[svn] GnuPG - r5013 - in trunk: . g10 po sm
svn author wk
cvs at cvs.gnupg.org
Mon May 18 19:38:37 CEST 2009
Author: wk
Date: 2009-05-18 19:38:34 +0200 (Mon, 18 May 2009)
New Revision: 5013
Modified:
trunk/AUTHORS
trunk/Makefile.am
trunk/TODO
trunk/configure.ac
trunk/g10/ChangeLog
trunk/g10/encode.c
trunk/g10/mainproc.c
trunk/g10/passphrase.c
trunk/po/POTFILES.in
trunk/sm/ChangeLog
trunk/sm/gpgsm.c
trunk/sm/server.c
Log:
New gpgsm server option no-encrypt-to.
Add caching for symkey encryption.
Minor cleanups.
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/g10/ChangeLog 2009-05-18 17:38:34 UTC (rev 5013)
@@ -1,3 +1,15 @@
+2009-05-18 Daiki Ueno <ueno at unixuser.org> (wk)
+
+ * encode.c (encode_simple): Tell passphrase_to_dek to cache
+ the passphrase.
+ (setup_symkey): Ditto.
+ * mainproc.c (proc_symkey_enc): Tell passphrase_to_dek to cache
+ the passphrase.
+ (proc_encrypted): Ditto.
+ * passphrase.c (hash_passphrase): Remove arg CREATE.
+ (passphrase_to_dek): New mode 3 and 4 for caching passphrase for
+ symmetric encryption.
+
2009-05-17 Werner Koch <wk at g10code.com>
* keygen.c (ask_algo): Add arg R_SUBKEY_ALGO. Change return value
Modified: trunk/sm/ChangeLog
===================================================================
--- trunk/sm/ChangeLog 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/sm/ChangeLog 2009-05-18 17:38:34 UTC (rev 5013)
@@ -1,3 +1,10 @@
+2009-05-18 Werner Koch <wk at g10code.com>
+
+ * server.c (option_handler): New option "no-encrypt-to".
+ (cmd_encrypt): Make use of it.
+
+ * gpgsm.c: Remove not implemented --verify-files.
+
2009-04-02 Werner Koch <wk at g10code.com>
* keylist.c (list_cert_std): Print card serial number.
Modified: trunk/AUTHORS
===================================================================
--- trunk/AUTHORS 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/AUTHORS 2009-05-18 17:38:34 UTC (rev 5013)
@@ -20,6 +20,7 @@
Daniel Nylander <po at danielnylander.se> Translations [sv]
Daiki Ueno <ueno at unixuser.org> Assigns Past and Future Changes.
+ (changed:passphrase.c and related code)
David Shaw <dshaw at jabberwocky.com> Assigns past and future changes.
(all in keyserver/,
Modified: trunk/Makefile.am
===================================================================
--- trunk/Makefile.am 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/Makefile.am 2009-05-18 17:38:34 UTC (rev 5013)
@@ -54,6 +54,11 @@
else
scd =
endif
+#if BUILD_G13
+#g13 = g13
+#else
+#g13 =
+#endif
if BUILD_TOOLS
tools = tools
else
@@ -72,7 +77,7 @@
endif
SUBDIRS = m4 gl include jnlib common ${kbx} \
- ${gpg} ${keyserver} ${sm} ${agent} ${scd} ${tools} po ${doc} ${tests}
+ ${gpg} ${keyserver} ${sm} ${agent} ${scd} ${g13} ${tools} po ${doc} ${tests}
dist_doc_DATA = README
Modified: trunk/TODO
===================================================================
--- trunk/TODO 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/TODO 2009-05-18 17:38:34 UTC (rev 5013)
@@ -20,7 +20,6 @@
** replace leading zero in integer hack by a cleaner solution
* sm/gpgsm.c
-** mark all unimplemented commands and options.
** Implement --default-key
** support the anyPolicy semantic
** Should we prefer nonRepudiation certs over plain signing certs?
Modified: trunk/configure.ac
===================================================================
--- trunk/configure.ac 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/configure.ac 2009-05-18 17:38:34 UTC (rev 5013)
@@ -1453,6 +1453,7 @@
sm/Makefile
agent/Makefile
scd/Makefile
+g13/Makefile
keyserver/Makefile
keyserver/gpg2keys_mailto
keyserver/gpg2keys_test
Modified: trunk/g10/encode.c
===================================================================
--- trunk/g10/encode.c 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/g10/encode.c 2009-05-18 17:38:34 UTC (rev 5013)
@@ -216,7 +216,7 @@
s2k->mode = RFC1991? 0:opt.s2k_mode;
s2k->hash_algo=S2K_DIGEST_ALGO;
cfx.dek = passphrase_to_dek( NULL, 0,
- default_cipher_algo(), s2k, 2,
+ default_cipher_algo(), s2k, 4,
NULL, &canceled);
if( !cfx.dek || !cfx.dek->keylen ) {
rc = gpg_error (canceled? GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
@@ -397,7 +397,7 @@
(*symkey_s2k)->hash_algo = S2K_DIGEST_ALGO;
*symkey_dek=passphrase_to_dek(NULL,0,opt.s2k_cipher_algo,
- *symkey_s2k,2,NULL, &canceled);
+ *symkey_s2k, 4, NULL, &canceled);
if(!*symkey_dek || !(*symkey_dek)->keylen)
{
xfree(*symkey_dek);
Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/g10/mainproc.c 2009-05-18 17:38:34 UTC (rev 5013)
@@ -311,7 +311,7 @@
}
else
{
- c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 0,
+ c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3,
NULL, NULL);
if(c->dek)
{
@@ -548,7 +548,7 @@
log_info (_("assuming %s encrypted data\n"), "IDEA");
}
- c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL, NULL );
+ c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL );
if (c->dek)
c->dek->algo_info_printed = 1;
}
Modified: trunk/g10/passphrase.c
===================================================================
--- trunk/g10/passphrase.c 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/g10/passphrase.c 2009-05-18 17:38:34 UTC (rev 5013)
@@ -50,11 +50,10 @@
static char *last_pw = NULL;
-/* Hash a passphrase using the supplied s2k. If create is true, create
- a new salt or what else must be filled into the s2k for a new key.
- always needs: dek->algo, s2k->mode, s2k->hash_algo. */
+/* Hash a passphrase using the supplied s2k.
+ Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
static void
-hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k, int create )
+hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
{
gcry_md_hd_t md;
int pass, i;
@@ -82,13 +81,6 @@
int len2 = pwlen + 8;
ulong count = len2;
- if ( create && !pass )
- {
- gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
- if ( s2k->mode == 3 )
- s2k->count = opt.s2k_count;
- }
-
if ( s2k->mode == 3 )
{
count = S2K_DECODE_COUNT(s2k->count);
@@ -441,7 +433,9 @@
MODE 0: Allow cached passphrase
1: Ignore cached passphrase
- 2: Ditto, but change the text to "repeat entry"
+ 2: Ditto, but create a new key
+ 3: Allow cached passphrase; use the S2K salt as the cache ID
+ 4: Ditto, but create a new key
*/
DEK *
passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
@@ -461,6 +455,7 @@
if ( !s2k )
{
+ assert (mode != 3 && mode != 4);
/* This is used for the old rfc1991 mode
* Note: This must match the code in encode.c with opt.rfc1991 set */
s2k = &help_s2k;
@@ -468,6 +463,15 @@
s2k->hash_algo = S2K_DIGEST_ALGO;
}
+ /* Create a new salt or what else to be filled into the s2k for a
+ new key. */
+ if ((mode == 2 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
+ {
+ gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
+ if ( s2k->mode == 3 )
+ s2k->count = opt.s2k_count;
+ }
+
/* If we do not have a passphrase available in NEXT_PW and status
information are request, we print them now. */
if ( !next_pw && is_status_enabled() )
@@ -565,10 +569,21 @@
}
else
{
+ char *cacheid = NULL;
+ char buf[1+16+1];
+
+ if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
+ {
+ memset (buf, 0, sizeof buf);
+ *buf = 'S';
+ bin2hex (s2k->salt, 8, buf + 1);
+ cacheid = buf;
+ }
+
/* Divert to the gpg-agent. */
- pw = passphrase_get ( keyid, mode == 2, NULL,
- mode == 2? opt.passwd_repeat: 0,
- tryagain_text, custdesc, custprompt, canceled);
+ pw = passphrase_get (keyid, mode == 2, cacheid,
+ (mode == 2 || mode == 4)? opt.passwd_repeat : 0,
+ tryagain_text, custdesc, custprompt, canceled);
if (*canceled)
{
xfree (pw);
@@ -585,10 +600,10 @@
get_last_passphrase(). */
dek = xmalloc_secure_clear ( sizeof *dek );
dek->algo = cipher_algo;
- if ( !*pw && mode == 2 )
+ if ( !*pw && (mode == 2 || mode == 4))
dek->keylen = 0;
else
- hash_passphrase( dek, pw, s2k, mode==2 );
+ hash_passphrase (dek, pw, s2k);
xfree(last_pw);
last_pw = pw;
return dek;
Modified: trunk/po/POTFILES.in
===================================================================
--- trunk/po/POTFILES.in 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/po/POTFILES.in 2009-05-18 17:38:34 UTC (rev 5013)
@@ -19,6 +19,7 @@
common/asshelp.c
common/audit.c
common/helpfile.c
+common/gettime.c
g10/armor.c
g10/build-packet.c
Modified: trunk/sm/gpgsm.c
===================================================================
--- trunk/sm/gpgsm.c 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/sm/gpgsm.c 2009-05-18 17:38:34 UTC (rev 5013)
@@ -66,7 +66,6 @@
aDeleteKey,
aImport,
aVerify,
- aVerifyFiles,
aListExternalKeys,
aListChain,
aSendKeys,
@@ -191,7 +190,6 @@
ARGPARSE_c (aSym, "symmetric", N_("encryption only with symmetric cipher")),
ARGPARSE_c (aDecrypt, "decrypt", N_("decrypt data (default)")),
ARGPARSE_c (aVerify, "verify", N_("verify a signature")),
- ARGPARSE_c (aVerifyFiles, "verify-files", "@"),
ARGPARSE_c (aListKeys, "list-keys", N_("list keys")),
ARGPARSE_c (aListExternalKeys, "list-external-keys",
N_("list external keys")),
@@ -1711,10 +1709,6 @@
}
break;
- case aVerifyFiles:
- log_error (_("this command has not yet been implemented\n"));
- break;
-
case aDecrypt:
{
FILE *fp = open_fwrite (opt.outfile?opt.outfile:"-");
Modified: trunk/sm/server.c
===================================================================
--- trunk/sm/server.c 2009-05-17 13:08:18 UTC (rev 5012)
+++ trunk/sm/server.c 2009-05-18 17:38:34 UTC (rev 5013)
@@ -51,6 +51,7 @@
certlist_t default_recplist; /* As set by main() - don't release. */
int allow_pinentry_notify; /* Set if pinentry notifications should
be passed back to the client. */
+ int no_encrypt_to; /* Local version of option. */
};
@@ -301,6 +302,10 @@
int i = *value? atoi (value) : 0;
ctrl->with_ephemeral_keys = i;
}
+ else if (!strcmp (key, "no-encrypt-to"))
+ {
+ ctrl->server_local->no_encrypt_to = 1;
+ }
else
return gpg_error (GPG_ERR_UNKNOWN_OPTION);
@@ -486,7 +491,7 @@
/* Now add all encrypt-to marked recipients from the default
list. */
rc = 0;
- if (!opt.no_encrypt_to)
+ if (!opt.no_encrypt_to && !ctrl->server_local->no_encrypt_to)
{
for (cl=ctrl->server_local->default_recplist; !rc && cl; cl = cl->next)
if (cl->is_encrypt_to)
More information about the Gnupg-commits
mailing list