From cvs at cvs.gnupg.org Mon Dec 3 10:56:54 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 03 Dec 2007 10:56:54 +0100 Subject: [svn] gcry - r1274 - in trunk: . cipher src Message-ID: Author: wk Date: 2007-12-03 10:56:52 +0100 (Mon, 03 Dec 2007) New Revision: 1274 Added: trunk/cipher/rndhw.c Modified: trunk/ChangeLog trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/rand-internal.h trunk/cipher/random.c trunk/cipher/rndunix.c trunk/config.guess trunk/config.sub trunk/configure.ac trunk/src/ChangeLog trunk/src/dumpsexp.c trunk/src/gcrypt.h.in trunk/src/misc.c trunk/src/secmem.c Log: Preparing a release Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/ChangeLog 2007-12-03 09:56:52 UTC (rev 1274) @@ -1,3 +1,11 @@ +2007-12-03 Werner Koch + + Released 1.3.2. + + * configure.ac: Set LT to C15/A4/R2. + + * config.sub, config.guess: Update to version 2007-11-19. + 2007-10-30 Werner Koch * configure.ac: Protect config.h against double inclusion. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/NEWS 2007-12-03 09:56:52 UTC (rev 1274) @@ -1,11 +1,13 @@ -Noteworthy changes in version 1.3.2 +Noteworthy changes in version 1.3.2 (2007-12-03) ------------------------------------------------ - * Make use of the visibility attribute if supported. + * The visibility attribute is now used if supported by the toolchain. * The ACE engine of VIA processors is now used for AES-128. + * The ASN.1 DER template for SHA-224 has been fixed. + Noteworthy changes in version 1.3.1 (2007-10-26) ------------------------------------------------ Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/cipher/ChangeLog 2007-12-03 09:56:52 UTC (rev 1274) @@ -1,3 +1,8 @@ +2007-12-03 Werner Koch + + * random.c (gcry_random_add_bytes): Implement it. + * rand-internal.h (RANDOM_ORIGIN_EXTERNAL): New. + 2007-11-30 Werner Koch * rndhw.c: New. Modified: trunk/cipher/rand-internal.h =================================================================== --- trunk/cipher/rand-internal.h 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/cipher/rand-internal.h 2007-12-03 09:56:52 UTC (rev 1274) @@ -26,9 +26,10 @@ enum random_origins { RANDOM_ORIGIN_INIT = 0, /* Used only for initialization. */ - RANDOM_ORIGIN_FASTPOLL = 1, /* Fast random poll function. */ - RANDOM_ORIGIN_SLOWPOLL = 2, /* Slow poll function. */ - RANDOM_ORIGIN_EXTRAPOLL = 3 /* Used to mark an extra pool seed + RANDOM_ORIGIN_EXTERNAL = 1, /* Added from an external source. */ + RANDOM_ORIGIN_FASTPOLL = 2, /* Fast random poll function. */ + RANDOM_ORIGIN_SLOWPOLL = 3, /* Slow poll function. */ + RANDOM_ORIGIN_EXTRAPOLL = 4 /* Used to mark an extra pool seed due to a GCRY_VERY_STRONG_RANDOM random request. */ }; Modified: trunk/cipher/random.c =================================================================== --- trunk/cipher/random.c 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/cipher/random.c 2007-12-03 09:56:52 UTC (rev 1274) @@ -474,26 +474,43 @@ /* Add BUFLEN bytes from BUF to the internal random pool. QUALITY should be in the range of 0..100 to indicate the goodness of the - entropy added, or -1 for goodness not known. - - Note, that this function currently does nothing. -*/ + entropy added, or -1 for goodness not known. */ gcry_error_t -gcry_random_add_bytes (const void * buf, size_t buflen, int quality) +gcry_random_add_bytes (const void *buf, size_t buflen, int quality) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + size_t nbytes; + const char *bufptr; - if (!buf || quality < -1 || quality > 100) - err = GPG_ERR_INV_ARG; - if (!buflen) - return 0; /* Shortcut this dummy case. */ -#if 0 - /* Before we actuall enable this code, we need to lock the pool, - have a look at the quality and find a way to add them without - disturbing the real entropy (we have estimated). */ - /*add_randomness( buf, buflen, RANDOM_ORIGIN_FASTPOLL );*/ -#endif - return err; + if (quality == -1) + quality = 35; + else if (quality > 100) + quality = 100; + else if (quality < 0) + quality = 0; + + if (!buf) + return gpg_error (GPG_ERR_INV_ARG); + + if (!buflen || quality < 10) + return 0; /* Take a shortcut. */ + + /* Because we don't increment the entropy estimation with FASTPOLL, + we don't need to take lock that estimation while adding from an + external source. This limited entropy estimation also means that + we can't take QUALITY into account. */ + initialize_basics (); + bufptr = buf; + while (buflen) + { + nbytes = buflen > POOLSIZE? POOLSIZE : buflen; + lock_pool (); + if (rndpool) + add_randomness (bufptr, nbytes, RANDOM_ORIGIN_EXTERNAL); + unlock_pool (); + bufptr += nbytes; + buflen -= nbytes; + } + return 0; } @@ -871,7 +888,7 @@ /* We do only a basic initialization so that we can lock the pool. This is required to cope with the case that this function is - called by some cleanup code at a pouint where the RNG has never + called by some cleanup code at a point where the RNG has never been initialized. */ initialize_basics (); lock_pool (); @@ -1274,7 +1291,7 @@ NOP unless a random function has been used or _gcry_initialize (1) has been used. We use this hack so that the internal use of this function in cipher_open and md_open won't start filling up the - radnom pool, even if no random will be required by the process. */ + random pool, even if no random will be required by the process. */ void _gcry_fast_random_poll (void) { Added: trunk/cipher/rndhw.c =================================================================== --- trunk/cipher/rndhw.c 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/cipher/rndhw.c 2007-12-03 09:56:52 UTC (rev 1274) @@ -0,0 +1,138 @@ +/* rndhw.c - Access to the external random daemon + * Copyright (C) 2007 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include +#include +#include +#include + +#include "types.h" +#include "g10lib.h" +#include "rand-internal.h" + +#undef USE_PADLOCK +#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) +#define USE_PADLOCK +#endif + +/* Keep track on whether the RNG has problems. */ +static volatile int rng_failed; + + +#ifdef USE_PADLOCK +static size_t +poll_padlock (void (*add)(const void*, size_t, enum random_origins), + enum random_origins origin, int fast) +{ + char buffer[64+8] __attribute__ ((aligned (8))); + char *p; + unsigned int nbytes, status; + + /* Peter Gutmann's cryptlib tests again whether the RNG is enabled + but we don't do so. We would have to do this also for our AES + implementaion and that is definitely too time consuming. There + would be a race condition anyway. Thus we assume that the OS + does not change the Padlock initialization while a user process + is running. */ + p = buffer; + nbytes = 0; + while (nbytes < 64) + { + asm volatile + ("movl %1, %%edi\n\t" /* Set buffer. */ + "xorl %%edx, %%edx\n\t" /* Request up to 8 bytes. */ + ".byte 0x0f, 0xa7, 0xc0\n\t" /* XSTORE RNG. */ + "movl %%eax, %0\n" /* Return the status. */ + : "=g" (status) + : "g" (p) + : "%edx", "%edi", "cc" + ); + if ((status & (1<<6)) /* RNG still enabled. */ + && !(status & (1<<13)) /* von Neumann corrector is enabled. */ + && !(status & (1<<14)) /* String filter is disabled. */ + && !(status & 0x1c00) /* BIAS voltage at default. */ + && (!(status & 0x1f) || (status & 0x1f) == 8) /* Sanity check. */ + ) + { + nbytes += (status & 0x1f); + if (fast) + break; /* Don't get into the loop with the fast flag set. */ + p += (status & 0x1f); + } + else + { + /* If there was an error we need to break the loop and + record that there is something wrong with the padlock + RNG. */ + rng_failed = 1; + break; + } + } + + if (nbytes) + { + (*add) (buffer, nbytes, origin); + wipememory (buffer, nbytes); + } + return nbytes; +} +#endif /*USE_PADLOCK*/ + + +int +_gcry_rndhw_failed_p (void) +{ + return rng_failed; +} + + +/* Try to read random from a hardware RNG if a fast one is + available. */ +void +_gcry_rndhw_poll_fast (void (*add)(const void*, size_t, enum random_origins), + enum random_origins origin) +{ + (void)add; + (void)origin; + +#ifdef USE_PADLOCK + if ((_gcry_get_hw_features () & HWF_PADLOCK_RNG)) + poll_padlock (add, origin, 1); +#endif +} + + +/* Read 64 bytes from a hardware RNG and return the number of bytes + actually read. */ +size_t +_gcry_rndhw_poll_slow (void (*add)(const void*, size_t, enum random_origins), + enum random_origins origin) +{ + size_t nbytes = 0; + + (void)add; + (void)origin; + +#ifdef USE_PADLOCK + if ((_gcry_get_hw_features () & HWF_PADLOCK_RNG)) + nbytes += poll_padlock (add, origin, 0); +#endif + + return nbytes; +} Modified: trunk/cipher/rndunix.c =================================================================== --- trunk/cipher/rndunix.c 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/cipher/rndunix.c 2007-12-03 09:56:52 UTC (rev 1274) @@ -486,11 +486,12 @@ if (fclose(entry->pipe)) return (-1); - /* We ignore the return value from the process because some programs - * return funny values which would result in the input being discarded - * even if they executed successfully. This isn't a problem because the - * result data size threshold will filter out any programs which exit - * with a usage message without producing useful output */ + /* We ignore the return value from the process because some + programs return funny values which would result in the input + being discarded even if they executed successfully. This isn't + a problem because the result data size threshold will filter + out any programs which exit with a usage message without + producing useful output. */ if (waitpid(entry->pid, NULL, 0) != entry->pid) status = -1; Modified: trunk/config.guess =================================================================== --- trunk/config.guess 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/config.guess 2007-12-03 09:56:52 UTC (rev 1274) @@ -1,9 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. -timestamp='2006-02-23' +timestamp='2007-11-19' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -160,6 +161,7 @@ arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -210,7 +212,7 @@ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) - echo powerppc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} @@ -328,7 +330,7 @@ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; - i86pc:SunOS:5.*:*) + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) @@ -770,6 +772,8 @@ case ${UNAME_MACHINE} in pc98) echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac @@ -777,12 +781,9 @@ i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; - i*:MINGW*:*) + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS_NT-*:*:*) - echo ${UNAME_MACHINE}-pc-mingw32 - exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 @@ -790,12 +791,15 @@ i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[345]*) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - EM64T:Interix*:[345]*) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; + *:Interix*:[3456]*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T | authenticamd) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; @@ -831,6 +835,9 @@ arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; @@ -947,6 +954,9 @@ x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent @@ -989,7 +999,7 @@ LIBC=gnulibc1 # endif #else - #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__sun) + #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) LIBC=gnu #else LIBC=gnuaout @@ -1205,6 +1215,15 @@ SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; Modified: trunk/config.sub =================================================================== --- trunk/config.sub 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/config.sub 2007-12-03 09:56:52 UTC (rev 1274) @@ -1,9 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. -timestamp='2006-02-23' +timestamp='2007-11-19' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -240,15 +241,16 @@ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ - | m32r | m32rle | m68000 | m68k | m88k | maxq | mb | microblaze | mcore \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | mcore | mep \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ @@ -274,21 +276,19 @@ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \ + | score \ + | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b \ - | strongarm \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | v850 | v850e \ | we32k \ - | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \ + | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k) basic_machine=$basic_machine-unknown ;; - m32c) - basic_machine=$basic_machine-unknown - ;; m6811 | m68hc11 | m6812 | m68hc12) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown @@ -318,18 +318,18 @@ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* \ + | avr-* | avr32-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ - | m32r-* | m32rle-* \ + | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ @@ -358,22 +358,24 @@ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ + | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-*) ;; - m32c-*) + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. @@ -477,8 +479,8 @@ basic_machine=craynv-cray os=-unicosmp ;; - cr16c) - basic_machine=cr16c-unknown + cr16) + basic_machine=cr16-unknown os=-elf ;; crds | unos) @@ -685,6 +687,10 @@ basic_machine=i386-pc os=-mingw32 ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; miniframe) basic_machine=m68000-convergent ;; @@ -912,6 +918,10 @@ sb1el) basic_machine=mipsisa64sb1el-unknown ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; sei) basic_machine=mips-sei os=-seiux @@ -923,6 +933,9 @@ basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -1128,7 +1141,7 @@ sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sparc | sparcv8 | sparcv9 | sparcv9b) + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) @@ -1217,7 +1230,7 @@ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1369,6 +1382,12 @@ # system, and we'll never get to this point. case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; *-acorn) os=-riscix1.2 ;; @@ -1378,9 +1397,9 @@ arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff - ;; + c4x-* | tic4x-*) + os=-coff + ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 @@ -1406,6 +1425,9 @@ m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/configure.ac 2007-12-03 09:56:52 UTC (rev 1274) @@ -28,7 +28,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.3.2]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) @@ -40,7 +40,7 @@ # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=15 LIBGCRYPT_LT_AGE=4 -LIBGCRYPT_LT_REVISION=1 +LIBGCRYPT_LT_REVISION=2 # If the API is changed in an incompatible way: increment the next counter. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/src/ChangeLog 2007-12-03 09:56:52 UTC (rev 1274) @@ -1,3 +1,12 @@ +2007-12-03 Werner Koch + + * misc.c (_gcry_logv): Use abort for error levels fatal and bug as + this is more approriate for a library. Terminate the secmem + before doing so. + (_gcry_fatal_error): Terminate secmem before abort. + * secmem.c (_gcry_secmem_malloc_internal): Use log_bug instead of + exit. + 2007-11-29 Werner Koch * hwfeatures.c (detect_ia32_gnuc): Detect Padlock engine. Modified: trunk/src/dumpsexp.c =================================================================== --- trunk/src/dumpsexp.c 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/src/dumpsexp.c 2007-12-03 09:56:52 UTC (rev 1274) @@ -12,9 +12,7 @@ * General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. + * along with this program; if not, see . */ #include Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/src/gcrypt.h.in 2007-12-03 09:56:52 UTC (rev 1274) @@ -1609,7 +1609,7 @@ pool. QUALITY should either be -1 for unknown or in the range of 0 to 100 */ gcry_error_t gcry_random_add_bytes (const void *buffer, size_t length, - int quality); + int quality); /* If random numbers are used in an application, this macro should be called from time to time so that new stuff gets added to the Modified: trunk/src/misc.c =================================================================== --- trunk/src/misc.c 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/src/misc.c 2007-12-03 09:56:52 UTC (rev 1274) @@ -1,10 +1,10 @@ /* misc.c - * Copyright (C) 1999, 2001, 2002, 2003 Free Software Foundation, Inc. + * Copyright (C) 1999, 2001, 2002, 2003, 2007 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser general Public License as + * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * @@ -14,8 +14,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see . */ #include @@ -26,6 +25,7 @@ #include #include "g10lib.h" +#include "secmem.h" static int verbosity_level = 0; @@ -81,6 +81,7 @@ write2stderr("\nFatal error: "); write2stderr(text); write2stderr("\n"); + _gcry_secmem_term (); abort (); } @@ -111,28 +112,32 @@ static void _gcry_logv( int level, const char *fmt, va_list arg_ptr ) { - if( log_handler ) - log_handler( log_handler_value, level, fmt, arg_ptr ); - else { - switch ( level ) { - case GCRY_LOG_CONT: break; - case GCRY_LOG_INFO: break; - case GCRY_LOG_WARN: break; - case GCRY_LOG_ERROR: break; - case GCRY_LOG_FATAL: fputs("Fatal: ",stderr ); break; - case GCRY_LOG_BUG: fputs("Ohhhh jeeee: ", stderr); break; - case GCRY_LOG_DEBUG: fputs("DBG: ", stderr ); break; - default: fprintf(stderr,"[Unknown log level %d]: ", level ); break; + if (log_handler) + log_handler (log_handler_value, level, fmt, arg_ptr); + else + { + switch (level) + { + case GCRY_LOG_CONT: break; + case GCRY_LOG_INFO: break; + case GCRY_LOG_WARN: break; + case GCRY_LOG_ERROR: break; + case GCRY_LOG_FATAL: fputs("Fatal: ",stderr ); break; + case GCRY_LOG_BUG: fputs("Ohhhh jeeee: ", stderr); break; + case GCRY_LOG_DEBUG: fputs("DBG: ", stderr ); break; + default: fprintf(stderr,"[Unknown log level %d]: ", level ); break; } - vfprintf(stderr,fmt,arg_ptr) ; + vfprintf(stderr,fmt,arg_ptr) ; } - - if( level == GCRY_LOG_FATAL ) - exit(2); - else if( level == GCRY_LOG_BUG ) - abort(); + + if ( level == GCRY_LOG_FATAL || level == GCRY_LOG_BUG ) + { + _gcry_secmem_term (); + abort (); + } } + void _gcry_log( int level, const char *fmt, ... ) { Modified: trunk/src/secmem.c =================================================================== --- trunk/src/secmem.c 2007-11-30 16:33:09 UTC (rev 1273) +++ trunk/src/secmem.c 2007-12-03 09:56:52 UTC (rev 1274) @@ -494,9 +494,8 @@ if (!pool_okay) { - log_info (_ + log_bug (_ ("operation is not possible without initialized secure memory\n")); - exit (2); } if (show_warning && !suspend_warning) { From cvs at cvs.gnupg.org Mon Dec 3 11:34:29 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 03 Dec 2007 11:34:29 +0100 Subject: [svn] gcry - r1275 - tags Message-ID: Author: wk Date: 2007-12-03 11:34:28 +0100 (Mon, 03 Dec 2007) New Revision: 1275 Added: tags/libgcrypt-1.3.2/ Log: Release! Copied: tags/libgcrypt-1.3.2 (from rev 1274, trunk) From cvs at cvs.gnupg.org Mon Dec 3 14:05:19 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 03 Dec 2007 14:05:19 +0100 Subject: [svn] GnuPG - r4634 - in trunk: common g10 sm Message-ID: Author: wk Date: 2007-12-03 14:05:15 +0100 (Mon, 03 Dec 2007) New Revision: 4634 Modified: trunk/common/ChangeLog trunk/common/sysutils.c trunk/common/sysutils.h trunk/g10/ChangeLog trunk/g10/gpg.c trunk/sm/ChangeLog trunk/sm/gpgsm.c Log: Try to make sure that the standard descriptors are connected when calling gpgsm. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2007-11-29 14:51:08 UTC (rev 4633) +++ trunk/common/ChangeLog 2007-12-03 13:05:15 UTC (rev 4634) @@ -1,3 +1,7 @@ +2007-12-03 Werner Koch + + * sysutils.c (gnupg_reopen_std): New. Taken from ../g10/gpg.c. + 2007-11-27 Werner Koch * Makefile.am (CLEANFILES): New. Modified: trunk/common/sysutils.c =================================================================== --- trunk/common/sysutils.c 2007-11-29 14:51:08 UTC (rev 4633) +++ trunk/common/sysutils.c 2007-12-03 13:05:15 UTC (rev 4634) @@ -48,6 +48,7 @@ #ifdef HAVE_PTH # include #endif +#include #include "util.h" #include "i18n.h" @@ -119,7 +120,7 @@ return 1; limit.rlim_cur = limit.rlim_max; setrlimit (RLIMIT_CORE, &limit); - return 1; /* We always return true because trhis function is + return 1; /* We always return true because this function is merely a debugging aid. */ # endif return 1; @@ -397,3 +398,76 @@ return tmpfile (); #endif /*!HAVE_W32_SYSTEM*/ } + + +/* Make sure that the standard file descriptors are opened. Obviously + some folks close them before an exec and the next file we open will + get one of them assigned and thus any output (i.e. diagnostics) end + up in that file (e.g. the trustdb). Not actually a gpg problem as + this will hapen with almost all utilities when called in a wrong + way. However we try to minimize the damage here and raise + awareness of the problem. + + Must be called before we open any files! */ +void +gnupg_reopen_std (const char *pgmname) +{ +#if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM) + struct stat statbuf; + int did_stdin = 0; + int did_stdout = 0; + int did_stderr = 0; + FILE *complain; + + if (fstat (STDIN_FILENO, &statbuf) == -1 && errno ==EBADF) + { + if (open ("/dev/null",O_RDONLY) == STDIN_FILENO) + did_stdin = 1; + else + did_stdin = 2; + } + + if (fstat (STDOUT_FILENO, &statbuf) == -1 && errno == EBADF) + { + if (open ("/dev/null",O_WRONLY) == STDOUT_FILENO) + did_stdout = 1; + else + did_stdout = 2; + } + + if (fstat (STDERR_FILENO, &statbuf)==-1 && errno==EBADF) + { + if (open ("/dev/null", O_WRONLY) == STDERR_FILENO) + did_stderr = 1; + else + did_stderr = 2; + } + + /* It's hard to log this sort of thing since the filehandle we would + complain to may be closed... */ + if (!did_stderr) + complain = stderr; + else if (!did_stdout) + complain = stdout; + else + complain = NULL; + + if (complain) + { + if (did_stdin == 1) + fprintf (complain, "%s: WARNING: standard input reopened\n", pgmname); + if (did_stdout == 1) + fprintf (complain, "%s: WARNING: standard output reopened\n", pgmname); + if (did_stderr == 1) + fprintf (complain, "%s: WARNING: standard error reopened\n", pgmname); + + if (did_stdin == 2 || did_stdout == 2 || did_stderr == 2) + fprintf(complain,"%s: fatal: unable to reopen standard input," + " output, or error\n", pgmname); + } + + if (did_stdin == 2 || did_stdout == 2 || did_stderr == 2) + exit (3); +#endif /* HAVE_STAT && !HAVE_W32_SYSTEM */ +} + Modified: trunk/common/sysutils.h =================================================================== --- trunk/common/sysutils.h 2007-11-29 14:51:08 UTC (rev 4633) +++ trunk/common/sysutils.h 2007-12-03 13:05:15 UTC (rev 4634) @@ -46,6 +46,7 @@ int translate_sys2libc_fd (gnupg_fd_t fd, int for_write); int translate_sys2libc_fd_int (int fd, int for_write); FILE *gnupg_tmpfile (void); +void gnupg_reopen_std (const char *pgmname); #ifdef HAVE_W32_SYSTEM Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-11-29 14:51:08 UTC (rev 4633) +++ trunk/g10/ChangeLog 2007-12-03 13:05:15 UTC (rev 4634) @@ -1,3 +1,10 @@ +2007-12-03 Werner Koch + + * gpg.c (reopen_std): Moved to ../common and renamed to + gnupg_reopen_std. + + * gpg.c: Remove second inclusion of fcntl.h. + 2007-11-19 Werner Koch * keyedit.c (keyedit_menu): String grammar fix. Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2007-11-29 14:51:08 UTC (rev 4633) +++ trunk/g10/gpg.c 2007-12-03 13:05:15 UTC (rev 4634) @@ -26,9 +26,6 @@ #include #include #include -#ifdef HAVE_DOSISH_SYSTEM -#include /* for setmode() */ -#endif #ifdef HAVE_STAT #include /* for stat() */ #endif @@ -1687,76 +1684,6 @@ } - -/* Make sure that the standard file descriptors are opened. Obviously - some folks close them before an exec and the next file we open will - get one of them assigned and thus any output (i.e. diagnostics) end - up in that file (e.g. the trustdb). Not actually a gpg problem as - this will hapenn with almost all utilities when called in a wrong - way. However we try to minimize the damage here and raise - awareness of the problem. - - Must be called before we open any files! */ -static void -reopen_std(void) -{ -#if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM) - struct stat statbuf; - int did_stdin=0,did_stdout=0,did_stderr=0; - FILE *complain; - - if(fstat(STDIN_FILENO,&statbuf)==-1 && errno==EBADF) - { - if(open("/dev/null",O_RDONLY)==STDIN_FILENO) - did_stdin=1; - else - did_stdin=2; - } - - if(fstat(STDOUT_FILENO,&statbuf)==-1 && errno==EBADF) - { - if(open("/dev/null",O_WRONLY)==STDOUT_FILENO) - did_stdout=1; - else - did_stdout=2; - } - - if(fstat(STDERR_FILENO,&statbuf)==-1 && errno==EBADF) - { - if(open("/dev/null",O_WRONLY)==STDERR_FILENO) - did_stderr=1; - else - did_stderr=2; - } - - /* It's hard to log this sort of thing since the filehandle we would - complain to may be closed... */ - if(did_stderr==0) - complain=stderr; - else if(did_stdout==0) - complain=stdout; - else - complain=NULL; - - if(complain) - { - if(did_stdin==1) - fprintf(complain,"gpg: WARNING: standard input reopened\n"); - if(did_stdout==1) - fprintf(complain,"gpg: WARNING: standard output reopened\n"); - if(did_stderr==1) - fprintf(complain,"gpg: WARNING: standard error reopened\n"); - - if(did_stdin==2 || did_stdout==2 || did_stderr==2) - fprintf(complain,"gpg: fatal: unable to reopen standard input," - " output, or error\n"); - } - - if(did_stdin==2 || did_stdout==2 || did_stderr==2) - exit(3); -#endif /* HAVE_STAT && !HAVE_W32_SYSTEM */ -} - /* Pack an s2k iteration count into the form specified in 2440. If we're in between valid values, round up. */ static unsigned char @@ -1855,7 +1782,7 @@ /* Please note that we may running SUID(ROOT), so be very CAREFUL when adding any stuff between here and the call to secmem_init() somewhere after the option parsing. */ - reopen_std (); + gnupg_reopen_std ("gpg"); trap_unaligned (); gnupg_rl_initialize (); set_strusage (my_strusage); Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2007-11-29 14:51:08 UTC (rev 4633) +++ trunk/sm/ChangeLog 2007-12-03 13:05:15 UTC (rev 4634) @@ -1,3 +1,7 @@ +2007-12-03 Werner Koch + + * gpgsm.c (main): All gnupg_reopen_std. + h2007-11-22 Werner Koch * server.c (cmd_getauditlog): New. Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2007-11-29 14:51:08 UTC (rev 4633) +++ trunk/sm/gpgsm.c 2007-12-03 13:05:15 UTC (rev 4634) @@ -851,6 +851,7 @@ /*mtrace();*/ + gnupg_reopen_std ("gpgsm"); /* trap_unaligned ();*/ gnupg_rl_initialize (); set_strusage (my_strusage); From cvs at cvs.gnupg.org Mon Dec 3 15:02:07 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 03 Dec 2007 15:02:07 +0100 Subject: [svn] GnuPG - r4635 - trunk/agent Message-ID: Author: wk Date: 2007-12-03 15:02:06 +0100 (Mon, 03 Dec 2007) New Revision: 4635 Modified: trunk/agent/ChangeLog trunk/agent/gpg-agent.c Log: Fixed testing for an alive ssh standard socket. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2007-12-03 13:05:15 UTC (rev 4634) +++ trunk/agent/ChangeLog 2007-12-03 14:02:06 UTC (rev 4635) @@ -1,3 +1,10 @@ +2007-12-03 Werner Koch + + * gpg-agent.c (main): s/standard_socket/use_standard_socket/ for + clarity. + (create_server_socket): New arg IS_SSH to avoid testing with + assuan commands. + 2007-11-20 Werner Koch * gpg-agent.c (get_agent_scd_notify_event): New. Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2007-12-03 13:05:15 UTC (rev 4634) +++ trunk/agent/gpg-agent.c 2007-12-03 14:02:06 UTC (rev 4635) @@ -244,6 +244,7 @@ static char *create_socket_name (int use_standard_socket, char *standard_name, char *template); static gnupg_fd_t create_server_socket (int is_standard_name, char *name, + int is_ssh, assuan_sock_nonce_t *nonce); static void create_directories (void); @@ -486,7 +487,7 @@ char *logfile = NULL; int debug_wait = 0; int gpgconf_list = 0; - int standard_socket = 0; + int use_standard_socket = 0; gpg_error_t err; const char *env_file_name = NULL; @@ -535,8 +536,8 @@ /* Set default options. */ parse_rereadable_options (NULL, 0); /* Reset them to default values. */ #ifdef HAVE_W32_SYSTEM - standard_socket = 1; /* Under Windows we always use a standard - socket. */ + use_standard_socket = 1; /* Under Windows we always use a standard + socket. */ #endif shell = getenv ("SHELL"); @@ -674,8 +675,8 @@ case oXauthority: default_xauthority = xstrdup (pargs.r.ret_str); break; - case oUseStandardSocket: standard_socket = 1; break; - case oNoUseStandardSocket: standard_socket = 0; break; + case oUseStandardSocket: use_standard_socket = 1; break; + case oNoUseStandardSocket: use_standard_socket = 0; break; case oFakedSystemTime: { @@ -886,18 +887,18 @@ /* Create the sockets. */ - socket_name = create_socket_name (standard_socket, + socket_name = create_socket_name (use_standard_socket, "S.gpg-agent", "/tmp/gpg-XXXXXX/S.gpg-agent"); if (opt.ssh_support) - socket_name_ssh = create_socket_name (standard_socket, + socket_name_ssh = create_socket_name (use_standard_socket, "S.gpg-agent.ssh", "/tmp/gpg-XXXXXX/S.gpg-agent.ssh"); - fd = create_server_socket (standard_socket, socket_name, + fd = create_server_socket (use_standard_socket, socket_name, 0, &socket_nonce); if (opt.ssh_support) - fd_ssh = create_server_socket (standard_socket, socket_name_ssh, + fd_ssh = create_server_socket (use_standard_socket, socket_name_ssh, 1, &socket_nonce_ssh); else fd_ssh = GNUPG_INVALID_FD; @@ -1317,10 +1318,12 @@ /* Create a Unix domain socket with NAME. IS_STANDARD_NAME indicates - whether a non-random socket is used. Returns the file descriptor or - terminates the process in case of an error. */ + whether a non-random socket is used. Returns the file descriptor + or terminates the process in case of an error. Not that this + function needs to be used for the regular socket first and only then + for the ssh socket. */ static gnupg_fd_t -create_server_socket (int is_standard_name, char *name, +create_server_socket (int is_standard_name, char *name, int is_ssh, assuan_sock_nonce_t *nonce) { struct sockaddr_un *serv_addr; @@ -1350,7 +1353,15 @@ rc = assuan_sock_bind (fd, (struct sockaddr*) serv_addr, len); if (is_standard_name && rc == -1 && errno == EADDRINUSE) { - if (!check_for_running_agent (1, 1)) + /* Check whether a gpg-agent is already running on the standard + socket. We do this test only if this is not the ssh socket. + For ssh we assume that a test for gpg-agent has already been + done and reuse the requested ssh socket. Testing the + ssh-socket is not possible because at this point, though we + know the new Assuan socket, the Assuan server and thus the + ssh-agent server is not yet operational. This would lead to + a hang. */ + if (!is_ssh && !check_for_running_agent (1, 1)) { log_error (_("a gpg-agent is already running - " "not starting a new one\n")); @@ -1875,7 +1886,7 @@ /* Figure out whether an agent is available and running. Prints an - error if not. If SILENT is true, no mesdsages are printed. Usually + error if not. If SILENT is true, no messages are printed. Usually started with MODE 0. Returns 0 if the agent is running. */ static int check_for_running_agent (int silent, int mode) From cvs at cvs.gnupg.org Mon Dec 3 15:41:40 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 03 Dec 2007 15:41:40 +0100 Subject: [svn] GnuPG - r4637 - in branches/STABLE-BRANCH-1-4: checks doc g10 util Message-ID: Author: wk Date: 2007-12-03 15:41:38 +0100 (Mon, 03 Dec 2007) New Revision: 4637 Modified: branches/STABLE-BRANCH-1-4/checks/ChangeLog branches/STABLE-BRANCH-1-4/checks/Makefile.am branches/STABLE-BRANCH-1-4/doc/gpg.texi branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/keygen.c branches/STABLE-BRANCH-1-4/util/assuan-util.c Log: Comment typ fixes. Workaround for bad translations of the capability menu. Modified: branches/STABLE-BRANCH-1-4/checks/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/checks/ChangeLog 2007-12-03 14:18:22 UTC (rev 4636) +++ branches/STABLE-BRANCH-1-4/checks/ChangeLog 2007-12-03 14:41:38 UTC (rev 4637) @@ -3,6 +3,11 @@ * defs.inc: Use new --list-config method to get cipher and digest names. +2007-11-22 Werner Koch + + * Makefile.am (./gpg_dearmor): Add --homedir so that we don't + auto create a ~/.gnupg/. From Gentoo. + 2007-07-18 David Shaw * defs.inc (all_hash_algos): See "all_cipher_algos", below. Modified: branches/STABLE-BRANCH-1-4/checks/Makefile.am =================================================================== --- branches/STABLE-BRANCH-1-4/checks/Makefile.am 2007-12-03 14:18:22 UTC (rev 4636) +++ branches/STABLE-BRANCH-1-4/checks/Makefile.am 2007-12-03 14:41:38 UTC (rev 4637) @@ -58,7 +58,7 @@ ./gpg_dearmor: echo '#!/bin/sh' >./gpg_dearmor - echo "../g10/gpg --no-options --no-greeting \ + echo "../g10/gpg --no-options --no-greeting --homedir . \ --no-secmem-warning --batch --dearmor" >>./gpg_dearmor chmod 755 ./gpg_dearmor Modified: branches/STABLE-BRANCH-1-4/doc/gpg.texi =================================================================== --- branches/STABLE-BRANCH-1-4/doc/gpg.texi 2007-12-03 14:18:22 UTC (rev 4636) +++ branches/STABLE-BRANCH-1-4/doc/gpg.texi 2007-12-03 14:41:38 UTC (rev 4637) @@ -1141,7 +1141,7 @@ Set the name of the native character set. This is used to convert some informational strings like user IDs to the proper UTF-8 encoding. Note that this has nothing to do with the character set of data to be -encrypted or signed; GnuPG does not recode user supplied data. If +encrypted or signed; GnuPG does not recode user-supplied data. If this option is not used, the default character set is determined from the current locale. A verbosity level of 3 shows the chosen set. Valid values for @code{name} are: Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-12-03 14:18:22 UTC (rev 4636) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-12-03 14:41:38 UTC (rev 4637) @@ -1,3 +1,8 @@ +2007-12-03 Werner Koch + + * keygen.c (ask_key_flags): Add a translation remark and implement + a workaround. + 2007-11-28 David Shaw * sig-check.c (do_check): Code to try both the incorrect and Modified: branches/STABLE-BRANCH-1-4/g10/keygen.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keygen.c 2007-12-03 14:18:22 UTC (rev 4636) +++ branches/STABLE-BRANCH-1-4/g10/keygen.c 2007-12-03 14:41:38 UTC (rev 4637) @@ -1343,13 +1343,26 @@ static unsigned int ask_key_flags(int algo,int subkey) { + /* TRANSLATORS: Please use only plain ASCII characters for the + translation. If this is not possible use single digits. Here is + a description of the fucntions: + + s = Toggle signing capability + e = Toggle encryption capability + a = Toggle authentication capability + q = Finish + */ const char *togglers=_("SsEeAaQq"); char *answer=NULL; unsigned int current=0; unsigned int possible=openpgp_pk_algo_usage(algo); - if(strlen(togglers)!=8) - BUG(); + if ( strlen(togglers) != 8 ) + { + tty_printf ("NOTE: Bad translation at %s:%d. " + "Please report.\n", __FILE__, __LINE__); + togglers = "11223300"; + } /* Only primary keys may certify. */ if(subkey) Modified: branches/STABLE-BRANCH-1-4/util/assuan-util.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/assuan-util.c 2007-12-03 14:18:22 UTC (rev 4636) +++ branches/STABLE-BRANCH-1-4/util/assuan-util.c 2007-12-03 14:41:38 UTC (rev 4637) @@ -112,7 +112,7 @@ } } -/* Log a user supplied string. Escapes non-printable before +/* Log a user-supplied string. Escapes non-printable before printing. */ void _assuan_log_sanitized_string (const char *string) From cvs at cvs.gnupg.org Tue Dec 4 00:39:50 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 04 Dec 2007 00:39:50 +0100 Subject: [svn] GnuPG - r4638 - trunk/tools Message-ID: Author: marcus Date: 2007-12-04 00:39:49 +0100 (Tue, 04 Dec 2007) New Revision: 4638 Modified: trunk/tools/ChangeLog trunk/tools/gpgconf-comp.c Log: 2007-12-04 Marcus Brinkmann * gpgconf-comp.c (gc_component_list_components): Do not print a trailing semi-colon to ensure forward compatibility, as this would indicate another empty field. Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2007-12-03 14:41:38 UTC (rev 4637) +++ trunk/tools/ChangeLog 2007-12-03 23:39:49 UTC (rev 4638) @@ -1,3 +1,9 @@ +2007-12-04 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_components): Do not print a + trailing semi-colon to ensure forward compatibility, as this would + indicate another empty field. + 2007-11-15 Werner Koch * gpg-connect-agent.c (start_agent): Adjust changed Modified: trunk/tools/gpgconf-comp.c =================================================================== --- trunk/tools/gpgconf-comp.c 2007-12-03 14:41:38 UTC (rev 4637) +++ trunk/tools/gpgconf-comp.c 2007-12-03 23:39:49 UTC (rev 4638) @@ -1176,7 +1176,7 @@ desc = my_dgettext (gc_component[component].desc_domain, desc); fprintf (out, "%s:%s:", gc_component[component].name, my_percent_escape (desc)); - fprintf (out, "%s:\n", my_percent_escape (pgmname)); + fprintf (out, "%s\n", my_percent_escape (pgmname)); } } } From cvs at cvs.gnupg.org Tue Dec 4 15:47:28 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Tue, 04 Dec 2007 15:47:28 +0100 Subject: [svn] GnuPG - r4640 - trunk/tools Message-ID: Author: marcus Date: 2007-12-04 15:47:28 +0100 (Tue, 04 Dec 2007) New Revision: 4640 Modified: trunk/tools/ChangeLog trunk/tools/gpgconf-comp.c Log: 2007-12-04 Marcus Brinkmann * gpgconf-comp.c (gc_component_list_components): Do not print a trailing semi-colon to ensure forward compatibility, as this would indicate another empty field. (gc_process_gpgconf_conf): Likewise. Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2007-12-04 11:23:31 UTC (rev 4639) +++ trunk/tools/ChangeLog 2007-12-04 14:47:28 UTC (rev 4640) @@ -3,6 +3,7 @@ * gpgconf-comp.c (gc_component_list_components): Do not print a trailing semi-colon to ensure forward compatibility, as this would indicate another empty field. + (gc_process_gpgconf_conf): Likewise. 2007-11-15 Werner Koch Modified: trunk/tools/gpgconf-comp.c =================================================================== --- trunk/tools/gpgconf-comp.c 2007-12-04 11:23:31 UTC (rev 4639) +++ trunk/tools/gpgconf-comp.c 2007-12-04 14:47:28 UTC (rev 4640) @@ -3315,7 +3315,7 @@ } fprintf (listfp, "k:%s:", my_percent_escape (key)); - fprintf (listfp, "%s:\n", group? my_percent_escape (group):""); + fprintf (listfp, "%s\n", group? my_percent_escape (group):""); } /* All other lines are rule records. */ @@ -3326,7 +3326,6 @@ if (value != empty) fprintf (listfp, "\"%s", my_percent_escape (value)); - putc (':', listfp); putc ('\n', listfp); } From cvs at cvs.gnupg.org Wed Dec 5 10:50:52 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 05 Dec 2007 10:50:52 +0100 Subject: [svn] gcry - r1276 - in trunk: . cipher tests Message-ID: Author: wk Date: 2007-12-05 10:50:50 +0100 (Wed, 05 Dec 2007) New Revision: 1276 Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/pubkey.c trunk/cipher/rsa.c trunk/configure.ac trunk/tests/ChangeLog trunk/tests/pubkey.c Log: Fixed an internal bug in rsa.c Allow to decryption/signing using a minimal RSA key. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-03 10:34:28 UTC (rev 1275) +++ trunk/NEWS 2007-12-05 09:50:50 UTC (rev 1276) @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.4.0 +------------------------------------------------ + + Noteworthy changes in version 1.3.2 (2007-12-03) ------------------------------------------------ Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-12-03 10:34:28 UTC (rev 1275) +++ trunk/cipher/ChangeLog 2007-12-05 09:50:50 UTC (rev 1276) @@ -1,3 +1,14 @@ +2007-12-05 Werner Koch + + * rsa.c (secret): Fixed condition test for using CRT. Reported by + Dean Scarff. Fixes bug#864. + (_gcry_rsa_check_secret_key): Return an erro if the optional + parameters are missing. + * pubkey.c (sexp_elements_extract): Add arg ALGO_NAME. Changed all + callers to pass NULL. Add hack to allow for optional RSA + parameters. + (sexp_to_key): Pass algo name to sexp_elements_extract. + 2007-12-03 Werner Koch * random.c (gcry_random_add_bytes): Implement it. Modified: trunk/cipher/pubkey.c =================================================================== --- trunk/cipher/pubkey.c 2007-12-03 10:34:28 UTC (rev 1275) +++ trunk/cipher/pubkey.c 2007-12-05 09:50:50 UTC (rev 1276) @@ -751,9 +751,9 @@ /* Internal function. */ static gcry_err_code_t sexp_elements_extract (gcry_sexp_t key_sexp, const char *element_names, - gcry_mpi_t *elements) + gcry_mpi_t *elements, const char *algo_name) { - gcry_err_code_t err = GPG_ERR_NO_ERROR; + gcry_err_code_t err = 0; int i, idx; const char *name; gcry_sexp_t list; @@ -761,17 +761,41 @@ for (name = element_names, idx = 0; *name && !err; name++, idx++) { list = gcry_sexp_find_token (key_sexp, name, 1); - if (! list) - err = GPG_ERR_NO_OBJ; + if (!list) + elements[idx] = NULL; else { elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); - if (! elements[idx]) + if (!elements[idx]) err = GPG_ERR_INV_OBJ; } } + if (!err) + { + /* Check that all elements are available. */ + for (name = element_names, idx = 0; *name; name++, idx++) + if (!elements[idx]) + break; + if (*name) + { + err = GPG_ERR_NO_OBJ; + /* Some are missing. Before bailing out we test for + optional parameters. */ + if (algo_name && !strcmp (algo_name, "RSA") + && !strcmp (element_names, "nedpqu") ) + { + /* This is RSA. Test whether we got N, E and D and that + the optional P, Q and U are all missing. */ + if (elements[0] && elements[1] && elements[2] + && !elements[3] && !elements[4] && !elements[5]) + err = 0; + } + } + } + + if (err) { for (i = 0; i < idx; i++) @@ -884,8 +908,6 @@ * NOTE: we look through the list to find a list beginning with * "private-key" or "public-key" - the first one found is used. * - * FIXME: Allow for encrypted secret keys here. - * * Returns: A pointer to an allocated array of MPIs if the return value is * zero; the caller has to release this array. * @@ -959,7 +981,7 @@ if (is_ecc) err = sexp_elements_extract_ecc (list, elems, array); else - err = sexp_elements_extract (list, elems, array); + err = sexp_elements_extract (list, elems, array, pubkey->name); } gcry_sexp_release (list); @@ -1048,7 +1070,7 @@ err = gpg_err_code_from_errno (errno); if (!err) - err = sexp_elements_extract (list, elems, array); + err = sexp_elements_extract (list, elems, array, NULL); gcry_sexp_release (l2); gcry_sexp_release (list); @@ -1190,7 +1212,7 @@ goto leave; } - err = sexp_elements_extract (list, elems, array); + err = sexp_elements_extract (list, elems, array, NULL); leave: gcry_sexp_release (list); @@ -1921,7 +1943,7 @@ Test a key. This may be used either for a public or a secret key to see whether - internal structre is valid. + the internal structure is okay. Returns: 0 or an errorcode. Modified: trunk/cipher/rsa.c =================================================================== --- trunk/cipher/rsa.c 2007-12-03 10:34:28 UTC (rev 1275) +++ trunk/cipher/rsa.c 2007-12-05 09:50:50 UTC (rev 1276) @@ -1,6 +1,6 @@ /* rsa.c - RSA function - * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn) - * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn) + * Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -15,8 +15,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see . */ /* This code uses an algorithm protected by U.S. Patent #4,405,829 @@ -357,7 +356,7 @@ static void secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey ) { - if (!skey->p && !skey->q && !skey->u) + if (!skey->p || !skey->q || !skey->u) { mpi_powm (output, input, skey->d, skey->n); } @@ -488,7 +487,10 @@ sk.q = skey[4]; sk.u = skey[5]; - if (! check_secret_key (&sk)) + if (!sk.p || !sk.q || !sk.u) + err = GPG_ERR_NO_OBJ; /* To check the key we need the optional + parameters. */ + else if (!check_secret_key (&sk)) err = GPG_ERR_PUBKEY_ALGO; return err; @@ -529,9 +531,9 @@ sk.n = skey[0]; sk.e = skey[1]; sk.d = skey[2]; - sk.p = skey[3]; - sk.q = skey[4]; - sk.u = skey[5]; + sk.p = skey[3]; /* Optional. */ + sk.q = skey[4]; /* Optional. */ + sk.u = skey[5]; /* Optional. */ y = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n)); Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-12-03 10:34:28 UTC (rev 1275) +++ trunk/configure.ac 2007-12-05 09:50:50 UTC (rev 1276) @@ -27,8 +27,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.3.2]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.3.3]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-12-03 10:34:28 UTC (rev 1275) +++ trunk/tests/ChangeLog 2007-12-05 09:50:50 UTC (rev 1276) @@ -1,3 +1,11 @@ +2007-12-05 Werner Koch + + * pubkey.c (sample_private_key_1_1,sample_private_key_1_2): New. + (get_keys_sample): Add arg SECRET_VARIANT. + (check_run): Check all variants. Also check gcry_pk_testkey. + (check_keys_crypt): Add DECRYPT_FAIL_CODE. + (check_keys): Ditto. + 2007-11-30 Werner Koch * benchmark.c (main): Add optione --verbose and reworked the Modified: trunk/tests/pubkey.c =================================================================== --- trunk/tests/pubkey.c 2007-12-03 10:34:28 UTC (rev 1275) +++ trunk/tests/pubkey.c 2007-12-05 09:50:50 UTC (rev 1276) @@ -14,8 +14,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see . */ #ifdef HAVE_CONFIG_H @@ -52,6 +51,43 @@ " )\n" ")\n"; +/* The same key as above but without p, q and u to test the non CRT case. */ +static const char sample_private_key_1_1[] = +"(private-key\n" +" (openpgp-rsa\n" +" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" + "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" + "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" + "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" +" (e #010001#)\n" +" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11" + "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD" + "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21" + "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n" +" )\n" +")\n"; + +/* The same key as above but just without q to test the non CRT case. This + should fail. */ +static const char sample_private_key_1_2[] = +"(private-key\n" +" (openpgp-rsa\n" +" (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" + "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" + "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" + "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" +" (e #010001#)\n" +" (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11" + "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD" + "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21" + "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n" +" (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213" + "fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n" +" (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e" + "ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)\n" +" )\n" +")\n"; + static const char sample_public_key_1[] = "(public-key\n" " (rsa\n" @@ -79,7 +115,7 @@ static void check_keys_crypt (gcry_sexp_t pkey, gcry_sexp_t skey, - gcry_sexp_t plain0) + gcry_sexp_t plain0, gpg_err_code_t decrypt_fail_code) { gcry_sexp_t plain1, cipher, l; gcry_mpi_t x0, x1; @@ -103,7 +139,11 @@ rc = gcry_pk_decrypt (&plain1, cipher, skey); gcry_sexp_release (cipher); if (rc) - die ("decryption failed: %s\n", gcry_strerror (rc)); + { + if (decrypt_fail_code && gpg_err_code (rc) == decrypt_fail_code) + return; /* This is the expected failure code. */ + die ("decryption failed: %s\n", gcry_strerror (rc)); + } /* Extract decrypted data. Note that for compatibility reasons, the output of gcry_pk_decrypt depends on whether a flags lists (even @@ -133,7 +173,8 @@ } static void -check_keys (gcry_sexp_t pkey, gcry_sexp_t skey, unsigned int nbits_data) +check_keys (gcry_sexp_t pkey, gcry_sexp_t skey, unsigned int nbits_data, + gpg_err_code_t decrypt_fail_code) { gcry_sexp_t plain; gcry_mpi_t x; @@ -148,7 +189,7 @@ die ("converting data for encryption failed: %s\n", gcry_strerror (rc)); - check_keys_crypt (pkey, skey, plain); + check_keys_crypt (pkey, skey, plain, decrypt_fail_code); gcry_sexp_release (plain); gcry_mpi_release (x); @@ -162,21 +203,30 @@ die ("converting data for encryption failed: %s\n", gcry_strerror (rc)); - check_keys_crypt (pkey, skey, plain); + check_keys_crypt (pkey, skey, plain, decrypt_fail_code); gcry_sexp_release (plain); } static void -get_keys_sample (gcry_sexp_t *pkey, gcry_sexp_t *skey) +get_keys_sample (gcry_sexp_t *pkey, gcry_sexp_t *skey, int secret_variant) { gcry_sexp_t pub_key, sec_key; int rc; + static const char *secret; + + switch (secret_variant) + { + case 0: secret = sample_private_key_1; break; + case 1: secret = sample_private_key_1_1; break; + case 2: secret = sample_private_key_1_2; break; + default: die ("BUG\n"); + } + rc = gcry_sexp_sscan (&pub_key, NULL, sample_public_key_1, strlen (sample_public_key_1)); - if (! rc) - rc = gcry_sexp_sscan (&sec_key, NULL, sample_private_key_1, - strlen (sample_private_key_1)); + if (!rc) + rc = gcry_sexp_sscan (&sec_key, NULL, secret, strlen (secret)); if (rc) die ("converting sample keys failed: %s\n", gcry_strerror (rc)); @@ -249,33 +299,44 @@ static void check_run (void) { + gpg_error_t err; gcry_sexp_t pkey, skey; + int variant; + for (variant=0; variant < 3; variant++) + { + if (verbose) + fprintf (stderr, "Checking sample key (%d).\n", variant); + get_keys_sample (&pkey, &skey, variant); + /* Check gcry_pk_testkey which requires all elements. */ + err = gcry_pk_testkey (skey); + if ((variant == 0 && err) + || (variant > 0 && gpg_err_code (err) != GPG_ERR_NO_OBJ)) + die ("gcry_pk_testkey failed: %s\n", gpg_strerror (err)); + /* Run the usual check but expect an error from variant 2. */ + check_keys (pkey, skey, 800, variant == 2? GPG_ERR_NO_OBJ : 0); + gcry_sexp_release (pkey); + gcry_sexp_release (skey); + } + if (verbose) - fprintf (stderr, "Checking sample key.\n"); - get_keys_sample (&pkey, &skey); - check_keys (pkey, skey, 800); - gcry_sexp_release (pkey); - gcry_sexp_release (skey); - - if (verbose) fprintf (stderr, "Checking generated RSA key.\n"); get_keys_new (&pkey, &skey); - check_keys (pkey, skey, 800); + check_keys (pkey, skey, 800, 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Checking generated Elgamal key.\n"); get_elg_key_new (&pkey, &skey, 0); - check_keys (pkey, skey, 400 ); + check_keys (pkey, skey, 400, 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Checking passphrase generated Elgamal key.\n"); get_elg_key_new (&pkey, &skey, 1); - check_keys (pkey, skey, 800); + check_keys (pkey, skey, 800, 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); } @@ -294,7 +355,7 @@ gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (!gcry_check_version (GCRYPT_VERSION)) - die ("version mismatch\n"); + /*die ("version mismatch\n")*/; gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); if (debug) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); From cvs at cvs.gnupg.org Wed Dec 5 13:24:45 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 05 Dec 2007 13:24:45 +0100 Subject: [svn] GpgOL - r201 - trunk/tests Message-ID: Author: wk Date: 2007-12-05 13:24:44 +0100 (Wed, 05 Dec 2007) New Revision: 201 Added: trunk/tests/gpg4win-testuser-a.p12 trunk/tests/gpg4win-testuser-a.pem Log: Add test key. Added: trunk/tests/gpg4win-testuser-a.p12 =================================================================== --- trunk/tests/gpg4win-testuser-a.p12 2007-11-13 09:09:17 UTC (rev 200) +++ trunk/tests/gpg4win-testuser-a.p12 2007-12-05 12:24:44 UTC (rev 201) @@ -0,0 +1,68 @@ +Issuer ...: /CN=Test-ZS 5/O=Intevation GmbH/C=DE +Serial ...: 4D +Subject ..: /CN=Gpg4winTestuserA/OU=Testlab/O=Gpg4win Project/C=DE + aka ..: Gpg4winUserA at test.hq + +The passphrase is "test". + +-----BEGIN PKCS12----- +MIILAAIBAzCCCsYGCSqGSIb3DQEHAaCCCrcEggqzMIIKrzCCBQ8GCSqGSIb3DQEH +BqCCBQAwggT8AgEAMIIE9QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI8r3k +uRSzfwACAggAgIIEyNfFbaK2TzOo1e0r8StYhYYTKC7QsDHhtl85P3dqAOA6ep4p +qeEYYJIHx8Pw6GoE4QLV6h2Un4S2HNBgw1Szh3zZsYa/+AXOxnjtCg+gG9ulXQ8u +jBJ6w8OXZhWsvIEgnVsOJfPkSZUUg/tdilVqlaFHY7z15UTcI6gvS88Kw2p+z5sf +mL8auB+O2L7fG4EeOwoNO7ev5ckQD9ztrRyLRyrvJXaFvMcW7yS/d604AtfYGPKV +/uJWLhfrenavRCuNSpvWIrEs0fpiALM5Z28xuI0CQxVa7qiDAZuHkInY8YJp4HWO +9Y7CNq1HyS9SK08d0VmgEwsKP121pbVTEchgG87GsafKAm4ReqhFzX/50qtjWtZE +Oe13DRFGHy+GQIPFYbXvVQrDXXmwwR4r8zLaaPZkuS2Wqf0abImAqYdalZHNwTop +NI1W76QoWnxPN6h3eH134Ajs1Rawa0ZWeDtFck7YkcZc0wIxRA8yuojIu7m2yyGP +/Efhm5SKluAG6niUqtOQEuIncGdq2VfZ0pL7m47N6BSESvPwVD9zOqxEsJzpkKsN +KxFpvyCyGM/9JR2YiSX6boMq9pLkA2tGysP5/sWIiD/RD+bYHEA50kPdsYrAeNOy +mgQMD6YeS2nsndIjwXftLAApPC9YzH5QELw7TU0ZUbXQmgmpOIb/JBqD4qaZd/Ap +kTx8XF4xKLGvDfnLp3DPN4Bp5wd2isH1Yw97lpesn7LeTJfhVk8MvK2PPotAkZOZ +/U/zMUE6GEy6YQZQu0a8fhypv9sbF2s9GTr0ub8c93ztgk3tpaJu31IFCxjcX0f2 +q14bZoxLf4vi7W76Uq03NvtHAuP3JbXiHvohyPiqWhE5A85BIeLfcHEsfzuzQumt +W4iF+AH5IIW6GE4ulQvre7m6xvoPk1Ev1x83hIMR45k5eJnoBUxNLC7djH5Geigg +b7ZB45MQniLBVC25RPk/5HL4b42moK7GdOk6RVtkZ7b8nsQ9Ezn3ev48SRToD0cG +iR1w9vwJ7Xeetti19NPgupfFEyOpXb8f0AiXSJ++3bO4A23c0s3bA6CGQ16Lt/0G +w3E8FpEub9YKLOgLYKXw3OyKSCBA0d0xLpQy4W8tCnoOcI1eWT5dbWh5qfvKTnIR +3/JSzEjnj3j5SzAty2WZgUvdJ4aJhEZUo3TPHtk35pUrNokmJPb1Gx39kdNgf6Ga +6PWFh99UVA6UU7oJUpz0zHmwx+jSgrNAnHpcLPwKnZGlRE/ytEdJJK/Yz3XQh9oy +HX02PPNMPN//HFMinW6CMD6iKmiFoQThJXqbrZBXQ2FNXIgw/LLRxwHcn0vGCjcx +062mw3Ht9Tg5bpGG47/rydQqc2HcKPdjx66OBHyEdrwIhe6z3KliEFOurHVY/GFK +nmacKWxEbzcKEI8pk3cFRD/CUHQdYgqKlFw1PTPUx+e/UM+HknfX/CQHbpHUHTId +KXdJVZGreM5LvpDVcTL6FrFP3heKEv+EOn6eI0vDOO7VxIoAz2wMl4tB+iu/DP60 +K7hka7viECl8K+2riavNX8M91SqSezXsK10nt8nYmINMeCMPARgBuc/8qyHxFHAc +weFP39GEvTXyU0yRSgg6ieS8hDIMYYl2BoEsKYXHGa8u1bpB8TCCBZgGCSqGSIb3 +DQEHAaCCBYkEggWFMIIFgTCCBX0GCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZI +hvcNAQwBAzAOBAjI2SVB5ht5gQICCAAEggTINqOBu5xIZaulQBUbtS/MnQV1saei +IjHgYfIAGRfoxMu9CgGSgLWTHBTyqlmErGMnuVG7B0WLl/IhVNGVhaY17/aD1dN+ +gYstVPHDhdog6g2g5fLfKcBgnLo1jCtrO8QkccG5TwEJjdDcoZaz1AnMLroocpTJ +4/R8EIM52JTKuj3UAqo1IzQ5hJgB8pDrFxOYBiH2dVEKBf/gQw7dfM9qOD1fw89e +cLJ+vZws6YTTva2/b3FT6ua2k1xnKFZxFUIwdBYZlYt1lT0NwTTgH7iu8L31BRbI +6PocFOg8OSGD2Am8JRkGMFsN8J3TaSV/YFxL1v0JzXvsja7LxsycrcHOUGSQ3kl2 +MnuhUY94/ygojHaJR24sByzCljjgcGS2rwWJncq3/TelAKHO9W1b8qq1C1MT1bMw +9rgMhHlZhhPg3+IO/Ry/l+Qv14z9LjT3lapzT8w1rsTRRFoK38MpdJDIkOqsTxY1 +Y5fvleN4BSjfs/UXq27VR/1KaBxJFFRV3UVS8vwu1IINaZ8QwsTsLo0PpP9tjvvw +TTkKQV8oOCbicgrS8Nvk4Ke2EOI0y6Kepr08fl8fSsx2iSafo50zQ3il9n8XKgDM +bluiOaeNDS8tiDKiUDf8DCb0cAt8H+hCmlsbV8WYPrABJ8aLe7y02Nni1kE7RpFl +fghzQhfeoG/ObeScIIhUcg+pJ+cCFPWtuXKfpbwdvHNXbJERv3XM48quIoYrqtRS +QGh7OLYUGToCtKalR5kLyCVtTDsf3ToThKrV6eKnP8Q2cBx8VevX43fO9pUBdmgo +BX8pQM4jqN/doVFOiJSx9X947elqcytxUgGcXW7siGIJdVvy8u2sgYLTDmzBprxx +R0nLZIAuTfx55Ugg1SGi4TYPJODVjFM5VJeOGgIaHvDINthPlInHTDwzZCdS4frG +Ld53wZXQmypbam+7x1+SimiJ+xotMiTrNZIQTd2kcLo3RP373+/c7goPvAKEYkb/ +phxId2cORdWuMcMFSogHbasfmFni2RA44Jf6C1APyeWwKOYmBXREQ0ZMvhIjhc5z +0aTlKGmYZEga7RYitcUUdhzLDCHAN+stbuIMQD2p+rsnBI/A7j85m5T3YqfC4NgG +ioh+Nai5YoZJ7xWV7dRBxZeBHRUtJw6LGvlnyeGCbBYzK5Mk4Zd1x1Dd1G5cmAZs +7fgCfJOTKX6LkPPiyhZpMQEwgs1/6EQoXrJW0oDi8B8nz8BKzfq/0gya7dE0+ezF +yM3AQ2WGFJgRbCXQZ0iLYNDzp3NpIbjRC3rusxKpAgXs9IRhumTirCao987LCzVr +QVL6D+t+Td+T5yzxRPvQNPMLgRcVk5V4Wae+eFXRRtj7zthVKB6jcsgoDHd/l4PB +n9gNap3g3yKNJBhuiLjULeiBmirJPzULPDT6t9ddivemBibLUQgg99JcaeAwNL5N +C6Q6TxE5L3ka63eHAwiCQDMBakCg8fqYHQDEYBjGW4Ws7m1QK2hkYEqg0WWvhd19 +S7qUVelmggJSKzfSOJ0fLPH/QH1ceo/5t/OSgJs611p72GJN5KTga+euOfzDELnh +BJnGM0ViKSXaZYHAU44DonL6e6Y8wpyxGD5hvic6545WiGoYykvrliVquYXeo1rh +wkfbMXwwVQYJKoZIhvcNAQkUMUgeRgBHAG4AdQBQAEcAIABlAHgAcABvAHIAdABl +AGQAIABjAGUAcgB0AGkAZgBpAGMAYQB0AGUAIAAwADMANgBhADEANAA1ADYwIwYJ +KoZIhvcNAQkVMRYEFOCn6epP7jkLYpxnAaPf6FQDahRWMDEwITAJBgUrDgMCGgUA +BBT82uTObdyD8N16n3HG37z/XxH8WwQI8my/C004+V0CAggA +-----END PKCS12----- Added: trunk/tests/gpg4win-testuser-a.pem =================================================================== --- trunk/tests/gpg4win-testuser-a.pem 2007-11-13 09:09:17 UTC (rev 200) +++ trunk/tests/gpg4win-testuser-a.pem 2007-12-05 12:24:44 UTC (rev 201) @@ -0,0 +1,80 @@ +Issuer ...: /CN=Wurzel ZS 3/O=Intevation GmbH/C=DE +Serial ...: 00 +Subject ..: /CN=Wurzel ZS 3/O=Intevation GmbH/C=DE + aka ..: ca at intevation.de + +-----BEGIN CERTIFICATE----- +MIICPzCCAaigAwIBAgIBADANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJERTEY +MBYGA1UECgwPSW50ZXZhdGlvbiBHbWJIMRQwEgYDVQQDDAtXdXJ6ZWwgWlMgMzAe +Fw0wMzA2MjgxNDQ3MzdaFw0xMzA2MjcxNDQ3MzdaMD0xCzAJBgNVBAYTAkRFMRgw +FgYDVQQKDA9JbnRldmF0aW9uIEdtYkgxFDASBgNVBAMMC1d1cnplbCBaUyAzMIGf +MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOLHeAUlIwzxVaS1rt5hInoBJM4CzL +XI0E7CDBSEXqZitXBium/t3AkJsGKbPz/hpeXot8YFMAy8UcX6dF0gpzJVsG3ZtP +JJzekct99MIXs8PUS7GyuNGWGsfZtEH1OaJSmX6UNdnXkfqkSQdqBYxMKAGEYhgq +p5DJ/biLEoierwIDAQABo08wTTAdBgNVHQ4EFgQUoNaVfbZXeqn/LfWcpBG6nwfv +Cc8wDwYDVR0TAQH/BAUwAwEB/zAbBgNVHREEFDASgRBjYUBpbnRldmF0aW9uLmRl +MA0GCSqGSIb3DQEBBAUAA4GBADvPH28eVyYgVdpk55hYCVy+8vO99JMhACEzqrdI +VkVPWEmS31Jzl7Nbh0EPWNlvSa+cXFOaLzYxd1CWnOqQWRhq3Ud46GGSLfmUmYcY +VEI9DyzAx/Ucb1q+uo0VjetMyyNr7dKj5JC4GNE9TZMQQwPmiHZbIcAlRGr0F0oZ +LMTU +-----END CERTIFICATE----- + +Issuer ...: /CN=Wurzel ZS 3/O=Intevation GmbH/C=DE + aka ...: ca at intevation.de + aka ...: (uri http://ca.intevation.net) +Serial ...: 02 +Subject ..: /CN=Test-ZS 5/O=Intevation GmbH/C=DE + aka ..: ca at intevation.de + aka ..: (uri http://ca.intevation.net) + +-----BEGIN CERTIFICATE----- +MIIDczCCAtygAwIBAgIBAjANBgkqhkiG9w0BAQQFADA9MQswCQYDVQQGEwJERTEY +MBYGA1UECgwPSW50ZXZhdGlvbiBHbWJIMRQwEgYDVQQDDAtXdXJ6ZWwgWlMgMzAe +Fw0wMzA2MjgxNzM5MThaFw0wODA2MjcxNzM5MThaMDsxCzAJBgNVBAYTAkRFMRgw +FgYDVQQKDA9JbnRldmF0aW9uIEdtYkgxEjAQBgNVBAMMCVRlc3QtWlMgNTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy9UYxG8QQhbkteJ9jvo0md8czKp2C5LR +M1Q08nVeP64978U+OtE4aTXb4xxI+2kAe3CM7Z3XIuYk/+ZMeULzSn0qOGFXkCq5 +JIh8hUgGVQLpoMF5DKUVzZTeavX3K/tL2KbMo7nSylXHKGXGD3QeqJ4meTOIdOWL +c76/9v3DQfECAwEAAaOCAYMwggF/MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQD +AgEGMGsGA1UdHwRkMGIwYKBeoFyGWmxkYXA6Ly9jYS5pbnRldmF0aW9uLm9yZy9j +bj1XdXJ6ZWwgWlMgMywgbz1JbnRldmF0aW9uIEdtYkgsIGM9REU/Y2VydGlmaWNh +dGVSZXZvY2F0aW9uTGlzdDAdBgNVHQ4EFgQUh966Q67X/qI2Jxn25lOMiTnvovgw +ZQYDVR0jBF4wXIAUoNaVfbZXeqn/LfWcpBG6nwfvCc+hQaQ/MD0xCzAJBgNVBAYT +AkRFMRgwFgYDVQQKDA9JbnRldmF0aW9uIEdtYkgxFDASBgNVBAMMC1d1cnplbCBa +UyAzggEAMDUGA1UdEQQuMCyBEGNhQGludGV2YXRpb24uZGWGGGh0dHA6Ly9jYS5p +bnRldmF0aW9uLm5ldDA1BgNVHRIELjAsgRBjYUBpbnRldmF0aW9uLmRlhhhodHRw +Oi8vY2EuaW50ZXZhdGlvbi5uZXQwDQYJKoZIhvcNAQEEBQADgYEAVXJopLQ9xENw +mNBb+eYCAcqVmiBw9KXyTlw5sk2xR6jL9HQjlTXgF7dUkjlK9kzr792PIdP29QCd +Rl30AZ2wA9g8edPc1G6Q79jDXbB1/07Repw/ByZ3ZCiUAiyz9D+P88Km5FbYk/2v +zqBzN1X7jSLqlRAZEkgUy2heBYKj1W8= +-----END CERTIFICATE----- + +Issuer ...: /CN=Test-ZS 5/O=Intevation GmbH/C=DE +Serial ...: 4D +Subject ..: /CN=Gpg4winTestuserA/OU=Testlab/O=Gpg4win Project/C=DE + aka ..: Gpg4winUserA at test.hq + +-----BEGIN CERTIFICATE----- +MIIEEDCCA3mgAwIBAgIBTTANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJERTEY +MBYGA1UECgwPSW50ZXZhdGlvbiBHbWJIMRIwEAYDVQQDDAlUZXN0LVpTIDUwHhcN +MDcwODIwMTUwMDU4WhcNMDgxMDEzMTUwMDU4WjBUMQswCQYDVQQGEwJERTEYMBYG +A1UEChMPR3BnNHdpbiBQcm9qZWN0MRAwDgYDVQQLEwdUZXN0bGFiMRkwFwYDVQQD +ExBHcGc0d2luVGVzdHVzZXJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAywz1A3cf08kI6lUGS4s/5VoGagBZ9gU+LjDnHoVIeNNkRvucJCqLer7TsPjj +dqMoFAv1QiLVAic2X5hsrA9cWyXNuiyWY4pheCygC/uvo0FHagVi8jKYJIqrnYAA +PfxL8vSN23aSkT4ixzcbANG6oKIftE+EZwn72Be8zjRYJqZn0I77skxeYspcAaoS +UATXpyIX5flpcEuaB/Du1svhqw431tvIfzQXJr4nEaI77CrhOXAXPIsCrne8u64h +qoLNqDgAbz/Fca0nJYIeXtwCJly6QhLR7Dx+3og3yNOrLOGOdPGH2qfLgNzEvaRQ +UOqCcwgiCxjmY7Ckc4MNZp8Q4wIDAQABo4IBhTCCAYEwDAYDVR0TAQH/BAIwADAO +BgNVHQ8BAf8EBAMCBeAwaQYDVR0fBGIwYDBeoFygWoZYbGRhcDovL2NhLmludGV2 +YXRpb24ub3JnL2NuPVRlc3QtWlMgNSwgbz1JbnRldmF0aW9uIEdtYkgsIGM9REU/ +Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDBPBglghkgBhvhCAQ0EQhZARS1NYWls +IENlcnRpZmljYXRlcyBmb3IgSW50ZXZhdGlvbiBhbmQgZnJpZW5kcyAobm9uLXBy +b2R1Y3Rpb24pLjAdBgNVHQ4EFgQUnZeDR/MizH7Rs9cRnmaC94X7GJYwZQYDVR0j +BF4wXIAUh966Q67X/qI2Jxn25lOMiTnvovihQaQ/MD0xCzAJBgNVBAYTAkRFMRgw +FgYDVQQKDA9JbnRldmF0aW9uIEdtYkgxFDASBgNVBAMMC1d1cnplbCBaUyAzggEC +MB8GA1UdEQQYMBaBFEdwZzR3aW5Vc2VyQUB0ZXN0LmhxMA0GCSqGSIb3DQEBBAUA +A4GBAJUyqMxwRCmBPX9B0jrNlaURS7cBYmmHlYRrCi147ZUPicGz+E0Sg7enfhlD +cIjDaTZTQyoUT8Dru9KanhgjnnXJN01URfhM1EN8UZz1AOs3BsIMAKsXmmz09kmB +0NFV2EoOHftPNIGa6bFhJDtgtnRK8ye3HKhGLFecMLW4r7Bn +-----END CERTIFICATE----- From cvs at cvs.gnupg.org Thu Dec 6 16:55:04 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 06 Dec 2007 16:55:04 +0100 Subject: [svn] GnuPG - r4642 - in trunk: . common sm Message-ID: Author: wk Date: 2007-12-06 16:55:03 +0100 (Thu, 06 Dec 2007) New Revision: 4642 Modified: trunk/NEWS trunk/common/audit.c trunk/common/audit.h trunk/sm/gpgsm.c trunk/sm/server.c trunk/sm/verify.c Log: More code for the audit log. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-04 15:00:14 UTC (rev 4641) +++ trunk/NEWS 2007-12-06 15:55:03 UTC (rev 4642) @@ -2,8 +2,8 @@ ------------------------------------------------ * Make sure that under Windows the file permissions of the socket are - taken into account. This required a change of our the socket - emulation code; thus old GnuPG modules can't be used anymore. + taken into account. This required a change of our socket emulation + code; thus old GnuPG modules can't be used anymore. * Fixed a crash in gpgconf. Modified: trunk/common/audit.c =================================================================== --- trunk/common/audit.c 2007-12-04 15:00:14 UTC (rev 4641) +++ trunk/common/audit.c 2007-12-06 15:55:03 UTC (rev 4642) @@ -19,9 +19,12 @@ #include #include +#include +#include +#include - #include "util.h" +#include "i18n.h" #include "audit.h" #include "audit-events.h" @@ -50,11 +53,21 @@ size_t logsize; /* The allocated size for LOG. */ size_t logused; /* The used size of LOG. */ + estream_t outstream; /* The current output stream. */ + int use_html; /* The output shall be HTML formatted. */ + int indentlevel; /* Current level of indentation. */ }; + +static void writeout_li (audit_ctx_t ctx, const char *oktext, + const char *format, ...) JNLIB_GCC_A_PRINTF(3,4); +static void writeout_rem (audit_ctx_t ctx, + const char *format, ...) JNLIB_GCC_A_PRINTF(2,3); + + static const char * event2str (audit_event_t event) { @@ -294,22 +307,486 @@ } +/* Write TEXT to the outstream. */ +static void +writeout (audit_ctx_t ctx, const char *text) +{ + if (ctx->use_html) + { + for (; *text; text++) + { + if (*text == '<') + es_fputs ("<", ctx->outstream); + else if (*text == '&') + es_fputs ("&", ctx->outstream); + else + es_putc (*text, ctx->outstream); + } + } + else + es_fputs (text, ctx->outstream); +} + +/* Write TEXT to the outstream using a variable argument list. */ +static void +writeout_v (audit_ctx_t ctx, const char *format, va_list arg_ptr) +{ + char *buf; + + estream_vasprintf (&buf, format, arg_ptr); + if (buf) + { + writeout (ctx, buf); + xfree (buf); + } + else + writeout (ctx, "[!!Out of core!!]"); +} + + +/* Write TEXT as a paragraph. */ +static void +writeout_para (audit_ctx_t ctx, const char *text) +{ + if (ctx->use_html) + es_fputs ("

", ctx->outstream); + writeout (ctx, text); + if (ctx->use_html) + es_fputs ("

\n", ctx->outstream); + else + es_fputc ('\n', ctx->outstream); +} + + +static void +enter_li (audit_ctx_t ctx) +{ + if (ctx->use_html) + { + if (!ctx->indentlevel) + { + es_fputs ("\n" + " \n" + " \n" + " \n" + " \n", + ctx->outstream); + } + } + ctx->indentlevel++; +} + + +static void +leave_li (audit_ctx_t ctx) +{ + ctx->indentlevel--; + if (ctx->use_html) + { + if (!ctx->indentlevel) + es_fputs ("
\n", ctx->outstream); + } +} + + +/* Write TEXT as a list element. If OKTEXT is not NULL, append it to + the last line. */ +static void +writeout_li (audit_ctx_t ctx, const char *oktext, const char *format, ...) +{ + va_list arg_ptr; + const char *color = NULL; + + if (ctx->use_html && format && oktext) + { + if (!strcmp (oktext, "OK") || !strcmp (oktext, "Yes")) + color = "green"; + else if (!strcmp (oktext, "FAIL") || !strcmp (oktext, "No")) + color = "red"; + } + + if (ctx->use_html) + { + int i; + + es_fputs ("
", ctx->outstream); + if (color) + es_fprintf (ctx->outstream, "*", color); + else + es_fputs ("*", ctx->outstream); + for (i=1; i < ctx->indentlevel; i++) + es_fputs ("  ", ctx->outstream); + es_fputs ("", ctx->outstream); + } + else + es_fprintf (ctx->outstream, "* %*s", (ctx->indentlevel-1)*2, ""); + if (format) + { + va_start (arg_ptr, format) ; + writeout_v (ctx, format, arg_ptr); + va_end (arg_ptr); + } + if (ctx->use_html) + es_fputs ("
", ctx->outstream); + if (format && oktext) + { + if (ctx->use_html) + { + es_fputs ("", ctx->outstream); + if (color) + es_fprintf (ctx->outstream, "", color); + } + else + writeout (ctx, ": "); + writeout (ctx, oktext); + if (color) + es_fputs ("", ctx->outstream); + } + + if (ctx->use_html) + es_fputs ("\n", ctx->outstream); + else + es_fputc ('\n', ctx->outstream); +} + + +/* Write a remark line. */ +static void +writeout_rem (audit_ctx_t ctx, const char *format, ...) +{ + va_list arg_ptr; + + if (ctx->use_html) + { + int i; + + es_fputs ("
*", ctx->outstream); + for (i=1; i < ctx->indentlevel; i++) + es_fputs ("  ", ctx->outstream); + es_fputs ("    (", ctx->outstream); + + } + else + es_fprintf (ctx->outstream, "* %*s (", (ctx->indentlevel-1)*2, ""); + if (format) + { + va_start (arg_ptr, format) ; + writeout_v (ctx, format, arg_ptr); + va_end (arg_ptr); + } + if (ctx->use_html) + es_fputs (")
\n", ctx->outstream); + else + es_fputs (")\n", ctx->outstream); +} + + +/* Return the first log item for EVENT. If STOPEVENT is not 0 never + look behind that event in the log. If STARTITEM is not NULL start + search _after_that item. */ +static log_item_t +find_next_log_item (audit_ctx_t ctx, log_item_t startitem, + audit_event_t event, audit_event_t stopevent) +{ + int idx; + + for (idx=0; idx < ctx->logused; idx++) + { + if (startitem) + { + if (ctx->log + idx == startitem) + startitem = NULL; + } + else if (stopevent && ctx->log[idx].event == stopevent) + break; + else if (ctx->log[idx].event == event) + return ctx->log + idx; + } + return NULL; +} + + +static log_item_t +find_log_item (audit_ctx_t ctx, audit_event_t event, audit_event_t stopevent) +{ + return find_next_log_item (ctx, NULL, event, stopevent); +} + + +/* Helper to a format a serial number. */ +static char * +format_serial (ksba_const_sexp_t sn) +{ + const char *p = (const char *)sn; + unsigned long n; + char *endp; + + if (!p) + return NULL; + if (*p != '(') + BUG (); /* Not a valid S-expression. */ + n = strtoul (p+1, &endp, 10); + p = endp; + if (*p != ':') + BUG (); /* Not a valid S-expression. */ + return bin2hex (p+1, n, NULL); +} + + +/* Return a malloced string with the serial number and the issuer DN + of the certificate. */ +static char * +get_cert_name (ksba_cert_t cert) +{ + char *result; + ksba_sexp_t sn; + char *issuer, *p; + + if (!cert) + return xtrystrdup ("[no certificate]"); + + issuer = ksba_cert_get_issuer (cert, 0); + sn = ksba_cert_get_serial (cert); + if (issuer && sn) + { + p = format_serial (sn); + if (!p) + result = xtrystrdup ("[invalid S/N]"); + else + { + result = xtrymalloc (strlen (p) + strlen (issuer) + 2 + 1); + if (result) + { + *result = '#'; + strcpy (stpcpy (stpcpy (result+1, p),"/"), issuer); + } + xfree (p); + } + } + else + result = xtrystrdup ("[missing S/N or issuer]"); + ksba_free (sn); + xfree (issuer); + return result; +} + +/* Return a malloced string with the serial number and the issuer DN + of the certificate. */ +static char * +get_cert_subject (ksba_cert_t cert, int idx) +{ + char *result; + char *subject; + + if (!cert) + return xtrystrdup ("[no certificate]"); + + subject = ksba_cert_get_subject (cert, idx); + if (subject) + { + result = xtrymalloc (strlen (subject) + 1 + 1); + if (result) + { + *result = '/'; + strcpy (result+1, subject); + } + } + else + result = NULL; + xfree (subject); + return result; +} + + +/* List the chain of certificates from STARTITEM up to STOPEVENT. The + certifcates are written out as comments. */ +static void +list_certchain (audit_ctx_t ctx, log_item_t startitem, audit_event_t stopevent) +{ + log_item_t item; + char *name; + int idx; + + startitem = find_next_log_item (ctx, startitem, AUDIT_CHAIN_BEGIN,stopevent); + if (!startitem) + { + writeout_li (ctx, gpg_strerror (GPG_ERR_MISSING_CERT) + , _("Certificate chain")); + return; + } + writeout_li (ctx, "OK", _("Certificate chain")); + item = find_next_log_item (ctx, startitem, + AUDIT_CHAIN_ROOTCERT, AUDIT_CHAIN_END); + if (!item) + writeout_rem (ctx, "%s", _("root certificate missing")); + else + { + name = get_cert_name (item->cert); + writeout_rem (ctx, "%s", name); + xfree (name); + } + item = startitem; + while ( ((item = find_next_log_item (ctx, item, + AUDIT_CHAIN_CERT, AUDIT_CHAIN_END)))) + { + name = get_cert_name (item->cert); + writeout_rem (ctx, "%s", name); + xfree (name); + enter_li (ctx); + for (idx=0; (name = get_cert_subject (item->cert, idx)); idx++) + { + writeout_rem (ctx, "%s", name); + xfree (name); + } + leave_li (ctx); + } +} + + + +/* Process a verification operation. */ +static void +proc_type_verify (audit_ctx_t ctx) +{ + log_item_t loopitem, item; + int signo, count, idx; + char numbuf[35]; + + enter_li (ctx); + + writeout_li (ctx, "fixme", "%s", _("Signature verification")); + enter_li (ctx); + + writeout_li (ctx, "fixme", "%s", _("Gpg-Agent ready")); + writeout_li (ctx, "fixme", "%s", _("Dirmngr ready")); + + item = find_log_item (ctx, AUDIT_GOT_DATA, AUDIT_NEW_SIG); + writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); + if (!item) + goto leave; + + item = find_log_item (ctx, AUDIT_NEW_SIG, 0); + writeout_li (ctx, item? "Yes":"No", "%s", _("Signature available")); + if (!item) + goto leave; + + item = find_log_item (ctx, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG); + if (item) + writeout_li (ctx, "OK", "%s", _("Parsing signature")); + else + { + item = find_log_item (ctx, AUDIT_BAD_DATA_HASH_ALGO, AUDIT_NEW_SIG); + if (item) + { + writeout_li (ctx,"FAIL", "%s", _("Parsing signature")); + writeout_rem (ctx, _("Bad hash algorithm: %s"), + item->string? item->string:"?"); + } + else + writeout_li (ctx, "FAIL", "%s", _("Parsing signature") ); + goto leave; + } + + /* Loop over all signatures. */ + loopitem = find_log_item (ctx, AUDIT_NEW_SIG, 0); + assert (loopitem); + do + { + signo = loopitem->have_intvalue? loopitem->intvalue : -1; + + item = find_next_log_item (ctx, loopitem, + AUDIT_SIG_STATUS, AUDIT_NEW_SIG); + writeout_li (ctx, item? item->string:"?", _("Signature %d"), signo); + item = find_next_log_item (ctx, loopitem, + AUDIT_SIG_NAME, AUDIT_NEW_SIG); + if (item) + writeout_rem (ctx, "%s", item->string); + enter_li (ctx); + + /* List the certificate chain. */ + list_certchain (ctx, loopitem, AUDIT_NEW_SIG); + + /* Show the result of the chain validation. */ + item = find_next_log_item (ctx, loopitem, + AUDIT_CHAIN_STATUS, AUDIT_NEW_SIG); + if (item && item->have_err) + { + writeout_li (ctx, item->err? "FAIL":"OK", + _("Validation of certificate chain")); + if (item->err) + writeout_rem (ctx, "%s", gpg_strerror (item->err)); + } + + /* Show whether the root certificate is fine. */ + writeout_li (ctx, "No", "%s", _("Root certificate trustworthy")); + + /* Show result of the CRL/OCSP check. */ + writeout_li (ctx, "-", "%s", _("CRL/OCSP check of certificates")); + + + leave_li (ctx); + } + while ((loopitem = find_next_log_item (ctx, loopitem, AUDIT_NEW_SIG, 0))); + + + leave: + /* Always list the certificates stored in the signature. */ + item = NULL; + count = 0; + while ( ((item = find_next_log_item (ctx, item, + AUDIT_SAVE_CERT, AUDIT_NEW_SIG)))) + count++; + snprintf (numbuf, sizeof numbuf, "%d", count); + writeout_li (ctx, numbuf, _("Included certificates")); + item = NULL; + while ( ((item = find_next_log_item (ctx, item, + AUDIT_SAVE_CERT, AUDIT_NEW_SIG)))) + { + char *name = get_cert_name (item->cert); + writeout_rem (ctx, "%s", name); + xfree (name); + enter_li (ctx); + for (idx=0; (name = get_cert_subject (item->cert, idx)); idx++) + { + writeout_rem (ctx, "%s", name); + xfree (name); + } + leave_li (ctx); + } + + leave_li (ctx); + leave_li (ctx); +} + + + + /* Print the formatted audit result. THIS IS WORK IN PROGRESS. */ void -audit_print_result (audit_ctx_t ctx, estream_t out) +audit_print_result (audit_ctx_t ctx, estream_t out, int use_html) { int idx; int maxlen; size_t n; - es_fputs ("
\n", out); + if (getenv ("use_html")) + use_html = 1; if (!ctx) - goto leave; + return; + + assert (!ctx->outstream); + ctx->outstream = out; + ctx->use_html = use_html; + ctx->indentlevel = 0; + + if (use_html) + es_fputs ("
\n", ctx->outstream); + if (!ctx->log || !ctx->logused) { - es_fprintf (out, "

AUDIT-LOG: No entries

\n"); + writeout_para (ctx, _("No audit log entries.")); goto leave; } @@ -320,24 +797,49 @@ maxlen = n; } - es_fputs ("
    \n", out); + if (use_html) + es_fputs ("
    \n", out);
       for (idx=0; idx < ctx->logused; idx++)
         {
    -      es_fprintf (out, " 
  • %-*s", + es_fprintf (out, "log: %-*s", maxlen, event2str (ctx->log[idx].event)); if (ctx->log[idx].have_intvalue) es_fprintf (out, " i=%d", ctx->log[idx].intvalue); if (ctx->log[idx].string) - es_fprintf (out, " s=`%s'", ctx->log[idx].string); + { + es_fputs (" s=`", out); + writeout (ctx, ctx->log[idx].string); + es_fputs ("'", out); + } if (ctx->log[idx].cert) es_fprintf (out, " has_cert"); if (ctx->log[idx].have_err) - es_fprintf (out, " err=\"%s\"", gpg_strerror (ctx->log[idx].err)); - es_fputs ("
  • \n", out); + { + es_fputs (" err=`", out); + writeout (ctx, gpg_strerror (ctx->log[idx].err)); + es_fputs ("'", out); + } + es_fputs ("\n", out); } - es_fputs ("
\n", out); + if (use_html) + es_fputs ("\n", out); + else + es_fputs ("\n", out); + switch (ctx->type) + { + case AUDIT_TYPE_NONE: + writeout_para (ctx, _("Audit of this operation is not supported.")); + break; + case AUDIT_TYPE_VERIFY: + proc_type_verify (ctx); + break; + } + leave: - es_fputs ("
\n", out); + if (use_html) + es_fputs ("
\n", ctx->outstream); + ctx->outstream = NULL; + ctx->use_html = 0; } Modified: trunk/common/audit.h =================================================================== --- trunk/common/audit.h 2007-12-04 15:00:14 UTC (rev 4641) +++ trunk/common/audit.h 2007-12-06 15:55:03 UTC (rev 4642) @@ -49,6 +49,9 @@ now. This indicates that all parameters are okay and we can start to process the actual data. */ + AUDIT_GOT_DATA, + /* Data to be processed has been seen. */ + AUDIT_DETACHED_SIGNATURE, /* The signature is a detached one. */ @@ -91,7 +94,7 @@ /* The name of a signer. This is the name or other identification data as known from the signature and not the name from the certificate used for verification. An example for STRING when - using CMS is:b "#1234/CN=Prostetnic Vogon Jeltz". */ + using CMS is: "#1234/CN=Prostetnic Vogon Jeltz". */ AUDIT_SIG_STATUS, /* string */ /* The signature status of the current signer. This is the last @@ -116,6 +119,8 @@ certificate chain. ROOTCERT is used for the trustanchor and CERT for all other certificates. */ + AUDIT_CHAIN_STATUS, /* err */ + /* Tells the final status of the chain validation. */ AUDIT_LAST_EVENT /* Marker for parsing this list. */ @@ -133,7 +138,7 @@ void audit_log_cert (audit_ctx_t ctx, audit_event_t event, ksba_cert_t cert, gpg_error_t err); -void audit_print_result (audit_ctx_t ctx, estream_t stream); +void audit_print_result (audit_ctx_t ctx, estream_t stream, int use_html); Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2007-12-04 15:00:14 UTC (rev 4641) +++ trunk/sm/gpgsm.c 2007-12-06 15:55:03 UTC (rev 4642) @@ -1676,7 +1676,7 @@ if (auditlog) { - audit_print_result (ctrl.audit, auditfp); + audit_print_result (ctrl.audit, auditfp, 0); audit_release (ctrl.audit); ctrl.audit = NULL; } Modified: trunk/sm/server.c =================================================================== --- trunk/sm/server.c 2007-12-04 15:00:14 UTC (rev 4641) +++ trunk/sm/server.c 2007-12-06 15:55:03 UTC (rev 4642) @@ -934,12 +934,15 @@ -/* GETAUDITLOG [--data] +/* GETAUDITLOG [--data] [--html] !!!WORK in PROGRESS!!! If --data is used, the output is send using D-lines and not to the source given by an OUTPUT command. + + If --html is used the output is formated as an XHTML block. This is + designed to be incorporated into a HTML document. */ static int cmd_getauditlog (assuan_context_t ctx, char *line) @@ -947,10 +950,11 @@ ctrl_t ctrl = assuan_get_pointer (ctx); int out_fd; estream_t out_stream; - int opt_data; + int opt_data, opt_html; int rc; opt_data = has_option (line, "--data"); + opt_html = has_option (line, "--html"); line = skip_options (line); if (!ctrl->audit) @@ -976,7 +980,7 @@ } } - audit_print_result (ctrl->audit, out_stream); + audit_print_result (ctrl->audit, out_stream, opt_html); rc = 0; es_fclose (out_stream); Modified: trunk/sm/verify.c =================================================================== --- trunk/sm/verify.c 2007-12-04 15:00:14 UTC (rev 4641) +++ trunk/sm/verify.c 2007-12-06 15:55:03 UTC (rev 4642) @@ -184,7 +184,10 @@ if (stopreason == KSBA_SR_NEED_HASH || stopreason == KSBA_SR_BEGIN_DATA) - { /* We are now able to enable the hash algorithms */ + { + audit_log (ctrl->audit, AUDIT_GOT_DATA); + + /* We are now able to enable the hash algorithms */ for (i=0; (algoid=ksba_cms_get_digest_algo_list (cms, i)); i++) { algo = gcry_md_map_name (algoid); @@ -535,6 +538,7 @@ xfree (buf); } + audit_log_ok (ctrl->audit, AUDIT_CHAIN_STATUS, rc); if (rc) /* of validate_chain */ { log_error ("invalid certification chain: %s\n", gpg_strerror (rc)); From cvs at cvs.gnupg.org Thu Dec 6 20:02:43 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 06 Dec 2007 20:02:43 +0100 Subject: [svn] GnuPG - r4643 - in trunk: common doc Message-ID: Author: wk Date: 2007-12-06 20:02:42 +0100 (Thu, 06 Dec 2007) New Revision: 4643 Modified: trunk/common/audit.c trunk/common/helpfile.c trunk/doc/gpgsm.texi trunk/doc/help.txt Log: Add support for help stuff to audit.c Modified: trunk/common/audit.c =================================================================== --- trunk/common/audit.c 2007-12-06 15:55:03 UTC (rev 4642) +++ trunk/common/audit.c 2007-12-06 19:02:42 UTC (rev 4643) @@ -28,6 +28,15 @@ #include "audit.h" #include "audit-events.h" +/* A list to maintain a list of helptags. */ +struct helptag_s +{ + struct helptag_s *next; + const char *name; +}; +typedef struct helptag_s *helptag_t; + + /* One log entry. */ struct log_item_s { @@ -56,17 +65,52 @@ estream_t outstream; /* The current output stream. */ int use_html; /* The output shall be HTML formatted. */ int indentlevel; /* Current level of indentation. */ + helptag_t helptags; /* List of help keys. */ }; +static void writeout_para (audit_ctx_t ctx, + const char *format, ...) JNLIB_GCC_A_PRINTF(2,3); static void writeout_li (audit_ctx_t ctx, const char *oktext, const char *format, ...) JNLIB_GCC_A_PRINTF(3,4); static void writeout_rem (audit_ctx_t ctx, const char *format, ...) JNLIB_GCC_A_PRINTF(2,3); +/* Add NAME to the list of help tags. NAME needs to be a const string + an this function merly stores this pointer. */ +static void +add_helptag (audit_ctx_t ctx, const char *name) +{ + helptag_t item; + + for (item=ctx->helptags; item; item = item->next) + if (!strcmp (item->name, name)) + return; /* Already in the list. */ + item = xtrycalloc (1, sizeof *item); + if (!item) + return; /* Don't care about memory problems. */ + item->name = name; + item->next = ctx->helptags; + ctx->helptags = item; +} + + +/* Remove all help tags from the context. */ +static void +clear_helptags (audit_ctx_t ctx) +{ + while (ctx->helptags) + { + helptag_t tmp = ctx->helptags->next; + xfree (ctx->helptags); + ctx->helptags = tmp; + } +} + + static const char * event2str (audit_event_t event) @@ -112,6 +156,7 @@ } xfree (ctx->log); } + clear_helptags (ctx); xfree (ctx); } @@ -347,11 +392,15 @@ /* Write TEXT as a paragraph. */ static void -writeout_para (audit_ctx_t ctx, const char *text) +writeout_para (audit_ctx_t ctx, const char *format, ...) { + va_list arg_ptr; + if (ctx->use_html) es_fputs ("

", ctx->outstream); - writeout (ctx, text); + va_start (arg_ptr, format) ; + writeout_v (ctx, format, arg_ptr); + va_end (arg_ptr); if (ctx->use_html) es_fputs ("

\n", ctx->outstream); else @@ -720,9 +769,11 @@ /* Show whether the root certificate is fine. */ writeout_li (ctx, "No", "%s", _("Root certificate trustworthy")); + add_helptag (ctx, "gpgsm.root-cert-not-trusted"); /* Show result of the CRL/OCSP check. */ writeout_li (ctx, "-", "%s", _("CRL/OCSP check of certificates")); + add_helptag (ctx, "gpgsm.ocsp-problem"); leave_li (ctx); @@ -769,6 +820,7 @@ int idx; int maxlen; size_t n; + helptag_t helptag; if (getenv ("use_html")) use_html = 1; @@ -780,6 +832,7 @@ ctx->outstream = out; ctx->use_html = use_html; ctx->indentlevel = 0; + clear_helptags (ctx); if (use_html) es_fputs ("
\n", ctx->outstream); @@ -836,10 +889,47 @@ break; } + + /* Show the help from the collected help tags. */ + if (ctx->helptags) + { + if (use_html) + { + es_fputs ("
\n", ctx->outstream); + if (ctx->helptags->next) + es_fputs ("
    \n", ctx->outstream); + } + else + es_fputs ("\n\n", ctx->outstream); + } + for (helptag = ctx->helptags; helptag; helptag = helptag->next) + { + char *text; + + if (use_html && ctx->helptags->next) + es_fputs ("
  • \n", ctx->outstream); + + text = gnupg_get_help_string (helptag->name, 0); + if (text) + { + writeout_para (ctx, "%s", text); + xfree (text); + } + else + writeout_para (ctx, _("No help available for `%s'."), helptag->name); + if (use_html && ctx->helptags->next) + es_fputs ("
  • \n", ctx->outstream); + if (helptag->next) + es_fputs ("\n", ctx->outstream); + } + if (use_html && ctx->helptags && ctx->helptags->next) + es_fputs ("
\n", ctx->outstream); + leave: if (use_html) es_fputs ("
\n", ctx->outstream); ctx->outstream = NULL; ctx->use_html = 0; + clear_helptags (ctx); } Modified: trunk/common/helpfile.c =================================================================== --- trunk/common/helpfile.c 2007-12-06 15:55:03 UTC (rev 4642) +++ trunk/common/helpfile.c 2007-12-06 19:02:42 UTC (rev 4643) @@ -254,6 +254,9 @@ if (!result) result = findkey_locale (key, locname, only_current_locale, gnupg_datadir ()); - + + if (result) + trim_trailing_spaces (result); + return result; } Modified: trunk/doc/gpgsm.texi =================================================================== --- trunk/doc/gpgsm.texi 2007-12-06 15:55:03 UTC (rev 4642) +++ trunk/doc/gpgsm.texi 2007-12-06 19:02:42 UTC (rev 4643) @@ -731,7 +731,7 @@ purposes. Note that even if a certificate is listed in this file, this does not -mean that thecertificate is trusted; in general the certificates listed +mean that the certificate is trusted; in general the certificates listed in this file need to be listed also in @file{trustlist.txt}. This is a global file an installed in the data directory @@ -753,6 +753,20 @@ Because this software has not yet been approved for use with such certificates, appropriate notices will be shown to indicate this fact. + at item help.txt + at cindex help.txt +This is plain text file with a few help entries used with + at command{pinentry} as well as a large list of help items for + at command{gpg} and @command{gpgsm}. The standard file has English help +texts; to install localized versions use filenames like @file{help.LL.txt} +with LL denoting the locale. GnuPG comes with a set of predefined help +files in the data directory (e.g. @file{/usr/share/gnupg/help.de.txt}) +and allows overriding of any help item by help files stored in the +system configuration directory (e.g. @file{/etc/gnupg/help.de.txt}). +For a reference of the help file's syntax, please see the installed + at file{help.txt} file. + + @end table @c man:.RE Modified: trunk/doc/help.txt =================================================================== --- trunk/doc/help.txt 2007-12-06 15:55:03 UTC (rev 4642) +++ trunk/doc/help.txt 2007-12-06 19:02:42 UTC (rev 4643) @@ -297,14 +297,20 @@ +.gpgsm.root-cert-not-trusted +# This text gets displayed by the audit log if +# a root certificates was not trusted. +The root certificate (the trust-anchor) is not trusted. Depending on +the configuration you may have been prompted to mark that root +certificate as trusted or you need to manually tell GnuPG to trust that +certificate. Trusted certificates are configured in the file +trustlist.txt in GnuPG's home directory. If you are in doubt, ask +your system administrator whether you should trust this certificate. - - - # Local variables: # mode: fundamental # coding: utf-8 From cvs at cvs.gnupg.org Mon Dec 10 10:33:07 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 10 Dec 2007 10:33:07 +0100 Subject: [svn] gcry - r1278 - tags Message-ID: Author: wk Date: 2007-12-10 10:33:07 +0100 (Mon, 10 Dec 2007) New Revision: 1278 Added: tags/libgcrypt-1.4.0/ Log: Released new stable version. Copied: tags/libgcrypt-1.4.0 (from rev 1277, trunk) From cvs at cvs.gnupg.org Mon Dec 10 10:17:28 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 10 Dec 2007 10:17:28 +0100 Subject: [svn] gcry - r1277 - in trunk: . cipher doc src Message-ID: Author: wk Date: 2007-12-10 10:17:25 +0100 (Mon, 10 Dec 2007) New Revision: 1277 Modified: trunk/ChangeLog trunk/NEWS trunk/README trunk/TODO trunk/autogen.sh trunk/cipher/ChangeLog trunk/cipher/rijndael.c trunk/cipher/rndhw.c trunk/configure.ac trunk/doc/gcrypt.texi trunk/src/ChangeLog trunk/src/hwfeatures.c trunk/src/secmem.c Log: Preparing 1.4.0. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/ChangeLog 2007-12-10 09:17:25 UTC (rev 1277) @@ -1,3 +1,13 @@ +2007-12-10 Werner Koch + + Released 1.4.0. + + * configure.ac: Set LT to C15/A4/R3. + +2007-12-05 Werner Koch + + * configure.ac: Add option --disable-padlock-support. + 2007-12-03 Werner Koch Released 1.3.2. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/NEWS 2007-12-10 09:17:25 UTC (rev 1277) @@ -1,7 +1,10 @@ -Noteworthy changes in version 1.4.0 +Noteworthy changes in version 1.4.0 (2007-12-10) ------------------------------------------------ + * New configure option --disable-padlock-support which is mostly + useful in case of build problems. + Noteworthy changes in version 1.3.2 (2007-12-03) ------------------------------------------------ Modified: trunk/README =================================================================== --- trunk/README 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/README 2007-12-10 09:17:25 UTC (rev 1277) @@ -1,11 +1,7 @@ libgcrypt - The GNU crypto library ------------------------------------ - Version 1.3.x + Version 1.4.0 - WARNING: This is the development branch of Libgcrypt. The stable - version is 1.2.x. - - Copyright 2000, 2002, 2003, 2004, 2007 Free Software Foundation, Inc. This file is free software; as a special exception the author gives @@ -22,16 +18,59 @@ -------- Libgcrypt is a general purpose crypto library based on the code - used in GnuPG. We can't start with a new version number because - libgcrypt was part of GnuPG 1.1 and some applications already used - it and tested for the version number. We believe that the API can - stay as it is, except that new functions may be added in the - future. + used in GnuPG. Libgcrypt depends on the library `libgpg-error', + which must be installed correctly before Libgcrypt is to be built. + Libgcrypt is distributed under the LGPL, see the section "License" + below for details. - Libgcrypt depends on the library `libgpg-error', which must be - installed correctly before Libgcrypt is to be built. + Build Instructions + ------------------ + The download canonical location for libgcrypt is: + + ftp://ftp.gnupg.org/gcrypt/libgcrypt/ + + To build libgcrypt you need libgpg-error: + + ftp://ftp.gnupg.org/gcrypt/libgpg-error/ + + You should get the latest versions of course. + + After building and installing the libgpg-error package, you may + continue with Libgcrypt installation As with allmost all GNU + packages, you just have to do + + ./configure + make + make check + make install + + The "make check" is not required but a good idea to see whether + the library works as expected. The check takes some while and + prints some benchmarking results. Before doing "make install" you + probably need to become root. + + To build libgcrypt for Microsoft Windows, you need to have the + mingw32 cross-building toolchain installed. Instead of running a + plain configure you use + + ./autogen.sh --build-w32 + make + make install + + By default this command sequences expectsd a libgpg-error + installed below $HOME/w32root and installs libgcrypt to that + directory too. See the autogen.sh code for details. + + The documentation is available as an Info file (gcrypt.info). To + build documentation in PDF, run this: + + cd doc + make pdf + + + Mailing List ------------ @@ -41,32 +80,6 @@ list is available at http://lists.gnupg.org . - License - ------- - - The library is distributed under the terms of the GNU Lesser - General Public License (LGPL); see the file COPYING.LIB for the - actual terms. The helper programs (gcryptrnd and getrandom) as - well as the documentation are distributed under the terms of the - GNU General Public License (GPL); see the file COPYING for teh - actual terms. - - This library used to be available under the GPL - this was changed - with version 1.1.7 with the rationale that there are now many free - crypto libraries available and many of them come with capabilities - similar to Libcrypt. We decided that to foster the use of - cryptography in Free Software an LGPLed library would make more - sense because it avoids problems due to license incompatibilities - between some Free Software licenses and the GPL. - - Please note that in many cases it is better for a library to be - licensed under the GPL, so that it provides an advantage for free - software projects. The Lesser GPL is so named because it does - less to protect the freedom of the users of the code that it - covers. See http://www.gnu.org/philosophy/why-not-lgpl.html for - more explanation. - - Configure options ----------------- Here is a list of configure options which are sometimes useful @@ -142,11 +155,54 @@ auto - Compile linux, egd and unix in and automagically select at runtime. + --disable-padlock-support + Disable support for the PadLock engine of VIA + processors. The default is to use PadLock if + available. Try this if you get problems with + assembler code. + License + ------- + + The library is distributed under the terms of the GNU Lesser + General Public License (LGPL); see the file COPYING.LIB for the + actual terms. The helper programs (gcryptrnd and getrandom) as + well as the documentation are distributed under the terms of the + GNU General Public License (GPL); see the file COPYING for teh + actual terms. + + This library used to be available under the GPL - this was changed + with version 1.1.7 with the rationale that there are now many free + crypto libraries available and many of them come with capabilities + similar to Libcrypt. We decided that to foster the use of + cryptography in Free Software an LGPLed library would make more + sense because it avoids problems due to license incompatibilities + between some Free Software licenses and the GPL. + + Please note that in many cases it is better for a library to be + licensed under the GPL, so that it provides an advantage for free + software projects. The Lesser GPL is so named because it does + less to protect the freedom of the users of the code that it + covers. See http://www.gnu.org/philosophy/why-not-lgpl.html for + more explanation. + + Contact ------- See the file AUTHORS. + Commercial grade support for Libgcrypt is available; please see + http://www.gnupg.org/service.html . + + + This file is Free Software; as a special exception the authors gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. For conditions + of the whole package, please see the file COPYING. This file is + distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY, to the extent permitted by law; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + Modified: trunk/TODO =================================================================== --- trunk/TODO 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/TODO 2007-12-10 09:17:25 UTC (rev 1277) @@ -3,12 +3,14 @@ * Next API break: ** gcry_ac_io_t Remove use of anonymous union. +** gcry_ac + Consider to remove it. * udiv-qrnbd.o should get build as *.lo [HPUX] -* Allow operation using RSA keys consisting of the OpenSSL list of - parameters and allow for a third form where the private Exponent - is not given (saves space). +* Allow operation using RSA keys consisting of the OpenSSL keys. + This requires the introduction of a parameter names (say) U which + is calculated according to OpenSSL/PKCS#1 rules. * Add a warning to the manual, to check that libgcrypt actually has been compiled with thread support when used by a threaded @@ -20,13 +22,6 @@ * Add attributes to the MPI functions. -* In case the ac interface will be more popular than the pk interface, - the asymmetric ciphers could be changed for convenient interaction - with the ac interface (i.e. by using ac's `data sets') and the pk - interface could be changed to be a wrapper for the ac interface. - ==> It is unlikely that we will do that. The AC interafce turned - out to be more complicated than the regular one. - * cipher/pubkey.c and pubkey implementaions. Don't rely on the secure memory based wiping function but add an extra wiping. Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/autogen.sh 2007-12-10 09:17:25 UTC (rev 1277) @@ -77,7 +77,8 @@ ./configure --enable-maintainer-mode --prefix=${w32root} \ --host=${host} --build=${build} \ - --with-gpg-error-prefix=${w32root} + --with-gpg-error-prefix=${w32root} \ + --disable-padlock-support exit $? fi # ***** end W32 build script ******* Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/cipher/ChangeLog 2007-12-10 09:17:25 UTC (rev 1277) @@ -1,5 +1,8 @@ 2007-12-05 Werner Koch + * rijndael.c (USE_PADLOCK): Depend on ENABLE_PADLOCK_SUPPORT. + * rndhw.c (USE_PADLOCK): Ditto + * rsa.c (secret): Fixed condition test for using CRT. Reported by Dean Scarff. Fixes bug#864. (_gcry_rsa_check_secret_key): Return an erro if the optional Modified: trunk/cipher/rijndael.c =================================================================== --- trunk/cipher/rijndael.c 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/cipher/rijndael.c 2007-12-10 09:17:25 UTC (rev 1277) @@ -48,11 +48,12 @@ /* USE_PADLOCK indicates whether to compile the padlock specific code. */ #undef USE_PADLOCK -#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) -#define USE_PADLOCK -#endif +#ifdef ENABLE_PADLOCK_SUPPORT +# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) +# define USE_PADLOCK +# endif +#endif /*ENABLE_PADLOCK_SUPPORT*/ - static const char *selftest(void); typedef struct Modified: trunk/cipher/rndhw.c =================================================================== --- trunk/cipher/rndhw.c 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/cipher/rndhw.c 2007-12-10 09:17:25 UTC (rev 1277) @@ -27,9 +27,11 @@ #include "rand-internal.h" #undef USE_PADLOCK -#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) -#define USE_PADLOCK -#endif +#ifdef ENABLE_PADLOCK_SUPPORT +# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) +# define USE_PADLOCK +# endif +#endif /*ENABLE_PADLOCK_SUPPORT*/ /* Keep track on whether the RNG has problems. */ static volatile int rng_failed; Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/configure.ac 2007-12-10 09:17:25 UTC (rev 1277) @@ -1,6 +1,6 @@ # Configure.ac script for Libgcrypt -# Copyright (C) 1998, 1999, 2000, 2001, 2002 -# 2003, 2004, 2006 Free Software Foundation, Inc. +# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006, +# 2007 Free Software Foundation, Inc. # # This file is part of Libgcrypt. # @@ -27,8 +27,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.3.3]) -m4_define([my_issvn], [yes]) +m4_define([my_version], [1.4.0]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) @@ -40,7 +40,7 @@ # (No interfaces changed: REVISION++) LIBGCRYPT_LT_CURRENT=15 LIBGCRYPT_LT_AGE=4 -LIBGCRYPT_LT_REVISION=2 +LIBGCRYPT_LT_REVISION=3 # If the API is changed in an incompatible way: increment the next counter. @@ -281,7 +281,6 @@ AC_DEFINE(DISABLED_ENDIAN_CHECK,1,[configure did not test for endianess]) fi - AC_CHECK_SIZEOF(unsigned short, 2) AC_CHECK_SIZEOF(unsigned int, 4) AC_CHECK_SIZEOF(unsigned long, 4) @@ -422,10 +421,10 @@ # Implementation of --disable-asm. -AC_MSG_CHECKING([whether assembler modules are requested]) +AC_MSG_CHECKING([whether MPI assembler modules are requested]) AC_ARG_ENABLE([asm], AC_HELP_STRING([--disable-asm], - [Disable assembler modules]), + [Disable MPI assembler modules]), [try_asm_modules=$enableval], [try_asm_modules=yes]) AC_MSG_RESULT($try_asm_modules) @@ -433,9 +432,10 @@ # Implementation of the --enable-m-guard switch. AC_MSG_CHECKING([whether memory guard is requested]) AC_ARG_ENABLE(m-guard, - [ --enable-m-guard enable memory guard facility], - use_m_guard=$enableval, use_m_guard=no) - AC_MSG_RESULT($use_m_guard) + AC_HELP_STRING([--enable-m-guard], + [Enable memory guard facility]), + [use_m_guard=$enableval], [use_m_guard=no]) +AC_MSG_RESULT($use_m_guard) if test "$use_m_guard" = yes ; then AC_DEFINE(M_GUARD,1,[Define to use the (obsolete) malloc guarding feature]) fi @@ -444,10 +444,26 @@ # Check whether we want to use Linux capabilities AC_MSG_CHECKING([whether use of capabilities is requested]) AC_ARG_WITH(capabilities, - [ --with-capabilities use linux capabilities [default=no]], -[use_capabilities="$withval"],[use_capabilities=no]) + AC_HELP_STRING([--with-capabilities], + [Use linux capabilities [default=no]]), + [use_capabilities="$withval"],[use_capabilities=no]) AC_MSG_RESULT($use_capabilities) + +# Implementation of the --disable-padlock-support switch. +AC_MSG_CHECKING([whether padlock support is requested]) +AC_ARG_ENABLE(padlock-support, + AC_HELP_STRING([--disable-padlock-support], + [Disable support for the PadLock Engine of VIA processors]), + padlocksupport=$enableval,padlocksupport=yes) +AC_MSG_RESULT($padlocksupport) +if test x"$padlocksupport" = xyes ; then + AC_DEFINE(ENABLE_PADLOCK_SUPPORT, 1, + [Enable support for the PadLock engine.]) +fi + + + AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME", [A human readable text with the name of the OS]) @@ -655,7 +671,7 @@ && test "$gcry_cv_gcc_has_f_visibility" = "yes" then AC_DEFINE(GCRY_USE_VISIBILITY, 1, - [Define to use the GNU C visibility attribute]) + [Define to use the GNU C visibility attribute.]) CFLAGS="$CFLAGS -fvisibility=hidden" fi Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/doc/gcrypt.texi 2007-12-10 09:17:25 UTC (rev 1277) @@ -2256,13 +2256,31 @@ @item p-mpi RSA secret prime @math{p}. @item q-mpi -RSA secret prime @math{q} with @math{q > p}. +RSA secret prime @math{q} with @math{p < q}. @item u-mpi -multiplicative inverse @math{u = p^{-1} \bmod q}. +Multiplicative inverse @math{u = p^{-1} \bmod q}. @end table +For signing and decryption the parameters @math{(p, q, u)} are optional +but greatly improve the performance. Either all of these optional +parameters must be given or none of them. They are mandatory for +gcry_pk_testkey. +Note that OpenSSL uses slighly different parameters: @math{q < p} and + @math{u = q^{-1} \bmod p}. To use these parameters you will need to +swap the values and recompute @math{u}. Here is example code to do this: + at example + if (gcry_mpi_cmp (p, q) > 0) + @{ + gcry_mpi_swap (p, q); + gcry_mpi_invm (u, p, q); + @} + at end example + + + + @node DSA key parameters @subsection DSA key parameters @@ -2993,9 +3011,9 @@ former chapter, this one follows an open/use/close paradigm like other building blocks of the library. - at strong{This interface as some known problems; most noteworthy an -inherent tendency to leak memory. It might even be removed in a some -future version of Libgcrypt.} + at strong{This interface has a few known problems; most noteworthy an +inherent tendency to leak memory. It might not be available in +forthcoming versions Libgcrypt.} @menu @@ -3273,7 +3291,7 @@ In case non-standard settings are wanted, a pointer to a structure of type @code{gcry_ac_key_spec__t}, matching the selected algorithm, can be given as @var{key_spec}. @var{misc_data} is not -used yet. Such a structure does only exist for RSA. A descriptions +used yet. Such a structure does only exist for RSA. A description of the members of the supported structures follows. @table @code Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/src/ChangeLog 2007-12-10 09:17:25 UTC (rev 1277) @@ -1,3 +1,7 @@ +2007-12-05 Werner Koch + + * hwfeatures.c (detect_ia32_gnuc): Depend on ENABLE_PADLOCK_SUPPORT. + 2007-12-03 Werner Koch * misc.c (_gcry_logv): Use abort for error levels fatal and bug as Modified: trunk/src/hwfeatures.c =================================================================== --- trunk/src/hwfeatures.c 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/src/hwfeatures.c 2007-12-10 09:17:25 UTC (rev 1277) @@ -44,6 +44,9 @@ static void detect_ia32_gnuc (void) { +#ifdef ENABLE_PADLOCK_SUPPORT + /* The code here is only useful for the PadLock engine thus we don't + build it if that support has been disabled. */ int has_cpuid = 0; char vendor_id[12+1]; @@ -137,9 +140,8 @@ : "%eax", "%edx", "cc" ); } - +#endif /*ENABLE_PADLOCK_SUPPORT*/ } - #endif /* __i386__ && SIZEOF_UNSIGNED_LONG == 4 && __GNUC__ */ Modified: trunk/src/secmem.c =================================================================== --- trunk/src/secmem.c 2007-12-05 09:50:50 UTC (rev 1276) +++ trunk/src/secmem.c 2007-12-10 09:17:25 UTC (rev 1277) @@ -103,7 +103,7 @@ ptr_into_pool_p (const void *p) { /* We need to convert pointers to addresses. This is required by - C-99 6.5.8 to avoid undefeined behavious. Using size_t is at + C-99 6.5.8 to avoid undefined behaviour. Using size_t is at least only implementation defined. See also http://lists.gnupg.org/pipermail/gcrypt-devel/2007-February/001102.html */ From cvs at cvs.gnupg.org Mon Dec 10 10:56:30 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 10 Dec 2007 10:56:30 +0100 Subject: [svn] GpgOL - r202 - in trunk: . doc po src Message-ID: Author: wk Date: 2007-12-10 10:56:28 +0100 (Mon, 10 Dec 2007) New Revision: 202 Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac trunk/doc/gpgol.texi trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/config-dialog.c trunk/src/engine-assuan.c trunk/src/engine.c trunk/src/ext-commands.cpp Log: Preapring a release Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/ChangeLog 2007-12-10 09:56:28 UTC (rev 202) @@ -1,3 +1,7 @@ +2007-12-10 Werner Koch + + Released 0.10.3 development version. + 2007-11-12 Werner Koch Released 0.10.2 development version. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/NEWS 2007-12-10 09:56:28 UTC (rev 202) @@ -1,14 +1,21 @@ -Noteworthy changes for version 0.10.2 (2007-11-12) +Noteworthy changes for version 0.10.3 (2007-12-10) ================================================== UNDER HEAVY DEVELOPMENT - DO NOT USE FOR PRODUCTION! - Under OL2007 some menu entries are missing. + * Minor fixes. + + +Noteworthy changes for version 0.10.2 (2007-11-12) +================================================== + * New menu items to select the default protocol. * Code cleanups. + Noteworthy changes for version 0.10.1 (2007-10-22) ================================================== Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/configure.ac 2007-12-10 09:56:28 UTC (rev 202) @@ -16,7 +16,7 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [0.10.2]) +m4_define([my_version], [0.10.3]) m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ Modified: trunk/doc/gpgol.texi =================================================================== --- trunk/doc/gpgol.texi 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/doc/gpgol.texi 2007-12-10 09:56:28 UTC (rev 202) @@ -115,7 +115,15 @@ @chapter Introduction To debug GpgOL you should set the Registry entry - at code{HKCU\Software\Gnu\GnuPG:enableDebug} to the string value @code{1}. + at code{HKCU\Software\Gnu\GpgOL:enableDebug} to the string value @code{1}: + + at cartouche + at example +[HKEY_CURRENT_USER\Software\GNU\GpgOL] +"enableDebug"="1" + at end example + at end cartouche + This allows easy setting of a debug file by using the extended options menu and enables a few extra menu items. @@ -154,12 +162,13 @@ @deffn Command RECIPIENT @var{string} Set the recipient for the encryption. @var{string} is an RFC-2822 -recipient name. This command may or may not check the recipient for -validity right away; if it does not all recipients are expected to be -checked at the time of the @code{ENCRYPT} command. All @code{RECIPIENT} -commands are cumulative until a successful @code{ENCRYPT} command or -until a @code{RESET} command. Linefeeds are obviously not allowed in - at var{string} and should be folded into spaces (which are equivalent). +recipient name ("mailbox" as per section 3.4). This command may or may +not check the recipient for validity right away; if it does not all +recipients are expected to be checked at the time of the @code{ENCRYPT} +command. All @code{RECIPIENT} commands are cumulative until a +successful @code{ENCRYPT} command or until a @code{RESET} command. +Linefeeds are obviously not allowed in @var{string} and should be folded +into spaces (which are equivalent). @end deffn @noindent @@ -205,7 +214,7 @@ encryption are all the recipients set so far. If any recipient is not usable the server should take appropriate measures to notify the user about the problem and may cancel the operation by returning an error -code. The used file descriptors are a void after this command; the +code. The used file descriptors are void after this command; the recipient list is only cleared if the server returns success. @noindent @@ -331,7 +340,7 @@ @deffn {Status line} MICALG @var{string} The @var{string} represents the hash algorithm used to create the -signature. It is used with MOSS style signature messaged and defined by +signature. It is used with MOSS style signature messages and defined by PGP/MIME (RFC-3156) and S/MIME (RFC-3851). The GPGME library has a supporting function @code{gpgme_hash_algo_name} to return the algorithm name as a string. This string needs to be lowercased and for OpenPGP @@ -379,7 +388,7 @@ The server needs to support the verification of opaque signatures as well as detached signatures. The kind of input sources controls what -kind message is to be verified. +kind message is to be verified. @deffn Command MESSAGE FD=@var{n} This command is used with detached signatures to set the file descriptor @@ -406,7 +415,7 @@ @noindent The verification is then started using: - at deffn Command VERIFY - at w{}-protocol=@var{name} + at deffn Command VERIFY - at w{}-protocol=@var{name} [- at w{}-silent] @var{name} is the signing protocol used for the message. For a description of the allowed protocols see the @code{ENCRYPT} command. This argument is mandatory. Depending on the combination of @@ -426,9 +435,10 @@ @end table @end deffn - at noindent -The client expects the server to send at least this status information -before the final OK response: +With @option{--silent} the server shall not display any dialog; this is +for example used by the client to get the content of opaque signed +messages. The client expects the server to send at least this status +information before the final OK response: @deffn {Status line} SIGSTATUS @var{flag} @var{displaystring} Returns the status for the signature and a short string explaining the @@ -462,6 +472,7 @@ The server shall send one status line for every signature found on the message. + @end deffn @@ -615,13 +626,13 @@ @table @code - at item HKLM\Software\Gnu\GnuPG:Install Directory + at item HKLM\Software\GNU\GnuPG:Install Directory This is used by GnuPG to describe the directory where GnupG has been installed. GpgOL requires this to get the location of the localedir which is used to show translated strings (@file{gpgol.mo}). It is further used to check whether GnuPG has been installed at all. - at item HKCU\Software\Gnu\GnuPG:UI Server + at item HKCU\Software\GNU\GnuPG:UI Server If the UI server could not be connected, GpgOL tries to start the one given in this entry. It is assumed that the UI server is stored in the @code{Install Directory} (as described above). This Registry entry @@ -632,33 +643,33 @@ In case the UI server requires the socket name as an argument, the placeholder @code{$s} may be used to indicate this. Due to this feature -it is required that all verbatim dollar are too be doubled. If the -actual program name contains spaces the program name nees to be enclosed +it is required that all verbatim dollar signs are doubled. If the +actual program name contains spaces the program name needs to be enclosed in quotes. - at item HKCU\Software\Gnu\GnuPG:enableDebug + at item HKCU\Software\GNU\GpgOL:enableDebug Setting this key to the string @code{1} enables a few extra features in the UI, useful only for debugging. - at itemx HKCU\Software\Gnu\GnuPG:logFile + at itemx HKCU\Software\GNU\GpgOL:logFile If the value is not empty, GpgOL takes this as a log file and appends debug information to this file. The file may get very large. - at itemx HKCU\Software\Gnu\GnuPG:compatFlags + at itemx HKCU\Software\GNU\GpgOL:compatFlags This is a string consisting of @code{0} and @code{1} to enable certain compatibility flags. Not generally useful; use the source for a description. - at item HKCU\Software\Gnu\GnuPG:enableSmime - at itemx HKCU\Software\Gnu\GnuPG:defaultProtocol - at itemx HKCU\Software\Gnu\GnuPG:encryptDefault - at itemx HKCU\Software\Gnu\GnuPG:signDefault - at itemx HKCU\Software\Gnu\GnuPG:previewDecrypt - at itemx HKCU\Software\Gnu\GnuPG:storePasswdTime - at itemx HKCU\Software\Gnu\GnuPG:encodingFormat - at itemx HKCU\Software\Gnu\GnuPG:defaultKey - at itemx HKCU\Software\Gnu\GnuPG:enableDefaultKey - at itemx HKCU\Software\Gnu\GnuPG:preferHtml + at item HKCU\Software\GNU\GpgOL:enableSmime + at itemx HKCU\Software\GNU\GpgOL:defaultProtocol + at itemx HKCU\Software\GNU\GpgOL:encryptDefault + at itemx HKCU\Software\GNU\GpgOL:signDefault + at itemx HKCU\Software\GNU\GpgOL:previewDecrypt + at itemx HKCU\Software\GNU\GpgOL:storePasswdTime + at itemx HKCU\Software\GNU\GpgOL:encodingFormat + at itemx HKCU\Software\GNU\GpgOL:defaultKey + at itemx HKCU\Software\GNU\GpgOL:enableDefaultKey + at itemx HKCU\Software\GNU\GpgOL:preferHtml These registry keys store the values from the configuration dialog. @end table Modified: trunk/po/de.po =================================================================== --- trunk/po/de.po 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/po/de.po 2007-12-10 09:56:28 UTC (rev 202) @@ -7,8 +7,8 @@ msgstr "" "Project-Id-Version: GpgOL 0.10.0\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" -"POT-Creation-Date: 2007-11-12 15:15+0100\n" -"PO-Revision-Date: 2007-11-12 15:14+0100\n" +"POT-Creation-Date: 2007-12-07 08:44+0100\n" +"PO-Revision-Date: 2007-12-07 08:44+0100\n" "Last-Translator: Werner Koch \n" "Language-Team: de\n" "MIME-Version: 1.0\n" @@ -53,8 +53,8 @@ msgstr "Debugausgabe (zur Problemanalyse)" #: src/config-dialog.c:307 -msgid "Select GPG Key Manager" -msgstr "Das Schl?sselverwaltungsprogramm festlegen" +msgid "Select Certificate Manager" +msgstr "GnuPG Zertifikats&verwaltung" #: src/engine.c:363 msgid "" @@ -70,7 +70,7 @@ "Diese ist allerdings sehr vereinfacht und kann z.B. keine S/MIME " "verschl?sselten Nachrichten entschl?sseln." -#: src/engine.c:367 src/ext-commands.cpp:659 src/main.c:603 src/main.c:609 +#: src/engine.c:367 src/ext-commands.cpp:663 src/main.c:603 src/main.c:609 msgid "GpgOL" msgstr "GpgOL" @@ -208,123 +208,115 @@ msgid "*** End Notation ***\n" msgstr "*** Ende Notation ***\n" -#: src/ext-commands.cpp:427 +#: src/ext-commands.cpp:431 msgid "&Decrypt and verify message" msgstr "Entschl?sseln/Pr?fen der Nachricht" -#: src/ext-commands.cpp:428 +#: src/ext-commands.cpp:432 msgid "&Verify signature" msgstr "&Unterschrift pr?fen" -#: src/ext-commands.cpp:429 +#: src/ext-commands.cpp:433 msgid "&Display crypto information" msgstr "~Krypto Informationen anzeigen" -#: src/ext-commands.cpp:436 src/ext-commands.cpp:787 +#: src/ext-commands.cpp:440 src/ext-commands.cpp:791 msgid "Decrypt message and verify signature" msgstr "Nachricht entschl?sseln und Unterschrift pr?fen" -#: src/ext-commands.cpp:443 +#: src/ext-commands.cpp:447 msgid ">GnuPG protocol" msgstr ">GnuPG Protokoll" -#: src/ext-commands.cpp:444 +#: src/ext-commands.cpp:448 msgid "auto" msgstr "automatisch" -#: src/ext-commands.cpp:445 +#: src/ext-commands.cpp:449 msgid "PGP/MIME" msgstr "PGP/MIME" -#: src/ext-commands.cpp:446 +#: src/ext-commands.cpp:450 msgid "S/MIME" msgstr "S/MIME" -#: src/ext-commands.cpp:448 +#: src/ext-commands.cpp:452 msgid "&encrypt message with GnuPG" msgstr "Nachricht mit GnuPG verschl?sseln" -#: src/ext-commands.cpp:449 +#: src/ext-commands.cpp:453 msgid "&sign message with GnuPG" msgstr "Nachricht mit GnuPG unterschreiben" -#: src/ext-commands.cpp:453 +#: src/ext-commands.cpp:457 src/ext-commands.cpp:830 msgid "Encrypt message with GnuPG" msgstr "Nachricht mit GnuPG verschl?sseln" -#: src/ext-commands.cpp:454 +#: src/ext-commands.cpp:458 src/ext-commands.cpp:840 msgid "Sign message with GnuPG" msgstr "Nachricht mit GnuPG unterschreiben" -#: src/ext-commands.cpp:489 +#: src/ext-commands.cpp:493 msgid "GnuPG Certificate &Manager" msgstr "GnuPG Zertifikats&verwaltung" -#: src/ext-commands.cpp:493 +#: src/ext-commands.cpp:497 msgid "Open the certificate manager" msgstr "Die Zertifikatsverwaltung ?ffnen" -#: src/ext-commands.cpp:658 +#: src/ext-commands.cpp:662 msgid "Could not start certificate manager" msgstr "Die Zertifikatsverwaltung konnte nicht aufgerufen werden" -#: src/ext-commands.cpp:701 +#: src/ext-commands.cpp:705 msgid "Select this option to decrypt and verify the message." msgstr "" "W?hlen Sie diese Option um die Nachricht zu entschl?sseln bzw. zu " "verifizieren." -#: src/ext-commands.cpp:708 +#: src/ext-commands.cpp:712 msgid "Select this option to show information on the crypto status" msgstr "" "W?hlen Sie diese Option um Informationen ?ber den Krypto-Status der " "Nachricht anzuzeigen." -#: src/ext-commands.cpp:716 src/ext-commands.cpp:806 +#: src/ext-commands.cpp:720 src/ext-commands.cpp:810 msgid "Check the signature now and display the result" msgstr "Die digitale Unterschrift jetzt pr?fen und das Resultat anzeigen" -#: src/ext-commands.cpp:723 +#: src/ext-commands.cpp:727 msgid "Select this option to automatically select the protocol." msgstr "W?hlen Sie diese Option zum das Protokoll automatisch auszuw?hlen." -#: src/ext-commands.cpp:730 +#: src/ext-commands.cpp:734 msgid "Select this option to select the PGP/MIME protocol." msgstr "W?hlen Sie diese Option zum das PGP/MIME Protokoll auszuw?hlen." -#: src/ext-commands.cpp:737 +#: src/ext-commands.cpp:741 msgid "Select this option to select the S/MIME protocol." msgstr "W?hlen Sie diese Option zum das S/MIME Protokoll auszuw?hlen." -#: src/ext-commands.cpp:744 +#: src/ext-commands.cpp:748 msgid "Select this option to encrypt the message." msgstr "W?hlen Sie diese Option zum Verschl?sseln der Nachricht." -#: src/ext-commands.cpp:751 +#: src/ext-commands.cpp:755 msgid "Select this option to sign the message." msgstr "W?hlen Sie diese Option zum Unterschreiben der Nachricht." -#: src/ext-commands.cpp:758 +#: src/ext-commands.cpp:762 msgid "Select this option to open the certificate manager" msgstr "W?hlen Sie diese Option zum die Zertifikatsverwaltung zu ?ffenen." -#: src/ext-commands.cpp:796 +#: src/ext-commands.cpp:800 msgid "Show S/MIME status info" msgstr "S/MIME Status Informationen anzeigen" -#: src/ext-commands.cpp:816 +#: src/ext-commands.cpp:820 msgid "Use S/MIME for sign/encrypt" msgstr "S/MIME zum signieren/verschl?sseln verwenden" -#: src/ext-commands.cpp:826 -msgid "Encrypt message with GPG" -msgstr "Nachricht mit GnuPG unterschreiben" - -#: src/ext-commands.cpp:836 -msgid "Sign message with GPG" -msgstr "Nachricht mit GnuPG unterschreiben" - -#: src/ext-commands.cpp:846 +#: src/ext-commands.cpp:850 msgid "Open the GpgOL certificate manager" msgstr "Zertifikatsverwaltung von GpgOL ?ffnen" @@ -681,6 +673,15 @@ msgid "S/MIME Verification Result" msgstr "S/MIME Pr?fungsresultat" +#~ msgid "Select GPG Key Manager" +#~ msgstr "Das Schl?sselverwaltungsprogramm festlegen" + +#~ msgid "Encrypt message with GPG" +#~ msgstr "Nachricht mit GnuPG verschl?sseln" + +#~ msgid "Sign message with GPG" +#~ msgstr "Nachricht mit GnuPG unterschreiben" + #~ msgid "use S/MIME protocol" #~ msgstr "S/MIME verwenden" Modified: trunk/po/sv.po =================================================================== --- trunk/po/sv.po 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/po/sv.po 2007-12-10 09:56:28 UTC (rev 202) @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: GPGol\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" -"POT-Creation-Date: 2007-11-12 15:15+0100\n" +"POT-Creation-Date: 2007-12-07 08:44+0100\n" "PO-Revision-Date: 2006-12-12 23:52+0100\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" @@ -53,8 +53,9 @@ msgstr "" #: src/config-dialog.c:307 -msgid "Select GPG Key Manager" -msgstr "V?lj GPG-nyckelhanterare" +#, fuzzy +msgid "Select Certificate Manager" +msgstr "GPG-nyckel&hanterare" #: src/engine.c:363 msgid "" @@ -65,7 +66,7 @@ "are not readable." msgstr "" -#: src/engine.c:367 src/ext-commands.cpp:659 src/main.c:603 src/main.c:609 +#: src/engine.c:367 src/ext-commands.cpp:663 src/main.c:603 src/main.c:609 msgid "GpgOL" msgstr "" @@ -206,134 +207,125 @@ msgid "*** End Notation ***\n" msgstr "*** Notation slut ***\n" -#: src/ext-commands.cpp:427 +#: src/ext-commands.cpp:431 msgid "&Decrypt and verify message" msgstr "&Dekryptera och validera meddelandet" -#: src/ext-commands.cpp:428 +#: src/ext-commands.cpp:432 #, fuzzy msgid "&Verify signature" msgstr "FELAKTIG signatur!" -#: src/ext-commands.cpp:429 +#: src/ext-commands.cpp:433 msgid "&Display crypto information" msgstr "" -#: src/ext-commands.cpp:436 src/ext-commands.cpp:787 +#: src/ext-commands.cpp:440 src/ext-commands.cpp:791 msgid "Decrypt message and verify signature" msgstr "Dekryptera meddelandet och validera signaturen" -#: src/ext-commands.cpp:443 +#: src/ext-commands.cpp:447 msgid ">GnuPG protocol" msgstr "" -#: src/ext-commands.cpp:444 +#: src/ext-commands.cpp:448 msgid "auto" msgstr "" -#: src/ext-commands.cpp:445 +#: src/ext-commands.cpp:449 #, fuzzy msgid "PGP/MIME" msgstr "[PGP/MIME-meddelande]" -#: src/ext-commands.cpp:446 +#: src/ext-commands.cpp:450 msgid "S/MIME" msgstr "" -#: src/ext-commands.cpp:448 +#: src/ext-commands.cpp:452 #, fuzzy msgid "&encrypt message with GnuPG" msgstr "Signera meddelandet med GPG" -#: src/ext-commands.cpp:449 +#: src/ext-commands.cpp:453 #, fuzzy msgid "&sign message with GnuPG" msgstr "Signera meddelandet med GPG" -#: src/ext-commands.cpp:453 +#: src/ext-commands.cpp:457 src/ext-commands.cpp:830 #, fuzzy msgid "Encrypt message with GnuPG" msgstr "Signera meddelandet med GPG" -#: src/ext-commands.cpp:454 +#: src/ext-commands.cpp:458 src/ext-commands.cpp:840 #, fuzzy msgid "Sign message with GnuPG" msgstr "Signera meddelandet med GPG" -#: src/ext-commands.cpp:489 +#: src/ext-commands.cpp:493 #, fuzzy msgid "GnuPG Certificate &Manager" msgstr "GPG-nyckel&hanterare" -#: src/ext-commands.cpp:493 +#: src/ext-commands.cpp:497 msgid "Open the certificate manager" msgstr "" -#: src/ext-commands.cpp:658 +#: src/ext-commands.cpp:662 #, fuzzy msgid "Could not start certificate manager" msgstr "Kunde inte starta nyckelhanteraren" -#: src/ext-commands.cpp:701 +#: src/ext-commands.cpp:705 #, fuzzy msgid "Select this option to decrypt and verify the message." msgstr "V?lj det h?r alternativet f?r att kryptera meddelandet." -#: src/ext-commands.cpp:708 +#: src/ext-commands.cpp:712 #, fuzzy msgid "Select this option to show information on the crypto status" msgstr "V?lj det h?r alternativet f?r att signera meddelandet." -#: src/ext-commands.cpp:716 src/ext-commands.cpp:806 +#: src/ext-commands.cpp:720 src/ext-commands.cpp:810 msgid "Check the signature now and display the result" msgstr "" -#: src/ext-commands.cpp:723 +#: src/ext-commands.cpp:727 #, fuzzy msgid "Select this option to automatically select the protocol." msgstr "V?lj det h?r alternativet f?r att kryptera meddelandet." -#: src/ext-commands.cpp:730 +#: src/ext-commands.cpp:734 #, fuzzy msgid "Select this option to select the PGP/MIME protocol." msgstr "V?lj det h?r alternativet f?r att kryptera meddelandet." -#: src/ext-commands.cpp:737 +#: src/ext-commands.cpp:741 #, fuzzy msgid "Select this option to select the S/MIME protocol." msgstr "V?lj det h?r alternativet f?r att kryptera meddelandet." -#: src/ext-commands.cpp:744 +#: src/ext-commands.cpp:748 msgid "Select this option to encrypt the message." msgstr "V?lj det h?r alternativet f?r att kryptera meddelandet." -#: src/ext-commands.cpp:751 +#: src/ext-commands.cpp:755 msgid "Select this option to sign the message." msgstr "V?lj det h?r alternativet f?r att signera meddelandet." -#: src/ext-commands.cpp:758 +#: src/ext-commands.cpp:762 #, fuzzy msgid "Select this option to open the certificate manager" msgstr "V?lj det h?r alternativet f?r att kryptera meddelandet." -#: src/ext-commands.cpp:796 +#: src/ext-commands.cpp:800 msgid "Show S/MIME status info" msgstr "" -#: src/ext-commands.cpp:816 +#: src/ext-commands.cpp:820 msgid "Use S/MIME for sign/encrypt" msgstr "" -#: src/ext-commands.cpp:826 -#, fuzzy -msgid "Encrypt message with GPG" -msgstr "Signera meddelandet med GPG" - -#: src/ext-commands.cpp:836 -msgid "Sign message with GPG" -msgstr "Signera meddelandet med GPG" - -#: src/ext-commands.cpp:846 +#: src/ext-commands.cpp:850 msgid "Open the GpgOL certificate manager" msgstr "" @@ -656,7 +648,17 @@ msgid "S/MIME Verification Result" msgstr "Resultat fr?n validering" +#~ msgid "Select GPG Key Manager" +#~ msgstr "V?lj GPG-nyckelhanterare" + #, fuzzy +#~ msgid "Encrypt message with GPG" +#~ msgstr "Signera meddelandet med GPG" + +#~ msgid "Sign message with GPG" +#~ msgstr "Signera meddelandet med GPG" + +#, fuzzy #~ msgid "Select this option to select the OpenPGP protocol." #~ msgstr "V?lj det h?r alternativet f?r att kryptera meddelandet." Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/src/ChangeLog 2007-12-10 09:56:28 UTC (rev 202) @@ -1,3 +1,9 @@ +2007-12-07 Werner Koch + + * ext-commands.cpp (InstallCommands): Removed toolbar button fro + decrypt as this is not anymore needed. Fixes bug#860. + (QueryHelpText): Ditto. + 2007-11-12 Werner Koch * olflange.h (class GpgolExt): Rename m_gpgSelectSmime to Modified: trunk/src/config-dialog.c =================================================================== --- trunk/src/config-dialog.c 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/src/config-dialog.c 2007-12-10 09:56:28 UTC (rev 202) @@ -304,7 +304,7 @@ case WM_COMMAND: switch (LOWORD (wparam)) { case IDC_OPT_SEL_KEYMAN_PATH: - buf = get_open_file_name (NULL, _("Select GPG Key Manager")); + buf = get_open_file_name (NULL, _("Select Certificate Manager")); if (buf && *buf) SetDlgItemText (dlg, IDC_OPT_KEYMAN_PATH, buf); break; Modified: trunk/src/engine-assuan.c =================================================================== --- trunk/src/engine-assuan.c 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/src/engine-assuan.c 2007-12-10 09:56:28 UTC (rev 202) @@ -733,9 +733,9 @@ { if (errno == EAGAIN) { - log_debug ("%s:%s: [%s:%p] ignoring EAGAIN from callback", - SRCNAME, __func__, item->name, item->hd); - Sleep (0); +/* log_debug ("%s:%s: [%s:%p] ignoring EAGAIN from callback", */ +/* SRCNAME, __func__, item->name, item->hd); */ + Sleep (10); retval = 1; } else @@ -825,7 +825,7 @@ for (;;) { /* Process our queue and fire up async I/O requests. */ - log_debug ("%s:%s: processing work queue", SRCNAME, __func__); +/* log_debug ("%s:%s: processing work queue", SRCNAME, __func__); */ EnterCriticalSection (&work_queue_lock); hdarraylen = 0; hdarray[hdarraylen++] = work_queue_event; @@ -874,14 +874,14 @@ SRCNAME, __func__, count); else { - log_debug ("%s:%s: %d items in queue; waiting for %d items:", - SRCNAME, __func__, count, hdarraylen-1); - for (item = work_queue; item; item = item->next) - { - if (item->waiting) - log_debug ("%s:%s: [%s:%p]", - SRCNAME, __func__, item->name, item->hd); - } +/* log_debug ("%s:%s: %d items in queue; waiting for %d items:", */ +/* SRCNAME, __func__, count, hdarraylen-1); */ +/* for (item = work_queue; item; item = item->next) */ +/* { */ +/* if (item->waiting) */ +/* log_debug ("%s:%s: [%s:%p]", */ +/* SRCNAME, __func__, item->name, item->hd); */ +/* } */ n = WaitForMultipleObjects (hdarraylen, hdarray, FALSE, INFINITE); if (n == WAIT_FAILED) { @@ -890,7 +890,7 @@ } else if (n >= 0 && n < hdarraylen) { - log_debug ("%s:%s: WFMO succeeded (res=%d)",SRCNAME,__func__, n); +/* log_debug ("%s:%s: WFMO succeeded (res=%d)",SRCNAME,__func__, n); */ } else { @@ -901,7 +901,7 @@ /* Handle completion status. */ EnterCriticalSection (&work_queue_lock); - log_debug ("%s:%s: checking completion states", SRCNAME, __func__); +/* log_debug ("%s:%s: checking completion states", SRCNAME, __func__); */ for (item = work_queue; item; item = item->next) { if (!item->io_pending) @@ -950,7 +950,7 @@ Sleep (0); EnterCriticalSection (&work_queue_lock); - log_debug ("%s:%s: cleaning up work queue", SRCNAME, __func__); +/* log_debug ("%s:%s: cleaning up work queue", SRCNAME, __func__); */ for (item = work_queue; item; item = item->next) { if (item->used && (item->got_ready || item->got_error)) Modified: trunk/src/engine.c =================================================================== --- trunk/src/engine.c 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/src/engine.c 2007-12-10 09:56:28 UTC (rev 202) @@ -41,7 +41,7 @@ SRCNAME, __func__, __LINE__); \ } while (0) -static int debug_filter = 1; +static int debug_filter = 0; /* This variable indicates whether the assuan engine is used. */ static int use_assuan; @@ -224,7 +224,7 @@ if (filter->in.nonblock) { errno = EAGAIN; - if (debug_filter) + if (debug_filter > 1) log_debug ("%s:%s: leave; result=EAGAIN\n", SRCNAME, __func__); return -1; } @@ -280,7 +280,7 @@ if (filter->out.nonblock) { errno = EAGAIN; - if (debug_filter) + if (debug_filter > 1) log_debug ("%s:%s: leave; result=EAGAIN\n", SRCNAME, __func__); return -1; } Modified: trunk/src/ext-commands.cpp =================================================================== --- trunk/src/ext-commands.cpp 2007-12-05 12:24:44 UTC (rev 201) +++ trunk/src/ext-commands.cpp 2007-12-10 09:56:28 UTC (rev 202) @@ -262,6 +262,10 @@ tb_info->next = m_toolbar_info; m_toolbar_info = tb_info; + log_debug ("%s:%s: ctx=%lx button_id=%d cmd_id=%d '%s'\n", + SRCNAME, __func__, m_lContext, + tb_info->button_id, tb_info->cmd_id, tb_info->desc); + } } va_end (arg_ptr); @@ -431,10 +435,6 @@ opt.enable_debug? "Debug-1 (open_inspector)":"", &m_nCmdDebug1, opt.enable_debug? "Debug-2 (n/a)":"", &m_nCmdDebug2, NULL); - - add_toolbar (pTBEArray, nTBECnt, - _("Decrypt message and verify signature"), IDB_DECRYPT, m_nCmdDecrypt, - NULL, 0, 0); } else if (m_lContext == EECONTEXT_SENDNOTEMESSAGE) { @@ -778,16 +778,7 @@ LPTSTR pszText, UINT nCharCnt) { - if (nCommandID == m_nCmdDecrypt - && m_lContext == EECONTEXT_READNOTEMESSAGE) - { - if (lFlags == EECQHT_STATUS) - lstrcpyn (pszText, ".", nCharCnt); - if (lFlags == EECQHT_TOOLTIP) - lstrcpyn (pszText, _("Decrypt message and verify signature"), - nCharCnt); - } - else if (nCommandID == m_nCmdShowInfo + if (nCommandID == m_nCmdShowInfo && m_lContext == EECONTEXT_READNOTEMESSAGE) { if (lFlags == EECQHT_STATUS) @@ -823,7 +814,7 @@ lstrcpyn (pszText, ".", nCharCnt); if (lFlags == EECQHT_TOOLTIP) lstrcpyn (pszText, - _("Encrypt message with GPG"), + _("Encrypt message with GnuPG"), nCharCnt); } else if (nCommandID == m_nCmdSign @@ -833,7 +824,7 @@ lstrcpyn (pszText, ".", nCharCnt); if (lFlags == EECQHT_TOOLTIP) lstrcpyn (pszText, - _("Sign message with GPG"), + _("Sign message with GnuPG"), nCharCnt); } else if (nCommandID == m_nCmdKeyManager @@ -877,6 +868,10 @@ if (!tb_info) return S_FALSE; /* Not one of our toolbar buttons. */ + log_debug ("%s:%s: ctx=%lx tbid=%ld button_id(req)=%d got=%d cmd_id=%d '%s'\n", + SRCNAME, __func__, m_lContext, toolbarid, buttonid, + tb_info->button_id, tb_info->cmd_id, tb_info->desc); + pTBB->iBitmap = tb_info->bitmap; pTBB->idCommand = tb_info->cmd_id; pTBB->fsState = TBSTATE_ENABLED; From cvs at cvs.gnupg.org Mon Dec 10 11:00:38 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 10 Dec 2007 11:00:38 +0100 Subject: [svn] GpgOL - r203 - tags Message-ID: Author: wk Date: 2007-12-10 11:00:38 +0100 (Mon, 10 Dec 2007) New Revision: 203 Added: tags/gpgol-0.10.3/ Log: Release Copied: tags/gpgol-0.10.3 (from rev 202, trunk) From cvs at cvs.gnupg.org Mon Dec 10 16:19:36 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 10 Dec 2007 16:19:36 +0100 Subject: [svn] GnuPG - r4644 - in trunk: g10 scd Message-ID: Author: wk Date: 2007-12-10 16:19:34 +0100 (Mon, 10 Dec 2007) New Revision: 4644 Modified: trunk/g10/ChangeLog trunk/g10/import.c trunk/g10/misc.c trunk/scd/ChangeLog trunk/scd/app-openpgp.c Log: Fix for bug 851. Fixed auto generation of the stub key for the card. Allow to encrypt toElgamal encryption keys of type 20. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-12-06 19:02:42 UTC (rev 4643) +++ trunk/g10/ChangeLog 2007-12-10 15:19:34 UTC (rev 4644) @@ -1,3 +1,15 @@ +2007-12-10 Werner Koch + + * import.c (auto_create_card_key_stub): Do not clear the entire + fingerprint. This finally makes the stub creation work. My past + tests seemed to work because there was a key with a all zero + fingerprint available (Elgamal signing keys). + +2007-12-08 Werner Koch + + * misc.c (openpgp_pk_algo_usage): Allow Elgamal type 20 for + encryption. + 2007-12-04 Werner Koch * helptext.c (get_help_from_file): New. Modified: trunk/g10/import.c =================================================================== --- trunk/g10/import.c 2007-12-06 19:02:42 UTC (rev 4643) +++ trunk/g10/import.c 2007-12-10 15:19:34 UTC (rev 4644) @@ -2355,7 +2355,8 @@ size_t an; fingerprint_from_pk (pk, afp, &an); - memset (afp, 0, MAX_FINGERPRINT_LEN); + if (an < MAX_FINGERPRINT_LEN) + memset (afp+an, 0, MAX_FINGERPRINT_LEN-an); rc = keydb_search_fpr (hd, afp); } @@ -2410,4 +2411,3 @@ keydb_release (hd); return rc; } - Modified: trunk/g10/misc.c =================================================================== --- trunk/g10/misc.c 2007-12-06 19:02:42 UTC (rev 4643) +++ trunk/g10/misc.c 2007-12-10 15:19:34 UTC (rev 4644) @@ -379,6 +379,7 @@ case PUBKEY_ALGO_RSA_S: use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; break; + case PUBKEY_ALGO_ELGAMAL: case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2007-12-06 19:02:42 UTC (rev 4643) +++ trunk/scd/ChangeLog 2007-12-10 15:19:34 UTC (rev 4644) @@ -1,3 +1,8 @@ +2007-12-10 Werner Koch + + * app-openpgp.c (do_decipher): Take care of cryptograms shiorther + that 128 bytes. Fixes bug#851. + 2007-11-14 Werner Koch * scdaemon.c (main): Pass STANDARD_SOCKET flag to Modified: trunk/scd/app-openpgp.c =================================================================== --- trunk/scd/app-openpgp.c 2007-12-06 19:02:42 UTC (rev 4643) +++ trunk/scd/app-openpgp.c 2007-12-10 15:19:34 UTC (rev 4644) @@ -1,5 +1,5 @@ /* app-openpgp.c - The OpenPGP card application. - * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -2456,8 +2456,49 @@ rc = verify_chv2 (app, pincb, pincb_arg); if (!rc) - rc = iso7816_decipher (app->slot, indata, indatalen, 0, - outdata, outdatalen); + { + size_t fixuplen; + + /* We might encounter a couple of leading zeroes in the + cryptogram. Due to internal use of MPIs thease leading + zeroes are stripped. However the OpenPGp card expects + exactly 128 bytes for the cryptogram (for a 1k key). Thus we + need to fix it up. We do this for up to 16 leading zero + bytes; a cryptogram with more than this is with a very high + probability anyway broken. */ + if (indatalen >= (128-16) && indatalen < 128) /* 1024 bit key. */ + fixuplen = 128 - indatalen; + else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key. */ + fixuplen = 256 - indatalen; + else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key. */ + fixuplen = 192 - indatalen; + else + fixuplen = 0; + if (fixuplen) + { + unsigned char *fixbuf; + + /* While we have to prepend stuff anyway, we can also + include the padding byte here so that iso1816_decipher + does not need to do yet another data mangling. */ + fixuplen++; + fixbuf = xtrymalloc (fixuplen + indatalen); + if (!fixbuf) + rc = gpg_error_from_syserror (); + else + { + memset (fixbuf, 0, fixuplen); + memcpy (fixbuf+fixuplen, indata, indatalen); + rc = iso7816_decipher (app->slot, fixbuf, fixuplen+indatalen, -1, + outdata, outdatalen); + xfree (fixbuf); + } + + } + else + rc = iso7816_decipher (app->slot, indata, indatalen, 0, + outdata, outdatalen); + } return rc; } From cvs at cvs.gnupg.org Mon Dec 10 17:44:39 2007 From: cvs at cvs.gnupg.org (svn author marcus) Date: Mon, 10 Dec 2007 17:44:39 +0100 Subject: [svn] GnuPG - r4646 - trunk/tools Message-ID: Author: marcus Date: 2007-12-10 17:44:38 +0100 (Mon, 10 Dec 2007) New Revision: 4646 Modified: trunk/tools/ChangeLog trunk/tools/gpgconf-comp.c Log: 2007-12-10 Marcus Brinkmann * gpgconf-comp.c (gc_component_list_options): Fix up expert level of group. Modified: trunk/tools/ChangeLog =================================================================== --- trunk/tools/ChangeLog 2007-12-10 15:34:20 UTC (rev 4645) +++ trunk/tools/ChangeLog 2007-12-10 16:44:38 UTC (rev 4646) @@ -1,3 +1,8 @@ +2007-12-10 Marcus Brinkmann + + * gpgconf-comp.c (gc_component_list_options): Fix up expert level + of group. + 2007-12-04 Marcus Brinkmann * gpgconf-comp.c (gc_component_list_components): Do not print a Modified: trunk/tools/gpgconf-comp.c =================================================================== --- trunk/tools/gpgconf-comp.c 2007-12-10 15:34:20 UTC (rev 4645) +++ trunk/tools/gpgconf-comp.c 2007-12-10 16:44:38 UTC (rev 4646) @@ -1531,7 +1531,6 @@ gc_component_list_options (int component, FILE *out) { const gc_option_t *option = gc_component[component].options; - const gc_option_t *group_option = NULL; while (option && option->name) { @@ -1544,17 +1543,38 @@ } if (option->flags & GC_OPT_FLAG_GROUP) - group_option = option; - else { - if (group_option) + const gc_option_t *group_option = option + 1; + gc_expert_level_t level = GC_LEVEL_NR; + + /* The manual states that the group level is always the + minimum of the levels of all contained options. Due to + different active options, and because it is hard to + maintain manually, we calculate it here. The value in + the global static table is ignored. */ + + while (group_option->name) { - list_one_option (group_option, out); - group_option = NULL; + if (group_option->flags & GC_OPT_FLAG_GROUP) + break; + if (group_option->level < level) + level = group_option->level; + group_option++; } - list_one_option (option, out); + /* Check if group is empty. */ + if (level != GC_LEVEL_NR) + { + gc_option_t opt_copy; + + /* Fix up the group level. */ + memcpy (&opt_copy, option, sizeof (opt)); + opt_copy.level = level; + list_one_option (&opt_copy, out); + } } + else + list_one_option (option, out); option++; } From cvs at cvs.gnupg.org Mon Dec 10 16:34:22 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 10 Dec 2007 16:34:22 +0100 Subject: [svn] GnuPG - r4645 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: wk Date: 2007-12-10 16:34:20 +0100 (Mon, 10 Dec 2007) New Revision: 4645 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/app-openpgp.c branches/STABLE-BRANCH-1-4/g10/cardglue.h branches/STABLE-BRANCH-1-4/g10/import.c branches/STABLE-BRANCH-1-4/g10/misc.c Log: Fixed auto generation of the key stub. Fixed bug 851. Allow decryption using type 20 Elgamal keys. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-12-10 15:19:34 UTC (rev 4644) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-12-10 15:34:20 UTC (rev 4645) @@ -1,3 +1,20 @@ +2007-12-10 Werner Koch + + * cardglue.h (gpg_error_from_syserror): New. + + * app-openpgp.c (do_decipher): Take care of cryptograms shorter + that 128 bytes. Fixes bug#851. + + * import.c (auto_create_card_key_stub): Do not clear the entire + fingerprint. This finally makes the stub creation work. My past + tests seemed to work because there was a key with a all zero + fingerprint available (Elgamal signing keys). + +2007-12-08 Werner Koch + + * misc.c (openpgp_pk_algo_usage): Allow Elgamal type 20 for + encryption. + 2007-12-03 Werner Koch * keygen.c (ask_key_flags): Add a translation remark and implement Modified: branches/STABLE-BRANCH-1-4/g10/app-openpgp.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/app-openpgp.c 2007-12-10 15:19:34 UTC (rev 4644) +++ branches/STABLE-BRANCH-1-4/g10/app-openpgp.c 2007-12-10 15:34:20 UTC (rev 4645) @@ -1,5 +1,5 @@ /* app-openpgp.c - The OpenPGP card application. - * Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc. + * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -2315,8 +2315,49 @@ rc = verify_chv2 (app, pincb, pincb_arg); if (!rc) - rc = iso7816_decipher (app->slot, indata, indatalen, 0, - outdata, outdatalen); + { + size_t fixuplen; + + /* We might encounter a couple of leading zeroes in the + cryptogram. Due to internal use of MPIs thease leading + zeroes are stripped. However the OpenPGP card expects + exactly 128 bytes for the cryptogram (for a 1k key). Thus we + need to fix it up. We do this for up to 16 leading zero + bytes; a cryptogram with more than this is with a very high + probability anyway broken. */ + if (indatalen >= (128-16) && indatalen < 128) /* 1024 bit key. */ + fixuplen = 128 - indatalen; + else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key. */ + fixuplen = 256 - indatalen; + else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key. */ + fixuplen = 192 - indatalen; + else + fixuplen = 0; + if (fixuplen) + { + unsigned char *fixbuf; + + /* While we have to prepend stuff anyway, we can also + include the padding byte here so that iso1816_decipher + does not need to do yet another data mangling. */ + fixuplen++; + fixbuf = xtrymalloc (fixuplen + indatalen); + if (!fixbuf) + rc = gpg_error_from_syserror (); + else + { + memset (fixbuf, 0, fixuplen); + memcpy (fixbuf+fixuplen, indata, indatalen); + rc = iso7816_decipher (app->slot, fixbuf, fixuplen+indatalen, -1, + outdata, outdatalen); + xfree (fixbuf); + } + } + else + rc = iso7816_decipher (app->slot, indata, indatalen, 0, + outdata, outdatalen); + } + return rc; } Modified: branches/STABLE-BRANCH-1-4/g10/cardglue.h =================================================================== --- branches/STABLE-BRANCH-1-4/g10/cardglue.h 2007-12-10 15:19:34 UTC (rev 4644) +++ branches/STABLE-BRANCH-1-4/g10/cardglue.h 2007-12-10 15:34:20 UTC (rev 4645) @@ -127,6 +127,7 @@ #define gpg_strerror(n) g10_errstr ((n)) #define gpg_error_from_errno(n) (G10ERR_GENERAL) /*FIXME*/ #define gpg_err_code_from_errno(n) (G10ERR_GENERAL) +#define gpg_error_from_syserror() (G10ERR_GENERAL) /*FIXME*/ /* We are not using it in a library, so we even let xtrymalloc abort. Because we won't never return from these malloc functions, Modified: branches/STABLE-BRANCH-1-4/g10/import.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/import.c 2007-12-10 15:19:34 UTC (rev 4644) +++ branches/STABLE-BRANCH-1-4/g10/import.c 2007-12-10 15:34:20 UTC (rev 4645) @@ -2348,7 +2348,8 @@ size_t an; fingerprint_from_pk (pk, afp, &an); - memset (afp, 0, MAX_FINGERPRINT_LEN); + if (an < MAX_FINGERPRINT_LEN) + memset (afp+an, 0, MAX_FINGERPRINT_LEN-an); rc = keydb_search_fpr (hd, afp); } Modified: branches/STABLE-BRANCH-1-4/g10/misc.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/misc.c 2007-12-10 15:19:34 UTC (rev 4644) +++ branches/STABLE-BRANCH-1-4/g10/misc.c 2007-12-10 15:34:20 UTC (rev 4645) @@ -413,6 +413,7 @@ case PUBKEY_ALGO_RSA_S: use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; break; + case PUBKEY_ALGO_ELGAMAL: case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; From cvs at cvs.gnupg.org Tue Dec 11 09:11:50 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Dec 2007 09:11:50 +0100 Subject: [svn] gcry - r1279 - in trunk: . src Message-ID: Author: wk Date: 2007-12-11 09:11:49 +0100 (Tue, 11 Dec 2007) New Revision: 1279 Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac trunk/src/ChangeLog trunk/src/visibility.c Log: Small build fixes from Tim Mooney. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-12-10 09:33:07 UTC (rev 1278) +++ trunk/ChangeLog 2007-12-11 08:11:49 UTC (rev 1279) @@ -1,3 +1,8 @@ +2007-12-11 Werner Koch + + * configure.ac: We actually require libgpg-error 1.4. Reported by + Tim Mooney. + 2007-12-10 Werner Koch Released 1.4.0. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-10 09:33:07 UTC (rev 1278) +++ trunk/NEWS 2007-12-11 08:11:49 UTC (rev 1279) @@ -1,3 +1,8 @@ +Noteworthy changes in version 1.4.1 +------------------------------------------------ + + + Noteworthy changes in version 1.4.0 (2007-12-10) ------------------------------------------------ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-12-10 09:33:07 UTC (rev 1278) +++ trunk/configure.ac 2007-12-11 08:11:49 UTC (rev 1279) @@ -27,8 +27,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.4.0]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.4.1]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) @@ -46,7 +46,7 @@ # If the API is changed in an incompatible way: increment the next counter. LIBGCRYPT_CONFIG_API_VERSION=1 -NEED_GPG_ERROR_VERSION=1.0 +NEED_GPG_ERROR_VERSION=1.4 BUILD_REVISION=svn_revision PACKAGE=$PACKAGE_NAME Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-12-10 09:33:07 UTC (rev 1278) +++ trunk/src/ChangeLog 2007-12-11 08:11:49 UTC (rev 1279) @@ -1,3 +1,9 @@ +2007-12-11 Werner Koch + + * visibility.c (gcry_md_hash_buffer): Don't use return vor a void + function. Hey, why does gcc not complain about this? + (gcry_ac_io_init_va): Ditto. + 2007-12-05 Werner Koch * hwfeatures.c (detect_ia32_gnuc): Depend on ENABLE_PADLOCK_SUPPORT. Modified: trunk/src/visibility.c =================================================================== --- trunk/src/visibility.c 2007-12-10 09:33:07 UTC (rev 1278) +++ trunk/src/visibility.c 2007-12-11 08:11:49 UTC (rev 1279) @@ -699,7 +699,7 @@ gcry_md_hash_buffer (int algo, void *digest, const void *buffer, size_t length) { - return _gcry_md_hash_buffer (algo, digest, buffer, length); + _gcry_md_hash_buffer (algo, digest, buffer, length); } int @@ -848,7 +848,7 @@ gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, va_list ap) { - return _gcry_ac_io_init_va (ac_io, mode, type, ap); + _gcry_ac_io_init_va (ac_io, mode, type, ap); } gcry_error_t From cvs at cvs.gnupg.org Tue Dec 11 14:21:33 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Dec 2007 14:21:33 +0100 Subject: [svn] GnuPG - r4648 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: wk Date: 2007-12-11 14:21:30 +0100 (Tue, 11 Dec 2007) New Revision: 4648 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/mainproc.c Log: Allow decryption using type 20 Elgamal keys. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-12-11 13:19:38 UTC (rev 4647) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-12-11 13:21:30 UTC (rev 4648) @@ -1,3 +1,8 @@ +2007-12-11 Werner Koch + + * mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for + decryption. + 2007-12-10 Werner Koch * cardglue.h (gpg_error_from_syserror): New. Modified: branches/STABLE-BRANCH-1-4/g10/mainproc.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/mainproc.c 2007-12-11 13:19:38 UTC (rev 4647) +++ branches/STABLE-BRANCH-1-4/g10/mainproc.c 2007-12-11 13:21:30 UTC (rev 4648) @@ -402,10 +402,17 @@ } } else if( is_ELGAMAL(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_DSA - || is_RSA(enc->pubkey_algo) ) { - /* FIXME: strore this all in a list and process it later */ + || enc->pubkey_algo == PUBKEY_ALGO_DSA + || is_RSA(enc->pubkey_algo) + || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) { + /* Note that we also allow type 20 Elgamal keys for decryption. + There are still a couple of those keys in active use as a + subkey. */ + /* FIXME: Store this all in a list and process it later so that + we can prioritize what key to use. This gives a better user + experience if wildcard keyids are used. */ + if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1]) || opt.try_all_secrets || !seckey_available( enc->keyid )) ) { From cvs at cvs.gnupg.org Tue Dec 11 14:34:08 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Dec 2007 14:34:08 +0100 Subject: [svn] gpg-error - r204 - trunk Message-ID: Author: wk Date: 2007-12-11 14:34:07 +0100 (Tue, 11 Dec 2007) New Revision: 204 Modified: trunk/COPYING.LIB trunk/ChangeLog trunk/Makefile.am Log: Make sure that COPYING and COPYING.LIB are both distributed Modified: trunk/COPYING.LIB =================================================================== --- trunk/COPYING.LIB 2007-10-29 20:05:31 UTC (rev 203) +++ trunk/COPYING.LIB 2007-12-11 13:34:07 UTC (rev 204) @@ -3,7 +3,7 @@ Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -57,7 +57,7 @@ that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. -^L + Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a @@ -113,7 +113,7 @@ "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. -^L + GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION @@ -218,7 +218,7 @@ ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. -^L + Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. @@ -269,7 +269,7 @@ distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. -^L + 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work @@ -331,7 +331,7 @@ accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. -^L + 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined @@ -372,7 +372,7 @@ restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. -^L + 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or @@ -425,7 +425,7 @@ the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. -^L + 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is @@ -459,7 +459,7 @@ DAMAGES. END OF TERMS AND CONDITIONS -^L + How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest @@ -490,7 +490,7 @@ You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-10-29 20:05:31 UTC (rev 203) +++ trunk/ChangeLog 2007-12-11 13:34:07 UTC (rev 204) @@ -1,3 +1,7 @@ +2007-12-11 Werner Koch + + * Makefile.am (EXTRA_DIST): Add COPYING. + 2007-10-29 Werner Koch Released 1.6. Modified: trunk/Makefile.am =================================================================== --- trunk/Makefile.am 2007-10-29 20:05:31 UTC (rev 203) +++ trunk/Makefile.am 2007-12-11 13:34:07 UTC (rev 204) @@ -20,7 +20,7 @@ ACLOCAL_AMFLAGS = -I m4 AUTOMAKE_OPTIONS = dist-bzip2 -EXTRA_DIST = autogen.sh config.rpath libgpg-error.spec.in +EXTRA_DIST = autogen.sh config.rpath libgpg-error.spec.in COPYING if LANGUAGES_SOME lang_subdirs = lang From cvs at cvs.gnupg.org Tue Dec 11 14:19:41 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Dec 2007 14:19:41 +0100 Subject: [svn] GnuPG - r4647 - trunk/g10 Message-ID: Author: wk Date: 2007-12-11 14:19:38 +0100 (Tue, 11 Dec 2007) New Revision: 4647 Modified: trunk/g10/ChangeLog trunk/g10/mainproc.c Log: Allow decryption using type 20 Elgamal keys. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-12-10 16:44:38 UTC (rev 4646) +++ trunk/g10/ChangeLog 2007-12-11 13:19:38 UTC (rev 4647) @@ -1,3 +1,8 @@ +2007-12-11 Werner Koch + + * mainproc.c (proc_pubkey_enc): Allo type 20 Elgamal key for + decryption. + 2007-12-10 Werner Koch * import.c (auto_create_card_key_stub): Do not clear the entire Modified: trunk/g10/mainproc.c =================================================================== --- trunk/g10/mainproc.c 2007-12-10 16:44:38 UTC (rev 4646) +++ trunk/g10/mainproc.c 2007-12-11 13:19:38 UTC (rev 4647) @@ -377,10 +377,16 @@ } } else if( is_ELGAMAL(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_DSA - || is_RSA(enc->pubkey_algo) ) { - /* FIXME: strore this all in a list and process it later */ + || enc->pubkey_algo == PUBKEY_ALGO_DSA + || is_RSA(enc->pubkey_algo) + || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) { + /* Note that we also allow type 20 Elgamal keys for decryption. + There are still a couple of those keys in active use as a + subkey. */ + /* FIXME: Store this all in a list and process it later so that + we can prioritize what key to use. This gives a better user + experience if wildcard keyids are used. */ if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1]) || opt.try_all_secrets || !seckey_available( enc->keyid )) ) { From cvs at cvs.gnupg.org Tue Dec 11 18:14:06 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Dec 2007 18:14:06 +0100 Subject: [svn] GnuPG - r4649 - branches/STABLE-BRANCH-1-4/cipher Message-ID: Author: wk Date: 2007-12-11 18:14:05 +0100 (Tue, 11 Dec 2007) New Revision: 4649 Modified: branches/STABLE-BRANCH-1-4/cipher/ChangeLog branches/STABLE-BRANCH-1-4/cipher/pubkey.c Log: Allow decryption using type 20 key. Modified: branches/STABLE-BRANCH-1-4/cipher/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/cipher/ChangeLog 2007-12-11 13:21:30 UTC (rev 4648) +++ branches/STABLE-BRANCH-1-4/cipher/ChangeLog 2007-12-11 17:14:05 UTC (rev 4649) @@ -1,3 +1,8 @@ +2007-12-11 Werner Koch + + * pubkey.c (check_pubkey_algo2): Hack to allow decryption using an + type 20 Elgamal key. + 2007-11-29 David Shaw * camellia-glue.c (camellia_get_info), cipher.c Modified: branches/STABLE-BRANCH-1-4/cipher/pubkey.c =================================================================== --- branches/STABLE-BRANCH-1-4/cipher/pubkey.c 2007-12-11 13:21:30 UTC (rev 4648) +++ branches/STABLE-BRANCH-1-4/cipher/pubkey.c 2007-12-11 17:14:05 UTC (rev 4649) @@ -272,6 +272,12 @@ { int i; + /* Map type 20 Elgamal algorithm to type 16 if it is used for + decryption. This allows to use legacy type 20 Elgamal keys for + decryption. */ + if (algo == PUBKEY_ALGO_ELGAMAL && use == PUBKEY_USAGE_ENC) + algo = PUBKEY_ALGO_ELGAMAL_E; + do { for(i=0; pubkey_table[i].name; i++ ) if( pubkey_table[i].algo == algo ) { From cvs at cvs.gnupg.org Wed Dec 12 11:28:36 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 12 Dec 2007 11:28:36 +0100 Subject: [svn] GnuPG - r4650 - in trunk: . common doc g10 include scd sm Message-ID: Author: wk Date: 2007-12-12 11:28:30 +0100 (Wed, 12 Dec 2007) New Revision: 4650 Modified: trunk/ChangeLog trunk/NEWS trunk/TODO trunk/common/ChangeLog trunk/common/asshelp.c trunk/common/audit.c trunk/common/audit.h trunk/configure.ac trunk/doc/help.de.txt trunk/doc/help.txt trunk/g10/ChangeLog trunk/g10/encode.c trunk/g10/encr-data.c trunk/g10/gpg.c trunk/g10/import.c trunk/g10/keyedit.c trunk/g10/main.h trunk/g10/mainproc.c trunk/g10/misc.c trunk/g10/parse-packet.c trunk/g10/pubkey-enc.c trunk/g10/sign.c trunk/include/ChangeLog trunk/include/cipher.h trunk/scd/ChangeLog trunk/scd/app-openpgp.c trunk/sm/ChangeLog trunk/sm/call-agent.c trunk/sm/call-dirmngr.c trunk/sm/certchain.c trunk/sm/encrypt.c trunk/sm/gpgsm.c trunk/sm/gpgsm.h trunk/sm/server.c Log: Support DSA2. Support Camellia for testing. More audit stuff. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/ChangeLog 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,3 +1,7 @@ +2007-12-12 Werner Koch + + * configure.ac (USE_CAMELLIA): Define by new option --enable-camellia. + 2007-12-03 Werner Koch * configure.ac: Add test gt_LC_MESSAGES.. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/NEWS 2007-12-12 10:28:30 UTC (rev 4650) @@ -14,7 +14,15 @@ * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the pinentry. + * Allow encryption using Elgamal keys with the algorithm id 20. + * Fixed the auto creation of the key stub for smartcards. + + * Fixed a rare bug in decryption using the OpenPGP card. + + * Creating DSA2 keys is now possible. + + Noteworthy changes in version 2.0.7 (2007-09-10) ------------------------------------------------ Modified: trunk/TODO =================================================================== --- trunk/TODO 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/TODO 2007-12-12 10:28:30 UTC (rev 4650) @@ -91,7 +91,7 @@ ** issue a NO_SECKEY xxxx if a -u key was not found. -* When switching to libgcrypt 1.3 +* When switching to libgcrypt 1.4 ** scd#encode_md_for_card, g10#encode_md_value, sm at do_encode_md Remove the extra test for a valid algorithm as libgcrypt will do it then in gcry_md_algo_info. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/common/ChangeLog 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,3 +1,9 @@ +2007-12-11 Werner Koch + + * asshelp.c (send_pinentry_environment): Allow using of old + gpg-agents not capabale of the xauthority and pinentry_user_data + options. + 2007-12-04 Werner Koch * Makefile.am (t_helpfile_LDADD, module_maint_tests): New. Modified: trunk/common/asshelp.c =================================================================== --- trunk/common/asshelp.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/common/asshelp.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -172,6 +172,8 @@ { err = send_one_option (ctx, errsource, "xauthority", opt_xauthority ? opt_xauthority : dft_xauthority); + if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION) + err = 0; if (err) return err; } @@ -183,6 +185,8 @@ err = send_one_option (ctx, errsource, "pinentry-user-data", opt_pinentry_user_data ? opt_pinentry_user_data : dft_pinentry_user_data); + if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION) + err = 0; if (err) return err; } Modified: trunk/common/audit.c =================================================================== --- trunk/common/audit.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/common/audit.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -449,9 +449,9 @@ if (ctx->use_html && format && oktext) { - if (!strcmp (oktext, "OK") || !strcmp (oktext, "Yes")) + if (!strcmp (oktext, "Yes")) color = "green"; - else if (!strcmp (oktext, "FAIL") || !strcmp (oktext, "No")) + else if (!strcmp (oktext, "No")) color = "red"; } @@ -648,68 +648,179 @@ } +/* List the given certificiate. If CERT is NULL, this is a NOP. */ +static void +list_cert (audit_ctx_t ctx, ksba_cert_t cert, int with_subj) +{ + char *name; + int idx; + + name = get_cert_name (cert); + writeout_rem (ctx, "%s", name); + xfree (name); + if (with_subj) + { + enter_li (ctx); + for (idx=0; (name = get_cert_subject (cert, idx)); idx++) + { + writeout_rem (ctx, "%s", name); + xfree (name); + } + leave_li (ctx); + } +} + + /* List the chain of certificates from STARTITEM up to STOPEVENT. The certifcates are written out as comments. */ static void list_certchain (audit_ctx_t ctx, log_item_t startitem, audit_event_t stopevent) { log_item_t item; - char *name; - int idx; startitem = find_next_log_item (ctx, startitem, AUDIT_CHAIN_BEGIN,stopevent); + writeout_li (ctx, startitem? "Yes":"No", _("Certificate chain available")); if (!startitem) - { - writeout_li (ctx, gpg_strerror (GPG_ERR_MISSING_CERT) - , _("Certificate chain")); - return; - } - writeout_li (ctx, "OK", _("Certificate chain")); + return; + item = find_next_log_item (ctx, startitem, AUDIT_CHAIN_ROOTCERT, AUDIT_CHAIN_END); if (!item) writeout_rem (ctx, "%s", _("root certificate missing")); else { - name = get_cert_name (item->cert); - writeout_rem (ctx, "%s", name); - xfree (name); + list_cert (ctx, item->cert, 0); } item = startitem; while ( ((item = find_next_log_item (ctx, item, AUDIT_CHAIN_CERT, AUDIT_CHAIN_END)))) { - name = get_cert_name (item->cert); - writeout_rem (ctx, "%s", name); - xfree (name); - enter_li (ctx); - for (idx=0; (name = get_cert_subject (item->cert, idx)); idx++) + list_cert (ctx, item->cert, 1); + } +} + + + +/* Process an encrypt operation's log. */ +static void +proc_type_encrypt (audit_ctx_t ctx) +{ + log_item_t loopitem, item; + int recp_no, idx; + char numbuf[35]; + int algo; + char *name; + + item = find_log_item (ctx, AUDIT_ENCRYPTION_DONE, 0); + writeout_li (ctx, item?"Yes":"No", "%s", _("Data encryption succeeded")); + + enter_li (ctx); + + item = find_log_item (ctx, AUDIT_GOT_DATA, 0); + writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); + + item = find_log_item (ctx, AUDIT_SESSION_KEY, 0); + writeout_li (ctx, item? "Yes":"No", "%s", _("Session key created")); + if (item) + { + algo = gcry_cipher_map_name (item->string); + if (algo) + writeout_rem (ctx, _("algorithm: %s"), gcry_cipher_algo_name (algo)); + else if (item->string && !strcmp (item->string, "1.2.840.113549.3.2")) + writeout_rem (ctx, _("unsupported algorithm: %s"), "RC2"); + else if (item->string) + writeout_rem (ctx, _("unsupported algorithm: %s"), item->string); + else + writeout_rem (ctx, _("seems to be not encrypted")); + } + + item = find_log_item (ctx, AUDIT_GOT_RECIPIENTS, 0); + snprintf (numbuf, sizeof numbuf, "%d", + item && item->have_intvalue? item->intvalue : 0); + writeout_li (ctx, numbuf, "%s", _("Number of recipients")); + + /* Loop over all recipients. */ + loopitem = NULL; + recp_no = 0; + while ((loopitem=find_next_log_item (ctx, loopitem, AUDIT_ENCRYPTED_TO, 0))) + { + recp_no++; + writeout_li (ctx, NULL, _("Recipient %d"), recp_no); + if (loopitem->cert) { + name = get_cert_name (loopitem->cert); writeout_rem (ctx, "%s", name); xfree (name); + enter_li (ctx); + for (idx=0; (name = get_cert_subject (loopitem->cert, idx)); idx++) + { + writeout_rem (ctx, "%s", name); + xfree (name); + } + leave_li (ctx); } - leave_li (ctx); } + + leave_li (ctx); } -/* Process a verification operation. */ +/* Process a sign operation's log. */ static void +proc_type_sign (audit_ctx_t ctx) +{ + log_item_t item; + + item = NULL; + writeout_li (ctx, item?"Yes":"No", "%s", _("Data signing succeeded")); + + enter_li (ctx); + + item = find_log_item (ctx, AUDIT_GOT_DATA, 0); + writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); + + + leave_li (ctx); +} + + + +/* Process a decrypt operation's log. */ +static void +proc_type_decrypt (audit_ctx_t ctx) +{ + log_item_t item; + + item = NULL; + writeout_li (ctx, item?"Yes":"No", "%s", _("Data decryption succeeded")); + + enter_li (ctx); + + item = find_log_item (ctx, AUDIT_GOT_DATA, 0); + writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); + + + leave_li (ctx); +} + + + +/* Process a verification operation's log. */ +static void proc_type_verify (audit_ctx_t ctx) { log_item_t loopitem, item; int signo, count, idx; char numbuf[35]; + /* If there is at least one signature status we claim that the + verifciation succeeded. This does not mean that the data has + verified okay. */ + item = find_log_item (ctx, AUDIT_SIG_STATUS, 0); + writeout_li (ctx, item?"Yes":"No", "%s", _("Data verification succeeded")); enter_li (ctx); - - writeout_li (ctx, "fixme", "%s", _("Signature verification")); - enter_li (ctx); - writeout_li (ctx, "fixme", "%s", _("Gpg-Agent ready")); - writeout_li (ctx, "fixme", "%s", _("Dirmngr ready")); - item = find_log_item (ctx, AUDIT_GOT_DATA, AUDIT_NEW_SIG); writeout_li (ctx, item? "Yes":"No", "%s", _("Data available")); if (!item) @@ -721,19 +832,14 @@ goto leave; item = find_log_item (ctx, AUDIT_DATA_HASH_ALGO, AUDIT_NEW_SIG); - if (item) - writeout_li (ctx, "OK", "%s", _("Parsing signature")); - else + writeout_li (ctx, item?"Yes":"No", "%s", _("Parsing signature succeeded")); + if (!item) { item = find_log_item (ctx, AUDIT_BAD_DATA_HASH_ALGO, AUDIT_NEW_SIG); if (item) - { - writeout_li (ctx,"FAIL", "%s", _("Parsing signature")); - writeout_rem (ctx, _("Bad hash algorithm: %s"), - item->string? item->string:"?"); - } - else - writeout_li (ctx, "FAIL", "%s", _("Parsing signature") ); + writeout_rem (ctx, _("Bad hash algorithm: %s"), + item->string? item->string:"?"); + goto leave; } @@ -761,19 +867,30 @@ AUDIT_CHAIN_STATUS, AUDIT_NEW_SIG); if (item && item->have_err) { - writeout_li (ctx, item->err? "FAIL":"OK", - _("Validation of certificate chain")); + writeout_li (ctx, item->err? "No":"Yes", + _("Certificate chain valid")); if (item->err) writeout_rem (ctx, "%s", gpg_strerror (item->err)); } /* Show whether the root certificate is fine. */ - writeout_li (ctx, "No", "%s", _("Root certificate trustworthy")); - add_helptag (ctx, "gpgsm.root-cert-not-trusted"); + item = find_next_log_item (ctx, loopitem, + AUDIT_ROOT_TRUSTED, AUDIT_CHAIN_STATUS); + if (item) + { + writeout_li (ctx, item->err?"No":"Yes", "%s", + _("Root certificate trustworthy")); + if (item->err) + { + add_helptag (ctx, "gpgsm.root-cert-not-trusted"); + writeout_rem (ctx, "%s", gpg_strerror (item->err)); + list_cert (ctx, item->cert, 0); + } + } /* Show result of the CRL/OCSP check. */ writeout_li (ctx, "-", "%s", _("CRL/OCSP check of certificates")); - add_helptag (ctx, "gpgsm.ocsp-problem"); + /* add_helptag (ctx, "gpgsm.ocsp-problem"); */ leave_li (ctx); @@ -805,9 +922,7 @@ } leave_li (ctx); } - leave_li (ctx); - leave_li (ctx); } @@ -818,16 +933,24 @@ audit_print_result (audit_ctx_t ctx, estream_t out, int use_html) { int idx; - int maxlen; size_t n; + log_item_t item; helptag_t helptag; - - if (getenv ("use_html")) - use_html = 1; - + const char *s; + int show_raw = 0; + if (!ctx) return; + /* We use an environment variable to include some debug info in the + log. */ + if ((s = getenv ("gnupg_debug_audit"))) + { + show_raw = 1; + if (!strcmp (s, "html")) + use_html = 1; + } + assert (!ctx->outstream); ctx->outstream = out; ctx->use_html = use_html; @@ -843,51 +966,87 @@ goto leave; } - for (idx=0,maxlen=0; idx < DIM (eventstr_msgidx); idx++) + if (show_raw) { - n = strlen (eventstr_msgstr + eventstr_msgidx[idx]); - if (n > maxlen) - maxlen = n; - } + int maxlen; - if (use_html) - es_fputs ("
\n", out);
-  for (idx=0; idx < ctx->logused; idx++)
-    {
-      es_fprintf (out, "log: %-*s", 
-                  maxlen, event2str (ctx->log[idx].event));
-      if (ctx->log[idx].have_intvalue)
-        es_fprintf (out, " i=%d", ctx->log[idx].intvalue); 
-      if (ctx->log[idx].string)
+      for (idx=0,maxlen=0; idx < DIM (eventstr_msgidx); idx++)
         {
-          es_fputs (" s=`", out); 
-          writeout (ctx, ctx->log[idx].string); 
-          es_fputs ("'", out); 
+          n = strlen (eventstr_msgstr + eventstr_msgidx[idx]);    
+          if (n > maxlen)
+            maxlen = n;
         }
-      if (ctx->log[idx].cert)
-        es_fprintf (out, " has_cert"); 
-      if (ctx->log[idx].have_err)
+      
+      if (use_html)
+        es_fputs ("
\n", out);
+      for (idx=0; idx < ctx->logused; idx++)
         {
-          es_fputs (" err=`", out);
-          writeout (ctx, gpg_strerror (ctx->log[idx].err)); 
-          es_fputs ("'", out);
+          es_fprintf (out, "log: %-*s", 
+                      maxlen, event2str (ctx->log[idx].event));
+          if (ctx->log[idx].have_intvalue)
+            es_fprintf (out, " i=%d", ctx->log[idx].intvalue); 
+          if (ctx->log[idx].string)
+            {
+              es_fputs (" s=`", out); 
+              writeout (ctx, ctx->log[idx].string); 
+              es_fputs ("'", out); 
+            }
+          if (ctx->log[idx].cert)
+            es_fprintf (out, " has_cert"); 
+          if (ctx->log[idx].have_err)
+            {
+              es_fputs (" err=`", out);
+              writeout (ctx, gpg_strerror (ctx->log[idx].err)); 
+              es_fputs ("'", out);
+            }
+          es_fputs ("\n", out);
         }
-      es_fputs ("\n", out);
+      if (use_html)
+        es_fputs ("
\n", out); + else + es_fputs ("\n", out); } - if (use_html) - es_fputs ("
\n", out); - else - es_fputs ("\n", out); + enter_li (ctx); switch (ctx->type) { case AUDIT_TYPE_NONE: - writeout_para (ctx, _("Audit of this operation is not supported.")); + writeout_li (ctx, NULL, _("Unknown operation")); break; + case AUDIT_TYPE_ENCRYPT: + proc_type_encrypt (ctx); + break; + case AUDIT_TYPE_SIGN: + proc_type_sign (ctx); + break; + case AUDIT_TYPE_DECRYPT: + proc_type_decrypt (ctx); + break; case AUDIT_TYPE_VERIFY: proc_type_verify (ctx); break; } + item = find_log_item (ctx, AUDIT_AGENT_READY, 0); + if (item && item->have_err) + { + writeout_li (ctx, item->err? "No":"Yes", "%s", _("Gpg-Agent usable")); + if (item->err) + { + writeout_rem (ctx, "%s", gpg_strerror (item->err)); + add_helptag (ctx, "gnupg.agent-problem"); + } + } + item = find_log_item (ctx, AUDIT_DIRMNGR_READY, 0); + if (item && item->have_err) + { + writeout_li (ctx, item->err? "No":"Yes", "%s", _("Dirmngr usable")); + if (item->err) + { + writeout_rem (ctx, "%s", gpg_strerror (item->err)); + add_helptag (ctx, "gnupg.dirmngr-problem"); + } + } + leave_li (ctx); /* Show the help from the collected help tags. */ Modified: trunk/common/audit.h =================================================================== --- trunk/common/audit.h 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/common/audit.h 2007-12-12 10:28:30 UTC (rev 4650) @@ -31,6 +31,9 @@ typedef enum { AUDIT_TYPE_NONE = 0, /* No type set. */ + AUDIT_TYPE_ENCRYPT, /* Data encryption. */ + AUDIT_TYPE_SIGN, /* Signature creation. */ + AUDIT_TYPE_DECRYPT, /* Data decryption. */ AUDIT_TYPE_VERIFY /* Signature verification. */ } audit_type_t; @@ -49,6 +52,16 @@ now. This indicates that all parameters are okay and we can start to process the actual data. */ + AUDIT_AGENT_READY, /* err */ + /* Indicates whether the gpg-agent is available. For some + operations the agent is not required and thus no such event + will be logged. */ + + AUDIT_DIRMNGR_READY, /* err */ + /* Indicates whether the Dirmngr is available. For some + operations the Dirmngr is not required and thus no such event + will be logged. */ + AUDIT_GOT_DATA, /* Data to be processed has been seen. */ @@ -122,7 +135,29 @@ AUDIT_CHAIN_STATUS, /* err */ /* Tells the final status of the chain validation. */ + AUDIT_ROOT_TRUSTED, /* cert, err */ + /* Tells whether the root certificate is trusted. This event is + emmited durcing chain validation. */ + AUDIT_GOT_RECIPIENTS, /* int */ + /* Records the number of recipients to be used for encryption. + This includes the recipients set by --encrypt-to but records 0 + if no real recipient has been given. */ + + AUDIT_SESSION_KEY, /* string */ + /* Mark the creation or availibility of the session key. The + parameter is the algorithm ID. */ + + AUDIT_ENCRYPTED_TO, /* cert, err */ + /* Records the certificate used for encryption and whether the + session key could be encrypted to it (err==0). */ + + AUDIT_ENCRYPTION_DONE, + /* Encryption succeeded. */ + + + + AUDIT_LAST_EVENT /* Marker for parsing this list. */ } audit_event_t; Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/configure.ac 2007-12-12 10:28:30 UTC (rev 4650) @@ -73,6 +73,7 @@ use_bzip2=yes use_exec=yes disable_keyserver_path=no +use_camellia=no GNUPG_BUILD_PROGRAM(gpg, yes) @@ -172,7 +173,22 @@ use_bzip2=$enableval) AC_MSG_RESULT($use_bzip2) +# Check whether testing support for Camellia has been requested +AC_MSG_CHECKING([whether to enable the CAMELLIA cipher for gpg]) +AC_ARG_ENABLE(camellia, + AC_HELP_STRING([--enable-camellia],[enable the CAMELLIA cipher for gpg]), + use_camellia=$enableval) +AC_MSG_RESULT($use_camellia) +if test x"$use_camellia" = xyes ; then + AC_DEFINE(USE_CAMELLIA,1,[Define to include the CAMELLIA cipher into gpg]) + AC_MSG_WARN([[ +*** +*** The Camellia cipher for gpg is for testing only and +*** is NOT for production use! +***]]) +fi + # Configure option to allow or disallow execution of external # programs, like a photo viewer. AC_MSG_CHECKING([whether to enable external program execution]) @@ -1417,4 +1433,10 @@ gpg-check-pattern will not be build. " fi +if test x"$use_camellia" = xyes ; then + echo + echo "WARNING: The Camellia cipher for gpg is for testing only" + echo " and is NOT for production use!" + echo +fi Modified: trunk/doc/help.de.txt =================================================================== --- trunk/doc/help.de.txt 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/doc/help.de.txt 2007-12-12 10:28:30 UTC (rev 4650) @@ -272,6 +272,6 @@ # Local variables: -# mode: fundamental +# mode: default-generic # coding: utf-8 # End: Modified: trunk/doc/help.txt =================================================================== --- trunk/doc/help.txt 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/doc/help.txt 2007-12-12 10:28:30 UTC (rev 4650) @@ -52,6 +52,44 @@ . +.gnupg.agent-problem +# There was a problem accessing or starting the agent. +It was either not possible to connect to a running Gpg-Agent or a +communication problem with a running agent occurred. + +The system uses a background process, called Gpg-Agent, for processing +private keys and to ask for passphrases. The agent is usually started +when the user logs in and runs as long the user is logged in. In case +that no agent is available, the system tries to start one on the fly +but that version of the agent is somewhat limited in functionality and +thus may lead to little problems. + +You probably need to ask your administrator on how to solve the +problem. As a workaround you might try to log out and in to your +session and see whether this helps. If this helps please tell the +administrator anyway because this indicates a bug in the software. +. + + +.gnupg.dirmngr-problem +# There was a problen accessing the dirmngr. +It was either not possible to connect to a running Dirmngr or a +communication problem with a running Dirmngr occurred. + +To lookup certificate revocation lists (CRLs), performing OCSP +validation and to lookup keys through LDAP servers, the system uses an +external service program named Dirmngr. The Dirmngr is usually running +as a system service (daemon) and does not need any attention by the +user. In case of problems the system might start its own copy of the +Dirmngr on a per request base; this is a workaround and yields limited +performance. + +If you encounter this problem, you should ask your system +administrator how to proceed. As an interim solution you may try to +disable CRL checking in gpgsm's configuration. +. + + .gpg.edit_ownertrust.value # The help identies prefixed with "gpg." used to be hard coded in gpg # but may now be overridden by help texts from this file. @@ -312,6 +350,6 @@ # Local variables: -# mode: fundamental +# mode: default-generic # coding: utf-8 # End: Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/ChangeLog 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,6 +1,30 @@ +2007-12-12 Werner Koch + + * misc.c (map_cipher_openpgp_to_gcry): New. Used to map Camellia + algorithms to Gcrypt. + (openpgp_cipher_test_algo): Call new map function. Replace + all remaining calls to gcry_cipher_test_algo by a call to this. + (openpgp_cipher_algo_name): New. Replace all remaining calls to + gcry_cipher_algo_name by a call to this. + (map_cipher_gcry_to_openpgp): New. + (string_to_cipher_algo): Use it. + * gpg.c (main): Print a warning if Camellia support is build in. + + * gpg.c (print_algo_names): New. From the 1.4 branch by David. + (list_config): Use it here for the "ciphername" and "digestname" + config items so we can get a script-parseable list of the names. + + * parse-packet.c (parse_onepass_sig): Sigclass is hex, so include + the 0x. + + * sign.c (match_dsa_hash): Remove conditional builds dending on + USE_SHAxxx. We don't need this becuase it can be expected that + libgcrypt provides it. However we need to runtime test for SHA244 + becuase that is only available with libgcrypt 2.4. + 2007-12-11 Werner Koch - * mainproc.c (proc_pubkey_enc): Allo type 20 Elgamal key for + * mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for decryption. 2007-12-10 Werner Koch Modified: trunk/g10/encode.c =================================================================== --- trunk/g10/encode.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/encode.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -244,7 +244,7 @@ if(opt.verbose) log_info(_("using cipher %s\n"), - gcry_cipher_algo_name (cfx.dek->algo)); + openpgp_cipher_algo_name (cfx.dek->algo)); cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo); } @@ -558,7 +558,7 @@ opt.def_cipher_algo,NULL)!=opt.def_cipher_algo) log_info(_("WARNING: forcing symmetric cipher %s (%d)" " violates recipient preferences\n"), - gcry_cipher_algo_name (opt.def_cipher_algo), + openpgp_cipher_algo_name (opt.def_cipher_algo), opt.def_cipher_algo); cfx.dek->algo = opt.def_cipher_algo; @@ -750,7 +750,7 @@ NULL)!=opt.def_cipher_algo) log_info(_("forcing symmetric cipher %s (%d) " "violates recipient preferences\n"), - gcry_cipher_algo_name (opt.def_cipher_algo), + openpgp_cipher_algo_name (opt.def_cipher_algo), opt.def_cipher_algo); efx->cfx.dek->algo = opt.def_cipher_algo; @@ -847,7 +847,7 @@ char *ustr = get_user_id_string_native (enc->keyid); log_info(_("%s/%s encrypted for: \"%s\"\n"), gcry_pk_algo_name (enc->pubkey_algo), - gcry_cipher_algo_name (dek->algo), + openpgp_cipher_algo_name (dek->algo), ustr ); xfree(ustr); } Modified: trunk/g10/encr-data.c =================================================================== --- trunk/g10/encr-data.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/encr-data.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -88,8 +88,9 @@ if ( opt.verbose && !dek->algo_info_printed ) { - if (!gcry_cipher_test_algo (dek->algo)) - log_info (_("%s encrypted data\n"), gcry_cipher_algo_name (dek->algo)); + if (!openpgp_cipher_test_algo (dek->algo)) + log_info (_("%s encrypted data\n"), + openpgp_cipher_algo_name (dek->algo)); else log_info (_("encrypted with unknown algorithm %d\n"), dek->algo ); dek->algo_info_printed = 1; Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/gpg.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -791,7 +791,7 @@ case 35: if( !ciphers ) ciphers = build_list(_("Cipher: "), 'S', - gcry_cipher_algo_name, + openpgp_cipher_algo_name, openpgp_cipher_test_algo ); p = ciphers; break; @@ -1384,6 +1384,24 @@ } +static void +print_algo_names(int (*checker)(int),const char *(*mapper)(int)) +{ + int i,first=1; + + for(i=0;i<=110;i++) + { + if(!checker(i)) + { + if(first) + first=0; + else + printf(";"); + printf("%s",mapper(i)); + } + } +} + /* In the future, we can do all sorts of interesting configuration output here. For now, just give "group" as the Enigmail folks need it, and pubkey, cipher, hash, and compress as they may be useful @@ -1450,6 +1468,14 @@ any=1; } + if (show_all || !ascii_strcasecmp (name,"ciphername")) + { + printf ("cfg:ciphername:"); + print_algo_names (openpgp_cipher_test_algo,openpgp_cipher_algo_name); + printf ("\n"); + any = 1; + } + if(show_all || ascii_strcasecmp(name,"digest")==0 || ascii_strcasecmp(name,"hash")==0) @@ -1460,6 +1486,16 @@ any=1; } + if (show_all + || !ascii_strcasecmp(name,"digestname") + || !ascii_strcasecmp(name,"hashname")) + { + printf ("cfg:digestname:"); + print_algo_names (openpgp_md_test_algo, gcry_md_algo_name); + printf("\n"); + any=1; + } + if(show_all || ascii_strcasecmp(name,"compress")==0) { printf("cfg:compress:"); @@ -2864,6 +2900,15 @@ log_set_prefix (NULL, 1|2|4); } +#ifdef USE_CAMELLIA + /* We better also print a runtime warning if people build it with + support for Camellia (which is not yet defined by OpenPGP). */ + log_info ("WARNING: This version has been built with support for the " + "Camellia cipher.\n"); + log_info (" It is for testing only and is NOT for production " + "use!\n"); +#endif + if (opt.verbose > 2) log_info ("using character set `%s'\n", get_native_charset ()); @@ -3129,7 +3174,7 @@ if(opt.def_cipher_algo && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL)) { - badalg = gcry_cipher_algo_name (opt.def_cipher_algo); + badalg = openpgp_cipher_algo_name (opt.def_cipher_algo); badtype = PREFTYPE_SYM; } else if(opt.def_digest_algo Modified: trunk/g10/import.c =================================================================== --- trunk/g10/import.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/import.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -602,9 +602,9 @@ if (openpgp_cipher_test_algo (prefs->value)) { const char *algo = - (gcry_cipher_test_algo (prefs->value) + (openpgp_cipher_test_algo (prefs->value) ? num - : gcry_cipher_algo_name (prefs->value)); + : openpgp_cipher_algo_name (prefs->value)); if(!problem) check_prefs_warning(pk); log_info(_(" \"%s\": preference for cipher" Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/keyedit.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -2325,9 +2325,10 @@ tty_printf (", "); any = 1; /* We don't want to display strings for experimental algos */ - if (!gcry_cipher_test_algo (prefs[i].value) + if (!openpgp_cipher_test_algo (prefs[i].value) && prefs[i].value < 100 ) - tty_printf ("%s", gcry_cipher_algo_name (prefs[i].value)); + tty_printf ("%s", + openpgp_cipher_algo_name (prefs[i].value)); else tty_printf ("[%d]", prefs[i].value); if (prefs[i].value == CIPHER_ALGO_3DES ) @@ -2337,7 +2338,7 @@ if (!des_seen) { if (any) tty_printf (", "); - tty_printf ("%s", gcry_cipher_algo_name (CIPHER_ALGO_3DES)); + tty_printf ("%s", openpgp_cipher_algo_name (CIPHER_ALGO_3DES)); } tty_printf ("\n "); tty_printf (_("Digest: ")); Modified: trunk/g10/main.h =================================================================== --- trunk/g10/main.h 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/main.h 2007-12-12 10:28:30 UTC (rev 4650) @@ -83,6 +83,7 @@ u32 buffer_to_u32( const byte *buffer ); const byte *get_session_marker( size_t *rlen ); int openpgp_cipher_test_algo( int algo ); +const char *openpgp_cipher_algo_name (int algo); int openpgp_pk_test_algo( int algo ); int openpgp_pk_test_algo2 ( int algo, unsigned int use ); int openpgp_pk_algo_usage ( int algo ); Modified: trunk/g10/mainproc.c =================================================================== --- trunk/g10/mainproc.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/mainproc.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -274,9 +274,9 @@ else if(!c->dek) { int algo = enc->cipher_algo; - const char *s = gcry_cipher_algo_name (algo); + const char *s = openpgp_cipher_algo_name (algo); - if (!gcry_cipher_test_algo (algo)) + if (!openpgp_cipher_test_algo (algo)) { if(!opt.quiet) { @@ -524,8 +524,8 @@ algo = opt.def_cipher_algo; if ( algo ) log_info (_("assuming %s encrypted data\n"), - gcry_cipher_algo_name (algo)); - else if ( gcry_cipher_test_algo (CIPHER_ALGO_IDEA) ) + openpgp_cipher_algo_name (algo)); + else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) ) { algo = opt.def_cipher_algo; if (!algo) @@ -533,7 +533,7 @@ idea_cipher_warn(1); log_info (_("IDEA cipher unavailable, " "optimistically attempting to use %s instead\n"), - gcry_cipher_algo_name (algo)); + openpgp_cipher_algo_name (algo)); } else { Modified: trunk/g10/misc.c =================================================================== --- trunk/g10/misc.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/misc.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -301,7 +301,7 @@ { warn=1; log_info (_("WARNING: using experimental cipher algorithm %s\n"), - gcry_cipher_algo_name (algo)); + openpgp_cipher_algo_name (algo)); } } } @@ -324,6 +324,33 @@ gcry_md_algo_name (algo)); } + +/* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do + this for algorithms we implemented in Libgcrypt after they become + part of OpenPGP. */ +static int +map_cipher_openpgp_to_gcry (int algo) +{ + switch (algo) + { + case CIPHER_ALGO_CAMELLIA128: return 310; + case CIPHER_ALGO_CAMELLIA256: return 312; + default: return algo; + } +} + +/* The inverse fucntion of above. */ +static int +map_cipher_gcry_to_openpgp (int algo) +{ + switch (algo) + { + case 310: return CIPHER_ALGO_CAMELLIA128; + case 312: return CIPHER_ALGO_CAMELLIA256; + default: return algo; + } +} + /**************** * Wrapper around the libgcrypt function with additonal checks on * the OpenPGP contraints for the algo ID. @@ -331,12 +358,32 @@ int openpgp_cipher_test_algo( int algo ) { - /* 5 and 6 are marked reserved by rfc2440bis. */ + /* (5 and 6 are marked reserved by rfc4880.) */ if ( algo < 0 || algo > 110 || algo == 5 || algo == 6 ) return gpg_error (GPG_ERR_CIPHER_ALGO); - return gcry_cipher_test_algo (algo); + + /* Camellia is not yet defined for OpenPGP thus only allow it if + requested. */ +#ifndef USE_CAMELLIA + if (algo == CIPHER_ALGO_CAMELLIA128 + || algo == CIPHER_ALGO_CAMELLIA256) + return gpg_error (GPG_ERR_CIPHER_ALGO); +#endif + + return gcry_cipher_test_algo (map_cipher_openpgp_to_gcry (algo)); } +/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a + string representation of the algorithm name. For unknown algorithm + IDs this function returns "?". */ +const char * +openpgp_cipher_algo_name (int algo) +{ + return gcry_cipher_algo_name (map_cipher_openpgp_to_gcry (algo)); +} + + + int openpgp_pk_test_algo( int algo ) { @@ -690,7 +737,7 @@ { int val; - val = gcry_cipher_map_name (string); + val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string)); if (!val && string && (string[0]=='S' || string[0]=='s')) { char *endptr; Modified: trunk/g10/parse-packet.c =================================================================== --- trunk/g10/parse-packet.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/parse-packet.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -1588,8 +1588,10 @@ ops->keyid[1] = read_32(inp); pktlen -= 4; ops->last = iobuf_get_noeof(inp); pktlen--; if( list_mode ) - fprintf (listfp, ":onepass_sig packet: keyid %08lX%08lX\n" - "\tversion %d, sigclass %02x, digest %d, pubkey %d, last=%d\n", + fprintf (listfp, + ":onepass_sig packet: keyid %08lX%08lX\n" + "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, " + "last=%d\n", (ulong)ops->keyid[0], (ulong)ops->keyid[1], version, ops->sig_class, ops->digest_algo, ops->pubkey_algo, ops->last ); Modified: trunk/g10/pubkey-enc.c =================================================================== --- trunk/g10/pubkey-enc.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/pubkey-enc.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -282,7 +282,7 @@ && !opt.quiet && !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo )) log_info (_("WARNING: cipher algorithm %s not found in recipient" - " preferences\n"), gcry_cipher_algo_name (dek->algo)); + " preferences\n"), openpgp_cipher_algo_name (dek->algo)); if (!rc) { KBNODE k; Modified: trunk/g10/sign.c =================================================================== --- trunk/g10/sign.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/g10/sign.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -345,22 +345,24 @@ { if (qbytes <= 20) return DIGEST_ALGO_SHA1; -#ifdef USE_SHA256 - if (qbytes <= 28) + + /* SHA244 is only available with libgcrypt 1.4 - thus do a runtime + test. */ + if (qbytes <= 28 && !gcry_md_test_algo (DIGEST_ALGO_SHA224)) return DIGEST_ALGO_SHA224; + if (qbytes <= 32) return DIGEST_ALGO_SHA256; -#endif -#ifdef USE_SHA512 if (qbytes <= 48) return DIGEST_ALGO_SHA384; + if (qbytes <= 64) return DIGEST_ALGO_SHA512; -#endif + return DEFAULT_DIGEST_ALGO; /* DEFAULT_DIGEST_ALGO will certainly fail, but it's the best wrong - answer we have if the larger SHAs aren't there. */ + answer we have if a digest larger than 512 bits is requested. */ } @@ -1258,7 +1260,7 @@ algo = default_cipher_algo(); if (!opt.quiet || !opt.batch) log_info (_("%s encryption will be used\n"), - gcry_cipher_algo_name (algo) ); + openpgp_cipher_algo_name (algo) ); cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL, &canceled); if (!cfx.dek || !cfx.dek->keylen) { Modified: trunk/include/ChangeLog =================================================================== --- trunk/include/ChangeLog 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/include/ChangeLog 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,3 +1,7 @@ +2007-12-12 Werner Koch + + * cipher.h (CIPHER_ALGO_CAMELLIA128, CIPHER_ALGO_CAMELLIA256): New. + 2006-09-20 Werner Koch * errors.h, http.h, memory.h, mpi.h, util.h, i18n.h: Removed. Modified: trunk/include/cipher.h =================================================================== --- trunk/include/cipher.h 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/include/cipher.h 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,5 +1,6 @@ /* cipher.h - Definitions for OpenPGP - * Copyright (C) 1998, 1999, 2000, 2001, 2006 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -44,6 +45,9 @@ #define CIPHER_ALGO_RIJNDAEL192 CIPHER_ALGO_AES192 #define CIPHER_ALGO_RIJNDAEL256 CIPHER_ALGO_AES256 #define CIPHER_ALGO_TWOFISH /* 10 */ GCRY_CIPHER_TWOFISH /* 256 bit */ +/* Note: Camellia ids don't match those used by libgcrypt. */ +#define CIPHER_ALGO_CAMELLIA128 11 +#define CIPHER_ALGO_CAMELLIA256 12 #define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */ #define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA @@ -66,8 +70,8 @@ #define DIGEST_ALGO_SHA256 /* 8 */ GCRY_MD_SHA256 #define DIGEST_ALGO_SHA384 /* 9 */ GCRY_MD_SHA384 #define DIGEST_ALGO_SHA512 /* 10 */ GCRY_MD_SHA512 -/* SHA224 is as of now only defined in the libgcrypt SVN; thus we - can't use that macro. */ +/* SHA224 is only available in libgcrypt 1.4.0; thus we + can't use the GCRY macro here. */ #define DIGEST_ALGO_SHA224 /* 11 */ 11 /* GCRY_MD_SHA224 */ #define COMPRESS_ALGO_NONE 0 Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/scd/ChangeLog 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,6 +1,6 @@ 2007-12-10 Werner Koch - * app-openpgp.c (do_decipher): Take care of cryptograms shiorther + * app-openpgp.c (do_decipher): Take care of cryptograms shorter that 128 bytes. Fixes bug#851. 2007-11-14 Werner Koch Modified: trunk/scd/app-openpgp.c =================================================================== --- trunk/scd/app-openpgp.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/scd/app-openpgp.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -2461,7 +2461,7 @@ /* We might encounter a couple of leading zeroes in the cryptogram. Due to internal use of MPIs thease leading - zeroes are stripped. However the OpenPGp card expects + zeroes are stripped. However the OpenPGP card expects exactly 128 bytes for the cryptogram (for a 1k key). Thus we need to fix it up. We do this for up to 16 leading zero bytes; a cryptogram with more than this is with a very high Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/sm/ChangeLog 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,3 +1,20 @@ +2007-12-11 Werner Koch + + * certchain.c (do_validate_chain): Log AUDIT_ROOT_TRUSTED. + + * server.c (cmd_sign, cmd_decrypt, cmd_encrypt): Start audit log. + (cmd_recipient): Start audit session. + + * gpgsm.c (main): Revamp creation of the audit log. + + * gpgsm.h (struct server_control_s): Add AGENT_SEEN and DIRMNGR_SEEN. + * call-agent.c (start_agent): Record an audit event. + * call-dirmngr.c (start_dirmngr): Ditto. Add new arg CTRL and pass + it from all callers. + (prepare_dirmngr): New helper for start_dirmngr. + + * encrypt.c (gpgsm_encrypt): Add calls to audit_log. + 2007-12-03 Werner Koch * gpgsm.c (main): All gnupg_reopen_std. Modified: trunk/sm/call-agent.c =================================================================== --- trunk/sm/call-agent.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/sm/call-agent.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,5 +1,6 @@ /* call-agent.c - divert operations to the agent - * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2003, 2005, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -69,13 +70,14 @@ static int start_agent (ctrl_t ctrl) { + int rc; + if (agent_ctx) - return 0; /* fixme: We need a context for each thread or serialize - the access to the agent (which is suitable given that - the agent is not MT. */ - - - return start_new_gpg_agent (&agent_ctx, + rc = 0; /* fixme: We need a context for each thread or + serialize the access to the agent (which is + suitable given that the agent is not MT. */ + else + rc = start_new_gpg_agent (&agent_ctx, GPG_ERR_SOURCE_DEFAULT, opt.homedir, opt.agent_program, @@ -84,7 +86,13 @@ opt.xauthority, opt.pinentry_user_data, opt.verbose, DBG_ASSUAN, gpgsm_status2, ctrl); + if (!ctrl->agent_seen) + { + ctrl->agent_seen = 1; + audit_log_ok (ctrl->audit, AUDIT_AGENT_READY, rc); + } + return rc; } Modified: trunk/sm/call-dirmngr.c =================================================================== --- trunk/sm/call-dirmngr.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/sm/call-dirmngr.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,5 +1,5 @@ /* call-dirmngr.c - communication with the dromngr - * Copyright (C) 2002, 2003, 2005 Free Software Foundation, Inc. + * Copyright (C) 2002, 2003, 2005, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -134,13 +134,32 @@ } +/* This fucntion prepares the dirmngr for a new session. The + audit-events option is used so that other dirmngr clients won't get + disturbed by such events. */ +static void +prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err) +{ + if (!ctrl->dirmngr_seen) + { + ctrl->dirmngr_seen = 1; + if (!err) + { + err = assuan_transact (ctx, "OPTION audit-events=1", + NULL, NULL, NULL, NULL, NULL, NULL); + if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION) + err = 0; /* Allow the use of old dirmngr versions. */ + } + audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); + } +} /* Try to connect to the agent via socket or fork it off and work by pipes. Handle the server's initial greeting */ static int -start_dirmngr (void) +start_dirmngr (ctrl_t ctrl) { int rc; char *infostr, *p; @@ -148,8 +167,11 @@ int try_default = 0; if (dirmngr_ctx) - return 0; /* fixme: We need a context for each thread or serialize - the access to the dirmngr */ + { + prepare_dirmngr (ctrl, dirmngr_ctx, 0); + return 0; /* fixme: We need a context for each thread or serialize + the access to the dirmngr */ + } /* Note: if you change this to multiple connections, you also need to take care of the implicit option sending caching. */ @@ -220,7 +242,7 @@ log_error (_("malformed DIRMNGR_INFO environment variable\n")); xfree (infostr); force_pipe_server = 1; - return start_dirmngr (); + return start_dirmngr (ctrl); } *p++ = 0; pid = atoi (p); @@ -233,7 +255,7 @@ prot); xfree (infostr); force_pipe_server = 1; - return start_dirmngr (); + return start_dirmngr (ctrl); } } else @@ -251,11 +273,13 @@ { log_error (_("can't connect to the dirmngr - trying fall back\n")); force_pipe_server = 1; - return start_dirmngr (); + return start_dirmngr (ctrl); } #endif /*!HAVE_W32_SYSTEM*/ } + prepare_dirmngr (ctrl, ctx, rc); + if (rc) { log_error ("can't connect to the dirmngr: %s\n", gpg_strerror (rc)); @@ -424,7 +448,7 @@ struct isvalid_status_parm_s stparm; - rc = start_dirmngr (); + rc = start_dirmngr (ctrl); if (rc) return rc; @@ -691,7 +715,7 @@ struct lookup_parm_s parm; size_t len; - rc = start_dirmngr (); + rc = start_dirmngr (ctrl); if (rc) return rc; @@ -821,7 +845,7 @@ size_t len; struct run_command_parm_s parm; - rc = start_dirmngr (); + rc = start_dirmngr (ctrl); if (rc) return rc; Modified: trunk/sm/certchain.c =================================================================== --- trunk/sm/certchain.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/sm/certchain.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -1127,6 +1127,8 @@ associated with that specific root certificate. */ istrusted_rc = gpgsm_agent_istrusted (ctrl, subject_cert, rootca_flags); + audit_log_cert (ctrl->audit, AUDIT_ROOT_TRUSTED, + subject_cert, istrusted_rc); /* If the chain model extended attribute is used, make sure that our chain model flag is set. */ if (has_validation_model_chain (subject_cert, listmode, listfp)) Modified: trunk/sm/encrypt.c =================================================================== --- trunk/sm/encrypt.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/sm/encrypt.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -1,5 +1,5 @@ /* encrypt.c - Encrypt a message - * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc. + * Copyright (C) 2001, 2003, 2004, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -318,9 +318,12 @@ int recpno; FILE *data_fp = NULL; certlist_t cl; + int count; memset (&encparm, 0, sizeof encparm); + audit_set_type (ctrl->audit, AUDIT_TYPE_ENCRYPT); + /* Check that the certificate list is not empty and that at least one certificate is not flagged as encrypt_to; i.e. is a real recipient. */ @@ -331,10 +334,15 @@ { log_error(_("no valid recipients given\n")); gpgsm_status (ctrl, STATUS_NO_RECP, "0"); + audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0); rc = gpg_error (GPG_ERR_NO_PUBKEY); goto leave; } + for (count = 0, cl = recplist; cl; cl = cl->next) + count++; + audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count); + kh = keydb_new (0); if (!kh) { @@ -385,6 +393,8 @@ goto leave; } + audit_log (ctrl->audit, AUDIT_GOT_DATA); + /* We are going to create enveloped data with uninterpreted data as inner content */ err = ksba_cms_set_content_type (cms, 0, KSBA_CT_ENVELOPED_DATA); @@ -432,6 +442,8 @@ rc = out_of_core (); goto leave; } + + audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid); /* Gather certificates of recipients, encrypt the session key for each and store them in the CMS object */ @@ -442,6 +454,7 @@ rc = encrypt_dek (dek, cl->cert, &encval); if (rc) { + audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc); log_error ("encryption failed for recipient no. %d: %s\n", recpno, gpg_strerror (rc)); goto leave; @@ -450,6 +463,7 @@ err = ksba_cms_add_recipient (cms, cl->cert); if (err) { + audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err); log_error ("ksba_cms_add_recipient failed: %s\n", gpg_strerror (err)); rc = err; @@ -459,6 +473,7 @@ err = ksba_cms_set_enc_val (cms, recpno, encval); xfree (encval); + audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err); if (err) { log_error ("ksba_cms_set_enc_val failed: %s\n", @@ -466,7 +481,7 @@ rc = err; goto leave; } - } + } /* Main control loop for encryption. */ recpno = 0; @@ -496,6 +511,7 @@ log_error ("write failed: %s\n", gpg_strerror (rc)); goto leave; } + audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE); log_info ("encrypted data created\n"); leave: Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/sm/gpgsm.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -848,6 +848,7 @@ certlist_t signerlist = NULL; int do_not_setup_keys = 0; int recp_required = 0; + estream_t auditfp = NULL; /*mtrace();*/ @@ -1482,6 +1483,26 @@ keydb_add_resource (sl->d, 0, 0, NULL); FREE_STRLIST(nrings); + + /* Prepare the audit log feature for certain commands. */ + if (auditlog) + { + switch (cmd) + { + case aEncr: + case aSign: + case aDecrypt: + case aVerify: + audit_release (ctrl.audit); + ctrl.audit = audit_new (); + auditfp = open_es_fwrite (auditlog); + break; + default: + break; + } + } + + if (!do_not_setup_keys) { for (sl = locusr; sl ; sl = sl->next) @@ -1528,6 +1549,7 @@ fname = argc? *argv : NULL; + /* Dispatch command. */ switch (cmd) { case aGPGConfList: @@ -1650,7 +1672,6 @@ case aVerify: { FILE *fp = NULL; - estream_t auditfp = NULL; set_binary (stdin); if (argc == 2 && opt.outfile) @@ -1658,13 +1679,6 @@ else if (opt.outfile) fp = open_fwrite (opt.outfile); - if (auditlog) - { - audit_release (ctrl.audit); - ctrl.audit = audit_new (); - auditfp = open_es_fwrite (auditlog); - } - if (!argc) gpgsm_verify (&ctrl, 0, -1, fp); /* normal signature from stdin */ else if (argc == 1) @@ -1674,16 +1688,8 @@ else wrong_args ("--verify [signature [detached_data]]"); - if (auditlog) - { - audit_print_result (ctrl.audit, auditfp, 0); - audit_release (ctrl.audit); - ctrl.audit = NULL; - } - if (fp && fp != stdout) fclose (fp); - es_fclose (auditfp); } break; @@ -1846,6 +1852,15 @@ log_error ("invalid command (there is no implicit command)\n"); break; } + + /* Print the audit result if needed. */ + if (auditlog && auditfp) + { + audit_print_result (ctrl.audit, auditfp, 0); + audit_release (ctrl.audit); + ctrl.audit = NULL; + es_fclose (auditfp); + } /* cleanup */ gpgsm_release_certlist (recplist); Modified: trunk/sm/gpgsm.h =================================================================== --- trunk/sm/gpgsm.h 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/sm/gpgsm.h 2007-12-12 10:28:30 UTC (rev 4650) @@ -152,6 +152,10 @@ struct server_local_s *server_local; audit_ctx_t audit; /* NULL or a context for the audit subsystem. */ + int agent_seen; /* Flag indicating that the gpg-agent has been + accessed. */ + int dirmngr_seen; /* Flag indicating that the dirmngr has been + accessed. */ int with_colons; /* Use column delimited output format */ int with_chain; /* Include the certifying certs in a listing */ Modified: trunk/sm/server.c =================================================================== --- trunk/sm/server.c 2007-12-11 17:14:05 UTC (rev 4649) +++ trunk/sm/server.c 2007-12-12 10:28:30 UTC (rev 4650) @@ -366,7 +366,14 @@ ctrl_t ctrl = assuan_get_pointer (ctx); int rc; - rc = gpgsm_add_to_certlist (ctrl, line, 0, &ctrl->server_local->recplist, 0); + if (!ctrl->audit) + rc = start_audit_session (ctrl); + else + rc = 0; + + if (!rc) + rc = gpgsm_add_to_certlist (ctrl, line, 0, + &ctrl->server_local->recplist, 0); if (rc) { gpg_err_code_t r = gpg_err_code (rc); @@ -478,6 +485,8 @@ &ctrl->server_local->recplist, 1); } if (!rc) + rc = ctrl->audit? 0 : start_audit_session (ctrl); + if (!rc) rc = gpgsm_encrypt (assuan_get_pointer (ctx), ctrl->server_local->recplist, inp_fd, out_fp); @@ -492,6 +501,7 @@ return rc; } + /* DECRYPT This performs the decrypt operation after doing some check on the @@ -517,7 +527,10 @@ out_fp = fdopen (dup(out_fd), "w"); if (!out_fp) return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed"); - rc = gpgsm_decrypt (ctrl, inp_fd, out_fp); + + rc = start_audit_session (ctrl); + if (!rc) + rc = gpgsm_decrypt (ctrl, inp_fd, out_fp); fclose (out_fp); /* close and reset the fd */ @@ -600,8 +613,10 @@ if (!out_fp) return set_error (GPG_ERR_ASS_GENERAL, "fdopen() failed"); - rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist, - inp_fd, detached, out_fp); + rc = start_audit_session (ctrl); + if (!rc) + rc = gpgsm_sign (assuan_get_pointer (ctx), ctrl->server_local->signerlist, + inp_fd, detached, out_fp); fclose (out_fp); /* close and reset the fd */ From cvs at cvs.gnupg.org Wed Dec 12 13:48:34 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 12 Dec 2007 13:48:34 +0100 Subject: [svn] dirmngr - r277 - in trunk: . doc/examples Message-ID: Author: wk Date: 2007-12-12 13:48:32 +0100 (Wed, 12 Dec 2007) New Revision: 277 Modified: trunk/ChangeLog trunk/doc/examples/dirmngr.conf Log: Removed editor cruft. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-11-27 13:34:52 UTC (rev 276) +++ trunk/ChangeLog 2007-12-12 12:48:32 UTC (rev 277) @@ -1,3 +1,8 @@ +2007-12-12 Werner Koch + + * doc/examples/dirmngr.conf: Removed cruft from the editor. + Marcus, what's up with your ternminal settings? + 2007-11-27 Marcus Brinkmann * doc/examples/dirmngr.conf: Fix signer file path. Modified: trunk/doc/examples/dirmngr.conf =================================================================== --- trunk/doc/examples/dirmngr.conf 2007-11-27 13:34:52 UTC (rev 276) +++ trunk/doc/examples/dirmngr.conf 2007-12-12 12:48:32 UTC (rev 277) @@ -1,6 +1,6 @@ -B# Sample configuration file for dirmngr +# Sample configuration file for dirmngr -l1;1609;0cog-file /var/log/dirmngr/dirmngr.log +log-file /var/log/dirmngr/dirmngr.log allow-ocsp From cvs at cvs.gnupg.org Wed Dec 12 17:29:39 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 12 Dec 2007 17:29:39 +0100 Subject: [svn] assuan - r279 - in trunk: . doc src Message-ID: Author: wk Date: 2007-12-12 17:29:37 +0100 (Wed, 12 Dec 2007) New Revision: 279 Modified: trunk/AUTHORS trunk/ChangeLog trunk/NEWS trunk/TODO trunk/config.guess trunk/config.sub trunk/configure.ac trunk/doc/ChangeLog trunk/doc/assuan.texi trunk/src/ChangeLog trunk/src/assuan-pipe-connect.c Log: Documentaion updates. Preparing a release. Modified: trunk/AUTHORS =================================================================== --- trunk/AUTHORS 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/AUTHORS 2007-12-12 16:29:37 UTC (rev 279) @@ -2,7 +2,7 @@ Maintainer: Werner Koch Bug reports: gnupg-devel at gnupg.org Security related bug reports: security at gnupg.org -License: LGPLv3+ +License: LGPLv2.1+ Werner Koch Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/ChangeLog 2007-12-12 16:29:37 UTC (rev 279) @@ -1,3 +1,9 @@ +2007-12-12 Werner Koch + + Released 1.0.4. + + * config.sub, config.guess: Update to version 2007-11-19. + 2007-08-24 Werner Koch Released 1.0.3. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/NEWS 2007-12-12 16:29:37 UTC (rev 279) @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.0.4 +Noteworthy changes in version 1.0.4 (2007-12-12) ------------------------------------------------ * New socket wrapper functions to support Unix domain sockets under Modified: trunk/TODO =================================================================== --- trunk/TODO 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/TODO 2007-12-12 16:29:37 UTC (rev 279) @@ -13,4 +13,4 @@ See Peter O'Gorman's mail. * W32 -** Check what kind of fd we use with inbound.fd etc. \ No newline at end of file +** Check what kind of fd we use with inbound.fd etc. Modified: trunk/config.guess =================================================================== --- trunk/config.guess 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/config.guess 2007-12-12 16:29:37 UTC (rev 279) @@ -4,11 +4,11 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, # Inc. -timestamp='2007-05-17' +timestamp='2007-11-19' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -17,7 +17,9 @@ # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see . +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -328,7 +330,7 @@ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; - i86pc:SunOS:5.*:* | ix86xen:SunOS:5.*:*) + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) @@ -791,7 +793,7 @@ exit ;; *:Interix*:[3456]*) case ${UNAME_MACHINE} in - x86) + x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; EM64T | authenticamd) @@ -952,8 +954,8 @@ x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; - xtensa:Linux:*:*) - echo xtensa-unknown-linux-gnu + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so Modified: trunk/config.sub =================================================================== --- trunk/config.sub 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/config.sub 2007-12-12 16:29:37 UTC (rev 279) @@ -4,7 +4,7 @@ # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, # Inc. -timestamp='2007-06-28' +timestamp='2007-11-19' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -12,7 +12,7 @@ # # This file is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, @@ -21,7 +21,9 @@ # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see . +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -367,10 +369,14 @@ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ + | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-*) ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/configure.ac 2007-12-12 16:29:37 UTC (rev 279) @@ -25,7 +25,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.0.4]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/doc/ChangeLog 2007-12-12 16:29:37 UTC (rev 279) @@ -1,3 +1,8 @@ +2007-11-14 Werner Koch + + * assuan.texi (Client code): Describe the new flag bit 7 of the + pipe_server_connect_ext function. + 2007-10-18 Marcus Brinkmann * assuan.texi (Client requests): Document HELP. Modified: trunk/doc/assuan.texi =================================================================== --- trunk/doc/assuan.texi 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/doc/assuan.texi 2007-12-12 16:29:37 UTC (rev 279) @@ -713,13 +713,26 @@ received is @code{0}. Such a fork callback is useful to release additional resources not to be used by the child. - at var{flags} controls how the function acts: With a value of @code{0} -it expects a simple pipe based server and behaves similar to - at code{assuan_pipe_connect}. With a value of @code{1} a sever based on -full-duplex pipes is expected. Such pipes are usually created using -the @code{socketpair} function. It also enables features only -available with such servers. + at noindent + at var{flags} is a bit vector and controls how the function acts: + at table @code + + at item bit 0 (value 1) +If cleared a simple pipe based server is expected and the function +behaves similar to @code{assuan_pipe_connect}. + +If set a server based on full-duplex pipes is expected. Such pipes are +usually created using the @code{socketpair} function. It also enables +features only available with such servers. + + at item bit 7 (value 128) +If set and there is a need to start ther server it will be started as a +background process. This flag is useful under W32 systems, so that no +new console is created and pops up a console window when starting the server + + at end table + @end deftypefun If you are using a long running server listening either on a TCP or a Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/src/ChangeLog 2007-12-12 16:29:37 UTC (rev 279) @@ -4,6 +4,13 @@ value from callback function. Suggested by Ben Kibbey . +2007-11-14 Werner Koch + + * assuan-pipe-connect.c (pipe_connect_unix): Add dummy arg FLAGS. + (pipe_connect_w32): Add arg FLAGS and start process detached if + requested. Changed callers to pass 0. + (assuan_pipe_connect_ext): Pass FLAG. + 2007-11-12 Marcus Brinkmann * assuan-inquire.c (_assuan_inquire_ext_cb): Clear Modified: trunk/src/assuan-pipe-connect.c =================================================================== --- trunk/src/assuan-pipe-connect.c 2007-11-23 17:59:56 UTC (rev 278) +++ trunk/src/assuan-pipe-connect.c 2007-12-12 16:29:37 UTC (rev 279) @@ -1,5 +1,6 @@ /* assuan-pipe-connect.c - Establish a pipe connection (client) - * Copyright (C) 2001, 2002, 2003, 2005, 2006 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002, 2003, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of Assuan. * @@ -181,13 +182,15 @@ const char *name, const char *const argv[], int *fd_child_list, void (*atfork) (void *opaque, int reserved), - void *atforkvalue) + void *atforkvalue, unsigned int flags) { assuan_error_t err; int rp[2]; int wp[2]; char mypidstr[50]; + (void)flags; + if (!ctx || !name || !argv || !argv[0]) return _assuan_error (ASSUAN_Invalid_Value); @@ -647,7 +650,7 @@ const char *name, const char *const argv[], int *fd_child_list, void (*atfork) (void *opaque, int reserved), - void *atforkvalue) + void *atforkvalue, unsigned int flags) { assuan_error_t err; assuan_fd_t rp[2]; @@ -771,6 +774,7 @@ &sec_attr, /* Thread security attributes. */ TRUE, /* Inherit handles. */ (CREATE_DEFAULT_ERROR_MODE + | ((flags & 128)? DETACHED_PROCESS : 0) | GetPriorityClass (GetCurrentProcess ()) | CREATE_SUSPENDED), /* Creation flags. */ NULL, /* Environment. */ @@ -823,7 +827,7 @@ assuan_pipe_connect (assuan_context_t *ctx, const char *name, const char *const argv[], int *fd_child_list) { - return pipe_connect (ctx, name, argv, fd_child_list, NULL, NULL); + return pipe_connect (ctx, name, argv, fd_child_list, NULL, NULL, 0); } @@ -835,7 +839,7 @@ void (*atfork) (void *opaque, int reserved), void *atforkvalue) { - return pipe_connect (ctx, name, argv, fd_child_list, atfork, atforkvalue); + return pipe_connect (ctx, name, argv, fd_child_list, atfork, atforkvalue, 0); } @@ -848,10 +852,20 @@ as the second argument. The ATFORK function should only act if the second value is 0. - For now FLAGS may either take the value 0 to behave like - assuan_pipe_connect2 or 1 to enable the described full-duplex - socket behaviour. + FLAGS is a bit vector and controls how the function acts: + Bit 0: If cleared a simple pipe based server is expected and the + function behaves similar to `assuan_pipe_connect'. + If set a server based on full-duplex pipes is expected. Such + pipes are usually created using the `socketpair' function. + It also enables features only available with such servers. + + Bit 7: If set and there is a need to start ther server it will be + started as a background process. This flag is useful under + W32 systems, so that no new console is created and pops up a + console window when starting the server + + If NAME as well as ARGV are NULL, no exec is done but the same process is continued. However all file descriptors are closed and some special environment variables are set. To let the caller @@ -874,6 +888,7 @@ #endif } else - return pipe_connect (ctx, name, argv, fd_child_list, atfork, atforkvalue); + return pipe_connect (ctx, name, argv, fd_child_list, atfork, atforkvalue, + flags); } From cvs at cvs.gnupg.org Wed Dec 12 17:32:38 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 12 Dec 2007 17:32:38 +0100 Subject: [svn] assuan - r280 - tags Message-ID: Author: wk Date: 2007-12-12 17:32:38 +0100 (Wed, 12 Dec 2007) New Revision: 280 Added: tags/libassuan-1.0.4/ Log: Release! Copied: tags/libassuan-1.0.4 (from rev 279, trunk) From cvs at cvs.gnupg.org Wed Dec 12 17:35:28 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 12 Dec 2007 17:35:28 +0100 Subject: [svn] assuan - r281 - trunk Message-ID: Author: wk Date: 2007-12-12 17:35:28 +0100 (Wed, 12 Dec 2007) New Revision: 281 Modified: trunk/NEWS trunk/configure.ac Log: Post release updates Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-12 16:32:38 UTC (rev 280) +++ trunk/NEWS 2007-12-12 16:35:28 UTC (rev 281) @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.0.5 +------------------------------------------------ + + Noteworthy changes in version 1.0.4 (2007-12-12) ------------------------------------------------ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2007-12-12 16:32:38 UTC (rev 280) +++ trunk/configure.ac 2007-12-12 16:35:28 UTC (rev 281) @@ -24,8 +24,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.0.4]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.0.5]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) From cvs at cvs.gnupg.org Wed Dec 12 17:38:25 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Wed, 12 Dec 2007 17:38:25 +0100 Subject: [svn] GnuPG - r4651 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2007-12-12 17:38:23 +0100 (Wed, 12 Dec 2007) New Revision: 4651 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/trustdb.c Log: * trustdb.c (sanitize_regexp): New. Protect against dangerous regexps (malloc bombs) by force-commenting any characters aside from the ones we explicitly want. (check_regexp): Use it here before passing the regexp to regcomp(). Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-12-12 10:28:30 UTC (rev 4650) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2007-12-12 16:38:23 UTC (rev 4651) @@ -1,3 +1,11 @@ +2007-12-12 David Shaw + + * trustdb.c (sanitize_regexp): New. Protect against dangerous + regexps (malloc bombs) by force-commenting any characters aside + from the ones we explicitly want. + (check_regexp): Use it here before passing the regexp to + regcomp(). + 2007-12-11 Werner Koch * mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for Modified: branches/STABLE-BRANCH-1-4/g10/trustdb.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/trustdb.c 2007-12-12 10:28:30 UTC (rev 4650) +++ branches/STABLE-BRANCH-1-4/g10/trustdb.c 2007-12-12 16:38:23 UTC (rev 4651) @@ -1,6 +1,6 @@ /* trustdb.c - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1749,6 +1749,69 @@ uids_cleaned,sigs_cleaned); } +/* Returns a sanitized copy of the regexp (which might be "", but not + NULL). */ +static char * +sanitize_regexp(const char *old) +{ + size_t start=0,len=strlen(old),idx=0; + int escaped=0,standard_bracket=0; + char *new=xmalloc((len*2)+1); /* enough to \-escape everything if we + have to */ + + /* There are basically two commonly-used regexps here. GPG and most + versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9) + command line uses "example.com" (i.e. whatever the user specfies, + and we can't expect users know to use "\." instead of "."). So + here are the rules: we're allowed to start with "<[^>]+[@.]" and + end with ">$" or start and end with nothing. In between, the + only legal regex character is ".", and everything else gets + escaped. Part of the gotcha here is that some regex packages + allow more than RFC-4880 requires. For example, 4880 has no "{}" + operator, but GNU regex does. Commenting removes these operators + from consideration. A possible future enhancement is to use + commenting to effectively back off a given regex to the Henry + Spencer syntax in 4880. -dshaw */ + + /* Are we bracketed between "<[^>]+[@.]" and ">$" ? */ + if(len>=12 && strncmp(old,"<[^>]+[@.]",10)==0 + && old[len-2]=='>' && old[len-1]=='$') + { + strcpy(new,"<[^>]+[@.]"); + idx=strlen(new); + standard_bracket=1; + start+=10; + len-=2; + } + + /* Walk the remaining characters and ensure that everything that is + left is not an operational regex character. */ + for(;start$", then it was escaping the ">" and is fine. If the regexp + actually ended with the bare "\", then it's an illegal regexp and + regcomp should kick it out. */ + + if(standard_bracket) + strcat(new,">$"); + + return new; +} + /* Used by validate_one_keyblock to confirm a regexp within a trust signature. Returns 1 for match, and 0 for no match or regex error. */ @@ -1759,23 +1822,35 @@ /* When DISABLE_REGEX is defined, assume all regexps do not match. */ return 0; -#elif defined(__riscos__) - return riscos_check_regexp(expr, string, DBG_TRUST); #else int ret; - regex_t pat; + char *regexp; - if(regcomp(&pat,expr,REG_ICASE|REG_NOSUB|REG_EXTENDED)!=0) - return 0; + regexp=sanitize_regexp(expr); - ret=regexec(&pat,string,0,NULL,0); +#ifdef __riscos__ + ret=riscos_check_regexp(expr, string, DBG_TRUST); +#else + { + regex_t pat; - regfree(&pat); + ret=regcomp(&pat,regexp,REG_ICASE|REG_NOSUB|REG_EXTENDED); + if(ret==0) + { + ret=regexec(&pat,string,0,NULL,0); + regfree(&pat); + ret=(ret==0); + } + } +#endif if(DBG_TRUST) - log_debug("regexp `%s' on `%s': %s\n",expr,string,ret==0?"YES":"NO"); + log_debug("regexp `%s' (`%s') on `%s': %s\n", + regexp,expr,string,ret==0?"YES":"NO"); - return (ret==0); + xfree(regexp); + + return ret; #endif } From cvs at cvs.gnupg.org Wed Dec 12 17:47:54 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 12 Dec 2007 17:47:54 +0100 Subject: [svn] GnuPG - r4652 - in trunk: g10 po tools Message-ID: Author: wk Date: 2007-12-12 17:47:52 +0100 (Wed, 12 Dec 2007) New Revision: 4652 Modified: trunk/g10/ChangeLog trunk/g10/trustdb.c trunk/po/ChangeLog trunk/po/POTFILES.in trunk/tools/gpg-connect-agent.c Log: Doc fixes. Add more files to POTFILES. Protect against malloc bombs. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-12-12 16:38:23 UTC (rev 4651) +++ trunk/g10/ChangeLog 2007-12-12 16:47:52 UTC (rev 4652) @@ -1,3 +1,11 @@ +2007-12-12 David Shaw (wk) + + * trustdb.c (sanitize_regexp): New. Protect against dangerous + regexps (malloc bombs) by force-commenting any characters aside + from the ones we explicitly want. + (check_regexp): Use it here before passing the regexp to + regcomp(). + 2007-12-12 Werner Koch * misc.c (map_cipher_openpgp_to_gcry): New. Used to map Camellia Modified: trunk/g10/trustdb.c =================================================================== --- trunk/g10/trustdb.c 2007-12-12 16:38:23 UTC (rev 4651) +++ trunk/g10/trustdb.c 2007-12-12 16:47:52 UTC (rev 4652) @@ -1,6 +1,6 @@ /* trustdb.c - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2005 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1745,6 +1745,71 @@ uids_cleaned,sigs_cleaned); } +/* Returns a sanitized copy of the regexp (which might be "", but not + NULL). */ +#ifndef DISABLE_REGEX +static char * +sanitize_regexp(const char *old) +{ + size_t start=0,len=strlen(old),idx=0; + int escaped=0,standard_bracket=0; + char *new=xmalloc((len*2)+1); /* enough to \-escape everything if we + have to */ + + /* There are basically two commonly-used regexps here. GPG and most + versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9) + command line uses "example.com" (i.e. whatever the user specfies, + and we can't expect users know to use "\." instead of "."). So + here are the rules: we're allowed to start with "<[^>]+[@.]" and + end with ">$" or start and end with nothing. In between, the + only legal regex character is ".", and everything else gets + escaped. Part of the gotcha here is that some regex packages + allow more than RFC-4880 requires. For example, 4880 has no "{}" + operator, but GNU regex does. Commenting removes these operators + from consideration. A possible future enhancement is to use + commenting to effectively back off a given regex to the Henry + Spencer syntax in 4880. -dshaw */ + + /* Are we bracketed between "<[^>]+[@.]" and ">$" ? */ + if(len>=12 && strncmp(old,"<[^>]+[@.]",10)==0 + && old[len-2]=='>' && old[len-1]=='$') + { + strcpy(new,"<[^>]+[@.]"); + idx=strlen(new); + standard_bracket=1; + start+=10; + len-=2; + } + + /* Walk the remaining characters and ensure that everything that is + left is not an operational regex character. */ + for(;start$", then it was escaping the ">" and is fine. If the regexp + actually ended with the bare "\", then it's an illegal regexp and + regcomp should kick it out. */ + + if(standard_bracket) + strcat(new,">$"); + + return new; +} +#endif /*!DISABLE_REGEX*/ + /* Used by validate_one_keyblock to confirm a regexp within a trust signature. Returns 1 for match, and 0 for no match or regex error. */ @@ -1755,23 +1820,35 @@ /* When DISABLE_REGEX is defined, assume all regexps do not match. */ return 0; -#elif defined(__riscos__) - return riscos_check_regexp(expr, string, DBG_TRUST); #else int ret; - regex_t pat; + char *regexp; - if(regcomp(&pat,expr,REG_ICASE|REG_NOSUB|REG_EXTENDED)!=0) - return 0; + regexp=sanitize_regexp(expr); - ret=regexec(&pat,string,0,NULL,0); +#ifdef __riscos__ + ret=riscos_check_regexp(expr, string, DBG_TRUST); +#else + { + regex_t pat; - regfree(&pat); + ret=regcomp(&pat,regexp,REG_ICASE|REG_NOSUB|REG_EXTENDED); + if(ret==0) + { + ret=regexec(&pat,string,0,NULL,0); + regfree(&pat); + ret=(ret==0); + } + } +#endif if(DBG_TRUST) - log_debug("regexp `%s' on `%s': %s\n",expr,string,ret==0?"YES":"NO"); + log_debug("regexp `%s' (`%s') on `%s': %s\n", + regexp,expr,string,ret==0?"YES":"NO"); - return (ret==0); + xfree(regexp); + + return ret; #endif } Modified: trunk/po/ChangeLog =================================================================== --- trunk/po/ChangeLog 2007-12-12 16:38:23 UTC (rev 4651) +++ trunk/po/ChangeLog 2007-12-12 16:47:52 UTC (rev 4652) @@ -1,3 +1,7 @@ +2007-12-12 Werner Koch + + * POTFILES.in: Add a couple of missing files. + 2007-12-03 Jakub Bogusz (wk) * pl.po: Updated. Received through entry bug#856. Modified: trunk/po/POTFILES.in =================================================================== --- trunk/po/POTFILES.in 2007-12-12 16:38:23 UTC (rev 4651) +++ trunk/po/POTFILES.in 2007-12-12 16:47:52 UTC (rev 4652) @@ -16,6 +16,9 @@ common/sysutils.c common/yesno.c common/miscellaneous.c +common/asshelp.c +common/audit.c +common/helpfile.c g10/armor.c g10/build-packet.c @@ -69,6 +72,7 @@ scd/app-nks.c scd/app-openpgp.c +scd/app-dinsig.c scd/scdaemon.c sm/base64.c @@ -79,6 +83,7 @@ sm/certdump.c sm/certlist.c sm/certreqgen.c +sm/certreqgen-ui.c sm/decrypt.c sm/delete.c sm/encrypt.c @@ -97,3 +102,5 @@ tools/gpgconf.c tools/no-libgcrypt.c tools/symcryptrun.c +tools/gpg-check-pattern.c + Modified: trunk/tools/gpg-connect-agent.c =================================================================== --- trunk/tools/gpg-connect-agent.c 2007-12-12 16:38:23 UTC (rev 4651) +++ trunk/tools/gpg-connect-agent.c 2007-12-12 16:47:52 UTC (rev 4652) @@ -1690,8 +1690,8 @@ if (*line) *line++ = 0; - /* Now match it against our list. he second loop is todetect the - match all entry. **/ + /* Now match it against our list. The second loop is there to + detect the match-all entry. */ for (d=definq_list; d; d = d->next) if (d->name && !strcmp (d->name, name)) break; From cvs at cvs.gnupg.org Wed Dec 12 18:41:06 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 12 Dec 2007 18:41:06 +0100 Subject: [svn] GnuPG - r4653 - in trunk: . g10 Message-ID: Author: wk Date: 2007-12-12 18:41:05 +0100 (Wed, 12 Dec 2007) New Revision: 4653 Modified: trunk/NEWS trunk/g10/ChangeLog trunk/g10/misc.c Log: Allow type 20 keys only with option --rfc2440. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-12 16:47:52 UTC (rev 4652) +++ trunk/NEWS 2007-12-12 17:41:05 UTC (rev 4653) @@ -14,7 +14,8 @@ * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the pinentry. - * Allow encryption using Elgamal keys with the algorithm id 20. + * Allow encryption with legacy Elgamal sign+encrypt keys with option + --rfc2440. * Fixed the auto creation of the key stub for smartcards. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2007-12-12 16:47:52 UTC (rev 4652) +++ trunk/g10/ChangeLog 2007-12-12 17:41:05 UTC (rev 4653) @@ -1,3 +1,10 @@ +2007-12-12 Werner Koch + + * misc.c (print_pubkey_algo_note): Print a warning if a type 20 + key is used. + (openpgp_pk_test_algo, openpgp_pk_test_algo2) + (openpgp_pk_algo_usage): Allow type 20 keys only in rfc2440 mode. + 2007-12-12 David Shaw (wk) * trustdb.c (sanitize_regexp): New. Protect against dangerous Modified: trunk/g10/misc.c =================================================================== --- trunk/g10/misc.c 2007-12-12 16:47:52 UTC (rev 4652) +++ trunk/g10/misc.c 2007-12-12 17:41:05 UTC (rev 4653) @@ -289,6 +289,10 @@ gcry_pk_algo_name (algo)); } } + else if (algo == 20) + { + log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n")); + } } void @@ -387,6 +391,10 @@ int openpgp_pk_test_algo( int algo ) { + /* Dont't allow type 20 keys unless in rfc2440 mode. */ + if (!RFC2440 && algo == 20) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -400,6 +408,10 @@ { size_t use_buf = use; + /* Dont't allow type 20 keys unless in rfc2440 mode. */ + if (!RFC2440 && algo == 20) + return gpg_error (GPG_ERR_PUBKEY_ALGO); + if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -427,6 +439,9 @@ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG; break; case PUBKEY_ALGO_ELGAMAL: + if (RFC2440) + use = PUBKEY_USAGE_ENC; + break; case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; From cvs at cvs.gnupg.org Wed Dec 12 19:55:53 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 12 Dec 2007 19:55:53 +0100 Subject: [svn] GnuPG - r4655 - branches/STABLE-BRANCH-1-4/doc Message-ID: Author: wk Date: 2007-12-12 19:55:52 +0100 (Wed, 12 Dec 2007) New Revision: 4655 Modified: branches/STABLE-BRANCH-1-4/doc/ChangeLog branches/STABLE-BRANCH-1-4/doc/gpg.texi branches/STABLE-BRANCH-1-4/doc/specify-user-id.texi branches/STABLE-BRANCH-1-4/doc/yat2m.c Log: Type fixes and @samp{} fix. From gnupg-2. Modified: branches/STABLE-BRANCH-1-4/doc/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/doc/ChangeLog 2007-12-12 18:26:25 UTC (rev 4654) +++ branches/STABLE-BRANCH-1-4/doc/ChangeLog 2007-12-12 18:55:52 UTC (rev 4655) @@ -1,3 +1,8 @@ +2007-12-12 Werner Koch + + * gpg.texi, specify-user-id.texi: Update from gnupg-2. + * yat2m.c: Update from gnupg-2. + 2007-10-27 David Shaw * gpg.texi: Update from gnupg-2. Modified: branches/STABLE-BRANCH-1-4/doc/gpg.texi =================================================================== --- branches/STABLE-BRANCH-1-4/doc/gpg.texi 2007-12-12 18:26:25 UTC (rev 4654) +++ branches/STABLE-BRANCH-1-4/doc/gpg.texi 2007-12-12 18:55:52 UTC (rev 4655) @@ -113,7 +113,7 @@ @node GPG Commands @section Commands -Commands are not distinguished from options execpt for the fact that +Commands are not distinguished from options except for the fact that only one command is allowed. @command{@gpgname} may be run with no commands, in which case it will @@ -876,7 +876,7 @@ @node GPG Configuration Options @subsection How to change the configuration -These options are used to change the configuraton and are usually found +These options are used to change the configuration and are usually found in the option file. @table @gnupgtabopt @@ -2456,13 +2456,13 @@ @item --gpgconf-list @opindex gpgconf-list -This command is simliar to @option{--list-config} but in general only +This command is similar to @option{--list-config} but in general only internally used by the @command{gpgconf} tool. @item --gpgconf-test @opindex gpgconf-test This is more or less dummy action. However it parses the configuration -file and returns with failure if the configuraion file would prevent +file and returns with failure if the configuration file would prevent @command{gpg} from startup. Thus it may be used to run a syntax check on the configuration file. @@ -2560,7 +2560,7 @@ helper script is provided to create these files (@pxref{addgnupghome}). @end ifclear -For internal purposes @command{@gpgname} creates and maintaines a few other +For internal purposes @command{@gpgname} creates and maintains a few other files; They all live in in the current home directory (@pxref{option --homedir}). Only the @command{@gpgname} may modify these files. @@ -2617,6 +2617,10 @@ as described in its documentation, this variable is set to the correct value. The option @option{--gpg-agent-info} can be used to override it. + at item PINENTRY_USER_DATA +This value is passed via gpg-agent to pinentry. It is useful to convey +extra information to a custom pinentry + @item COLUMNS @itemx LINES Used to size some displays to the full size of the screen. @@ -2682,7 +2686,7 @@ @include specify-user-id.texi @end ifset - at mansect return vaue + at mansect return value @chapheading RETURN VALUE The program returns 0 if everything was fine, 1 if at least Modified: branches/STABLE-BRANCH-1-4/doc/specify-user-id.texi =================================================================== --- branches/STABLE-BRANCH-1-4/doc/specify-user-id.texi 2007-12-12 18:26:25 UTC (rev 4654) +++ branches/STABLE-BRANCH-1-4/doc/specify-user-id.texi 2007-12-12 18:55:52 UTC (rev 4655) @@ -12,8 +12,8 @@ of its SHA-1 fingerprint. The use of key Ids is just a shortcut, for all automated processing the fingerprint should be used. -When using @command{gpg} an exclamation mark may be appended to force -using the specified primary or secondary key and not to try and +When using @command{gpg} an exclamation mark (!) may be appended to +force using the specified primary or secondary key and not to try and calculate which primary or secondary key to use. The last four lines of the example give the key ID in their long form as @@ -42,8 +42,8 @@ is available with @command{gpgsm} (i.e. the SHA-1 hash of the certificate). -When using @command{gpg} an exclamation mark may be appended to force -using the specified primary or secondary key and not to try and +When using @command{gpg} an exclamation mark (!) may be appended to +force using the specified primary or secondary key and not to try and calculate which primary or secondary key to use. The best way to specify a key Id is by using the fingerprint. This @@ -121,8 +121,8 @@ @item By exact match on serial number and issuer's DN. -This is indicated by a hash mark, followed by the hexadecmal -representation of the serial number, the followed by a slash and the +This is indicated by a hash mark, followed by the hexadecimal +representation of the serial number, then followed by a slash and the RFC-2253 encoded DN of the issuer. See note above. @cartouche Modified: branches/STABLE-BRANCH-1-4/doc/yat2m.c =================================================================== --- branches/STABLE-BRANCH-1-4/doc/yat2m.c 2007-12-12 18:26:25 UTC (rev 4654) +++ branches/STABLE-BRANCH-1-4/doc/yat2m.c 2007-12-12 18:55:52 UTC (rev 4655) @@ -449,7 +449,7 @@ { "code", 0, "\\fB", "\\fR" }, { "sc", 0, "\\fB", "\\fR" }, { "var", 0, "\\fI", "\\fR" }, - { "samp", 0, "\n'", "'\n" }, + { "samp", 0, "'", "'" }, { "file", 0, "`\\fI","\\fR'" }, { "env", 0, "`\\fI","\\fR'" }, { "acronym", 0 }, @@ -753,7 +753,7 @@ finish_page (void) { FILE *fp; - section_buffer_t sect; + section_buffer_t sect = NULL; int idx; const char *s; int i; From cvs at cvs.gnupg.org Thu Dec 13 16:44:14 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 13 Dec 2007 16:44:14 +0100 Subject: [svn] dirmngr - r278 - in trunk/doc/examples: . extra-certs trusted-certs Message-ID: Author: wk Date: 2007-12-13 16:44:13 +0100 (Thu, 13 Dec 2007) New Revision: 278 Added: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-001.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-002.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-003.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-004.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-005.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-006.final.v3.509.crt trunk/doc/examples/trusted-certs/S-TRUSTQualifiedRootCA2008-001.final.v3.509.crt trunk/doc/examples/trusted-certs/S-TRUSTQualifiedRootCA2008-002.final.v3.509.crt Modified: trunk/doc/examples/Makefile.am Log: Add new certs Modified: trunk/doc/examples/Makefile.am =================================================================== --- trunk/doc/examples/Makefile.am 2007-12-12 12:48:32 UTC (rev 277) +++ trunk/doc/examples/Makefile.am 2007-12-13 15:44:13 UTC (rev 278) @@ -4,8 +4,10 @@ nobase_dist_doc_example_DATA = README dirmngr.conf bnetza-10r-ocsp.signer nobase_dist_doc_example_DATA += \ - trusted-certs/README \ - trusted-certs/bnetza-10r-ca.crt + trusted-certs/README \ + trusted-certs/bnetza-10r-ca.crt \ + trusted-certs/S-TRUSTQualifiedRootCA2008-002.final.v3.509.crt \ + trusted-certs/S-TRUSTQualifiedRootCA2008-001.final.v3.509.crt nobase_dist_doc_example_DATA += \ extra-certs/bnetza-10r-ocsp-1.crt \ @@ -19,5 +21,11 @@ extra-certs/bnetza-10r-ocsp-9.crt \ extra-certs/bnetza-10r-ocsp-10.crt \ extra-certs/bnetza-10r-ocsp-11.crt \ - extra-certs/bnetza-10r-ocsp-12.crt + extra-certs/bnetza-10r-ocsp-12.crt \ + extra-certs/S-TRUSTQualifiedSignatureCA2008-001.final.v3.509.crt \ + extra-certs/S-TRUSTQualifiedSignatureCA2008-002.final.v3.509.crt \ + extra-certs/S-TRUSTQualifiedSignatureCA2008-003.final.v3.509.crt \ + extra-certs/S-TRUSTQualifiedSignatureCA2008-004.final.v3.509.crt \ + extra-certs/S-TRUSTQualifiedSignatureCA2008-005.final.v3.509.crt \ + extra-certs/S-TRUSTQualifiedSignatureCA2008-006.final.v3.509.crt Added: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-001.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-001.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-002.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-002.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-003.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-003.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-004.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-004.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-005.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-005.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-006.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualifiedSignatureCA2008-006.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/trusted-certs/S-TRUSTQualifiedRootCA2008-001.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/trusted-certs/S-TRUSTQualifiedRootCA2008-001.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/trusted-certs/S-TRUSTQualifiedRootCA2008-002.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/trusted-certs/S-TRUSTQualifiedRootCA2008-002.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream From cvs at cvs.gnupg.org Thu Dec 13 16:51:46 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 13 Dec 2007 16:51:46 +0100 Subject: [svn] dirmngr - r279 - in trunk/doc/examples: . extra-certs Message-ID: Author: wk Date: 2007-12-13 16:51:45 +0100 (Thu, 13 Dec 2007) New Revision: 279 Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-001.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-002.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-003.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-004.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-005.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-006.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-007.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-008.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-009.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-010.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-011.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-012.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-013.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-014.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-015.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-016.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-017.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-018.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-019.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-020.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-021.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-022.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-023.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-024.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-025.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-026.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-027.final.v3.509.crt trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-028.final.v3.509.crt Modified: trunk/doc/examples/Makefile.am Log: More certs Modified: trunk/doc/examples/Makefile.am =================================================================== --- trunk/doc/examples/Makefile.am 2007-12-13 15:44:13 UTC (rev 278) +++ trunk/doc/examples/Makefile.am 2007-12-13 15:51:45 UTC (rev 279) @@ -27,5 +27,34 @@ extra-certs/S-TRUSTQualifiedSignatureCA2008-003.final.v3.509.crt \ extra-certs/S-TRUSTQualifiedSignatureCA2008-004.final.v3.509.crt \ extra-certs/S-TRUSTQualifiedSignatureCA2008-005.final.v3.509.crt \ - extra-certs/S-TRUSTQualifiedSignatureCA2008-006.final.v3.509.crt + extra-certs/S-TRUSTQualifiedSignatureCA2008-006.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-001.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-002.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-003.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-004.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-005.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-006.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-007.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-008.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-009.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-010.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-011.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-012.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-013.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-014.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-015.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-016.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-017.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-018.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-019.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-020.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-021.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-022.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-023.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-024.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-025.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-026.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-027.final.v3.509.crt \ + extra-certs/S-TRUSTQualSigOCSP2008-028.final.v3.509.crt + Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-001.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-001.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-002.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-002.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-003.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-003.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-004.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-004.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-005.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-005.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-006.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-006.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-007.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-007.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-008.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-008.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-009.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-009.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-010.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-010.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-011.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-011.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-012.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-012.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-013.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-013.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-014.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-014.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-015.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-015.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-016.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-016.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-017.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-017.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-018.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-018.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-019.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-019.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-020.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-020.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-021.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-021.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-022.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-022.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-023.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-023.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-024.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-024.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-025.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-025.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-026.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-026.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-027.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-027.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Added: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-028.final.v3.509.crt =================================================================== (Binary files differ) Property changes on: trunk/doc/examples/extra-certs/S-TRUSTQualSigOCSP2008-028.final.v3.509.crt ___________________________________________________________________ Name: svn:mime-type + application/octet-stream From cvs at cvs.gnupg.org Thu Dec 13 16:45:43 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 13 Dec 2007 16:45:43 +0100 Subject: [svn] GnuPG - r4656 - in trunk: . common doc doc/examples sm Message-ID: Author: wk Date: 2007-12-13 16:45:40 +0100 (Thu, 13 Dec 2007) New Revision: 4656 Added: trunk/common/t-sexputil.c Modified: trunk/NEWS trunk/common/ChangeLog trunk/common/Makefile.am trunk/common/sexp-parse.h trunk/common/sexputil.c trunk/common/util.h trunk/doc/ChangeLog trunk/doc/debugging.texi trunk/doc/examples/trustlist.txt trunk/doc/gpg.texi trunk/doc/gpgsm.texi trunk/doc/qualified.txt trunk/doc/specify-user-id.texi trunk/sm/ChangeLog trunk/sm/gpgsm.c trunk/sm/gpgsm.h trunk/sm/sign.c trunk/sm/verify.c Log: Allow verification of some broken S-TRUST generated signatures. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/NEWS 2007-12-13 15:45:40 UTC (rev 4656) @@ -23,7 +23,10 @@ * Creating DSA2 keys is now possible. + * New option --extra-digest-algo for gpgsm to allow verification of + broken signatures. + Noteworthy changes in version 2.0.7 (2007-09-10) ------------------------------------------------ Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/common/ChangeLog 2007-12-13 15:45:40 UTC (rev 4656) @@ -1,3 +1,9 @@ +2007-12-13 Werner Koch + + * sexputil.c (hash_algo_from_sigval): New. + * t-sexputil.c: New. + * Makefile.am (module_tests): Add it. + 2007-12-11 Werner Koch * asshelp.c (send_pinentry_environment): Allow using of old @@ -1126,7 +1132,8 @@ (atoi_1,atoi_2,atoi_4,xtoi_1,xtoi_2): New. - Copyright 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. + Copyright 2001, 2002, 2003, 2004, 2005, 2006, + 2007 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/common/Makefile.am =================================================================== --- trunk/common/Makefile.am 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/common/Makefile.am 2007-12-13 15:45:40 UTC (rev 4656) @@ -107,7 +107,7 @@ # # Module tests # -module_tests = t-convert t-gettime t-sysutils +module_tests = t-convert t-gettime t-sysutils t-sexputil module_maint_tests = t-helpfile t_common_ldadd = libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \ @@ -117,5 +117,5 @@ t_gettime_LDADD = $(t_common_ldadd) t_sysutils_LDADD = $(t_common_ldadd) t_helpfile_LDADD = $(t_common_ldadd) +t_sexputil_LDADD = $(t_common_ldadd) - Modified: trunk/common/sexp-parse.h =================================================================== --- trunk/common/sexp-parse.h 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/common/sexp-parse.h 2007-12-13 15:45:40 UTC (rev 4656) @@ -44,7 +44,7 @@ lists and may be passed as a positive number to skip over the remainder of an S-Expression if the current position is somewhere in an S-Expression. The function may return an error code if it - encounters an impossible conditions */ + encounters an impossible condition. */ static inline gpg_error_t sskip (unsigned char const **buf, int *depth) { Modified: trunk/common/sexputil.c =================================================================== --- trunk/common/sexputil.c 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/common/sexputil.c 2007-12-13 15:45:40 UTC (rev 4656) @@ -1,5 +1,5 @@ /* sexputil.c - Utility functions for S-expressions. - * Copyright (C) 2005 Free Software Foundation, Inc. + * Copyright (C) 2005, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -40,8 +40,8 @@ KEY is expected to be an canonical encoded S-expression with a public or private key. KEYLEN is the length of that buffer. - GRIP must be at least 20 bytes long On success 0 is return, on - error an aerror code. */ + GRIP must be at least 20 bytes long. On success 0 is returned, on + error an error code. */ gpg_error_t keygrip_from_canon_sexp (const unsigned char *key, size_t keylen, unsigned char *grip) @@ -143,3 +143,49 @@ return buf; } + + +/* Return the hash algorithm from a KSBA sig-val. SIGVAL is a + canonical encoded S-expression. Return 0 if the hash algorithm is + not encoded in SIG-VAL or it is not supported by libgcrypt. */ +int +hash_algo_from_sigval (const unsigned char *sigval) +{ + const unsigned char *s = sigval; + size_t n; + int depth; + char buffer[50]; + + if (!s || *s != '(') + return 0; /* Invalid S-expression. */ + s++; + n = snext (&s); + if (!n) + return 0; /* Invalid S-expression. */ + if (!smatch (&s, n, "sig-val")) + return 0; /* Not a sig-val. */ + if (*s != '(') + return 0; /* Invalid S-expression. */ + s++; + /* Skip over the algo+parameter list. */ + depth = 1; + if (sskip (&s, &depth) || depth) + return 0; /* Invalid S-expression. */ + if (*s != '(') + return 0; /* No futher list. */ + /* Check whether this is (hash ALGO). */ + s++; + n = snext (&s); + if (!n) + return 0; /* Invalid S-expression. */ + if (!smatch (&s, n, "hash")) + return 0; /* Not a "hash" keyword. */ + n = snext (&s); + if (!n || n+1 >= sizeof (buffer)) + return 0; /* Algorithm string is missing or too long. */ + memcpy (buffer, s, n); + buffer[n] = 0; + + return gcry_md_map_name (buffer); +} + Added: trunk/common/t-sexputil.c =================================================================== --- trunk/common/t-sexputil.c 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/common/t-sexputil.c 2007-12-13 15:45:40 UTC (rev 4656) @@ -0,0 +1,82 @@ +/* t-sexputil.c - Module test for sexputil.c + * Copyright (C) 2007 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include + +#include "util.h" + +#define pass() do { ; } while(0) +#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\ + __FILE__,__LINE__, (a)); \ + exit (1); \ + } while(0) + + +static void +test_hash_algo_from_sigval (void) +{ + int algo; + /* A real world example. */ + unsigned char example1_rsa_sha1[] = + ("\x28\x37\x3A\x73\x69\x67\x2D\x76\x61\x6C\x28\x33\x3A\x72\x73\x61" + "\x28\x31\x3A\x73\x31\x32\x38\x3A\x17\xD2\xE9\x5F\xB4\x24\xD4\x1E" + "\x8C\xEE\x94\xDA\x41\x42\x1F\x26\x5E\xF4\x6D\xEC\x5B\xBD\x5B\x89" + "\x7A\x69\x11\x43\xE9\xD2\x23\x21\x25\x64\xA6\xB0\x56\xEF\xB4\xE9" + "\x06\xB2\x44\xF6\x80\x1E\xFF\x41\x23\xEB\xC9\xFA\xFD\x09\xBF\x9C" + "\x8E\xCF\x7F\xC3\x7F\x3A\x40\x48\x89\xDC\xBA\xB7\xDB\x9E\xF1\xBA" + "\x7C\x08\xEA\x74\x1D\x49\xE7\x65\xEF\x67\x79\xBC\x23\xD9\x49\xCD" + "\x05\x99\xD3\xD8\xB7\x7B\xC7\x0E\xF2\xB3\x01\x48\x0F\xC8\xEB\x05" + "\x7B\xFB\x61\xCC\x41\x04\x74\x6D\x33\x84\xB1\xE6\x6A\xD8\x0F\xBC" + "\x27\xAC\x43\x45\xFA\x04\xD1\x22\x29\x29\x28\x34\x3A\x68\x61\x73" + "\x68\x34\x3A\x73\x68\x61\x31\x29\x29"); + /* The same but without the hash algo. */ + unsigned char example1_rsa[] = + ("\x28\x37\x3A\x73\x69\x67\x2D\x76\x61\x6C\x28\x33\x3A\x72\x73\x61" + "\x28\x31\x3A\x73\x31\x32\x38\x3A\x17\xD2\xE9\x5F\xB4\x24\xD4\x1E" + "\x8C\xEE\x94\xDA\x41\x42\x1F\x26\x5E\xF4\x6D\xEC\x5B\xBD\x5B\x89" + "\x7A\x69\x11\x43\xE9\xD2\x23\x21\x25\x64\xA6\xB0\x56\xEF\xB4\xE9" + "\x06\xB2\x44\xF6\x80\x1E\xFF\x41\x23\xEB\xC9\xFA\xFD\x09\xBF\x9C" + "\x8E\xCF\x7F\xC3\x7F\x3A\x40\x48\x89\xDC\xBA\xB7\xDB\x9E\xF1\xBA" + "\x7C\x08\xEA\x74\x1D\x49\xE7\x65\xEF\x67\x79\xBC\x23\xD9\x49\xCD" + "\x05\x99\xD3\xD8\xB7\x7B\xC7\x0E\xF2\xB3\x01\x48\x0F\xC8\xEB\x05" + "\x7B\xFB\x61\xCC\x41\x04\x74\x6D\x33\x84\xB1\xE6\x6A\xD8\x0F\xBC" + "\x27\xAC\x43\x45\xFA\x04\xD1\x22\x29\x29\x29"); + + algo = hash_algo_from_sigval (example1_rsa_sha1); + if (algo != GCRY_MD_SHA1) + fail (0); + algo = hash_algo_from_sigval (example1_rsa); + if (algo) + fail (0); +} + + + + +int +main (int argc, char **argv) +{ + + test_hash_algo_from_sigval (); + + return 0; +} + Modified: trunk/common/util.h =================================================================== --- trunk/common/util.h 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/common/util.h 2007-12-13 15:45:40 UTC (rev 4656) @@ -164,6 +164,7 @@ int cmp_simple_canon_sexp (const unsigned char *a, const unsigned char *b); unsigned char *make_simple_sexp_from_hexstr (const char *line, size_t *nscanned); +int hash_algo_from_sigval (const unsigned char *sigval); /*-- convert.c --*/ int hex2bin (const char *string, void *buffer, size_t length); Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/doc/ChangeLog 2007-12-13 15:45:40 UTC (rev 4656) @@ -1,3 +1,14 @@ +2007-12-13 Werner Koch + + * qualified.txt: Add 2 root certs from S-Trust for 2008-2012. + * examples/trustlist.txt: Ditto. + + * gpgsm.texi (Esoteric Options): Document --extra-digest-algo. + +2007-12-12 Werner Koch + + * gpg.texi: Typo fixes. From Christer Andersson. + 2007-12-04 Werner Koch * help.txt: New online help file. Modified: trunk/doc/debugging.texi =================================================================== --- trunk/doc/debugging.texi 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/doc/debugging.texi 2007-12-13 15:45:40 UTC (rev 4656) @@ -182,7 +182,12 @@ fingerprint and this flag may only be added manually to @file{trustlist.txt}. + at item Error message: ``digest algorithm N has not been enabled'' +The signature is broken. You may try the option + at option{--extra-digest-algo SHA256} to workaround the problem. The +number N is the internal algorighm indentifier; for example 8 refers to +SHA-256. @end itemize Modified: trunk/doc/examples/trustlist.txt =================================================================== --- trunk/doc/examples/trustlist.txt 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/doc/examples/trustlist.txt 2007-12-13 15:45:40 UTC (rev 4656) @@ -38,6 +38,17 @@ # Issuer: /CN=11R-CA 1:PN/O=Bundesnetzagentur/C=DE A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D S +# S/N: 00B3963E0E6C2D65125853E970665402E5 +# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA S + +# S/N: 00C4216083F35C54F67B09A80C3C55FE7D +# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B S + + #Serial number: 00 # Issuer: /CN=CA Cert Signing Authority/OU=http:\x2f\x2fwww. # cacert.org/O=Root CA/EMail=support at cacert.org Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/doc/gpg.texi 2007-12-13 15:45:40 UTC (rev 4656) @@ -113,7 +113,7 @@ @node GPG Commands @section Commands -Commands are not distinguished from options execpt for the fact that +Commands are not distinguished from options except for the fact that only one command is allowed. @command{@gpgname} may be run with no commands, in which case it will @@ -876,7 +876,7 @@ @node GPG Configuration Options @subsection How to change the configuration -These options are used to change the configuraton and are usually found +These options are used to change the configuration and are usually found in the option file. @table @gnupgtabopt @@ -2456,13 +2456,13 @@ @item --gpgconf-list @opindex gpgconf-list -This command is simliar to @option{--list-config} but in general only +This command is similar to @option{--list-config} but in general only internally used by the @command{gpgconf} tool. @item --gpgconf-test @opindex gpgconf-test This is more or less dummy action. However it parses the configuration -file and returns with failure if the configuraion file would prevent +file and returns with failure if the configuration file would prevent @command{gpg} from startup. Thus it may be used to run a syntax check on the configuration file. @@ -2560,7 +2560,7 @@ helper script is provided to create these files (@pxref{addgnupghome}). @end ifclear -For internal purposes @command{@gpgname} creates and maintaines a few other +For internal purposes @command{@gpgname} creates and maintains a few other files; They all live in in the current home directory (@pxref{option --homedir}). Only the @command{@gpgname} may modify these files. @@ -2686,7 +2686,7 @@ @include specify-user-id.texi @end ifset - at mansect return vaue + at mansect return value @chapheading RETURN VALUE The program returns 0 if everything was fine, 1 if at least Modified: trunk/doc/gpgsm.texi =================================================================== --- trunk/doc/gpgsm.texi 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/doc/gpgsm.texi 2007-12-13 15:45:40 UTC (rev 4656) @@ -569,6 +569,19 @@ @table @gnupgtabopt + at item --extra-digest-algo @var{name} + at opindex extra-digest-algo +Sometimes signatures are broken in that they announce a different digest +algorithm than actually used. @command{gpgsm} uses a one-pass data +processing model and thus needs to rely on the announcde digest +algorithms to properly hash the data. As a workaround this option may +be used to tell gpg to also hash the data using the algorithm + at var{name}; this slows processing down a little bit but allows to verify +such broken signatures. If @command{gpgsm} prints an error like +``digest algo 8 has not been enabled'' you may want to try this option, +with @samp{SHA256} for @var{name}. + + @item --faked-system-time @var{epoch} @opindex faked-system-time This option is only useful for testing; it sets the system time back or Modified: trunk/doc/qualified.txt =================================================================== --- trunk/doc/qualified.txt 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/doc/qualified.txt 2007-12-13 15:45:40 UTC (rev 4656) @@ -180,8 +180,37 @@ 7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC de +# ID: 0xA8FEA3CA +# S/N: 00B3963E0E6C2D65125853E970665402E5 +# Issuer: /CN=S-TRUST Qualified Root CA 2008-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +# Subject: /CN=S-TRUST Qualified Root CA 2008-001:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59 +# key type: 2048 bit RSA +# key usage: certSign crlSign +# chain length: 1 +#[checked: 2007-12-13 via received ZIP file with qualified signature from +# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag +# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg] +C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA +# ID: 0x3A7D979B +# S/N: 00C4216083F35C54F67B09A80C3C55FE7D +# Issuer: /CN=S-TRUST Qualified Root CA 2008-002:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +# Subject: /CN=S-TRUST Qualified Root CA 2008-002:PN +# /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +# validity: 2008-01-01 00:00:00 through 2012-12-30 23:59:59 +# key type: 2048 bit RSA +# key usage: certSign crlSign +# chain length: 1 +#[checked: 2007-12-13 via received ZIP file with qualified signature from +# /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag +# /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"] +D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B + #******************************************* # # End of file Property changes on: trunk/doc/qualified.txt ___________________________________________________________________ Name: gpg:signature - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iEYEABECAAYFAkXAmGwACgkQYHhOlAEKV+2YLgCfTGyaVgluKyvM2Jo+LvrbkGvB cQcAoKx5f9v0SnEmHMEdS1FOHI3RhP6J =kM3y -----END PGP SIGNATURE----- + -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iEYEABECAAYFAkdhTBsACgkQYHhOlAEKV+1d2ACfbGr12wCOslArHsT5n2kFcL22 /6AAnRStpBf2oNl4T5RIQ9IN/poU3ju3 =csQH -----END PGP SIGNATURE----- Modified: trunk/doc/specify-user-id.texi =================================================================== --- trunk/doc/specify-user-id.texi 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/doc/specify-user-id.texi 2007-12-13 15:45:40 UTC (rev 4656) @@ -121,7 +121,7 @@ @item By exact match on serial number and issuer's DN. -This is indicated by a hash mark, followed by the hexadecmal +This is indicated by a hash mark, followed by the hexadecimal representation of the serial number, then followed by a slash and the RFC-2253 encoded DN of the issuer. See note above. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/sm/ChangeLog 2007-12-13 15:45:40 UTC (rev 4656) @@ -1,3 +1,10 @@ +2007-12-13 Werner Koch + + * gpgsm.c (main): Add option --extra-digest-algo. + * gpgsm.h (struct): Add EXTRA_DIGEST_ALGO. + * verify.c (gpgsm_verify): Use it. Use the hash algorithm from + the signature value. + 2007-12-11 Werner Koch * certchain.c (do_validate_chain): Log AUDIT_ROOT_TRUSTED. Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/sm/gpgsm.c 2007-12-13 15:45:40 UTC (rev 4656) @@ -174,6 +174,7 @@ oOpenPGP, oCipherAlgo, oDigestAlgo, + oExtraDigestAlgo, oCompressAlgo, oCommandFD, oNoVerbose, @@ -388,6 +389,7 @@ { oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")}, { oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")}, + { oExtraDigestAlgo, "extra-digest-algo", 2 , "@" }, #if 0 { oCompressAlgo, "compress-algo", 1 , N_("|N|use compress algorithm N")}, #endif @@ -842,6 +844,7 @@ int use_random_seed = 1; int with_fpr = 0; char *def_digest_string = NULL; + char *extra_digest_algo = NULL; enum cmd_and_opt_values cmd = 0; struct server_control_s ctrl; certlist_t recplist = NULL; @@ -1298,6 +1301,10 @@ } break; + case oExtraDigestAlgo: + extra_digest_algo = pargs.r.ret_str; + break; + case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break; case oNoRandomSeedFile: use_random_seed = 0; break; @@ -1441,6 +1448,12 @@ if (our_md_test_algo(opt.def_digest_algo) ) log_error (_("selected digest algorithm is invalid\n")); } + if (extra_digest_algo) + { + opt.extra_digest_algo = gcry_md_map_name (extra_digest_algo); + if (our_md_test_algo (opt.extra_digest_algo) ) + log_error (_("selected digest algorithm is invalid\n")); + } } if (log_get_errorcount(0)) Modified: trunk/sm/gpgsm.h =================================================================== --- trunk/sm/gpgsm.h 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/sm/gpgsm.h 2007-12-13 15:45:40 UTC (rev 4656) @@ -92,6 +92,9 @@ char *local_user; /* NULL or argument to -u */ + int extra_digest_algo; /* A digest algorithm also used for + verification of signatures. */ + int always_trust; /* Trust the given keys even if there is no valid certification chain */ int skip_verify; /* do not check signatures on data */ Modified: trunk/sm/sign.c =================================================================== --- trunk/sm/sign.c 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/sm/sign.c 2007-12-13 15:45:40 UTC (rev 4656) @@ -491,7 +491,7 @@ unsigned char *digest; size_t digest_len; /* Fixme do this for all signers and get the algo to use from - the signer's certificate - does not make mich sense, but we + the signer's certificate - does not make much sense, but we should do this consistent as we have already done it above. */ algo = GCRY_MD_SHA1; hash_data (data_fd, data_md); @@ -530,7 +530,7 @@ } /* We need to write at least a minimal list of our capabilities to - try to convince some MUAs to use 3DEs and not the crippled + try to convince some MUAs to use 3DES and not the crippled RC2. Our list is: aes128-CBC Modified: trunk/sm/verify.c =================================================================== --- trunk/sm/verify.c 2007-12-12 18:55:52 UTC (rev 4655) +++ trunk/sm/verify.c 2007-12-13 15:45:40 UTC (rev 4656) @@ -203,10 +203,20 @@ } else { + if (DBG_X509) + log_debug ("enabling hash algorithm %d (%s)\n", + algo, algoid? algoid:""); gcry_md_enable (data_md, algo); audit_log_i (ctrl->audit, AUDIT_DATA_HASH_ALGO, algo); } } + if (opt.extra_digest_algo) + { + if (DBG_X509) + log_debug ("enabling extra hash algorithm %d\n", + opt.extra_digest_algo); + gcry_md_enable (data_md, opt.extra_digest_algo); + } if (is_detached) { if (data_fd == -1) @@ -271,6 +281,7 @@ char *msgdigest = NULL; size_t msgdigestlen; char *ctattr; + int sigval_hash_algo; int info_pkalgo; unsigned int verifyflags; @@ -331,7 +342,8 @@ &algo, &is_enabled) || !is_enabled) { - log_error ("digest algo %d has not been enabled\n", algo); + log_error ("digest algo %d (%s) has not been enabled\n", + algo, algoid?algoid:""); audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "unsupported"); goto next_signer; } @@ -389,8 +401,16 @@ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "bad"); goto next_signer; } + sigval_hash_algo = hash_algo_from_sigval (sigval); if (DBG_X509) - log_debug ("signer %d - signature available", signer); + { + log_debug ("signer %d - signature available (sigval hash=%d)", + signer, sigval_hash_algo); +/* log_printhex ("sigval ", sigval, */ +/* gcry_sexp_canon_len (sigval, 0, NULL, NULL)); */ + } + if (!sigval_hash_algo) + sigval_hash_algo = algo; /* Fallback used e.g. with old libksba. */ /* Find the certificate of the signer */ keydb_search_reset (kh); @@ -438,8 +458,8 @@ gcry_md_hd_t md; unsigned char *s; - /* check that the message digest in the signed attributes - matches the one we calculated on the data */ + /* Check that the message digest in the signed attributes + matches the one we calculated on the data. */ s = gcry_md_read (data_md, algo); if ( !s || !msgdigestlen || gcry_md_get_algo_dlen (algo) != msgdigestlen @@ -456,7 +476,7 @@ goto next_signer; } - rc = gcry_md_open (&md, algo, 0); + rc = gcry_md_open (&md, sigval_hash_algo, 0); if (rc) { log_error ("md_open failed: %s\n", gpg_strerror (rc)); @@ -476,14 +496,14 @@ audit_log_s (ctrl->audit, AUDIT_SIG_STATUS, "error"); goto next_signer; } - rc = gpgsm_check_cms_signature (cert, sigval, md, algo, - &info_pkalgo); + rc = gpgsm_check_cms_signature (cert, sigval, md, + sigval_hash_algo, &info_pkalgo); gcry_md_close (md); } else { - rc = gpgsm_check_cms_signature (cert, sigval, data_md, algo, - &info_pkalgo); + rc = gpgsm_check_cms_signature (cert, sigval, data_md, + algo, &info_pkalgo); } if (rc) From cvs at cvs.gnupg.org Thu Dec 13 17:08:47 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 13 Dec 2007 17:08:47 +0100 Subject: [svn] ksba - r281 - in trunk: . src tests Message-ID: Author: wk Date: 2007-12-13 17:08:46 +0100 (Thu, 13 Dec 2007) New Revision: 281 Modified: trunk/NEWS trunk/src/ChangeLog trunk/src/ber-decoder.c trunk/src/keyinfo.c trunk/tests/ChangeLog trunk/tests/t-cms-parser.c Log: Minor fixes/updates Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2007-11-07 11:44:36 UTC (rev 280) +++ trunk/NEWS 2007-12-13 16:08:46 UTC (rev 281) @@ -1,6 +1,10 @@ Noteworthy changes in version 1.0.3 ------------------------------------------------ + * Minor bug fixes + + * Include the used hash algorithm in sig-val structures. + Noteworthy changes in version 1.0.2 (2007-07-04) ------------------------------------------------ Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2007-11-07 11:44:36 UTC (rev 280) +++ trunk/src/ChangeLog 2007-12-13 16:08:46 UTC (rev 281) @@ -1,3 +1,15 @@ +2007-12-13 Werner Koch + + * keyinfo.c (algo_table_s): Replace the unused DIGEST_ALGO int by + a string and changed all tables to use a string representation of + the digest algo. + (cryptval_to_sexp): Insert the hash algo element into the result. + +2007-11-14 Werner Koch + + * ber-decoder.c (_ksba_ber_decoder_dump) + (_ksba_ber_decoder_decode): Change envvar to KSBA_DEBUG_BER_DECODER. + 2007-11-07 Werner Koch * cms.c (build_signed_data_attribute): Reset ATTRIDX for new Modified: trunk/src/ber-decoder.c =================================================================== --- trunk/src/ber-decoder.c 2007-11-07 11:44:36 UTC (rev 280) +++ trunk/src/ber-decoder.c 2007-12-13 16:08:46 UTC (rev 281) @@ -1020,7 +1020,7 @@ if (!d) return gpg_error (GPG_ERR_INV_VALUE); - d->debug = !!getenv("DEBUG_BER_DECODER"); + d->debug = !!getenv("KSBA_DEBUG_BER_DECODER"); d->use_image = 0; d->image.buf = NULL; err = decoder_init (d, NULL); @@ -1122,7 +1122,7 @@ if (r_root) *r_root = NULL; - d->debug = !!getenv("DEBUG_BER_DECODER"); + d->debug = !!getenv("KSBA_DEBUG_BER_DECODER"); d->honor_module_end = 1; d->use_image = 1; d->image.buf = NULL; Modified: trunk/src/keyinfo.c =================================================================== --- trunk/src/keyinfo.c 2007-11-07 11:44:36 UTC (rev 280) +++ trunk/src/keyinfo.c 2007-12-13 16:08:46 UTC (rev 281) @@ -1,5 +1,5 @@ /* keyinfo.c - Parse and build a keyInfo structure - * Copyright (C) 2001, 2002 g10 Code GmbH + * Copyright (C) 2001, 2002, 2007 g10 Code GmbH * * This file is part of KSBA. * @@ -44,7 +44,7 @@ const char *algo_string; const char *elem_string; /* parameter name or '-' */ const char *ctrl_string; /* expected tag values (value > 127 are raw data)*/ - int digest_algo; + const char *digest_string; /* The digest algo if included in the OID. */ }; static struct algo_table_s pk_algo_table[] = { @@ -83,51 +83,51 @@ { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.5 */ "1.2.840.113549.1.1.5", /* sha1WithRSAEncryption */ "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05", 9, - 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA1 }, + 1, 0, "rsa", "s", "\x82", "sha1" }, { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.4 */ "1.2.840.113549.1.1.4", /* md5WithRSAEncryption */ "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x04", 9, - 1, 0, "rsa", "s", "\x82", GCRY_MD_MD5 }, + 1, 0, "rsa", "s", "\x82", "md5" }, { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.2 */ "1.2.840.113549.1.1.2", /* md2WithRSAEncryption */ "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x02", 9, - 0, 0, "rsa", "s", "\x82", 0 }, + 0, 0, "rsa", "s", "\x82", "md2" }, { /* iso.member-body.us.x9-57.x9cm.3 */ "1.2.840.10040.4.3", /* dsaWithSha1 */ "\x2a\x86\x48\xce\x38\x04\x03", 7, - 1, 0, "dsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA1 }, + 1, 0, "dsa", "-rs", "\x30\x02\x02", "sha1" }, { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha1 */ "1.2.840.10045.4.1", /* ecdsa */ "\x2a\x86\x48\xce\x3d\x04\x01", 7, - 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA1 }, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", "sha1" }, { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-specified */ "1.2.840.10045.4.3", "\x2a\x86\x48\xce\x3d\x04\x03", 7, - 1, 1, "ecdsa", "-rs", "\x30\x02\x02", 0 }, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", NULL }, /* The digest algorithm is given by the parameter. */ { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha224 */ "1.2.840.10045.4.3.1", "\x2a\x86\x48\xce\x3d\x04\x03\x01", 8, - 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA224 }, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", "sha224" }, { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha256 */ "1.2.840.10045.4.3.2", "\x2a\x86\x48\xce\x3d\x04\x03\x02", 8, - 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA256 }, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", "sha256" }, { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha384 */ "1.2.840.10045.4.3.3", "\x2a\x86\x48\xce\x3d\x04\x03\x03", 8, - 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA384 }, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", "sha384" }, { /* iso.member-body.us.ansi-x9-62.signatures.ecdsa-with-sha512 */ "1.2.840.10045.4.3.4", "\x2a\x86\x48\xce\x3d\x04\x03\x04", 8, - 1, 1, "ecdsa", "-rs", "\x30\x02\x02", GCRY_MD_SHA512 }, + 1, 1, "ecdsa", "-rs", "\x30\x02\x02", "sha512" }, { /* iso.member-body.us.rsadsi.pkcs.pkcs-1.1 */ "1.2.840.113549.1.1.1", /* rsaEncryption used without hash algo*/ @@ -136,32 +136,32 @@ { /* from NIST's OIW - actually belongs in a pure hash table */ "1.3.14.3.2.26", /* sha1 */ "\x2B\x0E\x03\x02\x1A", 5, - 0, 0, "sha-1", "", "", GCRY_MD_SHA1 }, + 0, 0, "sha-1", "", "", "sha1" }, { /* As used by telesec cards */ "1.3.36.3.3.1.2", /* rsaSignatureWithripemd160 */ "\x2b\x24\x03\x03\x01\x02", 6, - 1, 0, "rsa", "s", "\x82", GCRY_MD_RMD160 }, + 1, 0, "rsa", "s", "\x82", "rmd160" }, { /* from NIST's OIW - used by TU Darmstadt */ "1.3.14.3.2.29", /* sha-1WithRSAEncryption */ "\x2B\x0E\x03\x02\x1D", 5, - 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA1 }, + 1, 0, "rsa", "s", "\x82", "sha1" }, { /* from PKCS#1 */ "1.2.840.113549.1.1.11", /* sha256WithRSAEncryption */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b", 9, - 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA256 }, + 1, 0, "rsa", "s", "\x82", "sha256" }, { /* from PKCS#1 */ "1.2.840.113549.1.1.12", /* sha384WithRSAEncryption */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0c", 9, - 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA384 }, + 1, 0, "rsa", "s", "\x82", "sha384" }, { /* from PKCS#1 */ "1.2.840.113549.1.1.13", /* sha512WithRSAEncryption */ "\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0d", 9, - 1, 0, "rsa", "s", "\x82", GCRY_MD_SHA512 }, + 1, 0, "rsa", "s", "\x82", "sha512" }, {NULL} }; @@ -1165,7 +1165,7 @@ return gpg_error (GPG_ERR_INV_KEYINFO); c = *der++; derlen--; if ( c != *ctrl ) - return gpg_error (GPG_ERR_UNEXPECTED_TAG); /* not the required tag */ + return gpg_error (GPG_ERR_UNEXPECTED_TAG); is_int = c == 0x02; TLV_LENGTH (); } @@ -1182,7 +1182,15 @@ put_stringbuf (&sb, ")"); } } - put_stringbuf (&sb, "))"); + put_stringbuf (&sb, ")"); + if (!mode && algo_table[algoidx].digest_string) + { + /* Insert the hash algorithm if included in the OID. */ + put_stringbuf (&sb, "(4:hash"); + put_stringbuf_sexp (&sb, algo_table[algoidx].digest_string); + put_stringbuf (&sb, ")"); + } + put_stringbuf (&sb, ")"); *r_string = get_stringbuf (&sb); if (!*r_string) @@ -1208,8 +1216,8 @@ ( ( ) ... - ( ) - )) + ( )) + (hash algo)) The S-Exp will be returned in a string which the caller must free. We don't pass an ASN.1 node here but a plain memory block. */ Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2007-11-07 11:44:36 UTC (rev 280) +++ trunk/tests/ChangeLog 2007-12-13 16:08:46 UTC (rev 281) @@ -1,3 +1,7 @@ +2007-12-13 Werner Koch + + * t-cms-parser.c (one_file): Print the value of the signature. + 2007-08-08 Werner Koch * t-common.h (print_sexp_hex): New. Modified: trunk/tests/t-cms-parser.c =================================================================== --- trunk/tests/t-cms-parser.c 2007-11-07 11:44:36 UTC (rev 280) +++ trunk/tests/t-cms-parser.c 2007-12-13 16:08:46 UTC (rev 281) @@ -186,7 +186,14 @@ printf ("signer %d - digest algo: %s\n", idx, algoid?algoid:"?"); dn = ksba_cms_get_sig_val (cms, idx); - printf ("signer %d - signature %s\n", idx, dn? "found": "missing"); + if (dn) + { + printf ("signer %d - signature: ", idx); + print_sexp (dn); + putchar ('\n'); + } + else + printf ("signer %d - signature not found\n", idx); ksba_free (dn); } } From cvs at cvs.gnupg.org Thu Dec 13 17:02:52 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 13 Dec 2007 17:02:52 +0100 Subject: [svn] GnuPG - r4657 - trunk/doc Message-ID: Author: wk Date: 2007-12-13 17:02:51 +0100 (Thu, 13 Dec 2007) New Revision: 4657 Modified: trunk/doc/ChangeLog trunk/doc/com-certs.pem Log: Also add the S-TTRUST certs here. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2007-12-13 15:45:40 UTC (rev 4656) +++ trunk/doc/ChangeLog 2007-12-13 16:02:51 UTC (rev 4657) @@ -1,7 +1,9 @@ 2007-12-13 Werner Koch + * qualified.txt: Add 2 root certs from S-Trust for 2008-2012. * examples/trustlist.txt: Ditto. + * com-certs.pem: Ditto. * gpgsm.texi (Esoteric Options): Document --extra-digest-algo. Modified: trunk/doc/com-certs.pem =================================================================== --- trunk/doc/com-certs.pem 2007-12-13 15:45:40 UTC (rev 4656) +++ trunk/doc/com-certs.pem 2007-12-13 16:02:51 UTC (rev 4657) @@ -315,9 +315,7 @@ /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart /ST=Baden-Wuerttemberg (BW)/C=DE -# Currently disabled because latest SVN versions of libgcrypt and -# libksba a required to use this certificate. -#-----BEGIN CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIESzCCAzOgAwIBAgIRALwJjgQC6SlWuNfedJd+JvcwDQYJKoZIhvcNAQELBQAw gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth @@ -341,5 +339,80 @@ 5CtSjbm8U+xTh5SQMgK1MX/bDiNJebDOO0N2lxAjtcGmw7K6OTWS7KnFfjzv6fKK L7Ed2Gpd2gBkbuJVe/wX2mDP2P4rpcCEkXrDoWbi9WWc+eP5fCgE4Nj7/VhnbPf6 DJCvmUG571uf1oukFaoeeyzpw2q28Ly1KR8DNPw+B/3PzJUIjXYzPGyUjv3aPew= -#-----END CERTIFICATE----- +-----END CERTIFICATE----- + +Issuer ...: /CN=S-TRUST Qualified Root CA 2008-001:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +Serial ...: 00B3963E0E6C2D65125853E970665402E5 +Subject ..: /CN=S-TRUST Qualified Root CA 2008-001:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE + +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIRALOWPg5sLWUSWFPpcGZUAuUwDQYJKoZIhvcNAQELBQAw +fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1 +dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg +UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDE6UE4wHhcNMDgwMTAxMDAwMDAwWhcN +MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0 +MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG +A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMTpQTjCCASMw +DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAKfUBh+i0NSWzddPtWG15DdTqbPM +SJmeWw6dXutkR6UNonxC+yAm6rfZJhb83tPGB09qlAcNn7fcdR/g4SNdu3McwT+J +HKHou6hhbMZmsza72Qcj9P/AwWq/o5oJa2eI4pU7I5YjS3x3oGtvmhJkwYiehIyx +7DI+wHKcohwJV83jlZW3YrPmKgpaOZsc5lJM/+Ha4Q77MLPWHdCnxUkrbL1+Q/Ea +qY+DoMMa9wxY+UmwbKe8ANfAf2NIMfJwmb748f+7EJMLjUA8nxrQ4iAPJ1lSrfZs +d9cjzjdXZnhLvR9T2nNa2nROOHk2ARCOPAJgxk9EheRr4B6RbJ4hinuydJUCBEAA +AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w +ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No +ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw +MDFQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl +L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMSUz +QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T +dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO +BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E +FgQU7UBDbxBuOWcii/O2xVNRExXxPj0wHwYDVR0jBBgwFoAU7UBDbxBuOWcii/O2 +xVNRExXxPj0wDQYJKoZIhvcNAQELBQADggEBAEdeesrApdpV+0cz698ZM+fsbcmk +AYTy8U1vcnEPzcxaEAvUO57ndJlSdBK7+5yFbVuFW7CTp90TPgljoDqWDOI2hsLU +YxrHUfDCwsm/ALLDpImRKWGZ07nKxOHGAOxB4tQUaDUHwaClbw3UB3nBi9++f9d0 +FLM9oOVxbhKGco4/qo3LP+QfJU6xjL8itqaf0WHXcnN69CD/5D7e/iziwHvLWLEU +0cUXVDzdyWKEvJ3RpFIk6EUulKFHZrCctis1ixg/iQybKs2DWG/RtCo6CGhtydT8 +I1y6qAwPL2gAt+ypf+Mk4SLewnpXlw6ZVDQlLEBLGto72DAyJTxRh8f6BpY= +-----END CERTIFICATE----- + +Issuer ...: /CN=S-TRUST Qualified Root CA 2008-002:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE +Serial ...: 00C4216083F35C54F67B09A80C3C55FE7D +Subject ..: /CN=S-TRUST Qualified Root CA 2008-002:PN + /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart/C=DE + +-----BEGIN CERTIFICATE----- +MIIFODCCBCCgAwIBAgIRAMQhYIPzXFT2ewmoDDxV/n0wDQYJKoZIhvcNAQELBQAw +fDELMAkGA1UEBhMCREUxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1 +dHNjaGVyIFNwYXJrYXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1Qg +UXVhbGlmaWVkIFJvb3QgQ0EgMjAwOC0wMDI6UE4wHhcNMDgwMTAxMDAwMDAwWhcN +MTIxMjMwMjM1OTU5WjB8MQswCQYDVQQGEwJERTESMBAGA1UEBxMJU3R1dHRnYXJ0 +MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmthc3NlbiBWZXJsYWcgR21iSDEuMCwG +A1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9vdCBDQSAyMDA4LTAwMjpQTjCCASMw +DQYJKoZIhvcNAQEBBQADggEQADCCAQsCggEBAJCrKgvHaZdd5LpNAlVZVf8a3CJY +lBUt4Awwlu5q9wnkObVGHyekGLG6h7wMrY9OCL4uqWn9vIz+5vGXMEvU+NniMXIn +JodZS8CbBBYUxS42PgZp7TNCd4gglEA1xOhsQH8T9iRZzdRCLyZYjysYsHiujn/x +7y0+nxQsYu2mONaPFZq7ZBsDlAk5BPdIZCrutHDHe5inKwbpDUdpnKFlM1UDZ3eS +4dl+YT/3t4QSJAVHVFz/Pzf1tevpMFYP4M7jHaktp327GMtrhYlpeoSZRc1cizHU +Vdhj6Foyj1wWkQMwvb1ChPbRxS+4V3b6R+vgelULDBqFSF0Rtj/kRUgT/q8CBEAA +AIGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEBMIIBLAYDVR0fBIIBIzCCAR8w +ggEboIIBF6CCAROGZWh0dHA6Ly9vbnNpdGVjcmwucy10cnVzdC5kZS9EZXV0c2No +ZXJTcGFya2Fzc2VuVmVybGFnR21iSFNUUlVTVFF1YWxpZmllZFJvb3RDQTIwMDgw +MDJQTi9MYXRlc3RDUkwuY3JshoGpbGRhcDovL2RpcmVjdG9yeS5zLXRydXN0LmRl +L0NOPVMtVFJVU1QlMjBRdWFsaWZpZWQlMjBSb290JTIwQ0ElMjAyMDA4LTAwMiUz +QVBOLE89RGV1dHNjaGVyJTIwU3Bhcmthc3NlbiUyMFZlcmxhZyUyMEdtYkgsTD1T +dHV0dGdhcnQsQz1ERT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAO +BgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNVHQ4E +FgQUIQpnbAV/rAz9qSo/4q/3/TlplqwwHwYDVR0jBBgwFoAUIQpnbAV/rAz9qSo/ +4q/3/TlplqwwDQYJKoZIhvcNAQELBQADggEBAHRr6IiNPkWJYHVa8vi4tufRG9nE +Yy8t2ll8xbu4ar+LXCqbttdaQzVU/7RCX4S1aPm6wb9WFJU+/JfZHpez+gJ9uIFy +6rYJDxZ4qTxaGnIKGguZbEkpvne38/vtyjR5RuCj5AwEuP7Vy7/j5O1WZDoROMoD +rRsBHLtg90aDVou0IG+wK5+RPOixSMjfMf79uixHrsriMHrzulTEMmX+S+VfXGmO +G1RRiCiWgYaEtSIDAP0V9ehpcghfJLlmMBnxSf4n7OZvkd1whvme2rXaQxnZi2qV +d2qclY03eJ7zx6Zpq8VFuVvOxvmFZ4mMe706runhCq+rHc5x6x0/oIMhDrk= +-----END CERTIFICATE----- + From cvs at cvs.gnupg.org Thu Dec 13 22:11:05 2007 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Thu, 13 Dec 2007 22:11:05 +0100 Subject: [svn] GnuPG - r4658 - branches/STABLE-BRANCH-1-4 Message-ID: Author: dshaw Date: 2007-12-13 22:11:05 +0100 (Thu, 13 Dec 2007) New Revision: 4658 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/NEWS Log: * NEWS: Note SHA-224 typo. Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2007-12-13 16:02:51 UTC (rev 4657) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2007-12-13 21:11:05 UTC (rev 4658) @@ -1,3 +1,7 @@ +2007-12-13 David Shaw + + * NEWS: Note SHA-224 typo. + 2007-11-17 David Shaw * NEWS: Say a bit more about RFC-4880. Note some defaults Modified: branches/STABLE-BRANCH-1-4/NEWS =================================================================== --- branches/STABLE-BRANCH-1-4/NEWS 2007-12-13 16:02:51 UTC (rev 4657) +++ branches/STABLE-BRANCH-1-4/NEWS 2007-12-13 21:11:05 UTC (rev 4658) @@ -19,7 +19,7 @@ * By default (i.e. --gnupg mode), --require-cross-certification is now on. --rfc2440-text and --force-v3-sigs are now off. - + * Allow encryption using legacy Elgamal sign+encrypt keys if option --rfc2440 is used. @@ -27,7 +27,10 @@ * Fixed a rare bug in decryption using the OpenPGP card. + * Fix RFC-4880 typo in the SHA-224 hash prefix. Old SHA-224 + signatures will continue to work. + Noteworthy changes in version 1.4.7 (2007-03-05) ------------------------------------------------ From cvs at cvs.gnupg.org Fri Dec 14 12:38:52 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 14 Dec 2007 12:38:52 +0100 Subject: [svn] GnuPG - r4661 - tags Message-ID: Author: wk Date: 2007-12-14 12:38:51 +0100 (Fri, 14 Dec 2007) New Revision: 4661 Added: tags/gnupg-1.4.8rc2/ Log: Released Release Candidate. Copied: tags/gnupg-1.4.8rc2 (from rev 4660, branches/STABLE-BRANCH-1-4) From cvs at cvs.gnupg.org Fri Dec 14 17:29:55 2007 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 14 Dec 2007 17:29:55 +0100 Subject: [svn] GnuPG - r4663 - tags Message-ID: Author: wk Date: 2007-12-14 17:29:55 +0100 (Fri, 14 Dec 2007) New Revision: 4663 Added: tags/gnupg-2.0.8rc1/ Log: Release! Copied: tags/gnupg-2.0.8rc1 (from rev 4662, trunk)