From cvs at cvs.gnupg.org Wed Sep 1 00:52:35 2010 From: cvs at cvs.gnupg.org (svn author marcus) Date: Wed, 01 Sep 2010 00:52:35 +0200 Subject: [svn] w32pth - r44 - trunk Message-ID: Author: marcus Date: 2010-09-01 00:52:35 +0200 (Wed, 01 Sep 2010) New Revision: 44 Modified: trunk/ChangeLog trunk/configure.ac Log: 2010-09-01 Marcus Brinkmann * configure.ac: Define GPG_ERR_ENABLE_ERRNO_MACROS. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-08-06 10:25:50 UTC (rev 43) +++ trunk/ChangeLog 2010-08-31 22:52:35 UTC (rev 44) @@ -1,3 +1,7 @@ +2010-09-01 Marcus Brinkmann + + * configure.ac: Define GPG_ERR_ENABLE_ERRNO_MACROS. + 2010-08-06 Werner Koch * w32-pth.c (set_timer): Fix timer setting on plain windows. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2010-08-06 10:25:50 UTC (rev 43) +++ trunk/configure.ac 2010-08-31 22:52:35 UTC (rev 44) @@ -163,7 +163,12 @@ fi fi +AH_BOTTOM([ +/* Under WindowsCE we need gpg-error's strerror macro. */ +#define GPG_ERR_ENABLE_ERRNO_MACROS 1 +]) + # # Set NETLIBS # From cvs at cvs.gnupg.org Wed Sep 1 02:44:56 2010 From: cvs at cvs.gnupg.org (svn author marcus) Date: Wed, 01 Sep 2010 02:44:56 +0200 Subject: [svn] GnuPG - r5409 - trunk/common Message-ID: Author: marcus Date: 2010-09-01 02:44:55 +0200 (Wed, 01 Sep 2010) New Revision: 5409 Modified: trunk/common/ChangeLog trunk/common/estream.c Log: 2010-09-01 Marcus Brinkmann * estream.c (_es_set_std_fd): Disable debug output. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-08-31 15:58:39 UTC (rev 5408) +++ trunk/common/ChangeLog 2010-09-01 00:44:55 UTC (rev 5409) @@ -1,3 +1,7 @@ +2010-09-01 Marcus Brinkmann + + * estream.c (_es_set_std_fd): Disable debug output. + 2010-08-26 Werner Koch * estream.c (es_convert_mode): Rename to parse_mode. Modified: trunk/common/estream.c =================================================================== --- trunk/common/estream.c 2010-08-31 15:58:39 UTC (rev 5408) +++ trunk/common/estream.c 2010-09-01 00:44:55 UTC (rev 5409) @@ -2885,7 +2885,7 @@ void _es_set_std_fd (int no, int fd) { - fprintf (stderr, "es_set_std_fd(%d, %d)\n", no, fd); + /* fprintf (stderr, "es_set_std_fd(%d, %d)\n", no, fd); */ ESTREAM_LIST_LOCK; if (no >= 0 && no < 3 && !custom_std_fds_valid[no]) { From cvs at cvs.gnupg.org Wed Sep 1 02:46:20 2010 From: cvs at cvs.gnupg.org (svn author marcus) Date: Wed, 01 Sep 2010 02:46:20 +0200 Subject: [svn] gpgme - r1489 - trunk/src Message-ID: Author: marcus Date: 2010-09-01 02:46:19 +0200 (Wed, 01 Sep 2010) New Revision: 1489 Modified: trunk/src/ChangeLog trunk/src/w32-io.c Log: 2010-09-01 Marcus Brinkmann * w32-io.c: Revert change from 2009-06-18, as it created a race condition. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-08-19 13:41:05 UTC (rev 1488) +++ trunk/src/ChangeLog 2010-09-01 00:46:19 UTC (rev 1489) @@ -1,3 +1,8 @@ +2010-09-01 Marcus Brinkmann + + * w32-io.c: Revert change from 2009-06-18, as it created a race + condition. + 2010-08-18 Marcus Brinkmann * gpgme.def: Add gpgme_err_code_from_syserror and gpgme_err_set_errno. Modified: trunk/src/w32-io.c =================================================================== --- trunk/src/w32-io.c 2010-08-19 13:41:05 UTC (rev 1488) +++ trunk/src/w32-io.c 2010-09-01 00:46:19 UTC (rev 1489) @@ -561,12 +561,9 @@ if (i != reader_table_size) { rd = create_reader (fd); - if (rd) - { - reader_table[i].fd = fd; - reader_table[i].context = rd; - reader_table[i].used = 1; - } + reader_table[i].fd = fd; + reader_table[i].context = rd; + reader_table[i].used = 1; } UNLOCK (reader_table_lock); @@ -921,12 +918,9 @@ if (i != writer_table_size) { wt = create_writer (fd); - if (wt) - { - writer_table[i].fd = fd; - writer_table[i].context = wt; - writer_table[i].used = 1; - } + writer_table[i].fd = fd; + writer_table[i].context = wt; + writer_table[i].used = 1; } UNLOCK (writer_table_lock); @@ -965,7 +959,7 @@ if (count == 0) return TRACE_SYSRES (0); - ctx = find_writer (fd, 0); + ctx = find_writer (fd, 1); if (!ctx) return TRACE_SYSRES (-1); @@ -1146,47 +1140,6 @@ fd_table[wfd].handle = wh; #endif - if (inherit_idx == 0) - { - struct writer_context_s *ctx; - ctx = find_writer (wfd, 0); - assert (ctx == NULL); - ctx = find_writer (wfd, 1); - if (!ctx) - { - /* No way/need to close RVIDs on Windows CE. */ - if (fd_table[rfd].handle) - CloseHandle (fd_table[rfd].handle); - if (fd_table[wfd].handle) - CloseHandle (fd_table[wfd].handle); - release_fd (rfd); - release_fd (wfd); - /* FIXME: Should translate the error code. */ - gpg_err_set_errno (EIO); - return TRACE_SYSRES (-1); - } - } - else if (inherit_idx == 1) - { - struct reader_context_s *ctx; - ctx = find_reader (rfd, 0); - assert (ctx == NULL); - ctx = find_reader (rfd, 1); - if (!ctx) - { - if (fd_table[rfd].handle) - CloseHandle (fd_table[rfd].handle); - /* No way/need to close RVIDs on Windows CE. */ - if (fd_table[wfd].handle) - CloseHandle (fd_table[wfd].handle); - release_fd (rfd); - release_fd (wfd); - /* FIXME: Should translate the error code. */ - gpg_err_set_errno (EIO); - return TRACE_SYSRES (-1); - } - } - filedes[0] = rfd; filedes[1] = wfd; return TRACE_SUC6 ("read=0x%x (%p/0x%x), write=0x%x (%p/0x%x)", @@ -1811,7 +1764,7 @@ { if (fds[i].for_read) { - struct reader_context_s *ctx = find_reader (fds[i].fd,0); + struct reader_context_s *ctx = find_reader (fds[i].fd,1); if (!ctx) TRACE_LOG1 ("error: no reader for FD 0x%x (ignored)", @@ -1834,7 +1787,7 @@ } else if (fds[i].for_write) { - struct writer_context_s *ctx = find_writer (fds[i].fd,0); + struct writer_context_s *ctx = find_writer (fds[i].fd,1); if (!ctx) TRACE_LOG1 ("error: no writer for FD 0x%x (ignored)", @@ -1995,7 +1948,7 @@ fd_table[newfd].rvid = fd_table[fd].rvid; fd_table[newfd].dup_from = fd; - rd_ctx = find_reader (fd, 0); + rd_ctx = find_reader (fd, 1); if (rd_ctx) { /* No need for locking, as the only races are against the reader @@ -2014,7 +1967,7 @@ UNLOCK (reader_table_lock); } - wt_ctx = find_writer (fd, 0); + wt_ctx = find_writer (fd, 1); if (wt_ctx) { /* No need for locking, as the only races are against the writer From cvs at cvs.gnupg.org Wed Sep 1 11:48:37 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 01 Sep 2010 11:48:37 +0200 Subject: [svn] GnuPG - r5410 - in trunk: agent g10 Message-ID: Author: wk Date: 2010-09-01 11:48:35 +0200 (Wed, 01 Sep 2010) New Revision: 5410 Modified: trunk/agent/ChangeLog trunk/agent/agent.h trunk/agent/cache.c trunk/agent/call-pinentry.c trunk/agent/command.c trunk/agent/cvt-openpgp.c trunk/agent/cvt-openpgp.h trunk/agent/genkey.c trunk/g10/ChangeLog trunk/g10/call-agent.c trunk/g10/call-agent.h trunk/g10/import.c trunk/g10/keygen.c Log: Use passphrase caching for import and genkey. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/agent/ChangeLog 2010-09-01 09:48:35 UTC (rev 5410) @@ -1,3 +1,16 @@ +2010-09-01 Werner Koch + + * call-pinentry.c (start_pinentry): Disable pinentry logging. + + * command.c (cmd_import_key, cmd_genkey): Add CACHE handling. + * cvt-openpgp.c (convert_openpgp): Add arg CACHE_NONCE and try the + cached nonce first. + * genkey.c (agent_genkey): Add arg CACHE_NONCE. + * cache.c (agent_get_cache): Require user and impgen cache modes + to match the requested mode. + (agent_put_cache): Ditto. + * agent.h (CACHE_MODE_IMPGEN): New. + 2010-08-31 Werner Koch * pksign.c (do_encode_dsa): Fix sign problem. Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/g10/ChangeLog 2010-09-01 09:48:35 UTC (rev 5410) @@ -1,3 +1,13 @@ +2010-09-01 Werner Koch + + * keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, common_gen): Add + arg CACHE_NONCE_ADDR. + (generate_subkeypair): Pass NULL for CACHE_NONCE_ADDR. + (do_generate_keypair): Add cache nonce handling. + * import.c (transfer_secret_keys): Support a cache nonce. + * call-agent.c (cache_nonce_status_cb): New. + (agent_genkey, agent_import_key): Add arg CACHE_NONCE_ADDR. + 2010-08-30 Werner Koch * keyid.c (KEYID_STR_SIZE): New Modified: trunk/agent/agent.h =================================================================== --- trunk/agent/agent.h 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/agent/agent.h 2010-09-01 09:48:35 UTC (rev 5410) @@ -193,7 +193,9 @@ CACHE_MODE_ANY, /* Any mode except ignore matches. */ CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */ CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */ - CACHE_MODE_SSH /* SSH related cache. */ + CACHE_MODE_SSH, /* SSH related cache. */ + CACHE_MODE_IMPGEN /* Used for import and genkey. This is a + non-predictable nonce. */ } cache_mode_t; @@ -286,7 +288,7 @@ int check_passphrase_constraints (ctrl_t ctrl, const char *pw, int silent); gpg_error_t agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, char **r_passphrase); -int agent_genkey (ctrl_t ctrl, +int agent_genkey (ctrl_t ctrl, const char *cache_nonce, const char *keyparam, size_t keyparmlen, membuf_t *outbuf); int agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey); Modified: trunk/agent/cache.c =================================================================== --- trunk/agent/cache.c 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/agent/cache.c 2010-09-01 09:48:35 UTC (rev 5410) @@ -1,5 +1,5 @@ /* cache.c - keep a cache of passphrases - * Copyright (C) 2002 Free Software Foundation, Inc. + * Copyright (C) 2002, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -131,9 +131,9 @@ { if (r->lockcount) { - log_error ("can't remove unused cache entry `%s' due to" + log_error ("can't remove unused cache entry `%s' (mode %d) due to" " lockcount=%d\n", - r->key, r->lockcount); + r->key, r->cache_mode, r->lockcount); r->accessed += 60*10; /* next error message in 10 minutes */ rprev = r; r = r->next; @@ -142,7 +142,8 @@ { ITEM r2 = r->next; if (DBG_CACHE) - log_debug (" removed `%s' (slot not used for 30m)\n", r->key); + log_debug (" removed `%s' (mode %d) (slot not used for 30m)\n", + r->key, r->cache_mode); xfree (r); if (!rprev) thecache = r2; @@ -203,8 +204,8 @@ ITEM r; if (DBG_CACHE) - log_debug ("agent_put_cache `%s' requested ttl=%d mode=%d\n", - key, ttl, cache_mode); + log_debug ("agent_put_cache `%s' (mode %d) requested ttl=%d\n", + key, cache_mode, ttl); housekeeping (); if (!ttl) @@ -220,7 +221,11 @@ for (r=thecache; r; r = r->next) { - if (!r->lockcount && !strcmp (r->key, key)) + if (!r->lockcount + && ((cache_mode != CACHE_MODE_USER + && cache_mode != CACHE_MODE_IMPGEN) + || r->cache_mode == cache_mode) + && !strcmp (r->key, key)) break; } if (r) @@ -269,7 +274,8 @@ /* Try to find an item in the cache. Note that we currently don't - make use of CACHE_MODE. */ + make use of CACHE_MODE except for CACHE_MODE_IMPGEN and + CACHE_MODE_USER. */ const char * agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id) { @@ -279,7 +285,7 @@ return NULL; if (DBG_CACHE) - log_debug ("agent_get_cache `%s'...\n", key); + log_debug ("agent_get_cache `%s' (mode %d) ...\n", key, cache_mode); housekeeping (); /* first try to find one with no locks - this is an updated cache @@ -287,7 +293,11 @@ lockcount. */ for (r=thecache; r; r = r->next) { - if (!r->lockcount && r->pw && !strcmp (r->key, key)) + if (!r->lockcount && r->pw + && ((cache_mode != CACHE_MODE_USER + && cache_mode != CACHE_MODE_IMPGEN) + || r->cache_mode == cache_mode) + && !strcmp (r->key, key)) { /* put_cache does only put strings into the cache, so we don't need the lengths */ @@ -302,7 +312,11 @@ /* again, but this time get even one with a lockcount set */ for (r=thecache; r; r = r->next) { - if (r->pw && !strcmp (r->key, key)) + if (r->pw + && ((cache_mode != CACHE_MODE_USER + && cache_mode != CACHE_MODE_IMPGEN) + || r->cache_mode == cache_mode) + && !strcmp (r->key, key)) { r->accessed = gnupg_get_time (); if (DBG_CACHE) Modified: trunk/agent/call-pinentry.c =================================================================== --- trunk/agent/call-pinentry.c 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/agent/call-pinentry.c 2010-09-01 09:48:35 UTC (rev 5410) @@ -316,6 +316,12 @@ log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc)); return rc; } + /* We don't want to log the pinentry communication to make the logs + easier to read. We might want to add a new debug option to enable + pinentry logging. */ +#ifdef ASSUAN_NO_LOGGING + assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1); +#endif /* Connect to the pinentry and perform initial handshaking. Note that atfork is used to change the environment for pinentry. We Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/agent/command.c 2010-09-01 09:48:35 UTC (rev 5410) @@ -766,7 +766,7 @@ static const char hlp_genkey[] = - "GENKEY\n" + "GENKEY []\n" "\n" "Generate a new key, store the secret part and return the public\n" "part. Here is an example transaction:\n" @@ -787,9 +787,16 @@ unsigned char *value; size_t valuelen; membuf_t outbuf; + char *cache_nonce = NULL; + char *p; + + p = line; + for (p=line; *p && *p != ' ' && *p != '\t'; p++) + ; + *p = '\0'; + if (*line) + cache_nonce = xtrystrdup (line); - (void)line; - /* First inquire the parameters */ rc = assuan_inquire (ctx, "KEYPARAM", &value, &valuelen, MAXLEN_KEYPARAM); if (rc) @@ -797,12 +804,13 @@ init_membuf (&outbuf, 512); - rc = agent_genkey (ctrl, (char*)value, valuelen, &outbuf); + rc = agent_genkey (ctrl, cache_nonce, (char*)value, valuelen, &outbuf); xfree (value); if (rc) clear_outbuf (&outbuf); else rc = write_and_clear_outbuf (ctx, &outbuf); + xfree (cache_nonce); return leave_cmd (ctx, rc); } @@ -1463,7 +1471,7 @@ static const char hlp_import_key[] = - "IMPORT_KEY\n" + "IMPORT_KEY []\n" "\n" "Import a secret key into the key store. The key is expected to be\n" "encrypted using the current session's key wrapping key (cf. command\n" @@ -1485,15 +1493,22 @@ size_t finalkeylen; unsigned char grip[20]; gcry_sexp_t openpgp_sexp = NULL; + char *cache_nonce = NULL; + char *p; - (void)line; - if (!ctrl->server_local->import_key) { err = gpg_error (GPG_ERR_MISSING_KEY); goto leave; } + p = line; + for (p=line; *p && *p != ' ' && *p != '\t'; p++) + ; + *p = '\0'; + if (*line) + cache_nonce = xtrystrdup (line); + assuan_begin_confidential (ctx); err = assuan_inquire (ctx, "KEYDATA", &wrappedkey, &wrappedkeylen, MAXLEN_KEYDATA); @@ -1567,13 +1582,26 @@ key import. */ err = convert_openpgp (ctrl, openpgp_sexp, grip, - ctrl->server_local->keydesc, + ctrl->server_local->keydesc, cache_nonce, &key, &passphrase); if (err) goto leave; realkeylen = gcry_sexp_canon_len (key, keylen, NULL, &err); if (!realkeylen) goto leave; /* Invalid canonical encoded S-expression. */ + if (passphrase) + { + if (!cache_nonce) + { + char buf[12]; + gcry_create_nonce (buf, 12); + cache_nonce = bin2hex (buf, 12, NULL); + } + if (cache_nonce + && !agent_put_cache (cache_nonce, CACHE_MODE_IMPGEN, + passphrase, 120 /*seconds*/)) + assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); + } } else { @@ -1604,6 +1632,7 @@ xfree (key); gcry_cipher_close (cipherhd); xfree (wrappedkey); + xfree (cache_nonce); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; return leave_cmd (ctx, err); Modified: trunk/agent/cvt-openpgp.c =================================================================== --- trunk/agent/cvt-openpgp.c 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/agent/cvt-openpgp.c 2010-09-01 09:48:35 UTC (rev 5410) @@ -497,7 +497,8 @@ gpg_error_t err; struct try_do_unprotect_arg_s *arg = pi->check_cb_arg; - err = do_unprotect (pi->pin, arg->is_v4? 4:3, + err = do_unprotect (pi->pin, + arg->is_v4? 4:3, arg->pubkey_algo, arg->is_protected, arg->skey, arg->skeysize, arg->protect_algo, arg->iv, arg->ivlen, @@ -507,15 +508,16 @@ /* SKEY may be modified now, thus we need to re-compute SKEYIDX. */ for (arg->skeyidx = 0; (arg->skeyidx < arg->skeysize && arg->skey[arg->skeyidx]); arg->skeyidx++) - ; + ; return err; } /* Convert an OpenPGP transfer key into our internal format. Before asking for a passphrase we check whether the key already exists in - our key storage. S_PGP is the OpenPGP key in transfer format. On - success R_KEY will receive a canonical encoded S-expression with + our key storage. S_PGP is the OpenPGP key in transfer format. If + CACHE_NONCE is given the passphrase will be looked up in the cache. + On success R_KEY will receive a canonical encoded S-expression with the unprotected key in our internal format; the caller needs to release that memory. The passphrase used to decrypt the OpenPGP key will be returned at R_PASSPHRASE; the caller must release this @@ -525,6 +527,7 @@ gpg_error_t convert_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, unsigned char *grip, const char *prompt, + const char *cache_nonce, unsigned char **r_key, char **r_passphrase) { gpg_error_t err; @@ -759,7 +762,26 @@ pi_arg.skeysize = DIM (skey); pi_arg.skeyidx = skeyidx; pi_arg.r_key = &s_skey; - err = agent_askpin (ctrl, prompt, NULL, NULL, pi); + + err = gpg_error (GPG_ERR_BAD_PASSPHRASE); + if (cache_nonce) + { + void *cache_marker = NULL; + const char *cache_value; + + cache_value = agent_get_cache (cache_nonce, CACHE_MODE_IMPGEN, + &cache_marker); + if (cache_value) + { + if (strlen (cache_value) < pi->max_length) + strcpy (pi->pin, cache_value); + agent_unlock_cache_entry (&cache_marker); + } + if (*pi->pin) + err = try_do_unprotect_cb (pi); + } + if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE) + err = agent_askpin (ctrl, prompt, NULL, NULL, pi); skeyidx = pi_arg.skeyidx; if (!err) { Modified: trunk/agent/cvt-openpgp.h =================================================================== --- trunk/agent/cvt-openpgp.h 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/agent/cvt-openpgp.h 2010-09-01 09:48:35 UTC (rev 5410) @@ -21,6 +21,7 @@ gpg_error_t convert_openpgp (ctrl_t ctrl, gcry_sexp_t s_pgp, unsigned char *grip, const char *prompt, + const char *cache_nonce, unsigned char **r_key, char **r_passphrase); Modified: trunk/agent/genkey.c =================================================================== --- trunk/agent/genkey.c 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/agent/genkey.c 2010-09-01 09:48:35 UTC (rev 5410) @@ -351,9 +351,11 @@ /* Generate a new keypair according to the parameters given in - KEYPARAM */ + KEYPARAM. If CACHE_NONCE is given first try to lookup a passphrase + using the cache nonce. */ int -agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen, +agent_genkey (ctrl_t ctrl, const char *cache_nonce, + const char *keyparam, size_t keyparamlen, membuf_t *outbuf) { gcry_sexp_t s_keyparam, s_key, s_private, s_public; @@ -370,10 +372,28 @@ } /* Get the passphrase now, cause key generation may take a while. */ - rc = agent_ask_new_passphrase (ctrl, - _("Please enter the passphrase to%0A" - "to protect your new key"), - &passphrase); + if (cache_nonce) + { + void *cache_marker = NULL; + const char *cache_value; + + cache_value = agent_get_cache (cache_nonce, CACHE_MODE_IMPGEN, + &cache_marker); + if (cache_value) + { + passphrase = xtrymalloc_secure (strlen (cache_value)+1); + if (passphrase) + strcpy (passphrase, cache_value); + agent_unlock_cache_entry (&cache_marker); + } + } + if (passphrase) + rc = 0; + else + rc = agent_ask_new_passphrase (ctrl, + _("Please enter the passphrase to%0A" + "to protect your new key"), + &passphrase); if (rc) return rc; @@ -410,6 +430,19 @@ if (DBG_CRYPTO) log_debug ("storing private key\n"); rc = store_key (s_private, passphrase, 0); + if (!rc) + { + if (!cache_nonce) + { + char tmpbuf[12]; + gcry_create_nonce (tmpbuf, 12); + cache_nonce = bin2hex (tmpbuf, 12, NULL); + } + if (cache_nonce + && !agent_put_cache (cache_nonce, CACHE_MODE_IMPGEN, + passphrase, 900 /*seconds*/)) + agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); + } xfree (passphrase); passphrase = NULL; gcry_sexp_release (s_private); Modified: trunk/g10/call-agent.c =================================================================== --- trunk/g10/call-agent.c 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/g10/call-agent.c 2010-09-01 09:48:35 UTC (rev 5410) @@ -1392,7 +1392,33 @@ return err; } + +/* Status callback for agent_import_key and agent_genkey. */ +static gpg_error_t +cache_nonce_status_cb (void *opaque, const char *line) +{ + char **cache_nonce = opaque; + const char *keyword = line; + int keywordlen; + for (keywordlen=0; *line && !spacep (line); line++, keywordlen++) + ; + while (spacep (line)) + line++; + + if (keywordlen == 11 && !memcmp (keyword, "CACHE_NONCE", keywordlen)) + { + if (cache_nonce) + { + xfree (*cache_nonce); + *cache_nonce = xtrystrdup (line); + } + } + + return 0; +} + + /* Handle a KEYPARMS inquiry. Note, we only send the data, assuan_transact takes care of flushing and writing the end */ @@ -1418,13 +1444,15 @@ S-expression giving the parameters of the key. gpg-agent passes it gcry_pk_genkey. */ gpg_error_t -agent_genkey (ctrl_t ctrl, const char *keyparms, gcry_sexp_t *r_pubkey) +agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, + const char *keyparms, gcry_sexp_t *r_pubkey) { gpg_error_t err; struct genkey_parm_s gk_parm; membuf_t data; size_t len; unsigned char *buf; + char line[ASSUAN_LINELENGTH]; *r_pubkey = NULL; err = start_agent (ctrl, 0); @@ -1440,9 +1468,13 @@ gk_parm.ctrl = ctrl; gk_parm.ctx = agent_ctx; gk_parm.keyparms = keyparms; - err = assuan_transact (agent_ctx, "GENKEY", + snprintf (line, sizeof line, "GENKEY%s%s", + cache_nonce_addr && *cache_nonce_addr? " ":"", + cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); + err = assuan_transact (agent_ctx, line, membuf_data_cb, &data, - inq_genkey_parms, &gk_parm, NULL, NULL); + inq_genkey_parms, &gk_parm, + cache_nonce_status_cb, cache_nonce_addr); if (err) { xfree (get_membuf (&data, &len)); @@ -1775,10 +1807,12 @@ /* Call the agent to import a key into the agent. */ gpg_error_t -agent_import_key (ctrl_t ctrl, const char *desc, const void *key, size_t keylen) +agent_import_key (ctrl_t ctrl, const char *desc, char **cache_nonce_addr, + const void *key, size_t keylen) { gpg_error_t err; struct import_key_parm_s parm; + char line[ASSUAN_LINELENGTH]; err = start_agent (ctrl, 0); if (err) @@ -1786,8 +1820,6 @@ if (desc) { - char line[ASSUAN_LINELENGTH]; - snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc); line[DIM(line)-1] = 0; err = assuan_transact (agent_ctx, line, @@ -1801,8 +1833,12 @@ parm.key = key; parm.keylen = keylen; - err = assuan_transact (agent_ctx, "IMPORT_KEY", - NULL, NULL, inq_import_key_parms, &parm, NULL, NULL); + snprintf (line, sizeof line, "IMPORT_KEY%s%s", + cache_nonce_addr && *cache_nonce_addr? " ":"", + cache_nonce_addr && *cache_nonce_addr? *cache_nonce_addr:""); + err = assuan_transact (agent_ctx, line, + NULL, NULL, inq_import_key_parms, &parm, + cache_nonce_status_cb, cache_nonce_addr); return err; } Modified: trunk/g10/call-agent.h =================================================================== --- trunk/g10/call-agent.h 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/g10/call-agent.h 2010-09-01 09:48:35 UTC (rev 5410) @@ -149,7 +149,8 @@ char **r_serialno); /* Generate a new key. */ -gpg_error_t agent_genkey (ctrl_t ctrl, const char *keyparms, +gpg_error_t agent_genkey (ctrl_t ctrl, char **cache_nonce_addr, + const char *keyparms, gcry_sexp_t *r_pubkey); /* Create a signature. */ @@ -169,6 +170,7 @@ /* Send a key to the agent. */ gpg_error_t agent_import_key (ctrl_t ctrl, const char *desc, + char **cache_nonce_addr, const void *key, size_t keylen); Modified: trunk/g10/import.c =================================================================== --- trunk/g10/import.c 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/g10/import.c 2010-09-01 09:48:35 UTC (rev 5410) @@ -1105,6 +1105,7 @@ gcry_cipher_hd_t cipherhd = NULL; unsigned char *wrappedkey = NULL; size_t wrappedkeylen; + char *cache_nonce = NULL; /* Get the current KEK. */ err = agent_keywrap_key (ctrl, 0, &kek, &keklen); @@ -1266,7 +1267,8 @@ xfree (desc); desc = uid; } - err = agent_import_key (ctrl, desc, wrappedkey, wrappedkeylen); + err = agent_import_key (ctrl, desc, &cache_nonce, + wrappedkey, wrappedkeylen); xfree (desc); } if (!err) @@ -1305,6 +1307,7 @@ } leave: + xfree (cache_nonce); xfree (wrappedkey); xfree (transferkey); gcry_cipher_close (cipherhd); @@ -1409,7 +1412,7 @@ pubkey_letter (sk->pubkey_algo), keystr_from_sk (sk), datestr_from_sk (sk)); if (uidnode) - print_utf8_buffer (es_stderr, uidnode->pkt->pkt.user_id->name, + print_utf8_buffer (log_get_stream (), uidnode->pkt->pkt.user_id->name, uidnode->pkt->pkt.user_id->len); log_printf ("\n"); } Modified: trunk/g10/keygen.c =================================================================== --- trunk/g10/keygen.c 2010-09-01 00:44:55 UTC (rev 5409) +++ trunk/g10/keygen.c 2010-09-01 09:48:35 UTC (rev 5410) @@ -1134,14 +1134,15 @@ /* Common code for the key generation fucntion gen_xxx. */ static int common_gen (const char *keyparms, int algo, const char *algoelem, - kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey) + kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, + char **cache_nonce_addr) { int err; PACKET *pkt; PKT_public_key *pk; gcry_sexp_t s_key; - err = agent_genkey (NULL, keyparms, &s_key); + err = agent_genkey (NULL, cache_nonce_addr, keyparms, &s_key); if (err) { log_error ("agent_genkey failed: %s\n", gpg_strerror (err) ); @@ -1193,7 +1194,7 @@ */ static int gen_elg (int algo, unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey) + u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) { int err; char *keyparms; @@ -1223,7 +1224,8 @@ else { err = common_gen (keyparms, algo, "pgy", - pub_root, timestamp, expireval, is_subkey); + pub_root, timestamp, expireval, is_subkey, + cache_nonce_addr); xfree (keyparms); } @@ -1236,7 +1238,7 @@ */ static gpg_error_t gen_dsa (unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey) + u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) { int err; unsigned int qbits; @@ -1305,7 +1307,8 @@ else { err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy", - pub_root, timestamp, expireval, is_subkey); + pub_root, timestamp, expireval, is_subkey, + cache_nonce_addr); xfree (keyparms); } @@ -1318,7 +1321,7 @@ */ static int gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expireval, int is_subkey) + u32 timestamp, u32 expireval, int is_subkey, char **cache_nonce_addr) { int err; char *keyparms; @@ -1349,7 +1352,8 @@ else { err = common_gen (keyparms, algo, "ne", - pub_root, timestamp, expireval, is_subkey); + pub_root, timestamp, expireval, is_subkey, + cache_nonce_addr); xfree (keyparms); } @@ -2146,7 +2150,8 @@ routines based on the requested algorithm. */ static int do_create (int algo, unsigned int nbits, KBNODE pub_root, - u32 timestamp, u32 expiredate, int is_subkey ) + u32 timestamp, u32 expiredate, int is_subkey, + char **cache_nonce_addr) { gpg_error_t err; @@ -2160,11 +2165,14 @@ "generator a better chance to gain enough entropy.\n") ); if (algo == PUBKEY_ALGO_ELGAMAL_E) - err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey); + err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey, + cache_nonce_addr); else if (algo == PUBKEY_ALGO_DSA) - err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey); + err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey, + cache_nonce_addr); else if (algo == PUBKEY_ALGO_RSA) - err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey); + err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey, + cache_nonce_addr); else BUG(); @@ -3161,6 +3169,7 @@ struct revocation_key *revkey; int did_sub = 0; u32 timestamp; + char *cache_nonce = NULL; if (outctrl->dryrun) { @@ -3231,7 +3240,7 @@ get_parameter_uint( para, pKEYLENGTH ), pub_root, timestamp, - get_parameter_u32( para, pKEYEXPIRE ), 0 ); + get_parameter_u32( para, pKEYEXPIRE ), 0, &cache_nonce); else err = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, ×tamp, @@ -3280,7 +3289,8 @@ get_parameter_uint (para, pSUBKEYLENGTH), pub_root, timestamp, - get_parameter_u32 (para, pSUBKEYEXPIRE), 1 ); + get_parameter_u32 (para, pSUBKEYEXPIRE), 1, + &cache_nonce); /* Get the pointer to the generated public subkey packet. */ if (!err) { @@ -3410,6 +3420,7 @@ } release_kbnode (pub_root); + xfree (cache_nonce); } @@ -3505,7 +3516,7 @@ goto leave; } - err = do_create (algo, nbits, keyblock, cur_time, expire, 1); + err = do_create (algo, nbits, keyblock, cur_time, expire, 1, NULL); if (err) goto leave; From cvs at cvs.gnupg.org Wed Sep 1 12:10:29 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 01 Sep 2010 12:10:29 +0200 Subject: [svn] assuan - r387 - in trunk: . src Message-ID: Author: wk Date: 2010-09-01 12:10:28 +0200 (Wed, 01 Sep 2010) New Revision: 387 Modified: trunk/NEWS trunk/src/ChangeLog trunk/src/assuan-defs.h trunk/src/assuan-logging.c trunk/src/assuan.h.in trunk/src/context.c Log: Add a no_logging flag. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-08-19 13:19:56 UTC (rev 386) +++ trunk/src/ChangeLog 2010-09-01 10:10:28 UTC (rev 387) @@ -1,3 +1,10 @@ +2010-09-01 Werner Koch + + * assuan.h.in (ASSUAN_NO_LOGGING): New. + * assuan-defs.h (struct assuan_context_s): Add FLAGS.NO_LOGGING. + * context.c (assuan_set_flag, assuan_get_flag): Support new flag. + * assuan-logging.c (_assuan_log_control_channel): Implement new flag. + 2010-08-11 Werner Koch * assuan.h.in (ASSUAN_CONVEY_COMMENTS): New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-08-19 13:19:56 UTC (rev 386) +++ trunk/NEWS 2010-09-01 10:10:28 UTC (rev 387) @@ -3,9 +3,12 @@ * A new flag may now be used to convey comments via assuan_transact. + * A new flag value may now be used to disable logging. + * Interface changes relative to the 2.0.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASSUAN_CONVEY_COMMENTS NEW. + ASSUAN_NO_LOGGING NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -24,6 +27,7 @@ assuan_free NEW. _assuan_w32ce_create_pipe NEW. ASSUAN_LOG_CONTROL NEW. + ASSUAN_NO_LOGGING NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Modified: trunk/src/assuan-defs.h =================================================================== --- trunk/src/assuan-defs.h 2010-08-19 13:19:56 UTC (rev 386) +++ trunk/src/assuan-defs.h 2010-09-01 10:10:28 UTC (rev 387) @@ -88,6 +88,7 @@ unsigned int confidential : 1; unsigned int no_fixsignals : 1; unsigned int convey_comments : 1; + unsigned int no_logging : 1; } flags; /* If set, this is called right before logging an I/O line. */ Modified: trunk/src/assuan-logging.c =================================================================== --- trunk/src/assuan-logging.c 2010-08-19 13:19:56 UTC (rev 386) +++ trunk/src/assuan-logging.c 2010-09-01 10:10:28 UTC (rev 387) @@ -170,7 +170,9 @@ /* Check whether logging is enabled and do a quick check to see whether the callback supports our category. */ - if (!ctx || !ctx->log_cb + if (!ctx + || !ctx->log_cb + || ctx->flags.no_logging || !(*ctx->log_cb) (ctx, ctx->log_cb_data, ASSUAN_LOG_CONTROL, NULL)) return; Modified: trunk/src/assuan.h.in =================================================================== --- trunk/src/assuan.h.in 2010-08-19 13:19:56 UTC (rev 386) +++ trunk/src/assuan.h.in 2010-09-01 10:10:28 UTC (rev 387) @@ -164,6 +164,8 @@ /* This flag changes assuan_transact to return comment lines via the status callback. The default is to skip comment lines. */ #define ASSUAN_CONVEY_COMMENTS 4 +/* This flags disables logging for one context. */ +#define ASSUAN_NO_LOGGING 5 /* For context CTX, set the flag FLAG to VALUE. Values for flags are usually 1 or 0 but certain flags might allow for other values; Modified: trunk/src/context.c =================================================================== --- trunk/src/context.c 2010-08-19 13:19:56 UTC (rev 386) +++ trunk/src/context.c 2010-09-01 10:10:28 UTC (rev 387) @@ -84,6 +84,10 @@ case ASSUAN_CONVEY_COMMENTS: ctx->flags.convey_comments = value; break; + + case ASSUAN_NO_LOGGING: + ctx->flags.no_logging = value; + break; } } @@ -116,6 +120,10 @@ case ASSUAN_CONVEY_COMMENTS: res = ctx->flags.convey_comments; break; + + case ASSUAN_NO_LOGGING: + res = ctx->flags.no_logging; + break; } return TRACE_SUC1 ("flag_value=%i", res); From cvs at cvs.gnupg.org Wed Sep 1 13:07:18 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 01 Sep 2010 13:07:18 +0200 Subject: [svn] GnuPG - r5411 - trunk/agent Message-ID: Author: wk Date: 2010-09-01 13:07:16 +0200 (Wed, 01 Sep 2010) New Revision: 5411 Modified: trunk/agent/ChangeLog trunk/agent/agent.h trunk/agent/cache.c trunk/agent/command-ssh.c trunk/agent/command.c trunk/agent/cvt-openpgp.c trunk/agent/findkey.c trunk/agent/genkey.c trunk/agent/pkdecrypt.c trunk/agent/pksign.c Log: s/CACHE_MODE_IMPGEN/CACHE_MODE_NONCE/. Prepare for more use cases of the cache nonce. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/ChangeLog 2010-09-01 11:07:16 UTC (rev 5411) @@ -2,14 +2,17 @@ * call-pinentry.c (start_pinentry): Disable pinentry logging. - * command.c (cmd_import_key, cmd_genkey): Add CACHE handling. + * command.c (cmd_import_key, cmd_genkey, cmd_pksign): Add CACHE + handling. * cvt-openpgp.c (convert_openpgp): Add arg CACHE_NONCE and try the cached nonce first. * genkey.c (agent_genkey): Add arg CACHE_NONCE. - * cache.c (agent_get_cache): Require user and impgen cache modes + * cache.c (agent_get_cache): Require user and nonce cache modes to match the requested mode. (agent_put_cache): Ditto. - * agent.h (CACHE_MODE_IMPGEN): New. + * agent.h (CACHE_MODE_NONCE): New. + * pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE. + * findkey.c (agent_key_from_file): Ditto. 2010-08-31 Werner Koch Modified: trunk/agent/agent.h =================================================================== --- trunk/agent/agent.h 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/agent.h 2010-09-01 11:07:16 UTC (rev 5411) @@ -194,8 +194,7 @@ CACHE_MODE_NORMAL, /* Normal cache (gpg-agent). */ CACHE_MODE_USER, /* GET_PASSPHRASE related cache. */ CACHE_MODE_SSH, /* SSH related cache. */ - CACHE_MODE_IMPGEN /* Used for import and genkey. This is a - non-predictable nonce. */ + CACHE_MODE_NONCE /* This is a non-predictable nonce. */ } cache_mode_t; @@ -228,6 +227,7 @@ int agent_write_private_key (const unsigned char *grip, const void *buffer, size_t length, int force); gpg_error_t agent_key_from_file (ctrl_t ctrl, + const char *cache_nonce, const char *desc_text, const unsigned char *grip, unsigned char **shadow_info, @@ -273,10 +273,12 @@ /*-- pksign.c --*/ -int agent_pksign_do (ctrl_t ctrl, const char *desc_text, +int agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, + const char *desc_text, gcry_sexp_t *signature_sexp, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl); -int agent_pksign (ctrl_t ctrl, const char *desc_text, +int agent_pksign (ctrl_t ctrl, const char *cache_nonce, + const char *desc_text, membuf_t *outbuf, cache_mode_t cache_mode); /*-- pkdecrypt.c --*/ Modified: trunk/agent/cache.c =================================================================== --- trunk/agent/cache.c 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/cache.c 2010-09-01 11:07:16 UTC (rev 5411) @@ -223,7 +223,7 @@ { if (!r->lockcount && ((cache_mode != CACHE_MODE_USER - && cache_mode != CACHE_MODE_IMPGEN) + && cache_mode != CACHE_MODE_NONCE) || r->cache_mode == cache_mode) && !strcmp (r->key, key)) break; @@ -274,7 +274,7 @@ /* Try to find an item in the cache. Note that we currently don't - make use of CACHE_MODE except for CACHE_MODE_IMPGEN and + make use of CACHE_MODE except for CACHE_MODE_NONCE and CACHE_MODE_USER. */ const char * agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id) @@ -295,7 +295,7 @@ { if (!r->lockcount && r->pw && ((cache_mode != CACHE_MODE_USER - && cache_mode != CACHE_MODE_IMPGEN) + && cache_mode != CACHE_MODE_NONCE) || r->cache_mode == cache_mode) && !strcmp (r->key, key)) { @@ -314,7 +314,7 @@ { if (r->pw && ((cache_mode != CACHE_MODE_USER - && cache_mode != CACHE_MODE_IMPGEN) + && cache_mode != CACHE_MODE_NONCE) || r->cache_mode == cache_mode) && !strcmp (r->key, key)) { Modified: trunk/agent/command-ssh.c =================================================================== --- trunk/agent/command-ssh.c 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/command-ssh.c 2010-09-01 11:07:16 UTC (rev 5411) @@ -2049,7 +2049,7 @@ *sig_n = 0; ctrl->use_auth_call = 1; - err = agent_pksign_do (ctrl, + err = agent_pksign_do (ctrl, NULL, _("Please enter the passphrase " "for the ssh key%0A %c"), &signature_sexp, CACHE_MODE_SSH, ttl_from_sshcontrol); Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/command.c 2010-09-01 11:07:16 UTC (rev 5411) @@ -695,7 +695,7 @@ static const char hlp_pksign[] = - "PKSIGN [options]\n" + "PKSIGN [] []\n" "\n" "Perform the actual sign operation. Neither input nor output are\n" "sensitive to eavesdropping."; @@ -706,9 +706,18 @@ cache_mode_t cache_mode = CACHE_MODE_NORMAL; ctrl_t ctrl = assuan_get_pointer (ctx); membuf_t outbuf; + char *cache_nonce = NULL; + char *p; - (void)line; + line = skip_options (line); + p = line; + for (p=line; *p && *p != ' ' && *p != '\t'; p++) + ; + *p = '\0'; + if (*line) + cache_nonce = xtrystrdup (line); + if (opt.ignore_cache_for_signing) cache_mode = CACHE_MODE_IGNORE; else if (!ctrl->server_local->use_cache_for_signing) @@ -716,12 +725,14 @@ init_membuf (&outbuf, 512); - rc = agent_pksign (ctrl, ctrl->server_local->keydesc, + rc = agent_pksign (ctrl, cache_nonce, ctrl->server_local->keydesc, &outbuf, cache_mode); if (rc) clear_outbuf (&outbuf); else rc = write_and_clear_outbuf (ctx, &outbuf); + + xfree (cache_nonce); xfree (ctrl->server_local->keydesc); ctrl->server_local->keydesc = NULL; return leave_cmd (ctx, rc); @@ -729,7 +740,7 @@ static const char hlp_pkdecrypt[] = - "PKDECRYPT \n" + "PKDECRYPT []\n" "\n" "Perform the actual decrypt operation. Input is not\n" "sensitive to eavesdropping."; @@ -1305,7 +1316,7 @@ goto leave; ctrl->in_passwd++; - rc = agent_key_from_file (ctrl, ctrl->server_local->keydesc, + rc = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, &shadow_info, CACHE_MODE_IGNORE, NULL, &s_skey); if (rc) @@ -1598,7 +1609,7 @@ cache_nonce = bin2hex (buf, 12, NULL); } if (cache_nonce - && !agent_put_cache (cache_nonce, CACHE_MODE_IMPGEN, + && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 120 /*seconds*/)) assuan_write_status (ctx, "CACHE_NONCE", cache_nonce); } @@ -1676,7 +1687,7 @@ goto leave; } - err = agent_key_from_file (ctrl, ctrl->server_local->keydesc, grip, + err = agent_key_from_file (ctrl, NULL, ctrl->server_local->keydesc, grip, NULL, CACHE_MODE_IGNORE, NULL, &s_skey); if (err) goto leave; Modified: trunk/agent/cvt-openpgp.c =================================================================== --- trunk/agent/cvt-openpgp.c 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/cvt-openpgp.c 2010-09-01 11:07:16 UTC (rev 5411) @@ -769,7 +769,7 @@ void *cache_marker = NULL; const char *cache_value; - cache_value = agent_get_cache (cache_nonce, CACHE_MODE_IMPGEN, + cache_value = agent_get_cache (cache_nonce, CACHE_MODE_NONCE, &cache_marker); if (cache_value) { Modified: trunk/agent/findkey.c =================================================================== --- trunk/agent/findkey.c 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/findkey.c 2010-09-01 11:07:16 UTC (rev 5411) @@ -480,11 +480,13 @@ CACHE_MODE defines now the cache shall be used. DESC_TEXT may be set to present a custom description for the pinentry. LOOKUP_TTL is an optional function to convey a TTL to the cache manager; we do - not simply pass the TTL value because the value is only needed if an - unprotect action was needed and looking up the TTL may have some - overhead (e.g. scanning the sshcontrol file). */ + not simply pass the TTL value because the value is only needed if + an unprotect action was needed and looking up the TTL may have some + overhead (e.g. scanning the sshcontrol file). If a CACHE_NONCE is + given that cache item is first tried to get a passphrase. */ gpg_error_t -agent_key_from_file (ctrl_t ctrl, const char *desc_text, +agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, + const char *desc_text, const unsigned char *grip, unsigned char **shadow_info, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl, gcry_sexp_t *result) Modified: trunk/agent/genkey.c =================================================================== --- trunk/agent/genkey.c 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/genkey.c 2010-09-01 11:07:16 UTC (rev 5411) @@ -377,7 +377,7 @@ void *cache_marker = NULL; const char *cache_value; - cache_value = agent_get_cache (cache_nonce, CACHE_MODE_IMPGEN, + cache_value = agent_get_cache (cache_nonce, CACHE_MODE_NONCE, &cache_marker); if (cache_value) { @@ -439,7 +439,7 @@ cache_nonce = bin2hex (tmpbuf, 12, NULL); } if (cache_nonce - && !agent_put_cache (cache_nonce, CACHE_MODE_IMPGEN, + && !agent_put_cache (cache_nonce, CACHE_MODE_NONCE, passphrase, 900 /*seconds*/)) agent_write_status (ctrl, "CACHE_NONCE", cache_nonce, NULL); } Modified: trunk/agent/pkdecrypt.c =================================================================== --- trunk/agent/pkdecrypt.c 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/pkdecrypt.c 2010-09-01 11:07:16 UTC (rev 5411) @@ -64,7 +64,7 @@ log_printhex ("keygrip:", ctrl->keygrip, 20); log_printhex ("cipher: ", ciphertext, ciphertextlen); } - rc = agent_key_from_file (ctrl, desc_text, + rc = agent_key_from_file (ctrl, NULL, desc_text, ctrl->keygrip, &shadow_info, CACHE_MODE_NORMAL, NULL, &s_skey); if (rc) Modified: trunk/agent/pksign.c =================================================================== --- trunk/agent/pksign.c 2010-09-01 09:48:35 UTC (rev 5410) +++ trunk/agent/pksign.c 2010-09-01 11:07:16 UTC (rev 5411) @@ -237,9 +237,12 @@ /* SIGN whatever information we have accumulated in CTRL and return the signature S-expression. LOOKUP is an optional function to - provide a way for lower layers to ask for the caching TTL. */ + provide a way for lower layers to ask for the caching TTL. If a + CACHE_NONCE is given that cache item is first tried to get a + passphrase. */ int -agent_pksign_do (ctrl_t ctrl, const char *desc_text, +agent_pksign_do (ctrl_t ctrl, const char *cache_nonce, + const char *desc_text, gcry_sexp_t *signature_sexp, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl) { @@ -250,7 +253,7 @@ if (! ctrl->have_keygrip) return gpg_error (GPG_ERR_NO_SECKEY); - rc = agent_key_from_file (ctrl, desc_text, ctrl->keygrip, + rc = agent_key_from_file (ctrl, cache_nonce, desc_text, ctrl->keygrip, &shadow_info, cache_mode, lookup_ttl, &s_skey); if (rc) @@ -349,9 +352,10 @@ } /* SIGN whatever information we have accumulated in CTRL and write it - back to OUTFP. */ + back to OUTFP. If a CACHE_NONCE is given that cache item is first + tried to get a passphrase. */ int -agent_pksign (ctrl_t ctrl, const char *desc_text, +agent_pksign (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, membuf_t *outbuf, cache_mode_t cache_mode) { gcry_sexp_t s_sig = NULL; @@ -359,7 +363,7 @@ size_t len = 0; int rc = 0; - rc = agent_pksign_do (ctrl, desc_text, &s_sig, cache_mode, NULL); + rc = agent_pksign_do (ctrl, cache_nonce, desc_text, &s_sig, cache_mode, NULL); if (rc) goto leave; From cvs at cvs.gnupg.org Wed Sep 1 14:49:07 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 01 Sep 2010 14:49:07 +0200 Subject: [svn] GnuPG - r5412 - in trunk: agent g10 Message-ID: Author: wk Date: 2010-09-01 14:49:05 +0200 (Wed, 01 Sep 2010) New Revision: 5412 Modified: trunk/agent/ChangeLog trunk/agent/findkey.c trunk/g10/ChangeLog trunk/g10/call-agent.c trunk/g10/call-agent.h trunk/g10/import.c trunk/g10/keyedit.c trunk/g10/keygen.c trunk/g10/main.h trunk/g10/packet.h trunk/g10/passphrase.c trunk/g10/revoke.c trunk/g10/sign.c Log: Even less prompts for a new key now. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/agent/ChangeLog 2010-09-01 12:49:05 UTC (rev 5412) @@ -13,6 +13,7 @@ * agent.h (CACHE_MODE_NONCE): New. * pksign.c (agent_pksign_do, agent_pksign): Add arg CACHE_NONCE. * findkey.c (agent_key_from_file): Ditto. + (unprotect): Implement it. 2010-08-31 Werner Koch Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/ChangeLog 2010-09-01 12:49:05 UTC (rev 5412) @@ -1,12 +1,25 @@ 2010-09-01 Werner Koch + * sign.c (do_sign, write_signature_packets, complete_sig): Add arg + CACHE_NONCE. + (make_keysig_packet): Ditto. + * keygen.c (make_backsig, write_direct_sig, write_selfsigs) + (write_keybinding): Add arg CACHE_NONCE. + (do_generate_keypair): Use cache_nonce to avoid a pinentry for the + self-signatures. + + * passphrase.c (gpg_format_keydesc): Remove now superfluous + algo_name fallback. + * keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, common_gen): Add arg CACHE_NONCE_ADDR. (generate_subkeypair): Pass NULL for CACHE_NONCE_ADDR. (do_generate_keypair): Add cache nonce handling. + * import.c (transfer_secret_keys): Support a cache nonce. * call-agent.c (cache_nonce_status_cb): New. (agent_genkey, agent_import_key): Add arg CACHE_NONCE_ADDR. + (agent_pksign): Ditto. 2010-08-30 Werner Koch Modified: trunk/agent/findkey.c =================================================================== --- trunk/agent/findkey.c 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/agent/findkey.c 2010-09-01 12:49:05 UTC (rev 5412) @@ -275,7 +275,7 @@ description used for the pinentry. If LOOKUP_TTL is given this function is used to lookup the default ttl. */ static int -unprotect (ctrl_t ctrl, const char *desc_text, +unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, unsigned char **keybuf, const unsigned char *grip, cache_mode_t cache_mode, lookup_ttl_t lookup_ttl) { @@ -288,6 +288,26 @@ bin2hex (grip, 20, hexgrip); + /* Initially try to get it using a cache nonce. */ + if (cache_nonce) + { + void *cache_marker; + const char *pw; + + pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE, &cache_marker); + if (pw) + { + rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen); + agent_unlock_cache_entry (&cache_marker); + if (!rc) + { + xfree (*keybuf); + *keybuf = result; + return 0; + } + } + } + /* First try to get it from the cache - if there is none or we can't unprotect it, we fall back to ask the user */ if (cache_mode != CACHE_MODE_IGNORE) @@ -560,7 +580,7 @@ if (!rc) { - rc = unprotect (ctrl, desc_text_final, &buf, grip, + rc = unprotect (ctrl, cache_nonce, desc_text_final, &buf, grip, cache_mode, lookup_ttl); if (rc) log_error ("failed to unprotect the secret key: %s\n", Modified: trunk/g10/call-agent.c =================================================================== --- trunk/g10/call-agent.c 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/call-agent.c 2010-09-01 12:49:05 UTC (rev 5412) @@ -1549,9 +1549,11 @@ the hex string KEYGRIP. DESC is a description of the key to be displayed if the agent needs to ask for the PIN. DIGEST and DIGESTLEN is the hash value to sign and DIGESTALGO the algorithm id - used to compute the digest. */ + used to compute the digest. If CACHE_NONCE is used the agent is + advised to firts try a passphrase associated with that nonce. */ gpg_error_t -agent_pksign (ctrl_t ctrl, const char *keygrip, const char *desc, +agent_pksign (ctrl_t ctrl, const char *cache_nonce, + const char *keygrip, const char *desc, unsigned char *digest, size_t digestlen, int digestalgo, gcry_sexp_t *r_sigval) { @@ -1598,7 +1600,11 @@ return err; init_membuf (&data, 1024); - err = assuan_transact (agent_ctx, "PKSIGN", + + snprintf (line, sizeof line, "PKSIGN%s%s", + cache_nonce? " -- ":"", + cache_nonce? cache_nonce:""); + err = assuan_transact (agent_ctx, line, membuf_data_cb, &data, default_inq_cb, ctrl, NULL, NULL); if (err) Modified: trunk/g10/call-agent.h =================================================================== --- trunk/g10/call-agent.h 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/call-agent.h 2010-09-01 12:49:05 UTC (rev 5412) @@ -154,7 +154,8 @@ gcry_sexp_t *r_pubkey); /* Create a signature. */ -gpg_error_t agent_pksign (ctrl_t ctrl, const char *hexkeygrip, const char *desc, +gpg_error_t agent_pksign (ctrl_t ctrl, const char *cache_nonce, + const char *hexkeygrip, const char *desc, unsigned char *digest, size_t digestlen, int digestalgo, gcry_sexp_t *r_sigval); Modified: trunk/g10/import.c =================================================================== --- trunk/g10/import.c 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/import.c 2010-09-01 12:49:05 UTC (rev 5412) @@ -1243,7 +1243,10 @@ size_t uidlen; u32 keyid[2]; char *orig_codeset; - + + /* FIXME: We should use gpg_format_keydesc, however that + requires a public key structure. It might be useful to + merge the secret and public key structures. */ keyid_from_sk (sk, keyid); uid = get_user_id (keyid, &uidlen); orig_codeset = i18n_switchto_utf8 (); Modified: trunk/g10/keyedit.c =================================================================== --- trunk/g10/keyedit.c 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/keyedit.c 2010-09-01 12:49:05 UTC (rev 5412) @@ -1083,7 +1083,8 @@ NULL, pk, 0x13, 0, force_v4 ? 4 : 0, 0, 0, - keygen_add_std_prefs, primary_pk); + keygen_add_std_prefs, primary_pk, + NULL); else rc = make_keysig_packet (&sig, primary_pk, node->pkt->pkt.user_id, @@ -1091,7 +1092,8 @@ pk, class, 0, force_v4 ? 4 : 0, timestamp, duration, - sign_mk_attrib, &attrib); + sign_mk_attrib, &attrib, + NULL); if (rc) { log_error (_("signing failed: %s\n"), g10_errstr (rc)); @@ -3222,7 +3224,7 @@ return 0; err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, 0, - keygen_add_std_prefs, pk); + keygen_add_std_prefs, pk, NULL); if (err) { log_error ("signing failed: %s\n", g10_errstr (err)); @@ -3610,7 +3612,7 @@ /* The 1F signature must be at least v4 to carry the revocation key subpacket. */ rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x1F, 0, 4, 0, 0, - keygen_add_revkey, &revkey); + keygen_add_revkey, &revkey, NULL); if (rc) { log_error ("signing failed: %s\n", g10_errstr (rc)); @@ -3810,7 +3812,7 @@ /* Now we can get to work. */ rc = make_backsig (sig_pk->pkt->pkt.signature, main_pk, sub_pk, sub_pk, - timestamp); + timestamp, NULL); if (!rc) { PKT_signature *newsig; @@ -4901,7 +4903,7 @@ rc = make_keysig_packet (&sig, primary_pk, unode->pkt->pkt.user_id, NULL, signerkey, 0x30, 0, 0, 0, 0, - sign_mk_attrib, &attrib); + sign_mk_attrib, &attrib, NULL); free_public_key (signerkey); if (rc) { @@ -4993,7 +4995,7 @@ rc = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x30, 0, (reason == NULL) ? 3 : 0, timestamp, 0, - sign_mk_attrib, &attrib); + sign_mk_attrib, &attrib, NULL); if (rc) { log_error (_("signing failed: %s\n"), g10_errstr (rc)); @@ -5055,7 +5057,7 @@ rc = make_keysig_packet (&sig, pk, NULL, NULL, pk, 0x20, 0, opt.force_v4_certs ? 4 : 0, 0, 0, - revocation_reason_build_cb, reason); + revocation_reason_build_cb, reason, NULL); if (rc) { log_error (_("signing failed: %s\n"), g10_errstr (rc)); @@ -5115,7 +5117,8 @@ node->flag &= ~NODFLG_SELKEY; rc = make_keysig_packet (&sig, mainpk, NULL, subpk, mainpk, - 0x28, 0, 0, 0, 0, sign_mk_attrib, &attrib); + 0x28, 0, 0, 0, 0, sign_mk_attrib, &attrib, + NULL); if (rc) { log_error (_("signing failed: %s\n"), g10_errstr (rc)); Modified: trunk/g10/keygen.c =================================================================== --- trunk/g10/keygen.c 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/keygen.c 2010-09-01 12:49:05 UTC (rev 5412) @@ -824,7 +824,7 @@ gpg_error_t make_backsig (PKT_signature *sig, PKT_public_key *pk, PKT_public_key *sub_pk, PKT_public_key *sub_psk, - u32 timestamp) + u32 timestamp, const char *cache_nonce) { gpg_error_t err; PKT_signature *backsig; @@ -832,7 +832,7 @@ cache_public_key (sub_pk); err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19, - 0, 0, timestamp, 0, NULL, NULL); + 0, 0, timestamp, 0, NULL, NULL, cache_nonce); if (err) log_error ("make_keysig_packet failed for backsig: %s\n", g10_errstr(err)); else @@ -918,7 +918,8 @@ the timestamp to set on the signature. */ static gpg_error_t write_direct_sig (KBNODE root, PKT_public_key *psk, - struct revocation_key *revkey, u32 timestamp) + struct revocation_key *revkey, u32 timestamp, + const char *cache_nonce) { gpg_error_t err; PACKET *pkt; @@ -942,7 +943,7 @@ /* Make the signature. */ err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F, 0, 0, timestamp, 0, - keygen_add_revkey, revkey); + keygen_add_revkey, revkey, cache_nonce); if (err) { log_error ("make_keysig_packet failed: %s\n", g10_errstr (err) ); @@ -963,7 +964,7 @@ signature. */ static gpg_error_t write_selfsigs (KBNODE root, PKT_public_key *psk, - unsigned int use, u32 timestamp) + unsigned int use, u32 timestamp, const char *cache_nonce) { gpg_error_t err; PACKET *pkt; @@ -997,7 +998,7 @@ /* Make the signature. */ err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13, 0, 0, timestamp, 0, - keygen_add_std_prefs, pk); + keygen_add_std_prefs, pk, cache_nonce); if (err) { log_error ("make_keysig_packet failed: %s\n", g10_errstr (err)); @@ -1019,7 +1020,7 @@ used if USE has the PUBKEY_USAGE_SIG capability. */ static int write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk, - unsigned int use, u32 timestamp) + unsigned int use, u32 timestamp, const char *cache_nonce) { gpg_error_t err; PACKET *pkt; @@ -1056,7 +1057,8 @@ oduap.pk = sub_pk; err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18, 0, 0, timestamp, 0, - keygen_add_key_flags_and_expire, &oduap); + keygen_add_key_flags_and_expire, &oduap, + cache_nonce); if (err) { log_error ("make_keysig_packet failed: %s\n", g10_errstr (err)); @@ -1066,7 +1068,7 @@ /* Make a backsig. */ if (use & PUBKEY_USAGE_SIG) { - err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp); + err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce); if (err) return err; } @@ -3254,13 +3256,14 @@ } if (!err && (revkey = get_parameter_revkey (para, pREVOKER))) - err = write_direct_sig (pub_root, pri_psk, revkey, timestamp); + err = write_direct_sig (pub_root, pri_psk, revkey, timestamp, cache_nonce); if (!err && (s = get_parameter_value (para, pUSERID))) { write_uid (pub_root, s ); err = write_selfsigs (pub_root, pri_psk, - get_parameter_uint (para, pKEYUSAGE), timestamp); + get_parameter_uint (para, pKEYUSAGE), timestamp, + cache_nonce); } /* Write the auth key to the card before the encryption key. This @@ -3277,7 +3280,7 @@ get_parameter_u32 (para, pKEYEXPIRE), para); if (!err) err = write_keybinding (pub_root, pri_psk, NULL, - PUBKEY_USAGE_AUTH, timestamp); + PUBKEY_USAGE_AUTH, timestamp, cache_nonce); } if (!err && get_parameter (para, pSUBKEYTYPE)) @@ -3327,7 +3330,7 @@ if (!err) err = write_keybinding (pub_root, pri_psk, sub_psk, get_parameter_uint (para, pSUBKEYUSAGE), - timestamp); + timestamp, cache_nonce); did_sub = 1; } @@ -3526,7 +3529,7 @@ sub_psk = node->pkt->pkt.public_key; /* Write the binding signature. */ - err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time); + err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time, NULL); if (err) goto leave; Modified: trunk/g10/main.h =================================================================== --- trunk/g10/main.h 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/main.h 2010-09-01 12:49:05 UTC (rev 5412) @@ -201,7 +201,8 @@ /*-- sign.c --*/ -int complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md); +int complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md, + const char *cache_nonce); int sign_file( strlist_t filenames, int detached, strlist_t locusr, int do_encrypt, strlist_t remusr, const char *outfile ); int clearsign_file( const char *fname, strlist_t locusr, const char *outfile ); @@ -241,7 +242,7 @@ int keygen_add_revkey(PKT_signature *sig, void *opaque); gpg_error_t make_backsig (PKT_signature *sig, PKT_public_key *pk, PKT_public_key *sub_pk, PKT_public_key *sub_psk, - u32 timestamp); + u32 timestamp, const char *cache_nonce); gpg_error_t generate_subkeypair (kbnode_t pub_keyblock); #ifdef ENABLE_CARD_SUPPORT int generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock, Modified: trunk/g10/packet.h =================================================================== --- trunk/g10/packet.h 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/packet.h 2010-09-01 12:49:05 UTC (rev 5412) @@ -502,7 +502,8 @@ PKT_public_key *pksk, int sigclass, int digest_algo, int sigversion, u32 timestamp, u32 duration, int (*mksubpkt)(PKT_signature *, void *), - void *opaque ); + void *opaque, + const char *cache_nonce); int update_keysig_packet( PKT_signature **ret_sig, PKT_signature *orig_sig, PKT_public_key *pk, Modified: trunk/g10/passphrase.c =================================================================== --- trunk/g10/passphrase.c 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/passphrase.c 2010-09-01 12:49:05 UTC (rev 5412) @@ -700,8 +700,6 @@ char *desc; algo_name = gcry_pk_algo_name (pk->pubkey_algo); - if (!algo_name) - algo_name = "?"; timestr = strtimestamp (pk->timestamp); uid = get_user_id (pk->keyid, &uidlen); Modified: trunk/g10/revoke.c =================================================================== --- trunk/g10/revoke.c 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/revoke.c 2010-09-01 12:49:05 UTC (rev 5412) @@ -339,7 +339,8 @@ /* create it */ rc = make_keysig_packet( &sig, pk, NULL, NULL, pk2, 0x20, 0, 0, 0, 0, - revocation_reason_build_cb, reason ); + revocation_reason_build_cb, reason, + NULL); if( rc ) { log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc)); goto leave; @@ -525,7 +526,7 @@ /* create it */ rc = make_keysig_packet (&sig, psk, NULL, NULL, psk, 0x20, 0, opt.force_v4_certs?4:0, 0, 0, - revocation_reason_build_cb, reason ); + revocation_reason_build_cb, reason, NULL); if (rc) { log_error (_("make_keysig_packet failed: %s\n"), g10_errstr (rc)); Modified: trunk/g10/sign.c =================================================================== --- trunk/g10/sign.c 2010-09-01 11:07:16 UTC (rev 5411) +++ trunk/g10/sign.c 2010-09-01 12:49:05 UTC (rev 5412) @@ -242,10 +242,11 @@ return data; } - +/* Perform the sign operation. If CACHE_NONCE is given the agent is + advised to use that cached passphrase fro the key. */ static int do_sign (PKT_public_key *pksk, PKT_signature *sig, - gcry_md_hd_t md, int mdalgo) + gcry_md_hd_t md, int mdalgo, const char *cache_nonce) { gpg_error_t err; gcry_mpi_t frame; @@ -314,7 +315,7 @@ gcry_sexp_t s_sigval; desc = gpg_format_keydesc (pksk, 1); - err = agent_pksign (NULL/*ctrl*/, hexgrip, desc, + err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc, dp, gcry_md_get_algo_dlen (mdalgo), mdalgo, &s_sigval); xfree (desc); @@ -378,12 +379,13 @@ int -complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md) +complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md, + const char *cache_nonce) { int rc; /* if (!(rc = check_secret_key (pksk, 0))) */ - rc = do_sign (pksk, sig, md, 0); + rc = do_sign (pksk, sig, md, 0, cache_nonce); return rc; } @@ -675,7 +677,7 @@ static int write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash, int sigclass, u32 timestamp, u32 duration, - int status_letter) + int status_letter, const char *cache_nonce) { SK_LIST sk_rover; @@ -722,7 +724,7 @@ hash_sigversion_to_magic (md, sig); gcry_md_final (md); - rc = do_sign (pk, sig, md, hash_for (pk)); + rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); if (!rc) { @@ -1070,7 +1072,7 @@ /* write the signatures */ rc = write_signature_packets (sk_list, out, mfx.md, opt.textmode && !outfile? 0x01 : 0x00, - 0, duration, detached ? 'D':'S'); + 0, duration, detached ? 'D':'S', NULL); if( rc ) goto leave; @@ -1234,8 +1236,9 @@ afx->what = 2; push_armor_filter (afx, out); - /* write the signatures */ - rc=write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C'); + /* Write the signatures. */ + rc = write_signature_packets (sk_list, out, textmd, 0x01, 0, duration, 'C', + NULL); if( rc ) goto leave; @@ -1401,7 +1404,7 @@ /*(current filters: zip - encrypt - armor)*/ rc = write_signature_packets (sk_list, out, mfx.md, opt.textmode? 0x01 : 0x00, - 0, duration, 'S'); + 0, duration, 'S', NULL); if( rc ) goto leave; @@ -1439,8 +1442,8 @@ PKT_public_key *pksk, int sigclass, int digest_algo, int sigversion, u32 timestamp, u32 duration, - int (*mksubpkt)(PKT_signature *, void *), void *opaque - ) + int (*mksubpkt)(PKT_signature *, void *), void *opaque, + const char *cache_nonce) { PKT_signature *sig; int rc=0; @@ -1533,7 +1536,7 @@ hash_sigversion_to_magic (md, sig); gcry_md_final (md); - rc = complete_sig (sig, pksk, md); + rc = complete_sig (sig, pksk, md, cache_nonce); } gcry_md_close (md); @@ -1562,7 +1565,7 @@ PKT_public_key *subpk, PKT_public_key *pksk, int (*mksubpkt)(PKT_signature *, void *), - void *opaque ) + void *opaque) { PKT_signature *sig; int rc=0; @@ -1619,7 +1622,7 @@ hash_sigversion_to_magic (md, sig); gcry_md_final (md); - rc = complete_sig (sig, pksk, md); + rc = complete_sig (sig, pksk, md, NULL); } gcry_md_close (md); From cvs at cvs.gnupg.org Thu Sep 2 12:46:24 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 02 Sep 2010 12:46:24 +0200 Subject: [svn] GnuPG - r5413 - in trunk: agent common Message-ID: Author: wk Date: 2010-09-02 12:46:23 +0200 (Thu, 02 Sep 2010) New Revision: 5413 Modified: trunk/agent/ChangeLog trunk/agent/agent.h trunk/agent/cache.c trunk/agent/command.c trunk/agent/cvt-openpgp.c trunk/agent/findkey.c trunk/agent/genkey.c trunk/agent/gpg-agent.c trunk/common/ChangeLog trunk/common/util.h Log: Obscure the cached passphrases. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/agent/ChangeLog 2010-09-02 10:46:23 UTC (rev 5413) @@ -1,3 +1,21 @@ +2010-09-02 Werner Koch + + * cache.c (new_data): Change arg and callers to use a string and + explicity return an error code. We never used raw binary data and + thus it is easier to use a string. Adjust callers. + (initialize_module_cache, deinitialize_module_cache): New. + (new_data): Encrypt the cached data. + (struct cache_item_s): Remove field LOCKCOUNT. Change all users + accordingly. + (agent_unlock_cache_entry): Remove. + (agent_get_cache): Return an allocated string and remove CACHE_ID. + * genkey.c (agent_genkey): Remove cache marker stuff. + * findkey.c (unprotect): Ditto. + * cvt-openpgp.c (convert_openpgp): Ditto. + * command.c (cmd_get_passphrase): Ditto. + * gpg-agent.c (main, cleanup): Initialize and deinitialize the + cache module. + 2010-09-01 Werner Koch * call-pinentry.c (start_pinentry): Disable pinentry logging. Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/common/ChangeLog 2010-09-02 10:46:23 UTC (rev 5413) @@ -1,3 +1,7 @@ +2010-09-02 Werner Koch + + * util.h (GPG_ERR_NOT_INITIALIZED): Define if not defined. + 2010-09-01 Marcus Brinkmann * estream.c (_es_set_std_fd): Disable debug output. Modified: trunk/agent/agent.h =================================================================== --- trunk/agent/agent.h 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/agent/agent.h 2010-09-02 10:46:23 UTC (rev 5413) @@ -264,12 +264,12 @@ /*-- cache.c --*/ +void initialize_module_cache (void); +void deinitialize_module_cache (void); void agent_flush_cache (void); int agent_put_cache (const char *key, cache_mode_t cache_mode, const char *data, int ttl); -const char *agent_get_cache (const char *key, cache_mode_t cache_mode, - void **cache_id); -void agent_unlock_cache_entry (void **cache_id); +char *agent_get_cache (const char *key, cache_mode_t cache_mode); /*-- pksign.c --*/ Modified: trunk/agent/cache.c =================================================================== --- trunk/agent/cache.c 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/agent/cache.c 2010-09-02 10:46:23 UTC (rev 5413) @@ -24,13 +24,31 @@ #include #include #include +#include #include "agent.h" +/* The size of the encryption key in bytes. */ +#define ENCRYPTION_KEYSIZE (128/8) + +/* A mutex used to protect the encryption. This is required because + we use one context to do all encryption and decryption. */ +static pth_mutex_t encryption_lock; +/* The encryption context. This is the only place where the + encryption key for all cached entries is available. It would nice + to keep this (or just the key) in some hardware device, for example + a TPM. Libgcrypt could be extended to provide such a service. + With the current scheme it is easy to retrieve the cached entries + if access to Libgcrypt's memory is available. The encryption + merely avoids grepping for clear texts in the memory. Nevertheless + the encryption provides the necessary infrastructure to make it + more secure. */ +static gcry_cipher_hd_t encryption_handle; + + struct secret_data_s { - int totallen; /* this includes the padding */ - int datalen; /* actual data length */ - char data[1]; + int totallen; /* This includes the padding and space for AESWRAP. */ + char data[1]; /* A string. */ }; typedef struct cache_item_s *ITEM; @@ -39,47 +57,116 @@ time_t created; time_t accessed; int ttl; /* max. lifetime given in seconds, -1 one means infinite */ - int lockcount; struct secret_data_s *pw; cache_mode_t cache_mode; char key[1]; }; - +/* The cache himself. */ static ITEM thecache; +/* This function must be called once to initialize this module. It + has to be done before a second thread is spawned. */ +void +initialize_module_cache (void) +{ + static int initialized; + gpg_error_t err; + void *key; + + if (!pth_mutex_init (&encryption_lock)) + err = gpg_error_from_syserror (); + else + err = gcry_cipher_open (&encryption_handle, GCRY_CIPHER_AES128, + GCRY_CIPHER_MODE_AESWRAP, GCRY_CIPHER_SECURE); + if (!err) + { + key = gcry_random_bytes (ENCRYPTION_KEYSIZE, GCRY_STRONG_RANDOM); + if (!key) + err = gpg_error_from_syserror (); + else + { + err = gcry_cipher_setkey (encryption_handle, key, ENCRYPTION_KEYSIZE); + xfree (key); + } + } + if (err) + log_fatal ("error initializing cache encryption context: %s\n", + gpg_strerror (err)); + initialized = 1; +} + + +void +deinitialize_module_cache (void) +{ + gcry_cipher_close (encryption_handle); + encryption_handle = NULL; +} + + static void release_data (struct secret_data_s *data) { xfree (data); } -static struct secret_data_s * -new_data (const void *data, size_t length) +static gpg_error_t +new_data (const char *string, struct secret_data_s **r_data) { - struct secret_data_s *d; + gpg_error_t err; + struct secret_data_s *d, *d_enc; + size_t length; int total; + + *r_data = NULL; - /* we pad the data to 32 bytes so that it get more complicated + if (!encryption_handle) + return gpg_error (GPG_ERR_NOT_INITIALIZED); + + length = strlen (string) + 1; + + /* We pad the data to 32 bytes so that it get more complicated finding something out by watching allocation patterns. This is - usally not possible but we better assume nothing about our - secure storage provider*/ - total = length + 32 - (length % 32); + usally not possible but we better assume nothing about our secure + storage provider. To support the AESWRAP mode we need to add 8 + extra bytes as well. */ + total = (length + 8) + 32 - ((length+8) % 32); - d = gcry_malloc_secure (sizeof *d + total - 1); - if (d) + d = xtrymalloc_secure (sizeof *d + total - 1); + if (!d) + return gpg_error_from_syserror (); + memcpy (d->data, string, length); + + d_enc = xtrymalloc (sizeof *d_enc + total - 1); + if (!d_enc) { - d->totallen = total; - d->datalen = length; - memcpy (d->data, data, length); + err = gpg_error_from_syserror (); + xfree (d); + return err; } - return d; + + d_enc->totallen = total; + if (!pth_mutex_acquire (&encryption_lock, 0, NULL)) + log_fatal ("failed to acquire cache encryption mutex\n"); + err = gcry_cipher_encrypt (encryption_handle, d_enc->data, total, + d->data, total - 8); + xfree (d); + if (!pth_mutex_release (&encryption_lock)) + log_fatal ("failed to release cache encryption mutex\n"); + if (err) + { + xfree (d_enc); + return err; + } + *r_data = d_enc; + return 0; } -/* check whether there are items to expire */ +/* Check whether there are items to expire. */ static void housekeeping (void) { @@ -89,8 +176,7 @@ /* First expire the actual data */ for (r=thecache; r; r = r->next) { - if (!r->lockcount && r->pw - && r->ttl >= 0 && r->accessed + r->ttl < current) + if (r->pw && r->ttl >= 0 && r->accessed + r->ttl < current) { if (DBG_CACHE) log_debug (" expired `%s' (%ds after last access)\n", @@ -112,7 +198,7 @@ case CACHE_MODE_SSH: maxttl = opt.max_cache_ttl_ssh; break; default: maxttl = opt.max_cache_ttl; break; } - if (!r->lockcount && r->pw && r->created + maxttl < current) + if (r->pw && r->created + maxttl < current) { if (DBG_CACHE) log_debug (" expired `%s' (%lus after creation)\n", @@ -129,28 +215,16 @@ { if (!r->pw && r->ttl >= 0 && r->accessed + 60*30 < current) { - if (r->lockcount) - { - log_error ("can't remove unused cache entry `%s' (mode %d) due to" - " lockcount=%d\n", - r->key, r->cache_mode, r->lockcount); - r->accessed += 60*10; /* next error message in 10 minutes */ - rprev = r; - r = r->next; - } + ITEM r2 = r->next; + if (DBG_CACHE) + log_debug (" removed `%s' (mode %d) (slot not used for 30m)\n", + r->key, r->cache_mode); + xfree (r); + if (!rprev) + thecache = r2; else - { - ITEM r2 = r->next; - if (DBG_CACHE) - log_debug (" removed `%s' (mode %d) (slot not used for 30m)\n", - r->key, r->cache_mode); - xfree (r); - if (!rprev) - thecache = r2; - else - rprev->next = r2; - r = r2; - } + rprev->next = r2; + r = r2; } else { @@ -171,7 +245,7 @@ for (r=thecache; r; r = r->next) { - if (!r->lockcount && r->pw) + if (r->pw) { if (DBG_CACHE) log_debug (" flushing `%s'\n", r->key); @@ -179,28 +253,22 @@ r->pw = NULL; r->accessed = 0; } - else if (r->lockcount && r->pw) - { - if (DBG_CACHE) - log_debug (" marked `%s' for flushing\n", r->key); - r->accessed = 0; - r->ttl = 0; - } } } -/* Store DATA of length DATALEN in the cache under KEY and mark it - with a maximum lifetime of TTL seconds. If there is already data - under this key, it will be replaced. Using a DATA of NULL deletes - the entry. A TTL of 0 is replaced by the default TTL and a TTL of - -1 set infinite timeout. CACHE_MODE is stored with the cache entry +/* Store the string DATA in the cache under KEY and mark it with a + maximum lifetime of TTL seconds. If there is already data under + this key, it will be replaced. Using a DATA of NULL deletes the + entry. A TTL of 0 is replaced by the default TTL and a TTL of -1 + set infinite timeout. CACHE_MODE is stored with the cache entry and used to select different timeouts. */ int agent_put_cache (const char *key, cache_mode_t cache_mode, const char *data, int ttl) { + gpg_error_t err = 0; ITEM r; if (DBG_CACHE) @@ -221,15 +289,14 @@ for (r=thecache; r; r = r->next) { - if (!r->lockcount - && ((cache_mode != CACHE_MODE_USER - && cache_mode != CACHE_MODE_NONCE) - || r->cache_mode == cache_mode) + if (((cache_mode != CACHE_MODE_USER + && cache_mode != CACHE_MODE_NONCE) + || r->cache_mode == cache_mode) && !strcmp (r->key, key)) break; } - if (r) - { /* replace */ + if (r) /* Replace. */ + { if (r->pw) { release_data (r->pw); @@ -240,46 +307,47 @@ r->created = r->accessed = gnupg_get_time (); r->ttl = ttl; r->cache_mode = cache_mode; - r->pw = new_data (data, strlen (data)+1); - if (!r->pw) - log_error ("out of core while allocating new cache item\n"); + err = new_data (data, &r->pw); + if (err) + log_error ("error replacing cache item: %s\n", gpg_strerror (err)); } } - else if (data) - { /* simply insert */ + else if (data) /* Insert. */ + { r = xtrycalloc (1, sizeof *r + strlen (key)); if (!r) - log_error ("out of core while allocating new cache control\n"); + err = gpg_error_from_syserror (); else { strcpy (r->key, key); r->created = r->accessed = gnupg_get_time (); r->ttl = ttl; r->cache_mode = cache_mode; - r->pw = new_data (data, strlen (data)+1); - if (!r->pw) - { - log_error ("out of core while allocating new cache item\n"); - xfree (r); - } + err = new_data (data, &r->pw); + if (err) + xfree (r); else { r->next = thecache; thecache = r; } } + if (err) + log_error ("error inserting cache item: %s\n", gpg_strerror (err)); } - return 0; + return err; } /* Try to find an item in the cache. Note that we currently don't make use of CACHE_MODE except for CACHE_MODE_NONCE and CACHE_MODE_USER. */ -const char * -agent_get_cache (const char *key, cache_mode_t cache_mode, void **cache_id) +char * +agent_get_cache (const char *key, cache_mode_t cache_mode) { + gpg_error_t err; ITEM r; + char *value = NULL; if (cache_mode == CACHE_MODE_IGNORE) return NULL; @@ -288,67 +356,46 @@ log_debug ("agent_get_cache `%s' (mode %d) ...\n", key, cache_mode); housekeeping (); - /* first try to find one with no locks - this is an updated cache - entry: We might have entries with a lockcount and without a - lockcount. */ for (r=thecache; r; r = r->next) { - if (!r->lockcount && r->pw + if (r->pw && ((cache_mode != CACHE_MODE_USER && cache_mode != CACHE_MODE_NONCE) || r->cache_mode == cache_mode) && !strcmp (r->key, key)) { - /* put_cache does only put strings into the cache, so we - don't need the lengths */ r->accessed = gnupg_get_time (); if (DBG_CACHE) log_debug ("... hit\n"); - r->lockcount++; - *cache_id = r; - return r->pw->data; + if (r->pw->totallen < 32) + err = gpg_error (GPG_ERR_INV_LENGTH); + else if (!encryption_handle) + err = gpg_error (GPG_ERR_NOT_INITIALIZED); + else if (!(value = xtrymalloc_secure (r->pw->totallen - 8))) + err = gpg_error_from_syserror (); + else + { + if (!pth_mutex_acquire (&encryption_lock, 0, NULL)) + log_fatal ("failed to acquire cache encryption mutex\n"); + err = gcry_cipher_decrypt (encryption_handle, + value, r->pw->totallen - 8, + r->pw->data, r->pw->totallen); + if (!pth_mutex_release (&encryption_lock)) + log_fatal ("failed to release cache encryption mutex\n"); + } + if (err) + { + xfree (value); + value = NULL; + log_error ("retrieving cache entry `%s' failed: %s\n", + key, gpg_strerror (err)); + } + return value; } } - /* again, but this time get even one with a lockcount set */ - for (r=thecache; r; r = r->next) - { - if (r->pw - && ((cache_mode != CACHE_MODE_USER - && cache_mode != CACHE_MODE_NONCE) - || r->cache_mode == cache_mode) - && !strcmp (r->key, key)) - { - r->accessed = gnupg_get_time (); - if (DBG_CACHE) - log_debug ("... hit (locked)\n"); - r->lockcount++; - *cache_id = r; - return r->pw->data; - } - } if (DBG_CACHE) log_debug ("... miss\n"); - *cache_id = NULL; return NULL; } - -void -agent_unlock_cache_entry (void **cache_id) -{ - ITEM r; - - for (r=thecache; r; r = r->next) - { - if (r == *cache_id) - { - if (!r->lockcount) - log_error ("trying to unlock non-locked cache entry `%s'\n", - r->key); - else - r->lockcount--; - return; - } - } -} Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/agent/command.c 2010-09-02 10:46:23 UTC (rev 5413) @@ -1069,12 +1069,11 @@ { ctrl_t ctrl = assuan_get_pointer (ctx); int rc; - const char *pw; + char *pw; char *response; char *cacheid = NULL, *desc = NULL, *prompt = NULL, *errtext = NULL; const char *desc2 = _("Please re-enter this passphrase"); char *p; - void *cache_marker; int opt_data, opt_check, opt_no_ask, opt_qualbar; int opt_repeat = 0; char *repeat_errtext = NULL; @@ -1135,12 +1134,11 @@ if (!strcmp (desc, "X")) desc = NULL; - pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL, &cache_marker) - : NULL; + pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL) : NULL; if (pw) { rc = send_back_passphrase (ctx, opt_data, pw); - agent_unlock_cache_entry (&cache_marker); + xfree (pw); } else if (opt_no_ask) rc = gpg_error (GPG_ERR_NO_DATA); Modified: trunk/agent/cvt-openpgp.c =================================================================== --- trunk/agent/cvt-openpgp.c 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/agent/cvt-openpgp.c 2010-09-02 10:46:23 UTC (rev 5413) @@ -766,16 +766,14 @@ err = gpg_error (GPG_ERR_BAD_PASSPHRASE); if (cache_nonce) { - void *cache_marker = NULL; - const char *cache_value; + char *cache_value; - cache_value = agent_get_cache (cache_nonce, CACHE_MODE_NONCE, - &cache_marker); + cache_value = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); if (cache_value) { if (strlen (cache_value) < pi->max_length) strcpy (pi->pin, cache_value); - agent_unlock_cache_entry (&cache_marker); + xfree (cache_value); } if (*pi->pin) err = try_do_unprotect_cb (pi); Modified: trunk/agent/findkey.c =================================================================== --- trunk/agent/findkey.c 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/agent/findkey.c 2010-09-02 10:46:23 UTC (rev 5413) @@ -291,14 +291,13 @@ /* Initially try to get it using a cache nonce. */ if (cache_nonce) { - void *cache_marker; - const char *pw; + char *pw; - pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE, &cache_marker); + pw = agent_get_cache (cache_nonce, CACHE_MODE_NONCE); if (pw) { rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen); - agent_unlock_cache_entry (&cache_marker); + xfree (pw); if (!rc) { xfree (*keybuf); @@ -312,15 +311,14 @@ unprotect it, we fall back to ask the user */ if (cache_mode != CACHE_MODE_IGNORE) { - void *cache_marker; - const char *pw; + char *pw; retry: - pw = agent_get_cache (hexgrip, cache_mode, &cache_marker); + pw = agent_get_cache (hexgrip, cache_mode); if (pw) { rc = agent_unprotect (*keybuf, pw, NULL, &result, &resultlen); - agent_unlock_cache_entry (&cache_marker); + xfree (pw); if (!rc) { xfree (*keybuf); Modified: trunk/agent/genkey.c =================================================================== --- trunk/agent/genkey.c 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/agent/genkey.c 2010-09-02 10:46:23 UTC (rev 5413) @@ -359,7 +359,7 @@ membuf_t *outbuf) { gcry_sexp_t s_keyparam, s_key, s_private, s_public; - char *passphrase = NULL; + char *passphrase; int rc; size_t len; char *buf; @@ -372,21 +372,7 @@ } /* Get the passphrase now, cause key generation may take a while. */ - if (cache_nonce) - { - void *cache_marker = NULL; - const char *cache_value; - - cache_value = agent_get_cache (cache_nonce, CACHE_MODE_NONCE, - &cache_marker); - if (cache_value) - { - passphrase = xtrymalloc_secure (strlen (cache_value)+1); - if (passphrase) - strcpy (passphrase, cache_value); - agent_unlock_cache_entry (&cache_marker); - } - } + passphrase = cache_nonce? agent_get_cache (cache_nonce, CACHE_MODE_NONCE):NULL; if (passphrase) rc = 0; else Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/agent/gpg-agent.c 2010-09-02 10:46:23 UTC (rev 5413) @@ -440,6 +440,7 @@ static void cleanup (void) { + deinitialize_module_cache (); remove_socket (socket_name); remove_socket (socket_name_ssh); } @@ -842,6 +843,7 @@ exit (1); } + initialize_module_cache (); initialize_module_call_pinentry (); initialize_module_call_scd (); initialize_module_trustlist (); Modified: trunk/common/util.h =================================================================== --- trunk/common/util.h 2010-09-01 12:49:05 UTC (rev 5412) +++ trunk/common/util.h 2010-09-02 10:46:23 UTC (rev 5413) @@ -30,7 +30,11 @@ #ifndef GPG_ERR_LIMIT_REACHED #define GPG_ERR_LIMIT_REACHED 183 #endif +#ifndef GPG_ERR_NOT_INITIALIZED +#define GPG_ERR_NOT_INITIALIZED 184 +#endif + /* Hash function used with libksba. */ #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) From cvs at cvs.gnupg.org Thu Sep 2 12:48:04 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 02 Sep 2010 12:48:04 +0200 Subject: [svn] gpg-error - r248 - in trunk: . src Message-ID: Author: wk Date: 2010-09-02 12:48:03 +0200 (Thu, 02 Sep 2010) New Revision: 248 Modified: trunk/ChangeLog trunk/NEWS trunk/src/err-codes.h.in trunk/src/w32-gettext.c Log: Add new error code. Remove comment cruft. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-08-19 13:39:12 UTC (rev 247) +++ trunk/ChangeLog 2010-09-02 10:48:03 UTC (rev 248) @@ -1,3 +1,7 @@ +2010-09-02 Werner Koch + + * src/err-codes.h.in: Add GPG_ERR_NOT_INITIALIZED. + 2010-08-19 Werner Koch * configure.ac (AH_BOTTOM): Define GPG_ERR_ENABLE_ERRNO_MACROS. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-08-19 13:39:12 UTC (rev 247) +++ trunk/NEWS 2010-09-02 10:48:03 UTC (rev 248) @@ -1,8 +1,10 @@ Noteworthy changes in version 1.10 ---------------------------------------------- + * Interface changes relative to the 1.9 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPG_ERR_NOT_INITIALIZED NEW. Noteworthy changes in version 1.9 (2010-07-21) Modified: trunk/src/err-codes.h.in =================================================================== --- trunk/src/err-codes.h.in 2010-08-19 13:39:12 UTC (rev 247) +++ trunk/src/err-codes.h.in 2010-09-02 10:48:03 UTC (rev 248) @@ -213,7 +213,8 @@ 181 GPG_ERR_MISSING_KEY Missing key 182 GPG_ERR_TOO_MANY Too many objects 183 GPG_ERR_LIMIT_REACHED Limit reached -# 184 to 198 are free to be used. +184 GPG_ERR_NOT_INITIALIZED Not initialized +# 185 to 198 are free to be used. 199 GPG_ERR_UNFINISHED Operation not yet finished 200 GPG_ERR_BUFFER_TOO_SHORT Buffer too short Modified: trunk/src/w32-gettext.c =================================================================== --- trunk/src/w32-gettext.c 2010-08-19 13:39:12 UTC (rev 247) +++ trunk/src/w32-gettext.c 2010-09-02 10:48:03 UTC (rev 248) @@ -1,6 +1,6 @@ /* w32-gettext.h - A simple gettext implementation for Windows targets. Copyright (C) 1995, 1996, 1997, 1999, 2005, 2007, -2 2008, 2010 Free Software Foundation, Inc. + 2008, 2010 Free Software Foundation, Inc. This file is part of libgpg-error. From cvs at cvs.gnupg.org Thu Sep 2 17:11:52 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 02 Sep 2010 17:11:52 +0200 Subject: [svn] GnuPG - r5414 - in trunk: . g10 Message-ID: Author: wk Date: 2010-09-02 17:11:51 +0200 (Thu, 02 Sep 2010) New Revision: 5414 Modified: trunk/NEWS trunk/g10/ChangeLog trunk/g10/import.c Log: Merge secret keys during import Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-09-02 10:46:23 UTC (rev 5413) +++ trunk/g10/ChangeLog 2010-09-02 15:11:51 UTC (rev 5414) @@ -1,3 +1,8 @@ +2010-09-02 Werner Koch + + * import.c (transfer_secret_keys, import_secret_one): Enable stats. + (import_secret_one): Enable secret key merging. + 2010-09-01 Werner Koch * sign.c (do_sign, write_signature_packets, complete_sig): Add arg Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-09-02 10:46:23 UTC (rev 5413) +++ trunk/NEWS 2010-09-02 15:11:51 UTC (rev 5414) @@ -41,7 +41,9 @@ operations to gpg-agent. The import command moves secret keys to the agent. + * The OpenPGP import command is now able to merge secret keys. + Noteworthy changes in version 2.0.13 (2009-09-04) ------------------------------------------------- Modified: trunk/g10/import.c =================================================================== --- trunk/g10/import.c 2010-09-02 10:46:23 UTC (rev 5413) +++ trunk/g10/import.c 2010-09-02 15:11:51 UTC (rev 5414) @@ -112,7 +112,8 @@ {"import-unusable-sigs",0,NULL,NULL}, {"import-clean-sigs",0,NULL,NULL}, {"import-clean-uids",0,NULL,NULL}, - {"convert-sk-to-pk",0, NULL,NULL}, + {"convert-sk-to-pk",0, NULL,NULL}, /* Not anymore needed due to + the new design. */ {NULL,0,NULL,NULL} }; @@ -1084,7 +1085,7 @@ /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The function prints diagnostics and returns an error code. */ static gpg_error_t -transfer_secret_keys (ctrl_t ctrl, kbnode_t sec_keyblock) +transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock) { gpg_error_t err = 0; void *kek = NULL; @@ -1135,6 +1136,9 @@ if (!main_sk) main_sk = sk; + stats->count++; + stats->secret_read++; + /* Convert our internal secret key object into an S-expression. */ nskey = pubkey_get_nskey (sk->pubkey_algo); if (!nskey || nskey > PUBKEY_MAX_NSKEY) @@ -1279,9 +1283,7 @@ if (opt.verbose) log_info (_("key %s: secret key imported\n"), keystr_from_sk_with_sub (main_sk, sk)); - /* stats->count++; */ - /* stats->secret_read++; */ - /* stats->secret_imported++; */ + stats->secret_imported++; } else if ( gpg_err_code (err) == GPG_ERR_EEXIST ) { @@ -1289,9 +1291,7 @@ log_info (_("key %s: secret key already exists\n"), keystr_from_sk_with_sub (main_sk, sk)); err = 0; - /* stats->count++; */ - /* stats->secret_read++; */ - /* stats->secret_dups++; */ + stats->secret_dups++; } else { @@ -1449,21 +1449,16 @@ clear_kbnode_flags( keyblock ); - have_seckey = have_secret_key_with_kid (keyid); - - if (!have_seckey && !(opt.import_options&IMPORT_MERGE_ONLY) ) + if ( !(opt.import_options&IMPORT_MERGE_ONLY) ) { /* We don't have this key, insert as a new key. */ kbnode_t pub_keyblock; - stats->secret_imported++; - if (is_status_enabled ()) - print_import_ok (NULL, sk, 1|16); - /* Make a public key out of this. */ pub_keyblock = sec_to_pub_keyblock (keyblock); if (!pub_keyblock) - log_error ("oops: FIXME (bad error message)\n"); + log_error ("key %s: failed to create public key from secret key\n", + keystr_from_sk (sk)); else { import_one (fname, pub_keyblock, stats, @@ -1478,36 +1473,31 @@ keyblock. */ node = get_pubkeyblock (keyid); if (!node) - log_error ("oops: error getting public keyblock again\n"); + log_error ("key %s: failed to re-lookup public key\n", + keystr_from_sk (sk)); else { - if (!transfer_secret_keys (ctrl, keyblock)) + if (!transfer_secret_keys (ctrl, stats, keyblock)) { if (!opt.quiet) log_info (_("key %s: secret key imported\n"), keystr_from_sk (sk)); + if (is_status_enabled ()) + print_import_ok (NULL, sk, 1|16); check_prefs (node); } release_kbnode (node); } } } - else if (have_seckey) + else if (have_secret_key_with_kid (keyid)) { - /* We can't yet merge secret keys. - Well, with the new system - we can => FIXME */ + /* We don't want to merge the secret keys. */ log_error( _("key %s: secret key part already available\n"), keystr_from_sk(sk)); - stats->secret_dups++; if (is_status_enabled ()) print_import_ok (NULL, sk, 16); - - /* TODO: if we ever do merge secret keys, make sure to handle - the sec_to_pub_keyblock feature as well. */ } - else - log_error( _("key %s: secret key not found: %s\n"), - keystr_from_sk(sk), g10_errstr(rc)); return rc; } From cvs at cvs.gnupg.org Thu Sep 2 23:33:27 2010 From: cvs at cvs.gnupg.org (svn author marcus) Date: Thu, 02 Sep 2010 23:33:27 +0200 Subject: [svn] gpgme - r1490 - trunk/src Message-ID: Author: marcus Date: 2010-09-02 23:33:26 +0200 (Thu, 02 Sep 2010) New Revision: 1490 Modified: trunk/src/ChangeLog trunk/src/error.c Log: 2010-09-02 Marcus Brinkmann * error.c (gpgme_err_code_to_errno): Fix cut and paste bug (thanks to Marc Mutz). Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-09-01 00:46:19 UTC (rev 1489) +++ trunk/src/ChangeLog 2010-09-02 21:33:26 UTC (rev 1490) @@ -1,3 +1,8 @@ +2010-09-02 Marcus Brinkmann + + * error.c (gpgme_err_code_to_errno): Fix cut and paste bug (thanks + to Marc Mutz). + 2010-09-01 Marcus Brinkmann * w32-io.c: Revert change from 2009-06-18, as it created a race Modified: trunk/src/error.c =================================================================== --- trunk/src/error.c 2010-09-01 00:46:19 UTC (rev 1489) +++ trunk/src/error.c 2010-09-02 21:33:26 UTC (rev 1490) @@ -71,7 +71,7 @@ int gpgme_err_code_to_errno (gpgme_err_code_t code) { - return gpg_err_code_from_errno (code); + return gpg_err_code_to_errno (code); } From cvs at cvs.gnupg.org Fri Sep 3 10:37:58 2010 From: cvs at cvs.gnupg.org (cvs user werner) Date: Fri, 03 Sep 2010 10:37:58 +0200 Subject: misc-scripts (undump.c) Message-ID: Date: Friday, September 3, 2010 @ 10:37:58 Author: werner Path: /cvs/wk/misc-scripts Modified: undump.c . + From cvs at cvs.gnupg.org Fri Sep 3 10:50:04 2010 From: cvs at cvs.gnupg.org (cvs user werner) Date: Fri, 03 Sep 2010 10:50:04 +0200 Subject: misc-scripts (heating-control.c) Message-ID: Date: Friday, September 3, 2010 @ 10:50:04 Author: werner Path: /cvs/wk/misc-scripts Modified: heating-control.c . From cvs at cvs.gnupg.org Fri Sep 3 10:50:47 2010 From: cvs at cvs.gnupg.org (cvs user werner) Date: Fri, 03 Sep 2010 10:50:47 +0200 Subject: misc-scripts (heating-control.c) Message-ID: Date: Friday, September 3, 2010 @ 10:50:47 Author: werner Path: /cvs/wk/misc-scripts Modified: heating-control.c . From cvs at cvs.gnupg.org Fri Sep 3 11:12:24 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 03 Sep 2010 11:12:24 +0200 Subject: [svn] GnuPG - r5415 - branches/STABLE-BRANCH-1-4/po Message-ID: Author: wk Date: 2010-09-03 11:12:23 +0200 (Fri, 03 Sep 2010) New Revision: 5415 Modified: branches/STABLE-BRANCH-1-4/po/ChangeLog branches/STABLE-BRANCH-1-4/po/de.po Log: From cvs at cvs.gnupg.org Fri Sep 3 11:14:46 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 03 Sep 2010 11:14:46 +0200 Subject: [svn] GnuPG - r5416 - branches/STABLE-BRANCH-2-0/po Message-ID: Author: wk Date: 2010-09-03 11:14:45 +0200 (Fri, 03 Sep 2010) New Revision: 5416 Modified: branches/STABLE-BRANCH-2-0/po/ChangeLog branches/STABLE-BRANCH-2-0/po/de.po Log: Missing spaces fix. Modified: branches/STABLE-BRANCH-2-0/po/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/po/ChangeLog 2010-09-03 09:12:23 UTC (rev 5415) +++ branches/STABLE-BRANCH-2-0/po/ChangeLog 2010-09-03 09:14:45 UTC (rev 5416) @@ -1,3 +1,7 @@ +2010-09-03 Werner Koch + + * de.po: Insert missing spaces. Fixes Debian-Bug#594489. + 2010-07-19 Jedi (wk) * zh_TW.po: Update. Modified: branches/STABLE-BRANCH-2-0/po/de.po [not shown] From cvs at cvs.gnupg.org Mon Sep 6 21:57:45 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 06 Sep 2010 21:57:45 +0200 Subject: [svn] GnuPG - r5417 - trunk/g10 Message-ID: Author: wk Date: 2010-09-06 21:57:42 +0200 (Mon, 06 Sep 2010) New Revision: 5417 Modified: trunk/g10/ChangeLog trunk/g10/build-packet.c trunk/g10/card-util.c trunk/g10/delkey.c trunk/g10/export.c trunk/g10/free-packet.c trunk/g10/getkey.c trunk/g10/import.c trunk/g10/keydb.h trunk/g10/keyedit.c trunk/g10/keyid.c trunk/g10/keylist.c trunk/g10/keyring.c trunk/g10/main.h trunk/g10/mainproc.c trunk/g10/packet.h trunk/g10/parse-packet.c trunk/g10/passphrase.c trunk/g10/pubkey-enc.c trunk/g10/sign.c Log: Removed more secret key related code. It builds fine and passes some of the tests but there are quite some features which don't work yet. [The diff below has been truncated] Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-09-03 09:14:45 UTC (rev 5416) +++ trunk/g10/ChangeLog 2010-09-06 19:57:42 UTC (rev 5417) @@ -1,3 +1,53 @@ +2010-09-06 Werner Koch + + + * card-util.c (card_status): Remove stub creation fro GnuPG >= 2. + (card_store_subkey): Temporary disable this code. + + * keyedit.c (show_key_with_all_names): Merge secret and public key + parts. + (show_basic_key_info): Ditto. + * delkey.c (do_delete_key): Ditto. + * export.c (subkey_in_list_p, exact_subkey_match_p): Ditto. + (new_subkey_list_item): Ditto. + + * keyid.c (keystr_from_sk, keystr_from_sk_with_sub) + (keyid_from_sk, nbits_from_sk, datestr_from_sk) + (expirestr_from_sk, colon_datestr_from_sk, fingerprint_from_sk) + (serialno_and_fpr_from_sk, do_fingerprint_md_sk): Remove. + + * import.c (print_import_ok): Remove arg SK. + (import_secret_one): Adjust for seckey_info format. + (transfer_secret_keys): Ditto. Use gpg_format_keydesc. + (sec_to_pub_keyblock): Simplify. + (pub_to_sec_keyblock): Remove. + (auto_create_card_key_stub): Remove - not anymore needed. + (update_sec_keyblock_with_cardinfo): Remove. + (import_secret_one): Use arg option instead of the global option. + + * free-packet.c (copy_public_key): Adjust for seckey_info format. + (copy_public_parts_to_secret_key, copy_secret_key) + (cmp_secret_keys, cmp_public_secret_key): Remove. + + * passphrase.c (gpg_format_keydesc): Add arg MODE and change all + callers. + * keyring.c (keyring_search): Remove special case for secret keys. + * mainproc.c (struct mainproc_context): Remove unused field + LAST_SECKEY. + * parse-packet.c (parse_key): Rewrite to cope with new seckey_info + format. + * build-packet.c (do_public_key, do_secret_key): Merge code into ... + (do_key): .. new. Cope with seckey_info format. + +2010-09-03 Werner Koch + + * packet.h (struct seckey_info): New. + (PKT_public_key): Increase size of PKEY to allow storing of secret + keys. Add field SECKEY_INFO. + (PKT_secret_key): Remove. + * free-packet.c (release_public_key_parts): Take care of change. + (release_secret_key_parts, free_secret_key): Remove. + 2010-09-02 Werner Koch * import.c (transfer_secret_keys, import_secret_one): Enable stats. Modified: trunk/g10/build-packet.c =================================================================== --- trunk/g10/build-packet.c 2010-09-03 09:14:45 UTC (rev 5416) +++ trunk/g10/build-packet.c 2010-09-06 19:57:42 UTC (rev 5417) @@ -1,6 +1,6 @@ /* build-packet.c - assemble packets and write them * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * 2006, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -35,8 +35,7 @@ #include "options.h" static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ); -static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk ); -static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk ); +static int do_key (iobuf_t out, int ctb, PKT_public_key *pk); static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc ); static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc ); static u32 calc_plaintext( PKT_plaintext *pt ); @@ -107,11 +106,9 @@ break; case PKT_PUBLIC_SUBKEY: case PKT_PUBLIC_KEY: - rc = do_public_key( out, ctb, pkt->pkt.public_key ); - break; case PKT_SECRET_SUBKEY: case PKT_SECRET_KEY: - rc = do_secret_key( out, ctb, pkt->pkt.secret_key ); + rc = do_key (out, ctb, pkt->pkt.public_key); break; case PKT_SYMKEY_ENC: rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc ); @@ -242,198 +239,162 @@ return 0; } -static int -do_public_key( IOBUF out, int ctb, PKT_public_key *pk ) -{ - int rc = 0; - int n, i; - IOBUF a = iobuf_temp(); - - if ( !pk->version ) - iobuf_put( a, 3 ); - else - iobuf_put( a, pk->version ); - write_32(a, pk->timestamp ); - if ( pk->version < 4 ) - { - u16 ndays; - if ( pk->expiredate ) - ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L); - else - ndays = 0; - write_16(a, ndays ); - } - iobuf_put (a, pk->pubkey_algo ); - n = pubkey_get_npkey ( pk->pubkey_algo ); - if ( !n ) - write_fake_data( a, pk->pkey[0] ); - for (i=0; i < n && !rc ; i++ ) - rc = mpi_write(a, pk->pkey[i] ); - if (!rc) - { - write_header2 (out, ctb, iobuf_get_temp_length(a), pk->hdrbytes); - rc = iobuf_write_temp ( out, a ); - } - - iobuf_close(a); - return rc; -} - - static int -do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) +do_key (iobuf_t out, int ctb, PKT_public_key *pk) { - int rc = 0; + gpg_error_t err = 0; int i, nskey, npkey; - IOBUF a = iobuf_temp(); /* Build in a self-enlarging buffer. */ + iobuf_t a = iobuf_temp(); /* Build in a self-enlarging buffer. */ /* Write the version number - if none is specified, use 3 */ - if ( !sk->version ) + if ( !pk->version ) iobuf_put ( a, 3 ); else - iobuf_put ( a, sk->version ); - write_32 (a, sk->timestamp ); + iobuf_put ( a, pk->version ); + write_32 (a, pk->timestamp ); /* v3 needs the expiration time. */ - if ( sk->version < 4 ) + if ( pk->version < 4 ) { u16 ndays; - if ( sk->expiredate ) - ndays = (u16)((sk->expiredate - sk->timestamp) / 86400L); + if ( pk->expiredate ) + ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L); else ndays = 0; write_16(a, ndays); } - iobuf_put (a, sk->pubkey_algo ); + iobuf_put (a, pk->pubkey_algo ); /* Get number of secret and public parameters. They are held in one array first the public ones, then the secret ones. */ - nskey = pubkey_get_nskey ( sk->pubkey_algo ); - npkey = pubkey_get_npkey ( sk->pubkey_algo ); + nskey = pubkey_get_nskey (pk->pubkey_algo); + npkey = pubkey_get_npkey (pk->pubkey_algo); /* If we don't have any public parameters - which is the case if we don't know the algorithm used - the parameters are stored as one blob in a faked (opaque) MPI. */ - if ( !npkey ) + if (!npkey) { - write_fake_data( a, sk->skey[0] ); + write_fake_data (a, pk->pkey[0]); goto leave; } - assert ( npkey < nskey ); + assert (npkey < nskey); /* Writing the public parameters is easy. */ for (i=0; i < npkey; i++ ) - if ((rc = mpi_write (a, sk->skey[i]))) + if ((err = mpi_write (a, pk->pkey[i]))) goto leave; - /* Build the header for protected (encrypted) secret parameters. */ - if ( sk->is_protected ) + if (pk->seckey_info) { - if ( is_RSA(sk->pubkey_algo) - && sk->version < 4 - && !sk->protect.s2k.mode ) + /* This is a secret key packet. */ + struct seckey_info *ski = pk->seckey_info; + + /* Build the header for protected (encrypted) secret parameters. */ + if (ski->is_protected) { - /* The simple rfc1991 (v3) way. */ - iobuf_put (a, sk->protect.algo ); - iobuf_write (a, sk->protect.iv, sk->protect.ivlen ); - } - else - { - /* OpenPGP protection according to rfc2440. */ - iobuf_put(a, sk->protect.sha1chk? 0xfe : 0xff ); - iobuf_put(a, sk->protect.algo ); - if ( sk->protect.s2k.mode >= 1000 ) + if ( is_RSA (pk->pubkey_algo) && pk->version < 4 && !ski->s2k.mode ) { - /* These modes are not possible in OpenPGP, we use them - to implement our extensions, 101 can be seen as a - private/experimental extension (this is not specified - in rfc2440 but the same scheme is used for all other - algorithm identifiers) */ - iobuf_put(a, 101 ); - iobuf_put(a, sk->protect.s2k.hash_algo ); - iobuf_write(a, "GNU", 3 ); - iobuf_put(a, sk->protect.s2k.mode - 1000 ); - } - else + /* The simple rfc1991 (v3) way. */ + iobuf_put (a, ski->algo ); + iobuf_write (a, ski->iv, ski->ivlen); + } + else { - iobuf_put(a, sk->protect.s2k.mode ); - iobuf_put(a, sk->protect.s2k.hash_algo ); - } - if ( sk->protect.s2k.mode == 1 - || sk->protect.s2k.mode == 3 ) - iobuf_write (a, sk->protect.s2k.salt, 8 ); + /* OpenPGP protection according to rfc2440. */ + iobuf_put (a, ski->sha1chk? 0xfe : 0xff); + iobuf_put (a, ski->algo); + if (ski->s2k.mode >= 1000) + { + /* These modes are not possible in OpenPGP, we use + them to implement our extensions, 101 can be + viewed as a private/experimental extension (this + is not specified in rfc2440 but the same scheme + is used for all other algorithm identifiers). */ + iobuf_put (a, 101); + iobuf_put (a, ski->s2k.hash_algo); + iobuf_write (a, "GNU", 3 ); + iobuf_put (a, ski->s2k.mode - 1000); + } + else + { + iobuf_put (a, ski->s2k.mode); + iobuf_put (a, ski->s2k.hash_algo); + } - if ( sk->protect.s2k.mode == 3 ) - iobuf_put (a, sk->protect.s2k.count ); + if (ski->s2k.mode == 1 || ski->s2k.mode == 3) + iobuf_write (a, ski->s2k.salt, 8); - /* For our special modes 1001, 1002 we do not need an IV. */ - if ( sk->protect.s2k.mode != 1001 - && sk->protect.s2k.mode != 1002 ) - iobuf_write (a, sk->protect.iv, sk->protect.ivlen ); - } - } - else - iobuf_put (a, 0 ); + if (ski->s2k.mode == 3) + iobuf_put (a, ski->s2k.count); - if ( sk->protect.s2k.mode == 1001 ) - ; /* GnuPG extension - don't write a secret key at all. */ - else if ( sk->protect.s2k.mode == 1002 ) - { - /* GnuPG extension - divert to OpenPGP smartcard. */ - iobuf_put(a, sk->protect.ivlen ); /* Length of the serial number - or 0 for no serial - number. */ - /* The serial number gets stored in the IV field. */ - iobuf_write(a, sk->protect.iv, sk->protect.ivlen); - } - else if ( sk->is_protected && sk->version >= 4 ) - { - /* The secret key is protected - write it out as it is. */ - byte *p; - unsigned int ndatabits; - - assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE)); - p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits ); - iobuf_write (a, p, (ndatabits+7)/8 ); - } - else if ( sk->is_protected ) - { - /* The secret key is protected the old v4 way. */ - for ( ; i < nskey; i++ ) + /* For our special modes 1001, 1002 we do not need an IV. */ + if (ski->s2k.mode != 1001 && ski->s2k.mode != 1002) + iobuf_write (a, ski->iv, ski->ivlen); + } + } + else /* Not protected. */ + iobuf_put (a, 0 ); + + if (ski->s2k.mode == 1001) + ; /* GnuPG extension - don't write a secret key at all. */ + else if (ski->s2k.mode == 1002) + { + /* GnuPG extension - divert to OpenPGP smartcard. */ + /* Length of the serial number or 0 for no serial number. */ + iobuf_put (a, ski->ivlen ); + /* The serial number gets stored in the IV field. */ + iobuf_write (a, ski->iv, ski->ivlen); + } + else if (ski->is_protected && pk->version >= 4) { + /* The secret key is protected - write it out as it is. */ byte *p; unsigned int ndatabits; + + assert (gcry_mpi_get_flag (pk->pkey[npkey], GCRYMPI_FLAG_OPAQUE)); + p = gcry_mpi_get_opaque (pk->pkey[npkey], &ndatabits); + iobuf_write (a, p, (ndatabits+7)/8 ); + } + else if (ski->is_protected) + { + /* The secret key is protected the old v4 way. */ + for ( ; i < nskey; i++ ) + { + byte *p; + unsigned int ndatabits; - assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE)); - p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits); - iobuf_write (a, p, (ndatabits+7)/8); + assert (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE)); + p = gcry_mpi_get_opaque (pk->pkey[i], &ndatabits); + iobuf_write (a, p, (ndatabits+7)/8); + } + write_16 (a, ski->csum ); } - write_16(a, sk->csum ); + else + { + /* Non-protected key. */ + for ( ; i < nskey; i++ ) + if ( (err = mpi_write (a, pk->pkey[i]))) + goto leave; + write_16 (a, ski->csum ); + } } - else - { - /* Non-protected key. */ - for ( ; i < nskey; i++ ) - if ( (rc = mpi_write (a, sk->skey[i]))) - goto leave; - write_16 (a, sk->csum ); - } leave: - if (!rc) + if (!err) { /* Build the header of the packet - which we must do after writing all the other stuff, so that we know the length of the packet */ - write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes); - /* And finally write it out the real stream */ - rc = iobuf_write_temp( out, a ); + write_header2 (out, ctb, iobuf_get_temp_length(a), pk->hdrbytes); + /* And finally write it out to the real stream. */ + err = iobuf_write_temp (out, a); } - iobuf_close(a); /* Close the remporary buffer */ - return rc; + iobuf_close (a); /* Close the temporary buffer */ + return err; } static int Modified: trunk/g10/card-util.c =================================================================== --- trunk/g10/card-util.c 2010-09-03 09:14:45 UTC (rev 5416) +++ trunk/g10/card-util.c 2010-09-06 19:57:42 UTC (rev 5417) @@ -207,6 +207,9 @@ case 0x0005: return "ZeitControl"; case 0x002A: return "Magrathea"; + + case 0xF517: return "FSIJ"; + /* 0x00000 and 0xFFFF are defined as test cards per spec, 0xFFF00 to 0xFFFE are assigned for use with randomly created serial numbers. */ @@ -581,6 +584,7 @@ print_pubkey_info (fp, pk); +#if GNUPG_MAJOR_VERSION == 1 if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) ) print_card_key_info (fp, keyblock); else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) ) @@ -599,6 +603,7 @@ } release_kbnode (keyblock); +#endif /* GNUPG_MAJOR_VERSION == 1 */ } else tty_fprintf (fp, "[none]\n"); @@ -1514,150 +1519,151 @@ int card_store_subkey (KBNODE node, int use) { - struct agent_card_info_s info; - int okay = 0; - int rc; - int keyno, i; - PKT_secret_key *copied_sk = NULL; - PKT_secret_key *sk; - size_t n; - const char *s; - int allow_keyno[3]; - unsigned int nbits; +/* struct agent_card_info_s info; */ +/* int okay = 0; */ +/* int rc; */ +/* int keyno, i; */ +/* PKT_secret_key *copied_sk = NULL; */ +/* PKT_secret_key *sk; */ +/* size_t n; */ +/* const char *s; */ +/* int allow_keyno[3]; */ +/* unsigned int nbits; */ - assert (node->pkt->pkttype == PKT_SECRET_KEY - || node->pkt->pkttype == PKT_SECRET_SUBKEY); - sk = node->pkt->pkt.secret_key; +/* assert (node->pkt->pkttype == PKT_SECRET_KEY */ +/* || node->pkt->pkttype == PKT_SECRET_SUBKEY); */ +/* sk = node->pkt->pkt.secret_key; */ - if (get_info_for_key_operation (&info)) - return 0; +/* if (get_info_for_key_operation (&info)) */ +/* return 0; */ - if (!info.extcap.ki) - { - tty_printf ("The card does not support the import of keys\n"); - tty_printf ("\n"); - goto leave; - } +/* if (!info.extcap.ki) */ +/* { */ +/* tty_printf ("The card does not support the import of keys\n"); */ +/* tty_printf ("\n"); */ +/* goto leave; */ +/* } */ - show_card_key_info (&info); +/* show_card_key_info (&info); */ - nbits = nbits_from_sk (sk); +/* nbits = nbits_from_sk (sk); */ - if (!is_RSA (sk->pubkey_algo) || (!info.is_v2 && nbits != 1024) ) - { - tty_printf ("You may only store a 1024 bit RSA key on the card\n"); - tty_printf ("\n"); - goto leave; - } +/* if (!is_RSA (sk->pubkey_algo) || (!info.is_v2 && nbits != 1024) ) */ +/* { */ +/* tty_printf ("You may only store a 1024 bit RSA key on the card\n"); */ +/* tty_printf ("\n"); */ +/* goto leave; */ +/* } */ - allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG))); - allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC))); - allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))); +/* allow_keyno[0] = (!use || (use & (PUBKEY_USAGE_SIG))); */ +/* allow_keyno[1] = (!use || (use & (PUBKEY_USAGE_ENC))); */ +/* allow_keyno[2] = (!use || (use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))); */ - tty_printf (_("Please select where to store the key:\n")); +/* tty_printf (_("Please select where to store the key:\n")); */ - if (allow_keyno[0]) - tty_printf (_(" (1) Signature key\n")); - if (allow_keyno[1]) - tty_printf (_(" (2) Encryption key\n")); - if (allow_keyno[2]) - tty_printf (_(" (3) Authentication key\n")); +/* if (allow_keyno[0]) */ +/* tty_printf (_(" (1) Signature key\n")); */ +/* if (allow_keyno[1]) */ +/* tty_printf (_(" (2) Encryption key\n")); */ +/* if (allow_keyno[2]) */ +/* tty_printf (_(" (3) Authentication key\n")); */ - for (;;) - { - char *answer = cpr_get ("cardedit.genkeys.storekeytype", - _("Your selection? ")); - cpr_kill_prompt(); - if (*answer == CONTROL_D || !*answer) - { - xfree (answer); - goto leave; - } - keyno = *answer? atoi(answer): 0; - xfree(answer); - if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1]) - { - if (info.is_v2 && !info.extcap.aac - && info.key_attr[keyno-1].nbits != nbits) - { - tty_printf ("Key does not match the card's capability.\n"); - } - else - break; /* Okay. */ - } - else - tty_printf(_("Invalid selection.\n")); - } +/* for (;;) */ +/* { */ +/* char *answer = cpr_get ("cardedit.genkeys.storekeytype", */ +/* _("Your selection? ")); */ +/* cpr_kill_prompt(); */ +/* if (*answer == CONTROL_D || !*answer) */ +/* { */ +/* xfree (answer); */ +/* goto leave; */ +/* } */ +/* keyno = *answer? atoi(answer): 0; */ +/* xfree(answer); */ +/* if (keyno >= 1 && keyno <= 3 && allow_keyno[keyno-1]) */ +/* { */ +/* if (info.is_v2 && !info.extcap.aac */ +/* && info.key_attr[keyno-1].nbits != nbits) */ +/* { */ +/* tty_printf ("Key does not match the card's capability.\n"); */ +/* } */ +/* else */ +/* break; /\* Okay. *\/ */ +/* } */ +/* else */ +/* tty_printf(_("Invalid selection.\n")); */ +/* } */ - if (replace_existing_key_p (&info, keyno)) - goto leave; +/* if (replace_existing_key_p (&info, keyno)) */ +/* goto leave; */ - /* Unprotect key. */ - switch (is_secret_key_protected (sk) ) - { - case 0: /* Not protected. */ - break; - case -1: - log_error (_("unknown key protection algorithm\n")); - goto leave; - default: - if (sk->protect.s2k.mode == 1001) - { - log_error (_("secret parts of key are not available\n")); - goto leave; - } - if (sk->protect.s2k.mode == 1002) - { - log_error (_("secret key already stored on a card\n")); - goto leave; - } - /* We better copy the key before we unprotect it. */ - copied_sk = sk = copy_secret_key (NULL, sk); - rc = 0/*check_secret_key (sk, 0)*/; - if (rc) - goto leave; - } +/* /\* Unprotect key. *\/ */ +/* switch (is_secret_key_protected (sk) ) */ +/* { */ +/* case 0: /\* Not protected. *\/ */ +/* break; */ +/* case -1: */ +/* log_error (_("unknown key protection algorithm\n")); */ +/* goto leave; */ +/* default: */ +/* if (sk->protect.s2k.mode == 1001) */ +/* { */ +/* log_error (_("secret parts of key are not available\n")); */ +/* goto leave; */ +/* } */ +/* if (sk->protect.s2k.mode == 1002) */ +/* { */ +/* log_error (_("secret key already stored on a card\n")); */ +/* goto leave; */ +/* } */ +/* /\* We better copy the key before we unprotect it. *\/ */ +/* copied_sk = sk = copy_secret_key (NULL, sk); */ +/* rc = 0/\*check_secret_key (sk, 0)*\/; */ +/* if (rc) */ +/* goto leave; */ +/* } */ -#warning code save_unprotected_key_to_card - /* rc = save_unprotected_key_to_card (sk, keyno); */ - /* if (rc) */ - /* { */ - /* log_error (_("error writing key to card: %s\n"), gpg_strerror (rc)); */ - /* goto leave; */ - /* } */ +/* #warning code save_unprotected_key_to_card */ +/* /\* rc = save_unprotected_key_to_card (sk, keyno); *\/ */ +/* /\* if (rc) *\/ */ +/* /\* { *\/ */ +/* /\* log_error (_("error writing key to card: %s\n"), gpg_strerror (rc)); *\/ */ +/* /\* goto leave; *\/ */ +/* /\* } *\/ */ - /* Get back to the maybe protected original secret key. */ - if (copied_sk) - { - free_secret_key (copied_sk); - copied_sk = NULL; - } - sk = node->pkt->pkt.secret_key; +/* /\* Get back to the maybe protected original secret key. *\/ */ +/* if (copied_sk) */ +/* { */ +/* free_secret_key (copied_sk); */ +/* copied_sk = NULL; */ +/* } */ +/* sk = node->pkt->pkt.secret_key; */ - /* Get rid of the secret key parameters and store the serial numer. */ - n = pubkey_get_nskey (sk->pubkey_algo); - for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++) - { - gcry_mpi_release (sk->skey[i]); - sk->skey[i] = NULL; - } - i = pubkey_get_npkey (sk->pubkey_algo); - sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8); - sk->is_protected = 1; - sk->protect.s2k.mode = 1002; - s = info.serialno; - for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1]; - sk->protect.ivlen++, s += 2) - sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s); +/* /\* Get rid of the secret key parameters and store the serial numer. *\/ */ +/* n = pubkey_get_nskey (sk->pubkey_algo); */ +/* for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++) */ +/* { */ +/* gcry_mpi_release (sk->skey[i]); */ +/* sk->skey[i] = NULL; */ +/* } */ +/* i = pubkey_get_npkey (sk->pubkey_algo); */ +/* sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8); */ +/* sk->is_protected = 1; */ +/* sk->protect.s2k.mode = 1002; */ +/* s = info.serialno; */ +/* for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1]; */ +/* sk->protect.ivlen++, s += 2) */ +/* sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s); */ - okay = 1; +/* okay = 1; */ - leave: - if (copied_sk) - free_secret_key (copied_sk); - agent_release_card_info (&info); - return okay; +/* leave: */ +/* if (copied_sk) */ +/* free_secret_key (copied_sk); */ +/* agent_release_card_info (&info); */ +/* return okay; */ + return -1; } Modified: trunk/g10/delkey.c =================================================================== --- trunk/g10/delkey.c 2010-09-03 09:14:45 UTC (rev 5416) +++ trunk/g10/delkey.c 2010-09-06 19:57:42 UTC (rev 5417) @@ -54,7 +54,6 @@ KBNODE node; KEYDB_HANDLE hd = keydb_new (); PKT_public_key *pk = NULL; - PKT_secret_key *sk = NULL; u32 keyid[2]; int okay=0; int yes; @@ -91,30 +90,21 @@ goto leave; } - if( secret ) + pk = node->pkt->pkt.public_key; + keyid_from_pk( pk, keyid ); + + if (!force) { - sk = node->pkt->pkt.secret_key; - keyid_from_sk( sk, keyid ); + if (have_secret_key_with_kid (keyid)) + { + *r_sec_avail = 1; + rc = -1; + goto leave; + } + else + rc = 0; } - else - { - /* public */ - pk = node->pkt->pkt.public_key; - keyid_from_pk( pk, keyid ); - if(!force) - { - if (have_secret_key_with_kid (keyid)) - { - *r_sec_avail = 1; - rc = -1; - goto leave; - } - else - rc = 0; - } - } - if( rc ) rc = 0; else if (opt.batch && exactmatch) @@ -133,9 +123,9 @@ } else { if( secret ) - print_seckey_info( sk ); + print_seckey_info (pk); else - print_pubkey_info(NULL, pk ); + print_pubkey_info (NULL, pk ); tty_printf( "\n" ); yes = cpr_get_answer_is_yes( secret? "delete_key.secret.okay" Modified: trunk/g10/export.c =================================================================== --- trunk/g10/export.c 2010-09-03 09:14:45 UTC (rev 5416) +++ trunk/g10/export.c 2010-09-06 19:57:42 UTC (rev 5417) @@ -190,10 +190,7 @@ { u32 kid[2]; - if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - keyid_from_pk (node->pkt->pkt.public_key, kid); - else - keyid_from_sk (node->pkt->pkt.secret_key, kid); + keyid_from_pk (node->pkt->pkt.public_key, kid); for (; list; list = list->next) if (list->kid[0] == kid[0] && list->kid[1] == kid[1]) @@ -208,10 +205,9 @@ { subkey_list_t list = xcalloc (1, sizeof *list); - if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY) keyid_from_pk (node->pkt->pkt.public_key, list->kid); - else if (node->pkt->pkttype == PKT_SECRET_SUBKEY) - keyid_from_sk (node->pkt->pkt.secret_key, list->kid); return list; } @@ -235,19 +231,13 @@ { case KEYDB_SEARCH_MODE_SHORT_KID: case KEYDB_SEARCH_MODE_LONG_KID: - if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - keyid_from_pk (node->pkt->pkt.public_key, kid); - else - keyid_from_sk (node->pkt->pkt.secret_key, kid); + keyid_from_pk (node->pkt->pkt.public_key, kid); break; case KEYDB_SEARCH_MODE_FPR16: case KEYDB_SEARCH_MODE_FPR20: case KEYDB_SEARCH_MODE_FPR: - if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) - fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen); - else - fingerprint_from_sk (node->pkt->pkt.secret_key, fpr,&fprlen); + fingerprint_from_pk (node->pkt->pkt.public_key, fpr,&fprlen); break; default: @@ -287,451 +277,466 @@ /* If keyblock_out is non-NULL, AND the exit code is zero, then it contains a pointer to the first keyblock found and exported. No - other keyblocks are exported. The caller must free it. */ + other keyblocks are exported. The caller must free it. */ static int -do_export_stream( IOBUF out, strlist_t users, int secret, - KBNODE *keyblock_out, unsigned int options, int *any ) +do_export_stream (iobuf_t out, strlist_t users, int secret, + kbnode_t *keyblock_out, unsigned int options, int *any) { - int rc = 0; - gpg_error_t err; - PACKET pkt; - KBNODE keyblock = NULL; - KBNODE kbctx, node; - size_t ndesc, descindex; - KEYDB_SEARCH_DESC *desc = NULL; - subkey_list_t subkey_list = NULL; /* Track alreay processed subkeys. */ - KEYDB_HANDLE kdbhd; - strlist_t sl; - int indent = 0; + gpg_error_t err = 0; + PACKET pkt; + KBNODE keyblock = NULL; + KBNODE kbctx, node; + size_t ndesc, descindex; + KEYDB_SEARCH_DESC *desc = NULL; + subkey_list_t subkey_list = NULL; /* Track already processed subkeys. */ + KEYDB_HANDLE kdbhd; + strlist_t sl; + int indent = 0; - *any = 0; - init_packet( &pkt ); - kdbhd = keydb_new (); + *any = 0; + init_packet (&pkt); + kdbhd = keydb_new (); - if (!users) { - ndesc = 1; - desc = xcalloc ( ndesc, sizeof *desc ); - desc[0].mode = KEYDB_SEARCH_MODE_FIRST; + if (!users) + { + ndesc = 1; + desc = xcalloc (ndesc, sizeof *desc); + desc[0].mode = KEYDB_SEARCH_MODE_FIRST; } - else { - for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) - ; - desc = xmalloc ( ndesc * sizeof *desc); + else + { + for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) + ; + desc = xmalloc ( ndesc * sizeof *desc); - for (ndesc=0, sl=users; sl; sl = sl->next) { - if (!(err=classify_user_id (sl->d, desc+ndesc))) - ndesc++; - else - log_error (_("key \"%s\" not found: %s\n"), - sl->d, gpg_strerror (err)); + for (ndesc=0, sl=users; sl; sl = sl->next) + { + if (!(err=classify_user_id (sl->d, desc+ndesc))) + ndesc++; + else + log_error (_("key \"%s\" not found: %s\n"), + sl->d, gpg_strerror (err)); } - /* It would be nice to see which of the given users did - actually match one in the keyring. To implement this we - need to have a found flag for each entry in desc and to set - this we must check all those entries after a match to mark - all matched one - currently we stop at the first match. To - do this we need an extra flag to enable this feature so */ + /* It would be nice to see which of the given users did actually + match one in the keyring. To implement this we need to have + a found flag for each entry in desc. To set this flag we + must check all those entries after a match to mark all + matched one - currently we stop at the first match. To do + this we need an extra flag to enable this feature. */ } #ifdef ENABLE_SELINUX_HACKS - if (secret) { - log_error (_("exporting secret keys not allowed\n")); - rc = G10ERR_GENERAL; - goto leave; + if (secret) + { + log_error (_("exporting secret keys not allowed\n")); + err = G10ERR_GENERAL; + goto leave; } #endif - while (!(rc = keydb_search2 (kdbhd, desc, ndesc, &descindex))) { - int sha1_warned=0,skip_until_subkey=0; - u32 sk_keyid[2]; + while (!(err = keydb_search2 (kdbhd, desc, ndesc, &descindex))) + { + int sha1_warned = 0; + int skip_until_subkey = 0; + u32 keyid[2]; - if (!users) - desc[0].mode = KEYDB_SEARCH_MODE_NEXT; + if (!users) + desc[0].mode = KEYDB_SEARCH_MODE_NEXT; - /* Read the keyblock. */ - rc = keydb_get_keyblock (kdbhd, &keyblock ); - if( rc ) { - log_error (_("error reading keyblock: %s\n"), g10_errstr(rc) ); - goto leave; + /* Read the keyblock. */ + err = keydb_get_keyblock (kdbhd, &keyblock); + if (err) + { + log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); + goto leave; } - if((node=find_kbnode(keyblock,PKT_SECRET_KEY))) - { - PKT_secret_key *sk=node->pkt->pkt.secret_key; + if ((node=find_kbnode(keyblock, PKT_SECRET_KEY))) + { + PKT_public_key *pk = node->pkt->pkt.public_key; - keyid_from_sk(sk,sk_keyid); + keyid_from_pk (pk, keyid); - /* We can't apply GNU mode 1001 on an unprotected key. */ - if( secret == 2 && !sk->is_protected ) - { - log_info(_("key %s: not protected - skipped\n"), - keystr(sk_keyid)); - continue; - } + /* We can't apply GNU mode 1001 on an unprotected key. */ + if( secret == 2 + && pk->seckey_info && !pk->seckey_info->is_protected ) + { + log_info (_("key %s: not protected - skipped\n"), + keystr (keyid)); + continue; + } - /* No v3 keys with GNU mode 1001. */ - if( secret == 2 && sk->version == 3 ) - { - log_info(_("key %s: PGP 2.x style key - skipped\n"), - keystr(sk_keyid)); - continue; - } + /* No v3 keys with GNU mode 1001. */ + if( secret == 2 && pk->version == 3 ) + { + log_info(_("key %s: PGP 2.x style key - skipped\n"), + keystr (keyid)); + continue; + } - /* It does not make sense to export a key with a primary - key on card using a non-key stub. We simply skip those - keys when used with --export-secret-subkeys. */ - if (secret == 2 && sk->is_protected - && sk->protect.s2k.mode == 1002 ) - { - log_info(_("key %s: key material on-card - skipped\n"), - keystr(sk_keyid)); - continue; - } - } - else - { - /* It's a public key export, so do the cleaning if - requested. Note that both export-clean and - export-minimal only apply to UID sigs (0x10, 0x11, - 0x12, and 0x13). A designated revocation is never - stripped, even with export-minimal set. */ + /* It does not make sense to export a key with a primary + key on card using a non-key stub. We simply skip those + keys when used with --export-secret-subkeys. */ + if (secret == 2 + && pk->seckey_info && pk->seckey_info->is_protected + && pk->seckey_info->s2k.mode == 1002 ) + { + log_info(_("key %s: key material on-card - skipped\n"), + keystr (keyid)); + continue; + } + } + else + { + /* It's a public key export, so do the cleaning if + requested. Note that both export-clean and + export-minimal only apply to UID sigs (0x10, 0x11, 0x12, + and 0x13). A designated revocation is never stripped, + even with export-minimal set. */ + if ( (options & EXPORT_CLEAN) ) + clean_key (keyblock, opt.verbose, options&EXPORT_MINIMAL, + NULL, NULL); + } - if(options&EXPORT_CLEAN) - clean_key(keyblock,opt.verbose,options&EXPORT_MINIMAL,NULL,NULL); - } + /* And write it. */ + for (kbctx=NULL; (node = walk_kbnode (keyblock, &kbctx, 0)); ) + { + if (skip_until_subkey) + { + if (node->pkt->pkttype==PKT_PUBLIC_SUBKEY + || node->pkt->pkttype==PKT_SECRET_SUBKEY) + skip_until_subkey = 0; + else + continue; + } - /* And write it. */ - for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) { - if( skip_until_subkey ) - { - if(node->pkt->pkttype==PKT_PUBLIC_SUBKEY - || node->pkt->pkttype==PKT_SECRET_SUBKEY) - skip_until_subkey=0; - else - continue; - } + /* We used to use comment packets, but not any longer. In + case we still have comments on a key, strip them here + before we call build_packet(). */ + if (node->pkt->pkttype == PKT_COMMENT) + continue; - /* We used to use comment packets, but not any longer. In - case we still have comments on a key, strip them here - before we call build_packet(). */ - if( node->pkt->pkttype == PKT_COMMENT ) - continue; + /* Make sure that ring_trust packets never get exported. */ + if (node->pkt->pkttype == PKT_RING_TRUST) + continue; - /* Make sure that ring_trust packets never get exported. */ - if (node->pkt->pkttype == PKT_RING_TRUST) - continue; - - /* If exact is set, then we only export what was requested - (plus the primary key, if the user didn't specifically - request it). */ - if(desc[descindex].exact - && (node->pkt->pkttype==PKT_PUBLIC_SUBKEY - || node->pkt->pkttype==PKT_SECRET_SUBKEY)) - { - if (!exact_subkey_match_p (desc+descindex, node)) - { - /* Before skipping this subkey, check whether any - other description wants an exact match on a - subkey and include that subkey into the output - too. Need to add this subkey to a list so that - it won't get processed a second time. + /* If exact is set, then we only export what was requested + (plus the primary key, if the user didn't specifically + request it). */ + if (desc[descindex].exact + && (node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY)) + { + if (!exact_subkey_match_p (desc+descindex, node)) + { + /* Before skipping this subkey, check whether any + other description wants an exact match on a + subkey and include that subkey into the output + too. Need to add this subkey to a list so that + it won't get processed a second time. - So the first step here is to check that list and - skip in any case if the key is in that list. + So the first step here is to check that list and + skip in any case if the key is in that list. - We need this whole mess because the import - function is not able to merge secret keys and - thus it is useless to output them as two - separate keys and have import merge them. */ - if (subkey_in_list_p (subkey_list, node)) - skip_until_subkey = 1; /* Already processed this one. */ - else - { - size_t j; + We need this whole mess because the import + function is not able to merge secret keys and + thus it is useless to output them as two separate + keys and have import merge them. */ + if (subkey_in_list_p (subkey_list, node)) + skip_until_subkey = 1; /* Already processed this one. */ + else + { + size_t j; - for (j=0; j < ndesc; j++) - if (j != descindex && desc[j].exact - && exact_subkey_match_p (desc+j, node)) - break; - if (!(j < ndesc)) - skip_until_subkey = 1; /* No other one matching. */ - } - } + for (j=0; j < ndesc; j++) + if (j != descindex && desc[j].exact + && exact_subkey_match_p (desc+j, node)) + break; + if (!(j < ndesc)) + skip_until_subkey = 1; /* No other one matching. */ + } + } - if(skip_until_subkey) - continue; + if(skip_until_subkey) + continue; - /* Mark this one as processed. */ - { - subkey_list_t tmp = new_subkey_list_item (node); - tmp->next = subkey_list; - subkey_list = tmp; - } - } + /* Mark this one as processed. */ + { + subkey_list_t tmp = new_subkey_list_item (node); + tmp->next = subkey_list; + subkey_list = tmp; + } + } - if(node->pkt->pkttype==PKT_SIGNATURE) - { - /* do not export packets which are marked as not - exportable */ - if(!(options&EXPORT_LOCAL_SIGS) - && !node->pkt->pkt.signature->flags.exportable) - continue; /* not exportable */ + if (node->pkt->pkttype == PKT_SIGNATURE) + { + /* Do not export packets which are marked as not + exportable. */ + if (!(options&EXPORT_LOCAL_SIGS) + && !node->pkt->pkt.signature->flags.exportable) + continue; /* not exportable */ - /* Do not export packets with a "sensitive" revocation - key unless the user wants us to. Note that we do - export these when issuing the actual revocation - (see revoke.c). */ - if(!(options&EXPORT_SENSITIVE_REVKEYS) - && node->pkt->pkt.signature->revkey) - { - int i; + /* Do not export packets with a "sensitive" revocation + key unless the user wants us to. Note that we do + export these when issuing the actual revocation + (see revoke.c). */ + if (!(options&EXPORT_SENSITIVE_REVKEYS) + && node->pkt->pkt.signature->revkey) + { + int i; + + for (i=0;ipkt->pkt.signature->numrevkeys;i++) + if ( (node->pkt->pkt.signature->revkey[i]->class & 0x40)) + break; - for(i=0;ipkt->pkt.signature->numrevkeys;i++) - if(node->pkt->pkt.signature->revkey[i]->class & 0x40) - break; + if (i < node->pkt->pkt.signature->numrevkeys) + continue; + } + } - if(ipkt->pkt.signature->numrevkeys) - continue; - } - } - - /* Don't export attribs? */ - if( !(options&EXPORT_ATTRIBUTES) && - node->pkt->pkttype == PKT_USER_ID && - node->pkt->pkt.user_id->attrib_data ) { + /* Don't export attribs? */ + if (!(options&EXPORT_ATTRIBUTES) + && node->pkt->pkttype == PKT_USER_ID + && node->pkt->pkt.user_id->attrib_data ) + { /* Skip until we get to something that is not an attrib or a signature on an attrib */ - while(kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE) { - kbctx=kbctx->next; - } + while (kbctx->next && kbctx->next->pkt->pkttype==PKT_SIGNATURE) + kbctx = kbctx->next; continue; } - if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY ) - { - /* We don't want to export the secret parts of the - * primary key, this is done by using GNU protection mode 1001 - */ - int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode; - node->pkt->pkt.secret_key->protect.s2k.mode = 1001; - if ((options&EXPORT_SEXP_FORMAT)) - rc = build_sexp (out, node->pkt, &indent); - else - rc = build_packet (out, node->pkt); - node->pkt->pkt.secret_key->protect.s2k.mode = save_mode; - } - else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY - && (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD)) - { - /* If the subkey is protected reset the passphrase to - export an unprotected subkey. This feature is - useful in cases of a subkey copied to an unattended - machine where a passphrase is not required. */ - PKT_secret_key *sk_save, *sk; + if (secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY) + { + /* We don't want to export the secret parts of the + * primary key, this is done by temporary switching to + * GNU protection mode 1001. */ + int save_mode = node->pkt->pkt.public_key->seckey_info->s2k.mode; + node->pkt->pkt.public_key->seckey_info->s2k.mode = 1001; + if ((options&EXPORT_SEXP_FORMAT)) + err = build_sexp (out, node->pkt, &indent); + else + err = build_packet (out, node->pkt); + node->pkt->pkt.public_key->seckey_info->s2k.mode = save_mode; + } + else if (secret == 2 && node->pkt->pkttype == PKT_SECRET_SUBKEY + && (opt.export_options&EXPORT_RESET_SUBKEY_PASSWD)) + { + /* If the subkey is protected reset the passphrase to + export an unprotected subkey. This feature is useful + in cases of a subkey copied to an unattended machine + where a passphrase is not required. */ + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + goto leave; +#warning We need to implement this + /* PKT_secret_key *sk_save, *sk; */ - sk_save = node->pkt->pkt.secret_key; - sk = copy_secret_key (NULL, sk_save); - node->pkt->pkt.secret_key = sk; + /* sk_save = node->pkt->pkt.secret_key; */ + /* sk = copy_secret_key (NULL, sk_save); */ + /* node->pkt->pkt.secret_key = sk; */ - log_info (_("about to export an unprotected subkey\n")); - switch (is_secret_key_protected (sk)) - { - case -1: - rc = G10ERR_PUBKEY_ALGO; - break; - case 0: - break; - default: - if (sk->protect.s2k.mode == 1001) - ; /* No secret parts. */ - else if( sk->protect.s2k.mode == 1002 ) - ; /* Card key stub. */ - else - { - /* rc = check_secret_key( sk, 0 ); */ - } - break; - } - if (rc) - { - node->pkt->pkt.secret_key = sk_save; - free_secret_key (sk); - log_error (_("failed to unprotect the subkey: %s\n"), - g10_errstr (rc)); - goto leave; - } + /* log_info (_("about to export an unprotected subkey\n")); */ + /* switch (is_secret_key_protected (sk)) */ + /* { */ + /* case -1: */ + /* err = gpg_error (GPG_ERR_PUBKEY_ALGO); */ + /* break; */ + /* case 0: */ + /* break; */ + /* default: */ + /* if (sk->protect.s2k.mode == 1001) */ + /* ; /\* No secret parts. *\/ */ + /* else if( sk->protect.s2k.mode == 1002 ) */ + /* ; /\* Card key stub. *\/ */ + /* else */ + /* { */ + /* /\* err = check_secret_key( sk, 0 ); *\/ */ + /* } */ + /* break; */ + /* } */ + /* if (err) */ + /* { */ + /* node->pkt->pkt.secret_key = sk_save; */ + /* free_secret_key (sk); */ + /* log_error (_("failed to unprotect the subkey: %s\n"), */ + /* g10_errstr (rc)); */ + /* goto leave; */ + /* } */ - if ((options&EXPORT_SEXP_FORMAT)) - rc = build_sexp (out, node->pkt, &indent); - else - rc = build_packet (out, node->pkt); + /* if ((options&EXPORT_SEXP_FORMAT)) */ + /* err = build_sexp (out, node->pkt, &indent); */ + /* else */ + /* err = build_packet (out, node->pkt); */ - node->pkt->pkt.secret_key = sk_save; - free_secret_key (sk); - } - else - { - /* Warn the user if the secret key or any of the secret - subkeys are protected with SHA1 and we have - simple_sk_checksum set. */ - if(!sha1_warned && opt.simple_sk_checksum && - (node->pkt->pkttype==PKT_SECRET_KEY || - node->pkt->pkttype==PKT_SECRET_SUBKEY) && - node->pkt->pkt.secret_key->protect.sha1chk) - { - /* I hope this warning doesn't confuse people. */ - log_info(_("WARNING: secret key %s does not have a " - "simple SK checksum\n"),keystr(sk_keyid)); + /* node->pkt->pkt.secret_key = sk_save; */ + /* free_secret_key (sk); */ + } + else + { + /* Warn the user if the secret key or any of the secret + subkeys are protected with SHA1 and we have + simple_sk_checksum set. */ + if (!sha1_warned && opt.simple_sk_checksum && + (node->pkt->pkttype == PKT_SECRET_KEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY) + && node->pkt->pkt.public_key->seckey_info->sha1chk) + { + /* I hope this warning doesn't confuse people. */ + log_info(_("WARNING: secret key %s does not have a " + "simple SK checksum\n"), keystr (keyid)); - sha1_warned=1; - } + sha1_warned = 1; + } - if ((options&EXPORT_SEXP_FORMAT)) - rc = build_sexp (out, node->pkt, &indent); - else - rc = build_packet (out, node->pkt); - } + if ((options&EXPORT_SEXP_FORMAT)) + err = build_sexp (out, node->pkt, &indent); + else + err = build_packet (out, node->pkt); + } - if( rc ) { - log_error("build_packet(%d) failed: %s\n", - node->pkt->pkttype, g10_errstr(rc) ); - goto leave; + if (err) + { + log_error ("build_packet(%d) failed: %s\n", + node->pkt->pkttype, gpg_strerror (err)); + goto leave; } } - if ((options&EXPORT_SEXP_FORMAT) && indent) - { - for (; indent; indent--) - iobuf_put (out, ')'); - iobuf_put (out, '\n'); - } + if ((options&EXPORT_SEXP_FORMAT) && indent) + { + for (; indent; indent--) + iobuf_put (out, ')'); + iobuf_put (out, '\n'); + } - ++*any; - if(keyblock_out) - { - *keyblock_out=keyblock; - break; - } + ++*any; + if(keyblock_out) + { + *keyblock_out=keyblock; + break; + } } - if ((options&EXPORT_SEXP_FORMAT) && indent) - { - for (; indent; indent--) - iobuf_put (out, ')'); - iobuf_put (out, '\n'); - } - if( rc == -1 ) - rc = 0; + if ((options&EXPORT_SEXP_FORMAT) && indent) + { + for (; indent; indent--) + iobuf_put (out, ')'); + iobuf_put (out, '\n'); + } + if( err == -1 ) + err = 0; - leave: - release_subkey_list (subkey_list); - xfree(desc); - keydb_release (kdbhd); - if(rc || keyblock_out==NULL) - release_kbnode( keyblock ); - if( !*any ) - log_info(_("WARNING: nothing exported\n")); - return rc; + leave: + release_subkey_list (subkey_list); + xfree(desc); + keydb_release (kdbhd); + if (err || !keyblock_out) + release_kbnode( keyblock ); + if( !*any ) + log_info(_("WARNING: nothing exported\n")); + return err; } -static int -write_sexp_line (iobuf_t out, int *indent, const char *text) -{ - int i; +/* static int */ +/* write_sexp_line (iobuf_t out, int *indent, const char *text) */ +/* { */ +/* int i; */ - for (i=0; i < *indent; i++) - iobuf_put (out, ' '); - iobuf_writestr (out, text); - return 0; -} +/* for (i=0; i < *indent; i++) */ +/* iobuf_put (out, ' '); */ +/* iobuf_writestr (out, text); */ +/* return 0; */ +/* } */ -static int -write_sexp_keyparm (iobuf_t out, int *indent, const char *name, gcry_mpi_t a) -{ - int rc; - unsigned char *buffer; +/* static int */ +/* write_sexp_keyparm (iobuf_t out, int *indent, const char *name, gcry_mpi_t a) */ +/* { */ +/* int rc; */ +/* unsigned char *buffer; */ - write_sexp_line (out, indent, "("); - iobuf_writestr (out, name); - iobuf_writestr (out, " #"); +/* write_sexp_line (out, indent, "("); */ +/* iobuf_writestr (out, name); */ +/* iobuf_writestr (out, " #"); */ - rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a); - assert (!rc); - iobuf_writestr (out, buffer); - iobuf_writestr (out, "#)"); - gcry_free (buffer); - return 0; -} +/* rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a); */ +/* assert (!rc); */ +/* iobuf_writestr (out, buffer); */ +/* iobuf_writestr (out, "#)"); */ +/* gcry_free (buffer); */ +/* return 0; */ +/* } */ static int build_sexp_seckey (iobuf_t out, PACKET *pkt, int *indent) { - PKT_secret_key *sk = pkt->pkt.secret_key; - char tmpbuf[100]; + /* FIXME: Not yet implemented. */ + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + /* PKT_secret_key *sk = pkt->pkt.secret_key; */ + /* char tmpbuf[100]; */ - if (pkt->pkttype == PKT_SECRET_KEY) - { - iobuf_writestr (out, "(openpgp-key\n"); - (*indent)++; - } - else - { - iobuf_writestr (out, " (subkey\n"); - (*indent)++; - } - (*indent)++; - write_sexp_line (out, indent, "(private-key\n"); From cvs at cvs.gnupg.org Thu Sep 16 13:45:26 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 16 Sep 2010 13:45:26 +0200 Subject: [svn] GnuPG - r5419 - branches/STABLE-BRANCH-2-0/doc Message-ID: Author: wk Date: 2010-09-16 13:45:25 +0200 (Thu, 16 Sep 2010) New Revision: 5419 Modified: branches/STABLE-BRANCH-2-0/doc/gpgsm.texi Log: Fix --include-certs entry. Modified: branches/STABLE-BRANCH-2-0/doc/gpgsm.texi =================================================================== --- branches/STABLE-BRANCH-2-0/doc/gpgsm.texi 2010-09-13 10:17:04 UTC (rev 5418) +++ branches/STABLE-BRANCH-2-0/doc/gpgsm.texi 2010-09-16 11:45:25 UTC (rev 5419) @@ -566,10 +566,9 @@ @item --include-certs @var{n} @opindex include-certs Using @var{n} of -2 includes all certificate except for the root cert, --1 includes all certs, 0 does not include any certs, 1 includes only -the signers cert (this is the default) and all other positive -values include up to @var{n} certificates starting with the signer cert. -The default is -2. +-1 includes all certs, 0 does not include any certs, 1 includes only the +signers cert and all other positive values include up to @var{n} +certificates starting with the signer cert. The default is -2. @item --cipher-algo @var{oid} @opindex cipher-algo From cvs at cvs.gnupg.org Thu Sep 16 15:39:01 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 16 Sep 2010 15:39:01 +0200 Subject: [svn] gpgme - r1491 - trunk/src Message-ID: Author: wk Date: 2010-09-16 15:39:00 +0200 (Thu, 16 Sep 2010) New Revision: 1491 Modified: trunk/src/ChangeLog trunk/src/op-support.c trunk/src/util.h Log: Add a new error code. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-09-02 21:33:26 UTC (rev 1490) +++ trunk/src/ChangeLog 2010-09-16 13:39:00 UTC (rev 1491) @@ -1,3 +1,9 @@ +2010-09-16 Werner Koch + + * util.h: Add fallback define for GPG_ERR_MISSING_ISSUER_CERT. + * op-support.c: Include "util.h". + (_gpgme_parse_inv_recp): Handle new code 12. + 2010-09-02 Marcus Brinkmann * error.c (gpgme_err_code_to_errno): Fix cut and paste bug (thanks Modified: trunk/src/op-support.c =================================================================== --- trunk/src/op-support.c 2010-09-02 21:33:26 UTC (rev 1490) +++ trunk/src/op-support.c 2010-09-16 13:39:00 UTC (rev 1491) @@ -30,6 +30,7 @@ #include "gpgme.h" #include "context.h" #include "ops.h" +#include "util.h" gpgme_error_t @@ -246,6 +247,10 @@ case 11: inv_key->reason = gpg_error (GPG_ERR_MISSING_CERT); break; + + case 12: + inv_key->reason = gpg_error (GPG_ERR_MISSING_ISSUER_CERT); + break; } while (*tail && *tail == ' ') Modified: trunk/src/util.h =================================================================== --- trunk/src/util.h 2010-09-02 21:33:26 UTC (rev 1490) +++ trunk/src/util.h 2010-09-16 13:39:00 UTC (rev 1491) @@ -136,6 +136,9 @@ #ifndef GPG_ERR_NOT_OPERATIONAL #define GPG_ERR_NOT_OPERATIONAL 176 #endif +#ifndef GPG_ERR_MISSING_ISSUER_CERT +#define GPG_ERR_MISSING_ISSUER_CERT 185 +#endif #ifdef ENABLE_ASSUAN From cvs at cvs.gnupg.org Thu Sep 16 16:17:51 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 16 Sep 2010 16:17:51 +0200 Subject: [svn] gpgme - r1492 - trunk/src Message-ID: Author: wk Date: 2010-09-16 16:17:50 +0200 (Thu, 16 Sep 2010) New Revision: 1492 Modified: trunk/src/ChangeLog trunk/src/import.c Log: Return GPG_ERR_MISSING_ISSUER_CERT. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-09-16 13:39:00 UTC (rev 1491) +++ trunk/src/ChangeLog 2010-09-16 14:17:50 UTC (rev 1492) @@ -1,5 +1,8 @@ 2010-09-16 Werner Koch + * import.c: Include "util.h". + (parse_import): Return GPG_ERR_MISSING_ISSUER_CERT. + * util.h: Add fallback define for GPG_ERR_MISSING_ISSUER_CERT. * op-support.c: Include "util.h". (_gpgme_parse_inv_recp): Handle new code 12. Modified: trunk/src/import.c =================================================================== --- trunk/src/import.c 2010-09-16 13:39:00 UTC (rev 1491) +++ trunk/src/import.c 2010-09-16 14:17:50 UTC (rev 1492) @@ -30,6 +30,7 @@ #include "debug.h" #include "context.h" #include "ops.h" +#include "util.h" typedef struct @@ -149,7 +150,7 @@ break; case 2: - import->result = gpg_error (GPG_ERR_MISSING_CERT); + import->result = gpg_error (GPG_ERR_MISSING_ISSUER_CERT); break; case 3: From cvs at cvs.gnupg.org Thu Sep 16 16:32:39 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 16 Sep 2010 16:32:39 +0200 Subject: [svn] GnuPG - r5420 - in branches/STABLE-BRANCH-2-0: common sm Message-ID: Author: wk Date: 2010-09-16 16:32:38 +0200 (Thu, 16 Sep 2010) New Revision: 5420 Modified: branches/STABLE-BRANCH-2-0/common/ChangeLog branches/STABLE-BRANCH-2-0/common/status.c branches/STABLE-BRANCH-2-0/common/util.h branches/STABLE-BRANCH-2-0/sm/ChangeLog branches/STABLE-BRANCH-2-0/sm/call-agent.c branches/STABLE-BRANCH-2-0/sm/certchain.c branches/STABLE-BRANCH-2-0/sm/gpgsm.c branches/STABLE-BRANCH-2-0/sm/import.c Log: Return a more specific error code for missing issuer certificates Modified: branches/STABLE-BRANCH-2-0/common/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/common/ChangeLog 2010-09-16 11:45:25 UTC (rev 5419) +++ branches/STABLE-BRANCH-2-0/common/ChangeLog 2010-09-16 14:32:38 UTC (rev 5420) @@ -1,3 +1,8 @@ +2010-09-16 Werner Koch + + * util.h: Add GPG_ERR_MISSING_ISSUER_CERT. + * status.c (get_inv_recpsgnr_code): Ditto. + 2010-05-03 Werner Koch * asshelp.c (lock_agent_spawning, unlock_agent_spawning): New. Modified: branches/STABLE-BRANCH-2-0/sm/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/sm/ChangeLog 2010-09-16 11:45:25 UTC (rev 5419) +++ branches/STABLE-BRANCH-2-0/sm/ChangeLog 2010-09-16 14:32:38 UTC (rev 5420) @@ -1,3 +1,13 @@ +2010-09-16 Werner Koch + + * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. + (do_validate_chain): Ditto. + (gpgsm_basic_cert_check): Ditto. + * call-agent.c (learn_cb): Take care of new + GPG_ERR_MISSING_ISSUER_CERT. + * import.c (check_and_store): Ditto. + (check_and_store): Ditto. + 2010-05-12 Werner Koch * Makefile.am (gpgsm_LDADD): Include NETLIBS which is required for Modified: branches/STABLE-BRANCH-2-0/common/status.c =================================================================== --- branches/STABLE-BRANCH-2-0/common/status.c 2010-09-16 11:45:25 UTC (rev 5419) +++ branches/STABLE-BRANCH-2-0/common/status.c 2010-09-16 14:32:38 UTC (rev 5420) @@ -58,6 +58,7 @@ case GPG_ERR_NOT_TRUSTED: errstr = "10"; break; case GPG_ERR_MISSING_CERT: errstr = "11"; break; + case GPG_ERR_MISSING_ISSUER_CERT: errstr = "12"; break; default: errstr = "0"; break; } Modified: branches/STABLE-BRANCH-2-0/common/util.h =================================================================== --- branches/STABLE-BRANCH-2-0/common/util.h 2010-09-16 11:45:25 UTC (rev 5419) +++ branches/STABLE-BRANCH-2-0/common/util.h 2010-09-16 14:32:38 UTC (rev 5420) @@ -29,6 +29,9 @@ #ifndef GPG_ERR_NOT_ENABLED #define GPG_ERR_NOT_ENABLED 179 #endif +#ifndef GPG_ERR_MISSING_ISSUER_CERT +#define GPG_ERR_MISSING_ISSUER_CERT 185 +#endif /* Hash function used with libksba. */ #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) Modified: branches/STABLE-BRANCH-2-0/sm/call-agent.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/call-agent.c 2010-09-16 11:45:25 UTC (rev 5419) +++ branches/STABLE-BRANCH-2-0/sm/call-agent.c 2010-09-16 14:32:38 UTC (rev 5420) @@ -879,7 +879,8 @@ because we can assume that the --learn-card command has been used on purpose. */ rc = gpgsm_basic_cert_check (parm->ctrl, cert); - if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT) + if (rc && gpg_err_code (rc) != GPG_ERR_MISSING_CERT + && gpg_err_code (rc) != GPG_ERR_MISSING_ISSUER_CERT) log_error ("invalid certificate: %s\n", gpg_strerror (rc)); else { Modified: branches/STABLE-BRANCH-2-0/sm/certchain.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/certchain.c 2010-09-16 11:45:25 UTC (rev 5419) +++ branches/STABLE-BRANCH-2-0/sm/certchain.c 2010-09-16 14:32:38 UTC (rev 5420) @@ -789,7 +789,7 @@ print an error here. */ if (rc != -1 && opt.verbose > 1) log_error ("failed to find issuer's certificate: rc=%d\n", rc); - rc = gpg_error (GPG_ERR_MISSING_CERT); + rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT); goto leave; } @@ -1496,7 +1496,7 @@ } else log_error ("failed to find issuer's certificate: rc=%d\n", rc); - rc = gpg_error (GPG_ERR_MISSING_CERT); + rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT); goto leave; } @@ -1897,7 +1897,7 @@ } else log_error ("failed to find issuer's certificate: rc=%d\n", rc); - rc = gpg_error (GPG_ERR_MISSING_CERT); + rc = gpg_error (GPG_ERR_MISSING_ISSUER_CERT); goto leave; } Modified: branches/STABLE-BRANCH-2-0/sm/gpgsm.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2010-09-16 11:45:25 UTC (rev 5419) +++ branches/STABLE-BRANCH-2-0/sm/gpgsm.c 2010-09-16 14:32:38 UTC (rev 5420) @@ -288,7 +288,7 @@ ARGPARSE_s_s (oAuditLog, "audit-log", N_("|FILE|write an audit log to FILE")), - ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", ""), + ARGPARSE_s_s (oHtmlAuditLog, "html-audit-log", "@"), ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_n (oBatch, "batch", N_("batch mode: never ask")), ARGPARSE_s_n (oAnswerYes, "yes", N_("assume yes on most questions")), Modified: branches/STABLE-BRANCH-2-0/sm/import.c =================================================================== --- branches/STABLE-BRANCH-2-0/sm/import.c 2010-09-16 11:45:25 UTC (rev 5419) +++ branches/STABLE-BRANCH-2-0/sm/import.c 2010-09-16 14:32:38 UTC (rev 5420) @@ -178,7 +178,8 @@ if (!rc && ctrl->with_validation) rc = gpgsm_validate_chain (ctrl, cert, "", NULL, 0, NULL, 0, NULL); if (!rc || (!ctrl->with_validation - && gpg_err_code (rc) == GPG_ERR_MISSING_CERT) ) + && (gpg_err_code (rc) == GPG_ERR_MISSING_CERT + || gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT))) { int existed; @@ -237,9 +238,14 @@ log_error (_("basic certificate checks failed - not imported\n")); if (stats) stats->not_imported++; - print_import_problem (ctrl, cert, - gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 : - gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0); + /* We keep the test for GPG_ERR_MISSING_CERT only in case + GPG_ERR_MISSING_CERT has been used instead of the newer + GPG_ERR_MISSING_ISSUER_CERT. */ + print_import_problem + (ctrl, cert, + gpg_err_code (rc) == GPG_ERR_MISSING_ISSUER_CERT? 2 : + gpg_err_code (rc) == GPG_ERR_MISSING_CERT? 2 : + gpg_err_code (rc) == GPG_ERR_BAD_CERT? 1 : 0); } } From cvs at cvs.gnupg.org Thu Sep 16 20:44:34 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 16 Sep 2010 20:44:34 +0200 Subject: [svn] gpg-error - r250 - in trunk: . po src Message-ID: Author: wk Date: 2010-09-16 20:44:32 +0200 (Thu, 16 Sep 2010) New Revision: 250 Modified: trunk/ChangeLog trunk/NEWS trunk/po/cs.po trunk/po/de.po trunk/po/fr.po trunk/po/it.po trunk/po/libgpg-error.pot trunk/po/nl.po trunk/po/pl.po trunk/po/ro.po trunk/po/sv.po trunk/po/vi.po trunk/po/zh_CN.po trunk/src/init.c trunk/src/init.h trunk/src/w32-gettext.c Log: Fix initialization of static libs Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-09-16 14:40:28 UTC (rev 249) +++ trunk/ChangeLog 2010-09-16 18:44:32 UTC (rev 250) @@ -1,3 +1,9 @@ +2010-09-16 Werner Koch + + * src/w32-gettext.c (module_init): Do not set a constructur if not + build as DLL. + (_gpg_w32__init_gettext_module): New. + 2010-09-16 gettextize * configure.ac (AM_GNU_GETTEXT_VERSION): Bump to 0.17. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-09-16 14:40:28 UTC (rev 249) +++ trunk/NEWS 2010-09-16 18:44:32 UTC (rev 250) @@ -1,6 +1,7 @@ Noteworthy changes in version 1.10 ---------------------------------------------- + * Using a static library on W32 does now work. * Interface changes relative to the 1.9 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Modified: trunk/po/cs.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/libgpg-error.pot =================================================================== --- trunk/po/libgpg-error.pot 2010-09-16 14:40:28 UTC (rev 249) +++ trunk/po/libgpg-error.pot 2010-09-16 18:44:32 UTC (rev 250) @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: libgpg-error 1.10-svn248\n" +"Project-Id-Version: libgpg-error 1.10-svn249\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"POT-Creation-Date: 2010-09-16 14:55+0200\n" +"POT-Creation-Date: 2010-09-16 16:34+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" Modified: trunk/po/nl.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/vi.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/src/init.c =================================================================== --- trunk/src/init.c 2010-09-16 14:40:28 UTC (rev 249) +++ trunk/src/init.c 2010-09-16 18:44:32 UTC (rev 250) @@ -96,6 +96,7 @@ /* No way to continue - commit suicide. */ abort (); } + _gpg_w32__init_gettext_module (); real_init (); } # endif /*!DLL_EXPORT*/ Modified: trunk/src/init.h =================================================================== --- trunk/src/init.h 2010-09-16 14:40:28 UTC (rev 249) +++ trunk/src/init.h 2010-09-16 18:44:32 UTC (rev 250) @@ -60,6 +60,11 @@ struct tls_space_s *get_tls (void); +/* Explicit constructor for w32-gettext.c */ +#ifndef DLL_EXPORT +void _gpg_w32__init_gettext_module (void); +#endif + #endif /*HAVE_W32_SYSTEM*/ #endif /*INIT_H*/ Modified: trunk/src/w32-gettext.c =================================================================== --- trunk/src/w32-gettext.c 2010-09-16 14:40:28 UTC (rev 249) +++ trunk/src/w32-gettext.c 2010-09-16 18:44:32 UTC (rev 250) @@ -1146,15 +1146,34 @@ -/* Constructor for this module. Called from DllMain. */ +/* Constructor for this module. This can only be used if we are a + DLL. IF used as a static lib we can't control the process set; for + example it might be used with a main module which is not build with + mingw and thus does not know how to call the constructors. */ +#ifdef DLL_EXPORT static void module_init (void) __attribute__ ((__constructor__)); +#endif static void module_init (void) { - InitializeCriticalSection (&domainlist_access_cs); + static int init_done; + + if (!init_done) + { + InitializeCriticalSection (&domainlist_access_cs); + init_done = 1; + } } +#ifndef DLL_EXPORT +void +_gpg_w32__init_gettext_module (void) +{ + module_init (); +} +#endif + /* Free the domain data. */ static void free_domain (struct loaded_domain *domain) From cvs at cvs.gnupg.org Fri Sep 17 16:16:35 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 17 Sep 2010 16:16:35 +0200 Subject: [svn] assuan - r388 - in trunk: . src Message-ID: Author: wk Date: 2010-09-17 16:16:34 +0200 (Fri, 17 Sep 2010) New Revision: 388 Modified: trunk/autogen.sh trunk/src/ChangeLog trunk/src/assuan-socket-connect.c Log: Fix portability bug#1282. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2010-09-01 10:10:28 UTC (rev 387) +++ trunk/src/ChangeLog 2010-09-17 14:16:34 UTC (rev 388) @@ -1,3 +1,8 @@ +2010-09-17 Werner Koch + + * assuan-socket-connect.c (INADDR_NONE): New replacement. Fixes + bug#1282. + 2010-09-01 Werner Koch * assuan.h.in (ASSUAN_NO_LOGGING): New. Modified: trunk/autogen.sh =================================================================== --- trunk/autogen.sh 2010-09-01 10:10:28 UTC (rev 387) +++ trunk/autogen.sh 2010-09-17 14:16:34 UTC (rev 388) @@ -127,7 +127,7 @@ fi fi - ./configure --enable-maintainer-mode --prefix=${w32root} \ + $tsdir/configure --enable-maintainer-mode --prefix=${w32root} \ --host=${host} --build=${build} \ --with-gpg-error-prefix=${w32root} "$@" Modified: trunk/src/assuan-socket-connect.c =================================================================== --- trunk/src/assuan-socket-connect.c 2010-09-01 10:10:28 UTC (rev 387) +++ trunk/src/assuan-socket-connect.c 2010-09-17 14:16:34 UTC (rev 388) @@ -51,6 +51,9 @@ #ifndef AF_LOCAL # define AF_LOCAL AF_UNIX #endif +#ifndef INADDR_NONE +#define INADDR_NONE ((unsigned long)(-1)) +#endif /*INADDR_NONE*/ #ifndef SUN_LEN # define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path) \ From cvs at cvs.gnupg.org Sat Sep 18 21:52:10 2010 From: cvs at cvs.gnupg.org (cvs user werner) Date: Sat, 18 Sep 2010 21:52:10 +0200 Subject: misc-scripts (heating-control.c) Message-ID: Date: Saturday, September 18, 2010 @ 21:52:10 Author: werner Path: /cvs/wk/misc-scripts Modified: heating-control.c More fixes. + From cvs at cvs.gnupg.org Mon Sep 20 22:27:39 2010 From: cvs at cvs.gnupg.org (cvs user werner) Date: Mon, 20 Sep 2010 22:27:39 +0200 Subject: misc-scripts (heating-control.c) Message-ID: Date: Monday, September 20, 2010 @ 22:27:39 Author: werner Path: /cvs/wk/misc-scripts Modified: heating-control.c . + From cvs at cvs.gnupg.org Tue Sep 21 02:20:49 2010 From: cvs at cvs.gnupg.org (cvs user werner) Date: Tue, 21 Sep 2010 02:20:49 +0200 Subject: misc-scripts (heating-control.c) Message-ID: Date: Tuesday, September 21, 2010 @ 02:20:49 Author: werner Path: /cvs/wk/misc-scripts Modified: heating-control.c Use AT commands to control the device. From cvs at cvs.gnupg.org Wed Sep 22 13:30:07 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 22 Sep 2010 13:30:07 +0200 Subject: [svn] pinentry - r237 - in trunk: . gtk+-2 Message-ID: Author: wk Date: 2010-09-22 13:30:06 +0200 (Wed, 22 Sep 2010) New Revision: 237 Modified: trunk/ChangeLog trunk/NEWS trunk/gtk+-2/pinentry-gtk-2.c Log: Make default-cacnel and default-ok work for GTK2 Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-08-19 14:44:31 UTC (rev 236) +++ trunk/ChangeLog 2010-09-22 11:30:06 UTC (rev 237) @@ -1,3 +1,8 @@ +2010-09-22 Werner Koch + + * gtk+-2/pinentry-gtk-2.c (create_window): Make use of + default_cancel and default_ok. + 2010-08-19 Werner Koch * gtk+-2/Makefile.am (pinentry_gtk_2_SOURCES): Add gseal-gtk-compat.h. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2010-08-19 14:44:31 UTC (rev 236) +++ trunk/NEWS 2010-09-22 11:30:06 UTC (rev 237) @@ -6,6 +6,8 @@ * The GTK pinentry now always sticks to the top and properly grabs the keyboard. + * The protocol options default-cancel and default-ok now work for the + pinnetry-gtk2. Noteworthy changes in version 0.8.0 (2010-03-03) ------------------------------------------------ Modified: trunk/gtk+-2/pinentry-gtk-2.c =================================================================== --- trunk/gtk+-2/pinentry-gtk-2.c 2010-08-19 14:44:31 UTC (rev 236) +++ trunk/gtk+-2/pinentry-gtk-2.c 2010-09-22 11:30:06 UTC (rev 237) @@ -1,7 +1,7 @@ /* pinentry-gtk-2.c Copyright (C) 1999 Robert Bihlmeyer Copyright (C) 2001, 2002, 2007 g10 Code GmbH - Copyright (C) 2004 by Albrecht Dre? + Copyright (C) 2004 by Albrecht Dre?? pinentry-gtk-2 is a pinentry application for the Gtk+-2 widget set. It tries to follow the Gnome Human Interface Guide as close as @@ -222,6 +222,8 @@ if (g_utf8_validate (text, -1, NULL)) return g_strdup (text); + /* Failure: Assume that it was encoded in the current locale and + convert it to utf-8. */ result = g_locale_to_utf8 (text, -1, NULL, NULL, NULL); if (!result) { @@ -459,8 +461,20 @@ w = gtk_button_new_with_mnemonic (msg); g_free (msg); } + else if (pinentry->default_cancel) + { + GtkWidget *image; + + msg = pinentry_utf8_validate (pinentry->default_cancel); + w = gtk_button_new_with_mnemonic (msg); + g_free (msg); + image = gtk_image_new_from_stock (GTK_STOCK_CANCEL, + GTK_ICON_SIZE_BUTTON); + if (image) + gtk_button_set_image (GTK_BUTTON (w), image); + } else - w = gtk_button_new_from_stock (GTK_STOCK_CANCEL); + w = gtk_button_new_from_stock (GTK_STOCK_CANCEL); gtk_container_add (GTK_CONTAINER (bbox), w); g_signal_connect (G_OBJECT (w), "clicked", G_CALLBACK (confirm_mode ? confirm_button_clicked @@ -488,6 +502,18 @@ w = gtk_button_new_with_mnemonic (msg); g_free (msg); } + else if (pinentry->default_ok) + { + GtkWidget *image; + + msg = pinentry_utf8_validate (pinentry->default_ok); + w = gtk_button_new_with_mnemonic (msg); + g_free (msg); + image = gtk_image_new_from_stock (GTK_STOCK_OK, + GTK_ICON_SIZE_BUTTON); + if (image) + gtk_button_set_image (GTK_BUTTON (w), image); + } else w = gtk_button_new_from_stock (GTK_STOCK_OK); gtk_container_add (GTK_CONTAINER(bbox), w); From cvs at cvs.gnupg.org Thu Sep 23 10:15:47 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 23 Sep 2010 10:15:47 +0200 Subject: [svn] GnuPG - r5421 - in branches/STABLE-BRANCH-1-4: . doc g10 scripts/conf-w32 util Message-ID: Author: wk Date: 2010-09-23 10:15:45 +0200 (Thu, 23 Sep 2010) New Revision: 5421 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/NEWS branches/STABLE-BRANCH-1-4/README branches/STABLE-BRANCH-1-4/configure.ac branches/STABLE-BRANCH-1-4/doc/README.W32 branches/STABLE-BRANCH-1-4/g10/card-util.c branches/STABLE-BRANCH-1-4/scripts/conf-w32/bzip2-1.diff branches/STABLE-BRANCH-1-4/util/argparse.c Log: Preparing a release candidate Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2010-09-16 14:32:38 UTC (rev 5420) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2010-09-23 08:15:45 UTC (rev 5421) @@ -1,3 +1,7 @@ +2010-09-23 Werner Koch + + Release 1.4.11rc1. + 2009-09-02 Werner Koch Release 1.4.10. Modified: branches/STABLE-BRANCH-1-4/NEWS =================================================================== --- branches/STABLE-BRANCH-1-4/NEWS 2010-09-16 14:32:38 UTC (rev 5420) +++ branches/STABLE-BRANCH-1-4/NEWS 2010-09-23 08:15:45 UTC (rev 5421) @@ -1,4 +1,4 @@ -Noteworthy changes in version 1.4.11 +Noteworthy changes in version 1.4.11 (unreleased) ------------------------------------------------- * Bug fixes. Modified: branches/STABLE-BRANCH-1-4/README =================================================================== --- branches/STABLE-BRANCH-1-4/README 2010-09-16 14:32:38 UTC (rev 5420) +++ branches/STABLE-BRANCH-1-4/README 2010-09-23 08:15:45 UTC (rev 5421) @@ -1,11 +1,11 @@ GnuPG - The GNU Privacy Guard ------------------------------- - Version 1.4.10 + Version 1.4.11 Copyright 1998, 1999, 2000, 2001, 2002, 2003, - 2004, 2005, 2006, 2007, 2008, - 2009 Free Software Foundation, Inc. + 2004, 2005, 2006, 2007, 2008, 2009, + 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2010-09-16 14:32:38 UTC (rev 5420) +++ branches/STABLE-BRANCH-1-4/configure.ac 2010-09-23 08:15:45 UTC (rev 5421) @@ -25,8 +25,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh --force" right before creating a distribution. -m4_define([my_version], [1.4.11]) -m4_define([my_issvn], [yes]) +m4_define([my_version], [1.4.11rc1]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) AC_INIT([gnupg], Modified: branches/STABLE-BRANCH-1-4/doc/README.W32 =================================================================== --- branches/STABLE-BRANCH-1-4/doc/README.W32 2010-09-16 14:32:38 UTC (rev 5420) +++ branches/STABLE-BRANCH-1-4/doc/README.W32 2010-09-23 08:15:45 UTC (rev 5421) @@ -81,7 +81,7 @@ Until recently all official GnuPG versions have been build using the Mingw32/CPD kit as available at -ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cqpd-0.3.2.tar.gz . +ftp://ftp.gnupg.org/people/werner/cpd/mingw32-cpd-0.3.2.tar.gz . However, for maintenance reasons we switched to Debian's mingw32 cross compiler package and that is now the recommended way of building GnuPG for W32 platforms. It might be possible to build it nativly on a W32 Modified: branches/STABLE-BRANCH-1-4/g10/card-util.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/card-util.c 2010-09-16 14:32:38 UTC (rev 5420) +++ branches/STABLE-BRANCH-1-4/g10/card-util.c 2010-09-23 08:15:45 UTC (rev 5421) @@ -207,6 +207,9 @@ case 0x0005: return "ZeitControl"; case 0x002A: return "Magrathea"; + + case 0xF517: return "FSIJ"; + /* 0x00000 and 0xFFFF are defined as test cards per spec, 0xFFF00 to 0xFFFE are assigned for use with randomly created serial numbers. */ Modified: branches/STABLE-BRANCH-1-4/scripts/conf-w32/bzip2-1.diff =================================================================== --- branches/STABLE-BRANCH-1-4/scripts/conf-w32/bzip2-1.diff 2010-09-16 14:32:38 UTC (rev 5420) +++ branches/STABLE-BRANCH-1-4/scripts/conf-w32/bzip2-1.diff 2010-09-23 08:15:45 UTC (rev 5421) @@ -1,5 +1,5 @@ To include support for BZIP2 compression in GunPG for W32, the patch -below should be applied to a stock bzip2-1.0.2 source. The Build as +below should be applied to a stock bzip2-1.0.6 source. The Build as usual using the mingw32 cross compiler package from Debian and install the library and header file on top of the cross compiler installation (/usr/i586-mingw32msvc/lib/). Note that for ease of maintenance we Modified: branches/STABLE-BRANCH-1-4/util/argparse.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/argparse.c 2010-09-16 14:32:38 UTC (rev 5420) +++ branches/STABLE-BRANCH-1-4/util/argparse.c 2010-09-23 08:15:45 UTC (rev 5421) @@ -917,7 +917,7 @@ break; case 11: p = "foo"; break; case 13: p = "0.0"; break; - case 14: p = "Copyright (C) 2009 Free Software Foundation, Inc."; break; + case 14: p = "Copyright (C) 2010 Free Software Foundation, Inc."; break; case 15: p = "This is free software: you are free to change and redistribute it.\n" "There is NO WARRANTY, to the extent permitted by law.\n"; From cvs at cvs.gnupg.org Thu Sep 23 11:09:50 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 23 Sep 2010 11:09:50 +0200 Subject: [svn] GnuPG - r5422 - in branches/STABLE-BRANCH-1-4: . checks Message-ID: Author: wk Date: 2010-09-23 11:09:49 +0200 (Thu, 23 Sep 2010) New Revision: 5422 Modified: branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/Makefile.am branches/STABLE-BRANCH-1-4/checks/armor.test Log: "make distcheck" fix Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2010-09-23 08:15:45 UTC (rev 5421) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2010-09-23 09:09:49 UTC (rev 5422) @@ -2,6 +2,9 @@ Release 1.4.11rc1. + * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove + --enable-selinux-support option. + 2009-09-02 Werner Koch Release 1.4.10. Modified: branches/STABLE-BRANCH-1-4/Makefile.am =================================================================== --- branches/STABLE-BRANCH-1-4/Makefile.am 2010-09-23 08:15:45 UTC (rev 5421) +++ branches/STABLE-BRANCH-1-4/Makefile.am 2010-09-23 09:09:49 UTC (rev 5422) @@ -17,7 +17,10 @@ ## Process this file with automake to produce Makefile.in ACLOCAL_AMFLAGS = -I m4 -DISTCHECK_CONFIGURE_FLAGS = --enable-selinux-support --enable-mailto +# We can't use --enable-selinux-support because some of our regression +# tests are importing secret keys and that is not allowed if +# selinux-support is enabled. +DISTCHECK_CONFIGURE_FLAGS = --enable-mailto AUTOMAKE_OPTIONS = dist-bzip2 filename-length-max=99 if CROSS_COMPILING Modified: branches/STABLE-BRANCH-1-4/checks/armor.test =================================================================== --- branches/STABLE-BRANCH-1-4/checks/armor.test 2010-09-23 08:15:45 UTC (rev 5421) +++ branches/STABLE-BRANCH-1-4/checks/armor.test 2010-09-23 09:09:49 UTC (rev 5422) @@ -735,8 +735,8 @@ # Bug 1179 solved 2010-05-12: # It occured for messages of a multiple of the iobuf block size where -# the last line had no pad character. Due to premature poppng of thea -# rmor filter gpg swalled the CRC line and passed the '-----END...' +# the last line had no pad character. Due to premature popping of the +# armor filter gpg swalled the CRC line and passed the '-----END...' # line on to the decryption layer. i=alpha_seckey From cvs at cvs.gnupg.org Fri Sep 24 15:06:58 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 24 Sep 2010 15:06:58 +0200 Subject: [svn] GnuPG - r5423 - in branches/STABLE-BRANCH-2-0: . agent doc g10 Message-ID: Author: wk Date: 2010-09-24 15:06:56 +0200 (Fri, 24 Sep 2010) New Revision: 5423 Modified: branches/STABLE-BRANCH-2-0/NEWS branches/STABLE-BRANCH-2-0/agent/ChangeLog branches/STABLE-BRANCH-2-0/agent/gpg-agent.c branches/STABLE-BRANCH-2-0/doc/gpgsm.texi branches/STABLE-BRANCH-2-0/g10/card-util.c Log: Fix bug 1285 Modified: branches/STABLE-BRANCH-2-0/agent/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/agent/ChangeLog 2010-09-23 09:09:49 UTC (rev 5422) +++ branches/STABLE-BRANCH-2-0/agent/ChangeLog 2010-09-24 13:06:56 UTC (rev 5423) @@ -1,3 +1,9 @@ +2010-09-24 Werner Koch + + * gpg-agent.c (main, reread_configuration): Always test whether + the default configuration file has been created in the meantime. + Fixes bug#1285. + 2010-08-11 Werner Koch * call-pinentry.c (agent_askpin, agent_get_passphrase): Fix Modified: branches/STABLE-BRANCH-2-0/NEWS =================================================================== --- branches/STABLE-BRANCH-2-0/NEWS 2010-09-23 09:09:49 UTC (rev 5422) +++ branches/STABLE-BRANCH-2-0/NEWS 2010-09-24 13:06:56 UTC (rev 5423) @@ -3,7 +3,9 @@ * Fixed output of "gpgconf --check-options". + * gpg-agent now tests for a newly created gpg-agent.conf after a HUP. + Noteworthy changes in version 2.0.16 (2010-07-19) ------------------------------------------------- Modified: branches/STABLE-BRANCH-2-0/agent/gpg-agent.c =================================================================== --- branches/STABLE-BRANCH-2-0/agent/gpg-agent.c 2010-09-23 09:09:49 UTC (rev 5422) +++ branches/STABLE-BRANCH-2-0/agent/gpg-agent.c 2010-09-24 13:06:56 UTC (rev 5423) @@ -724,6 +724,12 @@ if( parse_debug ) log_info (_("NOTE: no default option file `%s'\n"), configname ); + /* Save the default conf file name so that + reread_configuration is able to test whether the + config file has been created in the meantime. */ + xfree (config_filename); + config_filename = configname; + configname = NULL; } else { @@ -811,10 +817,15 @@ fclose( configfp ); configfp = NULL; /* Keep a copy of the name so that it can be read on SIGHUP. */ - config_filename = configname; + if (config_filename != configname) + { + xfree (config_filename); + config_filename = configname; + } configname = NULL; goto next_pass; } + xfree (configname); configname = NULL; if (log_get_errorcount(0)) @@ -1332,8 +1343,8 @@ fp = fopen (config_filename, "r"); if (!fp) { - log_error (_("option file `%s': %s\n"), - config_filename, strerror(errno) ); + log_info (_("option file `%s': %s\n"), + config_filename, strerror(errno) ); return; } Modified: branches/STABLE-BRANCH-2-0/doc/gpgsm.texi =================================================================== --- branches/STABLE-BRANCH-2-0/doc/gpgsm.texi 2010-09-23 09:09:49 UTC (rev 5422) +++ branches/STABLE-BRANCH-2-0/doc/gpgsm.texi 2010-09-24 13:06:56 UTC (rev 5423) @@ -31,7 +31,7 @@ @command{gpgsm} is a tool similar to @command{gpg} to provide digital encryption and signing services on X.509 certificates and the CMS protocol. It is mainly used as a backend for S/MIME mail processing. - at command{gpgsm} includes a full features certificate management and + at command{gpgsm} includes a full featured certificate management and complies with all rules defined for the German Sphinx project. @manpause @@ -286,7 +286,7 @@ @node GPGSM Options @section Option Summary - at command{GPGSM} comes features a bunch of options to control the exact behaviour + at command{GPGSM} features a bunch of options to control the exact behaviour and to change the default configuration. @menu Modified: branches/STABLE-BRANCH-2-0/g10/card-util.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/card-util.c 2010-09-23 09:09:49 UTC (rev 5422) +++ branches/STABLE-BRANCH-2-0/g10/card-util.c 2010-09-24 13:06:56 UTC (rev 5423) @@ -207,6 +207,9 @@ case 0x0005: return "ZeitControl"; case 0x002A: return "Magrathea"; + + case 0xF517: return "FSIJ"; + /* 0x00000 and 0xFFFF are defined as test cards per spec, 0xFFF00 to 0xFFFE are assigned for use with randomly created serial numbers. */ From cvs at cvs.gnupg.org Tue Sep 28 10:29:14 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 28 Sep 2010 10:29:14 +0200 Subject: [svn] GnuPG - r5424 - in branches/STABLE-BRANCH-2-0: . g10 Message-ID: Author: wk Date: 2010-09-28 10:29:13 +0200 (Tue, 28 Sep 2010) New Revision: 5424 Modified: branches/STABLE-BRANCH-2-0/NEWS branches/STABLE-BRANCH-2-0/g10/ChangeLog branches/STABLE-BRANCH-2-0/g10/call-agent.c Log: Allow more hash algorithms with the OpenPGP card. Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-09-24 13:06:56 UTC (rev 5423) +++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-09-28 08:29:13 UTC (rev 5424) @@ -1,3 +1,8 @@ +2010-09-28 Werner Koch + + * call-agent.c (hash_algo_option): New. + (agent_scd_pksign): Use it. + 2010-07-20 Werner Koch * mainproc.c (print_pkenc_list): Print a STATUS_ERROR. Fixes Modified: branches/STABLE-BRANCH-2-0/NEWS =================================================================== --- branches/STABLE-BRANCH-2-0/NEWS 2010-09-24 13:06:56 UTC (rev 5423) +++ branches/STABLE-BRANCH-2-0/NEWS 2010-09-28 08:29:13 UTC (rev 5424) @@ -5,7 +5,9 @@ * gpg-agent now tests for a newly created gpg-agent.conf after a HUP. + * Allow more hash algorithms with the OpenPGP v2 card. + Noteworthy changes in version 2.0.16 (2010-07-19) ------------------------------------------------- Modified: branches/STABLE-BRANCH-2-0/g10/call-agent.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/call-agent.c 2010-09-24 13:06:56 UTC (rev 5423) +++ branches/STABLE-BRANCH-2-0/g10/call-agent.c 2010-09-28 08:29:13 UTC (rev 5424) @@ -892,6 +892,25 @@ return 0; } + +/* Helper returning a command option to describe the used hash + algorithm. See scd/command.c:cmd_pksign. */ +static const char * +hash_algo_option (int algo) +{ + switch (algo) + { + case GCRY_MD_RMD160: return "--hash=rmd160"; + case GCRY_MD_SHA1 : return "--hash=sha1"; + case GCRY_MD_SHA224: return "--hash=sha224"; + case GCRY_MD_SHA256: return "--hash=sha256"; + case GCRY_MD_SHA384: return "--hash=sha384"; + case GCRY_MD_SHA512: return "--hash=sha512"; + case GCRY_MD_MD5 : return "--hash=md5"; + default: return ""; + } +} + /* Send a sign command to the scdaemon via gpg-agent's pass thru mechanism. */ int @@ -938,8 +957,7 @@ else #endif snprintf (line, DIM(line)-1, "SCD PKSIGN %s%s", - hashalgo == GCRY_MD_RMD160? "--hash=rmd160 " : "", - serialno); + hash_algo_option (hashalgo), serialno); line[DIM(line)-1] = 0; rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data, default_inq_cb, NULL, NULL, NULL); From cvs at cvs.gnupg.org Tue Sep 28 12:07:33 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 28 Sep 2010 12:07:33 +0200 Subject: [svn] GnuPG - r5425 - in branches/STABLE-BRANCH-1-4: . cipher g10 include scripts util Message-ID: Author: wk Date: 2010-09-28 12:07:30 +0200 (Tue, 28 Sep 2010) New Revision: 5425 Modified: branches/STABLE-BRANCH-1-4/AUTHORS branches/STABLE-BRANCH-1-4/ChangeLog branches/STABLE-BRANCH-1-4/cipher/ChangeLog branches/STABLE-BRANCH-1-4/cipher/random.c branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/build-packet.c branches/STABLE-BRANCH-1-4/g10/gpgv.c branches/STABLE-BRANCH-1-4/g10/keyserver.c branches/STABLE-BRANCH-1-4/g10/misc.c branches/STABLE-BRANCH-1-4/g10/openfile.c branches/STABLE-BRANCH-1-4/g10/plaintext.c branches/STABLE-BRANCH-1-4/include/ChangeLog branches/STABLE-BRANCH-1-4/include/ttyio.h branches/STABLE-BRANCH-1-4/scripts/mk-w32-dist branches/STABLE-BRANCH-1-4/util/ChangeLog branches/STABLE-BRANCH-1-4/util/iobuf.c branches/STABLE-BRANCH-1-4/util/logger.c branches/STABLE-BRANCH-1-4/util/pka.c branches/STABLE-BRANCH-1-4/util/ttyio.c Log: Minor changes to help the VMS port Modified: branches/STABLE-BRANCH-1-4/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/ChangeLog 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/ChangeLog 2010-09-28 10:07:30 UTC (rev 5425) @@ -1,3 +1,7 @@ +2010-09-28 Werner Koch + + * configure.ac (AH_BOTTOM) [__VMS]: Fix homedir. + 2010-09-23 Werner Koch Release 1.4.11rc1. Modified: branches/STABLE-BRANCH-1-4/cipher/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/cipher/ChangeLog 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/cipher/ChangeLog 2010-09-28 10:07:30 UTC (rev 5425) @@ -1,3 +1,15 @@ +2010-09-28 Steven M. Schweda (wk) + + Changes to help the VMS port. See + http://antinode.info/dec/sw/gnupg.html . + + * random.c [__VMS]: Include rmsdef.h and vms.h. + (LOCK_SEED_FILE) [__VMS]: Set to 0. + (getfnc_gather_random) [USE_RNDVMS]: Call rndvms_gather_random. + (read_seed_file) [__VMS]: Allow reading by others. + (update_random_seed_file) [__VMS]: Use VMS specific open call. + * rand-internal.h (rndvms_gather_random): New. + 2008-04-17 David Shaw * camellia-glue.c (selftest, camellia_get_info), cipher.c Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-09-28 10:07:30 UTC (rev 5425) @@ -1,3 +1,29 @@ +2010-09-28 Werner Koch + + * gpgv.c (ttyfp_is, init_ttyfp) [__VMS]: Add subs. + +2010-09-28 Steven M. Schweda (wk) + + Changes to help the VMS port. See + http://antinode.info/dec/sw/gnupg.html . + + * build-packet.c (do_plaintext) [__VMS]: Disable error message. + * keyserver.c (keyserver_spawn) [__VMS]: Do not add the DIRSEP_S. + * misc.c [__VMS]: Include . + * signal.c [__VMS]: Include vms.h. + (got_fatal_signal) [__VMS]: Restore terminal echo. + * plaintext.c [__VMS]: Include vms.h. + * openfile.c (make_outfile_name): __VMS] Do not use. + (open_outfile) [__VMS]: Use vms_append_ext. + (try_make_homedir) [__VMS]: chmod directory. + * misc.c (disable_core_dumps) [__VMS]: Disable. + (path_access) [__VMS]: Do not use. + +2010-09-28 Werner Koch + + * passphrase.c [!ENABLE_AGENT_SUPPORT]: Do not include + sys/socket.h to help the VMS port. + 2010-08-31 Werner Koch * mainproc.c (print_pkenc_list): Print a STATUS_ERROR. Fixes Modified: branches/STABLE-BRANCH-1-4/include/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/include/ChangeLog 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/include/ChangeLog 2010-09-28 10:07:30 UTC (rev 5425) @@ -1,3 +1,7 @@ +2010-09-28 Werner Koch + + * ttyio.h (ttyfp_is, init_ttyfp) [__VMS]: New. + 2009-09-03 Werner Koch * util.h (xtryvasprintf): New. Modified: branches/STABLE-BRANCH-1-4/util/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/util/ChangeLog 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/util/ChangeLog 2010-09-28 10:07:30 UTC (rev 5425) @@ -1,3 +1,21 @@ +2010-09-28 Steven M. Schweda (wk) + + Changes to help the VMS port. See + http://antinode.info/dec/sw/gnupg.html . + + * cert.c [__VMS]: Include cert_vms.h. + * ttyio.c [__VMS]: Include vms.h. + (init_ttyfp) [__VMS]: Make global. + (ttyfp_is) [__VMS]: New. + (do_get) [__VMS]: Disable terminal echo. + * srv.c [__VMS]: Include cert_vms.h. + * secmem.c (lock_pool) [__VMS]: Use log_warning. + * pka.c [USE_DNS_PKA]: Define T_CERT. + * logger.c [__VMS]: Include unistd.h and ttyio.h. + (g10_log_print_prefix) [__VMS]: Init logfp. + * iobuf.c [__VMS]: Include vms.h. + (iobuf_get_filelength) [__VMS]: Use VMS specific method. + 2009-09-03 Werner Koch * ttyio.c (tty_printf) [_WIN32]: s/xtryasprintf/xtryvasprint/ Modified: branches/STABLE-BRANCH-1-4/AUTHORS =================================================================== --- branches/STABLE-BRANCH-1-4/AUTHORS 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/AUTHORS 2010-09-28 10:07:30 UTC (rev 5425) @@ -131,6 +131,10 @@ and rndwin32.c from cryptlib. Copyright Peter Gutmann, Paul Kendall, and Chris Wedgwood 1996-1999. +The code to help with the VMS port (indicated by __VMS and +corresponding Changelog entries) was contributed by Steven M. Schweda. +. + The RPM specs file scripts/gnupg.spec has been contributed by several people. Modified: branches/STABLE-BRANCH-1-4/cipher/random.c =================================================================== --- branches/STABLE-BRANCH-1-4/cipher/random.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/cipher/random.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -63,13 +63,23 @@ #include "rand-internal.h" #include "algorithms.h" +#ifdef __VMS +# include +# include "vms.h" +#endif /* def __VMS */ + #ifndef RAND_MAX /* for SunOS */ #define RAND_MAX 32767 #endif +/* 2008-03-31 SMS. + * VMS C RTL before V8.3 lacks byte-range file locking, but by default, + * a file opened for write access is not shared, so mutual exclusion can + * most generally be handled at the open(). */ /* Check whether we can lock the seed file read write. */ -#if defined(HAVE_FCNTL) && defined(HAVE_FTRUNCATE) && !defined(HAVE_W32_SYSTEM) +#if defined(HAVE_FCNTL) && defined(HAVE_FTRUNCATE) \ + && !defined(HAVE_W32_SYSTEM) && !defined(__VMS) #define LOCK_SEED_FILE 1 #else #define LOCK_SEED_FILE 0 @@ -177,6 +187,9 @@ # ifdef USE_RNDUNIX return rndunix_gather_random; # endif +# ifdef USE_RNDVMS + return rndvms_gather_random; +# endif # ifdef USE_RNDEGD return rndegd_gather_random; # endif @@ -402,7 +415,7 @@ return -1; } - if (backoff > 2) /* Show the first message after ~2.25 seconds. */ + if (backoff > 2) /* Show the first message after ~3.75 seconds. */ log_info( _("waiting for lock on `%s'...\n"), fname); tv.tv_sec = backoff; @@ -434,6 +447,9 @@ #if defined(HAVE_DOSISH_SYSTEM) || defined(__CYGWIN__) fd = open( seed_file_name, O_RDONLY | O_BINARY ); +#elif defined( __VMS) + /* We're only reading, so allow others to do anything. */ + fd = open( seed_file_name, O_RDONLY, 0777, "shr=get,put,upd" ); #else fd = open( seed_file_name, O_RDONLY ); #endif @@ -535,11 +551,40 @@ # if LOCK_SEED_FILE fd = open( seed_file_name, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR ); # else +# ifdef __VMS + /* Open the seed file for exclusive write access, but allow other + * readers. Loop until success. Complain after a few failures. */ + { + int backoff = 0; + + while ((fd = open( seed_file_name, + O_WRONLY|O_CREAT, + S_IRUSR|S_IWUSR, + "shr=get")) == -1 ) + { + if ((errno != EVMSERR) || (vaxc$errno != RMS$_FLK)) + { + /* Some unexpected open failure. */ + log_info (_("can't lock `%s': %s\n"), + seed_file_name, strerror (errno)); + return; + } + + if (backoff > 2) /* Show the first message after ~3.75 seconds. */ + log_info( _("waiting for lock on `%s'...\n"), seed_file_name); + + wait_vms( backoff+ 0.25); + if (backoff < 10) + backoff++ ; + } + } +# else /* !def __VMS */ fd = open( seed_file_name, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR ); +# endif /* !def __VMS */ # endif #endif if( fd == -1 ) { - log_info(_("can't create `%s': %s\n"), seed_file_name, strerror(errno) ); + log_info(_("can't create `%s': %s\n"), seed_file_name, strerror(errno)); return; } Modified: branches/STABLE-BRANCH-1-4/g10/build-packet.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/build-packet.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/g10/build-packet.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -491,9 +491,14 @@ wipememory(buf,1000); /* burn the buffer */ if( (ctb&0x40) && !pt->len ) iobuf_set_partial_block_mode(out, 0 ); /* turn off partial */ + + /* On VMS, byte counts will not match for some file record + * formats, so it's best to disable the following error. */ +#ifndef __VMS if( pt->len && n != pt->len ) log_error("do_plaintext(): wrote %lu bytes but expected %lu bytes\n", (ulong)n, (ulong)pt->len ); +#endif return rc; } Modified: branches/STABLE-BRANCH-1-4/g10/gpgv.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/gpgv.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/g10/gpgv.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -418,6 +418,10 @@ int tty_get_answer_is_yes( const char *prompt ) {return 0;} int tty_no_terminal(int onoff) {return 0;} void tty_cleanup_after_signal (void) {} +#ifdef __VMS +FILE *ttyfp_is (void) { return stderr; } +void init_ttyfp (void) { } +#endif /*__VMS*/ #ifdef HAVE_LIBREADLINE void tty_enable_completion(rl_completion_func_t *completer) {} void tty_disable_completion(void) {} Modified: branches/STABLE-BRANCH-1-4/g10/keyserver.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/keyserver.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/g10/keyserver.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -1012,7 +1012,9 @@ command=xmalloc(strlen(libexecdir)+strlen(DIRSEP_S)+ GPGKEYS_PREFIX_LEN+strlen(scheme)+3+strlen(EXEEXT)+1); strcpy(command,libexecdir); - strcat(command,DIRSEP_S); +#ifndef __VMS + strcat (command, DIRSEP_S); +#endif } end=command+strlen(command); Modified: branches/STABLE-BRANCH-1-4/g10/misc.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/misc.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/g10/misc.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -54,6 +54,10 @@ #include "dynload.h" #endif /*_WIN32*/ +#ifdef __VMS +# include +#endif /* def __VMS */ + #include "util.h" #include "main.h" #include "photoid.h" @@ -106,7 +110,7 @@ int disable_core_dumps() { -#ifdef HAVE_DOSISH_SYSTEM +#if defined(HAVE_DOSISH_SYSTEM) || defined(__VMS) return 0; #else #ifdef HAVE_SETRLIMIT @@ -1333,7 +1337,11 @@ return GNUPG_LIBEXECDIR; } -/* Similar to access(2), but uses PATH to find the file. */ +/* Similar to access(2), but uses PATH to find the file. + + (2006-07-08 SMS: See "vmslib/vms.c" for a VMS-specific replacement + function) */ +#ifndef __VMS int path_access(const char *file,int mode) { @@ -1376,3 +1384,5 @@ return ret; } +#endif /*ndef __VMS*/ + Modified: branches/STABLE-BRANCH-1-4/g10/openfile.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/openfile.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/g10/openfile.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -98,7 +98,11 @@ /**************** * Strip know extensions from iname and return a newly allocated * filename. Return NULL if we can't do that. + * + * (See vmslib/vms.c for the VMS-specific replacement function, + * vms_make_outfile_name()) */ +#ifndef __VMS char * make_outfile_name( const char *iname ) { @@ -125,6 +129,7 @@ log_info(_("%s: unknown suffix\n"), iname ); return NULL; } +#endif /* ndef __VMS */ /**************** Modified: branches/STABLE-BRANCH-1-4/g10/plaintext.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/plaintext.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/g10/plaintext.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -39,7 +39,14 @@ #include "status.h" #include "i18n.h" +#ifdef __VMS +# include "vms.h" /* Not part of the standard GnuPG tarball. See + http://antinode.info/dec/sw/gnupg.html */ +# define fopen fopen_vms +#endif /* def __VMS */ + + /**************** * Handle a plaintext packet. If MFX is not NULL, update the MDs * Note: we should use the filter stuff here, but we have to add some Modified: branches/STABLE-BRANCH-1-4/include/ttyio.h =================================================================== --- branches/STABLE-BRANCH-1-4/include/ttyio.h 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/include/ttyio.h 2010-09-28 10:07:30 UTC (rev 5425) @@ -43,6 +43,11 @@ int tty_get_answer_is_yes( const char *prompt ); int tty_no_terminal(int onoff); +#ifdef __VMS +FILE *ttyfp_is (void); +void init_ttyfp (void); +#endif /*__VMS*/ + #ifdef HAVE_LIBREADLINE void tty_enable_completion(rl_completion_func_t *completer); void tty_disable_completion(void); Modified: branches/STABLE-BRANCH-1-4/scripts/mk-w32-dist =================================================================== --- branches/STABLE-BRANCH-1-4/scripts/mk-w32-dist 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/scripts/mk-w32-dist 2010-09-28 10:07:30 UTC (rev 5425) @@ -46,7 +46,7 @@ shift shift else - build_number=$(date -u '+%j%k' | sed 's/^0*$.*$/\1/') + build_number=$(date -u '+%j%H' | sed 's/^0*$.*$/\1/') fi Modified: branches/STABLE-BRANCH-1-4/util/iobuf.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/iobuf.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/util/iobuf.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -41,6 +41,11 @@ #include "util.h" #include "dynload.h" #include "iobuf.h" + +#ifdef __VMS +# include "vms.h" +# define open open_vms +#endif /* def __VMS */ /* The size of the internal buffers. NOTE: If you change this value you MUST also adjust the regression @@ -1916,13 +1921,24 @@ if (overflow) *overflow = 0; - if( a->directfp ) { + if (a->directfp) + { FILE *fp = a->directfp; - if( !fstat(fileno(fp), &st) ) +#ifdef __VMS + /* 2009-02-19 SMS. + * On VMS, use a VMS-specific method to determine file size. + * For some non-UNIX-like file formats, the fstat() result + * will not agree with the C Standard I/O functions such as + * getc() and fread(), so these must be detected and handled + * specially. */ + return vms_file_size (fileno( fp)); +#else /*!__VMS */ + if( !fstat(fileno(fp), &st) ) return st.st_size; log_error("fstat() failed: %s\n", strerror(errno) ); return 0; +#endif /*!__VMS */ } /* Hmmm: file_filter may have already been removed */ @@ -1975,6 +1991,8 @@ } log_error ("GetFileSize for handle %p failed: %s\n", fp, w32_strerror (0)); +#elif defined(__VMS) + return vms_file_size (my_fileno (fp)); #else if( !fstat(my_fileno(fp), &st) ) return st.st_size; Modified: branches/STABLE-BRANCH-1-4/util/logger.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/logger.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/util/logger.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -27,6 +27,11 @@ #include "util.h" #include "i18n.h" +#ifdef __VMS +# include +# include "ttyio.h" +#endif /* def __VMS */ + static char pidstring[15]; static char *pgm_name; static int errorcount; Modified: branches/STABLE-BRANCH-1-4/util/pka.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/pka.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/util/pka.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -24,15 +24,22 @@ #include #ifdef USE_DNS_PKA -#include -#ifdef _WIN32 -#include -#else -#include -#include -#include -#include -#endif +# include +# ifdef _WIN32 +# include +# else +# include +# include +# include +# include + /* Not every installation has gotten around to supporting CERTs yet... */ +# ifndef T_CERT +# define T_CERT 37 +# ifdef __VMS +# include "cert_vms.h" +# endif /* def __VMS */ +# endif +# endif #endif /* USE_DNS_PKA */ #include "memory.h" Modified: branches/STABLE-BRANCH-1-4/util/ttyio.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/ttyio.c 2010-09-28 08:29:13 UTC (rev 5424) +++ branches/STABLE-BRANCH-1-4/util/ttyio.c 2010-09-28 10:07:30 UTC (rev 5425) @@ -50,6 +50,10 @@ #include #endif +#ifdef __VMS +# include "vms.h" +#endif /* __VMS */ + #include "util.h" #include "memory.h" #include "ttyio.h" @@ -130,7 +134,23 @@ #endif } -static void +#ifdef __VMS +/* 2006-08-10 SMS. + Interface function needed for VMS (unless someone + wishes to make "ttyfp" global). See g10_log_print_prefix() in + util/logger.c. */ +FILE * +ttyfp_is (void) +{ + return ttyfp; +} +#endif /* def __VMS */ + + +#ifndef __VMS +static +#endif + void init_ttyfp(void) { if( initialized ) @@ -507,6 +527,11 @@ if( tcsetattr( fileno(ttyfp), TCSAFLUSH, &term ) ) log_fatal("tcsetattr() failed: %s\n", strerror(errno) ); #endif +# ifdef __VMS + /* Disable terminal echo. */ + if (vms_set_term_echo (0)) + log_fatal ("error disabling terminal echo: %s\n", strerror (errno)); +# endif /* __VMS */ } tty_printf( "%s", prompt ); @@ -539,11 +564,16 @@ if( hidden ) { -#ifdef HAVE_TCGETATTR +# ifdef HAVE_TCGETATTR if( tcsetattr(fileno(ttyfp), TCSAFLUSH, &termsave) ) log_error("tcsetattr() failed: %s\n", strerror(errno) ); restore_termios = 0; -#endif +# endif +# ifdef __VMS + /* Restore (most likely enable) terminal echo. */ + if (vms_set_term_echo( -1)) + log_fatal ("error enabling terminal echo: %s\n", strerror (errno)); +# endif /* __VMS */ } #endif /* end unix version */ buf[i] = 0; From cvs at cvs.gnupg.org Tue Sep 28 15:21:43 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 28 Sep 2010 15:21:43 +0200 Subject: [svn] GnuPG - r5426 - branches/STABLE-BRANCH-2-0/g10 Message-ID: Author: wk Date: 2010-09-28 15:21:42 +0200 (Tue, 28 Sep 2010) New Revision: 5426 Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog branches/STABLE-BRANCH-2-0/g10/keyedit.c Log: fix for bug1234. Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-09-28 10:07:30 UTC (rev 5425) +++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-09-28 13:21:42 UTC (rev 5426) @@ -1,5 +1,8 @@ 2010-09-28 Werner Koch + * keyedit.c (show_key_with_all_names): Make revocation hint + cleared. Fixes bug#1234. + * call-agent.c (hash_algo_option): New. (agent_scd_pksign): Use it. Modified: branches/STABLE-BRANCH-2-0/g10/keyedit.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/keyedit.c 2010-09-28 10:07:30 UTC (rev 5425) +++ branches/STABLE-BRANCH-2-0/g10/keyedit.c 2010-09-28 13:21:42 UTC (rev 5426) @@ -2809,7 +2809,8 @@ { char *user=get_user_id_string_native(pk->revoked.keyid); const char *algo = gcry_pk_algo_name (pk->revoked.algo); - tty_printf(_("This key was revoked on %s by %s key %s\n"), + tty_printf (_("The following key was revoked on" + " %s by %s key %s\n"), revokestr_from_pk(pk),algo?algo:"?",user); xfree(user); } From cvs at cvs.gnupg.org Tue Sep 28 17:55:25 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 28 Sep 2010 17:55:25 +0200 Subject: [svn] GnuPG - r5427 - in branches/STABLE-BRANCH-1-4: . cipher g10 util Message-ID: Author: wk Date: 2010-09-28 17:55:24 +0200 (Tue, 28 Sep 2010) New Revision: 5427 Modified: branches/STABLE-BRANCH-1-4/cipher/rand-internal.h branches/STABLE-BRANCH-1-4/configure.ac branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/openfile.c branches/STABLE-BRANCH-1-4/g10/passphrase.c branches/STABLE-BRANCH-1-4/g10/signal.c branches/STABLE-BRANCH-1-4/util/cert.c branches/STABLE-BRANCH-1-4/util/logger.c branches/STABLE-BRANCH-1-4/util/secmem.c branches/STABLE-BRANCH-1-4/util/srv.c Log: The rest of the VMS changes. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-09-28 15:55:24 UTC (rev 5427) @@ -1,12 +1,9 @@ -2010-09-28 Werner Koch - - * gpgv.c (ttyfp_is, init_ttyfp) [__VMS]: Add subs. - 2010-09-28 Steven M. Schweda (wk) Changes to help the VMS port. See http://antinode.info/dec/sw/gnupg.html . + * gpgv.c (ttyfp_is, init_ttyfp) [__VMS]: Add stubs. * build-packet.c (do_plaintext) [__VMS]: Disable error message. * keyserver.c (keyserver_spawn) [__VMS]: Do not add the DIRSEP_S. * misc.c [__VMS]: Include . Modified: branches/STABLE-BRANCH-1-4/cipher/rand-internal.h =================================================================== --- branches/STABLE-BRANCH-1-4/cipher/rand-internal.h 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/cipher/rand-internal.h 2010-09-28 15:55:24 UTC (rev 5427) @@ -23,6 +23,8 @@ int requester, size_t length, int level); int rndlinux_gather_random (void (*add)(const void*, size_t, int), int requester, size_t length, int level); +int rndvms_gather_random (void (*add)(const void*, size_t, int), + int requester, size_t length, int level); int rndegd_connect_socket (int nofail); int rndegd_gather_random (void (*add)(const void*, size_t, int), int requester, size_t length, int level ); Modified: branches/STABLE-BRANCH-1-4/configure.ac =================================================================== --- branches/STABLE-BRANCH-1-4/configure.ac 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/configure.ac 2010-09-28 15:55:24 UTC (rev 5427) @@ -470,7 +470,7 @@ # define GNUPG_HOMEDIR "c:\\\\gnupg" #else # ifdef __VMS -# define GNUPG_HOMEDIR "/SYS\$LOGIN/gnupg" +# define GNUPG_HOMEDIR "/SYS$LOGIN/gnupg" # else # define GNUPG_HOMEDIR "~/.gnupg" # endif Modified: branches/STABLE-BRANCH-1-4/g10/openfile.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/openfile.c 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/g10/openfile.c 2010-09-28 15:55:24 UTC (rev 5427) @@ -248,8 +248,13 @@ #endif /* USE_ONLY_8DOT3 */ { buf = xmalloc(strlen(iname)+4+1); +#ifdef __VMS + vms_append_ext (buf, iname, + mode==1 ? "asc" : mode==2 ? "sig" : "gpg"); +#else /*!def __VMS*/ strcpy(stpcpy(buf,iname), mode==1 ? EXTSEP_S "asc" : mode==2 ? EXTSEP_S "sig" : EXTSEP_S "gpg"); +#endif /*!def __VMS*/ } name = buf; } @@ -435,6 +440,15 @@ fname, strerror(errno) ); else if( !opt.quiet ) log_info( _("directory `%s' created\n"), fname ); + +#ifdef __VMS + /* Explicitly remove group and world (other) access, which may + be allowed by default. */ + if (chmod (fname, S_IRWXU )) + log_fatal ("can't set protection on directory `%s': %s\n", + fname, strerror (errno)); +#endif /*def __VMS*/ + copy_options_file( fname ); /* log_info(_("you have to start GnuPG again, " */ /* "so it can read the new configuration file\n") ); */ Modified: branches/STABLE-BRANCH-1-4/g10/passphrase.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/passphrase.c 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/g10/passphrase.c 2010-09-28 15:55:24 UTC (rev 5427) @@ -25,9 +25,11 @@ #include #include #include -#if !defined(HAVE_DOSISH_SYSTEM) && !defined(__riscos__) -#include -#include +#ifdef ENABLE_AGENT_SUPPORT +# if !defined(HAVE_DOSISH_SYSTEM) && !defined(__riscos__) +# include +# include +# endif #endif #if defined (_WIN32) #include Modified: branches/STABLE-BRANCH-1-4/g10/signal.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/signal.c 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/g10/signal.c 2010-09-28 15:55:24 UTC (rev 5427) @@ -38,6 +38,10 @@ #include "main.h" #include "ttyio.h" +#ifdef __VMS +# include "vms.h" +#endif /* __VMS */ + #ifdef HAVE_DOSISH_SYSTEM void init_signals(void) {} void pause_on_sigusr(int which) {} @@ -110,6 +114,12 @@ #endif write(2, " caught ... exiting\n", 20 ); +#ifdef __VMS + /* 2006-08-10 SMS. + Restore terminal echo, if needed, before exiting. */ + vms_set_term_echo (-1); +#endif /* def __VMS */ + /* Reset action to default action and raise signal again. */ init_one_signal (sig, SIG_DFL, 0); remove_lockfiles (); Modified: branches/STABLE-BRANCH-1-4/util/cert.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/cert.c 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/util/cert.c 2010-09-28 15:55:24 UTC (rev 5427) @@ -37,7 +37,10 @@ /* Not every installation has gotten around to supporting CERTs yet... */ #ifndef T_CERT -#define T_CERT 37 +# define T_CERT 37 +# ifdef __VMS +# include "cert_vms.h" +# endif /* def __VMS */ #endif #ifdef USE_DNS_CERT Modified: branches/STABLE-BRANCH-1-4/util/logger.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/logger.c 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/util/logger.c 2010-09-28 15:55:24 UTC (rev 5427) @@ -123,6 +123,28 @@ void g10_log_print_prefix(const char *text) { +#ifdef __VMS + /* 2006-08-10 SMS. + VMS terminal carriage control differs from that on UNIX, and one + result is overwritten messages when terminal output is done + through multiple file pointers (like logfp and ttyfp), even when + they both are connected to the same terminal. The accomodation + attempted here is to initialize ttyfp before logfp, and if stderr + and ttyfp are both terminals (presumably the same one), to set an + unset logfp to ttyfp instead of to stderr. */ + if (!logfp ) + { + FILE *ttyfp_local; + + init_ttyfp(); + ttyfp_local = ttyfp_is (); + if (isatty (fileno (stderr)) && isatty (fileno (ttyfp_local))) + { + logfp = ttyfp_local; + } + } +#endif /* def __VMS */ + if( !logfp ) logfp = stderr; if( pgm_name ) Modified: branches/STABLE-BRANCH-1-4/util/secmem.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/secmem.c 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/util/secmem.c 2010-09-28 15:55:24 UTC (rev 5427) @@ -189,7 +189,11 @@ && errno != ENOMEM #endif ) - log_error("can't lock memory: %s\n", strerror(err)); +#ifdef __VMS + log_warning ("can't lock memory: %s\n", strerror(err)); +#else + log_error ("can't lock memory: %s\n", strerror(err)); +#endif show_warning = 1; } Modified: branches/STABLE-BRANCH-1-4/util/srv.c =================================================================== --- branches/STABLE-BRANCH-1-4/util/srv.c 2010-09-28 13:21:42 UTC (rev 5426) +++ branches/STABLE-BRANCH-1-4/util/srv.c 2010-09-28 15:55:24 UTC (rev 5427) @@ -36,7 +36,10 @@ /* Not every installation has gotten around to supporting SRVs yet... */ #ifndef T_SRV -#define T_SRV 33 +# define T_SRV 33 +# ifdef __VMS +# include "cert_vms.h" +# endif /* def __VMS */ #endif static int From cvs at cvs.gnupg.org Tue Sep 28 18:04:48 2010 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 28 Sep 2010 18:04:48 +0200 Subject: [svn] GnuPG - r5428 - trunk/doc Message-ID: Author: dshaw Date: 2010-09-28 18:04:47 +0200 (Tue, 28 Sep 2010) New Revision: 5428 Modified: trunk/doc/ChangeLog trunk/doc/gpg.texi Log: Clarify that --force-v3-sigs disables (not enables) v4 options Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2010-09-28 15:55:24 UTC (rev 5427) +++ trunk/doc/ChangeLog 2010-09-28 16:04:47 UTC (rev 5428) @@ -1,3 +1,9 @@ +2010-09-28 David Shaw + + * gpg.texi (OpenPGP Options): Clarify that --force-v3-sigs + disables (not enables) v4 options. --force-v3-sigs defaults to + no. + 2010-08-18 Werner Koch * tools.texi (watchgnupg): Add examples section. @@ -796,7 +802,7 @@ * Makefile.am, gpgsm.texi: New. - Copyright 2002, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. + Copyright 2002, 2004, 2005, 2006, 2007, 2008, 2010 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without Modified: trunk/doc/gpg.texi =================================================================== --- trunk/doc/gpg.texi 2010-09-28 15:55:24 UTC (rev 5427) +++ trunk/doc/gpg.texi 2010-09-28 16:04:47 UTC (rev 5428) @@ -1,5 +1,5 @@ @c Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - at c 2008, 2009 Free Software Foundation, Inc. + at c 2008, 2009, 2010 Free Software Foundation, Inc. @c This is part of the GnuPG manual. @c For copying conditions, see the file gnupg.texi. @@ -1964,10 +1964,11 @@ OpenPGP states that an implementation should generate v4 signatures but PGP versions 5 through 7 only recognize v4 signatures on key material. This option forces v3 signatures for signatures on data. -Note that this option implies @option{--ask-sig-expire}, +Note that this option implies @option{--no-ask-sig-expire}, and unsets @option{--sig-policy-url}, @option{--sig-notation}, and @option{--sig-keyserver-url}, as these features cannot be used with v3 signatures. @option{--no-force-v3-sigs} disables this option. +Defaults to no. @item --force-v4-certs @itemx --no-force-v4-certs @@ -2541,10 +2542,7 @@ When making a data signature, prompt for an expiration time. If this option is not specified, the expiration time set via @option{--default-sig-expire} is used. @option{--no-ask-sig-expire} -disables this option. Note that by default, @option{--force-v3-sigs} is -set which also disables this option. If you want signature expiration, -you must set @option{--no-force-v3-sigs} as well as turning - at option{--ask-sig-expire} on. +disables this option. @item --default-sig-expire The default expiration time to use for signature expiration. Valid From cvs at cvs.gnupg.org Tue Sep 28 18:13:25 2010 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 28 Sep 2010 18:13:25 +0200 Subject: [svn] GnuPG - r5429 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2010-09-28 18:13:24 +0200 (Tue, 28 Sep 2010) New Revision: 5429 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/options.skel Log: * options.skel: Make the example for force-v3-sigs match reality (it has defaulted to off since 2007-10-22). Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-09-28 16:04:47 UTC (rev 5428) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2010-09-28 16:13:24 UTC (rev 5429) @@ -1,3 +1,8 @@ +2010-09-28 David Shaw + + * options.skel: Make the example for force-v3-sigs match + reality (it has defaulted to off since 2007-10-22). + 2010-09-28 Steven M. Schweda (wk) Changes to help the VMS port. See Modified: branches/STABLE-BRANCH-1-4/g10/options.skel =================================================================== --- branches/STABLE-BRANCH-1-4/g10/options.skel 2010-09-28 16:04:47 UTC (rev 5428) +++ branches/STABLE-BRANCH-1-4/g10/options.skel 2010-09-28 16:13:24 UTC (rev 5429) @@ -2,7 +2,8 @@ # the users home directory. # $Id$ # Options for GnuPG -# Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# Copyright 1998, 1999, 2000, 2001, 2002, 2003, +# 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -47,12 +48,12 @@ #encrypt-to some-key-id -# By default GnuPG creates version 3 signatures for data files. This -# is not strictly OpenPGP compliant but PGP 6 and most versions of PGP -# 7 require them. To disable this behavior, you may use this option -# or --openpgp. +# By default GnuPG creates version 4 signatures for data files as +# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP +# require the older version 3 signatures. Setting this option forces +# GnuPG to create version 3 signatures. -#no-force-v3-sigs +#force-v3-sigs # Because some mailers change lines starting with "From " to ">From " # it is good to handle such lines in a special way when creating From cvs at cvs.gnupg.org Tue Sep 28 18:17:31 2010 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 28 Sep 2010 18:17:31 +0200 Subject: [svn] GnuPG - r5430 - trunk/g10 Message-ID: Author: dshaw Date: 2010-09-28 18:17:30 +0200 (Tue, 28 Sep 2010) New Revision: 5430 Modified: trunk/g10/ChangeLog trunk/g10/options.skel Log: * options.skel: Make the example for force-v3-sigs match reality (it has defaulted to off since 2007-10-25). Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2010-09-28 16:13:24 UTC (rev 5429) +++ trunk/g10/ChangeLog 2010-09-28 16:17:30 UTC (rev 5430) @@ -1,3 +1,8 @@ +2010-09-28 David Shaw + + * options.skel: Make the example for force-v3-sigs match + reality (it has defaulted to off since 2007-10-25). + 2010-09-06 Werner Koch * card-util.c (card_status): Remove stub creation for GnuPG >= 2. Modified: trunk/g10/options.skel =================================================================== --- trunk/g10/options.skel 2010-09-28 16:13:24 UTC (rev 5429) +++ trunk/g10/options.skel 2010-09-28 16:17:30 UTC (rev 5430) @@ -2,7 +2,8 @@ # the users home directory. # $Id$ # Options for GnuPG -# Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# Copyright 1998, 1999, 2000, 2001, 2002, 2003, +# 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -39,12 +40,12 @@ #default-recipient some-user-id #default-recipient-self -# By default GnuPG creates version 3 signatures for data files. This -# is not strictly OpenPGP compliant but PGP 6 and most versions of PGP -# 7 require them. To disable this behavior, you may use this option -# or --openpgp. +# By default GnuPG creates version 4 signatures for data files as +# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP +# require the older version 3 signatures. Setting this option forces +# GnuPG to create version 3 signatures. -#no-force-v3-sigs +#force-v3-sigs # Because some mailers change lines starting with "From " to ">From " # it is good to handle such lines in a special way when creating From cvs at cvs.gnupg.org Wed Sep 29 10:43:56 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 29 Sep 2010 10:43:56 +0200 Subject: [svn] GnuPG - r5431 - branches/STABLE-BRANCH-2-0/g10 Message-ID: Author: wk Date: 2010-09-29 10:43:55 +0200 (Wed, 29 Sep 2010) New Revision: 5431 Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog branches/STABLE-BRANCH-2-0/g10/call-agent.c branches/STABLE-BRANCH-2-0/g10/options.skel Log: Add missing space to Assuan command Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-09-28 16:17:30 UTC (rev 5430) +++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-09-29 08:43:55 UTC (rev 5431) @@ -1,7 +1,16 @@ +2010-09-29 Werner Koch + + * call-agent.c (agent_scd_pksign): Add missing space. + +2010-09-28 David Shaw (wk) + + * options.skel: Make the example for force-v3-sigs match + reality (it has defaulted to off since 2007-10-25). + 2010-09-28 Werner Koch * keyedit.c (show_key_with_all_names): Make revocation hint - cleared. Fixes bug#1234. + more clear. Fixes bug#1234. * call-agent.c (hash_algo_option): New. (agent_scd_pksign): Use it. Modified: branches/STABLE-BRANCH-2-0/g10/call-agent.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/call-agent.c 2010-09-28 16:17:30 UTC (rev 5430) +++ branches/STABLE-BRANCH-2-0/g10/call-agent.c 2010-09-29 08:43:55 UTC (rev 5431) @@ -956,7 +956,7 @@ snprintf (line, DIM(line)-1, "SCD PKAUTH %s", serialno); else #endif - snprintf (line, DIM(line)-1, "SCD PKSIGN %s%s", + snprintf (line, DIM(line)-1, "SCD PKSIGN %s %s", hash_algo_option (hashalgo), serialno); line[DIM(line)-1] = 0; rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data, Modified: branches/STABLE-BRANCH-2-0/g10/options.skel =================================================================== --- branches/STABLE-BRANCH-2-0/g10/options.skel 2010-09-28 16:17:30 UTC (rev 5430) +++ branches/STABLE-BRANCH-2-0/g10/options.skel 2010-09-29 08:43:55 UTC (rev 5431) @@ -2,7 +2,8 @@ # the users home directory. # $Id$ # Options for GnuPG -# Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# Copyright 1998, 1999, 2000, 2001, 2002, 2003, +# 2010 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -39,12 +40,12 @@ #default-recipient some-user-id #default-recipient-self -# By default GnuPG creates version 3 signatures for data files. This -# is not strictly OpenPGP compliant but PGP 6 and most versions of PGP -# 7 require them. To disable this behavior, you may use this option -# or --openpgp. +# By default GnuPG creates version 4 signatures for data files as +# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP +# require the older version 3 signatures. Setting this option forces +# GnuPG to create version 3 signatures. -#no-force-v3-sigs +#force-v3-sigs # Because some mailers change lines starting with "From " to ">From " # it is good to handle such lines in a special way when creating From cvs at cvs.gnupg.org Wed Sep 29 20:42:44 2010 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 29 Sep 2010 20:42:44 +0200 Subject: [svn] GnuPG - r5432 - branches/STABLE-BRANCH-2-0/g10 Message-ID: Author: wk Date: 2010-09-29 20:42:43 +0200 (Wed, 29 Sep 2010) New Revision: 5432 Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog branches/STABLE-BRANCH-2-0/g10/keygen.c Log: Fix memory leak Modified: branches/STABLE-BRANCH-2-0/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-09-29 08:43:55 UTC (rev 5431) +++ branches/STABLE-BRANCH-2-0/g10/ChangeLog 2010-09-29 18:42:43 UTC (rev 5432) @@ -1,5 +1,7 @@ 2010-09-29 Werner Koch + * keygen.c (key_from_sexp): Fix memory leak in the error case. + * call-agent.c (agent_scd_pksign): Add missing space. 2010-09-28 David Shaw (wk) Modified: branches/STABLE-BRANCH-2-0/g10/keygen.c =================================================================== --- branches/STABLE-BRANCH-2-0/g10/keygen.c 2010-09-29 08:43:55 UTC (rev 5431) +++ branches/STABLE-BRANCH-2-0/g10/keygen.c 2010-09-29 18:42:43 UTC (rev 5432) @@ -1098,7 +1098,7 @@ { for (i=0; i Author: wk Date: 2010-09-30 17:17:08 +0200 (Thu, 30 Sep 2010) New Revision: 238 Modified: trunk/ChangeLog trunk/gtk+-2/pinentry-gtk-2.c trunk/pinentry/pinentry.c trunk/pinentry/pinentry.h Log: Return a bit of button info. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2010-09-22 11:30:06 UTC (rev 237) +++ trunk/ChangeLog 2010-09-30 15:17:08 UTC (rev 238) @@ -1,3 +1,10 @@ +2010-09-30 Werner Koch + + * pinentry/pinentry.h (struct pinentry): Add CLOSE_BUTTON. + * pinentry/pinentry.c (cmd_getpin, cmd_confirm, cmd_message): Send + BUTTON_INFO. + * gtk+-2/pinentry-gtk-2.c (delete_event): Set close_button. + 2010-09-22 Werner Koch * gtk+-2/pinentry-gtk-2.c (create_window): Make use of Modified: trunk/gtk+-2/pinentry-gtk-2.c =================================================================== --- trunk/gtk+-2/pinentry-gtk-2.c 2010-09-22 11:30:06 UTC (rev 237) +++ trunk/gtk+-2/pinentry-gtk-2.c 2010-09-30 15:17:08 UTC (rev 238) @@ -1,7 +1,7 @@ /* pinentry-gtk-2.c Copyright (C) 1999 Robert Bihlmeyer Copyright (C) 2001, 2002, 2007 g10 Code GmbH - Copyright (C) 2004 by Albrecht Dre?? + Copyright (C) 2004 by Albrecht Dre? pinentry-gtk-2 is a pinentry application for the Gtk+-2 widget set. It tries to follow the Gnome Human Interface Guide as close as @@ -161,6 +161,7 @@ static int delete_event (GtkWidget *widget, GdkEvent *event, gpointer data) { + pinentry->close_button = 1; gtk_main_quit (); return TRUE; } Modified: trunk/pinentry/pinentry.c =================================================================== --- trunk/pinentry/pinentry.c 2010-09-22 11:30:06 UTC (rev 237) +++ trunk/pinentry/pinentry.c 2010-09-30 15:17:08 UTC (rev 238) @@ -80,7 +80,8 @@ 0, /* Parent Window ID. */ NULL, /* Touch file. */ 0, /* Result. */ - 0, /* Result Not-OK. */ + 0, /* Canceled. */ + 0, /* Close button flag. */ 0, /* Locale error flag. */ 0, /* One-button flag. */ NULL, /* Quality-Bar flag and description. */ @@ -890,6 +891,7 @@ set_prompt = 1; } pinentry.locale_err = 0; + pinentry.close_button = 0; pinentry.one_button = 0; pinentry.ctx_assuan = ctx; result = (*pinentry_cmd_handler) (&pinentry); @@ -904,6 +906,9 @@ pinentry.quality_bar = 0; /* Reset it after the command. */ + if (pinentry.close_button) + assuan_write_status (ctx, "BUTTON_INFO", "close"); + if (result < 0) { if (pinentry.pin) @@ -945,6 +950,7 @@ pinentry.one_button = !!strstr (line, "--one-button"); pinentry.quality_bar = 0; + pinentry.close_button = 0; pinentry.locale_err = 0; pinentry.canceled = 0; result = (*pinentry_cmd_handler) (&pinentry); @@ -954,6 +960,9 @@ pinentry.error = NULL; } + if (pinentry.close_button) + assuan_write_status (ctx, "BUTTON_INFO", "close"); + return result ? 0 : (pinentry.locale_err? ASSUAN_Locale_Problem : (pinentry.one_button @@ -971,6 +980,7 @@ pinentry.one_button = 1; pinentry.quality_bar = 0; + pinentry.close_button = 0; pinentry.locale_err = 0; result = (*pinentry_cmd_handler) (&pinentry); if (pinentry.error) @@ -979,6 +989,9 @@ pinentry.error = NULL; } + if (pinentry.close_button) + assuan_write_status (ctx, "BUTTON_INFO", "close"); + return result ? 0 : (pinentry.locale_err? ASSUAN_Locale_Problem : 0); Modified: trunk/pinentry/pinentry.h =================================================================== --- trunk/pinentry/pinentry.h 2010-09-22 11:30:06 UTC (rev 237) +++ trunk/pinentry/pinentry.h 2010-09-30 15:17:08 UTC (rev 238) @@ -98,6 +98,11 @@ conversion occured. */ int locale_err; + /* The user should set this to true if the window close button has + been used. This flag is used in addition to a regular return + value. */ + int close_button; + /* The caller should set this to true if only one button is required. This is useful for notification dialogs where only a dismiss button is required. */