From cvs at cvs.gnupg.org Tue Apr 3 18:57:40 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 03 Apr 2007 18:57:40 +0200 Subject: [svn] GnuPG - r4469 - in trunk: common doc scd sm tools Message-ID: Author: wk Date: 2007-04-03 18:57:37 +0200 (Tue, 03 Apr 2007) New Revision: 4469 Modified: trunk/common/sexputil.c trunk/doc/gpg-agent.texi trunk/doc/scdaemon.texi trunk/doc/tools.texi trunk/scd/ChangeLog trunk/scd/ccid-driver.c trunk/scd/command.c trunk/sm/ChangeLog trunk/tools/ChangeLog trunk/tools/gpg-connect-agent.c Log: Add a way to get a listing of available CCID readers. Modified: trunk/common/sexputil.c =================================================================== --- trunk/common/sexputil.c 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/common/sexputil.c 2007-04-03 16:57:37 UTC (rev 4469) @@ -1,4 +1,4 @@ -/* sexputil.c - Utility fnctions for S-expressions. +/* sexputil.c - Utility functions for S-expressions. * Copyright (C) 2005 Free Software Foundation, Inc. * * This file is part of GnuPG. Modified: trunk/doc/gpg-agent.texi =================================================================== --- trunk/doc/gpg-agent.texi 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/doc/gpg-agent.texi 2007-04-03 16:57:37 UTC (rev 4469) @@ -501,7 +501,7 @@ As a special feature a line @code{include-default} will include a global list of trusted certificates (e.g. @file{/etc/gnupg/trustlist.txt}). -This global list is also used if the local list ios not available. +This global list is also used if the local list is not available. @item sshcontrol Modified: trunk/doc/scdaemon.texi =================================================================== --- trunk/doc/scdaemon.texi 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/doc/scdaemon.texi 2007-04-03 16:57:37 UTC (rev 4469) @@ -251,6 +251,13 @@ a list of available readers. The default is then the first reader found. +To get a list of available CCID readers you may use this command: + at smallexample +echo scd getinfo reader_list | gpg-connect-agent --decode | awk '/^D/ @{print $2@}' + at end smallexample + + + @item --disable-keypad @opindex disable-keypad Even if a card reader features a keypad, do not try to use it. Modified: trunk/doc/tools.texi =================================================================== --- trunk/doc/tools.texi 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/doc/tools.texi 2007-04-03 16:57:37 UTC (rev 4469) @@ -955,6 +955,16 @@ connects to the assuan server in extended mode to allow descriptor passing. This option makes it use the old mode. + at item --hex + at opindex hex +Print data lines in a hex format and the ASCII representation of +non-control characters. + + at item --decode + at opindex decode +Decode data lines. That is to remove percent escapes but make sure that +a new line always starts with a D and a space. + @end table @mansect control commands @@ -995,6 +1005,14 @@ @item /recvfd Not yet implemented. + at item /hex + at itemx /nohex +Same as the command line option @option{--hex}. + + at item /decode + at itemx /nodecode +Same as the command line option @option{--decode}. + @item /help Print a list of available control commands. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/scd/ChangeLog 2007-04-03 16:57:37 UTC (rev 4469) @@ -1,3 +1,9 @@ +2007-04-03 Werner Koch + + * command.c (cmd_getinfo): New subcommand "reader_list". + * ccid-driver.c (scan_or_find_devices): Ignore EBUSY in scan mode + for special transports. + 2007-03-07 Werner Koch * app-dinsig.c: Include i18n.h. Modified: trunk/scd/ccid-driver.c =================================================================== --- trunk/scd/ccid-driver.c 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/scd/ccid-driver.c 2007-04-03 16:57:37 UTC (rev 4469) @@ -989,8 +989,14 @@ char *rid, *p; fd = open (transports[i].name, O_RDWR); - if (fd == -1) + if (fd == -1 && scan_mode && errno == EBUSY) { + /* Ignore this error in scan mode because it indicates that + the device exists but is already open (most likely by us) + and thus in general suitable as a reader. */ + } + else if (fd == -1) + { DEBUGOUT_2 ("failed to open `%s': %s\n", transports[i].name, strerror (errno)); continue; @@ -999,7 +1005,8 @@ rid = malloc (strlen (transports[i].name) + 30 + 10); if (!rid) { - close (fd); + if (fd != -1) + close (fd); free (rid_list); return -1; /* Error. */ } @@ -1010,7 +1017,8 @@ p = malloc ((rid_list? strlen (rid_list):0) + 1 + strlen (rid) + 1); if (!p) { - close (fd); + if (fd != -1) + close (fd); free (rid_list); free (rid); return -1; /* Error. */ @@ -1046,7 +1054,8 @@ --readerno; } free (rid); - close (fd); + if (fd != -1) + close (fd); } if (scan_mode) Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/scd/command.c 2007-04-03 16:57:37 UTC (rev 4469) @@ -38,6 +38,9 @@ #include "app-common.h" #include "apdu.h" /* Required for apdu_*_reader (). */ #include "exechelp.h" +#ifdef HAVE_LIBUSB +#include "ccid-driver.h" +#endif /* Maximum length allowed as a PIN; used for INQUIRE NEEDPIN */ #define MAXLEN_PIN 100 @@ -1382,12 +1385,16 @@ Supported values of WHAT are: socket_name - Return the name of the socket. + status - Return the status of the current slot (in the future, may also return the status of all slots). The status is a list of one-character flags. The following flags are currently defined: 'u' Usable card present. This is the normal state during operation. 'r' Card removed. A reset is necessary. These flags are exclusive. + + reader_list - Return a list of detected card readers. Does + currently only work with the internal CCID driver. */ static int @@ -1427,6 +1434,20 @@ } rc = assuan_send_data (ctx, &flag, 1); } + else if (!strcmp (line, "reader_list")) + { +#ifdef HAVE_LIBUSB + char *s = ccid_get_reader_list (); +#else + char *s = NULL; +#endif + + if (s) + rc = assuan_send_data (ctx, s, strlen (s)); + else + rc = gpg_error (GPG_ERR_NO_DATA); + xfree (s); + } else rc = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); return rc; Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/sm/ChangeLog 2007-04-03 16:57:37 UTC (rev 4469) @@ -6,9 +6,9 @@ as much memory as required. (gpgsm_get_keygrip_hexstring): Use bin2hex. - * certchain.c (gpgsm_validate_chain): Keep terack of the + * certchain.c (gpgsm_validate_chain): Keep track of the certificate chain and reset the ephemeral flags. - * keydb.c (keydb_set_cert_flags): New args EPHEMERAL MASK. + * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. Changed caller to use a mask of ~0. Return a proper error code if the certificate is not available. Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/tools/ChangeLog 2007-04-03 16:57:37 UTC (rev 4469) @@ -1,3 +1,9 @@ +2007-04-03 Werner Koch + + * gpg-connect-agent.c (main): New option --decode and commands + decode and undecode. + (read_and_print_response): Implement option. + 2007-03-20 Werner Koch * gpgconf-comp.c (gc_options_gpgsm): Add p12-charset. Modified: trunk/tools/gpg-connect-agent.c =================================================================== --- trunk/tools/gpg-connect-agent.c 2007-03-20 16:57:40 UTC (rev 4468) +++ trunk/tools/gpg-connect-agent.c 2007-04-03 16:57:37 UTC (rev 4469) @@ -1,5 +1,5 @@ /* gpg-connect-agent.c - Tool to connect to the agent. - * Copyright (C) 2005 Free Software Foundation, Inc. + * Copyright (C) 2005, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -46,6 +46,7 @@ oNoVerbose = 500, oHomedir, oHex, + oDecode, oNoExtConnect }; @@ -59,6 +60,7 @@ { oVerbose, "verbose", 0, N_("verbose") }, { oQuiet, "quiet", 0, N_("quiet") }, { oHex, "hex", 0, N_("print data out hex encoded") }, + { oDecode,"decode", 0, N_("decode received data lines") }, { oRawSocket, "raw-socket", 2, N_("|NAME|connect to Assuan socket NAME")}, { oExec, "exec", 0, N_("run the Assuan server given on the command line")}, { oNoExtConnect, "no-ext-connect", @@ -78,6 +80,7 @@ int quiet; /* Be extra quiet. */ const char *homedir; /* Configuration directory name */ int hex; /* Print data lines in hex format. */ + int decode; /* Decode received data lines. */ const char *raw_socket; /* Name of socket to connect in raw mode. */ int exec; /* Run the pgm given on the command line. */ unsigned int connect_flags; /* Flags used for connecting. */ @@ -306,6 +309,7 @@ case oNoVerbose: opt.verbose = 0; break; case oHomedir: opt.homedir = pargs.r.ret_str; break; case oHex: opt.hex = 1; break; + case oDecode: opt.decode = 1; break; case oRawSocket: opt.raw_socket = pargs.r.ret_str; break; case oExec: opt.exec = 1; break; case oNoExtConnect: opt.connect_flags &= ~(1); break; @@ -436,6 +440,14 @@ do_recvfd (ctx, p); continue; } + else if (!strcmp (cmd, "hex")) + opt.hex = 1; + else if (!strcmp (cmd, "nohex")) + opt.hex = 0; + else if (!strcmp (cmd, "decode")) + opt.decode = 1; + else if (!strcmp (cmd, "nodecode")) + opt.decode = 0; else if (!strcmp (cmd, "help")) { puts ( @@ -451,7 +463,9 @@ "/cleardef Delete all definitions.\n" "/sendfd FILE MODE Open FILE and pass descriptor to server.\n" "/recvfd Receive FD from server and print. \n" - "/help Print this help."); +"/[no]hex Enable hex dumping of received data lines.\n" +"/[no]decode Enable decoding of received data lines.\n" +"/help Print this help."); } else log_error (_("unknown command `%s'\n"), cmd ); @@ -577,6 +591,7 @@ size_t linelen; assuan_error_t rc; int i, j; + int need_lf = 0; for (;;) { @@ -628,56 +643,92 @@ putchar ('\n'); } } + else if (opt.decode) + { + const unsigned char *s; + int need_d = 1; + int c = 0; + + for (j=2, s=(unsigned char*)line+2; j < linelen; j++, s++ ) + { + if (need_d) + { + fputs ("D ", stdout); + need_d = 0; + } + if (*s == '%' && j+2 < linelen) + { + s++; j++; + c = xtoi_2 ( s ); + s++; j++; + } + else + c = *s; + if (c == '\n') + need_d = 1; + putchar (c); + } + need_lf = (c != '\n'); + } else { fwrite (line, linelen, 1, stdout); putchar ('\n'); } } - else if (linelen >= 1 - && line[0] == 'S' - && (line[1] == '\0' || line[1] == ' ')) + else { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); - } - else if (linelen >= 2 - && line[0] == 'O' && line[1] == 'K' - && (line[2] == '\0' || line[2] == ' ')) - { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); - return 0; + if (need_lf) + { + putchar ('\n'); + need_lf = 0; + } + + if (linelen >= 1 + && line[0] == 'S' + && (line[1] == '\0' || line[1] == ' ')) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + } + else if (linelen >= 2 + && line[0] == 'O' && line[1] == 'K' + && (line[2] == '\0' || line[2] == ' ')) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + return 0; + } + else if (linelen >= 3 + && line[0] == 'E' && line[1] == 'R' && line[2] == 'R' + && (line[3] == '\0' || line[3] == ' ')) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + return 0; + } + else if (linelen >= 7 + && line[0] == 'I' && line[1] == 'N' && line[2] == 'Q' + && line[3] == 'U' && line[4] == 'I' && line[5] == 'R' + && line[6] == 'E' + && (line[7] == '\0' || line[7] == ' ')) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + if (!handle_inquire (ctx, line)) + assuan_write_line (ctx, "CANCEL"); + } + else if (linelen >= 3 + && line[0] == 'E' && line[1] == 'N' && line[2] == 'D' + && (line[3] == '\0' || line[3] == ' ')) + { + fwrite (line, linelen, 1, stdout); + putchar ('\n'); + /* Received from server, thus more responses are expected. */ + } + else + return gpg_error (GPG_ERR_ASS_INV_RESPONSE); } - else if (linelen >= 3 - && line[0] == 'E' && line[1] == 'R' && line[2] == 'R' - && (line[3] == '\0' || line[3] == ' ')) - { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); - return 0; - } - else if (linelen >= 7 - && line[0] == 'I' && line[1] == 'N' && line[2] == 'Q' - && line[3] == 'U' && line[4] == 'I' && line[5] == 'R' - && line[6] == 'E' - && (line[7] == '\0' || line[7] == ' ')) - { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); - if (!handle_inquire (ctx, line)) - assuan_write_line (ctx, "CANCEL"); - } - else if (linelen >= 3 - && line[0] == 'E' && line[1] == 'N' && line[2] == 'D' - && (line[3] == '\0' || line[3] == ' ')) - { - fwrite (line, linelen, 1, stdout); - putchar ('\n'); - /* Received from server, thus more responses are expected. */ - } - else - return gpg_error (GPG_ERR_ASS_INV_RESPONSE); } } From cvs at cvs.gnupg.org Tue Apr 3 20:43:01 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 03 Apr 2007 20:43:01 +0200 Subject: [svn] GnuPG - r4470 - trunk/agent Message-ID: Author: wk Date: 2007-04-03 20:43:00 +0200 (Tue, 03 Apr 2007) New Revision: 4470 Modified: trunk/agent/ChangeLog trunk/agent/trustlist.c Log: * trustlist.c (read_trustfiles): Take a missing trustlist as an empty one. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2007-04-03 16:57:37 UTC (rev 4469) +++ trunk/agent/ChangeLog 2007-04-03 18:43:00 UTC (rev 4470) @@ -1,3 +1,8 @@ +2007-04-03 Werner Koch + + * trustlist.c (read_trustfiles): Take a missing trustlist as an + empty one. + 2007-03-20 Werner Koch * protect-tool.c: New option --p12-charset. Modified: trunk/agent/trustlist.c =================================================================== --- trunk/agent/trustlist.c 2007-04-03 16:57:37 UTC (rev 4469) +++ trunk/agent/trustlist.c 2007-04-03 18:43:00 UTC (rev 4470) @@ -275,7 +275,7 @@ } -/* Read the trust files and update the global table on success. */ +/* Read the trust files and update the global table on success. */ static gpg_error_t read_trustfiles (void) { @@ -313,6 +313,16 @@ if (err) { xfree (table); + if (gpg_err_code (err) == GPG_ERR_ENOENT) + { + /* Take a missing trustlist as an empty one. */ + lock_trusttable (); + xfree (trusttable); + trusttable = NULL; + trusttablesize = 0; + unlock_trusttable (); + err = 0; + } return err; } From cvs at cvs.gnupg.org Wed Apr 4 06:00:22 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Wed, 04 Apr 2007 06:00:22 +0200 Subject: [svn] GnuPG - r4471 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2007-04-04 06:00:20 +0200 (Wed, 04 Apr 2007) New Revision: 4471 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/parse-packet.c Log: * parse-packet.c (parse_marker): New. Enforce that the marker contains 'P', 'G', 'P', and nothing but. (parse): Call it here. (skip_packet): No longer need to handle marker packets here. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-04-03 18:43:00 UTC (rev 4470) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-04-04 04:00:20 UTC (rev 4471) @@ -1,3 +1,10 @@ +2007-04-03 David Shaw + + * parse-packet.c (parse_marker): New. Enforce that the marker + contains 'P', 'G', 'P', and nothing but. + (parse): Call it here. + (skip_packet): No longer need to handle marker packets here. + 2007-03-14 David Shaw * keyserver.c: Windows Vista doesn't grok X_OK and so fails Modified: branches/STABLE-BRANCH-1-4/g10/parse-packet.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/parse-packet.c 2007-04-03 18:43:00 UTC (rev 4470) +++ branches/STABLE-BRANCH-1-4/g10/parse-packet.c 2007-04-04 04:00:20 UTC (rev 4471) @@ -1,6 +1,6 @@ /* parse-packet.c - read packets - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -58,6 +58,7 @@ static void skip_packet( IOBUF inp, int pkttype, unsigned long pktlen, int partial ); static void *read_rest( IOBUF inp, size_t pktlen, int partial ); +static int parse_marker( IOBUF inp, int pkttype, unsigned long pktlen ); static int parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ); static int parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, @@ -531,6 +532,9 @@ case PKT_GPG_CONTROL: rc = parse_gpg_control(inp, pkttype, pktlen, pkt, partial ); break; + case PKT_MARKER: + rc = parse_marker(inp,pkttype,pktlen); + break; default: skip_packet(inp, pkttype, pktlen, partial); break; @@ -595,32 +599,31 @@ static void skip_packet( IOBUF inp, int pkttype, unsigned long pktlen, int partial ) { - if( list_mode ) { - if( pkttype == PKT_MARKER ) - fputs(":marker packet:\n", listfp ); - else - fprintf (listfp, ":unknown packet: type %2d, length %lu\n", - pkttype, pktlen); - if( pkttype ) { - int c, i=0 ; - if( pkttype != PKT_MARKER ) - fputs("dump:", listfp ); - if( partial ) { - while( (c=iobuf_get(inp)) != -1 ) - dump_hex_line(c, &i); + if( list_mode ) + { + fprintf (listfp, ":unknown packet: type %2d, length %lu\n", + pkttype, pktlen); + if( pkttype ) + { + int c, i=0 ; + fputs("dump:", listfp ); + if( partial ) + { + while( (c=iobuf_get(inp)) != -1 ) + dump_hex_line(c, &i); } - else { - for( ; pktlen; pktlen-- ) - dump_hex_line(iobuf_get(inp), &i); + else + { + for( ; pktlen; pktlen-- ) + dump_hex_line(iobuf_get(inp), &i); } - putc ('\n', listfp); - return; + putc ('\n', listfp); + return; } } - iobuf_skip_rest(inp,pktlen,partial); + iobuf_skip_rest(inp,pktlen,partial); } - static void * read_rest( IOBUF inp, size_t pktlen, int partial ) { @@ -639,8 +642,41 @@ return p; } +static int +parse_marker( IOBUF inp, int pkttype, unsigned long pktlen ) +{ + if(pktlen!=3) + goto fail; + if(iobuf_get(inp)!='P') + { + pktlen--; + goto fail; + } + if(iobuf_get(inp)!='G') + { + pktlen--; + goto fail; + } + + if(iobuf_get(inp)!='P') + { + pktlen--; + goto fail; + } + + if(list_mode) + fputs(":marker packet: PGP\n", listfp ); + + return 0; + + fail: + log_error("invalid marker packet\n"); + iobuf_skip_rest(inp,pktlen,0); + return G10ERR_INVALID_PACKET; +} + static int parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) { From cvs at cvs.gnupg.org Thu Apr 5 18:22:16 2007 From: cvs at cvs.gnupg.org (cvs user marcus) Date: Thu, 05 Apr 2007 18:22:16 +0200 Subject: oftpd/src (ftp_session.c oftpd.c oftpd.h) Message-ID: Date: Thursday, April 5, 2007 @ 18:22:16 Author: marcus Path: /cvs/wk/oftpd/src Modified: ftp_session.c oftpd.c oftpd.h 2007-04-05 Marcus Brinkmann * src/ftp_session.c (do_retr, open_connection, send_readme): Add dummy block between jump label and pthread_cleanup_pop() macro. * oftpd.startup (ARGS): Add $OPTIONS. * src/oftpd.h (debug_flags): Declare global variable. (DEBUG_NONE, DEBUG_XFER, DEBUG_CMDS): New macros. * src/oftpd.c (debug_flags): New global variable. (main): Support new -d option. * src/ftp_session.c (ftp_session_run): Only log if DEBUG_CMDS flag is set. (reply): Likewise. (do_retr): Log xfer in WU-FTPD format. ---------------+ ftp_session.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++------ oftpd.c | 9 +++++++- oftpd.h | 8 ++++++- 3 files changed, 67 insertions(+), 8 deletions(-) From cvs at cvs.gnupg.org Thu Apr 5 18:22:17 2007 From: cvs at cvs.gnupg.org (cvs user marcus) Date: Thu, 05 Apr 2007 18:22:17 +0200 Subject: oftpd (ChangeLog oftpd.startup) Message-ID: Date: Thursday, April 5, 2007 @ 18:22:17 Author: marcus Path: /cvs/wk/oftpd Modified: ChangeLog oftpd.startup 2007-04-05 Marcus Brinkmann * src/ftp_session.c (do_retr, open_connection, send_readme): Add dummy block between jump label and pthread_cleanup_pop() macro. * oftpd.startup (ARGS): Add $OPTIONS. * src/oftpd.h (debug_flags): Declare global variable. (DEBUG_NONE, DEBUG_XFER, DEBUG_CMDS): New macros. * src/oftpd.c (debug_flags): New global variable. (main): Support new -d option. * src/ftp_session.c (ftp_session_run): Only log if DEBUG_CMDS flag is set. (reply): Likewise. (do_retr): Log xfer in WU-FTPD format. ---------------+ ChangeLog | 15 +++++++++++++++ oftpd.startup | 2 ++ 2 files changed, 17 insertions(+) From cvs at cvs.gnupg.org Fri Apr 6 05:46:04 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Fri, 06 Apr 2007 05:46:04 +0200 Subject: [svn] GnuPG - r4472 - trunk/g10 Message-ID: Author: dshaw Date: 2007-04-06 05:46:03 +0200 (Fri, 06 Apr 2007) New Revision: 4472 Modified: trunk/g10/ChangeLog trunk/g10/parse-packet.c Log: * parse-packet.c (parse_marker): New. Enforce that the marker contains 'P', 'G', 'P', and nothing but. (parse): Call it here. (skip_packet): No longer need to handle marker packets here. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-04-04 04:00:20 UTC (rev 4471) +++ trunk/g10/ChangeLog 2007-04-06 03:46:03 UTC (rev 4472) @@ -1,3 +1,12 @@ +2007-04-05 David Shaw + + From STABLE-BRANCH-1-4 + + * parse-packet.c (parse_marker): New. Enforce that the marker + contains 'P', 'G', 'P', and nothing but. + (parse): Call it here. + (skip_packet): No longer need to handle marker packets here. + 2007-03-14 David Shaw From STABLE-BRANCH-1-4 Modified: trunk/g10/parse-packet.c =================================================================== --- trunk/g10/parse-packet.c 2007-04-04 04:00:20 UTC (rev 4471) +++ trunk/g10/parse-packet.c 2007-04-06 03:46:03 UTC (rev 4472) @@ -1,6 +1,6 @@ /* parse-packet.c - read packets - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -52,6 +52,7 @@ static void skip_packet( IOBUF inp, int pkttype, unsigned long pktlen, int partial ); static void *read_rest( IOBUF inp, size_t pktlen, int partial ); +static int parse_marker( IOBUF inp, int pkttype, unsigned long pktlen ); static int parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ); static int parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, @@ -579,6 +580,9 @@ case PKT_GPG_CONTROL: rc = parse_gpg_control(inp, pkttype, pktlen, pkt, partial ); break; + case PKT_MARKER: + rc = parse_marker(inp,pkttype,pktlen); + break; default: skip_packet(inp, pkttype, pktlen, partial); break; @@ -644,32 +648,31 @@ static void skip_packet( IOBUF inp, int pkttype, unsigned long pktlen, int partial ) { - if( list_mode ) { - if( pkttype == PKT_MARKER ) - fputs(":marker packet:\n", listfp ); - else - fprintf (listfp, ":unknown packet: type %2d, length %lu\n", - pkttype, pktlen); - if( pkttype ) { - int c, i=0 ; - if( pkttype != PKT_MARKER ) - fputs("dump:", listfp ); - if( partial ) { - while( (c=iobuf_get(inp)) != -1 ) - dump_hex_line(c, &i); + if( list_mode ) + { + fprintf (listfp, ":unknown packet: type %2d, length %lu\n", + pkttype, pktlen); + if( pkttype ) + { + int c, i=0 ; + fputs("dump:", listfp ); + if( partial ) + { + while( (c=iobuf_get(inp)) != -1 ) + dump_hex_line(c, &i); } - else { - for( ; pktlen; pktlen-- ) - dump_hex_line(iobuf_get(inp), &i); + else + { + for( ; pktlen; pktlen-- ) + dump_hex_line(iobuf_get(inp), &i); } - putc ('\n', listfp); - return; + putc ('\n', listfp); + return; } } - iobuf_skip_rest(inp,pktlen,partial); + iobuf_skip_rest(inp,pktlen,partial); } - static void * read_rest( IOBUF inp, size_t pktlen, int partial ) { @@ -688,8 +691,41 @@ return p; } +static int +parse_marker( IOBUF inp, int pkttype, unsigned long pktlen ) +{ + if(pktlen!=3) + goto fail; + if(iobuf_get(inp)!='P') + { + pktlen--; + goto fail; + } + if(iobuf_get(inp)!='G') + { + pktlen--; + goto fail; + } + + if(iobuf_get(inp)!='P') + { + pktlen--; + goto fail; + } + + if(list_mode) + fputs(":marker packet: PGP\n", listfp ); + + return 0; + + fail: + log_error("invalid marker packet\n"); + iobuf_skip_rest(inp,pktlen,0); + return G10ERR_INVALID_PACKET; +} + static int parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) { From cvs at cvs.gnupg.org Fri Apr 6 14:58:08 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 06 Apr 2007 14:58:08 +0200 Subject: [svn] ksba - r268 - in trunk: . src tests tests/samples Message-ID: Author: wk Date: 2007-04-06 14:58:07 +0200 (Fri, 06 Apr 2007) New Revision: 268 Added: trunk/tests/samples/openssl-secp256r1ca.cert.crt trunk/tests/samples/secp256r1-sha384_cert.crt trunk/tests/samples/secp256r1-sha512_cert.crt trunk/tests/samples/secp384r1-sha512_cert.crt Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac trunk/src/ChangeLog trunk/src/convert.h trunk/src/keyinfo.c trunk/src/oid.c trunk/tests/cert-basic.c trunk/tests/samples/README Log: First steps towards ECC integration. cert-basic is at least able to parse the new sample certs. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/ChangeLog 2007-04-06 12:58:07 UTC (rev 268) @@ -1,3 +1,7 @@ +2007-04-06 Werner Koch + + * configure.ac: Require libgpg-error 1.4. + 2006-11-29 Werner Koch Released 1.0.1. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/NEWS 2007-04-06 12:58:07 UTC (rev 268) @@ -1,7 +1,7 @@ Noteworthy changes in version 1.0.2 ------------------------------------------------ - * Support for SHA-1. + * Support for SHA-2. * Fixed a couple of memory leaks. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/configure.ac 2007-04-06 12:58:07 UTC (rev 268) @@ -47,7 +47,7 @@ KSBA_CONFIG_API_VERSION=1 -NEED_GPG_ERROR_VERSION=1.2 +NEED_GPG_ERROR_VERSION=1.4 PACKAGE=$PACKAGE_NAME Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/src/ChangeLog 2007-04-06 12:58:07 UTC (rev 268) @@ -1,3 +1,13 @@ +2007-04-06 Werner Koch + + * keyinfo.c (curve_names): New. + (get_ecc_curve_oid): New. + (_ksba_keyinfo_from_sexp): Support ECC. + (oid_from_buffer): Ditto. + (_ksba_keyinfo_to_sexp): Ditto. + + * oid.c (_ksba_oid_from_buf): New. + 2007-01-30 Werner Koch * shared.h: Add constants for SHA-2. Modified: trunk/src/convert.h =================================================================== --- trunk/src/convert.h 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/src/convert.h 2007-04-06 12:58:07 UTC (rev 268) @@ -42,6 +42,8 @@ /*-- oid.c --*/ char *_ksba_oid_node_to_str (const unsigned char *image, AsnNode node); +gpg_error_t _ksba_oid_from_buf (const void *buffer, size_t buflen, + unsigned char **rbuf, size_t *rlength); /*-- name.c --*/ Modified: trunk/src/keyinfo.c =================================================================== --- trunk/src/keyinfo.c 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/src/keyinfo.c 2007-04-06 12:58:07 UTC (rev 268) @@ -34,6 +34,7 @@ #include "asn1-func.h" #include "keyinfo.h" #include "shared.h" +#include "convert.h" #include "ber-help.h" struct algo_table_s { @@ -41,6 +42,7 @@ const unsigned char *oid; /* NULL indicattes end of table */ int oidlen; int supported; + int is_ecc; const char *algo_string; const char *elem_string; /* parameter name or '-' */ const char *ctrl_string; /* expected tag values (value > 127 are raw data)*/ @@ -51,21 +53,31 @@ { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */ "1.2.840.113549.1.1.1", /* rsaEncryption (RSAES-PKCA1-v1.5) */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01", 9, - 1, "rsa", "-ne", "\x30\x02\x02" }, + 1, 0, "rsa", "-ne", "\x30\x02\x02" }, { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.7 */ "1.2.840.113549.1.1.7", /* RSAES-OAEP */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x07", 9, - 0, "rsa", "-ne", "\x30\x02\x02"}, /* (patent problems) */ + 0, 0, "rsa", "-ne", "\x30\x02\x02"}, /* (patent problems) */ { /* */ "2.5.8.1.1", /* rsa (ambiguous due to missing padding rules)*/ "\x55\x08\x01\x01", 4, - 1, "ambiguous-rsa", "-ne", "\x30\x02\x02" }, + 1, 0, "ambiguous-rsa", "-ne", "\x30\x02\x02" }, { /* iso.member-body.us.x9-57.x9cm.1 */ "1.2.840.10040.4.1", /* dsa */ "\x2a\x86\x48\xce\x38\x04\x01", 7, - 1, "dsa", "y", "\x02" }, + 1, 0, "dsa", "y", "\x02" }, /* FIXME: Need code to extract p,q,g from the parameters */ + + { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */ + "1.2.840.10045.4.1", /* ecdsa */ + "\x2a\x86\x48\xce\x3d\x04\x01", 7, + 1, 1, "ecdsa", "q", "\x80" }, + { /* iso.member-body.us.ansi-x9-62.2.1 */ + "1.2.840.10045.2.1", /* ecdsa or ecdh */ + "\x2a\x86\x48\xce\x3d\x02\x01", 7, + 1, 1,"ecc", "q", "\x80" }, + {NULL} }; @@ -74,52 +86,52 @@ { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 */ "1.2.840.113549.1.1.5", /* sha1WithRSAEncryption */ "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05", 9, - 1, "rsa", "s", "\x82", GCRY_MD_SHA1 }, + 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA1 }, { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.4 */ "1.2.840.113549.1.1.4", /* md5WithRSAEncryption */ "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04", 9, - 1, "rsa", "s", "\x82", GCRY_MD_MD5 }, + 1, 0, "rsa", "s", "\x82", GCRY_MD_MD5 }, { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.2 */ "1.2.840.113549.1.1.2", /* md2WithRSAEncryption */ "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02", 9, - 0, "rsa", "s", "\x82", 0 }, + 0, 0, "rsa", "s", "\x82", 0 }, { /* iso.member-body.us.x9-57.x9cm.3 */ "1.2.840.10040.4.3", /* dsaWithSha1 */ "\x2a\x86\x48\xce\x38\x04\x03", 7, - 1, "dsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA1 }, + 1, 0, "dsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA1 }, { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */ "1.2.840.113549.1.1.1", /* rsaEncryption used without hash algo*/ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01", 9, - 1, "rsa", "s", "\x82" }, + 1, 0, "rsa", "s", "\x82" }, { /* from NIST's OIW - actually belongs in a pure hash table */ "1.3.14.3.2.26", /* sha1 */ "\x2B\x0E\x03\x02\x1A", 5, - 0, "sha-1", "", "", GCRY_MD_SHA1 }, + 0, 0, "sha-1", "", "", GCRY_MD_SHA1 }, { /* As used by telesec cards */ "1.3.36.3.3.1.2", /* rsaSignatureWithripemd160 */ "\x2b\x24\x03\x03\x01\x02", 6, - 1, "rsa", "s", "\x82", GCRY_MD_RMD160 }, + 1, 0, "rsa", "s", "\x82", GCRY_MD_RMD160 }, { /* from NIST's OIW - used by TU Darmstadt */ "1.3.14.3.2.29", /* sha-1WithRSAEncryption */ "\x2B\x0E\x03\x02\x1D", 5, - 1, "rsa", "s", "\x82", GCRY_MD_SHA1 }, + 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA1 }, { /* from PKCS#1 */ "1.2.840.113549.1.1.11", /* sha256WithRSAEncryption */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b", 9, - 1, "rsa", "s", "\x82", GCRY_MD_SHA256 }, + 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA256 }, { /* from PKCS#1 */ "1.2.840.113549.1.1.12", /* sha384WithRSAEncryption */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0c", 9, - 1, "rsa", "s", "\x82", GCRY_MD_SHA384 }, + 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA384 }, { /* from PKCS#1 */ "1.2.840.113549.1.1.13", /* sha512WithRSAEncryption */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0d", 9, - 1, "rsa", "s", "\x82", GCRY_MD_SHA512 }, + 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA512 }, {NULL} }; @@ -128,11 +140,34 @@ { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */ "1.2.840.113549.1.1.1", /* rsaEncryption (RSAES-PKCA1-v1.5) */ "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01", 9, - 1, "rsa", "a", "\x82" }, + 1, 0, "rsa", "a", "\x82" }, {NULL} }; +/* This tables maps names of ECC curves names to OIDs. A similar + table is used by lib gcrypt. */ +static const struct +{ + const char *oid; + const char *name; +} curve_names[] = + { + { "1.2.840.10045.3.1.1", "NIST P-192" }, + { "1.2.840.10045.3.1.1", "prime192v1" }, + { "1.2.840.10045.3.1.1", "secp192r1" }, + + { "1.2.840.10045.3.1.7", "NIST P-256", }, + { "1.2.840.10045.3.1.7", "prime256v1" }, + { "1.2.840.10045.3.1.7", "secp256r1" }, + + { NULL, NULL} + }; + + + + + struct stringbuf { size_t len; size_t size; @@ -170,6 +205,60 @@ } while (0) +#if 0 +static void +dump_hex (const unsigned char *p, size_t n) +{ + if (!p) + fputs (" none", stderr); + else + { + for (; n; n--, p++) + fprintf (stderr, " %02X", *p); + } +} +#endif + + +/* Given a string BUF of length BUFLEN with either the name of an ECC + curve or its OID in dotted form return the DER encoding of the OID. + The caller must free the result. On error NULL is returned. */ +static unsigned char * +get_ecc_curve_oid (const unsigned char *buf, size_t buflen, size_t *r_oidlen) +{ + unsigned char *der_oid; + + /* Skip an optional "oid." prefix. */ + if (buflen > 4 && buf[3] == '.' && digitp (buf+4) + && ((buf[0] == 'o' && buf[1] == 'i' && buf[2] == 'd') + ||(buf[0] == 'O' && buf[1] == 'I' && buf[2] == 'D'))) + { + buf += 4; + buflen -= 4; + } + + /* If it does not look like an OID - map it through the table. */ + if (buflen && !digitp (buf)) + { + int i; + + for (i=0; curve_names[i].oid; i++) + if (buflen == strlen (curve_names[i].name) + && !memcmp (buf, curve_names[i].name, buflen)) + break; + if (curve_names[i].oid) + return NULL; /* Not found. */ + buf = curve_names[i].name; + buflen = strlen (curve_names[i].name); + } + + if (_ksba_oid_from_buf (buf, buflen, &der_oid, r_oidlen)) + return NULL; + return der_oid; +} + + + /* Return the OFF and the LEN of algorithm within DER. Do some checks and return the number of bytes read in r_nread, adding this to der does point into the BIT STRING. @@ -181,7 +270,7 @@ static gpg_error_t get_algorithm (int mode, const unsigned char *der, size_t derlen, size_t *r_nread, size_t *r_pos, size_t *r_len, int *r_bitstr, - size_t *r_parm_pos, size_t *r_parm_len) + size_t *r_parm_pos, size_t *r_parm_len, int *r_parm_type) { int c; const unsigned char *start = der; @@ -219,7 +308,7 @@ derlen -= len; seqlen -= der - startseq;; - /* check that the parameter is NULL or not there */ + /* Parse the parameter. */ if (seqlen) { const unsigned char *startparm = der; @@ -229,16 +318,20 @@ c = *der++; derlen--; if ( c == 0x05 ) { - /*printf ("parameter: NULL \n"); the only correct thing */ + /*printf ("parameter: NULL \n"); the usual case */ if (!derlen) return gpg_error (GPG_ERR_INV_KEYINFO); c = *der++; derlen--; if (c) - return gpg_error (GPG_ERR_BAD_BER); /* NULL must have a length of 0 */ + return gpg_error (GPG_ERR_BAD_BER); /* NULL must have a + length of 0 */ seqlen -= 2; } else if (r_parm_pos && r_parm_len && c == 0x04) - { /* this is an octet string parameter and we need it */ + { + /* This is an octet string parameter and we need it. */ + if (r_parm_type) + *r_parm_type = TYPE_OCTET_STRING; TLV_LENGTH(); *r_parm_pos = der - start; *r_parm_len = len; @@ -247,6 +340,19 @@ derlen -= len; seqlen -= len; } + else if (r_parm_pos && r_parm_len && c == 0x06) + { + /* This is an object identifier. */ + if (r_parm_type) + *r_parm_type = TYPE_OBJECT_ID; + TLV_LENGTH(); + *r_parm_pos = der - start; + *r_parm_len = len; + seqlen -= der - startparm; + der += len; + derlen -= len; + seqlen -= len; + } else { /* printf ("parameter: with tag %02x - ignored\n", c); */ @@ -296,7 +402,7 @@ *r_oid = NULL; *r_nread = 0; err = get_algorithm (0, der, derlen, &nread, &off, &len, &is_bitstr, - NULL, NULL); + NULL, NULL, NULL); if (err) return err; *r_nread = nread; @@ -319,7 +425,7 @@ *r_nread = 0; off2 = len2 = 0; err = get_algorithm (0, der, derlen, &nread, &off, &len, &is_bitstr, - &off2, &len2); + &off2, &len2, NULL); if (err) return err; *r_nread = nread; @@ -450,7 +556,9 @@ { gpg_error_t err; int c; - size_t nread, off, len; + size_t nread, off, len, parm_off, parm_len; + int parm_type; + char *parm_oid = NULL; int algoidx; int is_bitstr; const unsigned char *ctrl; @@ -468,7 +576,7 @@ TLV_LENGTH(); /* and now the inner part */ err = get_algorithm (1, der, derlen, &nread, &off, &len, &is_bitstr, - NULL, NULL); + &parm_off, &parm_len, &parm_type); if (err) return err; @@ -484,6 +592,10 @@ if (!pk_algo_table[algoidx].supported) return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + + if (parm_off && parm_len && parm_type == TYPE_OBJECT_ID) + parm_oid = ksba_oid_to_str (der+parm_off, parm_len); + der += nread; derlen -= nread; @@ -492,7 +604,10 @@ CMS as an octet string - for ease of implementation we always allow both */ if (!derlen) - return gpg_error (GPG_ERR_INV_KEYINFO); + { + xfree (parm_oid); + return gpg_error (GPG_ERR_INV_KEYINFO); + } c = *der++; derlen--; if (c) fprintf (stderr, "warning: number of unused bits is not zero\n"); @@ -508,6 +623,15 @@ whatever library is used */ put_stringbuf_sexp (&sb, pk_algo_table[algoidx].algo_string); + /* Insert the curve name for ECC. */ + if (pk_algo_table[algoidx].is_ecc && parm_oid) + { + put_stringbuf (&sb, "("); + put_stringbuf_sexp (&sb, "curve"); + put_stringbuf_sexp (&sb, parm_oid); + put_stringbuf (&sb, ")"); + } + /* FIXME: We don't release the stringbuf in case of error better let the macro jump to a label */ elem = pk_algo_table[algoidx].elem_string; @@ -516,15 +640,30 @@ { int is_int; - if (!derlen) - return gpg_error (GPG_ERR_INV_KEYINFO); - c = *der++; derlen--; - if ( c != *ctrl ) - return gpg_error (GPG_ERR_UNEXPECTED_TAG); /* not the required tag */ - is_int = c == 0x02; - TLV_LENGTH (); - if (is_int && *elem != '-') - { /* take this integer */ + if ( (*ctrl & 0x80) && !elem[1] ) + { + /* Hack to allow reading a raw value. */ + is_int = 1; + len = derlen; + } + else + { + if (!derlen) + { + xfree (parm_oid); + return gpg_error (GPG_ERR_INV_KEYINFO); + } + c = *der++; derlen--; + if ( c != *ctrl ) + { + xfree (parm_oid); + return gpg_error (GPG_ERR_UNEXPECTED_TAG); + } + is_int = c == 0x02; + TLV_LENGTH (); + } + if (is_int && *elem != '-') /* Take this integer. */ + { char tmp[2]; put_stringbuf (&sb, "("); @@ -537,7 +676,8 @@ } } put_stringbuf (&sb, "))"); - + xfree (parm_oid); + *r_string = get_stringbuf (&sb); if (!*r_string) return gpg_error (GPG_ERR_ENOMEM); @@ -546,14 +686,16 @@ } -/* match the algorithm string given in BUF which is of length BUFLEN +/* Match the algorithm string given in BUF which is of length BUFLEN with the known algorithms from our table and returns the table entries for the DER encoded OID. - FIXME: We restrict this for now to RSA because the code using this - function is not yet prepared to handle other algorithms */ + FIXME: We restrict this for now to RSA and ECC because the code + using this function is not yet prepared to handle other + algorithms. */ static const unsigned char * -oid_from_buffer (const unsigned char *buf, int buflen, int *oidlen) +oid_from_buffer (const unsigned char *buf, int buflen, int *oidlen, + int *r_is_ecc) { int i; @@ -581,8 +723,11 @@ if (!pk_algo_table[i].oid) return NULL; - if (strcmp (pk_algo_table[i].elem_string, "-ne")) - return NULL; /* that is not RSA - we can't handle it yet */ + if (!pk_algo_table[i].is_ecc + && strcmp (pk_algo_table[i].elem_string, "-ne")) + return NULL; /* Not ECC or RSA - we can't handle it yet. */ + + *r_is_ecc = pk_algo_table[i].is_ecc; *oidlen = pk_algo_table[i].oidlen; return pk_algo_table[i].oid; } @@ -600,6 +745,9 @@ unsigned long n, n1; const unsigned char *oid; int oidlen; + unsigned char *curve_oid = NULL; + size_t curve_oidlen; + int is_ecc; int i; struct { const char *name; @@ -611,7 +759,7 @@ ksba_writer_t writer = NULL; void *bitstr_value = NULL; size_t bitstr_len; - + int ecc_curve_idx, ecc_q_idx; if (!sexp) return gpg_error (GPG_ERR_INV_VALUE); @@ -633,13 +781,13 @@ return gpg_error (digitp (s)? GPG_ERR_UNKNOWN_SEXP : GPG_ERR_INV_SEXP); s++; - /* break out the algorithm ID */ + /* Break out the algorithm ID */ n = strtoul (s, &endp, 10); s = endp; if (!n || *s != ':') return gpg_error (GPG_ERR_INV_SEXP); /* we don't allow empty lengths */ s++; - oid = oid_from_buffer (s, n, &oidlen); + oid = oid_from_buffer (s, n, &oidlen, &is_ecc); if (!oid) return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); s += n; @@ -661,7 +809,7 @@ parm[parmidx].namelen = n; s += n; if (!digitp(s)) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); /* but may also be an invalid one */ + return gpg_error (GPG_ERR_UNKNOWN_SEXP); /* ... or invalid S-Exp. */ n = strtoul (s, &endp, 10); s = endp; @@ -672,127 +820,195 @@ parm[parmidx].valuelen = n; s += n; if ( *s != ')') - return gpg_error (GPG_ERR_UNKNOWN_SEXP); /* but may also be an invalid one */ + return gpg_error (GPG_ERR_UNKNOWN_SEXP); /* ... or invalid S-Exp. */ s++; } s++; - /* we need another closing parenthesis */ + /* We need another closing parenthesis. */ if ( *s != ')' ) return gpg_error (GPG_ERR_INV_SEXP); - /* check that the names match the requirements for RSA */ - s = "ne"; - if (parmidx != strlen (s)) - return gpg_error (GPG_ERR_UNKNOWN_SEXP); - for (i=0; i < parmidx; i++) + ecc_q_idx = ecc_curve_idx = -1; + if (is_ecc) { - if (parm[i].namelen != 1 || parm[i].name[0] != s[i]) + for (i=0; i < parmidx; i++) + { + if (ecc_curve_idx == -1 + && parm[i].namelen == 5 && !memcmp (parm[i].name, "curve", 5)) + ecc_curve_idx = i; + else if (ecc_q_idx == -1 + && parm[i].namelen == 1 && parm[i].name[0] == 'q') + ecc_q_idx = i; + } + if (ecc_curve_idx == -1 || ecc_q_idx == -1) return gpg_error (GPG_ERR_UNKNOWN_SEXP); + + curve_oid = get_ecc_curve_oid (parm[ecc_curve_idx].value, + parm[ecc_curve_idx].valuelen, + &curve_oidlen); + if (!curve_oid) + return gpg_error (GPG_ERR_UNKNOWN_SEXP); } - - - /* Create write object. We create the keyinfo in 2 steps: 1. we - build the inner one and encapsulate it in bit string. 2. we - create the outer sequence include the algorithm identifier and - the bit string from step 1 */ + else /* This is RSA. */ + { + /* Check that the names match the requirements for RSA */ + s = "ne"; + if (parmidx != strlen (s)) + return gpg_error (GPG_ERR_UNKNOWN_SEXP); + for (i=0; i < parmidx; i++) + { + if (parm[i].namelen != 1 || parm[i].name[0] != s[i]) + return gpg_error (GPG_ERR_UNKNOWN_SEXP); + } + } + + /* Create write object. */ err = ksba_writer_new (&writer); if (err) goto leave; err = ksba_writer_set_mem (writer, 1024); if (err) goto leave; + + if (is_ecc) + { + /* Write the bit string header and the number of unused bits. */ + err = _ksba_ber_write_tl (writer, TYPE_BIT_STRING, CLASS_UNIVERSAL, + 0, parm[ecc_q_idx].valuelen + 1); + if (!err) + err = ksba_writer_write (writer, "", 1); + /* And the actual raw value. */ + if (!err) + err = ksba_writer_write (writer, parm[ecc_q_idx].value, + parm[ecc_q_idx].valuelen); + if (err) + goto leave; - /* calculate the size of the sequence value and the size of the - bit string value */ - for (n=0, i=0; i < parmidx; i++ ) + } + else /* RSA */ { - n += _ksba_ber_count_tl (TYPE_INTEGER, CLASS_UNIVERSAL, 0, - parm[i].valuelen); - n += parm[i].valuelen; - } - - n1 = 1; /* # of unused bits */ - n1 += _ksba_ber_count_tl (TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n); - n1 += n; + /* For RSA we create the keyinfo in 2 steps: - /* write the bit string header and the number of unused bits */ - err = _ksba_ber_write_tl (writer, TYPE_BIT_STRING, CLASS_UNIVERSAL, 0, n1); - if (!err) - err = ksba_writer_write (writer, "", 1); - if (err) - goto leave; + 1. We build the inner one and encapsulate it in bit string. + + 2. We create the outer sequence include the algorithm identifier + and the bit string from step 1. + */ + + /* Calculate the size of the sequence value and the size of the bit + string value */ + for (n=0, i=0; i < parmidx; i++ ) + { + n += _ksba_ber_count_tl (TYPE_INTEGER, CLASS_UNIVERSAL, 0, + parm[i].valuelen); + n += parm[i].valuelen; + } - /* write the sequence tag and the integers */ - err = _ksba_ber_write_tl (writer, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n); - if (err) - goto leave; - for (i=0; i < parmidx; i++) - { - /* fixme: we should make sure that the integer conforms to the - ASN.1 encoding rules. */ - err = _ksba_ber_write_tl (writer, TYPE_INTEGER, CLASS_UNIVERSAL, 0, - parm[i].valuelen); + n1 = 1; /* # of unused bits. */ + n1 += _ksba_ber_count_tl (TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n); + n1 += n; + + /* Write the bit string header and the number of unused bits. */ + err = _ksba_ber_write_tl (writer, TYPE_BIT_STRING, CLASS_UNIVERSAL, + 0, n1); if (!err) - err = ksba_writer_write (writer, parm[i].value, parm[i].valuelen); + err = ksba_writer_write (writer, "", 1); if (err) goto leave; + + /* Write the sequence tag and the integers. */ + err = _ksba_ber_write_tl (writer, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n); + if (err) + goto leave; + for (i=0; i < parmidx; i++) + { + /* fixme: we should make sure that the integer conforms to the + ASN.1 encoding rules. */ + err = _ksba_ber_write_tl (writer, TYPE_INTEGER, CLASS_UNIVERSAL, 0, + parm[i].valuelen); + if (!err) + err = ksba_writer_write (writer, parm[i].value, parm[i].valuelen); + if (err) + goto leave; + } } - /* get the encoded bit string */ + /* Get the encoded bit string. */ bitstr_value = ksba_writer_snatch_mem (writer, &bitstr_len); if (!bitstr_value) { err = gpg_error (GPG_ERR_ENOMEM); goto leave; } - /* reinitialize the buffer to create the outer sequence */ + /* Reinitialize the buffer to create the outer sequence. */ err = ksba_writer_set_mem (writer, 1024); if (err) goto leave; - /* calulate lengths */ + /* Calulate lengths. */ n = _ksba_ber_count_tl (TYPE_OBJECT_ID, CLASS_UNIVERSAL, 0, oidlen); n += oidlen; - n += _ksba_ber_count_tl (TYPE_NULL, CLASS_UNIVERSAL, 0, 0); - + if (is_ecc) + { + n += _ksba_ber_count_tl (TYPE_OBJECT_ID, CLASS_UNIVERSAL, + 0, curve_oidlen); + n += curve_oidlen; + } + else + { + n += _ksba_ber_count_tl (TYPE_NULL, CLASS_UNIVERSAL, 0, 0); + } + n1 = n; n1 += _ksba_ber_count_tl (TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n); n1 += bitstr_len; - /* the outer sequence */ + /* The outer sequence. */ err = _ksba_ber_write_tl (writer, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n1); if (err) goto leave; - /* the sequence */ + /* The sequence. */ err = _ksba_ber_write_tl (writer, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n); if (err) goto leave; - /* the object id */ + /* The object id. */ err = _ksba_ber_write_tl (writer, TYPE_OBJECT_ID,CLASS_UNIVERSAL, 0, oidlen); if (!err) err = ksba_writer_write (writer, oid, oidlen); if (err) goto leave; - /* the parameter */ - err = _ksba_ber_write_tl (writer, TYPE_NULL, CLASS_UNIVERSAL, 0, 0); + + /* The parameter. */ + if (is_ecc) + { + err = _ksba_ber_write_tl (writer, TYPE_OBJECT_ID, CLASS_UNIVERSAL, + 0, curve_oidlen); + if (!err) + err = ksba_writer_write (writer, curve_oid, curve_oidlen); + } + else /* RSA */ + { + err = _ksba_ber_write_tl (writer, TYPE_NULL, CLASS_UNIVERSAL, 0, 0); + } if (err) goto leave; - /* append the pre-constructed bit string */ + /* Append the pre-constructed bit string. */ err = ksba_writer_write (writer, bitstr_value, bitstr_len); if (err) goto leave; - /* and get the result */ + /* Get the result. */ *r_der = ksba_writer_snatch_mem (writer, r_derlen); if (!*r_der) - err = gpg_error (GPG_ERR_ENOMEM); + err = gpg_error (GPG_ERR_ENOMEM); leave: ksba_writer_release (writer); xfree (bitstr_value); + xfree (curve_oid); return err; } @@ -824,7 +1040,7 @@ err = get_algorithm (1, der, derlen, &nread, &off, &len, &is_bitstr, - NULL, NULL); + NULL, NULL, NULL); if (err) return err; Modified: trunk/src/oid.c =================================================================== --- trunk/src/oid.c 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/src/oid.c 2007-04-06 12:58:07 UTC (rev 268) @@ -237,9 +237,28 @@ } +/* Convert the string in BUFFER which is of length BUFLEN to its DER + encoding and returns it in a new allocated buffer RBUF and its + length in RLENGTH. RBUF is set to NULL if an error is returned. + The caller must free the returned buffer using ksba_free() or the + function he has registered as a replacement. */ +gpg_error_t +_ksba_oid_from_buf (const void *buffer, size_t buflen, + unsigned char **rbuf, size_t *rlength) +{ + gpg_error_t err; + char *string; - - - - - + string = xtrymalloc (buflen+1); + if (!string) + { + *rbuf = NULL; + *rlength = 0; + return gpg_error_from_syserror (); + } + memcpy (string, buffer, buflen); + string[buflen] = 0; + err = ksba_oid_from_str (string, rbuf, rlength); + xfree (string); + return err; +} Modified: trunk/tests/cert-basic.c =================================================================== --- trunk/tests/cert-basic.c 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/tests/cert-basic.c 2007-04-06 12:58:07 UTC (rev 268) @@ -97,6 +97,7 @@ else if (*p == ')') { putchar (*p); + p++; if (--level <= 0 ) return; } @@ -108,7 +109,8 @@ else { char *endp; - unsigned long n; + unsigned long n, i; + int need_hex; n = strtoul (p, &endp, 10); p = endp; @@ -117,10 +119,33 @@ fputs ("[invalid s-exp]", stdout); return; } - putchar('#'); - for (p++; n; n--, p++) - printf ("%02X", *p); - putchar('#'); + p++; + for (i=0; i < n; i++) + if ( !((p[i] >='A' && p[i] <= 'Z') + || (p[i] >='a' && p[i] <='z') + || (p[i] >='0' && p[i] <='9') + || p[i] == '-' + || p[i] == '.')) + break; + need_hex = (i='A' && *p <= 'Z') || (*p >='a' && *p <='z')))) + printf ("%lu:", n); + + if (need_hex) + { + putchar('#'); + for (; n; n--, p++) + printf ("%02X", *p); + putchar('#'); + } + else + { + for (; n; n--, p++) + putchar (*p); + } + putchar(' '); } } } Modified: trunk/tests/samples/README =================================================================== --- trunk/tests/samples/README 2007-01-30 20:11:15 UTC (rev 267) +++ trunk/tests/samples/README 2007-04-06 12:58:07 UTC (rev 268) @@ -38,5 +38,16 @@ ov2-user.crt User certificate ov2-userrev.crt A user certificate revoked by OCSP +Certificates downloaded on 2007-04-05 from +http://dev.experimentalstuff.com:8082/CIC_sample-certs_2006-06-22.zip +and converted to binary format. These are signed with +ECDSA-P256-SHA384, ECDSA-P256-SHA512, and ECDSA-P384-SHA512. + secp256r1-sha384_cert.crt + secp256r1-sha512_cert.crt + secp384r1-sha512_cert.crt +From http://dev.experimentalstuff.com:8082/certs/secp256r1ca.cert.pem + + openssl-secp256r1ca.cert.crt + Added: trunk/tests/samples/openssl-secp256r1ca.cert.crt =================================================================== (Binary files differ) Property changes on: trunk/tests/samples/openssl-secp256r1ca.cert.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/tests/samples/secp256r1-sha384_cert.crt =================================================================== (Binary files differ) Property changes on: trunk/tests/samples/secp256r1-sha384_cert.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/tests/samples/secp256r1-sha512_cert.crt =================================================================== (Binary files differ) Property changes on: trunk/tests/samples/secp256r1-sha512_cert.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/tests/samples/secp384r1-sha512_cert.crt =================================================================== (Binary files differ) Property changes on: trunk/tests/samples/secp384r1-sha512_cert.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream From cvs at cvs.gnupg.org Mon Apr 9 18:00:05 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Mon, 09 Apr 2007 18:00:05 +0200 Subject: [svn] gcry - r1227 - trunk/doc Message-ID: Author: marcus Date: 2007-04-09 18:00:03 +0200 (Mon, 09 Apr 2007) New Revision: 1227 Modified: trunk/doc/ChangeLog trunk/doc/gcrypt.texi Log: 2007-04-09 Marcus Brinkmann * gcrypt.texi: Fix some typos. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-03-28 10:47:25 UTC (rev 1226) +++ trunk/doc/ChangeLog 2007-04-09 16:00:03 UTC (rev 1227) @@ -1,3 +1,7 @@ +2007-04-09 Marcus Brinkmann + + * gcrypt.texi: Fix some typos. + 2006-11-05 Moritz Schulte * gcrypt.texi (General public-key related Functions): Typo. Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2007-03-28 10:47:25 UTC (rev 1226) +++ trunk/doc/gcrypt.texi 2007-04-09 16:00:03 UTC (rev 1227) @@ -61,7 +61,7 @@ @menu -* Introduction:: What is @acronym{Libgcrypt}. +* Introduction:: What is Libgcrypt. * Preparation:: What you should do before using the library. * Generalities:: General library functions and data types. * Handler Functions:: Working with handler functions. @@ -78,9 +78,9 @@ Appendices * Library Copying:: The GNU Lesser General Public License - says how you can copy and share `Libgcrypt'. + says how you can copy and share Libgcrypt. * Copying:: The GNU General Public License says how you - can copy and share some parts of `Libgcrypt'. + can copy and share some parts of Libgcrypt. Indices @@ -92,7 +92,7 @@ Introduction * Getting Started:: How to use this manual. -* Features:: A glance at @acronym{Libgcrypt}'s features. +* Features:: A glance at Libgcrypt's features. * Overview:: Overview about the library. Preparation @@ -100,10 +100,10 @@ * Building sources:: How to build sources using the library. * Building sources using Automake:: How to build sources with the help of Automake. * Initializing the library:: How to initialize the library. -* Multi Threading:: How @acronym{Libgcrypt} can be used in a MT environment. +* Multi-Threading:: How Libgcrypt can be used in a MT environment. Generalities -* Controlling the library:: Controlling @acronym{Libgcrypt}'s behavior. +* Controlling the library:: Controlling Libgcrypt's behavior. * Modules:: Description of extension modules. * Error Handling:: Error codes and such. @@ -141,7 +141,7 @@ * Handle-independent functions:: General functions independent of handles. Random Numbers -* Quality of random numbers:: @acronym{Libgcrypt} uses different quality levels. +* Quality of random numbers:: Libgcrypt uses different quality levels. * Retrieving random numbers:: How to retrieve random numbers. S-expressions @@ -181,18 +181,18 @@ @c ********************************************************** @node Introduction @chapter Introduction -`@acronym{Libgcrypt}' is a library providing cryptographic building blocks. +Libgcrypt is a library providing cryptographic building blocks. @menu * Getting Started:: How to use this manual. -* Features:: A glance at @acronym{Libgcrypt}'s features. +* Features:: A glance at Libgcrypt's features. * Overview:: Overview about the library. @end menu @node Getting Started @section Getting Started -This manual documents the `@acronym{Libgcrypt}' library application programming +This manual documents the Libgcrypt library application programming interface (API). All functions and data types provided by the library are explained. @@ -213,7 +213,7 @@ @node Features @section Features -`Libgcrypt' might have a couple of advantages over other libraries doing +Libgcrypt might have a couple of advantages over other libraries doing a similar job. @table @asis @@ -226,8 +226,8 @@ list of these parts. @item It encapsulates the low level cryptography -`@acronym{Libgcrypt}' provides a high level interface to cryptographic building -blocks using an extendable and flexible API. +Libgcrypt provides a high level interface to cryptographic +building blocks using an extensible and flexible API. @end table @@ -235,15 +235,15 @@ @section Overview @noindent -The `@acronym{Libgcrypt}' library is fully thread-safe, where it makes -sense to be thread-safe. An exception for thread-safety are some -cryptographic functions that modify a certain context stored in -handles. If the user really intents to use such functions from -different threads on the same handle, he has to take care of the -serialization of such functions himself. If not described otherwise, -every function is thread-safe. +The Libgcrypt library is fully thread-safe, where it makes +sense to be thread-safe. Not thread-safe are some cryptographic +functions that modify a certain context stored in handles. If the +user really intents to use such functions from different threads on +the same handle, he has to take care of the serialization of such +functions himself. If not described otherwise, every function is +thread-safe. - at acronym{Libgcrypt} depends on the library `libgpg-error', which +Libgcrypt depends on the library `libgpg-error', which contains common error handling related code for GnuPG components. @c ********************************************************** @@ -252,7 +252,7 @@ @node Preparation @chapter Preparation -To use `@acronym{Libgcrypt}', you have to perform some changes to your +To use Libgcrypt, you have to perform some changes to your sources and the build system. The necessary changes are small and explained in the following sections. At the end of this chapter, it is described how the library is initialized, and how the requirements @@ -263,7 +263,7 @@ * Building sources:: How to build sources using the library. * Building sources using Automake:: How to build sources with the help of Automake. * Initializing the library:: How to initialize the library. -* Multi Threading:: How @acronym{Libgcrypt} can be used in a MT environment. +* Multi-Threading:: How Libgcrypt can be used in a MT environment. @end menu @@ -279,16 +279,15 @@ #include @end example -The name space of `@acronym{Libgcrypt}' is @code{gcry_*} for function +The name space of Libgcrypt is @code{gcry_*} for function and type names and @code{GCRY*} for other symbols. In addition the same name prefixes with one prepended underscore are reserved for -internal use and should never be used by an application. Furthermore -`libgpg-error' defines functions prefixed with `gpg_' and preprocessor -symbols prefixed with `GPG_'. Note that @acronym{Libgcrypt} uses -libgpg-error, which uses @code{gpg_err_*} as name space for function -and type names and @code{GPG_ERR_*} for other symbols, including all -the error codes. +internal use and should never be used by an application. Note that +Libgcrypt uses libgpg-error, which uses @code{gpg_*} as +name space for function and type names and @code{GPG_*} for other +symbols, including all the error codes. + @node Building sources @section Building sources @@ -299,7 +298,7 @@ file search path (via the @option{-I} option). However, the path to the include file is determined at the time the -source is configured. To solve this problem, `@acronym{Libgcrypt}' ships with a small +source is configured. To solve this problem, Libgcrypt ships with a small helper program @command{libgcrypt-config} that knows the path to the include file and other configuration options. The options that need to be added to the compiler invocation at compile time are output by @@ -311,7 +310,7 @@ @end example Adding the output of @samp{libgcrypt-config --cflags} to the compilers -command line will ensure that the compiler can find the `@acronym{Libgcrypt}' header +command line will ensure that the compiler can find the Libgcrypt header file. A similar problem occurs when linking the program with the library. @@ -320,8 +319,8 @@ (via the @option{-L} option). For this, the option @option{--libs} to @command{libgcrypt-config} can be used. For convenience, this option also outputs all other options that are required to link the program -with the `@acronym{Libgcrypt}' libraries (in particular, the @samp{-lgcrypt} -option). The example shows how to link @file{foo.o} with the `@acronym{Libgcrypt}' +with the Libgcrypt libraries (in particular, the @samp{-lgcrypt} +option). The example shows how to link @file{foo.o} with the Libgcrypt library to a program @command{foo}. @example @@ -339,9 +338,9 @@ @section Building sources using Automake It is much easier if you use GNU Automake instead of writing your own -Makefiles. If you do that you do not have to worry about finding and +Makefiles. If you do that, you do not have to worry about finding and invoking the @command{libgcrypt-config} script at all. - at acronym{Libgcrypt} provides an extension to Automake that does all +Libgcrypt provides an extension to Automake that does all the work for you. @c A simple macro for optional variables. @@ -349,7 +348,7 @@ @r{[}@var{\varname\}@r{]} @end macro @defmac AM_PATH_LIBGCRYPT (@ovar{minimum-version}, @ovar{action-if-found}, @ovar{action-if-not-found}) -Check whether @acronym{Libgcrypt} (at least version +Check whether Libgcrypt (at least version @var{minimum-version}, if given) exists on the host system. If it is found, execute @var{action-if-found}, otherwise do @var{action-if-not-found}, if given. @@ -357,7 +356,7 @@ Additionally, the function defines @code{LIBGCRYPT_CFLAGS} to the flags needed for compilation of the program to find the @file{gcrypt.h} header file, and @code{LIBGCRYPT_LIBS} to the linker -flags needed to link the program to the @acronym{Libgcrypt} library. +flags needed to link the program to the Libgcrypt library. @end defmac You can use the defined Autoconf variables like this in your @@ -371,28 +370,36 @@ @node Initializing the library @section Initializing the library -It is often desirable to check that the version of `@acronym{Libgcrypt}' used is -indeed one which fits all requirements. Even with binary compatibility -new features may have been introduced but due to problem with the -dynamic linker an old version is actually used. So you may want to -check that the version is okay right after program startup. +Before the library can be used, it must initialize itself. This is +achieved by invoking the function @code{gcry_check_version} described +below. +Also, it is often desirable to check that the version of +Libgcrypt used is indeed one which fits all requirements. +Even with binary compatibility, new features may have been introduced, +but due to problem with the dynamic linker an old version may actually +be used. So you may want to check that the version is okay right +after program startup. + @deftypefun const char *gcry_check_version (const char *@var{req_version}) -The function @code{gcry_check_version} has three purposes. It can be -used to retrieve the version number of the library. In addition it -can verify that the version number is higher than a certain required -version number. +The function @code{gcry_check_version} initializes the sub-systems +used by Libgcrypt and must be invoked before any other function in the +library, with the exception of the @code{GCRYCTL_SET_THREAD_CBS} +command (called via the @code{gcry_control} function), see + at xref{Multi-Threading}. -In either case, the function initializes some sub-systems, and for -this reason alone it must be invoked early in your program, before you -make use of the other functions of @acronym{Libgcrypt}. +Furthermore, this function returns the version number of the library. +It can also verify that the version number is higher than a certain +required version number @var{req_version}, if this value is not a null +pointer. @end deftypefun - at node Multi Threading - at section Multi Threading -As mentioned earlier, the `@acronym{Libgcrypt}' library is + at node Multi-Threading + at section Multi-Threading + +As mentioned earlier, the Libgcrypt library is thread-safe if you adhere to the following requirements: @itemize @bullet @@ -431,12 +438,12 @@ The function @code{gcry_check_version} must be called before any other function in the library, except the @code{GCRYCTL_SET_THREAD_CBS} command (called via the @code{gcry_control} function), because it -initializes the thread support subsystem in @acronym{Libgcrypt}. To +initializes the thread support subsystem in Libgcrypt. To achieve this in multi-threaded programs, you must synchronize the memory with respect to other threads that also want to use - at acronym{Libgcrypt}. For this, it is sufficient to call +Libgcrypt. For this, it is sufficient to call @code{gcry_check_version} before creating the other threads using - at acronym{Libgcrypt}@footnote{At least this is true for POSIX threads, +Libgcrypt at footnote{At least this is true for POSIX threads, as @code{pthread_create} is a function that synchronizes memory with respects to other threads. There are many functions which have this property, a complete list can be found in POSIX, IEEE Std 1003.1-2003, @@ -446,12 +453,13 @@ @item -As with the function @code{gpg_strerror}, @code{gcry_strerror} is not -thread safe. You have to use @code{gpg_strerror_r} instead. +Just like the function @code{gpg_strerror}, the function + at code{gcry_strerror} is not thread safe. You have to use + at code{gpg_strerror_r} instead. @end itemize - at acronym{Libgcrypt} contains convenient macros, which define the +Libgcrypt contains convenient macros, which define the necessary thread callbacks for PThread and for GNU Pth: @table @code @@ -488,7 +496,7 @@ @chapter Generalities @menu -* Controlling the library:: Controlling @acronym{Libgcrypt}'s behavior. +* Controlling the library:: Controlling Libgcrypt's behavior. * Modules:: Description of extension modules. * Error Handling:: Error codes and such. @end menu @@ -499,7 +507,7 @@ @deftypefun gcry_error_t gcry_control (enum gcry_ctl_cmds @var{cmd}, ...) This function can be used to influence the general behavior of - at acronym{Libgcrypt} in several ways. Depending on @var{cmd}, more +Libgcrypt in several ways. Depending on @var{cmd}, more arguments can or have to be provided. @table @code @@ -581,7 +589,7 @@ @node Modules @section Modules - at acronym{Libgcrypt} supports the use of `extension modules', which +Libgcrypt supports the use of `extension modules', which implement algorithms in addition to those already built into the library directly. @@ -595,7 +603,7 @@ category. This ID can be used to reference the newly registered module. After registering a module successfully, the new functionality should be able to be used through the normal functions provided by - at acronym{Libgcrypt} until it is unregistered again. +Libgcrypt until it is unregistered again. @c ********************************************************** @c ******************* Errors **************************** @@ -603,7 +611,7 @@ @node Error Handling @section Error Handling -Many functions in @acronym{Libgcrypt} can return an error if they +Many functions in Libgcrypt can return an error if they fail. For this reason, the application should always catch the error condition and take appropriate measures, for example by releasing the resources and passing the error up to the caller, or by displaying a @@ -618,20 +626,20 @@ specific meanings if returned by a certain functions. Such cases are described in the documentation of those functions. - at acronym{Libgcrypt} uses the @code{libgpg-error} library. This allows -to share the error codes with other components of the GnuPG system, -and thus pass error values transparently from the crypto engine, or -some helper application of the crypto engine, to the user. This way -no information is lost. As a consequence, @acronym{Libgcrypt} does -not use its own identifiers for error codes, but uses those provided -by @code{libgpg-error}. They usually start with @code{GPG_ERR_}. +Libgcrypt uses the @code{libgpg-error} library. This allows to share +the error codes with other components of the GnuPG system, and to pass +error values transparently from the crypto engine, or some helper +application of the crypto engine, to the user. This way no +information is lost. As a consequence, Libgcrypt does not use its own +identifiers for error codes, but uses those provided by + at code{libgpg-error}. They usually start with @code{GPG_ERR_}. -However, @acronym{Libgcrypt} does provide aliases for the functions +However, Libgcrypt does provide aliases for the functions defined in libgpg-error, which might be preferred for name space consistency. -Most functions in @acronym{Libgcrypt} return an error code in the case +Most functions in Libgcrypt return an error code in the case of failure. For this reason, the application should always catch the error condition and take appropriate measures, for example by releasing the resources and passing the error up to the caller, or by @@ -691,7 +699,7 @@ (@code{GPG_ERR_NO_ERROR}), and that in this case all other parts of the error value are set to 0, too. -Note that in @acronym{Libgcrypt}, the error source is used purely for +Note that in Libgcrypt, the error source is used purely for diagnostic purposes. Only the error code should be checked to test for a certain outcome of a function. The manual only documents the error code part of an error value. The error source is left @@ -829,7 +837,7 @@ @item GPG_ERR_SOURCE_USER_4 These error sources are not used by any GnuPG component and can be used by other software. For example, applications using - at acronym{Libgcrypt} can use them to mark error values coming from callback +Libgcrypt can use them to mark error values coming from callback handlers. Thus @code{GPG_ERR_SOURCE_USER_1} is the default for errors created with @code{gcry_error} and @code{gcry_error_from_errno}, unless you define @code{GCRY_ERR_SOURCE_DEFAULT} before including @@ -914,7 +922,7 @@ @item ... @item GPG_ERR_USER_16 These error codes are not used by any GnuPG component and can be -freely used by other software. Applications using @acronym{Libgcrypt} +freely used by other software. Applications using Libgcrypt might use them to mark specific errors returned by callback handlers if no suitable error codes (including the system errors) for these errors exist already. @@ -967,8 +975,8 @@ @node Handler Functions @chapter Handler Functions - at acronym{Libgcrypt} makes it possible to install so called `handler functions', -which get called by @acronym{Libgcrypt} in case of certain events. +Libgcrypt makes it possible to install so called `handler functions', +which get called by Libgcrypt in case of certain events. @menu * Progress handler:: Using a progress handler function. @@ -1048,7 +1056,7 @@ @node Allocation handler @section Allocation handler -It is possible to make @acronym{Libgcrypt} use special memory +It is possible to make Libgcrypt use special memory allocation functions instead of the built-in ones. Memory allocation functions are of the following types: @@ -1077,7 +1085,7 @@ @section Error handler The following functions may be used to register handler functions that -are called by @acronym{Libgcrypt} in case certain error conditions +are called by Libgcrypt in case certain error conditions occur. @deftp {Data type} gcry_handler_no_mem_t @@ -1107,7 +1115,7 @@ @deftypefun void gcry_set_log_handler (gcry_handler_log_t @var{func_log}, void *@var{cb_data}) This function registers @var{func_log} as `logging handler', which -means that it will be called in case @acronym{Libgcrypt} wants to log +means that it will be called in case Libgcrypt wants to log a message. @end deftypefun @@ -1121,7 +1129,7 @@ The cipher functions are used for symmetrical cryptography, i.e. cryptography using a shared key. The programming model follows an open/process/close paradigm and is in that similar to other -building blocks provided by @acronym{Libgcrypt}. +building blocks provided by Libgcrypt. @menu * Available ciphers:: List of ciphers supported by the library. @@ -1210,10 +1218,10 @@ @node Cipher modules @section Cipher modules - at acronym{Libgcrypt} makes it possible to load additional `cipher -modules'; these cipher can be used just like the cipher algorithms -that are built into the library directly. For an introduction into -extension modules, see @xref{Modules}. +Libgcrypt makes it possible to load additional `cipher modules'; these +ciphers can be used just like the cipher algorithms that are built +into the library directly. For an introduction into extension +modules, see @xref{Modules}. @deftp {Data type} gcry_cipher_spec_t This is the `module specification structure' needed for registering @@ -1382,10 +1390,10 @@ @table @code @item GCRY_CIPHER_SECURE Make sure that all operations are allocated in secure memory. This is -useful, when the key material is highly confidential. +useful when the key material is highly confidential. @item GCRY_CIPHER_ENABLE_SYNC This flag enables the CFB sync mode, which is a special feature of - at acronym{Libgcrypt}'s CFB mode implementation to allow for OpenPGP's CFB variant. +Libgcrypt's CFB mode implementation to allow for OpenPGP's CFB variant. See @code{gcry_cipher_sync}. @item GCRY_CIPHER_CBC_CTS Enable cipher text stealing (CTS) for the CBC mode. Cannot be used @@ -1418,8 +1426,8 @@ function checks this and returns an error if there is a problem. A caller should always check for an error. -Note, this is currently implemented as a macro but may be changed to a -function in the future. +Note that this is currently implemented as a macro but may be changed +to a function in the future. @end deftypefun Most crypto modes requires an initialization vector (IV), which @@ -1432,7 +1440,7 @@ Set the initialization vector used for encryption or decryption. The vector is passed as the buffer @var{K} of length @var{l} and copied to internal data structures. The function checks that the IV matches the -requirement of the selected algorithm and mode. Note, that this is +requirement of the selected algorithm and mode. Note that this is implemented as a macro. @end deftypefun @@ -1442,7 +1450,7 @@ is passed as the buffer @var{c} of length @var{l} and copied to internal data structures. The function checks that the counter matches the requirement of the selected algorithm (i.e., it must be -the same size as the block size). Note, that this is implemented as a +the same size as the block size). Note that this is implemented as a macro. @end deftypefun @@ -1451,7 +1459,7 @@ Set the given handle's context back to the state it had after the last call to gcry_cipher_setkey and clear the initialization vector. -Note, that gcry_cipher_reset is implemented as a macro. +Note that gcry_cipher_reset is implemented as a macro. @end deftypefun The actual encryption and decryption is done by using one of the @@ -1469,7 +1477,7 @@ @var{inlen} bytes are encrypted to the buffer @var{out} which must have at least a size of @var{inlen}. @var{outsize} must be set to the allocated size of @var{out}, so that the function can check that there -is sufficient space. Note, that overlapping buffers are not allowed. +is sufficient space. Note that overlapping buffers are not allowed. Depending on the selected algorithms and encryption mode, the length of the buffers must be a multiple of the block size. @@ -1489,7 +1497,7 @@ @var{inlen} bytes are decrypted to the buffer @var{out} which must have at least a size of @var{inlen}. @var{outsize} must be set to the allocated size of @var{out}, so that the function can check that there -is sufficient space. Note, that overlapping buffers are not allowed. +is sufficient space. Note that overlapping buffers are not allowed. Depending on the selected algorithms and encryption mode, the length of the buffers must be a multiple of the block size. @@ -1499,11 +1507,11 @@ OpenPGP (as defined in RFC-2440) requires a special sync operation in -some places, the following function is used for this: +some places. The following function is used for this: @deftypefun gcry_error_t gcry_cipher_sync (gcry_cipher_hd_t @var{h}) -Perform the OpenPGP sync operation on context @var{h}. Note, that this +Perform the OpenPGP sync operation on context @var{h}. Note that this is a no-op unless the context was created with the flag @code{GCRY_CIPHER_ENABLE_SYNC} @end deftypefun @@ -1602,12 +1610,12 @@ @node Hashing @chapter Hashing - at acronym{Libgcrypt} provides an easy and consistent to use interface +Libgcrypt provides an easy and consistent to use interface for hashing. Hashing is buffered and several hash algorithms can be updated at once. It is possible to calculate a MAC using the same routines. The programming model follows an open/process/close paradigm and is in that similar to other building blocks provided by - at acronym{Libgcrypt}. +Libgcrypt. For convenience reasons, a few cyclic redundancy check value operations are also supported. @@ -1690,7 +1698,7 @@ @node Hash algorithm modules @section Hash algorithm modules - at acronym{Libgcrypt} makes it possible to load additional `message +Libgcrypt makes it possible to load additional `message digest modules'; these digests can be used just like the message digest algorithms that are built into the library directly. For an introduction into extension modules, see @xref{Modules}. @@ -1948,7 +1956,7 @@ @var{algo}. This required size may be obtained by using the function @code{gcry_md_get_algo_dlen}. -Note, that this function will abort the process if an unavailable +Note that this function will abort the process if an unavailable algorithm is used. @end deftypefun @@ -2019,7 +2027,7 @@ @deftypefun int gcry_md_get_algo (gcry_md_hd_t @var{h}) -Retrieve the algorithm used with the handle @var{h}. Note, that this +Retrieve the algorithm used with the handle @var{h}. Note that this does not work reliable if more than one algorithm is enabled in @var{h}. @end deftypefun @@ -2042,7 +2050,7 @@ Tracking bugs related to hashing is often a cumbersome task which requires to add a lot of printf statements into the code. - at acronym{Libgcrypt} provides an easy way to avoid this. The actual data +Libgcrypt provides an easy way to avoid this. The actual data hashed can be written to files on request. @deftypefun void gcry_md_debug (gcry_md_hd_t @var{h}, const char *@var{suffix}) @@ -2088,7 +2096,7 @@ Public key cryptography, also known as asymmetric cryptography, is an easy way for key management and to provide digital signatures. - at acronym{Libgcrypt} provides two completely different interfaces to +Libgcrypt provides two completely different interfaces to public key cryptography, this chapter explains the one based on S-expressions. @@ -2103,16 +2111,16 @@ @node Available algorithms @section Available algorithms - at acronym{Libgcrypt} supports the RSA (Rivest-Shamir-Adleman) algorithms as well +Libgcrypt supports the RSA (Rivest-Shamir-Adleman) algorithms as well as DSA (Digital Signature Algorithm) and ElGamal. The versatile interface allows to add more algorithms in the future. @node Used S-expressions @section Used S-expressions - at acronym{Libgcrypt}'s API for asymmetric cryptography is based on data +Libgcrypt's API for asymmetric cryptography is based on data structures called S-expressions (see XXXX) and does not work with -contexts as most of the other building blocks of @acronym{Libgcrypt} +contexts as most of the other building blocks of Libgcrypt do. The following information are stored in S-expressions: @@ -2129,7 +2137,7 @@ @end table @noindent -To describe how @acronym{Libgcrypt} expect keys, we use some examples. Note that +To describe how Libgcrypt expect keys, we use some examples. Note that words in @ifnottex uppercase @@ -2208,7 +2216,7 @@ @node Public key modules @section Public key modules - at acronym{Libgcrypt} makes it possible to load additional `public key +Libgcrypt makes it possible to load additional `public key modules'; these public key algorithms can be used just like the algorithms that are built into the library directly. For an introduction into extension modules, see @xref{Modules}. @@ -2339,7 +2347,7 @@ @section Cryptographic Functions @noindent -Note, that we will in future allow to use keys without p,q and u +Note that we will in future allow to use keys without p,q and u specified and may also support other parameters for performance reasons. @@ -2375,7 +2383,7 @@ operation, like e.g. padding rules. @noindent -If you don't want to let @acronym{Libgcrypt} handle the padding, you must pass an +If you don't want to let Libgcrypt handle the padding, you must pass an appropriate MPI using this expression for @var{data}: @example @@ -2405,7 +2413,7 @@ If the function could successfully perform the encryption, the return value will be 0 and a a new S-expression with the encrypted result is -allocated and assign to the variable at the address of @var{r_ciph}. +allocated and assigned to the variable at the address of @var{r_ciph}. The caller is responsible to release this value using @code{gcry_sexp_release}. In case of an error, an error code is returned and @var{r_ciph} will be set to @code{NULL}. @@ -2453,7 +2461,7 @@ @end example @noindent -Note, that this function currently does not know of any padding +Note that this function currently does not know of any padding methods and the caller must do any un-padding on his own. @noindent @@ -2474,7 +2482,7 @@ Another operation commonly performed using public key cryptography is signing data. In some sense this is even more important than encryption because digital signatures are an important instrument for -key management. @acronym{Libgcrypt} supports digital signatures using +key management. Libgcrypt supports digital signatures using 2 functions, similar to the encryption functions: @deftypefun gcry_error_t gcry_pk_sign (@w{gcry_sexp_t *@var{r_sig},} @w{gcry_sexp_t @var{data},} @w{gcry_sexp_t @var{skey}}) @@ -2483,7 +2491,7 @@ private key @var{skey} and place it into the variable at the address of @var{r_sig}. @var{data} may either be the simple old style S-expression with just one MPI or a modern and more versatile S-expression which -allows to let @acronym{Libgcrypt} handle padding: +allows to let Libgcrypt handle padding: @example (data @@ -2495,7 +2503,7 @@ This example requests to sign the data in @var{block} after applying PKCS#1 block type 1 style padding. @var{hash-algo} is a string with the hash algorithm to be encoded into the signature, this may be any hash -algorithm name as supported by @acronym{Libgcrypt}. Most likely, this will be +algorithm name as supported by Libgcrypt. Most likely, this will be "sha1", "rmd160" or "md5". It is obvious that the length of @var{block} must match the size of that message digests; the function checks that this and other constraints are valid. @@ -2543,7 +2551,7 @@ @noindent The operation most commonly used is definitely the verification of a -signature. @acronym{Libgcrypt} provides this function: +signature. Libgcrypt provides this function: @deftypefun gcry_error_t gcry_pk_verify (@w{gcry_sexp_t @var{sig}}, @w{gcry_sexp_t @var{data}}, @w{gcry_sexp_t @var{pkey}}) @@ -2587,7 +2595,7 @@ @deftypefun int gcry_pk_test_algo (int @var{algo}) Return 0 if the public key algorithm @var{algo} is available for use. -Note, that this is implemented as a macro. +Note that this is implemented as a macro. @end deftypefun @@ -2612,7 +2620,7 @@ @deftypefun gcry_error_t gcry_pk_testkey (gcry_sexp_t @var{key}) Return zero if the private key @var{key} is `sane', an error code otherwise. -Note, that it is not possible to check the `saneness' of a public key. +Note that it is not possible to check the `saneness' of a public key. @end deftypefun @@ -2620,7 +2628,7 @@ @deftypefun gcry_error_t gcry_pk_algo_info (@w{int @var{algo}}, @w{int @var{what}}, @w{void *@var{buffer}}, @w{size_t *@var{nbytes}}) Depending on the value of @var{what} return various information about -the public key algorithm with the id @var{algo}. Note, that the +the public key algorithm with the id @var{algo}. Note that the function returns @code{-1} on error and the actual error code must be retrieved using the function @code{gcry_errno}. The currently defined values for @var{what} are: @@ -2689,7 +2697,7 @@ @c end gcry_pk_ctl @noindent - at acronym{Libgcrypt} also provides a function for generating public key +Libgcrypt also provides a function for generating public key pairs: @deftypefun gcry_error_t gcry_pk_genkey (@w{gcry_sexp_t *@var{r_key}}, @w{gcry_sexp_t @var{parms}}) @@ -2737,7 +2745,7 @@ @end table @noindent -If this parameter is not used, @acronym{Libgcrypt} uses for historic reasons +If this parameter is not used, Libgcrypt uses for historic reasons 65537. @item qbits @@ -2756,7 +2764,7 @@ w at item N = 15360 Q = 512 @end table -Note, that in this case only the values for N, as given in the table, +Note that in this case only the values for N, as given in the table, are allowed. When specifying Q all values of N in the range 512 to 15680 are valid as long as they are multiples of 8. @@ -2820,7 +2828,7 @@ @node Available asymmetric algorithms @section Available asymmetric algorithms - at acronym{Libgcrypt} supports the RSA (Rivest-Shamir-Adleman) +Libgcrypt supports the RSA (Rivest-Shamir-Adleman) algorithms as well as DSA (Digital Signature Algorithm) and ElGamal. The versatile interface allows to add more algorithms in the future. @@ -3093,12 +3101,12 @@ has the following meanings: @table @code @item = 0 -Let @acronym{Libgcrypt} decide what exponent should be used. +Let Libgcrypt decide what exponent should be used. @item = 1 Request the use of a ``secure'' exponent; this is required by some specification to be 65537. @item > 2 -Try starting at this value until a working exponent is found. Note, +Try starting at this value until a working exponent is found. Note that the current implementation leaks some information about the private key because the incrementation used is not randomized. Thus, this function will be changed in the future to return a random @@ -3336,7 +3344,7 @@ @chapter Random Numbers @menu -* Quality of random numbers:: @acronym{Libgcrypt} uses different quality levels. +* Quality of random numbers:: Libgcrypt uses different quality levels. * Retrieving random numbers:: How to retrieve random numbers. @end menu @@ -3403,7 +3411,7 @@ S-expressions are used by the public key functions to pass complex data structures around. These LISP like objects are used by some -cryptographic protocols (cf. RFC-2692) and @acronym{Libgcrypt} provides functions +cryptographic protocols (cf. RFC-2692) and Libgcrypt provides functions to parse and construct them. For detailed information, see @cite{Ron Rivest, code and description of S-expressions, @uref{http://theory.lcs.mit.edu/~rivest/sexp.html}}. @@ -3417,7 +3425,7 @@ @section Data types for S-expressions @deftp {Data type} gcry_sexp_t -The @code{gcry_sexp_t} type describes an object with the @acronym{Libgcrypt} internal +The @code{gcry_sexp_t} type describes an object with the Libgcrypt internal representation of an S-expression. @end deftp @@ -3425,7 +3433,7 @@ @section Working with S-expressions @noindent -There are several functions to create an @acronym{Libgcrypt} S-expression object +There are several functions to create an Libgcrypt S-expression object from its external representation or from a string template. There is also a function to convert the internal representation back into one of the external formats: @@ -3441,7 +3449,7 @@ the defined external formats. If @var{buffer} does not hold a valid S-expression an error code is returned and @var{r_sexp} set to @code{NULL}. -Note, that the caller is responsible for releasing the newly allocated +Note that the caller is responsible for releasing the newly allocated S-expression using @code{gcry_sexp_release}. @end deftypefun @@ -3452,7 +3460,7 @@ to be a function to release the @var{buffer}; most likely the standard @code{free} function is used for this argument. This has the effect of transferring the ownership of @var{buffer} to the created object in - at var{r_sexp}. The advantage of using this function is that @acronym{Libgcrypt} + at var{r_sexp}. The advantage of using this function is that Libgcrypt might decide to directly use the provided buffer and thus avoid extra copying. @end deftypefun @@ -3492,7 +3500,7 @@ @end table @noindent -No other format characters are defined and would return an error. Note, +No other format characters are defined and would return an error. Note that the format character @samp{%%} does not exists, because a percent sign is not a valid character in an S-expression. @end deftypefun @@ -3538,7 +3546,7 @@ @deftypefun void gcry_sexp_dump (@w{gcry_sexp_t @var{sexp}}) -Dumps @var{sexp} in a format suitable for debugging to @acronym{Libgcrypt}'s +Dumps @var{sexp} in a format suitable for debugging to Libgcrypt's logging stream. @end deftypefun @@ -3597,7 +3605,7 @@ @deftypefun gcry_sexp_t gcry_sexp_cdr (@w{const gcry_sexp_t @var{list}}) Create and return a new list form all elements except for the first one. -Note, that this function may return an invalid S-expression because it +Note that this function may return an invalid S-expression because it is not guaranteed, that the type exists and is a string. However, for parsing a complex S-expression it might be useful for intermediate lists. Returns @code{NULL} on error. @@ -3630,7 +3638,7 @@ This function is used to get and convert data from a @var{list}. This data is assumed to be an MPI stored in the format described by - at var{mpifmt} and returned as a standard @acronym{Libgcrypt} MPI. The caller must + at var{mpifmt} and returned as a standard Libgcrypt MPI. The caller must release this returned value using @code{gcry_mpi_release}. If there is no data at the given index, the index represents a list or the value can't be converted to an MPI, @code{NULL} is returned. @@ -3656,7 +3664,7 @@ Public key cryptography is based on mathematics with large numbers. To implement the public key functions, a library for handling these large numbers is required. Because of the general usefulness of such a -library, its interface is exposed by @acronym{Libgcrypt}. The implementation is +library, its interface is exposed by Libgcrypt. The implementation is based on an old release of GNU Multi-Precision Library (GMP) but in the meantime heavily modified and stripped down to what is required for cryptography. For a lot of CPUs, high performance assembler @@ -3664,7 +3672,7 @@ better performance than with the standard C implementation. @noindent -In the context of @acronym{Libgcrypt} and in most other applications, these large +In the context of Libgcrypt and in most other applications, these large numbers are called MPIs (multi-precision-integers). @node Data types @@ -3686,7 +3694,7 @@ Allocate a new MPI object, initialize it to 0 and initially allocate enough memory for a number of at least @var{nbits}. This pre-allocation is only a small performance issue and not actually necessary because - at acronym{Libgcrypt} automatically re-allocates the required memory. +Libgcrypt automatically re-allocates the required memory. @end deftypefun @deftypefun gcry_mpi_t gcry_mpi_snew (@w{unsigned int @var{nbits}}) @@ -3739,7 +3747,7 @@ @noindent The following functions are used to convert between an external -representation of an MPI and the internal one of @acronym{Libgcrypt}. +representation of an MPI and the internal one of Libgcrypt. @deftypefun gcry_error_t gcry_mpi_scan (@w{gcry_mpi_t *@var{r_mpi}}, @w{enum gcry_mpi_format @var{format}}, @w{const unsigned char *@var{buffer}}, @w{size_t @var{buflen}}, @w{size_t *@var{nscanned}}) @@ -3773,7 +3781,7 @@ @end table @noindent -Note, that all of the above formats store the integer in big-endian +Note that all of the above formats store the integer in big-endian format (MSB first). @end deftypefun @@ -3819,7 +3827,7 @@ @deftypefun void gcry_mpi_add_ui (@w{gcry_mpi_t @var{w}}, @w{gcry_mpi_t @var{u}}, @w{unsigned long @var{v}}) - at math{@var{w} = @var{u} + @var{v}}. Note, that @var{v} is an unsigned integer. + at math{@var{w} = @var{u} + @var{v}}. Note that @var{v} is an unsigned integer. @end deftypefun @@ -3980,7 +3988,7 @@ @deftypefun {void *} gcry_mpi_get_opaque (@w{gcry_mpi_t @var{a}}, @w{unsigned int *@var{nbits}}) Return a pointer to an opaque value stored in @var{a} and return its -size in @var{nbits}. Note, that the returned pointer is still owned by +size in @var{nbits}. Note that the returned pointer is still owned by @var{a} and that the function should never be used for an non-opaque MPI. @end deftypefun @@ -3994,7 +4002,7 @@ @deftypefun void gcry_mpi_clear_flag (@w{gcry_mpi_t @var{a}}, @w{enum gcry_mpi_flag @var{flag}}) -Clear @var{flag} for the big integer @var{a}. Note, that this function is +Clear @var{flag} for the big integer @var{a}. Note that this function is currently useless as no flags are allowed. @end deftypefun From cvs at cvs.gnupg.org Tue Apr 10 12:28:16 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 10 Apr 2007 12:28:16 +0200 Subject: [svn] GPGol - r167 - in trunk: . src Message-ID: Author: wk Date: 2007-04-10 12:28:16 +0200 (Tue, 10 Apr 2007) New Revision: 167 Modified: trunk/AUTHORS trunk/ChangeLog trunk/src/ChangeLog trunk/src/display.cpp Log: Fixed bug 735 Modified: trunk/AUTHORS =================================================================== --- trunk/AUTHORS 2006-12-13 12:56:57 UTC (rev 166) +++ trunk/AUTHORS 2007-04-10 10:28:16 UTC (rev 167) @@ -2,12 +2,18 @@ Contact: info-gpgol at g10code.com Bugs: bug-gpgol at g10code.com -New code and packet maintainer: + g10 Code GmbH + New code and packet maintainer. -All code from the years 2003, 2004 Timo Schulz + All code from the years 2003, 2004 +Daniel Nylander + Swedish translation. + + + Some files may still contain code from the orginal plugin: Copyright (C) 2001 G Data Software AG, http://www.gdata.de Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2006-12-13 12:56:57 UTC (rev 166) +++ trunk/ChangeLog 2007-04-10 10:28:16 UTC (rev 167) @@ -1,3 +1,11 @@ +2006-12-13 Werner Koch + + * po/LINGUAS: Added sv. + +2006-12-13 Daniel Nylander (wk) + + * po/sv.po: New. + 2006-10-13 Werner Koch Released 0.9.91. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2006-12-13 12:56:57 UTC (rev 166) +++ trunk/src/ChangeLog 2007-04-10 10:28:16 UTC (rev 167) @@ -1,3 +1,8 @@ +2007-04-10 Werner Koch + + * display.cpp (find_message_window): Add arg LEVEL for debugging. + Ignore MsoCommand* Windows. Fixes bug 735. + 2006-10-14 Timo Schulz * recipient-dialog.c (lv_get_item_param): New. Modified: trunk/src/display.cpp =================================================================== --- trunk/src/display.cpp 2006-12-13 12:56:57 UTC (rev 166) +++ trunk/src/display.cpp 2007-04-10 10:28:16 UTC (rev 167) @@ -113,7 +113,7 @@ the text of the window instead of the MAPI object itself. To do this we walk all windows to find a PGP signature. */ static HWND -find_message_window (HWND parent) +find_message_window (HWND parent, int level) { HWND child; @@ -134,9 +134,53 @@ strings, but this does not work for PGP/MIME or already decrypted messages. */ len = GetClassName (child, buf, sizeof buf - 1); +// if (len) +// log_debug (" %*sgot class `%s'", level*2, "", buf); + if (level && len >= 10 && !strncmp (buf, "MsoCommand", 10)) + { + /* We won't find anything below MsoCommand windows. + Ignoring them fixes a bug where we return a RichEdit20W + window which is actually a formatting drop down box or + something similar. Not sure whether the check for level + is required, but it won't harm and might help in case an + MsoCommand* is the top level. + + An example of such a message hierarchy is: + got class `MsoCommandBarDock' + got class `MsoCommandBarDock' + got class `MsoCommandBarDock' + got class `MsoCommandBar' + got class `MsoCommandBar' + got class `RichEdit20W' <--- We don't want that + got class `MsoCommandBar' + got class `MsoCommandBarDock' + got class `AfxWndW' + got class `#32770' + got class `Static' + got class `Static' + got class `RichEdit20WPT' + got class `Static' + got class `RichEdit20WPT' + got class `Static' + got class `RichEdit20WPT' + got class `Static' + got class `RichEdit20WPT' + got class `Static' + got class `RichEdit20WPT' + got class `Static' + got class `Static' + got class `AfxWndA' + got class `Static' + got class `AfxWndW' + got class `Static' + got class `RichEdit20W' <--- We want this one + */ + break; /* Not found at this level. */ + } + if (len && !strcmp (buf, "RichEdit20W")) { - log_debug ("found class RichEdit20W"); + log_debug ("found class `%s'", "RichEdit20W"); return child; } @@ -148,7 +192,7 @@ && (!strncmp (s+15, "MESSAGE-----", 12) || !strncmp (s+15, "SIGNED MESSAGE-----", 19))) return child; - w = find_message_window (child); + w = find_message_window (child, level+1); if (w) return w; child = GetNextWindow (child, GW_HWNDNEXT); @@ -167,7 +211,7 @@ HWND window; /*show_window_hierarchy (hwnd, 0);*/ - window = find_message_window (hwnd); + window = find_message_window (hwnd, 0); if (window && !is_html) { const char *s; From cvs at cvs.gnupg.org Thu Apr 12 02:13:27 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Thu, 12 Apr 2007 02:13:27 +0200 Subject: [svn] gcry - r1228 - trunk/tests Message-ID: Author: marcus Date: 2007-04-12 02:13:27 +0200 (Thu, 12 Apr 2007) New Revision: 1228 Modified: trunk/tests/ChangeLog trunk/tests/ac-schemes.c Log: 2007-04-12 Marcus Brinkmann * ac-schemes.c (scheme_spec): Remove const qualifier from member M. (es_check): Remove const qualifier from C and M2. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-04-09 16:00:03 UTC (rev 1227) +++ trunk/tests/ChangeLog 2007-04-12 00:13:27 UTC (rev 1228) @@ -1,3 +1,8 @@ +2007-04-12 Marcus Brinkmann + + * ac-schemes.c (scheme_spec): Remove const qualifier from member M. + (es_check): Remove const qualifier from C and M2. + 2007-03-28 Werner Koch * benchmark.c (dsa_bench): New args ITERATIONS and PRINT_HEADER. Modified: trunk/tests/ac-schemes.c =================================================================== --- trunk/tests/ac-schemes.c 2007-04-09 16:00:03 UTC (rev 1227) +++ trunk/tests/ac-schemes.c 2007-04-12 00:13:27 UTC (rev 1228) @@ -48,7 +48,7 @@ unsigned int idx; gcry_ac_scheme_t scheme; unsigned int flags; - unsigned char *m; + char *m; size_t m_n; } scheme_spec_t; @@ -115,8 +115,10 @@ gcry_ac_key_t key_public, gcry_ac_key_t key_secret) { gcry_error_t err = GPG_ERR_NO_ERROR; - unsigned char *c = NULL, *m2 = NULL; - size_t c_n = 0, m2_n = 0; + char *c = NULL; + char *m2 = NULL; + size_t c_n = 0; + size_t m2_n = 0; void *opts = NULL; gcry_ac_io_t io_m; gcry_ac_io_t io_c; From cvs at cvs.gnupg.org Fri Apr 13 02:29:03 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 13 Apr 2007 02:29:03 +0200 Subject: [svn] gcry - r1229 - trunk/tests Message-ID: Author: marcus Date: 2007-04-13 02:29:02 +0200 (Fri, 13 Apr 2007) New Revision: 1229 Modified: trunk/tests/ChangeLog trunk/tests/ac-schemes.c Log: 2007-04-12 Marcus Brinkmann * ac-schemes.c (scheme_spec): Revert last change. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-04-12 00:13:27 UTC (rev 1228) +++ trunk/tests/ChangeLog 2007-04-13 00:29:02 UTC (rev 1229) @@ -1,5 +1,7 @@ 2007-04-12 Marcus Brinkmann + * ac-schemes.c (scheme_spec): Revert last change. + * ac-schemes.c (scheme_spec): Remove const qualifier from member M. (es_check): Remove const qualifier from C and M2. Modified: trunk/tests/ac-schemes.c =================================================================== --- trunk/tests/ac-schemes.c 2007-04-12 00:13:27 UTC (rev 1228) +++ trunk/tests/ac-schemes.c 2007-04-13 00:29:02 UTC (rev 1229) @@ -48,7 +48,7 @@ unsigned int idx; gcry_ac_scheme_t scheme; unsigned int flags; - char *m; + const char *m; size_t m_n; } scheme_spec_t; From cvs at cvs.gnupg.org Fri Apr 13 02:33:38 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 13 Apr 2007 02:33:38 +0200 Subject: [svn] gcry - r1230 - trunk/cipher Message-ID: Author: marcus Date: 2007-04-13 02:33:37 +0200 (Fri, 13 Apr 2007) New Revision: 1230 Modified: trunk/cipher/ChangeLog trunk/cipher/ecc.c Log: 2007-04-13 Marcus Brinkmann * ecc.c (ecc_generate): Avoid compiler warning for unused argument DUMMY. (ecc_verify): Avoid compiler warning for unused arguments CMP and OPAQUEV. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-04-13 00:29:02 UTC (rev 1229) +++ trunk/cipher/ChangeLog 2007-04-13 00:33:37 UTC (rev 1230) @@ -1,3 +1,10 @@ +2007-04-13 Marcus Brinkmann + + * ecc.c (ecc_generate): Avoid compiler warning for unused argument + DUMMY. + (ecc_verify): Avoid compiler warning for unused arguments CMP and + OPAQUEV. + 2007-03-28 Werner Koch * ecc.c: Entirely rewritten with only a few traces of the old Modified: trunk/cipher/ecc.c =================================================================== --- trunk/cipher/ecc.c 2007-04-13 00:29:02 UTC (rev 1229) +++ trunk/cipher/ecc.c 2007-04-13 00:33:37 UTC (rev 1230) @@ -791,6 +791,7 @@ gcry_mpi_t g_x, g_y, q_x, q_y; (void)algo; + (void)dummy; /* Make an empty list of factors. */ *retfactors = gcry_calloc ( 1, sizeof **retfactors ); @@ -922,6 +923,8 @@ ECC_public_key pk; (void)algo; + (void)cmp; + (void)opaquev; if (!data[0] || !data[1] || !hash || !pkey[0] || !pkey[1] || !pkey[2] || !pkey[3] || !pkey[4] || !pkey[5] ) From cvs at cvs.gnupg.org Fri Apr 13 02:34:50 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 13 Apr 2007 02:34:50 +0200 Subject: [svn] gcry - r1231 - trunk/cipher Message-ID: Author: marcus Date: 2007-04-13 02:34:49 +0200 (Fri, 13 Apr 2007) New Revision: 1231 Modified: trunk/cipher/ChangeLog trunk/cipher/ac.c Log: 2007-04-13 Marcus Brinkmann * ac.c (ac_data_construct): Cast const away to suppress compiler warning. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-04-13 00:33:37 UTC (rev 1230) +++ trunk/cipher/ChangeLog 2007-04-13 00:34:49 UTC (rev 1231) @@ -1,5 +1,8 @@ 2007-04-13 Marcus Brinkmann + * ac.c (ac_data_construct): Cast const away to suppress compiler + warning. + * ecc.c (ecc_generate): Avoid compiler warning for unused argument DUMMY. (ecc_verify): Avoid compiler warning for unused arguments CMP and Modified: trunk/cipher/ac.c =================================================================== --- trunk/cipher/ac.c 2007-04-13 00:33:37 UTC (rev 1230) +++ trunk/cipher/ac.c 2007-04-13 00:34:49 UTC (rev 1231) @@ -1373,10 +1373,9 @@ /* Fill list with MPIs. */ for (i = 0; i < data_length; i++) { - /* FIXME!! name_provided is a const char* whereas name is char. */ char **nameaddr = (data->data[i].name ? &data->data[i].name - : &data->data[i].name_provided); + : ((char **) &data->data[i].name_provided)); arg_list[(i * 2) + 0] = nameaddr; arg_list[(i * 2) + 1] = &data->data[i].mpi; From cvs at cvs.gnupg.org Fri Apr 13 02:06:56 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Fri, 13 Apr 2007 02:06:56 +0200 Subject: [svn] pinentry - r156 - in trunk: . qt Message-ID: Author: marcus Date: 2007-04-13 02:06:55 +0200 (Fri, 13 Apr 2007) New Revision: 156 Modified: trunk/ChangeLog trunk/THANKS trunk/qt/secqlineedit.cpp trunk/qt/secqlineedit.h Log: 2007-04-13 Marcus Brinkmann * qt/secqlineedit.h (SecQLineEdit::contextMenuEvent, SecQLineEdit::createPopupMenu): Remove prototype. * qt/secqlineedit.cpp (SecQLineEdit::contextMenuEvent, SecQLineEdit::createPopupMenu): Remove implementation. Submitted by Tobias Koenig . Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-02-14 16:24:02 UTC (rev 155) +++ trunk/ChangeLog 2007-04-13 00:06:55 UTC (rev 156) @@ -1,3 +1,11 @@ +2007-04-13 Marcus Brinkmann + + * qt/secqlineedit.h (SecQLineEdit::contextMenuEvent, + SecQLineEdit::createPopupMenu): Remove prototype. + * qt/secqlineedit.cpp (SecQLineEdit::contextMenuEvent, + SecQLineEdit::createPopupMenu): Remove implementation. + Submitted by Tobias Koenig . + 2007-02-14 Werner Koch * pinentry/pinentry.h (struct pinentry): Add TOUCH_FILE. Modified: trunk/THANKS =================================================================== --- trunk/THANKS 2007-02-14 16:24:02 UTC (rev 155) +++ trunk/THANKS 2007-04-13 00:06:55 UTC (rev 156) @@ -2,3 +2,4 @@ Alexander Zangerl az at snafu.priv.at Michael Nottebrock michaelnottebrock at gmx.net Peter Eisentraut peter_e at gmx.net +Tobias Koenig tokoe at kde.org Modified: trunk/qt/secqlineedit.cpp =================================================================== --- trunk/qt/secqlineedit.cpp 2007-02-14 16:24:02 UTC (rev 155) +++ trunk/qt/secqlineedit.cpp 2007-04-13 00:06:55 UTC (rev 156) @@ -1675,90 +1675,6 @@ enum { IdUndo, IdRedo, IdSep1, IdCut, IdCopy, IdPaste, IdClear, IdSep2, IdSelectAll }; -/*!\reimp -*/ -void SecQLineEdit::contextMenuEvent( QContextMenuEvent * e ) -{ -#ifndef QT_NO_POPUPMENU - d->separate(); - - QGuardedPtr popup = createPopupMenu(); - QGuardedPtr that = this; - QPoint pos = e->reason() == QContextMenuEvent::Mouse ? e->globalPos() : - mapToGlobal( QPoint(e->pos().x(), 0) ) + QPoint( width() / 2, height() / 2 ); - int r = popup->exec( pos ); - delete (QPopupMenu*)popup; - if ( that && d->menuId ) { - switch ( d->menuId - r ) { - case IdClear: clear(); break; - case IdSelectAll: selectAll(); break; -#ifndef SECURE_NO_UNDO - case IdUndo: undo(); break; - case IdRedo: redo(); break; -#endif -#ifndef QT_NO_CLIPBOARD - case IdCut: cut(); break; - case IdCopy: copy(); break; - case IdPaste: paste(); break; -#endif - default: - ; // nothing selected or lineedit destroyed. Be careful. - } - } -#endif //QT_NO_POPUPMENU -} - -/*! - This function is called to create the popup menu which is shown - when the user clicks on the line edit with the right mouse button. - If you want to create a custom popup menu, reimplement this - function and return the popup menu you create. The popup menu's - ownership is transferred to the caller. -*/ - -QPopupMenu *SecQLineEdit::createPopupMenu() -{ -#ifndef QT_NO_POPUPMENU - QPopupMenu *popup = new QPopupMenu( this, "qt_edit_menu" ); - int id = d->menuId = popup->insertItem( QString( "&Undo" ) + ACCEL_KEY( Z ) ); - popup->insertItem( QString ("&Redo") + ACCEL_KEY( Y ) ); - popup->insertSeparator(); - popup->insertItem( QString ("Cu&t") + ACCEL_KEY( X ) ); - popup->insertItem( QString ("&Copy") + ACCEL_KEY( C ) ); - popup->insertItem( QString ("&Paste") + ACCEL_KEY( V ) ); - popup->insertItem( QString ("Clear") ); - popup->insertSeparator(); - popup->insertItem( QString ("Select All") -#ifndef Q_WS_X11 - + ACCEL_KEY( A ) -#endif - ); -#ifndef SECURE_NO_UNDO - popup->setItemEnabled( id - IdUndo, d->isUndoAvailable() ); - popup->setItemEnabled( id - IdRedo, d->isRedoAvailable() ); -#else - popup->setItemVisible( id - IdUndo, FALSE ); - popup->setItemVisible( id - IdRedo, FALSE ); -#endif /* SECURE_NO_UNDO */ - -#ifndef QT_NO_CLIPBOARD - popup->setItemEnabled( id - IdCut, !d->readOnly && d->hasSelectedText() ); - popup->setItemEnabled( id - IdCopy, d->hasSelectedText() ); - popup->setItemEnabled( id - IdPaste, !d->readOnly && !QApplication::clipboard()->text().isEmpty() ); -#else - popup->setItemVisible( id - IdCut, FALSE ); - popup->setItemVisible( id - IdCopy, FALSE ); - popup->setItemVisible( id - IdPaste, FALSE ); -#endif - popup->setItemEnabled( id - IdClear, !d->readOnly && !d->text.isEmpty() ); - popup->setItemEnabled( id - IdSelectAll, !d->text.isEmpty() && !d->allSelected() ); - return popup; -#else - return 0; -#endif -} - - /*! \reimp */ void SecQLineEdit::windowActivationChange( bool b ) { Modified: trunk/qt/secqlineedit.h =================================================================== --- trunk/qt/secqlineedit.h 2007-02-14 16:24:02 UTC (rev 155) +++ trunk/qt/secqlineedit.h 2007-04-13 00:06:55 UTC (rev 156) @@ -202,8 +202,6 @@ void focusOutEvent( QFocusEvent * ); void resizeEvent( QResizeEvent * ); void drawContents( QPainter * ); - void contextMenuEvent( QContextMenuEvent * ); - virtual QPopupMenu *createPopupMenu(); void windowActivationChange( bool ); #ifndef QT_NO_COMPAT void repaintArea( int, int ) { update(); } From cvs at cvs.gnupg.org Fri Apr 13 13:45:08 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 13 Apr 2007 13:45:08 +0200 Subject: [svn] GnuPG - r4473 - in trunk: . doc doc/examples g10 scripts sm tools Message-ID: Author: wk Date: 2007-04-13 13:45:05 +0200 (Fri, 13 Apr 2007) New Revision: 4473 Added: trunk/scripts/mail-to-translators Modified: trunk/README.maint trunk/TODO trunk/doc/ChangeLog trunk/doc/Makefile.am trunk/doc/examples/README trunk/doc/examples/gpgconf.conf trunk/doc/gpg.texi trunk/g10/ChangeLog trunk/g10/call-agent.c trunk/scripts/ChangeLog trunk/sm/ChangeLog trunk/sm/call-agent.c trunk/tools/ChangeLog trunk/tools/gpgconf-comp.c Log: g10/ and sm/ * call-agent.c (start_agent): Don't use log_error when using the fallback hack to start the agent. This is bug 782. scripts/ * mail-to-translators: Copied from 1.4. and adjusted. tools/ * gpgconf-comp.c: Allow changing of --allow-mark-trusted. * gpg-connect-agent.c (main): New option --decode and commands decode and undecode. (read_and_print_response): Implement option. Modified: trunk/README.maint =================================================================== --- trunk/README.maint 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/README.maint 2007-04-13 11:45:05 UTC (rev 4473) @@ -3,7 +3,18 @@ Here are some notes on how to maintain GnuPG. +Release Planning: +================= +If you are planning a new release and strings have changed you should +send a notification to all tyranslators, so that they have time to +update their translations. scripts/mail-to-translators is useful for +this. It might need some tweaking and it needs to be armored for +actual sending. Running it as is to see what will happen is a good +idea, though. + + + Release process: ================ Modified: trunk/TODO =================================================================== --- trunk/TODO 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/TODO 2007-04-13 11:45:05 UTC (rev 4473) @@ -1,6 +1,6 @@ -*- outline -*- -* src/base64 +* src/base64 ** Make parsing more robust Currently we don't cope with overlong lines in the best way. ** Check that we really release the ksba reader/writer objects. @@ -129,4 +129,7 @@ scdaemon stays as a zombie and gpg-agent does not perform any more commands. +* configure check +** Update autoconf and use AC_PROG_CC_C89 + to make sure that a compiant compiler is used Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/doc/ChangeLog 2007-04-13 11:45:05 UTC (rev 4473) @@ -1,3 +1,8 @@ +2007-04-10 Werner Koch + + * gpg.texi (GPG Configuration Options): Document --batch, no-tty, + --yes and --no. + 2007-03-08 Werner Koch * gnupg-logo.png, gnupg-logo.eps, gnupg-logo.pdf: New. Modified: trunk/doc/Makefile.am =================================================================== --- trunk/doc/Makefile.am 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/doc/Makefile.am 2007-04-13 11:45:05 UTC (rev 4473) @@ -23,7 +23,7 @@ examples/gpgconf.conf EXTRA_DIST = DETAILS HACKING TRANSLATE OpenPGP KEYSERVER samplekeys.asc \ - gnupg-logo.eps gnupg-logo.jpg gnupg-logo.pdf \ + gnupg-logo.eps gnupg-logo.pdf \ gnupg-card-architecture.eps gnupg-card-architecture.png \ gnupg-card-architecture.pdf \ faq.raw FAQ faq.html gnupg7.texi \ Modified: trunk/doc/examples/README =================================================================== --- trunk/doc/examples/README 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/doc/examples/README 2007-04-13 11:45:05 UTC (rev 4473) @@ -6,4 +6,4 @@ trustlist.txt A list of trustworthy root certificates (Please check yourself whether you actually trust them) - +gpgconf.conf A sample configuration file for gpgconf. Modified: trunk/doc/examples/gpgconf.conf =================================================================== --- trunk/doc/examples/gpgconf.conf 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/doc/examples/gpgconf.conf 2007-04-13 11:45:05 UTC (rev 4473) @@ -52,8 +52,7 @@ #------------------------------------------------------------------- -# Allow all users to change the allow-mark-trusted option. -# (This was the default prior to gnupg 2.0.3) -* gpg-agent allow-mark-trusted [change] +# Deny all users to change the allow-mark-trusted option. +* gpg-agent allow-mark-trusted [no-change] Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/doc/gpg.texi 2007-04-13 11:45:05 UTC (rev 4473) @@ -908,6 +908,28 @@ @opindex quiet Try to be as quiet as possible. + at item --batch + at itemx --no-batch + at opindex batch + at opindex no-batch +Use batch mode. Never ask, do not allow interactive commands. + at option{--no-batch} disables this option. + + at item --no-tty + at opindex no-tty +Make sure that the TTY (terminal) is never used for any output. +This option is needed in some cases because GnuPG sometimes prints +warnings to the TTY even if @option{--batch} is used. + + at item --yes + at opindex yes +Assume "yes" on most questions. + + at item --no + at opindex no +Assume "no" on most questions. + + @item --list-options @code{parameters} @opindex list-options This is a space or comma delimited string that gives options used when Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/g10/ChangeLog 2007-04-13 11:45:05 UTC (rev 4473) @@ -1,3 +1,8 @@ +2007-04-13 Werner Koch + + * call-agent.c (start_agent): Don't use log_error when using the + fallback hack to start the agent. This is bug 782. + 2007-04-05 David Shaw From STABLE-BRANCH-1-4 Modified: trunk/g10/call-agent.c =================================================================== --- trunk/g10/call-agent.c 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/g10/call-agent.c 2007-04-13 11:45:05 UTC (rev 4473) @@ -157,7 +157,7 @@ xfree (infostr); if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED) { - log_error (_("can't connect to the agent - trying fall back\n")); + log_info (_("can't connect to the agent - trying fall back\n")); force_pipe_server = 1; return start_agent (); } Modified: trunk/scripts/ChangeLog =================================================================== --- trunk/scripts/ChangeLog 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/scripts/ChangeLog 2007-04-13 11:45:05 UTC (rev 4473) @@ -1,3 +1,7 @@ +2007-04-04 Werner Koch + + * mail-to-translators: Copied from 1.4. and adjusted. + 2004-09-30 Werner Koch * config.guess, config.sub: Updated. Copied: trunk/scripts/mail-to-translators (from rev 4441, branches/STABLE-BRANCH-1-4/scripts/mail-to-translators) =================================================================== --- branches/STABLE-BRANCH-1-4/scripts/mail-to-translators 2007-03-05 10:22:56 UTC (rev 4441) +++ trunk/scripts/mail-to-translators 2007-04-13 11:45:05 UTC (rev 4473) @@ -0,0 +1,79 @@ +#!/bin/sh +# mail a compressed version of the current translation to the Last-Translator +# + +# remove the colon to armor this script. +SENDMAIL=": /usr/sbin/sendmail" + +for file in *.po; do + addr=$(head -100 $file | awk '/^# ?Designated-Translator:/ { printf "%s", $0; exit 0}' | sed 's/.*$<.*>$.*/\1/') + if [ -z "$addr" ]; then + addr=$(awk '/Last-Translator:/ { printf "%s", $0; exit 0}' $file | sed 's/.*$<.*>$.*/\1/') + fi + ll=$(basename $file .po) + + if ! msgfmt -vc $file 2>&1| egrep -q 'fuzzy|untranslated|error'; then + echo "$file: okay" >&2 + continue; + fi + + if ! echo "$addr" | grep -q @ ; then + echo "$file: no translator known" >&2 + continue; + fi + + echo "$file: sending to $addr" + ( cat <&1 | head) + +If you are not able to continue the translation work, I suggest to +pass this message on to another translator and drop a a short note to +gnupg-hackers at gnupg.org . + + +Thanks, + + Werner + + +--=-=-= +Content-Type: application/octet-stream +Content-Disposition: attachment; filename=gnupg-${file}.bz2 +Content-Transfer-Encoding: base64 + +EOF + +bzip2 <$file | mimencode + +echo "" +echo "--=-=-=--" +echo "" + ) | $SENDMAIL -oi "$addr" + +done + Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/sm/ChangeLog 2007-04-13 11:45:05 UTC (rev 4473) @@ -1,3 +1,8 @@ +2007-04-13 Werner Koch + + * call-agent.c (start_agent): Don't use log_error when using the + fallback hack to start the agent. This is bug 782. + 2007-03-20 Werner Koch * fingerprint.c (gpgsm_get_fingerprint): Add caching. Modified: trunk/sm/call-agent.c =================================================================== --- trunk/sm/call-agent.c 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/sm/call-agent.c 2007-04-13 11:45:05 UTC (rev 4473) @@ -164,7 +164,7 @@ xfree (infostr); if (gpg_err_code (rc) == GPG_ERR_ASS_CONNECT_FAILED) { - log_error (_("can't connect to the agent - trying fall back\n")); + log_info (_("can't connect to the agent - trying fall back\n")); force_pipe_server = 1; return start_agent (ctrl); } Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/tools/ChangeLog 2007-04-13 11:45:05 UTC (rev 4473) @@ -1,5 +1,7 @@ 2007-04-03 Werner Koch + * gpgconf-comp.c: Allow changing of --allow-mark-trusted. + * gpg-connect-agent.c (main): New option --decode and commands decode and undecode. (read_and_print_response): Implement option. Modified: trunk/tools/gpgconf-comp.c =================================================================== --- trunk/tools/gpgconf-comp.c 2007-04-06 03:46:03 UTC (rev 4472) +++ trunk/tools/gpgconf-comp.c 2007-04-13 11:45:05 UTC (rev 4473) @@ -498,7 +498,7 @@ { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, - { "allow-mark-trusted", GC_OPT_FLAG_RUNTIME | GC_OPT_FLAG_NO_CHANGE, + { "allow-mark-trusted", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED, "gnupg", "allow clients to mark keys as \"trusted\"", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "min-passphrase-len", GC_OPT_FLAG_RUNTIME, From cvs at cvs.gnupg.org Sun Apr 15 07:01:23 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Sun, 15 Apr 2007 07:01:23 +0200 Subject: [svn] GnuPG - r4474 - trunk/doc Message-ID: Author: dshaw Date: 2007-04-15 07:01:22 +0200 (Sun, 15 Apr 2007) New Revision: 4474 Modified: trunk/doc/ChangeLog trunk/doc/gpg.texi Log: * gpg.texi (OpenPGP Options): Update the personal-foo-preferences documentation a bit. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-04-13 11:45:05 UTC (rev 4473) +++ trunk/doc/ChangeLog 2007-04-15 05:01:22 UTC (rev 4474) @@ -1,3 +1,8 @@ +2007-04-15 David Shaw + + * gpg.texi (OpenPGP Options): Update the personal-foo-preferences + documentation a bit. + 2007-04-10 Werner Koch * gpg.texi (GPG Configuration Options): Document --batch, no-tty, Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2007-04-13 11:45:05 UTC (rev 4473) +++ trunk/doc/gpg.texi 2007-04-15 05:01:22 UTC (rev 4474) @@ -1,5 +1,5 @@ - at c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 - at c 2006 Free Software Foundation, Inc. + at c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + at c 2007 Free Software Foundation, Inc. @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. @@ -1866,32 +1866,32 @@ message modification attack. @item --personal-cipher-preferences @code{string} -Set the list of personal cipher preferences to @code{string}, this list -should be a string similar to the one printed by the command "pref" in -the edit menu. This allows the user to factor in their own preferred -algorithms when algorithms are chosen via recipient key preferences. -The most highly ranked cipher in this list is also used for the - at option{--symmetric} encryption command. +Set the list of personal cipher preferences to @code{string}. Use + at command{@gpgname --version} to get a list of available algorithms, +and use @code{none} to set no preference at all. This allows the user +to factor in their own preferred algorithms when algorithms are chosen +via recipient key preferences. The most highly ranked cipher in this +list is also used for the @option{--symmetric} encryption command. @item --personal-digest-preferences @code{string} -Set the list of personal digest preferences to @code{string}, this list -should be a string similar to the one printed by the command "pref" in -the edit menu. This allows the user to factor in their own preferred -algorithms when algorithms are chosen via recipient key preferences. -The most highly ranked digest algorithm in this list is algo used when -signing without encryption (e.g. @option{--clearsign} or - at option{--sign}). The default value is SHA-1. +Set the list of personal digest preferences to @code{string}. Use + at command{@gpgname --version} to get a list of available algorithms, +and use @code{none} to set no preference at all. This allows the user +to factor in their own preferred algorithms when algorithms are chosen +via recipient key preferences. The most highly ranked digest +algorithm in this list is algo used when signing without encryption +(e.g. @option{--clearsign} or @option{--sign}). The default value is +SHA-1. @item --personal-compress-preferences @code{string} -Set the list of personal compression preferences to @code{string}, this -list should be a string similar to the one printed by the command -"pref" in the edit menu. This allows the user to factor in their own -preferred algorithms when algorithms are chosen via recipient key -preferences. The most highly ranked algorithm in this list is also -used when there are no recipient keys to consider (e.g. @option{--symmetric}). +Set the list of personal compression preferences to @code{string}. +Use @command{@gpgname --version} to get a list of available +algorithms, and use @code{none} to set no preference at all. This +allows the user to factor in their own preferred algorithms when +algorithms are chosen via recipient key preferences. The most highly +ranked compression algorithm in this list is algo used when there are +no recipient keys to consider (e.g. @option{--symmetric}). - - @item --s2k-cipher-algo @code{name} Use @code{name} as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for From cvs at cvs.gnupg.org Sun Apr 15 16:30:11 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Sun, 15 Apr 2007 16:30:11 +0200 Subject: [svn] GnuPG - r4475 - branches/STABLE-BRANCH-1-4 Message-ID: Author: dshaw Date: 2007-04-15 16:30:11 +0200 (Sun, 15 Apr 2007) New Revision: 4475 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/configure.ac Log: * configure.ac: QNX puts resolver functions in libsocket. From Sean Boudreau. Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-15 05:01:22 UTC (rev 4474) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-15 14:30:11 UTC (rev 4475) @@ -1,3 +1,8 @@ +2007-04-15 David Shaw + + * configure.ac: QNX puts resolver functions in libsocket. From + Sean Boudreau. + 2007-03-05 Werner Koch Released 1.4.7. Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2007-04-15 05:01:22 UTC (rev 4474) +++ branches/STABLE-BRANCH-1-4/configure.ac 2007-04-15 14:30:11 UTC (rev 4475) @@ -660,12 +660,12 @@ _dns_save_libs=$LIBS LIBS="" # the double underscore thing is a glibc-ism? - AC_SEARCH_LIBS(res_query,resolv bind,, - AC_SEARCH_LIBS(__res_query,resolv bind,,have_resolver=no)) - AC_SEARCH_LIBS(dn_expand,resolv bind,, - AC_SEARCH_LIBS(__dn_expand,resolv bind,,have_resolver=no)) - AC_SEARCH_LIBS(dn_skipname,resolv bind,, - AC_SEARCH_LIBS(__dn_skipname,resolv bind,,have_resolver=no)) + AC_SEARCH_LIBS(res_query,resolv bind socket,, + AC_SEARCH_LIBS(__res_query,resolv bind socket,,have_resolver=no)) + AC_SEARCH_LIBS(dn_expand,resolv bind socket,, + AC_SEARCH_LIBS(__dn_expand,resolv bind socket,,have_resolver=no)) + AC_SEARCH_LIBS(dn_skipname,resolv bind socket,, + AC_SEARCH_LIBS(__dn_skipname,resolv bind socket,,have_resolver=no)) if test x"$have_resolver" != xno ; then From cvs at cvs.gnupg.org Sun Apr 15 18:37:02 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Sun, 15 Apr 2007 18:37:02 +0200 Subject: [svn] GnuPG - r4476 - branches/STABLE-BRANCH-1-4/util Message-ID: Author: dshaw Date: 2007-04-15 18:37:01 +0200 (Sun, 15 Apr 2007) New Revision: 4476 Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog branches/STABLE-BRANCH-1-4/util/argparse.c branches/STABLE-BRANCH-1-4/util/cert.c branches/STABLE-BRANCH-1-4/util/pka.c branches/STABLE-BRANCH-1-4/util/srv.c Log: * argparse.c (default_strusage): Copyright 2007. * cert.c, srv.c, pka.c: Need arpa/inet.h for ntohs(). Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-15 14:30:11 UTC (rev 4475) +++ branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-15 16:37:01 UTC (rev 4476) @@ -1,3 +1,9 @@ +2007-04-15 David Shaw + + * argparse.c (default_strusage): Copyright 2007. + + * cert.c, srv.c, pka.c: Need arpa/inet.h for ntohs(). + 2007-02-26 Werner Koch * simple-gettext.c (set_gettext_file): Make use of the envvar Modified: branches/STABLE-BRANCH-1-4/util/argparse.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/argparse.c 2007-04-15 14:30:11 UTC (rev 4475) +++ branches/STABLE-BRANCH-1-4/util/argparse.c 2007-04-15 16:37:01 UTC (rev 4476) @@ -1,6 +1,6 @@ /* [argparse.c wk 17.06.97] Argument Parser for option handling - * Copyright (C) 1998, 1999, 2000, 2001, 2003, - * 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -914,7 +914,7 @@ switch( level ) { case 11: p = "foo"; break; case 13: p = "0.0"; break; - case 14: p = "Copyright (C) 2006 Free Software Foundation, Inc."; break; + case 14: p = "Copyright (C) 2007 Free Software Foundation, Inc."; break; case 15: p = "This program comes with ABSOLUTELY NO WARRANTY.\n" "This is free software, and you are welcome to redistribute it\n" Modified: branches/STABLE-BRANCH-1-4/util/cert.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/cert.c 2007-04-15 14:30:11 UTC (rev 4475) +++ branches/STABLE-BRANCH-1-4/util/cert.c 2007-04-15 16:37:01 UTC (rev 4476) @@ -1,5 +1,5 @@ /* cert.c - DNS CERT code - * Copyright (C) 2005, 2006 Free Software Foundation, Inc. + * Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc. * * This file is part of GNUPG. * @@ -27,6 +27,7 @@ #else #include #include +#include #include #endif #include Modified: branches/STABLE-BRANCH-1-4/util/pka.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/pka.c 2007-04-15 14:30:11 UTC (rev 4475) +++ branches/STABLE-BRANCH-1-4/util/pka.c 2007-04-15 16:37:01 UTC (rev 4476) @@ -1,5 +1,5 @@ /* pka.c - DNS Public Key Association RR access - * Copyright (C) 2005 Free Software Foundation, Inc. + * Copyright (C) 2005, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -32,6 +32,7 @@ #else #include #include +#include #include #endif #endif /* USE_DNS_PKA */ Modified: branches/STABLE-BRANCH-1-4/util/srv.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/srv.c 2007-04-15 14:30:11 UTC (rev 4475) +++ branches/STABLE-BRANCH-1-4/util/srv.c 2007-04-15 16:37:01 UTC (rev 4476) @@ -1,5 +1,5 @@ /* srv.c - DNS SRV code - * Copyright (C) 2003 Free Software Foundation, Inc. + * Copyright (C) 2003, 2005, 2006, 2007 Free Software Foundation, Inc. * * This file is part of GNUPG. * @@ -26,6 +26,7 @@ #else #include #include +#include #include #endif #include From cvs at cvs.gnupg.org Mon Apr 16 15:37:10 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Mon, 16 Apr 2007 15:37:10 +0200 Subject: [svn] GnuPG - r4477 - in branches/STABLE-BRANCH-1-4: . util Message-ID: Author: dshaw Date: 2007-04-16 15:37:09 +0200 (Mon, 16 Apr 2007) New Revision: 4477 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/acinclude.m4 branches/STABLE-BRANCH-1-4/configure.ac branches/STABLE-BRANCH-1-4/util/ChangeLog branches/STABLE-BRANCH-1-4/util/secmem.c Log: Use sysconf() when possible as not all platforms have getpagesize(). Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-15 16:37:01 UTC (rev 4476) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-16 13:37:09 UTC (rev 4477) @@ -1,3 +1,10 @@ +2007-04-16 David Shaw + + * acinclude.m4: Use sysconf() if available to avoid a false + positive on HAVE_BROKEN_MLOCK when checking for page size. + + * configure.ac: Check for sysconf. + 2007-04-15 David Shaw * configure.ac: QNX puts resolver functions in libsocket. From Modified: branches/STABLE-BRANCH-1-4/acinclude.m4 =================================================================== --- branches/STABLE-BRANCH-1-4/acinclude.m4 2007-04-15 16:37:01 UTC (rev 4476) +++ branches/STABLE-BRANCH-1-4/acinclude.m4 2007-04-16 13:37:09 UTC (rev 4477) @@ -420,8 +420,17 @@ { char *pool; int err; - long int pgsize = getpagesize(); + long int pgsize; + #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) + pgsize = sysconf(_SC_PAGESIZE); + #elif defined(HAVE_GETPAGESIZE) + pgsize = getpagesize(); + #endif + + if(pgsize==-1) + pgsize = 4096; + pool = malloc( 4096 + pgsize ); if( !pool ) return 2; Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2007-04-15 16:37:01 UTC (rev 4476) +++ branches/STABLE-BRANCH-1-4/configure.ac 2007-04-16 13:37:09 UTC (rev 4477) @@ -953,7 +953,7 @@ AC_FUNC_FSEEKO AC_FUNC_VPRINTF AC_FUNC_FORK -AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr strtoul mmap) +AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr strtoul mmap sysconf) AC_CHECK_FUNCS(strcasecmp strncasecmp ctermid times unsetenv getpwnam getpwuid) AC_CHECK_FUNCS(memmove gettimeofday getrusage setrlimit clock_gettime) AC_CHECK_FUNCS(atexit raise getpagesize strftime nl_langinfo setlocale) Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-15 16:37:01 UTC (rev 4476) +++ branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-16 13:37:09 UTC (rev 4477) @@ -1,3 +1,8 @@ +2007-04-16 David Shaw + + * secmem.c (init_pool): Use sysconf() if available to determine + page size. + 2007-04-15 David Shaw * argparse.c (default_strusage): Copyright 2007. Modified: branches/STABLE-BRANCH-1-4/util/secmem.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/secmem.c 2007-04-15 16:37:01 UTC (rev 4476) +++ branches/STABLE-BRANCH-1-4/util/secmem.c 2007-04-16 13:37:09 UTC (rev 4477) @@ -1,5 +1,6 @@ /* secmem.c - memory allocation from a secure heap - * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -218,19 +219,22 @@ static void init_pool( size_t n) { - size_t pgsize; + size_t pgsize=-1; poolsize = n; if( disable_secmem ) log_bug("secure memory is disabled"); -#ifdef HAVE_GETPAGESIZE +#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) + pgsize = sysconf(_SC_PAGESIZE); +#elif defined(HAVE_GETPAGESIZE) pgsize = getpagesize(); -#else - pgsize = 4096; #endif + if(pgsize==-1) + pgsize = 4096; + #ifdef HAVE_MMAP poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1); #ifdef MAP_ANONYMOUS From cvs at cvs.gnupg.org Mon Apr 16 17:09:32 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 16 Apr 2007 17:09:32 +0200 Subject: [svn] gcry - r1232 - in trunk: . cipher mpi src tests Message-ID: Author: wk Date: 2007-04-16 17:09:30 +0200 (Mon, 16 Apr 2007) New Revision: 1232 Modified: trunk/ChangeLog trunk/acinclude.m4 trunk/cipher/ChangeLog trunk/cipher/ecc.c trunk/cipher/pubkey.c trunk/cipher/sha1.c trunk/configure.ac trunk/mpi/ec.c trunk/src/ChangeLog trunk/src/cipher.h trunk/src/secmem.c trunk/tests/ChangeLog trunk/tests/Makefile.am trunk/tests/benchmark.c trunk/tests/pkbench.c Log: ./ * configure.ac: Check for sysconf. * acinclude.m4 (GNUPG_CHECK_MLOCK): Try to use sysconf to get the page size and use getpagesize only then if available. cipher/ * ecc.c (_gcry_ecc_generate): Renamed DUMMY to CURVE and use it. src/ * secmem.c (init_pool): Use sysconf() if available to determine page size. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/ChangeLog 2007-04-16 15:09:30 UTC (rev 1232) @@ -1,3 +1,9 @@ +2007-04-16 Werner Koch + + * configure.ac: Cehck for sysconf. + * acinclude.m4 (GNUPG_CHECK_MLOCK): Try to use sysconf to get the + page size and use getpagesize only then if available. + 2007-03-22 Werner Koch * configure.ac: Add support for ECC. Modified: trunk/acinclude.m4 =================================================================== --- trunk/acinclude.m4 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/acinclude.m4 2007-04-16 15:09:30 UTC (rev 1232) @@ -152,18 +152,18 @@ #include #endif ], [ - int i; - - /* glibc defines this for functions which it implements - * to always fail with ENOSYS. Some functions are actually - * named something starting with __ and the normal name - * is an alias. */ - #if defined (__stub_mlock) || defined (__stub___mlock) - choke me - #else - mlock(&i, 4); - #endif - ; return 0; +int i; + +/* glibc defines this for functions which it implements + * to always fail with ENOSYS. Some functions are actually + * named something starting with __ and the normal name + * is an alias. */ +#if defined (__stub_mlock) || defined (__stub___mlock) +choke me +#else +mlock(&i, 4); +#endif +; return 0; ], gnupg_cv_mlock_is_in_sys_mman=yes, gnupg_cv_mlock_is_in_sys_mman=no)]) @@ -174,34 +174,46 @@ fi fi if test "$ac_cv_func_mlock" = "yes"; then + AC_CHECK_FUNCS(sysconf getpagesize) AC_MSG_CHECKING(whether mlock is broken) AC_CACHE_VAL(gnupg_cv_have_broken_mlock, AC_TRY_RUN([ - #include - #include - #include - #include - #include - #include +#include +#include +#include +#include +#include +#include - int main() - { - char *pool; - int err; - long int pgsize = getpagesize(); +int main() +{ + char *pool; + int err; + long int pgsize; - pool = malloc( 4096 + pgsize ); - if( !pool ) - return 2; - pool += (pgsize - ((long int)pool % pgsize)); +#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) + pgsize = sysconf (_SC_PAGESIZE); +#elif defined (HAVE_GETPAGESIZE) + pgsize = getpagesize(); +#else + pgsize = -1; +#endif - err = mlock( pool, 4096 ); - if( !err || errno == EPERM ) - return 0; /* okay */ + if (pgsize == -1) + pgsize = 4096; - return 1; /* hmmm */ - } + pool = malloc( 4096 + pgsize ); + if( !pool ) + return 2; + pool += (pgsize - ((long int)pool % pgsize)); + err = mlock( pool, 4096 ); + if( !err || errno == EPERM ) + return 0; /* okay */ + + return 1; /* hmmm */ +} + ], gnupg_cv_have_broken_mlock="no", gnupg_cv_have_broken_mlock="yes", @@ -317,10 +329,10 @@ for arg2 in "struct sockaddr" void; do for t in int size_t unsigned long "unsigned long"; do AC_TRY_COMPILE([ - #include - #include +#include +#include - int getpeername (int, $arg2 *, $t *); +int getpeername (int, $arg2 *, $t *); ],[ $t len; getpeername(0,0,&len); Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/cipher/ChangeLog 2007-04-16 15:09:30 UTC (rev 1232) @@ -1,3 +1,7 @@ +2007-04-16 Werner Koch + + * ecc.c (_gcry_ecc_generate): Renamed DUMMY to CURVE and use it. + 2007-04-13 Marcus Brinkmann * ac.c (ac_data_construct): Cast const away to suppress compiler @@ -8,10 +12,21 @@ (ecc_verify): Avoid compiler warning for unused arguments CMP and OPAQUEV. +2007-04-06 Werner Koch + + * sha1.c (oid_spec_sha1): Add another oid from X9.62. + 2007-03-28 Werner Koch + * pubkey.c (gcry_pk_genkey): Do not issue misc-key-info if it is + empty. + (gcry_pk_genkey): New parameter "curve". + * ecc.c: Entirely rewritten with only a few traces of the old code left. + (_gcry_ecc_generate): New. + (generate_key) New arg NAME. + (generate_curve): Ditto. Return actual number of NBITS. 2007-03-26 Werner Koch Modified: trunk/cipher/ecc.c =================================================================== --- trunk/cipher/ecc.c 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/cipher/ecc.c 2007-04-16 15:09:30 UTC (rev 1232) @@ -86,6 +86,32 @@ } ECC_secret_key; +/* This tables defines aliases for curve names. */ +static const struct +{ + const char *name; /* Our name. */ + const char *other; /* Other name. */ +} curve_aliases[] = + { + { "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */ + { "NIST P-192", "prime192v1" }, /* X9.62 name. */ + { "NIST P-192", "secp192r1" }, /* SECP name. */ + + { "NIST P-224", "secp224r1" }, + + { "NIST P-256", "1.2.840.10045.3.1.7" }, + { "NIST P-256", "prime256v1" }, + { "NIST P-256", "secp256r1" }, + + { "NIST P-384", "secp384r1" }, + + { "NIST P-521", "secp521r1" }, + + { NULL, NULL} + }; + + + /* This static table defines all available curves. */ static const struct { @@ -97,6 +123,16 @@ const char *g_x, *g_y; /* Base point. */ } domain_parms[] = { + { "secp160r1", 160, + "0x", + "0x", + "0x", + "0x", + + "0x", + "0x" + }, + { "NIST P-192", 192, "0xfffffffffffffffffffffffffffffffeffffffffffffffff", @@ -324,16 +360,27 @@ * The subgroup generator point is in another function: gen_big_point. */ static gpg_err_code_t -generate_curve (unsigned int nbits, elliptic_curve_t *curve) +generate_curve (unsigned int nbits, const char *name, + elliptic_curve_t *curve, unsigned int *r_nbits) { int idx; - for (idx = 0; domain_parms[idx].desc; idx++) - if (nbits == domain_parms[idx].nbits) - break; + if (name) + { + for (idx = 0; domain_parms[idx].desc; idx++) + if (!strcmp (name, domain_parms[idx].desc)) + break; + } + else + { + for (idx = 0; domain_parms[idx].desc; idx++) + if (nbits == domain_parms[idx].nbits) + break; + } if (!domain_parms[idx].desc) return GPG_ERR_INV_VALUE; + *r_nbits = domain_parms[idx].nbits; curve->p = scanval (domain_parms[idx].p); curve->a = scanval (domain_parms[idx].a); curve->b = scanval (domain_parms[idx].b); @@ -351,7 +398,7 @@ * secret value, and calculate the public point. */ static gpg_err_code_t -generate_key (ECC_secret_key *sk, unsigned int nbits, +generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name, gcry_mpi_t g_x, gcry_mpi_t g_y, gcry_mpi_t q_x, gcry_mpi_t q_y) { @@ -361,7 +408,7 @@ mpi_point_t Q, G; mpi_ec_t ctx; - err = generate_curve (nbits, &E); + err = generate_curve (nbits, name, &E, &nbits); if (err) return err; @@ -629,16 +676,28 @@ /* h = s^(-1) (mod n) */ mpi_invm (h, s, pkey->E.n); +/* log_mpidump (" h", h); */ /* h1 = hash * s^(-1) (mod n) */ mpi_mulm (h1, input, h, pkey->E.n); +/* log_mpidump (" h1", h1); */ /* Q1 = [ hash * s^(-1) ]G */ _gcry_mpi_ec_mul_point (&Q1, h1, &pkey->E.G, ctx); +/* log_mpidump ("Q1.x", Q1.x); */ +/* log_mpidump ("Q1.y", Q1.y); */ +/* log_mpidump ("Q1.z", Q1.z); */ /* h2 = r * s^(-1) (mod n) */ mpi_mulm (h2, r, h, pkey->E.n); +/* log_mpidump (" h2", h2); */ /* Q2 = [ r * s^(-1) ]Q */ _gcry_mpi_ec_mul_point (&Q2, h2, &pkey->Q, ctx); +/* log_mpidump ("Q2.x", Q2.x); */ +/* log_mpidump ("Q2.y", Q2.y); */ +/* log_mpidump ("Q2.z", Q2.z); */ /* Q = ([hash * s^(-1)]G) + ([r * s^(-1)]Q) */ _gcry_mpi_ec_add_points (&Q, &Q1, &Q2, ctx); +/* log_mpidump (" Q.x", Q.x); */ +/* log_mpidump (" Q.y", Q.y); */ +/* log_mpidump (" Q.z", Q.z); */ if (!mpi_cmp_ui (Q.z, 0)) { @@ -658,7 +717,13 @@ if (mpi_cmp (x, r)) /* x != r */ { if (DBG_CIPHER) - log_debug ("ecc verify: Not verified\n"); + { + log_mpidump (" x", x); + log_mpidump (" y", y); + log_mpidump (" r", r); + log_mpidump (" s", s); + log_debug ("ecc verify: Not verified\n"); + } err = GPG_ERR_BAD_SIGNATURE; goto leave; } @@ -782,16 +847,18 @@ return 0; } -static gcry_err_code_t -ecc_generate (int algo, unsigned int nbits, unsigned long dummy, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) +/* Extended version of ecc_generate which is called directly by + pubkey.c. If CURVE is not NULL, that name will be used to select + the domain parameters. NBITS is not used in this case. */ +gcry_err_code_t +_gcry_ecc_generate (int algo, unsigned int nbits, const char *curve, + gcry_mpi_t *skey, gcry_mpi_t **retfactors) { gpg_err_code_t err; ECC_secret_key sk; gcry_mpi_t g_x, g_y, q_x, q_y; (void)algo; - (void)dummy; /* Make an empty list of factors. */ *retfactors = gcry_calloc ( 1, sizeof **retfactors ); @@ -802,7 +869,7 @@ g_y = mpi_new (0); q_x = mpi_new (0); q_y = mpi_new (0); - err = generate_key (&sk, nbits, g_x, g_y, q_x, q_y); + err = generate_key (&sk, nbits, curve, g_x, g_y, q_x, q_y); if (err) { gcry_free (*retfactors); @@ -823,6 +890,15 @@ static gcry_err_code_t +ecc_generate (int algo, unsigned int nbits, unsigned long dummy, + gcry_mpi_t *skey, gcry_mpi_t **retfactors) +{ + (void)dummy; + return _gcry_ecc_generate (algo, nbits, NULL, skey, retfactors); +} + + +static gcry_err_code_t ecc_check_secret_key (int algo, gcry_mpi_t *skey) { gpg_err_code_t err; Modified: trunk/cipher/pubkey.c =================================================================== --- trunk/cipher/pubkey.c 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/cipher/pubkey.c 2007-04-16 15:09:30 UTC (rev 1232) @@ -501,6 +501,7 @@ static gcry_err_code_t pubkey_generate (int algorithm, unsigned int nbits, unsigned int qbits, unsigned long use_e, gcry_mpi_t xvalue, + const char *curve_name, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO; @@ -525,6 +526,13 @@ (algorithm, nbits, xvalue, skey, retfactors); } #endif /*USE_ELGAMAL*/ +#ifdef USE_ECC + else if (curve_name && pubkey->spec == &_gcry_pubkey_spec_ecdsa) + { + err = _gcry_ecc_generate + (algorithm, nbits, curve_name, skey, retfactors); + } +#endif /*USE_ECC*/ else { err = ((gcry_pk_spec_t *) pubkey->spec)->generate @@ -1934,6 +1942,7 @@ unsigned int qbits; gcry_mpi_t xvalue = NULL; char *name_terminated; + char *curve = NULL; REGISTER_DEFAULT_PUBKEYS; @@ -2047,38 +2056,65 @@ } } - /* Now parse the required nbits element. */ + /* Handle the optional "curve" parameter. */ + l2 = gcry_sexp_find_token (list, "curve", 0); + if (l2) + { + name = gcry_sexp_nth_data (l2, 1, &n); + if (!name || n < 1) + { + rc = GPG_ERR_INV_OBJ; /* No name or or value too large. */ + goto leave; + } + curve = gcry_malloc (n+1); + if (!curve) + { + rc = gpg_err_code_from_syserror (); + goto leave; + } + memcpy (curve, name, n); + curve[n] = 0; + gcry_sexp_release (l2); + l2 = NULL; + } + + + /* Unless a curve name has been given, the "nbits" parameter is + required. */ l2 = gcry_sexp_find_token (list, "nbits", 0); gcry_sexp_release (list); list = l2; l2 = NULL; - - if (! list) + if (!list && !curve) { rc = GPG_ERR_NO_OBJ; /* No nbits parameter. */ goto leave; } - - name = gcry_sexp_nth_data (list, 1, &n); - if (! name) + if (list) { - rc = GPG_ERR_INV_OBJ; /* nbits without a cdr. */ - goto leave; + name = gcry_sexp_nth_data (list, 1, &n); + if (! name) + { + rc = GPG_ERR_INV_OBJ; /* nbits without a cdr. */ + goto leave; + } + + name_terminated = gcry_malloc (n + 1); + if (!name_terminated) + { + rc = gpg_err_code_from_errno (errno); + goto leave; + } + memcpy (name_terminated, name, n); + name_terminated[n] = 0; + nbits = (unsigned int) strtoul (name_terminated, NULL, 0); + gcry_free (name_terminated); } - - name_terminated = gcry_malloc (n + 1); - if (!name_terminated) - { - rc = gpg_err_code_from_errno (errno); - goto leave; - } - memcpy (name_terminated, name, n); - name_terminated[n] = 0; - nbits = (unsigned int) strtoul (name_terminated, NULL, 0); - gcry_free (name_terminated); + else + nbits = 0; rc = pubkey_generate (module->mod_id, nbits, qbits, use_e, xvalue, - skey, &factors); + curve, skey, &factors); if (rc) goto leave; @@ -2130,13 +2166,18 @@ /* Very ugly hack to make release_mpi_array() work FIXME */ skey[i] = NULL; - p = stpcpy (p, "(misc-key-info(pm1-factors"); - for(i = 0; factors[i]; i++) + if (factors[0]) { - p = stpcpy (p, "%m"); - mpis[nelem++] = factors[i]; + p = stpcpy (p, "(misc-key-info(pm1-factors"); + for(i = 0; factors[i]; i++) + { + p = stpcpy (p, "%m"); + mpis[nelem++] = factors[i]; + } + p = stpcpy (p, "))"); } - strcpy (p, ")))"); + strcpy (p, ")"); + assert (p - string < needed); while (nelem < DIM (mpis)) mpis[nelem++] = NULL; @@ -2168,6 +2209,7 @@ } leave: + gcry_free (curve); release_mpi_array (skey); /* Don't free SKEY itself, it is a static array. */ Modified: trunk/cipher/sha1.c =================================================================== --- trunk/cipher/sha1.c 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/cipher/sha1.c 2007-04-16 15:09:30 UTC (rev 1232) @@ -358,6 +358,8 @@ { "1.3.14.3.2.26" }, /* from NIST OIW (sha-1WithRSAEncryption) */ { "1.3.14.3.2.29" }, + /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */ + { "1.2.840.10045.4.1" }, { NULL }, }; Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/configure.ac 2007-04-16 15:09:30 UTC (rev 1232) @@ -583,7 +583,7 @@ # We have replacements for these in src/g10lib.h AC_CHECK_FUNCS(strtoul memmove stricmp atexit raise) # Other checks -AC_CHECK_FUNCS(strerror rand mmap getpagesize waitpid wait4) +AC_CHECK_FUNCS(strerror rand mmap getpagesize sysconf waitpid wait4) AC_CHECK_FUNCS(gettimeofday getrusage gethrtime clock_gettime) AC_CHECK_FUNCS(fcntl ftruncate) Modified: trunk/mpi/ec.c =================================================================== --- trunk/mpi/ec.c 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/mpi/ec.c 2007-04-16 15:09:30 UTC (rev 1232) @@ -613,6 +613,24 @@ gcry_mpi_t scalar, mpi_point_t *point, mpi_ec_t ctx) { +#if 0 + /* Simple left to right binary method. GECC Algorithm 3.27 */ + unsigned int nbits; + int i; + + nbits = mpi_get_nbits (scalar); + mpi_set_ui (result->x, 1); + mpi_set_ui (result->y, 1); + mpi_set_ui (result->z, 0); + + for (i=nbits-1; i >= 0; i--) + { + _gcry_mpi_ec_dup_point (result, result, ctx); + if (mpi_test_bit (scalar, i) == 1) + _gcry_mpi_ec_add_points (result, result, point, ctx); + } + +#else gcry_mpi_t x1, y1, z1, k, h, yy; unsigned int i, loops; mpi_point_t p1, p2, p1inv; @@ -687,4 +705,6 @@ point_free (&p1inv); mpi_free (h); mpi_free (k); +#endif } + Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/src/ChangeLog 2007-04-16 15:09:30 UTC (rev 1232) @@ -1,3 +1,8 @@ +2007-04-16 Werner Koch + + * secmem.c (init_pool): Use sysconf() if available to determine + page size. + 2007-03-22 Werner Koch * mpi.h (mpi_mod): New. Modified: trunk/src/cipher.h =================================================================== --- trunk/src/cipher.h 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/src/cipher.h 2007-04-16 15:09:30 UTC (rev 1232) @@ -54,6 +54,9 @@ /*-- ecc.c --*/ void _gcry_register_pk_ecc_progress (gcry_handler_progress_t cbc, void *cb_data); +gcry_err_code_t _gcry_ecc_generate (int algo, unsigned int nbits, + const char *curve, + gcry_mpi_t *skey, gcry_mpi_t **retfactors); /*-- primegen.c --*/ void _gcry_register_primegen_progress (gcry_handler_progress_t cb, Modified: trunk/src/secmem.c =================================================================== --- trunk/src/secmem.c 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/src/secmem.c 2007-04-16 15:09:30 UTC (rev 1232) @@ -340,6 +340,7 @@ init_pool (size_t n) { size_t pgsize; + long int pgsize_val; memblock_t *mb; pool_size = n; @@ -347,12 +348,16 @@ if (disable_secmem) log_bug ("secure memory is disabled"); -#ifdef HAVE_GETPAGESIZE - pgsize = getpagesize (); +#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) + pgsize_val = sysconf (_SC_PAGESIZE); +#elif defined(HAVE_GETPAGESIZE) + pgsize_val = getpagesize (); #else - pgsize = DEFAULT_PAGE_SIZE; + pgsize_val = -1; #endif + pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val:DEFAULT_PAGE_SIZE; + #if HAVE_MMAP pool_size = (pool_size + pgsize - 1) & ~(pgsize - 1); #ifdef MAP_ANONYMOUS Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/tests/ChangeLog 2007-04-16 15:09:30 UTC (rev 1232) @@ -7,8 +7,11 @@ 2007-03-28 Werner Koch + * pkbench.c (generate_key): Support named curves. + * benchmark.c (dsa_bench): New args ITERATIONS and PRINT_HEADER. (main): Call dsa and ecc benchs. + (show_sexp): New. * Makefile.am (TESTS): Move pkbench to EXTRA_PROGRAMS. Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/tests/Makefile.am 2007-04-16 15:09:30 UTC (rev 1232) @@ -39,6 +39,6 @@ # pkbench uses mmap for no good reason. Needs to be fixed. Code for # this can be found in libksba/tests. -EXTRA_PROGRAMS = testapi pkbench -noinst_PROGRAMS = $(TESTS) +EXTRA_PROGRAMS = testapi +noinst_PROGRAMS = $(TESTS) pkbench Modified: trunk/tests/benchmark.c =================================================================== --- trunk/tests/benchmark.c 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/tests/benchmark.c 2007-04-16 15:09:30 UTC (rev 1232) @@ -242,7 +242,23 @@ exit (1); } +static void +show_sexp (const char *prefix, gcry_sexp_t a) +{ + char *buf; + size_t size; + fputs (prefix, stderr); + size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0); + buf = malloc (size); + if (!buf) + die ("out of core\n"); + + gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size); + fprintf (stderr, "%.*s", (int)size, buf); +} + + static void start_timer (void) { @@ -709,9 +725,10 @@ if (err) { putchar ('\n'); - fprintf (stderr, PGM ": verify failed: %s\n", - gpg_strerror (err)); - exit (1); + show_sexp ("seckey:\n", sec_key); + show_sexp ("data:\n", data); + show_sexp ("sig:\n", sig); + die ("verify failed: %s\n", gpg_strerror (err)); } } stop_timer (); @@ -826,7 +843,7 @@ random_bench (0); } else if ( !strcmp (*argv, "--help")) - fputs ("usage: benchmark [md|cipher|random|mpi|dsa [algonames]]\n", + fputs ("usage: benchmark [md|cipher|random|mpi|dsa|ecc [algonames]]\n", stdout); else if ( !strcmp (*argv, "random") || !strcmp (*argv, "strongrandom")) { Modified: trunk/tests/pkbench.c =================================================================== --- trunk/tests/pkbench.c 2007-04-13 00:34:49 UTC (rev 1231) +++ trunk/tests/pkbench.c 2007-04-16 15:09:30 UTC (rev 1232) @@ -25,6 +25,7 @@ #include #include #include +#include #include #include #ifndef HAVE_W32_SYSTEM @@ -39,6 +40,7 @@ static int verbose; static int debug; +static int error_count; typedef struct context @@ -52,7 +54,51 @@ typedef int (*work_t) (context_t context, unsigned int final); + static void +fail (const char *format, ...) +{ + va_list arg_ptr; + + fputs ( PGM ": ", stderr); + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + error_count++; +} + +static void +die (const char *format, ...) +{ + va_list arg_ptr; + + putchar ('\n'); + fputs ( PGM ": ", stderr); + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + exit (1); +} + +static void +show_sexp (const char *prefix, gcry_sexp_t a) +{ + char *buf; + size_t size; + + fputs (prefix, stderr); + size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0); + buf = malloc (size); + if (!buf) + die ("out of core\n"); + + gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size); + fprintf (stderr, "%.*s", (int)size, buf); +} + + + +static void benchmark (work_t worker, context_t context) { clock_t timer_start, timer_stop; @@ -156,10 +202,13 @@ err = GPG_ERR_NO_ERROR; ret = 0; } + else if (err) + { + fail ("pk_sign failed: %s\n", gpg_strerror (err)); + ret = 0; + } else { - assert (! err); - if (final) context->data_signed = data_signed; else @@ -175,21 +224,25 @@ gcry_error_t err = GPG_ERR_NO_ERROR; int ret = 1; - if (! context->data_signed) - ret = 0; - else + if (!context->data_signed) + return 0; + + err = gcry_pk_verify (context->data_signed, + context->data, + context->key_public); + if (err) { - err = gcry_pk_verify (context->data_signed, - context->data, - context->key_public); - assert (! err); - if (final) - { - gcry_sexp_release (context->data_signed); - context->data_signed = NULL; - } + show_sexp ("data_signed:\n", context->data_signed); + show_sexp ("data:\n", context->data); + fail ("pk_verify failed: %s\n", gpg_strerror (err)); + ret = 0; } - + else if (final) + { + gcry_sexp_release (context->data_signed); + context->data_signed = NULL; + } + return ret; } @@ -307,13 +360,23 @@ gcry_sexp_t key_spec = NULL; gcry_sexp_t key_pair = NULL; - err = gcry_sexp_build (&key_spec, NULL, - "(genkey (%s (nbits %s)))", - algorithm, key_size); - assert (! err); + if (isdigit ((unsigned int)*key_size)) + err = gcry_sexp_build (&key_spec, NULL, + "(genkey (%s (nbits %s)))", + algorithm, key_size); + else + err = gcry_sexp_build (&key_spec, NULL, + "(genkey (%s (curve %s)))", + algorithm, key_size); + if (err) + die ("sexp_build failed: %s\n", gpg_strerror (err)); err = gcry_pk_genkey (&key_pair, key_spec); - assert (! err); + if (err) + { + show_sexp ("request:\n", key_spec); + die ("pk_genkey failed: %s\n", gpg_strerror (err)); + } key_pair_buffer_size = gcry_sexp_sprint (key_pair, GCRYSEXP_FMT_ADVANCED, NULL, 0); @@ -323,7 +386,7 @@ gcry_sexp_sprint (key_pair, GCRYSEXP_FMT_ADVANCED, key_pair_buffer, key_pair_buffer_size); - printf ("%.*s", key_pair_buffer_size, key_pair_buffer); + printf ("%.*s", (int)key_pair_buffer_size, key_pair_buffer); } @@ -385,9 +448,9 @@ { /* No valuable keys are create, so we can speed up our RNG. */ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); - if (debug) - gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); - } + } + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); @@ -409,5 +472,5 @@ exit (1); } - return 0; + return error_count ? 1 : 0; } From cvs at cvs.gnupg.org Mon Apr 16 17:37:46 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 16 Apr 2007 17:37:46 +0200 Subject: [svn] GnuPG - r4479 - in branches/STABLE-BRANCH-1-4: . util Message-ID: Author: wk Date: 2007-04-16 17:37:45 +0200 (Mon, 16 Apr 2007) New Revision: 4479 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/NEWS branches/STABLE-BRANCH-1-4/acinclude.m4 branches/STABLE-BRANCH-1-4/util/ChangeLog branches/STABLE-BRANCH-1-4/util/secmem.c Log: util/ * secmem.c (init_pool): Avoid assigning a negative value to a size_t. ./ * acinclude.m4: Fix last change. Make test self-conatined by checking for sysconf and getpagesize. Remove indentation for the sake of broken C-89 cpps. Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-16 15:32:49 UTC (rev 4478) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-16 15:37:45 UTC (rev 4479) @@ -1,3 +1,9 @@ +2007-04-16 Werner Koch + + * acinclude.m4: Fix last change. Make test self-conatined by + checking for sysconf and getpagesize. Remove indentation for the + sake of broken C-89 cpp. + 2007-04-16 David Shaw * configure.ac: Add a HAVE_SHM conditional. Modified: branches/STABLE-BRANCH-1-4/NEWS =================================================================== --- branches/STABLE-BRANCH-1-4/NEWS 2007-04-16 15:32:49 UTC (rev 4478) +++ branches/STABLE-BRANCH-1-4/NEWS 2007-04-16 15:37:45 UTC (rev 4479) @@ -11,7 +11,7 @@ plaintext boundary status tags that GnuPG provides. This change makes GnuPG reject such messages by default which makes those programs safe again. --allow-multiple-messages returns to the - old behavior. + old behavior. [CVE-2007-1263]. * [W32] The environment variable LANGUAGE may be used to override the language given by HKCU\Software\GNU\GnuPG:Lang. The Modified: branches/STABLE-BRANCH-1-4/acinclude.m4 =================================================================== --- branches/STABLE-BRANCH-1-4/acinclude.m4 2007-04-16 15:32:49 UTC (rev 4478) +++ branches/STABLE-BRANCH-1-4/acinclude.m4 2007-04-16 15:37:45 UTC (rev 4479) @@ -384,18 +384,18 @@ #include #endif ], [ - int i; + int i; - /* glibc defines this for functions which it implements - * to always fail with ENOSYS. Some functions are actually - * named something starting with __ and the normal name - * is an alias. */ - #if defined (__stub_mlock) || defined (__stub___mlock) - choke me - #else - mlock(&i, 4); - #endif - ; return 0; + /* glibc defines this for functions which it implements + * to always fail with ENOSYS. Some functions are actually + * named something starting with __ and the normal name + * is an alias. */ + #if defined (__stub_mlock) || defined (__stub___mlock) + choke me + #else + mlock(&i, 4); + #endif + ; return 0; ], gnupg_cv_mlock_is_in_sys_mman=yes, gnupg_cv_mlock_is_in_sys_mman=no)]) @@ -406,42 +406,45 @@ fi fi if test "$ac_cv_func_mlock" = "yes"; then + AC_CHECK_FUNCS(sysconf getpagesize) AC_MSG_CHECKING(whether mlock is broken) AC_CACHE_VAL(gnupg_cv_have_broken_mlock, AC_TRY_RUN([ - #include - #include - #include - #include - #include - #include +#include +#include +#include +#include +#include +#include - int main() - { - char *pool; - int err; - long int pgsize; +int main() +{ + char *pool; + int err; + long int pgsize; - #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) - pgsize = sysconf(_SC_PAGESIZE); - #elif defined(HAVE_GETPAGESIZE) - pgsize = getpagesize(); - #endif +#if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) + pgsize = sysconf(_SC_PAGESIZE); +#elif defined(HAVE_GETPAGESIZE) + pgsize = getpagesize(); +#else + pgsize = -1; +#endif - if(pgsize==-1) - pgsize = 4096; + if(pgsize==-1) + pgsize = 4096; - pool = malloc( 4096 + pgsize ); - if( !pool ) - return 2; - pool += (pgsize - ((long int)pool % pgsize)); + pool = malloc( 4096 + pgsize ); + if( !pool ) + return 2; + pool += (pgsize - ((long int)pool % pgsize)); - err = mlock( pool, 4096 ); - if( !err || errno == EPERM ) - return 0; /* okay */ + err = mlock( pool, 4096 ); + if( !err || errno == EPERM ) + return 0; /* okay */ - return 1; /* hmmm */ - } + return 1; /* hmmm */ +} ], gnupg_cv_have_broken_mlock="no", Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-16 15:32:49 UTC (rev 4478) +++ branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-16 15:37:45 UTC (rev 4479) @@ -1,3 +1,8 @@ +2007-04-16 Werner Koch + + * secmem.c (init_pool): Avoid assigning a negative value to a + size_t. + 2007-04-16 David Shaw * secmem.c (init_pool): Use sysconf() if available to determine Modified: branches/STABLE-BRANCH-1-4/util/secmem.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/secmem.c 2007-04-16 15:32:49 UTC (rev 4478) +++ branches/STABLE-BRANCH-1-4/util/secmem.c 2007-04-16 15:37:45 UTC (rev 4479) @@ -219,7 +219,8 @@ static void init_pool( size_t n) { - size_t pgsize=-1; + long int pgsize_val; + size_t pgsize; poolsize = n; @@ -227,13 +228,14 @@ log_bug("secure memory is disabled"); #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) - pgsize = sysconf(_SC_PAGESIZE); + pgsize_val = sysconf (_SC_PAGESIZE); #elif defined(HAVE_GETPAGESIZE) - pgsize = getpagesize(); + pgsize_val = getpagesize (); +#else + pgsize_val = -1; #endif + pgsize = (pgsize_val != -1 && pgsize_val > 0)? pgsize_val : 4096; - if(pgsize==-1) - pgsize = 4096; #ifdef HAVE_MMAP poolsize = (poolsize + pgsize -1 ) & ~(pgsize-1); From cvs at cvs.gnupg.org Mon Apr 16 17:32:50 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Mon, 16 Apr 2007 17:32:50 +0200 Subject: [svn] GnuPG - r4478 - in branches/STABLE-BRANCH-1-4: . tools Message-ID: Author: dshaw Date: 2007-04-16 17:32:49 +0200 (Mon, 16 Apr 2007) New Revision: 4478 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/configure.ac branches/STABLE-BRANCH-1-4/tools/ChangeLog branches/STABLE-BRANCH-1-4/tools/Makefile.am Log: Don't build shmtest unless we have shm. Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-16 13:37:09 UTC (rev 4477) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2007-04-16 15:32:49 UTC (rev 4478) @@ -1,5 +1,7 @@ 2007-04-16 David Shaw + * configure.ac: Add a HAVE_SHM conditional. + * acinclude.m4: Use sysconf() if available to avoid a false positive on HAVE_BROKEN_MLOCK when checking for page size. Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2007-04-16 13:37:09 UTC (rev 4477) +++ branches/STABLE-BRANCH-1-4/configure.ac 2007-04-16 15:32:49 UTC (rev 4478) @@ -1051,6 +1051,8 @@ [define if the shared memory interface should be made available]) fi +AM_CONDITIONAL(HAVE_SHM, test "$ac_cv_header_sys_shm_h" = yes) + dnl dnl check whether we have a random device dnl Modified: branches/STABLE-BRANCH-1-4/tools/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/tools/ChangeLog 2007-04-16 13:37:09 UTC (rev 4477) +++ branches/STABLE-BRANCH-1-4/tools/ChangeLog 2007-04-16 15:32:49 UTC (rev 4478) @@ -1,3 +1,8 @@ +2007-04-16 David Shaw + + * Makefile.am (noinst_PROGRAMS): Don't build shmtest unless we + have shm. + 2006-12-11 Werner Koch * Makefile.am (AM_CPPFLAGS): Use in place of INCLUDES. Define Modified: branches/STABLE-BRANCH-1-4/tools/Makefile.am =================================================================== --- branches/STABLE-BRANCH-1-4/tools/Makefile.am 2007-04-16 13:37:09 UTC (rev 4477) +++ branches/STABLE-BRANCH-1-4/tools/Makefile.am 2007-04-16 15:32:49 UTC (rev 4478) @@ -30,7 +30,6 @@ needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a other_libs = $(LIBICONV) $(LIBINTL) $(CAPLIBS) - bin_PROGRAMS = gpgsplit noinst_PROGRAMS = mpicalc bftest clean-sat mk-tdata shmtest make-dns-cert @@ -38,6 +37,10 @@ bin_SCRIPTS = gpg-zip endif +if HAVE_SHM +noinst_PROGRAMS += shmtest +endif + gpgsplit_LDADD = $(needed_libs) $(other_libs) @ZLIBS@ mpicalc_LDADD = $(needed_libs) $(other_libs) @W32LIBS@ bftest_LDADD = $(needed_libs) $(other_libs) @W32LIBS@ @DLLIBS@ @NETLIBS@ @LIBREADLINE@ From cvs at cvs.gnupg.org Mon Apr 16 20:57:24 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 16 Apr 2007 20:57:24 +0200 Subject: [svn] GnuPG - r4480 - trunk/g10 Message-ID: Author: wk Date: 2007-04-16 20:57:23 +0200 (Mon, 16 Apr 2007) New Revision: 4480 Modified: trunk/g10/ChangeLog trunk/g10/build-packet.c Log: * build-packet.c (mpi_write): Made buffer a bit larger. Reported by Alexander Feigl. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-04-16 15:37:45 UTC (rev 4479) +++ trunk/g10/ChangeLog 2007-04-16 18:57:23 UTC (rev 4480) @@ -1,3 +1,8 @@ +2007-04-16 Werner Koch + + * build-packet.c (mpi_write): Made buffer a bit larger. Reported + by Alexander Feigl. + 2007-04-13 Werner Koch * call-agent.c (start_agent): Don't use log_error when using the Modified: trunk/g10/build-packet.c =================================================================== --- trunk/g10/build-packet.c 2007-04-16 15:37:45 UTC (rev 4479) +++ trunk/g10/build-packet.c 2007-04-16 18:57:23 UTC (rev 4480) @@ -157,11 +157,11 @@ static int mpi_write (iobuf_t out, gcry_mpi_t a) { - char buffer[(MAX_EXTERN_MPI_BITS+7)/8]; + char buffer[(MAX_EXTERN_MPI_BITS+7)/8+2]; /* 2 is for the mpi length. */ size_t nbytes; int rc; - nbytes = (MAX_EXTERN_MPI_BITS+7)/8 + 2; /* 2 is for the mpi length. */ + nbytes = DIM(buffer); rc = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, &nbytes, a ); if( !rc ) rc = iobuf_write( out, buffer, nbytes ); From cvs at cvs.gnupg.org Mon Apr 16 23:55:57 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Mon, 16 Apr 2007 23:55:57 +0200 Subject: [svn] GnuPG - r4481 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2007-04-16 23:55:53 +0200 (Mon, 16 Apr 2007) New Revision: 4481 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/gpg.c branches/STABLE-BRANCH-1-4/g10/pkclist.c Log: * gpg.c, pkclist.c: #include for strcasecmp if it is present. Note that autoconf protects us against a strings.h that cannot be used together with string.h. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-04-16 18:57:23 UTC (rev 4480) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-04-16 21:55:53 UTC (rev 4481) @@ -1,3 +1,9 @@ +2007-04-16 David Shaw + + * gpg.c, pkclist.c: #include for strcasecmp if it is + present. Note that autoconf protects us against a strings.h that + cannot be used together with string.h. + 2007-04-03 David Shaw * parse-packet.c (parse_marker): New. Enforce that the marker Modified: branches/STABLE-BRANCH-1-4/g10/gpg.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/gpg.c 2007-04-16 18:57:23 UTC (rev 4480) +++ branches/STABLE-BRANCH-1-4/g10/gpg.c 2007-04-16 21:55:53 UTC (rev 4481) @@ -1,6 +1,6 @@ /* gpg.c - The GnuPG utility (main for gpg) - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -25,6 +25,9 @@ #include #include #include +#ifdef HAVE_STRINGS_H +#include +#endif #include #include #include Modified: branches/STABLE-BRANCH-1-4/g10/pkclist.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/pkclist.c 2007-04-16 18:57:23 UTC (rev 4480) +++ branches/STABLE-BRANCH-1-4/g10/pkclist.c 2007-04-16 21:55:53 UTC (rev 4481) @@ -1,6 +1,6 @@ /* pkclist.c - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -24,6 +24,9 @@ #include #include #include +#ifdef HAVE_STRINGS_H +#include +#endif #include #include From cvs at cvs.gnupg.org Tue Apr 17 00:32:29 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 17 Apr 2007 00:32:29 +0200 Subject: [svn] GnuPG - r4482 - in branches/STABLE-BRANCH-1-4: include util Message-ID: Author: dshaw Date: 2007-04-17 00:32:28 +0200 (Tue, 17 Apr 2007) New Revision: 4482 Modified: branches/STABLE-BRANCH-1-4/include/ChangeLog branches/STABLE-BRANCH-1-4/include/compat.h branches/STABLE-BRANCH-1-4/include/util.h branches/STABLE-BRANCH-1-4/util/ChangeLog branches/STABLE-BRANCH-1-4/util/compat.c branches/STABLE-BRANCH-1-4/util/strgutil.c Log: Move some ascii_foo functions to libcompat Modified: branches/STABLE-BRANCH-1-4/include/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/include/ChangeLog 2007-04-16 21:55:53 UTC (rev 4481) +++ branches/STABLE-BRANCH-1-4/include/ChangeLog 2007-04-16 22:32:28 UTC (rev 4482) @@ -1,3 +1,8 @@ +2007-04-16 David Shaw + + * util.h (ascii_toupper, ascii_tolower, ascii_strcasecmp, + ascii_strncasecmp): Move functions to compat.h. + 2006-12-11 Werner Koch * mpi.h (mpi_is_neg, mpi_get_nlimbs): Replaced macros by function Modified: branches/STABLE-BRANCH-1-4/include/compat.h =================================================================== --- branches/STABLE-BRANCH-1-4/include/compat.h 2007-04-16 21:55:53 UTC (rev 4481) +++ branches/STABLE-BRANCH-1-4/include/compat.h 2007-04-16 22:32:28 UTC (rev 4482) @@ -6,6 +6,10 @@ #define ascii_isspace(a) ((a)==' ' || (a)=='\n' || (a)=='\r' || (a)=='\t') int hextobyte( const char *s ); +int ascii_toupper (int c); +int ascii_tolower (int c); +int ascii_strcasecmp( const char *a, const char *b ); +int ascii_strncasecmp( const char *a, const char *b, size_t n); #ifndef HAVE_STRSEP char *strsep (char **stringp, const char *delim); Modified: branches/STABLE-BRANCH-1-4/include/util.h =================================================================== --- branches/STABLE-BRANCH-1-4/include/util.h 2007-04-16 21:55:53 UTC (rev 4481) +++ branches/STABLE-BRANCH-1-4/include/util.h 2007-04-16 22:32:28 UTC (rev 4482) @@ -194,10 +194,6 @@ int ascii_isupper (int c); int ascii_islower (int c); -int ascii_toupper (int c); -int ascii_tolower (int c); -int ascii_strcasecmp( const char *a, const char *b ); -int ascii_strncasecmp( const char *a, const char *b, size_t n); int ascii_memcasecmp( const char *a, const char *b, size_t n); #ifndef HAVE_STPCPY Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-16 21:55:53 UTC (rev 4481) +++ branches/STABLE-BRANCH-1-4/util/ChangeLog 2007-04-16 22:32:28 UTC (rev 4482) @@ -1,3 +1,8 @@ +2007-04-16 David Shaw + + * strgutil.c (ascii_toupper, ascii_tolower, ascii_strcasecmp, + ascii_strncasecmp): Move functions to compat.c. + 2007-04-16 Werner Koch * secmem.c (init_pool): Avoid assigning a negative value to a Modified: branches/STABLE-BRANCH-1-4/util/compat.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/compat.c 2007-04-16 21:55:53 UTC (rev 4481) +++ branches/STABLE-BRANCH-1-4/util/compat.c 2007-04-16 22:32:28 UTC (rev 4482) @@ -1,3 +1,5 @@ +#include + int hextobyte (const char *s) { @@ -22,3 +24,71 @@ return -1; return c; } + +int +ascii_toupper (int c) +{ + if (c >= 'a' && c <= 'z') + c &= ~0x20; + return c; +} + +int +ascii_tolower (int c) +{ + if (c >= 'A' && c <= 'Z') + c |= 0x20; + return c; +} + +int +ascii_strcasecmp (const char *a, const char *b) +{ + const unsigned char *p1 = (const unsigned char *)a; + const unsigned char *p2 = (const unsigned char *)b; + unsigned char c1, c2; + + if (p1 == p2) + return 0; + + do + { + c1 = ascii_tolower (*p1); + c2 = ascii_tolower (*p2); + + if (c1 == '\0') + break; + + ++p1; + ++p2; + } + while (c1 == c2); + + return c1 - c2; +} + +int +ascii_strncasecmp (const char *a, const char *b, size_t n) +{ + const unsigned char *p1 = (const unsigned char *)a; + const unsigned char *p2 = (const unsigned char *)b; + unsigned char c1, c2; + + if (p1 == p2 || !n ) + return 0; + + do + { + c1 = ascii_tolower (*p1); + c2 = ascii_tolower (*p2); + + if ( !--n || c1 == '\0') + break; + + ++p1; + ++p2; + } + while (c1 == c2); + + return c1 - c2; +} Modified: branches/STABLE-BRANCH-1-4/util/strgutil.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/strgutil.c 2007-04-16 21:55:53 UTC (rev 4481) +++ branches/STABLE-BRANCH-1-4/util/strgutil.c 2007-04-16 22:32:28 UTC (rev 4482) @@ -1058,77 +1058,7 @@ return c >= 'a' && c <= 'z'; } -int -ascii_toupper (int c) -{ - if (c >= 'a' && c <= 'z') - c &= ~0x20; - return c; -} - -int -ascii_tolower (int c) -{ - if (c >= 'A' && c <= 'Z') - c |= 0x20; - return c; -} - - int -ascii_strcasecmp (const char *a, const char *b) -{ - const unsigned char *p1 = (const unsigned char *)a; - const unsigned char *p2 = (const unsigned char *)b; - unsigned char c1, c2; - - if (p1 == p2) - return 0; - - do - { - c1 = ascii_tolower (*p1); - c2 = ascii_tolower (*p2); - - if (c1 == '\0') - break; - - ++p1; - ++p2; - } - while (c1 == c2); - - return c1 - c2; -} - -int -ascii_strncasecmp (const char *a, const char *b, size_t n) -{ - const unsigned char *p1 = (const unsigned char *)a; - const unsigned char *p2 = (const unsigned char *)b; - unsigned char c1, c2; - - if (p1 == p2 || !n ) - return 0; - - do - { - c1 = ascii_tolower (*p1); - c2 = ascii_tolower (*p2); - - if ( !--n || c1 == '\0') - break; - - ++p1; - ++p2; - } - while (c1 == c2); - - return c1 - c2; -} - - -int ascii_memcasecmp( const char *a, const char *b, size_t n ) { if (a == b) From cvs at cvs.gnupg.org Tue Apr 17 00:43:31 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 17 Apr 2007 00:43:31 +0200 Subject: [svn] GnuPG - r4483 - branches/STABLE-BRANCH-1-4/keyserver Message-ID: Author: dshaw Date: 2007-04-17 00:43:29 +0200 (Tue, 17 Apr 2007) New Revision: 4483 Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c branches/STABLE-BRANCH-1-4/keyserver/ksutil.c Log: * gpgkeys_curl.c, gpgkeys_ldap.c, gpgkeys_hkp.c, ksutil.c: Rename all str(n)casecmp to ascii_str(n)casecmp. We want the locale-independent ones here. Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2007-04-16 22:32:28 UTC (rev 4482) +++ branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2007-04-16 22:43:29 UTC (rev 4483) @@ -1,3 +1,9 @@ +2007-04-16 David Shaw + + * gpgkeys_curl.c, gpgkeys_ldap.c, gpgkeys_hkp.c, ksutil.c: Rename + all str(n)casecmp to ascii_str(n)casecmp. We want the + locale-independent ones here. + 2007-03-13 David Shaw * gpgkeys_curl.c (main): Use curl_version_info to verify that the Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c 2007-04-16 22:32:28 UTC (rev 4482) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c 2007-04-16 22:43:29 UTC (rev 4483) @@ -44,6 +44,7 @@ #else #include "curl-shim.h" #endif +#include "compat.h" #include "keyserver.h" #include "ksutil.h" @@ -204,13 +205,13 @@ option[MAX_OPTION]='\0'; - if(strncasecmp(option,"no-",3)==0) + if(ascii_strncasecmp(option,"no-",3)==0) { no=1; start=&option[3]; } - if(strncasecmp(start,"http-proxy",10)==0) + if(ascii_strncasecmp(start,"http-proxy",10)==0) { /* Safe to not check the return code of strdup() here. If it fails, we simply won't use a proxy. */ @@ -228,7 +229,7 @@ } } } - else if(strncasecmp(start,"follow-redirects",16)==0) + else if(ascii_strncasecmp(start,"follow-redirects",16)==0) { if(no) follow_redirects=0; @@ -275,7 +276,7 @@ print a nicer error message. */ curldata=curl_version_info(CURLVERSION_NOW); for(i=0;curldata->protocols[i];i++) - if(strcasecmp(curldata->protocols[i],opt->scheme)==0) + if(ascii_strcasecmp(curldata->protocols[i],opt->scheme)==0) break; if(curldata->protocols[i]==NULL) Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2007-04-16 22:32:28 UTC (rev 4482) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2007-04-16 22:43:29 UTC (rev 4483) @@ -1,5 +1,5 @@ /* gpgkeys_hkp.c - talk to an HKP keyserver - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006 + * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -45,6 +45,7 @@ #else #include "curl-shim.h" #endif +#include "compat.h" #include "keyserver.h" #include "ksutil.h" @@ -597,13 +598,13 @@ option[MAX_OPTION]='\0'; - if(strncasecmp(option,"no-",3)==0) + if(ascii_strncasecmp(option,"no-",3)==0) { no=1; start=&option[3]; } - if(strncasecmp(start,"http-proxy",10)==0) + if(ascii_strncasecmp(start,"http-proxy",10)==0) { if(no) { @@ -620,7 +621,7 @@ } } #if 0 - else if(strcasecmp(start,"try-dns-srv")==0) + else if(ascii_strcasecmp(start,"try-dns-srv")==0) { if(no) http_flags&=~HTTP_FLAG_TRY_SRV; Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c 2007-04-16 22:32:28 UTC (rev 4482) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c 2007-04-16 22:43:29 UTC (rev 4483) @@ -1,5 +1,6 @@ /* gpgkeys_ldap.c - talk to a LDAP keyserver - * Copyright (C) 2001, 2002, 2004, 2005, 2006 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -131,7 +132,7 @@ while(keyptr!=NULL) { - if(strcasecmp(key,keyptr->str)==0) + if(ascii_strcasecmp(key,keyptr->str)==0) return 1; keyptr=keyptr->next; @@ -270,7 +271,7 @@ /* Search modlist for the attribute we're playing with. */ for(m=*modlist;*m;m++) { - if(strcasecmp((*m)->mod_type,attr)==0) + if(ascii_strcasecmp((*m)->mod_type,attr)==0) { char **ptr=(*m)->mod_values; int numvalues=0; @@ -1478,9 +1479,9 @@ { /* The LDAP server doesn't exactly handle this well. */ - if(strcasecmp(vals[0],"RSA")==0) + if(ascii_strcasecmp(vals[0],"RSA")==0) fprintf(output,"1"); - else if(strcasecmp(vals[0],"DSS/DH")==0) + else if(ascii_strcasecmp(vals[0],"DSS/DH")==0) fprintf(output,"17"); ldap_value_free(vals); } @@ -1561,7 +1562,7 @@ vals=ldap_get_values(ldap,uids,"pgpcertid"); if(vals!=NULL) { - if(strcasecmp(certid[0],vals[0])==0) + if(ascii_strcasecmp(certid[0],vals[0])==0) { char **uidvals; @@ -1863,25 +1864,25 @@ optionstr[MAX_OPTION]='\0'; - if(strncasecmp(optionstr,"no-",3)==0) + if(ascii_strncasecmp(optionstr,"no-",3)==0) { no=1; start=&optionstr[3]; } - if(strncasecmp(start,"tls",3)==0) + if(ascii_strncasecmp(start,"tls",3)==0) { if(no) use_tls=0; else if(start[3]=='=') { - if(strcasecmp(&start[4],"no")==0) + if(ascii_strcasecmp(&start[4],"no")==0) use_tls=0; - else if(strcasecmp(&start[4],"try")==0) + else if(ascii_strcasecmp(&start[4],"try")==0) use_tls=1; - else if(strcasecmp(&start[4],"warn")==0) + else if(ascii_strcasecmp(&start[4],"warn")==0) use_tls=2; - else if(strcasecmp(&start[4],"require")==0) + else if(ascii_strcasecmp(&start[4],"require")==0) use_tls=3; else use_tls=1; @@ -1889,7 +1890,7 @@ else if(start[3]=='\0') use_tls=1; } - else if(strncasecmp(start,"basedn",6)==0) + else if(ascii_strncasecmp(start,"basedn",6)==0) { if(no) { @@ -1911,7 +1912,7 @@ real_ldap=1; } } - else if(strncasecmp(start,"binddn",6)==0) + else if(ascii_strncasecmp(start,"binddn",6)==0) { if(no) { @@ -1933,7 +1934,7 @@ real_ldap=1; } } - else if(strncasecmp(start,"bindpw",6)==0) + else if(ascii_strncasecmp(start,"bindpw",6)==0) { if(no) { @@ -1967,7 +1968,7 @@ goto fail; } - if(strcasecmp(opt->scheme,"ldaps")==0) + if(ascii_strcasecmp(opt->scheme,"ldaps")==0) { port=636; use_ssl=1; Modified: branches/STABLE-BRANCH-1-4/keyserver/ksutil.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/ksutil.c 2007-04-16 22:32:28 UTC (rev 4482) +++ branches/STABLE-BRANCH-1-4/keyserver/ksutil.c 2007-04-16 22:43:29 UTC (rev 4483) @@ -1,5 +1,5 @@ /* ksutil.c - general keyserver utility functions - * Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. + * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -42,6 +42,7 @@ #else #include "curl-shim.h" #endif +#include "compat.h" #include "keyserver.h" #include "ksutil.h" @@ -149,13 +150,13 @@ { command[MAX_COMMAND]='\0'; - if(strcasecmp(command,"get")==0) + if(ascii_strcasecmp(command,"get")==0) opt->action=KS_GET; - else if(strcasecmp(command,"getname")==0) + else if(ascii_strcasecmp(command,"getname")==0) opt->action=KS_GETNAME; - else if(strcasecmp(command,"send")==0) + else if(ascii_strcasecmp(command,"send")==0) opt->action=KS_SEND; - else if(strcasecmp(command,"search")==0) + else if(ascii_strcasecmp(command,"search")==0) opt->action=KS_SEARCH; return 0; @@ -236,13 +237,13 @@ option[MAX_OPTION]='\0'; - if(strncasecmp(option,"no-",3)==0) + if(ascii_strncasecmp(option,"no-",3)==0) { no=1; start=&option[3]; } - if(strncasecmp(start,"verbose",7)==0) + if(ascii_strncasecmp(start,"verbose",7)==0) { if(no) opt->verbose=0; @@ -251,35 +252,35 @@ else opt->verbose++; } - else if(strcasecmp(start,"include-disabled")==0) + else if(ascii_strcasecmp(start,"include-disabled")==0) { if(no) opt->flags.include_disabled=0; else opt->flags.include_disabled=1; } - else if(strcasecmp(start,"include-revoked")==0) + else if(ascii_strcasecmp(start,"include-revoked")==0) { if(no) opt->flags.include_revoked=0; else opt->flags.include_revoked=1; } - else if(strcasecmp(start,"include-subkeys")==0) + else if(ascii_strcasecmp(start,"include-subkeys")==0) { if(no) opt->flags.include_subkeys=0; else opt->flags.include_subkeys=1; } - else if(strcasecmp(start,"check-cert")==0) + else if(ascii_strcasecmp(start,"check-cert")==0) { if(no) opt->flags.check_cert=0; else opt->flags.check_cert=1; } - else if(strncasecmp(start,"debug",5)==0) + else if(ascii_strncasecmp(start,"debug",5)==0) { if(no) opt->debug=0; @@ -288,7 +289,7 @@ else if(start[5]=='\0') opt->debug=1; } - else if(strncasecmp(start,"timeout",7)==0) + else if(ascii_strncasecmp(start,"timeout",7)==0) { if(no) opt->timeout=0; @@ -297,7 +298,7 @@ else if(start[7]=='\0') opt->timeout=DEFAULT_KEYSERVER_TIMEOUT; } - else if(strncasecmp(start,"ca-cert-file",12)==0) + else if(ascii_strncasecmp(start,"ca-cert-file",12)==0) { if(no) { From cvs at cvs.gnupg.org Tue Apr 17 00:47:22 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 17 Apr 2007 00:47:22 +0200 Subject: [svn] GnuPG - r4484 - branches/STABLE-BRANCH-1-4/keyserver Message-ID: Author: dshaw Date: 2007-04-17 00:47:20 +0200 (Tue, 17 Apr 2007) New Revision: 4484 Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog branches/STABLE-BRANCH-1-4/keyserver/Makefile.am branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c Log: * gpgkeys_hkp.c (main): Show curl or fake-curl version string. * Makefile.am: Link with libcompat.a for ascii_str(n)casecmp. Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2007-04-16 22:43:29 UTC (rev 4483) +++ branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2007-04-16 22:47:20 UTC (rev 4484) @@ -1,5 +1,9 @@ 2007-04-16 David Shaw + * gpgkeys_hkp.c (main): Show curl or fake-curl version string. + + * Makefile.am: Link with libcompat.a for ascii_str(n)casecmp. + * gpgkeys_curl.c, gpgkeys_ldap.c, gpgkeys_hkp.c, ksutil.c: Rename all str(n)casecmp to ascii_str(n)casecmp. We want the locale-independent ones here. Modified: branches/STABLE-BRANCH-1-4/keyserver/Makefile.am =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/Makefile.am 2007-04-16 22:43:29 UTC (rev 4483) +++ branches/STABLE-BRANCH-1-4/keyserver/Makefile.am 2007-04-16 22:47:20 UTC (rev 4484) @@ -47,8 +47,8 @@ gpgkeys_hkp_LDADD = ../util/libutil.a @NETLIBS@ @DNSLIBS@ $(other_libs) @GETOPT@ @W32LIBS@ else gpgkeys_curl_CPPFLAGS = @LIBCURL_CPPFLAGS@ -gpgkeys_curl_LDADD = @LIBCURL@ @GETOPT@ +gpgkeys_curl_LDADD = ../util/libcompat.a @LIBCURL@ @GETOPT@ gpgkeys_hkp_CPPFLAGS = @LIBCURL_CPPFLAGS@ -gpgkeys_hkp_LDADD = @LIBCURL@ @GETOPT@ +gpgkeys_hkp_LDADD = ../util/libcompat.a @LIBCURL@ @GETOPT@ gpgkeys_finger_CPPFLAGS = @LIBCURL_CPPFLAGS@ endif Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2007-04-16 22:43:29 UTC (rev 4483) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2007-04-16 22:47:20 UTC (rev 4484) @@ -731,7 +731,7 @@ /* Send the response */ fprintf(output,"VERSION %d\n",KEYSERVER_PROTO_VERSION); - fprintf(output,"PROGRAM %s\n\n",VERSION); + fprintf(output,"PROGRAM %s %s\n\n",VERSION,curl_version()); if(opt->verbose>1) { From cvs at cvs.gnupg.org Tue Apr 17 06:00:40 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 17 Apr 2007 06:00:40 +0200 Subject: [svn] GnuPG - r4485 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2007-04-17 06:00:38 +0200 (Tue, 17 Apr 2007) New Revision: 4485 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/decrypt.c branches/STABLE-BRANCH-1-4/g10/mainproc.c branches/STABLE-BRANCH-1-4/g10/packet.h branches/STABLE-BRANCH-1-4/g10/verify.c Log: * packet.h, mainproc.c (reset_literals_seen): New function to reset the literals count. * verify.c (verify_one_file), decrypt.c (decrypt_messages): Call it here so we allow multiple literals in --multifile mode (in different files - not concatenated together). Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-04-16 22:47:20 UTC (rev 4484) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-04-17 04:00:38 UTC (rev 4485) @@ -1,5 +1,12 @@ 2007-04-16 David Shaw + * packet.h, mainproc.c (reset_literals_seen): New function to + reset the literals count. + + * verify.c (verify_one_file), decrypt.c (decrypt_messages): Call + it here so we allow multiple literals in --multifile mode (in + different files - not concatenated together). + * gpg.c, pkclist.c: #include for strcasecmp if it is present. Note that autoconf protects us against a strings.h that cannot be used together with string.h. Modified: branches/STABLE-BRANCH-1-4/g10/decrypt.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/decrypt.c 2007-04-16 22:47:20 UTC (rev 4484) +++ branches/STABLE-BRANCH-1-4/g10/decrypt.c 2007-04-17 04:00:38 UTC (rev 4485) @@ -1,6 +1,6 @@ /* decrypt.c - verify signed data - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 - * 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -185,6 +185,7 @@ write_status( STATUS_FILE_DONE ); iobuf_ioctl( NULL, 2, 0, NULL); /* Invalidate entire cache. */ xfree(output); + reset_literals_seen(); } set_next_passphrase(NULL); Modified: branches/STABLE-BRANCH-1-4/g10/mainproc.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/mainproc.c 2007-04-16 22:47:20 UTC (rev 4484) +++ branches/STABLE-BRANCH-1-4/g10/mainproc.c 2007-04-17 04:00:38 UTC (rev 4485) @@ -1,6 +1,6 @@ /* mainproc.c - handle packets - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2005, 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -88,6 +88,12 @@ static void proc_tree( CTX c, KBNODE node ); static int literals_seen; +void +reset_literals_seen(void) +{ + literals_seen=0; +} + static void release_list( CTX c ) { Modified: branches/STABLE-BRANCH-1-4/g10/packet.h =================================================================== --- branches/STABLE-BRANCH-1-4/g10/packet.h 2007-04-16 22:47:20 UTC (rev 4484) +++ branches/STABLE-BRANCH-1-4/g10/packet.h 2007-04-17 04:00:38 UTC (rev 4485) @@ -1,6 +1,6 @@ /* packet.h - packet definitions - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -423,6 +423,7 @@ }; /*-- mainproc.c --*/ +void reset_literals_seen(void); int proc_packets( void *ctx, IOBUF a ); int proc_signature_packets( void *ctx, IOBUF a, STRLIST signedfiles, const char *sigfile ); Modified: branches/STABLE-BRANCH-1-4/g10/verify.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/verify.c 2007-04-16 22:47:20 UTC (rev 4484) +++ branches/STABLE-BRANCH-1-4/g10/verify.c 2007-04-17 04:00:38 UTC (rev 4485) @@ -1,5 +1,6 @@ /* verify.c - verify signed data - * Copyright (C) 1998, 1999, 2000, 2001, 2004 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -169,6 +170,7 @@ rc = proc_signature_packets( NULL, fp, NULL, name ); iobuf_close(fp); write_status( STATUS_FILE_DONE ); + reset_literals_seen(); return rc; } From cvs at cvs.gnupg.org Wed Apr 18 15:03:37 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 18 Apr 2007 15:03:37 +0200 Subject: [svn] GnuPG - r4486 - trunk/sm Message-ID: Author: wk Date: 2007-04-18 15:03:35 +0200 (Wed, 18 Apr 2007) New Revision: 4486 Modified: trunk/sm/ChangeLog trunk/sm/certcheck.c Log: sm/ * certcheck.c (do_encode_md): Support 160 bit ECDSA. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2007-04-17 04:00:38 UTC (rev 4485) +++ trunk/sm/ChangeLog 2007-04-18 13:03:35 UTC (rev 4486) @@ -1,3 +1,7 @@ +2007-04-18 Werner Koch + + * certcheck.c (do_encode_md): Support 160 bit ECDSA. + 2007-04-13 Werner Koch * call-agent.c (start_agent): Don't use log_error when using the Modified: trunk/sm/certcheck.c =================================================================== --- trunk/sm/certcheck.c 2007-04-17 04:00:38 UTC (rev 4485) +++ trunk/sm/certcheck.c 2007-04-18 13:03:35 UTC (rev 4486) @@ -44,7 +44,7 @@ size_t nframe; unsigned char *frame; - if (pkalgo == GCRY_PK_DSA) + if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA) { nframe = gcry_md_get_algo_dlen (algo); if (nframe != 20) @@ -143,6 +143,12 @@ algo = GCRY_PK_RSA; else if (n==3 && !memcmp (name, "dsa", 3)) algo = GCRY_PK_DSA; + else if (n==5 && !memcmp (name, "ecdsa", 5)) + algo = GCRY_PK_ECDSA; + /* Because this function is called only for verification we can + assume that ECC actually means ECDSA. */ + else if (n==3 && !memcmp (name, "ecc", 3)) + algo = GCRY_PK_ECDSA; else if (n==13 && !memcmp (name, "ambiguous-rsa", 13)) algo = GCRY_PK_RSA; else From cvs at cvs.gnupg.org Wed Apr 18 15:00:58 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 18 Apr 2007 15:00:58 +0200 Subject: [svn] ksba - r269 - trunk Message-ID: Author: wk Date: 2007-04-18 15:00:58 +0200 (Wed, 18 Apr 2007) New Revision: 269 Modified: trunk/NEWS Log: Add an OID for ECC to the sig oid table. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-04-06 12:58:07 UTC (rev 268) +++ trunk/NEWS 2007-04-18 13:00:58 UTC (rev 269) @@ -5,7 +5,9 @@ * Fixed a couple of memory leaks. + * Experimental support for ECDSA. + Noteworthy changes in version 1.0.1 (2006-11-29) ------------------------------------------------ From cvs at cvs.gnupg.org Wed Apr 18 14:59:02 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 18 Apr 2007 14:59:02 +0200 Subject: [svn] gcry - r1233 - in trunk: . cipher doc src Message-ID: Author: wk Date: 2007-04-18 14:59:00 +0200 (Wed, 18 Apr 2007) New Revision: 1233 Modified: trunk/ChangeLog trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/ecc.c trunk/cipher/pubkey.c trunk/doc/gcrypt.texi trunk/src/ChangeLog trunk/src/cipher.h trunk/src/g10lib.h trunk/src/gcrypt.h.in trunk/src/libgcrypt.vers trunk/src/sexp.c Log: Enhanced support for ECDSA. Along with the latest libksba it is now possible for gpgsm to import an ECC certificate. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/ChangeLog 2007-04-18 12:59:00 UTC (rev 1233) @@ -1,6 +1,6 @@ 2007-04-16 Werner Koch - * configure.ac: Cehck for sysconf. + * configure.ac: Check for sysconf. * acinclude.m4 (GNUPG_CHECK_MLOCK): Try to use sysconf to get the page size and use getpagesize only then if available. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/NEWS 2007-04-18 12:59:00 UTC (rev 1233) @@ -49,6 +49,7 @@ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_fast_random_poll NEW gcry_md_debug NEW + gcry_sexp_nth_string NEW GCRYCTL_FAKED_RANDOM_P NEW GCRY_MD_SHA224 NEW GCRY_PK_USAGE_CERT NEW Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/cipher/ChangeLog 2007-04-18 12:59:00 UTC (rev 1233) @@ -1,3 +1,13 @@ +2007-04-18 Werner Koch + + * ecc.c (generate_curve): Implement alias mechanism. + + * pubkey.c (sexp_elements_extract_ecc): New. + (sexp_to_key): Add special case for ecc. + (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_genkey): Replace + name_terminated stuff by a call to _gcry_sexp_nth_string. + (gcry_pk_get_keygrip): Ditto. + 2007-04-16 Werner Koch * ecc.c (_gcry_ecc_generate): Renamed DUMMY to CURVE and use it. Modified: trunk/cipher/ecc.c =================================================================== --- trunk/cipher/ecc.c 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/cipher/ecc.c 2007-04-18 12:59:00 UTC (rev 1233) @@ -363,13 +363,28 @@ generate_curve (unsigned int nbits, const char *name, elliptic_curve_t *curve, unsigned int *r_nbits) { - int idx; + int idx, aliasno; if (name) { + /* First check nor native curves. */ for (idx = 0; domain_parms[idx].desc; idx++) if (!strcmp (name, domain_parms[idx].desc)) break; + /* If not found consult the alias table. */ + if (!domain_parms[idx].desc) + { + for (aliasno = 0; curve_aliases[aliasno].name; aliasno++) + if (!strcmp (name, curve_aliases[aliasno].other)) + break; + if (curve_aliases[aliasno].name) + { + for (idx = 0; domain_parms[idx].desc; idx++) + if (!strcmp (curve_aliases[aliasno].name, + domain_parms[idx].desc)) + break; + } + } } else { @@ -888,7 +903,38 @@ return 0; } +/* Return the parameters of the curve NAME. */ +gcry_err_code_t +_gcry_ecc_get_param (const char *name, gcry_mpi_t *pkey) +{ + gpg_err_code_t err; + unsigned int nbits; + elliptic_curve_t E; + mpi_ec_t ctx; + gcry_mpi_t g_x, g_y; + + err = generate_curve (0, name, &E, &nbits); + if (err) + return err; + g_x = mpi_new (0); + g_y = mpi_new (0); + ctx = _gcry_mpi_ec_init (E.p, E.a); + if (_gcry_mpi_ec_get_affine (g_x, g_y, &E.G, ctx)) + log_fatal ("ecc get param: Failed to get affine coordinates\n"); + _gcry_mpi_ec_free (ctx); + point_free (&E.G); + + pkey[0] = E.p; + pkey[1] = E.a; + pkey[2] = E.b; + pkey[3] = ec2os (g_x, g_y, E.p); + pkey[4] = E.n; + pkey[5] = NULL; + + return 0; +} + static gcry_err_code_t ecc_generate (int algo, unsigned int nbits, unsigned long dummy, gcry_mpi_t *skey, gcry_mpi_t **retfactors) @@ -1047,6 +1093,7 @@ static const char *ecdsa_names[] = { "ecdsa", + "ecc", NULL, }; Modified: trunk/cipher/pubkey.c =================================================================== --- trunk/cipher/pubkey.c 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/cipher/pubkey.c 2007-04-18 12:59:00 UTC (rev 1233) @@ -1,6 +1,6 @@ /* pubkey.c - pubkey dispatcher * Copyright (C) 1998, 1999, 2000, 2002, 2003, - * 2005 Free Software Foundation, Inc. + * 2005, 2007 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -781,6 +781,91 @@ return err; } +/* Internal function used for ecc. Note, that this function makes use + of its intimate knowledge about the ECC parameters from ecc.c. */ +static gcry_err_code_t +sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, + gcry_mpi_t *elements) +{ + gcry_err_code_t err = 0; + int idx; + const char *name; + gcry_sexp_t list; + + /* Clear the array for easir error cleanup. */ + for (name = element_names, idx = 0; *name; name++, idx++) + elements[idx] = NULL; + assert (idx >= 6); /* We know that ECC has at least 6 elements. */ + + /* Init the array with the available curve parameters. */ + for (name = element_names, idx = 0; *name && !err; name++, idx++) + { + list = gcry_sexp_find_token (key_sexp, name, 1); + if (!list) + elements[idx] = NULL; + else + { + elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (list); + if (!elements[idx]) + { + err = GPG_ERR_INV_OBJ; + goto leave; + } + } + } + + /* Check whether a curve parameter has been given and then fill any + missing elements. */ + list = gcry_sexp_find_token (key_sexp, "curve", 5); + if (list) + { + char *curve; + gcry_mpi_t params[6]; + + for (idx = 0; idx < DIM(params); idx++) + params[idx] = NULL; + + curve = _gcry_sexp_nth_string (list, 1); + if (!curve) + { + err = GPG_ERR_INV_OBJ; /* No curve name given (or out of core). */ + goto leave; + } + err = _gcry_ecc_get_param (curve, params); + gcry_free (curve); + if (err) + goto leave; + + for (idx = 0; idx < DIM(params); idx++) + { + if (!elements[idx]) + elements[idx] = params[idx]; + else + mpi_free (params[idx]); + } + } + + /* Check that all parameters are known. */ + for (name = element_names, idx = 0; *name; name++, idx++) + if (!elements[idx]) + { + err = GPG_ERR_NO_OBJ; + goto leave; + } + + leave: + if (err) + { + for (name = element_names, idx = 0; *name; name++, idx++) + if (elements[idx]) + gcry_free (elements[idx]); + } + return err; +} + + + /**************** * Convert a S-Exp with either a private or a public key to our * internal format. Currently we do only support the following @@ -791,6 +876,7 @@ * openpgp-rsa * openpgp-elg * openpgp-elg-sig + * ecdsa * Provide a SE with the first element be either "private-key" or * or "public-key". It is followed by a list with its first element * be one of the above algorithm identifiers and the remaning @@ -818,186 +904,169 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray, gcry_module_t *retalgo) { - gcry_sexp_t list, l2; - const char *name; - size_t n; - const char *elems; - gcry_mpi_t *array; - gcry_err_code_t err = GPG_ERR_NO_ERROR; - gcry_module_t module; - gcry_pk_spec_t *pubkey; + gcry_err_code_t err = 0; + gcry_sexp_t list, l2; + char *name; + const char *elems; + gcry_mpi_t *array; + gcry_module_t module; + gcry_pk_spec_t *pubkey; + int is_ecc; - /* check that the first element is valid */ - list = gcry_sexp_find_token( sexp, want_private? "private-key" - :"public-key", 0 ); - if( !list ) - return GPG_ERR_INV_OBJ; /* Does not contain a public- - or private-key object */ - l2 = gcry_sexp_cadr( list ); - gcry_sexp_release ( list ); - list = l2; - name = gcry_sexp_nth_data( list, 0, &n ); - if( !name ) { - gcry_sexp_release ( list ); - return GPG_ERR_INV_OBJ; /* invalid structure of object */ + /* Check that the first element is valid. */ + list = gcry_sexp_find_token (sexp, + want_private? "private-key":"public-key", 0); + if (!list) + return GPG_ERR_INV_OBJ; /* Does not contain a key object. */ + + l2 = gcry_sexp_cadr( list ); + gcry_sexp_release ( list ); + list = l2; + name = _gcry_sexp_nth_string (list, 0); + if (!name) + { + gcry_sexp_release ( list ); + return GPG_ERR_INV_OBJ; /* Invalid structure of object. */ } + ath_mutex_lock (&pubkeys_registered_lock); + module = gcry_pk_lookup_name (name); + ath_mutex_unlock (&pubkeys_registered_lock); + + /* Fixme: We should make sure that an ECC key is always named "ecc" + and not "ecdsa". "ecdsa" should be used for the signature + itself. We need a function to test whether an algorithm given + with a key is compatible with an application of the key (signing, + encryption). For RSA this is easy, but ECC is the first + algorithm which has many flavours. */ + is_ecc = ( !strcmp (name, "ecdsa") || !strcmp (name, "ecc") ); + + if (!module) { - char *name_terminated; + gcry_sexp_release (list); + return GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ + } + else + pubkey = (gcry_pk_spec_t *) module->spec; - name_terminated = gcry_malloc (n + 1); - if (!name_terminated) - { - err = gpg_err_code_from_errno (errno); - gcry_sexp_release (list); - return err; - } - memcpy (name_terminated, name, n); - name_terminated[n] = 0; + elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey; + array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); + if (!array) + err = gpg_err_code_from_errno (errno); + if (!err) + { + if (is_ecc) + err = sexp_elements_extract_ecc (list, elems, array); + else + err = sexp_elements_extract (list, elems, array); + } + + gcry_sexp_release (list); + + if (err) + { + gcry_free (array); ath_mutex_lock (&pubkeys_registered_lock); - module = gcry_pk_lookup_name (name_terminated); + _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); - - gcry_free (name_terminated); } + else + { + *retarray = array; + *retalgo = module; + } + + return err; +} - if (! module) - { - gcry_sexp_release (list); - return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */ - } - else - pubkey = (gcry_pk_spec_t *) module->spec; - elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey; - array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); - if (! array) - err = gpg_err_code_from_errno (errno); - if (! err) - err = sexp_elements_extract (list, elems, array); - - if (list) - gcry_sexp_release (list); - - if (err) - { - if (array) - gcry_free (array); - - ath_mutex_lock (&pubkeys_registered_lock); - _gcry_module_release (module); - ath_mutex_unlock (&pubkeys_registered_lock); - } - else - { - *retarray = array; - *retalgo = module; - } - - return err; -} - static gcry_err_code_t sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo) { - gcry_sexp_t list, l2; - const char *name; - size_t n; - const char *elems; - gcry_mpi_t *array; - gcry_err_code_t err = GPG_ERR_NO_ERROR; - gcry_module_t module; - gcry_pk_spec_t *pubkey; + gcry_err_code_t err = 0; + gcry_sexp_t list, l2; + char *name; + const char *elems; + gcry_mpi_t *array; + gcry_module_t module; + gcry_pk_spec_t *pubkey; + + /* Check that the first element is valid. */ + list = gcry_sexp_find_token( sexp, "sig-val" , 0 ); + if (!list) + return GPG_ERR_INV_OBJ; /* Does not contain a signature value object. */ - /* check that the first element is valid */ - list = gcry_sexp_find_token( sexp, "sig-val" , 0 ); - if( !list ) - return GPG_ERR_INV_OBJ; /* Does not contain a signature value object */ - l2 = gcry_sexp_nth (list, 1); - if(! l2) - { - gcry_sexp_release (list); - return GPG_ERR_NO_OBJ; /* no cadr for the sig object */ - } - name = gcry_sexp_nth_data( l2, 0, &n ); - if( !name ) { - gcry_sexp_release ( list ); - gcry_sexp_release ( l2 ); - return GPG_ERR_INV_OBJ; /* invalid structure of object */ + l2 = gcry_sexp_nth (list, 1); + if (!l2) + { + gcry_sexp_release (list); + return GPG_ERR_NO_OBJ; /* No cadr for the sig object. */ } - else if (n == 5 && (! memcmp (name, "flags", 5))) { - /* Skip flags, since they are not used but just here for the + name = _gcry_sexp_nth_string (l2, 0); + if (!name) + { + gcry_sexp_release (list); + gcry_sexp_release (l2); + return GPG_ERR_INV_OBJ; /* Invalid structure of object. */ + } + else if (!strcmp (name, "flags")) + { + /* Skip flags, since they are not used but here just for the sake of consistent S-expressions. */ + gcry_free (name); gcry_sexp_release (l2); l2 = gcry_sexp_nth (list, 2); - if (! l2) + if (!l2) { gcry_sexp_release (list); return GPG_ERR_INV_OBJ; } - name = gcry_sexp_nth_data (l2, 0, &n); + name = _gcry_sexp_nth_string (l2, 0); } + ath_mutex_lock (&pubkeys_registered_lock); + module = gcry_pk_lookup_name (name); + ath_mutex_unlock (&pubkeys_registered_lock); + gcry_free (name); + name = NULL; + + if (!module) { - char *name_terminated; - - name_terminated = gcry_malloc (n + 1); - if (!name_terminated) - { - err = gcry_err_code_from_errno (errno); - gcry_sexp_release (l2); - gcry_sexp_release (list); - return err; - } - - memcpy (name_terminated, name, n); - name_terminated[n] = 0; - - ath_mutex_lock (&pubkeys_registered_lock); - module = gcry_pk_lookup_name (name_terminated); - ath_mutex_unlock (&pubkeys_registered_lock); - - gcry_free (name_terminated); + gcry_sexp_release (l2); + gcry_sexp_release (list); + return GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ } + else + pubkey = (gcry_pk_spec_t *) module->spec; - if (! module) - { - gcry_sexp_release (l2); - gcry_sexp_release (list); - return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */ - } - else - pubkey = (gcry_pk_spec_t *) module->spec; + elems = pubkey->elements_sig; + array = gcry_calloc (strlen (elems) + 1 , sizeof *array ); + if (!array) + err = gpg_err_code_from_errno (errno); - elems = pubkey->elements_sig; - array = gcry_calloc (strlen (elems) + 1 , sizeof (*array)); - if (! array) - err = gpg_err_code_from_errno (errno); + if (!err) + err = sexp_elements_extract (list, elems, array); - if (! err) - err = sexp_elements_extract (list, elems, array); + gcry_sexp_release (l2); + gcry_sexp_release (list); - gcry_sexp_release (l2); - gcry_sexp_release (list); - - if (err) - { - ath_mutex_lock (&pubkeys_registered_lock); - _gcry_module_release (module); - ath_mutex_unlock (&pubkeys_registered_lock); - - if (array) - gcry_free (array); - } - else - { - *retarray = array; - *retalgo = module; - } - - return err; + if (err) + { + ath_mutex_lock (&pubkeys_registered_lock); + _gcry_module_release (module); + ath_mutex_unlock (&pubkeys_registered_lock); + + gcry_free (array); + } + else + { + *retarray = array; + *retalgo = module; + } + + return err; } @@ -1017,45 +1086,45 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, int *ret_modern, int *ret_want_pkcs1, int *flags) { + gcry_err_code_t err = 0; gcry_sexp_t list = NULL, l2 = NULL; gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; - const char *name; + char *name = NULL; size_t n; int parsed_flags = 0; const char *elems; gcry_mpi_t *array = NULL; - gcry_err_code_t err = GPG_ERR_NO_ERROR; *ret_want_pkcs1 = 0; *ret_modern = 0; - /* check that the first element is valid */ + /* Check that the first element is valid. */ list = gcry_sexp_find_token (sexp, "enc-val" , 0); - if (! list) + if (!list) { - err = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object */ + err = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object. */ goto leave; } l2 = gcry_sexp_nth (list, 1); - if (! l2) + if (!l2) { - err = GPG_ERR_NO_OBJ; /* no cdr for the data object */ + err = GPG_ERR_NO_OBJ; /* No cdr for the data object. */ goto leave; } /* Extract identifier of sublist. */ - name = gcry_sexp_nth_data (l2, 0, &n); - if (! name) + name = _gcry_sexp_nth_string (l2, 0); + if (!name) { - err = GPG_ERR_INV_OBJ; /* invalid structure of object */ + err = GPG_ERR_INV_OBJ; /* Invalid structure of object. */ goto leave; } - if ((n == 5) && (! memcmp (name, "flags", 5))) + if (!strcmp (name, "flags")) { - /* There is a flags element - process it */ + /* There is a flags element - process it. */ const char *s; int i; @@ -1064,10 +1133,10 @@ { s = gcry_sexp_nth_data (l2, i, &n); if (! s) - ; /* not a data element - ignore */ - else if (n == 3 && ! memcmp (s, "raw", 3)) - ; /* just a dummy because it is the default */ - else if (n == 5 && ! memcmp (s, "pkcs1", 5)) + ; /* Not a data element - ignore. */ + else if (n == 3 && !memcmp (s, "raw", 3)) + ; /* This is just a dummy as it is the default. */ + else if (n == 5 && !memcmp (s, "pkcs1", 5)) *ret_want_pkcs1 = 1; else if (n == 11 && ! memcmp (s, "no-blinding", 11)) parsed_flags |= PUBKEY_FLAG_NO_BLINDING; @@ -1078,20 +1147,21 @@ } } - /* Get the next which has the actual data */ + /* Get the next which has the actual data. */ gcry_sexp_release (l2); l2 = gcry_sexp_nth (list, 2); - if (! l2) + if (!l2) { - err = GPG_ERR_NO_OBJ; /* no cdr for the data object */ + err = GPG_ERR_NO_OBJ; /* No cdr for the data object. */ goto leave; } /* Extract sublist identifier. */ - name = gcry_sexp_nth_data (l2, 0, &n); - if (! name) + gcry_free (name); + name = _gcry_sexp_nth_string (l2, 0); + if (!name) { - err = GPG_ERR_INV_OBJ; /* invalid structure of object */ + err = GPG_ERR_INV_OBJ; /* Invalid structure of object. */ goto leave; } @@ -1100,35 +1170,20 @@ l2 = NULL; } - { - char *name_terminated; + ath_mutex_lock (&pubkeys_registered_lock); + module = gcry_pk_lookup_name (name); + ath_mutex_unlock (&pubkeys_registered_lock); + + if (!module) + { + err = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ + goto leave; + } + pubkey = (gcry_pk_spec_t *) module->spec; - name_terminated = gcry_malloc (n + 1); - if (!name_terminated) - { - err = gcry_err_code_from_errno (errno); - goto leave; - } - memcpy (name_terminated, name, n); - name_terminated[n] = 0; - - ath_mutex_lock (&pubkeys_registered_lock); - module = gcry_pk_lookup_name (name_terminated); - ath_mutex_unlock (&pubkeys_registered_lock); - - gcry_free (name_terminated); - - if (! module) - { - err = GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */ - goto leave; - } - pubkey = (gcry_pk_spec_t *) module->spec; - } - elems = pubkey->elements_enc; array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); - if (! array) + if (!array) { err = gpg_err_code_from_errno (errno); goto leave; @@ -1137,18 +1192,16 @@ err = sexp_elements_extract (list, elems, array); leave: - if (list) - gcry_sexp_release (list); - if (l2) - gcry_sexp_release (l2); + gcry_sexp_release (list); + gcry_sexp_release (l2); + gcry_free (name); if (err) { ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); - if (array) - gcry_free (array); + gcry_free (array); } else { @@ -1820,6 +1873,9 @@ if (rc) goto leave; + /* Fixme: Check that the algorithm of S_SIG is compatible to the one + of S_PKEY. */ + if (module_key->mod_id != module_sig->mod_id) { rc = GPG_ERR_CONFLICT; @@ -1929,7 +1985,7 @@ gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; gcry_sexp_t list = NULL, l2 = NULL; - const char *name; + char *name = NULL; size_t n; gcry_err_code_t rc = GPG_ERR_NO_ERROR; int i; @@ -1941,7 +1997,6 @@ unsigned long use_e = 0; unsigned int qbits; gcry_mpi_t xvalue = NULL; - char *name_terminated; char *curve = NULL; REGISTER_DEFAULT_PUBKEYS; @@ -1966,29 +2021,21 @@ goto leave; } - name = gcry_sexp_nth_data (list, 0, &n); - if (! name) + name = _gcry_sexp_nth_string (list, 0); + if (!name) { - rc = GPG_ERR_INV_OBJ; /* Algo string missing. */ + rc = GPG_ERR_INV_OBJ; /* Algo string missing. */ goto leave; } - - name_terminated = gcry_malloc (n + 1); - if (!name_terminated) - { - rc = gpg_err_code_from_errno (errno); - goto leave; - } - memcpy (name_terminated, name, n); - name_terminated[n] = 0; + ath_mutex_lock (&pubkeys_registered_lock); - module = gcry_pk_lookup_name (name_terminated); + module = gcry_pk_lookup_name (name); ath_mutex_unlock (&pubkeys_registered_lock); - gcry_free (name_terminated); - - if (! module) + gcry_free (name); + name = NULL; + if (!module) { - rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ + rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ goto leave; } @@ -2007,14 +2054,15 @@ if (l2) { char buf[50]; + const char *s; - name = gcry_sexp_nth_data (l2, 1, &n); - if ((! name) || (n >= DIM (buf) - 1)) + s = gcry_sexp_nth_data (l2, 1, &n); + if ( !s || n >= DIM (buf) - 1 ) { - rc = GPG_ERR_INV_OBJ; /* No value or value too large. */ + rc = GPG_ERR_INV_OBJ; /* No value or value too large. */ goto leave; } - memcpy (buf, name, n); + memcpy (buf, s, n); buf[n] = 0; use_e = strtoul (buf, NULL, 0); gcry_sexp_release (l2); @@ -2028,14 +2076,15 @@ if (l2) { char buf[50]; + const char *s; - name = gcry_sexp_nth_data (l2, 1, &n); - if ((! name) || (n >= DIM (buf) - 1)) + s = gcry_sexp_nth_data (l2, 1, &n); + if (!s || n >= DIM (buf) - 1 ) { - rc = GPG_ERR_INV_OBJ; /* No value or value too large. */ + rc = GPG_ERR_INV_OBJ; /* No value or value too large. */ goto leave; } - memcpy (buf, name, n); + memcpy (buf, s, n); buf[n] = 0; qbits = (unsigned int)strtoul (buf, NULL, 0); gcry_sexp_release (l2); @@ -2060,20 +2109,12 @@ l2 = gcry_sexp_find_token (list, "curve", 0); if (l2) { - name = gcry_sexp_nth_data (l2, 1, &n); - if (!name || n < 1) - { - rc = GPG_ERR_INV_OBJ; /* No name or or value too large. */ - goto leave; - } - curve = gcry_malloc (n+1); + curve = _gcry_sexp_nth_string (l2, 1); if (!curve) { - rc = gpg_err_code_from_syserror (); + rc = GPG_ERR_INV_OBJ; /* No curve name or value too large. */ goto leave; } - memcpy (curve, name, n); - curve[n] = 0; gcry_sexp_release (l2); l2 = NULL; } @@ -2092,23 +2133,18 @@ } if (list) { - name = gcry_sexp_nth_data (list, 1, &n); - if (! name) + char buf[50]; + const char *s; + + s = gcry_sexp_nth_data (list, 1, &n); + if (!s || n >= DIM (buf) - 1 ) { - rc = GPG_ERR_INV_OBJ; /* nbits without a cdr. */ + rc = GPG_ERR_INV_OBJ; /* NBITS given without a cdr. */ goto leave; } - - name_terminated = gcry_malloc (n + 1); - if (!name_terminated) - { - rc = gpg_err_code_from_errno (errno); - goto leave; - } - memcpy (name_terminated, name, n); - name_terminated[n] = 0; - nbits = (unsigned int) strtoul (name_terminated, NULL, 0); - gcry_free (name_terminated); + memcpy (buf, s, n); + buf[n] = 0; + nbits = (unsigned int)strtoul (buf, NULL, 0); } else nbits = 0; @@ -2209,6 +2245,7 @@ } leave: + gcry_free (name); gcry_free (curve); release_mpi_array (skey); /* Don't free SKEY itself, it is a static array. */ @@ -2286,8 +2323,8 @@ gcry_sexp_t list = NULL, l2 = NULL; gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; - const char *s, *name; - size_t n; + const char *s; + char *name = NULL; int idx; int is_rsa; const char *elems; @@ -2311,24 +2348,16 @@ list = l2; l2 = NULL; - name = gcry_sexp_nth_data (list, 0, &n); - if (! name) + name = _gcry_sexp_nth_string (list, 0); + if (!name) goto fail; /* Invalid structure of object. */ - { - char *name_terminated = gcry_malloc (n + 1); - if (!name_terminated) - goto fail; - memcpy (name_terminated, name, n); - name_terminated[n] = 0; - ath_mutex_lock (&pubkeys_registered_lock); - module = gcry_pk_lookup_name (name_terminated); - ath_mutex_unlock (&pubkeys_registered_lock); - gcry_free (name_terminated); - } + ath_mutex_lock (&pubkeys_registered_lock); + module = gcry_pk_lookup_name (name); + ath_mutex_unlock (&pubkeys_registered_lock); - if (! module) - goto fail; /* unknown algorithm */ + if (!module) + goto fail; /* Unknown algorithm. */ pubkey = (gcry_pk_spec_t *) module->spec; @@ -2337,7 +2366,7 @@ is_rsa = module->mod_id == GCRY_PK_RSA; elems = pubkey->elements_grip; if (! elems) - goto fail; /* no grip parameter */ + goto fail; /* No grip parameter. */ if (gcry_md_open (&md, GCRY_MD_SHA1, 0)) goto fail; @@ -2385,10 +2414,9 @@ return array; fail: - if (l2) - gcry_sexp_release (l2); - if (md) - gcry_md_close (md); + gcry_free (name); + gcry_sexp_release (l2); + gcry_md_close (md); gcry_sexp_release (list); return NULL; } Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/doc/gcrypt.texi 2007-04-18 12:59:00 UTC (rev 1233) @@ -3634,6 +3634,15 @@ @end example @end deftypefun + at deftypefun char *gcry_sexp_nth_string (@w{gcry_sexp_t @var{list}}, @w{int @var{number}}) + +This function is used to get and convert data from a @var{list}. The +data is assumed to be a Nul terminated string. The caller must +release this returned value using @code{gcry_free}. If there is +no data at the given index, the index represents a list or the value +can't be converted to a string, @code{NULL} is returned. + at end deftypefun + @deftypefun gcry_mpi_t gcry_sexp_nth_mpi (@w{gcry_sexp_t @var{list}}, @w{int @var{number}}, @w{int @var{mpifmt}}) This function is used to get and convert data from a @var{list}. This Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/src/ChangeLog 2007-04-18 12:59:00 UTC (rev 1233) @@ -1,3 +1,12 @@ +2007-04-18 Werner Koch + + * gcrypt.h.in (gcry_sexp_nth_string): New. + + * sexp.c (gcry_sexp_nth_data): Factored code out to ... + (sexp_nth_data): ... new. + (gcry_sexp_nth_string): New. + (gcry_sexp_nth_mpi): Reimplemented in terms of sexp_ntd_data. + 2007-04-16 Werner Koch * secmem.c (init_pool): Use sysconf() if available to determine Modified: trunk/src/cipher.h =================================================================== --- trunk/src/cipher.h 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/src/cipher.h 2007-04-18 12:59:00 UTC (rev 1233) @@ -57,7 +57,9 @@ gcry_err_code_t _gcry_ecc_generate (int algo, unsigned int nbits, const char *curve, gcry_mpi_t *skey, gcry_mpi_t **retfactors); +gcry_err_code_t _gcry_ecc_get_param (const char *name, gcry_mpi_t *pkey); + /*-- primegen.c --*/ void _gcry_register_primegen_progress (gcry_handler_progress_t cb, void *cb_data); Modified: trunk/src/g10lib.h =================================================================== --- trunk/src/g10lib.h 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/src/g10lib.h 2007-04-18 12:59:00 UTC (rev 1233) @@ -243,4 +243,9 @@ #define GCRY_ALLOC_FLAG_SECURE (1 << 0) + +/*-- sexp.c --*/ +char *_gcry_sexp_nth_string (const gcry_sexp_t list, int number); + + #endif /* G10LIB_H */ Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/src/gcrypt.h.in 2007-04-18 12:59:00 UTC (rev 1233) @@ -472,6 +472,13 @@ const char *gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen); +/* This function is used to get and convert data from a LIST. The + data is assumed to be a Nul terminated string. The caller must + release the returned value using `gcry_free'. If there is no data + at the given index, the index represents a list or the value can't + be converted to a string, `NULL' is returned. */ +char *gcry_sexp_nth_string (gcry_sexp_t list, int number); + /* This function is used to get and convert data from a LIST. This data is assumed to be an MPI stored in the format described by MPIFMT and returned as a standard Libgcrypt MPI. The caller must Modified: trunk/src/libgcrypt.vers =================================================================== --- trunk/src/libgcrypt.vers 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/src/libgcrypt.vers 2007-04-18 12:59:00 UTC (rev 1233) @@ -82,6 +82,7 @@ gcry_sexp_new; gcry_sexp_nth; gcry_sexp_nth_data; gcry_sexp_nth_mpi; gcry_sexp_prepend; gcry_sexp_release; gcry_sexp_sprint; gcry_sexp_sscan; gcry_sexp_vlist; + gcry_sexp_nth_string; gcry_mpi_add; gcry_mpi_add_ui; gcry_mpi_addm; gcry_mpi_aprint; gcry_mpi_clear_bit; gcry_mpi_clear_flag; gcry_mpi_clear_highbit; Modified: trunk/src/sexp.c =================================================================== --- trunk/src/sexp.c 2007-04-16 15:09:30 UTC (rev 1232) +++ trunk/src/sexp.c 2007-04-18 12:59:00 UTC (rev 1233) @@ -1,6 +1,6 @@ /* sexp.c - S-Expression handling * Copyright (C) 1999, 2000, 2001, 2002, 2003, - * 2004, 2006 Free Software Foundation, Inc. + * 2004, 2006, 2007 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -582,116 +582,123 @@ return gcry_sexp_nth ( list, 0 ); } -/**************** - * Get data from the car. The returned value is valid as long as the list - * is not modified. - */ -const char * -gcry_sexp_nth_data( const gcry_sexp_t list, int number, size_t *datalen ) + +/* Helper to get data from the car. The returned value is valid as + long as the list is not modified. */ +static const char * +sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen) { - const byte *p; - DATALEN n; - int level = 0; + const byte *p; + DATALEN n; + int level = 0; + + *datalen = 0; + if ( !list ) + return NULL; - *datalen = 0; - if ( !list ) { - return NULL; - } - p = list->d; - if ( *p == ST_OPEN ) - p++; /* yep, a list */ - else if (number ) - return NULL; /* not a list but an n > 0 element requested */ + p = list->d; + if ( *p == ST_OPEN ) + p++; /* Yep, a list. */ + else if (number) + return NULL; /* Not a list but N > 0 requested. */ - /* skip n elements */ - while ( number > 0 ) { - if ( *p == ST_DATA ) { - memcpy ( &n, ++p, sizeof n ); - p += sizeof n + n; - p--; - if ( !level ) - number--; + /* Skip over N elements. */ + while ( number > 0 ) + { + if ( *p == ST_DATA ) + { + memcpy ( &n, ++p, sizeof n ); + p += sizeof n + n; + p--; + if ( !level ) + number--; } - else if ( *p == ST_OPEN ) { - level++; + else if ( *p == ST_OPEN ) + { + level++; } - else if ( *p == ST_CLOSE ) { - level--; - if ( !level ) - number--; + else if ( *p == ST_CLOSE ) + { + level--; + if ( !level ) + number--; } - else if ( *p == ST_STOP ) { - return NULL; + else if ( *p == ST_STOP ) + { + return NULL; } - p++; + p++; } - - if ( *p == ST_DATA ) { - memcpy ( &n, ++p, sizeof n ); - *datalen = n; - return (const char*)p + sizeof n; + /* If this is data, return it. */ + if ( *p == ST_DATA ) + { + memcpy ( &n, ++p, sizeof n ); + *datalen = n; + return (const char*)p + sizeof n; } + + return NULL; +} + +/* Get data from the car. The returned value is valid as long as the + list is not modified. */ +const char * +gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen ) +{ + return sexp_nth_data (list, number, datalen); +} + + +/* Get a string from the car. The returned value is a malloced string + and needs to be freed by the caller. */ +char * +_gcry_sexp_nth_string (const gcry_sexp_t list, int number) +{ + const char *s; + size_t n; + char *buf; + + s = sexp_nth_data (list, number, &n); + if (!s || n < 1 || (n+1) < 1) return NULL; + buf = gcry_malloc (n+1); + if (!buf) + return NULL; + memcpy (buf, s, n); + buf[n] = 0; + return buf; } -/**************** +/* Public version of _gcry_sexp_nth_string. */ +char * +gcry_sexp_nth_string (const gcry_sexp_t list, int number) +{ + return _gcry_sexp_nth_string (list, number); +} + +/* * Get a MPI from the car */ gcry_mpi_t gcry_sexp_nth_mpi( gcry_sexp_t list, int number, int mpifmt ) { - const byte *p; - DATALEN n; - int level = 0; + const char *s; + size_t n; + gcry_mpi_t a; - if ( !list ) - return NULL; - if ( !mpifmt ) - mpifmt = GCRYMPI_FMT_STD; + if ( !mpifmt ) + mpifmt = GCRYMPI_FMT_STD; - p = list->d; - if ( *p == ST_OPEN ) - p++; /* yep, a list */ - else if (number ) - return NULL; /* not a list but an n > 0 element requested */ + s = sexp_nth_data (list, number, &n); + if (!s) + return NULL; - /* skip n elements */ - while ( number > 0 ) { - if ( *p == ST_DATA ) { - memcpy ( &n, ++p, sizeof n ); - p += sizeof n + n; - p--; - if ( !level ) - number--; - } - else if ( *p == ST_OPEN ) { - level++; - } - else if ( *p == ST_CLOSE ) { - level--; - if ( !level ) - number--; - } - else if ( *p == ST_STOP ) { - return NULL; - } - p++; - } + if ( gcry_mpi_scan ( &a, mpifmt, s, n, NULL ) ) + return NULL; - if ( *p == ST_DATA ) { - gcry_mpi_t a; - size_t nbytes; - - memcpy ( &n, ++p, sizeof n ); - p += sizeof n; - nbytes = n; - if( !gcry_mpi_scan( &a, mpifmt, p, n, &nbytes ) ) - return a; - } - - return NULL; + return a; } From cvs at cvs.gnupg.org Wed Apr 18 15:01:13 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 18 Apr 2007 15:01:13 +0200 Subject: [svn] ksba - r270 - trunk/src Message-ID: Author: wk Date: 2007-04-18 15:01:12 +0200 (Wed, 18 Apr 2007) New Revision: 270 Modified: trunk/src/keyinfo.c Log: Add an OID for ECC to the sig oid table. Modified: trunk/src/keyinfo.c =================================================================== --- trunk/src/keyinfo.c 2007-04-18 13:00:58 UTC (rev 269) +++ trunk/src/keyinfo.c 2007-04-18 13:01:12 UTC (rev 270) @@ -99,6 +99,12 @@ "1.2.840.10040.4.3", /* dsaWithSha1 */ "\x2a\x86\x48\xce\x38\x04\x03", 7, 1, 0, "dsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA1 }, + + { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */ + "1.2.840.10045.4.1", /* ecdsa */ + "\x2a\x86\x48\xce\x3d\x04\x01", 7, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA1 }, + { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */ "1.2.840.113549.1.1.1", /* rsaEncryption used without hash algo*/ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01", 9, From cvs at cvs.gnupg.org Fri Apr 20 12:52:31 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 20 Apr 2007 12:52:31 +0200 Subject: [svn] gcry - r1234 - in trunk: cipher doc Message-ID: Author: wk Date: 2007-04-20 12:52:30 +0200 (Fri, 20 Apr 2007) New Revision: 1234 Modified: trunk/cipher/ChangeLog trunk/cipher/ecc.c trunk/cipher/pubkey.c trunk/doc/gcrypt.texi Log: Support more curves. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-04-18 12:59:00 UTC (rev 1233) +++ trunk/cipher/ChangeLog 2007-04-20 10:52:30 UTC (rev 1234) @@ -1,3 +1,7 @@ +2007-04-20 Werner Koch + + * ecc.c (domain_parms): Add standard brainpool curves. + 2007-04-18 Werner Koch * ecc.c (generate_curve): Implement alias mechanism. Modified: trunk/cipher/ecc.c =================================================================== --- trunk/cipher/ecc.c 2007-04-18 12:59:00 UTC (rev 1233) +++ trunk/cipher/ecc.c 2007-04-20 10:52:30 UTC (rev 1234) @@ -98,15 +98,26 @@ { "NIST P-192", "secp192r1" }, /* SECP name. */ { "NIST P-224", "secp224r1" }, + { "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */ { "NIST P-256", "1.2.840.10045.3.1.7" }, { "NIST P-256", "prime256v1" }, { "NIST P-256", "secp256r1" }, { "NIST P-384", "secp384r1" }, + { "NIST P-384", "1.3.132.0.34" }, { "NIST P-521", "secp521r1" }, + { "NIST P-521", "1.3.132.0.35" }, + { "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" }, + { "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" }, + { "brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5" }, + { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7" }, + { "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9" }, + { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"}, + { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"}, + { NULL, NULL} }; @@ -123,16 +134,6 @@ const char *g_x, *g_y; /* Base point. */ } domain_parms[] = { - { "secp160r1", 160, - "0x", - "0x", - "0x", - "0x", - - "0x", - "0x" - }, - { "NIST P-192", 192, "0xfffffffffffffffffffffffffffffffeffffffffffffffff", @@ -195,6 +196,88 @@ "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6" "62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650" }, + + { "brainpoolP160r1", 160, + "0xe95e4a5f737059dc60dfc7ad95b3d8139515620f", + "0x340e7be2a280eb74e2be61bada745d97e8f7c300", + "0x1e589a8595423412134faa2dbdec95c8d8675e58", + "0xe95e4a5f737059dc60df5991d45029409e60fc09", + "0xbed5af16ea3f6a4f62938c4631eb5af7bdbcdbc3", + "0x1667cb477a1a8ec338f94741669c976316da6321" + }, + + { "brainpoolP192r1", 192, + "0xc302f41d932a36cda7a3463093d18db78fce476de1a86297", + "0x6a91174076b1e0e19c39c031fe8685c1cae040e5c69a28ef", + "0x469a28ef7c28cca3dc721d044f4496bcca7ef4146fbf25c9", + "0xc302f41d932a36cda7a3462f9e9e916b5be8f1029ac4acc1", + "0xc0a0647eaab6a48753b033c56cb0f0900a2f5c4853375fd6", + "0x14b690866abd5bb88b5f4828c1490002e6773fa2fa299b8f" + }, + + { "brainpoolP224r1", 224, + "0xd7c134aa264366862a18302575d1d787b09f075797da89f57ec8c0ff", + "0x68a5e62ca9ce6c1c299803a6c1530b514e182ad8b0042a59cad29f43", + "0x2580f63ccfe44138870713b1a92369e33e2135d266dbb372386c400b", + "0xd7c134aa264366862a18302575d0fb98d116bc4b6ddebca3a5a7939f", + "0x0d9029ad2c7e5cf4340823b2a87dc68c9e4ce3174c1e6efdee12c07d", + "0x58aa56f772c0726f24c6b89e4ecdac24354b9e99caa3f6d3761402cd" + }, + + { "brainpoolP256r1", 256, + "0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377", + "0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9", + "0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6", + "0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7", + "0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262", + "0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997" + }, + + { "brainpoolP320r1", 320, + "0xd35e472036bc4fb7e13c785ed201e065f98fcfa6f6f40def4f92b9ec7893ec28" + "fcd412b1f1b32e27", + "0x3ee30b568fbab0f883ccebd46d3f3bb8a2a73513f5eb79da66190eb085ffa9f4" + "92f375a97d860eb4", + "0x520883949dfdbc42d3ad198640688a6fe13f41349554b49acc31dccd88453981" + "6f5eb4ac8fb1f1a6", + "0xd35e472036bc4fb7e13c785ed201e065f98fcfa5b68f12a32d482ec7ee8658e9" + "8691555b44c59311", + "0x43bd7e9afb53d8b85289bcc48ee5bfe6f20137d10a087eb6e7871e2a10a599c7" + "10af8d0d39e20611", + "0x14fdd05545ec1cc8ab4093247f77275e0743ffed117182eaa9c77877aaac6ac7" + "d35245d1692e8ee1" + }, + + { "brainpoolP384r1", 384, + "0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123" + "acd3a729901d1a71874700133107ec53", + "0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f" + "8aa5814a503ad4eb04a8c7dd22ce2826", + "0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d5" + "7cb4390295dbc9943ab78696fa504c11", + "0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7" + "cf3ab6af6b7fc3103b883202e9046565", + "0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8" + "e826e03436d646aaef87b2e247d4af1e", + "0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff9912928" + "0e4646217791811142820341263c5315" + }, + + { "brainpoolP512r1", 512, + "0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330871" + "7d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3", + "0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc" + "2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca", + "0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a7" + "2bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723", + "0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870" + "553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069", + "0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098e" + "ff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822", + "0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111" + "b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892" + }, + { NULL, 0, NULL, NULL, NULL, NULL } }; Modified: trunk/cipher/pubkey.c =================================================================== --- trunk/cipher/pubkey.c 2007-04-18 12:59:00 UTC (rev 1233) +++ trunk/cipher/pubkey.c 2007-04-20 10:52:30 UTC (rev 1234) @@ -2278,7 +2278,7 @@ Get the number of nbits from the public key. Hmmm: Should we have really this function or is it better to have a - more general function to retrieve different propoerties of the key? */ + more general function to retrieve different properties of the key? */ unsigned int gcry_pk_get_nbits (gcry_sexp_t key) { Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2007-04-18 12:59:00 UTC (rev 1233) +++ trunk/doc/gcrypt.texi 2007-04-20 10:52:30 UTC (rev 1234) @@ -2137,7 +2137,7 @@ @end table @noindent -To describe how Libgcrypt expect keys, we use some examples. Note that +To describe how Libgcrypt expect keys, we use examples. Note that words in @ifnottex uppercase @@ -2147,8 +2147,70 @@ @end iftex indicate parameters whereas lowercase words are literals. +Note that all MPI (big integer) values are expected to be in + at code{GCRYMPI_FMT_USG} format. An easy way to create S-expressions is +by using @code{gcry_sexp_build} which allows to pass a string with +printf-like escapes to insert MPI values. + + at menu +* RSA key parameters:: Parameters used with an RSA key. +* DSA key parameters:: Parameters used with a DSA key. +* ECC key parameters:: Parameters used with ECC keys. + at end menu + + at node RSA key parameters + at subsection RSA key parameters + + at noindent +An RSA private key is described by this S-expression: + @example (private-key + (rsa + (n @var{n-mpi}) + (e @var{e-mpi}) + (d @var{d-mpi}) + (p @var{p-mpi}) + (q @var{q-mpi}) + (u @var{u-mpi}))) + at end example + + at noindent +An RSA public key is described by this S-expression: + + at example +(public-key + (rsa + (n @var{n-mpi}) + (e @var{e-mpi}))) + at end example + + + at table @var + at item n-mpi +RSA public modulus @math{n}. + at item e-mpi +RSA public exponent @math{e}. + at item d-mpi +RSA secret exponent @math{d = e^{-1} \bmod (p-1)(q-1)}. + at item p-mpi +RSA secret prime @math{p}. + at item q-mpi +RSA secret prime @math{q} with @math{q > p}. + at item u-mpi +multiplicative inverse @math{u = p^{-1} \bmod q}. + at end table + + + + at node DSA key parameters + at subsection DSA key parameters + + at noindent +A DSA private key is described by this S-expression: + + at example +(private-key (dsa (p @var{p-mpi}) (q @var{q-mpi}) @@ -2157,9 +2219,6 @@ (x @var{x-mpi}))) @end example - at noindent -This specifies a DSA private key with the following parameters: - @table @var @item p-mpi DSA prime @math{p}. @@ -2173,46 +2232,98 @@ DSA secret exponent x. @end table -All the MPI values are expected to be in @code{GCRYMPI_FMT_USG} format. The public key is similar with "private-key" replaced by "public-key" and no @var{x-mpi}. -An easy way to create such an S-expressions is by using - at code{gcry_sexp_build} which allows to pass a string with printf-like -escapes to insert MPI values. + at node ECC key parameters + at subsection ECC key parameters + @noindent -Here is an example for an RSA key: +An ECC private key is described by this S-expression: @example (private-key - (rsa + (ecc + (p @var{p-mpi}) + (a @var{a-mpi}) + (b @var{b-mpi}) + (g @var{g-point}) (n @var{n-mpi}) - (e @var{e-mpi}) - (d @var{d-mpi}) - (p @var{p-mpi}) - (q @var{q-mpi}) - (u @var{u-mpi}) + (q @var{q-point}) + (d @var{d-mpi}))) @end example - at noindent -with - @table @var + at item p-mpi +Prime specifying the field @math{GF(p)}. + at item a-mpi + at itemx b-mpi +The two coefficients of the Weierstrass equation @math{y^2 = x^3 + ax + b} + at item g-point +Base point @math{g}. @item n-mpi -RSA public modulus @math{n}. - at item e-mpi -RSA public exponent @math{e}. +Order of @math{g} + at item q-point +The point representing the public key @math{Q = dP}. @item d-mpi -RSA secret exponent @math{d = e^{-1} \bmod (p-1)(q-1)}. - at item p-mpi -RSA secret prime @math{p}. - at item q-mpi -RSA secret prime @math{q} with @math{q > p}. - at item u-mpi -multiplicative inverse @math{u = p^{-1} \bmod q}. +The private key @math{d} @end table +All point values are encoded in standard format; Libgcrypt does +currently only support uncompressed points, thus the first byte needs to +be @code{0x04}. + +The public key is similar with "private-key" replaced by "public-key" +and no @var{d-mpi}. + +If the domain parameters are well-known, the name of this curve may be +used. For example + + at example +(private-key + (ecc + (curve "NIST P-192") + (q @var{q-point}) + (d @var{d-mpi}))) + at end example + +The @code{curve} parameter may be given in any case and is used to replace +missing parameters. + + at noindent +Currently implemented curves are: + at table @code + at item NIST P-192 + at itemx 1.2.840.10045.3.1.1 + at itemx prime192v1 + at itemx secp192r1 +The NIST 192 bit curve, its OID, X9.62 and SECP aliases. + + at item NIST P-224 + at itemx secp224r1 +The NIST 224 bit curve and its SECP alias. + + at item NIST P-256 + at itemx 1.2.840.10045.3.1.7 + at itemx prime256v1 + at itemx secp256r1 +The NIST 256 bit curve, its OID, X9.62 and SECP aliases. + + at item NIST P-384 + at itemx secp384r1 +The NIST 384 bit curve and its SECP alias. + + at item NIST P-521 + at itemx secp521r1 +The NIST 521 bit curve and its SECP alias. + + at end table +As usual the OIDs may optionally be prefixed with the string @code{OID.} +or @code{oid.}. + + + @node Public key modules @section Public key modules @@ -2729,6 +2840,13 @@ is a string with a number in C-notation. The value should be a multiple of 8. + at item curve @var{name} +For ECC a named curve may be used instead of giving the number of +requested bits. This allows to request a specific curve to override a +default selection Libgcrypt would have taken if @code{nbits} has been +given. The available names are listed with the description of the ECC +public key parameters. + @item rsa-use-e This is only used with RSA to give a hint for the public exponent. The value will be used as a base to test for a usable exponent. Some values @@ -2761,7 +2879,7 @@ Q = 256 @item N = 7680 Q = 384 -w at item N = 15360 + at item N = 15360 Q = 512 @end table Note that in this case only the values for N, as given in the table, From cvs at cvs.gnupg.org Fri Apr 20 12:54:47 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 20 Apr 2007 12:54:47 +0200 Subject: [svn] GnuPG - r4487 - trunk/sm Message-ID: Author: wk Date: 2007-04-20 12:54:46 +0200 (Fri, 20 Apr 2007) New Revision: 4487 Modified: trunk/sm/ChangeLog trunk/sm/certcheck.c Log: * certcheck.c (do_encode_md): Add arg PKEY. Add support for DSA2 and all ECDSA sizes. (get_dsa_qbits): New. (pk_algo_from_sexp): A key will never contain ecdsa as algorithm, so remove that. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2007-04-18 13:03:35 UTC (rev 4486) +++ trunk/sm/ChangeLog 2007-04-20 10:54:46 UTC (rev 4487) @@ -1,3 +1,11 @@ +2007-04-19 Werner Koch + + * certcheck.c (do_encode_md): Add arg PKEY. Add support for DSA2 + and all ECDSA sizes. + (get_dsa_qbits): New. + (pk_algo_from_sexp): A key will never contain ecdsa as algorithm, + so remove that. + 2007-04-18 Werner Koch * certcheck.c (do_encode_md): Support 160 bit ECDSA. Modified: trunk/sm/certcheck.c =================================================================== --- trunk/sm/certcheck.c 2007-04-18 13:03:35 UTC (rev 4486) +++ trunk/sm/certcheck.c 2007-04-20 10:54:46 UTC (rev 4487) @@ -35,10 +35,38 @@ #include "keydb.h" #include "i18n.h" +/* Return the number of bits of the Q parameter from the DSA key + KEY. */ +static unsigned int +get_dsa_qbits (gcry_sexp_t key) +{ + gcry_sexp_t l1, l2; + gcry_mpi_t q; + unsigned int nbits; + l1 = gcry_sexp_find_token (key, "public-key", 0); + if (!l1) + return 0; /* Does not contain a key object. */ + l2 = gcry_sexp_cadr (l1); + gcry_sexp_release (l1); + l1 = gcry_sexp_find_token (l2, "q", 1); + gcry_sexp_release (l2); + if (!l1) + return 0; /* Invalid object. */ + q = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l1); + if (!q) + return 0; /* Missing value. */ + nbits = gcry_mpi_get_nbits (q); + gcry_mpi_release (q); + + return nbits; +} + + static int do_encode_md (gcry_md_hd_t md, int algo, int pkalgo, unsigned int nbits, - gcry_mpi_t *r_val) + gcry_sexp_t pkey, gcry_mpi_t *r_val) { int n; size_t nframe; @@ -46,17 +74,54 @@ if (pkalgo == GCRY_PK_DSA || pkalgo == GCRY_PK_ECDSA) { + unsigned int qbits; + + if ( pkalgo == GCRY_PK_ECDSA ) + qbits = gcry_pk_get_nbits (pkey); + else + qbits = get_dsa_qbits (pkey); + + if ( (qbits%8) ) + { + log_error(_("DSA requires the hash length to be a" + " multiple of 8 bits\n")); + return gpg_error (GPG_ERR_INTERNAL); + } + + /* Don't allow any Q smaller than 160 bits. We don't want + someone to issue signatures from a key with a 16-bit Q or + something like that, which would look correct but allow + trivial forgeries. Yes, I know this rules out using MD5 with + DSA. ;) */ + if (qbits < 160) + { + log_error (_("%s key uses an unsafe (%u bit) hash\n"), + gcry_pk_algo_name (pkalgo), qbits); + return gpg_error (GPG_ERR_INTERNAL); + } + + /* Check if we're too short. Too long is safe as we'll + automatically left-truncate. */ nframe = gcry_md_get_algo_dlen (algo); - if (nframe != 20) + if (nframe < qbits/8) { - log_error (_("DSA requires the use of a 160 bit hash algorithm\n")); - return gpg_error (GPG_ERR_INTERNAL); + log_error (_("a %u bit hash is not valid for a %u bit %s key\n"), + (unsigned int)nframe*8, + gcry_pk_get_nbits (pkey), + gcry_pk_algo_name (pkalgo)); + /* FIXME: we need to check the requirements for ECDSA. */ + if (nframe < 20 || pkalgo == GCRY_PK_DSA ) + return gpg_error (GPG_ERR_INTERNAL); } + frame = xtrymalloc (nframe); if (!frame) return out_of_core (); memcpy (frame, gcry_md_read (md, algo), nframe); n = nframe; + /* Truncate. */ + if (n > qbits/8) + n = qbits/8; } else { @@ -143,8 +208,6 @@ algo = GCRY_PK_RSA; else if (n==3 && !memcmp (name, "dsa", 3)) algo = GCRY_PK_DSA; - else if (n==5 && !memcmp (name, "ecdsa", 5)) - algo = GCRY_PK_ECDSA; /* Because this function is called only for verification we can assume that ECC actually means ECDSA. */ else if (n==3 && !memcmp (name, "ecc", 3)) @@ -158,10 +221,9 @@ } -/* - Check the signature on CERT using the ISSUER-CERT. This function - does only test the cryptographic signature and nothing else. It is - assumed that the ISSUER_CERT is valid. */ +/* Check the signature on CERT using the ISSUER-CERT. This function + does only test the cryptographic signature and nothing else. It is + assumed that the ISSUER_CERT is valid. */ int gpgsm_check_cert_sig (ksba_cert_t issuer_cert, ksba_cert_t cert) { @@ -249,7 +311,7 @@ } rc = do_encode_md (md, algo, pk_algo_from_sexp (s_pkey), - gcry_pk_get_nbits (s_pkey), &frame); + gcry_pk_get_nbits (s_pkey), s_pkey, &frame); if (rc) { gcry_md_close (md); @@ -322,7 +384,7 @@ rc = do_encode_md (md, algo, pk_algo_from_sexp (s_pkey), - gcry_pk_get_nbits (s_pkey), &frame); + gcry_pk_get_nbits (s_pkey), s_pkey, &frame); if (rc) { gcry_sexp_release (s_sig); From cvs at cvs.gnupg.org Fri Apr 20 12:53:08 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 20 Apr 2007 12:53:08 +0200 Subject: [svn] ksba - r271 - in trunk: src tests Message-ID: Author: wk Date: 2007-04-20 12:53:07 +0200 (Fri, 20 Apr 2007) New Revision: 271 Modified: trunk/src/ChangeLog trunk/src/cert.c trunk/src/keyinfo.c trunk/tests/ChangeLog trunk/tests/Makefile.am trunk/tests/cert-basic.c Log: Support more curves. Add a few tweaks for ECC. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-04-18 13:01:12 UTC (rev 270) +++ trunk/src/ChangeLog 2007-04-20 10:53:07 UTC (rev 271) @@ -1,3 +1,18 @@ +2007-04-20 Werner Koch + + * keyinfo.c: Add OIDs for brainpool curves. + +2007-04-19 Werner Koch + + * keyinfo.c (pk_algo_table): Removed the ecdsa entry. + (sig_algo_table): Add X9.62 ecc signature algorithm entries. + (_ksba_parse_algorithm_identifier): Replace by a call to + _ksba_parse_algorithm_identifier2. + (_ksba_parse_algorithm_identifier2): Add hack to cope with + ecdsaWithSpecified. + * cert.c (ksba_cert_get_digest_algo): Use of + _ksba_parse_algorithm_identifier to parse the OID. + 2007-04-06 Werner Koch * keyinfo.c (curve_names): New. Modified: trunk/src/cert.c =================================================================== --- trunk/src/cert.c 2007-04-18 13:01:12 UTC (rev 270) +++ trunk/src/cert.c 2007-04-20 10:53:07 UTC (rev 271) @@ -426,8 +426,10 @@ const char * ksba_cert_get_digest_algo (ksba_cert_t cert) { + gpg_error_t err; AsnNode n; char *algo; + size_t nread; if (!cert) { @@ -443,11 +445,22 @@ if (cert->cache.digest_algo) return cert->cache.digest_algo; - n = _ksba_asn_find_node (cert->root, - "Certificate.signatureAlgorithm.algorithm"); - algo = _ksba_oid_node_to_str (cert->image, n); - if (!algo) - cert->last_error = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); +/* n = _ksba_asn_find_node (cert->root, */ +/* "Certificate.signatureAlgorithm.algorithm"); */ +/* algo = _ksba_oid_node_to_str (cert->image, n); */ +/* if (!algo) */ +/* cert->last_error = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); */ +/* else */ +/* cert->cache.digest_algo = algo; */ + + n = _ksba_asn_find_node (cert->root, "Certificate.signatureAlgorithm"); + if (!n || n->off == -1) + err = gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); + else + err = _ksba_parse_algorithm_identifier (cert->image + n->off, + n->nhdr + n->len, &nread, &algo); + if (err) + cert->last_error = err; else cert->cache.digest_algo = algo; Modified: trunk/src/keyinfo.c =================================================================== --- trunk/src/keyinfo.c 2007-04-18 13:01:12 UTC (rev 270) +++ trunk/src/keyinfo.c 2007-04-20 10:53:07 UTC (rev 271) @@ -50,31 +50,30 @@ }; static struct algo_table_s pk_algo_table[] = { + { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */ "1.2.840.113549.1.1.1", /* rsaEncryption (RSAES-PKCA1-v1.5) */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01", 9, 1, 0, "rsa", "-ne", "\x30\x02\x02" }, + { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.7 */ "1.2.840.113549.1.1.7", /* RSAES-OAEP */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x07", 9, 0, 0, "rsa", "-ne", "\x30\x02\x02"}, /* (patent problems) */ + { /* */ "2.5.8.1.1", /* rsa (ambiguous due to missing padding rules)*/ "\x55\x08\x01\x01", 4, 1, 0, "ambiguous-rsa", "-ne", "\x30\x02\x02" }, + { /* iso.member-body.us.x9-57.x9cm.1 */ "1.2.840.10040.4.1", /* dsa */ "\x2a\x86\x48\xce\x38\x04\x01", 7, 1, 0, "dsa", "y", "\x02" }, /* FIXME: Need code to extract p,q,g from the parameters */ - { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */ - "1.2.840.10045.4.1", /* ecdsa */ - "\x2a\x86\x48\xce\x3d\x04\x01", 7, - 1, 1, "ecdsa", "q", "\x80" }, - { /* iso.member-body.us.ansi-x9-62.2.1 */ - "1.2.840.10045.2.1", /* ecdsa or ecdh */ + "1.2.840.10045.2.1", /* ecPublicKey */ "\x2a\x86\x48\xce\x3d\x02\x01", 7, 1, 1,"ecc", "q", "\x80" }, @@ -105,6 +104,33 @@ "\x2a\x86\x48\xce\x3d\x04\x01", 7, 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA1 }, + { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-specified */ + "1.2.840.10045.4.3", + "\x2a\x86\x48\xce\x3d\x04\x03", 7, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", 0 }, + /* The digest algorithm is given by the parameter. */ + + + { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha224 */ + "1.2.840.10045.4.3.1", + "\x2a\x86\x48\xce\x3d\x04\x03\x01", 8, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA224 }, + + { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha256 */ + "1.2.840.10045.4.3.2", + "\x2a\x86\x48\xce\x3d\x04\x03\x02", 8, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA256 }, + + { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha384 */ + "1.2.840.10045.4.3.3", + "\x2a\x86\x48\xce\x3d\x04\x03\x03", 8, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA384 }, + + { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha512 */ + "1.2.840.10045.4.3.4", + "\x2a\x86\x48\xce\x3d\x04\x03\x04", 8, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA512 }, + { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */ "1.2.840.113549.1.1.1", /* rsaEncryption used without hash algo*/ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01", 9, @@ -163,10 +189,24 @@ { "1.2.840.10045.3.1.1", "prime192v1" }, { "1.2.840.10045.3.1.1", "secp192r1" }, + { "1.3.132.0.33", "secp224r1" }, + { "1.2.840.10045.3.1.7", "NIST P-256", }, { "1.2.840.10045.3.1.7", "prime256v1" }, { "1.2.840.10045.3.1.7", "secp256r1" }, + { "1.3.132.0.34", "secp384r1" }, + + { "1.3.132.0.35", "secp521r1" }, + + { "1.3.36.3.3.2.8.1.1.1" , "brainpoolP160r1" }, + { "1.3.36.3.3.2.8.1.1.3" , "brainpoolP192r1" }, + { "1.3.36.3.3.2.8.1.1.5" , "brainpoolP224r1" }, + { "1.3.36.3.3.2.8.1.1.7" , "brainpoolP256r1" }, + { "1.3.36.3.3.2.8.1.1.9" , "brainpoolP320r1" }, + { "1.3.36.3.3.2.8.1.1.11", "brainpoolP384r1" }, + { "1.3.36.3.3.2.8.1.1.13", "brainpoolP512r1" }, + { NULL, NULL} }; @@ -359,6 +399,19 @@ derlen -= len; seqlen -= len; } + else if (r_parm_pos && r_parm_len && c == 0x30) + { + /* This is a sequence. */ + if (r_parm_type) + *r_parm_type = TYPE_SEQUENCE; + TLV_LENGTH(); + *r_parm_pos = startparm - start; + *r_parm_len = len + (der - startparm); + seqlen -= der - startparm; + der += len; + derlen -= len; + seqlen -= len; + } else { /* printf ("parameter: with tag %02x - ignored\n", c); */ @@ -399,21 +452,8 @@ _ksba_parse_algorithm_identifier (const unsigned char *der, size_t derlen, size_t *r_nread, char **r_oid) { - gpg_error_t err; - int is_bitstr; - size_t nread, off, len; - - /* fixme: get_algorithm might return the error invalid keyinfo - - this should be invalid algorithm identifier */ - *r_oid = NULL; - *r_nread = 0; - err = get_algorithm (0, der, derlen, &nread, &off, &len, &is_bitstr, - NULL, NULL, NULL); - if (err) - return err; - *r_nread = nread; - *r_oid = ksba_oid_to_str (der+off, len); - return *r_oid? 0 : gpg_error (GPG_ERR_ENOMEM); + return _ksba_parse_algorithm_identifier2 (der, derlen, + r_nread, r_oid, NULL, NULL); } gpg_error_t @@ -424,6 +464,7 @@ gpg_error_t err; int is_bitstr; size_t nread, off, len, off2, len2; + int parm_type; /* fixme: get_algorithm might return the error invalid keyinfo - this should be invalid algorithm identifier */ @@ -431,13 +472,38 @@ *r_nread = 0; off2 = len2 = 0; err = get_algorithm (0, der, derlen, &nread, &off, &len, &is_bitstr, - &off2, &len2, NULL); + &off2, &len2, &parm_type); if (err) return err; *r_nread = nread; *r_oid = ksba_oid_to_str (der+off, len); if (!*r_oid) return gpg_error (GPG_ERR_ENOMEM); + + /* Special hack for ecdsaWithSpecified. We replace the returned OID + by the one in the parameter. */ + if (off2 && len2 && parm_type == TYPE_SEQUENCE + && !strcmp (*r_oid, "1.2.840.10045.4.3")) + { + xfree (*r_oid); + *r_oid = NULL; + err = get_algorithm (0, der+off2, len2, &nread, &off, &len, &is_bitstr, + NULL, NULL, NULL); + if (err) + { + *r_nread = 0; + return err; + } + *r_oid = ksba_oid_to_str (der+off2+off, len); + if (!*r_oid) + { + *r_nread = 0; + return gpg_error (GPG_ERR_ENOMEM); + } + + off2 = len2 = 0; /* So that R_PARM is set to NULL. */ + } + if (r_parm && r_parmlen) { if (off2 && len2) Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-04-18 13:01:12 UTC (rev 270) +++ trunk/tests/ChangeLog 2007-04-20 10:53:07 UTC (rev 271) @@ -1,3 +1,8 @@ +2007-04-20 Werner Koch + + * cert-basic.c (main): Add option verbose + (one_file): Print public key and signature value in verbose mode. + 2006-08-31 Werner Koch * t-ocsp.c (one_response): Print the responder id. Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2007-04-18 13:01:12 UTC (rev 270) +++ trunk/tests/Makefile.am 2007-04-20 10:53:07 UTC (rev 271) @@ -57,8 +57,8 @@ # installed and thus not distributed. oidtranstbl.h: Makefile mkoidtbl.awk set -e; f="/dev/null"; \ - for i in /usr/local/bin /usr/local/share /usr/bin \ - /usr/share /etc/dumpasn1; do \ + for i in /etc/dumpasn1 /usr/local/bin /usr/local/share /usr/bin \ + /usr/share ; do \ if test -f $$i/dumpasn1.cfg; then f=$$i/dumpasn1.cfg; break; fi; \ done; $(AWK) -f $(srcdir)/mkoidtbl.awk $$f >$@ Modified: trunk/tests/cert-basic.c =================================================================== --- trunk/tests/cert-basic.c 2007-04-18 13:01:12 UTC (rev 270) +++ trunk/tests/cert-basic.c 2007-04-20 10:53:07 UTC (rev 271) @@ -47,6 +47,7 @@ #define xfree(a) ksba_free (a) +static int verbose; static int errorcount = 0; @@ -582,6 +583,13 @@ unsigned char *der; size_t derlen; + if (verbose) + { + fputs (" pubkey....: ", stdout); + print_sexp (public); + putchar ('\n'); + } + err = _ksba_keyinfo_from_sexp (public, &der, &derlen); if (err) { @@ -629,16 +637,17 @@ } } + if (verbose) + { + sexp = ksba_cert_get_sig_val (cert); + fputs (" sigval....: ", stdout); + print_sexp (sexp); + ksba_free (sexp); + putchar ('\n'); + } + list_extensions (cert); -#if 0 - sexp = ksba_cert_get_sig_val (cert); - fputs (" sigval....: ", stdout); - print_sexp (sexp); - ksba_free (sexp); - putchar ('\n'); -#endif - ksba_cert_release (cert); err = ksba_cert_new (&cert); if (err) @@ -669,9 +678,21 @@ if (!srcdir) srcdir = "."; - if (argc > 1) + if (argc) { - for (argc--, argv++; argc; argc--, argv++) + argc--; argv++; + } + + if (argc && !strcmp (*argv, "--verbose")) + { + verbose = 1; + argc--; argv++; + } + + + if (argc) + { + for (; argc; argc--, argv++) one_file (*argv); } else From cvs at cvs.gnupg.org Fri Apr 20 18:59:40 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 20 Apr 2007 18:59:40 +0200 Subject: [svn] GnuPG - r4488 - in trunk: . agent common kbx po scd sm tools Message-ID: Author: wk Date: 2007-04-20 18:59:37 +0200 (Fri, 20 Apr 2007) New Revision: 4488 Modified: trunk/NEWS trunk/agent/ChangeLog trunk/agent/gpg-agent.c trunk/agent/protect-tool.c trunk/common/ChangeLog trunk/common/miscellaneous.c trunk/common/util.h trunk/kbx/kbxutil.c trunk/po/POTFILES.in trunk/scd/ChangeLog trunk/scd/sc-copykeys.c trunk/scd/scdaemon.c trunk/sm/ChangeLog trunk/sm/gpgsm.c trunk/tools/ChangeLog trunk/tools/symcryptrun.c Log: Improved logging for error orginating from libgcrypt. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/NEWS 2007-04-20 16:59:37 UTC (rev 4488) @@ -7,7 +7,9 @@ * PKCS#12 import now tries several encodings in case the passphrase was not utf-8 encoded. New option --p12-charset for gpgsm. + * Improved the libgcrypt logging support in all modules. + Noteworthy changes in version 2.0.3 (2007-03-08) ------------------------------------------------ Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/agent/ChangeLog 2007-04-20 16:59:37 UTC (rev 4488) @@ -1,3 +1,10 @@ +2007-04-20 Werner Koch + + * gpg-agent.c (my_gcry_logger, my_gcry_outofcore_handler): Removed. + (main): Call the setup_libgcrypt_logging helper. + * protect-tool.c (my_gcry_logger): Removed. + (main): Call the setup_libgcrypt_logging helper. + 2007-04-03 Werner Koch * trustlist.c (read_trustfiles): Take a missing trustlist as an Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/agent/gpg-agent.c 2007-04-20 16:59:37 UTC (rev 4488) @@ -276,48 +276,6 @@ -/* Used by gcry for logging */ -static void -my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr) -{ - /* translate the log levels */ - switch (level) - { - case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break; - case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break; - case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break; - case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break; - case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break; - case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break; - case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break; - default: level = JNLIB_LOG_ERROR; break; - } - log_logv (level, fmt, arg_ptr); -} - - -/* This function is called by libgcrypt if it ran out of core and - there is no way to return that error to the caller. We do our own - function here to make use of our logging functions. */ -static int -my_gcry_outofcore_handler ( void *opaque, size_t req_n, unsigned int flags) -{ - static int been_here; /* Used to protect against recursive calls. */ - - if (!been_here) - { - been_here = 1; - if ( (flags & 1) ) - log_fatal (_("out of core in secure memory " - "while allocating %lu bytes"), (unsigned long)req_n); - else - log_fatal (_("out of core while allocating %lu bytes"), - (unsigned long)req_n); - } - return 0; /* Let libgcrypt call its own fatal error handler. */ -} - - /* Setup the debugging. With the global variable DEBUG_LEVEL set to NULL only the active debug flags are propagated to the subsystems. With DEBUG_LEVEL set, a specific set of debug flags is set; thus overriding @@ -518,7 +476,7 @@ the option parsing may need services of the library. */ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) { - log_fatal( _("libgcrypt is too old (need %s, have %s)\n"), + log_fatal( _("%s is too old (need %s, have %s)\n"), "libgcrypt", NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); } @@ -527,8 +485,7 @@ assuan_set_assuan_log_prefix (log_get_prefix (NULL)); assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT); - gcry_set_log_handler (my_gcry_logger, NULL); - gcry_set_outofcore_handler (my_gcry_outofcore_handler, NULL); + setup_libgcrypt_logging (); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); may_coredump = disable_core_dumps (); Modified: trunk/agent/protect-tool.c =================================================================== --- trunk/agent/protect-tool.c 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/agent/protect-tool.c 2007-04-20 16:59:37 UTC (rev 4488) @@ -177,25 +177,6 @@ -/* Used by gcry for logging */ -static void -my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr) -{ - /* translate the log levels */ - switch (level) - { - case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break; - case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break; - case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break; - case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break; - case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break; - case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break; - case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break; - default: level = JNLIB_LOG_ERROR; break; } - log_logv (level, fmt, arg_ptr); -} - - /* static void */ /* print_mpi (const char *text, gcry_mpi_t a) */ /* { */ @@ -1075,12 +1056,11 @@ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) { - log_fatal( _("libgcrypt is too old (need %s, have %s)\n"), + log_fatal( _("%s is too old (need %s, have %s)\n"), "libgcrypt", NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); } - gcry_set_log_handler (my_gcry_logger, NULL); - + setup_libgcrypt_logging (); gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/common/ChangeLog 2007-04-20 16:59:37 UTC (rev 4488) @@ -1,3 +1,10 @@ +2007-04-20 Werner Koch + + * miscellaneous.c (my_gcry_logger, my_gcry_outofcore_handler): + Moved from gpg-agent to here. + (my_gcry_fatalerror_handler): new. + (setup_libgcrypt_logging): New. + 2007-03-19 Werner Koch * miscellaneous.c (print_hexstring): New. Modified: trunk/common/miscellaneous.c =================================================================== --- trunk/common/miscellaneous.c 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/common/miscellaneous.c 2007-04-20 16:59:37 UTC (rev 4488) @@ -23,10 +23,77 @@ #include #include +#define JNLIB_NEED_LOG_LOGV #include "util.h" #include "iobuf.h" +#include "i18n.h" +/* Used by libgcrypt for logging. */ +static void +my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr) +{ + /* Map the log levels. */ + switch (level) + { + case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break; + case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break; + case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break; + case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break; + case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break; + case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break; + case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break; + default: level = JNLIB_LOG_ERROR; break; + } + log_logv (level, fmt, arg_ptr); +} + + +/* This function is called by libgcrypt on a fatal error. */ +static void +my_gcry_fatalerror_handler (void *opaque, int rc, const char *text) +{ + log_fatal ("libgcrypt problem: %s\n", text ? text : gpg_strerror (rc)); + abort (); +} + + +/* This function is called by libgcrypt if it ran out of core and + there is no way to return that error to the caller. We do our own + function here to make use of our logging functions. */ +static int +my_gcry_outofcore_handler (void *opaque, size_t req_n, unsigned int flags) +{ + static int been_here; /* Used to protect against recursive calls. */ + + if (!been_here) + { + been_here = 1; + if ( (flags & 1) ) + log_fatal (_("out of core in secure memory " + "while allocating %lu bytes"), (unsigned long)req_n); + else + log_fatal (_("out of core while allocating %lu bytes"), + (unsigned long)req_n); + } + return 0; /* Let libgcrypt call its own fatal error handler. + Actually this will turn out to be + my_gcry_fatalerror_handler. */ +} + + +/* Setup libgcrypt to use our own logging functions. Should be used + early at startup. */ +void +setup_libgcrypt_logging (void) +{ + gcry_set_log_handler (my_gcry_logger, NULL); + gcry_set_fatalerror_handler (my_gcry_fatalerror_handler, NULL); + gcry_set_outofcore_handler (my_gcry_outofcore_handler, NULL); +} + + + /* Decide whether the filename is stdout or a real filename and return * an appropriate string. */ const char * Modified: trunk/common/util.h =================================================================== --- trunk/common/util.h 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/common/util.h 2007-04-20 16:59:37 UTC (rev 4488) @@ -171,6 +171,10 @@ /*-- miscellaneous.c --*/ +/* This function is called at startup to tell libgcrypt to use our own + logging subsystem. */ +void setup_libgcrypt_logging (void); + /* Same as asprintf but return an allocated buffer suitable to be freed using xfree. This function simply dies on memory failure, thus no extra check is required. */ Modified: trunk/kbx/kbxutil.c =================================================================== --- trunk/kbx/kbxutil.c 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/kbx/kbxutil.c 2007-04-20 16:59:37 UTC (rev 4488) @@ -429,7 +429,7 @@ the option parsing may need services of the library. */ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) { - log_fatal( _("libgcrypt is too old (need %s, have %s)\n"), + log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); } Modified: trunk/po/POTFILES.in =================================================================== --- trunk/po/POTFILES.in 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/po/POTFILES.in 2007-04-20 16:59:37 UTC (rev 4488) @@ -14,6 +14,7 @@ common/simple-pwquery.c common/sysutils.c common/yesno.c +common/miscellaneous.c g10/armor.c g10/build-packet.c Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/scd/ChangeLog 2007-04-20 16:59:37 UTC (rev 4488) @@ -1,3 +1,10 @@ +2007-04-20 Werner Koch + + * sc-copykeys.c (my_gcry_logger): Removed. + (main): Call setup_libgcrypt_logging helper. + * scdaemon.c (my_gcry_logger): Removed. + (main): Call setup_libgcrypt_logging helper. + 2007-04-03 Werner Koch * command.c (cmd_getinfo): New subcommand "reader_list". Modified: trunk/scd/sc-copykeys.c =================================================================== --- trunk/scd/sc-copykeys.c 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/scd/sc-copykeys.c 2007-04-20 16:59:37 UTC (rev 4488) @@ -93,26 +93,7 @@ return p; } -/* Used by gcry for logging */ -static void -my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr) -{ - /* translate the log levels */ - switch (level) - { - case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break; - case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break; - case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break; - case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break; - case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break; - case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break; - case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break; - default: level = JNLIB_LOG_ERROR; break; - } - log_logv (level, fmt, arg_ptr); -} - int main (int argc, char **argv ) { @@ -131,11 +112,11 @@ the option parsing may need services of the library */ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) { - log_fatal( _("libgcrypt is too old (need %s, have %s)\n"), + log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); } - gcry_set_log_handler (my_gcry_logger, NULL); + setup_libgcrypt_logging (); gcry_control (GCRYCTL_DISABLE_SECMEM, 0); /* FIXME - we want to use it */ /* FIXME? gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);*/ Modified: trunk/scd/scdaemon.c =================================================================== --- trunk/scd/scdaemon.c 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/scd/scdaemon.c 2007-04-20 16:59:37 UTC (rev 4488) @@ -221,26 +221,7 @@ -/* Used by gcry for logging */ -static void -my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr) -{ - /* translate the log levels */ - switch (level) - { - case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break; - case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break; - case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break; - case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break; - case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break; - case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break; - case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break; - default: level = JNLIB_LOG_ERROR; break; - } - log_logv (level, fmt, arg_ptr); -} - /* Setup the debugging. With a LEVEL of NULL only the active debug flags are propagated to the subsystems. With LEVEL set, a specific set of debug flags is set; thus overriding all flags already @@ -355,7 +336,7 @@ the option parsing may need services of the library */ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) { - log_fatal( _("libgcrypt is too old (need %s, have %s)\n"), + log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); } @@ -366,8 +347,7 @@ assuan_set_assuan_log_prefix (log_get_prefix (NULL)); assuan_set_assuan_err_source (GPG_ERR_SOURCE_DEFAULT); - - gcry_set_log_handler (my_gcry_logger, NULL); + setup_libgcrypt_logging (); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); may_coredump = disable_core_dumps (); Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/sm/ChangeLog 2007-04-20 16:59:37 UTC (rev 4488) @@ -1,3 +1,7 @@ +2007-04-20 Werner Koch + + * gpgsm.c (main): Parameterize failed versions check messages. + 2007-04-19 Werner Koch * certcheck.c (do_encode_md): Add arg PKEY. Add support for DSA2 Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/sm/gpgsm.c 2007-04-20 16:59:37 UTC (rev 4488) @@ -768,15 +768,11 @@ /* Check that the libraries are suitable. Do it here because the option parse may need services of the library */ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) - { - log_fatal( _("libgcrypt is too old (need %s, have %s)\n"), - NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); - } + log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); if (!ksba_check_version (NEED_KSBA_VERSION) ) - { - log_fatal( _("libksba is too old (need %s, have %s)\n"), - NEED_KSBA_VERSION, ksba_check_version (NULL) ); - } + log_fatal (_("%s is too old (need %s, have %s)\n"), "libksba", + NEED_KSBA_VERSION, ksba_check_version (NULL) ); gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/tools/ChangeLog 2007-04-20 16:59:37 UTC (rev 4488) @@ -1,3 +1,8 @@ +2007-04-20 Werner Koch + + * symcryptrun.c (my_gcry_logger): Removed. + (main): Call setup_libgcrypt_logging. + 2007-04-03 Werner Koch * gpgconf-comp.c: Allow changing of --allow-mark-trusted. Modified: trunk/tools/symcryptrun.c =================================================================== --- trunk/tools/symcryptrun.c 2007-04-20 10:54:46 UTC (rev 4487) +++ trunk/tools/symcryptrun.c 2007-04-20 16:59:37 UTC (rev 4488) @@ -96,25 +96,6 @@ #include "../common/simple-pwquery.h" -/* Used by gcry for logging */ -static void -my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr) -{ - /* translate the log levels */ - switch (level) - { - case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break; - case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break; - case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break; - case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break; - case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break; - case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break; - case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break; - default: level = JNLIB_LOG_ERROR; break; } - log_logv (level, fmt, arg_ptr); -} - - /* From simple-gettext.c. */ /* We assume to have `unsigned long int' value with at least 32 bits. */ @@ -1053,10 +1034,10 @@ gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) { - log_fatal( _("libgcrypt is too old (need %s, have %s)\n"), + log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); } - gcry_set_log_handler (my_gcry_logger, NULL); + setup_libgcrypt_logging (); gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); if (!opt.class) From cvs at cvs.gnupg.org Sat Apr 28 18:05:14 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Sat, 28 Apr 2007 18:05:14 +0200 Subject: [svn] GnuPG - r4489 - trunk/g10 Message-ID: Author: marcus Date: 2007-04-28 18:04:44 +0200 (Sat, 28 Apr 2007) New Revision: 4489 Modified: trunk/g10/ChangeLog trunk/g10/passphrase.c Log: 2007-04-26 Marcus Brinkmann * passphrase.c (passphrase_to_dek): Write missing passphrase status message in case of cancellation. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-04-20 16:59:37 UTC (rev 4488) +++ trunk/g10/ChangeLog 2007-04-28 16:04:44 UTC (rev 4489) @@ -1,3 +1,8 @@ +2007-04-26 Marcus Brinkmann + + * passphrase.c (passphrase_to_dek): Write missing passphrase + status message in case of cancellation. + 2007-04-16 Werner Koch * build-packet.c (mpi_write): Made buffer a bit larger. Reported Modified: trunk/g10/passphrase.c =================================================================== --- trunk/g10/passphrase.c 2007-04-20 16:59:37 UTC (rev 4488) +++ trunk/g10/passphrase.c 2007-04-28 16:04:44 UTC (rev 4489) @@ -627,6 +627,7 @@ if (*canceled) { xfree (pw); + write_status( STATUS_MISSING_PASSPHRASE ); return NULL; } if (!pw) @@ -642,6 +643,7 @@ { xfree (pw); xfree (pw2); + write_status( STATUS_MISSING_PASSPHRASE ); return NULL; } if (!pw2) From cvs at cvs.gnupg.org Sat Apr 28 20:51:44 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Sat, 28 Apr 2007 20:51:44 +0200 Subject: [svn] gcry - r1235 - in trunk: cipher tests Message-ID: Author: marcus Date: 2007-04-28 20:51:15 +0200 (Sat, 28 Apr 2007) New Revision: 1235 Modified: trunk/cipher/ChangeLog trunk/cipher/ac.c trunk/tests/ChangeLog trunk/tests/ac-data.c Log: cipher/ 2007-04-28 Marcus Brinkmann * ac.c (gcry_ac_mpi): Remove member NAME_PROVIDED. (ac_data_mpi_copy, _gcry_ac_data_set, _gcry_ac_data_get_name) (_gcry_ac_data_get_index, ac_data_construct): Adjust handling of NAME accordingly. tests/ 2007-04-28 Marcus Brinkmann * ac-data.c (check_run): Don't give redundant GCRY_AC_FLAG_DEALLOC in addition to GCRY_AC_FLAG_COPY. Don't release LABEL1 or MPI0, as those are donated to libgcrypt, but do release MPI0 and MPI2. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-04-20 10:52:30 UTC (rev 1234) +++ trunk/cipher/ChangeLog 2007-04-28 18:51:15 UTC (rev 1235) @@ -1,3 +1,10 @@ +2007-04-28 Marcus Brinkmann + + * ac.c (gcry_ac_mpi): Remove member NAME_PROVIDED. + (ac_data_mpi_copy, _gcry_ac_data_set, _gcry_ac_data_get_name) + (_gcry_ac_data_get_index, ac_data_construct): Adjust handling of + NAME accordingly. + 2007-04-20 Werner Koch * ecc.c (domain_parms): Add standard brainpool curves. Modified: trunk/cipher/ac.c =================================================================== --- trunk/cipher/ac.c 2007-04-20 10:52:30 UTC (rev 1234) +++ trunk/cipher/ac.c 2007-04-28 18:51:15 UTC (rev 1235) @@ -88,7 +88,6 @@ /* A named MPI value. */ typedef struct gcry_ac_mpi { - const char *name_provided; /* Provided name of MPI value. */ char *name; /* Self-maintained copy of name. */ gcry_mpi_t mpi; /* MPI value. */ unsigned int flags; /* Flags. */ @@ -213,10 +212,7 @@ { /* Copy values. */ - if (data_mpis[i].name) - label = gcry_strdup (data_mpis[i].name); - else - label = gcry_strdup (data_mpis[i].name_provided); + label = gcry_strdup (data_mpis[i].name); mpi = gcry_mpi_copy (data_mpis[i].mpi); if (! (label && mpi)) { @@ -331,6 +327,7 @@ { /* Create copies. */ + flags |= GCRY_AC_FLAG_DEALLOC; name_cp = gcry_strdup (name); mpi_cp = gcry_mpi_copy (mpi); if (! (name_cp && mpi_cp)) @@ -342,9 +339,7 @@ /* Search for existing entry. */ for (i = 0; i < data->data_n; i++) - if (! strcmp (name, - data->data[i].name - ? data->data[i].name : data->data[i].name_provided)) + if (! strcmp (name, data->data[i].name)) break; if (i < data->data_n) { @@ -374,8 +369,7 @@ data->data_n++; } - data->data[i].name_provided = name_cp ? NULL : name; - data->data[i].name = name_cp; + data->data[i].name = name_cp ? name_cp : ((char *) name); data->data[i].mpi = mpi_cp ? mpi_cp : mpi; data->data[i].flags = flags; err = 0; @@ -417,9 +411,7 @@ } for (i = 0; i < data->data_n; i++) - if (! strcmp (name, - data->data[i].name ? - data->data[i].name : data->data[i].name_provided)) + if (! strcmp (name, data->data[i].name)) break; if (i == data->data_n) { @@ -487,10 +479,7 @@ /* Return copies to the user. */ if (name) { - if (data->data[idx].name_provided) - name_cp = gcry_strdup (data->data[idx].name_provided); - else - name_cp = gcry_strdup (data->data[idx].name); + name_cp = gcry_strdup (data->data[idx].name); if (! name_cp) { err = gcry_error_from_errno (errno); @@ -509,9 +498,7 @@ } if (name) - *name = name_cp ? name_cp : (data->data[idx].name - ? data->data[idx].name - : data->data[idx].name_provided); + *name = name_cp ? name_cp : data->data[idx].name; if (mpi) *mpi = mpi_cp ? mpi_cp : data->data[idx].mpi; err = 0; @@ -1373,9 +1360,7 @@ /* Fill list with MPIs. */ for (i = 0; i < data_length; i++) { - char **nameaddr = (data->data[i].name - ? &data->data[i].name - : ((char **) &data->data[i].name_provided)); + char **nameaddr = &data->data[i].name; arg_list[(i * 2) + 0] = nameaddr; arg_list[(i * 2) + 1] = &data->data[i].mpi; Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-04-20 10:52:30 UTC (rev 1234) +++ trunk/tests/ChangeLog 2007-04-28 18:51:15 UTC (rev 1235) @@ -1,3 +1,9 @@ +2007-04-28 Marcus Brinkmann + + * ac-data.c (check_run): Don't give redundant GCRY_AC_FLAG_DEALLOC + in addition to GCRY_AC_FLAG_COPY. Don't release LABEL1 or MPI0, + as those are donated to libgcrypt, but do release MPI0 and MPI2. + 2007-04-12 Marcus Brinkmann * ac-schemes.c (scheme_spec): Revert last change. Modified: trunk/tests/ac-data.c =================================================================== --- trunk/tests/ac-data.c 2007-04-20 10:52:30 UTC (rev 1234) +++ trunk/tests/ac-data.c 2007-04-28 18:51:15 UTC (rev 1235) @@ -141,17 +141,14 @@ err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, label0, mpi0); assert_err (err); - err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, - "foo", mpi0); + + err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, "foo", mpi0); assert_err (err); - err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, - "foo", mpi0); + err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, "foo", mpi0); assert_err (err); - err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, - "bar", mpi0); + err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, "bar", mpi0); assert_err (err); - err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, - "blah1", mpi0); + err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, "blah1", mpi0); assert_err (err); check_sexp_conversion (data, identifiers); check_sexp_conversion (data, identifiers_null); @@ -166,8 +163,8 @@ assert (mpi1 != mpi2); err = gcry_ac_data_get_index (data, 0, 0, &label1, &mpi1); assert_err (err); - gcry_free ((void *) label1); /* FIXME!! */ - gcry_mpi_release (mpi1); + gcry_mpi_release (mpi0); + gcry_mpi_release (mpi2); if (verbose) printf ("data-set-test-1 succeeded\n"); From cvs at cvs.gnupg.org Sun Apr 29 03:32:40 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Sun, 29 Apr 2007 03:32:40 +0200 Subject: [svn] gcry - r1236 - in trunk: . mpi mpi/pentium4 mpi/pentium4/mmx mpi/pentium4/sse2 Message-ID: Author: marcus Date: 2007-04-29 03:32:10 +0200 (Sun, 29 Apr 2007) New Revision: 1236 Added: trunk/mpi/pentium4/ trunk/mpi/pentium4/README trunk/mpi/pentium4/distfiles trunk/mpi/pentium4/mmx/ trunk/mpi/pentium4/mmx/distfiles trunk/mpi/pentium4/mmx/mpih-lshift.S trunk/mpi/pentium4/mmx/mpih-rshift.S trunk/mpi/pentium4/sse2/ trunk/mpi/pentium4/sse2/distfiles trunk/mpi/pentium4/sse2/mpih-add1.S trunk/mpi/pentium4/sse2/mpih-mul1.S trunk/mpi/pentium4/sse2/mpih-mul2.S trunk/mpi/pentium4/sse2/mpih-mul3.S trunk/mpi/pentium4/sse2/mpih-sub1.S Modified: trunk/ChangeLog trunk/configure.ac trunk/mpi/ChangeLog trunk/mpi/config.links Log: 2007-04-28 Marcus Brinkmann * configure.ac: Allow to specify additional search directories with --enable-mpi-path. mpi/ 2007-04-28 Marcus Brinkmann * config.links: Add additional assembler search directories. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/ChangeLog 2007-04-29 01:32:10 UTC (rev 1236) @@ -1,3 +1,8 @@ +2007-04-28 Marcus Brinkmann + + * configure.ac: Allow to specify additional search directories + with --enable-mpi-path. + 2007-04-16 Werner Koch * configure.ac: Check for sysconf. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/configure.ac 2007-04-29 01:32:10 UTC (rev 1236) @@ -664,6 +664,10 @@ # Setup assembler stuff. # GNUPG_SYS_SYMBOL_UNDERSCORE() +AC_ARG_ENABLE(mpi-path, + AC_HELP_STRING([--enable-mpi-path=EXTRA_PATH], + [prepend EXTRA_PATH to list of CPU specific optimizations]), + mpi_extra_path="$enableval",mpi_extra_path="") AC_MSG_CHECKING(for mpi assembler functions) if test -f $srcdir/mpi/config.links ; then . $srcdir/mpi/config.links Modified: trunk/mpi/ChangeLog =================================================================== --- trunk/mpi/ChangeLog 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/ChangeLog 2007-04-29 01:32:10 UTC (rev 1236) @@ -1,3 +1,7 @@ +2007-04-28 Marcus Brinkmann + + * config.links: Add additional assembler search directories. + 2007-03-28 Werner Koch * ec.c: New. Modified: trunk/mpi/config.links =================================================================== --- trunk/mpi/config.links 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/config.links 2007-04-29 01:32:10 UTC (rev 1236) @@ -322,7 +322,7 @@ # if this fails get it from the generic subdirectory. mpi_ln_list= mpi_mod_list= -path="$path generic" +path="$mpi_extra_path $path generic" for fn in $mpi_required_modules ; do fnu=`echo $fn | sed 's/-/_/g'` eval mpi_mod_c_${fnu}=no Added: trunk/mpi/pentium4/README =================================================================== --- trunk/mpi/pentium4/README 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/README 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,115 @@ +Copyright 2001 Free Software Foundation, Inc. + +This file is part of the GNU MP Library. + +The GNU MP Library is free software; you can redistribute it and/or modify +it under the terms of the GNU Lesser General Public License as published by +the Free Software Foundation; either version 2.1 of the License, or (at your +option) any later version. + +The GNU MP Library is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public +License for more details. + +You should have received a copy of the GNU Lesser General Public License +along with the GNU MP Library; see the file COPYING.LIB. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301, USA. + + + + + INTEL PENTIUM-4 MPN SUBROUTINES + + +This directory contains mpn functions optimized for Intel Pentium-4. + +The mmx subdirectory has routines using MMX instructions, the sse2 +subdirectory has routines using SSE2 instructions. All P4s have these, the +separate directories are just so configure can omit that code if the +assembler doesn't support it. + + +STATUS + + cycles/limb + + mpn_add_n/sub_n 4 normal, 6 in-place + + mpn_mul_1 4 normal, 6 in-place + mpn_addmul_1 6 + mpn_submul_1 7 + + mpn_mul_basecase 6 cycles/crossproduct (approx) + + mpn_sqr_basecase 3.5 cycles/crossproduct (approx) + or 7.0 cycles/triangleproduct (approx) + + mpn_l/rshift 1.75 + + + +The shifts ought to be able to go at 1.5 c/l, but not much effort has been +applied to them yet. + +In-place operations, and all addmul, submul, mul_basecase and sqr_basecase +calls, suffer from pipeline anomalies associated with write combining and +movd reads and writes to the same or nearby locations. The movq +instructions do not trigger the same hardware problems. Unfortunately, +using movq and splitting/combining seems to require too many extra +instructions to help. Perhaps future chip steppings will be better. + + + +NOTES + +The Pentium-4 pipeline "Netburst", provides for quite a number of surprises. +Many traditional x86 instructions run very slowly, requiring use of +alterative instructions for acceptable performance. + +adcl and sbbl are quite slow at 8 cycles for reg->reg. paddq of 32-bits +within a 64-bit mmx register seems better, though the combination +paddq/psrlq when propagating a carry is still a 4 cycle latency. + +incl and decl should be avoided, instead use add $1 and sub $1. Apparently +the carry flag is not separately renamed, so incl and decl depend on all +previous flags-setting instructions. + +shll and shrl have a 4 cycle latency, or 8 times the latency of the fastest +integer instructions (addl, subl, orl, andl, and some more). shldl and +shrdl seem to have 13 and 15 cycles latency, respectively. Bizarre. + +movq mmx -> mmx does have 6 cycle latency, as noted in the documentation. +pxor/por or similar combination at 2 cycles latency can be used instead. +The movq however executes in the float unit, thereby saving MMX execution +resources. With the right juggling, data moves shouldn't be on a dependent +chain. + +L1 is write-through, but the write-combining sounds like it does enough to +not require explicit destination prefetching. + +xmm registers so far haven't found a use, but not much effort has been +expended. A configure test for whether the operating system knows +fxsave/fxrestor will be needed if they're used. + + + +REFERENCES + +Intel Pentium-4 processor manuals, + + http://developer.intel.com/design/pentium4/manuals + +"Intel Pentium 4 Processor Optimization Reference Manual", Intel, 2001, +order number 248966. Available on-line: + + http://developer.intel.com/design/pentium4/manuals/248966.htm + + + +---------------- +Local variables: +mode: text +fill-column: 76 +End: Added: trunk/mpi/pentium4/distfiles =================================================================== --- trunk/mpi/pentium4/distfiles 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/distfiles 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,12 @@ +README + +mmx: +mpih-lshift.S +mpih-rshift.S + +sse2: +mpih-add1.S +mpih-mul1.S +mpih-mul2.S +mpih-mul3.S +mpih-sub1.S Added: trunk/mpi/pentium4/mmx/distfiles =================================================================== --- trunk/mpi/pentium4/mmx/distfiles 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/mmx/distfiles 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,2 @@ +mpih-lshift.S +mpih-rshift.S Added: trunk/mpi/pentium4/mmx/mpih-lshift.S =================================================================== --- trunk/mpi/pentium4/mmx/mpih-lshift.S 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/mmx/mpih-lshift.S 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,457 @@ +/* Intel Pentium-4 mpn_lshift -- left shift. + * + * Copyright 2001, 2002 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + * Note: This code is heavily based on the GNU MP Library. + * Actually it's the same code with only minor changes in the + * way the data is stored; this is to support the abstraction + * of an optional secure memory allocation which may be used + * to avoid revealing of sensitive data due to paging etc. + */ + + +#include "sysdep.h" +#include "asm-syntax.h" + + +/******************* + * mpi_limb_t + * _gcry_mpih_lshift( mpi_ptr_t wp, (sp + 4) + * mpi_ptr_t up, (sp + 8) + * mpi_size_t usize, (sp + 12) + * unsigned cnt) (sp + 16) + * + * P4 Willamette, Northwood: 1.75 cycles/limb + * P4 Prescott: 2.0 cycles/limb + */ + +.text + ALIGN (3) + .globl C_SYMBOL_NAME(_gcry_mpih_lshift) +C_SYMBOL_NAME(_gcry_mpih_lshift:) + + + pushl %ebx + pushl %edi + + + movl 20(%esp), %eax + movl 12(%esp), %edx + + movl 16(%esp), %ebx + movl 24(%esp), %ecx + + cmp $5, %eax + jae .Lunroll + + movl -4(%ebx,%eax,4), %edi + decl %eax + + jnz .Lsimple + + shldl %cl, %edi, %eax + + shll %cl, %edi + + movl %edi, (%edx) + popl %edi + + popl %ebx + + ret + + + + + +.Lsimple: + + + + + + + + + + movd (%ebx,%eax,4), %mm5 + + movd %ecx, %mm6 + negl %ecx + + psllq %mm6, %mm5 + addl $32, %ecx + + movd %ecx, %mm7 + psrlq $32, %mm5 + + +.Lsimple_top: + + + + + + + + + + + + + movq -4(%ebx,%eax,4), %mm0 + decl %eax + + psrlq %mm7, %mm0 + + + + movd %mm0, 4(%edx,%eax,4) + jnz .Lsimple_top + + + movd (%ebx), %mm0 + + movd %mm5, %eax + psllq %mm6, %mm0 + + popl %edi + popl %ebx + + movd %mm0, (%edx) + + emms + + ret + + + + + + .align 8, 0x90 +.Lunroll: + + + + + + + + + + movd -4(%ebx,%eax,4), %mm5 + leal (%ebx,%eax,4), %edi + + movd %ecx, %mm6 + andl $4, %edi + + psllq %mm6, %mm5 + jz .Lstart_src_aligned + + + + + + + + + + + + + + + + + + + + movq -8(%ebx,%eax,4), %mm0 + + psllq %mm6, %mm0 + decl %eax + + psrlq $32, %mm0 + + + + movd %mm0, (%edx,%eax,4) +.Lstart_src_aligned: + + movq -8(%ebx,%eax,4), %mm1 + leal (%edx,%eax,4), %edi + + andl $4, %edi + psrlq $32, %mm5 + + movq -16(%ebx,%eax,4), %mm3 + jz .Lstart_dst_aligned + + + + + + + + + + + + + + + + + + + + + movq %mm1, %mm0 + addl $32, %ecx + + psllq %mm6, %mm0 + + movd %ecx, %mm6 + psrlq $32, %mm0 + + + + movd %mm0, -4(%edx,%eax,4) + subl $4, %edx +.Lstart_dst_aligned: + + + psllq %mm6, %mm1 + negl %ecx + + addl $64, %ecx + movq %mm3, %mm2 + + movd %ecx, %mm7 + subl $8, %eax + + psrlq %mm7, %mm3 + + por %mm1, %mm3 + jc .Lfinish + + + + + .align 8, 0x90 +.Lunroll_loop: + + + + + + + + + + + + + + + + + movq 8(%ebx,%eax,4), %mm0 + psllq %mm6, %mm2 + + movq %mm0, %mm1 + psrlq %mm7, %mm0 + + movq %mm3, 24(%edx,%eax,4) + por %mm2, %mm0 + + movq (%ebx,%eax,4), %mm3 + psllq %mm6, %mm1 + + movq %mm0, 16(%edx,%eax,4) + movq %mm3, %mm2 + + psrlq %mm7, %mm3 + subl $4, %eax + + por %mm1, %mm3 + jnc .Lunroll_loop + + + +.Lfinish: + + + testb $2, %al + + jz .Lfinish_no_two + + movq 8(%ebx,%eax,4), %mm0 + psllq %mm6, %mm2 + + movq %mm0, %mm1 + psrlq %mm7, %mm0 + + movq %mm3, 24(%edx,%eax,4) + por %mm2, %mm0 + + movq %mm1, %mm2 + movq %mm0, %mm3 + + subl $2, %eax +.Lfinish_no_two: + + + + + + + + testb $1, %al + movd %mm5, %eax + + popl %edi + jz .Lfinish_zero + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + movd (%ebx), %mm0 + psllq %mm6, %mm2 + + movq %mm3, 12(%edx) + psllq $32, %mm0 + + movq %mm0, %mm1 + psrlq %mm7, %mm0 + + por %mm2, %mm0 + psllq %mm6, %mm1 + + movq %mm0, 4(%edx) + psrlq $32, %mm1 + + andl $32, %ecx + popl %ebx + + jz .Lfinish_one_unaligned + + movd %mm1, (%edx) +.Lfinish_one_unaligned: + + emms + + ret + + + + +.Lfinish_zero: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + movq %mm3, 8(%edx) + andl $32, %ecx + + psllq %mm6, %mm2 + jz .Lfinish_zero_unaligned + + movq %mm2, (%edx) +.Lfinish_zero_unaligned: + + psrlq $32, %mm2 + popl %ebx + + movd %mm5, %eax + + movd %mm2, 4(%edx) + + emms + + ret Added: trunk/mpi/pentium4/mmx/mpih-rshift.S =================================================================== --- trunk/mpi/pentium4/mmx/mpih-rshift.S 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/mmx/mpih-rshift.S 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,453 @@ +/* Intel Pentium-4 mpn_rshift -- right shift. + * + * Copyright 2001, 2002 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + * Note: This code is heavily based on the GNU MP Library. + * Actually it's the same code with only minor changes in the + * way the data is stored; this is to support the abstraction + * of an optional secure memory allocation which may be used + * to avoid revealing of sensitive data due to paging etc. + */ + + +#include "sysdep.h" +#include "asm-syntax.h" + + +/******************* + * mpi_limb_t + * _gcry_mpih_rshift( mpi_ptr_t wp, (sp + 4) + * mpi_ptr_t up, (sp + 8) + * mpi_size_t usize, (sp + 12) + * unsigned cnt) (sp + 16) + * + * P4 Willamette, Northwood: 1.75 cycles/limb + * P4 Prescott: 2.0 cycles/limb + */ + +.text + ALIGN (3) + .globl C_SYMBOL_NAME(_gcry_mpih_rshift) +C_SYMBOL_NAME(_gcry_mpih_rshift:) + pushl %ebx + pushl %edi + + + movl 20(%esp), %eax + movl 12(%esp), %edx + + movl 16(%esp), %ebx + movl 24(%esp), %ecx + + cmp $5, %eax + jae .Lunroll + + decl %eax + movl (%ebx), %edi + + jnz .Lsimple + + shrdl %cl, %edi, %eax + + shrl %cl, %edi + + movl %edi, (%edx) + popl %edi + + popl %ebx + + ret + + + + + + .align 8, 0x90 +.Lsimple: + + + + + + + + + + movd (%ebx), %mm5 + leal (%ebx,%eax,4), %ebx + + movd %ecx, %mm6 + leal -4(%edx,%eax,4), %edx + + psllq $32, %mm5 + negl %eax + + + + + + + +.Lsimple_top: + + + + + + + + + + movq (%ebx,%eax,4), %mm0 + incl %eax + + psrlq %mm6, %mm0 + + movd %mm0, (%edx,%eax,4) + jnz .Lsimple_top + + + movd (%ebx), %mm0 + psrlq %mm6, %mm5 + + psrlq %mm6, %mm0 + popl %edi + + movd %mm5, %eax + popl %ebx + + movd %mm0, 4(%edx) + + emms + + ret + + + + + + .align 8, 0x90 +.Lunroll: + + + + + + + + + + movd (%ebx), %mm5 + movl $4, %edi + + movd %ecx, %mm6 + testl %edi, %ebx + + psllq $32, %mm5 + jz .Lstart_src_aligned + + + + + + + + + + + + + + + + + movq (%ebx), %mm0 + + psrlq %mm6, %mm0 + addl $4, %ebx + + decl %eax + + movd %mm0, (%edx) + addl $4, %edx +.Lstart_src_aligned: + + + movq (%ebx), %mm1 + testl %edi, %edx + + psrlq %mm6, %mm5 + jz .Lstart_dst_aligned + + + + + + + + + + + + + + + + + + movq %mm1, %mm0 + addl $32, %ecx + + psrlq %mm6, %mm0 + + movd %ecx, %mm6 + + movd %mm0, (%edx) + addl $4, %edx +.Lstart_dst_aligned: + + + movq 8(%ebx), %mm3 + negl %ecx + + movq %mm3, %mm2 + addl $64, %ecx + + movd %ecx, %mm7 + psrlq %mm6, %mm1 + + leal -12(%ebx,%eax,4), %ebx + leal -20(%edx,%eax,4), %edx + + psllq %mm7, %mm3 + subl $7, %eax + + por %mm1, %mm3 + negl %eax + + jns .Lfinish + + + + + + + + + + + + + + + + .align 8, 0x90 +.Lunroll_loop: + + + + + + + + + + + + + + + + + movq (%ebx,%eax,4), %mm0 + psrlq %mm6, %mm2 + + movq %mm0, %mm1 + psllq %mm7, %mm0 + + movq %mm3, -8(%edx,%eax,4) + por %mm2, %mm0 + + movq 8(%ebx,%eax,4), %mm3 + psrlq %mm6, %mm1 + + movq %mm0, (%edx,%eax,4) + movq %mm3, %mm2 + + psllq %mm7, %mm3 + addl $4, %eax + + por %mm1, %mm3 + js .Lunroll_loop + + +.Lfinish: + + + testb $2, %al + + jnz .Lfinish_no_two + + movq (%ebx,%eax,4), %mm0 + psrlq %mm6, %mm2 + + movq %mm0, %mm1 + psllq %mm7, %mm0 + + movq %mm3, -8(%edx,%eax,4) + por %mm2, %mm0 + + movq %mm1, %mm2 + movq %mm0, %mm3 + + addl $2, %eax +.Lfinish_no_two: + + + + + + + + testb $1, %al + popl %edi + + movd %mm5, %eax + jnz .Lfinish_zero + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + movd 8(%ebx), %mm0 + psrlq %mm6, %mm2 + + movq %mm0, %mm1 + psllq %mm7, %mm0 + + movq %mm3, (%edx) + por %mm2, %mm0 + + psrlq %mm6, %mm1 + andl $32, %ecx + + popl %ebx + jz .Lfinish_one_unaligned + + + movd %mm1, 16(%edx) +.Lfinish_one_unaligned: + + movq %mm0, 8(%edx) + + emms + + ret + + + + +.Lfinish_zero: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + movq %mm3, 4(%edx) + psrlq %mm6, %mm2 + + movd %mm2, 12(%edx) + andl $32, %ecx + + popl %ebx + jz .Lfinish_zero_unaligned + + movq %mm2, 12(%edx) +.Lfinish_zero_unaligned: + + emms + + ret Added: trunk/mpi/pentium4/sse2/distfiles =================================================================== --- trunk/mpi/pentium4/sse2/distfiles 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/sse2/distfiles 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,5 @@ +mpih-add1.S +mpih-mul1.S +mpih-mul2.S +mpih-mul3.S +mpih-sub1.S Added: trunk/mpi/pentium4/sse2/mpih-add1.S =================================================================== --- trunk/mpi/pentium4/sse2/mpih-add1.S 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/sse2/mpih-add1.S 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,91 @@ +/* Intel Pentium-4 mpn_add_n -- mpn addition. + * + * Copyright 2001, 2002 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + * Note: This code is heavily based on the GNU MP Library. + * Actually it's the same code with only minor changes in the + * way the data is stored; this is to support the abstraction + * of an optional secure memory allocation which may be used + * to avoid revealing of sensitive data due to paging etc. + */ + + +#include "sysdep.h" +#include "asm-syntax.h" + + + /******************* + * mpi_limb_t + * _gcry_mpih_add_n( mpi_ptr_t res_ptr, (sp + 4) + * mpi_ptr_t s1_ptr, (sp + 8) + * mpi_ptr_t s2_ptr, (sp + 12) + * mpi_size_t size) (sp + 16) + * + * P4 Willamette, Northwood: 4.0 cycles/limb if dst!=src1 and dst!=src2 + * 6.0 cycles/limb if dst==src1 or dst==src2 + * P4 Prescott: >= 5 cycles/limb + * + * The 4 c/l achieved here isn't particularly good, but is better than 9 c/l + * for a basic adc loop. + */ + + TEXT + ALIGN (3) + GLOBL C_SYMBOL_NAME(_gcry_mpih_add_n) +C_SYMBOL_NAME(_gcry_mpih_add_n:) + + pxor %mm0, %mm0 + + movl 8(%esp), %eax /* s1_ptr */ + movl %ebx, 8(%esp) /* re-use parameter space */ + movl 12(%esp), %ebx /* res_ptr */ + movl 4(%esp), %edx /* s2_ptr */ + movl 16(%esp), %ecx /* size */ + + leal (%eax,%ecx,4), %eax /* src1 end */ + leal (%ebx,%ecx,4), %ebx /* src2 end */ + leal (%edx,%ecx,4), %edx /* dst end */ + negl %ecx /* -size */ + +Ltop: +/* + C eax src1 end + C ebx src2 end + C ecx counter, limbs, negative + C edx dst end + C mm0 carry bit +*/ + + movd (%eax,%ecx,4), %mm1 + movd (%ebx,%ecx,4), %mm2 + paddq %mm2, %mm1 + + paddq %mm1, %mm0 + movd %mm0, (%edx,%ecx,4) + + psrlq $32, %mm0 + + addl $1, %ecx + jnz Ltop + + + movd %mm0, %eax + movl 8(%esp), %ebx /* restore saved EBX */ + emms + ret Added: trunk/mpi/pentium4/sse2/mpih-mul1.S =================================================================== --- trunk/mpi/pentium4/sse2/mpih-mul1.S 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/sse2/mpih-mul1.S 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,96 @@ +/* Intel Pentium-4 mpn_mul_1 -- Multiply a limb vector with a limb and store + * the result in a second limb vector. + * + * Copyright 2001, 2002, 2003, 2005 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + * Note: This code is heavily based on the GNU MP Library. + * Actually it's the same code with only minor changes in the + * way the data is stored; this is to support the abstraction + * of an optional secure memory allocation which may be used + * to avoid revealing of sensitive data due to paging etc. + */ + + +#include "sysdep.h" +#include "asm-syntax.h" + + +/******************* + * mpi_limb_t + * _gcry_mpih_mul_1( mpi_ptr_t res_ptr, (sp + 4) + * mpi_ptr_t s1_ptr, (sp + 8) + * mpi_size_t s1_size, (sp + 12) + * mpi_limb_t s2_limb) (sp + 16) + * + * src != dst src == dst + * P6 model 9 (Banias) ?.? + * P6 model 13 (Dothan) 4.75 4.75 + * P4 model 0 (Willamette) 4.0 6.0 + * P4 model 1 (?) 4.0 6.0 + * P4 model 2 (Northwood) 4.0 6.0 + * P4 model 3 (Prescott) ?.? ?.? + * P4 model 4 (Nocona) ?.? ?.? + * Unfortunately when src==dst the write-combining described in + * pentium4/README takes us up to 6 c/l. + * + */ + + TEXT + ALIGN (3) + GLOBL C_SYMBOL_NAME(_gcry_mpih_mul_1) +C_SYMBOL_NAME(_gcry_mpih_mul_1:); + + pxor %mm0, %mm0 + +.Lstart_1c: + movl 8(%esp), %eax + movd 16(%esp), %mm7 + movl 4(%esp), %edx + movl 12(%esp), %ecx + +.Ltop: + +/* + C eax src, incrementing + C ebx + C ecx counter, size iterations + C edx dst, incrementing + C + C mm0 carry limb + C mm7 multiplier +*/ + + movd (%eax), %mm1 + addl $4, %eax + pmuludq %mm7, %mm1 + + paddq %mm1, %mm0 + movd %mm0, (%edx) + addl $4, %edx + + psrlq $32, %mm0 + + subl $1, %ecx + jnz .Ltop + + + movd %mm0, %eax + emms + ret + Added: trunk/mpi/pentium4/sse2/mpih-mul2.S =================================================================== --- trunk/mpi/pentium4/sse2/mpih-mul2.S 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/sse2/mpih-mul2.S 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,136 @@ +/* Intel Pentium-4 mpn_addmul_1 -- Multiply a limb vector with a limb and add + * the result to a second limb vector. + * + * Copyright 2001, 2002, 2004, 2005 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + * Note: This code is heavily based on the GNU MP Library. + * Actually it's the same code with only minor changes in the + * way the data is stored; this is to support the abstraction + * of an optional secure memory allocation which may be used + * to avoid revealing of sensitive data due to paging etc. + */ + + +#include "sysdep.h" +#include "asm-syntax.h" + + +/******************* + * mpi_limb_t + * _gcry_mpih_addmul_1( mpi_ptr_t res_ptr, (sp + 4) + * mpi_ptr_t s1_ptr, (sp + 8) + * mpi_size_t s1_size, (sp + 12) + * mpi_limb_t s2_limb) (sp + 16) + * + * P3 model 9 (Banias) ?.? + * P3 model 13 (Dothan) 5.8 + * P4 model 0 (Willamette) 5.5 + * P4 model 1 (?) 5.5 + * P4 model 2 (Northwood) 5.5 + * P4 model 3 (Prescott) 6.0 + * P4 model 4 (Nocona) + * + * Only the carry limb propagation is on the dependent chain, but some other + * Pentium4 pipeline magic brings down performance to 6 cycles/l from the + * ideal 4 cycles/l. + */ + + + TEXT + ALIGN (4) + GLOBL C_SYMBOL_NAME(_gcry_mpih_addmul_1) +C_SYMBOL_NAME(_gcry_mpih_addmul_1:) + + pxor %mm4, %mm4 +.Lstart_1c: + movl 8(%esp), %eax + movl 12(%esp), %ecx + movl 4(%esp), %edx + movd 16(%esp), %mm7 + +/* + C eax src, incrementing ; 5B + C ecx loop counter, decrementing + C edx dst, incrementing + C + C mm4 carry, low 32-bits + C mm7 multiplier +*/ + + movd (%eax), %mm2 + pmuludq %mm7, %mm2 + + shrl $1, %ecx + jnc .Leven + + leal 4(%eax), %eax + movd (%edx), %mm1 + paddq %mm2, %mm1 + paddq %mm1, %mm4 + movd %mm4, (%edx) + psrlq $32, %mm4 + + testl %ecx, %ecx + jz .Lrtn + leal 4(%edx), %edx + + movd (%eax), %mm2 + pmuludq %mm7, %mm2 +.Leven: + movd 4(%eax), %mm0 + movd (%edx), %mm1 + pmuludq %mm7, %mm0 + + subl $1, %ecx + jz .Lend +.Lloop: + paddq %mm2, %mm1 + movd 8(%eax), %mm2 + paddq %mm1, %mm4 + movd 4(%edx), %mm3 + pmuludq %mm7, %mm2 + movd %mm4, (%edx) + psrlq $32, %mm4 + + paddq %mm0, %mm3 + movd 12(%eax), %mm0 + paddq %mm3, %mm4 + movd 8(%edx), %mm1 + pmuludq %mm7, %mm0 + movd %mm4, 4(%edx) + psrlq $32, %mm4 + + leal 8(%eax), %eax + leal 8(%edx), %edx + subl $1, %ecx + jnz .Lloop +.Lend: + paddq %mm2, %mm1 + paddq %mm1, %mm4 + movd 4(%edx), %mm3 + movd %mm4, (%edx) + psrlq $32, %mm4 + paddq %mm0, %mm3 + paddq %mm3, %mm4 + movd %mm4, 4(%edx) + psrlq $32, %mm4 +.Lrtn: + movd %mm4, %eax + emms + ret Added: trunk/mpi/pentium4/sse2/mpih-mul3.S =================================================================== --- trunk/mpi/pentium4/sse2/mpih-mul3.S 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/sse2/mpih-mul3.S 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,127 @@ +/* Intel Pentium-4 mpn_submul_1 -- Multiply a limb vector with a limb and + * subtract the result from a second limb vector. + * + * Copyright 2001, 2002 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + * Note: This code is heavily based on the GNU MP Library. + * Actually it's the same code with only minor changes in the + * way the data is stored; this is to support the abstraction + * of an optional secure memory allocation which may be used + * to avoid revealing of sensitive data due to paging etc. + */ + + +#include "sysdep.h" +#include "asm-syntax.h" + + +/******************* + * mpi_limb_t + * _gcry_mpih_submul_1( mpi_ptr_t res_ptr, (sp + 4) + * mpi_ptr_t s1_ptr, (sp + 8) + * mpi_size_t s1_size, (sp + 12) + * mpi_limb_t s2_limb) (sp + 16) + * + * P4: 7 cycles/limb, unstable timing, at least on early Pentium4 silicon + * (stepping 10). + * + * This code is not particularly good at 7 c/l. The dependent chain is only + * 4 c/l and there's only 4 MMX unit instructions, so it's not clear why that + * speed isn't achieved. + * + * The arrangements made here to get a two instruction dependent chain are + * slightly subtle. In the loop the carry (or borrow rather) is a negative + * so that a paddq can be used to give a low limb ready to store, and a high + * limb ready to become the new carry after a psrlq. + * + * If the carry was a simple twos complement negative then the psrlq shift + * would need to bring in 0 bits or 1 bits according to whether the high was + * zero or non-zero, since a non-zero value would represent a negative + * needing sign extension. That wouldn't be particularly easy to arrange and + * certainly would add an instruction to the dependent chain, so instead an + * offset is applied so that the high limb will be 0xFFFFFFFF+c. With c in + * the range -0xFFFFFFFF to 0, the value 0xFFFFFFFF+c is in the range 0 to + * 0xFFFFFFFF and is therefore always positive and can always have 0 bits + * shifted in, which is what psrlq does. + * + * The extra 0xFFFFFFFF must be subtracted before c is used, but that can be + * done off the dependent chain. The total adjustment then is to add + * 0xFFFFFFFF00000000 to offset the new carry, and subtract + * 0x00000000FFFFFFFF to remove the offset from the current carry, for a net + * add of 0xFFFFFFFE00000001. In the code this is applied to the destination + * limb when fetched. + * + * It's also possible to view the 0xFFFFFFFF adjustment as a ones-complement + * negative, which is how it's undone for the return value, but that doesn't + * seem as clear. +*/ + + TEXT + ALIGN (4) + GLOBL C_SYMBOL_NAME(_gcry_mpih_submul_1) +C_SYMBOL_NAME(_gcry_mpih_submul_1:) + + pxor %mm1, %mm1 + +.Lstart_1c: + movl 8(%esp), %eax + pcmpeqd %mm0, %mm0 + + movd 16(%esp), %mm7 + pcmpeqd %mm6, %mm6 + + movl 4(%esp), %edx + psrlq $32, %mm0 + + movl 12(%esp), %ecx + psllq $32, %mm6 + + psubq %mm0, %mm6 + + psubq %mm1, %mm0 + +/* + C eax src, incrementing + C ebx + C ecx loop counter, decrementing + C edx dst, incrementing + C + C mm0 0xFFFFFFFF - borrow + C mm6 0xFFFFFFFE00000001 + C mm7 multiplier +*/ + +.Lloop: + movd (%eax), %mm1 + leal 4(%eax), %eax + movd (%edx), %mm2 + paddq %mm6, %mm2 + pmuludq %mm7, %mm1 + psubq %mm1, %mm2 + paddq %mm2, %mm0 + subl $1, %ecx + movd %mm0, (%edx) + psrlq $32, %mm0 + leal 4(%edx), %edx + jnz .Lloop + + movd %mm0, %eax + notl %eax + emms + ret Added: trunk/mpi/pentium4/sse2/mpih-sub1.S =================================================================== --- trunk/mpi/pentium4/sse2/mpih-sub1.S 2007-04-28 18:51:15 UTC (rev 1235) +++ trunk/mpi/pentium4/sse2/mpih-sub1.S 2007-04-29 01:32:10 UTC (rev 1236) @@ -0,0 +1,112 @@ +/* Intel Pentium-4 mpn_sub_n -- mpn subtraction. + * + * Copyright 2001, 2002 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * + * Note: This code is heavily based on the GNU MP Library. + * Actually it's the same code with only minor changes in the + * way the data is stored; this is to support the abstraction + * of an optional secure memory allocation which may be used + * to avoid revealing of sensitive data due to paging etc. + */ + + +#include "sysdep.h" +#include "asm-syntax.h" + + +/******************* + * mpi_limb_t + * _gcry_mpih_sub_n( mpi_ptr_t res_ptr, (sp + 4) + * mpi_ptr_t s1_ptr, (sp + 8) + * mpi_ptr_t s2_ptr, (sp + 12) + * mpi_size_t size) (sp + 16) + * + * P4 Willamette, Northwood: 4.0 cycles/limb if dst!=src1 and dst!=src2 + * 6.0 cycles/limb if dst==src1 or dst==src2 + * P4 Prescott: >= 5 cycles/limb + * + * The main loop code is 2x unrolled so that the carry bit can alternate + * between mm0 and mm1. + */ + + +.text + ALIGN (3) + .globl C_SYMBOL_NAME(_gcry_mpih_sub_n) +C_SYMBOL_NAME(_gcry_mpih_sub_n:) + + pxor %mm0, %mm0 +.Lstart_nc: + movl 8(%esp), %eax + movl %ebx, 8(%esp) + movl 12(%esp), %ebx + movl 4(%esp), %edx + movl 16(%esp), %ecx + + leal (%eax,%ecx,4), %eax + leal (%ebx,%ecx,4), %ebx + leal (%edx,%ecx,4), %edx + negl %ecx + +.Ltop: +/* + C eax src1 end + C ebx src2 end + C ecx counter, limbs, negative + C edx dst end + C mm0 carry bit +*/ + + movd (%eax,%ecx,4), %mm1 + movd (%ebx,%ecx,4), %mm2 + psubq %mm2, %mm1 + + psubq %mm0, %mm1 + movd %mm1, (%edx,%ecx,4) + + psrlq $63, %mm1 + + addl $1, %ecx + jz .Ldone_mm1 + + movd (%eax,%ecx,4), %mm0 + movd (%ebx,%ecx,4), %mm2 + psubq %mm2, %mm0 + + psubq %mm1, %mm0 + movd %mm0, (%edx,%ecx,4) + + psrlq $63, %mm0 + + addl $1, %ecx + jnz .Ltop + + + movd %mm0, %eax + movl 8(%esp), %ebx + emms + ret + + + +.Ldone_mm1: + movd %mm1, %eax + movl 8(%esp), %ebx + emms + ret From cvs at cvs.gnupg.org Mon Apr 30 01:50:25 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Mon, 30 Apr 2007 01:50:25 +0200 Subject: [svn] gcry - r1237 - in trunk: cipher tests Message-ID: Author: marcus Date: 2007-04-30 01:49:56 +0200 (Mon, 30 Apr 2007) New Revision: 1237 Modified: trunk/cipher/ChangeLog trunk/cipher/ecc.c trunk/cipher/pubkey.c trunk/tests/ChangeLog trunk/tests/benchmark.c Log: cipher/ 2007-04-30 Marcus Brinkmann * ecc.c (ec2os): Fix relocation of short numbers. * ecc.c (generate_key): Do not allocate D, which will be allocated by GEN_K. Remove G. Fix test if g_x, g_y resp. q_x, q_y are requested. (_gcry_ecc_generate): Release unneeded members of SK. * pubkey.c (sexp_to_key): Release NAME. tests/ 2007-04-30 Marcus Brinkmann * benchmark.c (ecc_bench): Release KEY_SPEC. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-04-29 01:32:10 UTC (rev 1236) +++ trunk/cipher/ChangeLog 2007-04-29 23:49:56 UTC (rev 1237) @@ -1,3 +1,13 @@ +2007-04-30 Marcus Brinkmann + + * ecc.c (ec2os): Fix relocation of short numbers. + + * ecc.c (generate_key): Do not allocate D, which will be allocated + by GEN_K. Remove G. Fix test if g_x, g_y resp. q_x, q_y are + requested. + (_gcry_ecc_generate): Release unneeded members of SK. + * pubkey.c (sexp_to_key): Release NAME. + 2007-04-28 Marcus Brinkmann * ac.c (gcry_ac_mpi): Remove member NAME_PROVIDED. Modified: trunk/cipher/ecc.c =================================================================== --- trunk/cipher/ecc.c 2007-04-29 01:32:10 UTC (rev 1236) +++ trunk/cipher/ecc.c 2007-04-29 23:49:56 UTC (rev 1237) @@ -503,7 +503,7 @@ gpg_err_code_t err; elliptic_curve_t E; gcry_mpi_t d; - mpi_point_t Q, G; + mpi_point_t Q; mpi_ec_t ctx; err = generate_curve (nbits, name, &E, &nbits); @@ -521,12 +521,9 @@ log_mpidump ("ecc generation Gz", E.G.z); } - d = mpi_snew (nbits); if (DBG_CIPHER) log_debug ("choosing a random x of size %u\n", nbits); d = gen_k (E.n, GCRY_VERY_STRONG_RANDOM); - point_init (&G); - point_set (&G, &E.G); /* Compute Q. */ point_init (&Q); @@ -545,12 +542,12 @@ sk->d = mpi_copy (d); /* We also return copies of G and Q in affine coordinates if requested. */ - if (g_x && q_x) + if (g_x && g_y) { if (_gcry_mpi_ec_get_affine (g_x, g_y, &sk->E.G, ctx)) log_fatal ("ecc generate: Failed to get affine coordinates\n"); } - if (q_x && q_x) + if (q_x && q_y) { if (_gcry_mpi_ec_get_affine (q_x, q_y, &sk->Q, ctx)) log_fatal ("ecc generate: Failed to get affine coordinates\n"); @@ -863,7 +860,7 @@ log_fatal ("mpi_print failed: %s\n", gpg_strerror (err)); if (n < pbytes) { - memmove (ptr+(pbytes-n), buf+1, n); + memmove (ptr+(pbytes-n), ptr, n); memset (ptr, 0, (pbytes-n)); } ptr += pbytes; @@ -872,7 +869,7 @@ log_fatal ("mpi_print failed: %s\n", gpg_strerror (err)); if (n < pbytes) { - memmove (ptr+(pbytes-n), buf+1, n); + memmove (ptr+(pbytes-n), ptr, n); memset (ptr, 0, (pbytes-n)); } @@ -978,11 +975,16 @@ skey[0] = sk.E.p; skey[1] = sk.E.a; skey[2] = sk.E.b; + /* The function ec2os releases g_x and g_y. */ skey[3] = ec2os (g_x, g_y, sk.E.p); skey[4] = sk.E.n; + /* The function ec2os releases g_x and g_y. */ skey[5] = ec2os (q_x, q_y, sk.E.p); skey[6] = sk.d; + point_free (&sk.E.G); + point_free (&sk.Q); + return 0; } Modified: trunk/cipher/pubkey.c =================================================================== --- trunk/cipher/pubkey.c 2007-04-29 01:32:10 UTC (rev 1236) +++ trunk/cipher/pubkey.c 2007-04-29 23:49:56 UTC (rev 1237) @@ -940,6 +940,7 @@ encryption). For RSA this is easy, but ECC is the first algorithm which has many flavours. */ is_ecc = ( !strcmp (name, "ecdsa") || !strcmp (name, "ecc") ); + gcry_free (name); if (!module) { Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-04-29 01:32:10 UTC (rev 1236) +++ trunk/tests/ChangeLog 2007-04-29 23:49:56 UTC (rev 1237) @@ -1,3 +1,7 @@ +2007-04-30 Marcus Brinkmann + + * benchmark.c (ecc_bench): Release KEY_SPEC. + 2007-04-28 Marcus Brinkmann * ac-data.c (check_run): Don't give redundant GCRY_AC_FLAG_DEALLOC Modified: trunk/tests/benchmark.c =================================================================== --- trunk/tests/benchmark.c 2007-04-29 01:32:10 UTC (rev 1236) +++ trunk/tests/benchmark.c 2007-04-29 23:49:56 UTC (rev 1237) @@ -679,7 +679,6 @@ "(genkey (ECDSA (nbits %d)))", p_sizes[testno]); if (err) die ("creating S-expression failed: %s\n", gcry_strerror (err)); - start_timer (); err = gcry_pk_genkey (&key_pair, key_spec); @@ -694,6 +693,7 @@ if (! sec_key) die ("private part missing in key\n"); gcry_sexp_release (key_pair); + gcry_sexp_release (key_spec); stop_timer (); printf (" %s", elapsed_time ()); From cvs at cvs.gnupg.org Mon Apr 30 16:10:03 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 30 Apr 2007 16:10:03 +0200 Subject: [svn] gcry - r1238 - in trunk: . doc mpi src tests Message-ID: Author: wk Date: 2007-04-30 16:09:33 +0200 (Mon, 30 Apr 2007) New Revision: 1238 Added: trunk/doc/HACKING trunk/doc/Notes-wk trunk/doc/README.apichanges trunk/tests/version.c Removed: trunk/Notes-wk trunk/README.apichanges trunk/w32-dll/ Modified: trunk/ChangeLog trunk/Makefile.am trunk/NEWS trunk/doc/ChangeLog trunk/doc/Makefile.am trunk/doc/gcrypt.texi trunk/mpi/ChangeLog trunk/mpi/Makefile.am trunk/mpi/config.links trunk/mpi/mpiutil.c trunk/src/ChangeLog trunk/src/g10lib.h trunk/src/gcrypt.h.in trunk/src/global.c trunk/tests/ChangeLog trunk/tests/Makefile.am Log: ./ * README.apichanges: Move to doc/. * Makefile.am (EXTRA_DIST): Removed that file. doc/ * HACKING: New. Two items by Marcus. * README.apichanges: Move from .. to here. * Makefile.am (EXTRA_DIST): Add new files. mpi/ * config.links: Create a file mod-source-info.h. * Makefile.am (DISTCLEANFILES): Add that file. * mpiutil.c (_gcry_mpi_get_hw_config): New. src/ * global.c (gcry_control): New. * gcrypt.h.in (GCRYCTL_DUMP_CONFIG): New. tests/ * version.c: New. * Makefile.am (TESTS): Add version. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/ChangeLog 2007-04-30 14:09:33 UTC (rev 1238) @@ -1,3 +1,8 @@ +2007-04-30 Werner Koch + + * README.apichanges: Move to doc/. + * Makefile.am (EXTRA_DIST): Removed that file. + 2007-04-28 Marcus Brinkmann * configure.ac: Allow to specify additional search directories Modified: trunk/Makefile.am =================================================================== --- trunk/Makefile.am 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/Makefile.am 2007-04-30 14:09:33 UTC (rev 1238) @@ -23,7 +23,7 @@ DIST_SUBDIRS = m4 mpi cipher src doc tests SUBDIRS = mpi cipher src doc tests -EXTRA_DIST = BUGS autogen.sh README.apichanges README.SVN +EXTRA_DIST = BUGS autogen.sh README.SVN DISTCLEANFILES = Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/NEWS 2007-04-30 14:09:33 UTC (rev 1238) @@ -51,6 +51,7 @@ gcry_md_debug NEW gcry_sexp_nth_string NEW GCRYCTL_FAKED_RANDOM_P NEW + GCRYCTL_DUMP_CONFIG NEW GCRY_MD_SHA224 NEW GCRY_PK_USAGE_CERT NEW GCRY_PK_USAGE_AUTH NEW Deleted: trunk/Notes-wk Deleted: trunk/README.apichanges Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/doc/ChangeLog 2007-04-30 14:09:33 UTC (rev 1238) @@ -1,3 +1,9 @@ +2007-04-30 Werner Koch + + * HACKING: New. Two items by Marcus. + * README.apichanges: Move from .. to here. + * Makefile.am (EXTRA_DIST): Add new files. + 2007-04-09 Marcus Brinkmann * gcrypt.texi: Fix some typos. Added: trunk/doc/HACKING =================================================================== --- trunk/doc/HACKING 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/doc/HACKING 2007-04-30 14:09:33 UTC (rev 1238) @@ -0,0 +1,66 @@ + Various hacking notes -*- text -*- + ======================= + + +Taking optimized MPI code out of GMP: +------------------------------------- + + I generated the pentium4/* files by glueing the existing assembler + prologues to the GMP 4.2.1 assembler files generated with the m4 + tool in GMP's build process, for example: + + $ m4 -DHAVE_CONFIG_H -D__GMP_WITHIN_GMP -DOPERATION_rshift -DPIC \ + rshift.asm >tmp-rshift.s + + Then tmp-rshift will contain the assembler instructions for the + configured platform. Unfortunately, this way the comments are lost. + For most files I re-inserted some of the comments, but this is + tedious work. + + +Debugging math stuff: +--------------------- + + While debugging the ECC code in libgcrypt, I was in need for some + computer algebra system which would allow me to verify the numbers + in the debugging easily. I found that PARI (pari-gp package in + Debian) has support for elliptic curves. The below commands shows + how they are set up and used with an example. + + ===8<======== + hextodec(s)=local(v=Vec(s),a=10,b=11,c=12,d=13,e=14,f=15,A=10,B=11,C=12,D=13,E=14,F=15,h);if(#setunion(Set(v),Vec("0123456789ABCDEFabcdef"))>22,error);for(i=1,#v,h=shift(h,4)+eval(v[i]));h + + p = hextodec("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF") + a = hextodec("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC") + b = hextodec("51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00") + + /* Set up y^2 = x^3 + ax + b mod (p). */ + e = ellinit(Mod(1,p)*[0,0,0,a,b]); + + gx = hextodec ("00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66") + gy = hextodec ("011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650") + g = Mod(1,p)*[gx,gy] + + n = hextodec ("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409") + + /* Verify that G is on the curve, and that n is the order. */ + ellisoncurve (e,g) + isprime (n) + ellpow (e,g,n) + + d = hextodec ("018F9573F25059571BDF614529953DE2540497CEDABD04F3AF78813BED7BB163A2FD919EECF822848FCA39EF55E500F8CE861C7D53D371857F7774B79428E887F81B") + + qx = hextodec ("00316AAAD3E905875938F588BD9E8A4785EF9BDB76D62A83A5340F82CB8E800B25619F5C3EA02B7A4FA43D7497C7702F7DFBEAC8E8F92C3CAABD9F84182FDA391B3B") + /* Note: WRONG! (It is apparent that this is the same as X shifted by + 8 bit). */ + qy = hextodec ("0000316AAAD3E905875938F588BD9E8A4785EF9BDB76D62A83A5340F82CB8E800B25619F5C3EA02B7A4FA43D7497C7702F7DFBEAC8E8F92C3CAABD9F84182FDA391B") + q = Mod(1,p)*[qx,qy] + + /* Calculate what Q should be given d. */ + ellpow (e,g,d) + + /* This is not 0 and thus shows that libgcrypt gave Q and d that do + not match. */ + ellpow (e,g,d) - q + ====8<===================== + Modified: trunk/doc/Makefile.am =================================================================== --- trunk/doc/Makefile.am 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/doc/Makefile.am 2007-04-30 14:09:33 UTC (rev 1238) @@ -17,6 +17,8 @@ # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA +EXTRA_DIST = README.apichanges HACKING + DISTCLEANFILES = gcrypt.cps info_TEXINFOS = gcrypt.texi Copied: trunk/doc/Notes-wk (from rev 1237, trunk/Notes-wk) Copied: trunk/doc/README.apichanges (from rev 1237, trunk/README.apichanges) =================================================================== --- trunk/README.apichanges 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/doc/README.apichanges 2007-04-30 14:09:33 UTC (rev 1238) @@ -0,0 +1,115 @@ +README.apichanges 2003-07-28 + + NOTE: THESE ARE API CHANGES DONE BEFORE THE FIRST STABLE RELEASE SO + THEY ARE NOT RELEVANT ANYMORE [stable is 1.2.4 right now] + +We decided to change a couple of annoying things in Libgcrypt and to +cleanup the API. The new API better fits into a multi-threaded +environment and is more consistent. One import change is that all +functions return error codes from a set of error codes shared between +GnuPG, GPGME and Libgcrypt. + +This file contains some hints on how to port your application from +libgcrypt <= 1.1.12 to the current API as of 1.1.42. We hope that +there won't be another need for such a major change. + + +* Types + + All types definitions changed to a foo_t scheme; for some time we + will support the old names but you better start to rename them: + + s/GCRY_MPI/gcry_mpi_t/ + s/GcryMPI/gcry_mpi_t/ + s/GCRY_SEXP/gcry_sexp_t/ + s/GcrySexp/gcry_sexp_t/ + s/GCRY_CIPHER_HD/gcry_cipher_hd_t/ + s/GcryCipherHd/gcry_cipher_hd_t/ + s/GCRY_MD_HD/gcry_md_hd_t/ + s/GcryMDHd/gcry_md_hd_t/ + +* Initialization + + For proper initialization of the library, you must call + gcry_check_version() before calling any other function except for + these gcry_control operations: + GCRYCTL_SUSPEND_SECMEM_WARN + GCRYCTL_DISABLE_INTERNAL_LOCKING + GCRYCTL_ANY_INITIALIZATION_P + GCRYCTL_INITIALIZATION_FINISHED_P + + +* Handles + + gcry_cipher_open and gcry_md_open do now return an error code + instead of a NULL handle; the handle is now returned by + asigning it to the first argument. Example on how to change your + code: + + Old: + + hd = gcry_md_open (algo, flags); + if (!hd) + { + fprintf (stderr, "md_open failed: %s\n", gcry_errno (-1)); + .... + + New: + + rc = gcry_md_open (&hd, algo, flags); + if (rc) + { + fprintf (stderr, "md_open failed: %s\n", gcry_strerror (rc)); + .... + + If you are not interested in the error code, you can do it in a + simplified way: + + gcry_md_open (&hd, algo, flags); + if (!hd) + abort (); + + i.e. the function makes sure that HD points to NULL in case of an error. + The required change for gcry_cipher_open is similar. + +* Message Digests + + The order of the arguments to gcry_md_copy has been changed in order + to be more consistent with other functions of this type. This means + that the new message digest handle will be a copy of the message + handle specified by the second argument and stored at the address + pointed to by the first argument. + +* Error codes + + gcry_errno () has been removed because it is hard to use in + multi-threaded environment. You need to save the error code + returned by the functions and use it either numerical or passing it + to gcry_strerror (since gcry_strerror is a wrapper function for + gpg_strerror, the latter function can also be used). + + Instead of using the error codes GCRYERR_*, you have to use the + GPG_ERR_* names. + +* S-expressions + + gcry_sexp_canon_len used to return a `historical' error code in + `errcode', this is not the case anymore; the value returned in + `errcode' is now a standard Libgcrypt (i.e. gpg-error) error code. + +* MPI + + gcry_mpi_scan and gcry_mpi_print need the size of a provided buffer + as input and return the number of bytes actually scanned/printed to + the user. The old API used a single size_t Pointer for both tasks, + the new API distinguishes between the input and the output values. + +* Public Key cryptography + + gcry_pk_decrypt used to return a `simple S-expression part' that + contains a single MPI value. In case the `data' S-expression + contains a `flags' element, the result S-expression is filled with a + complete S-expression of the following format: + + (value PLAINTEXT) + Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/doc/gcrypt.texi 2007-04-30 14:09:33 UTC (rev 1238) @@ -535,6 +535,11 @@ This command dumps secure memory manamgent related statistics to the librarys logging stream. + at item GCRYCTL_DUMP_CONFIG +This command dumps information pertaining to the configuration of +libgcrypt to the logging stream. It may be used before the +intialization has been finished but not before a gcry_version_check. + @item GCRYCTL_DROP_PRIVS This command disables the use of secure memory and drops the priviliges of the current process. FIXME. Modified: trunk/mpi/ChangeLog =================================================================== --- trunk/mpi/ChangeLog 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/mpi/ChangeLog 2007-04-30 14:09:33 UTC (rev 1238) @@ -1,3 +1,9 @@ +2007-04-30 Werner Koch + + * config.links: Create a file mod-source-info.h. + * Makefile.am (DISTCLEANFILES): Add that file. + * mpiutil.c (_gcry_mpi_get_hw_config): New. + 2007-04-28 Marcus Brinkmann * config.links: Add additional assembler search directories. Modified: trunk/mpi/Makefile.am =================================================================== --- trunk/mpi/Makefile.am 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/mpi/Makefile.am 2007-04-30 14:09:33 UTC (rev 1238) @@ -38,7 +38,8 @@ EXTRA_DIST = Manifest config.links DISTCLEANFILES = mpi-asm-defs.h \ mpih-add1.S mpih-mul1.S mpih-mul2.S mpih-mul3.S \ - mpih-lshift.S mpih-rshift.S mpih-sub1.S asm-syntax.h sysdep.h + mpih-lshift.S mpih-rshift.S mpih-sub1.S asm-syntax.h \ + sysdep.h mod-source-info.h # Note: we only use .S files so we should delete all left over .s CLEANFILES = _*.s __*.s Modified: trunk/mpi/config.links =================================================================== --- trunk/mpi/config.links 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/mpi/config.links 2007-04-30 14:09:33 UTC (rev 1238) @@ -318,11 +318,14 @@ done fi -# try to get file to link from the assembler subdirectory and +# Try to get file to link from the assembler subdirectory and # if this fails get it from the generic subdirectory. mpi_ln_list= mpi_mod_list= path="$mpi_extra_path $path generic" +echo '/* Created by config.links - do not edit */' >./mpi/mod-source-info.h +echo "/* Target: ${target} */" >>./mpi/mod-source-info.h +echo "static char mod_source_info[] =" >>./mpi/mod-source-info.h for fn in $mpi_required_modules ; do fnu=`echo $fn | sed 's/-/_/g'` eval mpi_mod_c_${fnu}=no @@ -330,11 +333,13 @@ for dir in $path ; do rm -f $srcdir/mpi/$fn.[Sc] if test -f $srcdir/mpi/$dir/$fn.S ; then + echo " \":$dir/$fn.S\"" >>./mpi/mod-source-info.h mpi_ln_list="$mpi_ln_list mpi/$fn.S:mpi/$dir/$fn.S" eval mpi_mod_asm_${fnu}=yes mpi_mod_list="$mpi_mod_list $fn" break; elif test -f $srcdir/mpi/$dir/$fn.c ; then + echo " \":$dir/$fn.c\"" >>./mpi/mod-source-info.h mpi_ln_list="$mpi_ln_list mpi/$fn.c:mpi/$dir/$fn.c" eval mpi_mod_c_${fnu}=yes mpi_mod_list="$mpi_mod_list $fn" @@ -342,6 +347,7 @@ fi done done +echo " ;" >>./mpi/mod-source-info.h # Same thing for the file which defines the limb size path="$path generic" Modified: trunk/mpi/mpiutil.c =================================================================== --- trunk/mpi/mpiutil.c 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/mpi/mpiutil.c 2007-04-30 14:09:33 UTC (rev 1238) @@ -27,7 +27,16 @@ #include "g10lib.h" #include "mpi-internal.h" #include "memory.h" +#include "mod-source-info.h" + +const char * +_gcry_mpi_get_hw_config (void) +{ + return mod_source_info + 1; +} + + /**************** * Note: It was a bad idea to use the number of limbs to allocate * because on a alpha the limbs are large but we normally need Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/src/ChangeLog 2007-04-30 14:09:33 UTC (rev 1238) @@ -1,3 +1,9 @@ +2007-04-30 Werner Koch + + * global.c (gcry_control): New. + + * gcrypt.h.in (GCRYCTL_DUMP_CONFIG): New. + 2007-04-18 Werner Koch * gcrypt.h.in (gcry_sexp_nth_string): New. Modified: trunk/src/g10lib.h =================================================================== --- trunk/src/g10lib.h 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/src/g10lib.h 2007-04-30 14:09:33 UTC (rev 1238) @@ -105,7 +105,10 @@ +/*-- mpi/mpiutil.c --*/ +const char *_gcry_mpi_get_hw_config (void); + /*-- cipher/pubkey.c --*/ /* FIXME: shouldn't this go into mpi.h? */ Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/src/gcrypt.h.in 2007-04-30 14:09:33 UTC (rev 1238) @@ -355,7 +355,8 @@ GCRYCTL_FAST_POLL = 48, GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49, GCRYCTL_USE_RANDOM_DAEMON = 50, - GCRYCTL_FAKED_RANDOM_P = 51 + GCRYCTL_FAKED_RANDOM_P = 51, + GCRYCTL_DUMP_CONFIG = 52 }; /* Perform various operations defined by CMD. */ Modified: trunk/src/global.c =================================================================== --- trunk/src/global.c 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/src/global.c 2007-04-30 14:09:33 UTC (rev 1238) @@ -354,6 +354,15 @@ _gcry_use_random_daemon (!! va_arg (arg_ptr, int)); break; + /* This command dumps information pertaining to the + configuration of libgcrypt to the logging stream. It may be + used before the intialization has been finished but not + before a gcry_version_check. */ + case GCRYCTL_DUMP_CONFIG: + log_info ("version=%s\n", VERSION); + log_info ("mpi-asm=%s\n", _gcry_mpi_get_hw_config ()); + break; + default: err = GPG_ERR_INV_OP; } Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/tests/ChangeLog 2007-04-30 14:09:33 UTC (rev 1238) @@ -1,3 +1,8 @@ +2007-04-30 Werner Koch + + * version.c: New. + * Makefile.am (TESTS): Add version. + 2007-04-30 Marcus Brinkmann * benchmark.c (ecc_bench): Release KEY_SPEC. Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/tests/Makefile.am 2007-04-30 14:09:33 UTC (rev 1238) @@ -18,7 +18,7 @@ ## Process this file with automake to produce Makefile.in -TESTS = t-mpi-bit prime register ac ac-schemes ac-data basic \ +TESTS = version t-mpi-bit prime register ac ac-schemes ac-data basic \ mpitests tsexp keygen pubkey hmac keygrip # random tests forking thus no a test for W32 does not make any sense. Added: trunk/tests/version.c =================================================================== --- trunk/tests/version.c 2007-04-29 23:49:56 UTC (rev 1237) +++ trunk/tests/version.c 2007-04-30 14:09:33 UTC (rev 1238) @@ -0,0 +1,58 @@ +/* version.c - This version test should be run first. + Copyright (C) 2007 Free Software Foundation, Inc. + + This file is part of Libgcrypt. + + Libgcrypt is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + Libgcrypt is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, + USA. */ + +/* This test should be run first because due to a failing config.links + script or bad configure parameters the just build libgcrypt may + crash in case MPI function for specific CPU revisions have been + enabled. Running this test first will print out information so to + make it easier to figure out the problem. */ + + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include + +#include "../src/gcrypt.h" + +#define PGM "version" + + +int +main (int argc, char **argv) +{ + (void)argc; + (void)argv; + + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + if (!gcry_check_version (GCRYPT_VERSION)) + { + fprintf (stderr, PGM ": version mismatch\n"); + exit (1); + } + + gcry_control (GCRYCTL_DUMP_CONFIG, 0); + + return 0; +} + From cvs at cvs.gnupg.org Mon Apr 30 17:38:06 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 30 Apr 2007 17:38:06 +0200 Subject: [svn] gcry - r1239 - in trunk: . cipher doc src Message-ID: Author: wk Date: 2007-04-30 17:37:37 +0200 (Mon, 30 Apr 2007) New Revision: 1239 Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/random.h trunk/cipher/rndegd.c trunk/doc/gcrypt.texi trunk/src/ChangeLog trunk/src/gcrypt.h.in trunk/src/global.c Log: Add support for setting the EGD socket. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-04-30 14:09:33 UTC (rev 1238) +++ trunk/NEWS 2007-04-30 15:37:37 UTC (rev 1239) @@ -50,14 +50,15 @@ gcry_fast_random_poll NEW gcry_md_debug NEW gcry_sexp_nth_string NEW - GCRYCTL_FAKED_RANDOM_P NEW - GCRYCTL_DUMP_CONFIG NEW GCRY_MD_SHA224 NEW GCRY_PK_USAGE_CERT NEW GCRY_PK_USAGE_AUTH NEW GCRY_PK_USAGE_UNKN NEW GCRY_PK_ECDSA NEW - GCR_CIPHER_SEED NEW + GCRY_CIPHER_SEED NEW + GCRYCTL_FAKED_RANDOM_P NEW + GCRYCTL_DUMP_CONFIG NEW + GCRYCTL_SET_RNDEGD_SOCKET NEW. gcry_mpi_scan CHANGED: Argument BUFFER is now void*. gcry_pk_algo_name CHANGED: Returns "?" instead of NULL. gcry_cipher_algo_name CHANGED: Returns "?" instead of "". Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-04-30 14:09:33 UTC (rev 1238) +++ trunk/cipher/ChangeLog 2007-04-30 15:37:37 UTC (rev 1239) @@ -1,3 +1,7 @@ +2007-04-30 Werner Koch + + * rndegd.c (_gcry_rndegd_set_socket_name): New. + 2007-04-30 Marcus Brinkmann * ecc.c (ec2os): Fix relocation of short numbers. Modified: trunk/cipher/random.h =================================================================== --- trunk/cipher/random.h 2007-04-30 14:09:33 UTC (rev 1238) +++ trunk/cipher/random.h 2007-04-30 15:37:37 UTC (rev 1239) @@ -37,6 +37,9 @@ byte *_gcry_get_random_bits( size_t nbits, int level, int secure ); void _gcry_fast_random_poll( void ); +/*-- rndegd.c --*/ +gpg_error_t _gcry_rndegd_set_socket_name (const char *name); + /*-- random-daemon.c (only used from random.c) --*/ #ifdef USE_RANDOM_DAEMON void _gcry_daemon_initialize_basics (void); Modified: trunk/cipher/rndegd.c =================================================================== --- trunk/cipher/rndegd.c 2007-04-30 14:09:33 UTC (rev 1238) +++ trunk/cipher/rndegd.c 2007-04-30 15:37:37 UTC (rev 1239) @@ -40,6 +40,10 @@ static int egd_socket = -1; +/* Allocated name of the socket if supplied at runtime. */ +static char *user_socket_name; + + /* Allocate a new filename from FIRST_PART and SECOND_PART and to tilde expansion for first_part. SECOND_PART might be NULL. */ @@ -115,6 +119,25 @@ } +/* Note that his fucntion is not thread-safe. */ +gpg_error_t +_gcry_rndegd_set_socket_name (const char *name) +{ + char *newname; + struct sockaddr_un addr; + + newname = my_make_filename (name, NULL); + if (strlen (newname)+1 >= sizeof addr.sun_path) + { + gcry_free (newname); + return gpg_error_from_syserror (); + } + gcry_free (user_socket_name); + user_socket_name = newname; + return 0; +} + + /* Connect to the EGD and return the file descriptor. Return -1 on error. With NOFAIL set to true, silently fail and return the error, otherwise print an error message and die. */ @@ -136,7 +159,18 @@ #ifdef EGD_SOCKET_NAME bname = EGD_SOCKET_NAME; #endif - if ( !bname || !*bname ) + if (user_socket_name) + { + name = gcry_strdup (user_socket_name); + if (!name) + { + if (!nofail) + log_fatal ("error allocating memory in rndegd: %s\n", + strerror(errno) ); + return -1; + } + } + else if ( !bname || !*bname ) name = my_make_filename ("~/.gnupg", "entropy"); else name = my_make_filename (bname, NULL); Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2007-04-30 14:09:33 UTC (rev 1238) +++ trunk/doc/gcrypt.texi 2007-04-30 15:37:37 UTC (rev 1239) @@ -535,7 +535,7 @@ This command dumps secure memory manamgent related statistics to the librarys logging stream. - at item GCRYCTL_DUMP_CONFIG + at item GCRYCTL_DUMP_CONFIG; Arguments: none This command dumps information pertaining to the configuration of libgcrypt to the logging stream. It may be used before the intialization has been finished but not before a gcry_version_check. @@ -586,7 +586,23 @@ This command registers a thread-callback structure. See section ``multi threading'' for more information on this command. - at item GCRYCTL_FAST_POOL + at item GCRYCTL_FAST_POLL + +Run a fast random poll. + + + at item GCRYCTL_SET_RNDEGD_SOCKET; Arguments: const char *filename + +This command may be used to override the default name of the EGD socket +to connect to. It may be used only during initialization as it is not +thread safe. Changing the socket name again is not supported. The +function may return an error if the given filename is too long for a +local socket name. + +EGD is an alternative random gatherer, used only on a few systems. + + + @end table @end deftypefun Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-04-30 14:09:33 UTC (rev 1238) +++ trunk/src/ChangeLog 2007-04-30 15:37:37 UTC (rev 1239) @@ -1,8 +1,9 @@ 2007-04-30 Werner Koch - * global.c (gcry_control): New. - * gcrypt.h.in (GCRYCTL_DUMP_CONFIG): New. + (GCRYCTL_SET_RNDEGD_SOCKET): New. + * global.c (gcry_control): Add GCRYCTL_DUMP_CONFIG and + GCRYCTL_SET_RNDEGD_SOCKET. 2007-04-18 Werner Koch Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2007-04-30 14:09:33 UTC (rev 1238) +++ trunk/src/gcrypt.h.in 2007-04-30 15:37:37 UTC (rev 1239) @@ -356,7 +356,8 @@ GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49, GCRYCTL_USE_RANDOM_DAEMON = 50, GCRYCTL_FAKED_RANDOM_P = 51, - GCRYCTL_DUMP_CONFIG = 52 + GCRYCTL_DUMP_CONFIG = 52, + GCRYCTL_SET_RNDEGD_SOCKET = 53 }; /* Perform various operations defined by CMD. */ Modified: trunk/src/global.c =================================================================== --- trunk/src/global.c 2007-04-30 14:09:33 UTC (rev 1238) +++ trunk/src/global.c 2007-04-30 15:37:37 UTC (rev 1239) @@ -343,6 +343,14 @@ _gcry_fast_random_poll (); break; + case GCRYCTL_SET_RNDEGD_SOCKET: +#if USE_RNDEGD + err = _gcry_rndegd_set_socket_name (va_arg (arg_ptr, const char *)); +#else + err = gpg_error (GPG_ERR_NOT_SUPPORTED); +#endif + break; + case GCRYCTL_SET_RANDOM_DAEMON_SOCKET: _gcry_set_random_daemon_socket (va_arg (arg_ptr, const char *)); break; @@ -359,8 +367,22 @@ used before the intialization has been finished but not before a gcry_version_check. */ case GCRYCTL_DUMP_CONFIG: - log_info ("version=%s\n", VERSION); - log_info ("mpi-asm=%s\n", _gcry_mpi_get_hw_config ()); + log_info ("version:%s:\n", VERSION); + log_info ("mpi-asm:%s:\n", _gcry_mpi_get_hw_config ()); + log_info ("rnd-mod:" +#if USE_RNDEGD + "egd:" +#endif +#if USE_RNDLINUX + "linux:" +#endif +#if USE_RNDUNIX + "unix:" +#endif +#if USE_RNDW32 + "w32:" +#endif + "\n"); break; default: From cvs at cvs.gnupg.org Mon Apr 30 19:00:52 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 30 Apr 2007 19:00:52 +0200 Subject: [svn] gcry - r1240 - in trunk: . src tests Message-ID: Author: wk Date: 2007-04-30 19:00:21 +0200 (Mon, 30 Apr 2007) New Revision: 1240 Modified: trunk/NEWS trunk/src/ChangeLog trunk/src/g10lib.h trunk/src/gcrypt.h.in trunk/src/global.c trunk/src/misc.c trunk/tests/version.c Log: Dropped GCRYCTL_DUMP_CONFIG in favor of GCRYCTL_PRINT_CONFIG. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-04-30 15:37:37 UTC (rev 1239) +++ trunk/NEWS 2007-04-30 17:00:21 UTC (rev 1240) @@ -57,7 +57,7 @@ GCRY_PK_ECDSA NEW GCRY_CIPHER_SEED NEW GCRYCTL_FAKED_RANDOM_P NEW - GCRYCTL_DUMP_CONFIG NEW + GCRYCTL_PRINT_CONFIG NEW GCRYCTL_SET_RNDEGD_SOCKET NEW. gcry_mpi_scan CHANGED: Argument BUFFER is now void*. gcry_pk_algo_name CHANGED: Returns "?" instead of NULL. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-04-30 15:37:37 UTC (rev 1239) +++ trunk/src/ChangeLog 2007-04-30 17:00:21 UTC (rev 1240) @@ -1,9 +1,11 @@ 2007-04-30 Werner Koch - * gcrypt.h.in (GCRYCTL_DUMP_CONFIG): New. + * gcrypt.h.in (GCRYCTL_PRINT_CONFIG): New. (GCRYCTL_SET_RNDEGD_SOCKET): New. - * global.c (gcry_control): Add GCRYCTL_DUMP_CONFIG and + * global.c (gcry_control): Add GCRYCTL_PRINT_CONFIG and GCRYCTL_SET_RNDEGD_SOCKET. + (print_config): New. + * misc.c (_gcry_log_info_with_dummy_fp): New. 2007-04-18 Werner Koch Modified: trunk/src/g10lib.h =================================================================== --- trunk/src/g10lib.h 2007-04-30 15:37:37 UTC (rev 1239) +++ trunk/src/g10lib.h 2007-04-30 17:00:21 UTC (rev 1240) @@ -34,6 +34,8 @@ #error something is wrong with config.h #endif +#include + #include #include "types.h" @@ -83,6 +85,8 @@ void _gcry_log_fatal( const char *fmt, ... ) JNLIB_GCC_A_NR_PRINTF(1,2); void _gcry_log_error( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2); void _gcry_log_info( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2); +int _gcry_log_info_with_dummy_fp (FILE *fp, const char *fmt, ... ) + JNLIB_GCC_A_PRINTF(2,3); void _gcry_log_debug( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2); void _gcry_log_printf ( const char *fmt, ... ) JNLIB_GCC_A_PRINTF(1,2); Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2007-04-30 15:37:37 UTC (rev 1239) +++ trunk/src/gcrypt.h.in 2007-04-30 17:00:21 UTC (rev 1240) @@ -356,8 +356,8 @@ GCRYCTL_SET_RANDOM_DAEMON_SOCKET = 49, GCRYCTL_USE_RANDOM_DAEMON = 50, GCRYCTL_FAKED_RANDOM_P = 51, - GCRYCTL_DUMP_CONFIG = 52, - GCRYCTL_SET_RNDEGD_SOCKET = 53 + GCRYCTL_SET_RNDEGD_SOCKET = 52, + GCRYCTL_PRINT_CONFIG = 53 }; /* Perform various operations defined by CMD. */ Modified: trunk/src/global.c =================================================================== --- trunk/src/global.c 2007-04-30 15:37:37 UTC (rev 1239) +++ trunk/src/global.c 2007-04-30 17:00:21 UTC (rev 1240) @@ -197,6 +197,30 @@ return NULL; } + +static void +print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) +{ + fnc (fp, "version:%s:\n", VERSION); + fnc (fp, "mpi-asm:%s:\n", _gcry_mpi_get_hw_config ()); + fnc (fp, "rnd-mod:" +#if USE_RNDEGD + "egd:" +#endif +#if USE_RNDLINUX + "linux:" +#endif +#if USE_RNDUNIX + "unix:" +#endif +#if USE_RNDW32 + "w32:" +#endif + "\n"); + +} + + /* Command dispatcher function, acting as general control @@ -361,28 +385,16 @@ _gcry_random_initialize (1); _gcry_use_random_daemon (!! va_arg (arg_ptr, int)); break; - + /* This command dumps information pertaining to the - configuration of libgcrypt to the logging stream. It may be + configuration of libgcrypt to the given stream. It may be used before the intialization has been finished but not before a gcry_version_check. */ - case GCRYCTL_DUMP_CONFIG: - log_info ("version:%s:\n", VERSION); - log_info ("mpi-asm:%s:\n", _gcry_mpi_get_hw_config ()); - log_info ("rnd-mod:" -#if USE_RNDEGD - "egd:" -#endif -#if USE_RNDLINUX - "linux:" -#endif -#if USE_RNDUNIX - "unix:" -#endif -#if USE_RNDW32 - "w32:" -#endif - "\n"); + case GCRYCTL_PRINT_CONFIG: + { + FILE *fp = va_arg (arg_ptr, FILE *); + print_config (fp?fprintf:_gcry_log_info_with_dummy_fp, fp); + } break; default: Modified: trunk/src/misc.c =================================================================== --- trunk/src/misc.c 2007-04-30 15:37:37 UTC (rev 1239) +++ trunk/src/misc.c 2007-04-30 17:00:21 UTC (rev 1240) @@ -172,6 +172,18 @@ va_end(arg_ptr); } +int +_gcry_log_info_with_dummy_fp (FILE *fp, const char *fmt, ... ) +{ + va_list arg_ptr; + + (void)fp; + va_start( arg_ptr, fmt ) ; + _gcry_logv( GCRY_LOG_INFO, fmt, arg_ptr ); + va_end(arg_ptr); + return 0; +} + void _gcry_log_error( const char *fmt, ... ) { Modified: trunk/tests/version.c =================================================================== --- trunk/tests/version.c 2007-04-30 15:37:37 UTC (rev 1239) +++ trunk/tests/version.c 2007-04-30 17:00:21 UTC (rev 1240) @@ -51,7 +51,7 @@ exit (1); } - gcry_control (GCRYCTL_DUMP_CONFIG, 0); + gcry_control (GCRYCTL_PRINT_CONFIG, NULL); return 0; } From cvs at cvs.gnupg.org Mon Apr 30 20:37:53 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Mon, 30 Apr 2007 20:37:53 +0200 Subject: [svn] gpgme - r1214 - trunk/gpgme Message-ID: Author: marcus Date: 2007-04-30 20:37:22 +0200 (Mon, 30 Apr 2007) New Revision: 1214 Modified: trunk/gpgme/ChangeLog trunk/gpgme/engine-gpgsm.c trunk/gpgme/rungpg.c Log: 2007-04-30 Marcus Brinkmann * engine-gpgsm.c (gpgsm_new): Fix error handling for ttyname_r. * rungpg.c (gpg_new): Likewise. Submitted by Stephen Tether. Modified: trunk/gpgme/ChangeLog =================================================================== --- trunk/gpgme/ChangeLog 2007-03-05 11:18:47 UTC (rev 1213) +++ trunk/gpgme/ChangeLog 2007-04-30 18:37:22 UTC (rev 1214) @@ -1,3 +1,9 @@ +2007-04-30 Marcus Brinkmann + + * engine-gpgsm.c (gpgsm_new): Fix error handling for ttyname_r. + * rungpg.c (gpg_new): Likewise. + Submitted by Stephen Tether. + 2007-02-26 Werner Koch * verify.c (op_data_t): New element PLAINTEXT_SEEN. Modified: trunk/gpgme/engine-gpgsm.c =================================================================== --- trunk/gpgme/engine-gpgsm.c 2007-03-05 11:18:47 UTC (rev 1213) +++ trunk/gpgme/engine-gpgsm.c 2007-04-30 18:37:22 UTC (rev 1214) @@ -448,9 +448,12 @@ if (isatty (1)) { - if (ttyname_r (1, dft_ttyname, sizeof (dft_ttyname))) + int rc; + + rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); + if (rc) { - err = gpg_error_from_errno (errno); + err = gpg_error_from_errno (rc); goto leave; } else Modified: trunk/gpgme/rungpg.c =================================================================== --- trunk/gpgme/rungpg.c 2007-03-05 11:18:47 UTC (rev 1213) +++ trunk/gpgme/rungpg.c 2007-04-30 18:37:22 UTC (rev 1214) @@ -476,7 +476,10 @@ if (isatty (1)) { - if (ttyname_r (1, dft_ttyname, sizeof (dft_ttyname))) + int err; + + err = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); + if (err) rc = gpg_error_from_errno (errno); else {