From cvs at cvs.gnupg.org Tue Feb 1 16:35:11 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 01 Feb 2011 16:35:11 +0100 Subject: [git] GCRYPT - branch, ECC-INTEGRATION-1-5, updated. libgcrypt-1.4.4-63-gdbf7709 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, ECC-INTEGRATION-1-5 has been updated via dbf7709d6339f74d7a88c96440e92576f3109486 (commit) via 5c4179860ef0b31b4c6ba957be9fa707a0ba7d9b (commit) from 7cb0d357f1564b2ba3fdde707bd9ee7272059d5b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dbf7709d6339f74d7a88c96440e92576f3109486 Author: Werner Koch Date: Tue Feb 1 16:13:37 2011 +0100 Handle opaque MPIs in gcry_mpi_cmp diff --git a/NEWS b/NEWS index 382927e..2bcf35a 100644 --- a/NEWS +++ b/NEWS @@ -22,7 +22,10 @@ Noteworthy changes in version 1.5.x (unreleased) * gcry_sexp_build does now support opaque MPIs with "%m". - * New function gcry_pk_get_curve to map ECC parameters to a curve name. + * New function gcry_pk_get_curve to map ECC parameters to a curve + name. + + * gcry_mpi_cmp applied to opaque values has a defined semantic now. * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 663ca5e..886c396 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -4507,7 +4507,10 @@ The next 2 functions are used to compare MPIs: Compare the multi-precision-integers number @var{u} and @var{v} returning 0 for equality, a positive value for @var{u} > @var{v} and a -negative for @var{u} < @var{v}. +negative for @var{u} < @var{v}. If both numbers are opaque values +(cf, gcry_mpi_set_opaque) the comparison is done by checking the bit +sizes using memcmp. If only one number is an opaque value, the opaque +value is less than the other number. @end deftypefun @deftypefun int gcry_mpi_cmp_ui (@w{const gcry_mpi_t @var{u}}, @w{unsigned long @var{v}}) diff --git a/mpi/ChangeLog b/mpi/ChangeLog index fb6ea33..2bf3f2b 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,7 @@ +2011-02-01 Werner Koch + + * mpi-cmp.c (gcry_mpi_cmp): Allow comparing of opaque MPIs. + 2010-04-12 Brad Hards (wk) Spelling fixes. diff --git a/mpi/mpi-cmp.c b/mpi/mpi-cmp.c index 9dd1083..30e1fce 100644 --- a/mpi/mpi-cmp.c +++ b/mpi/mpi-cmp.c @@ -53,6 +53,7 @@ gcry_mpi_cmp_ui (gcry_mpi_t u, unsigned long v) return 1; } + int gcry_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v) { @@ -60,31 +61,47 @@ gcry_mpi_cmp (gcry_mpi_t u, gcry_mpi_t v) mpi_size_t vsize; int cmp; - _gcry_mpi_normalize (u); - _gcry_mpi_normalize (v); - - usize = u->nlimbs; - vsize = v->nlimbs; + if (mpi_is_opaque (u) || mpi_is_opaque (v)) + { + if (mpi_is_opaque (u) && !mpi_is_opaque (v)) + return -1; + if (!mpi_is_opaque (u) && mpi_is_opaque (v)) + return 1; + if (!u->sign && !v->sign) + return 0; /* Empty buffers are identical. */ + if (u->sign < v->sign) + return -1; + if (u->sign > v->sign) + return 1; + return memcmp (u->d, v->d, (u->sign+7)/8); + } + else + { + _gcry_mpi_normalize (u); + _gcry_mpi_normalize (v); - /* Compare sign bits. */ + usize = u->nlimbs; + vsize = v->nlimbs; - if (!u->sign && v->sign) - return 1; - if (u->sign && !v->sign) - return -1; + /* Compare sign bits. */ - /* U and V are either both positive or both negative. */ + if (!u->sign && v->sign) + return 1; + if (u->sign && !v->sign) + return -1; - if( usize != vsize && !u->sign && !v->sign ) - return usize - vsize; - if( usize != vsize && u->sign && v->sign ) - return vsize + usize; - if( !usize ) - return 0; - if( !(cmp = _gcry_mpih_cmp( u->d, v->d, usize )) ) - return 0; - if( (cmp < 0?1:0) == (u->sign?1:0)) - return 1; + /* U and V are either both positive or both negative. */ + if (usize != vsize && !u->sign && !v->sign) + return usize - vsize; + if (usize != vsize && u->sign && v->sign) + return vsize + usize; + if (!usize ) + return 0; + if (!(cmp = _gcry_mpih_cmp (u->d, v->d, usize))) + return 0; + if ((cmp < 0?1:0) == (u->sign?1:0)) + return 1; + } return -1; } commit 5c4179860ef0b31b4c6ba957be9fa707a0ba7d9b Author: Werner Koch Date: Tue Feb 1 10:40:50 2011 +0100 Add gcry_pk_get_curve. diff --git a/NEWS b/NEWS index 48b2e06..382927e 100644 --- a/NEWS +++ b/NEWS @@ -22,12 +22,15 @@ Noteworthy changes in version 1.5.x (unreleased) * gcry_sexp_build does now support opaque MPIs with "%m". + * New function gcry_pk_get_curve to map ECC parameters to a curve name. + * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_CIPHER_MODE_AESWRAP NEW. GCRY_PK_ECDH NEW. GCRY_MD_TIGER1 NEW. GCRY_MD_TIGER2 NEW. + gcry_pk_get_curve NEW. Noteworthy changes in version 1.4.4 (2009-01-22) diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 0f33f7a..a32d543 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,8 @@ +2011-02-01 Werner Koch + + * pubkey.c (gcry_pk_get_curve): New. + * ecc.c (ecc_get_curve): New. + 2011-01-31 Werner Koch * ecc.c (ecc_encrypt_raw, ecc_decrypt_raw): Do not free passed diff --git a/cipher/ecc.c b/cipher/ecc.c index 8b60895..215fcfb 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1107,6 +1107,90 @@ ecc_get_param (const char *name, gcry_mpi_t *pkey) } +/* Return the name matching the parameters in PKEY. */ +static const char * +ecc_get_curve (gcry_mpi_t *pkey, int iterator, unsigned int *r_nbits) +{ + gpg_err_code_t err; + elliptic_curve_t E; + int idx; + gcry_mpi_t tmp; + const char *result = NULL; + + if (r_nbits) + *r_nbits = 0; + + if (!pkey) + { + idx = iterator; + if (idx >= 0 && idx < DIM (domain_parms)) + { + result = domain_parms[idx].desc; + if (r_nbits) + *r_nbits = domain_parms[idx].nbits; + } + return result; + } + + if (!pkey[0] || !pkey[1] || !pkey[2] || !pkey[3] || !pkey[4]) + return NULL; + + E.p = pkey[0]; + E.a = pkey[1]; + E.b = pkey[2]; + point_init (&E.G); + err = os2ec (&E.G, pkey[3]); + if (err) + { + point_free (&E.G); + return NULL; + } + E.n = pkey[4]; + + for (idx = 0; domain_parms[idx].desc; idx++) + { + tmp = scanval (domain_parms[idx].p); + if (!mpi_cmp (tmp, E.p)) + { + mpi_free (tmp); + tmp = scanval (domain_parms[idx].a); + if (!mpi_cmp (tmp, E.a)) + { + mpi_free (tmp); + tmp = scanval (domain_parms[idx].b); + if (!mpi_cmp (tmp, E.b)) + { + mpi_free (tmp); + tmp = scanval (domain_parms[idx].n); + if (!mpi_cmp (tmp, E.n)) + { + mpi_free (tmp); + tmp = scanval (domain_parms[idx].g_x); + if (!mpi_cmp (tmp, E.G.x)) + { + mpi_free (tmp); + tmp = scanval (domain_parms[idx].g_y); + if (!mpi_cmp (tmp, E.G.y)) + { + result = domain_parms[idx].desc; + if (r_nbits) + *r_nbits = domain_parms[idx].nbits; + break; + } + } + } + } + } + } + mpi_free (tmp); + } + + point_free (&E.G); + + return result; +} + + static gcry_err_code_t ecc_check_secret_key (int algo, gcry_mpi_t *skey) { @@ -1674,5 +1758,6 @@ pk_extra_spec_t _gcry_pubkey_extraspec_ecdsa = run_selftests, ecc_generate_ext, compute_keygrip, - ecc_get_param + ecc_get_param, + ecc_get_curve }; diff --git a/cipher/pubkey.c b/cipher/pubkey.c index b2de4e6..b4ac214 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -2482,6 +2482,85 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) } + +const char * +gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) +{ + gcry_mpi_t *pkey = NULL; + gcry_sexp_t list = NULL; + gcry_sexp_t l2; + gcry_module_t module = NULL; + pk_extra_spec_t *extraspec; + char *name = NULL; + const char *result = NULL; + int want_private = 1; + + if (r_nbits) + *r_nbits = 0; + + REGISTER_DEFAULT_PUBKEYS; + + if (key) + { + iterator = 0; + + /* Check that the first element is valid. */ + list = gcry_sexp_find_token (key, "public-key", 0); + if (list) + want_private = 0; + if (!list) + list = gcry_sexp_find_token (key, "private-key", 0); + if (!list) + return NULL; /* No public- or private-key object. */ + + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + l2 = NULL; + + name = _gcry_sexp_nth_string (list, 0); + if (!name) + goto leave; /* Invalid structure of object. */ + + /* Get the key. */ + if (sexp_to_key (key, want_private, &pkey, &module)) + goto leave; + } + else + { + ath_mutex_lock (&pubkeys_registered_lock); + module = gcry_pk_lookup_name ("ecc"); + ath_mutex_unlock (&pubkeys_registered_lock); + if (!module) + goto leave; + } + + extraspec = module->extraspec; + if (!extraspec || !extraspec->get_curve) + goto leave; + + result = extraspec->get_curve (pkey, iterator, r_nbits); + + leave: + if (pkey) + { + release_mpi_array (pkey); + gcry_free (pkey); + } + if (module) + { + ath_mutex_lock (&pubkeys_registered_lock); + _gcry_module_release (module); + ath_mutex_unlock (&pubkeys_registered_lock); + } + gcry_free (name); + gcry_sexp_release (list); + return result; +} + + + + gcry_error_t gcry_pk_ctl (int cmd, void *buffer, size_t buflen) { diff --git a/src/ChangeLog b/src/ChangeLog index f2fbb32..b59f1c1 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,10 @@ +2011-02-01 Werner Koch + + * libgcrypt.vers (gcry_pk_get_curve): Add. + * libgcrypt.def (gcry_pk_get_curve): Add. + * visibility.c (gcry_pk_get_curve): New. + * cipher-proto.h (pk_extra_spec): Add field GET_CURVE. + 2011-01-31 Werner Koch * sexp.c (vsexp_sscan): Allow opaque MPIs in "%m". diff --git a/src/cipher-proto.h b/src/cipher-proto.h index 2153236..ea7a70d 100644 --- a/src/cipher-proto.h +++ b/src/cipher-proto.h @@ -1,5 +1,5 @@ /* cipher-proto.h - Internal declarations - * Copyright (C) 2008 Free Software Foundation, Inc. + * Copyright (C) 2008, 2011 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -53,10 +53,14 @@ typedef gcry_err_code_t (*pk_ext_generate_t) typedef gpg_err_code_t (*pk_comp_keygrip_t) (gcry_md_hd_t md, gcry_sexp_t keyparm); -/* The type used to quert ECC curve parameters. */ +/* The type used to query ECC curve parameters. */ typedef gcry_err_code_t (*pk_get_param_t) (const char *name, gcry_mpi_t *pkey); +/* The type used to query an ECC curve name. */ +typedef const char *(*pk_get_curve_t)(gcry_mpi_t *pkey, int iterator, + unsigned int *r_nbits); + /* The type used to convey additional information to a cipher. */ typedef gpg_err_code_t (*cipher_set_extra_info_t) (void *c, int what, const void *buffer, size_t buflen); @@ -82,6 +86,7 @@ typedef struct pk_extra_spec pk_ext_generate_t ext_generate; pk_comp_keygrip_t comp_keygrip; pk_get_param_t get_param; + pk_get_curve_t get_curve; } pk_extra_spec_t; diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 9c58b98..2509978 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1037,6 +1037,10 @@ unsigned int gcry_pk_get_nbits (gcry_sexp_t key) _GCRY_GCC_ATTR_PURE; used without contacting the author. */ unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array); +/* Return the name of the curve matching KEY. */ +const char *gcry_pk_get_curve (gcry_sexp_t key, int iterator, + unsigned int *r_nbits); + /* Return 0 if the public key algorithm A is available for use. */ #define gcry_pk_test_algo(a) \ gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) diff --git a/src/libgcrypt.def b/src/libgcrypt.def index 8fc4d32..55ff877 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -230,8 +230,7 @@ EXPORTS gcry_cipher_setkey @188 gcry_cipher_setiv @189 gcry_cipher_setctr @190 - - gcry_mpi_lshift @191 - + gcry_mpi_lshift @191 + gcry_pk_get_curve @192 diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index ef9fcee..4670436 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -57,6 +57,7 @@ GCRYPT_1.2 { gcry_pk_get_keygrip; gcry_pk_get_nbits; gcry_pk_list; gcry_pk_map_name; gcry_pk_register; gcry_pk_sign; gcry_pk_testkey; gcry_pk_unregister; gcry_pk_verify; + gcry_pk_get_curve; gcry_ac_data_new; gcry_ac_data_destroy; gcry_ac_data_copy; gcry_ac_data_length; gcry_ac_data_clear; gcry_ac_data_set; diff --git a/src/visibility.c b/src/visibility.c index f187a65..fe6d9bd 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1,5 +1,5 @@ /* visibility.c - Wrapper for all public functions. - * Copyright (C) 2007, 2008 Free Software Foundation, Inc. + * Copyright (C) 2007, 2008, 2011 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -737,6 +737,17 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) return _gcry_pk_get_keygrip (key, array); } +const char * +gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) +{ + if (!fips_is_operational ()) + { + (void)fips_not_operational (); + return NULL; + } + return _gcry_pk_get_curve (key, iterator, r_nbits); +} + gcry_error_t gcry_pk_list (int *list, int *list_length) { diff --git a/src/visibility.h b/src/visibility.h index a11e547..0b0219d 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -103,6 +103,7 @@ #define gcry_pk_encrypt _gcry_pk_encrypt #define gcry_pk_genkey _gcry_pk_genkey #define gcry_pk_get_keygrip _gcry_pk_get_keygrip +#define gcry_pk_get_curve _gcry_pk_get_curve #define gcry_pk_get_nbits _gcry_pk_get_nbits #define gcry_pk_list _gcry_pk_list #define gcry_pk_map_name _gcry_pk_map_name @@ -358,6 +359,7 @@ void gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n); #undef gcry_pk_encrypt #undef gcry_pk_genkey #undef gcry_pk_get_keygrip +#undef gcry_pk_get_curve #undef gcry_pk_get_nbits #undef gcry_pk_list #undef gcry_pk_map_name @@ -568,6 +570,7 @@ MARK_VISIBLE (gcry_pk_decrypt) MARK_VISIBLE (gcry_pk_encrypt) MARK_VISIBLE (gcry_pk_genkey) MARK_VISIBLE (gcry_pk_get_keygrip) +MARK_VISIBLE (gcry_pk_get_curve) MARK_VISIBLE (gcry_pk_get_nbits) MARK_VISIBLE (gcry_pk_list) MARK_VISIBLE (gcry_pk_map_name) diff --git a/tests/ChangeLog b/tests/ChangeLog index 64bad3e..1836d0e 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,7 @@ +2011-02-01 Werner Koch + + * curves.c: New. + 2011-01-04 Werner Koch * Makefile.am (LDADD): Fix typo in last change. Reported by diff --git a/tests/Makefile.am b/tests/Makefile.am index 59cc5c4..bf26f68 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -19,7 +19,8 @@ ## Process this file with automake to produce Makefile.in TESTS = version t-mpi-bit prime register ac ac-schemes ac-data basic \ - mpitests tsexp keygen pubkey hmac keygrip fips186-dsa aeswrap + mpitests tsexp keygen pubkey hmac keygrip fips186-dsa aeswrap \ + curves # random.c uses fork() thus a test for W32 does not make any sense. diff --git a/tests/curves.c b/tests/curves.c new file mode 100644 index 0000000..dcf501a --- /dev/null +++ b/tests/curves.c @@ -0,0 +1,175 @@ +/* curves.c - ECC curves regression tests + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include + +#include "../src/gcrypt.h" + +/* Number of curves defined in ../cipger/ecc.c */ +#define N_CURVES 12 + +/* A real world sample public key. */ +static char const sample_key_1[] = +"(public-key\n" +" (ecdsa\n" +" (p #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF#)\n" +" (a #00FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC#)\n" +" (b #5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B#)\n" +" (g #046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5#)\n" +" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)\n" +" (q #0442B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146EE" + "86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E#)\n" +" ))"; +static char const sample_key_1_curve[] = "NIST P-256"; +static unsigned int sample_key_1_nbits = 256; + +/* A made up sample public key. */ +static char const sample_key_2[] = +"(public-key\n" +" (ecdh\n" +" (p #e95e4a5f737059dc60dfc7ad95b3d8139515620f#)\n" +" (a #340e7be2a280eb74e2be61bada745d97e8f7c300#)\n" +" (b #1e589a8595423412134faa2dbdec95c8d8675e58#)\n" +" (g #04bed5af16ea3f6a4f62938c4631eb5af7bdbcdbc3" + "1667cb477a1a8ec338f94741669c976316da6321#)\n" +" (n #e95e4a5f737059dc60df5991d45029409e60fc09#)\n" +" (q #041111111111111111111111111111111111111111" + "2222222222222222222222222222222222222222#)\n" +" ))"; +static char const sample_key_2_curve[] = "brainpoolP160r1"; +static unsigned int sample_key_2_nbits = 160; + + +/* Program option flags. */ +static int verbose; +static int error_count; + +static void +fail (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + error_count++; +} + +static void +die (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + exit (1); +} + + +static void +list_curves (void) +{ + int idx; + const char *name; + unsigned int nbits; + + for (idx=0; (name = gcry_pk_get_curve (NULL, idx, &nbits)); idx++) + { + if (verbose) + printf ("%s - %u bits\n", name, nbits); + } + if (idx != N_CURVES) + fail ("expected %d curves but got %d\n", N_CURVES, idx); + if (gcry_pk_get_curve (NULL, -1, NULL)) + fail ("curve iteration failed\n"); +} + + +static void +check_matching (void) +{ + gpg_error_t err; + gcry_sexp_t key; + const char *name; + unsigned int nbits; + + err = gcry_sexp_new (&key, sample_key_1, 0, 1); + if (err) + die ("parsing s-expression string failed: %s\n", gpg_strerror (err)); + name = gcry_pk_get_curve (key, 0, &nbits); + if (!name) + fail ("curve name not found for sample_key_1\n"); + else if (strcmp (name, sample_key_1_curve)) + fail ("expected curve name %s but got %s for sample_key_1\n", + sample_key_1_curve, name); + else if (nbits != sample_key_1_nbits) + fail ("expected curve size %u but got %u for sample_key_1\n", + sample_key_1_nbits, nbits); + + gcry_sexp_release (key); + + err = gcry_sexp_new (&key, sample_key_2, 0, 1); + if (err) + die ("parsing s-expression string failed: %s\n", gpg_strerror (err)); + name = gcry_pk_get_curve (key, 0, &nbits); + if (!name) + fail ("curve name not found for sample_key_2\n"); + else if (strcmp (name, sample_key_2_curve)) + fail ("expected curve name %s but got %s for sample_key_2\n", + sample_key_2_curve, name); + else if (nbits != sample_key_2_nbits) + fail ("expected curve size %u but got %u for sample_key_2\n", + sample_key_2_nbits, nbits); + + gcry_sexp_release (key); +} + + + +int +main (int argc, char **argv) +{ + int debug = 0; + + if (argc > 1 && !strcmp (argv[1], "--verbose")) + verbose = 1; + else if (argc > 1 && !strcmp (argv[1], "--debug")) + verbose = debug = 1; + + if (!gcry_check_version (GCRYPT_VERSION)) + die ("version mismatch\n"); + + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + list_curves (); + check_matching (); + + return error_count ? 1 : 0; +} ----------------------------------------------------------------------- Summary of changes: NEWS | 6 ++ cipher/ChangeLog | 5 ++ cipher/ecc.c | 87 +++++++++++++++++++++++++- cipher/pubkey.c | 79 +++++++++++++++++++++++ doc/gcrypt.texi | 5 +- mpi/ChangeLog | 4 + mpi/mpi-cmp.c | 59 +++++++++++------ src/ChangeLog | 7 ++ src/cipher-proto.h | 9 ++- src/gcrypt.h.in | 4 + src/libgcrypt.def | 5 +- src/libgcrypt.vers | 1 + src/visibility.c | 13 ++++- src/visibility.h | 3 + tests/ChangeLog | 4 + tests/Makefile.am | 3 +- tests/curves.c | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 17 files changed, 439 insertions(+), 30 deletions(-) create mode 100644 tests/curves.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 1 18:57:14 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 01 Feb 2011 18:57:14 +0100 Subject: [git] GCRYPT - branch, ECC-INTEGRATION-1-5, updated. libgcrypt-1.4.4-64-g8cf24dd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, ECC-INTEGRATION-1-5 has been updated via 8cf24ddb162b66aa2e64e4a3e596bb87fdc7dec3 (commit) from dbf7709d6339f74d7a88c96440e92576f3109486 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8cf24ddb162b66aa2e64e4a3e596bb87fdc7dec3 Author: Werner Koch Date: Tue Feb 1 18:31:57 2011 +0100 Add function gcry_pk_get_param. Also changed quite some trailing white spaces. I never configured that in Emacs but git diff annoys me with red lines and thus it seems better to use nuke-trailing-whitespace autmatically. Sorry for the extra diff lines. A diff filter should help to not show those changes. diff --git a/NEWS b/NEWS index 2bcf35a..374c31e 100644 --- a/NEWS +++ b/NEWS @@ -22,8 +22,8 @@ Noteworthy changes in version 1.5.x (unreleased) * gcry_sexp_build does now support opaque MPIs with "%m". - * New function gcry_pk_get_curve to map ECC parameters to a curve - name. + * New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC + parameters to a curve name and to retrieve parameter values. * gcry_mpi_cmp applied to opaque values has a defined semantic now. @@ -34,6 +34,7 @@ Noteworthy changes in version 1.5.x (unreleased) GCRY_MD_TIGER1 NEW. GCRY_MD_TIGER2 NEW. gcry_pk_get_curve NEW. + gcry_pk_get_param NEW. Noteworthy changes in version 1.4.4 (2009-01-22) diff --git a/cipher/ChangeLog b/cipher/ChangeLog index a32d543..e584312 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,7 +1,11 @@ 2011-02-01 Werner Koch * pubkey.c (gcry_pk_get_curve): New. + (sexp_to_key): Add arg OVERRIDE_ELEMS. + (sexp_elements_extract_ecc): Allow for params only. + (gcry_pk_get_param): New. * ecc.c (ecc_get_curve): New. + (ecc_get_param_sexp): New. 2011-01-31 Werner Koch diff --git a/cipher/ecc.c b/cipher/ecc.c index 215fcfb..eca95eb 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1071,7 +1071,7 @@ ecc_generate (int algo, unsigned int nbits, unsigned long evalue, } -/* Return the parameters of the curve NAME. */ +/* Return the parameters of the curve NAME in an MPI array. */ static gcry_err_code_t ecc_get_param (const char *name, gcry_mpi_t *pkey) { @@ -1107,6 +1107,29 @@ ecc_get_param (const char *name, gcry_mpi_t *pkey) } +/* Return the parameters of the curve NAME as an S-expression. */ +static gcry_sexp_t +ecc_get_param_sexp (const char *name) +{ + gcry_mpi_t pkey[6]; + gcry_sexp_t result; + int i; + + if (ecc_get_param (name, pkey)) + return NULL; + + if (gcry_sexp_build (&result, NULL, + "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)))", + pkey[0], pkey[1], pkey[2], pkey[3], pkey[4])) + result = NULL; + + for (i=0; pkey[i]; i++) + gcry_mpi_release (pkey[i]); + + return result; +} + + /* Return the name matching the parameters in PKEY. */ static const char * ecc_get_curve (gcry_mpi_t *pkey, int iterator, unsigned int *r_nbits) @@ -1759,5 +1782,6 @@ pk_extra_spec_t _gcry_pubkey_extraspec_ecdsa = ecc_generate_ext, compute_keygrip, ecc_get_param, - ecc_get_curve + ecc_get_curve, + ecc_get_param_sexp }; diff --git a/cipher/pubkey.c b/cipher/pubkey.c index b4ac214..1e30717 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -1,5 +1,5 @@ /* pubkey.c - pubkey dispatcher - * Copyright (C) 1998, 1999, 2000, 2002, 2003, 2005, + * Copyright (C) 1998, 1999, 2000, 2002, 2003, 2005, * 2007, 2008, 2011 Free Software Foundation, Inc. * * This file is part of Libgcrypt. @@ -55,7 +55,7 @@ static struct pubkey_table_entry gcry_pk_spec_t *pubkey; pk_extra_spec_t *extraspec; unsigned int algorithm; - int fips_allowed; + int fips_allowed; } pubkey_table[] = { #if USE_RSA @@ -199,7 +199,7 @@ pk_register_default (void) { gcry_err_code_t err = 0; int i; - + for (i = 0; (! err) && pubkey_table[i].pubkey; i++) { #define pubkey_use_dummy(func) \ @@ -217,8 +217,8 @@ pk_register_default (void) err = _gcry_module_add (&pubkeys_registered, pubkey_table[i].algorithm, - (void *) pubkey_table[i].pubkey, - (void *) pubkey_table[i].extraspec, + (void *) pubkey_table[i].pubkey, + (void *) pubkey_table[i].extraspec, NULL); } @@ -242,7 +242,7 @@ gcry_pk_lookup_func_name (void *spec, void *data) } /* Internal function. Lookup a pubkey entry by it's name. */ -static gcry_module_t +static gcry_module_t gcry_pk_lookup_name (const char *name) { gcry_module_t pubkey; @@ -271,8 +271,8 @@ _gcry_pk_register (gcry_pk_spec_t *pubkey, ath_mutex_lock (&pubkeys_registered_lock); err = _gcry_module_add (&pubkeys_registered, 0, - (void *) pubkey, - (void *)(extraspec? extraspec : &dummy_extra_spec), + (void *) pubkey, + (void *)(extraspec? extraspec : &dummy_extra_spec), &mod); ath_mutex_unlock (&pubkeys_registered_lock); @@ -561,13 +561,13 @@ pubkey_generate (int algorithm, if (extraspec && extraspec->ext_generate) { /* Use the extended generate function. */ - ec = extraspec->ext_generate + ec = extraspec->ext_generate (algorithm, nbits, use_e, genparms, skey, retfactors, r_extrainfo); } else { /* Use the standard generate function. */ - ec = ((gcry_pk_spec_t *) pubkey->spec)->generate + ec = ((gcry_pk_spec_t *) pubkey->spec)->generate (algorithm, nbits, use_e, skey, retfactors); } _gcry_module_release (pubkey); @@ -617,7 +617,7 @@ pubkey_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data, /* Note: In fips mode DBG_CIPHER will enver evaluate to true but as an extra failsafe protection we explicitly test for fips mode - here. */ + here. */ if (DBG_CIPHER && !fips_mode ()) { log_debug ("pubkey_encrypt: algo=%d\n", algorithm); @@ -686,7 +686,7 @@ pubkey_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data, } rc = GPG_ERR_PUBKEY_ALGO; - + ready: ath_mutex_unlock (&pubkeys_registered_lock); @@ -857,7 +857,11 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, /* Clear the array for easier error cleanup. */ for (name = element_names, idx = 0; *name; name++, idx++) elements[idx] = NULL; - gcry_assert (idx >= 6); /* We know that ECC has at least 6 elements. */ + gcry_assert (idx >= 5); /* We know that ECC has at least 5 elements + (params only) or 6 (full public key). */ + if (idx == 5) + elements[5] = NULL; /* Extra clear for the params only case. */ + /* Init the array with the available curve parameters. */ for (name = element_names, idx = 0; *name && !err; name++, idx++) @@ -886,23 +890,23 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, { char *curve; gcry_mpi_t params[6]; - + for (idx = 0; idx < DIM(params); idx++) params[idx] = NULL; - + curve = _gcry_sexp_nth_string (list, 1); gcry_sexp_release (list); if (!curve) { /* No curve name given (or out of core). */ - err = GPG_ERR_INV_OBJ; + err = GPG_ERR_INV_OBJ; goto leave; } err = extraspec->get_param (curve, params); gcry_free (curve); if (err) goto leave; - + for (idx = 0; idx < DIM(params); idx++) { if (!elements[idx]) @@ -926,7 +930,7 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, err = GPG_ERR_NO_OBJ; goto leave; } - + leave: if (err) { @@ -958,6 +962,10 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, * NOTE: we look through the list to find a list beginning with * "private-key" or "public-key" - the first one found is used. * + * If OVERRIDE_ELEMS is not NULL those elems override the parameter + * specification taken from the module. This ise used by + * gcry_pk_get_curve. + * * Returns: A pointer to an allocated array of MPIs if the return value is * zero; the caller has to release this array. * @@ -973,8 +981,8 @@ sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, * The are expected to be in GCRYMPI_FMT_USG */ static gcry_err_code_t -sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray, - gcry_module_t *retalgo) +sexp_to_key (gcry_sexp_t sexp, int want_private, const char *override_elems, + gcry_mpi_t **retarray, gcry_module_t *retalgo) { gcry_err_code_t err = 0; gcry_sexp_t list, l2; @@ -987,7 +995,7 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray, int is_ecc; /* Check that the first element is valid. */ - list = gcry_sexp_find_token (sexp, + list = gcry_sexp_find_token (sexp, want_private? "private-key":"public-key", 0); if (!list) return GPG_ERR_INV_OBJ; /* Does not contain a key object. */ @@ -1005,18 +1013,18 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray, ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name); ath_mutex_unlock (&pubkeys_registered_lock); - + /* Fixme: We should make sure that an ECC key is always named "ecc" and not "ecdsa". "ecdsa" should be used for the signature itself. We need a function to test whether an algorithm given with a key is compatible with an application of the key (signing, encryption). For RSA this is easy, but ECC is the first algorithm which has many flavours. */ - is_ecc = ( !strcmp (name, "ecdsa") + is_ecc = ( !strcmp (name, "ecdsa") || !strcmp (name, "ecdh") || !strcmp (name, "ecc") ); gcry_free (name); - + if (!module) { gcry_sexp_release (list); @@ -1028,7 +1036,12 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray, extraspec = module->extraspec; } - elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey; + if (override_elems) + elems = override_elems; + else if (want_private) + elems = pubkey->elements_skey; + else + elems = pubkey->elements_pkey; array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); if (!array) err = gpg_err_code_from_errno (errno); @@ -1039,9 +1052,9 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray, else err = sexp_elements_extract (list, elems, array, pubkey->name); } - + gcry_sexp_release (list); - + if (err) { gcry_free (array); @@ -1055,7 +1068,7 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray, *retarray = array; *retalgo = module; } - + return err; } @@ -1071,7 +1084,7 @@ sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_mpi_t *array; gcry_module_t module; gcry_pk_spec_t *pubkey; - + /* Check that the first element is valid. */ list = gcry_sexp_find_token( sexp, "sig-val" , 0 ); if (!list) @@ -1090,7 +1103,7 @@ sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_sexp_release (l2); return GPG_ERR_INV_OBJ; /* Invalid structure of object. */ } - else if (!strcmp (name, "flags")) + else if (!strcmp (name, "flags")) { /* Skip flags, since they are not used but here just for the sake of consistent S-expressions. */ @@ -1104,7 +1117,7 @@ sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, } name = _gcry_sexp_nth_string (l2, 0); } - + ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name); ath_mutex_unlock (&pubkeys_registered_lock); @@ -1136,7 +1149,7 @@ sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); - + gcry_free (array); } else @@ -1144,7 +1157,7 @@ sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, *retarray = array; *retalgo = module; } - + return err; } @@ -1200,13 +1213,13 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, err = GPG_ERR_INV_OBJ; /* Invalid structure of object. */ goto leave; } - + if (!strcmp (name, "flags")) { /* There is a flags element - process it. */ const char *s; int i; - + *ret_modern = 1; for (i = gcry_sexp_length (l2) - 1; i > 0; i--) { @@ -1225,7 +1238,7 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, goto leave; } } - + /* Get the next which has the actual data. */ gcry_sexp_release (l2); l2 = gcry_sexp_nth (list, 2); @@ -1252,7 +1265,7 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name); ath_mutex_unlock (&pubkeys_registered_lock); - + if (!module) { err = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ @@ -1296,7 +1309,7 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, passing to the low level functions. We currently support the old style way of passing just a MPI and the modern interface which allows to pass flags so that we can choose between raw and pkcs1 - padding - may be more padding options later. + padding - may be more padding options later. () or @@ -1305,11 +1318,11 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, [(hash )] [(value )] ) - + Either the VALUE or the HASH element must be present for use with signatures. VALUE is used for encryption. - NBITS is the length of the key in bits. + NBITS is the length of the key in bits. */ static gcry_err_code_t @@ -1321,12 +1334,12 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, int i; size_t n; const char *s; - int is_raw = 0, is_pkcs1 = 0, unknown_flag=0; + int is_raw = 0, is_pkcs1 = 0, unknown_flag=0; int parsed_flags = 0, dummy_flags; if (! flags) flags = &dummy_flags; - + *ret_mpi = NULL; ldata = gcry_sexp_find_token (input, "data", 0); if (!ldata) @@ -1378,7 +1391,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, rc = GPG_ERR_INV_OBJ; } else if (is_pkcs1 && lvalue && for_encryption) - { + { /* Create pkcs#1 block type 2 padding. */ unsigned char *frame = NULL; size_t nframe = (nbits+7) / 8; @@ -1408,7 +1421,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, { int j, k; unsigned char *pp; - + /* Count the zero bytes. */ for (j=k=0; j < i; j++) { @@ -1417,7 +1430,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, } if (!k) break; /* Okay: no (more) zero bytes. */ - + k += k/128 + 3; /* Better get some more. */ pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM); for (j=0; j < i && k; ) @@ -1432,7 +1445,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, memcpy (frame+n, p, i); n += i; gcry_free (p); - + frame[n++] = 0; memcpy (frame+n, value, valuelen); n += valuelen; @@ -1445,7 +1458,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, gcry_free(frame); } else if (is_pkcs1 && lhash && !for_encryption) - { + { /* Create pkcs#1 block type 1 padding. */ if (gcry_sexp_length (lhash) != 3) rc = GPG_ERR_INV_OBJ; @@ -1453,7 +1466,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, rc = GPG_ERR_INV_OBJ; else { - static struct { const char *name; int algo; } hashnames[] = + static struct { const char *name; int algo; } hashnames[] = { { "sha1", GCRY_MD_SHA1 }, { "md5", GCRY_MD_MD5 }, { "sha256", GCRY_MD_SHA256 }, @@ -1475,7 +1488,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, const void * value; size_t valuelen; size_t asnlen, dlen; - + for (i=0; hashnames[i].name; i++) { if ( strlen (hashnames[i].name) == n @@ -1546,17 +1559,17 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, memcpy (frame+n, value, valuelen ); n += valuelen; gcry_assert (n == nframe); - + /* Convert it into an MPI. FIXME: error checking? */ gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe); } - + gcry_free (frame); } } else rc = GPG_ERR_CONFLICT; - + gcry_sexp_release (ldata); gcry_sexp_release (lhash); gcry_sexp_release (lvalue); @@ -1570,16 +1583,16 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, /* Do a PK encrypt operation - + Caller has to provide a public key as the SEXP pkey and data as a SEXP with just one MPI in it. Alternatively S_DATA might be a complex S-Expression, similar to the one used for signature verification. This provides a flag which allows to handle PKCS#1 block type 2 padding. The function returns a a sexp which may be passed to to pk_decrypt. - + Returns: 0 or an errorcode. - + s_data = See comment for sexp_data_to_mpi s_pkey = r_ciph = (enc-val @@ -1605,7 +1618,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) REGISTER_DEFAULT_PUBKEYS; /* Get the key. */ - rc = sexp_to_key (s_pkey, 0, &pkey, &module); + rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module); if (rc) goto leave; @@ -1620,9 +1633,9 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) algo_name = pubkey->aliases? *pubkey->aliases : NULL; if (!algo_name || !*algo_name) algo_name = pubkey->name; - + algo_elems = pubkey->elements_enc; - + /* Get the stuff we want to encrypt. */ rc = sexp_data_to_mpi (s_data, gcry_pk_get_nbits (s_pkey), &data, 1, &flags); @@ -1649,7 +1662,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) size_t nelem = strlen (algo_elems); size_t needed = 19 + strlen (algo_name) + (nelem * 5); void **arg_list; - + /* Build the string. */ string = p = gcry_malloc (needed); if (!string) @@ -1666,7 +1679,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) p = stpcpy ( p, "%m)" ); } strcpy ( p, "))" ); - + /* And now the ugly part: We don't have a function to pass an * array to a format string, so we have to do it this way :-(. */ /* FIXME: There is now such a format specifier, so we can @@ -1680,7 +1693,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) for (i = 0; i < nelem; i++) arg_list[i] = ciph + i; - + rc = gcry_sexp_build_array (r_ciph, NULL, string, arg_list); free (arg_list); if (rc) @@ -1711,18 +1724,18 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) return gcry_error (rc); } -/* +/* Do a PK decrypt operation - + Caller has to provide a secret key as the SEXP skey and data in a format as created by gcry_pk_encrypt. For historic reasons the function returns simply an MPI as an S-expression part; this is deprecated and the new method should be used which returns a real S-expressionl this is selected by adding at least an empty flags list to S_DATA. - + Returns: 0 or an errorcode. - + s_data = (enc-val [(flags)] ( @@ -1733,7 +1746,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) s_skey = r_plain= Either an incomplete S-expression without the parentheses or if the flags list is used (even if empty) a real S-expression: - (value PLAIN). + (value PLAIN). */ gcry_error_t gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) @@ -1748,14 +1761,14 @@ gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (s_skey, 1, &skey, &module_key); + rc = sexp_to_key (s_skey, 1, NULL, &skey, &module_key); if (rc) goto leave; rc = sexp_to_enc (s_data, &data, &module_enc, &modern, &want_pkcs1, &flags); if (rc) goto leave; - + if (module_key->mod_id != module_enc->mod_id) { rc = GPG_ERR_CONFLICT; /* Key algo does not match data algo. */ @@ -1770,7 +1783,7 @@ gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) if (gcry_sexp_build (r_plain, NULL, modern? "(value %m)" : "%m", plain)) BUG (); - + leave: if (skey) { @@ -1804,29 +1817,29 @@ gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) /* Create a signature. - + Caller has to provide a secret key as the SEXP skey and data expressed as a SEXP list hash with only one element which should instantly be available as a MPI. Alternatively the structure given below may be used for S_HASH, it provides the abiliy to pass flags to the operation; the only flag defined by now is "pkcs1" which does PKCS#1 block type 1 style padding. - + Returns: 0 or an errorcode. In case of 0 the function returns a new SEXP with the signature value; the structure of this signature depends on the other arguments but is always suitable to be passed to gcry_pk_verify - + s_hash = See comment for sexp_data_to_mpi - + s_skey = r_sig = (sig-val ( ( ) ... ( )) - [(hash algo)]) + [(hash algo)]) Note that (hash algo) in R_SIG is not used. */ @@ -1844,7 +1857,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (s_skey, 1, &skey, &module); + rc = sexp_to_key (s_skey, 1, NULL, &skey, &module); if (rc) goto leave; @@ -1853,7 +1866,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) algo_name = pubkey->aliases? *pubkey->aliases : NULL; if (!algo_name || !*algo_name) algo_name = pubkey->name; - + algo_elems = pubkey->elements_sig; /* Get the stuff we want to sign. Note that pk_get_nbits does also @@ -1879,7 +1892,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) void **arg_list; nelem = strlen (algo_elems); - + /* Count elements, so that we can allocate enough space. */ needed += 10 * nelem; @@ -1952,8 +1965,8 @@ gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) gcry_err_code_t rc; REGISTER_DEFAULT_PUBKEYS; - - rc = sexp_to_key (s_pkey, 0, &pkey, &module_key); + + rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module_key); if (rc) goto leave; @@ -2009,9 +2022,9 @@ gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) This may be used either for a public or a secret key to see whether the internal structure is okay. - + Returns: 0 or an errorcode. - + s_key = */ gcry_error_t gcry_pk_testkey (gcry_sexp_t s_key) @@ -2019,11 +2032,11 @@ gcry_pk_testkey (gcry_sexp_t s_key) gcry_module_t module = NULL; gcry_mpi_t *key = NULL; gcry_err_code_t rc; - + REGISTER_DEFAULT_PUBKEYS; /* Note we currently support only secret key checking. */ - rc = sexp_to_key (s_key, 1, &key, &module); + rc = sexp_to_key (s_key, 1, NULL, &key, &module); if (! rc) { rc = pubkey_check_secret_key (module->mod_id, key); @@ -2116,7 +2129,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) rc = GPG_ERR_INV_OBJ; /* Algo string missing. */ goto leave; } - + ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name); ath_mutex_unlock (&pubkeys_registered_lock); @@ -2127,7 +2140,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ goto leave; } - + pubkey = (gcry_pk_spec_t *) module->spec; algo = module->mod_id; algo_name = pubkey->aliases? *pubkey->aliases : NULL; @@ -2181,11 +2194,11 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) nbits = (unsigned int)strtoul (buf, NULL, 0); gcry_sexp_release (l2); l2 = NULL; } - else + else nbits = 0; /* Pass control to the algorithm module. */ - rc = pubkey_generate (module->mod_id, nbits, use_e, list, skey, + rc = pubkey_generate (module->mod_id, nbits, use_e, list, skey, &factors, &extrainfo); gcry_sexp_release (list); list = NULL; if (rc) @@ -2197,7 +2210,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) size_t nelem=0, nelem_cp = 0, needed=0; gcry_mpi_t mpis[30]; int percent_s_idx = -1; - + /* Estimate size of format string. */ nelem = strlen (pub_elems) + strlen (sec_elems); if (factors) @@ -2320,7 +2333,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) release_mpi_array ( factors ); gcry_free (factors); } - + gcry_sexp_release (l3); gcry_sexp_release (l2); gcry_sexp_release (list); @@ -2336,7 +2349,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) } -/* +/* Get the number of nbits from the public key. Hmmm: Should we have really this function or is it better to have a @@ -2352,15 +2365,15 @@ gcry_pk_get_nbits (gcry_sexp_t key) REGISTER_DEFAULT_PUBKEYS; - rc = sexp_to_key (key, 0, &keyarr, &module); + rc = sexp_to_key (key, 0, NULL, &keyarr, &module); if (rc == GPG_ERR_INV_OBJ) - rc = sexp_to_key (key, 1, &keyarr, &module); + rc = sexp_to_key (key, 1, NULL, &keyarr, &module); if (rc) return 0; /* Error - 0 is a suitable indication for that. */ pubkey = (gcry_pk_spec_t *) module->spec; nbits = (*pubkey->get_nbits) (module->mod_id, keyarr); - + ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); @@ -2427,7 +2440,7 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) elems = pubkey->elements_grip; if (!elems) goto fail; /* No grip parameter. */ - + if (gcry_md_open (&md, GCRY_MD_SHA1, 0)) goto fail; @@ -2445,14 +2458,14 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) const char *data; size_t datalen; char buf[30]; - + l2 = gcry_sexp_find_token (list, s, 1); if (! l2) goto fail; data = gcry_sexp_nth_data (l2, 1, &datalen); if (! data) goto fail; - + snprintf (buf, sizeof buf, "(1:%c%u:", *s, (unsigned int)datalen); gcry_md_write (md, buf, strlen (buf)); gcry_md_write (md, data, datalen); @@ -2460,7 +2473,7 @@ gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) gcry_md_write (md, ")", 1); } } - + if (!array) { array = gcry_malloc (20); @@ -2522,8 +2535,10 @@ gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) if (!name) goto leave; /* Invalid structure of object. */ - /* Get the key. */ - if (sexp_to_key (key, want_private, &pkey, &module)) + /* Get the key. We pass the names of the parameters for + override_elems; this allows to call this function without the + actual public key parameter. */ + if (sexp_to_key (key, want_private, "pabgn", &pkey, &module)) goto leave; } else @@ -2559,6 +2574,35 @@ gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) } + +gcry_sexp_t +gcry_pk_get_param (int algo, const char *name) +{ + gcry_module_t module = NULL; + pk_extra_spec_t *extraspec; + gcry_sexp_t result = NULL; + + if (algo != GCRY_PK_ECDSA && algo != GCRY_PK_ECDH) + return NULL; + + REGISTER_DEFAULT_PUBKEYS; + + ath_mutex_lock (&pubkeys_registered_lock); + module = gcry_pk_lookup_name ("ecc"); + ath_mutex_unlock (&pubkeys_registered_lock); + if (module) + { + extraspec = module->extraspec; + if (extraspec && extraspec->get_curve_param) + result = extraspec->get_curve_param (name); + + ath_mutex_lock (&pubkeys_registered_lock); + _gcry_module_release (module); + ath_mutex_unlock (&pubkeys_registered_lock); + } + return result; +} + gcry_error_t @@ -2602,7 +2646,7 @@ gcry_pk_ctl (int cmd, void *buffer, size_t buflen) returns 0. Disabled algos are ignored here because we only want to know whether the algo is at all capable of the usage. - + Note: Because this function is in most cases used to return an integer value, we can make it easier for the caller to just look at the return value. The caller will in all cases consult the value @@ -2765,7 +2809,7 @@ _gcry_pk_selftest (int algo, int extended, selftest_report_func_t report) { ec = GPG_ERR_PUBKEY_ALGO; if (report) - report ("pubkey", algo, "module", + report ("pubkey", algo, "module", module && !(module->flags & FLAG_MODULE_DISABLED)? "no selftest available" : module? "algorithm disabled" : "algorithm not found"); @@ -2814,7 +2858,7 @@ _gcry_pk_get_elements (int algo, char **enc, char **sig) goto out; } } - + if (sig) { sig_cp = strdup (spec->elements_sig); diff --git a/src/ChangeLog b/src/ChangeLog index b59f1c1..1a0910b 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,9 +1,11 @@ 2011-02-01 Werner Koch - * libgcrypt.vers (gcry_pk_get_curve): Add. - * libgcrypt.def (gcry_pk_get_curve): Add. - * visibility.c (gcry_pk_get_curve): New. - * cipher-proto.h (pk_extra_spec): Add field GET_CURVE. + * gcrypt.h.in (gcry_pk_get_curve, gcry_pk_get_param): New. + * libgcrypt.vers (gcry_pk_get_curve, gcry_pk_get_param): Add. + * libgcrypt.def (gcry_pk_get_curve, gcry_pk_get_param): Add. + * visibility.c (gcry_pk_get_curve, gcry_pk_get_param): New. + * cipher-proto.h (pk_extra_spec): Add fields GET_CURVE and + GET_CURVE_PARM. 2011-01-31 Werner Koch @@ -2226,9 +2228,9 @@ Tue Dec 8 13:15:16 CET 1998 Werner Koch * gcrypt.h: New * mpiapi.c: New - + Copyright (C) 1998,1999,2000,2001,2002,2003 - 2004, 2005, 2008, 2009 Free Software Foundation, Inc. + 2004, 2005, 2008, 2009, 2011 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/src/cipher-proto.h b/src/cipher-proto.h index ea7a70d..e936eea 100644 --- a/src/cipher-proto.h +++ b/src/cipher-proto.h @@ -61,6 +61,9 @@ typedef gcry_err_code_t (*pk_get_param_t) typedef const char *(*pk_get_curve_t)(gcry_mpi_t *pkey, int iterator, unsigned int *r_nbits); +/* The type used to query ECC curve parameters by name. */ +typedef gcry_sexp_t (*pk_get_curve_param_t)(const char *name); + /* The type used to convey additional information to a cipher. */ typedef gpg_err_code_t (*cipher_set_extra_info_t) (void *c, int what, const void *buffer, size_t buflen); @@ -87,6 +90,7 @@ typedef struct pk_extra_spec pk_comp_keygrip_t comp_keygrip; pk_get_param_t get_param; pk_get_curve_t get_curve; + pk_get_curve_param_t get_curve_param; } pk_extra_spec_t; diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 2509978..1b32de0 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1,6 +1,6 @@ /* gcrypt.h - GNU Cryptographic Library Interface -*- c -*- Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2006 - 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. This file is part of Libgcrypt. @@ -1041,6 +1041,10 @@ unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array); const char *gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits); +/* Return an S-expression with the parameters of the named ECC curve + NAME. ALGO must be set to an ECC algorithm. */ +gcry_sexp_t gcry_pk_get_param (int algo, const char *name); + /* Return 0 if the public key algorithm A is available for use. */ #define gcry_pk_test_algo(a) \ gcry_pk_algo_info( (a), GCRYCTL_TEST_ALGO, NULL, NULL ) diff --git a/src/libgcrypt.def b/src/libgcrypt.def index 55ff877..3db4cb5 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -234,3 +234,4 @@ EXPORTS gcry_mpi_lshift @191 gcry_pk_get_curve @192 + gcry_pk_get_param @193 diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 4670436..f2a3513 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -57,7 +57,7 @@ GCRYPT_1.2 { gcry_pk_get_keygrip; gcry_pk_get_nbits; gcry_pk_list; gcry_pk_map_name; gcry_pk_register; gcry_pk_sign; gcry_pk_testkey; gcry_pk_unregister; gcry_pk_verify; - gcry_pk_get_curve; + gcry_pk_get_curve; gcry_pk_get_param; gcry_ac_data_new; gcry_ac_data_destroy; gcry_ac_data_copy; gcry_ac_data_length; gcry_ac_data_clear; gcry_ac_data_set; diff --git a/src/visibility.c b/src/visibility.c index fe6d9bd..c4fd09d 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -748,6 +748,17 @@ gcry_pk_get_curve (gcry_sexp_t key, int iterator, unsigned int *r_nbits) return _gcry_pk_get_curve (key, iterator, r_nbits); } +gcry_sexp_t +gcry_pk_get_param (int algo, const char *name) +{ + if (!fips_is_operational ()) + { + (void)fips_not_operational (); + return NULL; + } + return _gcry_pk_get_param (algo, name); +} + gcry_error_t gcry_pk_list (int *list, int *list_length) { diff --git a/src/visibility.h b/src/visibility.h index 0b0219d..cf5a3ff 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -104,6 +104,7 @@ #define gcry_pk_genkey _gcry_pk_genkey #define gcry_pk_get_keygrip _gcry_pk_get_keygrip #define gcry_pk_get_curve _gcry_pk_get_curve +#define gcry_pk_get_param _gcry_pk_get_param #define gcry_pk_get_nbits _gcry_pk_get_nbits #define gcry_pk_list _gcry_pk_list #define gcry_pk_map_name _gcry_pk_map_name @@ -360,6 +361,7 @@ void gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n); #undef gcry_pk_genkey #undef gcry_pk_get_keygrip #undef gcry_pk_get_curve +#undef gcry_pk_get_param #undef gcry_pk_get_nbits #undef gcry_pk_list #undef gcry_pk_map_name @@ -571,6 +573,7 @@ MARK_VISIBLE (gcry_pk_encrypt) MARK_VISIBLE (gcry_pk_genkey) MARK_VISIBLE (gcry_pk_get_keygrip) MARK_VISIBLE (gcry_pk_get_curve) +MARK_VISIBLE (gcry_pk_get_param) MARK_VISIBLE (gcry_pk_get_nbits) MARK_VISIBLE (gcry_pk_list) MARK_VISIBLE (gcry_pk_map_name) diff --git a/tests/curves.c b/tests/curves.c index dcf501a..16240c5 100644 --- a/tests/curves.c +++ b/tests/curves.c @@ -150,6 +150,40 @@ check_matching (void) } +static void +check_get_params (void) +{ + gcry_sexp_t param; + const char *name; + + param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_1_curve); + if (!param) + fail ("error gerring parameters for `%s'\n", sample_key_1_curve); + + name = gcry_pk_get_curve (param, 0, NULL); + if (!name) + fail ("get_param: curve name not found for sample_key_1\n"); + else if (strcmp (name, sample_key_1_curve)) + fail ("get_param: expected curve name %s but got %s for sample_key_1\n", + sample_key_1_curve, name); + + gcry_sexp_release (param); + + + param = gcry_pk_get_param (GCRY_PK_ECDSA, sample_key_2_curve); + if (!param) + fail ("error gerring parameters for `%s'\n", sample_key_2_curve); + + name = gcry_pk_get_curve (param, 0, NULL); + if (!name) + fail ("get_param: curve name not found for sample_key_2\n"); + else if (strcmp (name, sample_key_2_curve)) + fail ("get_param: expected curve name %s but got %s for sample_key_2\n", + sample_key_2_curve, name); + + gcry_sexp_release (param); +} + int main (int argc, char **argv) @@ -170,6 +204,7 @@ main (int argc, char **argv) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); list_curves (); check_matching (); + check_get_params (); return error_count ? 1 : 0; } ----------------------------------------------------------------------- Summary of changes: NEWS | 5 +- cipher/ChangeLog | 4 + cipher/ecc.c | 28 ++++++- cipher/pubkey.c | 248 ++++++++++++++++++++++++++++++--------------------- src/ChangeLog | 14 ++-- src/cipher-proto.h | 4 + src/gcrypt.h.in | 6 +- src/libgcrypt.def | 1 + src/libgcrypt.vers | 2 +- src/visibility.c | 11 +++ src/visibility.h | 3 + tests/curves.c | 35 ++++++++ 12 files changed, 247 insertions(+), 114 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 13:49:23 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 02 Feb 2011 13:49:23 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.1-22-g1875301 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 1875301d3a5a61e79097e0cd20e1ef8900e7515a (commit) from 88d8aea1614fcf1f549d85c0a6a0082dcd6a9787 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1875301d3a5a61e79097e0cd20e1ef8900e7515a Author: Marcus Brinkmann Date: Wed Feb 2 13:28:22 2011 +0100 Extend system hooks table by socket and connect functions. 2011-02-02 Marcus Brinkmann * assuan-defs.h (_assuan_socket, _assuan_connect): New prototypes. * assuan.h.in (ASSUAN_SYSTEM_HOOKS_VERSION): Bumped to 2. (struct assuan_system_hooks): Add socket and connect members. (__assuan_socket, __assuan_connect): New prototypes. (_ASSUAN_SYSTEM_PTH_IMPL): Add socket and connect members. * assuan-socket-connect.c (assuan_socket_connect): Call _assuan_socket and _assuan_connect instead _assuan_sock_new and _assuan_sock_connect. (libassuan.def, libassuan.vers): Add __assuan_socket and __assuan_connect. * system.c (_assuan_system_hooks_copy): Initialize destination from system hooks, so we don't get any NULL pointers if there is a version mismatch. Support version 2 of the system hook structure. (_assuan_socket, _assuan_connect): New functions. * system-posix.c (__assuan_socket, __assuan_connect): New functions. (_assuan_system_hooks): Add __assuan_socketm, __assuan_connect. * system-w32.c (__assuan_socket, __assuan_connect): New functions. (_assuan_system_hooks): Add __assuan_socketm, __assuan_connect. * system-w32ce.c (__assuan_socket, __assuan_connect): New functions. (_assuan_system_hooks): Add __assuan_socketm, __assuan_connect. diff --git a/NEWS b/NEWS index 4f4cd5b..2affd80 100644 --- a/NEWS +++ b/NEWS @@ -7,10 +7,15 @@ Noteworthy changes in version 2.0.2 * The gpgcedev.c driver now provides a log device. + * It is now possible to overwrite socket and connect functions in + struct assuan_system_hooks. + * Interface changes relative to the 2.0.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ASSUAN_CONVEY_COMMENTS NEW. ASSUAN_NO_LOGGING NEW. + assuan_system_hooks_t CHANGED: Added socket and connect members. + ASSUAN_SYSTEM_HOOKS_VERSION CHANGED: Bumped to 2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/src/ChangeLog b/src/ChangeLog index 2199e24..7f0d32f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,26 @@ +2011-02-02 Marcus Brinkmann + + * assuan-defs.h (_assuan_socket, _assuan_connect): New prototypes. + * assuan.h.in (ASSUAN_SYSTEM_HOOKS_VERSION): Bumped to 2. + (struct assuan_system_hooks): Add socket and connect members. + (__assuan_socket, __assuan_connect): New prototypes. + (_ASSUAN_SYSTEM_PTH_IMPL): Add socket and connect members. * + assuan-socket-connect.c (assuan_socket_connect): Call + _assuan_socket and _assuan_connect instead _assuan_sock_new and + _assuan_sock_connect. + (libassuan.def, libassuan.vers): Add __assuan_socket and + __assuan_connect. + * system.c (_assuan_system_hooks_copy): Initialize destination + from system hooks, so we don't get any NULL pointers if there is a + version mismatch. Support version 2 of the system hook structure. + (_assuan_socket, _assuan_connect): New functions. + * system-posix.c (__assuan_socket, __assuan_connect): New functions. + (_assuan_system_hooks): Add __assuan_socketm, __assuan_connect. + * system-w32.c (__assuan_socket, __assuan_connect): New functions. + (_assuan_system_hooks): Add __assuan_socketm, __assuan_connect. + * system-w32ce.c (__assuan_socket, __assuan_connect): New functions. + (_assuan_system_hooks): Add __assuan_socketm, __assuan_connect. + 2010-12-20 Werner Koch * gpgcedev.c (pipeimpl_new): Check malloc and CreateEvent return diff --git a/src/assuan-defs.h b/src/assuan-defs.h index 4a25568..88863eb 100644 --- a/src/assuan-defs.h +++ b/src/assuan-defs.h @@ -259,6 +259,9 @@ pid_t _assuan_waitpid (assuan_context_t ctx, pid_t pid, int nowait, int *status, int options); int _assuan_socketpair (assuan_context_t ctx, int namespace, int style, int protocol, assuan_fd_t filedes[2]); +int _assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol); +int _assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, + socklen_t length); extern struct assuan_system_hooks _assuan_system_hooks; diff --git a/src/assuan-socket-connect.c b/src/assuan-socket-connect.c index fa3db4b..609813d 100644 --- a/src/assuan-socket-connect.c +++ b/src/assuan-socket-connect.c @@ -251,7 +251,7 @@ assuan_socket_connect (assuan_context_t ctx, const char *name, return err; } - fd = _assuan_sock_new (ctx, pf, SOCK_STREAM, 0); + fd = _assuan_socket (ctx, pf, SOCK_STREAM, 0); if (fd == ASSUAN_INVALID_FD) { err = _assuan_error (ctx, gpg_err_code_from_syserror ()); @@ -260,7 +260,7 @@ assuan_socket_connect (assuan_context_t ctx, const char *name, return err; } - if (_assuan_sock_connect (ctx, fd, srvr_addr, len) == -1) + if (_assuan_connect (ctx, fd, srvr_addr, len) == -1) { TRACE2 (ctx, ASSUAN_LOG_SYSIO, "assuan_socket_connect", ctx, "can't connect to `%s': %s\n", name, strerror (errno)); diff --git a/src/assuan.h.in b/src/assuan.h.in index ea91973..baf5594 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -202,7 +202,7 @@ void assuan_set_io_monitor (assuan_context_t ctx, assuan_io_monitor_t io_monitor, void *hook_data); -#define ASSUAN_SYSTEM_HOOKS_VERSION 1 +#define ASSUAN_SYSTEM_HOOKS_VERSION 2 #define ASSUAN_SPAWN_DETACHED 128 struct assuan_system_hooks { @@ -245,6 +245,8 @@ struct assuan_system_hooks int action, int *status, int options); int (*socketpair) (assuan_context_t ctx, int _namespace, int style, int protocol, assuan_fd_t filedes[2]); + int (*socket) (assuan_context_t ctx, int namespace, int style, int protocol); + int (*connect) (assuan_context_t ctx, int sock, struct sockaddr *addr, socklen_t length); }; typedef struct assuan_system_hooks *assuan_system_hooks_t; @@ -470,6 +472,8 @@ int __assuan_spawn (assuan_context_t ctx, pid_t *r_pid, const char *name, void *atforkvalue, unsigned int flags); int __assuan_socketpair (assuan_context_t ctx, int _namespace, int style, int protocol, assuan_fd_t filedes[2]); +int __assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol); +int __assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, socklen_t length); #define ASSUAN_SYSTEM_PTH_IMPL \ @@ -492,7 +496,8 @@ int __assuan_socketpair (assuan_context_t ctx, int _namespace, int style, { ASSUAN_SYSTEM_HOOKS_VERSION, _assuan_pth_usleep, __assuan_pipe, \ __assuan_close, _assuan_pth_read, _assuan_pth_write, \ _assuan_pth_recvmsg, _assuan_pth_sendmsg, \ - __assuan_spawn, _assuan_pth_waitpid, __assuan_socketpair } + __assuan_spawn, _assuan_pth_waitpid, __assuan_socketpair, \ + __assuan_socket, __assuan_connect } extern struct assuan_system_hooks _assuan_system_pth; #define ASSUAN_SYSTEM_PTH &_assuan_system_pth diff --git a/src/libassuan.def b/src/libassuan.def index 59aba41..a2e7b61 100644 --- a/src/libassuan.def +++ b/src/libassuan.def @@ -101,6 +101,8 @@ EXPORTS assuan_free @80 _assuan_w32ce_prepare_pipe @81 _assuan_w32ce_finish_pipe @82 + __assuan_socket @83 + __assuan_connect @84 ; END diff --git a/src/libassuan.vers b/src/libassuan.vers index b91d8e4..b14a940 100644 --- a/src/libassuan.vers +++ b/src/libassuan.vers @@ -20,6 +20,12 @@ # Please remember to add new functions also to libassuan.def #----------------------------------------------------------- +LIBASSUAN_1.1 { + global: + __assuan_socket; + __assuan_connect; +}; + LIBASSUAN_1.0 { global: assuan_accept; diff --git a/src/system-posix.c b/src/system-posix.c index e36767a..68294c0 100644 --- a/src/system-posix.c +++ b/src/system-posix.c @@ -321,6 +321,21 @@ __assuan_socketpair (assuan_context_t ctx, int namespace, int style, } +int +__assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol) +{ + return socket (namespace, style, protocol); +} + + +int +__assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, + socklen_t length) +{ + return connect (sock, addr, length); +} + + /* The default system hooks for assuan contexts. */ struct assuan_system_hooks _assuan_system_hooks = @@ -335,5 +350,7 @@ struct assuan_system_hooks _assuan_system_hooks = __assuan_sendmsg, __assuan_spawn, __assuan_waitpid, - __assuan_socketpair + __assuan_socketpair, + __assuan_socket, + __assuan_connect }; diff --git a/src/system-w32.c b/src/system-w32.c index 5c11114..539d34e 100644 --- a/src/system-w32.c +++ b/src/system-w32.c @@ -514,6 +514,21 @@ __assuan_socketpair (assuan_context_t ctx, int namespace, int style, return -1; } + +int +__assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol) +{ + return _assuan_sock_new (ctx, namespace, style, protocol); +} + + +int +__assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, + socklen_t length) +{ + return _assuan_sock_connect (ctx, sock, addr, length); +} + /* The default system hooks for assuan contexts. */ struct assuan_system_hooks _assuan_system_hooks = @@ -528,5 +543,7 @@ struct assuan_system_hooks _assuan_system_hooks = __assuan_sendmsg, __assuan_spawn, __assuan_waitpid, - __assuan_socketpair + __assuan_socketpair, + __assuan_socket, + __assuan_connect }; diff --git a/src/system-w32ce.c b/src/system-w32ce.c index 6b5c3c9..da660ea 100644 --- a/src/system-w32ce.c +++ b/src/system-w32ce.c @@ -660,6 +660,21 @@ __assuan_socketpair (assuan_context_t ctx, int namespace, int style, } +int +__assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol) +{ + return _assuan_sock_new (ctx, namespace, style, protocol); +} + + +int +__assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, + socklen_t length) +{ + return _assuan_sock_connect (ctx, sock, addr, length); +} + + /* The default system hooks for assuan contexts. */ struct assuan_system_hooks _assuan_system_hooks = @@ -674,5 +689,7 @@ struct assuan_system_hooks _assuan_system_hooks = __assuan_sendmsg, __assuan_spawn, __assuan_waitpid, - __assuan_socketpair + __assuan_socketpair, + __assuan_socket, + __assuan_connect }; diff --git a/src/system.c b/src/system.c index 373fc5b..1fca056 100644 --- a/src/system.c +++ b/src/system.c @@ -108,8 +108,10 @@ _assuan_system_hooks_copy (assuan_system_hooks_t dst, assuan_system_hooks_t src) { - memset (dst, '\0', sizeof (*dst)); - + /* Reset the defaults. */ + if (dst != &_assuan_system_hooks) + memcpy (dst, &_assuan_system_hooks, sizeof (*dst)); + dst->version = ASSUAN_SYSTEM_HOOKS_VERSION; if (src->version >= 1) { @@ -124,7 +126,12 @@ _assuan_system_hooks_copy (assuan_system_hooks_t dst, dst->waitpid = src->waitpid; dst->socketpair = src->socketpair; } - if (src->version > 1) + if (src->version >= 2) + { + dst->socket = src->socket; + dst->connect = src->connect; + } + if (src->version > 2) /* FIXME. Application uses newer version of the library. What to do? */ ; @@ -385,3 +392,29 @@ _assuan_socketpair (assuan_context_t ctx, int namespace, int style, return TRACE_SYSERR (res); } + + +int +_assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol) +{ + int res; + TRACE_BEG3 (ctx, ASSUAN_LOG_SYSIO, "_assuan_socket", ctx, + "namespace=%i,style=%i,protocol=%i", + namespace, style, protocol); + + res = (ctx->system.socket) (ctx, namespace, style, protocol); + return TRACE_SYSRES (res); +} + + +int +_assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, socklen_t length) +{ + int res; + TRACE_BEG3 (ctx, ASSUAN_LOG_SYSIO, "_assuan_connect", ctx, + "socket=%i,addr=%p,length=%i", sock, addr, length); + + res = (ctx->system.connect) (ctx, sock, addr, length); + return TRACE_SYSRES (res); +} + ----------------------------------------------------------------------- Summary of changes: NEWS | 5 +++++ src/ChangeLog | 23 +++++++++++++++++++++++ src/assuan-defs.h | 3 +++ src/assuan-socket-connect.c | 4 ++-- src/assuan.h.in | 9 +++++++-- src/libassuan.def | 2 ++ src/libassuan.vers | 6 ++++++ src/system-posix.c | 19 ++++++++++++++++++- src/system-w32.c | 19 ++++++++++++++++++- src/system-w32ce.c | 19 ++++++++++++++++++- src/system.c | 39 ++++++++++++++++++++++++++++++++++++--- 11 files changed, 138 insertions(+), 10 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 14:13:35 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 02 Feb 2011 14:13:35 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-163-gde287a7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via de287a7996c85e6c6eb740f110df0f904d4cd867 (commit) via a2b9adafe46c55a2c26dd46163055bbdf3526835 (commit) from 1f0f033f552b5cd81f02e761a0e31eb9a2c89ab8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit de287a7996c85e6c6eb740f110df0f904d4cd867 Merge: 1f0f033 a2b9ada Author: Marcus Brinkmann Date: Wed Feb 2 13:51:42 2011 +0100 Merge commit 'a2b9adafe46c55a2c26dd46163055bbdf3526835' diff --cc src/ChangeLog index fdd3e49,fe85095..fbe92be --- a/src/ChangeLog +++ b/src/ChangeLog @@@ -1,84 -1,9 +1,90 @@@ + 2011-02-02 Marcus Brinkmann + + * w32-util.c (mkstemp): Don't use CreateFile instead of open (the + function is not used on Windows CE, and the callers were not + adjusted). + +2011-01-21 Marcus Brinkmann + + * engine-gpgconf.c (_gpgme_conf_opt_change): Fix the case that is + not self-assignment. + +2010-12-08 Werner Koch + + * gpgme-tool.c (strcpy_escaped_plus): New. + (DIM, xtoi_1, xtoi_2): New. + (cmd_keylist): Allow for multiple patterns. + +2010-11-23 Marcus Brinkmann + + * w32-io.c (create_reader, create_writer): Use small stack size on + Windows CE. + +2010-11-23 Marcus Brinkmann + + * gpgme.h.in (gpgme_conf_arg_new): Make VALUE arg const void *. + * gpgconf.c (_gpgme_conf_arg_new): Likewise. + (gpgme_conf_arg_new): Likewise. + * engine-gpgconf.c (_gpgme_conf_arg_new): Likewise. + (gpgconf_write): Remove debug hack. + +2010-11-19 Marcus Brinkmann + + * engine-gpgconf.c (_gpgme_conf_opt_change): Support + self-assignment. Requested by Marc Mutz. + +2010-11-17 Marcus Brinkmann + + * vasprintf.c (int_vasprintf) [HAVE_W32CE_SYSTEM]: Just use a + fixed size buffer, as va_copy is not easy to fake. + +2010-11-15 Marcus Brinkmann + + * w32-ce.h (strcasecmp, strdup) [_MSC_VER]: Define. + * genkey.c, passphrase.c: Include util.h. + + * w32-util.c (_gpgme_w32ce_get_debug_envvar): Fix return value. + +2010-11-15 Werner Koch + + * data-compat.c (gpgme_data_new_from_filepart) + (gpgme_data_new_from_file) [W32CE && _MSC_VER]: Return not + GPG_ERR_NOT_IMPLEMENTED. + + * w32-ce.h (HKEY_PERFORMANCE_DATA, HKEY_CURRENT_CONFIG, _IOLBF) + (abort) [_MSC_VER]: Provide these macros. + + * ath.h [W32CE && _MSC_VER]: Include winsock2.h. + + * ath.c (ath_read, ath_write) [W32CE && _MSC_VER]: Do not call + non-available functions. + +2010-11-04 Werner Koch + + * w32-ce.h [_MSC_VER && W32CE]: Undef leave. + * export.c: Include util.h so that we get the above undef. + + * memrchr.c: Remove. Used to be a replacement function required + by the formerly included assuan code. + +2010-11-03 Werner Koch + + * debug.c (_gpgme_debug) [W32CE]: Replace locatime by GetLocalTime. + + * signers.c (gpgme_signers_clear): Remove useless return. + Reported by Patrick Spendrin. + + * w32-util.c: s/__inline__/GPG_ERR_INLINE/ + + * setenv.c: Include string.h due to our strerror replacement. + + * w32-ce.h (access, bsearch): New macros. + * w32-ce.c (_gpgme_wince_access): New. + (RegQueryValueExA): Change DATA to a void*. + (_gpgme_wince_bsearch): New. Taken from glibc 2.6. + + Guard include of sys/stat.h and sys/types.h. + 2010-11-02 Werner Koch * data-fd.c (read, write, lseek) [W32CE && ! __MINGW32CE__]: New. commit a2b9adafe46c55a2c26dd46163055bbdf3526835 Author: Marcus Brinkmann Date: Wed Feb 2 13:47:53 2011 +0100 2011-02-02 Marcus Brinkmann * w32-util.c (mkstemp): Don't use CreateFile instead of open (the function is not used on Windows CE, and the callers were not adjusted). diff --git a/src/ChangeLog b/src/ChangeLog index 562d297..fe85095 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2011-02-02 Marcus Brinkmann + + * w32-util.c (mkstemp): Don't use CreateFile instead of open (the + function is not used on Windows CE, and the callers were not + adjusted). + 2010-11-02 Werner Koch * data-fd.c (read, write, lseek) [W32CE && ! __MINGW32CE__]: New. diff --git a/src/w32-util.c b/src/w32-util.c index ec2fe50..c29ff49 100644 --- a/src/w32-util.c +++ b/src/w32-util.c @@ -473,6 +473,14 @@ _gpgme_get_conf_int (const char *key, int *value) } +#ifdef HAVE_W32CE_SYSTEM +int +_gpgme_mkstemp (int *fd, char **name) +{ + return -1; +} +#else + /* mkstemp extracted from libc/sysdeps/posix/tempname.c. Copyright (C) 1991-1999, 2000, 2001, 2006 Free Software Foundation, Inc. @@ -496,7 +504,7 @@ mkstemp (char *tmpl) static uint64_t value; uint64_t random_time_bits; unsigned int count; - HANDLE fd = INVALID_HANDLE_VALUE; + int fd = -1; int save_errno = errno; /* A lower bound on the number of temporary files to attempt to @@ -552,23 +560,14 @@ mkstemp (char *tmpl) v /= 62; XXXXXX[5] = letters[v % 62]; - fd = CreateFileA (tmpl, - GENERIC_WRITE|GENERIC_READ, - FILE_SHARE_READ|FILE_SHARE_WRITE, - NULL, - CREATE_NEW, - FILE_ATTRIBUTE_NORMAL, - NULL); - if (fd != INVALID_HANDLE_VALUE) + fd = open (tmpl, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); + if (fd >= 0) { gpg_err_set_errno (save_errno); - return (int)fd; + return fd; } - else if (GetLastError () != ERROR_FILE_EXISTS) - { - gpg_err_set_errno (EIO); - return -1; - } + else if (errno != EEXIST) + return -1; } /* We got out of the loop because we ran out of combinations to try. */ @@ -613,6 +612,7 @@ _gpgme_mkstemp (int *fd, char **name) *name = tmpname; return 0; } +#endif ----------------------------------------------------------------------- Summary of changes: src/ChangeLog | 6 ++++++ src/w32-util.c | 30 +++++++++++++++--------------- 2 files changed, 21 insertions(+), 15 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 14:32:20 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 02 Feb 2011 14:32:20 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-164-g129741d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 129741d2f713305a862a1505f20738a0ce2ea656 (commit) from de287a7996c85e6c6eb740f110df0f904d4cd867 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 129741d2f713305a862a1505f20738a0ce2ea656 Author: Marcus Brinkmann Date: Wed Feb 2 14:07:05 2011 +0100 Fix Windows port (spawn and assuan engine). 2011-02-02 Marcus Brinkmann * configure.ac (NEED_LIBASSUAN_VERSION): Bump to 2.0.2 for system hooks. src/ 2011-02-02 Marcus Brinkmann * assuan-support.c (my_socket, my_connect): New functions. (_gpgme_assuan_system_hooks): Add my_Socket, my_connect. * priv-io.h (_gpgme_io_socket): New prototype. * w32-io.c (pid_to_handle, handle_to_oid, fd_to_handle): Remove macros. (is_socket): Remove function. (_gpgme_io_spawn) [HAVE_W32CE_SYSTEM]: Remove some dead code. (_gpgme_io_spawn): Translate handles before DuplicateHandle them. diff --git a/ChangeLog b/ChangeLog index 31a16b0..27e7374 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-02-02 Marcus Brinkmann + + * configure.ac (NEED_LIBASSUAN_VERSION): Bump to 2.0.2 for system hooks. + 2010-12-30 Werner Koch * configure.ac: Support a git revision. diff --git a/configure.ac b/configure.ac index 66b794c..d515d54 100644 --- a/configure.ac +++ b/configure.ac @@ -62,7 +62,7 @@ GPGME_CONFIG_API_VERSION=1 ############################################## NEED_LIBASSUAN_API=2 -NEED_LIBASSUAN_VERSION=2.0.0 +NEED_LIBASSUAN_VERSION=2.0.2 m4_define([git_brevis],m4_esyscmd(printf "%u" 0x[]m4_substr(git_revision,0,4))) diff --git a/src/ChangeLog b/src/ChangeLog index fbe92be..73a62fe 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,15 @@ 2011-02-02 Marcus Brinkmann + * assuan-support.c (my_socket, my_connect): New functions. + (_gpgme_assuan_system_hooks): Add my_Socket, my_connect. + * priv-io.h (_gpgme_io_socket): New prototype. + * w32-io.c (pid_to_handle, handle_to_oid, fd_to_handle): Remove macros. + (is_socket): Remove function. + (_gpgme_io_spawn) [HAVE_W32CE_SYSTEM]: Remove some dead code. + (_gpgme_io_spawn): Translate handles before DuplicateHandle them. + +2011-02-02 Marcus Brinkmann + * w32-util.c (mkstemp): Don't use CreateFile instead of open (the function is not used on Windows CE, and the callers were not adjusted). diff --git a/src/assuan-support.c b/src/assuan-support.c index f49ab32..5264346 100644 --- a/src/assuan-support.c +++ b/src/assuan-support.c @@ -222,6 +222,21 @@ my_socketpair (assuan_context_t ctx, int namespace, int style, } +static int +my_socket (assuan_context_t ctx, int namespace, int style, int protocol) +{ + return _gpgme_io_socket (namespace, style, protocol); +} + + +static int +my_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, + socklen_t length) +{ + return _gpgme_io_connect (sock, addr, length); +} + + struct assuan_system_hooks _gpgme_assuan_system_hooks = { ASSUAN_SYSTEM_HOOKS_VERSION, @@ -234,6 +249,8 @@ struct assuan_system_hooks _gpgme_assuan_system_hooks = my_sendmsg, my_spawn, my_waitpid, - my_socketpair + my_socketpair, + my_socket, + my_connect }; diff --git a/src/priv-io.h b/src/priv-io.h index 9c70d22..770c061 100644 --- a/src/priv-io.h +++ b/src/priv-io.h @@ -64,6 +64,7 @@ struct io_select_fd_s /* These function are either defined in posix-io.c or w32-io.c. */ void _gpgme_io_subsystem_init (void); +int _gpgme_io_socket (int namespace, int style, int protocol); int _gpgme_io_connect (int fd, struct sockaddr *addr, int addrlen); int _gpgme_io_read (int fd, void *buffer, size_t count); int _gpgme_io_write (int fd, const void *buffer, size_t count); diff --git a/src/w32-io.c b/src/w32-io.c index 168177e..10e0dad 100644 --- a/src/w32-io.c +++ b/src/w32-io.c @@ -125,9 +125,6 @@ release_fd (int fd) } -#define pid_to_handle(a) ((HANDLE)(a)) -#define handle_to_pid(a) ((int)(a)) -#define fd_to_handle(a) ((HANDLE)(a)) #define handle_to_fd(a) ((int)(a)) #define READBUF_SIZE 4096 @@ -260,40 +257,6 @@ set_synchronize (HANDLE hd) } -/* Return 1 if HD refers to a socket, 0 if it does not refer to a - socket, and -1 for unknown (autodetect). */ -static int -is_socket (HANDLE hd) -{ -#ifdef HAVE_W32CE_SYSTEM - return -1; -#else - /* We need to figure out whether we are working on a socket or on a - handle. A trivial way would be to check for the return code of - recv and see if it is WSAENOTSOCK. However the recv may block - after the server process died and thus the destroy_reader will - hang. Another option is to use getsockopt to test whether it is - a socket. The bug here is that once a socket with a certain - values has been opened, closed and later a CreatePipe returned - the same value (i.e. handle), getsockopt still believes it is a - socket. What we do now is to use a combination of GetFileType - and GetNamedPipeInfo. The specs say that the latter may be used - on anonymous pipes as well. Note that there are claims that - since winsocket version 2 ReadFile may be used on a socket but - only if it is supported by the service provider. Tests on a - stock XP using a local TCP socket show that it does not work. */ - DWORD dummyflags, dummyoutsize, dummyinsize, dummyinst; - - if (GetFileType (hd) == FILE_TYPE_PIPE - && !GetNamedPipeInfo (hd, &dummyflags, &dummyoutsize, - &dummyinsize, &dummyinst)) - return 1; /* Function failed; thus we assume it is a socket. */ - else - return 0; /* Success; this is not a socket. */ -#endif -} - - static DWORD CALLBACK reader (void *arg) { @@ -1605,11 +1568,9 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags, si.hStdOutput = INVALID_HANDLE_VALUE; si.hStdError = INVALID_HANDLE_VALUE; - cr_flags |= CREATE_SUSPENDED; -#ifndef HAVE_W32CE_SYSTEM + cr_flags |= CREATE_SUSPENDED; cr_flags |= DETACHED_PROCESS; cr_flags |= GetPriorityClass (GetCurrentProcess ()); -#endif if (!CreateProcessA (_gpgme_get_w32spawn_path (), arg_string, &sec_attr, /* process security attributes */ @@ -1639,10 +1600,15 @@ _gpgme_io_spawn (const char *path, char *const argv[], unsigned int flags, /* Insert the inherited handles. */ for (i = 0; fd_list[i].fd != -1; i++) { - HANDLE hd; - + int fd = fd_list[i].fd; + HANDLE ohd = INVALID_HANDLE_VALUE; + HANDLE hd = INVALID_HANDLE_VALUE; + /* Make it inheritable for the wrapper process. */ - if (!DuplicateHandle (GetCurrentProcess(), fd_to_handle (fd_list[i].fd), + if (fd >= 0 && fd < MAX_SLAFD && fd_table[fd].used) + ohd = fd_table[fd].handle; + + if (!DuplicateHandle (GetCurrentProcess(), ohd, pi.hProcess, &hd, 0, TRUE, DUPLICATE_SAME_ACCESS)) { TRACE_LOG1 ("DuplicateHandle failed: ec=%d", (int) GetLastError ()); ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 +++ configure.ac | 2 +- src/ChangeLog | 10 +++++++++ src/assuan-support.c | 19 +++++++++++++++++- src/priv-io.h | 1 + src/w32-io.c | 52 ++++++++----------------------------------------- 6 files changed, 43 insertions(+), 45 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 15:38:17 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 02 Feb 2011 15:38:17 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.1-23-g6d96537 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 6d965377544cf369be6df9af9c92f66c73bbfbb7 (commit) from 1875301d3a5a61e79097e0cd20e1ef8900e7515a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6d965377544cf369be6df9af9c92f66c73bbfbb7 Author: Marcus Brinkmann Date: Wed Feb 2 14:38:15 2011 +0100 Fix C++ users. 2011-02-02 Marcus Brinkmann * assuan.h.in: Replace namespace by _namespace. diff --git a/src/ChangeLog b/src/ChangeLog index 7f0d32f..80ef2a0 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,4 +1,8 @@ -2011-02-02 Marcus Brinkmann +2011-02-02 Marcus Brinkmann + + * assuan.h.in: Replace namespace by _namespace. + +2011-02-02 Marcus Brinkmann * assuan-defs.h (_assuan_socket, _assuan_connect): New prototypes. * assuan.h.in (ASSUAN_SYSTEM_HOOKS_VERSION): Bumped to 2. @@ -10,6 +14,7 @@ _assuan_sock_connect. (libassuan.def, libassuan.vers): Add __assuan_socket and __assuan_connect. + * system.c (_assuan_system_hooks_copy): Initialize destination from system hooks, so we don't get any NULL pointers if there is a version mismatch. Support version 2 of the system hook structure. diff --git a/src/assuan.h.in b/src/assuan.h.in index baf5594..9a70c56 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -245,7 +245,7 @@ struct assuan_system_hooks int action, int *status, int options); int (*socketpair) (assuan_context_t ctx, int _namespace, int style, int protocol, assuan_fd_t filedes[2]); - int (*socket) (assuan_context_t ctx, int namespace, int style, int protocol); + int (*socket) (assuan_context_t ctx, int _namespace, int style, int protocol); int (*connect) (assuan_context_t ctx, int sock, struct sockaddr *addr, socklen_t length); }; typedef struct assuan_system_hooks *assuan_system_hooks_t; ----------------------------------------------------------------------- Summary of changes: src/ChangeLog | 7 ++++++- src/assuan.h.in | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 15:57:43 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 02 Feb 2011 15:57:43 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.1-24-ga7e76c4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via a7e76c4b340045f842d936821bdc6c04bd387b9b (commit) from 6d965377544cf369be6df9af9c92f66c73bbfbb7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a7e76c4b340045f842d936821bdc6c04bd387b9b Author: Marcus Brinkmann Date: Wed Feb 2 15:36:56 2011 +0100 Fix C++ users. 2011-02-02 Marcus Brinkmann * assuan.h.in: Replace namespace by _namespace. diff --git a/src/assuan.h.in b/src/assuan.h.in index 9a70c56..018d5a1 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -472,7 +472,7 @@ int __assuan_spawn (assuan_context_t ctx, pid_t *r_pid, const char *name, void *atforkvalue, unsigned int flags); int __assuan_socketpair (assuan_context_t ctx, int _namespace, int style, int protocol, assuan_fd_t filedes[2]); -int __assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol); +int __assuan_socket (assuan_context_t ctx, int _namespace, int style, int protocol); int __assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, socklen_t length); ----------------------------------------------------------------------- Summary of changes: src/assuan.h.in | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 16:33:20 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Feb 2011 16:33:20 +0100 Subject: [git] GCRYPT - branch, ECC-INTEGRATION-1-5, updated. libgcrypt-1.4.4-65-g9d00b28 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, ECC-INTEGRATION-1-5 has been updated via 9d00b28e0d04361fe9ccf02983bea781b5701c1d (commit) from 8cf24ddb162b66aa2e64e4a3e596bb87fdc7dec3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9d00b28e0d04361fe9ccf02983bea781b5701c1d Author: Werner Koch Date: Wed Feb 2 16:10:42 2011 +0100 Add ChangeLog Entry for Andrey's changes. Nuke trailing white spaces in the ChangeLog. Revert one debug message string. Ready to me merged back to master. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index e584312..02dac02 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -7,13 +7,6 @@ * ecc.c (ecc_get_curve): New. (ecc_get_param_sexp): New. -2011-01-31 Werner Koch - - * ecc.c (ecc_encrypt_raw, ecc_decrypt_raw): Do not free passed - parameters. - (ecc_sk_free, ecc_pk_free): Remove. - (test_keys): Replace ecc_pk_free by point_free and curve_free. - 2011-01-28 Werner Koch * pubkey.c (gcry_pk_genkey): Hack to insert the used curve name. @@ -21,23 +14,8 @@ 2011-01-27 Werner Koch * ecc.c (fill_in_curve): Remove. - (MAX_ECC_OID_LEN): Remove. - (elliptic_curve_t, ecc_domain_parms_t): Remove field NAME_OID. - (curve_oid_NISTP256, curve_oid_NISTP384, curve_oid_NISTP521): - Remove. (generate_curve): Rename to .. (fill_in_curve): this. Remove setting of NAME_OID. - (ecc_generate_ext): Remove kek-params code. - (generate_key): Remove name oid stuff. - (name_oid_to_mpi): Remove. - (mpi_to_name_oid): Remove. - (ecc_generate_ext): Revert to pre-ECDH integration state. - (ecc_check_secret_key): Ditto. - (ecc_sign): Ditto. - (ecc_verify): Ditto. - (ecc_get_nbits): Revert. - (_gcry_pubkey_spec_ecdsa): Revert list or parameters. - (_gcry_pubkey_spec_ecdh): Use same parameter list as for ECDSA. (ecc_encrypt_raw): Change name of arg DATA to K for better readability. Use ECC_public_key instead of ECC_secret_key. Require a caller to pass a complete pkey array. @@ -47,12 +25,13 @@ (generate_key): Add arg R_USED_CURVE. (ecc_generate_ext): Return used curve name. -2011-01-26 Werner Koch +2011-01-13 Andrey Jivsov (wk) - * pubkey.c (sexp_to_key): Revert to pre-ECDH integration state. - Allow for ecdh. - * ecc.c (ecc_get_param): Revert to pre-ECDH integration state. - (compute_keygrip): Revert to 6 parameter version. + * ecc.c (ec2os): Do not free passed parameters X and Y. Adjust + callers. + (ecc_encrypt_raw, ecc_decrypt_raw): New. + (ecdh_names, _gcry_pubkey_spec_ecdh): New. + * pubkey.c (pubkey_table): Support ECDH. 2010-08-19 Werner Koch @@ -217,7 +196,7 @@ (_gcry_elg_generate_using_x): Remove after merging code with elg_generate_ext. (_gcry_pubkey_extraspec_elg): New. - (_gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_sign) + (_gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_sign) (_gcry_elg_verify, _gcry_elg_get_nbits): Make static and remove _gcry_ prefix. * ecc.c (_gcry_ecc_generate): Rename to ecc_generate_ext and @@ -225,7 +204,7 @@ (_gcry_ecc_get_param): Rename to ecc_get_param and make static. (_gcry_pubkey_extraspec_ecdsa): Add ecc_generate_ext and ecc_get_param. - + 2008-11-20 Werner Koch * pubkey.c (pubkey_generate): Add arg DERIVEPARMS. @@ -272,8 +251,8 @@ DSA with qbits. * rsa.c (rsa_generate): Add dummy args QBITS, NAME and DOMAIN and rename to rsa_generate_ext. Change caller. - (_gcry_rsa_generate, _gcry_rsa_check_secret_key) - (_gcry_rsa_encrypt, _gcry_rsa_decrypt, _gcry_rsa_sign) + (_gcry_rsa_generate, _gcry_rsa_check_secret_key) + (_gcry_rsa_encrypt, _gcry_rsa_decrypt, _gcry_rsa_sign) (_gcry_rsa_verify, _gcry_rsa_get_nbits): Make static and remove _gcry_ prefix. (_gcry_pubkey_spec_rsa, _gcry_pubkey_extraspec_rsa): Adjust names. @@ -387,7 +366,7 @@ (_gcry_rsa_generate): Factor all code out to ... (rsa_generate): .. new func with extra arg KEYGEN_FLAGS. (_gcry_pubkey_extraspec_ecdsa): Setup rsa_generate. - * primegen.c (_gcry_generate_secret_prime) + * primegen.c (_gcry_generate_secret_prime) (_gcry_generate_public_prime): Add new arg RANDOM_LEVEL. 2008-08-21 Werner Koch @@ -395,7 +374,7 @@ * primegen.c (_gcry_generate_secret_prime) (_gcry_generate_public_prime): Use a constant macro for the random level. - + 2008-08-19 Werner Koch * pubkey.c (sexp_elements_extract_ecc) [!USE_ECC]: Do not allow @@ -417,7 +396,7 @@ (des_setkey): No on-the-fly self test in fips mode. (tripledes_set3keys): Ditto. - * cipher.c (_gcry_cipher_setkey, _gcry_cipher_setiv): + * cipher.c (_gcry_cipher_setkey, _gcry_cipher_setiv): * dsa.c (generate): Bail out in fips mode if NBITS is less than 1024. * rsa.c (generate): Return an error code if the the requested size @@ -458,7 +437,7 @@ * pubkey.c (pubkey_table_entry): Add field FIPS_ALLOWED and mark appropriate algorithms. - (dummy_generate, dummy_check_secret_key, dummy_encrypt) + (dummy_generate, dummy_check_secret_key, dummy_encrypt) (dummy_decrypt, dummy_sign, dummy_verify, dummy_get_nbits): Signal a fips error when used. (gcry_pk_register): In fips mode do not allow to register new @@ -484,7 +463,7 @@ algorithms. (gcry_cipher_register): Do not allow to register new ciphers. (cipher_setiv): Signal fips error. - + * cipher (gcry_cipher_register_default): Rename to .. (cipher_register_default): .. this. (REGISTER_DEFAULT_CIPHERS): Adjust for that change. @@ -502,7 +481,7 @@ 2008-04-22 Werner Koch - * rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc) + * rijndael.c (_gcry_aes_cfb_enc, _gcry_aes_cbc_enc) (_gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use Padlock if possible. 2008-04-18 Werner Koch @@ -624,19 +603,19 @@ 2007-10-31 Werner Koch * ac.c (gcry_ac_data_new): Remove due to the visibility wrapper. - (gcry_ac_data_destroy, gcry_ac_data_copy, gcry_ac_data_length) - (gcry_ac_data_set, gcry_ac_data_get_name, gcry_ac_data_get_index) - (gcry_ac_data_to_sexp, gcry_ac_data_from_sexp) - (gcry_ac_data_clear, gcry_ac_io_init, gcry_ac_open) - (gcry_ac_close, gcry_ac_key_init, gcry_ac_key_pair_generate) - (gcry_ac_key_pair_extract, gcry_ac_key_destroy) - (gcry_ac_key_pair_destroy, gcry_ac_key_data_get) - (gcry_ac_key_test, gcry_ac_key_get_nbits, gcry_ac_key_get_grip) - (gcry_ac_data_encrypt, gcry_ac_data_decrypt, gcry_ac_data_sign) - (gcry_ac_data_verify, gcry_ac_data_encode, gcry_ac_data_decode) - (gcry_ac_mpi_to_os, gcry_ac_mpi_to_os_alloc, gcry_ac_os_to_mpi) - (gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme) - (gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme) + (gcry_ac_data_destroy, gcry_ac_data_copy, gcry_ac_data_length) + (gcry_ac_data_set, gcry_ac_data_get_name, gcry_ac_data_get_index) + (gcry_ac_data_to_sexp, gcry_ac_data_from_sexp) + (gcry_ac_data_clear, gcry_ac_io_init, gcry_ac_open) + (gcry_ac_close, gcry_ac_key_init, gcry_ac_key_pair_generate) + (gcry_ac_key_pair_extract, gcry_ac_key_destroy) + (gcry_ac_key_pair_destroy, gcry_ac_key_data_get) + (gcry_ac_key_test, gcry_ac_key_get_nbits, gcry_ac_key_get_grip) + (gcry_ac_data_encrypt, gcry_ac_data_decrypt, gcry_ac_data_sign) + (gcry_ac_data_verify, gcry_ac_data_encode, gcry_ac_data_decode) + (gcry_ac_mpi_to_os, gcry_ac_mpi_to_os_alloc, gcry_ac_os_to_mpi) + (gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme) + (gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme) (gcry_ac_io_init_va): Ditto. (gcry_ac_id_to_name, gcry_ac_name_to_id): Remove as these deprecated functions are now implemented by visibility.c. @@ -798,7 +777,7 @@ (gcry_randomize, _gcry_update_random_seed_file) (_gcry_fast_random_poll): Factor lock code out to .. (lock_pool, unlock_pool): .. new. - (initialize): Look the pool while allocating. + (initialize): Look the pool while allocating. (read_random_source, do_fast_random_poll): Moved intialization to ... (initialize): .. here. (_gcry_enable_quick_random_gen): No more need for initialization. @@ -806,7 +785,7 @@ (initialize): .. here and changed all users to unconditionally call initialize. (add_randomness): Remove initalization here. It simply can't - happen. + happen. * random.c (enum random_origins): Moved to .. * rand-internal.h: .. here. @@ -852,7 +831,7 @@ * cipher.c (gcry_cipher_algo_name): Simplified. - * random.c: Use the daemon only if compiled with USE_RANDOM_DAEMON. + * random.c: Use the daemon only if compiled with USE_RANDOM_DAEMON. * Makefile.am (libcipher_la_SOURCES): Build random-daemon support only if requested. @@ -963,10 +942,10 @@ available. 2006-10-04 David Shaw (wk) - + * tiger.c (round): Rename to tiger_round as gcc 4 has a built-in round function that this conflicts with. - + 2006-09-11 Werner Koch * rndw32.c (slow_gatherer_windowsNT): While adding data use the @@ -988,7 +967,7 @@ initialize the socket. Remove arg SOCKETNAME. (connect_to_socket): Make sure that daemon is set to -1 on error. (call_daemon): Initialize the socket on the first call. - (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) + (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) (_gcry_daemon_create_nonce): New arg SOCKETNAME. * random.c (initialize): Call new daemon initializator. (get_random_bytes, gcry_randomize, gcry_create_nonce): Pass socket @@ -1017,16 +996,16 @@ * rsa.c (_gcry_rsa_generate): Replace xcalloc by calloc. * pubkey.c (gcry_pk_encrypt, gcry_pk_sign): Ditto. - (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_encrypt) - (gcry_pk_sign, gcry_pk_genkey, gcry_pk_get_keygrip): Ditto. + (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_encrypt) + (gcry_pk_sign, gcry_pk_genkey, gcry_pk_get_keygrip): Ditto. * md.c (md_copy): Ditto. - + 2006-04-22 Moritz Schulte * random-daemon.c (_gcry_daemon_initialize_basics): New argument: SOCKETNAME. Passing on to connect_to_socket() if non-NULL. (connect_to_socket, writen, readn, call_daemon): New functions. - (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) + (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) (_gcry_daemon_create_nonce): Call call_daemon(). (RANDOM_DAEMON_SOCKET): New symbol. (daemon_socket): New static variable. @@ -1077,7 +1056,7 @@ * md.c, sha256.c: Add support for SHA-224. (sha224_init): New. - + 2006-01-18 Brad Hards (wk 2006-03-07) * cipher.c (cipher_encrypt, cipher_decrypt, do_ofb_encrypt) @@ -1298,7 +1277,7 @@ * des.c: Add a new OID as used by pkcs#12. - * rfc2268.c: New. Taken from libgcrypt. + * rfc2268.c: New. Taken from libgcrypt. * cipher.c: Setup the rfc2268 algorithm. 2004-01-25 Moritz Schulte @@ -1361,7 +1340,7 @@ * rndegd.c: Changed indentation. (my_make_filename): Removd the var_arg cruft becuase we - don't need it here. Changed caller. + don't need it here. Changed caller. * rndlinux.c: Changed indentation. (open_device): Remove the superfluous stat call and clarify @@ -1382,7 +1361,7 @@ 2003-12-09 Werner Koch * dsa.c: Unified indentation style. - * elgamal.c: Ditto. + * elgamal.c: Ditto. * des.c (des_key_schedule): Code beautifications. * blowfish.c: Changed indentation style. * cast5.c (do_cast_setkey): Ditto. @@ -1480,7 +1459,7 @@ * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move prototypes to .. - * rand-internal.h: .. here + * rand-internal.h: .. here * random.c (getfnc_gather_random): Include rndw32 gatherer. * rndunix.c, rndw32.c, rndegd.c: Include them here. * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_ @@ -1575,7 +1554,7 @@ * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM two times, but also the NAME_OF_DEV_URANDOM device. - + 2003-08-08 Moritz Schulte * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not @@ -1838,7 +1817,7 @@ 2003-06-19 Werner Koch - * md.c (gcry_md_is_enabled): Fixed. + * md.c (gcry_md_is_enabled): Fixed. 2003-06-18 Werner Koch @@ -1978,7 +1957,7 @@ (gcry_md_copy): Swapped arguments so that it is more in lione with md_open and most other API fucntions like memcpy (destination comes first). Make sure HANDLE is set to NULL on error. - + * rijndael.c (do_encrypt): Hack to force correct alignment. It seems not to be not sufficient, though. We should rework this fucntions and remove all these ugly casts. Let the compiler @@ -2005,7 +1984,7 @@ This is not required by C89, but there are some compilers out there that don't like it. Replaced any occurence of the now deprecated type names with the new ones. - + 2003-06-04 Moritz Schulte * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use @@ -2261,7 +2240,7 @@ (gcry_cipher_close): Call _gcry_module_release. 2003-04-09 Moritz Schulte - + * cipher.c: Include "ath.h". * md.c: Likewise. * pubkey.c: Likewise. @@ -2349,7 +2328,7 @@ * rsa.c (pubkey_spec_rsa): New variable. * dsa.c (pubkey_spec_rsa): New variable. * elgamal.c (pubkey_spec_elg): New variable. - + * rsa.c (_gcry_rsa_get_info): Removed function. * elgamal.c (_gcry_elg_get_info): Removed function. * dsa.c (_gcry_dsa_get_info): Removed function. @@ -2358,7 +2337,7 @@ (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_tiger_constructor): Removed function. - + * sha1.c (sha1_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. @@ -2406,14 +2385,14 @@ * blowfish.c (bf_setkey: Likewise. (encrypt_block): Likewise. (decrypt_block): Likewise. - + * arcfour.c (encrypt_stream): Likewise. * rijndael.c (gnupgext_version, func_table): Removed definitions. - (gnupgext_enum_func) Removed function. - + (gnupgext_enum_func) Removed function. + * twofish.c (gnupgext_version, func_table): Removed definitions. - (gnupgext_enum_func) Removed function. + (gnupgext_enum_func) Removed function. * cast5.c (CIPHER_ALGO_CAST5): Removed. @@ -2440,7 +2419,7 @@ * des.c (cipher_spec_des, cipher_spec_tripledes): New variables. * cast5.c (cipher_spec_cast5): New variable. * blowfish.c (cipher_spec_blowfish): Likewise. - + * twofish.c: Do not include "dynload.h". * rijndael.c: Likewise. * des.c: Likewise. @@ -2486,7 +2465,7 @@ (encrypt_block): Declared argument `inbuf' const. (encrypt_block): Likewise. - + * cipher.c: Remove CIPHER_ALGO_DUMMY related code. Removed struct cipher_table_s. @@ -2648,7 +2627,7 @@ `decrypt' function arguments. (_gcry_enum_gnupgext_pubkeys): Likewise. * dynload.h: Likewise. - + * pubkey.c (dummy_decrypt): Add argument: int flags. (dummy_encrypt): Likewise. @@ -2758,7 +2737,7 @@ * random.c (_gcry_register_random_progress): New. (_gcry_random_progress): New. - * rndlinux.c (gather_random): Call the random progress function. + * rndlinux.c (gather_random): Call the random progress function. 2003-01-23 Werner Koch @@ -2786,7 +2765,7 @@ * random.c (gcry_random_add_bytes): New. Function to add external random to the pool. - + 2003-01-20 Simon Josefsson * crc.c: New. @@ -2860,7 +2839,7 @@ 2002-11-23 Werner Koch * md.c (load_digest_module): Enlarged checked_algos bitmap. - * md4.c (func_table): Fixed entry for md4. + * md4.c (func_table): Fixed entry for md4. Both by Simon Josephson. (transform): Copy data to get the alignment straight. Tested only on i386. @@ -2868,7 +2847,7 @@ 2002-11-10 Simon Josefsson * cipher.c (gcry_cipher_open): Don't reject CTS flag. - (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt) + (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt) (gcry_cipher_encrypt, cipher_decrypt) (gcry_cipher_decrypt): Support CTS flag. (gcry_cipher_ctl): Toggle CTS flag. @@ -2876,8 +2855,8 @@ 2002-11-10 Werner Koch * md4.c: New. By Simon Josefsson. - * Makefile.am (EXTRA_PROGRAMS): Add md4.c. - * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support. + * Makefile.am (EXTRA_PROGRAMS): Add md4.c. + * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support. 2002-10-14 Werner Koch @@ -2887,11 +2866,11 @@ 2002-10-10 Timo Schulz * pubkey.c (gcry_pk_genkey): Check boundaries. - + * md.c (gcry_md_open): Check that algo is available and only valid flag values are used. (gcry_md_get_algo): Add error handling. - + 2002-09-26 Werner Koch * md.c: Include an OID for TIGER. @@ -2916,7 +2895,7 @@ * twofish.c (do_twofish_setkey): Ditto. * rndegd.c (gather_random): Ditto. * rijndael.c (do_setkey): Ditto. - * random.c (_gcry_random_dump_stats): Ditto. + * random.c (_gcry_random_dump_stats): Ditto. * primegen.c (_gcry_generate_elg_prime): Ditto. * des.c (_gcry_des_get_info): Ditto. * cast5.c (do_cast_setkey): Ditto. @@ -2950,9 +2929,9 @@ 2002-07-08 Timo Schulz - * rndw32.c: Replaced the m_ memory functions with the real + * rndw32.c: Replaced the m_ memory functions with the real gcry_ functions. Renamed all g10_ prefixed functions to log_. - + 2002-06-12 Werner Koch * rsa.c (generate): Use e = 65537 for now. @@ -2965,7 +2944,7 @@ * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Check that the input size is a multiple of the blocksize. - + 2002-05-23 Werner Koch * md.c (oid_table): Add an rsadsi OID for MD5. @@ -3087,7 +3066,7 @@ * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name and not by number. - + * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign) (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey) (gcry_pk_get_nbits): Release the arrays. Noted by Nikos @@ -3100,7 +3079,7 @@ 2001-12-05 Werner Koch - * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa. + * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa. 2001-11-24 Werner Koch @@ -3111,7 +3090,7 @@ number. (gcry_pk_get_nbits): Fixed so that we can now really pass a secret key to get the result. - + * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid." or "OID." so that an OID string can be used as an S-Exp token. @@ -3120,7 +3099,7 @@ * md.c (gcry_md_map_name): Lookup by OID if the the name begins with a digit. (oid_table): New. - + 2001-11-16 Werner Koch * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED. @@ -3147,14 +3126,14 @@ this really work but we should do so to prepare for hardware encryption modules. (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and - set lasterr. + set lasterr. (gcry_cipher_ctl): Make sure that errors from setkey are returned. 2001-08-02 Werner Koch * rndlinux.c (gather_random): casted a size_t arg to int so that the format string is correct. Casting is okay here and avoids - translation changes. + translation changes. * random.c (fast_random_poll): Do not check the return code of getrusage. @@ -3182,7 +3161,7 @@ * arcfour.c (arcfour_setkey): Check the minimim keylength against bytes and not bits. - (selftest): Must reset the key before decryption. + (selftest): Must reset the key before decryption. 2001-05-31 Werner Koch @@ -3190,7 +3169,7 @@ Changed all g10_ prefixed function names as well as some mpi_ function names to cope with the introduced naming changes. - + * md.c (prepare_macpads): Made key const. 2001-05-28 Werner Koch @@ -3217,7 +3196,7 @@ * tiger.c (tiger_get_info): Return "TIGER192" and not just "TIGER". By Edwin Woudt. - + * random.c: Always include time.h - standard requirement. Thanks to James Troup. @@ -3232,7 +3211,7 @@ Major change: Removed all GnuPG stuff and renamed this piece of software - to gcrypt. + to gcrypt. 2000-11-14 Werner Koch @@ -3260,10 +3239,10 @@ Wed Oct 4 13:16:18 CEST 2000 Werner Koch * sha1.c (transform): Use rol() macro. Actually this is not needed for a newer gcc but there are still aoter compilers. - * rsa.c (test_keys): Use new random function. + * rsa.c (test_keys): Use new random function. * md.c (gcry_md_setkey): New function to overcome problems with - const conflics. + const conflics. (gcry_md_ctl): Pass set key to the new functions. * rijndael.c: New. diff --git a/cipher/ecc.c b/cipher/ecc.c index eca95eb..6548fed 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -847,7 +847,7 @@ verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s) log_mpidump (" y", y); log_mpidump (" r", r); log_mpidump (" s", s); - log_debug ("ecc verify: Not verified (x != y)\n"); + log_debug ("ecc verify: Not verified\n"); } err = GPG_ERR_BAD_SIGNATURE; goto leave; diff --git a/tests/curves.c b/tests/curves.c index 16240c5..6cfcd4f 100644 --- a/tests/curves.c +++ b/tests/curves.c @@ -197,7 +197,7 @@ main (int argc, char **argv) if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); - + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); if (debug) @@ -205,6 +205,6 @@ main (int argc, char **argv) list_curves (); check_matching (); check_get_params (); - + return error_count ? 1 : 0; } ----------------------------------------------------------------------- Summary of changes: cipher/ChangeLog | 185 ++++++++++++++++++++++++------------------------------ cipher/ecc.c | 2 +- tests/curves.c | 4 +- 3 files changed, 85 insertions(+), 106 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 16:40:46 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Feb 2011 16:40:46 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.4.4-65-g9d00b28 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9d00b28e0d04361fe9ccf02983bea781b5701c1d (commit) via 8cf24ddb162b66aa2e64e4a3e596bb87fdc7dec3 (commit) via dbf7709d6339f74d7a88c96440e92576f3109486 (commit) via 5c4179860ef0b31b4c6ba957be9fa707a0ba7d9b (commit) via 7cb0d357f1564b2ba3fdde707bd9ee7272059d5b (commit) via 0b1d70dcd6b81b1bc10f574e1b34ac7723e245a2 (commit) via 1517b088d3b0602990dba0002ea16221387ad30f (commit) via 55563efccdafc8fb470cab0cae6d186147cc09b6 (commit) via f4786ac5fe01ba111eee27d1a1e9f3d40a9fac02 (commit) via 2089236f5713118e8adbaf8482730e3f2c556c1a (commit) via def2727f8bee594b2b51863391296468813c604b (commit) via 54f50ea4d1e5d0e94d8cc16ed777fca88b076ee4 (commit) via 94760660ab77bab25b24d67f8e813f1b49d35e07 (commit) via 899386826c85f1e757e75bcc5d5b2159d05676a0 (commit) via 2c32b631acc1637c1d7826bcdcecf6c0ae9ce7fc (commit) from 3bbd874e677c5330b93591c3ae38f9e9372ebcd5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: .gitignore | 77 +++++++- AUTHORS | 8 +- NEWS | 11 + cipher/ChangeLog | 189 ++++++++++------- cipher/ecc.c | 590 +++++++++++++++++++++++++++++++++++++++++++--------- cipher/pubkey.c | 359 ++++++++++++++++++++++---------- doc/gcrypt.texi | 9 +- mpi/ChangeLog | 4 + mpi/mpi-cmp.c | 59 ++++-- src/ChangeLog | 17 ++- src/cipher-proto.h | 13 +- src/cipher.h | 1 + src/gcrypt.h.in | 10 +- src/libgcrypt.def | 6 +- src/libgcrypt.vers | 1 + src/sexp.c | 90 ++++++--- src/visibility.c | 24 ++- src/visibility.h | 6 + tests/ChangeLog | 4 + tests/Makefile.am | 3 +- tests/curves.c | 210 +++++++++++++++++++ 21 files changed, 1339 insertions(+), 352 deletions(-) create mode 100644 tests/curves.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 16:44:18 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Feb 2011 16:44:18 +0100 Subject: [git] GCRYPT - tag, ecc-integration-done, created. libgcrypt-1.4.4-65-g9d00b28 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The tag, ecc-integration-done has been created at 9d00b28e0d04361fe9ccf02983bea781b5701c1d (commit) - Log ----------------------------------------------------------------- commit 9d00b28e0d04361fe9ccf02983bea781b5701c1d Author: Werner Koch Date: Wed Feb 2 16:10:42 2011 +0100 Add ChangeLog Entry for Andrey's changes. Nuke trailing white spaces in the ChangeLog. Revert one debug message string. Ready to me merged back to master. ----------------------------------------------------------------------- hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 2 18:02:42 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 02 Feb 2011 18:02:42 +0100 Subject: [git] GnuPG - branch, ECC-INTEGRATION-2-1, updated. gnupg-2.1.0beta1-71-g20f429f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, ECC-INTEGRATION-2-1 has been updated via 20f429f735d6e965e0660484f8286fe24fb6162b (commit) from 4659c923a08002a72cb4bb5b3c4e6a02d7484767 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 20f429f735d6e965e0660484f8286fe24fb6162b Author: Werner Koch Date: Wed Feb 2 17:40:32 2011 +0100 Compute the fingerprint for ECDH only on demand. This also fixes a failed assertion when using a v3 key where the fingerprint size is not 20. diff --git a/g10/ChangeLog b/g10/ChangeLog index bb55ff8..b3358c9 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,11 @@ 2011-02-02 Werner Koch + * encrypt.c (write_pubkey_enc_from_list): Don't compute the + fingerprint. + * pkglue.c (pk_encrypt): Replace PK_FP by PK and compute the + fingerprint only when needed. + * pkglue.h: Include packet.h. + * import.c (transfer_secret_keys): Make sure keyids are available. * keyid.c (hash_public_key): Adjust for the ECC case. diff --git a/g10/encrypt.c b/g10/encrypt.c index 8548a57..83b43a8 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -84,7 +84,7 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey) /* The encrypted session key is prefixed with a one-octet algorithm id. */ buf[0] = (*seskey)->algo; memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen ); - + /* We only pass already checked values to the following fucntion, thus we consider any failure as fatal. */ if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) @@ -119,7 +119,7 @@ use_mdc(PK_LIST pk_list,int algo) if(select_mdc_from_pklist(pk_list)) return 1; - + /* The keys don't support MDC, so now we do a bit of a hack - if any of the AESes or TWOFISH are in the prefs, we assume that the user can handle a MDC. This is valid for PGP 7, which can handle MDCs @@ -181,7 +181,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) memset( &zfx, 0, sizeof zfx); memset( &tfx, 0, sizeof tfx); init_packet(&pkt); - + /* Prepare iobufs. */ inp = iobuf_open(filename); if (inp) @@ -200,23 +200,23 @@ encrypt_simple (const char *filename, int mode, int use_seskey) release_progress_context (pfx); return rc; } - + handle_progress (pfx, inp, filename); - + if (opt.textmode) iobuf_push_filter( inp, text_filter, &tfx ); - + /* Due the the fact that we use don't use an IV to encrypt the session key we can't use the new mode with RFC1991 because it has no S2K salt. RFC1991 always uses simple S2K. */ if ( RFC1991 && use_seskey ) use_seskey = 0; - + cfx.dek = NULL; - if ( mode ) + if ( mode ) { int canceled; - + s2k = xmalloc_clear( sizeof *s2k ); s2k->mode = RFC1991? 0:opt.s2k_mode; s2k->hash_algo = S2K_DIGEST_ALGO; @@ -233,37 +233,37 @@ encrypt_simple (const char *filename, int mode, int use_seskey) release_progress_context (pfx); return rc; } - if (use_seskey && s2k->mode != 1 && s2k->mode != 3) + if (use_seskey && s2k->mode != 1 && s2k->mode != 3) { use_seskey = 0; log_info (_("can't use a symmetric ESK packet " "due to the S2K mode\n")); } - + if ( use_seskey ) { DEK *dek = NULL; - + seskeylen = openpgp_cipher_get_algo_keylen (default_cipher_algo ()); encrypt_seskey( cfx.dek, &dek, enckey ); xfree( cfx.dek ); cfx.dek = dek; } - + if (opt.verbose) log_info(_("using cipher %s\n"), openpgp_cipher_algo_name (cfx.dek->algo)); - + cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo); } - + if (do_compress && cfx.dek && cfx.dek->use_mdc && is_file_compressed(filename, &rc)) { if (opt.verbose) log_info(_("`%s' already compressed\n"), filename); - do_compress = 0; + do_compress = 0; } - + if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, &out ))) { iobuf_cancel (inp); @@ -272,7 +272,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) release_progress_context (pfx); return rc; } - + if ( opt.armor ) { afx = new_armor_context (); @@ -296,7 +296,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) log_error("build symkey packet failed: %s\n", g10_errstr(rc) ); xfree (enc); } - + if (!opt.no_literal) pt = setup_plaintext_name (filename, inp); @@ -347,7 +347,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey) pkt.pkttype = 0; pkt.pkt.generic = NULL; } - + /* Register the cipher filter. */ if (mode) iobuf_push_filter ( out, cipher_filter, &cfx ); @@ -359,14 +359,14 @@ encrypt_simple (const char *filename, int mode, int use_seskey) zfx.new_ctb = 1; push_compress_filter (out, &zfx, default_compress_algo()); } - + /* Do the work. */ if (!opt.no_literal) { if ( (rc = build_packet( out, &pkt )) ) log_error("build_packet failed: %s\n", g10_errstr(rc) ); } - else + else { /* User requested not to create a literal packet, so we copy the plain data. */ @@ -380,12 +380,12 @@ encrypt_simple (const char *filename, int mode, int use_seskey) } wipememory (copy_buffer, 4096); /* burn buffer */ } - + /* Finish the stuff. */ iobuf_close (inp); if (rc) iobuf_cancel(out); - else + else { iobuf_close (out); /* fixme: check returncode */ if (mode) @@ -425,7 +425,7 @@ setup_symkey (STRING2KEY **symkey_s2k,DEK **symkey_dek) static int -write_symkey_enc (STRING2KEY *symkey_s2k, DEK *symkey_dek, DEK *dek, +write_symkey_enc (STRING2KEY *symkey_s2k, DEK *symkey_dek, DEK *dek, iobuf_t out) { int rc, seskeylen = openpgp_cipher_get_algo_keylen (dek->algo); @@ -492,7 +492,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, memset( &tfx, 0, sizeof tfx); init_packet(&pkt); - if (use_symkey + if (use_symkey && (rc=setup_symkey(&symkey_s2k,&symkey_dek))) { release_progress_context (pfx); @@ -509,7 +509,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, return rc; } } - + if(PGP2) { for (work_list=pk_list; work_list; work_list=work_list->next) @@ -560,17 +560,17 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, rc = open_outfile (outputfd, filename, opt.armor? 1:0, &out); if (rc) goto leave; - + if (opt.armor) { afx = new_armor_context (); push_armor_filter (afx, out); } - + /* Create a session key. */ cfx.dek = xmalloc_secure_clear (sizeof *cfx.dek); if (!opt.def_cipher_algo) - { + { /* Try to get it from the prefs. */ cfx.dek->algo = select_algo_from_prefs (pk_list, PREFTYPE_SYM, -1, NULL); /* The only way select_algo_from_prefs can fail here is when @@ -582,7 +582,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, if (cfx.dek->algo == -1) { cfx.dek->algo = CIPHER_ALGO_3DES; - + if (PGP2) { log_info(_("unable to use the IDEA cipher for all of the keys " @@ -610,12 +610,12 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, openpgp_cipher_algo_name (opt.def_cipher_algo), opt.def_cipher_algo); } - + cfx.dek->algo = opt.def_cipher_algo; } - + cfx.dek->use_mdc = use_mdc (pk_list,cfx.dek->algo); - + /* Only do the is-file-already-compressed check if we are using a MDC. This forces compressed files to be re-compressed if we do not have a MDC to give some protection against chosen ciphertext @@ -625,7 +625,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, { if (opt.verbose) log_info(_("`%s' already compressed\n"), filename); - do_compress = 0; + do_compress = 0; } if (rc2) { @@ -636,7 +636,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, make_session_key (cfx.dek); if (DBG_CIPHER) log_printhex ("DEK is: ", cfx.dek->key, cfx.dek->keylen ); - + rc = write_pubkey_enc_from_list (pk_list, cfx.dek, out); if (rc) goto leave; @@ -647,16 +647,16 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, secret key needed to decrypt. */ if(use_symkey && (rc = write_symkey_enc(symkey_s2k,symkey_dek,cfx.dek,out))) goto leave; - + if (!opt.no_literal) pt = setup_plaintext_name (filename, inp); - + if (filefd != -1 && !iobuf_is_pipe_filename (filename) && *filename && !opt.textmode ) { off_t tmpsize; int overflow; - + if ( !(tmpsize = iobuf_get_filelength(inp, &overflow)) && !overflow && opt.verbose) log_info(_("WARNING: `%s' is an empty file\n"), filename ); @@ -672,7 +672,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, else filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */ - if (!opt.no_literal) + if (!opt.no_literal) { pt->timestamp = make_timestamp(); pt->mode = opt.textmode ? 't' : 'b'; @@ -693,7 +693,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, if (do_compress) { int compr_algo = opt.compress_algo; - + if (compr_algo == -1) { compr_algo = select_algo_from_prefs (pk_list, PREFTYPE_ZIP, -1, NULL); @@ -702,7 +702,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, /* Theoretically impossible to get here since uncompressed is implicit. */ } - else if (!opt.expert + else if (!opt.expert && select_algo_from_prefs(pk_list, PREFTYPE_ZIP, compr_algo, NULL) != compr_algo) { @@ -710,7 +710,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, " violates recipient preferences\n"), compress_algo_to_string(compr_algo), compr_algo); } - + /* Algo 0 means no compression. */ if (compr_algo) { @@ -719,7 +719,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, push_compress_filter (out,&zfx,compr_algo); } } - + /* Do the work. */ if (!opt.no_literal) { @@ -750,7 +750,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, iobuf_close (inp); if (rc) iobuf_cancel (out); - else + else { iobuf_close (out); /* fixme: check returncode */ write_status (STATUS_END_ENCRYPTION); @@ -779,7 +779,7 @@ encrypt_filter (void *opaque, int control, size_t size = *ret_len; encrypt_filter_context_t *efx = opaque; int rc = 0; - + if (control == IOBUFCTRL_UNDERFLOW) /* decrypt */ { BUG(); /* not used */ @@ -789,19 +789,19 @@ encrypt_filter (void *opaque, int control, if ( !efx->header_okay ) { efx->cfx.dek = xmalloc_secure_clear ( sizeof *efx->cfx.dek ); - if ( !opt.def_cipher_algo ) + if ( !opt.def_cipher_algo ) { /* Try to get it from the prefs. */ efx->cfx.dek->algo = select_algo_from_prefs (efx->pk_list, PREFTYPE_SYM, -1, NULL); - if (efx->cfx.dek->algo == -1 ) + if (efx->cfx.dek->algo == -1 ) { /* Because 3DES is implicitly in the prefs, this can only happen if we do not have any public keys in the list. */ efx->cfx.dek->algo = DEFAULT_CIPHER_ALGO; } - + /* In case 3DES has been selected, print a warning if any key does not have a preference for AES. This should help to indentify why encrypting to several @@ -810,7 +810,7 @@ encrypt_filter (void *opaque, int control, && efx->cfx.dek->algo == CIPHER_ALGO_3DES) warn_missing_aes_from_pklist (efx->pk_list); } - else + else { if (!opt.expert && select_algo_from_prefs (efx->pk_list,PREFTYPE_SYM, @@ -820,12 +820,12 @@ encrypt_filter (void *opaque, int control, "violates recipient preferences\n"), openpgp_cipher_algo_name (opt.def_cipher_algo), opt.def_cipher_algo); - + efx->cfx.dek->algo = opt.def_cipher_algo; } - + efx->cfx.dek->use_mdc = use_mdc (efx->pk_list,efx->cfx.dek->algo); - + make_session_key ( efx->cfx.dek ); if (DBG_CIPHER) log_printhex ("DEK is: ", efx->cfx.dek->key, efx->cfx.dek->keylen); @@ -841,13 +841,13 @@ encrypt_filter (void *opaque, int control, if(rc) return rc; } - + iobuf_push_filter (a, cipher_filter, &efx->cfx); - + efx->header_okay = 1; } rc = iobuf_write (a, buf, size); - + } else if (control == IOBUFCTRL_FREE) { @@ -876,11 +876,9 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out) for ( ; pk_list; pk_list = pk_list->next ) { gcry_mpi_t frame; - byte fp[MAX_FINGERPRINT_LEN]; - size_t fpn; pk = pk_list->pk; - + print_pubkey_algo_note ( pk->pubkey_algo ); enc = xmalloc_clear ( sizeof *enc ); enc->pubkey_algo = pk->pubkey_algo; @@ -894,9 +892,6 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out) compliance_failure(); } - fingerprint_from_pk (pk, fp, &fpn); - assert (fpn == 20); - /* Okay, what's going on: We have the session key somewhere in * the structure DEK and want to encode this session key in an * integer value of n bits. pubkey_nbits gives us the number of @@ -909,9 +904,9 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out) * for Elgamal). We don't need frame anymore because we have * everything now in enc->data which is the passed to * build_packet(). */ - frame = encode_session_key (pk->pubkey_algo, dek, + frame = encode_session_key (pk->pubkey_algo, dek, pubkey_nbits (pk->pubkey_algo, pk->pkey)); - rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, fp, pk->pkey); + rc = pk_encrypt (pk->pubkey_algo, enc->data, frame, pk, pk->pkey); gcry_mpi_release (frame); if (rc) log_error ("pubkey_encrypt failed: %s\n", gpg_strerror (rc) ); @@ -932,7 +927,7 @@ write_pubkey_enc_from_list (PK_LIST pk_list, DEK *dek, iobuf_t out) pkt.pkt.pubkey_enc = enc; rc = build_packet (out, &pkt); if (rc) - log_error ("build_packet(pubkey_enc) failed: %s\n", + log_error ("build_packet(pubkey_enc) failed: %s\n", g10_errstr (rc)); } free_pubkey_enc(enc); @@ -951,9 +946,9 @@ encrypt_crypt_files (ctrl_t ctrl, int nfiles, char **files, strlist_t remusr) if (opt.outfile) { log_error(_("--output doesn't work for this command\n")); - return; + return; } - + if (!nfiles) { char line[2048]; diff --git a/g10/pkglue.c b/g10/pkglue.c index 66ba48b..836c2c3 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -37,7 +37,7 @@ mpi_from_sexp (gcry_sexp_t sexp, const char * item) { gcry_sexp_t list; gcry_mpi_t data; - + list = gcry_sexp_find_token (sexp, item, 0); assert (list); data = gcry_sexp_nth_mpi (list, 1, 0); @@ -151,10 +151,11 @@ pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey) /**************** * Emulate our old PK interface here - sometime in the future we might * change the internal design to directly fit to libgcrypt. + * PK is only required to compute the fingerprint for ECDH. */ int pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, - const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t *pkey) + PKT_public_key *pk, gcry_mpi_t *pkey) { gcry_sexp_t s_ciph, s_data, s_pkey; int rc; @@ -179,15 +180,17 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, if (rc || gcry_sexp_build (&s_data, NULL, "%m", data)) BUG (); } - else if (algo == PUBKEY_ALGO_ECDH) + else if (algo == PUBKEY_ALGO_ECDH) { gcry_mpi_t k; char *curve; + byte fp[MAX_FINGERPRINT_LEN]; + size_t fpn; rc = pk_ecdh_generate_ephemeral_key (pkey, &k); if (rc) return rc; - + curve = openpgp_oid_to_str (pkey[0]); if (!curve) rc = gpg_error_from_syserror (); @@ -215,12 +218,14 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, if (rc) ; - else if (algo == PUBKEY_ALGO_ECDH) + else if (algo == PUBKEY_ALGO_ECDH) { gcry_mpi_t shared, public, result; + byte fp[MAX_FINGERPRINT_LEN]; + size_t fpn; /* Get the shared point and the ephemeral public key. */ - shared = mpi_from_sexp (s_ciph, "s"); + shared = mpi_from_sexp (s_ciph, "s"); public = mpi_from_sexp (s_ciph, "e"); gcry_sexp_release (s_ciph); s_ciph = NULL; @@ -230,10 +235,14 @@ pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_dump (public); log_printf ("\n"); } - + result = NULL; - rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared, - pk_fp, data, pkey, &result); + fingerprint_from_pk (pk, fp, &fpn); + if (fpn != 20) + rc = gpg_error (GPG_ERR_INV_LENGTH); + else + rc = pk_ecdh_encrypt_with_shared_point (1 /*=encrypton*/, shared, + fp, data, pkey, &result); gcry_mpi_release (shared); if (!rc) { diff --git a/g10/pkglue.h b/g10/pkglue.h index eb0d7c1..e5165f7 100644 --- a/g10/pkglue.h +++ b/g10/pkglue.h @@ -20,14 +20,15 @@ #ifndef GNUPG_G10_PKGLUE_H #define GNUPG_G10_PKGLUE_H +#include "packet.h" /* For PKT_public_key. */ + /*-- pkglue.c --*/ gcry_mpi_t mpi_from_sexp (gcry_sexp_t sexp, const char * item); int pk_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey); int pk_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, - const byte fp[MAX_FINGERPRINT_LEN], - gcry_mpi_t *pkey); + PKT_public_key *pk, gcry_mpi_t *pkey); int pk_check_secret_key (int algo, gcry_mpi_t *skey); @@ -35,7 +36,7 @@ int pk_check_secret_key (int algo, gcry_mpi_t *skey); gcry_mpi_t pk_ecdh_default_params (unsigned int qbits); gpg_error_t pk_ecdh_generate_ephemeral_key (gcry_mpi_t *pkey, gcry_mpi_t *r_k); gpg_error_t pk_ecdh_encrypt_with_shared_point -/* */ (int is_encrypt, gcry_mpi_t shared_mpi, +/* */ (int is_encrypt, gcry_mpi_t shared_mpi, const byte pk_fp[MAX_FINGERPRINT_LEN], gcry_mpi_t data, gcry_mpi_t *pkey, gcry_mpi_t *out); ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 6 +++ g10/encrypt.c | 129 +++++++++++++++++++++++++++----------------------------- g10/pkglue.c | 27 ++++++++---- g10/pkglue.h | 7 ++- 4 files changed, 90 insertions(+), 79 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 13:03:26 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Thu, 03 Feb 2011 13:03:26 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.1-25-g5560095 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 556009514f59fd76bf657a67cd3772b3603ab54a (commit) from a7e76c4b340045f842d936821bdc6c04bd387b9b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 556009514f59fd76bf657a67cd3772b3603ab54a Author: Marcus Brinkmann Date: Thu Feb 3 12:42:10 2011 +0100 Reroute all socket and connect through the nonce implemenation in assuan-socket.c. 2011-02-03 Marcus Brinkmann * assuan-socket.c (_assuan_sock_new): Call _assuan_socket instead of socket. (_assuan_sock_connect): Call _assuan_connect instead of connect. * assuan-socket-connect.c (assuan_socket_connect): Call _assuan_sock_new and _assuan_sock_connect instead of _assuan_socket and assuan_connect. * src/system-w32.c, src/system-w32ce.c (__assuan_socket): Call socket instead of _assuan_sock_new. (__assuan_connect): Call connect instead of _assuan_sock_connect. diff --git a/src/ChangeLog b/src/ChangeLog index 80ef2a0..46bbe1f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,15 @@ +2011-02-03 Marcus Brinkmann + + * assuan-socket.c (_assuan_sock_new): Call _assuan_socket instead + of socket. + (_assuan_sock_connect): Call _assuan_connect instead of connect. + * assuan-socket-connect.c (assuan_socket_connect): Call + _assuan_sock_new and _assuan_sock_connect instead of + _assuan_socket and assuan_connect. + * src/system-w32.c, src/system-w32ce.c (__assuan_socket): Call + socket instead of _assuan_sock_new. + (__assuan_connect): Call connect instead of _assuan_sock_connect. + 2011-02-02 Marcus Brinkmann * assuan.h.in: Replace namespace by _namespace. diff --git a/src/assuan-socket-connect.c b/src/assuan-socket-connect.c index 609813d..fa3db4b 100644 --- a/src/assuan-socket-connect.c +++ b/src/assuan-socket-connect.c @@ -251,7 +251,7 @@ assuan_socket_connect (assuan_context_t ctx, const char *name, return err; } - fd = _assuan_socket (ctx, pf, SOCK_STREAM, 0); + fd = _assuan_sock_new (ctx, pf, SOCK_STREAM, 0); if (fd == ASSUAN_INVALID_FD) { err = _assuan_error (ctx, gpg_err_code_from_syserror ()); @@ -260,7 +260,7 @@ assuan_socket_connect (assuan_context_t ctx, const char *name, return err; } - if (_assuan_connect (ctx, fd, srvr_addr, len) == -1) + if (_assuan_sock_connect (ctx, fd, srvr_addr, len) == -1) { TRACE2 (ctx, ASSUAN_LOG_SYSIO, "assuan_socket_connect", ctx, "can't connect to `%s': %s\n", name, strerror (errno)); diff --git a/src/assuan-socket.c b/src/assuan-socket.c index aa27257..7eba6b4 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -245,12 +245,10 @@ _assuan_sock_new (assuan_context_t ctx, int domain, int type, int proto) assuan_fd_t res; if (domain == AF_UNIX || domain == AF_LOCAL) domain = AF_INET; - res = SOCKET2HANDLE(socket (domain, type, proto)); - if (res == ASSUAN_INVALID_FD) - gpg_err_set_errno (_assuan_sock_wsa2errno (WSAGetLastError ())); + res = SOCKET2HANDLE(_assuan_socket (ctx, domain, type, proto)); return res; #else - return socket (domain, type, proto); + return _assuan_socket (ctx, domain, type, proto); #endif } @@ -281,8 +279,8 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, unaddr->sun_port = myaddr.sin_port; unaddr->sun_addr.s_addr = myaddr.sin_addr.s_addr; - ret = connect (HANDLE2SOCKET(sockfd), - (struct sockaddr *)&myaddr, sizeof myaddr); + ret = _assuan_connect (ctx, HANDLE2SOCKET(sockfd), + (struct sockaddr *)&myaddr, sizeof myaddr); if (!ret) { /* Send the nonce. */ @@ -298,13 +296,11 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, else { int res; - res = connect (HANDLE2SOCKET (sockfd), addr, addrlen); - if (res < 0) - gpg_err_set_errno (_assuan_sock_wsa2errno (WSAGetLastError ())); + res = _assuan_connect (ctx, HANDLE2SOCKET (sockfd), addr, addrlen); return res; } #else - return connect (sockfd, addr, addrlen); + return _assuan_connect (ctx, sockfd, addr, addrlen); #endif } diff --git a/src/system-w32.c b/src/system-w32.c index 539d34e..9753f71 100644 --- a/src/system-w32.c +++ b/src/system-w32.c @@ -516,9 +516,14 @@ __assuan_socketpair (assuan_context_t ctx, int namespace, int style, int -__assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol) +__assuan_socket (assuan_context_t ctx, int domain, int type, int proto) { - return _assuan_sock_new (ctx, namespace, style, protocol); + int res; + + res = socket (domain, type, proto); + if (res == -1) + gpg_err_set_errno (_assuan_sock_wsa2errno (WSAGetLastError ())); + return res; } @@ -526,7 +531,12 @@ int __assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, socklen_t length) { - return _assuan_sock_connect (ctx, sock, addr, length); + int res; + + res = connect (sock, addr, length); + if (res < 0) + gpg_err_set_errno (_assuan_sock_wsa2errno (WSAGetLastError ())); + return res; } diff --git a/src/system-w32ce.c b/src/system-w32ce.c index da660ea..1718bb7 100644 --- a/src/system-w32ce.c +++ b/src/system-w32ce.c @@ -663,7 +663,12 @@ __assuan_socketpair (assuan_context_t ctx, int namespace, int style, int __assuan_socket (assuan_context_t ctx, int namespace, int style, int protocol) { - return _assuan_sock_new (ctx, namespace, style, protocol); + int res; + + res = socket (domain, type, proto); + if (res == -1) + gpg_err_set_errno (_assuan_sock_wsa2errno (WSAGetLastError ())); + return res; } @@ -671,7 +676,12 @@ int __assuan_connect (assuan_context_t ctx, int sock, struct sockaddr *addr, socklen_t length) { - return _assuan_sock_connect (ctx, sock, addr, length); + int res; + + res = connect (sock, addr, length); + if (res < 0) + gpg_err_set_errno (_assuan_sock_wsa2errno (WSAGetLastError ())); + return res; } ----------------------------------------------------------------------- Summary of changes: src/ChangeLog | 12 ++++++++++++ src/assuan-socket-connect.c | 4 ++-- src/assuan-socket.c | 16 ++++++---------- src/system-w32.c | 16 +++++++++++++--- src/system-w32ce.c | 14 ++++++++++++-- 5 files changed, 45 insertions(+), 17 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 13:03:28 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Thu, 03 Feb 2011 13:03:28 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-165-g2bdbe88 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 2bdbe888228ce09f15be4773800ed13263a8e43e (commit) from 129741d2f713305a862a1505f20738a0ce2ea656 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2bdbe888228ce09f15be4773800ed13263a8e43e Author: Marcus Brinkmann Date: Thu Feb 3 12:38:28 2011 +0100 Fix socket implementation on Windows. 2011-02-03 Marcus Brinkmann * w32-io.c (_gpgme_io_socket): Return fd, not res. diff --git a/src/ChangeLog b/src/ChangeLog index 73a62fe..4afcdf9 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2011-02-03 Marcus Brinkmann + + * w32-io.c (_gpgme_io_socket): Return fd, not res. + 2011-02-02 Marcus Brinkmann * assuan-support.c (my_socket, my_connect): New functions. diff --git a/src/w32-io.c b/src/w32-io.c index 10e0dad..56a05c4 100644 --- a/src/w32-io.c +++ b/src/w32-io.c @@ -2035,7 +2035,7 @@ _gpgme_io_socket (int domain, int type, int proto) TRACE_SUC2 ("socket=0x%x (0x%x)", fd, fd_table[fd].socket); - return res; + return fd; } ----------------------------------------------------------------------- Summary of changes: src/ChangeLog | 4 ++++ src/w32-io.c | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 17:11:46 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 17:11:46 +0100 Subject: [git] GnuPG - branch, ECC-INTEGRATION-2-1, updated. gnupg-2.1.0beta1-72-g0b5bcb4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, ECC-INTEGRATION-2-1 has been updated via 0b5bcb40cf17a0e1032c113af6024c08b47d7a5c (commit) from 20f429f735d6e965e0660484f8286fe24fb6162b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: AUTHORS | 4 +- NEWS | 18 ++-- agent/ChangeLog | 16 ++++ agent/protect.c | 165 +++++++++++++++++----------------- common/ChangeLog | 2 - common/convert.c | 15 ++-- g10/ChangeLog | 105 ++++++++++++++-------- g10/keygen.c | 265 +++++++++++++++++++++++++++--------------------------- g10/pkglue.c | 2 - g10/pubkey-enc.c | 10 ++- g10/seskey.c | 28 +++--- 11 files changed, 337 insertions(+), 293 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 17:11:46 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 17:11:46 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta1-79-gd9bd013 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d9bd013a1fc732290547d0062265cf80eeb2b5bf (commit) via 38904b697c4d27a70281149c6070e6dfca4e893b (commit) via 0b5bcb40cf17a0e1032c113af6024c08b47d7a5c (commit) via 20f429f735d6e965e0660484f8286fe24fb6162b (commit) via 4659c923a08002a72cb4bb5b3c4e6a02d7484767 (commit) via e0d4139e19ceed9375cc7e7ba801a965d3376f7d (commit) via 328a642aa5ed971870a2667b06307f760fa251dc (commit) via 0fb0bb8d9a960a2473ab70a021d20639a43227e0 (commit) via a58a6b5b7874daa2a17e3dffe43062242032d665 (commit) via fdfe7e77e6731744a48ce6640890d85e45eebc07 (commit) via a6d1768e8e1dac81a20a7ccd830e87d2c9281682 (commit) via 358afc0dc8980d5ae0cb700efbb61499625a4625 (commit) via d879c287ac1da7990c97b911018d63410c60433c (commit) via 302c5a826c0fd0b2aab85ad3c287b65429db2066 (commit) via 638dca5dbc7e119ff5a05dbdb109fbc171624605 (commit) via b9958bba10f40a348d40c173701d15cb6b0a7f66 (commit) via e9d9e96d8ba464a1652552c33636819eed1e9f9a (commit) via c5e8a4c0fdde7f4aef2163a3710483c87bdf3161 (commit) via b3adbb576e88a12ee9e7ea790a72ad5f1bff4c78 (commit) via c3db7705c049e31e678ff87e230b8160aa0027f1 (commit) via 27929981fc23fabecf6af9fa1361361b821bb2fd (commit) via 90b0ff23b7e51332592668e4034967c1aac1c593 (commit) via a66772aa6309a0e632ff802fd6dcfb034b61c5cf (commit) via b73d8ed06ffef8d2fd70ab2e48da9ef515472fe9 (commit) via 5761a9ba74e41f52660e20a1de700fe784c97832 (commit) via b0c55d08a8c835fd58d3c0d1f9f412b74c1b5678 (commit) via ded546b4b5cc2caafa654d94ac8f69a23960427e (commit) via e0972d3d962548972872d889b362560e499340d1 (commit) via 7bbc07fde07f3fd57077887498bdff488ec96438 (commit) from f9688d859af326d6e3a46920974e06369dc0ec85 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d9bd013a1fc732290547d0062265cf80eeb2b5bf Author: Werner Koch Date: Thu Feb 3 16:50:01 2011 +0100 Update copyright year Nuked some trailing spaces. diff --git a/README b/README index cdee97b..7d61211 100644 --- a/README +++ b/README @@ -5,7 +5,7 @@ THIS IS A DEVELOPMENT VERSION AND NOT INTENDED FOR REGULAR USE. Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. INTRODUCTION @@ -36,7 +36,7 @@ GnuPG 2.0 depends on the following packages: libgcrypt (ftp://ftp.gnupg.org/gcrypt/libgcrypt/) libksba (ftp://ftp.gnupg.org/gcrypt/libksba/) libassuan (ftp://ftp.gnupg.org/gcrypt/libassuan/) - + You also need the Pinentry package for most function of GnuPG; however it is not a build requirement. Pinentry is available at ftp://ftp.gnupg.org/gcrypt/pinentry/ . @@ -71,7 +71,7 @@ are not yet complete. You may run - gpgconf --list-dirs + gpgconf --list-dirs to view the default directories used by GnuPG. @@ -150,7 +150,7 @@ and use them if possible. You may also find GnuPG mirrored on some of the regular GNU mirrors. We have some mailing lists dedicated to GnuPG: - + gnupg-announce at gnupg.org For important announcements like new versions and such stuff. This is a moderated list and has very low traffic. @@ -192,4 +192,3 @@ http://www.gnupg.org/service.html . distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - diff --git a/common/ChangeLog b/common/ChangeLog index f5a707b..0e3282f 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,7 @@ +2011-02-03 Werner Koch + + * argparse.c (strusage): Update copyright year. + 2011-01-31 Werner Koch * openpgp-oid.c: New. diff --git a/common/argparse.c b/common/argparse.c index f6b5996..06aa782 100644 --- a/common/argparse.c +++ b/common/argparse.c @@ -151,7 +151,7 @@ static int set_opt_arg(ARGPARSE_ARGS *arg, unsigned flags, char *s); static void show_help(ARGPARSE_OPTS *opts, unsigned flags); static void show_version(void); static int writestrings (int is_error, const char *string, ...) -#if __GNUC__ >= 4 +#if __GNUC__ >= 4 __attribute__ ((sentinel(0))) #endif ; @@ -206,8 +206,8 @@ flushstrings (int is_error) static void initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno ) { - if( !(arg->flags & (1<<15)) ) - { + if( !(arg->flags & (1<<15)) ) + { /* Initialize this instance. */ arg->internal.idx = 0; arg->internal.last = NULL; @@ -220,13 +220,13 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno ) if ( *arg->argc < 0 ) jnlib_log_bug ("invalid argument for arg_parsee\n"); } - - + + if (arg->err) { /* Last option was erroneous. */ const char *s; - + if (filename) { if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG ) @@ -247,10 +247,10 @@ initialize( ARGPARSE_ARGS *arg, const char *filename, unsigned *lineno ) s = _("invalid option"); jnlib_log_error ("%s:%u: %s\n", filename, *lineno, s); } - else + else { s = arg->internal.last? arg->internal.last:"[??]"; - + if ( arg->r_opt == ARGPARSE_MISSING_ARG ) jnlib_log_error (_("missing argument for option \"%.50s\"\n"), s); else if ( arg->r_opt == ARGPARSE_UNEXPECTED_ARG ) @@ -324,10 +324,10 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, char *buffer = NULL; size_t buflen = 0; int in_alias=0; - + if (!fp) /* Divert to to arg_parse() in this case. */ return arg_parse (arg, opts); - + initialize (arg, filename, lineno); /* Find the next keyword. */ @@ -355,9 +355,9 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, arg->r_opt = ((opts[idx].flags & ARGPARSE_OPT_COMMAND) ? ARGPARSE_INVALID_COMMAND : ARGPARSE_INVALID_OPTION); - else if (!(opts[idx].flags & 7)) + else if (!(opts[idx].flags & 7)) arg->r_type = 0; /* Does not take an arg. */ - else if ((opts[idx].flags & 8) ) + else if ((opts[idx].flags & 8) ) arg->r_type = 0; /* Arg is optional. */ else arg->r_opt = ARGPARSE_MISSING_ARG; @@ -365,13 +365,13 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, break; } else if (state == 3) - { + { /* No argument found. */ if (in_alias) arg->r_opt = ARGPARSE_MISSING_ARG; - else if (!(opts[idx].flags & 7)) + else if (!(opts[idx].flags & 7)) arg->r_type = 0; /* Does not take an arg. */ - else if ((opts[idx].flags & 8)) + else if ((opts[idx].flags & 8)) arg->r_type = 0; /* No optional argument. */ else arg->r_opt = ARGPARSE_MISSING_ARG; @@ -381,14 +381,14 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, else if (state == 4) { /* Has an argument. */ - if (in_alias) + if (in_alias) { if (!buffer) arg->r_opt = ARGPARSE_UNEXPECTED_ARG; - else + else { char *p; - + buffer[i] = 0; p = strpbrk (buffer, " \t"); if (p) @@ -422,13 +422,13 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, } else buffer[i] = 0; - + if (buffer) { trim_spaces (buffer); p = buffer; if (*p == '"') - { + { /* Remove quotes. */ p++; if (*p && p[strlen(p)-1] == '\"' ) @@ -475,7 +475,7 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, in_alias = 1; state = 3; } - else + else { arg->r_opt = ((opts[idx].flags & ARGPARSE_OPT_COMMAND) ? ARGPARSE_INVALID_COMMAND @@ -497,13 +497,13 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, } } else if (state == 4) - { + { /* Collect the argument. */ if (buffer) { if (i < buflen-1) buffer[i++] = c; - else + else { char *tmp; size_t tmplen = buflen + 50; @@ -525,7 +525,7 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, } else if (i < DIM(keyword)-1) keyword[i++] = c; - else + else { size_t tmplen = DIM(keyword) + 50; buffer = jnlib_malloc (tmplen); @@ -547,13 +547,13 @@ optfile_parse (FILE *fp, const char *filename, unsigned *lineno, arg->r_opt = ARGPARSE_KEYWORD_TOO_LONG; state = -1; /* Skip rest of line and leave. */ } - else + else { keyword[i++] = c; state = 2; } } - + return arg->r_opt; } @@ -615,7 +615,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) char **argv; char *s, *s2; int i; - + initialize( arg, NULL, NULL ); argc = *arg->argc; argv = *arg->argv; @@ -626,10 +626,10 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) /* Skip the first argument. */ argc--; argv++; idx++; } - + next_one: - if (!argc) - { + if (!argc) + { /* No more args. */ arg->r_opt = 0; goto leave; /* Ready. */ @@ -638,14 +638,14 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) s = *argv; arg->internal.last = s; - if (arg->internal.stopped && (arg->flags & ARGPARSE_FLAG_ALL)) + if (arg->internal.stopped && (arg->flags & ARGPARSE_FLAG_ALL)) { arg->r_opt = ARGPARSE_IS_ARG; /* Not an option but an argument. */ arg->r_type = 2; arg->r.ret_str = s; argc--; argv++; idx++; /* set to next one */ } - else if( arg->internal.stopped ) + else if( arg->internal.stopped ) { arg->r_opt = 0; goto leave; /* Ready. */ @@ -654,10 +654,10 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) { /* Long option. */ char *argpos; - + arg->internal.inarg = 0; if (!s[2] && !(arg->flags & ARGPARSE_FLAG_NOSTOP)) - { + { /* Stop option processing. */ arg->internal.stopped = 1; argc--; argv++; idx++; @@ -697,7 +697,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) NULL); exit (0); } - + if ( i == -2 ) arg->r_opt = ARGPARSE_AMBIGUOUS_OPTION; else if ( i == -1 ) @@ -727,40 +727,40 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) { arg->r_opt = ARGPARSE_MISSING_ARG; } - else if ( !argpos && *s2 == '-' - && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) ) + else if ( !argpos && *s2 == '-' + && (opts[i].flags & ARGPARSE_OPT_OPTIONAL) ) { /* The argument is optional and the next seems to be an option. We do not check this possible option but assume no argument */ arg->r_type = ARGPARSE_TYPE_NONE; } - else + else { set_opt_arg (arg, opts[i].flags, s2); - if ( !argpos ) + if ( !argpos ) { argc--; argv++; idx++; /* Skip one. */ } } } else - { + { /* Does not take an argument. */ if ( argpos ) - arg->r_type = ARGPARSE_UNEXPECTED_ARG; + arg->r_type = ARGPARSE_UNEXPECTED_ARG; else arg->r_type = 0; } argc--; argv++; idx++; /* Set to next one. */ } - else if ( (*s == '-' && s[1]) || arg->internal.inarg ) + else if ( (*s == '-' && s[1]) || arg->internal.inarg ) { /* Short option. */ int dash_kludge = 0; i = 0; - if ( !arg->internal.inarg ) + if ( !arg->internal.inarg ) { arg->internal.inarg++; if ( (arg->flags & ARGPARSE_FLAG_ONEDASH) ) @@ -781,7 +781,7 @@ arg_parse( ARGPARSE_ARGS *arg, ARGPARSE_OPTS *opts) if ( opts[i].short_opt == *s ) break; } - + if ( !opts[i].short_opt && ( *s == 'h' || *s == '?' ) ) show_help (opts, arg->flags); @@ -891,13 +891,13 @@ long_opt_strlen( ARGPARSE_OPTS *o ) { size_t n = strlen (o->long_opt); - if ( o->description && *o->description == '|' ) + if ( o->description && *o->description == '|' ) { const char *s; #ifdef JNLIB_NEED_UTF8CONV int is_utf8 = is_native_utf8 (); #endif - + s=o->description+1; if ( *s != '=' ) n++; @@ -930,7 +930,7 @@ show_help (ARGPARSE_OPTS *opts, unsigned int flags) { const char *s; char tmp[2]; - + show_version (); writestrings (0, "\n", NULL); s = strusage(41); @@ -959,8 +959,8 @@ show_help (ARGPARSE_OPTS *opts, unsigned int flags) if ( s && *s== '@' && !s[1] ) /* Hide this line. */ continue; if ( s && *s == '@' ) /* Unindented comment only line. */ - { - for (s++; *s; s++ ) + { + for (s++; *s; s++ ) { if ( *s == '\n' ) { @@ -984,9 +984,9 @@ show_help (ARGPARSE_OPTS *opts, unsigned int flags) tmp[0] = opts[i].short_opt; tmp[1] = 0; writestrings (0, " -", tmp, NULL ); - if ( !opts[i].long_opt ) + if ( !opts[i].long_opt ) { - if (s && *s == '|' ) + if (s && *s == '|' ) { writestrings (0, " ", NULL); j++; for (s++ ; *s && *s != '|'; s++, j++ ) @@ -1002,12 +1002,12 @@ show_help (ARGPARSE_OPTS *opts, unsigned int flags) } else writestrings (0, " ", NULL); - if ( opts[i].long_opt ) + if ( opts[i].long_opt ) { tmp[0] = opts[i].short_opt < 256?',':' '; tmp[1] = 0; j += writestrings (0, tmp, " --", opts[i].long_opt, NULL); - if (s && *s == '|' ) + if (s && *s == '|' ) { if ( *++s != '=' ) { @@ -1040,7 +1040,7 @@ show_help (ARGPARSE_OPTS *opts, unsigned int flags) { if ( *s == '\n' ) { - if ( s[1] ) + if ( s[1] ) { writestrings (0, "\n", NULL); for (j=0; j < indent; j++ ) @@ -1062,10 +1062,10 @@ show_help (ARGPARSE_OPTS *opts, unsigned int flags) "instead of the double ones)\n", NULL); } if ( (s=strusage(19)) ) - { + { /* bug reports to ... */ char *s2; - + writestrings (0, "\n", NULL); s2 = strstr (s, "@EMAIL@"); if (s2) @@ -1151,7 +1151,7 @@ usage (int level) writestrings (1, "\n", NULL); exit (2); } - else if (level == 2) + else if (level == 2) { writestrings (0, strusage(41), "\n", NULL); exit (0); @@ -1181,10 +1181,10 @@ const char * strusage( int level ) { const char *p = strusage_handler? strusage_handler(level) : NULL; - + if ( p ) return p; - + switch ( level ) { case 10: p = ("License GPLv3+: GNU GPL version 3 or later " @@ -1192,7 +1192,7 @@ strusage( int level ) break; case 11: p = "foo"; break; case 13: p = "0.0"; break; - case 14: p = "Copyright (C) 2010 Free Software Foundation, Inc."; break; + case 14: p = "Copyright (C) 2011 Free Software Foundation, Inc."; break; case 15: p = "This is free software: you are free to change and redistribute it.\n" "There is NO WARRANTY, to the extent permitted by law.\n"; @@ -1212,7 +1212,7 @@ strusage( int level ) case 40: /* short and long usage */ case 41: p = ""; break; } - + return p; } @@ -1265,7 +1265,7 @@ main(int argc, char **argv) case 'c': opt.crf = pargs.r_type? pargs.r.ret_str:"a.crf"; break; case 'm': opt.myopt = pargs.r_type? pargs.r.ret_int : 1; break; case 500: opt.a_long_one++; break; - default : pargs.err = ARGPARSE_PRINT_WARNING; break; + default : pargs.err = ARGPARSE_PRINT_WARNING; break; } } for(i=0; i < argc; i++ ) diff --git a/configure.ac b/configure.ac index 1081b2d..566f86d 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac - for GnuPG 2.1 -# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, -# 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. +# Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, +# 2008, 2009, 2010, 2011 Free Software Foundation, Inc. # # This file is part of GnuPG. # diff --git a/tools/ChangeLog b/tools/ChangeLog index 110e43e..79eea39 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,3 +1,7 @@ +2011-02-03 Werner Koch + + * watchgnupg.c (print_version): Update copyright year. + 2010-12-14 Werner Koch * gpgconf-comp.c (gc_options_gpg_agent, gc_options_scdaemon) @@ -334,7 +338,7 @@ * gpgconf-comp.c (my_percent_escape): Make non-static and rename to ... (gc_percent_escape): ... this. Change all callers. - + 2008-05-26 Werner Koch * gpgconf-comp.c (gpg_agent_runtime_change) [W32]: Issue @@ -456,7 +460,7 @@ (handle_inquire): Implement new command. (substitute_line_copy): New. (unescape_string, unpercent_string): New. - * no-libgcrypt.c (gcry_set_outofcore_handler) + * no-libgcrypt.c (gcry_set_outofcore_handler) (gcry_set_fatalerror_handler, gcry_set_log_handler): New. * Makefile.am (gpg_connect_agent_LDADD): Link to libreadline. @@ -678,7 +682,7 @@ min-passphrase-length. Apply new flag to some of them. (gc_process_gpgconf_conf, key_matches_user_or_group): New. (gc_component_change_options): Factor some code out to .. - (change_one_value): .. new. + (change_one_value): .. new. (gc_component_retrieve_options): Allow -1 for COMPONENT to iterate over al components. * gpgconf.c (main): New commands --check-config and @@ -721,7 +725,7 @@ 2006-10-20 Werner Koch - * gpgsm-gencert.sh: Enhanced the main menu. + * gpgsm-gencert.sh: Enhanced the main menu. 2006-10-12 Werner Koch @@ -853,7 +857,7 @@ 2005-06-01 Werner Koch - * symcryptrun.c: Include mkdtemp.h. + * symcryptrun.c: Include mkdtemp.h. 2005-05-31 Werner Koch @@ -907,7 +911,7 @@ 2005-04-11 Marcus Brinkmann * symcryptrun.c: Implement config file parsing. - + * Makefile.am (bin_PROGRAMS): Add symcryptrun. (symcryptrun_SOURCES, symcryptrun_LDADD): New variables. * symcryptrun.c: New file. @@ -927,7 +931,7 @@ 2005-02-24 Werner Koch * gpg-connect-agent.c: New. - * Makefile.am: Add it. + * Makefile.am: Add it. 2004-12-21 Werner Koch @@ -971,7 +975,7 @@ 2004-10-01 Werner Koch * gpgconf-comp.c: Made all strings for --log-file read the same. - + 2004-10-01 Werner Koch * gpgconf-comp.c (my_dgettext): Also switch codeset and directory @@ -1003,8 +1007,8 @@ * no-libgcrypt.c (gcry_realloc, gcry_xmalloc, gcry_xcalloc): New. - * gpgconf-comp.c (retrieve_options_from_program) - (retrieve_options_from_file, change_options_file) + * gpgconf-comp.c (retrieve_options_from_program) + (retrieve_options_from_file, change_options_file) (change_options_program, gc_component_change_options): Replaced getline by read_line and test for allocation failure. @@ -1072,7 +1076,7 @@ (gc_component_change_options): New variable runtime. Initialize it. If an option is changed that has the GC_OPT_FLAG_RUNTIME bit set, also set the corresponding runtime variable. Finally, call - the runtime_change callback of the backend if needed. + the runtime_change callback of the backend if needed. 2004-03-16 Werner Koch @@ -1163,7 +1167,7 @@ quote in pathname. (change_options_program): Percent deescape string before writing it out. - + * gpgconf-comp.c (gc_component_list_options): Do not skip groups on output. @@ -1197,10 +1201,10 @@ * gpgconf-comp.c: Use xmalloc, libcommon's asctimestamp and gnupg_get_time, fix error() invocation and use getline() consistently. - + 2004-01-30 Werner Koch - * addgnupghome: Also set the group of copied files. + * addgnupghome: Also set the group of copied files. 2004-01-30 Werner Koch diff --git a/tools/watchgnupg.c b/tools/watchgnupg.c index 958605c..592819b 100644 --- a/tools/watchgnupg.c +++ b/tools/watchgnupg.c @@ -1,5 +1,5 @@ /* watchgnupg.c - Socket server for GnuPG logs - * Copyright (C) 2003, 2004 Free Software Foundation, Inc. + * Copyright (C) 2003, 2004, 2010 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -111,7 +111,7 @@ xrealloc (void *old, size_t n) die ("out of core"); return p; } - + struct client_s { struct client_s *next; @@ -119,7 +119,7 @@ struct client_s { size_t size; /* Allocated size of buffer. */ size_t len; /* Current length of buffer. */ unsigned char *buffer; /* Buffer to with data already read. */ - + }; typedef struct client_s *client_t; @@ -134,9 +134,9 @@ print_fd_and_time (int fd) { struct tm *tp; time_t atime = time (NULL); - + tp = localtime (&atime); - if (time_only) + if (time_only) printf ("%3d - %02d:%02d:%02d ", fd, tp->tm_hour, tp->tm_min, tp->tm_sec ); @@ -161,7 +161,7 @@ print_line (client_t c, const char *line) if (c->buffer && c->len) { print_fd_and_time (c->fd); - fwrite (c->buffer, c->len, 1, stdout); + fwrite (c->buffer, c->len, 1, stdout); putc ('\n', stdout); c->len = 0; } @@ -173,10 +173,10 @@ print_line (client_t c, const char *line) print_fd_and_time (c->fd); if (c->buffer && c->len) { - fwrite (c->buffer, c->len, 1, stdout); + fwrite (c->buffer, c->len, 1, stdout); c->len = 0; } - fwrite (line, s - line + 1, 1, stdout); + fwrite (line, s - line + 1, 1, stdout); line = s + 1; } n = strlen (line); @@ -197,7 +197,7 @@ print_line (client_t c, const char *line) static void setup_client (int server_fd, int is_un) -{ +{ struct sockaddr_un addr_un; struct sockaddr_in addr_in; struct sockaddr *addr; @@ -227,7 +227,7 @@ setup_client (int server_fd, int is_un) close (fd); printf ("[connection request denied: too many connections]\n"); } - else + else { for (client = client_list; client && client->fd != -1; client = client->next) @@ -250,14 +250,14 @@ static void print_version (int with_help) { fputs (MYVERSION_LINE "\n" - "Copyright (C) 2004 Free Software Foundation, Inc.\n" + "Copyright (C) 2010 Free Software Foundation, Inc.\n" "License GPLv3+: " "GNU GPL version 3 or later \n" "This is free software: you are free to change and redistribute it.\n" "There is NO WARRANTY, to the extent permitted by law.\n", stdout); if (with_help) - fputs + fputs ("\n" "Usage: " PGM " [OPTIONS] SOCKETNAME\n" " " PGM " [OPTIONS] PORT [SOCKETNAME]\n" @@ -271,11 +271,11 @@ print_version (int with_help) " --version print version of the program and exit\n" " --help display this help and exit\n" BUGREPORT_LINE, stdout ); - + exit (0); } -int +int main (int argc, char **argv) { int last_argc = -1; @@ -290,7 +290,7 @@ main (int argc, char **argv) unsigned short port; int server_un, server_in; int flags; - + if (argc) { argc--; argv++; @@ -327,15 +327,15 @@ main (int argc, char **argv) tcp = 1; argc--; argv++; } - } - + } + if (!((!tcp && argc == 1) || (tcp && (argc == 1 || argc == 2)))) { fprintf (stderr, "usage: " PGM " socketname\n" " " PGM " --tcp port [socketname]\n"); exit (1); } - + if (tcp) { port = atoi (*argv); @@ -354,7 +354,7 @@ main (int argc, char **argv) server_in = socket (PF_INET, SOCK_STREAM, 0); if (server_in == -1) die ("socket(PF_INET) failed: %s\n", strerror (errno)); - if (setsockopt (server_in, SOL_SOCKET, SO_REUSEADDR, + if (setsockopt (server_in, SOL_SOCKET, SO_REUSEADDR, (unsigned char *)&i, sizeof (i))) err ("setsockopt(SO_REUSEADDR) failed: %s\n", strerror (errno)); if (verbose) @@ -393,7 +393,7 @@ main (int argc, char **argv) if ( fcntl (server_un, F_SETFL, (flags | O_NONBLOCK)) == -1) die ("fcntl (F_SETFL) failed: %s\n", strerror (errno)); } - + if (tcp) { memset (&srvr_addr_in, 0, sizeof srvr_addr_in); @@ -414,13 +414,13 @@ main (int argc, char **argv) } else addrlen_un = 0; /* Silent gcc. */ - + if (server_in != -1 && bind (server_in, addr_in, addrlen_in)) die ("bind to port %hu failed: %s\n", port, strerror (errno)); again: if (server_un != -1 && bind (server_un, addr_un, addrlen_un)) - { + { if (errno == EADDRINUSE && force) { force = 0; @@ -479,7 +479,7 @@ main (int argc, char **argv) { char line[256]; int n; - + n = read (client->fd, line, sizeof line - 1); if (n < 0) { @@ -490,7 +490,7 @@ main (int argc, char **argv) close (client->fd); client->fd = -1; } - else if (!n) + else if (!n) { print_line (client, NULL); /* flush */ close (client->fd); commit 38904b697c4d27a70281149c6070e6dfca4e893b Merge: f9688d8 0b5bcb4 Author: Werner Koch Date: Thu Feb 3 16:39:03 2011 +0100 Merge branch 'ECC-INTEGRATION-2-1' ----------------------------------------------------------------------- Summary of changes: .gitignore | 132 ++ AUTHORS | 4 +- ChangeLog | 9 + NEWS | 18 +- README | 9 +- agent/ChangeLog | 129 +- agent/agent.h | 1 + agent/cvt-openpgp.c | 97 +- agent/findkey.c | 10 + agent/gpg-agent.c | 10 + agent/pksign.c | 27 +- agent/protect.c | 172 +- common/ChangeLog | 9 + common/Makefile.am | 4 +- common/argparse.c | 124 +- common/convert.c | 17 +- common/openpgp-oid.c | 227 +++ common/t-openpgp-oid.c | 148 ++ common/util.h | 29 +- configure.ac | 38 +- dirmngr/Makefile.am | 2 +- g10/ChangeLog | 139 ++- g10/Makefile.am | 5 +- g10/build-packet.c | 132 +- g10/call-agent.c | 2 +- g10/ecdh.c | 454 ++++++ g10/encrypt.c | 128 +- g10/export.c | 158 ++- g10/getkey.c | 5 +- g10/gpg.c | 5 +- g10/import.c | 250 +++- g10/keygen.c | 490 ++++-- g10/keyid.c | 111 +- g10/main.h | 24 +- g10/mainproc.c | 6 +- g10/misc.c | 147 ++- g10/packet.h | 1 + g10/parse-packet.c | 133 ++- g10/passphrase.c | 110 +- g10/pkglue.c | 219 ++- g10/pkglue.h | 26 +- g10/pubkey-enc.c | 91 +- g10/seskey.c | 242 ++- g10/sign.c | 44 +- g13/utils.c | 2 +- g13/utils.h | 1 - include/ChangeLog | 11 + include/cipher.h | 14 +- kbx/keybox-openpgp.c | 8 +- po/de.po | 2088 ------------------------- tests/openpgp/samplekeys/README | 3 +- tests/openpgp/samplekeys/ecc-sample-1-pub.asc | 22 + tests/openpgp/samplekeys/ecc-sample-1-sec.asc | 25 + tools/ChangeLog | 32 +- tools/watchgnupg.c | 48 +- 55 files changed, 3251 insertions(+), 3141 deletions(-) create mode 100644 common/openpgp-oid.c create mode 100644 common/t-openpgp-oid.c create mode 100644 g10/ecdh.c create mode 100644 tests/openpgp/samplekeys/ecc-sample-1-pub.asc create mode 100644 tests/openpgp/samplekeys/ecc-sample-1-sec.asc hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 17:11:46 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 17:11:46 +0100 Subject: [git] GnuPG - branch, keyserver-via-dirmngr, created. gnupg-2.1.0beta1-43-g49d25d3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, keyserver-via-dirmngr has been created at 49d25d3185636237b356781cdde7960f234f2d11 (commit) - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 17:12:15 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 17:12:15 +0100 Subject: [git] GnuPG - tag, ecc-integration-done, created. gnupg-2.1.0beta1-78-g38904b6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The tag, ecc-integration-done has been created at 38904b697c4d27a70281149c6070e6dfca4e893b (commit) - Log ----------------------------------------------------------------- commit 38904b697c4d27a70281149c6070e6dfca4e893b Merge: f9688d8 0b5bcb4 Author: Werner Koch Date: Thu Feb 3 16:39:03 2011 +0100 Merge branch 'ECC-INTEGRATION-2-1' ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 17:16:56 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 17:16:56 +0100 Subject: [git] GnuPG - branch, keyserver-via-dirmngr, deleted. gnupg-2.1.0beta1-43-g49d25d3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, keyserver-via-dirmngr has been deleted was 49d25d3185636237b356781cdde7960f234f2d11 ----------------------------------------------------------------------- 49d25d3185636237b356781cdde7960f234f2d11 Merge branch 'master' into keyserver-via-dirmngr ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 17:53:51 2011 From: cvs at cvs.gnupg.org (by Andreas Holzammer) Date: Thu, 03 Feb 2011 17:53:51 +0100 Subject: [git] Wincetools - branch, kdepimcetools, updated. 266e97af262f9fc3dd4f7d9bfbd7c0efadebbf0b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "UNNAMED PROJECT". The branch, kdepimcetools has been updated via 266e97af262f9fc3dd4f7d9bfbd7c0efadebbf0b (commit) from 8e14d6599a1d1a9a21a6f4c1a7f82cc55fcae369 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 266e97af262f9fc3dd4f7d9bfbd7c0efadebbf0b Author: Andreas Holzammer Date: Thu Feb 3 17:33:06 2011 +0100 fix brining window in front diff --git a/loader/splashscreen.cpp b/loader/splashscreen.cpp index d6f3094..0e335e4 100644 --- a/loader/splashscreen.cpp +++ b/loader/splashscreen.cpp @@ -24,6 +24,22 @@ BOOL RotateTo270Degrees() return true; } +bool endswith(const wchar_t *source, const wchar_t *endstr) { + size_t sourceLen; + size_t endstrLen; + wchar_t *startEnd; + sourceLen = wcslen(source); + endstrLen = wcslen(endstr); + if (sourceLen < endstrLen) { + return false; + } + startEnd = (wchar_t *)(source + (sourceLen - endstrLen)); + if (wcscmp(startEnd, endstr) == 0) { + return true; + } + return false; +} + /* Restore a Window of a process based on the filename * of this process. With some special Case handling for * Kontact-Mobile @@ -48,7 +64,11 @@ restore_existing_window( const wchar_t * filename ) } TRACE("BASENAME of %S \n is : %S \n", filename, basename); - c = L'.'; + if (endswith(filename, L"-real.exe")) { + c = L'-'; + } else { + c = L'.'; + } p = wcsrchr(filename, c); if (! p ) { ----------------------------------------------------------------------- Summary of changes: loader/splashscreen.cpp | 22 +++++++++++++++++++++- 1 files changed, 21 insertions(+), 1 deletions(-) hooks/post-receive -- UNNAMED PROJECT http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 18:03:37 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 18:03:37 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta1-80-gd9e2dcc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d9e2dcc1a9182b3144fa4f9b23b6ce7fb2cf63cc (commit) from d9bd013a1fc732290547d0062265cf80eeb2b5bf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d9e2dcc1a9182b3144fa4f9b23b6ce7fb2cf63cc Author: Werner Koch Date: Thu Feb 3 17:40:43 2011 +0100 Extend algo selection menu. This allows to add an ECC key and to set the capabilities of an ECDSA key. Fix printing of the ECC algorithm when creating a signature. diff --git a/g10/ChangeLog b/g10/ChangeLog index d6f9323..771e9e0 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,13 @@ 2011-02-03 Werner Koch + * sign.c (do_sign): Use openpgp_pk_algo_name. + + * keygen.c (ask_algo): Show ECC algos only in expert mode. Add + non-combined menu entries for ECDSA and ECDH. + (ask_key_flags): Use openpgp_pk_algo_name. + +2011-02-03 Werner Koch + Finished ECC integration. Wrote change description for 2011-01-13. diff --git a/g10/keygen.c b/g10/keygen.c index fdae6fb..a5650a8 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1629,7 +1629,7 @@ ask_key_flags(int algo,int subkey) { tty_printf("\n"); tty_printf(_("Possible actions for a %s key: "), - gcry_pk_algo_name (algo)); + openpgp_pk_algo_name (algo)); print_key_flags(possible); tty_printf("\n"); tty_printf(_("Current allowed actions: ")); @@ -1727,9 +1727,16 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage) tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 ); } - tty_printf (_(" (%d) ECDSA and ECDH\n"), 9 ); + if (opt.expert && !addmode) + tty_printf (_(" (%d) ECDSA and ECDH\n"), 9 ); + if (opt.expert) + tty_printf (_(" (%d) ECDSA (sign only)\n"), 10 ); + if (opt.expert) + tty_printf (_(" (%d) ECDSA (set your own capabilities)\n"), 11 ); + if (opt.expert && addmode) + tty_printf (_(" (%d) ECDH (encrypt only)\n"), 12 ); - for(;;) + for (;;) { *r_usage = 0; *r_subkey_algo = 0; @@ -1785,12 +1792,30 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage) *r_usage = ask_key_flags (algo, addmode); break; } - else if (algo == 9) + else if (algo == 9 && opt.expert && !addmode) { algo = PUBKEY_ALGO_ECDSA; *r_subkey_algo = PUBKEY_ALGO_ECDH; break; } + else if (algo == 10 && opt.expert) + { + algo = PUBKEY_ALGO_ECDSA; + *r_usage = PUBKEY_USAGE_SIG; + break; + } + else if (algo == 11 && opt.expert) + { + algo = PUBKEY_ALGO_ECDSA; + *r_usage = ask_key_flags (algo, addmode); + break; + } + else if (algo == 12 && opt.expert && addmode) + { + algo = PUBKEY_ALGO_ECDH; + *r_usage = PUBKEY_USAGE_ENC; + break; + } else tty_printf (_("Invalid selection.\n")); } diff --git a/g10/sign.c b/g10/sign.c index 30dc66d..a768ac9 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -150,7 +150,7 @@ mk_notation_policy_etc (PKT_signature *sig, /* - * Helper to hash a user ID packet. + * Helper to hash a user ID packet. */ static void hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid) @@ -188,7 +188,7 @@ hash_uid (gcry_md_hd_t md, int sigversion, const PKT_user_id *uid) static void hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) { - if (sig->version >= 4) + if (sig->version >= 4) gcry_md_putc (md, sig->version); gcry_md_putc (md, sig->sig_class); if (sig->version < 4) { @@ -201,7 +201,7 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig) else { byte buf[6]; size_t n; - + gcry_md_putc (md, sig->pubkey_algo); gcry_md_putc (md, sig->digest_algo); if (sig->hashed) { @@ -249,7 +249,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig, return gpg_error (GPG_ERR_TIME_CONFLICT); } - + print_pubkey_algo_note (pksk->pubkey_algo); if (!mdalgo) @@ -263,19 +263,19 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig, sig->data[0] = NULL; sig->data[1] = NULL; - + err = hexkeygrip_from_pk (pksk, &hexgrip); if (!err) { char *desc; gcry_sexp_t s_sigval; - + desc = gpg_format_keydesc (pksk, 0, 1); - err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc, + err = agent_pksign (NULL/*ctrl*/, cache_nonce, hexgrip, desc, dp, gcry_md_get_algo_dlen (mdalgo), mdalgo, &s_sigval); xfree (desc); - + if (err) ; else if (pksk->pubkey_algo == GCRY_PK_RSA @@ -286,7 +286,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig, sig->data[0] = mpi_from_sexp (s_sigval, "r"); sig->data[1] = mpi_from_sexp (s_sigval, "s"); } - + gcry_sexp_release (s_sigval); } xfree (hexgrip); @@ -300,7 +300,7 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig, if (get_pubkey (pk, sig->keyid )) err = gpg_error (GPG_ERR_NO_PUBKEY); - else + else { frame = encode_md_value (pk, md, sig->digest_algo ); if (!frame) @@ -317,14 +317,14 @@ do_sign (PKT_public_key *pksk, PKT_signature *sig, if (err) log_error (_("signing failed: %s\n"), g10_errstr (err)); - else + else { if (opt.verbose) { char *ustr = get_user_id_string_native (sig->keyid); log_info (_("%s/%s signature from: \"%s\"\n"), - gcry_pk_algo_name (pksk->pubkey_algo), - gcry_md_algo_name (sig->digest_algo), + openpgp_pk_algo_name (pksk->pubkey_algo), + openpgp_md_algo_name (sig->digest_algo), ustr); xfree (ustr); } @@ -444,7 +444,7 @@ hash_for (PKT_public_key *pk) if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA) qbytes = ecdsa_qbits_from_Q (qbytes); qbytes = qbytes/8; - + /* It's a DSA key, so find a hash that is the same size as q or larger. If q is 160, assume it is an old DSA key and use a 160-bit hash unless --enable-dsa2 is set, in which case act @@ -513,7 +513,7 @@ only_old_style (SK_LIST sk_list) { SK_LIST sk_rover = NULL; int old_style = 0; - + for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) { PKT_public_key *pk = sk_rover->pk; @@ -533,13 +533,13 @@ print_status_sig_created (PKT_public_key *pk, PKT_signature *sig, int what) byte array[MAX_FINGERPRINT_LEN]; char buf[100+MAX_FINGERPRINT_LEN*2]; size_t n; - + snprintf (buf, sizeof buf - 2*MAX_FINGERPRINT_LEN, "%c %d %d %02x %lu ", what, sig->pubkey_algo, sig->digest_algo, sig->sig_class, (ulong)sig->timestamp ); fingerprint_from_pk (pk, array, &n); bin2hex (array, n, buf + strlen (buf)); - + write_status_text( STATUS_SIG_CREATED, buf ); } @@ -548,7 +548,7 @@ print_status_sig_created (PKT_public_key *pk, PKT_signature *sig, int what) * Loop over the secret certificates in SK_LIST and build the one pass * signature packets. OpenPGP says that the data should be bracket by * the onepass-sig and signature-packet; so we build these onepass - * packet here in reverse order + * packet here in reverse order */ static int write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) @@ -564,7 +564,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) PKT_onepass_sig *ops; PACKET pkt; int i, rc; - + for (i=0, sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { if (++i == skcount) break; @@ -577,7 +577,7 @@ write_onepass_sig_packets (SK_LIST sk_list, IOBUF out, int sigclass ) ops->pubkey_algo = pk->pubkey_algo; keyid_from_pk (pk, ops->keyid); ops->last = (skcount == 1); - + init_packet(&pkt); pkt.pkttype = PKT_ONEPASS_SIG; pkt.pkt.onepass_sig = ops; @@ -665,7 +665,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode) wipememory(copy_buffer,4096); /* burn buffer */ } /* fixme: it seems that we never freed pt/pkt */ - + return rc; } @@ -679,7 +679,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash, int status_letter, const char *cache_nonce) { SK_LIST sk_rover; - + /* Loop over the certificates with secret keys. */ for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next) { @@ -713,23 +713,23 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash, if (gcry_md_copy (&md, hash)) BUG (); - + if (sig->version >= 4) { build_sig_subpkt_from_sig (sig); mk_notation_policy_etc (sig, pk, NULL); } - + hash_sigversion_to_magic (md, sig); gcry_md_final (md); rc = do_sign (pk, sig, md, hash_for (pk), cache_nonce); gcry_md_close (md); if (!rc) - { + { /* Write the packet. */ PACKET pkt; - + init_packet (&pkt); pkt.pkttype = PKT_SIGNATURE; pkt.pkt.signature = sig; @@ -743,7 +743,7 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash, if (rc) return rc; } - + return 0; } @@ -836,7 +836,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, inp = NULL; gpg_err_set_errno (EPERM); } - if( !inp ) + if( !inp ) { rc = gpg_error_from_syserror (); log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", @@ -992,7 +992,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, there is an assumed preference for uncompressed data. Still, if it did fail, we'll also end up with the default. */ - + if((compr_algo= select_algo_from_prefs(pk_list,PREFTYPE_ZIP,-1,NULL))==-1) compr_algo=default_compress_algo(); @@ -1157,7 +1157,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) } if( !inp ) { rc = gpg_error_from_syserror (); - log_error (_("can't open `%s': %s\n"), + log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", strerror(errno) ); goto leave; } @@ -1168,7 +1168,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) outfile = NULL; gpg_err_set_errno (EPERM); } - else + else out = iobuf_create( outfile ); if( !out ) { @@ -1188,7 +1188,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) { if (hash_for (sk_rover->pk) == DIGEST_ALGO_MD5) only_md5 = 1; - else + else { only_md5 = 0; break; @@ -1256,7 +1256,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) gcry_md_close ( textmd ); release_sk_list( sk_list ); release_progress_context (pfx); - release_armor_context (afx); + release_armor_context (afx); return rc; } @@ -1302,7 +1302,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) /* Note: In the old non-agent version the following call used to unprotect the secret key. This is now done on demand by the agent. */ rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG); - if (rc) + if (rc) goto leave; /* prepare iobufs */ @@ -1315,7 +1315,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) } if( !inp ) { rc = gpg_error_from_syserror (); - log_error (_("can't open `%s': %s\n"), + log_error (_("can't open `%s': %s\n"), fname? fname: "[stdin]", strerror(errno) ); goto leave; } @@ -1404,7 +1404,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) rc = write_plaintext_packet (out, inp, fname, opt.textmode ? 't':'b'); if (rc) goto leave; - + /* Write the signatures */ /*(current filters: zip - encrypt - armor)*/ rc = write_signature_packets (sk_list, out, mfx.md, @@ -1569,7 +1569,7 @@ int update_keysig_packet( PKT_signature **ret_sig, PKT_signature *orig_sig, PKT_public_key *pk, - PKT_user_id *uid, + PKT_user_id *uid, PKT_public_key *subpk, PKT_public_key *pksk, int (*mksubpkt)(PKT_signature *, void *), @@ -1597,7 +1597,7 @@ update_keysig_packet( PKT_signature **ret_sig, /* create a new signature packet */ sig = copy_signature (NULL, orig_sig); - + /* We need to create a new timestamp so that new sig expiration calculations are done correctly... */ sig->timestamp=make_timestamp(); ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 8 ++++++ g10/keygen.c | 33 +++++++++++++++++++++--- g10/sign.c | 76 ++++++++++++++++++++++++++++---------------------------- 3 files changed, 75 insertions(+), 42 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 18:27:25 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 18:27:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta1-81-g71e7a16 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 71e7a1644e37b7e3758f6de0607fdb636ca6f4b1 (commit) from d9e2dcc1a9182b3144fa4f9b23b6ce7fb2cf63cc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 71e7a1644e37b7e3758f6de0607fdb636ca6f4b1 Author: Werner Koch Date: Thu Feb 3 18:05:56 2011 +0100 Relax mailbox name checking. Fixes bug#1315. diff --git a/g10/ChangeLog b/g10/ChangeLog index 771e9e0..3f8874f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,8 @@ 2011-02-03 Werner Koch + * misc.c (has_invalid_email_chars): Relax mailbox name checking. + Fixes bug#1315. + * sign.c (do_sign): Use openpgp_pk_algo_name. * keygen.c (ask_algo): Show ECC algos only in expert mode. Add diff --git a/g10/misc.c b/g10/misc.c index dcd2bd1..f2ab984 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -40,7 +40,7 @@ #ifdef HAVE_W32_SYSTEM #include #include -#include +#include #include #ifndef CSIDL_APPDATA #define CSIDL_APPDATA 0x001a @@ -82,7 +82,7 @@ string_count_chr (const char *string, int c) #ifdef ENABLE_SELINUX_HACKS /* A object and a global variable to keep track of files marked as secured. */ -struct secured_file_item +struct secured_file_item { struct secured_file_item *next; ino_t ino; @@ -107,7 +107,7 @@ register_secured_file (const char *fname) /* Note that we stop immediatley if something goes wrong here. */ if (stat (fname, &buf)) - log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname, + log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname, "register_secured_file", strerror (errno)); /* log_debug ("registering `%s' i=%lu.%lu\n", fname, */ /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */ @@ -161,8 +161,8 @@ unregister_secured_file (const char *fname) } /* Return true if FD is corresponds to a secured file. Using -1 for - FS is allowed and will return false. */ -int + FS is allowed and will return false. */ +int is_secured_file (int fd) { #ifdef ENABLE_SELINUX_HACKS @@ -176,7 +176,7 @@ is_secured_file (int fd) secure if something went wrong. */ if (fstat (fd, &buf)) { - log_error (_("fstat(%d) failed in %s: %s\n"), fd, + log_error (_("fstat(%d) failed in %s: %s\n"), fd, "is_secured_file", strerror (errno)); return 1; } @@ -196,8 +196,8 @@ is_secured_file (int fd) /* Return true if FNAME is corresponds to a secured file. Using NULL, "" or "-" for FS is allowed and will return false. This function is used before creating a file, thus it won't fail if the file does - not exist. */ -int + not exist. */ +int is_secured_filename (const char *fname) { #ifdef ENABLE_SELINUX_HACKS @@ -205,7 +205,7 @@ is_secured_filename (const char *fname) struct secured_file_item *sf; if (iobuf_is_pipe_filename (fname) || !*fname) - return 0; + return 0; /* Note that we print out a error here and claim that a file is secure if something went wrong. */ @@ -346,9 +346,9 @@ map_cipher_openpgp_to_gcry (int algo) { switch (algo) { - case CIPHER_ALGO_CAMELLIA128: return 310; - case CIPHER_ALGO_CAMELLIA192: return 311; - case CIPHER_ALGO_CAMELLIA256: return 312; + case CIPHER_ALGO_CAMELLIA128: return 310; + case CIPHER_ALGO_CAMELLIA192: return 311; + case CIPHER_ALGO_CAMELLIA256: return 312; default: return algo; } } @@ -394,7 +394,7 @@ map_pk_gcry_to_openpgp (enum gcry_pk_algos algo) /* Return the block length of an OpenPGP cipher algorithm. */ -int +int openpgp_cipher_blocklen (int algo) { /* We use the numbers from OpenPGP to be sure that we get the right @@ -434,7 +434,7 @@ openpgp_cipher_test_algo( int algo ) string representation of the algorithm name. For unknown algorithm IDs this function returns "?". */ const char * -openpgp_cipher_algo_name (int algo) +openpgp_cipher_algo_name (int algo) { return gnupg_cipher_algo_name (map_cipher_openpgp_to_gcry (algo)); } @@ -445,7 +445,7 @@ openpgp_pk_test_algo( int algo ) /* Dont't allow type 20 keys unless in rfc2440 mode. */ if (!RFC2440 && algo == 20) return gpg_error (GPG_ERR_PUBKEY_ALGO); - + if (algo == GCRY_PK_ELG_E) algo = GCRY_PK_ELG; @@ -474,13 +474,13 @@ openpgp_pk_test_algo2( int algo, unsigned int use ) GCRYCTL_TEST_ALGO, NULL, &use_buf); } -int +int openpgp_pk_algo_usage ( int algo ) { - int use = 0; - + int use = 0; + /* They are hardwired in gpg 1.0. */ - switch ( algo ) { + switch ( algo ) { case PUBKEY_ALGO_RSA: use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH); @@ -499,7 +499,7 @@ openpgp_pk_algo_usage ( int algo ) case PUBKEY_ALGO_ELGAMAL_E: use = PUBKEY_USAGE_ENC; break; - case PUBKEY_ALGO_DSA: + case PUBKEY_ALGO_DSA: use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; break; case PUBKEY_ALGO_ECDSA: @@ -514,7 +514,7 @@ openpgp_pk_algo_usage ( int algo ) string representation of the algorithm name. For unknown algorithm IDs this function returns "?". */ const char * -openpgp_pk_algo_name (int algo) +openpgp_pk_algo_name (int algo) { return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo)); } @@ -538,7 +538,7 @@ openpgp_md_test_algo( int algo ) string representation of the algorithm name. For unknown algorithm IDs this function returns "?". */ const char * -openpgp_md_algo_name (int algo) +openpgp_md_algo_name (int algo) { if (algo < 0 || algo > 110) return "?"; @@ -564,7 +564,7 @@ idea_cipher_warn(int show) #endif -static unsigned long +static unsigned long get_signature_count (PKT_public_key *pk) { #ifdef ENABLE_CARD_SUPPORT @@ -663,7 +663,7 @@ pct_expando(const char *string,struct expando_args *args) sprintf (&ret[idx],"%lu", get_signature_count (args->pksk)); idx+=strlen(&ret[idx]); done=1; - } + } break; case 'p': /* primary pk fingerprint of a sk */ @@ -735,7 +735,7 @@ pct_expando(const char *string,struct expando_args *args) case 't': /* e.g. "jpg" */ str=image_type_to_string(args->imagetype,0); break; - + case 'T': /* e.g. "image/jpeg" */ str=image_type_to_string(args->imagetype,2); break; @@ -834,7 +834,7 @@ deprecated_command (const char *name) void -obsolete_option (const char *configname, unsigned int configlineno, +obsolete_option (const char *configname, unsigned int configlineno, const char *name) { if(configname) @@ -850,9 +850,9 @@ obsolete_option (const char *configname, unsigned int configlineno, * Wrapper around gcry_cipher_map_name to provide a fallback using the * "Sn" syntax as used by the preference strings. */ -int -string_to_cipher_algo (const char *string) -{ +int +string_to_cipher_algo (const char *string) +{ int val; val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string)); @@ -873,9 +873,9 @@ string_to_cipher_algo (const char *string) * Wrapper around gcry_md_map_name to provide a fallback using the * "Hn" syntax as used by the preference strings. */ -int -string_to_digest_algo (const char *string) -{ +int +string_to_digest_algo (const char *string) +{ int val; val = gcry_md_map_name (string); @@ -962,7 +962,7 @@ check_compress_algo(int algo) { case 0: return 0; #ifdef HAVE_ZIP - case 1: + case 1: case 2: return 0; #endif #ifdef HAVE_BZIP2 @@ -1283,13 +1283,14 @@ has_invalid_email_chars (const char *s) const char *valid_chars= "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; - for ( ; *s; s++ ) + for ( ; *s; s++ ) { if ( (*s & 0x80) ) continue; /* We only care about ASCII. */ if ( *s == '@' ) at_seen=1; - else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) ) + else if ( !at_seen && !(strchr (valid_chars, *s) + || strchr ("!#$%&'*+/=?^`{|}~", *s))) return 1; else if ( at_seen && !strchr( valid_chars, *s ) ) return 1; @@ -1429,7 +1430,7 @@ int pubkey_get_nenc (int algo) { size_t n; - + /* ECC is special. */ if (algo == PUBKEY_ALGO_ECDSA) return 0; @@ -1499,7 +1500,7 @@ int mpi_print (estream_t fp, gcry_mpi_t a, int mode) { int n=0; - + if (!a) return es_fprintf (fp, "[MPI_NULL]"); if (!mode) @@ -1524,7 +1525,7 @@ mpi_print (estream_t fp, gcry_mpi_t a, int mode) else { unsigned char *buffer; - + if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a)) BUG (); es_fputs (buffer, fp); @@ -1537,7 +1538,7 @@ mpi_print (estream_t fp, gcry_mpi_t a, int mode) /* pkey[1] or skey[1] is Q for ECDSA, which is an uncompressed point, i.e. 04 */ -unsigned int +unsigned int ecdsa_qbits_from_Q (unsigned int qbits) { if ((qbits%8) > 3) @@ -1550,5 +1551,3 @@ ecdsa_qbits_from_Q (unsigned int qbits) qbits /= 2; return qbits; } - - ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 3 ++ g10/misc.c | 81 ++++++++++++++++++++++++++++----------------------------- 2 files changed, 43 insertions(+), 41 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 21:12:41 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 21:12:41 +0100 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-167-gb001a8d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via b001a8df68c8eb33abbe879f6c7fb4db4909b6f6 (commit) via 55ad4d80e278e56bd5bc4fbac837db34edd70bde (commit) from 2bdbe888228ce09f15be4773800ed13263a8e43e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b001a8df68c8eb33abbe879f6c7fb4db4909b6f6 Merge: 55ad4d8 2bdbe88 Author: Werner Koch Date: Thu Feb 3 20:51:36 2011 +0100 Merge branch 'master' of git+ssh://playfair.gnupg.org/git/gpgme diff --cc src/ChangeLog index 9b1ef8d,4afcdf9..94200bc --- a/src/ChangeLog +++ b/src/ChangeLog @@@ -1,10 -1,28 +1,35 @@@ +2011-02-03 Werner Koch + + * extra-stati.h: New. + * mkstatus: Extend to also process extra-stati.h + * Makefile.am (main_sources): Add extra-stati.h + (status-table.h): Depend on extra-stati.h and adjust rule. + + 2011-02-03 Marcus Brinkmann + + * w32-io.c (_gpgme_io_socket): Return fd, not res. + + 2011-02-02 Marcus Brinkmann + + * assuan-support.c (my_socket, my_connect): New functions. + (_gpgme_assuan_system_hooks): Add my_Socket, my_connect. + * priv-io.h (_gpgme_io_socket): New prototype. + * w32-io.c (pid_to_handle, handle_to_oid, fd_to_handle): Remove macros. + (is_socket): Remove function. + (_gpgme_io_spawn) [HAVE_W32CE_SYSTEM]: Remove some dead code. + (_gpgme_io_spawn): Translate handles before DuplicateHandle them. + + 2011-02-02 Marcus Brinkmann + + * w32-util.c (mkstemp): Don't use CreateFile instead of open (the + function is not used on Windows CE, and the callers were not + adjusted). + + 2011-01-21 Marcus Brinkmann + + * engine-gpgconf.c (_gpgme_conf_opt_change): Fix the case that is + not self-assignment. + 2010-12-08 Werner Koch * gpgme-tool.c (strcpy_escaped_plus): New. @@@ -1467,6 -1485,6 +1492,10 @@@ * op-support.c (_gpgme_op_reset): Implement a no-reset flag. * getauditlog.c (getauditlog_start): Use that flag. ++2007-11-20 Werner Koch ++ ++ * op-support.c (_gpgme_parse_inv_recp): Add new reason code 11. ++ 2007-11-22 Werner Koch * gpgme.h (gpgme_op_getauditlog_start, gpgme_op_getauditlog): New. @@@ -1478,11 -1496,11 +1507,7 @@@ (_gpgme_engine_ops_gpgsm): Insert new function. (gpgsm_new): Try to enable audit log support. * rungpg.c (_gpgme_engine_ops_gpg): Insert dummy entry. - -2007-11-20 Werner Koch - - * op-support.c (_gpgme_parse_inv_recp): Add new reason code 11. - 2007-11-20 Werner Koch - - * op-support.c (_gpgme_parse_inv_recp): Add new reason code 11. - 2007-11-12 Marcus Brinkmann * kdpipeiodevice.cpp: New version from Frank Osterfeld. @@@ -2256,24 -2274,24 +2281,6 @@@ * w32-io.c (_gpgme_io_read, _gpgme_io_write): Print content in debug mode too. --2005-08-19 Werner Koch -- -- * gpgme.def: New. -- * versioninfo.rc.in: New. -- * Makefile.am: Addes support for building a W32 DLL. - - * ttyname_r.c (ttyname_r) [W32]: Return error. - * ath-compat.c [W32]: select and co are not yet supported; return - error. - * data-stream.c (stream_seek): Use ftell if ftello is not available. - - 2005-08-08 Werner Koch - - * util.h (stpcpy): Renamed to .. - (_gpgme_stpcpy): .. this and made inline. This avoids duplicate - definitions when linking statically. - * stpcpy.c: Removed. - - - * ttyname_r.c (ttyname_r) [W32]: Return error. - * ath-compat.c [W32]: select and co are not yet supported; return - error. - * data-stream.c (stream_seek): Use ftell if ftello is not available. - -2005-08-08 Werner Koch - - * util.h (stpcpy): Renamed to .. - (_gpgme_stpcpy): .. this and made inline. This avoids duplicate - definitions when linking statically. - * stpcpy.c: Removed. - 2005-07-27 Marcus Brinkmann * gpgme.h (gpgme_status_code_t): Add GPGME_STATUS_PLAINTEXT. @@@ -2288,6 -2306,6 +2295,24 @@@ OPD->result.plaintext_filename. (_gpgme_verify_status_handler): Handle GPGME_STATUS_PLAINTEXT. ++2005-08-08 Werner Koch ++ ++ * util.h (stpcpy): Renamed to .. ++ (_gpgme_stpcpy): .. this and made inline. This avoids duplicate ++ definitions when linking statically. ++ * stpcpy.c: Removed. ++ ++2005-08-19 Werner Koch ++ ++ * gpgme.def: New. ++ * versioninfo.rc.in: New. ++ * Makefile.am: Addes support for building a W32 DLL. ++ ++ * ttyname_r.c (ttyname_r) [W32]: Return error. ++ * ath-compat.c [W32]: select and co are not yet supported; return ++ error. ++ * data-stream.c (stream_seek): Use ftell if ftello is not available. ++ 2005-07-26 Marcus Brinkmann * keylist.c (gpgme_get_key): Allow key IDs. @@@ -4009,65 -4027,65 +4034,66 @@@ fail_on_pending_request. * util.h: Don't include "types.h" or "debug.h", but include "gpgme.h". --2003-01-30 Marcus Brinkmann ++2003-01-19 Marcus Brinkmann -- * types.h (EngineObject): Move typedef to ... -- * engine.h: ... here. -- * types.h (GpgObject): Move typedef to ... -- * rungpg.c: ... here. -- * types.h (GpgsmObject): Move typedef to ... -- * engine-gpgsm.c: ... here. ++ * rungpg.c (_gpgme_engine_ops_gpg): Remove gpg_start. ++ (gpg_start): Rename to ... ++ (start): ... this function. Change arguments to GpgObject. ++ (gpg_decrypt): Call start. ++ (gpg_edit): Likewise. ++ (gpg_encrypt): Likewise. ++ (gpg_encrypt_sign): Likewise. ++ (gpg_export): Likewise. ++ (gpg_import): Likewise. ++ (gpg_keylist): Likewise. ++ (gpg_keylist_ext): Likewise. ++ (gpg_trustlist): Likewise. ++ (gpg_verify): Likewise. -- * util.h (return_if_fail, return_null_if_fail, -- return_val_if_fail): Remove macro. -- * gpgme.c (gpgme_cancel): Don't use return_if_fail. -- * key.c (gpgme_key_ref): Likewise. -- * signers.c (gpgme_signers_enum): Likewise. -- (gpgme_signers_clear): Likewise. ++ * engine-gpgsm.c (_gpgme_engine_ops_encrypt): Remove gpgsm_start. ++ (gpgsm_start): Rename to ... ++ (struct gpgsm_object_s): Remove member command. ++ (gpgsm_release): Don't free command. ++ (start): ... this function. Change arguments to GpgsmObject and ++ const char *. ++ (gpgsm_decrypt): Call start. ++ (gpgsm_delete): Likewise. ++ (gpgsm_encrypt): Likewise. ++ (gpgsm_export): Likewise. ++ (gpgsm_genkey): Likewise. ++ (gpgsm_import): Likewise. ++ (gpgsm_keylist): Likewise. ++ (gpgsm_keylist_ext): Likewise. ++ (gpgsm_verify): Likewise. -- * engine-backend.h (struct engine_ops): Rename get_path to -- get_file_name. -- * gpgme.h (struct _gpgme_engine_info): Rename member path to -- file_name. -- * version.c: Do not include , , context.h and -- util.h. Other clean ups. -- (parse_version_number): Protect more seriously against -- overflow. -- (gpgme_get_engine_info): Move to ... -- * engine.c (gpgme_get_engine_info): ... here. -- (_gpgme_engine_get_info): Function removed. -- (_gpgme_engine_get_path): Make static and rename to ... -- (engine_get_file_name): .. this. -- (_gpgme_engine_get_version): Make static and rename to ... -- (engine_get_version): ... this. -- (_gpgme_engine_get_req_version): Make static and rename to ... -- (engine_get_req_version): ... this. -- * engine.h (_gpgme_engine_get_path, _gpgme_engine_get_version, -- _gpgme_engine_req_version, _gpgme_engine_get_info.): Remove -- prototypes. ++ * decrypt.c (_gpgme_decrypt_start): Don't call ++ _gpgme_engine_start. ++ * delete.c (_gpgme_op_delete_start): Likewise. ++ * edit.c (_gpgme_op_edit_start): Likewise. ++ * encrypt.c (_gpgme_op_encrypt_start): ++ * encrypt-sign.c (_gpgme_op_encrypt_sign_start): ++ * export.c (_gpgme_op_export_start): Likewise. ++ * genkey.c (_gpgme_op_genkey_start): Likewise. ++ * import.c (_gpgme_op_import_start): Likewise. ++ * keylist.c (gpgme_op_keylist_ext_start): Likewise. ++ (gpgme_op_keylist_start): Likewise. ++ * sign.c (_gpgme_op_sign_start): Likewise. ++ * trustlist.c (gpgme_op_trustlist_start): Likewise. ++ * verify.c (_gpgme_op_verify_start): Likewise. -- * gpgme.h (enum GpgmeProtocol): Remove GPGME_PROTOCOL_AUTO. -- * gpgme.c (gpgme_set_protocol): Don't handle GPGME_PROTOCOL_AUTO. -- (gpgme_get_protocol_name): New function. ++ * engine-backend.h (struct engine_ops): Remove member start. + - * engine-backend.h (struct engine_ops): New member - get_req_version, remove member check_version. - * engine.h (_gpgme_Engine_get_version): New prototype. - * rungpg.c (gpg_get_req_version): New function. - (gpg_check_version): Function removed. - (_gpgme_engine_ops_gpg): Add gpg_get_req_version, remove - gpg_check_version. - * engine-gpgsm.c (gpgsm_get_req_version): New function. - (gpgsm_check_version): Function removed. - (_gpgme_engine_ops_gpgsm): Add gpgsm_get_req_version, remove - gpgsm_check_version. - * engine.c: Include ops.h. - (_gpgme_engine_get_req_version): New function. - (gpgme_engine_check_version): Rewritten. - * version.c (gpgme_get_engine_info): Rewritten. - * gpgme.h (gpgme_engine_info): New structure. - (GpgmeEngineInfo): New type. ++ * engine.h (_gpgme_engine_start): Remove prototype. ++ * engine.c (_gpgme_engine_start): Remove function. ++ ++2003-01-19 Miguel Coca ++ ++ * w32-io.c (_gpgme_io_select): Add missing argument in calls to ++ DEBUG_BEGIN. ++ * w32-util.c: Include "sema.h". ++ (find_program_in_registry): Change DEBUG1 to DEBUG2, fixes compilation ++ error. - * engine-backend.h (struct engine_ops): New member - get_req_version, remove member check_version. - * engine.h (_gpgme_Engine_get_version): New prototype. - * rungpg.c (gpg_get_req_version): New function. - (gpg_check_version): Function removed. - (_gpgme_engine_ops_gpg): Add gpg_get_req_version, remove - gpg_check_version. - * engine-gpgsm.c (gpgsm_get_req_version): New function. - (gpgsm_check_version): Function removed. - (_gpgme_engine_ops_gpgsm): Add gpgsm_get_req_version, remove - gpgsm_check_version. - * engine.c: Include ops.h. - (_gpgme_engine_get_req_version): New function. - (gpgme_engine_check_version): Rewritten. - * version.c (gpgme_get_engine_info): Rewritten. - * gpgme.h (gpgme_engine_info): New structure. - (GpgmeEngineInfo): New type. - 2003-01-29 Marcus Brinkmann * types.h: Remove byte and ulong types. @@@ -4212,66 -4230,66 +4238,65 @@@ * key.c (gpgme_key_sig_get_string_attr): Use validity_to_string instead otrust_to_string to calculate validity. - -2003-01-19 Miguel Coca - - * w32-io.c (_gpgme_io_select): Add missing argument in calls to - DEBUG_BEGIN. - * w32-util.c: Include "sema.h". - (find_program_in_registry): Change DEBUG1 to DEBUG2, fixes compilation - error. - 2003-01-19 Miguel Coca - - * w32-io.c (_gpgme_io_select): Add missing argument in calls to - DEBUG_BEGIN. - * w32-util.c: Include "sema.h". - (find_program_in_registry): Change DEBUG1 to DEBUG2, fixes compilation - error. - --2003-01-19 Marcus Brinkmann ++2003-01-30 Marcus Brinkmann -- * rungpg.c (_gpgme_engine_ops_gpg): Remove gpg_start. -- (gpg_start): Rename to ... -- (start): ... this function. Change arguments to GpgObject. -- (gpg_decrypt): Call start. -- (gpg_edit): Likewise. -- (gpg_encrypt): Likewise. -- (gpg_encrypt_sign): Likewise. -- (gpg_export): Likewise. -- (gpg_import): Likewise. -- (gpg_keylist): Likewise. -- (gpg_keylist_ext): Likewise. -- (gpg_trustlist): Likewise. -- (gpg_verify): Likewise. ++ * types.h (EngineObject): Move typedef to ... ++ * engine.h: ... here. ++ * types.h (GpgObject): Move typedef to ... ++ * rungpg.c: ... here. ++ * types.h (GpgsmObject): Move typedef to ... ++ * engine-gpgsm.c: ... here. -- * engine-gpgsm.c (_gpgme_engine_ops_encrypt): Remove gpgsm_start. -- (gpgsm_start): Rename to ... -- (struct gpgsm_object_s): Remove member command. -- (gpgsm_release): Don't free command. -- (start): ... this function. Change arguments to GpgsmObject and -- const char *. -- (gpgsm_decrypt): Call start. -- (gpgsm_delete): Likewise. -- (gpgsm_encrypt): Likewise. -- (gpgsm_export): Likewise. -- (gpgsm_genkey): Likewise. -- (gpgsm_import): Likewise. -- (gpgsm_keylist): Likewise. -- (gpgsm_keylist_ext): Likewise. -- (gpgsm_verify): Likewise. ++ * util.h (return_if_fail, return_null_if_fail, ++ return_val_if_fail): Remove macro. ++ * gpgme.c (gpgme_cancel): Don't use return_if_fail. ++ * key.c (gpgme_key_ref): Likewise. ++ * signers.c (gpgme_signers_enum): Likewise. ++ (gpgme_signers_clear): Likewise. -- * decrypt.c (_gpgme_decrypt_start): Don't call -- _gpgme_engine_start. -- * delete.c (_gpgme_op_delete_start): Likewise. -- * edit.c (_gpgme_op_edit_start): Likewise. - * encrypt.c (_gpgme_op_encrypt_start): - * encrypt-sign.c (_gpgme_op_encrypt_sign_start): - * export.c (_gpgme_op_export_start): Likewise. - * genkey.c (_gpgme_op_genkey_start): Likewise. - * import.c (_gpgme_op_import_start): Likewise. - * keylist.c (gpgme_op_keylist_ext_start): Likewise. - (gpgme_op_keylist_start): Likewise. - * sign.c (_gpgme_op_sign_start): Likewise. - * trustlist.c (gpgme_op_trustlist_start): Likewise. - * verify.c (_gpgme_op_verify_start): Likewise. - * encrypt.c (_gpgme_op_encrypt_start): - * encrypt-sign.c (_gpgme_op_encrypt_sign_start): - * export.c (_gpgme_op_export_start): Likewise. - * genkey.c (_gpgme_op_genkey_start): Likewise. - * import.c (_gpgme_op_import_start): Likewise. - * keylist.c (gpgme_op_keylist_ext_start): Likewise. - (gpgme_op_keylist_start): Likewise. - * sign.c (_gpgme_op_sign_start): Likewise. - * trustlist.c (gpgme_op_trustlist_start): Likewise. - * verify.c (_gpgme_op_verify_start): Likewise. ++ * engine-backend.h (struct engine_ops): Rename get_path to ++ get_file_name. ++ * gpgme.h (struct _gpgme_engine_info): Rename member path to ++ file_name. ++ * version.c: Do not include , , context.h and ++ util.h. Other clean ups. ++ (parse_version_number): Protect more seriously against ++ overflow. ++ (gpgme_get_engine_info): Move to ... ++ * engine.c (gpgme_get_engine_info): ... here. ++ (_gpgme_engine_get_info): Function removed. ++ (_gpgme_engine_get_path): Make static and rename to ... ++ (engine_get_file_name): .. this. ++ (_gpgme_engine_get_version): Make static and rename to ... ++ (engine_get_version): ... this. ++ (_gpgme_engine_get_req_version): Make static and rename to ... ++ (engine_get_req_version): ... this. ++ * engine.h (_gpgme_engine_get_path, _gpgme_engine_get_version, ++ _gpgme_engine_req_version, _gpgme_engine_get_info.): Remove ++ prototypes. -- * engine-backend.h (struct engine_ops): Remove member start. ++ * gpgme.h (enum GpgmeProtocol): Remove GPGME_PROTOCOL_AUTO. ++ * gpgme.c (gpgme_set_protocol): Don't handle GPGME_PROTOCOL_AUTO. ++ (gpgme_get_protocol_name): New function. -- * engine.h (_gpgme_engine_start): Remove prototype. -- * engine.c (_gpgme_engine_start): Remove function. ++ * engine-backend.h (struct engine_ops): New member ++ get_req_version, remove member check_version. ++ * engine.h (_gpgme_Engine_get_version): New prototype. ++ * rungpg.c (gpg_get_req_version): New function. ++ (gpg_check_version): Function removed. ++ (_gpgme_engine_ops_gpg): Add gpg_get_req_version, remove ++ gpg_check_version. ++ * engine-gpgsm.c (gpgsm_get_req_version): New function. ++ (gpgsm_check_version): Function removed. ++ (_gpgme_engine_ops_gpgsm): Add gpgsm_get_req_version, remove ++ gpgsm_check_version. ++ * engine.c: Include ops.h. ++ (_gpgme_engine_get_req_version): New function. ++ (gpgme_engine_check_version): Rewritten. ++ * version.c (gpgme_get_engine_info): Rewritten. ++ * gpgme.h (gpgme_engine_info): New structure. ++ (GpgmeEngineInfo): New type. 2003-01-06 Werner Koch @@@ -5218,6 -5236,6 +5243,10 @@@ * keylist.c (gpgme_op_keylist_ext_start): Always use our own FD table (eg use synchronous mode). ++2002-06-27 Marcus Brinkmann ++ ++ * gpgme.h: Fix documentation of key attribute retrieval functions. ++ 2002-06-28 Marcus Brinkmann * ops.h (_gpgme_wait_on_condition): Remove HANG argument from @@@ -5239,11 -5257,11 +5268,7 @@@ table (eg use synchronous mode). (gpgme_op_trustlist_next): Remove HANG argument from _gpgme_wait_on_condition. Check its return value. - -2002-06-27 Marcus Brinkmann - - * gpgme.h: Fix documentation of key attribute retrieval functions. - 2002-06-27 Marcus Brinkmann - - * gpgme.h: Fix documentation of key attribute retrieval functions. - 2002-06-26 Werner Koch * engine-gpgsm.c (map_assuan_error): Map No_Data_Available to EOF. @@@ -5847,6 -5865,6 +5872,12 @@@ 2002-02-25 Marcus Brinkmann ++ * verify.c (_gpgme_verify_status_handler): Parse the args line to ++ see if the problem is due to a missing key, and report that back ++ to the user. ++ ++2002-02-25 Marcus Brinkmann ++ * engine.c (_gpgme_engine_op_encrypt_sign): New function. * engine.h (_gpgme_engine_op_encrypt_sign): New prototype. * rungpg.c (_gpgme_append_gpg_args_from_signers): New function. commit 55ad4d80e278e56bd5bc4fbac837db34edd70bde Author: Werner Koch Date: Thu Feb 3 20:49:41 2011 +0100 Add support for non-API GnuPG status codes. As an example stub code for DECRYTPION_INFO has been added. Note that the status codes in gpgme.h do only make sense for the edit interactor interface and thus certain codes don't need to be part of the public interface. diff --git a/src/ChangeLog b/src/ChangeLog index f891d98..9b1ef8d 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,10 @@ +2011-02-03 Werner Koch + + * extra-stati.h: New. + * mkstatus: Extend to also process extra-stati.h + * Makefile.am (main_sources): Add extra-stati.h + (status-table.h): Depend on extra-stati.h and adjust rule. + 2010-12-08 Werner Koch * gpgme-tool.c (strcpy_escaped_plus): New. @@ -928,7 +935,7 @@ 2009-06-16 Werner Koch - * version.c: Include stdlib.h. + * version.c: Include stdlib.h. * gpgme.h.in (gpgme_data_encoding_t): Add GPGME_DATA_ENCODING_URL, GPGME_DATA_ENCODING_URLESC, GPGME_DATA_ENCODING_URL0. @@ -1007,7 +1014,7 @@ * gpgme.c: Include priv-io.h. (gpgme_io_read, gpgme_io_write): New. - * libgpgme.vers (GPGME_1.1): Add them. + * libgpgme.vers (GPGME_1.1): Add them. * gpgme.def: Ditto. * Makefile.am (main_sources): Remove gpgme.h. @@ -1471,7 +1478,7 @@ (_gpgme_engine_ops_gpgsm): Insert new function. (gpgsm_new): Try to enable audit log support. * rungpg.c (_gpgme_engine_ops_gpg): Insert dummy entry. - + 2007-11-20 Werner Koch * op-support.c (_gpgme_parse_inv_recp): Add new reason code 11. @@ -1668,7 +1675,7 @@ drops to 0. (find_reader, find_writer, kill_reader, kill_writer): Beautify. * priv-io.h (_gpgme_io_dup): New prototype. - * posix-io.c (_gpgme_io_dup): New function. + * posix-io.c (_gpgme_io_dup): New function. * w32-io.c (_gpgme_io_dup): Likewise. * w32-glib-io.c (_gpgme_io_dup): Likewise. * engine-gpgsm.c (start): Reverting to version 2007-07-10. @@ -1686,7 +1693,7 @@ in case of error. * w32-io.c (_gpgme_io_read): Return C->error_code in ERRNO. (_gpgme_io_write): Likewise. - + * priv-io.h (_gpgme_io_set_close_notify): Change type of HANDLER to _gpgme_close_notify_handler. (_gpgme_close_notify_handler): New type. @@ -1723,7 +1730,7 @@ 2007-07-10 Marcus Brinkmann * priv-io.h (_gpgme_io_dup): New prototype. - * posix-io.c (_gpgme_io_dup): New function. + * posix-io.c (_gpgme_io_dup): New function. * w32-io.c (_gpgme_io_dup): Likewise. * w32-glib-io.c (_gpgme_io_dup): Likewise. * engine-gpgsm.c (start): Use _gpgme_dup() instead of dup(). @@ -1766,7 +1773,7 @@ (fd_cbs): Add fd_get_fd. * data-stream.c (stream_get_fd): New function. (stream_cbs): Add stream_get_fd. - * data-mem.c (mem_cbs): Add NULL for get_fd callback. + * data-mem.c (mem_cbs): Add NULL for get_fd callback. * data-user.c (user_cbs): Likewise. * engine-gpgsm.c (gpgsm_set_fd) [USE_DESCRIPTOR_PASSING]: Try to short-cut by passing the data descriptor directly. @@ -1811,7 +1818,7 @@ * engine-gpgsm.c (gpgsm_new): Move code to dup status_fd to ... (start): ... here. * posix-io.c (_gpgme_io_recvmsg, _gpgme_io_sendmsg): New functions. - + * engine.h (_gpgme_engine_new): Remove arguments lc_ctype and lc_messages from prototype. (_gpgme_engine_set_locale): New prototype. @@ -2058,7 +2065,7 @@ (libgpgme_pth_la_SOURCES): Add $(system_components_not_extra). (libgpgme_glib_la_LDFLAGS, libgpgme_glib_la_DEPENDENCIES, (libgpgme_glib_la_LIBADD, libgpgme_glib_la_CFLAGS) - [BUILD_W32_GLIB]: New variables. + [BUILD_W32_GLIB]: New variables. * gpgme-config.in (glib): New option. * gpgme.m4 (AM_PATH_GPGME_GLIB): New macro. @@ -2254,7 +2261,7 @@ * gpgme.def: New. * versioninfo.rc.in: New. * Makefile.am: Addes support for building a W32 DLL. - + * ttyname_r.c (ttyname_r) [W32]: Return error. * ath-compat.c [W32]: select and co are not yet supported; return error. @@ -2266,7 +2273,7 @@ (_gpgme_stpcpy): .. this and made inline. This avoids duplicate definitions when linking statically. * stpcpy.c: Removed. - + 2005-07-27 Marcus Brinkmann * gpgme.h (gpgme_status_code_t): Add GPGME_STATUS_PLAINTEXT. @@ -2392,7 +2399,7 @@ * data.c, engine-gpgsm.c, posix-io.c, rungpg.c, version.c, w32-io.c, wait-private.c, wait-global.c, wait-user.c, wait.c: Change all includes of "io.h" to "priv-io.h" - + 2005-03-09 Werner Koch * w32-util.c (_gpgme_get_gpg_path, _gpgme_get_gpgsm_path): Do not @@ -2408,7 +2415,7 @@ files. 2005-03-07 Timo Schulz - + * gpgme.h: [_WIN32] Removed ssize_t typedef. * ath.h: [_WIN32] Added some (dummy) types. * io.h: [_WIN32] include stdio.h. @@ -2548,7 +2555,7 @@ * data.c (_gpgme_data_outbound_handler): Close the file descriptor if we get an EPIPE. - + * data-stream.c (stream_seek): Call ftello and return the current offset. * data.h (struct gpgme_data): Change type of data.mem.offset to @@ -2711,7 +2718,7 @@ 2004-02-17 Werner Koch - * gpgme.h: Add GPGME_KEYLIST_MODE_VALIDATE. + * gpgme.h: Add GPGME_KEYLIST_MODE_VALIDATE. * engine-gpgsm.c (gpgsm_keylist): Send this to gpgsm. 2004-02-15 Werner Koch @@ -3114,7 +3121,7 @@ * engine.c: Rename EngineObject to engine_t in the file. Also EngineStatusHandler to engine_status_handler_t, EngineCommandHandler to engine_command_handler_t and - EngineColonLineHandler to engine_colon_line_handler. + EngineColonLineHandler to engine_colon_line_handler. * rungpg.c (start): Likewise. * engine-gpgsm.c: Likewise. * engine-backend.h (struct engine_ops): Likewise @@ -3613,7 +3620,7 @@ (gpgme_op_sign): Likewise. * encrypt-sign.c (_gpgme_op_encrypt_sign_start): Call _gpgme_op_sign_init_result. - + * delete.c: Include and "gpgme.h", but not "util.h" or "key.h". (enum delete_problem): Move into function delete_status_handler. @@ -3699,7 +3706,7 @@ (_gpgme_data_inbound_handler): Expand _gpgme_data_append, because it will go. Do not assert DH. (_gpgme_data_outbound_handler): Do not assert DH. - + * export.c: Do not include , "debug.h" and "util.h", but "gpgme.h". (export_status_handler): Change type of first argument to void *. @@ -3716,7 +3723,7 @@ * key.c (gpgme_key_get_string_attr): Fix validity attribute. 2003-04-24 Marcus Brinkmann - + * gpgme.h (struct _gpgme_op_genkey_result): New structure. (GpgmeGenKeyResult): New type. (gpgme_op_genkey): Drop last argument. @@ -4060,7 +4067,7 @@ * version.c (gpgme_get_engine_info): Rewritten. * gpgme.h (gpgme_engine_info): New structure. (GpgmeEngineInfo): New type. - + 2003-01-29 Marcus Brinkmann * types.h: Remove byte and ulong types. @@ -4205,7 +4212,7 @@ * key.c (gpgme_key_sig_get_string_attr): Use validity_to_string instead otrust_to_string to calculate validity. - + 2003-01-19 Miguel Coca * w32-io.c (_gpgme_io_select): Add missing argument in calls to @@ -4250,8 +4257,8 @@ _gpgme_engine_start. * delete.c (_gpgme_op_delete_start): Likewise. * edit.c (_gpgme_op_edit_start): Likewise. - * encrypt.c (_gpgme_op_encrypt_start): - * encrypt-sign.c (_gpgme_op_encrypt_sign_start): + * encrypt.c (_gpgme_op_encrypt_start): + * encrypt-sign.c (_gpgme_op_encrypt_sign_start): * export.c (_gpgme_op_export_start): Likewise. * genkey.c (_gpgme_op_genkey_start): Likewise. * import.c (_gpgme_op_import_start): Likewise. @@ -4323,7 +4330,7 @@ (mem_release): Change return type to void. * data-user.c (user_read): Change return type to ssize_t. (user_release): Change return type to void. - * data-compat.c (old_user_read): Change return type to ssize_t. + * data-compat.c (old_user_read): Change return type to ssize_t. * gpgme.h (GpgmeDataReadCb): Likewise. (gpgme_data_read): Likewise. (GpgmeDataSeekCb): Change return type to off_t. @@ -4436,7 +4443,7 @@ _gpgme_data_append_string_for_xml rather than _gpgme_data_append_string for the field content. Submitted by Miguel Coca . - + 2002-10-10 Marcus Brinkmann * rungpg.h, engine-gpgsm.h: File removed. @@ -4798,7 +4805,7 @@ * import.c (_gpgme_op_import_start): Likewise. * sign.c (_gpgme_op_sign_start): Likewise. * verify.c (_gpgme_op_verify_start): Likewise. - + * encrypt.c (gpgme_op_encrypt): Remove hack that returns invalid no recipient if no data was returned. * encrypt-sign.c (gpgme_op_encrypt_sign): Remove hack that returns @@ -4833,7 +4840,7 @@ (build_argv): Use new member INBOUND to determine direction of file descriptor. Don't check the data type. * rungpg.h (_gpgme_gpg_add_data): Add new argument to prototype. - + * gpgme.c (gpgme_get_op_info): Don't call _gpgme_data_get_as_string if CTX->op_info is NULL. @@ -4968,7 +4975,7 @@ 2002-08-23 Werner Koch - * gpgme-config.in: Made --prefix work for --libs. + * gpgme-config.in: Made --prefix work for --libs. 2002-08-21 Marcus Brinkmann @@ -4994,7 +5001,7 @@ * gpgme.m4: Replaced with a new and faster version. This does not anymore try to build test programs. If we really need test - programs, we should add an option to gpgme-config to do so. + programs, we should add an option to gpgme-config to do so. * vasprintf.c (int_vasprintf): Hack to handle NULL passed for %s. @@ -5019,7 +5026,7 @@ * gpgme.h (GPGME_KEYLIST_MODE_SIGS): New. * rungpg.c (_gpgme_gpg_op_keylist): Include sigs in listing depending non the list mode. - + * key.c (gpgme_key_get_string_attr): Use GPGME_ATTR_TYPE to return information about the key type (PGP or X.509). (gpgme_key_get_ulong_attr): Likewise. @@ -5101,7 +5108,7 @@ * rungpg.c (struct gpg_object_s): Likewise for CMD.code. These changes add an edit operation to GPGME: - + * context.h (struct gpgme_context_s): New member RESULT.edit. * ops.h: Add prototype for _gpgme_release_edit_result and _gpgme_passphrase_command_handler. @@ -5232,7 +5239,7 @@ table (eg use synchronous mode). (gpgme_op_trustlist_next): Remove HANG argument from _gpgme_wait_on_condition. Check its return value. - + 2002-06-27 Marcus Brinkmann * gpgme.h: Fix documentation of key attribute retrieval functions. @@ -5308,7 +5315,7 @@ 2002-06-12 Werner Koch * keylist.c (struct keylist_result_s): New. - (_gpgme_release_keylist_result): Release it here + (_gpgme_release_keylist_result): Release it here (keylist_status_handler): Handle truncated. (append_xml_keylistinfo): New. * gpgme.c (_gpgme_release_result): and use it here. @@ -5661,7 +5668,7 @@ * verify.c (_gpgme_verify_status_handler): Handle TRUST_* status lines so that a claim can be made without looking up the key. - (gpgme_get_sig_string_attr): New. + (gpgme_get_sig_string_attr): New. (gpgme_get_sig_ulong_attr): New. * gpgme.h (GpgmeAttr): Added GPGME_ATTR_SIG_STATUS. @@ -5671,7 +5678,7 @@ * gpgme.h (GpgmeSigStat): Add _GOOD_EXP and _GOOD_EXPKEY. * verify.c (_gpgme_verify_status_handler, finish_sig): Handle - these new status codes. Store the expiration time + these new status codes. Store the expiration time 2002-04-27 Werner Koch @@ -5845,7 +5852,7 @@ * rungpg.c (_gpgme_append_gpg_args_from_signers): New function. (_gpgme_gpg_op_sign): Use that new function. (_gpgme_gpg_op_encrypt_sign): New function. - * rungpg.h (_gpgme_gpg_op_encrypt_sign): New prototype. + * rungpg.h (_gpgme_gpg_op_encrypt_sign): New prototype. * gpgme.h (gpgme_op_encrypt_sign_start): New prototype. (gpgme_op_encrypt_sign): Likewise. * Makefile.am (libgpgme_la_SOURCES): Add encrypt-sign.c. @@ -5857,7 +5864,7 @@ (_gpgme_encrypt_status_handler): ... this and make non-static. * encrypt.c (gpgme_op_encrypt_start): Use new status handler name. * sign.c (gpgme_op_sign_start): Likewise. - + 2002-02-25 Marcus Brinkmann * verify.c (_gpgme_verify_status_handler): Parse the args line to @@ -6460,7 +6467,7 @@ server process from wait queue. (_gpgme_gpgsm_op_verify, _gpgme_gpgsm_start, _gpgme_gpgsm_set_status_handler, gpgms_status_handler): New function. - + * engine.c (_gpgme_engine_start): Implement for GPGME_PROTOCOL_CMS. (_gpgme_engine_set_status_handler): Likewise. (_gpgme_engine_op_verify): Likewise. @@ -6544,7 +6551,7 @@ * engine.c: Likewise. * engine-gpgsm.h: Likewise. * engine-gpgsm.c: Likewise. - + * rungpg.c (_gpgme_gpg_get_version): New function. (_gpgme_gpg_check_version): Likewise. * rungpg.h: Add prototypes for _gpgme_gpg_get_version and @@ -6739,7 +6746,7 @@ * keylist.c (finish_key): Shortcut for no tmp_key. Changed all callers to use this function without a check for tmp_key. - + * keylist.c (gpgme_op_keylist_next): Reset the key_cond after emptying the queue. Bug reported by St?phane Corth?sy. @@ -6771,12 +6778,12 @@ * keylist.c (keylist_colon_handler): Do a finish key if we receive an EOF here. This is probably the reason for a lot of bugs related to keylisting. It is so obvious. Kudos to Enno Cramer - for pointing that out. + for pointing that out. 2001-08-28 Werner Koch * gpgme.c, gpgme.h (gpgme_get_op_info): New. - (_gpgme_set_op_info): New. + (_gpgme_set_op_info): New. (_gpgme_release_result): Reset the op_info here. * sign.c (append_xml_siginfo): New. (sign_status_handler): Store the sig create information. @@ -6826,12 +6833,12 @@ 2001-05-01 Jos? Carlos Garc?a Sogo * encrypt.c (gpgme_op_encrypt_start): Deleted the assert ( !c->gpg ) - line, because it gave an error if another operation had been made + line, because it gave an error if another operation had been made before using the same context. - - * decrypt.c (gpgme_op_decrypt_start): The same as above. Also added + + * decrypt.c (gpgme_op_decrypt_start): The same as above. Also added one line to release the gpg object in the context (if any). - + 2001-04-26 Werner Koch * key.c, key.h (_gpgme_key_cache_init): New. @@ -6854,14 +6861,14 @@ * w32-io.c (_gpgme_io_select): Don't select on the writer if there are still bytes pending. Timo found this not easy to track down - race condition. + race condition. 2001-04-02 Werner Koch * gpgme.h: Add GPGME_ATTR_KEY_{EXPIRED,DISABLED}. * key.c (gpgme_key_get_ulong_attr): And return those attribs. - * verify.c (gpgme_get_sig_key): Set keyliosting mode depending on + * verify.c (gpgme_get_sig_key): Set keyliosting mode depending on the mode set in the current context. Suggested by Timo. * key.c (gpgme_key_get_ulong_attr): Return can_certify and not @@ -6889,7 +6896,7 @@ 2001-03-14 Werner Koch - * w32-io.c (destroy_reader,destroy_writer): Fixed syntax error. + * w32-io.c (destroy_reader,destroy_writer): Fixed syntax error. Thanks to Jan Oliver Wagner. 2001-03-13 Werner Koch @@ -6897,7 +6904,7 @@ * context.h: Add invalid and revoke flags to user_id structure. * keylist.c (gpgme_op_keylist_start): Use --fixed-list-mode. (keylist_colon_handler): Adjust for that. - (set_userid_flags): New. + (set_userid_flags): New. (set_mainkey_trust_info): Handle new key invalid flag (set_subkey_trust_info): Ditto. * gpgme.h: Add new attributes for key and user ID flags. @@ -6919,11 +6926,11 @@ 2001-02-20 Werner Koch - * w32-io.c (destroy_reader,kill_reader): New. + * w32-io.c (destroy_reader,kill_reader): New. (create_reader, reader): Add a new event to stop the thread. (_gpgme_io_close): Kill the reader thread. - * posix-io.c (_gpgme_io_select): Handle frozen fds here. + * posix-io.c (_gpgme_io_select): Handle frozen fds here. * 32-io.c (_gpgme_io_select): Ditto. Removed a bunch of unused code. * wait.c: Reworked the whole thing. @@ -6947,7 +6954,7 @@ * posix-io.c (_gpgme_io_set_close_notify): New. (_gpgme_io_close): Do the notification. - * rungpg.c (close_notify_handler): New. + * rungpg.c (close_notify_handler): New. (_gpgme_gpg_new): Register a callback for the fd. (_gpgme_gpg_set_colon_line_handler): Ditto. (build_argv): Ditto @@ -6965,19 +6972,19 @@ * keylist.c (gpgme_op_keylist_start): Cancel a pending request. - * posix-io.c (_gpgme_io_read): Add some debug output. + * posix-io.c (_gpgme_io_read): Add some debug output. (_gpgme_io_write): Ditto. (_gpgme_io_select): Increased the timeout. 2001-02-12 Werner Koch Enhanced the signature verification, so that it can how handle - more than one signature and is able to return more information on + more than one signature and is able to return more information on the signatures. * verify.c (gpgme_get_sig_key): New. (gpgme_get_sig_status): New. - * gpgme.h: Add stdio.h. + * gpgme.h: Add stdio.h. (GpgmeSigStat): New status DIFF. 2001-02-01 Werner Koch @@ -6992,8 +6999,8 @@ * wait.c (_gpgme_wait_on_condition): Removed all exit code processing. (propagate_term_results,clear_active_fds): Removed. - (count_active_fds): Renamed to .. - (count_active_and_thawed_fds): .. this and count only thawed fds. + (count_active_fds): Renamed to .. + (count_active_and_thawed_fds): .. this and count only thawed fds. * rungpg.c (gpg_colon_line_handler): Return colon.eof and not status.eof ;-) @@ -7014,7 +7021,7 @@ test his fix :-) * w32-io.c: Does now use reader threads, so that we can use - WaitForMultipleObjects. + WaitForMultipleObjects. * sema.h, posix-sema.c, w32-sema.c: Support for Critcial sections. Does currently only work for W32. diff --git a/src/Makefile.am b/src/Makefile.am index 0065c07..18c8b3b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,18 +1,18 @@ # Copyright (C) 2000 Werner Koch (dd9jn) # Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007 g10 Code GmbH -# +# # This file is part of GPGME. -# +# # GPGME is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of the # License, or (at your option) any later version. -# +# # GPGME is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General # Public License for more details. -# +# # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, see . @@ -99,7 +99,7 @@ endif if HAVE_UISERVER uiserver_components = engine-uiserver.c else -uiserver_components = +uiserver_components = endif # These are the source files common to all library versions. We used @@ -120,6 +120,7 @@ main_sources = \ import.c export.c genkey.c delete.c edit.c getauditlog.c \ opassuan.c passwd.c \ engine.h engine-backend.h engine.c engine-gpg.c status-table.h \ + extra-stati.h \ $(gpgsm_components) $(assuan_components) $(gpgconf_components) \ $(uiserver_components) \ $(g13_components) vfs-mount.c vfs-create.c \ @@ -128,7 +129,7 @@ main_sources = \ debug.c debug.h gpgme.c version.c error.c libgpgme_la_SOURCES = $(main_sources) \ - ath.h ath.c $(system_components_not_extra) + ath.h ath.c $(system_components_not_extra) libgpgme_pthread_la_SOURCES = $(main_sources) \ ath.h ath-pthread.c $(system_components_not_extra) libgpgme_pth_la_SOURCES = $(main_sources) \ @@ -241,8 +242,9 @@ endif noinst_PROGRAMS = gpgme-tool gpgme_tool_LDADD = libgpgme.la -status-table.h : gpgme.h - $(srcdir)/mkstatus < $(builddir)/gpgme.h > status-table.h +status-table.h : gpgme.h extra-stati.h + cat $(builddir)/gpgme.h $(srcdir)extra-stati.h \ + | $(srcdir)/mkstatus > status-table.h install-data-local: install-def-file diff --git a/src/decrypt.c b/src/decrypt.c index 87ae460..c017b90 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -3,17 +3,17 @@ Copyright (C) 2001, 2002, 2003, 2004 g10 Code GmbH This file is part of GPGME. - + GPGME is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. - + GPGME is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA @@ -31,6 +31,8 @@ #include "util.h" #include "context.h" #include "ops.h" +#include "extra-stati.h" + typedef struct @@ -39,7 +41,7 @@ typedef struct int okay; int failed; - + /* A pointer to the next pointer of the last recipient in the list. This makes appending new invalid signers painless while preserving the order. */ @@ -200,6 +202,10 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, return gpg_error (GPG_ERR_NO_DATA); break; + case GPGME_STATUS_DECRYPTION_INFO: + /* Fixme: Provide a way to return the used symmetric algorithm. */ + break; + case GPGME_STATUS_DECRYPTION_OKAY: opd->okay = 1; break; @@ -286,7 +292,7 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, err = _gpgme_parse_plaintext (args, &opd->result.file_name); if (err) return err; - + default: break; } diff --git a/src/extra-stati.h b/src/extra-stati.h new file mode 100644 index 0000000..59cccf9 --- /dev/null +++ b/src/extra-stati.h @@ -0,0 +1,29 @@ +/* extra-stati.lst - Extra GnuPG status codes. + Copyright 2011 g10 Code GmbH + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. */ + +/* A list of internal status code to be processed by mkstatus. Those + * status codes are not part of the API but internally required by + * gpgme. We use a second enum type here but make sure that the + * values don't clash with those of gpgme_status_code_t. + */ + +enum + { + /* This value is the first used one. It needs to be larger than + the last value of gpgme_status_code_t. There is no need to + explictly list the values because they are internal only. */ + _GPGME_STATUS_FIRST_EXTRA = 192, + + GPGME_STATUS_DECRYPTION_INFO, + + _GPGME_STATUS_LAST_EXTRA + }; diff --git a/src/mkstatus b/src/mkstatus index e64ab19..3fbfbf9 100755 --- a/src/mkstatus +++ b/src/mkstatus @@ -10,12 +10,12 @@ # under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of the # License, or (at your option) any later version. -# +# # GPGME is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General # Public License for more details. -# +# # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA @@ -34,16 +34,18 @@ struct status_table_s { gpgme_status_code_t code; }; -static struct status_table_s status_table[] = +static struct status_table_s status_table[] = { EOF awk ' -/GPGME_STATUS_ENTER/ { okay = 1 } -!okay { next } -/}/ { exit 0 } +okay == 0 && /GPGME_STATUS_ENTER/ { okay = 1 } +okay == 2 && /_GPGME_STATUS_FIRST_EXTRA/ { okay = 1; next } +okay != 1 { next } +/}/ { okay = 2 } +/_GPGME_STATUS_LAST_EXTRA/ { exit 0 } /GPGME_STATUS_[A-Za-z_]*/ { sub (/,/, "", $1); printf " { \"%s\", %s },\n", substr($1,14), $1 } -' | sort +' | sort cat < This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5667e332909740fab85d095eb8f96ed2188ece6a (commit) from 71e7a1644e37b7e3758f6de0607fdb636ca6f4b1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5667e332909740fab85d095eb8f96ed2188ece6a Author: Werner Koch Date: Thu Feb 3 20:59:01 2011 +0100 Add a DECRYPTION_INFO status. DECRYPTION_INFO Print information about the symmetric encryption algorithm and the MDC method. This will be emitted even if the decryption fails. diff --git a/common/ChangeLog b/common/ChangeLog index 0e3282f..647f7d5 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,5 +1,7 @@ 2011-02-03 Werner Koch + * status.h (STATUS_DECRYPTION_INFO): New. + * argparse.c (strusage): Update copyright year. 2011-01-31 Werner Koch diff --git a/common/status.h b/common/status.h index 0533c4a..434ff97 100644 --- a/common/status.h +++ b/common/status.h @@ -20,7 +20,7 @@ #ifndef GNUPG_COMMON_STATUS_H #define GNUPG_COMMON_STATUS_H -enum +enum { STATUS_ENTER, STATUS_LEAVE, @@ -39,7 +39,7 @@ enum STATUS_TRUST_MARGINAL, STATUS_TRUST_FULLY, STATUS_TRUST_ULTIMATE, - + STATUS_NEED_PASSPHRASE, STATUS_VALIDSIG, STATUS_SIG_ID, @@ -49,6 +49,7 @@ enum STATUS_NO_PUBKEY, STATUS_NO_SECKEY, STATUS_NEED_PASSPHRASE_SYM, + STATUS_DECRYPTION_INFO, STATUS_DECRYPTION_FAILED, STATUS_DECRYPTION_OKAY, STATUS_MISSING_PASSPHRASE, @@ -58,20 +59,20 @@ enum STATUS_ERRMDC, STATUS_IMPORTED, STATUS_IMPORT_OK, - STATUS_IMPORT_PROBLEM, + STATUS_IMPORT_PROBLEM, STATUS_IMPORT_RES, STATUS_IMPORT_CHECK, STATUS_FILE_START, STATUS_FILE_DONE, STATUS_FILE_ERROR, - + STATUS_BEGIN_DECRYPTION, STATUS_END_DECRYPTION, STATUS_BEGIN_ENCRYPTION, STATUS_END_ENCRYPTION, STATUS_BEGIN_SIGNING, - + STATUS_DELETE_PROBLEM, STATUS_GET_BOOL, diff --git a/doc/DETAILS b/doc/DETAILS index 2e1d92b..185d1af 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -57,7 +57,7 @@ record; gpg2 does this by default and the option is a dummy. f = The key is fully valid u = The key is ultimately valid. This often means that the secret key is available, but any key may - be marked as ultimately valid. + be marked as ultimately valid. If the validity information is given for a UID or UAT record, it describes the validity calculated based on this @@ -97,7 +97,7 @@ record; gpg2 does this by default and the option is a dummy. This is a single letter, but be prepared that additional information may follow in some future versions. For trust signatures with a regular expression, this is the regular - expression value, quoted as in field 10. + expression value, quoted as in field 10. 10. Field: User-ID. The value is quoted like a C string to avoid control characters (the colon is quoted "\x3a"). @@ -134,7 +134,7 @@ record; gpg2 does this by default and the option is a dummy. this is the same string as the fingerprint. The advantage of using this value is that it is guaranteed to have been been build by the same lookup algorithm as gpgsm uses. - For "uid" records this lists the preferences in the same + For "uid" records this lists the preferences in the same way the gpg's --edit-key menu does. For "sig" records, this is the fingerprint of the key that issued the signature. Note that this is only filled in if @@ -190,7 +190,7 @@ Example for a "tru" trust base record: (gpg's option --marginals-needed) 7: Number of completely trusted users to introduce a new key signer. (gpg's option --completes-needed) - 8: Maximum depth of a certification chain. + 8: Maximum depth of a certification chain. *gpg's option --max-cert-depth) The "spk" signature subpacket records have the fields: @@ -236,7 +236,7 @@ more arguments in future versions. keyid if it is available. This is the case with CMS and might eventually also be available for OpenPGP. - EXPKEYSIG + EXPKEYSIG The signature with the keyid is good, but the signature was made by an expired key. The username is the primary one encoded in UTF-8 and %XX escaped. The fingerprint may be used @@ -334,7 +334,7 @@ more arguments in future versions. TRUST_UNDEFINED TRUST_NEVER TRUST_MARGINAL [0 []] - TRUST_FULLY [0 []] + TRUST_FULLY [0 []] TRUST_ULTIMATE [0 []] For good signatures one of these status lines are emitted to indicate the validity of the key used to create the signature. @@ -355,7 +355,7 @@ more arguments in future versions. PKA_TRUST_BAD Depending on the outcome of the PKA check one of the above status codes is emitted in addition to a TRUST_* status. - Without PKA info available or + Without PKA info available or SIGEXPIRED This is deprecated in favor of KEYEXPIRED. @@ -423,17 +423,6 @@ more arguments in future versions. The supplied passphrase was good and the secret key material is therefore usable. - DECRYPTION_FAILED - The symmetric decryption failed - one reason could be a wrong - passphrase for a symmetrical encrypted message. - - DECRYPTION_OKAY - The decryption process succeeded. This means, that either the - correct secret key has been used or the correct passphrase - for a conventional encrypted message was given. The program - itself may return an errorcode because it may not be possible to - verify a signature for some reasons. - NO_PUBKEY NO_SECKEY The key is not available @@ -452,7 +441,7 @@ more arguments in future versions. 1 := Entirely new key. 2 := New user IDs 4 := New signatures - 8 := New subkeys + 8 := New subkeys 16 := Contains private key. The flags may be ORed. @@ -474,7 +463,7 @@ more arguments in future versions. operation: 1 - verify 2 - encrypt - 3 - decrypt + 3 - decrypt FILE_DONE Marks the end of a file processing which has been started @@ -485,6 +474,22 @@ more arguments in future versions. Mark the start and end of the actual decryption process. These are also emitted when in --list-only mode. + DECRYPTION_INFO + Print information about the symmetric encryption algorithm and + the MDC method. This will be emitted even if the decryption + fails. + + DECRYPTION_FAILED + The symmetric decryption failed - one reason could be a wrong + passphrase for a symmetrical encrypted message. + + DECRYPTION_OKAY + The decryption process succeeded. This means, that either the + correct secret key has been used or the correct passphrase + for a conventional encrypted message was given. The program + itself may return an errorcode because it may not be possible to + verify a signature for some reasons. + BEGIN_ENCRYPTION END_ENCRYPTION Mark the start and end of the actual encryption process. @@ -505,7 +510,7 @@ more arguments in future versions. "char" is the character displayed with no --status-fd enabled, with the linefeed replaced by an 'X'. "cur" is the current amount done and "total" is amount to be done; a "total" of 0 indicates that - the total amount is not known. The condition + the total amount is not known. The condition TOATL && CUR == TOTAL may be used to detect the end of an operation. Well known values for WHAT: @@ -524,7 +529,7 @@ more arguments in future versions. "learncard" Send by the agent and gpgsm while learing the data of a smartcard. "card_busy" A smartcard is still working - + SIG_CREATED A signature has been created using these parameters. type: 'D' = detached @@ -536,7 +541,7 @@ more arguments in future versions. Note, that TIMESTAMP may either be a number with seconds since epoch or an ISO 8601 string which can be detected by the presence of the letter 'T' inside. - + KEY_CREATED [] A key has been created type: 'B' = primary and subkey @@ -557,13 +562,13 @@ more arguments in future versions. is used. The format is suitable to be passed to the option --override-session-key - NOTATION_NAME + NOTATION_NAME NOTATION_DATA name and string are %XX escaped; the data may be split among several NOTATION_DATA lines. USERID_HINT - Give a hint about the user ID for a certain keyID. + Give a hint about the user ID for a certain keyID. POLICY_URL string is %XX escaped @@ -587,7 +592,7 @@ more arguments in future versions. 8 := "Policy mismatch" 9 := "Not a secret key" 10 := "Key not trusted" - 11 := "Missing certificate" + 11 := "Missing certificate" 12 := "Missing issuer certificate" Note that for historical reasons the INV_RECP status is also @@ -621,9 +626,9 @@ more arguments in future versions. SUCCESS [] Postive confirimation that an operation succeeded. - is optional but if given should not contain spaces. + is optional but if given should not contain spaces. Used only with a few commands. - + ATTRIBUTE @@ -650,7 +655,7 @@ more arguments in future versions. 3 = Card with serialnumber detected 4 = No card available. 5 = No card reader available - 6 = No card support available + 6 = No card support available PLAINTEXT This indicates the format of the plaintext that is about to be @@ -827,7 +832,7 @@ The format of this file is as follows: relinquishes the GUI from implementing its own passphrase entry code. This is a global option. %no-ask-passphrase - Disable the ask-passphrase mode. + Disable the ask-passphrase mode. %no-protection With GnuPG 2.1 it is not anymore possible to specify a passphrase for unattended key generation. The passphrase @@ -898,7 +903,7 @@ The format of this file is as follows: information and which is also part of the fingerprint calculation. Either a date like "1986-04-26" or a full timestamp like "19860426T042640" may be used. The time is - considered to be UTC. If it is not given the current time + considered to be UTC. If it is not given the current time is used. Preferences: Set the cipher, hash, and compression preference values for @@ -1207,7 +1212,7 @@ Other Notes OIDs below the GnuPG arc: ========================= - 1.3.6.1.4.1.11591.2 GnuPG + 1.3.6.1.4.1.11591.2 GnuPG 1.3.6.1.4.1.11591.2.1 notation 1.3.6.1.4.1.11591.2.1.1 pkaAddress 1.3.6.1.4.1.11591.2.12242973 invalid encoded OID @@ -1290,4 +1295,3 @@ A better way to do this would be a request like: This can be implemented using Hurd's translator mechanism. However, I think the whole key server stuff has to be re-thought; I have some ideas and probably create a white paper. - diff --git a/g10/ChangeLog b/g10/ChangeLog index 3f8874f..43a8d56 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,8 @@ 2011-02-03 Werner Koch + * decrypt-data.c: Include status.h. + (decrypt_data): Emit a DECRYPTION_INFO status line. + * misc.c (has_invalid_email_chars): Relax mailbox name checking. Fixes bug#1315. diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 3779f6a..e95dc10 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -30,6 +30,7 @@ #include "cipher.h" #include "options.h" #include "i18n.h" +#include "status.h" static int mdc_decode_filter ( void *opaque, int control, IOBUF a, @@ -82,7 +83,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) byte temp[32]; unsigned blocksize; unsigned nprefix; - + dfx = xtrycalloc (1, sizeof *dfx); if (!dfx) return gpg_error_from_syserror (); @@ -91,12 +92,20 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) if ( opt.verbose && !dek->algo_info_printed ) { if (!openpgp_cipher_test_algo (dek->algo)) - log_info (_("%s encrypted data\n"), + log_info (_("%s encrypted data\n"), openpgp_cipher_algo_name (dek->algo)); else log_info (_("encrypted with unknown algorithm %d\n"), dek->algo ); dek->algo_info_printed = 1; } + + { + char buf[20]; + + snprintf (buf, sizeof buf, "%d %d", ed->mdc_method, dek->algo); + write_status_text (STATUS_DECRYPTION_INFO, buf); + } + rc = openpgp_cipher_test_algo (dek->algo); if (rc) goto leave; @@ -107,7 +116,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) if ( ed->len && ed->len < (nprefix+2) ) BUG(); - if ( ed->mdc_method ) + if ( ed->mdc_method ) { if (gcry_md_open (&dfx->mdc_hash, ed->mdc_method, 0 )) BUG (); @@ -142,7 +151,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) goto leave; } - if (!ed->buf) + if (!ed->buf) { log_error(_("problem handling encrypted packet\n")); goto leave; @@ -152,7 +161,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) if ( ed->len ) { - for (i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) + for (i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) { if ( (c=iobuf_get(ed->buf)) == -1 ) break; @@ -160,7 +169,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) temp[i] = c; } } - else + else { for (i=0; i < (nprefix+2); i++ ) if ( (c=iobuf_get(ed->buf)) == -1 ) @@ -168,7 +177,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) else temp[i] = c; } - + gcry_cipher_decrypt (dfx->cipher_hd, temp, nprefix+2, NULL, 0); gcry_cipher_sync (dfx->cipher_hd); p = temp; @@ -179,7 +188,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) rc = gpg_error (GPG_ERR_BAD_KEY); goto leave; } - + if ( dfx->mdc_hash ) gcry_md_write (dfx->mdc_hash, temp, nprefix+2); @@ -196,7 +205,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) if (dfx->eof_seen > 1 ) rc = gpg_error (GPG_ERR_INV_PACKET); else if ( ed->mdc_method ) - { + { /* We used to let parse-packet.c handle the MDC packet but this turned out to be a problem with compressed packets: With old style packets there is no length information available and @@ -230,8 +239,8 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) /* log_printhex("MDC message:", dfx->defer, 22); */ /* log_printhex("MDC calc:", gcry_md_read (dfx->mdc_hash,0), datalen); */ } - - + + leave: release_dfx_context (dfx); return rc; @@ -255,7 +264,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a, looking for the EOF on fixed data works only if the encrypted packet is not followed by other data. This used to be a long standing bug which was fixed on 2009-10-02. */ - + if ( control == IOBUFCTRL_UNDERFLOW && dfx->eof_seen ) { *ret_len = 0; @@ -265,7 +274,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a, { assert (a); assert (size > 44); /* Our code requires at least this size. */ - + /* Get at least 22 bytes and put it ahead in the buffer. */ if (dfx->partial) { @@ -286,7 +295,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a, buf[n] = c; } } - if (n == 44) + if (n == 44) { /* We have enough stuff - flush the deferred stuff. */ if ( !dfx->defer_filled ) /* First time. */ @@ -301,7 +310,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a, /* Fill up the buffer. */ if (dfx->partial) { - for (; n < size; n++ ) + for (; n < size; n++ ) { if ( (c = iobuf_get(a)) == -1 ) { @@ -313,7 +322,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a, } else { - for (; n < size && dfx->length; n++, dfx->length--) + for (; n < size && dfx->length; n++, dfx->length--) { c = iobuf_get(a); if (c == -1) @@ -326,7 +335,7 @@ mdc_decode_filter (void *opaque, int control, IOBUF a, if (!dfx->length) dfx->eof_seen = 1; /* Normal EOF. */ } - + /* Move the trailing 22 bytes back to the defer buffer. We have at least 44 bytes thus a memmove is not needed. */ n -= 22; @@ -362,11 +371,11 @@ mdc_decode_filter (void *opaque, int control, IOBUF a, } *ret_len = n; } - else if ( control == IOBUFCTRL_FREE ) + else if ( control == IOBUFCTRL_FREE ) { release_dfx_context (dfx); } - else if ( control == IOBUFCTRL_DESC ) + else if ( control == IOBUFCTRL_DESC ) { *(char**)buf = "mdc_decode_filter"; } @@ -388,13 +397,13 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) *ret_len = 0; rc = -1; } - else if ( control == IOBUFCTRL_UNDERFLOW ) + else if ( control == IOBUFCTRL_UNDERFLOW ) { assert(a); - + if (fc->partial) { - for (n=0; n < size; n++ ) + for (n=0; n < size; n++ ) { c = iobuf_get(a); if (c == -1) @@ -407,7 +416,7 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) } else { - for (n=0; n < size && fc->length; n++, fc->length--) + for (n=0; n < size && fc->length; n++, fc->length--) { c = iobuf_get(a); if (c == -1) @@ -433,7 +442,7 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) } *ret_len = n; } - else if ( control == IOBUFCTRL_FREE ) + else if ( control == IOBUFCTRL_FREE ) { release_dfx_context (fc); } @@ -443,4 +452,3 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) } return rc; } - ----------------------------------------------------------------------- Summary of changes: common/ChangeLog | 2 + common/status.h | 11 ++++--- doc/DETAILS | 70 +++++++++++++++++++++++++++------------------------ g10/ChangeLog | 3 ++ g10/decrypt-data.c | 58 ++++++++++++++++++++++++------------------ 5 files changed, 81 insertions(+), 63 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 3 22:26:54 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 03 Feb 2011 22:26:54 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.0beta1-83-g9f38f39 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9f38f3918af532e1e5a1f139b89b2a1f68dec265 (commit) from 5667e332909740fab85d095eb8f96ed2188ece6a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9f38f3918af532e1e5a1f139b89b2a1f68dec265 Author: Werner Koch Date: Thu Feb 3 22:04:31 2011 +0100 Fix test for gcry_pk_get_curve. Add a compatibility fixes for the non-curve case. Remove -lber from the dirmngr link line. diff --git a/ChangeLog b/ChangeLog index d791086..c294066 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-02-03 Werner Koch + + * configure.ac (HAVE_GCRY_PK_GET_CURVE): Use AC_TRY_LINK. + 2011-02-01 Werner Koch * configure.ac (HAVE_GCRY_PK_GET_CURVE): Define if availabale. @@ -1339,5 +1343,3 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/configure.ac b/configure.ac index 566f86d..f79ff53 100644 --- a/configure.ac +++ b/configure.ac @@ -1,19 +1,19 @@ # configure.ac - for GnuPG 2.1 # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, # 2008, 2009, 2010, 2011 Free Software Foundation, Inc. -# +# # This file is part of GnuPG. -# +# # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -31,7 +31,7 @@ m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) -AC_INIT([gnupg], +AC_INIT([gnupg], [my_version[]m4_if(my_issvn,[yes], [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])], [http://bugs.gnupg.org]) @@ -67,7 +67,7 @@ AC_GNU_SOURCE # Some status variables. have_gpg_error=no -have_libgcrypt=no +have_libgcrypt=no have_libassuan=no have_ksba=no have_pth=no @@ -168,13 +168,13 @@ show_gnupg_dirmngr_ldap_pgm="(default)" test -n "$GNUPG_DIRMNGR_LDAP_PGM" \ && show_gnupg_dirmngr_ldap_pgm="$GNUPG_DIRMNGR_LDAP_PGM" -# +# # On some platforms gpg2 is usually installed as gpg without using a # symlink. For correct operation of gpgconf it needs to know the # installed name of gpg. This option sets "gpg2"'s installed name to # just "gpg". Note that it might be required to rename gpg2 to gpg # manually after the build process. -# +# AC_ARG_ENABLE(gpg2-is-gpg, AC_HELP_STRING([--enable-gpg2-is-gpg],[Set installed name of gpg2 to gpg]), gpg2_is_gpg=$enableval) @@ -358,7 +358,7 @@ AC_ARG_ENABLE(ccid-driver, use_ccid_driver=$enableval) AC_MSG_RESULT($use_ccid_driver) -# +# # Dirmngr is nowadays a system service and thus it usually does no # make sense to start it as needed. However on some systems this is # possible; this option enable the feature. @@ -431,10 +431,10 @@ AH_BOTTOM([ # define GNUPG_DEFAULT_HOMEDIR "/gnupg" # endif #elif defined(__VMS) -#define GNUPG_DEFAULT_HOMEDIR "/SYS$LOGIN/gnupg" +#define GNUPG_DEFAULT_HOMEDIR "/SYS$LOGIN/gnupg" #else #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" -#endif +#endif #define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d" /* For some systems (DOS currently), we hardcode the path here. For @@ -593,7 +593,7 @@ case "${host}" in have_dosish_system=yes have_w32_system=yes use_ldapwrapper=no # Fixme: Do this only for CE. - case "${host}" in + case "${host}" in *-mingw32ce*) have_w32ce_system=yes ;; @@ -657,7 +657,7 @@ esac if test "$have_dosish_system" = yes; then AC_DEFINE(HAVE_DOSISH_SYSTEM,1, - [Defined if we run on some of the PCDOS like systems + [Defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2) with special properties like no file modes, case insensitive file names and preferred use of backslashes as directory name separators.]) @@ -760,12 +760,15 @@ fi AC_CACHE_CHECK([whether Libgcrypt has gcry_pk_get_curve], gnupg_cv_gcry_pk_get_curve, [ _gnupg_gcry_save_cflags=$CFLAGS + _gnupg_gcry_save_libs=$LIBS CFLAGS="$CFLAGS $LIBGCRYPT_CFLAGS" - AC_TRY_COMPILE( + LIBS="$LIBS $LIBGCRYPT_LIBS" + AC_TRY_LINK( [#include ], [ return gcry_pk_get_curve (NULL, 0, NULL); ], gnupg_cv_gcry_pk_get_curve=yes, gnupg_cv_gcry_pk_get_curve=no) + LIBS=$_gnupg_gcry_save_libs CFLAGS=$_gnupg_gcry_save_cflags]) if test "$gnupg_cv_gcry_pk_get_curve" = yes; then AC_DEFINE([HAVE_GCRY_PK_GET_CURVE], 1, @@ -866,7 +869,7 @@ else *** To support concurrent access to the gpg-agent and the SCdaemon *** we need the support of the GNU Portable Threads Library. *** Download it from ftp://ftp.gnu.org/gnu/pth/ -*** On a Debian GNU/Linux system you might want to try +*** On a Debian GNU/Linux system you might want to try *** apt-get install libpth-dev ***]]) fi @@ -906,7 +909,7 @@ if test "$with_adns" != "no"; then [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]) fi if test "$have_adns" = "yes"; then - ADNSLIBS="-ladns" + ADNSLIBS="-ladns" fi AC_SUBST(ADNSLIBS) # Newer adns versions feature a free function to be used under W32. @@ -961,7 +964,7 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \ #include ], [[unsigned char answer[PACKETSZ]; res_query("foo.bar",C_IN,T_A,answer,PACKETSZ); - dn_skipname(0,0); + dn_skipname(0,0); dn_expand(0,0,0,0,0); ]])],have_resolver=yes,have_resolver=no) AC_MSG_RESULT($have_resolver) @@ -1311,7 +1314,7 @@ if test "$use_regex" = yes ; then CPPFLAGS="${CPPFLAGS} -I$withval/include" LDFLAGS="${LDFLAGS} -L$withval/lib" fi - ],withval="") + ],withval="") # Does the system have regex functions at all? AC_SEARCH_LIBS([regcomp], [regex]) @@ -1363,20 +1366,20 @@ if test "$use_zip" = yes ; then LDFLAGS="${LDFLAGS} -L$withval/lib" fi ]) - + AC_CHECK_HEADER(zlib.h, AC_CHECK_LIB(z, deflateInit2_, ZLIBS="-lz", CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}), CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}) - + AC_DEFINE(HAVE_ZIP,1, [Defined if ZIP and ZLIB are supported]) fi # # Check whether we can support bzip2 -# +# if test "$use_bzip2" = yes ; then _cppflags="${CPPFLAGS}" _ldflags="${LDFLAGS}" @@ -1390,7 +1393,7 @@ if test "$use_bzip2" = yes ; then ],withval="") # Checking alongside stdio.h as an early version of bzip2 (1.0) - # required stdio.h to be included before bzlib.h, and Solaris 9 is + # required stdio.h to be included before bzlib.h, and Solaris 9 is # woefully out of date. if test "$withval" != no ; then AC_CHECK_HEADER(bzlib.h, @@ -1415,7 +1418,7 @@ GNUPG_CHECK_READLINE # # Allow users to append something to the version string without # flagging it as development version. The user version parts is -# considered everything after a dash. +# considered everything after a dash. # if test "$development_version" != yes; then changequote(,)dnl @@ -1588,7 +1591,7 @@ AM_CONDITIONAL(BUILD_GPGTAR, test "$build_gpgtar" = "yes") AM_CONDITIONAL(RUN_GPG_TESTS, test x$cross_compiling = xno -a "$build_gpg" = yes ) -# +# # Set some defines for use gpgconf. # if test "$build_gpg" = yes ; then @@ -1620,7 +1623,7 @@ die=no if test "$have_gpg_error" = "no"; then die=yes AC_MSG_NOTICE([[ -*** +*** *** You need libgpg-error to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgpg-error @@ -1630,7 +1633,7 @@ fi if test "$have_libgcrypt" = "no"; then die=yes AC_MSG_NOTICE([[ -*** +*** *** You need libgcrypt to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ @@ -1661,14 +1664,14 @@ if test "$gnupg_have_ldap" = "no"; then AC_MSG_NOTICE([[ *** *** You need a LDAP library to build this program. -*** Check out -*** http://www.openldap.org +*** Check out +*** http://www.openldap.org *** for a suitable implementation. ***]]) if test "$have_w32ce_system" = yes; then AC_MSG_NOTICE([[ *** Note that CeGCC might be broken, a package fixing this is: -*** http://files.kolab.org/local/windows-ce/ +*** http://files.kolab.org/local/windows-ce/ *** source/wldap32_0.1-mingw32ce.orig.tar.gz *** binary/wldap32-ce-arm-dev_0.1-1_all.deb ***]]) @@ -1681,7 +1684,7 @@ if test "$missing_pth" = "yes"; then *** GNU Portable Threads Library (Pth). Please install this *** library first. The library is for example available at *** ftp://ftp.gnu.org/gnu/pth/ -*** On a Debian GNU/Linux system you can install it using +*** On a Debian GNU/Linux system you can install it using *** apt-get install libpth-dev *** To build GnuPG for Windows you need to use the W32PTH *** package; available at: @@ -1700,7 +1703,7 @@ fi -AC_CONFIG_FILES([ m4/Makefile +AC_CONFIG_FILES([ m4/Makefile Makefile po/Makefile.in gl/Makefile @@ -1730,7 +1733,7 @@ AC_OUTPUT echo " GnuPG v${VERSION} has been configured as follows: - + Platform: $PRINTABLE_OS_NAME ($host) OpenPGP: $build_gpg diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index 02defce..3a01b97 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,3 +1,7 @@ +2011-02-03 Werner Koch + + * Makefile.am (dirmngr_LDADD): Remove -llber. + 2011-01-25 Werner Koch * dirmngr.c (handle_connections): Rewrite loop to use pth-select diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 79acae9..8c41c53 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -62,7 +62,7 @@ endif dirmngr_LDADD = $(libcommonpth) ../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(PTH_LIBS) $(LIBINTL) $(LIBICONV) if !USE_LDAPWRAPPER -dirmngr_LDADD += $(LDAPLIBS) -llber #FIXME: Test for liblber first. +dirmngr_LDADD += $(LDAPLIBS) endif dirmngr_LDFLAGS = $(extra_bin_ldflags) diff --git a/g10/ChangeLog b/g10/ChangeLog index 43a8d56..3a1d68f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,8 @@ 2011-02-03 Werner Koch + * export.c (transfer_format_to_openpgp) [!HAVE_GCRY_PK_GET_CURVE]: + Fix syntax error. + * decrypt-data.c: Include status.h. (decrypt_data): Emit a DECRYPTION_INFO status line. diff --git a/g10/export.c b/g10/export.c index 91a6c87..47185e3 100644 --- a/g10/export.c +++ b/g10/export.c @@ -656,7 +656,7 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) for (idx=0; idx < npkey; idx++) if (0 #ifndef HAVE_GCRY_PK_GET_CURVE - gcry_mpi_get_flag (pk->pkey[idx], GCRYMPI_FLAG_OPAQUE) + || gcry_mpi_get_flag (pk->pkey[idx], GCRYMPI_FLAG_OPAQUE) || gcry_mpi_get_flag (skey[idx], GCRYMPI_FLAG_OPAQUE) #endif || gcry_mpi_cmp (pk->pkey[idx], skey[idx])) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 6 +++- configure.ac | 67 ++++++++++++++++++++++++++------------------------ dirmngr/ChangeLog | 4 +++ dirmngr/Makefile.am | 2 +- g10/ChangeLog | 3 ++ g10/export.c | 2 +- 6 files changed, 48 insertions(+), 36 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 4 21:06:55 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 04 Feb 2011 21:06:55 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-33-g61b7c37 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 61b7c3743f5c7fb2bdc3c3bc82deaf1e2db648ea (commit) from cb2f55e9edae268d101e3e81f73a3498cfa68cf0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 61b7c3743f5c7fb2bdc3c3bc82deaf1e2db648ea Author: Werner Koch Date: Fri Feb 4 20:45:41 2011 +0100 Add autogen.sh magic to install git hooks. diff --git a/ChangeLog b/ChangeLog index 0c906ac..95c16c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2011-02-04 Werner Koch + + * autogen.sh: Ensure that the git pre-commit hoom has been + enabled. Add a cleanpo filter if not yet set. + 2011-01-13 Werner Koch Release 2.0.17. @@ -433,7 +438,7 @@ 2006-09-18 Werner Koch Released 1.9.23. - + * configure.ac (--enable-agent-only): Donot build tools and doc (--disable-tools,--disable-doc): New. * Makefile.am (SUBDIRS): Allow to conditional build tools and doc. @@ -442,7 +447,7 @@ Replaced all call gpg_error_from_errno(errno) by gpg_error_from_syserror(). - + * configure.ac: Build gpg by default. (GNUPG_SYS_SO_PEERCRED): Removed. @@ -457,7 +462,7 @@ 2006-09-06 Werner Koch * configure.ac: Define _ASSUAN_ONLY_GPG_ERRORS. Require Assuan - 0.9 and libgpg-error 1.4 + 0.9 and libgpg-error 1.4 2006-08-31 Werner Koch @@ -499,7 +504,7 @@ 2006-07-03 Werner Koch - * configure.ac: Test for ksba_dn_teststr. + * configure.ac: Test for ksba_dn_teststr. 2006-06-30 Werner Koch @@ -507,7 +512,7 @@ * Makefile.am (SUBDIRS): Include keyserver/. * configure.ac: Include keyserver/. (FAKE_CURL, GPGKEYS_CURL): New. - + 2006-06-20 Werner Koch Released 1.9.21. @@ -561,7 +566,7 @@ 2005-08-01 Werner Koch Released 1.9.18. - + * configure.ac: Require libksba 0.9.12 to match new features in gpgsm. 2005-06-20 Werner Koch @@ -598,7 +603,7 @@ 2005-04-21 Werner Koch Released 1.9.16. - + * configure.ac: Do not build gpg by default. 2005-04-20 Werner Koch @@ -613,7 +618,7 @@ 2005-04-15 Marcus Brinkmann * configure.ac: Check for /usr/bin/shred and define SHRED. - + * configure.ac: Add --enable-symcryptrun, disabled by default. Define automake variable BUILD_SYMCRYPTRUN. Check for openpty -lutil, define LIBUTIL_LIBS. @@ -656,8 +661,8 @@ 2004-12-20 Werner Koch * configure.ac: Add PATHSEP_C and PATHSEP_S. For W32 let all - directories default to c:/gnupg. Require libassuan 0.6.9. - + directories default to c:/gnupg. Require libassuan 0.6.9. + 2004-12-18 Werner Koch * configure.ac (AH_BOTTOM): Define EXEEXT_S. @@ -687,7 +692,7 @@ * configure.ac: Replace strsep. Replaced use of "target" by "host". - + 2004-10-22 Werner Koch Released 1.9.12. @@ -710,7 +715,7 @@ * configure.ac: Build Makefile for tests/pkits. New option --with-pkits-tests. - + 2004-08-05 Werner Koch * configure.ac: Changed tests for libusb to also suuport the @@ -775,7 +780,7 @@ 2004-03-06 Werner Koch Released 1.9.6. - + * configure.ac: Check the Libgcrypt API. 2004-02-25 Werner Koch @@ -863,7 +868,7 @@ 2003-11-17 Werner Koch Release 1.9.2. - + * configure.ac: Requires now libassuan 0.6.1. 2003-10-31 Werner Koch @@ -879,12 +884,12 @@ 2003-10-01 Werner Koch - * configure.ac (AH_BOTTOM): Define GNUPG_MAJOR_VERSION. + * configure.ac (AH_BOTTOM): Define GNUPG_MAJOR_VERSION. 2003-09-23 Werner Koch Merged most of David Shaw's changes in 1.3 since 2003-06-03. - + * configure.ac: Drop all TIGER/192 support. (uint64_t): Check for UINT64_C to go along with uint64_t. (getaddrinfo): Check for it. @@ -898,7 +903,7 @@ 2003-09-06 Werner Koch Released 1.9.1. - + * configure.ac: Require newer versions of some libraries. 2003-09-02 Werner Koch @@ -919,9 +924,9 @@ 2003-08-05 Werner Koch Released 1.9.0. - + * configure.ac (GNUPG_DEFAULT_HONMEDIR): Changed back to ~/.gnupg. - + 2003-07-31 Werner Koch * Makefile.am (DISTCLEANFILES): Add g10defs.h @@ -944,7 +949,7 @@ * configure.ac: Build a limited version of scdaemon if libopensc is not available. - + * configure.ac (ALL_LINUGAS): Removed. * Makefile.am (ACLOCAL_AMFLAGS): New. @@ -966,10 +971,10 @@ 2003-01-09 Werner Koch - * configure.ac (GNUPG_PROTECT_TOOL): New option --with-protect-tool. + * configure.ac (GNUPG_PROTECT_TOOL): New option --with-protect-tool. (NEED_KSBA_VERSION): Does now require 0.4.6. - * README: Noted where to find gpg-protect-tool. + * README: Noted where to find gpg-protect-tool. 2002-10-31 Neal H. Walfield @@ -1025,7 +1030,7 @@ 2002-08-10 Werner Koch Released 0.3.10. - + * configure.ac (NEED_LIBKSBA_VERSION): Require 0.4.4. Add support for gettext. @@ -1036,7 +1041,7 @@ 2002-07-01 Werner Koch Released 0.3.9. - + * README: Short note on how to export in pkcs-12 format. 2002-06-29 Werner Koch @@ -1053,7 +1058,7 @@ 2002-06-25 Werner Koch Released 0.3.8. - + * configure.ac (NEED_LIBGCRYPT_VERSION): Set to 1.1.8. 2002-06-12 Werner Koch @@ -1071,7 +1076,7 @@ 2002-05-14 Werner Koch * doc/: New - * configure.ac, Makefile.am: Added doc/ + * configure.ac, Makefile.am: Added doc/ 2002-05-03 Werner Koch @@ -1088,9 +1093,9 @@ 2002-04-15 Werner Koch Released 0.3.5. - + * NEWS: Started to describe release notes. - + * configure.ac (NEED_LIBKSBA_VERSION, NEED_LIBGCRYPT_VERSION): Defined 2002-04-01 Werner Koch @@ -1186,5 +1191,3 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/autogen.sh b/autogen.sh index be28459..69cf5ec 100755 --- a/autogen.sh +++ b/autogen.sh @@ -199,6 +199,29 @@ EOF fi +# Check the git setup. +if [ -d .git ]; then + if [ -f .git/hooks/pre-commit.sample -a ! -f .git/hooks/pre-commit ] ; then + cat <&2 +*** Activating trailing whitespace git pre-commit hook. *** + For more information see this thread: + http://mail.gnome.org/archives/desktop-devel-list/2009-May/msg00084html + To deactivate this pre-commit hook again move .git/hooks/pre-commit + and .git/hooks/pre-commit.sample out of the way. +EOF + cp -av .git/hooks/pre-commit.sample .git/hooks/pre-commit + chmod -c +x .git/hooks/pre-commit + fi + tmp=$(git config --get filter.cleanpo.clean) + if [ "$tmp" != "awk '/^\"POT-Creation-Date:/&&!s{s=1;next};!/^#: /{print}'" ] + then + echo "*** Adding GIT filter.cleanpo.clean configuration." >&2 + git config --add filter.cleanpo.clean \ + "awk '/^\"POT-Creation-Date:/&&!s{s=1;next};!/^#: /{print}'" + fi +fi + + echo "Running aclocal -I m4 -I gl/m4 ${ACLOCAL_FLAGS:+$ACLOCAL_FLAGS }..." $ACLOCAL -I m4 -I gl/m4 $ACLOCAL_FLAGS echo "Running autoheader..." ----------------------------------------------------------------------- Summary of changes: ChangeLog | 63 +++++++++++++++++++++++++++++++---------------------------- autogen.sh | 23 +++++++++++++++++++++ 2 files changed, 56 insertions(+), 30 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 7 15:01:03 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 07 Feb 2011 15:01:03 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-1-g8a7336e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8a7336e0bff53133e9be07c2e04e7e74758c2af2 (commit) from b008274afdbe375b32a7e66dbd073e200f6f0587 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8a7336e0bff53133e9be07c2e04e7e74758c2af2 Author: Werner Koch Date: Mon Feb 7 14:38:39 2011 +0100 Fix ECDSA 521 bit signing. This fix also allows the creation and use of an 521 bit ECDH key which used to fail while creating the binding signature. diff --git a/agent/ChangeLog b/agent/ChangeLog index c022852..0390275 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,7 @@ +2011-02-07 Werner Koch + + * pksign.c (do_encode_dsa): Enforce multipe of 8 bits only for DSA. + 2011-02-03 Werner Koch * protect.c (protect_info): Support ECC algos. diff --git a/agent/pksign.c b/agent/pksign.c index 988e3d3..dc44b88 100644 --- a/agent/pksign.c +++ b/agent/pksign.c @@ -132,8 +132,10 @@ do_encode_dsa (const byte *md, size_t mdlen, int dsaalgo, gcry_sexp_t pkey, else return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO); - if ((qbits%8)) + if (pkalgo == GCRY_PK_DSA && (qbits%8)) { + /* FIXME: We check the QBITS but print a message about the hash + length. */ log_error (_("DSA requires the hash length to be a" " multiple of 8 bits\n")); return gpg_error (GPG_ERR_INV_LENGTH); diff --git a/g10/ChangeLog b/g10/ChangeLog index 98ea735..8d850a6 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2011-02-07 Werner Koch + + * seskey.c (encode_md_value): Truncate to MDLEN and not to QBYTES + which makes a difference with 521 bit ECC keys. For clarity + rename QBYTES to QBITS and adjust accordingly. + 2011-02-04 Werner Koch * sig-check.c (do_check_messages): Remove the long deprecated diff --git a/g10/seskey.c b/g10/seskey.c index 1f3e8ab..f3796f0 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -257,6 +257,7 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) { gcry_mpi_t frame; int pkalgo; + size_t mdlen; assert (hash_algo); assert (pk); @@ -267,16 +268,16 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) { /* It's a DSA signature, so find out the size of q. */ - size_t qbytes = gcry_mpi_get_nbits (pk->pkey[1]); + size_t qbits = gcry_mpi_get_nbits (pk->pkey[1]); /* pkey[1] is Q for ECDSA, which is an uncompressed point, i.e. 04 */ if (pkalgo == GCRY_PK_ECDSA) - qbytes = ecdsa_qbits_from_Q (qbytes); + qbits = ecdsa_qbits_from_Q (qbits); /* Make sure it is a multiple of 8 bits. */ - if (qbytes%8) + if ((qbits%8)) { log_error(_("DSA requires the hash length to be a" " multiple of 8 bits\n")); @@ -289,15 +290,13 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) or something like that, which would look correct but allow trivial forgeries. Yes, I know this rules out using MD5 with DSA. ;) */ - if (qbytes < 160) + if (qbits < 160) { log_error (_("%s key %s uses an unsafe (%zu bit) hash\n"), - gcry_pk_algo_name (pkalgo), keystr_from_pk (pk), qbytes); + gcry_pk_algo_name (pkalgo), keystr_from_pk (pk), qbits); return NULL; } - qbytes /= 8; - /* Check if we're too short. Too long is safe as we'll automatically left-truncate. @@ -308,24 +307,24 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) adjust it later for general case. (Note that the check will never pass for ECDSA 521 anyway as the only hash that intended to match it is SHA 512, but 512 < 521). */ - if (gcry_md_get_algo_dlen (hash_algo) - < ((pkalgo == GCRY_PK_ECDSA && qbytes > (521)/8) ? 512/8 : qbytes)) + mdlen = gcry_md_get_algo_dlen (hash_algo); + if (mdlen < ((pkalgo == GCRY_PK_ECDSA && qbits > 521) ? 512: qbits)/8) { log_error (_("%s key %s requires a %zu bit or larger hash " "(hash is %s\n"), gcry_pk_algo_name (pkalgo), - keystr_from_pk(pk), qbytes*8, + keystr_from_pk(pk), qbits, gcry_md_algo_name (hash_algo)); return NULL; } - /* By passing QBYTES as length to mpi_scan, we do the truncation - of the hash. + /* By passing MDLEN as length to mpi_scan, we do the truncation + of the hash. - Note that in case of ECDSA 521 the hash is always smaller - than the key size. */ + Note that in case of ECDSA 521 the hash is always smaller + than the key size. */ if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG, - gcry_md_read (md, hash_algo), qbytes, &qbytes)) + gcry_md_read (md, hash_algo), mdlen, NULL)) BUG(); } else ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 4 ++++ agent/pksign.c | 4 +++- g10/ChangeLog | 6 ++++++ g10/seskey.c | 29 ++++++++++++++--------------- 4 files changed, 27 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 8 21:37:25 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 08 Feb 2011 21:37:25 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-2-g2c79a28 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2c79a2832cd3cbc1c09f4f7a7b2653ba6cbd2845 (commit) from 8a7336e0bff53133e9be07c2e04e7e74758c2af2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2c79a2832cd3cbc1c09f4f7a7b2653ba6cbd2845 Author: Werner Koch Date: Tue Feb 8 21:11:19 2011 +0100 Add finger support to dirmngr. The basic network code from http.c is used for finger. This keeps the network related code at one place and we are able to use the somewhat matured code form http.c. Unfortunately I had to enhance the http code for more robustness and probably introduced new bugs. Test this code using gpg --fetch-key finger:wk at g10code.com (I might be the last user of finger ;-) diff --git a/common/ChangeLog b/common/ChangeLog index 647f7d5..4d07a49 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,25 @@ +2011-02-08 Werner Koch + + * http.c (connect_server): Add arg R_HOST_NOT_FOUND. + +2011-02-07 Werner Koch + + * http.c (my_socket_new, my_socket_ref, my_socket_unref): New. + (cookie_close, cookie_read, cookie_write, http_close, _http_open) + (send_request): Replace use of an socket integer by the new socket + object. + (_http_raw_connect): New. + (fp_onclose_notification): New. + (_http_raw_connect, _http_wait_response, http_close): Register and + unregister this notification. + * http.h (http_raw_connect): New. + + * http.h (parsed_uri_s): Add field IS_OPAQUE. + (http_req_t): Add HTTP_REQ_OPAQUE. + * http.c (do_parse_uri): Parse unknown schemes into PATH. + (my_socket_new, my_socket_ref, my_socket_unref): New. + (send_request): Simplify save_errno stuff. + 2011-02-03 Werner Koch * status.h (STATUS_DECRYPTION_INFO): New. diff --git a/common/estream.c b/common/estream.c index bc82051..a73d1f2 100644 --- a/common/estream.c +++ b/common/estream.c @@ -3041,9 +3041,14 @@ es_fclose (estream_t stream) already registered notification; for this to work the value of FNC and FNC_VALUE must be the same as with the registration and FNC_VALUE must be a unique value. No error will be returned if - MODE is 0. Unregistered should only be used in the error case - because it may not remove memory internall allocated for the - onclose handler. + MODE is 0. + + FIXME: I think the next comment is not anymore correct: + Unregister should only be used in the error case because it may not + be able to remove memory internally allocated for the onclose + handler. + + FIXME: Unregister is not thread safe. The notification will be called right before the stream is closed. It may not call any estream function for STREAM, neither direct nor diff --git a/common/http.c b/common/http.c index f8628e6..7df8457 100644 --- a/common/http.c +++ b/common/http.c @@ -161,13 +161,25 @@ static char *build_rel_path (parsed_uri_t uri); static gpg_error_t parse_response (http_t hd); static int connect_server (const char *server, unsigned short port, - unsigned int flags, const char *srvtag); + unsigned int flags, const char *srvtag, + int *r_host_not_found); static gpg_error_t write_server (int sock, const char *data, size_t length); static ssize_t cookie_read (void *cookie, void *buffer, size_t size); static ssize_t cookie_write (void *cookie, const void *buffer, size_t size); static int cookie_close (void *cookie); + +/* A socket object used to a allow ref counting of sockets. */ +struct my_socket_s +{ + int fd; /* The actual socket - shall never be -1. */ + int refcount; /* Number of references to this socket. */ +}; +typedef struct my_socket_s *my_socket_t; + + +/* Cookie function structure and cookie object. */ static es_cookie_io_functions_t cookie_functions = { cookie_read, @@ -178,8 +190,8 @@ static es_cookie_io_functions_t cookie_functions = struct cookie_s { - /* File descriptor or -1 if already closed. */ - int fd; + /* Socket object or NULL if already closed. */ + my_socket_t sock; /* TLS session context or NULL if not used. */ gnutls_session_t tls_session; @@ -213,7 +225,7 @@ typedef struct header_s *header_t; struct http_context_s { unsigned int status_code; - int sock; + my_socket_t sock; unsigned int in_data:1; unsigned int is_http_0_9:1; estream_t fp_read; @@ -279,6 +291,77 @@ init_sockets (void) #endif /*HAVE_W32_SYSTEM && !HTTP_NO_WSASTARTUP*/ +/* Create a new socket object. Returns NULL and closes FD if not + enough memory is available. */ +static my_socket_t +my_socket_new (int fd) +{ + my_socket_t so; + + so = xtrymalloc (sizeof *so); + if (!so) + { + int save_errno = errno; + sock_close (fd); + gpg_err_set_errno (save_errno); + return NULL; + } + so->fd = fd; + so->refcount = 1; + /* log_debug ("my_socket_new(%d): object %p for fd %d created\n", */ + /* lnr, so, so->fd); */ + return so; +} +/* #define my_socket_new(a) _my_socket_new ((a),__LINE__) */ + +/* Bump up the reference counter for the socket object SO. */ +static my_socket_t +my_socket_ref (my_socket_t so) +{ + so->refcount++; + /* log_debug ("my_socket_ref(%d): object %p for fd %d refcount now %d\n", */ + /* lnr, so, so->fd, so->refcount); */ + return so; +} +/* #define my_socket_ref(a) _my_socket_ref ((a),__LINE__) */ + +/* Bump down the reference counter for the socket object SO. If SO + has no more references, close the socket and release the + object. */ +static void +my_socket_unref (my_socket_t so) +{ + if (so) + { + so->refcount--; + /* log_debug ("my_socket_unref(%d): object %p for fd %d ref now %d\n", */ + /* lnr, so, so->fd, so->refcount); */ + if (!so->refcount) + { + sock_close (so->fd); + xfree (so); + } + } +} +/* #define my_socket_unref(a) _my_socket_unref ((a),__LINE__) */ + + +/* This notification function is called by estream whenever stream is + closed. Its purpose is to mark the the closing in the handle so + that a http_close won't accidentally close the estream. The function + http_close removes this notification so that it won't be called if + http_close was used before an es_fclose. */ +static void +fp_onclose_notification (estream_t stream, void *opaque) +{ + http_t hd = opaque; + + if (hd->fp_read && hd->fp_read == stream) + hd->fp_read = NULL; + else if (hd->fp_write && hd->fp_write == stream) + hd->fp_write = NULL; +} + /* * Helper function to create an HTTP header with hex encoded data. A @@ -343,7 +426,7 @@ http_register_tls_callback ( gpg_error_t (*cb) (http_t, void *, int) ) /* Start a HTTP retrieval and return on success in R_HD a context pointer for completing the the request and to wait for the - response. */ + response. */ gpg_error_t _http_open (http_t *r_hd, http_req_t reqtype, const char *url, const char *auth, unsigned int flags, const char *proxy, @@ -362,7 +445,6 @@ _http_open (http_t *r_hd, http_req_t reqtype, const char *url, hd = xtrycalloc (1, sizeof *hd); if (!hd) return gpg_error_from_syserror (); - hd->sock = -1; hd->req_type = reqtype; hd->flags = flags; hd->tls_context = tls_context; @@ -373,8 +455,7 @@ _http_open (http_t *r_hd, http_req_t reqtype, const char *url, if (err) { - if (!hd->fp_read && !hd->fp_write && hd->sock != -1) - sock_close (hd->sock); + my_socket_unref (hd->sock); if (hd->fp_read) es_fclose (hd->fp_read); if (hd->fp_write) @@ -387,6 +468,105 @@ _http_open (http_t *r_hd, http_req_t reqtype, const char *url, } +/* This function is useful to connect to a generic TCP service using + this http abstraction layer. This has the advantage of providing + service tags and an estream interface. */ +gpg_error_t +_http_raw_connect (http_t *r_hd, const char *server, unsigned short port, + unsigned int flags, const char *srvtag, + gpg_err_source_t errsource) +{ + gpg_error_t err = 0; + int sock; + http_t hd; + cookie_t cookie; + int hnf; + + *r_hd = NULL; + + /* Create the handle. */ + hd = xtrycalloc (1, sizeof *hd); + if (!hd) + return gpg_error_from_syserror (); + hd->req_type = HTTP_REQ_OPAQUE; + hd->flags = flags; + + /* Connect. */ + sock = connect_server (server, port, hd->flags, srvtag, &hnf); + if (sock == -1) + { + err = gpg_err_make (errsource, (hnf? GPG_ERR_UNKNOWN_HOST + :gpg_err_code_from_syserror ())); + xfree (hd); + return err; + } + hd->sock = my_socket_new (sock); + if (!hd->sock) + { + err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + xfree (hd); + return err; + } + + /* Setup estreams for reading and writing. */ + cookie = xtrycalloc (1, sizeof *cookie); + if (!cookie) + { + err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + goto leave; + } + cookie->sock = my_socket_ref (hd->sock); + hd->fp_write = es_fopencookie (cookie, "w", cookie_functions); + if (!hd->fp_write) + { + err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + my_socket_unref (cookie->sock); + xfree (cookie); + goto leave; + } + hd->write_cookie = cookie; /* Cookie now owned by FP_WRITE. */ + + cookie = xtrycalloc (1, sizeof *cookie); + if (!cookie) + { + err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + goto leave; + } + cookie->sock = my_socket_ref (hd->sock); + hd->fp_read = es_fopencookie (cookie, "r", cookie_functions); + if (!hd->fp_read) + { + err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + my_socket_unref (cookie->sock); + xfree (cookie); + goto leave; + } + hd->read_cookie = cookie; /* Cookie now owned by FP_READ. */ + + /* Register close notification to interlock the use of es_fclose in + http_close and in user code. */ + err = es_onclose (hd->fp_write, 1, fp_onclose_notification, hd); + if (!err) + err = es_onclose (hd->fp_read, 1, fp_onclose_notification, hd); + + leave: + if (err) + { + if (hd->fp_read) + es_fclose (hd->fp_read); + if (hd->fp_write) + es_fclose (hd->fp_write); + my_socket_unref (hd->sock); + xfree (hd); + } + else + *r_hd = hd; + return err; +} + + + + void http_start_data (http_t hd) { @@ -410,12 +590,12 @@ _http_wait_response (http_t hd, gpg_err_source_t errsource) /* Make sure that we are in the data. */ http_start_data (hd); - /* Close the write stream but keep the socket open. */ + /* Close the write stream. Note that the reference counted socket + object keeps the actual system socket open. */ cookie = hd->write_cookie; if (!cookie) return gpg_err_make (errsource, GPG_ERR_INTERNAL); - cookie->keep_socket = 1; es_fclose (hd->fp_write); hd->fp_write = NULL; /* The close has released the cookie and thus we better set it to NULL. */ @@ -425,14 +605,14 @@ _http_wait_response (http_t hd, gpg_err_source_t errsource) is not required but some very old servers (e.g. the original pksd key server didn't worked without it. */ if ((hd->flags & HTTP_FLAG_SHUTDOWN)) - shutdown (hd->sock, 1); + shutdown (hd->sock->fd, 1); hd->in_data = 0; /* Create a new cookie and a stream for reading. */ cookie = xtrycalloc (1, sizeof *cookie); if (!cookie) return gpg_err_make (errsource, gpg_err_code_from_syserror ()); - cookie->fd = hd->sock; + cookie->sock = my_socket_ref (hd->sock); if (hd->uri->use_tls) cookie->tls_session = hd->tls_context; @@ -440,12 +620,18 @@ _http_wait_response (http_t hd, gpg_err_source_t errsource) hd->fp_read = es_fopencookie (cookie, "r", cookie_functions); if (!hd->fp_read) { + err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + my_socket_unref (cookie->sock); xfree (cookie); hd->read_cookie = NULL; - return gpg_err_make (errsource, gpg_err_code_from_syserror ()); + return err; } err = parse_response (hd); + + if (!err) + err = es_onclose (hd->fp_read, 1, fp_onclose_notification, hd); + return err; } @@ -480,8 +666,15 @@ http_close (http_t hd, int keep_read_stream) { if (!hd) return; - if (!hd->fp_read && !hd->fp_write && hd->sock != -1) - sock_close (hd->sock); + + /* First remove the close notifications for the streams. */ + if (hd->fp_read) + es_onclose (hd->fp_read, 0, fp_onclose_notification, hd); + if (hd->fp_write) + es_onclose (hd->fp_write, 0, fp_onclose_notification, hd); + + /* Now we can close the streams. */ + my_socket_unref (hd->sock); if (hd->fp_read && !keep_read_stream) es_fclose (hd->fp_read); if (hd->fp_write) @@ -577,6 +770,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, int no_scheme_check) uri->params = uri->query = NULL; uri->use_tls = 0; uri->is_http = 0; + uri->opaque = 0; /* A quick validity check. */ if (strspn (p, VALID_URI_CHARS) != n) @@ -614,14 +808,9 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, int no_scheme_check) p = p2; - /* Find the hostname */ - if (*p != '/') - return GPG_ERR_INV_URI; /* Does not start with a slash. */ - - p++; - if (*p == '/') /* There seems to be a hostname. */ + if (*p == '/' && p[1] == '/' ) /* There seems to be a hostname. */ { - p++; + p += 2; if ((p2 = strchr (p, '/'))) *p2++ = 0; @@ -659,6 +848,15 @@ do_parse_uri (parsed_uri_t uri, int only_local_part, int no_scheme_check) return GPG_ERR_BAD_URI; /* Hostname incudes a Nul. */ p = p2 ? p2 : NULL; } + else if (uri->is_http) + return GPG_ERR_INV_URI; /* No Leading double slash for HTTP. */ + else + { + uri->opaque = 1; + uri->path = p; + return 0; + } + } /* End global URI part. */ /* Parse the pathname part */ @@ -888,7 +1086,8 @@ send_request (http_t hd, const char *auth, const char *http_proxy = NULL; char *proxy_authstr = NULL; char *authstr = NULL; - int save_errno; + int sock; + int hnf; tls_session = hd->tls_context; if (hd->uri->use_tls && !tls_session) @@ -906,6 +1105,7 @@ send_request (http_t hd, const char *auth, && *http_proxy )) { parsed_uri_t uri; + int save_errno; if (proxy) http_proxy = proxy; @@ -932,32 +1132,42 @@ send_request (http_t hd, const char *auth, } } - hd->sock = connect_server (*uri->host ? uri->host : "localhost", - uri->port ? uri->port : 80, - hd->flags, srvtag); + sock = connect_server (*uri->host ? uri->host : "localhost", + uri->port ? uri->port : 80, + hd->flags, srvtag, &hnf); save_errno = errno; http_release_parsed_uri (uri); + if (sock == -1) + gpg_err_set_errno (save_errno); } else { - hd->sock = connect_server (server, port, hd->flags, srvtag); - save_errno = errno; + sock = connect_server (server, port, hd->flags, srvtag, &hnf); } - if (hd->sock == -1) + if (sock == -1) { xfree (proxy_authstr); - return gpg_err_make (errsource, (save_errno - ? gpg_err_code_from_errno (save_errno) - : GPG_ERR_NOT_FOUND)); + return gpg_err_make (errsource, (hnf? GPG_ERR_UNKNOWN_HOST + : gpg_err_code_from_syserror ())); } + hd->sock = my_socket_new (sock); + if (!hd->sock) + { + xfree (proxy_authstr); + return gpg_err_make (errsource, gpg_err_code_from_syserror ()); + } + + #ifdef HTTP_USE_GNUTLS if (hd->uri->use_tls) { int rc; - gnutls_transport_set_ptr (tls_session, (gnutls_transport_ptr_t)hd->sock); + my_socket_ref (hd->sock); + gnutls_transport_set_ptr (tls_session, + (gnutls_transport_ptr_t)(hd->sock->fd)); do { rc = gnutls_handshake (tls_session); @@ -1069,7 +1279,7 @@ send_request (http_t hd, const char *auth, err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); goto leave; } - cookie->fd = hd->sock; + cookie->sock = my_socket_ref (hd->sock); hd->write_cookie = cookie; if (hd->uri->use_tls) cookie->tls_session = tls_session; @@ -1078,6 +1288,7 @@ send_request (http_t hd, const char *auth, if (!hd->fp_write) { err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + my_socket_unref (cookie->sock); xfree (cookie); hd->write_cookie = NULL; } @@ -1469,7 +1680,7 @@ start_server () error. ERRNO is set on error. */ static int connect_server (const char *server, unsigned short port, - unsigned int flags, const char *srvtag) + unsigned int flags, const char *srvtag, int *r_host_not_found) { int sock = -1; int srvcount = 0; @@ -1483,6 +1694,7 @@ connect_server (const char *server, unsigned short port, /* Not currently using the flags */ (void)flags; + *r_host_not_found = 0; #ifdef HAVE_W32_SYSTEM #ifndef HTTP_NO_WSASTARTUP @@ -1655,6 +1867,8 @@ connect_server (const char *server, unsigned short port, server, hostfound? strerror (last_errno):"host not found"); #endif + if (!hostfound) + *r_host_not_found = 1; if (sock != -1) sock_close (sock); gpg_err_set_errno (last_errno); @@ -1758,12 +1972,12 @@ cookie_read (void *cookie, void *buffer, size_t size) do { #ifdef HAVE_PTH - nread = pth_read (c->fd, buffer, size); + nread = pth_read (c->sock->fd, buffer, size); #elif defined(HAVE_W32_SYSTEM) /* Under Windows we need to use recv for a socket. */ - nread = recv (c->fd, buffer, size, 0); + nread = recv (c->sock->fd, buffer, size, 0); #else - nread = read (c->fd, buffer, size); + nread = read (c->sock->fd, buffer, size); #endif } while (nread == -1 && errno == EINTR); @@ -1819,7 +2033,7 @@ cookie_write (void *cookie, const void *buffer, size_t size) else #endif /*HTTP_USE_GNUTLS*/ { - if ( write_server (c->fd, buffer, size) ) + if ( write_server (c->sock->fd, buffer, size) ) { gpg_err_set_errno (EIO); nwritten = -1; @@ -1844,28 +2058,29 @@ cookie_close (void *cookie) if (c->tls_session && !c->keep_socket) { gnutls_bye (c->tls_session, GNUTLS_SHUT_RDWR); + my_socket_unref (c->sock); } #endif /*HTTP_USE_GNUTLS*/ - if (c->fd != -1 && !c->keep_socket) - sock_close (c->fd); + if (c->sock && !c->keep_socket) + my_socket_unref (c->sock); xfree (c); return 0; } - /**** Test code ****/ #ifdef TEST +#ifdef HTTP_USE_GNUTLS static gpg_error_t verify_callback (http_t hd, void *tls_context, int reserved) { log_info ("verification of certificates skipped\n"); return 0; } - +#endif /*HTTP_USE_GNUTLS*/ /* static void */ @@ -1938,7 +2153,7 @@ main (int argc, char **argv) http_register_tls_callback (verify_callback); #endif /*HTTP_USE_GNUTLS*/ - rc = http_parse_uri (&uri, *argv, 0); + rc = http_parse_uri (&uri, *argv, 1); if (rc) { log_error ("`%s': %s\n", *argv, gpg_strerror (rc)); @@ -1946,35 +2161,41 @@ main (int argc, char **argv) } printf ("Scheme: %s\n", uri->scheme); - printf ("Host : %s\n", uri->host); - printf ("Port : %u\n", uri->port); - printf ("Path : %s\n", uri->path); - for (r = uri->params; r; r = r->next) - { - printf ("Params: %s", r->name); - if (!r->no_value) - { - printf ("=%s", r->value); - if (strlen (r->value) != r->valuelen) - printf (" [real length=%d]", (int) r->valuelen); - } - putchar ('\n'); - } - for (r = uri->query; r; r = r->next) + if (uri->opaque) + printf ("Value : %s\n", uri->path); + else { - printf ("Query : %s", r->name); - if (!r->no_value) - { - printf ("=%s", r->value); - if (strlen (r->value) != r->valuelen) - printf (" [real length=%d]", (int) r->valuelen); - } - putchar ('\n'); + printf ("Auth : %s\n", uri->auth? uri->auth:"[none]"); + printf ("Host : %s\n", uri->host); + printf ("Port : %u\n", uri->port); + printf ("Path : %s\n", uri->path); + for (r = uri->params; r; r = r->next) + { + printf ("Params: %s", r->name); + if (!r->no_value) + { + printf ("=%s", r->value); + if (strlen (r->value) != r->valuelen) + printf (" [real length=%d]", (int) r->valuelen); + } + putchar ('\n'); + } + for (r = uri->query; r; r = r->next) + { + printf ("Query : %s", r->name); + if (!r->no_value) + { + printf ("=%s", r->value); + if (strlen (r->value) != r->valuelen) + printf (" [real length=%d]", (int) r->valuelen); + } + putchar ('\n'); + } } http_release_parsed_uri (uri); uri = NULL; - rc = http_open_document (&hd, *argv, NULL, 0, NULL, tls_session); + rc = http_open_document (&hd, *argv, NULL, 0, NULL, tls_session, NULL, NULL); if (rc) { log_error ("can't get `%s': %s\n", *argv, gpg_strerror (rc)); @@ -2010,6 +2231,6 @@ main (int argc, char **argv) /* Local Variables: -compile-command: "gcc -I.. -I../gl -DTEST -DHAVE_CONFIG_H -Wall -O2 -g -o http-test http.c -L. -lcommon -L../jnlib -ljnlib -lgcrypt -lpth -lgnutls" +compile-command: "gcc -I.. -I../gl -DTEST -DHAVE_CONFIG_H -Wall -O2 -g -o http-test http.c -L. -lcommon -lgcrypt -lpth -lgnutls" End: */ diff --git a/common/http.h b/common/http.h index 50c478c..7a11b84 100644 --- a/common/http.h +++ b/common/http.h @@ -40,7 +40,8 @@ struct parsed_uri_s char *scheme; /* Pointer to the scheme string (always lowercase). */ unsigned int is_http:1; /* This is a HTTP style URI. */ unsigned int use_tls:1; /* Whether TLS should be used. */ - char *auth; /* username/password for basic auth */ + unsigned int opaque:1;/* Unknown scheme; PATH has the rest. */ + char *auth; /* username/password for basic auth. */ char *host; /* Host (converted to lowercase). */ unsigned short port; /* Port (always set if the host is set). */ char *path; /* Path. */ @@ -54,7 +55,8 @@ typedef enum { HTTP_REQ_GET = 1, HTTP_REQ_HEAD = 2, - HTTP_REQ_POST = 3 + HTTP_REQ_POST = 3, + HTTP_REQ_OPAQUE = 4 /* Internal use. */ } http_req_t; @@ -79,6 +81,13 @@ gpg_error_t _http_parse_uri (parsed_uri_t *ret_uri, const char *uri, void http_release_parsed_uri (parsed_uri_t uri); +gpg_error_t _http_raw_connect (http_t *r_hd, + const char *server, unsigned short port, + unsigned int flags, const char *srvtag, + gpg_err_source_t errsource); +#define http_raw_connect(a,b,c,d,e) \ + _http_raw_connect ((a),(b),(c),(d),(e), GPG_ERR_SOURCE_DEFAULT) + gpg_error_t _http_open (http_t *r_hd, http_req_t reqtype, const char *url, const char *auth, diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index 3a01b97..1e575e1 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,3 +1,9 @@ +2011-02-08 Werner Koch + + * server.c (cmd_ks_fetch): New. + * ks-action.c (ks_action_fetch): New. + * ks-engine-finger.c: New. + 2011-02-03 Werner Koch * Makefile.am (dirmngr_LDADD): Remove -llber. diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index d5aecc7..a030f38 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -50,7 +50,8 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ ldapserver.h ldapserver.c certcache.c certcache.h \ cdb.h cdblib.c ldap.c misc.c dirmngr-err.h w32-ldap-help.h \ ocsp.c ocsp.h validate.c validate.h ldap-wrapper.h $(ldap_url) \ - ks-action.c ks-action.h ks-engine.h ks-engine-hkp.c + ks-action.c ks-action.h ks-engine.h \ + ks-engine-hkp.c ks-engine-finger.c if USE_LDAPWRAPPER dirmngr_SOURCES += ldap-wrapper.c diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index 50f0d50..dff4997 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -132,7 +132,7 @@ ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp) else { err = copy_stream (infp, outfp); - /* Reading from the keyserver should nver fail, thus + /* Reading from the keyserver should never fail, thus return this error. */ es_fclose (infp); infp = NULL; @@ -149,6 +149,49 @@ ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp) } +/* Retrive keys from URL and write the result to the provided output + stream OUTFP. */ +gpg_error_t +ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp) +{ + gpg_error_t err = 0; + estream_t infp; + parsed_uri_t parsed_uri; /* The broken down URI. */ + + if (!url) + return gpg_error (GPG_ERR_INV_URI); + + err = http_parse_uri (&parsed_uri, url, 1); + if (err) + return err; + + if (parsed_uri->is_http) + { + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + } + else if (!parsed_uri->opaque) + { + err = gpg_error (GPG_ERR_INV_URI); + } + else if (!strcmp (parsed_uri->scheme, "finger")) + { + err = ks_finger_get (ctrl, parsed_uri, &infp); + if (!err) + { + err = copy_stream (infp, outfp); + /* Reading from the finger serrver should not fail, thus + return this error. */ + es_fclose (infp); + } + } + else + err = gpg_error (GPG_ERR_INV_URI); + + http_release_parsed_uri (parsed_uri); + return err; +} + + /* Send an OpenPGP key to all keyservers. The key in {DATA,DATALEN} is expected in OpenPGP binary transport format. */ diff --git a/dirmngr/ks-action.h b/dirmngr/ks-action.h index b3bd3fc..bba53bc 100644 --- a/dirmngr/ks-action.h +++ b/dirmngr/ks-action.h @@ -22,6 +22,7 @@ gpg_error_t ks_action_search (ctrl_t ctrl, strlist_t patterns, estream_t outfp); gpg_error_t ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp); +gpg_error_t ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp); gpg_error_t ks_action_put (ctrl_t ctrl, const void *data, size_t datalen); diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c new file mode 100644 index 0000000..c54e343 --- /dev/null +++ b/dirmngr/ks-engine-finger.c @@ -0,0 +1,101 @@ +/* ks-engine-finger.c - HKP keyserver engine + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include + +#include +#include +#include +#include + +#include "dirmngr.h" +#include "misc.h" +#include "userids.h" +#include "ks-engine.h" + + +/* Get the key from URI which is expected to specify a finger scheme. + On success R_FP has an open stream to read the data. */ +gpg_error_t +ks_finger_get (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp) +{ + gpg_error_t err; + estream_t fp; + char *server; + char *name; + http_t http; + + (void)ctrl; + *r_fp = NULL; + + if (strcmp (uri->scheme, "finger") || !uri->opaque || !uri->path) + return gpg_error (GPG_ERR_INV_ARG); + + name = xtrystrdup (uri->path); + if (!name) + return gpg_error_from_syserror (); + + server = strchr (name, '@'); + if (!server) + { + err = gpg_error (GPG_ERR_INV_URI); + xfree (name); + return err; + } + *server++ = 0; + + err = http_raw_connect (&http, server, 79, 0, NULL); + if (err) + { + xfree (name); + return err; + } + + fp = http_get_write_ptr (http); + if (!fp) + { + err = gpg_error (GPG_ERR_INTERNAL); + http_close (http, 0); + xfree (name); + return err; + } + + if (es_fputs (name, fp) || es_fputs ("\r\n", fp) || es_fflush (fp)) + { + err = gpg_error_from_syserror (); + http_close (http, 0); + xfree (name); + return err; + } + xfree (name); + es_fclose (fp); + + fp = http_get_read_ptr (http); + if (!fp) + { + err = gpg_error (GPG_ERR_INTERNAL); + http_close (http, 0); + return err; + } + + http_close (http, 1 /* Keep read ptr. */); + + *r_fp = fp; + return 0; +} diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h index 304fc4d..50f42be 100644 --- a/dirmngr/ks-engine.h +++ b/dirmngr/ks-engine.h @@ -31,6 +31,9 @@ gpg_error_t ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen); +/*-- ks-engine-finger.c --*/ +gpg_error_t ks_finger_get (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp); + #endif /*DIRMNGR_KS_ENGINE_H*/ diff --git a/dirmngr/server.c b/dirmngr/server.c index 86b21b6..403a136 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -1541,6 +1541,34 @@ cmd_ks_get (assuan_context_t ctx, char *line) } +static const char hlp_ks_fetch[] = + "KS_FETCH \n" + "\n" + "Get the key(s) from URL."; +static gpg_error_t +cmd_ks_fetch (assuan_context_t ctx, char *line) +{ + ctrl_t ctrl = assuan_get_pointer (ctx); + gpg_error_t err; + estream_t outfp; + + /* No options for now. */ + line = skip_options (line); + + /* Setup an output stream and perform the get. */ + outfp = es_fopencookie (ctx, "w", data_line_cookie_functions); + if (!outfp) + err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); + else + { + err = ks_action_fetch (ctrl, line, outfp); + es_fclose (outfp); + } + + return leave_cmd (ctx, err); +} + + static const char hlp_ks_put[] = "KS_PUT\n" @@ -1742,6 +1770,7 @@ register_commands (assuan_context_t ctx) { "KEYSERVER", cmd_keyserver, hlp_keyserver }, { "KS_SEARCH", cmd_ks_search, hlp_ks_search }, { "KS_GET", cmd_ks_get, hlp_ks_get }, + { "KS_FETCH", cmd_ks_fetch, hlp_ks_fetch }, { "KS_PUT", cmd_ks_put, hlp_ks_put }, { "GETINFO", cmd_getinfo, hlp_getinfo }, { "KILLDIRMNGR",cmd_killdirmngr,hlp_killdirmngr }, diff --git a/g10/ChangeLog b/g10/ChangeLog index 8d850a6..8594110 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-02-08 Werner Koch + + * call-dirmngr.c (gpg_dirmngr_ks_fetch): New. + * keyserver.c (keyserver_fetch): Rewrite to use dirmngr. + 2011-02-07 Werner Koch * seskey.c (encode_md_value): Truncate to MDLEN and not to QBYTES diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 10c0e56..09ade4e 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -354,7 +354,7 @@ gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr, -/* Data callback for the KS_GET command. */ +/* Data callback for the KS_GET and KS_FETCH commands. */ static gpg_error_t ks_get_data_cb (void *opaque, const void *data, size_t datalen) { @@ -448,6 +448,65 @@ gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern, estream_t *r_fp) } +/* Run the KS_FETCH and pass URL as argument. On success an estream + object is returned to retrieve the keys. On error an error code is + returned and NULL stored at R_FP. + + The url is expected to point to a small set of keys; in many cases + only to one key. However, schemes like finger may return several + keys. Note that the configured keyservers are ignored by the + KS_FETCH command. */ +gpg_error_t +gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) +{ + gpg_error_t err; + assuan_context_t ctx; + struct ks_get_parm_s parm; + char *line = NULL; + + memset (&parm, 0, sizeof parm); + + *r_fp = NULL; + + err = open_context (ctrl, &ctx); + if (err) + return err; + + line = strconcat ("KS_FETCH -- ", url, NULL); + if (!line) + { + err = gpg_error_from_syserror (); + goto leave; + } + if (strlen (line) + 2 >= ASSUAN_LINELENGTH) + { + err = gpg_error (GPG_ERR_TOO_LARGE); + goto leave; + } + + parm.memfp = es_fopenmem (0, "rwb"); + if (!parm.memfp) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = assuan_transact (ctx, line, ks_get_data_cb, &parm, + NULL, NULL, NULL, NULL); + if (err) + goto leave; + + es_rewind (parm.memfp); + *r_fp = parm.memfp; + parm.memfp = NULL; + + leave: + es_fclose (parm.memfp); + xfree (line); + close_context (ctrl, ctx); + return err; +} + + /* Handle the KS_PUT inquiries. */ static gpg_error_t diff --git a/g10/keyserver.c b/g10/keyserver.c index 2f055ad..be0049a 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1641,54 +1641,53 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs, } - int keyserver_fetch (ctrl_t ctrl, strlist_t urilist) { - KEYDB_SEARCH_DESC desc; + gpg_error_t err; strlist_t sl; - unsigned int options=opt.keyserver_options.import_options; + estream_t datastream; + unsigned int options = opt.keyserver_options.import_options; /* Switch on fast-import, since fetch can handle more than one import and we don't want each set to rebuild the trustdb. Instead we do it once at the end. */ - opt.keyserver_options.import_options|=IMPORT_FAST; - - /* A dummy desc since we're not actually fetching a particular key - ID */ - memset(&desc,0,sizeof(desc)); - desc.mode=KEYDB_SEARCH_MODE_EXACT; + opt.keyserver_options.import_options |= IMPORT_FAST; - for(sl=urilist;sl;sl=sl->next) + for (sl=urilist; sl; sl=sl->next) { - struct keyserver_spec *spec; + if (!opt.quiet) + log_info (_("requesting key from `%s'\n"), sl->d); - spec=parse_keyserver_uri(sl->d,1,NULL,0); - if(spec) - { - int rc; + err = gpg_dirmngr_ks_fetch (ctrl, sl->d, &datastream); + if (!err) + { + void *stats_handle; - rc = keyserver_get (ctrl, &desc, 1, spec); - if(rc) - log_info (_("WARNING: unable to fetch URI %s: %s\n"), - sl->d,g10_errstr(rc)); + stats_handle = import_new_stats_handle(); + import_keys_es_stream (ctrl, datastream, stats_handle, NULL, NULL, + opt.keyserver_options.import_options); - free_keyserver_spec(spec); - } + import_print_stats (stats_handle); + import_release_stats_handle (stats_handle); + } else - log_info (_("WARNING: unable to parse URI %s\n"),sl->d); + log_info (_("WARNING: unable to fetch URI %s: %s\n"), + sl->d, gpg_strerror (err)); + es_fclose (datastream); } - opt.keyserver_options.import_options=options; + opt.keyserver_options.import_options = options; /* If the original options didn't have fast import, and the trustdb is dirty, rebuild. */ - if(!(opt.keyserver_options.import_options&IMPORT_FAST)) - trustdb_check_or_update(); + if (!(opt.keyserver_options.import_options&IMPORT_FAST)) + trustdb_check_or_update (); return 0; } + /* Import key in a CERT or pointed to by a CERT */ int keyserver_import_cert (ctrl_t ctrl, ----------------------------------------------------------------------- Summary of changes: common/ChangeLog | 22 +++ common/estream.c | 11 +- common/http.c | 359 +++++++++++++++++++++++++++++++++++--------- common/http.h | 13 ++- dirmngr/ChangeLog | 6 + dirmngr/Makefile.am | 3 +- dirmngr/ks-action.c | 45 ++++++- dirmngr/ks-action.h | 1 + dirmngr/ks-engine-finger.c | 101 +++++++++++++ dirmngr/ks-engine.h | 3 + dirmngr/server.c | 29 ++++ g10/ChangeLog | 5 + g10/call-dirmngr.c | 61 ++++++++- g10/keyserver.c | 49 +++--- 14 files changed, 606 insertions(+), 102 deletions(-) create mode 100644 dirmngr/ks-engine-finger.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 9 16:05:06 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 09 Feb 2011 16:05:06 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-3-gf02d972 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f02d972aec94e3ec8fdadd080d159d5a34c96722 (commit) from 2c79a2832cd3cbc1c09f4f7a7b2653ba6cbd2845 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f02d972aec94e3ec8fdadd080d159d5a34c96722 Author: Werner Koch Date: Wed Feb 9 15:42:29 2011 +0100 Support key fetching using HTTP. A simple test case is: gpg2 --fetch-key http://werner.eifelkommune.de/mykey.asc diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index 1e575e1..757eb78 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,3 +1,11 @@ +2011-02-09 Werner Koch + + * ks-action.c (ks_action_fetch): Support http URLs. + * ks-engine-http.c: New. + + * ks-engine-finger.c (ks_finger_get): Rename to ks_finger_fetch. + Change caller. + 2011-02-08 Werner Koch * server.c (cmd_ks_fetch): New. diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index a030f38..6b27c7a 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -51,7 +51,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ cdb.h cdblib.c ldap.c misc.c dirmngr-err.h w32-ldap-help.h \ ocsp.c ocsp.h validate.c validate.h ldap-wrapper.h $(ldap_url) \ ks-action.c ks-action.h ks-engine.h \ - ks-engine-hkp.c ks-engine-finger.c + ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c if USE_LDAPWRAPPER dirmngr_SOURCES += ldap-wrapper.c diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index dff4997..ec691fe 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -167,7 +167,12 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp) if (parsed_uri->is_http) { - err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + err = ks_http_fetch (ctrl, url, &infp); + if (!err) + { + err = copy_stream (infp, outfp); + es_fclose (infp); + } } else if (!parsed_uri->opaque) { @@ -175,12 +180,10 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp) } else if (!strcmp (parsed_uri->scheme, "finger")) { - err = ks_finger_get (ctrl, parsed_uri, &infp); + err = ks_finger_fetch (ctrl, parsed_uri, &infp); if (!err) { err = copy_stream (infp, outfp); - /* Reading from the finger serrver should not fail, thus - return this error. */ es_fclose (infp); } } diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c index c54e343..c9e897f 100644 --- a/dirmngr/ks-engine-finger.c +++ b/dirmngr/ks-engine-finger.c @@ -1,4 +1,4 @@ -/* ks-engine-finger.c - HKP keyserver engine +/* ks-engine-finger.c - Finger OpenPGP key access * Copyright (C) 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -33,7 +33,7 @@ /* Get the key from URI which is expected to specify a finger scheme. On success R_FP has an open stream to read the data. */ gpg_error_t -ks_finger_get (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp) +ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp) { gpg_error_t err; estream_t fp; diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c new file mode 100644 index 0000000..304e793 --- /dev/null +++ b/dirmngr/ks-engine-http.c @@ -0,0 +1,141 @@ +/* ks-engine-http.c - HTTP OpenPGP key access + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include + +#include +#include +#include +#include + +#include "dirmngr.h" +#include "misc.h" +#include "ks-engine.h" + +/* How many redirections do we allow. */ +#define MAX_REDIRECTS 2 + + +/* Get the key from URL which is expected to specify a http style + scheme. On success R_FP has an open stream to read the data. */ +gpg_error_t +ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) +{ + gpg_error_t err; + http_t http = NULL; + int redirects_left = MAX_REDIRECTS; + estream_t fp = NULL; + char *request_buffer = NULL; + + *r_fp = NULL; + once_more: + err = http_open (&http, + HTTP_REQ_GET, + url, + /* fixme: AUTH */ NULL, + 0, + /* fixme: proxy*/ NULL, + NULL, NULL, + /*FIXME curl->srvtag*/NULL); + if (!err) + { + fp = http_get_write_ptr (http); + /* Avoid caches to get the most recent copy of the key. We set + both the Pragma and Cache-Control versions of the header, so + we're good with both HTTP 1.0 and 1.1. */ + es_fputs ("Pragma: no-cache\r\n" + "Cache-Control: no-cache\r\n", fp); + http_start_data (http); + if (es_ferror (fp)) + err = gpg_error_from_syserror (); + } + if (err) + { + /* Fixme: After a redirection we show the old host name. */ + log_error (_("error connecting to `%s': %s\n"), + url, gpg_strerror (err)); + goto leave; + } + + /* Wait for the response. */ + dirmngr_tick (ctrl); + err = http_wait_response (http); + if (err) + { + log_error (_("error reading HTTP response for `%s': %s\n"), + url, gpg_strerror (err)); + goto leave; + } + + switch (http_get_status_code (http)) + { + case 200: + err = 0; + break; /* Success. */ + + case 301: + case 302: + { + const char *s = http_get_header (http, "Location"); + + log_info (_("URL `%s' redirected to `%s' (%u)\n"), + url, s?s:"[none]", http_get_status_code (http)); + if (s && *s && redirects_left-- ) + { + xfree (request_buffer); + request_buffer = xtrystrdup (s); + if (request_buffer) + { + url = request_buffer; + http_close (http, 0); + http = NULL; + goto once_more; + } + err = gpg_error_from_syserror (); + } + else + err = gpg_error (GPG_ERR_NO_DATA); + log_error (_("too many redirections\n")); + } + goto leave; + + default: + log_error (_("error accessing `%s': http status %u\n"), + url, http_get_status_code (http)); + err = gpg_error (GPG_ERR_NO_DATA); + goto leave; + } + + fp = http_get_read_ptr (http); + if (!fp) + { + err = gpg_error (GPG_ERR_BUG); + goto leave; + } + + /* Return the read stream and close the HTTP context. */ + *r_fp = fp; + http_close (http, 1); + http = NULL; + + leave: + http_close (http, 0); + xfree (request_buffer); + return err; +} diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h index 50f42be..9d2afdf 100644 --- a/dirmngr/ks-engine.h +++ b/dirmngr/ks-engine.h @@ -31,8 +31,12 @@ gpg_error_t ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen); +/*-- ks-engine-http.c --*/ +gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp); + + /*-- ks-engine-finger.c --*/ -gpg_error_t ks_finger_get (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp); +gpg_error_t ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp); ----------------------------------------------------------------------- Summary of changes: dirmngr/ChangeLog | 8 +++ dirmngr/Makefile.am | 2 +- dirmngr/ks-action.c | 11 ++- dirmngr/ks-engine-finger.c | 4 +- dirmngr/ks-engine-http.c | 141 ++++++++++++++++++++++++++++++++++++++++++++ dirmngr/ks-engine.h | 6 ++- 6 files changed, 164 insertions(+), 8 deletions(-) create mode 100644 dirmngr/ks-engine-http.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 10 18:29:32 2011 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 10 Feb 2011 18:29:32 +0100 Subject: [git] Wincetools - branch, kdepimcetools, updated. b9eabf8c7de3290822582a74d4b69944d4d93edd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "UNNAMED PROJECT". The branch, kdepimcetools has been updated via b9eabf8c7de3290822582a74d4b69944d4d93edd (commit) from 266e97af262f9fc3dd4f7d9bfbd7c0efadebbf0b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b9eabf8c7de3290822582a74d4b69944d4d93edd Author: Andre Heinecke Date: Thu Feb 10 17:06:03 2011 +0000 Do not use the loader anymore diff --git a/loader/CMakeLists.txt b/loader/CMakeLists.txt index f9a166f..b79053d 100644 --- a/loader/CMakeLists.txt +++ b/loader/CMakeLists.txt @@ -17,7 +17,7 @@ add_executable(kmail-mobile-loader WIN32 himemce.c compat.c kernel32_kernel_private.h kernel32_process.c kernel32_module.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp kmail-mobile.rc) -set_target_properties(kmail-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +#set_target_properties(kmail-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) target_link_libraries(kmail-mobile-loader aygshell) install(TARGETS kmail-mobile-loader DESTINATION bin) @@ -27,7 +27,7 @@ add_executable(notes-mobile-loader WIN32 himemce.c compat.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp notes-mobile.rc) target_link_libraries(notes-mobile-loader aygshell) -set_target_properties(notes-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +#set_target_properties(notes-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) install(TARGETS notes-mobile-loader DESTINATION bin) add_executable(kaddressbook-mobile-loader WIN32 himemce.c compat.c @@ -36,7 +36,7 @@ add_executable(kaddressbook-mobile-loader WIN32 himemce.c compat.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp kaddressbook-mobile.rc) target_link_libraries(kaddressbook-mobile-loader aygshell) -set_target_properties(kaddressbook-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +#set_target_properties(kaddressbook-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) install(TARGETS kaddressbook-mobile-loader DESTINATION bin) add_executable(korganizer-mobile-loader WIN32 himemce.c compat.c @@ -45,7 +45,7 @@ add_executable(korganizer-mobile-loader WIN32 himemce.c compat.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp korganizer-mobile.rc) target_link_libraries(korganizer-mobile-loader aygshell) -set_target_properties(korganizer-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +#set_target_properties(korganizer-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) install(TARGETS korganizer-mobile-loader DESTINATION bin) add_executable(tasks-mobile-loader WIN32 himemce.c compat.c @@ -54,7 +54,7 @@ add_executable(tasks-mobile-loader WIN32 himemce.c compat.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp tasks-mobile.rc) target_link_libraries(tasks-mobile-loader aygshell) -set_target_properties(tasks-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +#set_target_properties(tasks-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) install(TARGETS tasks-mobile-loader DESTINATION bin) add_executable(kleopatra-loader WIN32 himemce.c compat.c ----------------------------------------------------------------------- Summary of changes: loader/CMakeLists.txt | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- UNNAMED PROJECT http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 10 21:08:25 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 10 Feb 2011 21:08:25 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-6-gd290f29 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d290f2914abe0a279b7674c915e1b752353812b8 (commit) via ba23e88faa00eeb9682f8dc6fe1586735a99179a (commit) via 1cdcab68924a58623c3ea75eb47544973f24420c (commit) from f02d972aec94e3ec8fdadd080d159d5a34c96722 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d290f2914abe0a279b7674c915e1b752353812b8 Author: Werner Koch Date: Thu Feb 10 20:16:06 2011 +0100 Add ECC import regression tests and fixed a regression. The import test imports the keys as needed and because they are passphrase protected we now need a pinentry script to convey the passphrase to gpg-agent. diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index ac71bdd..c1ce3bf 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,6 +1,6 @@ 2011-02-09 Werner Koch - * ks-engine-kdns.c: New. Based on the former gpgkeys_kdns. + * ks-engine-kdns.c: New but only the framework. * server.c (cmd_keyserver): Add option --help. (dirmngr_status_help): New. diff --git a/dirmngr/ks-engine-kdns.c b/dirmngr/ks-engine-kdns.c new file mode 100644 index 0000000..748274d --- /dev/null +++ b/dirmngr/ks-engine-kdns.c @@ -0,0 +1,79 @@ +/* ks-engine-kdns.c - KDNS OpenPGP key access + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include + +#include +#include +#include +#include + +#include "dirmngr.h" +#include "misc.h" +#include "userids.h" +#include "ks-engine.h" + +/* Print a help output for the schemata supported by this module. */ +gpg_error_t +ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri) +{ + const char const data[] = + "This keyserver engine accepts URLs of the form:\n" + " kdns://[NAMESERVER]/[ROOT][?at=STRING]\n" + "with\n" + " NAMESERVER used for queries (default: system standard)\n" + " ROOT a DNS name appended to the query (default: none)\n" + " STRING a string to replace the '@' (default: \".\")\n" + "If a long answer is expected add the parameter \"usevc=1\".\n" + "Supported methods: fetch\n" + "Example:\n" + "A query for \"hacker at gnupg.org\" with\n" + " kdns://10.0.0.1/example.net?at=_key_&usevc=1\n" + "setup as --auto-key-lookup in gpg does a CERT record query\n" + "with type PGP on the nameserver 10.0.0.1 for\n" + " hacker._key_.gnupg.org.example.net"; + gpg_error_t err; + + if (!uri) + err = ks_print_help (ctrl, " kdns"); + else if (!strcmp (uri->scheme, "kdns")) + err = ks_print_help (ctrl, data); + else + err = 0; + + return err; +} + + +/* Get the key from URI which is expected to specify a kdns scheme. + On success R_FP has an open stream to read the data. */ +gpg_error_t +ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp) +{ + gpg_error_t err; + + (void)ctrl; + *r_fp = NULL; + + if (strcmp (uri->scheme, "kdns")) + return gpg_error (GPG_ERR_INV_ARG); + + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + return err; +} diff --git a/g10/ChangeLog b/g10/ChangeLog index 351475f..0eebbef 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-02-10 Werner Koch + + * seskey.c (encode_md_value): Change last fix to avoid a + regression for DSA with SHA-2 hashes. + 2011-02-09 Werner Koch * keyserver.c: Replace all printf by es_printf. diff --git a/g10/seskey.c b/g10/seskey.c index f3796f0..b210ae0 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -297,18 +297,17 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) return NULL; } + + /* ECDSA 521 is special has it is larger than the largest hash + we have (SHA-512). Thus we chnage the size for further + processing to 512. */ + if (pkalgo == GCRY_PK_ECDSA && qbits > 512) + qbits = 512; + /* Check if we're too short. Too long is safe as we'll - automatically left-truncate. - - FIXME: Check against FIPS. - This checks would require the use of SHA512 with ECDSA 512. I - think this is overkill to fail in this case. Therefore, - relax the check, but only for ECDSA keys. We may need to - adjust it later for general case. (Note that the check will - never pass for ECDSA 521 anyway as the only hash that - intended to match it is SHA 512, but 512 < 521). */ + automatically left-truncate. */ mdlen = gcry_md_get_algo_dlen (hash_algo); - if (mdlen < ((pkalgo == GCRY_PK_ECDSA && qbits > 521) ? 512: qbits)/8) + if (mdlen < qbits/8) { log_error (_("%s key %s requires a %zu bit or larger hash " "(hash is %s\n"), @@ -318,13 +317,10 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo) return NULL; } - /* By passing MDLEN as length to mpi_scan, we do the truncation - of the hash. - - Note that in case of ECDSA 521 the hash is always smaller - than the key size. */ + /* Note that we do the truncation by passing QBITS/8 as length to + mpi_scan. */ if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG, - gcry_md_read (md, hash_algo), mdlen, NULL)) + gcry_md_read (md, hash_algo), qbits/8, NULL)) BUG(); } else diff --git a/tests/openpgp/ChangeLog b/tests/openpgp/ChangeLog index d7c444b..18fbad8 100644 --- a/tests/openpgp/ChangeLog +++ b/tests/openpgp/ChangeLog @@ -1,3 +1,12 @@ +2011-02-10 Werner Koch + + * ecc.test: New. + * pinentry.sh: New. + * defs.inc: Do not create a log when running tests with envvar + verbose > 1. Add pinentry-program to gpg-agent.conf. + * Makefile.am (sample_keys): New. + (EXTRA_DIST): Add them. + 2010-10-15 Werner Koch * Makefile.am (clean-local): New. @@ -154,7 +163,7 @@ * verify.test: More tests. * multisig.test: Better error printing. (sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group. - + 2006-02-14 Werner Koch * verify.test: New. @@ -236,7 +245,7 @@ 2002-05-10 Werner Koch * Makefile.am: Add gpg_dearmor to all targets where it is used. - Noted by Andreas Haumer. + Noted by Andreas Haumer. 2002-04-19 Werner Koch @@ -264,7 +273,7 @@ 2001-09-28 Werner Koch - * defs.inc: Write a log file for each test. + * defs.inc: Write a log file for each test. * run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all tests by a simple macro from defs.inc. * Makefile.am (CLEANFILES): Remove log files. @@ -275,7 +284,7 @@ armencryptp.test, armencrypt.test, encryptp.test, seat.test, encrypt-dsa.test, encrypt.test: Use --always-trust because the test are not designed to check the validity. - + 2001-09-06 Werner Koch * genkey1024.test: Simplified by using a parameter file. @@ -303,7 +312,7 @@ 2001-03-20 Werner Koch - * Makefile.am: Import the pubdemo.asc file + * Makefile.am: Import the pubdemo.asc file * sigs.test (hash_algo_list): s/tiger/tiger192/ @@ -402,5 +411,3 @@ Mon May 18 15:40:02 1998 Werner Koch (wk at isil.d.shuttle.de) This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 54132a9..8d6e590 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -8,12 +8,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . # Process this file with automake to create Makefile.in @@ -38,7 +38,7 @@ TESTS = version.test mds.test \ armdetachm.test detachm.test genkey1024.test \ conventional.test conventional-mdc.test \ multisig.test verify.test armor.test \ - import.test finish.test + import.test ecc.test finish.test TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ @@ -60,15 +60,21 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \ privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc +sample_keys = samplekeys/ecc-sample-1-pub.asc \ + samplekeys/ecc-sample-2-pub.asc \ + samplekeys/ecc-sample-3-pub.asc \ + samplekeys/ecc-sample-1-sec.asc \ + samplekeys/ecc-sample-2-sec.asc \ + samplekeys/ecc-sample-3-sec.asc -EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \ - mkdemodirs signdemokey $(priv_keys) +EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) \ + mkdemodirs signdemokey $(priv_keys) $(sample_keys) CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \ *.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \ pubring.gpg secring.gpg pubring.pkr secring.skr \ - gnupg-test.stop pubring.gpg~ random_seed + gnupg-test.stop pubring.gpg~ random_seed gpg-agent.log clean-local: -rm -rf private-keys-v1.d @@ -77,5 +83,3 @@ clean-local: # We need to depend on a couple of programs so that the tests don't # start before all programs are built. all-local: $(required_pgms) - - diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc index bc0d76e..b9af8fe 100755 --- a/tests/openpgp/defs.inc +++ b/tests/openpgp/defs.inc @@ -58,7 +58,7 @@ error () { defs_error_seen=yes echo "$pgmname:" $* >&5 if [ x$defs_stop_on_error != xyes ]; then - exit 1 + exit 1 fi } @@ -163,12 +163,12 @@ pgmname=`basename $0` [ -z "$srcdir" ] && fatal "not called from make" -# +# if [ -f gnupg-test.stop ]; then if [ $pgmname = "version.test" ]; then rm gnupg-test.stop else - # Skip the rest of the tests. + # Skip the rest of the tests. exit 77 fi fi @@ -195,22 +195,33 @@ GPG_CONNECT_AGENT="../../tools/gpg-connect-agent" GPGCONF="../../tools/gpgconf" GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase" MKTDATA="../../tools/mk-tdata" +PINENTRY="$(cd $srcdir && /bin/pwd)/pinentry.sh" +# Default to empty passphrase for pinentry.sh +PINENTRY_USER_DATA= # Make sure we have a valid option files even with VPATH builds. -for f in gpg.conf gpg-agent.conf ; do +for f in gpg.conf gpg-agent.conf ; do if [ -f ./$f ]; then : elif [ -f $srcdir/$f.tmpl ]; then cat $srcdir/$f.tmpl >$f - if [ "$f" = "gpg.conf" ]; then - echo "agent-program $GPG_AGENT" >>gpg.conf - fi + case "$f" in + gpg.conf) + echo "agent-program $GPG_AGENT" >>"$f" + ;; + gpg-agent.conf) + echo "pinentry-program $PINENTRY" >>"$f" + ;; + esac fi done -echo "Test: $pgmname" > ${pgmname}.log -echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log -exec 5>&2 2>>${pgmname}.log - +if [ "${verbose:-0}" -gt "1" ]; then + exec 5>/dev/null +else + echo "Test: $pgmname" > ${pgmname}.log + echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log + exec 5>&2 2>>${pgmname}.log +fi : # end diff --git a/tests/openpgp/ecc.test b/tests/openpgp/ecc.test new file mode 100755 index 0000000..ce49308 --- /dev/null +++ b/tests/openpgp/ecc.test @@ -0,0 +1,89 @@ +#!/bin/sh +# Copyright 2011 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +. $srcdir/defs.inc || exit 3 + +keygrips='8E06A180EFFE4C65B812150CAF19BF30C0689A4C + E4403F3FD7A443FAC29FEF288FA0D20AC212851E + 0B7554421FFB14A06CB9F63FB49A85A58E97ABAC + 303ACC892C2D786C8A789677C0BE54DA8538F903 + 9FE5C36985351524B6AFA19FDCBC1A3A750B6F5F + 145A52CC7ED3FD41C5B0A26BE220FEED36AF24DE' +mainkeyids='BAA59D9C + 0F54719F + 45AF2FFE' + + +if have_pubkey_algo "ECDH"; then + : +else + info "No ECC support due to an old Libgcrypt" + exit 77 +fi + + +info "Preparing for ECC test." +for i in $keygrips ; do + rm private-keys-v1.d/$i.key 2>/dev/null || true + $GPG_PRESET_PASSPHRASE --preset -P ecc $i +done + + +info "Importing ECC public keys." +for k in $mainkeyids ; do + $GPG --delete-key --batch --yes $k 2>/dev/null || true +done +for i in 1 2 3; do + k="ecc-sample-$i-pub.asc" + if $GPG --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done + + +info "Importing ECC secret keys." +# Note that the PGP generated secret keys are not self-signed, thus we +# need to pass an appropriate option. +for i in 1 2 3; do + k="ecc-sample-$i-sec.asc" + if [ "$i" -gt "1" ]; then + extraopts="--allow-non-selfsigned-uid" + else + extraopts="" + fi + if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done + + +info "Importing ECC secret keys directly." +for i in $keygrips ; do + rm private-keys-v1.d/$i.key 2>/dev/null || true +done +for k in $mainkeyids ; do + $GPG --delete-key --batch --yes $k 2>/dev/null || true +done +for i in 1 2 3; do + k="ecc-sample-$i-sec.asc" + if [ "$i" -gt "1" ]; then + extraopts="--allow-non-selfsigned-uid" + else + extraopts="" + fi + if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then + : + else + error "$k: import failed" + fi +done diff --git a/tests/openpgp/pinentry.sh b/tests/openpgp/pinentry.sh new file mode 100755 index 0000000..c8d0552 --- /dev/null +++ b/tests/openpgp/pinentry.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Copyright 2011 Free Software Foundation, Inc. +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +exec 2>>/tmp/pinentry.err + +echo "OK - what's up?" +while read cmd rest; do + echo "cmd=$cmd rest=$rest" >&2 + case "$cmd" in + \#*) + ;; + GETPIN) + echo "D ${PINENTRY_USER_DATA}" + echo "OK" + ;; + BYE) + echo "OK" + exit 0 + ;; + *) + echo "OK" + ;; + esac +done diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index fd05aa3..4bfd61f 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -1,5 +1,112 @@ no-creation-time.gpg A key with a zero creation time. -ecc-sample-1-pub.asc The first ECC sample key. -ecc-sample-1-sec.asc The first ECC sample key (secret). +ecc-sample-1-pub.asc A NIST P-256 ECC sample key. +ecc-sample-1-sec.asc Ditto, but the secret keyblock. +ecc-sample-2-pub.asc A NIST P-384 ECC sample key. +ecc-sample-2-sec.asc Ditto, but the secret keyblock. +ecc-sample-3-pub.asc A NIST P-521 ECC sample key. +ecc-sample-3-sec.asc Ditto, but the secret keyblock. + + +Signed message + +The following is an opaque ECDSA signature on a message "This is one +line\n" (17 byte long) by the master key: + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.1.0-ecc (GNU/Linux) + +owGbwMvMwCHMvVT3w66lc+cwrlFK4k5N1k3KT6nUK6ko8Zl8MSEkI7NYAYjy81IV +cjLzUrk64lgYhDkY2FiZQNIMXJwCMO31rxgZ+tW/zesUPxWzdKWrtLGW/LkP5rXL +V/Yvnr/EKjBbQuvZSYa/klsum6XFmTze+maVgclT6Rc6hzqqxNy6o6qdTTmLJuvp +AQA= +=GDv4 +-----END PGP MESSAGE---- + +Encrypted message + +The following block encrypts the text "This is one line\n", 17 bytes, +with the subkey 0x4089AB73. + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.1.0-ecc (GNU/Linux) + +hH4Dd863o0CJq3MSAgMEHdIYZQx+rV1cjy7qitIOEICFFzp4cjsRX4r+rDdMcQUs +h7VZmbP1c9C0s9sgCKwubWfkcYUl2ZOju4gy+s4MYTBb4/j8JjnJ9Bqn6LWutTXJ +zwsdP13VIJLnhiNqISdR3/6xWQ0ICRYzwb95nUZ1c1DSVgFpjPgUvi4pgYbTpcDB +jzILKWBfBDT/jck169XE8vgtbcqVQYZ7lZpaY9CzEbC+4dXZmV1gm5MafpTyFWgH +VnyrZB4gad9Lp9e0RKHHcOOE7s/NeLuu +=odUZ +-----END PGP MESSAGE----- + + + + +Signed message + +The following is an opaque ECDSA signature on a message "This is one +line\n" (17 byte long) by the master key: + +-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DIqwE7wsvMwCnM2WDcwR9SOJ/xtFISd25qcXFieqpeSUUJAxCEZGQWKwBR +fl6qQk5mXirXoXJmVgbfYC5xmC5hzsDPjHXqbDLzpXpTBXSZV3L6bAgP3Kq7Ykmo +7Ds1v4UfBS+3CSSon7Pzq79WLjzXXEH54MkjPxnrw+8cfMVnY7Bi18J702Nnsa7a +9lMv/PM0/ao9CZ3KX7Q+Tv1rllTZ5Hj4V1frw431QnHfAA== +=elKT +-----END PGP MESSAGE----- + +Encrypted message + +The following block encrypts the text "This is one line\n", 17 bytes, +with the subkey: + +-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DBngOqi5OPmiAZRhIDAwQqIr/00cJyf+QP+VA4QKVkk77KMHdz9OVaR2XK +0VYu0F/HPm89vL2orfm2hrAZxY9G2R0PG4Wk5Lg04UjKca/O72uWtjdPYulFidmo +uB0QpzXFz22ZZinxeVPLPEr19Pow0EwCc95cg4HAgrD0nV9vRcTJ/+juVfvsJhAO +isMKqrFNMvwnK5A1ECeyVXe7oLZl0lUBRhLr59QTtvf85QJjg/m5kaGy8XCJvLv3 +61pZa6KUmw89PjtPak7ebcjnINL01vwmyeg1PAyW/xjeGGvcO+R4P1b4ewyFnJyR +svzIJcP7d4DqYOw7 +=oiTJ +-----END PGP MESSAGE----- + + + +Signed message + +The following is an opaque ECDSA signature on a message "This is one +line\n" (17 byte long) by the master key: + +-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DIwA8BO8LLzMAlnO3Y8tB1vf4/xtNKSdy5qcXFiempeiUVJQxAEJKRWawA +RPl5qQo5mXmpXIdmMLMy+AaLnoLpEubatpeJY2Lystd7Qt32q2UcvRS5kNPWtDB7 +ryufvcrWtFM7Jx8qXKDxZuqr7b9PGv1Ssk+I8TzB2O9dZC+n/jv+PAdbuu7mLe33 +Gf9pLd3weV3Qno6FOqxGa5ZszQx+uer2xH3/El9x/2pVeO4l15ScsL7qWMTmffmG +Ic1RdzgeCfosMF+l/zVRchcLKzenEQA= +=ATtX +-----END PGP MESSAGE----- + +Encrypted message + +The following block encrypts the text "This is one line\n", 17 bytes, +with the subkey: + +-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DBwAIDB+qqSKgcSDgSBCMEAKpzTUxB4c56C7g09ekD9I+ttC5ER/xzDmXU +OJmFqU5w3FllhFj4TgGxxdH+8fv4W2Ag0IKoJvIY9V1V7oUCClfqAR01QbN7jGH/ +I9GFFnH19AYEgMKgFmh14ZwN1BS6/VHh+H4apaYqapbx8/09EL+DV9zWLX4GRLXQ +VqCR1N2rXE29MJFzGmDOCueQNkUjcbuenoCSKcNT+6xhO27U9IYVCg4BhRUDGfD6 +dhfRzBLxL+bKR9JVAe46+K8NLjRVu/bd4Iounx4UF5dBk8ERy+/8k9XantDoQgo6 +RPqCad4Dg/QqkpbK3y574ds3VFNJmc4dVpsXm7lGV5w0FBxhVNPoWNhhECMlTroX +Rg== +=5GqW +-----END PGP MESSAGE----- diff --git a/tests/openpgp/samplekeys/ecc-sample-2-pub.asc b/tests/openpgp/samplekeys/ecc-sample-2-pub.asc new file mode 100644 index 0000000..f898012 --- /dev/null +++ b/tests/openpgp/samplekeys/ecc-sample-2-pub.asc @@ -0,0 +1,25 @@ +ECC NIST P-384 key taken from +https://sites.google.com/site/brainhub/pgpecckeys + +The sample key has ECDSA top key 0x098033880F54719F and a single ECDH +encryption subkey 0xAA8B938F9A201946. ECDH subkey uses SHA-384 and +AES-256 with KDF. + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: PGP Command Line v10.0.0 (Linux) + +mQBvBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn +OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj +E+HhEI66Bjvh5ksQ5pUOeZwttCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJyYWlu +aHViLm9yZz6JAMsEEBMJAFMFAk1TBZIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWls +LWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAE +FQkKCAAKCRAJgDOID1Rxn8orAYCqNzUJaL1fEVr9jOe8exA4IhUtv/BtCvzag1Mp +UQkFuYy0abogj6q4fHQSt5nntjMBf1g2TqSA6KGj8lOgxfIsRG6L6an85iEBNu4w +gRq71JE53ii1vfjcNtBq50hXnp/1A7kAcwRNUwWSEgUrgQQAIgMDBC+qhAJKILZz +XEiX76W/tBv4W37v6rXKDLn/yOoEpGrLJVNKV3aU+eJTQKSrUiOp3R7aUwyKouZx +jbENfmclWMdzb+CTaepXOaKjVUvxbUH6pQVi8RxtObvV3/trmp7JGAMBCQmJAIQE +GBMJAAwFAk1TBZIFGwwAAAAACgkQCYAziA9UcZ+AlwGA7uem2PzuQe5PkonfF/m8 ++dlV3KJcWDuUM286Ky1Jhtxc9Be40tyG90Gp4abSNsDjAX0cdldUWKDPuTroorJ0 +/MZc7s16ke7INla6EyGZafBpRbSMVr0EFSw6BVPF8vS9Emc= +=I76R +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/ecc-sample-2-sec.asc b/tests/openpgp/samplekeys/ecc-sample-2-sec.asc new file mode 100644 index 0000000..b163f63 --- /dev/null +++ b/tests/openpgp/samplekeys/ecc-sample-2-sec.asc @@ -0,0 +1,22 @@ +ECC NIST P-384 key taken from +https://sites.google.com/site/brainhub/pgpecckeys + +The sample key has ECDSA top key 0x098033880F54719F and a single ECDH +encryption subkey 0xAA8B938F9A201946. ECDH subkey uses SHA-384 and +AES-256 with KDF. The password for the key is "ecc". + +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: PGP Command Line v10.0.0 (Linux) + +lQDSBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn +OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj +E+HhEI66Bjvh5ksQ5pUOeZwt/gcDAkrFTsfF6LKsqD/tW6Eot2DDE8znJjnQQ/Nr +H98XT1WQ9V0ED8l9DDIIj7z80ED3NR8XMSI8Ew/A/0w6NDPL978BX0MGvpaeBaWV +tEuH1EPAxiA+hFALwftY+a8s1zLktCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJy +YWluaHViLm9yZz6dANYETVMFkhIFK4EEACIDAwQvqoQCSiC2c1xIl++lv7Qb+Ft+ +7+q1ygy5/8jqBKRqyyVTSld2lPniU0Ckq1Ijqd0e2lMMiqLmcY2xDX5nJVjHc2/g +k2nqVzmio1VL8W1B+qUFYvEcbTm71d/7a5qeyRgDAQkJ/gkDAqqmkngPLoJGqI4O +rHyyU3wrrPzDDDURkseoUEZlDZINjyto26A8N825mqLqeFytJuuABYH1UnLs4d2x +ZJZIYjEoFMPcFPuUtx+IZnECa1Vcyq2aRFCixVO0G/xrSFar +=a4k3 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/ecc-sample-3-pub.asc b/tests/openpgp/samplekeys/ecc-sample-3-pub.asc new file mode 100644 index 0000000..14b49d3 --- /dev/null +++ b/tests/openpgp/samplekeys/ecc-sample-3-pub.asc @@ -0,0 +1,28 @@ +ECC NIST P-521 key taken from +https://sites.google.com/site/brainhub/pgpecckeys + +The sample key has ECDSA top key 0x6B4184E145AF2FFE and a single ECDH +encryption subkey 0x07EAAA48A81C4838. ECDH subkey uses SHA-512 and +AES-256 with KDF. + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: PGP Command Line v10.0.0 (Linux) + +mQCTBE1TFQITBSuBBAAjBCMEAWuwULfE2XoQmJhSQZ8rT5Ecr/kooudn4043gXHy +NZEdTeFfY2G7kwEaxj8TXfd1U1b4PkEoqhzKxhz/MHK/lwi2ARzW1XQiJ1/kFPsv +IUnQI1CUS099WKKQhD8JMPPyje1dKfjFjm2gzyF3TOMX1Cyy8wFyF0MiHVgB3ezb +w7C6jY+3tCRlY19kc2FfZGhfNTIxIDxvcGVucGdwQGJyYWluaHViLm9yZz6JAO0E +EBMKAFMFAk1TFQIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBn +cC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAEFQoJCAAKCRBrQYTh +Ra8v/sm3Agjl0YO73iEpu1z1wGtlUnACi21ti2PJNGlyi84yvDQED0+mxhhTRQYz +3ESaS1s/+4psP4aH0jeVQhce15a9RqfX+AIHam7i8K/tiKFweEjpyMCB594zLzY6 +lWbUf1/1a+tNv3B6yuIwFB1LY1B4HNrze5DUnngEOkmQf2esw/4nQGB87Rm5AJcE +TVMVAhIFK4EEACMEIwQBsRFES0RLIOcCyO18cq2GaphSGXqZtyvtHQt7PKmVNrSw +UuxNClntOe8/DLdq5mYDwNsbT8vi08PyQgiNsdJkcIgAlAayAGB556GKHEmP1JC7 +lCUxRi/2ecJS0bf6iTTqTqZWEFhYs2aXESwFFt3V4mga/OyTGXOpnauHZ22pVLCz +6kADAQoJiQCoBBgTCgAMBQJNUxUCBRsMAAAAAAoJEGtBhOFFry/++p0CCQFJgUCn +kiTKCNfP8Q/MO2BCp1QyESk53GJlCgIBAoa7U6X2fQxe2+OU+PNCjicJmZiSrV6x +6nYfGJ5Jx753sqJWtwIJAc9ZxCQhj4V52FmbPYexZPPneIdeCDjtowD6KUZxiS0K +eD8EzdmeJQWBQsnPtJC/JJL4zz6JyYMXf4jIb5JyGNQC +=5yaB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/tests/openpgp/samplekeys/ecc-sample-3-sec.asc b/tests/openpgp/samplekeys/ecc-sample-3-sec.asc new file mode 100644 index 0000000..6552e7a --- /dev/null +++ b/tests/openpgp/samplekeys/ecc-sample-3-sec.asc @@ -0,0 +1,24 @@ +ECC NIST P-521 key taken from +https://sites.google.com/site/brainhub/pgpecckeys + +The sample key has ECDSA top key 0x6B4184E145AF2FFE and a single ECDH +encryption subkey 0x07EAAA48A81C4838. ECDH subkey uses SHA-512 and +AES-256 with KDF. The password for the key is "ecc". + +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: PGP Command Line v10.0.0 (Linux) + +lQEIBE1TFQITBSuBBAAjBCMEAWuwULfE2XoQmJhSQZ8rT5Ecr/kooudn4043gXHy +NZEdTeFfY2G7kwEaxj8TXfd1U1b4PkEoqhzKxhz/MHK/lwi2ARzW1XQiJ1/kFPsv +IUnQI1CUS099WKKQhD8JMPPyje1dKfjFjm2gzyF3TOMX1Cyy8wFyF0MiHVgB3ezb +w7C6jY+3/gcDAv+CotECRPpSqGkqKrz+xAhAqswHXzFIBprFF0XiDooWktZSTAUR +JVB2U6m28wC4rE3RkqFeR1B+kg4nxEAJ9k6BI8oDE0iyOY5aklF2TxPpTs/BA+N2 +O4hnXb1l5qXfuyd3bSwDeyfq3CdFe4TeKp7vtCRlY19kc2FfZGhfNTIxIDxvcGVu +cGdwQGJyYWluaHViLm9yZz6dAQwETVMVAhIFK4EEACMEIwQBsRFES0RLIOcCyO18 +cq2GaphSGXqZtyvtHQt7PKmVNrSwUuxNClntOe8/DLdq5mYDwNsbT8vi08PyQgiN +sdJkcIgAlAayAGB556GKHEmP1JC7lCUxRi/2ecJS0bf6iTTqTqZWEFhYs2aXESwF +Ft3V4mga/OyTGXOpnauHZ22pVLCz6kADAQoJ/gkDAki71k/zBW2qqGyScDNNuWaA +9A5aWhpNNyRrFembt7f/W+b591G3twdNmdCIh29VoOmQw3fO8wwgsPTUxQFgd8J3 +ncft0zciEcDZi/ztLZA3+rIIP2myZLIs9xLG+k+gf3nXpeED4uYqQX3GL+32PKwg +=Qnd8 +-----END PGP PRIVATE KEY BLOCK----- diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test index ed0f6c4..cae8b68 100755 --- a/tests/openpgp/version.test +++ b/tests/openpgp/version.test @@ -28,7 +28,7 @@ else fi if [ -d private-keys-v1.d ]; then rm private-keys-v1.d/* 2>/dev/null || true - rmdir private-keys-v1.d + rmdir private-keys-v1.d fi for i in pubring.gpg pubring.gpg~ trustdb.gpg trustdb.gpg~ ; do [ -d "$i" ] && rm "$i" @@ -102,5 +102,3 @@ info "Printing the GPG version" $GPG --version #fixme: check that the output is as expected - - commit ba23e88faa00eeb9682f8dc6fe1586735a99179a Author: Werner Koch Date: Wed Feb 9 19:46:00 2011 +0100 Replace printf by es_printf in keyserver.c This is similar to the change in keylist.c and elsewhere. diff --git a/g10/ChangeLog b/g10/ChangeLog index 8594110..351475f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,7 @@ +2011-02-09 Werner Koch + + * keyserver.c: Replace all printf by es_printf. + 2011-02-08 Werner Koch * call-dirmngr.c (gpg_dirmngr_ks_fetch): New. diff --git a/g10/keyserver.c b/g10/keyserver.c index be0049a..31c7133 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -18,9 +18,6 @@ * along with this program; if not, see . */ -/* !!! FIXME: Replace all printf by es_printf. FIXME !!! */ - - #include #include #include @@ -501,19 +498,19 @@ print_keyrec(int number,struct keyrec *keyrec) iobuf_writebyte(keyrec->uidbuf,0); iobuf_flush_temp(keyrec->uidbuf); - printf("(%d)\t%s ",number,iobuf_get_temp_buffer(keyrec->uidbuf)); + es_printf ("(%d)\t%s ", number, iobuf_get_temp_buffer (keyrec->uidbuf)); - if(keyrec->size>0) - printf("%d bit ",keyrec->size); + if (keyrec->size>0) + es_printf ("%d bit ", keyrec->size); if(keyrec->type) { const char *str = gcry_pk_algo_name (keyrec->type); if(str) - printf("%s ",str); + es_printf ("%s ",str); else - printf("unknown "); + es_printf ("unknown "); } switch(keyrec->desc.mode) @@ -522,28 +519,28 @@ print_keyrec(int number,struct keyrec *keyrec) choice but to use it. Do check --keyid-format to add a 0x if needed. */ case KEYDB_SEARCH_MODE_SHORT_KID: - printf("key %s%08lX", - (opt.keyid_format==KF_0xSHORT - || opt.keyid_format==KF_0xLONG)?"0x":"", - (ulong)keyrec->desc.u.kid[1]); + es_printf ("key %s%08lX", + (opt.keyid_format==KF_0xSHORT + || opt.keyid_format==KF_0xLONG)?"0x":"", + (ulong)keyrec->desc.u.kid[1]); break; /* However, if it gave us a long keyid, we can honor --keyid-format */ case KEYDB_SEARCH_MODE_LONG_KID: - printf("key %s",keystr(keyrec->desc.u.kid)); + es_printf ("key %s",keystr(keyrec->desc.u.kid)); break; case KEYDB_SEARCH_MODE_FPR16: - printf("key "); + es_printf ("key "); for(i=0;i<16;i++) - printf("%02X",keyrec->desc.u.fpr[i]); + es_printf ("%02X",keyrec->desc.u.fpr[i]); break; case KEYDB_SEARCH_MODE_FPR20: - printf("key "); + es_printf ("key "); for(i=0;i<20;i++) - printf("%02X",keyrec->desc.u.fpr[i]); + es_printf ("%02X", keyrec->desc.u.fpr[i]); break; default: @@ -553,24 +550,24 @@ print_keyrec(int number,struct keyrec *keyrec) if(keyrec->createtime>0) { - printf(", "); - printf(_("created: %s"),strtimestamp(keyrec->createtime)); + es_printf (", "); + es_printf (_("created: %s"), strtimestamp(keyrec->createtime)); } if(keyrec->expiretime>0) { - printf(", "); - printf(_("expires: %s"),strtimestamp(keyrec->expiretime)); + es_printf (", "); + es_printf (_("expires: %s"), strtimestamp(keyrec->expiretime)); } - if(keyrec->flags&1) - printf(" (%s)",_("revoked")); + if (keyrec->flags&1) + es_printf (" (%s)", _("revoked")); if(keyrec->flags&2) - printf(" (%s)",_("disabled")); + es_printf (" (%s)", _("disabled")); if(keyrec->flags&4) - printf(" (%s)",_("expired")); + es_printf (" (%s)", _("expired")); - printf("\n"); + es_printf ("\n"); } /* Returns a keyrec (which must be freed) once a key is complete, and @@ -756,7 +753,7 @@ show_prompt (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int numdesc, gpg_error_t err; char *answer = NULL; - fflush (stdout); + es_fflush (es_stdout); if (count && opt.command_fd == -1) { commit 1cdcab68924a58623c3ea75eb47544973f24420c Author: Werner Koch Date: Wed Feb 9 17:48:00 2011 +0100 Add framework to print keyserver engine information diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index 757eb78..ac71bdd 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,5 +1,15 @@ 2011-02-09 Werner Koch + * ks-engine-kdns.c: New. Based on the former gpgkeys_kdns. + + * server.c (cmd_keyserver): Add option --help. + (dirmngr_status_help): New. + * ks-action.c (ks_print_help): New. + (ks_action_help): New. + * ks-engine-finger.c (ks_finger_help): New. + * ks-engine-http.c (ks_http_help): New. + * ks-engine-hkp.c (ks_hkp_help): New. + * ks-action.c (ks_action_fetch): Support http URLs. * ks-engine-http.c: New. diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 6b27c7a..6bdb598 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -51,7 +51,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ cdb.h cdblib.c ldap.c misc.c dirmngr-err.h w32-ldap-help.h \ ocsp.c ocsp.h validate.c validate.h ldap-wrapper.h $(ldap_url) \ ks-action.c ks-action.h ks-engine.h \ - ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c + ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c if USE_LDAPWRAPPER dirmngr_SOURCES += ldap-wrapper.c diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index de243ee..4f5cbd1 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -192,6 +192,7 @@ ksba_cert_t get_cert_local_ski (ctrl_t ctrl, gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr); void start_command_handler (gnupg_fd_t fd); gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...); +gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text); gpg_error_t dirmngr_tick (ctrl_t ctrl); diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index ec691fe..1f876d0 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -49,6 +49,50 @@ copy_stream (estream_t in, estream_t out) } +/* Called by the engine's help functions to print the actual help. */ +gpg_error_t +ks_print_help (ctrl_t ctrl, const char *text) +{ + return dirmngr_status_help (ctrl, text); +} + + +/* Run the help command for the engine responsible for URI. */ +gpg_error_t +ks_action_help (ctrl_t ctrl, const char *url) +{ + gpg_error_t err; + parsed_uri_t parsed_uri; /* The broken down URI. */ + + if (!url || !*url) + { + ks_print_help (ctrl, "Known schemata:\n"); + parsed_uri = NULL; + } + else + { + err = http_parse_uri (&parsed_uri, url, 1); + if (err) + return err; + } + + /* Call all engines to geive them a chance to print a help sting. */ + err = ks_hkp_help (ctrl, parsed_uri); + if (!err) + err = ks_http_help (ctrl, parsed_uri); + if (!err) + err = ks_finger_help (ctrl, parsed_uri); + if (!err) + err = ks_kdns_help (ctrl, parsed_uri); + + if (!parsed_uri) + ks_print_help (ctrl, + "(Use the schema followed by a colon for specific help.)"); + else + http_release_parsed_uri (parsed_uri); + return err; +} + /* Search all configured keyservers for keys matching PATTERNS and write the result to the provided output stream. */ @@ -187,6 +231,15 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp) es_fclose (infp); } } + else if (!strcmp (parsed_uri->scheme, "kdns")) + { + err = ks_kdns_fetch (ctrl, parsed_uri, &infp); + if (!err) + { + err = copy_stream (infp, outfp); + es_fclose (infp); + } + } else err = gpg_error (GPG_ERR_INV_URI); diff --git a/dirmngr/ks-action.h b/dirmngr/ks-action.h index bba53bc..3dca90f 100644 --- a/dirmngr/ks-action.h +++ b/dirmngr/ks-action.h @@ -20,6 +20,7 @@ #ifndef DIRMNGR_KS_ACTION_H #define DIRMNGR_KS_ACTION_H 1 +gpg_error_t ks_action_help (ctrl_t ctrl, const char *url); gpg_error_t ks_action_search (ctrl_t ctrl, strlist_t patterns, estream_t outfp); gpg_error_t ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp); gpg_error_t ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp); diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c index c9e897f..57dd340 100644 --- a/dirmngr/ks-engine-finger.c +++ b/dirmngr/ks-engine-finger.c @@ -29,6 +29,28 @@ #include "userids.h" #include "ks-engine.h" +/* Print a help output for the schemata supported by this module. */ +gpg_error_t +ks_finger_help (ctrl_t ctrl, parsed_uri_t uri) +{ + char const data[] = + "Handler for FINGER:\n" + " finger:@\n" + "Supported methods: fetch\n" + "Example:\n" + " finger:joe at example.org\n"; + gpg_error_t err; + + if (!uri) + err = ks_print_help (ctrl, " finger"); + else if (!strcmp (uri->scheme, "finger")) + err = ks_print_help (ctrl, data); + else + err = 0; + + return err; +} + /* Get the key from URI which is expected to specify a finger scheme. On success R_FP has an open stream to read the data. */ diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 3467a6d..5ad61fd 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -36,6 +36,26 @@ /* How many redirections do we allow. */ #define MAX_REDIRECTS 2 +/* Print a help output for the schemata supported by this module. */ +gpg_error_t +ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri) +{ + const char const data[] = + "Handler for HKP URLs:\n" + " hkp://\n" + "Supported methods: search, get, put\n"; + gpg_error_t err; + + if (!uri) + err = ks_print_help (ctrl, " hkp"); + else if (uri->is_http) + err = ks_print_help (ctrl, data); + else + err = 0; + + return err; +} + /* Send an HTTP request. On success returns an estream object at R_FP. HOSTPORTSTR is only used for diagnostics. If POST_CB is not diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index 304e793..2ce1b19 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -31,6 +31,26 @@ /* How many redirections do we allow. */ #define MAX_REDIRECTS 2 +/* Print a help output for the schemata supported by this module. */ +gpg_error_t +ks_http_help (ctrl_t ctrl, parsed_uri_t uri) +{ + const char const data[] = + "Handler for HTTP URLs:\n" + " http://\n" + "Supported methods: fetch\n"; + gpg_error_t err; + + if (!uri) + err = ks_print_help (ctrl, " http"); + else if (uri->is_http) + err = ks_print_help (ctrl, data); + else + err = 0; + + return err; +} + /* Get the key from URL which is expected to specify a http style scheme. On success R_FP has an open stream to read the data. */ diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h index 9d2afdf..8b55144 100644 --- a/dirmngr/ks-engine.h +++ b/dirmngr/ks-engine.h @@ -23,7 +23,11 @@ #include "../common/estream.h" #include "../common/http.h" +/*-- ks-action.c --*/ +gpg_error_t ks_print_help (ctrl_t ctrl, const char *text); + /*-- ks-engine-hkp.c --*/ +gpg_error_t ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri); gpg_error_t ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, estream_t *r_fp); gpg_error_t ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri, @@ -32,12 +36,18 @@ gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri, const void *data, size_t datalen); /*-- ks-engine-http.c --*/ +gpg_error_t ks_http_help (ctrl_t ctrl, parsed_uri_t uri); gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp); /*-- ks-engine-finger.c --*/ +gpg_error_t ks_finger_help (ctrl_t ctrl, parsed_uri_t uri); gpg_error_t ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp); +/*-- ks-engine-kdns.c --*/ +gpg_error_t ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri); +gpg_error_t ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp); + #endif /*DIRMNGR_KS_ENGINE_H*/ diff --git a/dirmngr/server.c b/dirmngr/server.c index 403a136..1a244c8 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -1359,7 +1359,7 @@ cmd_validate (assuan_context_t ctx, char *line) static const char hlp_keyserver[] = - "KEYSERVER [--clear] []\n" + "KEYSERVER [--clear|--help] []\n" "\n" "If called without arguments list all configured keyserver URLs.\n" "If called with option \"--clear\" remove all configured keyservers\n" @@ -1374,14 +1374,21 @@ cmd_keyserver (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; - int clear_flag, add_flag; + int clear_flag, add_flag, help_flag; uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it is always initialized. */ clear_flag = has_option (line, "--clear"); + help_flag = has_option (line, "--help"); line = skip_options (line); add_flag = !!*line; + if (help_flag) + { + err = ks_action_help (ctrl, line); + goto leave; + } + if (add_flag) { item = xtrymalloc (sizeof *item + strlen (line)); @@ -1409,7 +1416,7 @@ cmd_keyserver (assuan_context_t ctx, char *line) ctrl->keyservers = item; } - if (!add_flag && !clear_flag) /* List configured keyservers. */ + if (!add_flag && !clear_flag && !help_flag) /* List configured keyservers. */ { uri_item_t u; @@ -1947,7 +1954,7 @@ start_command_handler (assuan_fd_t fd) /* Send a status line back to the client. KEYWORD is the status - keyword, the optioal string argumenst are blank separated added to + keyword, the optional string arguments are blank separated added to the line, the last argument must be a NULL. */ gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...) @@ -1985,6 +1992,36 @@ dirmngr_status (ctrl_t ctrl, const char *keyword, ...) } +/* Print a help status line. TEXTLEN gives the length of the text + from TEXT to be printed. The function splits text at LFs. */ +gpg_error_t +dirmngr_status_help (ctrl_t ctrl, const char *text) +{ + gpg_error_t err = 0; + + if (ctrl->server_local) + { + assuan_context_t ctx = ctrl->server_local->assuan_ctx; + char buf[950], *p; + size_t n; + + do + { + p = buf; + n = 0; + for ( ; *text && *text != '\n' && n < DIM (buf)-2; n++) + *p++ = *text++; + if (*text == '\n') + text++; + *p = 0; + err = assuan_write_status (ctx, "#", buf); + } + while (!err && *text); + } + + return err; +} + /* Send a tick progress indicator back. Fixme: This is only does for the currently active channel. */ gpg_error_t ----------------------------------------------------------------------- Summary of changes: dirmngr/ChangeLog | 10 ++ dirmngr/Makefile.am | 2 +- dirmngr/dirmngr.h | 1 + dirmngr/ks-action.c | 53 ++++++++++++ dirmngr/ks-action.h | 1 + dirmngr/ks-engine-finger.c | 22 +++++ dirmngr/ks-engine-hkp.c | 20 +++++ dirmngr/ks-engine-http.c | 20 +++++ dirmngr/ks-engine-kdns.c | 79 ++++++++++++++++++ dirmngr/ks-engine.h | 10 ++ dirmngr/server.c | 45 +++++++++- g10/ChangeLog | 9 ++ g10/keyserver.c | 51 ++++++------ g10/seskey.c | 28 +++---- tests/openpgp/ChangeLog | 21 +++-- tests/openpgp/Makefile.am | 20 +++-- tests/openpgp/defs.inc | 33 +++++--- tests/openpgp/ecc.test | 89 ++++++++++++++++++++ tests/openpgp/{armsigs.test => pinentry.sh} | 29 +++++-- tests/openpgp/samplekeys/README | 111 ++++++++++++++++++++++++- tests/openpgp/samplekeys/ecc-sample-2-pub.asc | 25 ++++++ tests/openpgp/samplekeys/ecc-sample-2-sec.asc | 22 +++++ tests/openpgp/samplekeys/ecc-sample-3-pub.asc | 28 ++++++ tests/openpgp/samplekeys/ecc-sample-3-sec.asc | 24 ++++++ tests/openpgp/version.test | 4 +- 25 files changed, 669 insertions(+), 88 deletions(-) create mode 100644 dirmngr/ks-engine-kdns.c create mode 100755 tests/openpgp/ecc.test copy tests/openpgp/{armsigs.test => pinentry.sh} (54%) create mode 100644 tests/openpgp/samplekeys/ecc-sample-2-pub.asc create mode 100644 tests/openpgp/samplekeys/ecc-sample-2-sec.asc create mode 100644 tests/openpgp/samplekeys/ecc-sample-3-pub.asc create mode 100644 tests/openpgp/samplekeys/ecc-sample-3-sec.asc hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 10 21:17:04 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 10 Feb 2011 21:17:04 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-7-gcfbb576 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cfbb5760d9ab10deee9b1b231fd264130025cbdc (commit) from d290f2914abe0a279b7674c915e1b752353812b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cfbb5760d9ab10deee9b1b231fd264130025cbdc Author: Werner Koch Date: Thu Feb 10 20:54:37 2011 +0100 Remove debug code from regression test pinentry Also updated de.po diff --git a/po/de.po b/po/de.po index 440c708..16a8801 100644 --- a/po/de.po +++ b/po/de.po @@ -1,7 +1,7 @@ # GnuPG German translation # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, # 2006, 2007, 2008, 2009 Free Software Foundation, Inc. -# Walter Koch , 1998, 1999, 2000, 2001, 2002, +# Walter Koch , 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006 # Merged with the gnupg 1.9.23 translation by Werner Koch on 2006-09-25. # @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.1.0\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2011-01-20 15:10+0100\n" +"PO-Revision-Date: 2011-02-10 20:53+0100\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "MIME-Version: 1.0\n" @@ -3570,6 +3570,22 @@ msgid " (%d) RSA (set your own capabilities)\n" msgstr " (%d) RSA (Leistungsf?higkeit selber einstellbar)\n" #, c-format +msgid " (%d) ECDSA and ECDH\n" +msgstr " (%d) ECDSA und ECDH\n" + +#, c-format +msgid " (%d) ECDSA (sign only)\n" +msgstr " (%d) ECDSA (nur signieren/beglaubigen)\n" + +#, c-format +msgid " (%d) ECDSA (set your own capabilities)\n" +msgstr " (%d) ECDSA (Leistungsf?higkeit selber einstellbar)\n" + +#, c-format +msgid " (%d) ECDH (encrypt only)\n" +msgstr " (%d) ECDH (nur verschl?sseln)\n" + +#, c-format msgid "%s keys may be between %u and %u bits long.\n" msgstr "%s-Schl?ssel k?nnen zwischen %u und %u Bit lang sein.\n" @@ -3585,6 +3601,10 @@ msgstr "Welche Schl?ssell?nge w?nschen Sie? (%u) " msgid "Requested keysize is %u bits\n" msgstr "Die verlangte Schl?ssell?nge betr?gt %u Bit\n" +#, c-format +msgid "rounded to %u bits\n" +msgstr "gerundet auf %u Bit\n" + msgid "" "Please specify how long the key should be valid.\n" " 0 = key does not expire\n" @@ -4003,12 +4023,12 @@ msgid "sending key %s to %s\n" msgstr "sende Schl?ssel %s auf %s\n" #, c-format -msgid "WARNING: unable to fetch URI %s: %s\n" -msgstr "WARNUNG: die URI %s kann nicht geholt werden: %s\n" +msgid "requesting key from `%s'\n" +msgstr "fordere Schl?ssel von %s an\n" #, c-format -msgid "WARNING: unable to parse URI %s\n" -msgstr "WARNUNG: die URI %s kann nicht analysiert werden\n" +msgid "WARNING: unable to fetch URI %s: %s\n" +msgstr "WARNUNG: die URI %s kann nicht geholt werden: %s\n" #, c-format msgid "weird size for an encrypted session key (%d)\n" @@ -4258,6 +4278,9 @@ msgstr "Mehrdeutige Option '%s'\n" msgid "unknown option `%s'\n" msgstr "Unbekannte Option '%s'\n" +msgid "ECDSA public key is expected to be in SEC encoding multiple of 8 bits\n" +msgstr "Der ?ffentliche ECDSA Schl?ssel mu? ein Vielfaches von 8 Bit als L?nge haben\n" + #, c-format msgid "File `%s' exists. " msgstr "Datei '%s' existiert bereits. " @@ -4780,12 +4803,12 @@ msgstr "" "f?r sym. Verschl?sselung nicht vermieden werden!\n" #, c-format -msgid "DSA key %s uses an unsafe (%zu bit) hash\n" -msgstr "DSA-Schl?ssel %s verwendet einen unsicheren (%zu Bit-) Hash\n" +msgid "%s key %s uses an unsafe (%zu bit) hash\n" +msgstr "%s-Schl?ssel %s verwendet ein unsicheres (%zu-Bit) Hashverfahren\n" #, c-format -msgid "DSA key %s requires a %zu bit or larger hash\n" -msgstr "DSA-Schl?ssel %s ben?tigt einen mindestens %zu Bit langen Hash\n" +msgid "%s key %s requires a %zu bit or larger hash (hash is %s\n" +msgstr "%s-Schl?ssel %s ben?tigt einen mindestens %zu Bit langen Hash (Hash ist %s)\n" msgid "WARNING: signature digest conflict in message\n" msgstr "WARNUNG: Widersprechende Hashverfahren in der signierten Nachricht\n" @@ -7023,14 +7046,6 @@ msgstr "SIGINT empfangen - wird sofort heruntergefahren\n" msgid "signal %d received - no action defined\n" msgstr "Signal %d empfangen - keine Aktion definiert\n" -#, c-format -msgid "accept failed: %s - waiting 1s\n" -msgstr "accept() fehlgeschlagen: %s - warte 1s\n" - -#, c-format -msgid "error spawning connection handler: %s\n" -msgstr "Fehler beim Starten des Verbindungshandler: %s\n" - msgid "return all values in a record oriented format" msgstr "Alle Werte in einem Record Format zur?ckgeben" @@ -7821,6 +7836,18 @@ msgstr "" "Syntax: gpg-check-pattern [optionen] Musterdatei\n" "Die von stdin gelesene Passphrase gegen die Musterdatei pr?fen\n" +#~ msgid "WARNING: unable to parse URI %s\n" +#~ msgstr "WARNUNG: die URI %s kann nicht analysiert werden\n" + +#~ msgid "DSA key %s uses an unsafe (%zu bit) hash\n" +#~ msgstr "DSA-Schl?ssel %s verwendet einen unsicheren (%zu Bit-) Hash\n" + +#~ msgid "accept failed: %s - waiting 1s\n" +#~ msgstr "accept() fehlgeschlagen: %s - warte 1s\n" + +#~ msgid "error spawning connection handler: %s\n" +#~ msgstr "Fehler beim Starten des Verbindungshandler: %s\n" + #~ msgid "searching for names from %s server %s\n" #~ msgstr "suche Namen auf %s-Server %s\n" diff --git a/tests/openpgp/pinentry.sh b/tests/openpgp/pinentry.sh index c8d0552..b4b12fc 100755 --- a/tests/openpgp/pinentry.sh +++ b/tests/openpgp/pinentry.sh @@ -7,8 +7,6 @@ # WARRANTY, to the extent permitted by law; without even the implied # warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -exec 2>>/tmp/pinentry.err - echo "OK - what's up?" while read cmd rest; do echo "cmd=$cmd rest=$rest" >&2 ----------------------------------------------------------------------- Summary of changes: po/de.po | 63 ++++++++++++++++++++++++++++++++------------- tests/openpgp/pinentry.sh | 2 - 2 files changed, 45 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 11 09:45:30 2011 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 11 Feb 2011 09:45:30 +0100 Subject: [git] Wincetools - branch, kdepimcetools, updated. fa7053a66ec86d46a9b5d963abe83b84c420b929 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "UNNAMED PROJECT". The branch, kdepimcetools has been updated via fa7053a66ec86d46a9b5d963abe83b84c420b929 (commit) from b9eabf8c7de3290822582a74d4b69944d4d93edd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fa7053a66ec86d46a9b5d963abe83b84c420b929 Author: Andre Heinecke Date: Fri Feb 11 08:17:37 2011 +0000 Fix the bring to front action whithout loader diff --git a/loader/splashscreen.cpp b/loader/splashscreen.cpp index 0e335e4..d056290 100644 --- a/loader/splashscreen.cpp +++ b/loader/splashscreen.cpp @@ -64,11 +64,11 @@ restore_existing_window( const wchar_t * filename ) } TRACE("BASENAME of %S \n is : %S \n", filename, basename); - if (endswith(filename, L"-real.exe")) { - c = L'-'; - } else { - c = L'.'; - } +#ifdef USE_LOADER + c = L'-'; +#else + c = L'.'; +#endif p = wcsrchr(filename, c); if (! p ) { ----------------------------------------------------------------------- Summary of changes: loader/splashscreen.cpp | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- UNNAMED PROJECT http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 11 10:21:17 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 11 Feb 2011 10:21:17 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-8-g7d5ba08 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7d5ba080be74308f5f77c734e901705f06408a6e (commit) from cfbb5760d9ab10deee9b1b231fd264130025cbdc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7d5ba080be74308f5f77c734e901705f06408a6e Author: Werner Koch Date: Fri Feb 11 09:59:16 2011 +0100 Add ECC sign, verify, encrypt and decrypt tests diff --git a/tests/openpgp/ecc.test b/tests/openpgp/ecc.test index ce49308..6e3ae81 100755 --- a/tests/openpgp/ecc.test +++ b/tests/openpgp/ecc.test @@ -28,6 +28,9 @@ else fi +# +# Setup for ECC testing +# info "Preparing for ECC test." for i in $keygrips ; do rm private-keys-v1.d/$i.key 2>/dev/null || true @@ -35,6 +38,9 @@ for i in $keygrips ; do done +# +# Import the sample keys +# info "Importing ECC public keys." for k in $mainkeyids ; do $GPG --delete-key --batch --yes $k 2>/dev/null || true @@ -49,9 +55,69 @@ for i in 1 2 3; do done -info "Importing ECC secret keys." +# +# Check a few sample signature +# +info "Checking ECC signatures." +tests="" + +# The following is an opaque ECDSA signature on a message "This is one +# line\n" (17 byte long) by the primary 256 bit key: +tests="$tests msg_opaque_signed_256" +msg_opaque_signed_256='-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.1.0-ecc (GNU/Linux) + +owGbwMvMwCHMvVT3w66lc+cwrlFK4k5N1k3KT6nUK6ko8Zl8MSEkI7NYAYjy81IV +cjLzUrk64lgYhDkY2FiZQNIMXJwCMO31rxgZ+tW/zesUPxWzdKWrtLGW/LkP5rXL +V/Yvnr/EKjBbQuvZSYa/klsum6XFmTze+maVgclT6Rc6hzqqxNy6o6qdTTmLJuvp +AQA= +=GDv4 +-----END PGP MESSAGE----' + +# The following is an opaque ECDSA signature on a message "This is one +# line\n" (17 byte long) by the primary 384 bit key: +tests="$tests msg_opaque_signed_384" +msg_opaque_signed_384='-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DIqwE7wsvMwCnM2WDcwR9SOJ/xtFISd25qcXFieqpeSUUJAxCEZGQWKwBR +fl6qQk5mXirXoXJmVgbfYC5xmC5hzsDPjHXqbDLzpXpTBXSZV3L6bAgP3Kq7Ykmo +7Ds1v4UfBS+3CSSon7Pzq79WLjzXXEH54MkjPxnrw+8cfMVnY7Bi18J702Nnsa7a +9lMv/PM0/ao9CZ3KX7Q+Tv1rllTZ5Hj4V1frw431QnHfAA== +=elKT +-----END PGP MESSAGE-----' + +# The following is an opaque ECDSA signature on a message "This is one +# line\n" (17 byte long) by the primary 521 bit key: +tests="$tests msg_opaque_signed_521" +msg_opaque_signed_521='-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DIwA8BO8LLzMAlnO3Y8tB1vf4/xtNKSdy5qcXFiempeiUVJQxAEJKRWawA +RPl5qQo5mXmpXIdmMLMy+AaLnoLpEubatpeJY2Lystd7Qt32q2UcvRS5kNPWtDB7 +ryufvcrWtFM7Jx8qXKDxZuqr7b9PGv1Ssk+I8TzB2O9dZC+n/jv+PAdbuu7mLe33 +Gf9pLd3weV3Qno6FOqxGa5ZszQx+uer2xH3/El9x/2pVeO4l15ScsL7qWMTmffmG +Ic1RdzgeCfosMF+l/zVRchcLKzenEQA= +=ATtX +-----END PGP MESSAGE-----' + +echo 'This is one line' >z +for msg in $tests; do + info "checking: $msg" + eval "(IFS=; echo \"\$$msg\")" >x + $GPG --verify x || error "verify(1) of $msg failed" + $GPG -o y --yes x || error "verify(2) of $msg failed" + cmp y z || error "$msg: mismatch" +done + + +# +# Import the secret keys so that we now can sign and decrypt. +# # Note that the PGP generated secret keys are not self-signed, thus we # need to pass an appropriate option. +# +info "Importing ECC secret keys." for i in 1 2 3; do k="ecc-sample-$i-sec.asc" if [ "$i" -gt "1" ]; then @@ -67,6 +133,104 @@ for i in 1 2 3; do done +# +# Check a few sample encrtpted messages. +# +info "Checking ECC encryption." +tests="" + +# The following block encrypts the text "This is one line\n", 17 bytes, +# with the subkey 4089AB73. +tests="$tests msg_encrypted_256" +msg_encrypted_256='-----BEGIN PGP MESSAGE----- +Version: GnuPG v2.1.0-ecc (GNU/Linux) + +hH4Dd863o0CJq3MSAgMEHdIYZQx+rV1cjy7qitIOEICFFzp4cjsRX4r+rDdMcQUs +h7VZmbP1c9C0s9sgCKwubWfkcYUl2ZOju4gy+s4MYTBb4/j8JjnJ9Bqn6LWutTXJ +zwsdP13VIJLnhiNqISdR3/6xWQ0ICRYzwb95nUZ1c1DSVgFpjPgUvi4pgYbTpcDB +jzILKWBfBDT/jck169XE8vgtbcqVQYZ7lZpaY9CzEbC+4dXZmV1gm5MafpTyFWgH +VnyrZB4gad9Lp9e0RKHHcOOE7s/NeLuu +=odUZ +-----END PGP MESSAGE-----' + +# The following block encrypts the text "This is one line\n", 17 bytes, +# with the subkey 9A201946: +tests="$tests msg_encrypted_384" +msg_encrypted_384='-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DBngOqi5OPmiAZRhIDAwQqIr/00cJyf+QP+VA4QKVkk77KMHdz9OVaR2XK +0VYu0F/HPm89vL2orfm2hrAZxY9G2R0PG4Wk5Lg04UjKca/O72uWtjdPYulFidmo +uB0QpzXFz22ZZinxeVPLPEr19Pow0EwCc95cg4HAgrD0nV9vRcTJ/+juVfvsJhAO +isMKqrFNMvwnK5A1ECeyVXe7oLZl0lUBRhLr59QTtvf85QJjg/m5kaGy8XCJvLv3 +61pZa6KUmw89PjtPak7ebcjnINL01vwmyeg1PAyW/xjeGGvcO+R4P1b4ewyFnJyR +svzIJcP7d4DqYOw7 +=oiTJ +-----END PGP MESSAGE-----' + +# The following block encrypts the text "This is one line\n", 17 bytes, +# with the subkey A81C4838: +tests="$tests msg_encrypted_521" +msg_encrypted_521='-----BEGIN PGP MESSAGE----- +Version: PGP Command Line v10.0.0 (Linux) + +qANQR1DBwAIDB+qqSKgcSDgSBCMEAKpzTUxB4c56C7g09ekD9I+ttC5ER/xzDmXU +OJmFqU5w3FllhFj4TgGxxdH+8fv4W2Ag0IKoJvIY9V1V7oUCClfqAR01QbN7jGH/ +I9GFFnH19AYEgMKgFmh14ZwN1BS6/VHh+H4apaYqapbx8/09EL+DV9zWLX4GRLXQ +VqCR1N2rXE29MJFzGmDOCueQNkUjcbuenoCSKcNT+6xhO27U9IYVCg4BhRUDGfD6 +dhfRzBLxL+bKR9JVAe46+K8NLjRVu/bd4Iounx4UF5dBk8ERy+/8k9XantDoQgo6 +RPqCad4Dg/QqkpbK3y574ds3VFNJmc4dVpsXm7lGV5w0FBxhVNPoWNhhECMlTroX +Rg== +=5GqW +-----END PGP MESSAGE-----' + +echo 'This is one line' >z +for msg in $tests; do + info "checking: $msg" + eval "(IFS=; echo \"\$$msg\")" >x + $GPG -o y --yes x || error "decryption of $msg failed" + cmp y z || error "$msg: mismatch" +done + + +# +# Now check that we can encrypt and decrypt our own messages. +# +# Note that we don't need to provide a passppharse because we already +# preset the passphrase into the gpg-agent. +# +info "Checking ECC encryption and decryption." +for i in $plain_files $data_files ; do + for k in $mainkeyids ; do + info "file: $i key: $k" + $GPG --always-trust -e -o x --yes -r $k $i + $GPG -o y --yes x + cmp $i y || error "$i,$k: mismatch" + done +done + + +# +# Now check that we can sign and verify our own messages. +# +info "Checking ECC signing and verifiction." +for i in $plain_files $data_files ; do + for k in $mainkeyids ; do + info "file: $i key: $k" + $GPG -s -o x --yes -u $k $i + $GPG -o y --yes x || error "verify of $i,$k failed" + cmp $i y || error "$i,$k: mismatch" + done +done + + +# +# Let us also try to import the keys only from a secret keyblock. +# +# Because PGP does not sign the UID, it is not very useful to work +# with this key unless we go into the trouble of adding the +# self-signature. +# info "Importing ECC secret keys directly." for i in $keygrips ; do rm private-keys-v1.d/$i.key 2>/dev/null || true diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index 4bfd61f..b8520c4 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -6,107 +6,3 @@ ecc-sample-2-pub.asc A NIST P-384 ECC sample key. ecc-sample-2-sec.asc Ditto, but the secret keyblock. ecc-sample-3-pub.asc A NIST P-521 ECC sample key. ecc-sample-3-sec.asc Ditto, but the secret keyblock. - - - -Signed message - -The following is an opaque ECDSA signature on a message "This is one -line\n" (17 byte long) by the master key: - ------BEGIN PGP MESSAGE----- -Version: GnuPG v2.1.0-ecc (GNU/Linux) - -owGbwMvMwCHMvVT3w66lc+cwrlFK4k5N1k3KT6nUK6ko8Zl8MSEkI7NYAYjy81IV -cjLzUrk64lgYhDkY2FiZQNIMXJwCMO31rxgZ+tW/zesUPxWzdKWrtLGW/LkP5rXL -V/Yvnr/EKjBbQuvZSYa/klsum6XFmTze+maVgclT6Rc6hzqqxNy6o6qdTTmLJuvp -AQA= -=GDv4 ------END PGP MESSAGE---- - -Encrypted message - -The following block encrypts the text "This is one line\n", 17 bytes, -with the subkey 0x4089AB73. - ------BEGIN PGP MESSAGE----- -Version: GnuPG v2.1.0-ecc (GNU/Linux) - -hH4Dd863o0CJq3MSAgMEHdIYZQx+rV1cjy7qitIOEICFFzp4cjsRX4r+rDdMcQUs -h7VZmbP1c9C0s9sgCKwubWfkcYUl2ZOju4gy+s4MYTBb4/j8JjnJ9Bqn6LWutTXJ -zwsdP13VIJLnhiNqISdR3/6xWQ0ICRYzwb95nUZ1c1DSVgFpjPgUvi4pgYbTpcDB -jzILKWBfBDT/jck169XE8vgtbcqVQYZ7lZpaY9CzEbC+4dXZmV1gm5MafpTyFWgH -VnyrZB4gad9Lp9e0RKHHcOOE7s/NeLuu -=odUZ ------END PGP MESSAGE----- - - - - -Signed message - -The following is an opaque ECDSA signature on a message "This is one -line\n" (17 byte long) by the master key: - ------BEGIN PGP MESSAGE----- -Version: PGP Command Line v10.0.0 (Linux) - -qANQR1DIqwE7wsvMwCnM2WDcwR9SOJ/xtFISd25qcXFieqpeSUUJAxCEZGQWKwBR -fl6qQk5mXirXoXJmVgbfYC5xmC5hzsDPjHXqbDLzpXpTBXSZV3L6bAgP3Kq7Ykmo -7Ds1v4UfBS+3CSSon7Pzq79WLjzXXEH54MkjPxnrw+8cfMVnY7Bi18J702Nnsa7a -9lMv/PM0/ao9CZ3KX7Q+Tv1rllTZ5Hj4V1frw431QnHfAA== -=elKT ------END PGP MESSAGE----- - -Encrypted message - -The following block encrypts the text "This is one line\n", 17 bytes, -with the subkey: - ------BEGIN PGP MESSAGE----- -Version: PGP Command Line v10.0.0 (Linux) - -qANQR1DBngOqi5OPmiAZRhIDAwQqIr/00cJyf+QP+VA4QKVkk77KMHdz9OVaR2XK -0VYu0F/HPm89vL2orfm2hrAZxY9G2R0PG4Wk5Lg04UjKca/O72uWtjdPYulFidmo -uB0QpzXFz22ZZinxeVPLPEr19Pow0EwCc95cg4HAgrD0nV9vRcTJ/+juVfvsJhAO -isMKqrFNMvwnK5A1ECeyVXe7oLZl0lUBRhLr59QTtvf85QJjg/m5kaGy8XCJvLv3 -61pZa6KUmw89PjtPak7ebcjnINL01vwmyeg1PAyW/xjeGGvcO+R4P1b4ewyFnJyR -svzIJcP7d4DqYOw7 -=oiTJ ------END PGP MESSAGE----- - - - -Signed message - -The following is an opaque ECDSA signature on a message "This is one -line\n" (17 byte long) by the master key: - ------BEGIN PGP MESSAGE----- -Version: PGP Command Line v10.0.0 (Linux) - -qANQR1DIwA8BO8LLzMAlnO3Y8tB1vf4/xtNKSdy5qcXFiempeiUVJQxAEJKRWawA -RPl5qQo5mXmpXIdmMLMy+AaLnoLpEubatpeJY2Lystd7Qt32q2UcvRS5kNPWtDB7 -ryufvcrWtFM7Jx8qXKDxZuqr7b9PGv1Ssk+I8TzB2O9dZC+n/jv+PAdbuu7mLe33 -Gf9pLd3weV3Qno6FOqxGa5ZszQx+uer2xH3/El9x/2pVeO4l15ScsL7qWMTmffmG -Ic1RdzgeCfosMF+l/zVRchcLKzenEQA= -=ATtX ------END PGP MESSAGE----- - -Encrypted message - -The following block encrypts the text "This is one line\n", 17 bytes, -with the subkey: - ------BEGIN PGP MESSAGE----- -Version: PGP Command Line v10.0.0 (Linux) - -qANQR1DBwAIDB+qqSKgcSDgSBCMEAKpzTUxB4c56C7g09ekD9I+ttC5ER/xzDmXU -OJmFqU5w3FllhFj4TgGxxdH+8fv4W2Ag0IKoJvIY9V1V7oUCClfqAR01QbN7jGH/ -I9GFFnH19AYEgMKgFmh14ZwN1BS6/VHh+H4apaYqapbx8/09EL+DV9zWLX4GRLXQ -VqCR1N2rXE29MJFzGmDOCueQNkUjcbuenoCSKcNT+6xhO27U9IYVCg4BhRUDGfD6 -dhfRzBLxL+bKR9JVAe46+K8NLjRVu/bd4Iounx4UF5dBk8ERy+/8k9XantDoQgo6 -RPqCad4Dg/QqkpbK3y574ds3VFNJmc4dVpsXm7lGV5w0FBxhVNPoWNhhECMlTroX -Rg== -=5GqW ------END PGP MESSAGE----- ----------------------------------------------------------------------- Summary of changes: tests/openpgp/ecc.test | 166 ++++++++++++++++++++++++++++++++++++++- tests/openpgp/samplekeys/README | 104 ------------------------ 2 files changed, 165 insertions(+), 105 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 11 12:09:46 2011 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 11 Feb 2011 12:09:46 +0100 Subject: [git] Wincetools - branch, kdepimcetools, updated. be9c655efafbfe911133d62e1cad6f44f214e323 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "UNNAMED PROJECT". The branch, kdepimcetools has been updated via be9c655efafbfe911133d62e1cad6f44f214e323 (commit) from fa7053a66ec86d46a9b5d963abe83b84c420b929 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit be9c655efafbfe911133d62e1cad6f44f214e323 Author: Andre Heinecke Date: Fri Feb 11 10:47:56 2011 +0000 Use the loader again... diff --git a/loader/CMakeLists.txt b/loader/CMakeLists.txt index b79053d..f9a166f 100644 --- a/loader/CMakeLists.txt +++ b/loader/CMakeLists.txt @@ -17,7 +17,7 @@ add_executable(kmail-mobile-loader WIN32 himemce.c compat.c kernel32_kernel_private.h kernel32_process.c kernel32_module.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp kmail-mobile.rc) -#set_target_properties(kmail-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +set_target_properties(kmail-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) target_link_libraries(kmail-mobile-loader aygshell) install(TARGETS kmail-mobile-loader DESTINATION bin) @@ -27,7 +27,7 @@ add_executable(notes-mobile-loader WIN32 himemce.c compat.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp notes-mobile.rc) target_link_libraries(notes-mobile-loader aygshell) -#set_target_properties(notes-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +set_target_properties(notes-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) install(TARGETS notes-mobile-loader DESTINATION bin) add_executable(kaddressbook-mobile-loader WIN32 himemce.c compat.c @@ -36,7 +36,7 @@ add_executable(kaddressbook-mobile-loader WIN32 himemce.c compat.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp kaddressbook-mobile.rc) target_link_libraries(kaddressbook-mobile-loader aygshell) -#set_target_properties(kaddressbook-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +set_target_properties(kaddressbook-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) install(TARGETS kaddressbook-mobile-loader DESTINATION bin) add_executable(korganizer-mobile-loader WIN32 himemce.c compat.c @@ -45,7 +45,7 @@ add_executable(korganizer-mobile-loader WIN32 himemce.c compat.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp korganizer-mobile.rc) target_link_libraries(korganizer-mobile-loader aygshell) -#set_target_properties(korganizer-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +set_target_properties(korganizer-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) install(TARGETS korganizer-mobile-loader DESTINATION bin) add_executable(tasks-mobile-loader WIN32 himemce.c compat.c @@ -54,7 +54,7 @@ add_executable(tasks-mobile-loader WIN32 himemce.c compat.c ntdll_error.c ntdll_loader.c ntdll_virtual.c server_protocol.h server_mapping.c splashscreen.cpp tasks-mobile.rc) target_link_libraries(tasks-mobile-loader aygshell) -#set_target_properties(tasks-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) +set_target_properties(tasks-mobile-loader PROPERTIES COMPILE_FLAGS -DUSE_LOADER) install(TARGETS tasks-mobile-loader DESTINATION bin) add_executable(kleopatra-loader WIN32 himemce.c compat.c ----------------------------------------------------------------------- Summary of changes: loader/CMakeLists.txt | 10 +++++----- 1 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- UNNAMED PROJECT http://git.gnupg.org From cvs at cvs.gnupg.org Sat Feb 12 03:01:39 2011 From: cvs at cvs.gnupg.org (by Andrey Jivsov) Date: Sat, 12 Feb 2011 03:01:39 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-9-ge1c38a7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e1c38a7ff56c4dfc2e83c35c4ad56f9bd8a9a059 (commit) from 7d5ba080be74308f5f77c734e901705f06408a6e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e1c38a7ff56c4dfc2e83c35c4ad56f9bd8a9a059 Author: Andrey Jivsov Date: Fri Feb 11 17:38:39 2011 -0800 fixed --list-keys on Linux64 bit diff --git a/ChangeLog b/ChangeLog index 17d049f..03e2399 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-02-11 Andrey Jivsov + + * fixed --list-keys on Linux64 bit + 2011-02-04 Werner Koch * autogen.sh: Ensure that the git pre-commit hoom has been diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index 222c5a0..2a6feaf 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -145,6 +145,7 @@ openpgp_oid_to_str (gcry_mpi_t a) { const unsigned char *buf; size_t length; + unsigned int lengthi; char *string, *p; int n = 0; unsigned long val, valmask; @@ -157,8 +158,8 @@ openpgp_oid_to_str (gcry_mpi_t a) return NULL; } - buf = gcry_mpi_get_opaque (a, &length); - length = (length+7)/8; + buf = gcry_mpi_get_opaque (a, &lengthi); + length = (lengthi+7)/8; /* The first bytes gives the length; check consistency. */ if (!length || buf[0] != length -1) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 ++++ common/openpgp-oid.c | 5 +++-- 2 files changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Feb 13 18:27:29 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 13 Feb 2011 18:27:29 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-3-ga39539a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via a39539afdf39fe525ed7512aafb92733d2fe358c (commit) via 487e4da34e3134922240431ccd8554d7ea47be88 (commit) via a8fe80f3f08cf20e0b0793268704309b10893272 (commit) from 4f048514ecae879fa4bb7b8522baf801229be522 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a39539afdf39fe525ed7512aafb92733d2fe358c Author: Werner Koch Date: Sun Feb 13 17:48:37 2011 +0100 First take on using AES-NI instructions This first naive use of the new Intel AES-NI instructions boosts the performance of AES on CPUs supporting this by 3 to 5 times. Results from running ./benchmark --cipher-repetitions 10 --large-buffers cipher aes on a cpu family : 6 model : 37 model name : Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz stepping : 2 cpu MHz : 3325.494 cache size : 4096 KB cpu cores : 2 yields this: ECB/Stream CBC CFB OFB CTR --------------- --------------- --------------- --------------- --------------- 130ms 110ms 110ms 100ms 110ms 110ms 160ms 150ms 170ms 170ms 40ms 40ms 20ms 30ms 30ms 20ms 70ms 70ms 80ms 80ms The first line is with runtime switched off AES-NI instructions (don't set use_aesni in do_setkey), the second with enabled AES-NI. By fixing the alignment, I hope to squeeze out a little more even with this naive implementation. diff --git a/ChangeLog b/ChangeLog index 03461e4..f192d20 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2011-02-11 Werner Koch + + * configure.ac: Add option --disbale-aesni-support. + (ENABLE_AESNI_SUPPORT): New macro. + 2011-02-04 Werner Koch * autogen.sh: Install the git pre-commit if not yet done. diff --git a/NEWS b/NEWS index 7dbb54a..9848432 100644 --- a/NEWS +++ b/NEWS @@ -27,6 +27,8 @@ Noteworthy changes in version 1.5.x (unreleased) * gcry_mpi_cmp applied to opaque values has a defined semantic now. + * Uses the Intel AES-NI instructions if available. + * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_CIPHER_MODE_AESWRAP NEW. diff --git a/README b/README index 514464a..6fe1cfb 100644 --- a/README +++ b/README @@ -170,6 +170,12 @@ available. Try this if you get problems with assembler code. + --disable-aesni-support + Disable support for the AES-NI instructions of + newer Intel CPUs. The default is to use AES-NI + if available. Try this if you get problems with + assembler code. + --disable-O-flag-munging Some code is too complex for some compilers while in higher optimization modes, thus the compiler diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 02dac02..670491d 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,16 @@ +2011-02-13 Werner Koch + + * rijndael.c (USE_AESNI): New. Define for ia32 and gcc >= 4. + (m128i_t) [USE_AESNI]: New. + (RIJNDAEL_context) [USE_AESNI]: Add field use_aesni. + (do_setkey): Set USE_AESNI for all key lengths. + (prepare_decryption) [USE_AESNI]: Use aesimc instn if requested. + (do_aesni_enc_aligned, do_aesni_dec_aligned) + (do_aesni) [USE_AESNI]: New. + (rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) + (rijndael_decrypt, _gcry_aes_cfb_dec) + (_gcry_aes_cbc_dec) [USE_AESNI]: Use do_aesni. + 2011-02-01 Werner Koch * pubkey.c (gcry_pk_get_curve): New. diff --git a/cipher/cipher.c b/cipher/cipher.c index af91b81..9e5bca5 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -137,13 +137,14 @@ static int default_ciphers_registered; while (0) -/* A VIA processor with the Padlock engine requires an alignment of - most data on a 16 byte boundary. Because we trick out the compiler - while allocating the context, the align attribute as used in - rijndael.c does not work on its own. Thus we need to make sure - that the entire context structure is a aligned on that boundary. - We achieve this by defining a new type and use that instead of our - usual alignment type. */ +/* A VIA processor with the Padlock engine as well as the Intel AES_NI + instructions require an alignment of most data on a 16 byte + boundary. Because we trick out the compiler while allocating the + context, the align attribute as used in rijndael.c does not work on + its own. Thus we need to make sure that the entire context + structure is a aligned on that boundary. We achieve this by + defining a new type and use that instead of our usual alignment + type. */ typedef union { PROPERLY_ALIGNED_TYPE foo; diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 2b19e09..bebe163 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -1,6 +1,6 @@ /* Rijndael (AES) for GnuPG * Copyright (C) 2000, 2001, 2002, 2003, 2007, - * 2008 Free Software Foundation, Inc. + * 2008, 2011 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -37,6 +37,27 @@ * */ +/* FIXME: + + Most important: + For AES-NI we should use a prepare and depreparse function which + can take care of clearing registers we used for sensitive stuff + etc. Need to read the Intel ABI specs to see how to handel SSE + registers. + + Furuture stuff: + + - Do the AES-NI code all in asm to avoid extra register loads and + unloads. + + - Make use of aligned move instructions. This requires that we + align the keyschedule filed in the context. + + - Use AESKEYGENASSIST. + + - Make better use of the CPU pipelines. +*/ + #include #include #include @@ -56,19 +77,23 @@ #undef USE_PADLOCK #ifdef ENABLE_PADLOCK_SUPPORT # if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) -# define USE_PADLOCK +# define USE_PADLOCK 1 # endif #endif /*ENABLE_PADLOCK_SUPPORT*/ - -/* USE_AESNI inidicates whether to compile with Intel AES-NI code. */ +/* USE_AESNI inidicates whether to compile with Intel AES-NI code. We + need the vector-size attribute which seems to be available since + gcc 3. However, to be on the safe side we require at least gcc 4. */ #undef USE_AESNI #ifdef ENABLE_AESNI_SUPPORT -# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) -# define USE_AESNI +# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && __GNUC__ >= 4 +# define USE_AESNI 1 # endif #endif /* ENABLE_AESNI_SUPPORT */ +#ifdef USE_AESNI + typedef int m128i_t __attribute__ ((__vector_size__ (16))); +#endif /*USE_AESNI*/ static const char *selftest(void); @@ -80,7 +105,10 @@ typedef struct int use_padlock; /* Padlock shall be used. */ /* The key as passed to the padlock engine. */ unsigned char padlock_key[16] __attribute__ ((aligned (16))); -#endif +#endif /*USE_PADLOCK*/ +#ifdef USE_AESNI + int use_aesni; /* AES-NI shall be used. */ +#endif /*USE_AESNI*/ union { PROPERLY_ALIGNED_TYPE dummy; @@ -143,28 +171,58 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) #ifdef USE_PADLOCK ctx->use_padlock = 0; #endif +#ifdef USE_AESNI + ctx->use_aesni = 0; +#endif if( keylen == 128/8 ) { ROUNDS = 10; KC = 4; + + if (0) + ; #ifdef USE_PADLOCK - if ((_gcry_get_hw_features () & HWF_PADLOCK_AES)) + else if ((_gcry_get_hw_features () & HWF_PADLOCK_AES)) { ctx->use_padlock = 1; memcpy (ctx->padlock_key, key, keylen); } #endif +#ifdef USE_AESNI + else if ((_gcry_get_hw_features () & HWF_INTEL_AESNI)) + { + ctx->use_aesni = 1; + } +#endif } else if ( keylen == 192/8 ) { ROUNDS = 12; KC = 6; + + if (0) + ; +#ifdef USE_AESNI + else if ((_gcry_get_hw_features () & HWF_INTEL_AESNI)) + { + ctx->use_aesni = 1; + } +#endif } else if ( keylen == 256/8 ) { ROUNDS = 14; KC = 8; + + if (0) + ; +#ifdef USE_AESNI + else if ((_gcry_get_hw_features () & HWF_INTEL_AESNI)) + { + ctx->use_aesni = 1; + } +#endif } else return GPG_ERR_INV_KEYLEN; @@ -278,44 +336,71 @@ static void prepare_decryption( RIJNDAEL_context *ctx ) { int r; - union - { - PROPERLY_ALIGNED_TYPE dummy; - byte *w; - } w; -#define w w.w - for (r=0; r < MAXROUNDS+1; r++ ) +#ifdef USE_AESNI + if (ctx->use_aesni) { - *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]); - *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]); - *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]); - *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]); + /* The AES-NI decrypt instructions use the Equivalent Inverse + Cipher, thus we can't use the the standard decrypt key + preparation. */ + m128i_t *ekey = (m128i_t*)ctx->keySched; + m128i_t *dkey = (m128i_t*)ctx->keySched2; + int rr; + + dkey[0] = ekey[ctx->ROUNDS]; + for (r=1, rr=ctx->ROUNDS-1; r < ctx->ROUNDS; r++, rr--) + { + asm volatile + ("movdqu %[ekey], %%xmm1\n\t" + /*"aesimc %%xmm1, %%xmm1\n\t"*/ + ".byte 0x66, 0x0f, 0x38, 0xdb, 0xc9\n\t" + "movdqu %%xmm1, %[dkey]" + : [dkey] "=m" (dkey[r]) + : [ekey] "m" (ekey[rr]) ); + } + dkey[r] = ekey[0]; } -#define W (ctx->keySched2) - for (r = 1; r < ctx->ROUNDS; r++) + else +#endif /*USE_AESNI*/ { - w = W[r][0]; - *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) - ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]); + union + { + PROPERLY_ALIGNED_TYPE dummy; + byte *w; + } w; +#define w w.w - w = W[r][1]; - *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) - ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]); + for (r=0; r < MAXROUNDS+1; r++ ) + { + *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]); + *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]); + *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]); + *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]); + } +#define W (ctx->keySched2) + for (r = 1; r < ctx->ROUNDS; r++) + { + w = W[r][0]; + *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) + ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]); - w = W[r][2]; - *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) - ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]); + w = W[r][1]; + *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) + ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]); - w = W[r][3]; - *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) + w = W[r][2]; + *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]); - } + + w = W[r][3]; + *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) + ^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]); + } #undef W #undef w + } } - /* Encrypt one block. A and B need to be aligned on a 4 byte boundary. A and B may be the same. */ @@ -473,19 +558,130 @@ do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag, #endif /*USE_PADLOCK*/ +/* Encrypt one block using the Intel AES-NI instructions. A and B may + be the same; then need to be properly aligned to 16 bytes. + + Our problem here is that gcc does not allow the "x" constraint for + SSE registers in asm unless you compile with -msse. The common + wisdom is to use a separate file for SSE instructions and build it + separately. This would require a lot of extra build system stuff, + similar to what we do in mpi/ for the asm stuff. What we do + instead is to use standard registers and a bit more of plain asm + which copies the data and key stuff to the SSE registers and later + back. If we decide to implement some block modes with parallelized + aES instructions, it might indeed be better to use plain asm ala + mpi/. */ +#ifdef USE_AESNI +static void +do_aesni_enc_aligned (const RIJNDAEL_context *ctx, + unsigned char *b, const unsigned char *a) +{ + int r; + m128i_t *key; + + key = (m128i_t*)ctx->keySched; + + asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */ + "movdqu %[key], %%xmm1\n\t" + "pxor %%xmm1, %%xmm0" /* xmm0 ^= key[0] */ + : : [src] "m" (*a), [key] "m" (*key)); + + key++; + for (r = 1; r < ctx->ROUNDS; r++) + { + asm volatile ("movdqu %[key], %%xmm1\n\t" + /*"aesenc %%xmm1, %%xmm0"*/ + ".byte 0x66, 0x0f, 0x38, 0xdc, 0xc1" + : : [key] "m" (*key) ); + key++; + } + asm volatile ("movdqu %[key], %%xmm1\n\t" + /*"aesenclast %%xmm1, %%xmm0"*/ + ".byte 0x66, 0x0f, 0x38, 0xdd, 0xc1" + : : [key] "m" (*key) ); + + asm volatile ("movdqu %%xmm0, %[dst]" + : [dst] "=m" (*b)); +} + +static void +do_aesni_dec_aligned (const RIJNDAEL_context *ctx, + unsigned char *b, const unsigned char *a) +{ + int r; + m128i_t *key; + + key = (m128i_t*)ctx->keySched2; + + asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */ + "movdqu %[key], %%xmm1\n\t" + "pxor %%xmm1, %%xmm0" /* xmm0 ^= key[0] */ + : : [src] "m" (*a), [key] "m" (key[0])); + + for (r = 1; r < ctx->ROUNDS; r++) + { + asm volatile ("movdqu %[key], %%xmm1\n\t" + /*"aesdec %%xmm1, %%xmm0"*/ + ".byte 0x66, 0x0f, 0x38, 0xde, 0xc1" + : : [key] "m" (key[r]) ); + } + asm volatile ("movdqu %[key], %%xmm1\n\t" + /*"aesdeclast %%xmm1, %%xmm0"*/ + ".byte 0x66, 0x0f, 0x38, 0xdf, 0xc1" + : : [key] "m" (key[r]) ); + + asm volatile ("movdqu %%xmm0, %[dst]" + : [dst] "=m" (*b)); +} + +static void +do_aesni (RIJNDAEL_context *ctx, int decrypt_flag, + unsigned char *bx, const unsigned char *ax) +{ + /* BX and AX are not necessary correctly aligned. Thus we need to + copy them here. */ + unsigned char a[16] __attribute__ ((aligned (16))); + unsigned char b[16] __attribute__ ((aligned (16))); + + memcpy (a, ax, 16); + if (decrypt_flag) + { + if ( !ctx->decryption_prepared ) + { + prepare_decryption ( ctx ); + ctx->decryption_prepared = 1; + } + do_aesni_dec_aligned (ctx, b, a); + } + else + do_aesni_enc_aligned (ctx, b, a); + memcpy (bx, b, 16); +} +#endif /*USE_AESNI*/ + + static void rijndael_encrypt (void *context, byte *b, const byte *a) { RIJNDAEL_context *ctx = context; + if (0) + ; #ifdef USE_PADLOCK - if (ctx->use_padlock) + else if (ctx->use_padlock) { do_padlock (ctx, 0, b, a); _gcry_burn_stack (48 + 15 /* possible padding for alignment */); } - else #endif /*USE_PADLOCK*/ +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + do_aesni (ctx, 0, b, a); + _gcry_burn_stack (48 + 15 /* possible padding for alignment */); + } +#endif /*USE_AESNI*/ + else { do_encrypt (ctx, b, a); _gcry_burn_stack (48 + 2*sizeof(int)); @@ -508,8 +704,10 @@ _gcry_aes_cfb_enc (void *context, unsigned char *iv, unsigned char *ivp; int i; + if (0) + ; #ifdef USE_PADLOCK - if (ctx->use_padlock) + else if (ctx->use_padlock) { /* Fixme: Let Padlock do the CFBing. */ for ( ;nblocks; nblocks-- ) @@ -521,8 +719,21 @@ _gcry_aes_cfb_enc (void *context, unsigned char *iv, *outbuf++ = (*ivp++ ^= *inbuf++); } } +#endif /*USE_PADLOCK*/ +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + for ( ;nblocks; nblocks-- ) + { + /* Encrypt the IV. */ + do_aesni_enc_aligned (ctx, iv, iv); + /* XOR the input with the IV and store input into IV. */ + for (ivp=iv,i=0; i < BLOCKSIZE; i++ ) + *outbuf++ = (*ivp++ ^= *inbuf++); + } + } +#endif /*USE_AESNI*/ else -#endif /* USE_PADLOCK*/ { for ( ;nblocks; nblocks-- ) { @@ -558,11 +769,17 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, for (ivp=iv, i=0; i < BLOCKSIZE; i++ ) outbuf[i] = inbuf[i] ^ *ivp++; + if (0) + ; #ifdef USE_PADLOCK - if (ctx->use_padlock) + else if (ctx->use_padlock) do_padlock (ctx, 0, outbuf, outbuf); - else #endif /*USE_PADLOCK*/ +#ifdef USE_AESNI + else if (ctx->use_aesni) + do_aesni (ctx, 0, outbuf, outbuf); +#endif /*USE_AESNI*/ + else do_encrypt (ctx, outbuf, outbuf ); memcpy (iv, outbuf, BLOCKSIZE); @@ -706,14 +923,23 @@ rijndael_decrypt (void *context, byte *b, const byte *a) { RIJNDAEL_context *ctx = context; + if (0) + ; #ifdef USE_PADLOCK - if (ctx->use_padlock) + else if (ctx->use_padlock) { do_padlock (ctx, 1, b, a); _gcry_burn_stack (48 + 2*sizeof(int) /* FIXME */); } - else #endif /*USE_PADLOCK*/ +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + do_aesni (ctx, 1, b, a); + _gcry_burn_stack (48 + 2*sizeof(int) /* FIXME */); + } +#endif /*USE_AESNI*/ + else { do_decrypt (ctx, b, a); _gcry_burn_stack (48+2*sizeof(int)); @@ -737,8 +963,10 @@ _gcry_aes_cfb_dec (void *context, unsigned char *iv, unsigned char temp; int i; + if (0) + ; #ifdef USE_PADLOCK - if (ctx->use_padlock) + else if (ctx->use_padlock) { /* Fixme: Let Padlock do the CFBing. */ for ( ;nblocks; nblocks-- ) @@ -752,8 +980,23 @@ _gcry_aes_cfb_dec (void *context, unsigned char *iv, } } } - else #endif /*USE_PADLOCK*/ +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + for ( ;nblocks; nblocks-- ) + { + do_aesni_enc_aligned (ctx, iv, iv); + for (ivp=iv,i=0; i < BLOCKSIZE; i++ ) + { + temp = *inbuf++; + *outbuf++ = *ivp ^ temp; + *ivp++ = temp; + } + } + } +#endif /*USE_AESNI*/ + else { for ( ;nblocks; nblocks-- ) { @@ -793,11 +1036,17 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, OUTBUF. */ memcpy (savebuf, inbuf, BLOCKSIZE); + if (0) + ; #ifdef USE_PADLOCK - if (ctx->use_padlock) + else if (ctx->use_padlock) do_padlock (ctx, 1, outbuf, inbuf); - else #endif /*USE_PADLOCK*/ +#ifdef USE_AESNI + else if (ctx->use_aesni) + do_aesni (ctx, 1, outbuf, inbuf); +#endif /*USE_AESNI*/ + else do_decrypt (ctx, outbuf, inbuf); for (ivp=iv, i=0; i < BLOCKSIZE; i++ ) @@ -837,6 +1086,22 @@ selftest_basic_128 (void) 0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2, 0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD }; + /* /\* Test vectors from fips-197, appendix C. *\/ */ + /* static const unsigned char plaintext_128[16] = */ + /* { */ + /* 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, */ + /* 0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff */ + /* }; */ + /* static const unsigned char key_128[16] = */ + /* { */ + /* 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, */ + /* 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f */ + /* }; */ + /* static const unsigned char ciphertext_128[16] = */ + /* { */ + /* 0x69,0xc4,0xe0,0xd8,0x6a,0x7b,0x04,0x30, */ + /* 0xd8,0xcd,0xb7,0x80,0x70,0xb4,0xc5,0x5a */ + /* }; */ rijndael_setkey (&ctx, key_128, sizeof (key_128)); rijndael_encrypt (&ctx, scratch, plaintext_128); diff --git a/configure.ac b/configure.ac index c6bff37..64692b6 100644 --- a/configure.ac +++ b/configure.ac @@ -33,7 +33,7 @@ m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) -AC_INIT([libgcrypt], +AC_INIT([libgcrypt], [my_version[]m4_if(my_issvn,[yes], [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])], [bug-libgcrypt at gnupg.org]) @@ -90,7 +90,7 @@ AH_BOTTOM([ # endif #endif /*DISABLED_ENDIAN_CHECK*/ -/* We basically use the original Camellia source. Make sure the symbols +/* We basically use the original Camellia source. Make sure the symbols properly prefixed. */ #define CAMELLIA_EXT_SYM_PREFIX _gcry_ @@ -186,7 +186,7 @@ case "${host}" in *-*-mingw32*) ac_cv_have_dev_random=no have_w32_system=yes - case "${host}" in + case "${host}" in *-mingw32ce*) have_w32ce_system=yes available_random_modules="w32ce" @@ -200,7 +200,7 @@ case "${host}" in AC_DEFINE(HAVE_DRIVE_LETTERS,1, [defined if we must run on a stupid file system]) AC_DEFINE(HAVE_DOSISH_SYSTEM,1, - [defined if we run on some of the PCDOS like systems + [defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2) with special properties like no file modes]) ;; @@ -331,7 +331,7 @@ else fi # If not specified otherwise, all available algorithms will be -# included. +# included. default_ciphers="$available_ciphers" default_pubkey_ciphers="$available_pubkey_ciphers" default_digests="$available_digests" @@ -503,6 +503,18 @@ if test x"$padlocksupport" = xyes ; then [Enable support for the PadLock engine.]) fi +# Implementation of the --disable-aesni-support switch. +AC_MSG_CHECKING([whether AESNI support is requested]) +AC_ARG_ENABLE(aesni-support, + AC_HELP_STRING([--disable-aesni-support], + [Disable support for the Intel AES-NI instructions]), + aesnisupport=$enableval,aesnisupport=yes) +AC_MSG_RESULT($aesnisupport) +if test x"$aesnisupport" = xyes ; then + AC_DEFINE(ENABLE_AESNI_SUPPORT, 1, + [Enable support for Intel AES-NI instructions.]) +fi + # Implementation of the --disable-O-flag-munging switch. AC_MSG_CHECKING([whether a -O flag munging is requested]) AC_ARG_ENABLE([O-flag-munging], @@ -518,7 +530,7 @@ AM_CONDITIONAL(ENABLE_O_FLAG_MUNGING, test "$enable_o_flag_munging" = "yes") AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME", [A human readable text with the name of the OS]) -# For some systems we know that we have ld_version scripts. +# For some systems we know that we have ld_version scripts. # Use it then as default. have_ld_version_script=no case "${host}" in @@ -560,7 +572,7 @@ AC_DEFINE(GPG_ERR_SOURCE_DEFAULT, GPG_ERR_SOURCE_GCRYPT, [The default error source for libgcrypt.]) # -# Check whether the GNU Pth library is available. We require this +# Check whether the GNU Pth library is available. We require this # to build the optional gcryptrnd program. # AC_ARG_WITH(pth-prefix, @@ -578,12 +590,12 @@ if test "$use_random_daemon" = "yes"; then *** To build the Libgcrypt's random number daemon *** we need the support of the GNU Portable Threads Library. *** Download it from ftp://ftp.gnu.org/gnu/pth/ -*** On a Debian GNU/Linux system you might want to try +*** On a Debian GNU/Linux system you might want to try *** apt-get install libpth-dev ***]]) else GNUPG_PTH_VERSION_CHECK([1.3.7]) - if test $have_pth = yes; then + if test $have_pth = yes; then PTH_CFLAGS=`$PTH_CONFIG --cflags` PTH_LIBS=`$PTH_CONFIG --ldflags` PTH_LIBS="$PTH_LIBS `$PTH_CONFIG --libs --all`" @@ -650,8 +662,8 @@ case "${host}" in fi esac AC_SUBST(FALLBACK_SOCKLEN_T) - -# + +# # Check for ELF visibility support. # AC_CACHE_CHECK(whether the visibility attribute is supported, @@ -661,15 +673,15 @@ AC_CACHE_CHECK(whether the visibility attribute is supported, [[int foo __attribute__ ((visibility ("hidden"))) = 1; int bar __attribute__ ((visibility ("protected"))) = 1; ]])]) - + if ${CC-cc} -Werror -S conftest.c -o conftest.s \ 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ; then if grep '\.hidden.*foo' conftest.s >/dev/null 2>&1 ; then if grep '\.protected.*bar' conftest.s >/dev/null 2>&1; then gcry_cv_visibility_attribute=yes fi - fi - fi + fi + fi ]) if test "$gcry_cv_visibility_attribute" = "yes"; then AC_CACHE_CHECK(for broken visibility attribute, @@ -681,7 +693,7 @@ if test "$gcry_cv_visibility_attribute" = "yes"; then __attribute__ ((visibility ("hidden"))); int bar (int x) { return x; } ]])]) - + if ${CC-cc} -Werror -S conftest.c -o conftest.s \ 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ; then if grep '\.hidden@<:@ _@:>@foo' conftest.s >/dev/null 2>&1; @@ -727,7 +739,7 @@ fi if test "$gcry_cv_visibility_attribute" = "yes" \ && test "$gcry_cv_broken_visibility_attribute" != "yes" \ && test "$gcry_cv_broken_alias_attribute" != "yes" \ - && test "$gcry_cv_gcc_has_f_visibility" = "yes" + && test "$gcry_cv_gcc_has_f_visibility" = "yes" then AC_DEFINE(GCRY_USE_VISIBILITY, 1, [Define to use the GNU C visibility attribute.]) @@ -837,7 +849,7 @@ if test "$random" = "default"; then # Build everything, allow to select at runtime. random_modules="$auto_random_modules" ;; - esac + esac fi else if test "$random" = "auto"; then @@ -914,7 +926,7 @@ if test "$GCC" = yes; then CFLAGS="$CFLAGS -Wcast-align -Wshadow -Wstrict-prototypes" CFLAGS="$CFLAGS -Wformat -Wno-format-y2k -Wformat-security" - # If -Wno-missing-field-initializers is supported we can enable a + # If -Wno-missing-field-initializers is supported we can enable a # a bunch of really useful warnings. AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers]) _gcc_cflags_save=$CFLAGS @@ -982,7 +994,7 @@ DATADIRNAME=$DATADIRNAME # selected ciphers, pubkey-ciphers, digests and random modules. LIST_MEMBER(arcfour, $enabled_ciphers) -if test "$found" = "1"; then +if test "$found" = "1"; then GCRYPT_CIPHERS="$GCRYPT_CIPHERS arcfour.lo" AC_DEFINE(USE_ARCFOUR, 1, [Defined if this module should be included]) fi @@ -1134,14 +1146,14 @@ fi LIST_MEMBER(w32, $random_modules) if test "$found" = "1" ; then GCRYPT_RANDOM="$GCRYPT_RANDOM rndw32.lo" - AC_DEFINE(USE_RNDW32, 1, + AC_DEFINE(USE_RNDW32, 1, [Defined if the Windows specific RNG should be used.]) fi LIST_MEMBER(w32ce, $random_modules) if test "$found" = "1" ; then GCRYPT_RANDOM="$GCRYPT_RANDOM rndw32ce.lo" - AC_DEFINE(USE_RNDW32CE, 1, + AC_DEFINE(USE_RNDW32CE, 1, [Defined if the WindowsCE specific RNG should be used.]) fi @@ -1157,13 +1169,13 @@ AC_SUBST(LIBGCRYPT_DIGESTS, $enabled_digests) # For printing the configuration we need a colon separated list of # algorithm names. tmp=`echo "$enabled_ciphers" | tr ' ' : ` -AC_DEFINE_UNQUOTED(LIBGCRYPT_CIPHERS, "$tmp", +AC_DEFINE_UNQUOTED(LIBGCRYPT_CIPHERS, "$tmp", [List of available cipher algorithms]) tmp=`echo "$enabled_pubkey_ciphers" | tr ' ' : ` -AC_DEFINE_UNQUOTED(LIBGCRYPT_PUBKEY_CIPHERS, "$tmp", +AC_DEFINE_UNQUOTED(LIBGCRYPT_PUBKEY_CIPHERS, "$tmp", [List of available public key cipher algorithms]) tmp=`echo "$enabled_digests" | tr ' ' : ` -AC_DEFINE_UNQUOTED(LIBGCRYPT_DIGESTS, "$tmp", +AC_DEFINE_UNQUOTED(LIBGCRYPT_DIGESTS, "$tmp", [List of available digest algorithms]) @@ -1171,7 +1183,7 @@ AC_DEFINE_UNQUOTED(LIBGCRYPT_DIGESTS, "$tmp", # Generate extended version information for W32. if test "$have_w32_system" = yes; then BUILD_TIMESTAMP=`date --iso-8601=minutes` - changequote(,)dnl + changequote(,)dnl BUILD_FILEVERSION=`echo "$VERSION" | sed 's/\([0-9.]*\).*/\1./;s/\./,/g'` changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}${BUILD_REVISION}" @@ -1179,7 +1191,7 @@ fi AC_SUBST(BUILD_REVISION) AC_SUBST(BUILD_TIMESTAMP) AC_SUBST(BUILD_FILEVERSION) -AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", +AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", [Subversion revision used to build this package]) @@ -1209,7 +1221,7 @@ AC_OUTPUT # Give some feedback echo " Libgcrypt v${VERSION} has been configured as follows: - + Platform: $PRINTABLE_OS_NAME ($host) Enabled cipher algorithms: $enabled_ciphers Enabled digest algorithms: $enabled_digests @@ -1220,19 +1232,19 @@ echo " if test "$print_egd_notice" = "yes"; then cat < * g10lib.h (HWF_INTEL_AES): Rename to HWF_INTEL_AESNI. + * hwfeatures.c (detect_ia32_gnuc): Fix setting of this flag. 2011-02-01 Werner Koch commit 487e4da34e3134922240431ccd8554d7ea47be88 Author: Werner Koch Date: Fri Feb 11 16:06:20 2011 +0100 Renamed existing flag for AES-NI and fixed detection. diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 08707b6..2b19e09 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -60,6 +60,16 @@ # endif #endif /*ENABLE_PADLOCK_SUPPORT*/ + +/* USE_AESNI inidicates whether to compile with Intel AES-NI code. */ +#undef USE_AESNI +#ifdef ENABLE_AESNI_SUPPORT +# if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) +# define USE_AESNI +# endif +#endif /* ENABLE_AESNI_SUPPORT */ + + static const char *selftest(void); typedef struct diff --git a/src/ChangeLog b/src/ChangeLog index 8c0ef73..eb804a2 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2011-02-11 Werner Koch + + * g10lib.h (HWF_INTEL_AES): Rename to HWF_INTEL_AESNI. + 2011-02-01 Werner Koch * gcrypt.h.in (gcry_pk_get_curve, gcry_pk_get_param): New. diff --git a/src/g10lib.h b/src/g10lib.h index 60773fd..28c5e93 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -1,6 +1,6 @@ /* g10lib.h - Internal definitions for libgcrypt * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005 - * 2007 Free Software Foundation, Inc. + * 2007, 2011 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -148,7 +148,7 @@ int _gcry_log_verbosity( int level ); #define HWF_PADLOCK_SHA 4 #define HWF_PADLOCK_MMUL 8 -#define HWF_INTEL_AES 256 +#define HWF_INTEL_AESNI 256 unsigned int _gcry_get_hw_features (void); diff --git a/src/global.c b/src/global.c index 096ac98..35a2ca1 100644 --- a/src/global.c +++ b/src/global.c @@ -265,7 +265,7 @@ print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) { HWF_PADLOCK_RNG, "padlock-rng" }, { HWF_PADLOCK_AES, "padlock-aes" }, { HWF_PADLOCK_SHA, "padlock-sha" }, - { HWF_INTEL_AES, "intel-aes" }, + { HWF_INTEL_AESNI, "intel-aesni" }, { 0, NULL} }; int i; diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 99c9347..5a0a805 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -150,7 +150,7 @@ detect_ia32_gnuc (void) "cpuid\n" "popl %%ebx\n\t" /* Restore GOT register. */ "cmpl $0x02000000, %%ecx\n\t" /* Test bit 25. */ - "jnz .Lno_aes%=\n\t" /* No AES support. */ + "jz .Lno_aes%=\n\t" /* No AES support. */ "orl $256, %0\n" /* Set our HWF_INTEL_AES bit. */ ".Lno_aes%=:\n" commit a8fe80f3f08cf20e0b0793268704309b10893272 Author: Werner Koch Date: Fri Feb 11 15:52:36 2011 +0100 Small tweak to the ECC debug output. diff --git a/cipher/ecc.c b/cipher/ecc.c index 6548fed..f809b53 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -843,10 +843,10 @@ verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s) { if (DBG_CIPHER) { - log_mpidump (" x", x); - log_mpidump (" y", y); - log_mpidump (" r", r); - log_mpidump (" s", s); + log_mpidump (" x", x); + log_mpidump (" y", y); + log_mpidump (" r", r); + log_mpidump (" s", s); log_debug ("ecc verify: Not verified\n"); } err = GPG_ERR_BAD_SIGNATURE; diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 1e30717..d4a93c7 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -760,10 +760,10 @@ pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data, { log_debug ("pubkey_verify: algo=%d\n", algorithm); for (i = 0; i < pubkey_get_npkey (algorithm); i++) - log_mpidump (" pkey:", pkey[i]); + log_mpidump (" pkey", pkey[i]); for (i = 0; i < pubkey_get_nsig (algorithm); i++) - log_mpidump (" sig:", data[i]); - log_mpidump (" hash:", hash); + log_mpidump (" sig", data[i]); + log_mpidump (" hash", hash); } ath_mutex_lock (&pubkeys_registered_lock); ----------------------------------------------------------------------- Summary of changes: ChangeLog | 5 + NEWS | 2 + README | 6 + cipher/ChangeLog | 13 ++ cipher/cipher.c | 15 ++- cipher/ecc.c | 8 +- cipher/pubkey.c | 6 +- cipher/rijndael.c | 359 ++++++++++++++++++++++++++++++++++++++++++++++------ configure.ac | 75 +++++++----- src/ChangeLog | 5 + src/g10lib.h | 4 +- src/global.c | 2 +- src/hwfeatures.c | 2 +- 13 files changed, 410 insertions(+), 92 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 14 20:55:48 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 14 Feb 2011 20:55:48 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-5-gcdedad7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via cdedad711a77befcd018e14298ab94a478a822de (commit) via 5ede4ed784148422e3bd2a99ad0e87831f622aa9 (commit) from a39539afdf39fe525ed7512aafb92733d2fe358c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cdedad711a77befcd018e14298ab94a478a822de Author: Werner Koch Date: Mon Feb 14 20:31:47 2011 +0100 Use a better alignment. benchmark does now support the option --alignment 16 to test the non-aligned overhead. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 9a59bde..787fe20 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,5 +1,10 @@ 2011-02-14 Werner Koch + * rijndael.c (ATTR_ALIGNED_16): New + (do_aesni): Do not copy if already aligned. + (do_encrypt, do_decrypt): Ditto. + (rijndael_decrypt, rijndael_encrypt): Increase stack burning amount. + * rijndael.c (RIJNDAEL_context): Reorder fields. Chnage filedname ROUNDS to rounds. Move padlock_key into u1. (keySched, keySched2): Rename macros to keyscherr and keyschdec diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 56b55dc..43d7e67 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -72,6 +72,14 @@ #define BLOCKSIZE (128/8) +/* Helper macro to force alignment to 16 bytes. */ +#ifdef __GNUC__ +# define ATTR_ALIGNED_16 __attribute__ ((aligned (16))) +#else +# define ATTR_ALIGNED_16 +#endif + + /* USE_PADLOCK indicates whether to compile the padlock specific code. */ #undef USE_PADLOCK @@ -510,22 +518,29 @@ static void do_encrypt (const RIJNDAEL_context *ctx, unsigned char *bx, const unsigned char *ax) { - /* BX and AX are not necessary correctly aligned. Thus we need to - copy them here. */ - union - { - u32 dummy[4]; - byte a[16]; - } a; - union - { - u32 dummy[4]; - byte b[16]; - } b; + /* BX and AX are not necessary correctly aligned. Thus we might + need to copy them here. We try to align to a 16 bytes. */ + if (((size_t)ax & 0x0f) || ((size_t)bx & 0x0f)) + { + union + { + u32 dummy[4]; + byte a[16] ATTR_ALIGNED_16; + } a; + union + { + u32 dummy[4]; + byte b[16] ATTR_ALIGNED_16; + } b; - memcpy (a.a, ax, 16); - do_encrypt_aligned (ctx, b.b, a.a); - memcpy (bx, b.b, 16); + memcpy (a.a, ax, 16); + do_encrypt_aligned (ctx, b.b, a.a); + memcpy (bx, b.b, 16); + } + else + { + do_encrypt_aligned (ctx, bx, ax); + } } @@ -652,24 +667,33 @@ static void do_aesni (RIJNDAEL_context *ctx, int decrypt_flag, unsigned char *bx, const unsigned char *ax) { - /* BX and AX are not necessary correctly aligned. Thus we need to - copy them here. */ - unsigned char a[16] __attribute__ ((aligned (16))); - unsigned char b[16] __attribute__ ((aligned (16))); + if (decrypt_flag && !ctx->decryption_prepared ) + { + prepare_decryption ( ctx ); + ctx->decryption_prepared = 1; + } - memcpy (a, ax, 16); - if (decrypt_flag) + /* BX and AX are not necessary correctly aligned. Thus we might + need to copy them here. */ + if (((size_t)ax & 0x0f) || ((size_t)bx & 0x0f)) { - if ( !ctx->decryption_prepared ) - { - prepare_decryption ( ctx ); - ctx->decryption_prepared = 1; - } - do_aesni_dec_aligned (ctx, b, a); + unsigned char a[16] __attribute__ ((aligned (16))); + unsigned char b[16] __attribute__ ((aligned (16))); + + memcpy (a, ax, 16); + if (decrypt_flag) + do_aesni_dec_aligned (ctx, b, a); + else + do_aesni_enc_aligned (ctx, b, a); + memcpy (bx, b, 16); } else - do_aesni_enc_aligned (ctx, b, a); - memcpy (bx, b, 16); + { + if (decrypt_flag) + do_aesni_dec_aligned (ctx, bx, ax); + else + do_aesni_enc_aligned (ctx, bx, ax); + } } #endif /*USE_AESNI*/ @@ -698,7 +722,7 @@ rijndael_encrypt (void *context, byte *b, const byte *a) else { do_encrypt (ctx, b, a); - _gcry_burn_stack (48 + 2*sizeof(int)); + _gcry_burn_stack (56 + 2*sizeof(int)); } } @@ -903,19 +927,6 @@ do_decrypt_aligned (RIJNDAEL_context *ctx, static void do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax) { - /* BX and AX are not necessary correctly aligned. Thus we need to - copy them here. */ - union - { - u32 dummy[4]; - byte a[16]; - } a; - union - { - u32 dummy[4]; - byte b[16]; - } b; - if ( !ctx->decryption_prepared ) { prepare_decryption ( ctx ); @@ -923,10 +934,29 @@ do_decrypt (RIJNDAEL_context *ctx, byte *bx, const byte *ax) ctx->decryption_prepared = 1; } - memcpy (a.a, ax, 16); - do_decrypt_aligned (ctx, b.b, a.a); - memcpy (bx, b.b, 16); -#undef rk + /* BX and AX are not necessary correctly aligned. Thus we might + need to copy them here. We try to align to a 16 bytes. */ + if (((size_t)ax & 0x0f) || ((size_t)bx & 0x0f)) + { + union + { + u32 dummy[4]; + byte a[16] ATTR_ALIGNED_16; + } a; + union + { + u32 dummy[4]; + byte b[16] ATTR_ALIGNED_16; + } b; + + memcpy (a.a, ax, 16); + do_decrypt_aligned (ctx, b.b, a.a); + memcpy (bx, b.b, 16); + } + else + { + do_decrypt_aligned (ctx, bx, ax); + } } @@ -956,7 +986,7 @@ rijndael_decrypt (void *context, byte *b, const byte *a) else { do_decrypt (ctx, b, a); - _gcry_burn_stack (48+2*sizeof(int)); + _gcry_burn_stack (56+2*sizeof(int)); } } diff --git a/tests/ChangeLog b/tests/ChangeLog index ac79a28..9334521 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,7 @@ +2011-02-14 Werner Koch + + * benchmark.c: Add option --alignment. + 2011-02-01 Werner Koch * curves.c: New. diff --git a/tests/benchmark.c b/tests/benchmark.c index 76dcd48..465f1b5 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -51,6 +51,9 @@ static int cipher_repetitions; /* Number of hash repetitions. */ static int hash_repetitions; +/* Alignment of the buffers. */ +static int buffer_alignment; + /* Whether fips mode was active at startup. */ static int in_fips_mode; @@ -502,6 +505,7 @@ cipher_bench ( const char *algoname ) int keylen, blklen; char key[128]; char *outbuf, *buf; + char *raw_outbuf, *raw_buf; size_t allocated_buflen, buflen; int repetitions; static struct { int mode; const char *name; int blocked; } modes[] = { @@ -537,8 +541,16 @@ cipher_bench ( const char *algoname ) } repetitions *= cipher_repetitions; - buf = gcry_xmalloc (allocated_buflen); - outbuf = gcry_xmalloc (allocated_buflen); + buf = raw_buf = gcry_xmalloc (allocated_buflen+15); + if (buffer_alignment) + while (((size_t)buf & 0x0f)) + buf++; + + outbuf = raw_outbuf = gcry_xmalloc (allocated_buflen+15); + if (buffer_alignment) + while (((size_t)outbuf & 0x0f)) + outbuf++; + if (!header_printed) { @@ -667,8 +679,8 @@ cipher_bench ( const char *algoname ) } putchar ('\n'); - gcry_free (buf); - gcry_free (outbuf); + gcry_free (raw_buf); + gcry_free (raw_outbuf); } @@ -1116,6 +1128,15 @@ main( int argc, char **argv ) argc--; argv++; } } + else if (!strcmp (*argv, "--alignment")) + { + argc--; argv++; + if (argc) + { + buffer_alignment = atoi(*argv); + argc--; argv++; + } + } else if (!strcmp (*argv, "--fips")) { argc--; argv++; @@ -1129,6 +1150,15 @@ main( int argc, char **argv ) } } + switch (buffer_alignment) + { + case 0: + case 16: + break; + default: + die ("option --alignment not used with a value of 0 or 16\n"); + } + gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose); if (!gcry_check_version (GCRYPT_VERSION)) commit 5ede4ed784148422e3bd2a99ad0e87831f622aa9 Author: Werner Koch Date: Mon Feb 14 19:18:20 2011 +0100 Simplify context alignment and align the IV. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 670491d..9a59bde 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,13 @@ +2011-02-14 Werner Koch + + * rijndael.c (RIJNDAEL_context): Reorder fields. Chnage filedname + ROUNDS to rounds. Move padlock_key into u1. + (keySched, keySched2): Rename macros to keyscherr and keyschdec + and change all users. + (padlockkey): New macro. Change all users of padlock_key. + * cipher.c (NEED_16BYTE_ALIGNED_CONTEXT): Always define if using gcc. + (struct gcry_cipher_handle): Align U_IV to at least 16 byte. + 2011-02-13 Werner Koch * rijndael.c (USE_AESNI): New. Define for ia32 and gcc >= 4. diff --git a/cipher/cipher.c b/cipher/cipher.c index 9e5bca5..92b3698 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -33,9 +33,12 @@ #define CTX_MAGIC_NORMAL 0x24091964 #define CTX_MAGIC_SECURE 0x46919042 +/* Try to use 16 byte aligned cipher context for better performance. + We use the aligned attribute, thus it is only possible to implement + this with gcc. */ #undef NEED_16BYTE_ALIGNED_CONTEXT -#if defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4 && defined (__GNUC__) -#define NEED_16BYTE_ALIGNED_CONTEXT 1 +#if defined (__GNUC__) +# define NEED_16BYTE_ALIGNED_CONTEXT 1 #endif /* A dummy extraspec so that we do not need to tests the extraspec @@ -198,11 +201,11 @@ struct gcry_cipher_handle unsigned int iv:1; /* Set to 1 if a IV has been set. */ } marks; - /* The initialization vector. To help code optimization we make - sure that it is aligned on an unsigned long and u32 boundary. */ + /* The initialization vector. For best performance we make sure + that it is properly aligned. In particular some implementations + of bulk operations expect an 16 byte aligned IV. */ union { - unsigned long dummy_iv; - u32 dummy_u32_iv; + cipher_context_alignment_t iv_align; unsigned char iv[MAX_BLOCKSIZE]; } u_iv; diff --git a/cipher/rijndael.c b/cipher/rijndael.c index bebe163..56b55dc 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -97,32 +97,46 @@ static const char *selftest(void); + +/* Our context object. */ typedef struct { - int ROUNDS; /* Key-length-dependent number of rounds. */ - int decryption_prepared; /* The decryption key schedule is available. */ -#ifdef USE_PADLOCK - int use_padlock; /* Padlock shall be used. */ - /* The key as passed to the padlock engine. */ - unsigned char padlock_key[16] __attribute__ ((aligned (16))); -#endif /*USE_PADLOCK*/ -#ifdef USE_AESNI - int use_aesni; /* AES-NI shall be used. */ -#endif /*USE_AESNI*/ + /* The first fields are the keyschedule arrays. This is so that + they are aligned on a 16 byte boundary if using gcc. This + alignment is required for the AES-NI code and a good idea in any + case. The alignment is guaranteed due to the way cipher.c + allocates the space for the context. The PROPERLY_ALIGNED_TYPE + hack is used to force a minimal alignment if not using gcc of if + the alignment requirement is higher that 16 bytes. */ union { PROPERLY_ALIGNED_TYPE dummy; byte keyschedule[MAXROUNDS+1][4][4]; +#ifdef USE_PADLOCK + /* The key as passed to the padlock engine. It is only used if + the padlock engine is used (USE_PADLOCK, below). */ + unsigned char padlock_key[16] __attribute__ ((aligned (16))); +#endif /*USE_PADLOCK*/ } u1; union { PROPERLY_ALIGNED_TYPE dummy; byte keyschedule[MAXROUNDS+1][4][4]; } u2; + int rounds; /* Key-length-dependent number of rounds. */ + int decryption_prepared; /* The decryption key schedule is available. */ +#ifdef USE_PADLOCK + int use_padlock; /* Padlock shall be used. */ +#endif /*USE_PADLOCK*/ +#ifdef USE_AESNI + int use_aesni; /* AES-NI shall be used. */ +#endif /*USE_AESNI*/ } RIJNDAEL_context; -#define keySched u1.keyschedule -#define keySched2 u2.keyschedule +/* Macros defining alias for the keyschedules. */ +#define keyschenc u1.keyschedule +#define keyschdec u2.keyschedule +#define padlockkey u1.padlock_key /* All the numbers. */ #include "rijndael-tables.h" @@ -134,7 +148,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) { static int initialized = 0; static const char *selftest_failed=0; - int ROUNDS; + int rounds; int i,j, r, t, rconpointer = 0; int KC; union @@ -177,7 +191,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) if( keylen == 128/8 ) { - ROUNDS = 10; + rounds = 10; KC = 4; if (0) @@ -186,7 +200,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) else if ((_gcry_get_hw_features () & HWF_PADLOCK_AES)) { ctx->use_padlock = 1; - memcpy (ctx->padlock_key, key, keylen); + memcpy (ctx->padlockkey, key, keylen); } #endif #ifdef USE_AESNI @@ -198,7 +212,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) } else if ( keylen == 192/8 ) { - ROUNDS = 12; + rounds = 12; KC = 6; if (0) @@ -212,7 +226,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) } else if ( keylen == 256/8 ) { - ROUNDS = 14; + rounds = 14; KC = 8; if (0) @@ -227,7 +241,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) else return GPG_ERR_INV_KEYLEN; - ctx->ROUNDS = ROUNDS; + ctx->rounds = rounds; #ifdef USE_PADLOCK if (ctx->use_padlock) @@ -238,7 +252,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) else #endif /*USE_PADLOCK*/ { -#define W (ctx->keySched) +#define W (ctx->keyschenc) for (i = 0; i < keylen; i++) { k[i >> 2][i & 3] = key[i]; @@ -251,7 +265,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) r = 0; t = 0; /* Copy values into round key array. */ - for (j = 0; (j < KC) && (r < ROUNDS + 1); ) + for (j = 0; (j < KC) && (r < rounds + 1); ) { for (; (j < KC) && (t < 4); j++, t++) { @@ -264,7 +278,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) } } - while (r < ROUNDS + 1) + while (r < rounds + 1) { /* While not enough round key material calculated calculate new values. */ @@ -298,7 +312,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) } /* Copy values into round key array. */ - for (j = 0; (j < KC) && (r < ROUNDS + 1); ) + for (j = 0; (j < KC) && (r < rounds + 1); ) { for (; (j < KC) && (t < 4); j++, t++) { @@ -343,12 +357,12 @@ prepare_decryption( RIJNDAEL_context *ctx ) /* The AES-NI decrypt instructions use the Equivalent Inverse Cipher, thus we can't use the the standard decrypt key preparation. */ - m128i_t *ekey = (m128i_t*)ctx->keySched; - m128i_t *dkey = (m128i_t*)ctx->keySched2; + m128i_t *ekey = (m128i_t*)ctx->keyschenc; + m128i_t *dkey = (m128i_t*)ctx->keyschdec; int rr; - dkey[0] = ekey[ctx->ROUNDS]; - for (r=1, rr=ctx->ROUNDS-1; r < ctx->ROUNDS; r++, rr--) + dkey[0] = ekey[ctx->rounds]; + for (r=1, rr=ctx->rounds-1; r < ctx->rounds; r++, rr--) { asm volatile ("movdqu %[ekey], %%xmm1\n\t" @@ -372,13 +386,13 @@ prepare_decryption( RIJNDAEL_context *ctx ) for (r=0; r < MAXROUNDS+1; r++ ) { - *((u32*)ctx->keySched2[r][0]) = *((u32*)ctx->keySched[r][0]); - *((u32*)ctx->keySched2[r][1]) = *((u32*)ctx->keySched[r][1]); - *((u32*)ctx->keySched2[r][2]) = *((u32*)ctx->keySched[r][2]); - *((u32*)ctx->keySched2[r][3]) = *((u32*)ctx->keySched[r][3]); + *((u32*)ctx->keyschdec[r][0]) = *((u32*)ctx->keyschenc[r][0]); + *((u32*)ctx->keyschdec[r][1]) = *((u32*)ctx->keyschenc[r][1]); + *((u32*)ctx->keyschdec[r][2]) = *((u32*)ctx->keyschenc[r][2]); + *((u32*)ctx->keyschdec[r][3]) = *((u32*)ctx->keyschenc[r][3]); } -#define W (ctx->keySched2) - for (r = 1; r < ctx->ROUNDS; r++) +#define W (ctx->keyschdec) + for (r = 1; r < ctx->rounds; r++) { w = W[r][0]; *((u32*)w) = *((u32*)U1[w[0]]) ^ *((u32*)U2[w[1]]) @@ -408,8 +422,8 @@ static void do_encrypt_aligned (const RIJNDAEL_context *ctx, unsigned char *b, const unsigned char *a) { -#define rk (ctx->keySched) - int ROUNDS = ctx->ROUNDS; +#define rk (ctx->keyschenc) + int rounds = ctx->rounds; int r; union { @@ -438,7 +452,7 @@ do_encrypt_aligned (const RIJNDAEL_context *ctx, ^ *((u32*)T3[u.temp[1][2]]) ^ *((u32*)T4[u.temp[2][3]])); - for (r = 1; r < ROUNDS-1; r++) + for (r = 1; r < rounds-1; r++) { *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]); *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]); @@ -464,10 +478,10 @@ do_encrypt_aligned (const RIJNDAEL_context *ctx, } /* Last round is special. */ - *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[ROUNDS-1][0]); - *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[ROUNDS-1][1]); - *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[ROUNDS-1][2]); - *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[ROUNDS-1][3]); + *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[rounds-1][0]); + *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[rounds-1][1]); + *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[rounds-1][2]); + *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[rounds-1][3]); b[ 0] = T1[u.temp[0][0]][1]; b[ 1] = T1[u.temp[1][1]][1]; b[ 2] = T1[u.temp[2][2]][1]; @@ -484,10 +498,10 @@ do_encrypt_aligned (const RIJNDAEL_context *ctx, b[13] = T1[u.temp[0][1]][1]; b[14] = T1[u.temp[1][2]][1]; b[15] = T1[u.temp[2][3]][1]; - *((u32*)(b )) ^= *((u32*)rk[ROUNDS][0]); - *((u32*)(b+ 4)) ^= *((u32*)rk[ROUNDS][1]); - *((u32*)(b+ 8)) ^= *((u32*)rk[ROUNDS][2]); - *((u32*)(b+12)) ^= *((u32*)rk[ROUNDS][3]); + *((u32*)(b )) ^= *((u32*)rk[rounds][0]); + *((u32*)(b+ 4)) ^= *((u32*)rk[rounds][1]); + *((u32*)(b+ 8)) ^= *((u32*)rk[rounds][2]); + *((u32*)(b+12)) ^= *((u32*)rk[rounds][3]); #undef rk } @@ -531,7 +545,7 @@ do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag, /* The control word fields are: 127:12 11:10 9 8 7 6 5 4 3:0 RESERVED KSIZE CRYPT INTER KEYGN CIPHR ALIGN DGEST ROUND */ - cword[0] = (ctx->ROUNDS & 15); /* (The mask is just a safeguard.) */ + cword[0] = (ctx->rounds & 15); /* (The mask is just a safeguard.) */ cword[1] = 0; cword[2] = 0; cword[3] = 0; @@ -548,7 +562,7 @@ do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag, ".byte 0xf3, 0x0f, 0xa7, 0xc8\n\t" /* REP XSTORE ECB. */ "xchg %3, %%ebx\n" /* Restore GOT register. */ : /* No output */ - : "S" (a), "D" (b), "d" (cword), "r" (ctx->padlock_key) + : "S" (a), "D" (b), "d" (cword), "r" (ctx->padlockkey) : "%ecx", "cc", "memory" ); @@ -579,7 +593,7 @@ do_aesni_enc_aligned (const RIJNDAEL_context *ctx, int r; m128i_t *key; - key = (m128i_t*)ctx->keySched; + key = (m128i_t*)ctx->keyschenc; asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */ "movdqu %[key], %%xmm1\n\t" @@ -587,7 +601,7 @@ do_aesni_enc_aligned (const RIJNDAEL_context *ctx, : : [src] "m" (*a), [key] "m" (*key)); key++; - for (r = 1; r < ctx->ROUNDS; r++) + for (r = 1; r < ctx->rounds; r++) { asm volatile ("movdqu %[key], %%xmm1\n\t" /*"aesenc %%xmm1, %%xmm0"*/ @@ -611,14 +625,14 @@ do_aesni_dec_aligned (const RIJNDAEL_context *ctx, int r; m128i_t *key; - key = (m128i_t*)ctx->keySched2; + key = (m128i_t*)ctx->keyschdec; asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */ "movdqu %[key], %%xmm1\n\t" "pxor %%xmm1, %%xmm0" /* xmm0 ^= key[0] */ : : [src] "m" (*a), [key] "m" (key[0])); - for (r = 1; r < ctx->ROUNDS; r++) + for (r = 1; r < ctx->rounds; r++) { asm volatile ("movdqu %[key], %%xmm1\n\t" /*"aesdec %%xmm1, %%xmm0"*/ @@ -800,8 +814,8 @@ static void do_decrypt_aligned (RIJNDAEL_context *ctx, unsigned char *b, const unsigned char *a) { -#define rk (ctx->keySched2) - int ROUNDS = ctx->ROUNDS; +#define rk (ctx->keyschdec) + int rounds = ctx->rounds; int r; union { @@ -810,10 +824,10 @@ do_decrypt_aligned (RIJNDAEL_context *ctx, } u; - *((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[ROUNDS][0]); - *((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[ROUNDS][1]); - *((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[ROUNDS][2]); - *((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[ROUNDS][3]); + *((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[rounds][0]); + *((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[rounds][1]); + *((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[rounds][2]); + *((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[rounds][3]); *((u32*)(b )) = (*((u32*)T5[u.temp[0][0]]) ^ *((u32*)T6[u.temp[3][1]]) @@ -832,7 +846,7 @@ do_decrypt_aligned (RIJNDAEL_context *ctx, ^ *((u32*)T7[u.temp[1][2]]) ^ *((u32*)T8[u.temp[0][3]])); - for (r = ROUNDS-1; r > 1; r--) + for (r = rounds-1; r > 1; r--) { *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]); *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]); ----------------------------------------------------------------------- Summary of changes: cipher/ChangeLog | 15 +++ cipher/cipher.c | 15 ++-- cipher/rijndael.c | 252 +++++++++++++++++++++++++++++++---------------------- tests/ChangeLog | 4 + tests/benchmark.c | 38 +++++++- 5 files changed, 210 insertions(+), 114 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 15 09:51:13 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 15 Feb 2011 09:51:13 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-10-g90dcc0c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 90dcc0c3ada60249629cf43c6f8bacd4e703f0d3 (commit) from e1c38a7ff56c4dfc2e83c35c4ad56f9bd8a9a059 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 90dcc0c3ada60249629cf43c6f8bacd4e703f0d3 Author: Werner Koch Date: Tue Feb 15 09:29:01 2011 +0100 Fix ChnageLog entries. diff --git a/ChangeLog b/ChangeLog index 03e2399..17d049f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,7 +1,3 @@ -2011-02-11 Andrey Jivsov - - * fixed --list-keys on Linux64 bit - 2011-02-04 Werner Koch * autogen.sh: Ensure that the git pre-commit hoom has been diff --git a/common/ChangeLog b/common/ChangeLog index 4d07a49..f6380c6 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,8 @@ +2011-02-11 Andrey Jivsov + + * openpgp-oid.c (openpgp_oid_to_str): Use unsigned int for + get_opaque. Fixes a bug on 64 bit platforms. + 2011-02-08 Werner Koch * http.c (connect_server): Add arg R_HOST_NOT_FOUND. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 ---- common/ChangeLog | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 15 19:01:40 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 15 Feb 2011 19:01:40 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-7-gb825c5d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via b825c5db17292988d261fefdc83cbc43d97d4b02 (commit) via 83f80d39c3feddc7e055525d47dcf3f069801e89 (commit) from cdedad711a77befcd018e14298ab94a478a822de (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b825c5db17292988d261fefdc83cbc43d97d4b02 Author: Werner Koch Date: Tue Feb 15 18:37:43 2011 +0100 Add asm code to use aeskeygenassist. However, this code is disabled right now. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 20d1962..af3bfde 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -7,6 +7,7 @@ (rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) (rijndael_decrypt, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use these macros. Don't burn the stack in the USE_AESNI case. + (do_setkey): Add disabled code to use aeskeygenassis. 2011-02-14 Werner Koch diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 1955ae1..50fb393 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -37,21 +37,6 @@ * */ -/* FIXME: - - Most important: - For AES-NI we should use a prepare and depreparse function which - can take care of clearing registers we used for sensitive stuff - etc. Need to read the Intel ABI specs to see how to handel SSE - registers. - - Future stuff: - - - Use AESKEYGENASSIST. - - - Make better use of the CPU pipelines. -*/ - #include #include #include @@ -262,14 +247,80 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) ctx->rounds = rounds; + if (0) + ; #ifdef USE_PADLOCK - if (ctx->use_padlock) + else if (ctx->use_padlock) { /* Nothing to do as we support only hardware key generation for now. */ } - else #endif /*USE_PADLOCK*/ +#ifdef USE_AESNI_is_disabled_here + else if (ctx->use_aesni && ctx->rounds == 10) + { + /* Note: This code works for AES-128 but it is not much better + than than using the standard key schedule. We disable it for + now and don't put any effort into implementing this for + AES-192 and AES-256. */ + asm volatile ("movl %[key], %%esi\n\t" + "movdqu (%%esi), %%xmm1\n\t" /* xmm1 := key */ + "movl %[ksch], %%esi\n\t" + "movdqa %%xmm1, (%%esi)\n\t" /* ksch[0] := xmm1 */ + "aeskeygenassist $0x01, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x10(%%esi)\n\t" /* ksch[1] := xmm1 */ + "aeskeygenassist $0x02, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x20(%%esi)\n\t" /* ksch[2] := xmm1 */ + "aeskeygenassist $0x04, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x30(%%esi)\n\t" /* ksch[3] := xmm1 */ + "aeskeygenassist $0x08, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x40(%%esi)\n\t" /* ksch[4] := xmm1 */ + "aeskeygenassist $0x10, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x50(%%esi)\n\t" /* ksch[5] := xmm1 */ + "aeskeygenassist $0x20, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x60(%%esi)\n\t" /* ksch[6] := xmm1 */ + "aeskeygenassist $0x40, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x70(%%esi)\n\t" /* ksch[7] := xmm1 */ + "aeskeygenassist $0x80, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x80(%%esi)\n\t" /* ksch[8] := xmm1 */ + "aeskeygenassist $0x1b, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0x90(%%esi)\n\t" /* ksch[9] := xmm1 */ + "aeskeygenassist $0x36, %%xmm1, %%xmm2\n\t" + "call .Lexpand128_%=\n\t" + "movdqa %%xmm1, 0xa0(%%esi)\n\t" /* ksch[10] := xmm1 */ + "jmp .Lleave%=\n" + + ".Lexpand128_%=:\n\t" + "pshufd $0xff, %%xmm2, %%xmm2\n\t" + "movdqa %%xmm1, %%xmm3\n\t" + "pslldq $4, %%xmm3\n\t" + "pxor %%xmm3, %%xmm1\n\t" + "pslldq $4, %%xmm3\n\t" + "pxor %%xmm3, %%xmm1\n\t" + "pslldq $4, %%xmm3\n\t" + "pxor %%xmm3, %%xmm2\n\t" + "pxor %%xmm2, %%xmm1\n\t" + "ret\n" + + ".Lleave%=:\n\t" + "pxor %%xmm1, %%xmm1\n\t" + "pxor %%xmm2, %%xmm2\n\t" + "pxor %%xmm3, %%xmm3\n" + : + : [key] "g" (key), [ksch] "g" (ctx->keyschenc) + : "%esi", "cc", "memory" ); + } +#endif /*USE_AESNI*/ + else { #define W (ctx->keyschenc) for (i = 0; i < keylen; i++) @@ -1202,6 +1253,8 @@ selftest_basic_128 (void) { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + /* 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, */ + /* 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c */ }; static const unsigned char ciphertext_128[16] = { diff --git a/tests/ChangeLog b/tests/ChangeLog index 9334521..6d7fb13 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,8 @@ +2011-02-15 Werner Koch + + * benchmark.c: Add option --cipher-with-keysetup. + (cipher_bench): Implement this option. + 2011-02-14 Werner Koch * benchmark.c: Add option --alignment. diff --git a/tests/benchmark.c b/tests/benchmark.c index 465f1b5..536b76a 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -54,6 +54,9 @@ static int hash_repetitions; /* Alignment of the buffers. */ static int buffer_alignment; +/* Whether to include the keysetup in the cipher timings. */ +static int cipher_with_keysetup; + /* Whether fips mode was active at startup. */ static int in_fips_mode; @@ -619,13 +622,16 @@ cipher_bench ( const char *algoname ) exit (1); } - err = gcry_cipher_setkey (hd, key, keylen); - if (err) - { - fprintf (stderr, "gcry_cipher_setkey failed: %s\n", - gpg_strerror (err)); - gcry_cipher_close (hd); - exit (1); + if (!cipher_with_keysetup) + { + err = gcry_cipher_setkey (hd, key, keylen); + if (err) + { + fprintf (stderr, "gcry_cipher_setkey failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } } buflen = allocated_buflen; @@ -634,7 +640,20 @@ cipher_bench ( const char *algoname ) start_timer (); for (i=err=0; !err && i < repetitions; i++) - err = gcry_cipher_encrypt ( hd, outbuf, buflen, buf, buflen); + { + if (cipher_with_keysetup) + { + err = gcry_cipher_setkey (hd, key, keylen); + if (err) + { + fprintf (stderr, "gcry_cipher_setkey failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } + } + err = gcry_cipher_encrypt ( hd, outbuf, buflen, buf, buflen); + } stop_timer (); printf (" %s", elapsed_time ()); @@ -654,18 +673,34 @@ cipher_bench ( const char *algoname ) exit (1); } - err = gcry_cipher_setkey (hd, key, keylen); - if (err) + if (!cipher_with_keysetup) { - fprintf (stderr, "gcry_cipher_setkey failed: %s\n", - gpg_strerror (err)); - gcry_cipher_close (hd); - exit (1); + err = gcry_cipher_setkey (hd, key, keylen); + if (err) + { + fprintf (stderr, "gcry_cipher_setkey failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } } start_timer (); for (i=err=0; !err && i < repetitions; i++) - err = gcry_cipher_decrypt ( hd, outbuf, buflen, buf, buflen); + { + if (cipher_with_keysetup) + { + err = gcry_cipher_setkey (hd, key, keylen); + if (err) + { + fprintf (stderr, "gcry_cipher_setkey failed: %s\n", + gpg_strerror (err)); + gcry_cipher_close (hd); + exit (1); + } + } + err = gcry_cipher_decrypt ( hd, outbuf, buflen, buf, buflen); + } stop_timer (); printf (" %s", elapsed_time ()); fflush (stdout); @@ -1119,6 +1154,11 @@ main( int argc, char **argv ) argc--; argv++; } } + else if (!strcmp (*argv, "--cipher-with-keysetup")) + { + cipher_with_keysetup = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--hash-repetitions")) { argc--; argv++; commit 83f80d39c3feddc7e055525d47dcf3f069801e89 Author: Werner Koch Date: Tue Feb 15 14:38:02 2011 +0100 Change more AES-NI code into plain asm diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 787fe20..20d1962 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,13 @@ +2011-02-15 Werner Koch + + * rijndael.c (do_aesni_enc_aligned, do_aesni_dec_aligned): Use + movdqa for the key but keep using movdqu for the data. + (do_aesni): Remove alignment detection. Don't burn the stack. + (aesni_prepare, aesni_cleanup): New macros. + (rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) + (rijndael_decrypt, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use + these macros. Don't burn the stack in the USE_AESNI case. + 2011-02-14 Werner Koch * rijndael.c (ATTR_ALIGNED_16): New @@ -5,7 +15,7 @@ (do_encrypt, do_decrypt): Ditto. (rijndael_decrypt, rijndael_encrypt): Increase stack burning amount. - * rijndael.c (RIJNDAEL_context): Reorder fields. Chnage filedname + * rijndael.c (RIJNDAEL_context): Reorder fields. Change fieldname ROUNDS to rounds. Move padlock_key into u1. (keySched, keySched2): Rename macros to keyscherr and keyschdec and change all users. diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 43d7e67..1955ae1 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -45,13 +45,7 @@ etc. Need to read the Intel ABI specs to see how to handel SSE registers. - Furuture stuff: - - - Do the AES-NI code all in asm to avoid extra register loads and - unloads. - - - Make use of aligned move instructions. This requires that we - align the keyschedule filed in the context. + Future stuff: - Use AESKEYGENASSIST. @@ -146,6 +140,23 @@ typedef struct #define keyschdec u2.keyschedule #define padlockkey u1.padlock_key +/* Two macros to be called prior and after the use of AESNI + instructions. There should be no external function calls between + the use of these macros. There purpose is to make sure that the + SSE regsiters are cleared and won't reveal any information about + the key or the data. */ +#ifdef USE_AESNI +# define aesni_prepare() do { } while (0) +# define aesni_cleanup() \ + do { asm volatile ("pxor %%xmm0, %%xmm0\n\t" \ + "pxor %%xmm1, %%xmm1\n" :: ); \ + } while (0) +#else +# define aesni_prepare() do { } while (0) +# define aesni_cleanup() do { } while (0) +#endif + + /* All the numbers. */ #include "rijndael-tables.h" @@ -587,8 +598,9 @@ do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag, #endif /*USE_PADLOCK*/ +#ifdef USE_AESNI /* Encrypt one block using the Intel AES-NI instructions. A and B may - be the same; then need to be properly aligned to 16 bytes. + be the same; they need to be properly aligned to 16 bytes. Our problem here is that gcc does not allow the "x" constraint for SSE registers in asm unless you compile with -msse. The common @@ -598,102 +610,139 @@ do_padlock (const RIJNDAEL_context *ctx, int decrypt_flag, instead is to use standard registers and a bit more of plain asm which copies the data and key stuff to the SSE registers and later back. If we decide to implement some block modes with parallelized - aES instructions, it might indeed be better to use plain asm ala + AES instructions, it might indeed be better to use plain asm ala mpi/. */ -#ifdef USE_AESNI static void do_aesni_enc_aligned (const RIJNDAEL_context *ctx, unsigned char *b, const unsigned char *a) { - int r; - m128i_t *key; - - key = (m128i_t*)ctx->keyschenc; - - asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */ - "movdqu %[key], %%xmm1\n\t" - "pxor %%xmm1, %%xmm0" /* xmm0 ^= key[0] */ - : : [src] "m" (*a), [key] "m" (*key)); - - key++; - for (r = 1; r < ctx->rounds; r++) - { - asm volatile ("movdqu %[key], %%xmm1\n\t" - /*"aesenc %%xmm1, %%xmm0"*/ - ".byte 0x66, 0x0f, 0x38, 0xdc, 0xc1" - : : [key] "m" (*key) ); - key++; - } - asm volatile ("movdqu %[key], %%xmm1\n\t" - /*"aesenclast %%xmm1, %%xmm0"*/ - ".byte 0x66, 0x0f, 0x38, 0xdd, 0xc1" - : : [key] "m" (*key) ); - - asm volatile ("movdqu %%xmm0, %[dst]" - : [dst] "=m" (*b)); +#define aesenc_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xc1\n\t" +#define aesenclast_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdd, 0xc1\n\t" + /* Note: For now we relax the alignment requirement for A and B: It + does not make much difference because in many case we would need + to memcpy them to an extra buffer; using the movdqu is much faster + that memcpy and movdqa. For CFB we know that the IV is properly + aligned but that is a special case. We should better implement + CFB direct in asm. */ + asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */ + "movl %[key], %%esi\n\t" /* esi := keyschenc */ + "movdqa (%%esi), %%xmm1\n\t" /* xmm1 := key[0] */ + "pxor %%xmm1, %%xmm0\n\t" /* xmm0 ^= key[0] */ + "movdqa 0x10(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x20(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x30(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x40(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x50(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x60(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x70(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x80(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x90(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xa0(%%esi), %%xmm1\n\t" + "cmp $10, %[rounds]\n\t" + "jz .Lenclast%=\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xb0(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xc0(%%esi), %%xmm1\n\t" + "cmp $12, %[rounds]\n\t" + "jz .Lenclast%=\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xd0(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xe0(%%esi), %%xmm1\n" + + ".Lenclast%=:\n\t" + aesenclast_xmm1_xmm0 + "movdqu %%xmm0, %[dst]\n" + : [dst] "=m" (*b) + : [src] "m" (*a), + [key] "r" (ctx->keyschenc), + [rounds] "r" (ctx->rounds) + : "%esi", "cc", "memory"); +#undef aesenc_xmm1_xmm0 +#undef aesenclast_xmm1_xmm0 } + static void do_aesni_dec_aligned (const RIJNDAEL_context *ctx, unsigned char *b, const unsigned char *a) { - int r; - m128i_t *key; - - key = (m128i_t*)ctx->keyschdec; - - asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */ - "movdqu %[key], %%xmm1\n\t" - "pxor %%xmm1, %%xmm0" /* xmm0 ^= key[0] */ - : : [src] "m" (*a), [key] "m" (key[0])); - - for (r = 1; r < ctx->rounds; r++) - { - asm volatile ("movdqu %[key], %%xmm1\n\t" - /*"aesdec %%xmm1, %%xmm0"*/ - ".byte 0x66, 0x0f, 0x38, 0xde, 0xc1" - : : [key] "m" (key[r]) ); - } - asm volatile ("movdqu %[key], %%xmm1\n\t" - /*"aesdeclast %%xmm1, %%xmm0"*/ - ".byte 0x66, 0x0f, 0x38, 0xdf, 0xc1" - : : [key] "m" (key[r]) ); - - asm volatile ("movdqu %%xmm0, %[dst]" - : [dst] "=m" (*b)); +#define aesdec_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xde, 0xc1\n\t" +#define aesdeclast_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdf, 0xc1\n\t" + asm volatile ("movdqu %[src], %%xmm0\n\t" /* xmm0 := *a */ + "movl %[key], %%esi\n\t" + "movdqa (%%esi), %%xmm1\n\t" + "pxor %%xmm1, %%xmm0\n\t" /* xmm0 ^= key[0] */ + "movdqa 0x10(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0x20(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0x30(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0x40(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0x50(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0x60(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0x70(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0x80(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0x90(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0xa0(%%esi), %%xmm1\n\t" + "cmp $10, %[rounds]\n\t" + "jz .Ldeclast%=\n\t" + aesdec_xmm1_xmm0 + "movdqa 0xb0(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0xc0(%%esi), %%xmm1\n\t" + "cmp $12, %[rounds]\n\t" + "jz .Ldeclast%=\n\t" + aesdec_xmm1_xmm0 + "movdqa 0xd0(%%esi), %%xmm1\n\t" + aesdec_xmm1_xmm0 + "movdqa 0xe0(%%esi), %%xmm1\n" + + ".Ldeclast%=:\n\t" + aesdeclast_xmm1_xmm0 + "movdqu %%xmm0, %[dst]\n" + : [dst] "=m" (*b) + : [src] "m" (*a), + [key] "r" (ctx->keyschdec), + [rounds] "r" (ctx->rounds) + : "%esi", "cc", "memory"); +#undef aesdec_xmm1_xmm0 +#undef aesdeclast_xmm1_xmm0 } static void do_aesni (RIJNDAEL_context *ctx, int decrypt_flag, unsigned char *bx, const unsigned char *ax) { - if (decrypt_flag && !ctx->decryption_prepared ) - { - prepare_decryption ( ctx ); - ctx->decryption_prepared = 1; - } - /* BX and AX are not necessary correctly aligned. Thus we might - need to copy them here. */ - if (((size_t)ax & 0x0f) || ((size_t)bx & 0x0f)) + if (decrypt_flag) { - unsigned char a[16] __attribute__ ((aligned (16))); - unsigned char b[16] __attribute__ ((aligned (16))); - - memcpy (a, ax, 16); - if (decrypt_flag) - do_aesni_dec_aligned (ctx, b, a); - else - do_aesni_enc_aligned (ctx, b, a); - memcpy (bx, b, 16); + if (!ctx->decryption_prepared ) + { + prepare_decryption ( ctx ); + ctx->decryption_prepared = 1; + } + do_aesni_dec_aligned (ctx, bx, ax); } else - { - if (decrypt_flag) - do_aesni_dec_aligned (ctx, bx, ax); - else - do_aesni_enc_aligned (ctx, bx, ax); - } + do_aesni_enc_aligned (ctx, bx, ax); } #endif /*USE_AESNI*/ @@ -715,8 +764,9 @@ rijndael_encrypt (void *context, byte *b, const byte *a) #ifdef USE_AESNI else if (ctx->use_aesni) { + aesni_prepare (); do_aesni (ctx, 0, b, a); - _gcry_burn_stack (48 + 15 /* possible padding for alignment */); + aesni_cleanup (); } #endif /*USE_AESNI*/ else @@ -761,6 +811,7 @@ _gcry_aes_cfb_enc (void *context, unsigned char *iv, #ifdef USE_AESNI else if (ctx->use_aesni) { + aesni_prepare (); for ( ;nblocks; nblocks-- ) { /* Encrypt the IV. */ @@ -769,6 +820,7 @@ _gcry_aes_cfb_enc (void *context, unsigned char *iv, for (ivp=iv,i=0; i < BLOCKSIZE; i++ ) *outbuf++ = (*ivp++ ^= *inbuf++); } + aesni_cleanup (); } #endif /*USE_AESNI*/ else @@ -802,6 +854,7 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, unsigned char *ivp; int i; + aesni_prepare (); for ( ;nblocks; nblocks-- ) { for (ivp=iv, i=0; i < BLOCKSIZE; i++ ) @@ -825,6 +878,7 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, if (!cbc_mac) outbuf += BLOCKSIZE; } + aesni_cleanup (); _gcry_burn_stack (48 + 2*sizeof(int)); } @@ -979,8 +1033,9 @@ rijndael_decrypt (void *context, byte *b, const byte *a) #ifdef USE_AESNI else if (ctx->use_aesni) { + aesni_prepare (); do_aesni (ctx, 1, b, a); - _gcry_burn_stack (48 + 2*sizeof(int) /* FIXME */); + aesni_cleanup (); } #endif /*USE_AESNI*/ else @@ -1028,6 +1083,7 @@ _gcry_aes_cfb_dec (void *context, unsigned char *iv, #ifdef USE_AESNI else if (ctx->use_aesni) { + aesni_prepare (); for ( ;nblocks; nblocks-- ) { do_aesni_enc_aligned (ctx, iv, iv); @@ -1038,6 +1094,7 @@ _gcry_aes_cfb_dec (void *context, unsigned char *iv, *ivp++ = temp; } } + aesni_cleanup (); } #endif /*USE_AESNI*/ else @@ -1074,6 +1131,7 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, int i; unsigned char savebuf[BLOCKSIZE]; + aesni_prepare (); for ( ;nblocks; nblocks-- ) { /* We need to save INBUF away because it may be identical to @@ -1099,6 +1157,7 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, inbuf += BLOCKSIZE; outbuf += BLOCKSIZE; } + aesni_cleanup (); _gcry_burn_stack (48 + 2*sizeof(int) + BLOCKSIZE + 4*sizeof (char*)); } @@ -1115,6 +1174,7 @@ selftest_basic_128 (void) /* The test vectors are from the AES supplied ones; more or less randomly taken from ecb_tbl.txt (I=42,81,14) */ +#if 1 static const unsigned char plaintext_128[16] = { 0x01,0x4B,0xAF,0x22,0x78,0xA6,0x9D,0x33, @@ -1130,22 +1190,25 @@ selftest_basic_128 (void) 0x67,0x43,0xC3,0xD1,0x51,0x9A,0xB4,0xF2, 0xCD,0x9A,0x78,0xAB,0x09,0xA5,0x11,0xBD }; - /* /\* Test vectors from fips-197, appendix C. *\/ */ - /* static const unsigned char plaintext_128[16] = */ - /* { */ - /* 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, */ - /* 0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff */ - /* }; */ - /* static const unsigned char key_128[16] = */ - /* { */ - /* 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, */ - /* 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f */ - /* }; */ - /* static const unsigned char ciphertext_128[16] = */ - /* { */ - /* 0x69,0xc4,0xe0,0xd8,0x6a,0x7b,0x04,0x30, */ - /* 0xd8,0xcd,0xb7,0x80,0x70,0xb4,0xc5,0x5a */ - /* }; */ +#else + /* Test vectors from fips-197, appendix C. */ +# warning debug test vectors in use + static const unsigned char plaintext_128[16] = + { + 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, + 0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff + }; + static const unsigned char key_128[16] = + { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + }; + static const unsigned char ciphertext_128[16] = + { + 0x69,0xc4,0xe0,0xd8,0x6a,0x7b,0x04,0x30, + 0xd8,0xcd,0xb7,0x80,0x70,0xb4,0xc5,0x5a + }; +#endif rijndael_setkey (&ctx, key_128, sizeof (key_128)); rijndael_encrypt (&ctx, scratch, plaintext_128); ----------------------------------------------------------------------- Summary of changes: cipher/ChangeLog | 13 ++- cipher/rijndael.c | 350 +++++++++++++++++++++++++++++++++++------------------ tests/ChangeLog | 5 + tests/benchmark.c | 70 +++++++++--- 4 files changed, 305 insertions(+), 133 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 16 17:49:38 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 16 Feb 2011 17:49:38 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-8-gd9795cf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via d9795cfdd758e2aa22e7ab8a6790e2915d1f5334 (commit) from b825c5db17292988d261fefdc83cbc43d97d4b02 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d9795cfdd758e2aa22e7ab8a6790e2915d1f5334 Author: Werner Koch Date: Wed Feb 16 17:17:49 2011 +0100 Improved AES-CFB performance using AES-NI insn. There is also a new regression test which tests the bulk encryption methods we have for a few ciphers (namely AES). A bug in them could have slipped through because we only did encrypt-decrypt tests but didn't compared them to fixed vectors. Benchmarks using gcc 4.4 show a 7 fold speed improvement for CFB encryption and 14 for decryption. This is a bit strange; someone should check the code to see why we have this difference. Without AESNI (undef USE_AESNI in rijndael.c): $ ./benchmark --cipher-repetitions 100 --alignment 16 cipher aes aes256 Running each test 100 times. ECB/Stream CBC CFB OFB CTR --------------- --------------- --------------- --------------- --------------- AES 1370ms 1430ms 1140ms 1190ms 1120ms 1130ms 1520ms 1540ms 1780ms 1770ms AES256 1780ms 1850ms 1530ms 1610ms 1540ms 1530ms 1930ms 1960ms 2180ms 2180ms With AESNI: $ ./benchmark --cipher-repetitions 100 --alignment 16 cipher aes aes256 Running each test 100 times. ECB/Stream CBC CFB OFB CTR --------------- --------------- --------------- --------------- --------------- AES 80ms 100ms 240ms 220ms 140ms 70ms 300ms 290ms 490ms 510ms AES256 130ms 130ms 290ms 270ms 200ms 100ms 340ms 340ms 470ms 470ms $ ./benchmark --cipher-repetitions 100 --alignment 0 cipher aes aes256 Running each test 100 times. ECB/Stream CBC CFB OFB CTR --------------- --------------- --------------- --------------- --------------- AES 80ms 90ms 240ms 230ms 150ms 80ms 290ms 300ms 500ms 530ms AES256 130ms 130ms 290ms 260ms 190ms 110ms 340ms 340ms 470ms 490ms diff --git a/cipher/ChangeLog b/cipher/ChangeLog index af3bfde..85dd43f 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,8 @@ +2011-02-16 Werner Koch + + * rijndael.c (do_aesni_cfb) [USE_AESNI]: New. + (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec) [USE_AESNI]: Use new fucntion. + 2011-02-15 Werner Koch * rijndael.c (do_aesni_enc_aligned, do_aesni_dec_aligned): Use @@ -7,7 +12,7 @@ (rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc) (rijndael_decrypt, _gcry_aes_cfb_dec, _gcry_aes_cbc_dec): Use these macros. Don't burn the stack in the USE_AESNI case. - (do_setkey): Add disabled code to use aeskeygenassis. + (do_setkey): Add disabled code to use aeskeygenassist. 2011-02-14 Werner Koch diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 50fb393..4c49847 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -220,7 +220,9 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) KC = 6; if (0) - ; + { + ; + } #ifdef USE_AESNI else if ((_gcry_get_hw_features () & HWF_INTEL_AESNI)) { @@ -234,7 +236,9 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) KC = 8; if (0) - ; + { + ; + } #ifdef USE_AESNI else if ((_gcry_get_hw_features () & HWF_INTEL_AESNI)) { @@ -778,6 +782,77 @@ do_aesni_dec_aligned (const RIJNDAEL_context *ctx, #undef aesdeclast_xmm1_xmm0 } + +/* Perform a CFB encryption or decryption round using the + initialization vector IV and the input block A. Write the result + to the output block B and update IV. IV needs to be 16 byte + aligned. */ +static void +do_aesni_cfb (const RIJNDAEL_context *ctx, int decrypt_flag, + unsigned char *iv, unsigned char *b, const unsigned char *a) +{ +#define aesenc_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xc1\n\t" +#define aesenclast_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdd, 0xc1\n\t" + asm volatile ("movdqa %[iv], %%xmm0\n\t" /* xmm0 := IV */ + "movl %[key], %%esi\n\t" /* esi := keyschenc */ + "movdqa (%%esi), %%xmm1\n\t" /* xmm1 := key[0] */ + "pxor %%xmm1, %%xmm0\n\t" /* xmm0 ^= key[0] */ + "movdqa 0x10(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x20(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x30(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x40(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x50(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x60(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x70(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x80(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x90(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xa0(%%esi), %%xmm1\n\t" + "cmp $10, %[rounds]\n\t" + "jz .Lenclast%=\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xb0(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xc0(%%esi), %%xmm1\n\t" + "cmp $12, %[rounds]\n\t" + "jz .Lenclast%=\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xd0(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xe0(%%esi), %%xmm1\n" + + ".Lenclast%=:\n\t" + aesenclast_xmm1_xmm0 + "movdqu %[src], %%xmm1\n\t" /* Save input. */ + "pxor %%xmm1, %%xmm0\n\t" /* xmm0 = input ^ IV */ + + "cmp $1, %[decrypt]\n\t" + "jz .Ldecrypt_%=\n\t" + "movdqa %%xmm0, %[iv]\n\t" /* [encrypt] Store IV. */ + "jmp .Lleave_%=\n" + ".Ldecrypt_%=:\n\t" + "movdqa %%xmm1, %[iv]\n" /* [decrypt] Store IV. */ + ".Lleave_%=:\n\t" + "movdqu %%xmm0, %[dst]\n" /* Store output. */ + : [iv] "+m" (*iv), [dst] "=m" (*b) + : [src] "m" (*a), + [key] "g" (ctx->keyschenc), + [rounds] "g" (ctx->rounds), + [decrypt] "m" (decrypt_flag) + : "%esi", "cc", "memory"); +#undef aesenc_xmm1_xmm0 +#undef aesenclast_xmm1_xmm0 +} + + static void do_aesni (RIJNDAEL_context *ctx, int decrypt_flag, unsigned char *bx, const unsigned char *ax) @@ -865,11 +940,9 @@ _gcry_aes_cfb_enc (void *context, unsigned char *iv, aesni_prepare (); for ( ;nblocks; nblocks-- ) { - /* Encrypt the IV. */ - do_aesni_enc_aligned (ctx, iv, iv); - /* XOR the input with the IV and store input into IV. */ - for (ivp=iv,i=0; i < BLOCKSIZE; i++ ) - *outbuf++ = (*ivp++ ^= *inbuf++); + do_aesni_cfb (ctx, 0, iv, outbuf, inbuf); + outbuf += BLOCKSIZE; + inbuf += BLOCKSIZE; } aesni_cleanup (); } @@ -1137,13 +1210,9 @@ _gcry_aes_cfb_dec (void *context, unsigned char *iv, aesni_prepare (); for ( ;nblocks; nblocks-- ) { - do_aesni_enc_aligned (ctx, iv, iv); - for (ivp=iv,i=0; i < BLOCKSIZE; i++ ) - { - temp = *inbuf++; - *outbuf++ = *ivp ^ temp; - *ivp++ = temp; - } + do_aesni_cfb (ctx, 1, iv, outbuf, inbuf); + outbuf += BLOCKSIZE; + inbuf += BLOCKSIZE; } aesni_cleanup (); } diff --git a/tests/ChangeLog b/tests/ChangeLog index 6d7fb13..c674f12 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,9 @@ +2011-02-16 Werner Koch + + * basic.c (DIM): New. + (check_bulk_cipher_modes): New. + (main): Run new test. + 2011-02-15 Werner Koch * benchmark.c: Add option --cipher-with-keysetup. diff --git a/tests/basic.c b/tests/basic.c index 066ae41..bcc39cc 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -28,6 +28,11 @@ #include "../src/gcrypt.h" +#ifndef DIM +# define DIM(v) (sizeof(v)/sizeof((v)[0])) +#endif + + typedef struct test_spec_pubkey_key { const char *secret; @@ -983,6 +988,245 @@ check_ofb_cipher (void) fprintf (stderr, " Completed OFB checks.\n"); } + +/* Check that our bulk encryption fucntions work properly. */ +static void +check_bulk_cipher_modes (void) +{ + struct + { + int algo; + int mode; + const char *key; + int keylen; + const char *iv; + int ivlen; + char t1_hash[20]; + } tv[] = { + { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CFB, + "abcdefghijklmnop", 16, + "1234567890123456", 16, +/*[0]*/ + { 0x53, 0xda, 0x27, 0x3c, 0x78, 0x3d, 0x54, 0x66, 0x19, 0x63, + 0xd7, 0xe6, 0x20, 0x10, 0xcd, 0xc0, 0x5a, 0x0b, 0x06, 0xcc } + }, + { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB, + "abcdefghijklmnopABCDEFG", 24, + "1234567890123456", 16, +/*[1]*/ + { 0xc7, 0xb1, 0xd0, 0x09, 0x95, 0x04, 0x34, 0x61, 0x2b, 0xd9, + 0xcb, 0xb3, 0xc7, 0xcb, 0xef, 0xea, 0x16, 0x19, 0x9b, 0x3e } + }, + { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB, + "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, + "1234567890123456", 16, +/*[2]*/ + { 0x31, 0xe1, 0x1f, 0x63, 0x65, 0x47, 0x8c, 0x3f, 0x53, 0xdb, + 0xd9, 0x4d, 0x91, 0x1d, 0x02, 0x9c, 0x05, 0x25, 0x58, 0x29 } + }, + { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CBC, + "abcdefghijklmnop", 16, + "1234567890123456", 16, +/*[3]*/ + { 0xdc, 0x0c, 0xc2, 0xd9, 0x6b, 0x47, 0xf9, 0xeb, 0x06, 0xb4, + 0x2f, 0x6e, 0xec, 0x72, 0xbf, 0x55, 0x26, 0x7f, 0xa9, 0x97 } + }, + { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC, + "abcdefghijklmnopABCDEFG", 24, + "1234567890123456", 16, +/*[4]*/ + { 0x2b, 0x90, 0x9b, 0xe6, 0x40, 0xab, 0x6e, 0xc2, 0xc5, 0xb1, + 0x87, 0xf5, 0x43, 0x84, 0x7b, 0x04, 0x06, 0x47, 0xd1, 0x8f } + }, + { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC, + "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, + "1234567890123456", 16, +/*[5]*/ + { 0xaa, 0xa8, 0xdf, 0x03, 0xb0, 0xba, 0xc4, 0xe3, 0xc1, 0x02, + 0x38, 0x31, 0x8d, 0x86, 0xcb, 0x49, 0x6d, 0xad, 0xae, 0x01 } + }, + { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_OFB, + "abcdefghijklmnop", 16, + "1234567890123456", 16, +/*[6]*/ + { 0x65, 0xfe, 0xde, 0x48, 0xd0, 0xa1, 0xa6, 0xf9, 0x24, 0x6b, + 0x52, 0x5f, 0x21, 0x8a, 0x6f, 0xc7, 0x70, 0x3b, 0xd8, 0x4a } + }, + { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB, + "abcdefghijklmnopABCDEFG", 24, + "1234567890123456", 16, +/*[7]*/ + { 0x59, 0x5b, 0x02, 0xa2, 0x88, 0xc0, 0xbe, 0x94, 0x43, 0xaa, + 0x39, 0xf6, 0xbd, 0xcc, 0x83, 0x99, 0xee, 0x00, 0xa1, 0x91 } + }, + { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB, + "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, + "1234567890123456", 16, +/*[8]*/ + { 0x38, 0x8c, 0xe1, 0xe2, 0xbe, 0x67, 0x60, 0xe8, 0xeb, 0xce, + 0xd0, 0xc6, 0xaa, 0xd6, 0xf6, 0x26, 0x15, 0x56, 0xd0, 0x2b } + }, + { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_CTR, + "abcdefghijklmnop", 16, + "1234567890123456", 16, +/*[9]*/ + { 0x9a, 0x48, 0x94, 0xd6, 0x50, 0x46, 0x81, 0xdb, 0x68, 0x34, + 0x3b, 0xc5, 0x9e, 0x66, 0x94, 0x81, 0x98, 0xa0, 0xf9, 0xff } + }, + { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR, + "abcdefghijklmnopABCDEFG", 24, + "1234567890123456", 16, +/*[10]*/ + { 0x2c, 0x2c, 0xd3, 0x75, 0x81, 0x2a, 0x59, 0x07, 0xeb, 0x08, + 0xce, 0x28, 0x4c, 0x0c, 0x6a, 0xa8, 0x8f, 0xa3, 0x98, 0x7e } + }, + { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR, + "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, + "1234567890123456", 16, +/*[11]*/ + { 0x64, 0xce, 0x73, 0x03, 0xc7, 0x89, 0x99, 0x1f, 0xf1, 0xce, + 0xfe, 0xfb, 0xb9, 0x42, 0x30, 0xdf, 0xbb, 0x68, 0x6f, 0xd3 } + }, + { GCRY_CIPHER_AES, GCRY_CIPHER_MODE_ECB, + "abcdefghijklmnop", 16, + "1234567890123456", 16, +/*[12]*/ + { 0x51, 0xae, 0xf5, 0xac, 0x22, 0xa0, 0xba, 0x11, 0xc5, 0xaa, + 0xb4, 0x70, 0x99, 0xce, 0x18, 0x08, 0x12, 0x9b, 0xb1, 0xc5 } + }, + { GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB, + "abcdefghijklmnopABCDEFG", 24, + "1234567890123456", 16, +/*[13]*/ + { 0x57, 0x91, 0xea, 0x48, 0xd8, 0xbf, 0x9e, 0xc1, 0xae, 0x33, + 0xb3, 0xfd, 0xf7, 0x7a, 0xeb, 0x30, 0xb1, 0x62, 0x0d, 0x82 } + }, + { GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB, + "abcdefghijklmnopABCDEFGHIJKLMNOP", 32, + "1234567890123456", 16, +/*[14]*/ + { 0x2d, 0x71, 0x54, 0xb9, 0xc5, 0x28, 0x76, 0xff, 0x76, 0xb5, + 0x99, 0x37, 0x99, 0x9d, 0xf7, 0x10, 0x6d, 0x86, 0x4f, 0x3f } + } + }; + gcry_cipher_hd_t hde = NULL; + gcry_cipher_hd_t hdd = NULL; + unsigned char *buffer_base, *outbuf_base; /* Allocated buffers. */ + unsigned char *buffer, *outbuf; /* Aligned buffers. */ + size_t buflen; + unsigned char hash[20]; + int i, j, keylen, blklen; + gcry_error_t err = 0; + + if (verbose) + fprintf (stderr, "Starting bulk cipher checks.\n"); + + buflen = 16*100; /* We check a 1600 byte buffer. */ + buffer_base = gcry_xmalloc (buflen+15); + buffer = buffer_base + (16 - ((size_t)buffer_base & 0x0f)); + outbuf_base = gcry_xmalloc (buflen+15); + outbuf = outbuf_base + (16 - ((size_t)outbuf_base & 0x0f)); + + + for (i = 0; i < DIM (tv); i++) + { + if (verbose) + fprintf (stderr, " checking bulk encryption for %s [%i], mode %d\n", + gcry_cipher_algo_name (tv[i].algo), + tv[i].algo, tv[i].mode); + err = gcry_cipher_open (&hde, tv[i].algo, tv[i].mode, 0); + if (!err) + err = gcry_cipher_open (&hdd, tv[i].algo, tv[i].mode, 0); + if (err) + { + fail ("gcry_cipher_open failed: %s\n", gpg_strerror (err)); + goto leave; + } + + keylen = gcry_cipher_get_algo_keylen(tv[i].algo); + if (!keylen) + { + fail ("gcry_cipher_get_algo_keylen failed\n"); + goto leave; + } + + err = gcry_cipher_setkey (hde, tv[i].key, tv[i].keylen); + if (!err) + err = gcry_cipher_setkey (hdd, tv[i].key, tv[i].keylen); + if (err) + { + fail ("gcry_cipher_setkey failed: %s\n", gpg_strerror (err)); + goto leave; + } + + blklen = gcry_cipher_get_algo_blklen(tv[i].algo); + if (!blklen) + { + fail ("gcry_cipher_get_algo_blklen failed\n"); + goto leave; + } + + err = gcry_cipher_setiv (hde, tv[i].iv, tv[i].ivlen); + if (!err) + err = gcry_cipher_setiv (hdd, tv[i].iv, tv[i].ivlen); + if (err) + { + fail ("gcry_cipher_setiv failed: %s\n", gpg_strerror (err)); + goto leave; + } + + /* Fill the buffer with our test pattern. */ + for (j=0; j < buflen; j++) + buffer[j] = ((j & 0xff) ^ ((j >> 8) & 0xff)); + + err = gcry_cipher_encrypt (hde, outbuf, buflen, buffer, buflen); + if (err) + { + fail ("gcry_cipher_encrypt (algo %d, mode %d) failed: %s\n", + tv[i].algo, tv[i].mode, gpg_strerror (err)); + goto leave; + } + + gcry_md_hash_buffer (GCRY_MD_SHA1, hash, outbuf, buflen); +#if 0 + printf ("/*[%d]*/\n", i); + fputs (" {", stdout); + for (j=0; j < 20; j++) + printf (" 0x%02x%c%s", hash[j], j==19? ' ':',', j == 9? "\n ":""); + puts ("}"); +#endif + + if (memcmp (hash, tv[i].t1_hash, 20)) + fail ("encrypt mismatch (algo %d, mode %d)\n", + tv[i].algo, tv[i].mode); + + err = gcry_cipher_decrypt (hdd, outbuf, buflen, NULL, 0); + if (err) + { + fail ("gcry_cipher_decrypt (algo %d, mode %d) failed: %s\n", + tv[i].algo, tv[i].mode, gpg_strerror (err)); + goto leave; + } + + if (memcmp (buffer, outbuf, buflen)) + fail ("decrypt mismatch (algo %d, mode %d)\n", + tv[i].algo, tv[i].mode); + + gcry_cipher_close (hde); hde = NULL; + gcry_cipher_close (hdd); hdd = NULL; + } + + if (verbose) + fprintf (stderr, "Completed bulk cipher checks.\n"); + leave: + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + gcry_free (buffer_base); + gcry_free (outbuf_base); +} + + + static void check_one_cipher (int algo, int mode, int flags) { @@ -2287,6 +2531,7 @@ main (int argc, char **argv) { check_ciphers (); check_cipher_modes (); + check_bulk_cipher_modes (); check_digests (); check_hmac (); check_pubkey (); ----------------------------------------------------------------------- Summary of changes: cipher/ChangeLog | 7 ++- cipher/rijndael.c | 97 ++++++++++++++++++--- tests/ChangeLog | 6 ++ tests/basic.c | 245 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 340 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 16 18:58:47 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 16 Feb 2011 18:58:47 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-9-g3647992 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 364799200d1fa8bfa159b6941cb74156bbfa7ec1 (commit) from d9795cfdd758e2aa22e7ab8a6790e2915d1f5334 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 364799200d1fa8bfa159b6941cb74156bbfa7ec1 Author: Werner Koch Date: Wed Feb 16 18:31:31 2011 +0100 Add GCRYCTL_DISABLE_HWF This option is useful to disable detected hardware features. It has been implemented in benchmark, so that it is now possible to run tests/benchmark --disable-hwf intel-aesni cipher aes aes192 aes256 to compare the use of AES-NI insns to the pure C code. diff --git a/NEWS b/NEWS index 9848432..fae8ee3 100644 --- a/NEWS +++ b/NEWS @@ -37,6 +37,7 @@ Noteworthy changes in version 1.5.x (unreleased) GCRY_MD_TIGER2 NEW. gcry_pk_get_curve NEW. gcry_pk_get_param NEW. + GCRYCTL_DISABLE_HWF NEW. Noteworthy changes in version 1.4.4 (2009-01-22) diff --git a/compat/compat.c b/compat/compat.c index 4a38ec7..076f520 100644 --- a/compat/compat.c +++ b/compat/compat.c @@ -29,7 +29,7 @@ _gcry_compat_identification (void) "\n\n" "This is Libgcrypt - The GNU Crypto Library\n" "Copyright 2000, 2002, 2003, 2004, 2007, 2008, 2009,\n" - " 2010 Free Software Foundation, Inc.\n" + " 2010, 2011 Free Software Foundation, Inc.\n" "\n\n"; return blurb; } diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 4026621..03c5363 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -814,6 +814,15 @@ This may be used at anytime to have the library run all implemented self-tests. It works in standard and in FIPS mode. Returns 0 on success or an error code on failure. + at item GCRYCTL_DISABLE_HWF; Arguments: const char *name + +Libgcrypt detects certain features of the CPU at startup time. For +performace tests it is sometimes required not to use such a feature. +This option may be used to disabale a certain feature; i.e. Libgcrypt +behaves as if this feature has not been detected. Note that the +detection code might be run if the feature has been disabled. This +command must be used at initialization time; i.e. before calling + at code{gcry_check_version}. @end table diff --git a/src/ChangeLog b/src/ChangeLog index b150b40..4f3a4e3 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,14 @@ +2011-02-16 Werner Koch + + * gcrypt.h.in (GCRYCTL_DISABLE_HWF): New. + * global.c (_gcry_vcontrol): Support new control code. + (print_config): Factor list of hwfeatures out to ... + (hwflist): new. + (disabled_hw_features): New. + (global_init): Pass new variable to _gcry_detect_hw_features. + * hwfeatures.c (_gcry_detect_hw_features): Add arg + DISABLED_FEATURES and disable detected features. + 2011-02-11 Werner Koch * g10lib.h (HWF_INTEL_AES): Rename to HWF_INTEL_AESNI. diff --git a/src/g10lib.h b/src/g10lib.h index 28c5e93..8d98ae3 100644 --- a/src/g10lib.h +++ b/src/g10lib.h @@ -152,7 +152,7 @@ int _gcry_log_verbosity( int level ); unsigned int _gcry_get_hw_features (void); -void _gcry_detect_hw_features (void); +void _gcry_detect_hw_features (unsigned int); /*-- mpi/mpiutil.c --*/ diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index f8daeb3..54fa9f3 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -414,8 +414,9 @@ enum gcry_ctl_cmds GCRYCTL_OPERATIONAL_P = 54, GCRYCTL_FIPS_MODE_P = 55, GCRYCTL_FORCE_FIPS_MODE = 56, - GCRYCTL_SELFTEST = 57 + GCRYCTL_SELFTEST = 57, /* Note: 58 .. 62 are used internally. */ + GCRYCTL_DISABLE_HWF = 63 }; /* Perform various operations defined by CMD. */ diff --git a/src/global.c b/src/global.c index 35a2ca1..6336fea 100644 --- a/src/global.c +++ b/src/global.c @@ -1,6 +1,6 @@ /* global.c - global control functions * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003 - * 2004, 2005, 2006, 2008 Free Software Foundation, Inc. + * 2004, 2005, 2006, 2008, 2011 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -53,6 +53,24 @@ static int force_fips_mode; /* Controlled by global_init(). */ static int any_init_done; +/* A table to map hardware features to a string. */ +static struct +{ + unsigned int flag; + const char *desc; +} hwflist[] = + { + { HWF_PADLOCK_RNG, "padlock-rng" }, + { HWF_PADLOCK_AES, "padlock-aes" }, + { HWF_PADLOCK_SHA, "padlock-sha" }, + { HWF_PADLOCK_MMUL,"padlock-mmul"}, + { HWF_INTEL_AESNI, "intel-aesni" }, + { 0, NULL} + }; + +/* A bit vector with the hardware features which shall not be used. + This variable must be set prior to any initialization. */ +static unsigned int disabled_hw_features; /* Memory management. */ @@ -94,7 +112,7 @@ global_init (void) /* Before we do any other initialization we need to test available hardware features. */ - _gcry_detect_hw_features (); + _gcry_detect_hw_features (disabled_hw_features); err = _gcry_cipher_init (); if (err) @@ -258,16 +276,6 @@ static void print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) { unsigned int hwf; - struct { - unsigned int flag; - const char *desc; - } hwflist[] = { - { HWF_PADLOCK_RNG, "padlock-rng" }, - { HWF_PADLOCK_AES, "padlock-aes" }, - { HWF_PADLOCK_SHA, "padlock-sha" }, - { HWF_INTEL_AESNI, "intel-aesni" }, - { 0, NULL} - }; int i; fnc (fp, "version:%s:\n", VERSION); @@ -292,8 +300,8 @@ print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) hwf = _gcry_get_hw_features (); fnc (fp, "hwflist:"); for (i=0; hwflist[i].desc; i++) - if ( (hwf & hwflist[i].flag) ) - fnc (fp, "%s:", hwflist[i].desc); + if ( (hwf & hwflist[i].flag) ) + fnc (fp, "%s:", hwflist[i].desc); fnc (fp, "\n"); /* We use y/n instead of 1/0 for the simple reason that Emacsen's compile error parser would accidently flag that line when printed @@ -565,6 +573,21 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd, va_list arg_ptr) } break; + case GCRYCTL_DISABLE_HWF: + { + const char *name = va_arg (arg_ptr, const char *); + int i; + + for (i=0; hwflist[i].desc; i++) + if (!strcmp (hwflist[i].desc, name)) + { + disabled_hw_features |= hwflist[i].flag; + break; + } + if (!hwflist[i].desc) + err = GPG_ERR_INV_NAME; + } + break; default: /* A call to make sure that the dummy code is linked in. */ diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 5a0a805..2b3bb2c 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -1,5 +1,5 @@ /* hwfeatures.c - Detect hardware features. - * Copyright (C) 2007 Free Software Foundation, Inc. + * Copyright (C) 2007, 2011 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -172,7 +172,7 @@ detect_ia32_gnuc (void) once right at startup and we assume that no other threads are running. */ void -_gcry_detect_hw_features (void) +_gcry_detect_hw_features (unsigned int disabled_features) { hw_features = 0; @@ -187,4 +187,6 @@ _gcry_detect_hw_features (void) #ifdef __GNUC__ #endif #endif + + hw_features &= ~disabled_features; } diff --git a/tests/ChangeLog b/tests/ChangeLog index c674f12..95cb960 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,5 +1,7 @@ 2011-02-16 Werner Koch + * benchmark.c (main): Add option --disable-hwf. + * basic.c (DIM): New. (check_bulk_cipher_modes): New. (main): Run new test. diff --git a/tests/benchmark.c b/tests/benchmark.c index 536b76a..cf78c76 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -1177,6 +1177,17 @@ main( int argc, char **argv ) argc--; argv++; } } + else if (!strcmp (*argv, "--disable-hwf")) + { + argc--; argv++; + if (argc) + { + if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL)) + fprintf (stderr, PGM ": unknown hardware feature `%s'" + " - option ignored\n", *argv); + argc--; argv++; + } + } else if (!strcmp (*argv, "--fips")) { argc--; argv++; ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + compat/compat.c | 2 +- doc/gcrypt.texi | 9 +++++++++ src/ChangeLog | 11 +++++++++++ src/g10lib.h | 2 +- src/gcrypt.h.in | 3 ++- src/global.c | 51 +++++++++++++++++++++++++++++++++++++-------------- src/hwfeatures.c | 6 ++++-- tests/ChangeLog | 2 ++ tests/benchmark.c | 11 +++++++++++ 10 files changed, 79 insertions(+), 19 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 17 11:26:36 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 17 Feb 2011 11:26:36 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-10-gc873f36 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c873f36d73712466fa37d0ff5efc39553ef41f3d (commit) from 364799200d1fa8bfa159b6941cb74156bbfa7ec1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c873f36d73712466fa37d0ff5efc39553ef41f3d Author: Werner Koch Date: Thu Feb 17 11:00:25 2011 +0100 Fix AES-NI detection. Really a kind of bown paper bag bug: Use AND and not SUB for bit testing. I should have known that, given that 30 years ago I wrote almost everything in asm. diff --git a/src/ChangeLog b/src/ChangeLog index 4f3a4e3..6859042 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2011-02-17 Werner Koch + + * hwfeatures.c (detect_ia32_gnuc): Fix AES-NI detection. Use AND + instead of SUB for bit testing. + 2011-02-16 Werner Koch * gcrypt.h.in (GCRYCTL_DISABLE_HWF): New. diff --git a/src/hwfeatures.c b/src/hwfeatures.c index 2b3bb2c..c356798 100644 --- a/src/hwfeatures.c +++ b/src/hwfeatures.c @@ -149,7 +149,7 @@ detect_ia32_gnuc (void) "movl $1, %%eax\n\t" /* Get CPU info and feature flags. */ "cpuid\n" "popl %%ebx\n\t" /* Restore GOT register. */ - "cmpl $0x02000000, %%ecx\n\t" /* Test bit 25. */ + "testl $0x02000000, %%ecx\n\t" /* Test bit 25. */ "jz .Lno_aes%=\n\t" /* No AES support. */ "orl $256, %0\n" /* Set our HWF_INTEL_AES bit. */ ----------------------------------------------------------------------- Summary of changes: src/ChangeLog | 5 +++++ src/hwfeatures.c | 2 +- 2 files changed, 6 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 17 20:35:48 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 17 Feb 2011 20:35:48 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-11-gdc880b5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via dc880b55f4bb27d20c0224338836ac0505f386ff (commit) from c873f36d73712466fa37d0ff5efc39553ef41f3d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dc880b55f4bb27d20c0224338836ac0505f386ff Author: Werner Koch Date: Thu Feb 17 19:44:23 2011 +0100 Flag the _ac_ functions as deprecated. The AC functions are deprecated for a long time. How we will even print a warning if they are used. The module register interface is now also deprecated and the use of those functions will yield a warning as well. diff --git a/NEWS b/NEWS index fae8ee3..3a92ad5 100644 --- a/NEWS +++ b/NEWS @@ -29,6 +29,16 @@ Noteworthy changes in version 1.5.x (unreleased) * Uses the Intel AES-NI instructions if available. + * The use of the deprecated Alternative Public Key Interface + (gcry_ac_*) will now print compile time warnings. + + * The module register subsystem has been deprecated. This subsystem + is not flexible enough and would always require ABI changes to + extend the internal interfaces. It will eventually be removed. + Please contact us on the gcrypt-devel mailing list to discuss + whether you really need this feature or how it can be replaced by + an internal plugin mechanism. + * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_CIPHER_MODE_AESWRAP NEW. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 03c5363..3a0a5fc 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -219,7 +219,7 @@ Certain parts of gcrypt.h may be excluded by defining these macros: Do not define the shorthand macros @code{mpi_*} for @code{gcry_mpi_*}. @item GCRYPT_NO_DEPRECATED -Do not include defintions for deprecated features. This is useful to +Do not include definitions for deprecated features. This is useful to make sure that no deprecated features are used. @end table @@ -1602,7 +1602,8 @@ unsigned char *, unsigned int n) Register a new cipher module whose specification can be found in @var{cipher}. On success, a new algorithm ID is stored in @var{algorithm_id} and a pointer representing this module is stored -in @var{module}. +in @var{module}. Deprecated; the module register interface will be +removed in a future version. @end deftypefun @deftypefun void gcry_cipher_unregister (gcry_module_t @var{module}) @@ -2288,8 +2289,10 @@ Type for the `get_nbits' function, defined as: unsigned Register a new public key module whose specification can be found in @var{pubkey}. On success, a new algorithm ID is stored in - at var{algorithm_id} and a pointer representing this module is stored -in @var{module}. + at var{algorithm_id} and a pointer representing this module is stored in + at var{module}. Deprecated; the module register interface will be +removed in a future version. + @end deftypefun @deftypefun void gcry_pk_unregister (gcry_module_t @var{module}) @@ -3610,7 +3613,8 @@ Type for the `read' function, defined as: unsigned char Register a new digest module whose specification can be found in @var{digest}. On success, a new algorithm ID is stored in @var{algorithm_id} and a pointer representing this module is stored -in @var{module}. +in @var{module}. Deprecated; the module register interface will be +removed in a future version. @end deftypefun @deftypefun void gcry_md_unregister (gcry_module_t @var{module}) diff --git a/src/ChangeLog b/src/ChangeLog index 6859042..750c8da 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,5 +1,13 @@ 2011-02-17 Werner Koch + * gcrypt-module.h (gcry_cipher_register, gcry_cipher_unregister) + (gcry_pk_register, gcry_pk_unregister, gcry_md_register) + (gcry_md_unregister): Mark as deprecated by the API; in a future + version the module register feature will be removed. + + * gcrypt.h.in: Attribute all _ac_ functions and types as + deprecated by the API. + * hwfeatures.c (detect_ia32_gnuc): Fix AES-NI detection. Use AND instead of SUB for bit testing. diff --git a/src/gcrypt-module.h b/src/gcrypt-module.h index d8a8cef..f39e2b5 100644 --- a/src/gcrypt-module.h +++ b/src/gcrypt-module.h @@ -98,11 +98,14 @@ typedef struct gcry_cipher_spec and a pointer representing this module is stored in MODULE. */ gcry_error_t gcry_cipher_register (gcry_cipher_spec_t *cipher, int *algorithm_id, - gcry_module_t *module); + gcry_module_t *module) + /* */ _GCRY_ATTR_INTERNAL; + /* Unregister the cipher identified by MODULE, which must have been registered with gcry_cipher_register. */ -void gcry_cipher_unregister (gcry_module_t module); +void gcry_cipher_unregister (gcry_module_t module) + /* */ _GCRY_ATTR_INTERNAL; /* ********************** */ @@ -173,11 +176,13 @@ typedef struct gcry_pk_spec and a pointer representhing this module is stored in MODULE. */ gcry_error_t gcry_pk_register (gcry_pk_spec_t *pubkey, unsigned int *algorithm_id, - gcry_module_t *module); + gcry_module_t *module) + /* */ _GCRY_ATTR_INTERNAL; /* Unregister the pubkey identified by ID, which must have been registered with gcry_pk_register. */ -void gcry_pk_unregister (gcry_module_t module); +void gcry_pk_unregister (gcry_module_t module) + /* */ _GCRY_ATTR_INTERNAL; /* ********************** */ @@ -218,11 +223,13 @@ typedef struct gcry_md_spec and a pointer representhing this module is stored in MODULE. */ gcry_error_t gcry_md_register (gcry_md_spec_t *digest, unsigned int *algorithm_id, - gcry_module_t *module); + gcry_module_t *module) + /* */ _GCRY_ATTR_INTERNAL; /* Unregister the digest identified by ID, which must have been registered with gcry_digest_register. */ -void gcry_md_unregister (gcry_module_t module); +void gcry_md_unregister (gcry_module_t module) + /* */ _GCRY_ATTR_INTERNAL; #if 0 /* keep Emacsens's auto-indent happy */ { diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 54fa9f3..3cd8e7f 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -104,9 +104,8 @@ extern "C" { #define _GCRY_GCC_ATTR_MALLOC #endif -/* Some members in a public type should only be used internally. - There is no "internal" attribute, so we abuse the deprecated - attribute to discourage external use. */ +/* Make up an attribute to mark functions and types as deprecated but + allow internal use by Libgcrypt. */ #ifdef _GCRYPT_IN_LIBGCRYPT #define _GCRY_ATTR_INTERNAL #else @@ -1250,7 +1249,6 @@ void gcry_md_debug (gcry_md_hd_t hd, const char *suffix); gcry_error_t gcry_md_list (int *list, int *list_length); - /* Alternative interface for asymmetric cryptography. This interface is deprecated. */ @@ -1262,7 +1260,7 @@ typedef enum gcry_ac_id GCRY_AC_ELG = 20, GCRY_AC_ELG_E = 16 } -gcry_ac_id_t; +gcry_ac_id_t _GCRY_ATTR_INTERNAL; /* Key types. */ typedef enum gcry_ac_key_type @@ -1270,7 +1268,7 @@ typedef enum gcry_ac_key_type GCRY_AC_KEY_SECRET, GCRY_AC_KEY_PUBLIC } -gcry_ac_key_type_t; +gcry_ac_key_type_t _GCRY_ATTR_INTERNAL; /* Encoding methods. */ typedef enum gcry_ac_em @@ -1278,7 +1276,7 @@ typedef enum gcry_ac_em GCRY_AC_EME_PKCS_V1_5, GCRY_AC_EMSA_PKCS_V1_5 } -gcry_ac_em_t; +gcry_ac_em_t _GCRY_ATTR_INTERNAL; /* Encryption and Signature schemes. */ typedef enum gcry_ac_scheme @@ -1286,7 +1284,7 @@ typedef enum gcry_ac_scheme GCRY_AC_ES_PKCS_V1_5, GCRY_AC_SSA_PKCS_V1_5 } -gcry_ac_scheme_t; +gcry_ac_scheme_t _GCRY_ATTR_INTERNAL; /* AC data. */ #define GCRY_AC_FLAG_DEALLOC (1 << 0) @@ -1294,41 +1292,43 @@ gcry_ac_scheme_t; #define GCRY_AC_FLAG_NO_BLINDING (1 << 2) /* This type represents a `data set'. */ -typedef struct gcry_ac_data *gcry_ac_data_t; +typedef struct gcry_ac_data *gcry_ac_data_t _GCRY_ATTR_INTERNAL; /* This type represents a single `key', either a secret one or a public one. */ -typedef struct gcry_ac_key *gcry_ac_key_t; +typedef struct gcry_ac_key *gcry_ac_key_t _GCRY_ATTR_INTERNAL; /* This type represents a `key pair' containing a secret and a public key. */ -typedef struct gcry_ac_key_pair *gcry_ac_key_pair_t; +typedef struct gcry_ac_key_pair *gcry_ac_key_pair_t _GCRY_ATTR_INTERNAL; /* This type represents a `handle' that is needed by functions performing cryptographic operations. */ -typedef struct gcry_ac_handle *gcry_ac_handle_t; +typedef struct gcry_ac_handle *gcry_ac_handle_t _GCRY_ATTR_INTERNAL; typedef gpg_error_t (*gcry_ac_data_read_cb_t) (void *opaque, unsigned char *buffer, - size_t *buffer_n); + size_t *buffer_n) + /* */ _GCRY_ATTR_INTERNAL; typedef gpg_error_t (*gcry_ac_data_write_cb_t) (void *opaque, unsigned char *buffer, - size_t buffer_n); + size_t buffer_n) + /* */ _GCRY_ATTR_INTERNAL; typedef enum { GCRY_AC_IO_READABLE, GCRY_AC_IO_WRITABLE } -gcry_ac_io_mode_t; +gcry_ac_io_mode_t _GCRY_ATTR_INTERNAL; typedef enum { GCRY_AC_IO_STRING, GCRY_AC_IO_CALLBACK } -gcry_ac_io_type_t; +gcry_ac_io_type_t _GCRY_ATTR_INTERNAL; typedef struct gcry_ac_io { @@ -1367,7 +1367,7 @@ typedef struct gcry_ac_io } writable; } io _GCRY_ATTR_INTERNAL; } -gcry_ac_io_t; +gcry_ac_io_t _GCRY_ATTR_INTERNAL; /* The caller of gcry_ac_key_pair_generate can provide one of these structures in order to influence the key generation process in an @@ -1375,16 +1375,16 @@ gcry_ac_io_t; typedef struct gcry_ac_key_spec_rsa { gcry_mpi_t e; /* E to use. */ -} gcry_ac_key_spec_rsa_t; +} gcry_ac_key_spec_rsa_t _GCRY_ATTR_INTERNAL; /* Structure used for passing data to the implementation of the `EME-PKCS-V1_5' encoding method. */ typedef struct gcry_ac_eme_pkcs_v1_5 { size_t key_size; -} gcry_ac_eme_pkcs_v1_5_t; +} gcry_ac_eme_pkcs_v1_5_t _GCRY_ATTR_INTERNAL; -typedef enum gcry_md_algos gcry_md_algo_t; +typedef enum gcry_md_algos gcry_md_algo_t _GCRY_ATTR_INTERNAL; /* Structure used for passing data to the implementation of the `EMSA-PKCS-V1_5' encoding method. */ @@ -1392,31 +1392,38 @@ typedef struct gcry_ac_emsa_pkcs_v1_5 { gcry_md_algo_t md; size_t em_n; -} gcry_ac_emsa_pkcs_v1_5_t; +} gcry_ac_emsa_pkcs_v1_5_t _GCRY_ATTR_INTERNAL; /* Structure used for passing data to the implementation of the `SSA-PKCS-V1_5' signature scheme. */ typedef struct gcry_ac_ssa_pkcs_v1_5 { gcry_md_algo_t md; -} gcry_ac_ssa_pkcs_v1_5_t; +} gcry_ac_ssa_pkcs_v1_5_t _GCRY_ATTR_INTERNAL; + +#ifndef GCRYPT_NO_DEPRECATED /* Returns a new, empty data set in DATA. */ -gcry_error_t gcry_ac_data_new (gcry_ac_data_t *data); +gcry_error_t gcry_ac_data_new (gcry_ac_data_t *data) + /* */ _GCRY_ATTR_INTERNAL; /* Destroy the data set DATA. */ -void gcry_ac_data_destroy (gcry_ac_data_t data); +void gcry_ac_data_destroy (gcry_ac_data_t data) + /* */ _GCRY_ATTR_INTERNAL; /* Create a copy of the data set DATA and store it in DATA_CP. */ gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *data_cp, - gcry_ac_data_t data); + gcry_ac_data_t data) + /* */ _GCRY_ATTR_INTERNAL; /* Return the number of named MPI values inside of the data set DATA. */ -unsigned int gcry_ac_data_length (gcry_ac_data_t data); +unsigned int gcry_ac_data_length (gcry_ac_data_t data) + /* */ _GCRY_ATTR_INTERNAL; /* Destroy any values contained in the data set DATA. */ -void gcry_ac_data_clear (gcry_ac_data_t data); +void gcry_ac_data_clear (gcry_ac_data_t data) + /* */ _GCRY_ATTR_INTERNAL; /* Add the value MPI to DATA with the label NAME. If FLAGS contains GCRY_AC_FLAG_DATA_COPY, the data set will contain copies of NAME @@ -1424,13 +1431,15 @@ void gcry_ac_data_clear (gcry_ac_data_t data); GCRY_AC_FLAG_DATA_COPY, the values contained in the data set will be deallocated when they are to be removed from the data set. */ gcry_error_t gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags, - const char *name, gcry_mpi_t mpi); + const char *name, gcry_mpi_t mpi) + /* */ _GCRY_ATTR_INTERNAL; /* Store the value labelled with NAME found in DATA in MPI. If FLAGS contains GCRY_AC_FLAG_COPY, store a copy of the MPI value contained in the data set. MPI may be NULL. */ gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags, - const char *name, gcry_mpi_t *mpi); + const char *name, gcry_mpi_t *mpi) + /* */ _GCRY_ATTR_INTERNAL; /* Stores in NAME and MPI the named MPI value contained in the data set DATA with the index IDX. If FLAGS contains GCRY_AC_FLAG_COPY, @@ -1438,42 +1447,50 @@ gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags, may be NULL. */ gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags, unsigned int idx, - const char **name, gcry_mpi_t *mpi); + const char **name, gcry_mpi_t *mpi) + /* */ _GCRY_ATTR_INTERNAL; /* Convert the data set DATA into a new S-Expression, which is to be stored in SEXP, according to the identifiers contained in IDENTIFIERS. */ gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, - const char **identifiers); + const char **identifiers) + /* */ _GCRY_ATTR_INTERNAL; /* Create a new data set, which is to be stored in DATA_SET, from the S-Expression SEXP, according to the identifiers contained in IDENTIFIERS. */ gcry_error_t gcry_ac_data_from_sexp (gcry_ac_data_t *data, gcry_sexp_t sexp, - const char **identifiers); + const char **identifiers) + /* */ _GCRY_ATTR_INTERNAL; /* Initialize AC_IO according to MODE, TYPE and the variable list of arguments. The list of variable arguments to specify depends on the given TYPE. */ void gcry_ac_io_init (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode, - gcry_ac_io_type_t type, ...); + gcry_ac_io_type_t type, ...) + /* */ _GCRY_ATTR_INTERNAL; /* Initialize AC_IO according to MODE, TYPE and the variable list of arguments AP. The list of variable arguments to specify depends on the given TYPE. */ void gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode, - gcry_ac_io_type_t type, va_list ap); + gcry_ac_io_type_t type, va_list ap) + /* */ _GCRY_ATTR_INTERNAL; /* Create a new ac handle. */ gcry_error_t gcry_ac_open (gcry_ac_handle_t *handle, - gcry_ac_id_t algorithm, unsigned int flags); + gcry_ac_id_t algorithm, unsigned int flags) + /* */ _GCRY_ATTR_INTERNAL; /* Destroy an ac handle. */ -void gcry_ac_close (gcry_ac_handle_t handle); +void gcry_ac_close (gcry_ac_handle_t handle) + /* */ _GCRY_ATTR_INTERNAL; /* Initialize a key from a given data set. */ gcry_error_t gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle, - gcry_ac_key_type_t type, gcry_ac_data_t data); + gcry_ac_key_type_t type, gcry_ac_data_t data) + /* */ _GCRY_ATTR_INTERNAL; /* Generates a new key pair via the handle HANDLE of NBITS bits and stores it in KEY_PAIR. In case non-standard settings are wanted, a @@ -1483,32 +1500,40 @@ gcry_error_t gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle, gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, void *spec, gcry_ac_key_pair_t *key_pair, - gcry_mpi_t **misc_data); + gcry_mpi_t **misc_data) + /* */ _GCRY_ATTR_INTERNAL; /* Returns the key of type WHICH out of the key pair KEY_PAIR. */ gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair, - gcry_ac_key_type_t which); + gcry_ac_key_type_t which) + /* */ _GCRY_ATTR_INTERNAL; /* Returns the data set contained in the key KEY. */ -gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t key); +gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t key) + /* */ _GCRY_ATTR_INTERNAL; /* Verifies that the key KEY is sane via HANDLE. */ -gcry_error_t gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key); +gcry_error_t gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key) + /* */ _GCRY_ATTR_INTERNAL; /* Stores the number of bits of the key KEY in NBITS via HANDLE. */ gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t handle, - gcry_ac_key_t key, unsigned int *nbits); + gcry_ac_key_t key, unsigned int *nbits) + /* */ _GCRY_ATTR_INTERNAL; /* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via HANDLE. */ gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key, - unsigned char *key_grip); + unsigned char *key_grip) + /* */ _GCRY_ATTR_INTERNAL; /* Destroy a key. */ -void gcry_ac_key_destroy (gcry_ac_key_t key); +void gcry_ac_key_destroy (gcry_ac_key_t key) + /* */ _GCRY_ATTR_INTERNAL; /* Destroy a key pair. */ -void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair); +void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair) + /* */ _GCRY_ATTR_INTERNAL; /* Encodes a message according to the encoding method METHOD. OPTIONS must be a pointer to a method-specific structure @@ -1516,7 +1541,8 @@ void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair); gcry_error_t gcry_ac_data_encode (gcry_ac_em_t method, unsigned int flags, void *options, gcry_ac_io_t *io_read, - gcry_ac_io_t *io_write); + gcry_ac_io_t *io_write) + /* */ _GCRY_ATTR_INTERNAL; /* Decodes a message according to the encoding method METHOD. OPTIONS must be a pointer to a method-specific structure @@ -1524,7 +1550,8 @@ gcry_error_t gcry_ac_data_encode (gcry_ac_em_t method, gcry_error_t gcry_ac_data_decode (gcry_ac_em_t method, unsigned int flags, void *options, gcry_ac_io_t *io_read, - gcry_ac_io_t *io_write); + gcry_ac_io_t *io_write) + /* */ _GCRY_ATTR_INTERNAL; /* Encrypt the plain text MPI value DATA_PLAIN with the key KEY under the control of the flags FLAGS and store the resulting data set @@ -1533,7 +1560,8 @@ gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t handle, unsigned int flags, gcry_ac_key_t key, gcry_mpi_t data_plain, - gcry_ac_data_t *data_encrypted); + gcry_ac_data_t *data_encrypted) + /* */ _GCRY_ATTR_INTERNAL; /* Decrypt the decrypted data contained in the data set DATA_ENCRYPTED with the key KEY under the control of the flags FLAGS and store the @@ -1542,14 +1570,16 @@ gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t handle, unsigned int flags, gcry_ac_key_t key, gcry_mpi_t *data_plain, - gcry_ac_data_t data_encrypted); + gcry_ac_data_t data_encrypted) + /* */ _GCRY_ATTR_INTERNAL; /* Sign the data contained in DATA with the key KEY and store the resulting signature in the data set DATA_SIGNATURE. */ gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t handle, gcry_ac_key_t key, gcry_mpi_t data, - gcry_ac_data_t *data_signature); + gcry_ac_data_t *data_signature) + /* */ _GCRY_ATTR_INTERNAL; /* Verify that the signature contained in the data set DATA_SIGNATURE is indeed the result of signing the data contained in DATA with the @@ -1557,7 +1587,8 @@ gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t handle, gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t handle, gcry_ac_key_t key, gcry_mpi_t data, - gcry_ac_data_t data_signature); + gcry_ac_data_t data_signature) + /* */ _GCRY_ATTR_INTERNAL; /* Encrypts the plain text readable from IO_MESSAGE through HANDLE with the public key KEY according to SCHEME, FLAGS and OPTS. If @@ -1569,7 +1600,8 @@ gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle, unsigned int flags, void *opts, gcry_ac_key_t key, gcry_ac_io_t *io_message, - gcry_ac_io_t *io_cipher); + gcry_ac_io_t *io_cipher) + /* */ _GCRY_ATTR_INTERNAL; /* Decrypts the cipher text readable from IO_CIPHER through HANDLE with the secret key KEY according to SCHEME, @var{flags} and OPTS. @@ -1581,7 +1613,8 @@ gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle, unsigned int flags, void *opts, gcry_ac_key_t key, gcry_ac_io_t *io_cipher, - gcry_ac_io_t *io_message); + gcry_ac_io_t *io_message) + /* */ _GCRY_ATTR_INTERNAL; /* Signs the message readable from IO_MESSAGE through HANDLE with the secret key KEY according to SCHEME, FLAGS and OPTS. If OPTS is not @@ -1593,7 +1626,8 @@ gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t handle, unsigned int flags, void *opts, gcry_ac_key_t key, gcry_ac_io_t *io_message, - gcry_ac_io_t *io_signature); + gcry_ac_io_t *io_signature) + /* */ _GCRY_ATTR_INTERNAL; /* Verifies through HANDLE that the signature readable from IO_SIGNATURE is indeed the result of signing the message readable @@ -1606,12 +1640,12 @@ gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t handle, unsigned int flags, void *opts, gcry_ac_key_t key, gcry_ac_io_t *io_message, - gcry_ac_io_t *io_signature); + gcry_ac_io_t *io_signature) + /* */ _GCRY_ATTR_INTERNAL; /* Store the textual representation of the algorithm whose id is given in ALGORITHM in NAME. This function is deprecated; use gcry_pk_algo_name. */ -#ifndef GCRYPT_NO_DEPRECATED gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t algorithm, const char **name) /* */ _GCRY_GCC_ATTR_DEPRECATED; @@ -1621,7 +1655,7 @@ gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t algorithm, gcry_error_t gcry_ac_name_to_id (const char *name, gcry_ac_id_t *algorithm) /* */ _GCRY_GCC_ATTR_DEPRECATED; -#endif +#endif /*GCRYPT_NO_DEPRECATED*/ /************************************ diff --git a/src/visibility.h b/src/visibility.h index 6a054c5..ea00b89 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -239,6 +239,97 @@ deprecated attribute. */ # define GCRYPT_NO_DEPRECATED # include "gcrypt.h" +/* The algorithm IDs. */ + gcry_error_t gcry_ac_data_new (gcry_ac_data_t *data); + void gcry_ac_data_destroy (gcry_ac_data_t data); + gcry_error_t gcry_ac_data_copy (gcry_ac_data_t *data_cp, + gcry_ac_data_t data); + unsigned int gcry_ac_data_length (gcry_ac_data_t data); + void gcry_ac_data_clear (gcry_ac_data_t data); + gcry_error_t gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags, + const char *name, gcry_mpi_t mpi); + gcry_error_t gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags, + const char *name, gcry_mpi_t *mpi); + gcry_error_t gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags, + unsigned int idx, + const char **name, gcry_mpi_t *mpi); + gcry_error_t gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, + const char **identifiers); + gcry_error_t gcry_ac_data_from_sexp (gcry_ac_data_t *data, gcry_sexp_t sexp, + const char **identifiers); + void gcry_ac_io_init (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode, + gcry_ac_io_type_t type, ...); + void gcry_ac_io_init_va (gcry_ac_io_t *ac_io, gcry_ac_io_mode_t mode, + gcry_ac_io_type_t type, va_list ap); + gcry_error_t gcry_ac_open (gcry_ac_handle_t *handle, + gcry_ac_id_t algorithm, unsigned int flags); + void gcry_ac_close (gcry_ac_handle_t handle); + gcry_error_t gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle, + gcry_ac_key_type_t type, gcry_ac_data_t data); + gcry_error_t gcry_ac_key_pair_generate (gcry_ac_handle_t handle, + unsigned int nbits, void *spec, + gcry_ac_key_pair_t *key_pair, + gcry_mpi_t **misc_data); + gcry_ac_key_t gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair, + gcry_ac_key_type_t which); + gcry_ac_data_t gcry_ac_key_data_get (gcry_ac_key_t key); + gcry_error_t gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key); + gcry_error_t gcry_ac_key_get_nbits (gcry_ac_handle_t handle, + gcry_ac_key_t key, unsigned int *nbits); + gcry_error_t gcry_ac_key_get_grip (gcry_ac_handle_t handle, gcry_ac_key_t key, + unsigned char *key_grip); + void gcry_ac_key_destroy (gcry_ac_key_t key); + void gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair); + gcry_error_t gcry_ac_data_encode (gcry_ac_em_t method, + unsigned int flags, void *options, + gcry_ac_io_t *io_read, + gcry_ac_io_t *io_write); + gcry_error_t gcry_ac_data_decode (gcry_ac_em_t method, + unsigned int flags, void *options, + gcry_ac_io_t *io_read, + gcry_ac_io_t *io_write); + gcry_error_t gcry_ac_data_encrypt (gcry_ac_handle_t handle, + unsigned int flags, + gcry_ac_key_t key, + gcry_mpi_t data_plain, + gcry_ac_data_t *data_encrypted); + gcry_error_t gcry_ac_data_decrypt (gcry_ac_handle_t handle, + unsigned int flags, + gcry_ac_key_t key, + gcry_mpi_t *data_plain, + gcry_ac_data_t data_encrypted); + gcry_error_t gcry_ac_data_sign (gcry_ac_handle_t handle, + gcry_ac_key_t key, + gcry_mpi_t data, + gcry_ac_data_t *data_signature); + gcry_error_t gcry_ac_data_verify (gcry_ac_handle_t handle, + gcry_ac_key_t key, + gcry_mpi_t data, + gcry_ac_data_t data_signature); + gcry_error_t gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle, + gcry_ac_scheme_t scheme, + unsigned int flags, void *opts, + gcry_ac_key_t key, + gcry_ac_io_t *io_message, + gcry_ac_io_t *io_cipher); + gcry_error_t gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle, + gcry_ac_scheme_t scheme, + unsigned int flags, void *opts, + gcry_ac_key_t key, + gcry_ac_io_t *io_cipher, + gcry_ac_io_t *io_message); + gcry_error_t gcry_ac_data_sign_scheme (gcry_ac_handle_t handle, + gcry_ac_scheme_t scheme, + unsigned int flags, void *opts, + gcry_ac_key_t key, + gcry_ac_io_t *io_message, + gcry_ac_io_t *io_signature); + gcry_error_t gcry_ac_data_verify_scheme (gcry_ac_handle_t handle, + gcry_ac_scheme_t scheme, + unsigned int flags, void *opts, + gcry_ac_key_t key, + gcry_ac_io_t *io_message, + gcry_ac_io_t *io_signature); gcry_error_t gcry_ac_id_to_name (gcry_ac_id_t algorithm, const char **name); gcry_error_t gcry_ac_name_to_id (const char *name, gcry_ac_id_t *algorithm); #else ----------------------------------------------------------------------- Summary of changes: NEWS | 10 ++++ doc/gcrypt.texi | 14 +++-- src/ChangeLog | 8 +++ src/gcrypt-module.h | 19 +++++-- src/gcrypt.h.in | 148 +++++++++++++++++++++++++++++++-------------------- src/visibility.h | 91 +++++++++++++++++++++++++++++++ 6 files changed, 222 insertions(+), 68 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Feb 18 15:28:52 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 18 Feb 2011 15:28:52 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-12-gf17d50b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via f17d50bbd31b1faa24af1e46c10bba845becf585 (commit) from dc880b55f4bb27d20c0224338836ac0505f386ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f17d50bbd31b1faa24af1e46c10bba845becf585 Author: Werner Koch Date: Fri Feb 18 14:30:13 2011 +0100 Fix strict-aliasing problems in rijndael.c We used to use -fno-strict-aliasing but only if configured in maintainer-mode. Thus with gcc-4.4 we could run into problems. The fix is to define a new type with the may_alias attribute and use this for the casting stuff in do_encrypt_aligned and do_decrypt_aligned. diff --git a/ChangeLog b/ChangeLog index f192d20..01c1213 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-02-18 Werner Koch + + * configure.ac [GCC]: Remove the use of -fno-strict-aliasing. + 2011-02-11 Werner Koch * configure.ac: Add option --disbale-aesni-support. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 85dd43f..d10ce07 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,9 @@ +2011-02-18 Werner Koch + + * rijndael.c (u32_a_t): New. + (do_encrypt_aligned, do_encrypt_aligned): Use the new type to + avoid problems with strict aliasing rules. + 2011-02-16 Werner Koch * rijndael.c (do_aesni_cfb) [USE_AESNI]: New. diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 4c49847..fb97274 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -82,6 +82,14 @@ typedef int m128i_t __attribute__ ((__vector_size__ (16))); #endif /*USE_AESNI*/ +/* Define an u32 variant for the sake of gcc 4.4's strict aliasing. */ +#if __GNUC__ > 4 || ( __GNUC__ == 4 && __GNUC_MINOR__ >= 4 ) +typedef u32 __attribute__ ((__may_alias__)) u32_a_t; +#else +typedef u32 u32_a_t; +#endif + + static const char *selftest(void); @@ -505,57 +513,57 @@ do_encrypt_aligned (const RIJNDAEL_context *ctx, byte temp[4][4]; } u; - *((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[0][0]); - *((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[0][1]); - *((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[0][2]); - *((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[0][3]); - *((u32*)(b )) = (*((u32*)T1[u.temp[0][0]]) - ^ *((u32*)T2[u.temp[1][1]]) - ^ *((u32*)T3[u.temp[2][2]]) - ^ *((u32*)T4[u.temp[3][3]])); - *((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]]) - ^ *((u32*)T2[u.temp[2][1]]) - ^ *((u32*)T3[u.temp[3][2]]) - ^ *((u32*)T4[u.temp[0][3]])); - *((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]]) - ^ *((u32*)T2[u.temp[3][1]]) - ^ *((u32*)T3[u.temp[0][2]]) - ^ *((u32*)T4[u.temp[1][3]])); - *((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]]) - ^ *((u32*)T2[u.temp[0][1]]) - ^ *((u32*)T3[u.temp[1][2]]) - ^ *((u32*)T4[u.temp[2][3]])); + *((u32_a_t*)u.temp[0]) = *((u32_a_t*)(a )) ^ *((u32_a_t*)rk[0][0]); + *((u32_a_t*)u.temp[1]) = *((u32_a_t*)(a+ 4)) ^ *((u32_a_t*)rk[0][1]); + *((u32_a_t*)u.temp[2]) = *((u32_a_t*)(a+ 8)) ^ *((u32_a_t*)rk[0][2]); + *((u32_a_t*)u.temp[3]) = *((u32_a_t*)(a+12)) ^ *((u32_a_t*)rk[0][3]); + *((u32_a_t*)(b )) = (*((u32_a_t*)T1[u.temp[0][0]]) + ^ *((u32_a_t*)T2[u.temp[1][1]]) + ^ *((u32_a_t*)T3[u.temp[2][2]]) + ^ *((u32_a_t*)T4[u.temp[3][3]])); + *((u32_a_t*)(b + 4)) = (*((u32_a_t*)T1[u.temp[1][0]]) + ^ *((u32_a_t*)T2[u.temp[2][1]]) + ^ *((u32_a_t*)T3[u.temp[3][2]]) + ^ *((u32_a_t*)T4[u.temp[0][3]])); + *((u32_a_t*)(b + 8)) = (*((u32_a_t*)T1[u.temp[2][0]]) + ^ *((u32_a_t*)T2[u.temp[3][1]]) + ^ *((u32_a_t*)T3[u.temp[0][2]]) + ^ *((u32_a_t*)T4[u.temp[1][3]])); + *((u32_a_t*)(b +12)) = (*((u32_a_t*)T1[u.temp[3][0]]) + ^ *((u32_a_t*)T2[u.temp[0][1]]) + ^ *((u32_a_t*)T3[u.temp[1][2]]) + ^ *((u32_a_t*)T4[u.temp[2][3]])); for (r = 1; r < rounds-1; r++) { - *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]); - *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]); - *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]); - *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]); - - *((u32*)(b )) = (*((u32*)T1[u.temp[0][0]]) - ^ *((u32*)T2[u.temp[1][1]]) - ^ *((u32*)T3[u.temp[2][2]]) - ^ *((u32*)T4[u.temp[3][3]])); - *((u32*)(b + 4)) = (*((u32*)T1[u.temp[1][0]]) - ^ *((u32*)T2[u.temp[2][1]]) - ^ *((u32*)T3[u.temp[3][2]]) - ^ *((u32*)T4[u.temp[0][3]])); - *((u32*)(b + 8)) = (*((u32*)T1[u.temp[2][0]]) - ^ *((u32*)T2[u.temp[3][1]]) - ^ *((u32*)T3[u.temp[0][2]]) - ^ *((u32*)T4[u.temp[1][3]])); - *((u32*)(b +12)) = (*((u32*)T1[u.temp[3][0]]) - ^ *((u32*)T2[u.temp[0][1]]) - ^ *((u32*)T3[u.temp[1][2]]) - ^ *((u32*)T4[u.temp[2][3]])); + *((u32_a_t*)u.temp[0]) = *((u32_a_t*)(b )) ^ *((u32_a_t*)rk[r][0]); + *((u32_a_t*)u.temp[1]) = *((u32_a_t*)(b+ 4)) ^ *((u32_a_t*)rk[r][1]); + *((u32_a_t*)u.temp[2]) = *((u32_a_t*)(b+ 8)) ^ *((u32_a_t*)rk[r][2]); + *((u32_a_t*)u.temp[3]) = *((u32_a_t*)(b+12)) ^ *((u32_a_t*)rk[r][3]); + + *((u32_a_t*)(b )) = (*((u32_a_t*)T1[u.temp[0][0]]) + ^ *((u32_a_t*)T2[u.temp[1][1]]) + ^ *((u32_a_t*)T3[u.temp[2][2]]) + ^ *((u32_a_t*)T4[u.temp[3][3]])); + *((u32_a_t*)(b + 4)) = (*((u32_a_t*)T1[u.temp[1][0]]) + ^ *((u32_a_t*)T2[u.temp[2][1]]) + ^ *((u32_a_t*)T3[u.temp[3][2]]) + ^ *((u32_a_t*)T4[u.temp[0][3]])); + *((u32_a_t*)(b + 8)) = (*((u32_a_t*)T1[u.temp[2][0]]) + ^ *((u32_a_t*)T2[u.temp[3][1]]) + ^ *((u32_a_t*)T3[u.temp[0][2]]) + ^ *((u32_a_t*)T4[u.temp[1][3]])); + *((u32_a_t*)(b +12)) = (*((u32_a_t*)T1[u.temp[3][0]]) + ^ *((u32_a_t*)T2[u.temp[0][1]]) + ^ *((u32_a_t*)T3[u.temp[1][2]]) + ^ *((u32_a_t*)T4[u.temp[2][3]])); } /* Last round is special. */ - *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[rounds-1][0]); - *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[rounds-1][1]); - *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[rounds-1][2]); - *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[rounds-1][3]); + *((u32_a_t*)u.temp[0]) = *((u32_a_t*)(b )) ^ *((u32_a_t*)rk[rounds-1][0]); + *((u32_a_t*)u.temp[1]) = *((u32_a_t*)(b+ 4)) ^ *((u32_a_t*)rk[rounds-1][1]); + *((u32_a_t*)u.temp[2]) = *((u32_a_t*)(b+ 8)) ^ *((u32_a_t*)rk[rounds-1][2]); + *((u32_a_t*)u.temp[3]) = *((u32_a_t*)(b+12)) ^ *((u32_a_t*)rk[rounds-1][3]); b[ 0] = T1[u.temp[0][0]][1]; b[ 1] = T1[u.temp[1][1]][1]; b[ 2] = T1[u.temp[2][2]][1]; @@ -572,10 +580,10 @@ do_encrypt_aligned (const RIJNDAEL_context *ctx, b[13] = T1[u.temp[0][1]][1]; b[14] = T1[u.temp[1][2]][1]; b[15] = T1[u.temp[2][3]][1]; - *((u32*)(b )) ^= *((u32*)rk[rounds][0]); - *((u32*)(b+ 4)) ^= *((u32*)rk[rounds][1]); - *((u32*)(b+ 8)) ^= *((u32*)rk[rounds][2]); - *((u32*)(b+12)) ^= *((u32*)rk[rounds][3]); + *((u32_a_t*)(b )) ^= *((u32_a_t*)rk[rounds][0]); + *((u32_a_t*)(b+ 4)) ^= *((u32_a_t*)rk[rounds][1]); + *((u32_a_t*)(b+ 8)) ^= *((u32_a_t*)rk[rounds][2]); + *((u32_a_t*)(b+12)) ^= *((u32_a_t*)rk[rounds][3]); #undef rk } @@ -1026,57 +1034,57 @@ do_decrypt_aligned (RIJNDAEL_context *ctx, } u; - *((u32*)u.temp[0]) = *((u32*)(a )) ^ *((u32*)rk[rounds][0]); - *((u32*)u.temp[1]) = *((u32*)(a+ 4)) ^ *((u32*)rk[rounds][1]); - *((u32*)u.temp[2]) = *((u32*)(a+ 8)) ^ *((u32*)rk[rounds][2]); - *((u32*)u.temp[3]) = *((u32*)(a+12)) ^ *((u32*)rk[rounds][3]); - - *((u32*)(b )) = (*((u32*)T5[u.temp[0][0]]) - ^ *((u32*)T6[u.temp[3][1]]) - ^ *((u32*)T7[u.temp[2][2]]) - ^ *((u32*)T8[u.temp[1][3]])); - *((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]]) - ^ *((u32*)T6[u.temp[0][1]]) - ^ *((u32*)T7[u.temp[3][2]]) - ^ *((u32*)T8[u.temp[2][3]])); - *((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]]) - ^ *((u32*)T6[u.temp[1][1]]) - ^ *((u32*)T7[u.temp[0][2]]) - ^ *((u32*)T8[u.temp[3][3]])); - *((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]]) - ^ *((u32*)T6[u.temp[2][1]]) - ^ *((u32*)T7[u.temp[1][2]]) - ^ *((u32*)T8[u.temp[0][3]])); + *((u32_a_t*)u.temp[0]) = *((u32_a_t*)(a )) ^ *((u32_a_t*)rk[rounds][0]); + *((u32_a_t*)u.temp[1]) = *((u32_a_t*)(a+ 4)) ^ *((u32_a_t*)rk[rounds][1]); + *((u32_a_t*)u.temp[2]) = *((u32_a_t*)(a+ 8)) ^ *((u32_a_t*)rk[rounds][2]); + *((u32_a_t*)u.temp[3]) = *((u32_a_t*)(a+12)) ^ *((u32_a_t*)rk[rounds][3]); + + *((u32_a_t*)(b )) = (*((u32_a_t*)T5[u.temp[0][0]]) + ^ *((u32_a_t*)T6[u.temp[3][1]]) + ^ *((u32_a_t*)T7[u.temp[2][2]]) + ^ *((u32_a_t*)T8[u.temp[1][3]])); + *((u32_a_t*)(b+ 4)) = (*((u32_a_t*)T5[u.temp[1][0]]) + ^ *((u32_a_t*)T6[u.temp[0][1]]) + ^ *((u32_a_t*)T7[u.temp[3][2]]) + ^ *((u32_a_t*)T8[u.temp[2][3]])); + *((u32_a_t*)(b+ 8)) = (*((u32_a_t*)T5[u.temp[2][0]]) + ^ *((u32_a_t*)T6[u.temp[1][1]]) + ^ *((u32_a_t*)T7[u.temp[0][2]]) + ^ *((u32_a_t*)T8[u.temp[3][3]])); + *((u32_a_t*)(b+12)) = (*((u32_a_t*)T5[u.temp[3][0]]) + ^ *((u32_a_t*)T6[u.temp[2][1]]) + ^ *((u32_a_t*)T7[u.temp[1][2]]) + ^ *((u32_a_t*)T8[u.temp[0][3]])); for (r = rounds-1; r > 1; r--) { - *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[r][0]); - *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[r][1]); - *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[r][2]); - *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[r][3]); - *((u32*)(b )) = (*((u32*)T5[u.temp[0][0]]) - ^ *((u32*)T6[u.temp[3][1]]) - ^ *((u32*)T7[u.temp[2][2]]) - ^ *((u32*)T8[u.temp[1][3]])); - *((u32*)(b+ 4)) = (*((u32*)T5[u.temp[1][0]]) - ^ *((u32*)T6[u.temp[0][1]]) - ^ *((u32*)T7[u.temp[3][2]]) - ^ *((u32*)T8[u.temp[2][3]])); - *((u32*)(b+ 8)) = (*((u32*)T5[u.temp[2][0]]) - ^ *((u32*)T6[u.temp[1][1]]) - ^ *((u32*)T7[u.temp[0][2]]) - ^ *((u32*)T8[u.temp[3][3]])); - *((u32*)(b+12)) = (*((u32*)T5[u.temp[3][0]]) - ^ *((u32*)T6[u.temp[2][1]]) - ^ *((u32*)T7[u.temp[1][2]]) - ^ *((u32*)T8[u.temp[0][3]])); + *((u32_a_t*)u.temp[0]) = *((u32_a_t*)(b )) ^ *((u32_a_t*)rk[r][0]); + *((u32_a_t*)u.temp[1]) = *((u32_a_t*)(b+ 4)) ^ *((u32_a_t*)rk[r][1]); + *((u32_a_t*)u.temp[2]) = *((u32_a_t*)(b+ 8)) ^ *((u32_a_t*)rk[r][2]); + *((u32_a_t*)u.temp[3]) = *((u32_a_t*)(b+12)) ^ *((u32_a_t*)rk[r][3]); + *((u32_a_t*)(b )) = (*((u32_a_t*)T5[u.temp[0][0]]) + ^ *((u32_a_t*)T6[u.temp[3][1]]) + ^ *((u32_a_t*)T7[u.temp[2][2]]) + ^ *((u32_a_t*)T8[u.temp[1][3]])); + *((u32_a_t*)(b+ 4)) = (*((u32_a_t*)T5[u.temp[1][0]]) + ^ *((u32_a_t*)T6[u.temp[0][1]]) + ^ *((u32_a_t*)T7[u.temp[3][2]]) + ^ *((u32_a_t*)T8[u.temp[2][3]])); + *((u32_a_t*)(b+ 8)) = (*((u32_a_t*)T5[u.temp[2][0]]) + ^ *((u32_a_t*)T6[u.temp[1][1]]) + ^ *((u32_a_t*)T7[u.temp[0][2]]) + ^ *((u32_a_t*)T8[u.temp[3][3]])); + *((u32_a_t*)(b+12)) = (*((u32_a_t*)T5[u.temp[3][0]]) + ^ *((u32_a_t*)T6[u.temp[2][1]]) + ^ *((u32_a_t*)T7[u.temp[1][2]]) + ^ *((u32_a_t*)T8[u.temp[0][3]])); } /* Last round is special. */ - *((u32*)u.temp[0]) = *((u32*)(b )) ^ *((u32*)rk[1][0]); - *((u32*)u.temp[1]) = *((u32*)(b+ 4)) ^ *((u32*)rk[1][1]); - *((u32*)u.temp[2]) = *((u32*)(b+ 8)) ^ *((u32*)rk[1][2]); - *((u32*)u.temp[3]) = *((u32*)(b+12)) ^ *((u32*)rk[1][3]); + *((u32_a_t*)u.temp[0]) = *((u32_a_t*)(b )) ^ *((u32_a_t*)rk[1][0]); + *((u32_a_t*)u.temp[1]) = *((u32_a_t*)(b+ 4)) ^ *((u32_a_t*)rk[1][1]); + *((u32_a_t*)u.temp[2]) = *((u32_a_t*)(b+ 8)) ^ *((u32_a_t*)rk[1][2]); + *((u32_a_t*)u.temp[3]) = *((u32_a_t*)(b+12)) ^ *((u32_a_t*)rk[1][3]); b[ 0] = S5[u.temp[0][0]]; b[ 1] = S5[u.temp[3][1]]; b[ 2] = S5[u.temp[2][2]]; @@ -1093,10 +1101,10 @@ do_decrypt_aligned (RIJNDAEL_context *ctx, b[13] = S5[u.temp[2][1]]; b[14] = S5[u.temp[1][2]]; b[15] = S5[u.temp[0][3]]; - *((u32*)(b )) ^= *((u32*)rk[0][0]); - *((u32*)(b+ 4)) ^= *((u32*)rk[0][1]); - *((u32*)(b+ 8)) ^= *((u32*)rk[0][2]); - *((u32*)(b+12)) ^= *((u32*)rk[0][3]); + *((u32_a_t*)(b )) ^= *((u32_a_t*)rk[0][0]); + *((u32_a_t*)(b+ 4)) ^= *((u32_a_t*)rk[0][1]); + *((u32_a_t*)(b+ 8)) ^= *((u32_a_t*)rk[0][2]); + *((u32_a_t*)(b+12)) ^= *((u32_a_t*)rk[0][3]); #undef rk } diff --git a/configure.ac b/configure.ac index 64692b6..013ff3a 100644 --- a/configure.ac +++ b/configure.ac @@ -951,17 +951,6 @@ if test "$GCC" = yes; then if test x"$_gcc_wopt" = xyes ; then CFLAGS="$CFLAGS -Wpointer-arith" fi - - AC_MSG_CHECKING([if gcc supports -fno-strict-aliasing]) - _gcc_cflags_save=$CFLAGS - CFLAGS="-fno-strict-aliasing" - AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),_gcc_wopt=yes,_gcc_wopt=no) - AC_MSG_RESULT($_gcc_wopt) - CFLAGS=$_gcc_cflags_save; - if test x"$_gcc_wopt" = xyes ; then - CFLAGS="$CFLAGS -fno-strict-aliasing" - fi - fi fi @@ -1228,6 +1217,8 @@ echo " Enabled pubkey algorithms: $enabled_pubkey_ciphers Random number generator: $random Using linux capabilities: $use_capabilities + Try using Padlock crypto: $padlocksupport + Try using AES-NI crypto: $aesnisupport " if test "$print_egd_notice" = "yes"; then ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 + cipher/ChangeLog | 6 ++ cipher/rijndael.c | 204 +++++++++++++++++++++++++++------------------------- configure.ac | 13 +--- 4 files changed, 118 insertions(+), 109 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 21 10:23:27 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 21 Feb 2011 10:23:27 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-13-g61a5212 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 61a521277c6347e99fec8b6575271f705360d802 (commit) from f17d50bbd31b1faa24af1e46c10bba845becf585 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 61a521277c6347e99fec8b6575271f705360d802 Author: Werner Koch Date: Mon Feb 21 10:00:22 2011 +0100 Allow --alignment option for md_bench diff --git a/tests/ChangeLog b/tests/ChangeLog index 95cb960..281f9fa 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,8 @@ +2011-02-21 Werner Koch + + * benchmark.c (md_bench): Allow for rthe --alignment option. + (main): Allow alignments between 1 and 16. + 2011-02-16 Werner Koch * benchmark.c (main): Add option --disable-hwf. diff --git a/tests/benchmark.c b/tests/benchmark.c index cf78c76..2eca86f 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -409,8 +409,11 @@ md_bench ( const char *algoname ) { int algo; gcry_md_hd_t hd; - int i, repcount; - char buf[1000]; + int i, j, repcount; + char buf_base[1000+15]; + size_t bufsize = 1000; + char *buf; + char *largebuf_base; char *largebuf; char digest[512/8]; gcry_error_t err = GPG_ERR_NO_ERROR; @@ -425,6 +428,8 @@ md_bench ( const char *algoname ) return; } + buf = buf_base + ((16 - ((size_t)buf_base & 0x0f)) % buffer_alignment); + algo = gcry_md_map_name (algoname); if (!algo) { @@ -439,7 +444,7 @@ md_bench ( const char *algoname ) exit (1); } - for (i=0; i < sizeof buf; i++) + for (i=0; i < bufsize; i++) buf[i] = i; printf ("%-12s", gcry_md_algo_name (algo)); @@ -447,7 +452,7 @@ md_bench ( const char *algoname ) start_timer (); for (repcount=0; repcount < hash_repetitions; repcount++) for (i=0; i < 1000; i++) - gcry_md_write (hd, buf, sizeof buf); + gcry_md_write (hd, buf, bufsize); gcry_md_final (hd); stop_timer (); printf (" %s", elapsed_time ()); @@ -457,7 +462,7 @@ md_bench ( const char *algoname ) start_timer (); for (repcount=0; repcount < hash_repetitions; repcount++) for (i=0; i < 10000; i++) - gcry_md_write (hd, buf, sizeof buf/10); + gcry_md_write (hd, buf, bufsize/10); gcry_md_final (hd); stop_timer (); printf (" %s", elapsed_time ()); @@ -467,7 +472,17 @@ md_bench ( const char *algoname ) start_timer (); for (repcount=0; repcount < hash_repetitions; repcount++) for (i=0; i < 1000000; i++) - gcry_md_write (hd, "", 1); + gcry_md_write (hd, buf[0], 1); + gcry_md_final (hd); + stop_timer (); + printf (" %s", elapsed_time ()); + fflush (stdout); + + start_timer (); + for (repcount=0; repcount < hash_repetitions; repcount++) + for (i=0; i < 1000; i++) + for (j=0; j < bufsize; j++) + gcry_md_putc (hd, buf[j]); gcry_md_final (hd); stop_timer (); printf (" %s", elapsed_time ()); @@ -481,9 +496,12 @@ md_bench ( const char *algoname ) if (gcry_md_get_algo_dlen (algo) > sizeof digest) die ("digest buffer too short\n"); - largebuf = malloc (10000); - if (!largebuf) + largebuf_base = malloc (10000+15); + if (!largebuf_base) die ("out of core\n"); + largebuf = (largebuf_base + + ((16 - ((size_t)largebuf_base & 0x0f)) % buffer_alignment)); + for (i=0; i < 10000; i++) largebuf[i] = i; start_timer (); @@ -492,7 +510,7 @@ md_bench ( const char *algoname ) gcry_md_hash_buffer (algo, digest, largebuf, 10000); stop_timer (); printf (" %s", elapsed_time ()); - free (largebuf); + free (largebuf_base); putchar ('\n'); fflush (stdout); @@ -544,16 +562,12 @@ cipher_bench ( const char *algoname ) } repetitions *= cipher_repetitions; - buf = raw_buf = gcry_xmalloc (allocated_buflen+15); - if (buffer_alignment) - while (((size_t)buf & 0x0f)) - buf++; - + raw_buf = gcry_xmalloc (allocated_buflen+15); + buf = (raw_buf + + ((16 - ((size_t)raw_buf & 0x0f)) % buffer_alignment)); outbuf = raw_outbuf = gcry_xmalloc (allocated_buflen+15); - if (buffer_alignment) - while (((size_t)outbuf & 0x0f)) - outbuf++; - + outbuf = (raw_outbuf + + ((16 - ((size_t)raw_outbuf & 0x0f)) % buffer_alignment)); if (!header_printed) { @@ -1107,6 +1121,8 @@ main( int argc, char **argv ) int use_random_daemon = 0; int with_progress = 0; + buffer_alignment = 1; + if (argc) { argc--; argv++; } @@ -1201,14 +1217,8 @@ main( int argc, char **argv ) } } - switch (buffer_alignment) - { - case 0: - case 16: - break; - default: - die ("option --alignment not used with a value of 0 or 16\n"); - } + if (buffer_alignment < 1 || buffer_alignment > 16) + die ("value for --alignment must be in the range 1 to 16\n"); gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose); ----------------------------------------------------------------------- Summary of changes: tests/ChangeLog | 5 ++++ tests/benchmark.c | 62 ++++++++++++++++++++++++++++++---------------------- 2 files changed, 41 insertions(+), 26 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 21 17:40:00 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 21 Feb 2011 17:40:00 +0100 Subject: [git] GCRYPT - tag, libgcrypt-1.5.0-beta1, created. post-nuke-of-trailing-ws-14-g2442ca2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The tag, libgcrypt-1.5.0-beta1 has been created at 2442ca23030c8900c907166ca3f5d31d1907ead8 (commit) - Log ----------------------------------------------------------------- commit 2442ca23030c8900c907166ca3f5d31d1907ead8 Author: Werner Koch Date: Mon Feb 21 17:04:46 2011 +0100 Final changes for 1.5.0-beta1 ----------------------------------------------------------------------- hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 21 17:40:07 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 21 Feb 2011 17:40:07 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-14-g2442ca2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2442ca23030c8900c907166ca3f5d31d1907ead8 (commit) from 61a521277c6347e99fec8b6575271f705360d802 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2442ca23030c8900c907166ca3f5d31d1907ead8 Author: Werner Koch Date: Mon Feb 21 17:04:46 2011 +0100 Final changes for 1.5.0-beta1 diff --git a/ChangeLog b/ChangeLog index 01c1213..e487942 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-02-21 Werner Koch + + Release 1.5.0-beta1. + 2011-02-18 Werner Koch * configure.ac [GCC]: Remove the use of -fno-strict-aliasing. diff --git a/NEWS b/NEWS index 3a92ad5..ffbdc84 100644 --- a/NEWS +++ b/NEWS @@ -1,21 +1,6 @@ Noteworthy changes in version 1.5.x (unreleased) ------------------------------------------------ - * New variants of the TIGER algorithm. - - * New cipher algorithm mode for AES-WRAP. - - * Fixed minor memory leak in DSA key generation. - - * No more switching to FIPS mode if /proc/version is not readable. - - * Fixed sigill during Padlock detection on old CPUs. - - * Fixed a hang on some W2000 machines. - - * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; - SHA-256 went up by 25%. - * Support for WindowsCE. * Support ECDH. @@ -39,15 +24,31 @@ Noteworthy changes in version 1.5.x (unreleased) whether you really need this feature or how it can be replaced by an internal plugin mechanism. + * New variants of the TIGER algorithm. [also in 1.4.6] + + * New cipher algorithm mode for AES-WRAP. [also in 1.4.6] + + * Fixed minor memory leak in DSA key generation. [also in 1.4.5] + + * No more switching to FIPS mode if /proc/version is not + readable. [also in 1.4.5] + + * Fixed sigill during Padlock detection on old CPUs. [also in 1.4.5] + + * Fixed a hang on some W2000 machines. [also in 1.4.5] + + * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; + SHA-256 went up by 25%. [also in 1.4.5] + * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - GCRY_CIPHER_MODE_AESWRAP NEW. GCRY_PK_ECDH NEW. - GCRY_MD_TIGER1 NEW. - GCRY_MD_TIGER2 NEW. gcry_pk_get_curve NEW. gcry_pk_get_param NEW. GCRYCTL_DISABLE_HWF NEW. + GCRY_CIPHER_MODE_AESWRAP NEW. [also in 1.4.6] + GCRY_MD_TIGER1 NEW. [also in 1.4.6] + GCRY_MD_TIGER2 NEW. [also in 1.4.6] Noteworthy changes in version 1.4.4 (2009-01-22) diff --git a/README b/README index 6fe1cfb..0b4e882 100644 --- a/README +++ b/README @@ -6,7 +6,7 @@ THE STABLE VERSION IS THE 1.4. Copyright 2000, 2002, 2003, 2004, 2007, 2008, - 2009 Free Software Foundation, Inc. + 2009, 2011 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/configure.ac b/configure.ac index 013ff3a..a28ea83 100644 --- a/configure.ac +++ b/configure.ac @@ -26,8 +26,8 @@ min_automake_version="1.10" # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.5.0]) -m4_define([my_issvn], [yes]) +m4_define([my_version], [1.5.0-beta1]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) diff --git a/src/ChangeLog b/src/ChangeLog index 750c8da..a9523cc 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,8 @@ +2011-02-21 Werner Koch + + * global.c (gcry_check_version): Do not take the patchlevel in + account; it is not well defined. + 2011-02-17 Werner Koch * gcrypt-module.h (gcry_cipher_register, gcry_cipher_unregister) @@ -2259,7 +2264,7 @@ Tue Dec 8 13:15:16 CET 1998 Werner Koch Copyright (C) 1998,1999,2000,2001,2002,2003 - 2004, 2005, 2008, 2009, 2011 Free Software Foundation, Inc. + 2004,2005,2008,2009,2011 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/src/dumpsexp.c b/src/dumpsexp.c index a397b24..6ea05e8 100644 --- a/src/dumpsexp.c +++ b/src/dumpsexp.c @@ -273,11 +273,11 @@ printchr (int c) putchar (c); } -static void -printhex (int c) -{ - printf ("\\x%02x", c); -} +/* static void */ +/* printhex (int c) */ +/* { */ +/* printf ("\\x%02x", c); */ +/* } */ #if 0 diff --git a/src/global.c b/src/global.c index 6336fea..51d7f39 100644 --- a/src/global.c +++ b/src/global.c @@ -234,7 +234,7 @@ gcry_check_version( const char *req_version ) const char *ver = VERSION; int my_major, my_minor, my_micro; int rq_major, rq_minor, rq_micro; - const char *my_plvl, *rq_plvl; + const char *my_plvl; /* Initialize library. */ global_init (); @@ -250,23 +250,19 @@ gcry_check_version( const char *req_version ) assert() here and bail out in case this happens? -mo. */ return NULL; - /* Parse requested version number. */ - rq_plvl = parse_version_string( req_version, &rq_major, &rq_minor, - &rq_micro ); - if ( !rq_plvl ) - /* req version string is invalid, this can happen. */ - return NULL; + /* Parse requested version number. */ + if (!parse_version_string (req_version, &rq_major, &rq_minor, &rq_micro)) + return NULL; /* req version string is invalid, this can happen. */ /* Compare version numbers. */ if ( my_major > rq_major || (my_major == rq_major && my_minor > rq_minor) + || (my_major == rq_major && my_minor == rq_minor && my_micro > rq_micro) || (my_major == rq_major && my_minor == rq_minor - && my_micro > rq_micro) - || (my_major == rq_major && my_minor == rq_minor - && my_micro == rq_micro - && strcmp( my_plvl, rq_plvl ) >= 0) ) { + && my_micro == rq_micro)) + { return ver; - } + } return NULL; } diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index 2e9402d..401851e 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "Libgcrypt - The GNU Crypto Library\0" VALUE "FileVersion", "@LIBGCRYPT_LT_CURRENT at .@LIBGCRYPT_LT_AGE at .@LIBGCRYPT_LT_REVISION at .@BUILD_REVISION@\0" VALUE "InternalName", "libgcrypt\0" - VALUE "LegalCopyright", "Copyright ? 2008 Free Software Foundation, Inc.\0" + VALUE "LegalCopyright", "Copyright ? 2011 Free Software Foundation, Inc.\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libgcrypt.dll\0" VALUE "PrivateBuild", "\0" diff --git a/tests/ChangeLog b/tests/ChangeLog index 281f9fa..8ef49fc 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,6 +1,9 @@ 2011-02-21 Werner Koch - * benchmark.c (md_bench): Allow for rthe --alignment option. + * version.c (main): Do a verbatim check of the version string. + * basic.c (main): Ditto. But die on mismatch. + + * benchmark.c (md_bench): Allow for the --alignment option. (main): Allow alignments between 1 and 16. 2011-02-16 Werner Koch diff --git a/tests/basic.c b/tests/basic.c index bcc39cc..185091e 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -2509,8 +2509,10 @@ main (int argc, char **argv) if (use_fips) gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0); - if (!gcry_check_version (GCRYPT_VERSION)) - die ("version mismatch\n"); + /* Check that we test exactly our version - including the patchlevel. */ + if (strcmp (GCRYPT_VERSION, gcry_check_version (NULL))) + die ("version mismatch; pgm=%s, library=%s\n", + GCRYPT_VERSION,gcry_check_version (NULL)); if ( gcry_fips_mode_active () ) in_fips_mode = 1; diff --git a/tests/benchmark.c b/tests/benchmark.c index 2eca86f..106e01b 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -472,7 +472,7 @@ md_bench ( const char *algoname ) start_timer (); for (repcount=0; repcount < hash_repetitions; repcount++) for (i=0; i < 1000000; i++) - gcry_md_write (hd, buf[0], 1); + gcry_md_write (hd, buf, 1); gcry_md_final (hd); stop_timer (); printf (" %s", elapsed_time ()); @@ -1224,7 +1224,8 @@ main( int argc, char **argv ) if (!gcry_check_version (GCRYPT_VERSION)) { - fprintf (stderr, PGM ": version mismatch\n"); + fprintf (stderr, PGM ": version mismatch; pgm=%s, library=%s\n", + GCRYPT_VERSION, gcry_check_version (NULL)); exit (1); } diff --git a/tests/version.c b/tests/version.c index 3cbecbc..af3c4c3 100644 --- a/tests/version.c +++ b/tests/version.c @@ -45,10 +45,13 @@ main (int argc, char **argv) (void)argv; gcry_control (GCRYCTL_DISABLE_SECMEM, 0); - if (!gcry_check_version (GCRYPT_VERSION)) + if (strcmp (GCRYPT_VERSION, gcry_check_version (NULL))) { - fprintf (stderr, PGM ": version mismatch\n"); - exit (1); + int oops = !gcry_check_version (GCRYPT_VERSION); + fprintf (stderr, PGM ": %sversion mismatch; pgm=%s, library=%s\n", + oops? "":"warning: ", GCRYPT_VERSION, gcry_check_version (NULL)); + if (oops) + exit (1); } gcry_control (GCRYCTL_PRINT_CONFIG, NULL); ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 ++++ NEWS | 37 +++++++++++++++++++------------------ README | 2 +- configure.ac | 4 ++-- src/ChangeLog | 7 ++++++- src/dumpsexp.c | 10 +++++----- src/global.c | 20 ++++++++------------ src/versioninfo.rc.in | 2 +- tests/ChangeLog | 5 ++++- tests/basic.c | 6 ++++-- tests/benchmark.c | 5 +++-- tests/version.c | 9 ++++++--- 12 files changed, 63 insertions(+), 48 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Feb 22 16:32:13 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 22 Feb 2011 16:32:13 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-15-g2674140 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2674140cdfdc59ce5ad0238177da1542f5df6e00 (commit) from 2442ca23030c8900c907166ca3f5d31d1907ead8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2674140cdfdc59ce5ad0238177da1542f5df6e00 Author: Werner Koch Date: Tue Feb 22 16:08:13 2011 +0100 Use AES-NI insns for CTR mode. That really boosts the performance of CTR. diff --git a/NEWS b/NEWS index ffbdc84..979ad40 100644 --- a/NEWS +++ b/NEWS @@ -40,15 +40,18 @@ Noteworthy changes in version 1.5.x (unreleased) * Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3; SHA-256 went up by 25%. [also in 1.4.5] - * Interface changes relative to the 1.4.2 release: + * Interface changes relative to the 1.4.6 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GCRY_PK_ECDH NEW. gcry_pk_get_curve NEW. gcry_pk_get_param NEW. GCRYCTL_DISABLE_HWF NEW. - GCRY_CIPHER_MODE_AESWRAP NEW. [also in 1.4.6] - GCRY_MD_TIGER1 NEW. [also in 1.4.6] - GCRY_MD_TIGER2 NEW. [also in 1.4.6] + + * Interface changes relative to the 1.4.2 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GCRY_CIPHER_MODE_AESWRAP NEW. + GCRY_MD_TIGER1 NEW. + GCRY_MD_TIGER2 NEW. Noteworthy changes in version 1.4.4 (2009-01-22) diff --git a/cipher/ChangeLog b/cipher/ChangeLog index d10ce07..7e00da7 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,13 @@ +2011-02-22 Werner Koch + + * rijndael.c (aesni_cleanup_2_4): New. + (aesenc_xmm1_xmm0, do_aesni_ctr_4): New. + (_gcry_aes_ctr_enc): New. + * cipher.c (struct gcry_cipher_handle): Add CTR_ENC. Move field + CTR into an u_ctr union and adjust all users. + (gcry_cipher_open): Use _gcry_aes_ctr_enc. + (do_ctr_encrypt): Use bulk mode. + 2011-02-18 Werner Koch * rijndael.c (u32_a_t): New. diff --git a/cipher/cipher.c b/cipher/cipher.c index 92b3698..a2f8bb9 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -190,6 +190,9 @@ struct gcry_cipher_handle void (*cbc_dec)(void *context, unsigned char *iv, void *outbuf_arg, const void *inbuf_arg, unsigned int nblocks); + void (*ctr_enc)(void *context, unsigned char *iv, + void *outbuf_arg, const void *inbuf_arg, + unsigned int nblocks); } bulk; @@ -209,12 +212,16 @@ struct gcry_cipher_handle unsigned char iv[MAX_BLOCKSIZE]; } u_iv; + /* The counter for CTR mode. This field is also used by AESWRAP and + thus we can't use the U_IV union. */ + union { + cipher_context_alignment_t iv_align; + unsigned char ctr[MAX_BLOCKSIZE]; + } u_ctr; + unsigned char lastiv[MAX_BLOCKSIZE]; int unused; /* Number of unused bytes in the IV. */ - unsigned char ctr[MAX_BLOCKSIZE]; /* For Counter (CTR) mode. */ - - /* What follows are two contexts of the cipher in use. The first one needs to be aligned well enough for the cipher operation whereas the second one is a copy created by cipher_setkey and @@ -814,6 +821,7 @@ gcry_cipher_open (gcry_cipher_hd_t *handle, h->bulk.cfb_dec = _gcry_aes_cfb_dec; h->bulk.cbc_enc = _gcry_aes_cbc_enc; h->bulk.cbc_dec = _gcry_aes_cbc_dec; + h->bulk.ctr_enc = _gcry_aes_ctr_enc; break; #endif /*USE_AES*/ @@ -936,7 +944,7 @@ cipher_reset (gcry_cipher_hd_t c) memset (&c->marks, 0, sizeof c->marks); memset (c->u_iv.iv, 0, c->cipher->blocksize); memset (c->lastiv, 0, c->cipher->blocksize); - memset (c->ctr, 0, c->cipher->blocksize); + memset (c->u_ctr.ctr, 0, c->cipher->blocksize); } @@ -1441,9 +1449,11 @@ do_ctr_encrypt (gcry_cipher_hd_t c, const unsigned char *inbuf, unsigned int inbuflen) { unsigned int n; - unsigned char tmp[MAX_BLOCKSIZE]; int i; unsigned int blocksize = c->cipher->blocksize; + unsigned int nblocks; + + /* FIXME: This code does only work on complete blocks. */ if (outbuflen < inbuflen) return GPG_ERR_BUFFER_TOO_SHORT; @@ -1451,25 +1461,38 @@ do_ctr_encrypt (gcry_cipher_hd_t c, if ((inbuflen % blocksize)) return GPG_ERR_INV_LENGTH; - for (n=0; n < inbuflen; n++) + nblocks = inbuflen / blocksize; + if (nblocks && c->bulk.ctr_enc) { - if ((n % blocksize) == 0) - { - c->cipher->encrypt (&c->context.c, tmp, c->ctr); + c->bulk.ctr_enc (&c->context.c, c->u_ctr.ctr, outbuf, inbuf, nblocks); + inbuf += nblocks * blocksize; + outbuf += nblocks * blocksize; + } + else + { + unsigned char tmp[MAX_BLOCKSIZE]; - for (i = blocksize; i > 0; i--) - { - c->ctr[i-1]++; - if (c->ctr[i-1] != 0) - break; - } - } + for (n=0; n < inbuflen; n++) + { + if ((n % blocksize) == 0) + { + c->cipher->encrypt (&c->context.c, tmp, c->u_ctr.ctr); + + for (i = blocksize; i > 0; i--) + { + c->u_ctr.ctr[i-1]++; + if (c->u_ctr.ctr[i-1] != 0) + break; + } + } + + /* XOR input with encrypted counter and store in output. */ + outbuf[n] = inbuf[n] ^ tmp[n % blocksize]; + } - /* XOR input with encrypted counter and store in output. */ - outbuf[n] = inbuf[n] ^ tmp[n % blocksize]; + wipememory (tmp, sizeof tmp); } - wipememory (tmp, sizeof tmp); return 0; } @@ -1517,7 +1540,7 @@ do_aeswrap_encrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, r = outbuf; a = outbuf; /* We store A directly in OUTBUF. */ - b = c->ctr; /* B is also used to concatenate stuff. */ + b = c->u_ctr.ctr; /* B is also used to concatenate stuff. */ /* If an IV has been set we use that IV as the Alternative Initial Value; if it has not been set we use the standard value. */ @@ -1593,7 +1616,7 @@ do_aeswrap_decrypt (gcry_cipher_hd_t c, byte *outbuf, unsigned int outbuflen, r = outbuf; a = c->lastiv; /* We use c->LASTIV as buffer for A. */ - b = c->ctr; /* B is also used to concatenate stuff. */ + b = c->u_ctr.ctr; /* B is also used to concatenate stuff. */ /* Copy the inbuf to the outbuf and save A. */ memcpy (a, inbuf, 8); @@ -1861,9 +1884,9 @@ gpg_error_t _gcry_cipher_setctr (gcry_cipher_hd_t hd, const void *ctr, size_t ctrlen) { if (ctr && ctrlen == hd->cipher->blocksize) - memcpy (hd->ctr, ctr, hd->cipher->blocksize); + memcpy (hd->u_ctr.ctr, ctr, hd->cipher->blocksize); else if (!ctr || !ctrlen) - memset (hd->ctr, 0, hd->cipher->blocksize); + memset (hd->u_ctr.ctr, 0, hd->cipher->blocksize); else return gpg_error (GPG_ERR_INV_ARG); return 0; @@ -1923,9 +1946,9 @@ gcry_cipher_ctl( gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) case GCRYCTL_SET_CTR: /* Deprecated; use gcry_cipher_setctr. */ if (buffer && buflen == h->cipher->blocksize) - memcpy (h->ctr, buffer, h->cipher->blocksize); + memcpy (h->u_ctr.ctr, buffer, h->cipher->blocksize); else if (buffer == NULL || buflen == 0) - memset (h->ctr, 0, h->cipher->blocksize); + memset (h->u_ctr.ctr, 0, h->cipher->blocksize); else rc = GPG_ERR_INV_ARG; break; diff --git a/cipher/rijndael.c b/cipher/rijndael.c index fb97274..2df8ea9 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -90,9 +90,7 @@ typedef u32 u32_a_t; #endif -static const char *selftest(void); - - + /* Our context object. */ typedef struct { @@ -144,6 +142,11 @@ typedef struct do { asm volatile ("pxor %%xmm0, %%xmm0\n\t" \ "pxor %%xmm1, %%xmm1\n" :: ); \ } while (0) +# define aesni_cleanup_2_4() \ + do { asm volatile ("pxor %%xmm2, %%xmm2\n\t" \ + "pxor %%xmm3, %%xmm3\n" \ + "pxor %%xmm4, %%xmm4\n":: ); \ + } while (0) #else # define aesni_prepare() do { } while (0) # define aesni_cleanup() do { } while (0) @@ -154,6 +157,23 @@ typedef struct #include "rijndael-tables.h" + +/* Function prototypes. */ +#ifdef USE_AESNI +/* We don't want to inline these functions to help gcc allocate enough + registers. */ +static void do_aesni_ctr (const RIJNDAEL_context *ctx, unsigned char *ctr, + unsigned char *b, const unsigned char *a) + __attribute__ ((__noinline__)); +static void do_aesni_ctr_4 (const RIJNDAEL_context *ctx, unsigned char *ctr, + unsigned char *b, const unsigned char *a) + __attribute__ ((__noinline__)); +#endif /*USE_AESNI*/ + +static const char *selftest(void); + + + /* Perform the key setup. */ static gcry_err_code_t do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) @@ -272,7 +292,7 @@ do_setkey (RIJNDAEL_context *ctx, const byte *key, const unsigned keylen) else if (ctx->use_aesni && ctx->rounds == 10) { /* Note: This code works for AES-128 but it is not much better - than than using the standard key schedule. We disable it for + than using the standard key schedule. We disable it for now and don't put any effort into implementing this for AES-192 and AES-256. */ asm volatile ("movl %[key], %%esi\n\t" @@ -860,6 +880,239 @@ do_aesni_cfb (const RIJNDAEL_context *ctx, int decrypt_flag, #undef aesenclast_xmm1_xmm0 } +/* Perform a CTR encryption round using the counter CTR and the input + block A. Write the result to the output block B and update CTR. + CTR needs to be a 16 byte aligned little-endian value. */ +static void +do_aesni_ctr (const RIJNDAEL_context *ctx, + unsigned char *ctr, unsigned char *b, const unsigned char *a) +{ +#define aesenc_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xc1\n\t" +#define aesenclast_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdd, 0xc1\n\t" + static unsigned char be_mask[16] __attribute__ ((aligned (16))) = + { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + + asm volatile ("movdqa %[ctr], %%xmm0\n\t" /* xmm0, xmm2 := CTR */ + "movaps %%xmm0, %%xmm2\n\t" + "mov $1, %%esi\n\t" /* xmm2++ (big-endian) */ + "movd %%esi, %%xmm1\n\t" + "pshufb %[mask], %%xmm2\n\t" + "paddq %%xmm1, %%xmm2\n\t" + "pshufb %[mask], %%xmm2\n\t" + "movdqa %%xmm2, %[ctr]\n" /* Update CTR. */ + + "movl %[key], %%esi\n\t" /* esi := keyschenc */ + "movdqa (%%esi), %%xmm1\n\t" /* xmm1 := key[0] */ + "pxor %%xmm1, %%xmm0\n\t" /* xmm0 ^= key[0] */ + "movdqa 0x10(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x20(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x30(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x40(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x50(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x60(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x70(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x80(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0x90(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xa0(%%esi), %%xmm1\n\t" + "cmp $10, %[rounds]\n\t" + "jz .Lenclast%=\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xb0(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xc0(%%esi), %%xmm1\n\t" + "cmp $12, %[rounds]\n\t" + "jz .Lenclast%=\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xd0(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + "movdqa 0xe0(%%esi), %%xmm1\n" + + ".Lenclast%=:\n\t" + aesenclast_xmm1_xmm0 + "movdqu %[src], %%xmm1\n\t" /* xmm1 := input */ + "pxor %%xmm1, %%xmm0\n\t" /* EncCTR ^= input */ + "movdqu %%xmm0, %[dst]" /* Store EncCTR. */ + + : [ctr] "+m" (*ctr), [dst] "=m" (*b) + : [src] "m" (*a), + [key] "g" (ctx->keyschenc), + [rounds] "g" (ctx->rounds), + [mask] "m" (*be_mask) + : "%esi", "cc", "memory"); +#undef aesenc_xmm1_xmm0 +#undef aesenclast_xmm1_xmm0 +} + + +/* Four blocks at a time variant of do_aesni_ctr. */ +static void +do_aesni_ctr_4 (const RIJNDAEL_context *ctx, + unsigned char *ctr, unsigned char *b, const unsigned char *a) +{ +#define aesenc_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xc1\n\t" +#define aesenc_xmm1_xmm2 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xd1\n\t" +#define aesenc_xmm1_xmm3 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xd9\n\t" +#define aesenc_xmm1_xmm4 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xe1\n\t" +#define aesenclast_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdd, 0xc1\n\t" +#define aesenclast_xmm1_xmm2 ".byte 0x66, 0x0f, 0x38, 0xdd, 0xd1\n\t" +#define aesenclast_xmm1_xmm3 ".byte 0x66, 0x0f, 0x38, 0xdd, 0xd9\n\t" +#define aesenclast_xmm1_xmm4 ".byte 0x66, 0x0f, 0x38, 0xdd, 0xe1\n\t" + + static unsigned char be_mask[16] __attribute__ ((aligned (16))) = + { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + + /* Register usage: + esi keyschedule + xmm0 CTR-0 + xmm1 temp / round key + xmm2 CTR-1 + xmm3 CTR-2 + xmm4 CTR-3 + xmm5 temp + */ + + asm volatile ("movdqa %[ctr], %%xmm0\n\t" /* xmm0, xmm2 := CTR */ + "movaps %%xmm0, %%xmm2\n\t" + "mov $1, %%esi\n\t" /* xmm1 := 1 */ + "movd %%esi, %%xmm1\n\t" + "pshufb %[mask], %%xmm2\n\t" /* xmm2 := le(xmm2) */ + "paddq %%xmm1, %%xmm2\n\t" /* xmm2++ */ + "movaps %%xmm2, %%xmm3\n\t" /* xmm3 := xmm2 */ + "paddq %%xmm1, %%xmm3\n\t" /* xmm3++ */ + "movaps %%xmm3, %%xmm4\n\t" /* xmm4 := xmm3 */ + "paddq %%xmm1, %%xmm4\n\t" /* xmm4++ */ + "movaps %%xmm4, %%xmm5\n\t" /* xmm5 := xmm4 */ + "paddq %%xmm1, %%xmm5\n\t" /* xmm5++ */ + "pshufb %[mask], %%xmm2\n\t" /* xmm2 := be(xmm2) */ + "pshufb %[mask], %%xmm3\n\t" /* xmm3 := be(xmm3) */ + "pshufb %[mask], %%xmm4\n\t" /* xmm4 := be(xmm4) */ + "pshufb %[mask], %%xmm5\n\t" /* xmm5 := be(xmm5) */ + "movdqa %%xmm5, %[ctr]\n" /* Update CTR. */ + + "movl %[key], %%esi\n\t" /* esi := keyschenc */ + "movdqa (%%esi), %%xmm1\n\t" /* xmm1 := key[0] */ + "pxor %%xmm1, %%xmm0\n\t" /* xmm0 ^= key[0] */ + "pxor %%xmm1, %%xmm2\n\t" /* xmm2 ^= key[0] */ + "pxor %%xmm1, %%xmm3\n\t" /* xmm3 ^= key[0] */ + "pxor %%xmm1, %%xmm4\n\t" /* xmm4 ^= key[0] */ + "movdqa 0x10(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0x20(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0x30(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0x40(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0x50(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0x60(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0x70(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0x80(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0x90(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0xa0(%%esi), %%xmm1\n\t" + "cmp $10, %[rounds]\n\t" + "jz .Lenclast%=\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0xb0(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0xc0(%%esi), %%xmm1\n\t" + "cmp $12, %[rounds]\n\t" + "jz .Lenclast%=\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0xd0(%%esi), %%xmm1\n\t" + aesenc_xmm1_xmm0 + aesenc_xmm1_xmm2 + aesenc_xmm1_xmm3 + aesenc_xmm1_xmm4 + "movdqa 0xe0(%%esi), %%xmm1\n" + + ".Lenclast%=:\n\t" + aesenclast_xmm1_xmm0 + aesenclast_xmm1_xmm2 + aesenclast_xmm1_xmm3 + aesenclast_xmm1_xmm4 + + "movdqu %[src], %%xmm1\n\t" /* Get block 1. */ + "pxor %%xmm1, %%xmm0\n\t" /* EncCTR-1 ^= input */ + "movdqu %%xmm0, %[dst]\n\t" /* Store block 1 */ + + "movdqu (16)%[src], %%xmm1\n\t" /* Get block 2. */ + "pxor %%xmm1, %%xmm2\n\t" /* EncCTR-2 ^= input */ + "movdqu %%xmm2, (16)%[dst]\n\t" /* Store block 2. */ + + "movdqu (32)%[src], %%xmm1\n\t" /* Get block 3. */ + "pxor %%xmm1, %%xmm3\n\t" /* EncCTR-3 ^= input */ + "movdqu %%xmm3, (32)%[dst]\n\t" /* Store block 3. */ + + "movdqu (48)%[src], %%xmm1\n\t" /* Get block 4. */ + "pxor %%xmm1, %%xmm4\n\t" /* EncCTR-4 ^= input */ + "movdqu %%xmm4, (48)%[dst]" /* Store block 4. */ + + : [ctr] "+m" (*ctr), [dst] "=m" (*b) + : [src] "m" (*a), + [key] "g" (ctx->keyschenc), + [rounds] "g" (ctx->rounds), + [mask] "m" (*be_mask) + : "%esi", "cc", "memory"); +#undef aesenc_xmm1_xmm0 +#undef aesenc_xmm1_xmm2 +#undef aesenc_xmm1_xmm3 +#undef aesenc_xmm1_xmm4 +#undef aesenclast_xmm1_xmm0 +#undef aesenclast_xmm1_xmm2 +#undef aesenclast_xmm1_xmm3 +#undef aesenclast_xmm1_xmm4 +} + static void do_aesni (RIJNDAEL_context *ctx, int decrypt_flag, @@ -1016,6 +1269,69 @@ _gcry_aes_cbc_enc (void *context, unsigned char *iv, } +/* Bulk encryption of complete blocks in CTR mode. Caller needs to + make sure that CTR is aligned on a 16 byte boundary if AESNI; the + minimum alignment is for an u32. This function is only intended + for the bulk encryption feature of cipher.c. CTR is expected to be + of size BLOCKSIZE. */ +void +_gcry_aes_ctr_enc (void *context, unsigned char *ctr, + void *outbuf_arg, const void *inbuf_arg, + unsigned int nblocks) +{ + RIJNDAEL_context *ctx = context; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + unsigned char *p; + int i; + + if (0) + ; +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + aesni_prepare (); + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + do_aesni_ctr_4 (ctx, ctr, outbuf, inbuf); + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + do_aesni_ctr (ctx, ctr, outbuf, inbuf); + outbuf += BLOCKSIZE; + inbuf += BLOCKSIZE; + } + aesni_cleanup (); + aesni_cleanup_2_4 (); + } +#endif /*USE_AESNI*/ + else + { + union { unsigned char x1[16]; u32 x32[4]; } tmp; + + for ( ;nblocks; nblocks-- ) + { + /* Encrypt the counter. */ + do_encrypt_aligned (ctx, tmp.x1, ctr); + /* XOR the input with the encrypted counter and store in output. */ + for (p=tmp.x1, i=0; i < BLOCKSIZE; i++) + *outbuf++ = (*p++ ^= *inbuf++); + /* Increment the counter. */ + for (i = BLOCKSIZE; i > 0; i--) + { + ctr[i-1]++; + if (ctr[i-1]) + break; + } + } + } + + _gcry_burn_stack (48 + 2*sizeof(int)); +} + + /* Decrypt one block. A and B need to be aligned on a 4 byte boundary and the decryption must have been prepared. A and B may be the diff --git a/configure.ac b/configure.ac index a28ea83..013ff3a 100644 --- a/configure.ac +++ b/configure.ac @@ -26,8 +26,8 @@ min_automake_version="1.10" # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.5.0-beta1]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.5.0]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) diff --git a/src/cipher.h b/src/cipher.h index ca2d956..a568800 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -53,6 +53,9 @@ void _gcry_aes_cbc_enc (void *context, unsigned char *iv, void _gcry_aes_cbc_dec (void *context, unsigned char *iv, void *outbuf_arg, const void *inbuf_arg, unsigned int nblocks); +void _gcry_aes_ctr_enc (void *context, unsigned char *ctr, + void *outbuf_arg, const void *inbuf_arg, + unsigned int nblocks); /*-- dsa.c --*/ ----------------------------------------------------------------------- Summary of changes: NEWS | 11 +- cipher/ChangeLog | 10 ++ cipher/cipher.c | 73 ++++++++---- cipher/rijndael.c | 324 ++++++++++++++++++++++++++++++++++++++++++++++++++++- configure.ac | 4 +- src/cipher.h | 3 + 6 files changed, 390 insertions(+), 35 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 23 10:40:08 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Feb 2011 10:40:08 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-11-g7c03c8c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7c03c8cc65e68f1d77a5a5a497025191fe5df5e9 (commit) from 90dcc0c3ada60249629cf43c6f8bacd4e703f0d3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7c03c8cc65e68f1d77a5a5a497025191fe5df5e9 Author: Werner Koch Date: Wed Feb 23 10:15:34 2011 +0100 Lock scdaemon to CCID if once found. This solves a problem where ccid was used, the card unplugged and then scdaemon tries to find a new (plugged in) reader and thus will eventually try PC/SC over and over again. Also added an explicit --kill command to gpgconf. diff --git a/doc/tools.texi b/doc/tools.texi index c85f9e2..f530c1e 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -61,7 +61,7 @@ watchgnupg --force ~/.gnupg/S.log @noindent This starts it on the current terminal for listening on the socket - at file{~/.gnupg/S.log}. + at file{~/.gnupg/S.log}. @mansect options @noindent @@ -69,7 +69,7 @@ This starts it on the current terminal for listening on the socket @table @gnupgtabopt - at item --force + at item --force @opindex force Delete an already existing socket file. @@ -129,9 +129,9 @@ name for remote debugging. @mansect see also @ifset isman - at command{gpg}(1), - at command{gpgsm}(1), - at command{gpg-agent}(1), + at command{gpg}(1), + at command{gpgsm}(1), + at command{gpg-agent}(1), @command{scdaemon}(1) @end ifset @include see-also-note.texi @@ -150,7 +150,7 @@ name for remote debugging. @node addgnupghome @section Create .gnupg home directories. @ifset manverb -.B addgnupghome +.B addgnupghome \- Create .gnupg home directories @end ifset @@ -197,7 +197,7 @@ addgnupghome account1 account2 ... accountn .br .B gpgconf .RI [ options ] -.B \-\-list-options +.B \-\-list-options .I component .br .B gpgconf @@ -301,10 +301,17 @@ is given, check that file instead. @item --reload [@var{component}] @opindex reload -Reload all or the given component. This is basically the sam as sending +Reload all or the given component. This is basically the same as sending a SIGHUP to the component. Components which don't support reloading are ignored. + at item --kill [@var{component}] + at opindex kill +Kill the given component. Components which support killing are +gpg-agent and scdaemon. Components which don't support reloading are +ignored. Note that as of now reload and kill have the same effect for +scdaemon. + @end table @@ -570,7 +577,7 @@ configuration file. It is @emph{percent-escaped}. @item line If an error occurred in the configuration file, this field has the line -number of the failing statement in the configuration file. +number of the failing statement in the configuration file. It is an @emph{unsigned number}. @item error @@ -867,7 +874,7 @@ effect. @subsection Listing global options Sometimes it is useful for applications to look at the global options -file @file{gpgconf.conf}. +file @file{gpgconf.conf}. The colon separated listing format is record oriented and uses the first field to identify the record type: @@ -936,9 +943,9 @@ no feature to change the global option file through @command{gpgconf}. @mansect see also @ifset isman - at command{gpg}(1), - at command{gpgsm}(1), - at command{gpg-agent}(1), + at command{gpg}(1), + at command{gpgsm}(1), + at command{gpg-agent}(1), @command{scdaemon}(1), @command{dirmngr}(1) @end ifset @@ -989,7 +996,7 @@ applygnupgdefaults @ifset manverb .B gpgsm-gencert.sh \- Generate an X.509 certificate request - at end ifset + at end ifset @mansect synopsis @ifset manverb @@ -1008,8 +1015,8 @@ which will be printed to stdout. @mansect see also @ifset isman - at command{gpgsm}(1), - at command{gpg-agent}(1), + at command{gpgsm}(1), + at command{gpg-agent}(1), @command{scdaemon}(1) @end ifset @include see-also-note.texi @@ -1096,7 +1103,7 @@ The following additional options may be used: @item -v @itemx --verbose @opindex verbose -Output additional information while running. +Output additional information while running. @item -P @var{string} @itemx --passphrase @var{string} @@ -1108,9 +1115,9 @@ for other users. @mansect see also @ifset isman - at command{gpg}(1), - at command{gpgsm}(1), - at command{gpg-agent}(1), + at command{gpg}(1), + at command{gpgsm}(1), + at command{gpg-agent}(1), @command{scdaemon}(1) @end ifset @include see-also-note.texi @@ -1169,7 +1176,7 @@ The following options may be used: @item -v @itemx --verbose @opindex verbose -Output additional information while running. +Output additional information while running. @item -q @item --quiet @@ -1186,7 +1193,7 @@ Specify the agent program to be started if none is running. @item -S @itemx --raw-socket @var{name} - at opindex S + at opindex S @opindex raw-socket Connect to socket @var{name} assuming this is an Assuan style server. Do not run any special initializations or environment checks. This may @@ -1209,7 +1216,7 @@ connects to the assuan server in extended mode to allow descriptor passing. This option makes it use the old mode. @item --run @var{file} - at opindex run + at opindex run Run the commands from @var{file} at startup and then continue with the regular input method. Note, that commands given on the command line are executed after this file. @@ -1251,7 +1258,7 @@ Variables are referenced by prefixing the name with a dollar sign and optionally include the name in curly braces. The rules for a valid name are identically to those of the standard bourne shell. This is not yet enforced but may be in the future. When used with curly braces no -leading or trailing white space is allowed. +leading or trailing white space is allowed. If a variable is not found, it is searched in the environment and if found copied to the table of variables. @@ -1264,7 +1271,7 @@ following functions are available: @item get Return a value described by the argument. Available arguments are: - at table @code + at table @code @item cwd The current working directory. @item homedir @@ -1431,7 +1438,7 @@ Print a list of available control commands. @ifset isman @mansect see also - at command{gpg-agent}(1), + at command{gpg-agent}(1), @command{scdaemon}(1) @include see-also-note.texi @end ifset @@ -1452,8 +1459,8 @@ Print a list of available control commands. @mansect synopsis @ifset manverb .B dirmngr-client -.RI [ options ] -.RI [ certfile | pattern ] +.RI [ options ] +.RI [ certfile | pattern ] @end ifset @mansect description @@ -1478,7 +1485,7 @@ dirmngr-client <@var{acert} @end example Where @var{acert} is one DER encoded (binary) X.509 certificates to be -tested. +tested. @ifclear isman The return value of this command is @end ifclear @@ -1489,7 +1496,7 @@ The return value of this command is @end ifset @table @code - at item 0 + at item 0 The certificate under question is valid; i.e. there is a valid CRL available and it is not listed tehre or teh OCSP request returned that that certificate is valid. @@ -1673,7 +1680,7 @@ configured with @samp{--enable-symcryptrun} at build time. @command{symcryptrun} is invoked this way: @example -symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE +symcryptrun --class CLASS --program PROGRAM --keyfile KEYFILE [--decrypt | --encrypt] [inputfile] @end example @mancont @@ -1685,12 +1692,12 @@ For decryption vice versa. @var{CLASS} describes the calling conventions of the external tool. Currently it must be given as @samp{confucius}. @var{PROGRAM} is the full filename of that external tool. - + For the class @samp{confucius} the option @option{--keyfile} is required; @var{keyfile} is the name of a file containing the secret key, which may be protected by a passphrase. For detailed calling conventions, see the source code. - + @noindent Note, that @command{gpg-agent} must be running before starting @command{symcryptrun}. @@ -1702,7 +1709,7 @@ The following additional options may be used: @item -v @itemx --verbose @opindex verbose -Output additional information while running. +Output additional information while running. @item -q @item --quiet @@ -1724,22 +1731,22 @@ information to STDERR. The possible exit status codes of @command{symcryptrun} are: @table @code - at item 0 + at item 0 Success. - at item 1 + at item 1 Some error occured. - at item 2 + at item 2 No valid passphrase was provided. - at item 3 + at item 3 The operation was canceled by the user. @end table @mansect see also @ifset isman - at command{gpg}(1), - at command{gpgsm}(1), - at command{gpg-agent}(1), + at command{gpg}(1), + at command{gpgsm}(1), + at command{gpg-agent}(1), @end ifset @include see-also-note.texi @@ -1747,8 +1754,8 @@ The possible exit status codes of @command{symcryptrun} are: @c @c GPG-ZIP @c - at c The original manpage on which this section is based was written - at c by Colin Tuckley and Daniel Leidert + at c The original manpage on which this section is based was written + at c by Colin Tuckley and Daniel Leidert @c for the Debian distribution (but may be used by @c others). @manpage gpg-zip.1 @@ -1880,8 +1887,7 @@ gpg-zip --list-archive test1 @mansect see also @ifset isman - at command{gpg}(1), - at command{tar}(1), + at command{gpg}(1), + at command{tar}(1), @end ifset @include see-also-note.texi - diff --git a/scd/ChangeLog b/scd/ChangeLog index 0006f74..0a614c8 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,7 @@ +2011-02-23 Werner Koch + + * apdu.c (apdu_open_reader): Lock in to CCID if used once. + 2011-01-25 NIIBE Yutaka , Grant Olson (wk) diff --git a/scd/apdu.c b/scd/apdu.c index 8080b42..176ab91 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1,5 +1,6 @@ /* apdu.c - ISO 7816 APDU functions and low level I/O - * Copyright (C) 2003, 2004, 2008, 2009, 2010 Free Software Foundation, Inc. + * Copyright (C) 2003, 2004, 2008, 2009, 2010, + * 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -2355,12 +2356,25 @@ apdu_open_reader (const char *portstr, int *r_no_service) #ifdef HAVE_LIBUSB if (!opt.disable_ccid) { + static int once_available; int i; const char *s; slot = open_ccid_reader (portstr); if (slot != -1) - return slot; /* got one */ + { + once_available = 1; + return slot; /* got one */ + } + + /* If we ever loaded successfully loaded a CCID reader we never + want to fallback to another driver. This solves a problem + where ccid was used, the card unplugged and then scdaemon + tries to find a new reader and will eventually try PC/SC over + and over again. To reset this flag "gpgconf --kill scdaemon" + can be used. */ + if (once_available) + return -1; /* If a CCID reader specification has been given, the user does not want a fallback to other drivers. */ diff --git a/tools/ChangeLog b/tools/ChangeLog index 79eea39..ae591db 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,3 +1,9 @@ +2011-02-23 Werner Koch + + * gpgconf.c: Add command --kill. + * gpgconf-comp.c (gc_component_kill): New. + (gpg_agent_runtime_change, scdaemon_runtime_change): Add kill flag. + 2011-02-03 Werner Koch * watchgnupg.c (print_version): Update copyright year. @@ -1247,7 +1253,7 @@ Copyright 2003, 2004, 2005, 2006, 2007, 2008, - 2009, 2010 Free Software Foundation, Inc. + 2009, 2010, 2011 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 74feadb..bcdecfd 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -1,5 +1,6 @@ /* gpgconf-comp.c - Configuration utility for GnuPG. - * Copyright (C) 2004, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + * Copyright (C) 2004, 2007, 2008, 2009, 2010, + * 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -104,8 +105,8 @@ gc_error (int status, int errnum, const char *fmt, ...) /* Forward declaration. */ -static void gpg_agent_runtime_change (void); -static void scdaemon_runtime_change (void); +static void gpg_agent_runtime_change (int killflag); +static void scdaemon_runtime_change (int killflag); /* Backend configuration. Backends are used to decide how the default and current value of an option can be determined, and how the @@ -163,8 +164,9 @@ static struct available. */ char module_name; - /* The runtime change callback. */ - void (*runtime_change) (void); + /* The runtime change callback. If KILLFLAG is true the component + is killed and not just reloaded. */ + void (*runtime_change) (int killflag); /* The option name for the configuration filename of this backend. This must be an absolute filename. It can be an option from a @@ -182,13 +184,13 @@ static struct NULL, "gpgconf-gpg.conf" }, { "GPGSM", "gpgsm", GNUPG_MODULE_NAME_GPGSM, NULL, "gpgconf-gpgsm.conf" }, - { "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT, + { "GPG Agent", "gpg-agent", GNUPG_MODULE_NAME_AGENT, gpg_agent_runtime_change, "gpgconf-gpg-agent.conf" }, { "SCDaemon", "scdaemon", GNUPG_MODULE_NAME_SCDAEMON, scdaemon_runtime_change, "gpgconf-scdaemon.conf" }, { "DirMngr", "dirmngr", GNUPG_MODULE_NAME_DIRMNGR, NULL, "gpgconf-dirmngr.conf" }, - { "DirMngr LDAP Server List", NULL, 0, + { "DirMngr LDAP Server List", NULL, 0, NULL, "ldapserverlist-file", "LDAP Server" }, { "Pinentry", "pinentry", GNUPG_MODULE_NAME_PINENTRY, NULL, "gpgconf-pinentry.conf" }, @@ -405,17 +407,17 @@ struct gc_option /* A gettext domain in which the following description can be found. If this is NULL, then DESC is not translated. Valid for groups and options. - + Note that we try to keep the description of groups within the - gnupg domain. - + gnupg domain. + IMPORTANT: If you add a new domain please make sure to add a code set switching call to the function my_dgettext further below. */ const char *desc_domain; /* A gettext description for this group or option. If it starts with a '|', then the string up to the next '|' describes the - argument, and the description follows the second '|'. + argument, and the description follows the second '|'. In general enclosing these description in N_() is not required because the description should be identical to the one in the @@ -516,7 +518,7 @@ static gc_option_t gc_options_gpg_agent[] = GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC, "gnupg", N_("Options controlling the security") }, { "default-cache-ttl", GC_OPT_FLAG_RUNTIME, - GC_LEVEL_BASIC, "gnupg", + GC_LEVEL_BASIC, "gnupg", "|N|expire cached PINs after N seconds", GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, { "default-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME, @@ -528,7 +530,7 @@ static gc_option_t gc_options_gpg_agent[] = N_("|N|set maximum PIN cache lifetime to N seconds"), GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, { "max-cache-ttl-ssh", GC_OPT_FLAG_RUNTIME, - GC_LEVEL_EXPERT, "gnupg", + GC_LEVEL_EXPERT, "gnupg", N_("|N|set maximum SSH key lifetime to N seconds"), GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME, @@ -544,16 +546,16 @@ static gc_option_t gc_options_gpg_agent[] = { "Passphrase policy", GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, "gnupg", N_("Options enforcing a passphrase policy") }, - { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME, - GC_LEVEL_EXPERT, "gnupg", + { "enforce-passphrase-constraints", GC_OPT_FLAG_RUNTIME, + GC_LEVEL_EXPERT, "gnupg", N_("do not allow to bypass the passphrase policy"), GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "min-passphrase-len", GC_OPT_FLAG_RUNTIME, - GC_LEVEL_ADVANCED, "gnupg", + GC_LEVEL_ADVANCED, "gnupg", N_("|N|set minimal required length for new passphrases to N"), GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, { "min-passphrase-nonalpha", GC_OPT_FLAG_RUNTIME, - GC_LEVEL_EXPERT, "gnupg", + GC_LEVEL_EXPERT, "gnupg", N_("|N|require at least N non-alpha characters for a new passphrase"), GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, { "check-passphrase-pattern", GC_OPT_FLAG_RUNTIME, @@ -561,11 +563,11 @@ static gc_option_t gc_options_gpg_agent[] = "gnupg", N_("|FILE|check new passphrases against pattern in FILE"), GC_ARG_TYPE_FILENAME, GC_BACKEND_GPG_AGENT }, { "max-passphrase-days", GC_OPT_FLAG_RUNTIME, - GC_LEVEL_EXPERT, "gnupg", + GC_LEVEL_EXPERT, "gnupg", N_("|N|expire the passphrase after N days"), GC_ARG_TYPE_UINT32, GC_BACKEND_GPG_AGENT }, - { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME, - GC_LEVEL_EXPERT, "gnupg", + { "enable-passphrase-history", GC_OPT_FLAG_RUNTIME, + GC_LEVEL_EXPERT, "gnupg", N_("do not allow the reuse of old passphrases"), GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, @@ -686,7 +688,7 @@ static gc_option_t gc_options_gpg[] = (GC_OPT_FLAG_ARG_OPT|GC_OPT_FLAG_NO_CHANGE), GC_LEVEL_INVISIBLE, NULL, NULL, GC_ARG_TYPE_STRING, GC_BACKEND_GPG }, - + { "Debug", GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED, @@ -849,7 +851,7 @@ static gc_option_t gc_options_dirmngr[] = { "csh", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC, "dirmngr", "csh-style command output", GC_ARG_TYPE_NONE, GC_BACKEND_DIRMNGR }, - + { "Configuration", GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT, "gnupg", N_("Options controlling the configuration") }, @@ -1047,17 +1049,17 @@ struct error_line_s /* Engine specific support. */ static void -gpg_agent_runtime_change (void) +gpg_agent_runtime_change (int killflag) { gpg_error_t err; const char *pgmname; const char *argv[2]; pid_t pid; - + pgmname = gnupg_module_name (GNUPG_MODULE_NAME_CONNECT_AGENT); - argv[0] = "reloadagent"; + argv[0] = killflag? "KILLAGENT" : "RELOADAGENT"; argv[1] = NULL; - + err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid); if (!err) err = gnupg_wait_process (pgmname, pid, 1, NULL); @@ -1069,13 +1071,15 @@ gpg_agent_runtime_change (void) static void -scdaemon_runtime_change (void) +scdaemon_runtime_change (int killflag) { gpg_error_t err; const char *pgmname; const char *argv[6]; pid_t pid; - + + (void)killflag; /* For scdaemon kill and reload are synonyms. */ + /* We use "GETINFO app_running" to see whether the agent is already running and kill it only in this case. This avoids an explicit starting of the agent in case it is not yet running. There is @@ -1088,7 +1092,7 @@ scdaemon_runtime_change (void) argv[3] = "scd killscd"; argv[4] = "/end"; argv[5] = NULL; - + err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid); if (!err) err = gnupg_wait_process (pgmname, pid, 1, NULL); @@ -1099,6 +1103,35 @@ scdaemon_runtime_change (void) } +/* Unconditionally restart COMPONENT. */ +void +gc_component_kill (int component) +{ + int runtime[GC_BACKEND_NR]; + gc_option_t *option; + gc_backend_t backend; + + /* Set a flag for the backends to be reloaded. */ + for (backend = 0; backend < GC_BACKEND_NR; backend++) + runtime[backend] = 0; + + if (component >= 0) + { + assert (component < GC_COMPONENT_NR); + option = gc_component[component].options; + for (; option && option->name; option++) + runtime[option->backend] = 1; + } + + /* Do the restart for the selected backends. */ + for (backend = 0; backend < GC_BACKEND_NR; backend++) + { + if (runtime[backend] && gc_backend[backend].runtime_change) + (*gc_backend[backend].runtime_change) (1); + } +} + + /* Unconditionally reload COMPONENT or all components if COMPONENT is -1. */ void gc_component_reload (int component) @@ -1110,7 +1143,7 @@ gc_component_reload (int component) /* Set a flag for the backends to be reloaded. */ for (backend = 0; backend < GC_BACKEND_NR; backend++) runtime[backend] = 0; - + if (component == -1) { for (component = 0; component < GC_COMPONENT_NR; component++) @@ -1129,10 +1162,10 @@ gc_component_reload (int component) } /* Do the reload for all selected backends. */ - for (backend = 0; backend < GC_BACKEND_NR; backend++) + for (backend = 0; backend < GC_BACKEND_NR; backend++) { if (runtime[backend] && gc_backend[backend].runtime_change) - (*gc_backend[backend].runtime_change) (); + (*gc_backend[backend].runtime_change) (0); } } @@ -1152,7 +1185,7 @@ my_dgettext (const char *domain, const char *msgid) { static int switched_codeset; char *text; - + if (!switched_codeset) { switched_codeset = 1; @@ -1172,7 +1205,7 @@ my_dgettext (const char *domain, const char *msgid) { static int switched_codeset; char *text; - + if (!switched_codeset) { switched_codeset = 1; @@ -1180,7 +1213,7 @@ my_dgettext (const char *domain, const char *msgid) bindtextdomain ("dirmngr", LOCALEDIR); bind_textdomain_codeset ("dirmngr", "utf-8"); - + } /* Note: This is a hack to actually use the gnupg2 domain as @@ -1225,7 +1258,7 @@ gc_percent_escape (const char *src) *(dst++) = '%'; *(dst++) = '2'; *(dst++) = '5'; - } + } else if (*src == ':') { /* The colon is used as field separator. */ @@ -1281,7 +1314,7 @@ percent_deescape (const char *src) *(dst++) = (char) val; src += 3; - } + } else *(dst++) = *(src++); } @@ -1374,7 +1407,7 @@ collect_error_output (estream_t fp, const char *tag) buffer[pos - (c == '\n')] = 0; if (cont_line) ; /*Ignore continuations of previous line. */ - else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':') + else if (!strncmp (buffer, tag, taglen) && buffer[taglen] == ':') { /* "gpgsm: foo:4: bla" */ /* Yep, we are interested in this line. */ @@ -1424,7 +1457,7 @@ collect_error_output (estream_t fp, const char *tag) cont_line = (c != '\n'); } } - + /* We ignore error lines not terminated by a LF. */ return errlines; } @@ -1483,16 +1516,16 @@ gc_component_check_options (int component, estream_t out, const char *conf_file) else argv[i++] = "--gpgconf-test"; argv[i++] = NULL; - + result = 0; errlines = NULL; err = gnupg_spawn_process (pgmname, argv, GPG_ERR_SOURCE_DEFAULT, NULL, 0, NULL, NULL, &errfp, &pid); if (err) result |= 1; /* Program could not be run. */ - else + else { - errlines = collect_error_output (errfp, + errlines = collect_error_output (errfp, gc_component[component].name); if (gnupg_wait_process (pgmname, pid, 1, &exitcode)) { @@ -1504,12 +1537,12 @@ gc_component_check_options (int component, estream_t out, const char *conf_file) gnupg_release_process (pid); es_fclose (errfp); } - + /* If the program could not be run, we can't tell whether the config file is good. */ if (result & 1) - result |= 2; - + result |= 2; + if (out) { const char *desc; @@ -1617,7 +1650,7 @@ list_one_option (const gc_option_t *option, estream_t out) if (opt.verbose) { es_putc (' ', out); - + if (!option->flags) es_fprintf (out, "none"); else @@ -1649,7 +1682,7 @@ list_one_option (const gc_option_t *option, estream_t out) /* The description field. */ es_fprintf (out, ":%s", desc ? gc_percent_escape (desc) : ""); - + /* The type field. */ es_fprintf (out, ":%u", option->arg_type); if (opt.verbose) @@ -1690,7 +1723,7 @@ list_one_option (const gc_option_t *option, estream_t out) /* List all options of the component COMPONENT. */ void gc_component_list_options (int component, estream_t out) -{ +{ const gc_option_t *option = gc_component[component].options; while (option && option->name) @@ -1713,7 +1746,7 @@ gc_component_list_options (int component, estream_t out) different active options, and because it is hard to maintain manually, we calculate it here. The value in the global static table is ignored. */ - + while (group_option->name) { if (group_option->flags & GC_OPT_FLAG_GROUP) @@ -1788,7 +1821,7 @@ get_config_filename (gc_component_t component, gc_backend_t backend) #if HAVE_W32CE_SYSTEM if (!(filename[0] == '/' || filename[0] == '\\')) #elif defined(HAVE_DOSISH_SYSTEM) - if (!(filename[0] + if (!(filename[0] && filename[1] == ':' && (filename[2] == '/' || filename[2] == '\\'))) #else @@ -1819,8 +1852,8 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend) estream_t config; char *config_filename; - pgmname = (gc_backend[backend].module_name - ? gnupg_module_name (gc_backend[backend].module_name) + pgmname = (gc_backend[backend].module_name + ? gnupg_module_name (gc_backend[backend].module_name) : gc_backend[backend].program ); argv[0] = "--gpgconf-list"; argv[1] = NULL; @@ -1839,7 +1872,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend) char *linep; unsigned long flags = 0; char *default_value = NULL; - + /* Strip newline and carriage return, if present. */ while (length > 0 && (line[length - 1] == '\n' || line[length - 1] == '\r')) @@ -1848,7 +1881,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend) linep = strchr (line, ':'); if (linep) *(linep++) = '\0'; - + /* Extract additional flags. Default to none. */ if (linep) { @@ -1928,7 +1961,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend) char *name; char *value; gc_option_t *option; - + name = line; while (*name == ' ' || *name == '\t') name++; @@ -2015,7 +2048,7 @@ retrieve_options_from_program (gc_component_t component, gc_backend_t backend) /* Retrieve the options for the component COMPONENT from backend - BACKEND, which we already know is of type file list. */ + BACKEND, which we already know is of type file list. */ static void retrieve_options_from_file (gc_component_t component, gc_backend_t backend) { @@ -2115,7 +2148,7 @@ gc_component_retrieve_options (int component) component = 0; assert (component < GC_COMPONENT_NR); } - + do { option = gc_component[component].options; @@ -2125,16 +2158,16 @@ gc_component_retrieve_options (int component) if (!(option->flags & GC_OPT_FLAG_GROUP)) { backend = option->backend; - + if (backend_seen[backend]) { option++; continue; } backend_seen[backend] = 1; - + assert (backend != GC_BACKEND_ANY); - + if (gc_backend[backend].program) retrieve_options_from_program (component, backend); else @@ -2161,7 +2194,7 @@ option_check_validity (gc_option_t *option, unsigned long flags, if (!option->active) gc_error (1, 0, "option %s not supported by backend %s", option->name, gc_backend[option->backend].name); - + if (option->new_flags || option->new_value) gc_error (1, 0, "option %s already changed", option->name); @@ -2816,10 +2849,10 @@ change_options_program (gc_component_t component, gc_backend_t backend, == GC_ARG_TYPE_STRING) { char *end; - + assert (*arg == '"'); arg++; - + end = strchr (arg, ','); if (end) *end = '\0'; @@ -3000,16 +3033,16 @@ gc_component_change_options (int component, estream_t in, estream_t out) char *linep; unsigned long flags = 0; char *new_value = ""; - + /* Strip newline and carriage return, if present. */ while (length > 0 && (line[length - 1] == '\n' || line[length - 1] == '\r')) line[--length] = '\0'; - + linep = strchr (line, ':'); if (linep) *(linep++) = '\0'; - + /* Extract additional flags. Default to none. */ if (linep) { @@ -3019,20 +3052,20 @@ gc_component_change_options (int component, estream_t in, estream_t out) end = strchr (linep, ':'); if (end) *(end++) = '\0'; - + gpg_err_set_errno (0); flags = strtoul (linep, &tail, 0); if (errno) gc_error (1, errno, "malformed flags in option %s", line); if (!(*tail == '\0' || *tail == ':' || *tail == ' ')) gc_error (1, 0, "garbage after flags in option %s", line); - + linep = end; } /* Don't allow setting of the no change flag. */ flags &= ~GC_OPT_FLAG_NO_CHANGE; - + /* Extract default value, if present. Default to empty if not. */ if (linep) { @@ -3043,18 +3076,18 @@ gc_component_change_options (int component, estream_t in, estream_t out) new_value = linep; linep = end; } - + option = find_option (component, line, GC_BACKEND_ANY); if (!option) gc_error (1, 0, "unknown option %s", line); - + if ((option->flags & GC_OPT_FLAG_NO_CHANGE)) { gc_error (0, 0, "ignoring new value for option %s", option->name); continue; } - + change_one_value (option, runtime, flags, new_value); } } @@ -3100,10 +3133,10 @@ gc_component_change_options (int component, estream_t in, estream_t out) &src_filename[option->backend], &dest_filename[option->backend], &orig_filename[option->backend]); - + if (err) break; - + option++; } @@ -3192,14 +3225,14 @@ gc_component_change_options (int component, estream_t in, estream_t out) /* If it all worked, notify the daemons of the changes. */ if (opt.runtime) - for (backend = 0; backend < GC_BACKEND_NR; backend++) + for (backend = 0; backend < GC_BACKEND_NR; backend++) { if (runtime[backend] && gc_backend[backend].runtime_change) - (*gc_backend[backend].runtime_change) (); + (*gc_backend[backend].runtime_change) (0); } /* Move the per-process backup file into its place. */ - for (backend = 0; backend < GC_BACKEND_NR; backend++) + for (backend = 0; backend < GC_BACKEND_NR; backend++) if (orig_filename[backend]) { char *backup_filename; @@ -3236,7 +3269,7 @@ key_matches_user_or_group (char *user) *group++ = 0; #ifdef HAVE_W32_SYSTEM - /* Under Windows we don't support groups. */ + /* Under Windows we don't support groups. */ if (group && *group) gc_error (0, 0, _("Note that group specifications are ignored\n")); #ifndef HAVE_W32CE_SYSTEM @@ -3384,7 +3417,7 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults, gc_option_t *option_info = NULL; char *p; int is_continuation; - + lineno++; key = line; while (*key == ' ' || *key == '\t') @@ -3549,26 +3582,26 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults, *group++ = 0; if ((p = strchr (group, ':'))) *p = 0; /* We better strip any extra stuff. */ - } - + } + es_fprintf (listfp, "k:%s:", gc_percent_escape (key)); es_fprintf (listfp, "%s\n", group? gc_percent_escape (group):""); } /* All other lines are rule records. */ es_fprintf (listfp, "r:::%s:%s:%s:", - gc_component[component_id].name, + gc_component[component_id].name, option_info->name? option_info->name : "", flags? flags : ""); if (value != empty) es_fprintf (listfp, "\"%s", gc_percent_escape (value)); - + es_putc ('\n', listfp); } /* Check whether the key matches but do this only if we are not running in syntax check mode. */ - if ( update + if ( update && !result && !listfp && (got_match || (key && key_matches_user_or_group (key))) ) { @@ -3632,9 +3665,9 @@ gc_process_gpgconf_conf (const char *fname_arg, int update, int defaults, if (opt.runtime) { - for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++) + for (backend_id = 0; backend_id < GC_BACKEND_NR; backend_id++) if (runtime[backend_id] && gc_backend[backend_id].runtime_change) - (*gc_backend[backend_id].runtime_change) (); + (*gc_backend[backend_id].runtime_change) (0); } } diff --git a/tools/gpgconf.c b/tools/gpgconf.c index d6c3337..da10e4d 100644 --- a/tools/gpgconf.c +++ b/tools/gpgconf.c @@ -1,5 +1,5 @@ /* gpgconf.c - Configuration utility for GnuPG - * Copyright (C) 2003, 2007, 2009 Free Software Foundation, Inc. + * Copyright (C) 2003, 2007, 2009, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -49,6 +49,7 @@ enum cmd_and_opt_values aListConfig, aCheckConfig, aListDirs, + aKill, aReload }; @@ -57,7 +58,7 @@ enum cmd_and_opt_values static ARGPARSE_OPTS opts[] = { { 300, NULL, 0, N_("@Commands:\n ") }, - + { aListComponents, "list-components", 256, N_("list all components") }, { aCheckPrograms, "check-programs", 256, N_("check all programs") }, { aListOptions, "list-options", 256, N_("|COMPONENT|list options") }, @@ -72,9 +73,10 @@ static ARGPARSE_OPTS opts[] = { aCheckConfig, "check-config", 256, N_("check global configuration file") }, { aReload, "reload", 256, N_("reload all or a given component")}, + { aKill, "kill", 256, N_("kill a given component")}, { 301, NULL, 0, N_("@\nOptions:\n ") }, - + { oOutput, "output", 2, N_("use as output file") }, { oVerbose, "verbose", 0, N_("verbose") }, { oQuiet, "quiet", 0, N_("quiet") }, @@ -180,6 +182,7 @@ main (int argc, char **argv) case aListConfig: case aCheckConfig: case aReload: + case aKill: cmd = pargs.r_opt; break; @@ -189,9 +192,9 @@ main (int argc, char **argv) if (log_get_errorcount (0)) exit (2); - + fname = argc ? *argv : NULL; - + switch (cmd) { case aListComponents: @@ -240,6 +243,34 @@ main (int argc, char **argv) } break; + case aKill: + if (!fname) + { + es_fputs (_("usage: gpgconf [options] "), es_stderr); + es_putc ('\n', es_stderr); + es_fputs (_("Need one component argument"), es_stderr); + es_putc ('\n', es_stderr); + exit (2); + } + else + { + /* Kill a given component. */ + int idx; + + idx = gc_component_find (fname); + if (idx < 0) + { + es_fputs (_("Component not found"), es_stderr); + es_putc ('\n', es_stderr); + exit (1); + } + else + { + gc_component_kill (idx); + } + } + break; + case aReload: if (!fname) { @@ -288,7 +319,7 @@ main (int argc, char **argv) if (gc_process_gpgconf_conf (NULL, 1, 1, NULL)) exit (1); break; - + case aListDirs: /* Show the system configuration directories for gpgconf. */ get_outfp (&outfp); @@ -342,6 +373,5 @@ main (int argc, char **argv) if (es_fclose (outfp)) gc_error (1, errno, "error closing `%s'", opt.outfile); - return 0; + return 0; } - diff --git a/tools/gpgconf.h b/tools/gpgconf.h index 3b8d80b..9caa0d4 100644 --- a/tools/gpgconf.h +++ b/tools/gpgconf.h @@ -44,6 +44,9 @@ char *gc_percent_escape (const char *src); void gc_error (int status, int errnum, const char *fmt, ...); +/* Kill given component. */ +void gc_component_kill (int component); + /* Reload given component. */ void gc_component_reload (int component); ----------------------------------------------------------------------- Summary of changes: doc/tools.texi | 98 +++++++++++++----------- scd/ChangeLog | 4 + scd/apdu.c | 18 ++++- tools/ChangeLog | 8 ++- tools/gpgconf-comp.c | 205 +++++++++++++++++++++++++++++--------------------- tools/gpgconf.c | 46 +++++++++-- tools/gpgconf.h | 3 + 7 files changed, 239 insertions(+), 143 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 23 11:35:31 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Feb 2011 11:35:31 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.11-12-g75d62be Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 75d62be9c5663a06f6b2928ff92e65e58b780fc8 (commit) from 3d668e09d0e6832d99218d44ff5ed39aa4754ecc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 75d62be9c5663a06f6b2928ff92e65e58b780fc8 Author: Werner Koch Date: Wed Feb 23 11:12:17 2011 +0100 Update gpg-zip.1 (bug#1317) diff --git a/doc/ChangeLog b/doc/ChangeLog index 74135fa..8444c27 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,7 @@ +2011-02-23 Werner Koch + + * gpg-zip.1: Update by taking a built copy from master. + 2010-10-05 Werner Koch * FAQ: Make it a static file with a pointer to the online location. @@ -569,7 +573,7 @@ 2003-04-01 Werner Koch - * DETAILS (VALIDSIG): Add primary keys fingerprint. + * DETAILS (VALIDSIG): Add primary keys fingerprint. 2003-01-27 David Shaw @@ -1053,7 +1057,7 @@ 2001-01-18 Werner Koch - * README.W32: Changed building instructions for MinGW32/CPD 0.3 + * README.W32: Changed building instructions for MinGW32/CPD 0.3 2001-01-09 Werner Koch @@ -1174,5 +1178,3 @@ Wed Feb 10 17:15:39 CET 1999 Werner Koch This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/doc/gpg-zip.1 b/doc/gpg-zip.1 index b10d70c..900a2e9 100644 --- a/doc/gpg-zip.1 +++ b/doc/gpg-zip.1 @@ -1,102 +1,136 @@ -.TH "gpg-zip" 1 "November 2006" - +.\" Created from Texinfo source by yat2m 1.0 +.TH GPG-ZIP 1 2011-02-23 "GnuPG 1.4" "GNU Privacy Guard" .SH NAME -gpg\-zip \- encrypt or sign files into an archive - +.B gpg-zip \- Encrypt or sign files into an archive .SH SYNOPSIS -.B gpg\-zip -.RB [ OPTIONS ] -.IR filename1 " [" "filename2, ..." ] -.IR directory1 " [" "directory2, ..." ] +.B gpg-zip +.RI [ options ] +.I filename1 +.I [ filename2, ... ] +.I directory1 +.I [ directory2, ... ] .SH DESCRIPTION -This manual page documents briefly the -.B gpg\-zip -command. -.PP -.B gpg\-zip -encrypts or signs files into an archive. It is an gpg-ized tar using the -same format as PGP's PGP Zip. +\fBgpg-zip\fR encrypts or signs files into an archive. It is an +gpg-ized tar using the same format as used by PGP's PGP Zip. .SH OPTIONS + +\fBgpg-zip\fR understands these options: + + .TP -.BR \-e ", " \-\-encrypt -Encrypt data. This option may be combined with -.B \-\-symmetric -(for output that may be decrypted via a secret key or a passphrase). +.B --encrypt .TP -.BR \-d ", " \-\-decrypt +.B -e +Encrypt data. This option may be combined with \fB--symmetric\fR (for output that may be decrypted via a secret key or a passphrase). + +.TP +.B --decrypt +.TP +.B -d Decrypt data. + .TP -.BR \-c ", " \-\-symmetric +.B --symmetric +.TP +.B -c Encrypt with a symmetric cipher using a passphrase. The default symmetric cipher used is CAST5, but may be chosen with the -.B \-\-cipher\-algo -option to -.BR gpg (1). +\fB--cipher-algo\fR option to \fBgpg\fR. + .TP -.BR \-s ", " \-\-sign -Make a signature. See -.BR gpg (1). +.B --sign .TP -.BR \-r ", " \-\-recipient " \fIUSER\fR" -Encrypt for user id \fIUSER\fR. See -.BR gpg (1). +.B -s +Make a signature. See \fBgpg\fR. + .TP -.BR \-u ", " \-\-local\-user " \fIUSER\fR" -Use \fIUSER\fR as the key to sign with. See -.BR gpg (1). +.B --recipient \fIuser\fR +.TP +.B -r \fIuser\fR +Encrypt for user id \fIuser\fR. See \fBgpg\fR. + .TP -.B \-\-list\-archive +.B --local-user \fIuser\fR +.TP +.B -u \fIuser\fR +Use \fIuser\fR as the key to sign with. See \fBgpg\fR. + +.TP +.B --list-archive List the contents of the specified archive. + .TP -.BR \-o ", " \-\-output " " \fIFILE\fR -Write output to specified file -.IR FILE . +.B --output \fIfile\fR .TP -.BI \-\-gpg " GPG" -Use the specified command instead of -.BR gpg . +.B -o \fIfile\fR +Write output to specified file \fIfile\fR. + .TP -.BI \-\-gpg\-args " ARGS" -Pass the specified options to -.BR gpg (1). +.B --gpg \fIgpgcmd\fR +Use the specified command \fIgpgcmd\fR instead of \fBgpg\fR. + .TP -.BI \-\-tar " TAR" -Use the specified command instead of -.BR tar . +.B --gpg-args \fIargs\fR +Pass the specified options to \fBgpg\fR. + .TP -.BI \-\-tar\-args " ARGS" -Pass the specified options to -.BR tar (1). +.B --tar \fItarcmd\fR +Use the specified command \fItarcmd\fR instead of \fBtar\fR. + .TP -.BR \-h ", " \-\-help -Output a short usage information. +.B --tar-args \fIargs\fR +Pass the specified options to \fBtar\fR. + .TP -.B \-\-version -Output the program version. +.B --version +Print version of the program and exit. + +.TP +.B --help +Display a brief help page and exit. -.SH DIAGNOSTICS -The program returns \fB0\fR if everything was fine, \fB1\fR otherwise. .SH EXAMPLES -Encrypt the contents of directory \fImydocs\fR for user Bob to file \fItest1\fR: -.IP -.B gpg\-zip \-\-encrypt \-\-output test1 \-\-gpg-args ""\-r Bob"" mydocs -.PP -List the contents of archive \fItest1\fR: -.IP -.B gpg\-zip \-\-list\-archive test1 + +Encrypt the contents of directory \(oq\fImydocs\fR\(cq for user Bob to file +\(oq\fItest1\fR\(cq: + +.RS 2 +.nf +gpg-zip --encrypt --output test1 --gpg-args -r Bob mydocs +.fi +.RE + + +List the contents of archive \(oq\fItest1\fR\(cq: + +.RS 2 +.nf +gpg-zip --list-archive test1 +.fi +.RE + + +.SH DIAGNOSTICS + +The program returns 0 if everything was fine, 1 otherwise. + .SH SEE ALSO -.BR gpg (1), -.BR tar (1) +\fBgpg\fR(1), +\fBtar\fR(1), -.SH AUTHOR -Copyright (C) 2005 Free Software Foundation, Inc. Please report bugs to -<\&bug-gnupg at gnu.org\&>. +The full documentation for this tool is maintained as a Texinfo manual. +If GnuPG and the info program are properly installed at your site, the +command -This manpage was written by \fBColin Tuckley\fR <\&colin at tuckley.org\&> -and \fBDaniel Leidert\fR <\&daniel.leidert at wgdd.de\&> for the Debian -distribution (but may be used by others). +.RS 2 +.nf +info gnupg +.fi +.RE +should give you access to the complete manual including a menu structure +and an index. ----------------------------------------------------------------------- Summary of changes: doc/ChangeLog | 10 ++- doc/gpg-zip.1 | 174 ++++++++++++++++++++++++++++++++++----------------------- 2 files changed, 110 insertions(+), 74 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 23 11:35:31 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Feb 2011 11:35:31 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-34-g1226772 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 1226772ffd37382f549df89c1425d272d4ad7aac (commit) from 61b7c3743f5c7fb2bdc3c3bc82deaf1e2db648ea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1226772ffd37382f549df89c1425d272d4ad7aac Author: Werner Koch Date: Wed Feb 23 11:06:03 2011 +0100 Fix translaor email diff --git a/po/es.po b/po/es.po index 85fcc1d..2db2e5c 100644 --- a/po/es.po +++ b/po/es.po @@ -5,16 +5,12 @@ # in his PGP 2.3.6i translation. # I also got inspiration from it.po by Marco d'Itri # -# Jaime Su?rez , 2001-2008. -# !--- Address rejected (2011-01-11) -# Designated-Translator: none -# msgid "" msgstr "" "Project-Id-Version: gnupg 2.0.9\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" "PO-Revision-Date: 2008-12-14 19:34+0100\n" -"Last-Translator: Jaime Su?rez \n" +"Last-Translator: Jaime Su?rez \n" "Language-Team: Spanish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=ISO-8859-1\n" ----------------------------------------------------------------------- Summary of changes: po/es.po | 6 +----- 1 files changed, 1 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 23 13:13:16 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Feb 2011 13:13:16 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-16-gb47b2f9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via b47b2f9c063d9a0bad7c33fb7ba158c23522b849 (commit) from 2674140cdfdc59ce5ad0238177da1542f5df6e00 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b47b2f9c063d9a0bad7c33fb7ba158c23522b849 Author: Werner Koch Date: Wed Feb 23 12:48:07 2011 +0100 Updated gpg-error.m4 (bug#1261) diff --git a/ChangeLog b/ChangeLog index e487942..a9b0895 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-02-23 Werner Koch + + * acinclude.m4 (AM_PATH_GPG_ERROR): Remove. + 2011-02-21 Werner Koch Release 1.5.0-beta1. diff --git a/acinclude.m4 b/acinclude.m4 index a7bc0fa..e69291a 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -194,7 +194,7 @@ int main() #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE) pgsize = sysconf (_SC_PAGESIZE); #elif defined (HAVE_GETPAGESIZE) - pgsize = getpagesize(); + pgsize = getpagesize(); #else pgsize = -1; #endif @@ -256,62 +256,6 @@ for n in $list; do done ]) -dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION, -dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) -dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS -dnl -AC_DEFUN([AM_PATH_GPG_ERROR], -[ AC_ARG_WITH(gpg-error-prefix, - AC_HELP_STRING([--with-gpg-error-prefix=PFX], - [prefix where GPG Error is installed (optional)]), - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") - if test x$gpg_error_config_prefix != x ; then - if test x${GPG_ERROR_CONFIG+set} != xset ; then - GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config - fi - fi - - AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no) - min_gpg_error_version=ifelse([$1], ,0.0,$1) - AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) - ok=no - if test "$GPG_ERROR_CONFIG" != "no" ; then - req_major=`echo $min_gpg_error_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` - req_minor=`echo $min_gpg_error_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` - gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args --version` - if test "$gpg_error_config_version"; then - major=`echo $gpg_error_config_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` - minor=`echo $gpg_error_config_version | \ - sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` - if test "$major" -gt "$req_major"; then - ok=yes - else - if test "$major" -eq "$req_major"; then - if test "$minor" -ge "$req_minor"; then - ok=yes - fi - fi - fi - fi - fi - if test $ok = yes; then - GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` - GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` - AC_MSG_RESULT(yes) - ifelse([$2], , :, [$2]) - else - GPG_ERROR_CFLAGS="" - GPG_ERROR_LIBS="" - AC_MSG_RESULT(no) - ifelse([$3], , :, [$3]) - fi - AC_SUBST(GPG_ERROR_CFLAGS) - AC_SUBST(GPG_ERROR_LIBS) -]) - dnl Check for socklen_t: historically on BSD it is an int, and in dnl POSIX 1g it is a type of its own, but some platforms use different @@ -356,7 +300,7 @@ int getpeername (int, $arg2 *, $t *); # GNUPG_PTH_VERSION_CHECK(REQUIRED) -# +# # If the version is sufficient, HAVE_PTH will be set to yes. # # Taken form the m4 macros which come with Pth @@ -414,7 +358,5 @@ AC_DEFUN([GNUPG_PTH_VERSION_CHECK], AC_MSG_RESULT($gnupg_cv_pth_is_sane) else AC_MSG_RESULT(no) - fi + fi ]) - - diff --git a/m4/ChangeLog b/m4/ChangeLog index fcced59..1537fca 100644 --- a/m4/ChangeLog +++ b/m4/ChangeLog @@ -1,3 +1,8 @@ +2011-02-23 Werner Koch + + * gpg-error.m4: New. Take from current gpg-error master. + * Makefile.am (EXTRA_DIST): Add gpg-error.m4. + 2009-01-22 Werner Koch * noexecstack.m4: Replace non portable grep -q. Reported by diff --git a/m4/Makefile.am b/m4/Makefile.am index ca65d10..0c90875 100644 --- a/m4/Makefile.am +++ b/m4/Makefile.am @@ -1 +1,2 @@ EXTRA_DIST = libtool.m4 onceonly.m4 socklen.m4 sys_socket_h.m4 noexecstack.m4 +EXTRA_DIST += gpg-error.m4 diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 new file mode 100644 index 0000000..8d82925 --- /dev/null +++ b/m4/gpg-error.m4 @@ -0,0 +1,79 @@ +# gpg-error.m4 - autoconf macro to detect libgpg-error. +# Copyright (C) 2002, 2003, 2004 g10 Code GmbH +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION, +dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS +dnl +AC_DEFUN([AM_PATH_GPG_ERROR], +[ AC_ARG_WITH(gpg-error-prefix, + AC_HELP_STRING([--with-gpg-error-prefix=PFX], + [prefix where GPG Error is installed (optional)]), + gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + if test x$gpg_error_config_prefix != x ; then + if test x${GPG_ERROR_CONFIG+set} != xset ; then + GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config + fi + fi + + AC_PATH_TOOL(GPG_ERROR_CONFIG, gpg-error-config, no) + min_gpg_error_version=ifelse([$1], ,0.0,$1) + AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) + ok=no + if test "$GPG_ERROR_CONFIG" != "no" ; then + req_major=`echo $min_gpg_error_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` + req_minor=`echo $min_gpg_error_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` + gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args --version` + major=`echo $gpg_error_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` + minor=`echo $gpg_error_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -ge "$req_minor"; then + ok=yes + fi + fi + fi + fi + if test $ok = yes; then + GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` + GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` + AC_MSG_RESULT([yes ($gpg_error_config_version)]) + ifelse([$2], , :, [$2]) + if test x"$host" != x ; then + gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` + if test x"$gpg_error_config_host" != xnone ; then + if test x"$gpg_error_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $GPG_ERROR_CONFIG was +*** built for $gpg_error_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-gpg-error-prefix +*** to specify a matching config script. +***]]) + fi + fi + fi + else + GPG_ERROR_CFLAGS="" + GPG_ERROR_LIBS="" + AC_MSG_RESULT(no) + ifelse([$3], , :, [$3]) + fi + AC_SUBST(GPG_ERROR_CFLAGS) + AC_SUBST(GPG_ERROR_LIBS) +]) ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 +++ acinclude.m4 | 64 ++------------------------------------------ m4/ChangeLog | 5 +++ m4/Makefile.am | 1 + m4/gpg-error.m4 | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 92 insertions(+), 61 deletions(-) create mode 100644 m4/gpg-error.m4 hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 23 16:53:02 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Feb 2011 16:53:02 +0100 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-13-gcf8878c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cf8878cb18f3ad830994b77f6ee05b5d47a1c557 (commit) via 6902560059df490f91c2f00f0400cfbd00a84be6 (commit) from 7c03c8cc65e68f1d77a5a5a497025191fe5df5e9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cf8878cb18f3ad830994b77f6ee05b5d47a1c557 Author: Werner Koch Date: Wed Feb 23 16:29:45 2011 +0100 Update gpg-error.m4 and libgcrypt.m4 diff --git a/m4/ChangeLog b/m4/ChangeLog index b93fa2d..c633468 100644 --- a/m4/ChangeLog +++ b/m4/ChangeLog @@ -1,3 +1,7 @@ +2011-02-23 Werner Koch + + * libgcrypt.m4, gpg-error.m4: Update from their GIT masters. + 2010-06-08 Werner Koch * ldap.m4 (gnupg_have_ldap): Set variable. @@ -86,7 +90,7 @@ 2006-07-27 Werner Koch - * autobuild.m4: New. + * autobuild.m4: New. 2006-06-30 Werner Koch @@ -144,4 +148,3 @@ * uintmax_t.m4: New file, from gettext-0.11.5. * ulonglong.m4: New file, from gettext-0.11.5. * Makefile.am: New file. - diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 index 9d96d16..8d82925 100644 --- a/m4/gpg-error.m4 +++ b/m4/gpg-error.m4 @@ -24,7 +24,7 @@ AC_DEFUN([AM_PATH_GPG_ERROR], fi fi - AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no) + AC_PATH_TOOL(GPG_ERROR_CONFIG, gpg-error-config, no) min_gpg_error_version=ifelse([$1], ,0.0,$1) AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) ok=no @@ -40,7 +40,7 @@ AC_DEFUN([AM_PATH_GPG_ERROR], sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` if test "$major" -gt "$req_major"; then ok=yes - else + else if test "$major" -eq "$req_major"; then if test "$minor" -ge "$req_minor"; then ok=yes @@ -53,6 +53,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR], GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` AC_MSG_RESULT([yes ($gpg_error_config_version)]) ifelse([$2], , :, [$2]) + if test x"$host" != x ; then + gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` + if test x"$gpg_error_config_host" != xnone ; then + if test x"$gpg_error_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $GPG_ERROR_CONFIG was +*** built for $gpg_error_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-gpg-error-prefix +*** to specify a matching config script. +***]]) + fi + fi + fi else GPG_ERROR_CFLAGS="" GPG_ERROR_LIBS="" @@ -62,4 +77,3 @@ AC_DEFUN([AM_PATH_GPG_ERROR], AC_SUBST(GPG_ERROR_CFLAGS) AC_SUBST(GPG_ERROR_LIBS) ]) - diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4 index 854eaaa..831dc0c 100644 --- a/m4/libgcrypt.m4 +++ b/m4/libgcrypt.m4 @@ -15,7 +15,7 @@ dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS. dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed dnl with the API version to also check the API compatibility. Example: -dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed +dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using dnl this features allows to prevent build against newer versions of libgcrypt dnl with a changed API. @@ -31,7 +31,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], fi fi - AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) + AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no) tmp=ifelse([$1], ,1:1.2.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` @@ -59,7 +59,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` if test "$major" -gt "$req_major"; then ok=yes - else + else if test "$major" -eq "$req_major"; then if test "$minor" -gt "$req_minor"; then ok=yes @@ -98,6 +98,21 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` ifelse([$2], , :, [$2]) + if test x"$host" != x ; then + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + if test x"$libgcrypt_config_host" != xnone ; then + if test x"$libgcrypt_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $LIBGCRYPT_CONFIG was +*** built for $libgcrypt_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libgcrypt-prefix +*** to specify a matching config script. +***]]) + fi + fi + fi else LIBGCRYPT_CFLAGS="" LIBGCRYPT_LIBS="" commit 6902560059df490f91c2f00f0400cfbd00a84be6 Author: Werner Koch Date: Wed Feb 23 10:51:36 2011 +0100 Fix dirmngr crash (bug#1300) diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog index c1ce3bf..bb40fe1 100644 --- a/dirmngr/ChangeLog +++ b/dirmngr/ChangeLog @@ -1,3 +1,8 @@ +2011-02-23 Werner Koch + + * certcache.c (get_cert_bysubject): Take care of a NULL argument. + (find_cert_bysubject): Ditto. Fixes bug#1300. + 2011-02-09 Werner Koch * ks-engine-kdns.c: New but only the framework. diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c index 1fb585a..3ada60d 100644 --- a/dirmngr/certcache.c +++ b/dirmngr/certcache.c @@ -652,6 +652,9 @@ get_cert_bysubject (const char *subject_dn, unsigned int seq) cert_item_t ci; int i; + if (!subject_dn) + return NULL; + acquire_cache_read_lock (); for (i=0; i < 256; i++) { @@ -1101,7 +1104,7 @@ find_cert_bysubject (ctrl_t ctrl, const char *subject_dn, ksba_sexp_t keyid) uniquely located by the following code we can use them. This is for example required by Telesec certificates where a keyId is used but the issuer certificate comes without a subject keyId! */ - if (ctrl->ocsp_certs) + if (ctrl->ocsp_certs && subject_dn) { cert_item_t ci; cert_ref_t cr; ----------------------------------------------------------------------- Summary of changes: dirmngr/ChangeLog | 5 +++++ dirmngr/certcache.c | 5 ++++- m4/ChangeLog | 7 +++++-- m4/gpg-error.m4 | 20 +++++++++++++++++--- m4/libgcrypt.m4 | 21 ++++++++++++++++++--- 5 files changed, 49 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Feb 23 16:54:46 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 23 Feb 2011 16:54:46 +0100 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-17-ge7f33df Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e7f33df5e5b102f3c07a6dac1bfd1376f4f9267b (commit) from b47b2f9c063d9a0bad7c33fb7ba158c23522b849 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e7f33df5e5b102f3c07a6dac1bfd1376f4f9267b Author: Werner Koch Date: Wed Feb 23 16:30:38 2011 +0100 Add option host to libgcrypt-config. Also update libgcrypt.m4 for better user experience when cross-building. diff --git a/ChangeLog b/ChangeLog index a9b0895..e499f15 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2011-02-23 Werner Koch + * configure.ac (LIBGCRYPT_CONFIG_HOST): New. + * acinclude.m4 (AM_PATH_GPG_ERROR): Remove. 2011-02-21 Werner Koch diff --git a/configure.ac b/configure.ac index 013ff3a..618a5ee 100644 --- a/configure.ac +++ b/configure.ac @@ -154,6 +154,7 @@ LT_LANG([Windows Resource]) # Used by libgcrypt-config LIBGCRYPT_CONFIG_LIBS="-lgcrypt" LIBGCRYPT_CONFIG_CFLAGS="" +LIBGCRYPT_CONFIG_HOST="$host" # Definitions for symmetric ciphers. available_ciphers="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed" @@ -963,6 +964,7 @@ CL_AS_NOEXECSTACK AC_SUBST(LIBGCRYPT_CONFIG_API_VERSION) AC_SUBST(LIBGCRYPT_CONFIG_LIBS) AC_SUBST(LIBGCRYPT_CONFIG_CFLAGS) +AC_SUBST(LIBGCRYPT_CONFIG_HOST) AC_SUBST(LIBGCRYPT_THREAD_MODULES) AC_CONFIG_COMMANDS([gcrypt-conf],[[ diff --git a/src/ChangeLog b/src/ChangeLog index a9523cc..98f38db 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2011-02-23 Werner Koch + + * libgcrypt-config.in: Add option --host. + * libgcrypt.m4: Use AC_PROG_TOOL to find the config script. Print + a warning is the config scripts does not match the configure host. + 2011-02-21 Werner Koch * global.c (gcry_check_version): Do not take the patchlevel in diff --git a/src/libgcrypt-config.in b/src/libgcrypt-config.in index be6df8a..c052638 100644 --- a/src/libgcrypt-config.in +++ b/src/libgcrypt-config.in @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. +# Copyright (C) 1999, 2002, 2003, 2004, 2011 Free Software Foundation, Inc. # # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without @@ -27,6 +27,9 @@ cflags="@LIBGCRYPT_CONFIG_CFLAGS@" # API info api_version="@LIBGCRYPT_CONFIG_API_VERSION@" +# Configured for host +my_host="@LIBGCRYPT_CONFIG_HOST@" + # Misc information. symmetric_ciphers="@LIBGCRYPT_CIPHERS@" asymmetric_ciphers="@LIBGCRYPT_PUBKEY_CIPHERS@" @@ -40,6 +43,7 @@ echo_algorithms=no echo_exec_prefix=no echo_version=no echo_api_version=no +echo_host=no # Prints usage information. usage() @@ -54,6 +58,7 @@ Options: [--libs] [--cflags] [--algorithms] + [--host] EOF exit $1 } @@ -106,6 +111,9 @@ while test $# -gt 0; do --algorithms) echo_algorithms=yes ;; + --host) + echo_host=yes + ;; *) usage 1 1>&2 ;; @@ -170,6 +178,10 @@ if test "$echo_api_version" = "yes"; then echo "$api_version" fi +if test "$echo_host" = "yes"; then + echo "$my_host" +fi + if test "$echo_algorithms" = "yes"; then echo "Symmetric cipher algorithms: $symmetric_ciphers" echo "Public-key cipher algorithms: $asymmetric_ciphers" diff --git a/src/libgcrypt.m4 b/src/libgcrypt.m4 index 0f60165..831dc0c 100644 --- a/src/libgcrypt.m4 +++ b/src/libgcrypt.m4 @@ -31,7 +31,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], fi fi - AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no) + AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no) tmp=ifelse([$1], ,1:1.2.0,$1) if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` @@ -98,6 +98,21 @@ AC_DEFUN([AM_PATH_LIBGCRYPT], LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` ifelse([$2], , :, [$2]) + if test x"$host" != x ; then + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + if test x"$libgcrypt_config_host" != xnone ; then + if test x"$libgcrypt_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $LIBGCRYPT_CONFIG was +*** built for $libgcrypt_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libgcrypt-prefix +*** to specify a matching config script. +***]]) + fi + fi + fi else LIBGCRYPT_CFLAGS="" LIBGCRYPT_LIBS="" ----------------------------------------------------------------------- Summary of changes: ChangeLog | 2 ++ configure.ac | 2 ++ src/ChangeLog | 6 ++++++ src/libgcrypt-config.in | 14 +++++++++++++- src/libgcrypt.m4 | 17 ++++++++++++++++- 5 files changed, 39 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 24 10:52:22 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 24 Feb 2011 10:52:22 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.1-27-g1a55322 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 1a5532257ff92c76e6fea407496b5f95356fc061 (commit) via 97eb75719c40ea584aa8745638a8496154fbf418 (commit) from 556009514f59fd76bf657a67cd3772b3603ab54a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1a5532257ff92c76e6fea407496b5f95356fc061 Author: Werner Koch Date: Thu Feb 24 10:28:38 2011 +0100 Add ChangeLog entry for last patch diff --git a/AUTHORS b/AUTHORS index 0415cec..790a024 100644 --- a/AUTHORS +++ b/AUTHORS @@ -15,9 +15,12 @@ Neal H. Walfield Marcus Brinkmann - Shared library version, bug fixes. -g10 Code GmbH +g10 Code GmbH - all work indicated by mail addresses in ChangeLogs +Ben Kibbey Assigns Past and Future Changes For GnuPG. + - Fixes and new features + Libassuan was orginally part of NewPG, a temporary fork of GnuPG, and later split of into a separate library. @@ -32,4 +35,3 @@ later split of into a separate library. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - diff --git a/NEWS b/NEWS index 2affd80..e2b1e0d 100644 --- a/NEWS +++ b/NEWS @@ -16,6 +16,7 @@ Noteworthy changes in version 2.0.2 ASSUAN_NO_LOGGING NEW. assuan_system_hooks_t CHANGED: Added socket and connect members. ASSUAN_SYSTEM_HOOKS_VERSION CHANGED: Bumped to 2. + assuan_register_pre_cmd_notify NEW. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -246,7 +247,7 @@ Noteworthy changes in version 0.9.0 (2006-09-14) printing of the full data, a new environment variable ASSUAN_FULL_LOGGING may be set to any value. - * Removed the assuan_domain_* functions. + * Removed the assuan_domain_* functions. * New functions assuan_pipe_connect_ext and assuan_socket_connect_ext to allow connections on a socketpair and to pass descriptors. @@ -321,7 +322,7 @@ Noteworthy changes in version 0.6.2 (2003-12-18) assuan_get_assuan_log_context is not anymore declared as user overridable. - * Documentation cleanups. + * Documentation cleanups. Noteworthy changes in version 0.6.1 (2003-11-17) ------------------------------------------------ @@ -338,7 +339,7 @@ Noteworthy changes in version 0.6.0 (2003-08-06) * Initial release as a standalone library. - Copyright 2003, 2004, 2006, 2007 Free Software Foundation, Inc. + Copyright 2003, 2004, 2006, 2007, 2011 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/src/ChangeLog b/src/ChangeLog index 46bbe1f..c34af0c 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2011-02-24 Ben Kibbey + + * assuan-handler.c (assuan_register_pre_cmd_notify): New callback. + * assuan.h (assuan_command_t): Register command object. + (pre_cmd_notify_fnc): New prototype. + 2011-02-03 Marcus Brinkmann * assuan-socket.c (_assuan_sock_new): Call _assuan_socket instead @@ -37,7 +43,7 @@ (_assuan_system_hooks): Add __assuan_socketm, __assuan_connect. * system-w32ce.c (__assuan_socket, __assuan_connect): New functions. (_assuan_system_hooks): Add __assuan_socketm, __assuan_connect. - + 2010-12-20 Werner Koch * gpgcedev.c (pipeimpl_new): Check malloc and CreateEvent return commit 97eb75719c40ea584aa8745638a8496154fbf418 Author: Ben Kibbey Date: Sat Feb 5 22:34:24 2011 -0500 assuan_register_pre_cmd_notify(). diff --git a/src/assuan-defs.h b/src/assuan-defs.h index 88863eb..da2a9d7 100644 --- a/src/assuan-defs.h +++ b/src/assuan-defs.h @@ -58,14 +58,6 @@ #define _assuan_error(ctx, errcode) gpg_err_make ((ctx)->err_source, errcode) -struct cmdtbl_s -{ - const char *name; - assuan_handler_t handler; - const char *helpstr; -}; - - /* The context we use with most functions. */ struct assuan_context_s @@ -196,7 +188,7 @@ struct assuan_context_s gpg_error_t (*accept_handler)(assuan_context_t); void (*finish_handler)(assuan_context_t); - struct cmdtbl_s *cmdtbl; + assuan_command_t cmdtbl; size_t cmdtbl_used; /* used entries */ size_t cmdtbl_size; /* allocated size of table */ @@ -212,6 +204,9 @@ struct assuan_context_s assuan_handler_t input_notify_fnc; assuan_handler_t output_notify_fnc; + /* This function is called right before a command handler is called. */ + gpg_error_t (*pre_cmd_notify_fnc)(assuan_context_t, assuan_command_t); + /* This function is called right after a command has been processed. It may be used to command related cleanup. */ void (*post_cmd_notify_fnc)(assuan_context_t, gpg_error_t); diff --git a/src/assuan-handler.c b/src/assuan-handler.c index c19117f..5016fcb 100644 --- a/src/assuan-handler.c +++ b/src/assuan-handler.c @@ -400,7 +400,7 @@ assuan_register_command (assuan_context_t ctx, const char *cmd_name, } else if (ctx->cmdtbl_used >= ctx->cmdtbl_size) { - struct cmdtbl_s *x; + struct _assuan_command_s *x; x = _assuan_realloc (ctx, ctx->cmdtbl, (ctx->cmdtbl_size+10) * sizeof *x); if (!x) @@ -427,6 +427,17 @@ assuan_get_command_name (assuan_context_t ctx) } gpg_error_t +assuan_register_pre_cmd_notify (assuan_context_t ctx, + gpg_error_t (*fnc)(assuan_context_t, + assuan_command_t)) +{ + if (!ctx) + return _assuan_error (ctx, GPG_ERR_ASS_INV_VALUE); + ctx->pre_cmd_notify_fnc = fnc; + return 0; +} + +gpg_error_t assuan_register_post_cmd_notify (assuan_context_t ctx, void (*fnc)(assuan_context_t, gpg_error_t)) { @@ -590,6 +601,13 @@ dispatch_command (assuan_context_t ctx, char *line, int linelen) line += shift; linelen -= shift; + if (ctx->pre_cmd_notify_fnc) { + err = ctx->pre_cmd_notify_fnc(ctx, &ctx->cmdtbl[i]); + + if (err) + return PROCESS_DONE(ctx, err); + } + /* fprintf (stderr, "DBG-assuan: processing %s `%s'\n", s, line); */ ctx->current_cmd_name = ctx->cmdtbl[i].name; err = ctx->cmdtbl[i].handler (ctx, line); diff --git a/src/assuan.h.in b/src/assuan.h.in index 018d5a1..630aefd 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -273,11 +273,22 @@ void assuan_set_log_stream (assuan_context_t ctx, FILE *fp); typedef gpg_error_t (*assuan_handler_t) (assuan_context_t, char *); +struct _assuan_command_s +{ + const char *name; + assuan_handler_t handler; + const char *helpstr; +}; + +typedef struct _assuan_command_s *assuan_command_t; + /*-- assuan-handler.c --*/ gpg_error_t assuan_register_command (assuan_context_t ctx, const char *cmd_string, assuan_handler_t handler, const char *help_string); +gpg_error_t assuan_register_pre_cmd_notify (assuan_context_t ctx, + gpg_error_t (*fnc)(assuan_context_t, assuan_command_t)); gpg_error_t assuan_register_post_cmd_notify (assuan_context_t ctx, void (*fnc)(assuan_context_t, gpg_error_t)); diff --git a/src/libassuan.def b/src/libassuan.def index a2e7b61..575966d 100644 --- a/src/libassuan.def +++ b/src/libassuan.def @@ -103,6 +103,7 @@ EXPORTS _assuan_w32ce_finish_pipe @82 __assuan_socket @83 __assuan_connect @84 + assuan_register_pre_cmd_notify @85 ; END diff --git a/src/libassuan.vers b/src/libassuan.vers index b14a940..261e0e7 100644 --- a/src/libassuan.vers +++ b/src/libassuan.vers @@ -24,6 +24,7 @@ LIBASSUAN_1.1 { global: __assuan_socket; __assuan_connect; + assuan_register_pre_cmd_notify; }; LIBASSUAN_1.0 { ----------------------------------------------------------------------- Summary of changes: AUTHORS | 6 ++++-- NEWS | 7 ++++--- src/ChangeLog | 8 +++++++- src/assuan-defs.h | 13 ++++--------- src/assuan-handler.c | 20 +++++++++++++++++++- src/assuan.h.in | 11 +++++++++++ src/libassuan.def | 1 + src/libassuan.vers | 1 + 8 files changed, 51 insertions(+), 16 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Thu Feb 24 19:02:22 2011 From: cvs at cvs.gnupg.org (cvs user werner) Date: Thu, 24 Feb 2011 19:02:22 +0100 Subject: misc-scripts (undump.c) Message-ID: Date: Thursday, February 24, 2011 @ 19:02:22 Author: werner Path: /cvs/wk/misc-scripts Modified: undump.c Updates + From cvs at cvs.gnupg.org Thu Feb 24 19:04:48 2011 From: cvs at cvs.gnupg.org (cvs user werner) Date: Thu, 24 Feb 2011 19:04:48 +0100 Subject: misc-scripts (mkdiff) Message-ID: Date: Thursday, February 24, 2011 @ 19:04:48 Author: werner Path: /cvs/wk/misc-scripts Modified: mkdiff . + From cvs at cvs.gnupg.org Thu Feb 24 19:07:56 2011 From: cvs at cvs.gnupg.org (cvs user werner) Date: Thu, 24 Feb 2011 19:07:56 +0100 Subject: misc-scripts (heating-control.c) Message-ID: Date: Thursday, February 24, 2011 @ 19:07:56 Author: werner Path: /cvs/wk/misc-scripts Modified: heating-control.c . From cvs at cvs.gnupg.org Mon Feb 28 09:54:32 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 28 Feb 2011 09:54:32 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.1-29-g8660e89 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 8660e89916d7e0d0df59939affd07c6ed78a7313 (commit) via 65078fa2e4b3a4404c8eec012783aaeb7925c685 (commit) from 1a5532257ff92c76e6fea407496b5f95356fc061 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8660e89916d7e0d0df59939affd07c6ed78a7313 Author: Werner Koch Date: Mon Feb 28 09:29:57 2011 +0100 Simplify libassuan.vers diff --git a/src/ChangeLog b/src/ChangeLog index fbb3797..a12b9cb 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,7 @@ +2011-02-28 Werner Koch + + * libassuan.vers: Fold LIBASSUAN_1.1 block into LIBASSUAN_1.0. + 2011-02-28 Ben Kibbey * assuan-handler.c (assuan_register_pre_cmd_notify): Pass command diff --git a/src/libassuan.vers b/src/libassuan.vers index 261e0e7..6311ff1 100644 --- a/src/libassuan.vers +++ b/src/libassuan.vers @@ -20,13 +20,6 @@ # Please remember to add new functions also to libassuan.def #----------------------------------------------------------- -LIBASSUAN_1.1 { - global: - __assuan_socket; - __assuan_connect; - assuan_register_pre_cmd_notify; -}; - LIBASSUAN_1.0 { global: assuan_accept; @@ -72,6 +65,7 @@ LIBASSUAN_1.0 { assuan_register_input_notify; assuan_register_option_handler; assuan_register_output_notify; + assuan_register_pre_cmd_notify; assuan_register_post_cmd_notify; assuan_register_reset_notify; assuan_release; @@ -111,6 +105,8 @@ LIBASSUAN_1.0 { __assuan_socketpair; __assuan_spawn; __assuan_usleep; + __assuan_socket; + __assuan_connect; local: *; commit 65078fa2e4b3a4404c8eec012783aaeb7925c685 Author: Ben Kibbey Date: Thu Feb 24 20:54:04 2011 -0500 Pass only the command name to the pre_cmd_notify() callback to keep ABI compatibility. diff --git a/src/ChangeLog b/src/ChangeLog index c34af0c..fbb3797 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2011-02-28 Ben Kibbey + + * assuan-handler.c (assuan_register_pre_cmd_notify): Pass command + string as second argument. + * assuan.h (assuan_command_t): Move back to assuan-defs.h. + 2011-02-24 Ben Kibbey * assuan-handler.c (assuan_register_pre_cmd_notify): New callback. diff --git a/src/assuan-defs.h b/src/assuan-defs.h index da2a9d7..8a3fcc2 100644 --- a/src/assuan-defs.h +++ b/src/assuan-defs.h @@ -58,6 +58,14 @@ #define _assuan_error(ctx, errcode) gpg_err_make ((ctx)->err_source, errcode) +struct cmdtbl_s +{ + const char *name; + assuan_handler_t handler; + const char *helpstr; +}; + + /* The context we use with most functions. */ struct assuan_context_s @@ -188,7 +196,7 @@ struct assuan_context_s gpg_error_t (*accept_handler)(assuan_context_t); void (*finish_handler)(assuan_context_t); - assuan_command_t cmdtbl; + struct cmdtbl_s *cmdtbl; size_t cmdtbl_used; /* used entries */ size_t cmdtbl_size; /* allocated size of table */ @@ -205,7 +213,7 @@ struct assuan_context_s assuan_handler_t output_notify_fnc; /* This function is called right before a command handler is called. */ - gpg_error_t (*pre_cmd_notify_fnc)(assuan_context_t, assuan_command_t); + gpg_error_t (*pre_cmd_notify_fnc)(assuan_context_t, const char *cmd); /* This function is called right after a command has been processed. It may be used to command related cleanup. */ diff --git a/src/assuan-handler.c b/src/assuan-handler.c index 5016fcb..cb271fa 100644 --- a/src/assuan-handler.c +++ b/src/assuan-handler.c @@ -400,7 +400,7 @@ assuan_register_command (assuan_context_t ctx, const char *cmd_name, } else if (ctx->cmdtbl_used >= ctx->cmdtbl_size) { - struct _assuan_command_s *x; + struct cmdtbl_s *x; x = _assuan_realloc (ctx, ctx->cmdtbl, (ctx->cmdtbl_size+10) * sizeof *x); if (!x) @@ -429,7 +429,7 @@ assuan_get_command_name (assuan_context_t ctx) gpg_error_t assuan_register_pre_cmd_notify (assuan_context_t ctx, gpg_error_t (*fnc)(assuan_context_t, - assuan_command_t)) + const char *cmd)) { if (!ctx) return _assuan_error (ctx, GPG_ERR_ASS_INV_VALUE); @@ -602,7 +602,7 @@ dispatch_command (assuan_context_t ctx, char *line, int linelen) linelen -= shift; if (ctx->pre_cmd_notify_fnc) { - err = ctx->pre_cmd_notify_fnc(ctx, &ctx->cmdtbl[i]); + err = ctx->pre_cmd_notify_fnc(ctx, ctx->cmdtbl[i].name); if (err) return PROCESS_DONE(ctx, err); diff --git a/src/assuan.h.in b/src/assuan.h.in index 630aefd..426fc4c 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -273,22 +273,13 @@ void assuan_set_log_stream (assuan_context_t ctx, FILE *fp); typedef gpg_error_t (*assuan_handler_t) (assuan_context_t, char *); -struct _assuan_command_s -{ - const char *name; - assuan_handler_t handler; - const char *helpstr; -}; - -typedef struct _assuan_command_s *assuan_command_t; - /*-- assuan-handler.c --*/ gpg_error_t assuan_register_command (assuan_context_t ctx, const char *cmd_string, assuan_handler_t handler, const char *help_string); gpg_error_t assuan_register_pre_cmd_notify (assuan_context_t ctx, - gpg_error_t (*fnc)(assuan_context_t, assuan_command_t)); + gpg_error_t (*fnc)(assuan_context_t, const char *cmd)); gpg_error_t assuan_register_post_cmd_notify (assuan_context_t ctx, void (*fnc)(assuan_context_t, gpg_error_t)); ----------------------------------------------------------------------- Summary of changes: src/ChangeLog | 10 ++++++++++ src/assuan-defs.h | 12 ++++++++++-- src/assuan-handler.c | 6 +++--- src/assuan.h.in | 11 +---------- src/libassuan.vers | 10 +++------- 5 files changed, 27 insertions(+), 22 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Mon Feb 28 16:09:14 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 28 Feb 2011 16:09:14 +0100 Subject: [git] KSBA - branch, master, updated. debian/libksba-1.1.0-9-g4768923 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 4768923e5800c2cb65dbcdeeae2d866b6de5d74a (commit) from 6a7f295548a8ba5a2d9cc721e5d0d22ad043d0b0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4768923e5800c2cb65dbcdeeae2d866b6de5d74a Author: Werner Koch Date: Mon Feb 28 15:45:04 2011 +0100 Complete X.509 creation stuff diff --git a/NEWS b/NEWS index 0431f8f..a47c37f 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,7 @@ Noteworthy changes in version 1.2.0 ksba_certreq_set_serial NEW. ksba_certreq_set_issuer NEW. ksba_certreq_set_validity NEW. + ksba_certreq_set_siginfo NEW. Noteworthy changes in version 1.1.0 (2010-10-26) diff --git a/src/ChangeLog b/src/ChangeLog index 024577d..e2b1176 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,12 +1,22 @@ +2011-02-28 Werner Koch + + * keyinfo.c (_ksba_algoinfo_from_sexp): New. + (oid_from_buffer): Add arg WITH_SIG. + * certreq.c (ksba_certreq_set_signing_key): Rename to .. + (ksba_certreq_set_siginfo): new. Use new parser function. + * libksba.def, libksba.vers, visibility.c, visibility.h: Change + accordingly. + 2011-02-25 Werner Koch * certreq.h (ksba_certreq_s): Add structure x509. * certreq.c (ksba_certreq_release): Free new fields. (ksba_certreq_set_serial, ksba_certreq_set_issuer) - (ksba_certreq_set_validity): New. + (ksba_certreq_set_validity, ksba_certreq_set_signing_key): New. (build_extensions): Add arg certmode and allow building of X.509 extensions. (build_cri): Add code to build an X.509 certificate. + * libksba.def, libksba.vers: Add new functions. * visibility.c, visibility.h: Ditto. diff --git a/src/certreq.c b/src/certreq.c index 06c8116..e91c5b2 100644 --- a/src/certreq.c +++ b/src/certreq.c @@ -68,6 +68,7 @@ ksba_certreq_release (ksba_certreq_t cr) return; xfree (cr->x509.serial.der); xfree (cr->x509.issuer.der); + xfree (cr->x509.siginfo.der); xfree (cr->subject.der); xfree (cr->key.der); xfree (cr->cri.der); @@ -182,6 +183,32 @@ ksba_certreq_set_validity (ksba_certreq_t cr, int what, } +/* Store the signing key info. This is used to extract the signing + algorithm; the signing itself needs to be done by the caller as + response to a stop code. The expression SIGINFO is similar to a + sig-val one, however most parameters are not required. The + expected structure of this canonical encoded s-expression is: + + (sig-val + ( + ( ) + ... + ( ))) + +*/ +gpg_error_t +ksba_certreq_set_siginfo (ksba_certreq_t cr, ksba_const_sexp_t siginfo) +{ + if (!cr || !siginfo) + return gpg_error (GPG_ERR_INV_VALUE); + xfree (cr->x509.siginfo.der); + cr->x509.siginfo.der = NULL; + + return _ksba_algoinfo_from_sexp (siginfo, &cr->x509.siginfo.der, + &cr->x509.siginfo.derlen); +} + + /* Store the subject's name. Does perform some syntactic checks on the name. The first added subject is the real one, all subsequent @@ -674,43 +701,15 @@ build_cri (ksba_certreq_t cr) if (err) goto leave; - /* Store the signature algorithm identifier. That is easy - because we must take it from the public key. */ - { - char *dummy_oid = NULL; - size_t algoinfolen; - struct tag_info ti; - const unsigned char *der; - size_t derlen, seqlen; - - der = cr->key.der; - derlen = cr->key.derlen; - - err = _ksba_ber_parse_tl (&der, &derlen, &ti); - if (err) - goto leave; - if ( !(ti.class == CLASS_UNIVERSAL && ti.tag == TYPE_SEQUENCE - && ti.is_constructed) || ti.ndef) - { - err = gpg_error (GPG_ERR_INV_CERT_OBJ); - goto leave; - } - seqlen = ti.length; - if (seqlen > derlen) - { - err = gpg_error (GPG_ERR_BAD_BER); - goto leave; - } + /* Store the signature algorithm identifier. */ + if (!cr->x509.siginfo.der) + err = gpg_error (GPG_ERR_MISSING_VALUE); + else + err = ksba_writer_write (writer, + cr->x509.siginfo.der, cr->x509.siginfo.derlen); + if (err) + goto leave; - err = _ksba_parse_algorithm_identifier (der, derlen, - &algoinfolen, &dummy_oid); - xfree (dummy_oid); - if (err) - goto leave; - err = ksba_writer_write (writer, der, algoinfolen); - if (err) - goto leave; - } /* Store the issuer DN. If no issuer DN has been set we use the subject DN. */ @@ -727,33 +726,73 @@ build_cri (ksba_certreq_t cr) /* Store the Validity. */ { unsigned char templ[36]; + unsigned char *tp; - templ[0] = 0x30; - templ[1] = 0x22; + tp = templ; + *tp++ = 0x30; + *tp++ = 0x22; - templ[2] = 0x18; - templ[3] = 0x0F; + *tp++ = TYPE_GENERALIZED_TIME; + *tp++ = 15; if (cr->x509.not_before[0]) { - memcpy (templ+4, cr->x509.not_before, 8); - memcpy (templ+12, cr->x509.not_before+9, 6); + if (_ksba_cmp_time (cr->x509.not_before, "20500101T000000") >= 0) + { + memcpy (tp, cr->x509.not_before, 8); + tp += 8; + memcpy (tp, cr->x509.not_before+9, 6); + tp += 6; + } + else + { + tp[-2] = TYPE_UTC_TIME; + tp[-1] = 13; + memcpy (tp, cr->x509.not_before, 6); + tp += 6; + memcpy (tp, cr->x509.not_before+9, 6); + tp += 6; + } } else - memcpy (templ+4, "20110101000000", 14); - templ[18] = 'Z'; + { + tp[-2] = TYPE_UTC_TIME; + tp[-1] = 13; + memcpy (tp, "110101000000", 12); + tp += 12; + } + *tp++ = 'Z'; - templ[19] = 0x18; - templ[20] = 0x0F; + *tp++ = TYPE_GENERALIZED_TIME; + *tp++ = 15; if (cr->x509.not_after[0]) { - memcpy (templ+21, cr->x509.not_before, 8); - memcpy (templ+29, cr->x509.not_before+9, 6); + if (_ksba_cmp_time (cr->x509.not_after, "20500101T000000") >= 0) + { + memcpy (tp, cr->x509.not_after, 8); + tp += 8; + memcpy (tp, cr->x509.not_after+9, 6); + tp += 6; } + else + { + tp[-2] = TYPE_UTC_TIME; + tp[-1] = 13; + memcpy (tp, cr->x509.not_after+2, 6); + tp += 6; + memcpy (tp, cr->x509.not_after+9, 6); + tp += 6; + } + } else - memcpy (templ+21,"20630405170000", 14); - templ[35] = 'Z'; + { + memcpy (tp,"20630405170000", 14); + tp += 14; + } + *tp++ = 'Z'; + assert (tp - templ <= 36); + templ[1] = tp - templ - 2; /* Fixup the sequence length. */ - err = ksba_writer_write (writer, templ, 36); + err = ksba_writer_write (writer, templ, tp - templ); if (err) goto leave; } diff --git a/src/certreq.h b/src/certreq.h index 2aa0c49..1aafec6 100644 --- a/src/certreq.h +++ b/src/certreq.h @@ -73,6 +73,10 @@ struct ksba_certreq_s } issuer; ksba_isotime_t not_before; ksba_isotime_t not_after; + struct { + unsigned char *der; + size_t derlen; + } siginfo; } x509; struct { diff --git a/src/keyinfo.c b/src/keyinfo.c index a2e7e28..6af095f 100644 --- a/src/keyinfo.c +++ b/src/keyinfo.c @@ -839,10 +839,11 @@ _ksba_keyinfo_to_sexp (const unsigned char *der, size_t derlen, /* Match the algorithm string given in BUF which is of length BUFLEN with the known algorithms from our table and returns the table - entries for the DER encoded OID. */ + entries for the DER encoded OID. If WITH_SIG is true, the table of + signature algorithms is consulted first. */ static const unsigned char * oid_from_buffer (const unsigned char *buf, int buflen, int *oidlen, - pkalgo_t *r_pkalgo) + pkalgo_t *r_pkalgo, int with_sig) { int i; @@ -855,7 +856,29 @@ oid_from_buffer (const unsigned char *buf, int buflen, int *oidlen, buflen -= 4; } - /* Scan the table. */ + if (with_sig) + { + /* Scan the signature table first. */ + for (i=0; sig_algo_table[i].oid; i++) + { + if (!sig_algo_table[i].supported) + continue; + if (buflen == strlen (sig_algo_table[i].oidstring) + && !memcmp (buf, sig_algo_table[i].oidstring, buflen)) + break; + if (buflen == strlen (sig_algo_table[i].algo_string) + && !memcmp (buf, sig_algo_table[i].algo_string, buflen)) + break; + } + if (sig_algo_table[i].oid) + { + *r_pkalgo = sig_algo_table[i].pkalgo; + *oidlen = sig_algo_table[i].oidlen; + return sig_algo_table[i].oid; + } + } + + /* Scan the standard table. */ for (i=0; pk_algo_table[i].oid; i++) { if (!pk_algo_table[i].supported) @@ -934,7 +957,7 @@ _ksba_keyinfo_from_sexp (ksba_const_sexp_t sexp, if (!n || *s != ':') return gpg_error (GPG_ERR_INV_SEXP); /* we don't allow empty lengths */ s++; - oid = oid_from_buffer (s, n, &oidlen, &pkalgo); + oid = oid_from_buffer (s, n, &oidlen, &pkalgo, 0); if (!oid) return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); s += n; @@ -1248,6 +1271,294 @@ _ksba_keyinfo_from_sexp (ksba_const_sexp_t sexp, } +/* Take a sig-val s-expression and convert it into a DER encoded + algorithmInfo. Unfortunately this function clones a lot of code + from _ksba_keyinfo_from_sexp. */ +gpg_error_t +_ksba_algoinfo_from_sexp (ksba_const_sexp_t sexp, + unsigned char **r_der, size_t *r_derlen) +{ + gpg_error_t err; + const unsigned char *s; + char *endp; + unsigned long n; + const unsigned char *oid; + int oidlen; + unsigned char *curve_oid = NULL; + size_t curve_oidlen; + pkalgo_t pkalgo; + int i; + struct { + const char *name; + int namelen; + const unsigned char *value; + int valuelen; + } parm[10]; + int parmidx; + int idxtbl[10]; + int idxtbllen; + const char *parmdesc, *algoparmdesc; + ksba_writer_t writer = NULL; + void *algoparmseq_value = NULL; + size_t algoparmseq_len; + + if (!sexp) + return gpg_error (GPG_ERR_INV_VALUE); + + s = sexp; + if (*s != '(') + return gpg_error (GPG_ERR_INV_SEXP); + s++; + + n = strtoul (s, &endp, 10); + s = endp; + if (!n || *s != ':') + return gpg_error (GPG_ERR_INV_SEXP); /* We don't allow empty lengths. */ + s++; + if (n == 7 && !memcmp (s, "sig-val", 7)) + s += 7; + else if (n == 10 && !memcmp (s, "public-key", 10)) + s += 10; + else + return gpg_error (GPG_ERR_UNKNOWN_SEXP); + + if (*s != '(') + return gpg_error (digitp (s)? GPG_ERR_UNKNOWN_SEXP : GPG_ERR_INV_SEXP); + s++; + + /* Break out the algorithm ID */ + n = strtoul (s, &endp, 10); + s = endp; + if (!n || *s != ':') + return gpg_error (GPG_ERR_INV_SEXP); /* We don't allow empty lengths. */ + s++; + oid = oid_from_buffer (s, n, &oidlen, &pkalgo, 1); + if (!oid) + return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); + s += n; + + /* Collect all the values */ + for (parmidx = 0; *s != ')' ; parmidx++) + { + if (parmidx >= DIM(parm)) + return gpg_error (GPG_ERR_GENERAL); + if (*s != '(') + return gpg_error (digitp(s)? GPG_ERR_UNKNOWN_SEXP:GPG_ERR_INV_SEXP); + s++; + n = strtoul (s, &endp, 10); + s = endp; + if (!n || *s != ':') + return gpg_error (GPG_ERR_INV_SEXP); + s++; + parm[parmidx].name = s; + parm[parmidx].namelen = n; + s += n; + if (!digitp(s)) + return gpg_error (GPG_ERR_UNKNOWN_SEXP); /* ... or invalid S-Exp. */ + + n = strtoul (s, &endp, 10); + s = endp; + if (!n || *s != ':') + return gpg_error (GPG_ERR_INV_SEXP); + s++; + parm[parmidx].value = s; + parm[parmidx].valuelen = n; + s += n; + if ( *s != ')') + return gpg_error (GPG_ERR_UNKNOWN_SEXP); /* ... or invalid S-Exp. */ + s++; + } + s++; + /* We need another closing parenthesis. */ + if ( *s != ')' ) + return gpg_error (GPG_ERR_INV_SEXP); + + /* Describe the parameters in the order we want them and construct + IDXTBL to access them. For DSA wie also set algoparmdesc so + that we can later build the parameters for the + algorithmIdentifier. */ + algoparmdesc = NULL; + switch (pkalgo) + { + case PKALGO_RSA: parmdesc = ""; break; + case PKALGO_DSA: parmdesc = "" ; algoparmdesc = "pqg"; break; + case PKALGO_ECC: parmdesc = "C"; break; + default: return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM); + } + + idxtbllen = 0; + for (s = parmdesc; *s; s++) + { + for (i=0; i < parmidx; i++) + { + assert (idxtbllen < DIM (idxtbl)); + switch (*s) + { + case 'C': /* Magic value for "curve". */ + if (parm[i].namelen == 5 && !memcmp (parm[i].name, "curve", 5)) + { + idxtbl[idxtbllen++] = i; + i = parmidx; /* Break inner loop. */ + } + break; + default: + if (parm[i].namelen == 1 && parm[i].name[0] == *s) + { + idxtbl[idxtbllen++] = i; + i = parmidx; /* Break inner loop. */ + } + break; + } + } + } + if (idxtbllen != strlen (parmdesc)) + return gpg_error (GPG_ERR_UNKNOWN_SEXP); + + if (pkalgo == PKALGO_ECC) + { + curve_oid = get_ecc_curve_oid (parm[idxtbl[0]].value, + parm[idxtbl[0]].valuelen, + &curve_oidlen); + if (!curve_oid) + return gpg_error (GPG_ERR_UNKNOWN_SEXP); + } + + + /* Create write object. */ + err = ksba_writer_new (&writer); + if (err) + goto leave; + err = ksba_writer_set_mem (writer, 1024); + if (err) + goto leave; + + /* Create the sequence of the algorithm identifier. */ + + /* If the algorithmIdentifier requires a sequence with parameters, + build them now. We can reuse the IDXTBL for that. */ + if (algoparmdesc) + { + idxtbllen = 0; + for (s = algoparmdesc; *s; s++) + { + for (i=0; i < parmidx; i++) + { + assert (idxtbllen < DIM (idxtbl)); + if (parm[i].namelen == 1 && parm[i].name[0] == *s) + { + idxtbl[idxtbllen++] = i; + break; + } + } + } + if (idxtbllen != strlen (algoparmdesc)) + return gpg_error (GPG_ERR_UNKNOWN_SEXP); + + err = ksba_writer_set_mem (writer, 1024); + if (err) + goto leave; + + /* Calculate the size of the sequence. */ + for (n=0, i=0; i < idxtbllen; i++ ) + { + n += _ksba_ber_count_tl (TYPE_INTEGER, CLASS_UNIVERSAL, 0, + parm[idxtbl[i]].valuelen); + n += parm[idxtbl[i]].valuelen; + } + + /* Write the sequence tag followed by the integers. */ + err = _ksba_ber_write_tl (writer, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n); + if (err) + goto leave; + for (i=0; i < idxtbllen; i++) + { + err = _ksba_ber_write_tl (writer, TYPE_INTEGER, CLASS_UNIVERSAL, 0, + parm[idxtbl[i]].valuelen); + if (!err) + err = ksba_writer_write (writer, parm[idxtbl[i]].value, + parm[idxtbl[i]].valuelen); + if (err) + goto leave; + } + + /* Get the encoded sequence. */ + algoparmseq_value = ksba_writer_snatch_mem (writer, &algoparmseq_len); + if (!algoparmseq_value) + { + err = gpg_error (GPG_ERR_ENOMEM); + goto leave; + } + } + else + algoparmseq_len = 0; + + /* Reinitialize the buffer to create the sequence. */ + err = ksba_writer_set_mem (writer, 1024); + if (err) + goto leave; + + /* Calulate lengths. */ + n = _ksba_ber_count_tl (TYPE_OBJECT_ID, CLASS_UNIVERSAL, 0, oidlen); + n += oidlen; + if (algoparmseq_len) + { + n += algoparmseq_len; + } + else if (pkalgo == PKALGO_ECC) + { + n += _ksba_ber_count_tl (TYPE_OBJECT_ID, CLASS_UNIVERSAL, + 0, curve_oidlen); + n += curve_oidlen; + } + else if (pkalgo == PKALGO_RSA) + { + n += _ksba_ber_count_tl (TYPE_NULL, CLASS_UNIVERSAL, 0, 0); + } + + /* Write the sequence. */ + err = _ksba_ber_write_tl (writer, TYPE_SEQUENCE, CLASS_UNIVERSAL, 1, n); + if (err) + goto leave; + + /* Write the object id. */ + err = _ksba_ber_write_tl (writer, TYPE_OBJECT_ID, CLASS_UNIVERSAL, 0, oidlen); + if (!err) + err = ksba_writer_write (writer, oid, oidlen); + if (err) + goto leave; + + /* Write the parameters. */ + if (algoparmseq_len) + { + err = ksba_writer_write (writer, algoparmseq_value, algoparmseq_len); + } + else if (pkalgo == PKALGO_ECC) + { + /* We only support the namedCuve choice for ECC parameters. */ + err = _ksba_ber_write_tl (writer, TYPE_OBJECT_ID, CLASS_UNIVERSAL, + 0, curve_oidlen); + if (!err) + err = ksba_writer_write (writer, curve_oid, curve_oidlen); + } + else if (pkalgo == PKALGO_RSA) + { + err = _ksba_ber_write_tl (writer, TYPE_NULL, CLASS_UNIVERSAL, 0, 0); + } + if (err) + goto leave; + + /* Get the result. */ + *r_der = ksba_writer_snatch_mem (writer, r_derlen); + if (!*r_der) + err = gpg_error (GPG_ERR_ENOMEM); + + leave: + ksba_writer_release (writer); + xfree (curve_oid); + return err; +} + + /* Mode 0: work as described under _ksba_sigval_to_sexp mode 1: work as described under _ksba_encval_to_sexp */ diff --git a/src/keyinfo.h b/src/keyinfo.h index 8fcbbeb..60189d1 100644 --- a/src/keyinfo.h +++ b/src/keyinfo.h @@ -42,6 +42,9 @@ gpg_error_t _ksba_keyinfo_from_sexp (ksba_const_sexp_t sexp, unsigned char **r_der, size_t *r_derlen) _KSBA_VISIBILITY_DEFAULT; +gpg_error_t _ksba_algoinfo_from_sexp (ksba_const_sexp_t sexp, + unsigned char **r_der, size_t *r_derlen); + gpg_error_t _ksba_sigval_to_sexp (const unsigned char *der, size_t derlen, ksba_sexp_t *r_string); gpg_error_t _ksba_encval_to_sexp (const unsigned char *der, size_t derlen, diff --git a/src/ksba.h b/src/ksba.h index 3959622..7cf1e75 100644 --- a/src/ksba.h +++ b/src/ksba.h @@ -430,6 +430,8 @@ gpg_error_t ksba_certreq_set_serial (ksba_certreq_t cr, ksba_const_sexp_t sn); gpg_error_t ksba_certreq_set_issuer (ksba_certreq_t cr, const char *name); gpg_error_t ksba_certreq_set_validity (ksba_certreq_t cr, int what, const ksba_isotime_t timebuf); +gpg_error_t ksba_certreq_set_siginfo (ksba_certreq_t cr, + ksba_const_sexp_t siginfo); diff --git a/src/libksba.def b/src/libksba.def index e216ee6..19cffec 100644 --- a/src/libksba.def +++ b/src/libksba.def @@ -179,6 +179,7 @@ EXPORTS ksba_reader_set_release_notify @146 ksba_writer_set_release_notify @147 - ksba_certreq_set_serial @148 - ksba_certreq_set_issuer @149 - ksba_certreq_set_validity @150 + ksba_certreq_set_serial @148 + ksba_certreq_set_issuer @149 + ksba_certreq_set_validity @150 + ksba_certreq_set_siginfo @151 diff --git a/src/libksba.vers b/src/libksba.vers index fd7e4f4..e9b72de 100644 --- a/src/libksba.vers +++ b/src/libksba.vers @@ -47,6 +47,7 @@ KSBA_0.9 { ksba_certreq_set_serial; ksba_certreq_set_issuer; ksba_certreq_set_validity; + ksba_certreq_set_siginfo; ksba_cms_add_cert; ksba_cms_add_digest_algo; ksba_cms_add_recipient; ksba_cms_add_signer; ksba_cms_build; ksba_cms_get_cert; diff --git a/src/visibility.c b/src/visibility.c index 9010df5..e0c9701 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -912,6 +912,13 @@ ksba_certreq_set_validity (ksba_certreq_t cr, int what, } +gpg_error_t +ksba_certreq_set_siginfo (ksba_certreq_t cr, ksba_const_sexp_t siginfo) +{ + return _ksba_certreq_set_siginfo (cr, siginfo); +} + + /*-- reader.c --*/ gpg_error_t ksba_reader_new (ksba_reader_t *r_r) diff --git a/src/visibility.h b/src/visibility.h index c2b78ca..9c42df2 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -65,6 +65,7 @@ #define ksba_certreq_set_serial _ksba_certreq_set_serial #define ksba_certreq_set_issuer _ksba_certreq_set_issuer #define ksba_certreq_set_validity _ksba_certreq_set_validity +#define ksba_certreq_set_siginfo _ksba_certreq_set_siginfo #define ksba_certreq_add_subject _ksba_certreq_add_subject #define ksba_certreq_build _ksba_certreq_build #define ksba_certreq_new _ksba_certreq_new @@ -258,6 +259,7 @@ int ksba_asn_delete_structure (void *dummy); #undef ksba_certreq_set_serial #undef ksba_certreq_set_issuer #undef ksba_certreq_set_validity +#undef ksba_certreq_set_siginfo #undef ksba_certreq_add_subject #undef ksba_certreq_build #undef ksba_certreq_new @@ -420,6 +422,7 @@ MARK_VISIBLE (ksba_cert_get_user_data) MARK_VISIBLE (ksba_certreq_set_serial) MARK_VISIBLE (ksba_certreq_set_issuer) MARK_VISIBLE (ksba_certreq_set_validity) +MARK_VISIBLE (ksba_certreq_set_siginfo) MARK_VISIBLE (ksba_certreq_add_subject) MARK_VISIBLE (ksba_certreq_build) MARK_VISIBLE (ksba_certreq_new) ----------------------------------------------------------------------- Summary of changes: NEWS | 1 + src/ChangeLog | 12 ++- src/certreq.c | 141 +++++++++++++++--------- src/certreq.h | 4 + src/keyinfo.c | 319 +++++++++++++++++++++++++++++++++++++++++++++++++++++- src/keyinfo.h | 3 + src/ksba.h | 2 + src/libksba.def | 7 +- src/libksba.vers | 1 + src/visibility.c | 7 ++ src/visibility.h | 3 + 11 files changed, 441 insertions(+), 59 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org