker modifying the SRV records needs to setup a server in a
sub-domain of the actual domain and can't use an arbitrary domain.
Whether this is a sufficient requirement is not clear and needs
further discussion.
Signed-off-by: Werner Koch <wk@gnupg.org>
* dirmngr/dns-stuff.c (get_dns_srv): Add args SERVICE and PROTO.
* dirmngr/http.c (connect_server): Simplify SRV lookup.
* dirmngr/ks-engine-hkp.c (map_host): Ditto.
* dirmngr/t-dns-stuff.c (main): Adjust for changed get_dns_srv.
--
This new API is more convenient because it includes commonly used
code. Note that right now http.c's SRV record code is not used.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch