From cvs at cvs.gnupg.org Fri Jul 1 10:59:43 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 01 Jul 2011 10:59:43 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.11-15-g04b0b05 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 04b0b050ffb5862dc312a4806b65085d417afaf1 (commit) from fc1680abdfb02f332cfec33e9ca78a4872d9be2a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 04b0b050ffb5862dc312a4806b65085d417afaf1 Author: Werner Koch Date: Fri Jul 1 10:21:08 2011 +0200 Add pubkey letters e and E for ECC. This does not mean we have any kind of ECC support now. It is merely to avoid printing a question mark for the algorithm. Trailing white space changes as usual. diff --git a/g10/build-packet.c b/g10/build-packet.c index 7eceda0..abe0181 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -313,7 +313,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) private/experimental extension (this is not specified in rfc2440 but the same scheme is used for all other algorithm identifiers) */ - iobuf_put(a, 101 ); + iobuf_put(a, 101 ); iobuf_put(a, sk->protect.s2k.hash_algo ); iobuf_write(a, "GNU", 3 ); iobuf_put(a, sk->protect.s2k.mode - 1000 ); @@ -326,10 +326,10 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) || sk->protect.s2k.mode == 3 ) iobuf_write(a, sk->protect.s2k.salt, 8 ); if( sk->protect.s2k.mode == 3 ) - iobuf_put(a, sk->protect.s2k.count ); + iobuf_put(a, sk->protect.s2k.count ); /* For out special modes 1001, 1002 we do not need an IV */ - if( sk->protect.s2k.mode != 1001 + if( sk->protect.s2k.mode != 1001 && sk->protect.s2k.mode != 1002 ) iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); } @@ -338,9 +338,9 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) iobuf_put(a, 0 ); if( sk->protect.s2k.mode == 1001 ) - ; /* GnuPG extension - don't write a secret key at all */ + ; /* GnuPG extension - don't write a secret key at all */ else if( sk->protect.s2k.mode == 1002 ) - { /* GnuPG extension - divert to OpenPGP smartcard. */ + { /* GnuPG extension - divert to OpenPGP smartcard. */ iobuf_put(a, sk->protect.ivlen ); /* length of the serial number or 0 for no serial number. */ @@ -599,7 +599,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype ) } if( buflen < n ) break; - + type = *buffer & 0x7f; if( type == reqtype ) { buffer++; @@ -633,7 +633,7 @@ delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype ) * Note: All pointers into sig->[un]hashed (e.g. returned by * parse_sig_subpkt) are not valid after a call to this function. The * data to put into the subpaket should be in a buffer with a length - * of buflen. + * of buflen. */ void build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, @@ -736,7 +736,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, case SIGSUBPKT_SIGNATURE: hashed = 0; break; - default: + default: hashed = 1; break; } @@ -787,7 +787,7 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type, memcpy (p, buffer, buflen); } - if (hashed) + if (hashed) sig->hashed = newarea; else sig->unhashed = newarea; @@ -1196,6 +1196,8 @@ write_header( IOBUF out, int ctb, u32 len ) static int write_sign_packet_header( IOBUF out, int ctb, u32 len ) { + (void)ctb; + /* work around a bug in the pgp read function for signature packets, * which are not correctly coded and silently assume at some * point 2 byte length headers.*/ @@ -1305,6 +1307,8 @@ write_new_header( IOBUF out, int ctb, u32 len, int hdrlen ) static int write_version( IOBUF out, int ctb ) { + (void)ctb; + if( iobuf_put( out, 3 ) ) return -1; return 0; diff --git a/g10/getkey.c b/g10/getkey.c index 4506c7c..9cb5b95 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -195,7 +195,7 @@ get_primary_uid ( KBNODE keyblock, size_t *uidlen ) *uidlen = k->pkt->pkt.user_id->len; return k->pkt->pkt.user_id->name; } - } + } s = user_id_not_found_utf8 (); *uidlen = strlen (s); return s; @@ -303,7 +303,7 @@ pk_from_block ( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE keyblock ) assert ( a->pkt->pkttype == PKT_PUBLIC_KEY || a->pkt->pkttype == PKT_PUBLIC_SUBKEY ); - + copy_public_key ( pk, a->pkt->pkt.public_key ); } @@ -315,7 +315,7 @@ sk_from_block ( GETKEY_CTX ctx, assert ( a->pkt->pkttype == PKT_SECRET_KEY || a->pkt->pkttype == PKT_SECRET_SUBKEY ); - + copy_secret_key( sk, a->pkt->pkt.secret_key); } @@ -400,7 +400,7 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid) KEYDB_HANDLE hd; KBNODE keyblock; u32 pkid[2]; - + assert (pk); #if MAX_PK_CACHE_ENTRIES { /* Try to get it from the cache */ @@ -427,7 +427,7 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid) } rc = keydb_get_keyblock (hd, &keyblock); keydb_release (hd); - if (rc) + if (rc) { log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); return G10ERR_NO_PUBKEY; @@ -561,8 +561,8 @@ seckey_available( u32 *keyid ) * must be in the range 0..9), this is considered a fingerprint. * - If the username starts with a left angle, we assume it is a complete * email address and look only at this part. - * - If the username starts with a colon we assume it is a unified - * key specfification. + * - If the username starts with a colon we assume it is a unified + * key specfification. * - If the username starts with a '.', we assume it is the ending * part of an email address * - If the username starts with an '@', we assume it is a part of an @@ -583,7 +583,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc ) const char *s; int hexprefix = 0; int hexlength; - int mode = 0; + int mode = 0; KEYDB_SEARCH_DESC dummy_desc; if (!desc) @@ -642,12 +642,12 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc ) case '#': /* local user id */ return 0; /* This is now obsolete and van't not be used anymore*/ - + case ':': /*Unified fingerprint */ - { + { const char *se, *si; int i; - + se = strchr( ++s,':'); if ( !se ) return 0; @@ -657,15 +657,15 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc ) } if (i != 32 && i != 40) return 0; /* invalid length of fpr*/ - for (i=0,si=s; si < se; i++, si +=2) + for (i=0,si=s; si < se; i++, si +=2) desc->u.fpr[i] = hextobyte(si); for ( ; i < 20; i++) desc->u.fpr[i]= 0; s = se + 1; mode = KEYDB_SEARCH_MODE_FPR; - } + } break; - + default: if (s[0] == '0' && s[1] == 'x') { hexprefix = 1; @@ -715,7 +715,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc ) int i; if (hexlength == 33) s++; - memset(desc->u.fpr+16, 0, 4); + memset(desc->u.fpr+16, 0, 4); for (i=0; i < 16; i++, s+=2) { int c = hextobyte(s); if (c == -1) @@ -754,11 +754,13 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc ) static int -skip_unusable(void *dummy,u32 *keyid,PKT_user_id *uid) +skip_unusable(void *dummy, u32 *keyid,PKT_user_id *uid) { int unusable=0; KBNODE keyblock; + (void)dummy; + keyblock=get_pubkeyblock(keyid); if(!keyblock) { @@ -815,7 +817,7 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist, STRLIST r; GETKEY_CTX ctx; KBNODE help_kb = NULL; - + if( retctx ) {/* reset the returned context in case of error */ assert (!ret_kdbhd); /* not allowed because the handle is stored in the context */ @@ -844,7 +846,7 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist, for(n=0, r=namelist; r; r = r->next, n++ ) { classify_user_id (r->d, &ctx->items[n]); - + if (ctx->items[n].exact) ctx->exact = 1; if (!ctx->items[n].mode) @@ -863,7 +865,7 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist, } ctx->kr_handle = keydb_new (secmode); - if ( !ret_kb ) + if ( !ret_kb ) ret_kb = &help_kb; if( secmode ) { @@ -1054,7 +1056,7 @@ get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock ) rc = lookup( ctx, ret_keyblock, 0 ); if ( !rc && pk && ret_keyblock ) pk_from_block ( ctx, pk, *ret_keyblock ); - + return rc; } @@ -1074,7 +1076,7 @@ get_pubkey_end( GETKEY_CTX ctx ) * Search for a key with the given fingerprint. * FIXME: * We should replace this with the _byname function. Thiscsan be done - * by creating a userID conforming to the unified fingerprint style. + * by creating a userID conforming to the unified fingerprint style. */ int get_pubkey_byfprint( PKT_public_key *pk, @@ -1120,10 +1122,10 @@ get_pubkey_byfprint_fast (PKT_public_key *pk, KBNODE keyblock; byte fprbuf[MAX_FINGERPRINT_LEN]; int i; - + for (i=0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++) fprbuf[i] = fprint[i]; - while (i < MAX_FINGERPRINT_LEN) + while (i < MAX_FINGERPRINT_LEN) fprbuf[i++] = 0; hd = keydb_new (0); @@ -1135,12 +1137,12 @@ get_pubkey_byfprint_fast (PKT_public_key *pk, } rc = keydb_get_keyblock (hd, &keyblock); keydb_release (hd); - if (rc) + if (rc) { log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); return G10ERR_NO_PUBKEY; } - + assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY ); if (pk) @@ -1216,7 +1218,7 @@ get_seckey_byname2( GETKEY_CTX *retctx, return rc; } -int +int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock ) { return get_seckey_byname2 ( NULL, sk, name, unlock, NULL ); @@ -1255,7 +1257,7 @@ get_seckey_end( GETKEY_CTX ctx ) * Search for a key with the given fingerprint. * FIXME: * We should replace this with the _byname function. Thiscsan be done - * by creating a userID conforming to the unified fingerprint style. + * by creating a userID conforming to the unified fingerprint style. */ int get_seckey_byfprint( PKT_secret_key *sk, @@ -1295,10 +1297,10 @@ get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint, { int rc; struct getkey_ctx_s ctx; - + if (fprint_len != 20 && fprint_len == 16) return G10ERR_GENERAL; /* Oops */ - + memset (&ctx, 0, sizeof ctx); ctx.not_allocated = 1; ctx.kr_handle = keydb_new (1); @@ -1309,7 +1311,7 @@ get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint, memcpy (ctx.items[0].u.fpr, fprint, fprint_len); rc = lookup (&ctx, ret_keyblock, 1); get_seckey_end (&ctx); - + return rc; } @@ -1525,7 +1527,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated ) /* We could also query this from the unhashed area if it is not in * the hased area and then later try to decide which is the better * there should be no security problem with this. - * For now we only look at the hashed one. + * For now we only look at the hashed one. */ /* Now build the preferences list. These must come from the @@ -1537,7 +1539,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated ) hash = p; nhash = p?n:0; p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n ); zip = p; nzip = p?n:0; - if (uid->prefs) + if (uid->prefs) xfree (uid->prefs); n = nsym + nhash + nzip; if (!n) @@ -1632,7 +1634,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) { if ( k->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = k->pkt->pkt.signature; - if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) { + if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) { if ( check_key_signature( keyblock, k, NULL ) ) ; /* signature did not verify */ else if ( IS_KEY_REV (sig) ){ @@ -1642,9 +1644,9 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) * here because we have to assume that an attacker can * generate all kinds of signatures. However due to the * fact that the key has been revoked it does not harm - * either and by continuing we gather some more info on + * either and by continuing we gather some more info on * that key. - */ + */ *r_revoked = 1; sig_to_revoke_info(sig,rinfo); } @@ -1732,7 +1734,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) key_expire_seen = 1; } - /* mark that key as valid: one direct key signature should + /* mark that key as valid: one direct key signature should * render a key as valid */ pk->is_valid = 1; } @@ -1751,7 +1753,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) if(IS_KEY_REV(sig) && (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1])) - { + { int rc=check_revocation_keys(pk,sig); if(rc==0) { @@ -1781,7 +1783,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) sigdate = 0; /* helper to find the latest signature in one user ID */ for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) { if ( k->pkt->pkttype == PKT_USER_ID ) { - if ( uidnode && signode ) + if ( uidnode && signode ) { fixup_uidnode ( uidnode, signode, keytimestamp ); pk->is_valid=1; @@ -1792,7 +1794,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) } else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) { PKT_signature *sig = k->pkt->pkt.signature; - if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) { + if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) { if ( check_key_signature( keyblock, k, NULL ) ) ; /* signature did not verify */ else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig)) @@ -1887,7 +1889,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) /* Now that we had a look at all user IDs we can now get some information * from those user IDs. */ - + if ( !key_usage ) { /* find the latest user ID with key flags set */ uiddate = 0; /* helper to find the latest user ID */ @@ -1908,17 +1910,17 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) else { /* check that the usage matches the usage as given by the algo */ int x = openpgp_pk_algo_usage ( pk->pubkey_algo ); if ( x ) /* mask it down to the actual allowed usage */ - key_usage &= x; + key_usage &= x; } /* Whatever happens, it's a primary key, so it can certify. */ pk->pubkey_usage = key_usage|PUBKEY_USAGE_CERT; if ( !key_expire_seen ) { - /* find the latest valid user ID with a key expiration set + /* find the latest valid user ID with a key expiration set * Note, that this may be a different one from the above because * some user IDs may have no expiration date set */ - uiddate = 0; + uiddate = 0; for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) { if ( k->pkt->pkttype == PKT_USER_ID ) { @@ -1989,7 +1991,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo) if ( k->pkt->pkttype == PKT_USER_ID && !k->pkt->pkt.user_id->attrib_data) { PKT_user_id *uid = k->pkt->pkt.user_id; - if ( k != uidnode ) + if ( k != uidnode ) uid->is_primary = 0; } } @@ -2093,7 +2095,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) k = k->next ) { if ( k->pkt->pkttype == PKT_SIGNATURE ) { sig = k->pkt->pkt.signature; - if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) { + if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) { if ( check_key_signature( keyblock, k, NULL ) ) ; /* signature did not verify */ else if ( IS_SUBKEY_REV (sig) ) { @@ -2107,7 +2109,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) does this the same way. */ subpk->is_revoked = 1; sig_to_revoke_info(sig,&subpk->revoked); - /* although we could stop now, we continue to + /* although we could stop now, we continue to * figure out other information like the old expiration * time */ } @@ -2144,11 +2146,11 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) /* check that the usage matches the usage as given by the algo */ int x = openpgp_pk_algo_usage ( subpk->pubkey_algo ); if ( x ) /* mask it down to the actual allowed usage */ - key_usage &= x; + key_usage &= x; } subpk->pubkey_usage = key_usage; - + p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); if ( p && buffer_to_u32(p) ) key_expire = keytimestamp + buffer_to_u32(p); @@ -2240,7 +2242,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) } -/* +/* * Merge information from the self-signatures with the key, so that * we can later use them more easy. * The function works by first applying the self signatures to the @@ -2250,7 +2252,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode ) * We check all self signatures or validity and ignore all invalid signatures. * All signatures are then ordered by their creation date .... * For the primary key: - * FIXME the docs + * FIXME the docs */ static void merge_selfsigs( KBNODE keyblock ) @@ -2311,7 +2313,7 @@ merge_selfsigs( KBNODE keyblock ) * which user ID the key has been selected. * fixme: we should keep atoms of commonly used preferences or * use reference counting to optimize the preference lists storage. - * FIXME: it might be better to use the intersection of + * FIXME: it might be better to use the intersection of * all preferences. * Do a similar thing for the MDC feature flag. */ @@ -2325,7 +2327,7 @@ merge_selfsigs( KBNODE keyblock ) mdc_feature = k->pkt->pkt.user_id->flags.mdc; break; } - } + } for(k=keyblock; k; k = k->next ) { if ( k->pkt->pkttype == PKT_PUBLIC_KEY || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { @@ -2353,7 +2355,7 @@ merge_public_with_secret ( KBNODE pubblock, KBNODE secblock ) assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY ); assert ( secblock->pkt->pkttype == PKT_SECRET_KEY ); - + for (pub=pubblock; pub; pub = pub->next ) { if ( pub->pkt->pkttype == PKT_PUBLIC_KEY ) { PKT_public_key *pk = pub->pkt->pkt.public_key; @@ -2385,7 +2387,7 @@ merge_public_with_secret ( KBNODE pubblock, KBNODE secblock ) } } } - if ( !sec ) + if ( !sec ) BUG(); /* already checked in premerge */ } } @@ -2404,7 +2406,7 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock ) assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY ); assert ( secblock->pkt->pkttype == PKT_SECRET_KEY ); - + for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) { pub->flag &= ~3; /* reset bits 0 and 1 */ if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { @@ -2433,14 +2435,14 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock ) if (opt.verbose) log_info (_("no secret subkey" - " for public subkey %s - ignoring\n"), + " for public subkey %s - ignoring\n"), keystr_from_pk (pk)); /* we have to remove the subkey in this case */ assert ( last ); /* find the next subkey */ for (next=pub->next,ll=pub; next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY; - ll = next, next = next->next ) + ll = next, next = next->next ) ; /* make new link */ last->next = next; @@ -2510,7 +2512,7 @@ finish_lookup (GETKEY_CTX ctx) u32 curtime = make_timestamp (); assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ); - + ctx->found_key = NULL; if (ctx->exact) { @@ -2579,7 +2581,7 @@ finish_lookup (GETKEY_CTX ctx) log_debug( "\tsubkey not yet valid\n"); continue; } - + if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) { if (DBG_CACHE) log_debug( "\tusage does not match: want=%x have=%x\n", @@ -2596,7 +2598,7 @@ finish_lookup (GETKEY_CTX ctx) } } - /* Okay now try the primary key unless we want an exact + /* Okay now try the primary key unless we want an exact * key ID match on a subkey */ if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) { PKT_public_key *pk; @@ -2628,7 +2630,7 @@ finish_lookup (GETKEY_CTX ctx) latest_date = pk->timestamp; } } - + if ( !latest_key ) { if (DBG_CACHE) log_debug("\tno suitable key found - giving up\n"); @@ -2645,8 +2647,8 @@ finish_lookup (GETKEY_CTX ctx) if (pk->user_id) free_user_id (pk->user_id); pk->user_id = scopy_user_id (foundu); - } - + } + ctx->found_key = latest_key; if (latest_key != keyblock && opt.verbose) @@ -2659,7 +2661,7 @@ finish_lookup (GETKEY_CTX ctx) } cache_user_id( keyblock ); - + return 1; /* found */ } @@ -2670,7 +2672,7 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode ) int rc; KBNODE secblock = NULL; /* helper */ int no_suitable_key = 0; - + rc = 0; while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) { /* If we are searching for the first key we have to make sure @@ -2685,13 +2687,13 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode ) rc = 0; goto skip; } - + if ( secmode ) { - /* find the correspondig public key and use this + /* find the correspondig public key and use this * this one for the selection process */ u32 aki[2]; KBNODE k = ctx->keyblock; - + if (k->pkt->pkttype != PKT_SECRET_KEY) BUG(); @@ -2726,7 +2728,7 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode ) } else no_suitable_key = 1; - + skip: /* release resources and continue search */ if ( secmode ) { @@ -2765,8 +2767,8 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode ) /**************** - * FIXME: Replace by the generic function - * It does not work as it is right now - it is used at + * FIXME: Replace by the generic function + * It does not work as it is right now - it is used at * 2 places: a) to get the key for an anonyous recipient * b) to get the ultimately trusted keys. * The a) usage might have some problems. @@ -2832,7 +2834,7 @@ enum_secret_keys( void **context, PKT_secret_key *sk, } release_kbnode (c->keyblock); c->keyblock = c->node = NULL; - + rc = c->first? keydb_search_first (c->hd) : keydb_search_next (c->hd); c->first = 0; if (rc) { @@ -2840,7 +2842,7 @@ enum_secret_keys( void **context, PKT_secret_key *sk, c->eof = 1; return -1; /* eof */ } - + rc = keydb_get_keyblock (c->hd, &c->keyblock); c->node = c->keyblock; } while (!rc); @@ -2999,7 +3001,7 @@ parse_auto_key_locate(char *options) continue; /* For now we silently ignore the new methods introduced with - 2.0.10. */ + 2.0.10. */ if (!ascii_strcasecmp (tok,"nodefault") || !ascii_strcasecmp (tok,"local")) continue; diff --git a/g10/gpg.c b/g10/gpg.c index cf2f51b..28841c0 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -279,7 +279,7 @@ enum cmd_and_opt_values oS2KDigest, oS2KCipher, oS2KCount, - oSimpleSKChecksum, + oSimpleSKChecksum, oDisplayCharset, oNotDashEscaped, oEscapeFrom, @@ -308,7 +308,7 @@ enum cmd_and_opt_values oNoAllowNonSelfsignedUID, oAllowFreeformUID, oNoAllowFreeformUID, - oAllowSecretKeyImport, + oAllowSecretKeyImport, oEnableSpecialFilenames, oNoLiteral, oSetFilesize, @@ -992,7 +992,7 @@ open_info_file (const char *fname, int for_write) sensitive information may be retrieved by means of error messages. */ return -1; -#else +#else int fd; /* if (is_secured_filename (fname)) */ @@ -1015,7 +1015,7 @@ open_info_file (const char *fname, int for_write) if ( fd == -1) log_error ( for_write? _("can't create `%s': %s\n") : _("can't open `%s': %s\n"), fname, strerror(errno)); - + return fd; #endif } @@ -1678,7 +1678,7 @@ parse_trust_model(const char *model) /* Must be called before we open any files. */ static void reopen_std(void) -{ +{ #if defined(HAVE_STAT) && !defined(HAVE_W32_SYSTEM) struct stat statbuf; int did_stdin=0,did_stdout=0,did_stderr=0; @@ -1775,7 +1775,7 @@ get_default_configname (void) if (configname) { char *tok; - + xfree (configname); configname = NULL; @@ -1786,13 +1786,13 @@ get_default_configname (void) else break; } - + configname = make_filename (opt.homedir, name, NULL); } while (access (configname, R_OK)); xfree(name); - + if (! configname) configname = make_filename (opt.homedir, "gpg" EXTSEP_S "conf", NULL); if (! access (configname, R_OK)) @@ -1930,9 +1930,9 @@ main (int argc, char **argv ) #elif defined(__APPLE__) opt.pcsc_driver = "/System/Library/Frameworks/PCSC.framework/PCSC"; #elif defined(__GLIBC__) - opt.pcsc_driver = "libpcsclite.so.1"; + opt.pcsc_driver = "libpcsclite.so.1"; #else - opt.pcsc_driver = "libpcsclite.so"; + opt.pcsc_driver = "libpcsclite.so"; #endif opt.disable_keypad = 1; /* No keypad support; use gpg2 instead. */ #endif /*ENABLE_CARD_SUPPORT*/ @@ -2079,19 +2079,19 @@ main (int argc, char **argv ) { switch( pargs.r_opt ) { - case aCheckKeys: + case aCheckKeys: case aListConfig: case aGPGConfList: case aGPGConfTest: case aListPackets: - case aImport: - case aFastImport: - case aSendKeys: - case aRecvKeys: + case aImport: + case aFastImport: + case aSendKeys: + case aRecvKeys: case aSearchKeys: case aRefreshKeys: case aFetchKeys: - case aExport: + case aExport: set_cmd (&cmd, pargs.r_opt); break; case aListKeys: set_cmd( &cmd, aListKeys); break; @@ -2104,7 +2104,7 @@ main (int argc, char **argv ) break; case aDeleteSecretAndPublicKeys: set_cmd( &cmd, aDeleteSecretAndPublicKeys); - greeting=1; + greeting=1; break; case aDeleteKeys: set_cmd( &cmd, aDeleteKeys); greeting=1; break; @@ -2205,7 +2205,7 @@ main (int argc, char **argv ) case oDebug: opt.debug |= pargs.r.ret_ulong; break; case oDebugAll: opt.debug = ~0; break; case oDebugLevel: break; /* Not supported. */ - case oDebugCCIDDriver: + case oDebugCCIDDriver: #if defined(ENABLE_CARD_SUPPORT) && defined(HAVE_LIBUSB) ccid_set_debug_level (ccid_set_debug_level (1)+1); #endif @@ -2549,7 +2549,7 @@ main (int argc, char **argv ) case oCommandFile: opt.command_fd = open_info_file (pargs.r.ret_str, 0); break; - case oCipherAlgo: + case oCipherAlgo: def_cipher_string = xstrdup(pargs.r.ret_str); break; case oDigestAlgo: @@ -2855,8 +2855,8 @@ main (int argc, char **argv ) opt.exit_on_status_write_error = 1; break; - case oLimitCardInsertTries: - opt.limit_card_insert_tries = pargs.r.ret_int; + case oLimitCardInsertTries: + opt.limit_card_insert_tries = pargs.r.ret_int; break; case oRequireCrossCert: opt.flags.require_cross_cert=1; break; @@ -2967,7 +2967,7 @@ main (int argc, char **argv ) "--no-literal" ); } -#ifndef ENABLE_AGENT_SUPPORT +#ifndef ENABLE_AGENT_SUPPORT if (opt.use_agent) { log_info(_("NOTE: %s is not available in this version\n"), "--use-agent"); @@ -3088,7 +3088,9 @@ main (int argc, char **argv ) if(opt.def_cipher_algo==0 && (ascii_strcasecmp(def_cipher_string,"idea")==0 || ascii_strcasecmp(def_cipher_string,"s1")==0)) - idea_cipher_warn(1); + { + idea_cipher_warn(1); + } xfree(def_cipher_string); def_cipher_string = NULL; if( check_cipher_algo(opt.def_cipher_algo) ) log_error(_("selected cipher algorithm is invalid\n")); @@ -3305,13 +3307,13 @@ main (int argc, char **argv ) case of "-kvv userid keyring". Also avoid adding the secret keyring for a couple of commands to avoid unneeded access in case the secrings are stored on a floppy. - + We always need to add the keyrings if we are running under SELinux, this is so that the rings are added to the list of secured files. */ - if( ALWAYS_ADD_KEYRINGS + if( ALWAYS_ADD_KEYRINGS || (cmd != aDeArmor && cmd != aEnArmor - && !(cmd == aKMode && argc == 2 )) ) + && !(cmd == aKMode && argc == 2 )) ) { if (ALWAYS_ADD_KEYRINGS || (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys @@ -3358,11 +3360,11 @@ main (int argc, char **argv ) switch (cmd) { - case aStore: - case aSym: - case aSign: - case aSignSym: - case aClearsign: + case aStore: + case aSym: + case aSign: + case aSignSym: + case aClearsign: if (!opt.quiet && any_explicit_recipient) log_info (_("WARNING: recipients (-r) given " "without using public key encryption\n")); @@ -3522,7 +3524,7 @@ main (int argc, char **argv ) log_error("decrypt_message failed: %s\n", g10_errstr(rc) ); } break; - + case aSignKey: if( argc != 1 ) wrong_args(_("--sign-key user-id")); @@ -3901,7 +3903,7 @@ main (int argc, char **argv ) wrong_args("--import-ownertrust [file]"); import_ownertrust( argc? *argv:NULL ); break; - + case aPipeMode: if ( argc ) wrong_args ("--pipemode"); @@ -4106,12 +4108,12 @@ print_hashline( MD_HANDLE md, int algo, const char *fname ) { int i, n; const byte *p; - + if ( fname ) { for (p = fname; *p; p++ ) { if ( *p <= 32 || *p > 127 || *p == ':' || *p == '%' ) printf("%%%02X", *p ); - else + else putchar( *p ); } } @@ -4119,7 +4121,7 @@ print_hashline( MD_HANDLE md, int algo, const char *fname ) printf("%d:", algo ); p = md_read( md, algo ); n = md_digest_length(algo); - for(i=0; i < n ; i++, p++ ) + for(i=0; i < n ; i++, p++ ) printf("%02X", *p ); putchar(':'); putchar('\n'); @@ -4177,7 +4179,7 @@ print_mds( const char *fname, int algo ) else { md_final(md); if ( opt.with_colons ) { - if ( algo ) + if ( algo ) print_hashline( md, algo, fname ); else { print_hashline( md, DIGEST_ALGO_MD5, fname ); @@ -4274,7 +4276,7 @@ add_policy_url( const char *string, int which ) sl=add_to_strlist( &opt.sig_policy_url, string ); if(critical) - sl->flags |= 1; + sl->flags |= 1; } static void @@ -4307,5 +4309,5 @@ add_keyserver_url( const char *string, int which ) sl=add_to_strlist( &opt.sig_keyserver_url, string ); if(critical) - sl->flags |= 1; + sl->flags |= 1; } diff --git a/g10/keydb.c b/g10/keydb.c index a0c0e57..5a62f18 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -32,7 +32,7 @@ #include "main.h" /*try_make_homedir ()*/ #include "packet.h" #include "keyring.h" -#include "keydb.h" +#include "keydb.h" #include "i18n.h" static int active_handles; @@ -88,7 +88,7 @@ maybe_create_keyring (char *filename, int force) /* If we don't want to create a new file at all, there is no need to go any further - bail out right here. */ - if (!force) + if (!force) return G10ERR_OPEN_FILE; /* First of all we try to create the home directory. Note, that we @@ -99,9 +99,9 @@ maybe_create_keyring (char *filename, int force) last_slash_in_filename = strrchr (filename, DIRSEP_C); *last_slash_in_filename = 0; if (access(filename, F_OK)) - { + { static int tried; - + if (!tried) { tried = 1; @@ -130,8 +130,8 @@ maybe_create_keyring (char *filename, int force) if (opt.verbose) log_info ("can't allocate lock for `%s'\n", filename ); - if (!force) - return G10ERR_OPEN_FILE; + if (!force) + return G10ERR_OPEN_FILE; else return G10ERR_GENERAL; } @@ -161,7 +161,7 @@ maybe_create_keyring (char *filename, int force) else iobuf = iobuf_create (filename); umask (oldmask); - if (!iobuf) + if (!iobuf) { log_error ( _("error creating keyring `%s': %s\n"), filename, strerror(errno)); @@ -279,7 +279,7 @@ keydb_add_resource (const char *url, int flags, int secret) { if (used_resources >= MAX_KEYDB_RESOURCES) rc = G10ERR_RESOURCE_LIMIT; - else + else { if(flags&2) primary_keyring=token; @@ -338,10 +338,10 @@ keydb_new (int secret) { KEYDB_HANDLE hd; int i, j; - + hd = xmalloc_clear (sizeof *hd); hd->found = -1; - + assert (used_resources <= MAX_KEYDB_RESOURCES); for (i=j=0; i < used_resources; i++) { @@ -365,12 +365,12 @@ keydb_new (int secret) } } hd->used = j; - + active_handles++; return hd; } -void +void keydb_release (KEYDB_HANDLE hd) { int i; @@ -409,19 +409,19 @@ keydb_get_resource_name (KEYDB_HANDLE hd) int idx; const char *s = NULL; - if (!hd) + if (!hd) return NULL; - if ( hd->found >= 0 && hd->found < hd->used) + if ( hd->found >= 0 && hd->found < hd->used) idx = hd->found; - else if ( hd->current >= 0 && hd->current < hd->used) + else if ( hd->current >= 0 && hd->current < hd->used) idx = hd->current; else idx = 0; switch (hd->active[idx].type) { case KEYDB_RESOURCE_TYPE_NONE: - s = NULL; + s = NULL; break; case KEYDB_RESOURCE_TYPE_KEYRING: s = keyring_get_resource_name (hd->active[idx].u.kr); @@ -433,7 +433,7 @@ keydb_get_resource_name (KEYDB_HANDLE hd) -static int +static int lock_all (KEYDB_HANDLE hd) { int i, rc = 0; @@ -490,7 +490,7 @@ unlock_all (KEYDB_HANDLE hd) /* * Return the last found keyring. Caller must free it. * The returned keyblock has the kbode flag bit 0 set for the node with - * the public key used to locate the keyblock or flag bit 1 set for + * the public key used to locate the keyblock or flag bit 1 set for * the user ID node. */ int @@ -501,7 +501,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) if (!hd) return G10ERR_INV_ARG; - if ( hd->found < 0 || hd->found >= hd->used) + if ( hd->found < 0 || hd->found >= hd->used) return -1; /* nothing found */ switch (hd->active[hd->found].type) { @@ -516,7 +516,7 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) return rc; } -/* +/* * update the current keyblock with KB */ int @@ -527,7 +527,7 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb) if (!hd) return G10ERR_INV_ARG; - if ( hd->found < 0 || hd->found >= hd->used) + if ( hd->found < 0 || hd->found >= hd->used) return -1; /* nothing found */ if( opt.dry_run ) @@ -551,8 +551,8 @@ keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb) } -/* - * Insert a new KB into one of the resources. +/* + * Insert a new KB into one of the resources. */ int keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb) @@ -560,15 +560,15 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb) int rc = -1; int idx; - if (!hd) + if (!hd) return G10ERR_INV_ARG; if( opt.dry_run ) return 0; - if ( hd->found >= 0 && hd->found < hd->used) + if ( hd->found >= 0 && hd->found < hd->used) idx = hd->found; - else if ( hd->current >= 0 && hd->current < hd->used) + else if ( hd->current >= 0 && hd->current < hd->used) idx = hd->current; else return G10ERR_GENERAL; @@ -591,7 +591,7 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb) } -/* +/* * The current keyblock will be deleted. */ int @@ -602,7 +602,7 @@ keydb_delete_keyblock (KEYDB_HANDLE hd) if (!hd) return G10ERR_INV_ARG; - if ( hd->found < 0 || hd->found >= hd->used) + if ( hd->found < 0 || hd->found >= hd->used) return -1; /* nothing found */ if( opt.dry_run ) @@ -629,16 +629,18 @@ keydb_delete_keyblock (KEYDB_HANDLE hd) /* * Locate the default writable key resource, so that the next * operation (which is only relevant for inserts) will be done on this - * resource. + * resource. */ int keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) { int rc; - + + (void)reserved; + if (!hd) return G10ERR_INV_ARG; - + rc = keydb_search_reset (hd); /* this does reset hd->current */ if (rc) return rc; @@ -662,9 +664,9 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) return rc; } - for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++) + for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++) { - switch (hd->active[hd->current].type) + switch (hd->active[hd->current].type) { case KEYDB_RESOURCE_TYPE_NONE: BUG(); @@ -675,7 +677,7 @@ keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) break; } } - + return -1; } @@ -686,7 +688,7 @@ void keydb_rebuild_caches (int noisy) { int i, rc; - + for (i=0; i < used_resources; i++) { if (all_resources[i].secret) @@ -707,10 +709,10 @@ keydb_rebuild_caches (int noisy) -/* +/* * Start the next search on this handle right at the beginning */ -int +int keydb_search_reset (KEYDB_HANDLE hd) { int i, rc = 0; @@ -718,7 +720,7 @@ keydb_search_reset (KEYDB_HANDLE hd) if (!hd) return G10ERR_INV_ARG; - hd->current = 0; + hd->current = 0; hd->found = -1; /* and reset all resources */ for (i=0; !rc && i < hd->used; i++) { @@ -730,15 +732,15 @@ keydb_search_reset (KEYDB_HANDLE hd) break; } } - return rc; + return rc; } -/* +/* * Search through all keydb resources, starting at the current position, * for a keyblock which contains one of the keys described in the DESC array. */ -int +int keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc, size_t *descindex) { @@ -758,12 +760,12 @@ keydb_search2 (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, break; } if (rc == -1) /* EOF -> switch to next resource */ - hd->current++; + hd->current++; else if (!rc) hd->found = hd->current; } - return rc; + return rc; } int diff --git a/g10/keyid.c b/g10/keyid.c index 57e9fc8..f04bea6 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -35,7 +35,7 @@ #ifdef HAVE_UNSIGNED_TIME_T # define INVALID_TIME_CHECK(a) ((a) == (time_t)(-1)) -#else +#else /* Error or 32 bit time_t and value after 2038-01-19. */ # define INVALID_TIME_CHECK(a) ((a) < 0) #endif @@ -51,6 +51,8 @@ pubkey_letter( int algo ) case PUBKEY_ALGO_ELGAMAL_E: return 'g'; case PUBKEY_ALGO_ELGAMAL: return 'G' ; case PUBKEY_ALGO_DSA: return 'D' ; + case PUBKEY_ALGO_ECDSA: return 'E' ; /* ECC DSA (sign only) */ + case PUBKEY_ALGO_ECDH: return 'e' ; /* ECC DH (encrypt only) */ default: return '?'; } } @@ -100,7 +102,7 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk ) u16 days=0; if(pk->expiredate) days=(u16)((pk->expiredate - pk->timestamp) / 86400L); - + md_putc( md, days >> 8 ); md_putc( md, days ); } @@ -175,7 +177,7 @@ keystrlen(void) const char * keystr(u32 *keyid) -{ +{ static char keyid_str[19]; switch(opt.keyid_format) diff --git a/g10/mainproc.c b/g10/mainproc.c index f46895d..3ffb049 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -72,7 +72,7 @@ struct mainproc_context int trustletter; /* Temporary usage in list_node. */ ulong symkeys; struct kidlist_item *pkenc_list; /* List of encryption packets. */ - struct + struct { int op; int stop_now; @@ -135,10 +135,10 @@ add_gpg_control( CTX c, PACKET *pkt ) /* New clear text signature. * Process the last one and reset everything */ release_list(c); - } + } else if ( pkt->pkt.gpg_control->control == CTRLPKT_PIPEMODE ) { /* Pipemode control packet */ - if ( pkt->pkt.gpg_control->datalen < 2 ) + if ( pkt->pkt.gpg_control->datalen < 2 ) log_fatal ("invalid pipemode control packet length\n"); if (pkt->pkt.gpg_control->data[0] == 1) { /* start the whole thing */ @@ -156,10 +156,10 @@ add_gpg_control( CTX c, PACKET *pkt ) /* and tell the outer loop to terminate */ c->pipemode.stop_now = 1; } - else + else log_fatal ("invalid pipemode control packet code\n"); return 0; /* no need to store the packet */ - } + } if( c->list ) /* add another packet */ add_kbnode( c->list, new_kbnode( pkt )); @@ -264,14 +264,16 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen ) resulted in a garbage algorithm byte, but it's close enough since a bogus byte here will fail later. */ if(dek->algo==CIPHER_ALGO_IDEA) - idea_cipher_warn(0); + { + idea_cipher_warn(0); + } memcpy(dek->key, seskey + 1, dek->keylen); /*log_hexdump( "thekey", dek->key, dek->keylen );*/ return 0; -} +} static void proc_symkey_enc( CTX c, PACKET *pkt ) @@ -403,7 +405,7 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) } else if( is_ELGAMAL(enc->pubkey_algo) || enc->pubkey_algo == PUBKEY_ALGO_DSA - || is_RSA(enc->pubkey_algo) + || is_RSA(enc->pubkey_algo) || (RFC2440 && enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)) { /* Note that we also allow type 20 Elgamal keys for decryption. There are still a couple of those keys in active use as a @@ -464,7 +466,7 @@ print_pkenc_list( struct kidlist_item *list, int failed ) for( ; list; list = list->next ) { PKT_public_key *pk; const char *algstr; - + if ( failed && !list->reason ) continue; if ( !failed && list->reason ) @@ -680,7 +682,7 @@ proc_plaintext( CTX c, PACKET *pkt ) /* check that we have at least the sigclass and one hash */ if ( datalen < 2 ) - log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n"); + log_fatal("invalid control packet CTRLPKT_CLEARSIGN_START\n"); /* Note that we don't set the clearsig flag for not-dash-escaped * documents */ clearsig = (*data == 0x01); @@ -764,7 +766,7 @@ proc_plaintext( CTX c, PACKET *pkt ) n = new_kbnode (create_gpg_control (CTRLPKT_PLAINTEXT_MARK, NULL, 0)); if (c->list) add_kbnode (c->list, n); - else + else c->list = n; } @@ -849,7 +851,7 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig, || sig->sig_class == 0x1f || sig->sig_class == 0x20 || sig->sig_class == 0x28 - || sig->sig_class == 0x30 ) { + || sig->sig_class == 0x30 ) { if( c->list->pkt->pkttype == PKT_PUBLIC_KEY || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { return check_key_signature( c->list, node, is_selfsig ); @@ -1102,7 +1104,7 @@ list_node( CTX c, KBNODE node ) switch( (rc2=do_check_sig( c, node, &is_selfsig, NULL, NULL )) ) { case 0: sigrc = '!'; break; case G10ERR_BAD_SIGN: sigrc = '-'; break; - case G10ERR_NO_PUBKEY: + case G10ERR_NO_PUBKEY: case G10ERR_UNU_PUBKEY: sigrc = '?'; break; default: sigrc = '%'; break; } @@ -1199,7 +1201,7 @@ proc_signature_packets( void *anchor, IOBUF a, messages, send a NODATA status back and return an error code. Using log_error is required because verify_files does not check error codes for each file but we want to terminate the process - with an error. */ + with an error. */ if (!rc && !c->any_sig_seen) { write_status_text (STATUS_NODATA, "4"); @@ -1334,7 +1336,7 @@ do_proc_packets( CTX c, IOBUF a ) * packet and not to reuse the current one ... It works right * when there is a compression packet inbetween which adds just * an extra layer. - * Hmmm: Rewrite this whole module here?? + * Hmmm: Rewrite this whole module here?? */ if( pkt->pkttype != PKT_SIGNATURE && pkt->pkttype != PKT_MDC ) c->have_data = pkt->pkttype == PKT_PLAINTEXT; @@ -1348,8 +1350,8 @@ do_proc_packets( CTX c, IOBUF a ) else free_packet(pkt); if ( c->pipemode.stop_now ) { - /* we won't get an EOF in pipemode, so we have to - * break the loop here */ + /* we won't get an EOF in pipemode, so we have to + * break the loop here */ rc = -1; break; } @@ -1459,7 +1461,7 @@ check_sig_and_print( CTX c, KBNODE node ) O{1,n} P S{1,n} -- standard OpenPGP signature. C P S{1,n} -- cleartext signature. - + O = One-Pass Signature packet. S = Signature packet. P = OpenPGP Message packet (Encrypted | Compressed | Literal) @@ -1471,7 +1473,7 @@ check_sig_and_print( CTX c, KBNODE node ) C = Marker packet for cleartext signatures. We reject all other messages. - + Actually we are calling this too often, i.e. for verification of each message but better have some duplicate work than to silently introduce a bug here. @@ -1485,7 +1487,7 @@ check_sig_and_print( CTX c, KBNODE node ) n = c->list; assert (n); - if ( n->pkt->pkttype == PKT_SIGNATURE ) + if ( n->pkt->pkttype == PKT_SIGNATURE ) { /* This is either "S{1,n}" case (detached signature) or "S{1,n} P" (old style PGP2 signature). */ @@ -1504,7 +1506,7 @@ check_sig_and_print( CTX c, KBNODE node ) else goto ambiguous; } - else if (n->pkt->pkttype == PKT_ONEPASS_SIG) + else if (n->pkt->pkttype == PKT_ONEPASS_SIG) { /* This is the "O{1,n} P S{1,n}" case (standard signature). */ for (n_onepass=1, n = n->next; @@ -1552,7 +1554,7 @@ check_sig_and_print( CTX c, KBNODE node ) if (n || !n_sig) goto ambiguous; } - else + else { ambiguous: log_error(_("can't handle this ambiguous signature data\n")); @@ -1621,19 +1623,19 @@ check_sig_and_print( CTX c, KBNODE node ) /* If the preferred keyserver thing above didn't work, our second try is to use the URI from a DNS PKA record. */ - if ( rc == G10ERR_NO_PUBKEY + if ( rc == G10ERR_NO_PUBKEY && opt.keyserver_options.options&KEYSERVER_AUTO_KEY_RETRIEVE && opt.keyserver_options.options&KEYSERVER_HONOR_PKA_RECORD) { const char *uri = pka_uri_from_sig (sig); - + if (uri) { /* FIXME: We might want to locate the key using the fingerprint instead of the keyid. */ int res; struct keyserver_spec *spec; - + spec = parse_keyserver_uri (uri, 1, NULL, 0); if (spec) { @@ -1717,7 +1719,7 @@ check_sig_and_print( CTX c, KBNODE node ) keyid_str[17] = 0; /* cut off the "[uncertain]" part */ write_status_text_and_buffer (statno, keyid_str, un->pkt->pkt.user_id->name, - un->pkt->pkt.user_id->len, + un->pkt->pkt.user_id->len, -1 ); p=utf8_to_native(un->pkt->pkt.user_id->name, @@ -1762,7 +1764,7 @@ check_sig_and_print( CTX c, KBNODE node ) write_status_text_and_buffer (statno, keyid_str, un? un->pkt->pkt.user_id->name:"[?]", - un? un->pkt->pkt.user_id->len:3, + un? un->pkt->pkt.user_id->len:3, -1 ); if(un) @@ -1785,7 +1787,7 @@ check_sig_and_print( CTX c, KBNODE node ) fputs("\n", log_stream() ); } - /* If we have a good signature and already printed + /* If we have a good signature and already printed * the primary user ID, print all the other user IDs */ if ( count && !rc && !(opt.verify_options&VERIFY_SHOW_PRIMARY_UID_ONLY) ) { @@ -1882,7 +1884,7 @@ check_sig_and_print( CTX c, KBNODE node ) bufp = bufp + strlen (bufp); if (!vpk->is_primary) { u32 akid[2]; - + akid[0] = vpk->main_keyid[0]; akid[1] = vpk->main_keyid[1]; free_public_key (vpk); @@ -2030,7 +2032,7 @@ proc_tree( CTX c, KBNODE node ) log_error (_("not a detached signature\n") ); return; } - + for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) check_sig_and_print( c, n1 ); } diff --git a/include/cipher.h b/include/cipher.h index 2bc57d6..9c25605 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -47,8 +47,11 @@ #define PUBKEY_ALGO_RSA_S 3 /* RSA sign only */ #define PUBKEY_ALGO_ELGAMAL_E 16 /* encrypt only ElGamal (but not for v3)*/ #define PUBKEY_ALGO_DSA 17 +#define PUBKEY_ALGO_ECDH 18 +#define PUBKEY_ALGO_ECDSA 19 #define PUBKEY_ALGO_ELGAMAL 20 /* sign and encrypt elgamal */ + #define PUBKEY_USAGE_SIG 1 /* key is good for signatures */ #define PUBKEY_USAGE_ENC 2 /* key is good for encryption */ #define PUBKEY_USAGE_CERT 4 /* key is also good to certify other keys*/ @@ -113,7 +116,7 @@ typedef struct gcry_md_context *MD_HANDLE; #if defined (__riscos__) && !defined (INCLUDED_BY_MAIN_MODULE) #define EXTERN_UNLESS_MAIN_MODULE extern #else -#define EXTERN_UNLESS_MAIN_MODULE +#define EXTERN_UNLESS_MAIN_MODULE #endif #endif EXTERN_UNLESS_MAIN_MODULE int g10c_debug_mode; ----------------------------------------------------------------------- Summary of changes: g10/build-packet.c | 22 +++++--- g10/getkey.c | 150 ++++++++++++++++++++++++++------------------------- g10/gpg.c | 80 ++++++++++++++-------------- g10/keydb.c | 88 ++++++++++++++++--------------- g10/keyid.c | 8 ++- g10/mainproc.c | 62 +++++++++++---------- include/cipher.h | 5 ++- 7 files changed, 216 insertions(+), 199 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 1 11:11:24 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 01 Jul 2011 11:11:24 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-38-g3fe9938 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 3fe99382027ed4b483e11dcef48cf5b5c17a4898 (commit) from 13290b0e0fcf3a493e4848b29329d56b69bc4dd9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3fe99382027ed4b483e11dcef48cf5b5c17a4898 Author: Werner Koch Date: Fri Jul 1 10:33:43 2011 +0200 Provide pubkey letters e and E This is only to print those letters instead of a question mark. It does not mean ECC is or will be supported in this branch. diff --git a/g10/ChangeLog b/g10/ChangeLog index a7bcf9d..55ba2b6 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,7 @@ +2011-07-01 Werner Koch + + * keyid.c (pubkey_letter): Add letters e and E. + 2011-06-13 Werner Koch * pkglue.c (mpi_from_sexp, pk_decrypt): Use GCRYMPI_FMT_USG for diff --git a/g10/keyid.c b/g10/keyid.c index 3ba7d42..d7a877b 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -45,6 +45,8 @@ pubkey_letter( int algo ) case PUBKEY_ALGO_ELGAMAL_E: return 'g'; case PUBKEY_ALGO_ELGAMAL: return 'G' ; case PUBKEY_ALGO_DSA: return 'D' ; + case PUBKEY_ALGO_ECDSA: return 'E' ; /* ECC DSA (sign only) */ + case PUBKEY_ALGO_ECDH: return 'e' ; /* ECC DH (encrypt only) */ default: return '?'; } } @@ -102,7 +104,7 @@ hash_public_key( gcry_md_hd_t md, PKT_public_key *pk ) u16 days=0; if(pk->expiredate) days=(u16)((pk->expiredate - pk->timestamp) / 86400L); - + gcry_md_putc ( md, days >> 8 ); gcry_md_putc ( md, days ); } @@ -170,7 +172,7 @@ v3_keyid (gcry_mpi_t a, u32 *ki) BUG (); if (nbytes < 8) /* oops */ ki[0] = ki[1] = 0; - else + else { p = buffer + nbytes - 8; ki[0] = (p[0] << 24) | (p[1] <<16) | (p[2] << 8) | p[3]; @@ -206,7 +208,7 @@ keystrlen(void) const char * keystr(u32 *keyid) -{ +{ static char keyid_str[19]; switch(opt.keyid_format) @@ -452,13 +454,13 @@ namehash_from_uid(PKT_user_id *uid) if (!uid->namehash) { uid->namehash = xmalloc (20); - + if(uid->attrib_data) rmd160_hash_buffer (uid->namehash, uid->attrib_data, uid->attrib_len); else rmd160_hash_buffer (uid->namehash, uid->name, uid->len); } - + return uid->namehash; } @@ -636,7 +638,7 @@ const char * colon_datestr_from_sig (PKT_signature *sig) { static char buf[20]; - + snprintf (buf, sizeof buf, "%lu", (ulong)sig->timestamp); return buf; } @@ -667,21 +669,21 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) const byte *dp; size_t len, nbytes; int i; - + if ( pk->version < 4 ) { if ( is_RSA(pk->pubkey_algo) ) { /* RSA in version 3 packets is special. */ gcry_md_hd_t md; - + if (gcry_md_open (&md, DIGEST_ALGO_MD5, 0)) BUG (); - if ( pubkey_get_npkey (pk->pubkey_algo) > 1 ) + if ( pubkey_get_npkey (pk->pubkey_algo) > 1 ) { for (i=0; i < 2; i++) { - if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, + if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &nbytes, pk->pkey[i])) BUG (); /* fixme: Better allocate BUF on the stack */ @@ -708,10 +710,10 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) memset (array,0,16); } } - else + else { gcry_md_hd_t md; - + md = do_fingerprint_md(pk); dp = gcry_md_read( md, 0 ); len = gcry_md_get_algo_dlen (gcry_md_get_algo (md)); @@ -723,7 +725,7 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) pk->keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; gcry_md_close( md); } - + *ret_len = len; return array; } @@ -735,21 +737,21 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len ) const char *dp; size_t len, nbytes; int i; - + if (sk->version < 4) { if ( is_RSA(sk->pubkey_algo) ) { /* RSA in version 3 packets is special. */ gcry_md_hd_t md; - + if (gcry_md_open (&md, DIGEST_ALGO_MD5, 0)) BUG (); if (pubkey_get_npkey( sk->pubkey_algo ) > 1) { for (i=0; i < 2; i++) { - if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, + if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &nbytes, sk->skey[i])) BUG (); /* fixme: Better allocate BUF on the stack */ @@ -779,7 +781,7 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len ) else { gcry_md_hd_t md; - + md = do_fingerprint_md_sk(sk); if (md) { @@ -799,7 +801,7 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len ) memset (array, 0, len); } } - + *ret_len = len; return array; } @@ -816,7 +818,7 @@ serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen, size_t fprlen; char *buffer, *p; int i; - + fingerprint_from_sk (sk, fpr, &fprlen); buffer = p = xmalloc (snlen*2 + 1 + fprlen*2 + 1); for (i=0; i < snlen; i++, p+=2) @@ -827,4 +829,3 @@ serialno_and_fpr_from_sk (const unsigned char *sn, size_t snlen, *p = 0; return buffer; } - diff --git a/include/ChangeLog b/include/ChangeLog index 339800f..97f491e 100644 --- a/include/ChangeLog +++ b/include/ChangeLog @@ -1,3 +1,7 @@ +2011-07-01 Werner Koch + + * cipher.h (PUBKEY_ALGO_ECDH, PUBKEY_ALGO_ECDSA): New. + 2009-08-20 Daiki Ueno (wk) * cipher.h (struct DEK): Add field S2K_CACHEID. @@ -215,7 +219,7 @@ * KEYSERVER_SCHEME_NOT_FOUND should be 127 to match the POSIX system() (via /bin/sh) way of signaling this. - + * Added G10ERR_KEYSERVER 2001-12-27 Werner Koch @@ -245,7 +249,7 @@ 2001-08-24 Werner Koch - * cipher.h (md_write): Made buf arg const. + * cipher.h (md_write): Made buf arg const. 2001-08-20 Werner Koch @@ -255,7 +259,7 @@ never use __attribute__. * cipher.h, iobuf.h, memory.h, mpi.h [__riscos__]: extern hack. * i18n.h [__riscos__]: Use another include file - + 2001-05-30 Werner Koch * ttyio.h (tty_printf): Add missing parenthesis for non gcc. @@ -431,5 +435,3 @@ Tue Mar 3 15:11:21 1998 Werner Koch (wk at isil.d.shuttle.de) This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/include/cipher.h b/include/cipher.h index 8e19828..f5caa8d 100644 --- a/include/cipher.h +++ b/include/cipher.h @@ -1,4 +1,4 @@ -/* cipher.h - Definitions for OpenPGP +/* cipher.h - Definitions for OpenPGP * Copyright (C) 1998, 1999, 2000, 2001, 2006, * 2007 Free Software Foundation, Inc. * @@ -24,8 +24,8 @@ /* Macros for compatibility with older libgcrypt versions. */ #ifndef GCRY_PK_USAGE_CERT -# define GCRY_PK_USAGE_CERT 4 -# define GCRY_PK_USAGE_AUTH 8 +# define GCRY_PK_USAGE_CERT 4 +# define GCRY_PK_USAGE_AUTH 8 # define GCRY_PK_USAGE_UNKN 128 #endif @@ -51,11 +51,13 @@ #define CIPHER_ALGO_CAMELLIA256 13 #define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */ -#define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA -#define PUBKEY_ALGO_RSA_E /* 2 */ GCRY_PK_RSA_E /* RSA encrypt only. */ +#define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA +#define PUBKEY_ALGO_RSA_E /* 2 */ GCRY_PK_RSA_E /* RSA encrypt only. */ #define PUBKEY_ALGO_RSA_S /* 3 */ GCRY_PK_RSA_S /* RSA sign only. */ #define PUBKEY_ALGO_ELGAMAL_E /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */ -#define PUBKEY_ALGO_DSA /* 17 */ GCRY_PK_DSA +#define PUBKEY_ALGO_DSA /* 17 */ GCRY_PK_DSA +#define PUBKEY_ALGO_ECDH 18 +#define PUBKEY_ALGO_ECDSA 19 #define PUBKEY_ALGO_ELGAMAL /* 20 */ GCRY_PK_ELG /* Elgamal encr+sign */ #define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */ @@ -86,7 +88,7 @@ #define is_DSA(a) ((a)==PUBKEY_ALGO_DSA) /* The data encryption key object. */ -typedef struct +typedef struct { int algo; int keylen; ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 4 ++++ g10/keyid.c | 41 +++++++++++++++++++++-------------------- include/ChangeLog | 12 +++++++----- include/cipher.h | 16 +++++++++------- 4 files changed, 41 insertions(+), 32 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 4 13:18:29 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 04 Jul 2011 13:18:29 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.11-16-g6daa9db Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 6daa9dbd7cd689758c060cf516d006041dabcdd5 (commit) from 04b0b050ffb5862dc312a4806b65085d417afaf1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6daa9dbd7cd689758c060cf516d006041dabcdd5 Author: Werner Koch Date: Mon Jul 4 12:41:45 2011 +0200 Allow building for ARM thumb. Fixes bug#1202. diff --git a/mpi/ChangeLog b/mpi/ChangeLog index a99acae..1f81333 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,8 @@ +2011-07-04 Werner Koch + + * longlong.h: [__arm__]: Do no use asm if thumb code generation is + enabled. Fixes bug#1202. + 2010-10-28 Werner Koch * longlong.h: Revert last two changes and replace by code from @@ -206,7 +211,7 @@ 2002-08-02 Timo Schulz * mpicoder.c: Add a '\n' to all log_bug functions. - + 2002-08-01 Werner Koch * config.links: Added case for sparc64-netbsd. Suggested by @@ -239,7 +244,7 @@ * i386/mpih-add1.S, i386/mpih-sub1.S, i386/mpih-rshift.S, i386/mpih-lshift.S: Minor syntax changes suggested by Mark Pettit after comparing the files with those for GMP 4. - + 2001-11-08 Werner Koch * config.links (mpi_sflags): Add extra rule for sparc64-sun-solaris2. @@ -290,7 +295,7 @@ * mpi.h: Removed the inclusion of mpi-asm-defs.h because this makes some trouble when doing a VPATH build. configure now takes care of it. - + 2000-10-12 Werner Koch * generic/mpi-asm-defs.h: New. @@ -551,5 +556,3 @@ Mon Feb 16 13:00:27 1998 Werner Koch (wk at isil.d.shuttle.de) This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/mpi/longlong.h b/mpi/longlong.h index f17e84a..a4c18a4 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -2,7 +2,7 @@ Note: I added some stuff for use with gnupg Copyright (C) 1991, 1992, 1993, 1994, 1996, 1998, - 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + 2000, 2001, 2002, 2003, 2011 Free Software Foundation, Inc. This file is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -180,7 +180,7 @@ extern UDItype __udiv_qrnnd (); /*************************************** ************** ARM ****************** ***************************************/ -#if defined (__arm__) && W_TYPE_SIZE == 32 +#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined (__thumb__) #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ __asm__ ("adds %1, %4, %5\n" \ "adc %0, %2, %3" \ ----------------------------------------------------------------------- Summary of changes: mpi/ChangeLog | 13 ++++++++----- mpi/longlong.h | 4 ++-- 2 files changed, 10 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 4 13:22:18 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 04 Jul 2011 13:22:18 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-4-g5e14de0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 5e14de02b323d207151429d37f006ec30bbf7783 (commit) from 7cae9fdfc9e322941545a3a2128a5ead1010a6cf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5e14de02b323d207151429d37f006ec30bbf7783 Author: Werner Koch Date: Mon Jul 4 12:45:44 2011 +0200 Allow building for ARM thumb. Similar to bug#1202. diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 7d32f5a..4b7b8cf 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,8 @@ +2011-07-04 Werner Koch + + * longlong.h (add_ssaaaa) [__arm__]: Do no use asm if thumb code + generation is enabled. This is bug#1202. Reported for gpg 1.4. + 2011-03-28 Werner Koch * mpi-pow.c (gcry_mpi_powm): Remove unused var RSEC. diff --git a/mpi/longlong.h b/mpi/longlong.h index be88cae..5dba793 100644 --- a/mpi/longlong.h +++ b/mpi/longlong.h @@ -2,7 +2,7 @@ Note: I added some stuff for use with gnupg Copyright (C) 1991, 1992, 1993, 1994, 1996, 1998, - 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. + 2000, 2001, 2002, 2003, 2004, 2011 Free Software Foundation, Inc. This file is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by @@ -184,7 +184,7 @@ extern UDItype __udiv_qrnnd (); /*************************************** ************** ARM ****************** ***************************************/ -#if defined (__arm__) && W_TYPE_SIZE == 32 +#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined (__thumb__) #define add_ssaaaa(sh, sl, ah, al, bh, bl) \ __asm__ ("adds %1, %4, %5\n" \ "adc %0, %2, %3" \ ----------------------------------------------------------------------- Summary of changes: mpi/ChangeLog | 5 +++++ mpi/longlong.h | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 4 21:21:29 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Mon, 04 Jul 2011 21:21:29 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.3.1-1-g86a439d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 86a439d1d15d42ed7a2e796902b91e8386f9e1d0 (commit) from 547aca0b24efa34634f23f91f2dc81a63cb4d9bc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 86a439d1d15d42ed7a2e796902b91e8386f9e1d0 Author: Marcus Brinkmann Date: Mon Jul 4 20:44:12 2011 +0200 Post-release. diff --git a/NEWS b/NEWS index d9f7366..ee8f2cd 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,9 @@ +Noteworthy changes in version 1.3.2 (unreleased) +------------------------------------------------ + + * ... + + Noteworthy changes in version 1.3.1 (2011-06-16) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 7722562..ca88b84 100644 --- a/configure.ac +++ b/configure.ac @@ -33,7 +33,7 @@ min_automake_version="1.11" # SVN version is the most recent one in a branch. To disable the SVN # version for the real release, set the my_issvn macro to no. m4_define(my_version, [1.3.1]) -m4_define(my_issvn, [no]) +m4_define(my_issvn, [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) ----------------------------------------------------------------------- Summary of changes: NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 4 21:22:30 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Mon, 04 Jul 2011 21:22:30 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.0.2-1-g1843bf3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 1843bf3677d2ac83b110e9daa8b91f693baf5daf (commit) from cdce63759a343851cc607dbae60b1cde3869ec8e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1843bf3677d2ac83b110e9daa8b91f693baf5daf Author: Marcus Brinkmann Date: Mon Jul 4 20:46:19 2011 +0200 Unreleased. diff --git a/NEWS b/NEWS index ef2480b..c76501d 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,9 @@ +Noteworthy changes in version 2.0.3 (unreleased) +------------------------------------------------ + + * ... + + Noteworthy changes in version 2.0.2 (2010-06-16) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 23209a3..983a2b3 100644 --- a/configure.ac +++ b/configure.ac @@ -25,7 +25,7 @@ min_automake_version="1.10" # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [2.0.2]) -m4_define([my_issvn], [no]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) ----------------------------------------------------------------------- Summary of changes: NEWS | 6 ++++++ configure.ac | 2 +- 2 files changed, 7 insertions(+), 1 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 7 11:58:59 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 07 Jul 2011 11:58:59 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-39-gfb44677 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via fb44677c9f2cab6bac08d04d675554b38f64382a (commit) from 3fe99382027ed4b483e11dcef48cf5b5c17a4898 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb44677c9f2cab6bac08d04d675554b38f64382a Author: Werner Koch Date: Thu Jul 7 11:20:53 2011 +0200 Allow generation of card keys up to 4096 bit. This patch implementes a chunk mode to pass the key parameters from scdaemon to gpg. This allows to pass arbitrary long key paremeters; it is used for keys larger than 3072 bit. diff --git a/NEWS b/NEWS index 492fe41..b3ce8e0 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ Noteworthy changes in version 2.0.18 (unreleased) ------------------------------------------------- + * Allow generation of card keys up to 4096 bit. + + * Bug fix for newer versions of Libgcrypt. + Noteworthy changes in version 2.0.17 (2011-01-13) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index 3527c43..36c8901 100644 --- a/configure.ac +++ b/configure.ac @@ -1,19 +1,19 @@ # configure.ac - for GnuPG 2.0 # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, # 2006, 2007, 2008, 2010, 2011 Free Software Foundation, Inc. -# +# # This file is part of GnuPG. -# +# # GnuPG is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -31,7 +31,7 @@ m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \ | awk '/^\* / {printf "%s",$3}'])) -AC_INIT([gnupg], +AC_INIT([gnupg], [my_version[]m4_if(my_issvn,[yes], [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])], [http://bugs.gnupg.org]) @@ -67,7 +67,7 @@ AC_GNU_SOURCE # Some status variables. have_gpg_error=no -have_libgcrypt=no +have_libgcrypt=no have_libassuan=no have_ksba=no have_pth=no @@ -369,10 +369,10 @@ AH_BOTTOM([ #ifdef HAVE_DRIVE_LETTERS #define GNUPG_DEFAULT_HOMEDIR "c:/gnupg" #elif defined(__VMS) -#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" +#define GNUPG_DEFAULT_HOMEDIR "/SYS\$LOGIN/gnupg" #else #define GNUPG_DEFAULT_HOMEDIR "~/.gnupg" -#endif +#endif #define GNUPG_PRIVATE_KEYS_DIR "private-keys-v1.d" /* For some systems (DOS currently), we hardcode the path here. For @@ -380,7 +380,7 @@ AH_BOTTOM([ the values may be overridden by the make invocations; this is to comply with the GNU coding standards. */ #ifdef HAVE_DRIVE_LETTERS - /* FIXME: We need to use a function to determine these values depending + /* FIXME: We need to use a function to determine these values depending on the actual installation directory. */ #define GNUPG_BINDIR "c:\\gnupg" #define GNUPG_LIBEXECDIR "c:\\gnupg" @@ -574,7 +574,7 @@ esac if test "$have_dosish_system" = yes; then AC_DEFINE(HAVE_DOSISH_SYSTEM,1, - [Defined if we run on some of the PCDOS like systems + [Defined if we run on some of the PCDOS like systems (DOS, Windoze. OS/2) with special properties like no file modes]) fi @@ -726,7 +726,7 @@ else *** To support concurrent access to the gpg-agent and the SCdaemon *** we need the support of the GNU Portable Threads Library. *** Download it from ftp://ftp.gnu.org/gnu/pth/ -*** On a Debian GNU/Linux system you might want to try +*** On a Debian GNU/Linux system you might want to try *** apt-get install libpth-dev ***]]) fi @@ -766,7 +766,7 @@ if test "$with_adns" != "no"; then [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]) fi if test "$have_adns" = "yes"; then - ADNSLIBS="-ladns" + ADNSLIBS="-ladns" fi AC_SUBST(ADNSLIBS) # Newer adns versions feature a free function to be used under W32. @@ -820,7 +820,7 @@ if test x"$use_dns_pka" = xyes || test x"$use_dns_srv" = xyes \ #include ], [[unsigned char answer[PACKETSZ]; res_query("foo.bar",C_IN,T_A,answer,PACKETSZ); - dn_skipname(0,0); + dn_skipname(0,0); dn_expand(0,0,0,0,0); ]])],have_resolver=yes,have_resolver=no) AC_MSG_RESULT($have_resolver) @@ -1155,7 +1155,7 @@ if test "$use_regex" = yes ; then CPPFLAGS="${CPPFLAGS} -I$withval/include" LDFLAGS="${LDFLAGS} -L$withval/lib" fi - ],withval="") + ],withval="") # Does the system have regex functions at all? AC_SEARCH_LIBS([regcomp], [regex]) @@ -1215,7 +1215,7 @@ AC_CHECK_HEADER(zlib.h, # # Check whether we can support bzip2 -# +# if test "$use_bzip2" = yes ; then _cppflags="${CPPFLAGS}" _ldflags="${LDFLAGS}" @@ -1229,7 +1229,7 @@ if test "$use_bzip2" = yes ; then ],withval="") # Checking alongside stdio.h as an early version of bzip2 (1.0) - # required stdio.h to be included before bzlib.h, and Solaris 9 is + # required stdio.h to be included before bzlib.h, and Solaris 9 is # woefully out of date. if test "$withval" != no ; then AC_CHECK_HEADER(bzlib.h, @@ -1254,7 +1254,7 @@ GNUPG_CHECK_READLINE # # Allow users to append something to the version string without # flagging it as development version. The user version parts is -# considered everything after a dash. +# considered everything after a dash. # if test "$development_version" != yes; then changequote(,)dnl @@ -1428,7 +1428,7 @@ die=no if test "$have_gpg_error" = "no"; then die=yes AC_MSG_NOTICE([[ -*** +*** *** You need libgpg-error to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgpg-error @@ -1438,7 +1438,7 @@ fi if test "$have_libgcrypt" = "no"; then die=yes AC_MSG_NOTICE([[ -*** +*** *** You need libgcrypt to build this program. ** This library is for example available at *** ftp://ftp.gnupg.org/gcrypt/libgcrypt/ @@ -1471,7 +1471,7 @@ if test "$missing_pth" = "yes"; then *** GNU Portable Threads Library (Pth). Please install this *** library first. The library is for example available at *** ftp://ftp.gnu.org/gnu/pth/ -*** On a Debian GNU/Linux system you can install it using +*** On a Debian GNU/Linux system you can install it using *** apt-get install libpth-dev *** To build GnuPG for Windows you need to use the W32PTH *** package; available at: @@ -1490,7 +1490,7 @@ fi -AC_CONFIG_FILES([ m4/Makefile +AC_CONFIG_FILES([ m4/Makefile Makefile po/Makefile.in gl/Makefile @@ -1517,7 +1517,7 @@ AC_OUTPUT echo " GnuPG v${VERSION} has been configured as follows: - + Platform: $PRINTABLE_OS_NAME ($host) OpenPGP: $build_gpg diff --git a/g10/call-agent.c b/g10/call-agent.c index 8906082..cded773 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1,5 +1,5 @@ /* call-agent.c - Divert GPG operations to the agent. - * Copyright (C) 2001, 2002, 2003, 2006, 2007, + * Copyright (C) 2001, 2002, 2003, 2006, 2007, * 2008, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -23,7 +23,7 @@ #include #include #include -#include +#include #include #include #ifdef HAVE_LOCALE_H @@ -48,7 +48,7 @@ static assuan_context_t agent_ctx = NULL; static int did_early_card_test; -struct cipher_parm_s +struct cipher_parm_s { assuan_context_t ctx; const char *ciphertext; @@ -69,13 +69,19 @@ struct writekey_parm_s size_t keydatalen; }; -struct genkey_parm_s +struct genkey_parm_s { assuan_context_t ctx; const char *sexp; size_t sexplen; }; +struct scd_genkey_parm_s +{ + struct agent_card_genkey_s *cgk; + char *savedbytes; /* Malloced space to save key parameter chunks. */ +}; + static gpg_error_t learn_status_cb (void *opaque, const char *line); @@ -99,7 +105,7 @@ status_sc_op_failure (int rc) write_status (STATUS_SC_OP_FAILURE); break; } -} +} @@ -162,7 +168,7 @@ start_agent (int for_card) if (!rc && is_status_enabled () && info.serialno) { char *buf; - + buf = xasprintf ("3 %s", info.serialno); write_status_text (STATUS_CARDCTRL, buf); xfree (buf); @@ -174,7 +180,7 @@ start_agent (int for_card) did_early_card_test = 1; } - + return rc; } @@ -267,7 +273,7 @@ get_serialno_cb (void *opaque, const char *line) memcpy (*serialno, line, n); (*serialno)[n] = 0; } - + return 0; } @@ -329,7 +335,7 @@ learn_status_cb (void *opaque, const char *line) { xfree (parm->serialno); parm->serialno = store_serialno (line); - parm->is_v2 = (strlen (parm->serialno) >= 16 + parm->is_v2 = (strlen (parm->serialno) >= 16 && xtoi_2 (parm->serialno+12) >= 2 ); } else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen)) @@ -510,7 +516,7 @@ agent_learn (struct agent_card_info_s *info) /* Also try to get the key attributes. */ if (!rc) agent_scd_getattr ("KEY-ATTR", info); - + return rc; } @@ -529,7 +535,7 @@ agent_scd_getattr (const char *name, struct agent_card_info_s *info) /* We assume that NAME does not need escaping. */ if (12 + strlen (name) > DIM(line)-1) return gpg_error (GPG_ERR_TOO_LARGE); - stpcpy (stpcpy (line, "SCD GETATTR "), name); + stpcpy (stpcpy (line, "SCD GETATTR "), name); rc = start_agent (1); if (rc) @@ -537,7 +543,7 @@ agent_scd_getattr (const char *name, struct agent_card_info_s *info) rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, NULL, learn_status_cb, info); - + return rc; } @@ -562,8 +568,8 @@ agent_scd_setattr (const char *name, /* We assume that NAME does not need escaping. */ if (12 + strlen (name) > DIM(line)-1) return gpg_error (GPG_ERR_TOO_LARGE); - - p = stpcpy (stpcpy (line, "SCD SETATTR "), name); + + p = stpcpy (stpcpy (line, "SCD SETATTR "), name); *p++ = ' '; for (; valuelen; value++, valuelen--) { @@ -584,7 +590,7 @@ agent_scd_setattr (const char *name, rc = start_agent (1); if (!rc) { - rc = assuan_transact (agent_ctx, line, NULL, NULL, + rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, NULL, NULL, NULL); } @@ -601,7 +607,7 @@ static gpg_error_t inq_writecert_parms (void *opaque, const char *line) { int rc; - struct writecert_parm_s *parm = opaque; + struct writecert_parm_s *parm = opaque; if (!strncmp (line, "CERTDATA", 8) && (line[8]==' '||!line[8])) { @@ -615,7 +621,7 @@ inq_writecert_parms (void *opaque, const char *line) /* Send a WRITECERT command to the SCdaemon. */ -int +int agent_scd_writecert (const char *certidstr, const unsigned char *certdata, size_t certdatalen) { @@ -634,7 +640,7 @@ agent_scd_writecert (const char *certidstr, parms.ctx = agent_ctx; parms.certdata = certdata; parms.certdatalen = certdatalen; - + rc = assuan_transact (agent_ctx, line, NULL, NULL, inq_writecert_parms, &parms, NULL, NULL); @@ -649,7 +655,7 @@ static gpg_error_t inq_writekey_parms (void *opaque, const char *line) { int rc; - struct writekey_parm_s *parm = opaque; + struct writekey_parm_s *parm = opaque; if (!strncmp (line, "KEYDATA", 7) && (line[7]==' '||!line[7])) { @@ -663,7 +669,7 @@ inq_writekey_parms (void *opaque, const char *line) /* Send a WRITEKEY command to the SCdaemon. */ -int +int agent_scd_writekey (int keyno, const char *serialno, const unsigned char *keydata, size_t keydatalen) { @@ -684,7 +690,7 @@ agent_scd_writekey (int keyno, const char *serialno, parms.ctx = agent_ctx; parms.keydata = keydata; parms.keydatalen = keydatalen; - + rc = assuan_transact (agent_ctx, line, NULL, NULL, inq_writekey_parms, &parms, NULL, NULL); @@ -694,14 +700,44 @@ agent_scd_writekey (int keyno, const char *serialno, +static gpg_error_t +scd_genkey_cb_append_savedbytes (struct scd_genkey_parm_s *parm, + const char *line) +{ + gpg_error_t err = 0; + char *p; + + if (!parm->savedbytes) + { + parm->savedbytes = xtrystrdup (line); + if (!parm->savedbytes) + err = gpg_error_from_syserror (); + } + else + { + p = xtrymalloc (strlen (parm->savedbytes) + strlen (line) + 1); + if (!p) + err = gpg_error_from_syserror (); + else + { + strcpy (stpcpy (p, parm->savedbytes), line); + xfree (parm->savedbytes); + parm->savedbytes = p; + } + } + + return err; +} + + /* Status callback for the SCD GENKEY command. */ static gpg_error_t scd_genkey_cb (void *opaque, const char *line) { - struct agent_card_genkey_s *parm = opaque; + struct scd_genkey_parm_s *parm = opaque; const char *keyword = line; int keywordlen; - gpg_error_t rc; + gpg_error_t rc = 0; for (keywordlen=0; *line && !spacep (line); line++, keywordlen++) ; @@ -710,7 +746,7 @@ scd_genkey_cb (void *opaque, const char *line) if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen)) { - parm->fprvalid = unhexify_fpr (line, parm->fpr); + parm->cgk->fprvalid = unhexify_fpr (line, parm->cgk->fpr); } else if (keywordlen == 8 && !memcmp (keyword, "KEY-DATA", keywordlen)) { @@ -722,29 +758,47 @@ scd_genkey_cb (void *opaque, const char *line) while (spacep (line)) line++; - rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX, line, 0, NULL); - if (rc) - log_error ("error parsing received key data: %s\n", gpg_strerror (rc)); - else if (*name == 'n' && spacep (name+1)) - parm->n = a; - else if (*name == 'e' && spacep (name+1)) - parm->e = a; + if (*name == '-' && spacep (name+1)) + rc = scd_genkey_cb_append_savedbytes (parm, line); else { - log_info ("unknown parameter name in received key data\n"); - gcry_mpi_release (a); + if (parm->savedbytes) + { + rc = scd_genkey_cb_append_savedbytes (parm, line); + if (!rc) + rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX, + parm->savedbytes, 0, NULL); + } + else + rc = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX, line, 0, NULL); + if (rc) + log_error ("error parsing received key data: %s\n", + gpg_strerror (rc)); + else if (*name == 'n' && spacep (name+1)) + parm->cgk->n = a; + else if (*name == 'e' && spacep (name+1)) + parm->cgk->e = a; + else + { + log_info ("unknown parameter name in received key data\n"); + gcry_mpi_release (a); + rc = gpg_error (GPG_ERR_INV_PARAMETER); + } + + xfree (parm->savedbytes); + parm->savedbytes = NULL; } } else if (keywordlen == 14 && !memcmp (keyword,"KEY-CREATED-AT", keywordlen)) { - parm->created_at = (u32)strtoul (line, NULL, 10); + parm->cgk->created_at = (u32)strtoul (line, NULL, 10); } else if (keywordlen == 8 && !memcmp (keyword, "PROGRESS", keywordlen)) { write_status_text (STATUS_PROGRESS, line); } - return 0; + return rc; } /* Send a GENKEY command to the SCdaemon. SERIALNO is not used in @@ -759,9 +813,13 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force, int rc; char line[ASSUAN_LINELENGTH]; gnupg_isotime_t tbuf; + struct scd_genkey_parm_s parms; (void)serialno; + memset (&parms, 0, sizeof parms); + parms.cgk = info; + rc = start_agent (1); if (rc) return rc; @@ -774,15 +832,17 @@ agent_scd_genkey (struct agent_card_genkey_s *info, int keyno, int force, memset (info, 0, sizeof *info); snprintf (line, DIM(line)-1, "SCD GENKEY %s%s %s %d", *tbuf? "--timestamp=":"", tbuf, - force? "--force":"", + force? "--force":"", keyno); line[DIM(line)-1] = 0; memset (info, 0, sizeof *info); rc = assuan_transact (agent_ctx, line, NULL, NULL, default_inq_cb, NULL, - scd_genkey_cb, info); - + scd_genkey_cb, &parms); + + xfree (parms.savedbytes); + status_sc_op_failure (rc); return rc; } @@ -800,7 +860,7 @@ select_openpgp (const char *serialno) /* Send the serialno command to initialize the connection. Without a given S/N we don't care about the data returned. If the card has already been initialized, this is a very fast command. We - request the openpgp card because that is what we expect. + request the openpgp card because that is what we expect. Note that an opt.limit_card_insert_tries of 1 means: No tries at all whereas 0 means do not limit the number of tries. Due to the @@ -816,7 +876,7 @@ select_openpgp (const char *serialno) int ask; char *want_sn; char *p; - + want_sn = xtrystrdup (serialno); if (!want_sn) return gpg_error_from_syserror (); @@ -824,14 +884,14 @@ select_openpgp (const char *serialno) if (p) *p = 0; - do + do { ask = 0; err = assuan_transact (agent_ctx, "SCD SERIALNO openpgp", - NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, get_serialno_cb, &this_sn); if (gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT) - ask = 1; + ask = 1; else if (gpg_err_code (err) == GPG_ERR_NOT_SUPPORTED) ask = 2; else if (err) @@ -844,19 +904,19 @@ select_openpgp (const char *serialno) xfree (this_sn); this_sn = NULL; - + if (ask) { char *formatted = NULL; char *ocodeset = i18n_switchto_utf8 (); - if (!strncmp (want_sn, "D27600012401", 12) + if (!strncmp (want_sn, "D27600012401", 12) && strlen (want_sn) == 32 ) formatted = xtryasprintf ("(%.4s) %.8s", want_sn + 16, want_sn + 20); - + err = 0; - desc = xtryasprintf + desc = xtryasprintf ("%s:\n\n" " \"%s\"", ask == 1 @@ -891,7 +951,7 @@ membuf_data_cb (void *opaque, const void *buffer, size_t length) put_membuf (data, buffer, length); return 0; } - + /* Helper returning a command option to describe the used hash algorithm. See scd/command.c:cmd_pksign. */ @@ -1004,7 +1064,7 @@ agent_scd_pkdecrypt (const char *serialno, rc = select_openpgp (serialno); if (rc) return rc; - + sprintf (line, "SCD SETDATA "); p = line + strlen (line); for (i=0; i < indatalen ; i++, p += 2 ) @@ -1037,7 +1097,7 @@ agent_scd_pkdecrypt (const char *serialno, /* Send a READCERT command to the SCdaemon. */ -int +int agent_scd_readcert (const char *certidstr, void **r_buf, size_t *r_buflen) { @@ -1157,8 +1217,8 @@ agent_get_passphrase (const char *cache_id, int rc; char line[ASSUAN_LINELENGTH]; char *arg1 = NULL; - char *arg2 = NULL; - char *arg3 = NULL; + char *arg2 = NULL; + char *arg3 = NULL; char *arg4 = NULL; membuf_t data; @@ -1169,7 +1229,7 @@ agent_get_passphrase (const char *cache_id, return rc; /* Check that the gpg-agent understands the repeat option. */ - if (assuan_transact (agent_ctx, + if (assuan_transact (agent_ctx, "GETINFO cmd_has_option GET_PASSPHRASE repeat", NULL, NULL, NULL, NULL, NULL, NULL)) return gpg_error (GPG_ERR_NOT_SUPPORTED); @@ -1187,9 +1247,9 @@ agent_get_passphrase (const char *cache_id, if (!(arg4 = percent_plus_escape (desc_msg))) goto no_mem; - snprintf (line, DIM(line)-1, - "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s", - repeat, + snprintf (line, DIM(line)-1, + "GET_PASSPHRASE --data --repeat=%d%s -- %s %s %s %s", + repeat, check? " --check --qualitybar":"", arg1? arg1:"X", arg2? arg2:"X", @@ -1202,13 +1262,13 @@ agent_get_passphrase (const char *cache_id, xfree (arg4); init_membuf_secure (&data, 64); - rc = assuan_transact (agent_ctx, line, + rc = assuan_transact (agent_ctx, line, membuf_data_cb, &data, default_inq_cb, NULL, NULL, NULL); if (rc) xfree (get_membuf (&data, NULL)); - else + else { put_membuf (&data, "", 1); *r_passphrase = get_membuf (&data, NULL); @@ -1287,12 +1347,12 @@ agent_get_s2k_count (unsigned long *r_count) return err; init_membuf (&data, 32); - err = assuan_transact (agent_ctx, "GETINFO s2k_count", + err = assuan_transact (agent_ctx, "GETINFO s2k_count", membuf_data_cb, &data, NULL, NULL, NULL, NULL); if (err) xfree (get_membuf (&data, NULL)); - else + else { put_membuf (&data, "", 1); buf = get_membuf (&data, NULL); diff --git a/g10/card-util.c b/g10/card-util.c index caf934d..801de57 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1284,7 +1284,7 @@ static unsigned int ask_card_keysize (int keyno, unsigned int nbits) { unsigned int min_nbits = 1024; - unsigned int max_nbits = 3072; /* GnuPG limit due to Assuan. */ + unsigned int max_nbits = 4096; char *prompt, *answer; unsigned int req_nbits; diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index d468591..8a71caf 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -756,20 +756,29 @@ static void send_key_data (ctrl_t ctrl, const char *name, const unsigned char *a, size_t alen) { - char *buf; - - buf = bin2hex (a, alen, NULL); - if (!buf) + char *buffer, *buf; + size_t buflen; + + buffer = buf = bin2hex (a, alen, NULL); + if (!buffer) { log_error ("memory allocation error in send_key_data\n"); return; } + buflen = strlen (buffer); + /* 768 is the hexified size for the modulus of an 3072 bit key. We + use extra chunks to transmit larger data (i.e for 4096 bit). */ + for ( ;buflen > 768; buflen -= 768, buf += 768) + send_status_info (ctrl, "KEY-DATA", + "-", 1, + buf, 768, + NULL, 0); send_status_info (ctrl, "KEY-DATA", - name, (size_t)strlen(name), - buf, (size_t)strlen (buf), + name, (size_t)strlen(name), + buf, buflen, NULL, 0); - xfree (buf); + xfree (buffer); } @@ -2365,7 +2374,7 @@ change_keyattr (app_t app, int keyno, unsigned int nbits, assert (keyno >=0 && keyno <= 2); - if (nbits > 3072) + if (nbits > 4096) return gpg_error (GPG_ERR_TOO_LARGE); /* Read the current attributes into a buffer. */ @@ -2823,7 +2832,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags, already lead to a 527 byte long status line and thus a 4096 bit key would exceed the Assuan line length limit. */ keybits = app->app_local->keyattr[keyno].n_bits; - if (keybits > 3072) + if (keybits > 4096) return gpg_error (GPG_ERR_TOO_LARGE); /* Prepare for key generation by verifying the Admin PIN. */ @@ -3377,6 +3386,8 @@ do_decipher (app_t app, const char *keyidstr, fixuplen = 256 - indatalen; else if (indatalen >= (384-16) && indatalen < 384) /* 3072 bit key. */ fixuplen = 384 - indatalen; + else if (indatalen >= (512-16) && indatalen < 512) /* 4096 bit key. */ + fixuplen = 512 - indatalen; else fixuplen = 0; diff --git a/scd/command.c b/scd/command.c index 28bc4df..52b22c6 100644 --- a/scd/command.c +++ b/scd/command.c @@ -1287,11 +1287,15 @@ static const char hlp_genkey[] = "\n" "Generate a key on-card identified by NO, which is application\n" "specific. Return values are application specific. For OpenPGP\n" - "cards 2 status lines are returned:\n" + "cards 3 status lines are returned:\n" "\n" " S KEY-FPR \n" " S KEY-CREATED-AT \n" - " S KEY-DATA [p|n] \n" + " S KEY-DATA [-|p|n] \n" + "\n" + " 'p' and 'n' are the names of the RSA parameters; '-' is used to\n" + " indicate that HEXDATA is the first chunk of a parameter given\n" + " by the next KEY-DATA.\n" "\n" "--force is required to overwrite an already existing key. The\n" "KEY-CREATED-AT is required for further processing because it is\n" ----------------------------------------------------------------------- Summary of changes: NEWS | 4 + configure.ac | 44 +++++++------- g10/call-agent.c | 180 +++++++++++++++++++++++++++++++++++------------------ g10/card-util.c | 2 +- scd/app-openpgp.c | 29 ++++++--- scd/command.c | 8 ++- 6 files changed, 173 insertions(+), 94 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 18 11:17:11 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 18 Jul 2011 11:17:11 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-73-g550d94b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 550d94b0113bfa49d7107171e498d16880deb5b2 (commit) from 92e66c70b64283cba2442ee0ca1268abecf7e107 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 550d94b0113bfa49d7107171e498d16880deb5b2 Author: Werner Koch Date: Mon Jul 18 10:38:14 2011 +0200 Clarify documentation of --keyid-format. Fixes bug#1354. diff --git a/doc/gpg.texi b/doc/gpg.texi index c505e07..1112fa2 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1429,7 +1429,8 @@ required if @code{local} is also used. Select how to display key IDs. "short" is the traditional 8-character key ID. "long" is the more accurate (but less convenient) 16-character key ID. Add an "0x" to either to include an "0x" at the -beginning of the key ID, as in 0x99242560. +beginning of the key ID, as in 0x99242560. Note that this option is +ignored if the option --with-colons is used. @item --keyserver @code{name} Use @code{name} as your keyserver. This is the server that ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 18 11:36:24 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 18 Jul 2011 11:36:24 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-74-ga74d5e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a74d5e355037f9445de39b21eef3e429749e5365 (commit) from 550d94b0113bfa49d7107171e498d16880deb5b2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a74d5e355037f9445de39b21eef3e429749e5365 Author: Werner Koch Date: Mon Jul 18 10:57:33 2011 +0200 Print decoded S2K count in --list-packets mode. Fixes bug#1355. diff --git a/g10/ChangeLog b/g10/ChangeLog index 2f107eb..4edbf23 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,16 @@ +2011-07-18 Werner Koch + + * parse-packet.c (parse_key): Print the decoded iteration count. + Fixes bug#1355. + +2011-07-07 Werner Koch + + * card-util.c (ask_card_keysize): Bump key size limit to 4096. + * call-agent.c (scd_genkey_parm_s): New. + (agent_scd_genkey): Use new struct. + (scd_genkey_cb): Implement chunked mode for KEY-DATA. + (scd_genkey_cb_append_savedbytes): New. + 2011-06-16 Werner Koch * card-util.c (ask_card_keysize): Bump key size limit to 4096. diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 50786eb..9c04362 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2152,7 +2152,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, ski->s2k.count = iobuf_get (inp); pktlen--; if (list_mode) - es_fprintf (listfp, "\tprotect count: %lu\n", + es_fprintf (listfp, "\tprotect count: %lu (%lu)\n", + (ulong)S2K_DECODE_COUNT ((ulong)ski->s2k.count), (ulong) ski->s2k.count); } else if (ski->s2k.mode == 1002) ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 13 +++++++++++++ g10/parse-packet.c | 3 ++- 2 files changed, 15 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 20 17:30:48 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 20 Jul 2011 17:30:48 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-75-g69f8a7f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 69f8a7f15d5848c2140f34d26cb4e55aead39c04 (commit) from a74d5e355037f9445de39b21eef3e429749e5365 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 69f8a7f15d5848c2140f34d26cb4e55aead39c04 Author: Werner Koch Date: Wed Jul 20 16:40:29 2011 +0200 New functions to compute an ssh style fingerprint. diff --git a/common/ChangeLog b/common/ChangeLog index 4f8b541..c56bc4d 100644 --- a/common/ChangeLog +++ b/common/ChangeLog @@ -1,3 +1,10 @@ +2011-07-20 Werner Koch + + * ssh-utils.c, ssh-utils.h: New. + * t-ssh-utils.c: New. + * Makefile.am (t_ssh_utils_LDADD): New. + (module_tests): Add t-ssh-utils.c + 2011-06-01 Marcus Brinkmann * util.h: Undef snprintf before redefining it. diff --git a/common/Makefile.am b/common/Makefile.am index 5d7f224..555d088 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -91,6 +91,7 @@ common_sources = \ session-env.c session-env.h \ userids.c userids.h \ openpgp-oid.c \ + ssh-utils.c ssh-utils.h \ helpfile.c # To make the code easier to read we have split home some code into @@ -161,7 +162,7 @@ if HAVE_W32_SYSTEM jnlib_tests += t-w32-reg endif module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil \ - t-session-env t-openpgp-oid + t-session-env t-openpgp-oid t-ssh-utils if !HAVE_W32CE_SYSTEM module_tests += t-exechelp endif @@ -194,3 +195,4 @@ t_b64_LDADD = $(t_common_ldadd) t_exechelp_LDADD = $(t_common_ldadd) t_session_env_LDADD = $(t_common_ldadd) t_openpgp_oid_LDADD = $(t_common_ldadd) +t_ssh_utils_LDADD = $(t_common_ldadd) diff --git a/common/ssh-utils.c b/common/ssh-utils.c new file mode 100644 index 0000000..e2de802 --- /dev/null +++ b/common/ssh-utils.c @@ -0,0 +1,187 @@ +/* ssh-utils.c - Secure Shell helper functions + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include + +#include "util.h" +#include "ssh-utils.h" + + + +/* Return the Secure Shell type fingerprint for KEY. The length of + the fingerprint is returned at R_LEN and the fingerprint itself at + R_FPR. In case of a error code is returned and NULL stored at + R_FPR. This function is usually called via the ssh_get_fingerprint + macro which makes sure to use the correct value for ERRSOURCE. */ +static gpg_error_t +get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, + gpg_err_source_t errsource, int as_string) +{ + gpg_error_t err; + gcry_sexp_t list = NULL; + gcry_sexp_t l2 = NULL; + const char *s; + char *name = NULL; + int idx; + const char *elems; + gcry_md_hd_t md = NULL; + + *r_fpr = NULL; + *r_len = 0; + + /* Check that the first element is valid. */ + list = gcry_sexp_find_token (key, "public-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "private-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "protected-private-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "shadowed-private-key", 0); + if (!list) + { + err = gpg_err_make (errsource, GPG_ERR_UNKNOWN_SEXP); + goto leave; + } + + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + l2 = NULL; + + name = gcry_sexp_nth_string (list, 0); + if (!name) + { + err = gpg_err_make (errsource, GPG_ERR_INV_SEXP); + goto leave; + } + + err = gcry_md_open (&md, GCRY_MD_MD5, 0); + if (err) + goto leave; + + switch (gcry_pk_map_name (name)) + { + case GCRY_PK_RSA: + elems = "en"; + gcry_md_write (md, "\0\0\0\x07ssh-rsa", 11); + break; + case GCRY_PK_DSA: + elems = "pqgy"; + gcry_md_write (md, "\0\0\0\x07ssh-dss", 11); + break; + default: + elems = ""; + err = gpg_err_make (errsource, GPG_ERR_PUBKEY_ALGO); + break; + } + if (err) + goto leave; + + for (idx = 0, s = elems; *s; s++, idx++) + { + gcry_mpi_t a; + unsigned char *buf; + size_t buflen; + + l2 = gcry_sexp_find_token (list, s, 1); + if (!l2) + { + err = gpg_err_make (errsource, GPG_ERR_INV_SEXP); + goto leave; + } + a = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l2); + l2 = NULL; + if (!a) + { + err = gpg_err_make (errsource, GPG_ERR_INV_SEXP); + goto leave; + } + + err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a); + gcry_mpi_release (a); + if (err) + goto leave; + gcry_md_write (md, buf, buflen); + gcry_free (buf); + } + + *r_fpr = gcry_malloc (as_string? 61:20); + if (!*r_fpr) + { + err = gpg_err_make (errsource, gpg_err_code_from_syserror ()); + goto leave; + } + + if (as_string) + { + bin2hexcolon (gcry_md_read (md, GCRY_MD_MD5), 16, *r_fpr); + *r_len = 3*16+1; + strlwr (*r_fpr); + } + else + { + memcpy (*r_fpr, gcry_md_read (md, GCRY_MD_MD5), 16); + *r_len = 16; + } + err = 0; + + leave: + gcry_free (name); + gcry_sexp_release (l2); + gcry_md_close (md); + gcry_sexp_release (list); + return err; +} + +/* Return the Secure Shell type fingerprint for KEY. The length of + the fingerprint is returned at R_LEN and the fingerprint itself at + R_FPR. In case of an error an error code is returned and NULL + stored at R_FPR. This function is usually called via the + ssh_get_fingerprint macro which makes sure to use the correct value + for ERRSOURCE. */ +gpg_error_t +_ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, + gpg_err_source_t errsource) +{ + return get_fingerprint (key, r_fpr, r_len, errsource, 0); +} + + +/* Return the Secure Shell type fingerprint for KEY as a string. The + fingerprint is mallcoed and stored at R_FPRSTR. In case of an + error an error code is returned and NULL stored at R_FPRSTR. This + function is usually called via the ssh_get_fingerprint_string macro + which makes sure to use the correct value for ERRSOURCE. */ +gpg_error_t +_ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr, + gpg_err_source_t errsource) +{ + gpg_error_t err; + size_t dummy; + void *string; + + err = get_fingerprint (key, &string, &dummy, errsource, 1); + *r_fprstr = string; + return err; +} diff --git a/common/ssh-utils.h b/common/ssh-utils.h new file mode 100644 index 0000000..1813c8b --- /dev/null +++ b/common/ssh-utils.h @@ -0,0 +1,36 @@ +/* ssh-utils.c - Secure Shell helper function definitions + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GNUPG_COMMON_SSH_UTILS_H +#define GNUPG_COMMON_SSH_UTILS_H + + +gpg_error_t _ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, + gpg_err_source_t errsource); +#define ssh_get_fingerprint(a,b,c) \ + _ssh_get_fingerprint ((a), (b), (c), GPG_ERR_SOURCE_DEFAULT) + +gpg_error_t _ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr, + gpg_err_source_t errsource); +#define ssh_get_fingerprint_string(a,b) \ + _ssh_get_fingerprint_string ((a), (b), GPG_ERR_SOURCE_DEFAULT) + + + +#endif /*GNUPG_COMMON_SSH_UTILS_H*/ diff --git a/common/t-ssh-utils.c b/common/t-ssh-utils.c new file mode 100644 index 0000000..cd1252f --- /dev/null +++ b/common/t-ssh-utils.c @@ -0,0 +1,240 @@ +/* t-ssh-utils.c - Module test for ssh-utils.c + * Copyright (C) 2011 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include + +#include "util.h" +#include "ssh-utils.h" + +#define pass() do { ; } while(0) +#define fail(a,e) \ + do { fprintf (stderr, "%s:%d: test %d failed (%s)\n", \ + __FILE__,__LINE__, (a), gpg_strerror (e)); \ + exit (1); \ + } while(0) + + +static struct { const char *key; const char *fpr; } sample_keys[] = { + { "(protected-private-key " + "(rsa " + "(n #" + "00D88E47BCE0DA99D6180E8A9F4E6A673CC16F5BB6CF930E0E868BAABA715A8E1D3E2BEA" + "5477170E1F6CAFC0F8907B9892993C70AC476BBB301669F68EE0593532FB522DD60755A3" + "2F8B08649E856271A7F9BCB25F29554DF11707F812EA377683A99DD4698C4DBF797A0ABF" + "43C8EBB364B9FFC9EE78CBEA348C590507A4EA390312153DDD905EC4F1A63D5DA56C08FD" + "C3F6E5707BFC5DBDC09D19723B1AC6E466906F13AA2ECDBD258148F86C980D45CF233415" + "38C5857C2CF0B4C9AB2B4E6A4517FF084FDB009A33553A68907A29691B6FAE994E864F78" + "7B83F714730BEDB0AF1723D636E034D73EB7EC9BA127BB4BE80FD805813E3F45E7FAE514" + "AD2ECA9607#)" + "(e \"#\")" + "(protected openpgp-s2k3-sha1-aes-cbc " + "(" + "(sha1 #B5847F9A2DB4E0C5# \"5242880\")" + "#342D81BDE21301F18FDCE169A99A47C5#)" + "#23512602219EC7A97DBA89347CCD59D2072D80CE3F7DD6C97A058B83DAB3C829D97DF5" + "DFE9181F27DBF58258C4CDBD562A5B20BB5BC35EDCA7B1E57B8CDBF92D798F46EE5567BD" + "8A67EF3BE09908A49D41AA166A3398B64227BC75021C69A8FE8354E2903EF52DC91B1FE3" + "EF9558E5C2D34CF38BFC29E99A49AE30B0C22CE81EE14FC71E986E7C7CB5FCF807433FDA" + "EF1D00985767265BA0BE333754E44CCF622CBB98A029D78A6A9AADBC24613127B6448350" + "23DA355ED31CF089DD11A7FC6003CEEB53FB327A05604D053C99996F9E01CB355983F66E" + "7BEB9687A9277BBF440ED5FAF1A8396C9B06C9B47BA7A994E1931B08DAD34449952CD343" + "9A691477682C324EA07CCCE5DF0F0E9DAEFAE3A4717AACA6DC18ED91DD5A820C924BD36B" + "B3BA85BD63B3180C7F94EE58956940621280B9628FA5CC560BB14331AF1A7B5B499F8F03" + "0ED464ABD4E26C5FD610697EDD0FD1203983E73418F3776568A613D3CEFF17199473052A" + "18807A6F5C52A2A643185801D087EE4DC930ABEEB67C5B8A1CB2F29D0ACBD855972BEC0B" + "DE6E52387CFCC54B4C2B87EE947C97173BFCAE3E2658EB819D87F542C9A9FE6C410D08F5" + "3CD5451FB50253F4A848DFE136B3A5861D58B76A26A7E3E4E7A8F8D4BD5B80430674A6B9" + "A2C8EDD53DB37865D1ACBB07E1758DFF64A944E0126F948BF088C0FC0C3607E39522EC94" + "91483A90D9498D7F6C3C8720124C7E3F6E271E78E1CFFB4EF64F070F7424F30372A07D02" + "2355D8B17BB0DEBCBE101F621E0526551A35A56830D74E0F5BD6313DF114D1E46D4844AA" + "E4EB6268637D04B27D200D7F40AFA9AD2CFAA5415E5FC08358FFA79A9E743CCDF6668FE5" + "D79FA03D61941E57244F066A31F1C9D6A34DC62BC738C52B604F00B19EB9FD0173F3B139" + "42932066B7DC94DC4C563392F798A1CE2D5D75B8FF93E440433263CFB7016143A9923CD9" + "634E964A8056946F462B06F320F44449D85B07FA26A324505C858274F89EDBD8346950DE" + "5F#)" + "(protected-at \"20110720T135431\")" + ")" + "(comment passphrase_is_abc)" + ")", + "c7:c6:a7:ec:04:6c:87:59:54:f2:88:58:09:e0:f2:b1" + }, + { + "(protected-private-key " + "(dsa " + "(p #00FC7DC086F4517079BCCFA7FD229477FE88B0231038DFC21B29CCBD74C6F6FE04FD" + "7248C0473D5028BE106D7A7C8F54B269225789E781763527D1432CD46E416C2D14DDCA70" + "27DA4B92D1E222B5BDF4B9C8C761CACCFBD108F7729412E8835653BE5073447287A6BDEB" + "4645A5411752405EE7F503E44B1DFDCA6054CD3C44630B#)" + "(q #00D498505BF0E7EE01239EB51F2B400B8EF6329B17#)" + "(g #00A127B3DD5106F0A463312E42ECB83790E6F3BEA7AC3FAF7A42FB2C00F376323676" + "C9E48984F0D4AC3FE5856F1C2765E9BC3C8A5C9C9CD3166C057E82569D187C48591AA66B" + "8966BFF2B827BE36BD0BA4B895B42136F1381D52DDA708B2A3D181F648228DFFFEB153DA" + "ACCAEBB51EF08A7807CD628024CEFF96FEE97DE95C8CBE#)" + "(y #008E2B0915A3A299D83B4333C848C5D312F25903773E8C4D50691CAF81C3B768FA41" + "7D19F0FD437B377CCF51D3AE598649656D4D74D210CDBC2B76209B16EAAFCB14D6F4D691" + "20164885852AF1CEBB4D8602AD6755DFA7163645B4DB7926CD44D2DD9F840BFEF57F3DB0" + "933C85EB6B0AAC20BC67E73F47B8DDBEC8EFAA64286EF1#)" + "(protected openpgp-s2k3-sha1-aes-cbc " + "(" + "(sha1 \"??jy??a4\" \"5242880\")" + "#FF12BEE0B03F842349717AE1AB6D7AC2#)" + "#95570487C8B5C49492D4E662259F2CF9B6D7E64F728F17A1FE1B2DA616E5976FE32861E" + "C4B1F0DA03D9006C432CF2136871266E9444377ACEF04340B36B4550B5C1E4CC69AD4380" + "A709FB0DAA5104A8B#)" + "(protected-at \"20110720T142801\")" + ")" + "(comment sample_dsa_passphrase_is_abc)" + ")", + "2d:b1:70:1a:04:9e:41:a3:ce:27:a5:c7:22:fe:3a:a3" + }, + { + NULL, + NULL + } +}; + + + +static char * +read_file (const char *fname, size_t *r_length) +{ + FILE *fp; + char *buf; + size_t buflen; + struct stat st; + + fp = fopen (fname, "rb"); + if (!fp) + { + fprintf (stderr, "%s:%d: can't open `%s': %s\n", + __FILE__, __LINE__, fname, strerror (errno)); + exit (1); + } + + if (fstat (fileno(fp), &st)) + { + fprintf (stderr, "%s:%d: can't stat `%s': %s\n", + __FILE__, __LINE__, fname, strerror (errno)); + exit (1); + } + + buflen = st.st_size; + buf = xmalloc (buflen+1); + if (fread (buf, buflen, 1, fp) != 1) + { + fprintf (stderr, "%s:%d: error reading `%s': %s\n", + __FILE__, __LINE__, fname, strerror (errno)); + exit (1); + } + fclose (fp); + + *r_length = buflen; + return buf; +} + + +static gcry_sexp_t +read_key (const char *fname) +{ + gpg_error_t err; + char *buf; + size_t buflen; + gcry_sexp_t key; + + buf = read_file (fname, &buflen); + + err = gcry_sexp_sscan (&key, NULL, buf, buflen); + if (err) + { + fprintf (stderr, "%s:%d: gcry_sexp_sscan failed: %s\n", + __FILE__, __LINE__, gpg_strerror (err)); + exit (1); \ + } + + xfree (buf); + return key; +} + + +int +main (int argc, char **argv) +{ + gpg_error_t err; + gcry_sexp_t key; + char *string; + int idx; + + if (argc == 2) + { + key = read_key (argv[1]); + err = ssh_get_fingerprint_string (key, &string); + if (err) + { + fprintf (stderr, "%s:%d: error getting fingerprint: %s\n", + __FILE__, __LINE__, gpg_strerror (err)); + exit (1); + } + puts (string); + xfree (string); + gcry_sexp_release (key); + } + else + { + for (idx=0; sample_keys[idx].key; idx++) + { + err = gcry_sexp_sscan (&key, NULL, sample_keys[idx].key, + strlen (sample_keys[idx].key)); + if (err) + { + fprintf (stderr, "%s:%d: gcry_sexp_sscan failed for " + "sample key %d: %s\n", + __FILE__, __LINE__, idx, gpg_strerror (err)); + exit (1); + } + + err = ssh_get_fingerprint_string (key, &string); + gcry_sexp_release (key); + if (err) + { + fprintf (stderr, "%s:%d: error getting fingerprint for " + "sample key %d: %s\n", + __FILE__, __LINE__, idx, gpg_strerror (err)); + exit (1); + } + + if (strcmp (string, sample_keys[idx].fpr)) + { + fprintf (stderr, "%s:%d: fingerprint mismatch for " + "sample key %d\n", + __FILE__, __LINE__, idx); + fprintf (stderr, "want: %s\n got: %s\n", + sample_keys[idx].fpr, string); + exit (1); + } + xfree (string); + } + } + + return 0; +} ----------------------------------------------------------------------- Summary of changes: common/ChangeLog | 7 + common/Makefile.am | 4 +- common/ssh-utils.c | 187 ++++++++++++++++++++++ dirmngr/ks-action.h => common/ssh-utils.h | 24 ++- common/t-ssh-utils.c | 240 +++++++++++++++++++++++++++++ 5 files changed, 452 insertions(+), 10 deletions(-) create mode 100644 common/ssh-utils.c copy dirmngr/ks-action.h => common/ssh-utils.h (50%) create mode 100644 common/t-ssh-utils.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 20 21:51:46 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 20 Jul 2011 21:51:46 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-77-g093ed70 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 093ed70fbf18ea1a60952596227b7f7d31fcf8ca (commit) via d4799069918bf04badcce751b78b121a5b6a7d78 (commit) from 69f8a7f15d5848c2140f34d26cb4e55aead39c04 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 093ed70fbf18ea1a60952596227b7f7d31fcf8ca Author: Werner Koch Date: Wed Jul 20 21:13:24 2011 +0200 Allow listing of ssh fingerprint with the agent's KEYINFO command. diff --git a/agent/ChangeLog b/agent/ChangeLog index 21ccd81..95609cb 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,5 +1,7 @@ 2011-07-20 Werner Koch + * command.c (do_one_keyinfo, cmd_keyinfo): Support option --ssh-fpr. + * command-ssh.c (ssh_identity_register): Display the ssh fingerprint in the prompt. (add_control_entry): Add arg FMTFPR and use it as comment in diff --git a/agent/command.c b/agent/command.c index d1f6fb9..b03c786 100644 --- a/agent/command.c +++ b/agent/command.c @@ -38,6 +38,7 @@ #include #include "i18n.h" #include "cvt-openpgp.h" +#include "../common/ssh-utils.h" /* Maximum allowed size of the inquired ciphertext. */ @@ -935,7 +936,7 @@ cmd_readkey (assuan_context_t ctx, char *line) static const char hlp_keyinfo[] = - "KEYINFO [--list] [--data] \n" + "KEYINFO [--list] [--data] [--ssh-fpr] \n" "\n" "Return information about the key specified by the KEYGRIP. If the\n" "key is not available GPG_ERR_NOT_FOUND is returned. If the option\n" @@ -943,7 +944,7 @@ static const char hlp_keyinfo[] = "available keys are returned. The information is returned as a\n" "status line unless --data was specified, with this format:\n" "\n" - " KEYINFO \n" + " KEYINFO \n" "\n" "KEYGRIP is the keygrip.\n" "\n" @@ -967,13 +968,18 @@ static const char hlp_keyinfo[] = " 'C' - The key is not protected,\n" " '-' - Unknown protection.\n" "\n" + "FPR returns the formatted ssh-style fingerprint of the key. It is only\n" + " print if the option --ssh-fpr has been used. '-' is printed if the\n" + " fingerprint is not available.\n" + "\n" "More information may be added in the future."; static gpg_error_t do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, - int data) + int data, int with_ssh_fpr) { gpg_error_t err; char hexgrip[40+1]; + char *fpr = NULL; int keytype; unsigned char *shadow_info = NULL; char *serialno = NULL; @@ -1002,6 +1008,18 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, break; } + /* Compute the ssh fingerprint if requested. */ + if (with_ssh_fpr) + { + gcry_sexp_t key; + + if (!agent_raw_key_from_file (ctrl, grip, &key)) + { + ssh_get_fingerprint_string (key, &fpr); + gcry_sexp_release (key); + } + } + /* Here we have a little race by doing the cache check separately from the retrieval function. Given that the cache flag is only a hint, it should not really matter. */ @@ -1024,15 +1042,17 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, idstr? idstr : "-", cached, protectionstr, + fpr? fpr : "-", NULL); else { char *string; - string = xtryasprintf ("%s %s %s %s %s %s\n", + string = xtryasprintf ("%s %s %s %s %s %s %s\n", hexgrip, keytypestr, serialno? serialno : "-", - idstr? idstr : "-", cached, protectionstr); + idstr? idstr : "-", cached, protectionstr, + fpr? fpr : "-"); if (!string) err = gpg_error_from_syserror (); else @@ -1041,6 +1061,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx, } leave: + xfree (fpr); xfree (shadow_info); xfree (serialno); xfree (idstr); @@ -1056,10 +1077,11 @@ cmd_keyinfo (assuan_context_t ctx, char *line) unsigned char grip[20]; DIR *dir = NULL; int list_mode; - int opt_data; + int opt_data, opt_ssh_fpr; list_mode = has_option (line, "--list"); opt_data = has_option (line, "--data"); + opt_ssh_fpr = has_option (line, "--ssh-fpr"); line = skip_options (line); if (list_mode) @@ -1094,7 +1116,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line) if ( hex2bin (hexgrip, grip, 20) < 0 ) continue; /* Bad hex string. */ - err = do_one_keyinfo (ctrl, grip, ctx, opt_data); + err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr); if (err) goto leave; } @@ -1105,7 +1127,7 @@ cmd_keyinfo (assuan_context_t ctx, char *line) err = parse_keygrip (ctx, line, grip); if (err) goto leave; - err = do_one_keyinfo (ctrl, grip, ctx, opt_data); + err = do_one_keyinfo (ctrl, grip, ctx, opt_data, opt_ssh_fpr); } leave: commit d4799069918bf04badcce751b78b121a5b6a7d78 Author: Werner Koch Date: Wed Jul 20 20:49:41 2011 +0200 Support a confirm flag for ssh. This implements the suggestion from bug#1349. With this change the fingerprint of the ssh key is also displayed in the pinentry prompts. diff --git a/NEWS b/NEWS index c2271af..ed37e3b 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,8 @@ Noteworthy changes in version 2.1.0beta3 * Allow generation of card keys up to 4096 bit. + * Support the SSH confirm flag. + Noteworthy changes in version 2.1.0beta2 (2011-03-08) ----------------------------------------------------- diff --git a/agent/ChangeLog b/agent/ChangeLog index 3234aae..21ccd81 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,17 @@ +2011-07-20 Werner Koch + + * command-ssh.c (ssh_identity_register): Display the ssh + fingerprint in the prompt. + (add_control_entry): Add arg FMTFPR and use it as comment in + sshcontrol. + (confirm_flag_from_sshcontrol): New. + (data_sign): Ask for confirmaton if requested. + (search_control_file): Add new arg R_CONFIRM and enhance parser. + * findkey.c (agent_raw_key_from_file): New. + (modify_description): Add format letter %F. + * findkey.c (agent_key_from_file): Simplify comment extraction by + using gcry_sexp_nth_string. + 2011-06-28 Ben Kibbey * command.c (option_handler): Add option s2k-count. diff --git a/agent/agent.h b/agent/agent.h index dfc82ec..fbd71d5 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -268,6 +268,8 @@ gpg_error_t agent_key_from_file (ctrl_t ctrl, lookup_ttl_t lookup_ttl, gcry_sexp_t *result, char **r_passphrase); +gpg_error_t agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip, + gcry_sexp_t *result); gpg_error_t agent_public_key_from_file (ctrl_t ctrl, const unsigned char *grip, gcry_sexp_t *result); diff --git a/agent/command-ssh.c b/agent/command-ssh.c index e3a0410..3fef83e 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -33,6 +33,8 @@ #include "agent.h" #include "i18n.h" +#include "../common/ssh-utils.h" + @@ -708,17 +710,23 @@ open_control_file (FILE **r_fp, int append) /* Search the file at stream FP from the beginning until a matching HEXGRIP is found; return success in this case and store true at DISABLED if the found key has been disabled. If R_TTL is not NULL - a specified TTL for that key is stored there. */ + a specified TTL for that key is stored there. If R_CONFIRM is not + NULL it is set to 1 if the key has the confirm flag set. */ static gpg_error_t search_control_file (FILE *fp, const char *hexgrip, - int *r_disabled, int *r_ttl) + int *r_disabled, int *r_ttl, int *r_confirm) { - int c, i; + int c, i, n; char *p, *pend, line[256]; long ttl; + int lnr = 0; + const char fname[] = "sshcontrol"; assert (strlen (hexgrip) == 40 ); + if (r_confirm) + *r_confirm = 0; + fseek (fp, 0, SEEK_SET); clearerr (fp); *r_disabled = 0; @@ -731,6 +739,7 @@ search_control_file (FILE *fp, const char *hexgrip, return gpg_error (GPG_ERR_EOF); return gpg_error (gpg_err_code_from_errno (errno)); } + lnr++; if (!*line || line[strlen(line)-1] != '\n') { @@ -760,7 +769,7 @@ search_control_file (FILE *fp, const char *hexgrip, goto next_line; if (i != 40 || !(spacep (p) || *p == '\n')) { - log_error ("invalid formatted line in ssh control file\n"); + log_error ("invalid formatted line in `%s', line %d\n", fname, lnr); return gpg_error (GPG_ERR_BAD_DATA); } @@ -768,13 +777,37 @@ search_control_file (FILE *fp, const char *hexgrip, p = pend; if (!(spacep (p) || *p == '\n') || ttl < -1) { - log_error ("invalid TTL value in ssh control file; assuming 0\n"); + log_error ("invalid TTL value in `%s', line %d; assuming 0\n", + fname, lnr); ttl = 0; } if (r_ttl) *r_ttl = ttl; - /* Here is the place to parse flags if we need them. */ + /* Now check for key-value pairs of the form NAME[=VALUE]. */ + while (*p) + { + for (; spacep (p) && *p != '\n'; p++) + ; + if (!*p || *p == '\n') + break; + n = strcspn (p, "= \t\n"); + if (p[n] == '=') + { + log_error ("assigning a value to a flag is not yet supported; " + "in `%s', line %d; flag ignored\n", fname, lnr); + p++; + } + else if (n == 7 && !memcmp (p, "confirm", 7)) + { + if (r_confirm) + *r_confirm = 1; + } + else + log_error ("invalid flag `%.*s' in `%s', line %d; ignored\n", + n, p, fname, lnr); + p += n; + } return 0; /* Okay: found it. */ } @@ -783,11 +816,12 @@ search_control_file (FILE *fp, const char *hexgrip, /* Add an entry to the control file to mark the key with the keygrip HEXGRIP as usable for SSH; i.e. it will be returned when ssh asks - for it. This function is in general used to add a key received - through the ssh-add function. We can assume that the user wants to - allow ssh using this key. */ + for it. FMTFPR is the fingerprint string. This function is in + general used to add a key received through the ssh-add function. + We can assume that the user wants to allow ssh using this key. */ static gpg_error_t -add_control_entry (ctrl_t ctrl, const char *hexgrip, int ttl) +add_control_entry (ctrl_t ctrl, const char *hexgrip, const char *fmtfpr, + int ttl, int confirm) { gpg_error_t err; FILE *fp; @@ -799,7 +833,7 @@ add_control_entry (ctrl_t ctrl, const char *hexgrip, int ttl) if (err) return err; - err = search_control_file (fp, hexgrip, &disabled, NULL); + err = search_control_file (fp, hexgrip, &disabled, NULL, NULL); if (err && gpg_err_code(err) == GPG_ERR_EOF) { struct tm *tp; @@ -808,10 +842,12 @@ add_control_entry (ctrl_t ctrl, const char *hexgrip, int ttl) /* Not yet in the file - add it. Because the file has been opened in append mode, we simply need to write to it. */ tp = localtime (&atime); - fprintf (fp, "# Key added on %04d-%02d-%02d %02d:%02d:%02d\n%s %d\n", + fprintf (fp, ("# Key added on: %04d-%02d-%02d %02d:%02d:%02d\n" + "# Fingerprint: %s\n" + "%s %d%s\n"), 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec, - hexgrip, ttl); + fmtfpr, hexgrip, ttl, confirm? " confirm":""); } fclose (fp); @@ -832,7 +868,7 @@ ttl_from_sshcontrol (const char *hexgrip) if (open_control_file (&fp, 0)) return 0; /* Error: Use the global default TTL. */ - if (search_control_file (fp, hexgrip, &disabled, &ttl) + if (search_control_file (fp, hexgrip, &disabled, &ttl, NULL) || disabled) ttl = 0; /* Use the global default if not found or disabled. */ @@ -842,6 +878,30 @@ ttl_from_sshcontrol (const char *hexgrip) } +/* Scan the sshcontrol file and return the confirm flag. */ +static int +confirm_flag_from_sshcontrol (const char *hexgrip) +{ + FILE *fp; + int disabled, confirm; + + if (!hexgrip || strlen (hexgrip) != 40) + return 1; /* Wrong input: Better ask for confirmation. */ + + if (open_control_file (&fp, 0)) + return 1; /* Error: Better ask for confirmation. */ + + if (search_control_file (fp, hexgrip, &disabled, NULL, &confirm) + || disabled) + confirm = 0; /* If not found or disabled, there is no reason to + ask for confirmation. */ + + fclose (fp); + + return confirm; +} + + @@ -1588,6 +1648,7 @@ ssh_key_grip (gcry_sexp_t key, unsigned char *buffer) return 0; } + /* Converts the secret key KEY_SECRET into a public key, storing it in KEY_PUBLIC. SPEC is the according key specification. Returns zero on success or an error code. */ @@ -1909,7 +1970,7 @@ ssh_handler_request_identities (ctrl_t ctrl, hexgrip[40] = 0; if ( strlen (hexgrip) != 40 ) continue; - if (search_control_file (ctrl_fp, hexgrip, &disabled, NULL) + if (search_control_file (ctrl_fp, hexgrip, &disabled, NULL, NULL) || disabled) continue; @@ -2044,14 +2105,60 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder, const char *elems; size_t elems_n; gcry_mpi_t *mpis = NULL; + char hexgrip[40+1]; *sig = NULL; *sig_n = 0; + /* Quick check to see whether we have a valid keygrip and convert it + to hex. */ + if (!ctrl->have_keygrip) + { + err = gpg_error (GPG_ERR_NO_SECKEY); + goto out; + } + bin2hex (ctrl->keygrip, 20, hexgrip); + + /* Ask for confirmation if needed. */ + if (confirm_flag_from_sshcontrol (hexgrip)) + { + gcry_sexp_t key; + char *fpr, *prompt; + char *comment = NULL; + + err = agent_raw_key_from_file (ctrl, ctrl->keygrip, &key); + if (err) + goto out; + err = ssh_get_fingerprint_string (key, &fpr); + if (!err) + { + gcry_sexp_t tmpsxp = gcry_sexp_find_token (key, "comment", 0); + if (tmpsxp) + comment = gcry_sexp_nth_string (tmpsxp, 1); + gcry_sexp_release (tmpsxp); + } + gcry_sexp_release (key); + if (err) + goto out; + prompt = xtryasprintf (_("An ssh process requested the use of key%%0A" + " %s%%0A" + " (%s)%%0A" + "Do you want to allow this?"), + fpr, comment? comment:""); + xfree (fpr); + gcry_free (comment); + err = agent_get_confirmation (ctrl, prompt, _("Allow"), _("Deny"), 0); + xfree (prompt); + if (err) + goto out; + } + + /* Create signature. */ ctrl->use_auth_call = 1; err = agent_pksign_do (ctrl, NULL, _("Please enter the passphrase " - "for the ssh key%0A %c"), &signature_sexp, + "for the ssh key%%0A %F%%0A (%c)"), + &signature_sexp, CACHE_MODE_SSH, ttl_from_sshcontrol); ctrl->use_auth_call = 0; if (err) @@ -2370,7 +2477,7 @@ reenter_compare_cb (struct pin_entry_info_s *pi) our key storage, don't do anything. When entering a new key also add an entry to the sshcontrol file. */ static gpg_error_t -ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) +ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm) { gpg_error_t err; unsigned char key_grip_raw[20]; @@ -2380,6 +2487,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) char *description = NULL; const char *description2 = _("Please re-enter this passphrase"); char *comment = NULL; + char *key_fpr = NULL; const char *initial_errtext = NULL; unsigned int i; struct pin_entry_info_s *pi = NULL, *pi2; @@ -2393,6 +2501,9 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) if ( !agent_key_available (key_grip_raw) ) goto out; /* Yes, key is available. */ + err = ssh_get_fingerprint_string (key, &key_fpr); + if (err) + goto out; err = ssh_key_extract_comment (key, &comment); if (err) @@ -2402,8 +2513,9 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) _("Please enter a passphrase to protect" " the received secret key%%0A" " %s%%0A" + " %s%%0A" "within gpg-agent's key storage"), - comment ? comment : "?") < 0) + key_fpr, comment ? comment : "") < 0) { err = gpg_error_from_syserror (); goto out; @@ -2460,7 +2572,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) goto out; /* And add an entry to the sshcontrol file. */ - err = add_control_entry (ctrl, key_grip, ttl); + err = add_control_entry (ctrl, key_grip, key_fpr, ttl, confirm); out: @@ -2469,6 +2581,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) xfree (pi); xfree (buffer); xfree (comment); + xfree (key_fpr); xfree (description); return err; @@ -2553,9 +2666,7 @@ ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response) if (err) goto out; - /* FIXME: are constraints used correctly? */ - - err = ssh_identity_register (ctrl, key, ttl); + err = ssh_identity_register (ctrl, key, ttl, confirm); out: diff --git a/agent/findkey.c b/agent/findkey.c index 7e1cefc..11b3cca 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1,6 +1,6 @@ /* findkey.c - Locate the secret key * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, - * 2010 Free Software Foundation, Inc. + * 2010, 2011 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -33,6 +33,7 @@ #include "agent.h" #include "i18n.h" +#include "../common/ssh-utils.h" #ifndef O_BINARY #define O_BINARY 0 @@ -185,12 +186,14 @@ try_unprotect_cb (struct pin_entry_info_s *pi) %% - Replaced by a single % %c - Replaced by the content of COMMENT. + %F - Replaced by an ssh style fingerprint computed from KEY. The functions returns 0 on success or an error code. On success a newly allocated string is stored at the address of RESULT. */ static gpg_error_t -modify_description (const char *in, const char *comment, char **result) +modify_description (const char *in, const char *comment, const gcry_sexp_t key, + char **result) { size_t comment_length; size_t in_len; @@ -198,6 +201,7 @@ modify_description (const char *in, const char *comment, char **result) char *out; size_t i; int special, pass; + char *ssh_fpr = NULL; comment_length = strlen (comment); in_len = strlen (in); @@ -233,6 +237,18 @@ modify_description (const char *in, const char *comment, char **result) out_len += comment_length; break; + case 'F': /* SSH style fingerprint. */ + if (!ssh_fpr && key) + ssh_get_fingerprint_string (key, &ssh_fpr); + if (ssh_fpr) + { + if (out) + out = stpcpy (out, ssh_fpr); + else + out_len += strlen (ssh_fpr); + } + break; + default: /* Invalid special sequences are kept as they are. */ if (out) { @@ -259,12 +275,16 @@ modify_description (const char *in, const char *comment, char **result) { *result = out = xtrymalloc (out_len + 1); if (!out) - return gpg_error_from_syserror (); + { + xfree (ssh_fpr); + return gpg_error_from_syserror (); + } } } *out = 0; assert (*result + out_len == out); + xfree (ssh_fpr); return 0; } @@ -564,45 +584,26 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, break; /* no unprotection needed */ case PRIVATE_KEY_PROTECTED: { - gcry_sexp_t comment_sexp; - size_t comment_length; char *desc_text_final; - const char *comment = NULL; + char *comment = NULL; /* Note, that we will take the comment as a C string for display purposes; i.e. all stuff beyond a Nul character is ignored. */ - comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0); - if (comment_sexp) - comment = gcry_sexp_nth_data (comment_sexp, 1, &comment_length); - if (!comment) - { - comment = ""; - comment_length = 0; - } + { + gcry_sexp_t comment_sexp; + + comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0); + if (comment_sexp) + comment = gcry_sexp_nth_string (comment_sexp, 1); + gcry_sexp_release (comment_sexp); + } desc_text_final = NULL; if (desc_text) - { - if (comment[comment_length]) - { - /* Not a C-string; create one. We might here allocate - more than actually displayed but well, that - shouldn't be a problem. */ - char *tmp = xtrymalloc (comment_length+1); - if (!tmp) - rc = gpg_error_from_syserror (); - else - { - memcpy (tmp, comment, comment_length); - tmp[comment_length] = 0; - rc = modify_description (desc_text, tmp, &desc_text_final); - xfree (tmp); - } - } - else - rc = modify_description (desc_text, comment, &desc_text_final); - } + rc = modify_description (desc_text, comment? comment:"", s_skey, + &desc_text_final); + gcry_free (comment); if (!rc) { @@ -613,7 +614,6 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce, gpg_strerror (rc)); } - gcry_sexp_release (comment_sexp); xfree (desc_text_final); } break; @@ -793,6 +793,28 @@ agent_is_dsa_key (gcry_sexp_t s_key) +/* Return the key for the keygrip GRIP. The result is stored at + RESULT. This function extracts the key from the private key + database and returns it as an S-expression object as it is. On + failure an error code is returned and NULL stored at RESULT. */ +gpg_error_t +agent_raw_key_from_file (ctrl_t ctrl, const unsigned char *grip, + gcry_sexp_t *result) +{ + gpg_error_t err; + gcry_sexp_t s_skey; + + (void)ctrl; + + *result = NULL; + + err = read_key_file (grip, &s_skey); + if (!err) + *result = s_skey; + return err; +} + + /* Return the public key for the keygrip GRIP. The result is stored at RESULT. This function extracts the public key from the private key database. On failure an error code is returned and NULL stored diff --git a/common/t-ssh-utils.c b/common/t-ssh-utils.c index cd1252f..a8a63cf 100644 --- a/common/t-ssh-utils.c +++ b/common/t-ssh-utils.c @@ -27,13 +27,6 @@ #include "util.h" #include "ssh-utils.h" -#define pass() do { ; } while(0) -#define fail(a,e) \ - do { fprintf (stderr, "%s:%d: test %d failed (%s)\n", \ - __FILE__,__LINE__, (a), gpg_strerror (e)); \ - exit (1); \ - } while(0) - static struct { const char *key; const char *fpr; } sample_keys[] = { { "(protected-private-key " diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 84486cf..8811d05 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -646,6 +646,12 @@ digits, optionally followed by the caching TTL in seconds and another optional field for arbitrary flags. A non-zero TTL overrides the global default as set by @option{--default-cache-ttl-ssh}. +The only flag support is @code{confirm}. If this flag is found for a +key, each use of the key will pop up a pinentry to confirm the use of +that key. The flag is automatically set if a new key was loaded into + at code{gpg-agent} using the option @option{-c} of the @code{ssh-add} +command. + The keygrip may be prefixed with a @code{!} to disable an entry entry. The following example lists exactly one key. Note that keys available @@ -653,8 +659,9 @@ through a OpenPGP smartcard in the active smartcard reader are implicitly added to this list; i.e. there is no need to list them. @example - # Key added on 2005-02-25 15:08:29 - 5A6592BF45DC73BD876874A28FD4639282E29B52 0 + # Key added on: 2011-07-20 20:38:46 + # Fingerprint: 5e:8d:c4:ad:e7:af:6e:27:8a:d6:13:e4:79:ad:0b:81 + 34B62F25E277CF13D3C6BCEBFD3F85D08F0A864B 0 confirm @end example @item private-keys-v1.d/ ----------------------------------------------------------------------- Summary of changes: NEWS | 2 + agent/ChangeLog | 16 +++++ agent/agent.h | 2 + agent/command-ssh.c | 155 +++++++++++++++++++++++++++++++++++++++++++------- agent/command.c | 38 ++++++++++--- agent/findkey.c | 92 ++++++++++++++++++----------- common/t-ssh-utils.c | 7 -- doc/gpg-agent.texi | 11 +++- 8 files changed, 249 insertions(+), 74 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 21 11:04:48 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 21 Jul 2011 11:04:48 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-78-g2d0ca28 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2d0ca28a226773b9779a93c39bba9bace13232fe (commit) from 093ed70fbf18ea1a60952596227b7f7d31fcf8ca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2d0ca28a226773b9779a93c39bba9bace13232fe Author: Werner Koch Date: Thu Jul 21 10:24:03 2011 +0200 Try to get the only-valid-if-cert-valid cert from the dirmngr first. This should always work because the dirmngr asked us to validate the given certificate. This should make OCSP configuration easier because there is less requirement to install all certificates for Dirmngr and gpgsm. CAUTION: This code has not yet been tested. diff --git a/sm/ChangeLog b/sm/ChangeLog index a450ebd..9e6d92f 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,9 @@ +2011-07-21 Werner Koch + + * call-dirmngr.c (get_cached_cert, get_cached_cert_data_cb): New. + (gpgsm_dirmngr_isvalid): Try to get the only-valid-if-cert-valid + certificate from the dirmngr first. + 2011-06-01 Marcus Brinkmann * certreqgen.c (proc_parameters): Initialize RC. diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index d927a29..cdaa9dc 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -82,6 +82,13 @@ struct run_command_parm_s { }; + +static gpg_error_t get_cached_cert (assuan_context_t ctx, + const unsigned char *fpr, + ksba_cert_t *r_cert); + + + /* A simple implementation of a dynamic buffer. Use init_membuf() to create a buffer, put_membuf to append bytes and get_membuf to release and return the buffer. Allocation errors are detected but @@ -523,25 +530,29 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, } else { - KEYDB_HANDLE kh; ksba_cert_t rspcert = NULL; - /* Fixme: First try to get the certificate from the - dirmngr's cache - it should be there. */ - kh = keydb_new (0); - if (!kh) - rc = gpg_error (GPG_ERR_ENOMEM); - if (!rc) - rc = keydb_search_fpr (kh, stparm.fpr); - if (!rc) - rc = keydb_get_cert (kh, &rspcert); - if (rc) + if (get_cached_cert (dirmngr_ctx, stparm.fpr, &rspcert)) { - log_error ("unable to find the certificate used " - "by the dirmngr: %s\n", gpg_strerror (rc)); - rc = gpg_error (GPG_ERR_INV_CRL); + /* Ooops: Something went wrong getting the certificate + from the dirmngr. Try our own cert store now. */ + KEYDB_HANDLE kh; + + kh = keydb_new (0); + if (!kh) + rc = gpg_error (GPG_ERR_ENOMEM); + if (!rc) + rc = keydb_search_fpr (kh, stparm.fpr); + if (!rc) + rc = keydb_get_cert (kh, &rspcert); + if (rc) + { + log_error ("unable to find the certificate used " + "by the dirmngr: %s\n", gpg_strerror (rc)); + rc = gpg_error (GPG_ERR_INV_CRL); + } + keydb_release (kh); } - keydb_release (kh); if (!rc) { @@ -781,6 +792,71 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only, +static gpg_error_t +get_cached_cert_data_cb (void *opaque, const void *buffer, size_t length) +{ + struct membuf *mb = opaque; + + if (buffer) + put_membuf (mb, buffer, length); + return 0; +} + +/* Return a certificate from the Directory Manager's cache. This + function only returns one certificate which must be specified using + the fingerprint FPR and will be stored at R_CERT. On error NULL is + stored at R_CERT and an error code returned. Note that the caller + must provide the locked dirmngr context CTX. */ +static gpg_error_t +get_cached_cert (assuan_context_t ctx, + const unsigned char *fpr, ksba_cert_t *r_cert) +{ + gpg_error_t err; + char line[ASSUAN_LINELENGTH]; + char hexfpr[2*20+1]; + struct membuf mb; + char *buf; + size_t buflen; + ksba_cert_t cert; + + *r_cert = NULL; + + bin2hex (fpr, 20, hexfpr); + snprintf (line, DIM(line)-1, "LOOKUP --signle --cache-only 0x%s", hexfpr); + + init_membuf (&mb, 4096); + err = assuan_transact (ctx, line, get_cached_cert_data_cb, &mb, + NULL, NULL, NULL, NULL); + buf = get_membuf (&mb, &buflen); + if (err) + { + xfree (buf); + return err; + } + if (!buf) + return gpg_error (GPG_ERR_ENOMEM); + + err = ksba_cert_new (&cert); + if (err) + { + xfree (buf); + return err; + } + err = ksba_cert_init_from_mem (cert, buf, buflen); + xfree (buf); + if (err) + { + log_error ("failed to parse a certificate: %s\n", gpg_strerror (err)); + ksba_cert_release (cert); + return err; + } + + *r_cert = cert; + return 0; +} + + + /* Run Command helpers*/ /* Fairly simple callback to write all output of dirmngr to stdout. */ ----------------------------------------------------------------------- Summary of changes: sm/ChangeLog | 6 +++ sm/call-dirmngr.c | 106 +++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 97 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 21 11:24:38 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 21 Jul 2011 11:24:38 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-40-g68fb27e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 68fb27e7f07093f05f7390547395b047006ba3d7 (commit) from fb44677c9f2cab6bac08d04d675554b38f64382a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 68fb27e7f07093f05f7390547395b047006ba3d7 Author: Werner Koch Date: Thu Jul 21 10:39:38 2011 +0200 Try to get the only-valid-if-cert-valid cert from the dirmngr first. This should always work because the dirmngr asked us to validate the given certificate. This should make OCSP configuration easier because there is less requirement to install all certificates for Dirmngr and gpgsm. CAUTION: This code has not yet been tested. diff --git a/NEWS b/NEWS index b3ce8e0..ca7185a 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,8 @@ Noteworthy changes in version 2.0.18 (unreleased) * Bug fix for newer versions of Libgcrypt. + * Improved dirmngr/gpgsm interaction for OCSP. + Noteworthy changes in version 2.0.17 (2011-01-13) ------------------------------------------------- @@ -176,7 +178,7 @@ Noteworthy changes in version 2.0.10 (2009-01-12) the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg. * [w32] The gnupg2.nls directory is not anymore used. The standard - locale directory is now used. + locale directory is now used. * [w32] Fixed a race condition between gpg and gpgsm in the use of temporary file names. @@ -228,7 +230,7 @@ Noteworthy changes in version 2.0.8 (2007-12-20) * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the Pinentry. - * Fixed the auto creation of the key stub for smartcards. + * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. @@ -270,7 +272,7 @@ Noteworthy changes in version 2.0.6 (2007-08-16) * GPGSM does now grok --default-key. - * GPGCONF is now aware of --default-key and --encrypt-to. + * GPGCONF is now aware of --default-key and --encrypt-to. * GPGSM does again correctly print the serial number as well the the various keyids. This was broken since 2.0.4. @@ -279,7 +281,7 @@ Noteworthy changes in version 2.0.6 (2007-08-16) * Improved Windows support. - + Noteworthy changes in version 2.0.5 (2007-07-05) ------------------------------------------------ @@ -319,7 +321,7 @@ Noteworthy changes in version 2.0.3 (2007-03-08) such messages by default which makes those programs safe again. --allow-multiple-messages returns to the old behavior. [CVE-2007-1263]. - * New --verify-option show-primary-uid-only. + * New --verify-option show-primary-uid-only. * gpgconf may now reads a global configuration file to select which options are changeable by a frontend. The new applygnupgdefaults @@ -483,7 +485,7 @@ Noteworthy changes in version 1.9.21 (2006-06-20) * Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required). - * Scdaemon does not anymore reset cards at the end of a connection. + * Scdaemon does not anymore reset cards at the end of a connection. * Kludge to allow use of Bundesnetzagentur issued X.509 certificates. @@ -503,7 +505,7 @@ Noteworthy changes in version 1.9.20 (2005-12-20) * Basic support for qualified signatures. - * New debug tool gpgparsemail. + * New debug tool gpgparsemail. Noteworthy changes in version 1.9.19 (2005-09-12) diff --git a/sm/ChangeLog b/sm/ChangeLog index 5368410..d36a3ae 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,9 @@ +2011-07-21 Werner Koch + + * call-dirmngr.c (get_cached_cert, get_cached_cert_data_cb): New. + (gpgsm_dirmngr_isvalid): Try to get the only-valid-if-cert-valid + certificate from the dirmngr first. + 2010-09-16 Werner Koch * certchain.c (gpgsm_walk_cert_chain): Use GPG_ERR_MISSING_ISSUER_CERT. @@ -298,7 +304,7 @@ * server.c (cmd_encrypt): Ditto. (cmd_decrypt, cmd_verify, cmd_import, cmd_genkey): Ditto. * call-agent.c (gpgsm_scd_pksign): Ditto. - * call-dirmngr.c (release_dirmngr, release_dirmngr2) + * call-dirmngr.c (release_dirmngr, release_dirmngr2) (run_command_cb): Ditto. * certlist.c (gpgsm_add_cert_to_certlist): Ditto. * certchain.c (find_up_dirmngr): Ditto. @@ -338,7 +344,7 @@ 2008-09-03 Werner Koch * sign.c (MY_GCRY_MD_SHA224): New, so that we don't need libgcrypt - 1.2. + 1.2. 2008-08-13 Werner Koch @@ -442,7 +448,7 @@ (gpgsm_walk_cert_chain): Use it here. * gpgsm.c: Add option --no-common-certs-import. - + * certchain.c (find_up_dirmngr, find_up, do_validate_chain) (check_cert_policy): Be more silent with --quiet. @@ -455,8 +461,8 @@ * server.c (option_handler): Add option allow-pinentry-notify. (gpgsm_proxy_pinentry_notify): New. * call-agent.c (default_inq_cb): New. - (gpgsm_agent_pksign, gpgsm_scd_pksign, gpgsm_agent_readkey) - (gpgsm_agent_istrusted, gpgsm_agent_marktrusted) + (gpgsm_agent_pksign, gpgsm_scd_pksign, gpgsm_agent_readkey) + (gpgsm_agent_istrusted, gpgsm_agent_marktrusted) (gpgsm_agent_passwd, gpgsm_agent_get_confirmation): Call it. (struct cipher_parm_s, struct genkey_parm_s): Add field CTRL. (inq_ciphertext_cb): Test keyword and fallback to default_inq_cb. @@ -554,7 +560,7 @@ h2007-11-22 Werner Koch * gpgsm.c (get_status_string): Remove. * gpgsm.h: Include status.h instead of errors.h. - + 2007-10-19 Werner Koch * qualified.c (gpgsm_qualified_consent): Use i18N-swicth functions. @@ -568,7 +574,7 @@ h2007-11-22 Werner Koch 2007-08-24 Werner Koch - * Makefile.am (common_libs): Swap libkeybox and jnlib. + * Makefile.am (common_libs): Swap libkeybox and jnlib. 2007-08-23 Werner Koch @@ -588,7 +594,7 @@ h2007-11-22 Werner Koch * import.c (parse_p12): Use gnupg_tmpfile. * export.c (export_p12): Ditto. - + 2007-08-20 Werner Koch * certreqgen.c (read_parameters): Change FP to an estream_t. @@ -643,7 +649,7 @@ h2007-11-22 Werner Koch 2007-08-06 Werner Koch Implementation of the chain model. - + * gpgsm.h (struct rootca_flags_s): Define new members VALID and CHAIN_MODEL. * call-agent.c (gpgsm_agent_istrusted): Mark ROOTCA_FLAGS valid. @@ -695,7 +701,7 @@ h2007-11-22 Werner Koch when passing an int value. * server.c (cmd_encrypt, cmd_decrypt, cmd_verify, cmd_import) (cmd_export, cmd_message, cmd_genkey): Translate file descriptors. - + 2007-07-05 Werner Koch * Makefile.am (common_libs): Changed order of libs. @@ -720,7 +726,7 @@ h2007-11-22 Werner Koch 2007-06-24 Werner Koch * gpgsm.c (open_es_fwrite): Avoid the dup by using the new - es_fdopen_nc(). + es_fdopen_nc(). 2007-06-21 Werner Koch @@ -823,14 +829,14 @@ h2007-11-22 Werner Koch the certificate is not available. * gpgsm.c: Add option --p12-charset. - * gpgsm.h (struct opt): Add p12_charset. + * gpgsm.h (struct opt): Add p12_charset. * export.c (popen_protect_tool): Use new option. 2007-03-19 Werner Koch Changes to let export and key listing use estream to help systems without funopen. - + * keylist.c: Use estream in place of stdio functions. * gpgsm.c (open_es_fwrite): New. (main): Use it for the list commands. @@ -846,7 +852,7 @@ h2007-11-22 Werner Koch (print_dn_parts): Ditto. * certchain.c (gpgsm_validate_chain): Changed FP to type estream_t. - (do_list, unknown_criticals, allowed_ca, check_cert_policy) + (do_list, unknown_criticals, allowed_ca, check_cert_policy) (is_cert_still_valid): Ditto. * export.c (gpgsm_export): New arg STREAM. @@ -948,7 +954,7 @@ h2007-11-22 Werner Koch 2006-10-17 Werner Koch - * gpgsm.c: No need for pth.h. + * gpgsm.c: No need for pth.h. (main): or to init it. It used to be hack for W32. * sign.c (gpgsm_get_default_cert): Changed to return only @@ -956,7 +962,7 @@ h2007-11-22 Werner Koch 2006-10-16 Werner Koch - * certchain.c (already_asked_marktrusted) + * certchain.c (already_asked_marktrusted) (set_already_asked_marktrusted): New. (gpgsm_validate_chain) : Keep track of certificates we already asked for. @@ -988,7 +994,7 @@ h2007-11-22 Werner Koch * certchain.c (gpgsm_validate_chain): More changes for the relax feature. Use certificate reference counting instead of the old - explicit tests. Added a missing free. + explicit tests. Added a missing free. 2006-09-25 Werner Koch @@ -1039,9 +1045,9 @@ h2007-11-22 Werner Koch Replaced all Assuan error codes by libgpg-error codes. Removed all map_to_assuan_status and map_assuan_err. - + * gpgsm.c (main): Call assuan_set_assuan_err_source to have Assuan - switch to gpg-error codes. + switch to gpg-error codes. * server.c (set_error): Adjusted. 2006-08-29 Werner Koch @@ -1085,7 +1091,7 @@ h2007-11-22 Werner Koch * keydb.c (keydb_delete): Likewise. Only unlock if this is set. * delete.c (delete_one): Add new argument to invocation of keydb_delete. - + 2006-05-15 Werner Koch * keylist.c (print_names_raw): Sanitize URI. @@ -1304,7 +1310,7 @@ h2007-11-22 Werner Koch (run_command_status_cb): Return cancel status if gpgsm_status returned an error. - * server.c (gpgsm_status, gpgsm_status2) + * server.c (gpgsm_status, gpgsm_status2) (gpgsm_status_with_err_code): Return an error code. (gpgsm_status2): Always call va_end(). @@ -1394,7 +1400,7 @@ h2007-11-22 Werner Koch * Makefile.am: Adjusted for gettext 0.14. * keylist.c (list_cert_colon): Make sure that the expired flag has - a higher precedence than the invalid flag. + a higher precedence than the invalid flag. 2004-09-29 Werner Koch @@ -1429,7 +1435,7 @@ h2007-11-22 Werner Koch * certchain.c (gpgsm_basic_cert_check): Print more detailed error messages. - + * certcheck.c (do_encode_md): Partly support DSA. Add new arg PKALGO. Changed all callers to pass it. (pk_algo_from_sexp): New. @@ -1466,7 +1472,7 @@ h2007-11-22 Werner Koch 2004-06-06 Werner Koch * certreqgen.c (get_parameter_uint, create_request): Create - an extension for key usage when requested. + an extension for key usage when requested. 2004-05-12 Werner Koch @@ -1522,9 +1528,9 @@ h2007-11-22 Werner Koch * gpgsm.c (main) : Do not use /dev/null as default config filename. - * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt) - (gpgsm_agent_genkey, gpgsm_agent_istrusted) - (gpgsm_agent_marktrusted, gpgsm_agent_havekey) + * call-agent.c (gpgsm_agent_pksign, gpgsm_agent_pkdecrypt) + (gpgsm_agent_genkey, gpgsm_agent_istrusted) + (gpgsm_agent_marktrusted, gpgsm_agent_havekey) (gpgsm_agent_passwd): Add new arg CTRL and changed all callers. (start_agent): New arg CTRL. Send progress item when starting a new agent. @@ -1556,7 +1562,7 @@ h2007-11-22 Werner Koch 2004-04-08 Werner Koch - * decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a + * decrypt.c (gpgsm_decrypt): Return GPG_ERR_NO_DATA if it is not a encrypted message. 2004-04-07 Werner Koch @@ -1660,12 +1666,12 @@ h2007-11-22 Werner Koch * export.c (export_p12, popen_protect_tool) (gpgsm_p12_export): New. - * gpgsm.c (main): New command --export-secret-key-p12. + * gpgsm.c (main): New command --export-secret-key-p12. 2004-02-18 Werner Koch * gpgsm.c (set_debug): Set the new --debug-level flags. - (main): New option --gpgconf-list. + (main): New option --gpgconf-list. (main): Do not setup -u and -r keys when not required. (main): Setup the used character set. @@ -1687,7 +1693,7 @@ h2007-11-22 Werner Koch WITH_VALIDATION. Changed callers to set it. (list_external_cb, list_external_keys): Pass CTRL to the callback. (list_cert_colon): Add arg CTRL. Check validation if requested. - * certchain.c (unknown_criticals, allowed_ca, check_cert_policy) + * certchain.c (unknown_criticals, allowed_ca, check_cert_policy) (gpgsm_validate_chain): New args LISTMODE and FP. (do_list): New helper for info output. (find_up): New arg FIND_NEXT. @@ -1704,7 +1710,7 @@ h2007-11-22 Werner Koch * certcheck.c (gpgsm_create_cms_signature): Format a description for use by the pinentry. * decrypt.c (gpgsm_decrypt): Ditto. Free HEXKEYGRIP. - * certdump.c (format_name_cookie, format_name_writer) + * certdump.c (format_name_cookie, format_name_writer) (gpgsm_format_name): New. (gpgsm_format_serial): New. (gpgsm_format_keydesc): New. @@ -1778,7 +1784,7 @@ h2007-11-22 Werner Koch (print_dn_part): Do not delimit multiple RDN by " + ". Handle multi-valued RDNs in a special way, i.e. in the order specified by the certificate. - (print_dn_parts): Simplified. + (print_dn_parts): Simplified. 2004-01-16 Werner Koch @@ -1866,7 +1872,7 @@ h2007-11-22 Werner Koch 2003-08-14 Timo Schulz * encrypt.c (encode_session_key): Use new Libgcrypt interface. - + 2003-07-31 Werner Koch * Makefile.am (gpgsm_LDADD): Added INTLLIBS. @@ -1889,7 +1895,7 @@ h2007-11-22 Werner Koch * verify.c (strtimestamp): Renamed to strtimestamp_r Adjusted for changes in the libgcrypt API. Some more fixes for the - libgpg-error stuff. + libgpg-error stuff. 2003-06-04 Werner Koch @@ -1918,7 +1924,7 @@ h2007-11-22 Werner Koch 2002-11-25 Werner Koch - * verify.c (gpgsm_verify): Handle content-type attribute. + * verify.c (gpgsm_verify): Handle content-type attribute. 2002-11-13 Werner Koch @@ -1928,7 +1934,7 @@ h2007-11-22 Werner Koch 2002-11-12 Werner Koch - * gpgsm.c: New command --call-dirmngr. + * gpgsm.c: New command --call-dirmngr. * call-dirmngr.c (gpgsm_dirmngr_run_command) (run_command_inq_cb,run_command_cb) (run_command_status_cb): New. @@ -1946,7 +1952,7 @@ h2007-11-22 Werner Koch * certcheck.c (gpgsm_check_cert_sig): Add cert hash debugging. - * certchain.c (find_up): Print info when the cert was not found + * certchain.c (find_up): Print info when the cert was not found by the autorithyKeyIdentifier. 2002-09-03 Werner Koch @@ -2020,10 +2026,10 @@ h2007-11-22 Werner Koch * sign.c (gpgsm_sign): New argument SIGNERLIST and implemt multiple signers. * gpgsm.c (main): Support more than one -u. - + * server.c (cmd_recipient): Return reason code 1 for No_Public_Key which is actually what gets returned from add_to_certlist. - + 2002-07-26 Werner Koch * certcheck.c (gpgsm_check_cert_sig): Implement proper cleanup. @@ -2125,7 +2131,7 @@ h2007-11-22 Werner Koch 2002-06-24 Werner Koch * gpgsm.c: Removed duped help entry for --list-keys. - + * gpgsm.c, gpgsm.h: New option --debug-no-path-validation. * certpath.c (gpgsm_validate_path): Use it here instead of the @@ -2168,7 +2174,7 @@ h2007-11-22 Werner Koch * export.c (gpgsm_export): Kludge to export epehmeral certificates. * gpgsm.c (main): New command --list-external-keys. - + 2002-06-17 Werner Koch * certreqgen.c (read_parameters): Improved error handling. @@ -2190,7 +2196,7 @@ h2007-11-22 Werner Koch * sign.c (hash_and_copy_data): New. (gpgsm_sign): Implemented normal (non-detached) signatures. * gpgsm.c (main): Ditto. - + * certpath.c (gpgsm_validate_path): Special error handling for no policy match. @@ -2198,7 +2204,7 @@ h2007-11-22 Werner Koch * server.c (get_status_string): Add STATUS_ERROR. - * certpath.c (gpgsm_validate_path): Tweaked the error checking to + * certpath.c (gpgsm_validate_path): Tweaked the error checking to return error codes in a more sensitive way. * verify.c (gpgsm_verify): Send status TRUST_NEVER also for a bad CA certificate and when the certificate has been revoked. Issue @@ -2320,7 +2326,7 @@ h2007-11-22 Werner Koch * export.c: New. * gpgsm.c: Add command --export. * server.c (cmd_export): New. - + 2002-03-13 Werner Koch * decrypt.c (gpgsm_decrypt): Allow multiple recipients. @@ -2562,10 +2568,10 @@ h2007-11-22 Werner Koch print the first item. * keylist.c (list_cert_colon): Ditto. * keydb.c (keydb_search_issuer_sn): Ditto. - * decrypt.c (print_integer_sexp): Removed and made callers + * decrypt.c (print_integer_sexp): Removed and made callers use gpgsm_dump_serial. * verify.c (print_time): Removed, made callers use gpgsm_dump_time. - + 2001-12-19 Marcus Brinkmann * call-agent.c (start_agent): Add new argument to assuan_pipe_connect. @@ -2621,7 +2627,7 @@ h2007-11-22 Werner Koch * base64.c (base64_reader_cb): Reset the linelen when we need to skip the line and adjusted test; I somehow forgot about DeMorgan. - * server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify) + * server.c (cmd_encrypt,cmd_decrypt,cmd_sign,cmd_verify) (cmd_import): Close the FDs on success. (close_message_fd): New. (input_notify): Setting autodetect_encoding to 0 after initializing @@ -2645,7 +2651,7 @@ h2007-11-22 Werner Koch 2001-12-12 Werner Koch - * gpgsm.c (main): New options --assume-{armor,base64,binary}. + * gpgsm.c (main): New options --assume-{armor,base64,binary}. * base64.c (base64_reader_cb): Fixed non-autodetection mode. 2001-12-04 Werner Koch @@ -2673,7 +2679,7 @@ h2007-11-22 Werner Koch * server.c (rc_to_assuan_status): New. Use it for all commands. - + Copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index ba6cf6f..6540a8f 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -1,4 +1,4 @@ -/* call-dirmngr.c - communication with the dromngr +/* call-dirmngr.c - communication with the dromngr * Copyright (C) 2002, 2003, 2005, 2007, 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -22,7 +22,7 @@ #include #include #include -#include +#include #include #include #include @@ -82,6 +82,13 @@ struct run_command_parm_s { }; + +static gpg_error_t get_cached_cert (assuan_context_t ctx, + const unsigned char *fpr, + ksba_cert_t *r_cert); + + + /* A simple implementation of a dynamic buffer. Use init_membuf() to create a buffer, put_membuf to append bytes and get_membuf to release and return the buffer. Allocation errors are detected but @@ -108,7 +115,7 @@ put_membuf (struct membuf *mb, const void *buf, size_t len) if (mb->len + len >= mb->size) { char *p; - + mb->size += len + 1024; p = xtryrealloc (mb->buf, mb->size); if (!p) @@ -169,7 +176,7 @@ prepare_dirmngr (ctrl_t ctrl, assuan_context_t ctx, gpg_error_t err) char *user = server->user ? server->user : ""; char *pass = server->pass ? server->pass : ""; char *base = server->base ? server->base : ""; - + snprintf (line, DIM (line) - 1, "LDAPSERVER %s:%i:%s:%s:%s", server->host, server->port, user, pass, base); line[DIM (line) - 1] = 0; @@ -244,7 +251,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r) if (opt.verbose) log_info (_("no running dirmngr - starting `%s'\n"), opt.dirmngr_program); - + if (fflush (NULL)) { gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno)); @@ -345,7 +352,7 @@ start_dirmngr (ctrl_t ctrl) an error in prepare_dirmngr? */ if (!dirmngr_ctx) dirmngr_ctx_locked = 0; - return err; + return err; } @@ -441,7 +448,7 @@ inq_certificate (void *opaque, const char *line) for (s=line, n=0; n < 40; s++, n++) fpr[n] = (*s >= 'a')? (*s & 0xdf): *s; fpr[n] = 0; - + if (!gpgsm_agent_istrusted (parm->ctrl, NULL, fpr, &rootca_flags)) rc = assuan_send_data (parm->ctx, "1", 1); else @@ -469,7 +476,7 @@ inq_certificate (void *opaque, const char *line) "is not yet implemented\n"); rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); } - else + else { /* Send the given certificate. */ int err; ksba_cert_t cert; @@ -493,7 +500,7 @@ inq_certificate (void *opaque, const char *line) } xfree (ski); - return rc; + return rc; } @@ -617,7 +624,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, NULL, NULL, NULL, NULL, NULL, NULL); did_options = 1; } - snprintf (line, DIM(line)-1, "ISVALID%s %s", + snprintf (line, DIM(line)-1, "ISVALID%s %s", use_ocsp == 2? " --only-ocsp --force-default-responder":"", certid); line[DIM(line)-1] = 0; @@ -640,25 +647,29 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, } else { - KEYDB_HANDLE kh; ksba_cert_t rspcert = NULL; - /* Fixme: First try to get the certificate from the - dirmngr's cache - it should be there. */ - kh = keydb_new (0); - if (!kh) - rc = gpg_error (GPG_ERR_ENOMEM); - if (!rc) - rc = keydb_search_fpr (kh, stparm.fpr); - if (!rc) - rc = keydb_get_cert (kh, &rspcert); - if (rc) + if (get_cached_cert (dirmngr_ctx, stparm.fpr, &rspcert)) { - log_error ("unable to find the certificate used " - "by the dirmngr: %s\n", gpg_strerror (rc)); - rc = gpg_error (GPG_ERR_INV_CRL); + /* Ooops: Something went wrong getting the certificate + from the dirmngr. Try our own cert store now. */ + KEYDB_HANDLE kh; + + kh = keydb_new (0); + if (!kh) + rc = gpg_error (GPG_ERR_ENOMEM); + if (!rc) + rc = keydb_search_fpr (kh, stparm.fpr); + if (!rc) + rc = keydb_get_cert (kh, &rspcert); + if (rc) + { + log_error ("unable to find the certificate used " + "by the dirmngr: %s\n", gpg_strerror (rc)); + rc = gpg_error (GPG_ERR_INV_CRL); + } + keydb_release (kh); } - keydb_release (kh); if (!rc) { @@ -669,7 +680,7 @@ gpgsm_dirmngr_isvalid (ctrl_t ctrl, { /* Note the no_dirmngr flag: This avoids checking this certificate over and over again. */ - rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL, + rc = gpgsm_validate_chain (ctrl, rspcert, "", NULL, 0, NULL, VALIDATE_FLAG_NO_DIRMNGR, NULL); if (rc) { @@ -791,7 +802,7 @@ pattern_from_strlist (strlist_t names) *pattern = 0; /* is empty */ else p[-1] = '\0'; /* remove trailing blank */ - + return pattern; } @@ -828,10 +839,10 @@ lookup_status_cb (void *opaque, const char *line) the callback CB which will be passed cert by cert. Note that CTRL is optional. With CACHE_ONLY the dirmngr will search only its own key cache. */ -int +int gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only, void (*cb)(void*, ksba_cert_t), void *cb_value) -{ +{ int rc; char *pattern; char line[ASSUAN_LINELENGTH]; @@ -870,7 +881,7 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only, return out_of_core (); } - snprintf (line, DIM(line)-1, "LOOKUP%s %s", + snprintf (line, DIM(line)-1, "LOOKUP%s %s", cache_only? " --cache-only":"", pattern); line[DIM(line)-1] = 0; xfree (pattern); @@ -898,6 +909,71 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only, +static gpg_error_t +get_cached_cert_data_cb (void *opaque, const void *buffer, size_t length) +{ + struct membuf *mb = opaque; + + if (buffer) + put_membuf (mb, buffer, length); + return 0; +} + +/* Return a certificate from the Directory Manager's cache. This + function only returns one certificate which must be specified using + the fingerprint FPR and will be stored at R_CERT. On error NULL is + stored at R_CERT and an error code returned. Note that the caller + must provide the locked dirmngr context CTX. */ +static gpg_error_t +get_cached_cert (assuan_context_t ctx, + const unsigned char *fpr, ksba_cert_t *r_cert) +{ + gpg_error_t err; + char line[ASSUAN_LINELENGTH]; + char hexfpr[2*20+1]; + struct membuf mb; + char *buf; + size_t buflen; + ksba_cert_t cert; + + *r_cert = NULL; + + bin2hex (fpr, 20, hexfpr); + snprintf (line, DIM(line)-1, "LOOKUP --single --cache-only 0x%s", hexfpr); + + init_membuf (&mb, 4096); + err = assuan_transact (ctx, line, get_cached_cert_data_cb, &mb, + NULL, NULL, NULL, NULL); + buf = get_membuf (&mb, &buflen); + if (err) + { + xfree (buf); + return err; + } + if (!buf) + return gpg_error (GPG_ERR_ENOMEM); + + err = ksba_cert_new (&cert); + if (err) + { + xfree (buf); + return err; + } + err = ksba_cert_init_from_mem (cert, buf, buflen); + xfree (buf); + if (err) + { + log_error ("failed to parse a certificate: %s\n", gpg_strerror (err)); + ksba_cert_release (cert); + return err; + } + + *r_cert = cert; + return 0; +} + + + /* Run Command helpers*/ /* Fairly simple callback to write all output of dirmngr to stdout. */ @@ -959,7 +1035,7 @@ run_command_inq_cb (void *opaque, const char *line) rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE); } - return rc; + return rc; } static gpg_error_t @@ -994,7 +1070,7 @@ run_command_status_cb (void *opaque, const char *line) int gpgsm_dirmngr_run_command (ctrl_t ctrl, const char *command, int argc, char **argv) -{ +{ int rc; int i; const char *s; ----------------------------------------------------------------------- Summary of changes: NEWS | 16 +++--- sm/ChangeLog | 106 +++++++++++++++++++++------------------- sm/call-dirmngr.c | 140 +++++++++++++++++++++++++++++++++++++++++------------ 3 files changed, 173 insertions(+), 89 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 22 10:09:51 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 22 Jul 2011 10:09:51 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-79-g6f86ee8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6f86ee812fa5b063f8feb79f9e3e59eaa59e0209 (commit) from 2d0ca28a226773b9779a93c39bba9bace13232fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6f86ee812fa5b063f8feb79f9e3e59eaa59e0209 Author: Werner Koch Date: Fri Jul 22 09:29:40 2011 +0200 Fix crash while reading unsupported ssh keys. This bug was found by n-roeser at gmx.net (gnupg-devel@, msgid 4DFC7298.4040509 at gmx.net). diff --git a/agent/ChangeLog b/agent/ChangeLog index 95609cb..e1becac 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2011-07-22 Werner Koch + + * command-ssh.c (ssh_receive_key): Do not init comment to an empty + static string; in the error case it would be freed. + 2011-07-20 Werner Koch * command.c (do_one_keyinfo, cmd_keyinfo): Support option --ssh-fpr. diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 3fef83e..ae193ec 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -1409,18 +1409,13 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, int read_comment, ssh_key_type_spec_t *key_spec) { gpg_error_t err; - char *key_type; - char *comment; - gcry_sexp_t key; + char *key_type = NULL; + char *comment = NULL; + gcry_sexp_t key = NULL; ssh_key_type_spec_t spec; - gcry_mpi_t *mpi_list; + gcry_mpi_t *mpi_list = NULL; const char *elems; - mpi_list = NULL; - key_type = NULL; - comment = ""; - key = NULL; - err = stream_read_cstring (stream, &key_type); if (err) goto out; @@ -1452,7 +1447,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, goto out; } - err = sexp_key_construct (&key, spec, secret, mpi_list, comment); + err = sexp_key_construct (&key, spec, secret, mpi_list, comment? comment:""); if (err) goto out; @@ -1464,8 +1459,7 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, mpint_list_free (mpi_list); xfree (key_type); - if (read_comment) - xfree (comment); + xfree (comment); return err; } ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 5 +++++ agent/command-ssh.c | 18 ++++++------------ 2 files changed, 11 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 22 10:19:40 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 22 Jul 2011 10:19:40 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-41-g5a4071a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 5a4071a27334b57a651a0292369f0f508775e40b (commit) from 68fb27e7f07093f05f7390547395b047006ba3d7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5a4071a27334b57a651a0292369f0f508775e40b Author: Werner Koch Date: Fri Jul 22 09:40:51 2011 +0200 Fix crash while reading unsupported ssh keys. This bug was found by n-roeser at gmx.net (gnupg-devel@, msgid 4DFC7298.4040509 at gmx.net). diff --git a/agent/ChangeLog b/agent/ChangeLog index 242ee15..fba5397 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2011-07-22 Werner Koch + + * command-ssh.c (ssh_receive_key): Do not init comment to an empty + static string; in the error case it would be freed. + 2011-04-29 Werner Koch * gpg-agent.c: Include estream.h diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 12fe60a..7eb5814 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -69,7 +69,7 @@ static const char sshcontrolblurb[] = "# in the SSH protocol. The ssh-add tool may add new entries to this\n" "# file to enable them; you may also add them manually. Comment\n" "# lines, like this one, as well as empty lines are ignored. Lines do\n" -"# have a certain length limit but this is not serious limitation as\n" +"# have a certain length limit but this is not serious limitation as\n" "# the format of the entries is fixed and checked by gpg-agent. A\n" "# non-comment line starts with optional white spaces, followed by the\n" "# keygrip of the key given as 40 hex digits, optionally followed by a\n" @@ -193,7 +193,7 @@ static gpg_error_t ssh_signature_encoder_dsa (estream_t signature_blob, /* Global variables. */ - + /* Associating request types with the corresponding request handlers. */ @@ -235,7 +235,7 @@ static ssh_key_type_spec_t ssh_key_types[] = /* - General utility functions. + General utility functions. */ /* A secure realloc, i.e. it makes sure to allocate secure memory if A @@ -246,7 +246,7 @@ static void * realloc_secure (void *a, size_t n) { void *p; - + if (a) p = gcry_realloc (a, n); else @@ -276,8 +276,8 @@ make_cstring (const char *data, size_t data_n) -/* - Primitive I/O functions. +/* + Primitive I/O functions. */ @@ -467,7 +467,7 @@ stream_read_cstring (estream_t stream, char **string) err = stream_read_string (stream, 0, &buffer, NULL); if (err) goto out; - + *string = (char *) buffer; out: @@ -504,7 +504,7 @@ stream_write_cstring (estream_t stream, const char *string) (const unsigned char *) string, strlen (string)); return err; -} +} /* Read an MPI from STREAM, store it in MPINT. Depending on SECURE use secure memory. */ @@ -615,7 +615,7 @@ file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n) buffer_new = NULL; err = 0; - + stream = es_fopen (filename, "r"); if (! stream) { @@ -681,7 +681,7 @@ open_control_file (FILE **r_fp, int append) { /* Fixme: "x" is a GNU extension. We might want to use the es_ functions here. */ - fp = fopen (fname, "wx"); + fp = fopen (fname, "wx"); if (!fp) { err = gpg_error (gpg_err_code_from_errno (errno)); @@ -701,8 +701,8 @@ open_control_file (FILE **r_fp, int append) xfree (fname); return err; } - - *r_fp = fp; + + *r_fp = fp; return 0; } @@ -713,7 +713,7 @@ open_control_file (FILE **r_fp, int append) DISABLED if the found key has been disabled. If R_TTL is not NULL a specified TTL for that key is stored there. */ static gpg_error_t -search_control_file (FILE *fp, const char *hexgrip, +search_control_file (FILE *fp, const char *hexgrip, int *r_disabled, int *r_ttl) { int c, i; @@ -733,7 +733,7 @@ search_control_file (FILE *fp, const char *hexgrip, return gpg_error (GPG_ERR_EOF); return gpg_error (gpg_err_code_from_errno (errno)); } - + if (!*line || line[strlen(line)-1] != '\n') { /* Eat until end of line */ @@ -742,13 +742,13 @@ search_control_file (FILE *fp, const char *hexgrip, return gpg_error (*line? GPG_ERR_LINE_TOO_LONG : GPG_ERR_INCOMPLETE_LINE); } - + /* Allow for empty lines and spaces */ for (p=line; spacep (p); p++) ; } while (!*p || *p == '\n' || *p == '#'); - + *r_disabled = 0; if (*p == '!') { @@ -776,7 +776,7 @@ search_control_file (FILE *fp, const char *hexgrip, if (r_ttl) *r_ttl = ttl; - /* Here is the place to parse flags if we need them. */ + /* Here is the place to parse flags if we need them. */ return 0; /* Okay: found it. */ } @@ -814,7 +814,7 @@ add_control_entry (ctrl_t ctrl, const char *hexgrip, int ttl) 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, tp->tm_hour, tp->tm_min, tp->tm_sec, hexgrip, ttl); - + } fclose (fp); return 0; @@ -838,7 +838,7 @@ ttl_from_sshcontrol (const char *hexgrip) || disabled) ttl = 0; /* Use the global default if not found or disabled. */ - fclose (fp); + fclose (fp); return ttl; } @@ -849,7 +849,7 @@ ttl_from_sshcontrol (const char *hexgrip) /* - MPI lists. + MPI lists. */ @@ -886,7 +886,7 @@ ssh_receive_mpint_list (estream_t stream, int secret, mpis = NULL; err = 0; - + if (secret) elems = key_spec.elems_key_secret; else @@ -1008,7 +1008,7 @@ ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis) err = gpg_error (GPG_ERR_INTERNAL); /* FIXME? */ break; } - + memset (buffer + (i * SSH_DSA_SIGNATURE_PADDING), 0, SSH_DSA_SIGNATURE_PADDING - data_n); memcpy (buffer + (i * SSH_DSA_SIGNATURE_PADDING) @@ -1029,8 +1029,8 @@ ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis) return err; } -/* - S-Expressions. +/* + S-Expressions. */ @@ -1252,7 +1252,7 @@ sexp_key_extract (gcry_sexp_t sexp, gcry_sexp_release (value_list); gcry_sexp_release (value_pair); gcry_sexp_release (comment_list); - + if (err) { xfree (comment_new); @@ -1262,7 +1262,7 @@ sexp_key_extract (gcry_sexp_t sexp, return err; } -/* Extract the car from SEXP, and create a newly created C-string +/* Extract the car from SEXP, and create a newly created C-string which is to be stored in IDENTIFIER. */ static gpg_error_t sexp_extract_identifier (gcry_sexp_t sexp, char **identifier) @@ -1275,7 +1275,7 @@ sexp_extract_identifier (gcry_sexp_t sexp, char **identifier) identifier_new = NULL; err = 0; - + sublist = gcry_sexp_nth (sexp, 1); if (! sublist) { @@ -1329,7 +1329,7 @@ ssh_key_type_lookup (const char *ssh_name, const char *name, if ((ssh_name && (! strcmp (ssh_name, ssh_key_types[i].ssh_identifier))) || (name && (! strcmp (name, ssh_key_types[i].identifier)))) break; - + if (i == DIM (ssh_key_types)) err = gpg_error (GPG_ERR_NOT_FOUND); else @@ -1351,18 +1351,14 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, int read_comment, ssh_key_type_spec_t *key_spec) { gpg_error_t err; - char *key_type; - char *comment; - gcry_sexp_t key; + char *key_type = NULL; + char *comment = NULL; + gcry_sexp_t key = NULL; ssh_key_type_spec_t spec; - gcry_mpi_t *mpi_list; + gcry_mpi_t *mpi_list = NULL; const char *elems; - mpi_list = NULL; - key_type = NULL; - comment = ""; - key = NULL; - + err = stream_read_cstring (stream, &key_type); if (err) goto out; @@ -1394,20 +1390,19 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret, goto out; } - err = sexp_key_construct (&key, spec, secret, mpi_list, comment); + err = sexp_key_construct (&key, spec, secret, mpi_list, comment? comment:""); if (err) goto out; if (key_spec) *key_spec = spec; *key_new = key; - + out: mpint_list_free (mpi_list); xfree (key_type); - if (read_comment) - xfree (comment); + xfree (comment); return err; } @@ -1454,7 +1449,7 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size, err = gpg_error_from_syserror (); goto out; } - + err = es_fseek (stream, 0, SEEK_SET); if (err) goto out; @@ -1482,7 +1477,7 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size, return err; } - + /* Write the public key KEY_PUBLIC to STREAM in SSH key format. If OVERRIDE_COMMENT is not NULL, it will be used instead of the @@ -1520,14 +1515,14 @@ ssh_send_key_public (estream_t stream, gcry_sexp_t key_public, spec.ssh_identifier, mpi_list); if (err) goto out; - + err = stream_write_string (stream, blob, blob_n); if (err) goto out; err = stream_write_cstring (stream, override_comment? override_comment : comment); - + out: mpint_list_free (mpi_list); @@ -1550,7 +1545,7 @@ ssh_read_key_public_from_blob (unsigned char *blob, size_t blob_size, gpg_error_t err; err = 0; - + blob_stream = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+"); if (! blob_stream) { @@ -1714,7 +1709,7 @@ card_key_available (ctrl_t ctrl, gcry_sexp_t *r_pk, char **cardsn) /* (Shadow)-key is not available in our key storage. */ unsigned char *shadow_info; unsigned char *tmp; - + shadow_info = make_shadow_info (serialno, authkeyid); if (!shadow_info) { @@ -1849,7 +1844,7 @@ ssh_handler_request_identities (ctrl_t ctrl, goto out; } key_directory_n = strlen (key_directory); - + key_path = xtrymalloc (key_directory_n + 46); if (! key_path) { @@ -1881,7 +1876,7 @@ ssh_handler_request_identities (ctrl_t ctrl, xfree (cardsn); if (err) goto out; - + key_counter++; } @@ -1921,7 +1916,7 @@ ssh_handler_request_identities (ctrl_t ctrl, err = file_to_buffer (key_path, &buffer, &buffer_n); if (err) goto out; - + err = gcry_sexp_sscan (&key_secret, NULL, (char*)buffer, buffer_n); if (err) goto out; @@ -1946,7 +1941,7 @@ ssh_handler_request_identities (ctrl_t ctrl, gcry_sexp_release (key_secret); key_secret = NULL; - + err = ssh_send_key_public (key_blobs, key_public, NULL); if (err) goto out; @@ -1957,7 +1952,7 @@ ssh_handler_request_identities (ctrl_t ctrl, key_counter++; } } - + ret = es_fseek (key_blobs, 0, SEEK_SET); if (ret) { @@ -2151,15 +2146,15 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder, { err = gpg_error_from_syserror (); goto out; - } + } err = stream_read_data (stream, sig_blob, sig_blob_n); if (err) goto out; - + *sig = sig_blob; *sig_n = sig_blob_n; - + out: if (err) @@ -2201,7 +2196,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response) key = NULL; /* Receive key. */ - + err = stream_read_string (request, 0, &key_blob, &key_blob_size); if (err) goto out; @@ -2246,7 +2241,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response) memcpy (ctrl->keygrip, key_grip, 20); err = data_sign (ctrl, spec.signature_encoder, &sig, &sig_n); - + out: /* Done. */ @@ -2266,7 +2261,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response) if (ret_err) goto leave; } - + leave: gcry_sexp_release (key); @@ -2295,7 +2290,7 @@ ssh_key_extract_comment (gcry_sexp_t key, char **comment) err = gpg_error (GPG_ERR_INV_SEXP); goto out; } - + data = gcry_sexp_nth_data (comment_list, 1, &data_n); if (! data) { @@ -2339,7 +2334,7 @@ ssh_key_to_protected_buffer (gcry_sexp_t key, const char *passphrase, err = gpg_error_from_syserror (); goto out; } - + gcry_sexp_sprint (key, GCRYSEXP_FMT_CANON, buffer_new, buffer_new_n); /* FIXME: guarantee? */ @@ -2395,7 +2390,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) if ( !agent_key_available (key_grip_raw) ) goto out; /* Yes, key is available. */ - + err = ssh_key_extract_comment (key, &comment); if (err) goto out; @@ -2471,7 +2466,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl) xfree (pi); xfree (buffer); xfree (comment); - xfree (description); + xfree (description); return err; } @@ -2510,7 +2505,7 @@ ssh_handler_add_identity (ctrl_t ctrl, estream_t request, estream_t response) unsigned char b; int confirm; int ttl; - + confirm = 0; key = NULL; ttl = 0; @@ -2588,7 +2583,7 @@ ssh_handler_remove_identity (ctrl_t ctrl, key_blob = NULL; key = NULL; - + err = stream_read_string (request, 0, &key_blob, &key_blob_size); if (err) goto out; @@ -2596,7 +2591,7 @@ ssh_handler_remove_identity (ctrl_t ctrl, err = ssh_read_key_public_from_blob (key_blob, key_blob_size, &key, NULL); if (err) goto out; - + err = ssh_identity_drop (key); out: @@ -2622,7 +2617,7 @@ ssh_identities_remove_all (void) /* FIXME: shall we remove _all_ cache entries or only those registered through the ssh emulation? */ - + return err; } @@ -2636,7 +2631,7 @@ ssh_handler_remove_all_identities (ctrl_t ctrl, (void)ctrl; (void)request; - + err = ssh_identities_remove_all (); if (! err) @@ -2681,7 +2676,7 @@ ssh_handler_lock (ctrl_t ctrl, estream_t request, estream_t response) (void)ctrl; (void)request; - + err = ssh_lock (); if (! err) @@ -2698,7 +2693,7 @@ ssh_handler_unlock (ctrl_t ctrl, estream_t request, estream_t response) { gpg_error_t ret_err; gpg_error_t err; - + (void)ctrl; (void)request; @@ -2763,7 +2758,7 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) /* Create memory streams for request/response data. The entire request will be stored in secure memory, since it might contain secret key material. The response does not have to be stored in - secure memory, since we never give out secret keys. + secure memory, since we never give out secret keys. Note: we only have little secure memory, but there is NO possibility of DoS here; only trusted clients are allowed to @@ -2914,7 +2909,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) the current TTY setting, we resort here to use those from startup or those explictly set. */ { - static const char *names[] = + static const char *names[] = {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL}; int idx; const char *value; @@ -2923,7 +2918,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) if (!session_env_getenv (ctrl->session_env, names[idx]) && (value = session_env_getenv (opt.startup_env, names[idx]))) err = session_env_setenv (ctrl->session_env, names[idx], value); - + if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype) if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype))) err = gpg_error_from_syserror (); @@ -2934,7 +2929,7 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) if (err) { - log_error ("error setting default session environment: %s\n", + log_error ("error setting default session environment: %s\n", gpg_strerror (err)); goto out; } ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 5 ++ agent/command-ssh.c | 141 ++++++++++++++++++++++++-------------------------- 2 files changed, 73 insertions(+), 73 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 22 14:34:42 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 22 Jul 2011 14:34:42 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-42-g3d99d3f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 3d99d3f5db44e0ca98ad68e1534aeadd7c06ea53 (commit) from 5a4071a27334b57a651a0292369f0f508775e40b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3d99d3f5db44e0ca98ad68e1534aeadd7c06ea53 Author: Werner Koch Date: Fri Jul 22 13:56:14 2011 +0200 Print the decoded iteration count with --list-packets. Fixes bug#1355. diff --git a/g10/ChangeLog b/g10/ChangeLog index 55ba2b6..c0a4c73 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-07-22 Werner Koch + + * parse-packet.c (parse_key): Print the decoded iteration count. + Fixes bug#1355. + 2011-07-01 Werner Koch * keyid.c (pubkey_letter): Add letters e and E. diff --git a/g10/parse-packet.c b/g10/parse-packet.c index bbd5808..11480dd 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -116,14 +116,14 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure) gcry_mpi_t a = NULL; byte *buf = NULL; byte *p; - + if ( (c = c1 = iobuf_get (inp)) == -1 ) goto leave; nbits = c << 8; if ( (c = c2 = iobuf_get (inp)) == -1 ) goto leave; nbits |= c; - if ( nbits > MAX_EXTERN_MPI_BITS ) + if ( nbits > MAX_EXTERN_MPI_BITS ) { log_error("mpi too large (%u bits)\n", nbits); goto leave; @@ -134,7 +134,7 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure) p = buf; p[0] = c1; p[1] = c2; - for ( i=0 ; i < nbytes; i++ ) + for ( i=0 ; i < nbytes; i++ ) { p[i+2] = iobuf_get(inp) & 0xff; nread++; @@ -179,7 +179,7 @@ set_packet_list_mode( int mode ) be easy to add an option for the listing stream. Note that we initialize it only once; mainly because some code may switch the option value later back to 1 and we want to have all output - to the same stream. + to the same stream. Using stderr is not actually very clean because it bypasses the logging code but it is a special thing anyay. I am not sure @@ -518,7 +518,7 @@ parse( IOBUF inp, PACKET *pkt, int onlykeypkts, off_t *retpos, if (with_uid && pkttype == PKT_USER_ID) ; - else if( do_skip + else if( do_skip || !pkttype || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY && pkttype != PKT_PUBLIC_KEY @@ -920,10 +920,10 @@ dump_sig_subpkt( int hashed, int type, int critical, "the owner of this ARR key. Detailed info follows:\n", type, (unsigned)length ); } - + buffer++; length--; - + fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*)*/ critical ? "critical ":"", hashed ? "hashed ":"", type, (unsigned)length ); @@ -1671,7 +1671,7 @@ read_protected_v3_mpi (IOBUF inp, unsigned long *length) } /* convert buffer into an opaque MPI */ - val = gcry_mpi_set_opaque (NULL, buf, (p-buf)*8); + val = gcry_mpi_set_opaque (NULL, buf, (p-buf)*8); return val; } @@ -1758,7 +1758,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, sk->version = version; sk->is_primary = pkttype == PKT_SECRET_KEY; sk->pubkey_algo = algorithm; - sk->req_usage = 0; + sk->req_usage = 0; sk->pubkey_usage = 0; /* not yet used */ } else { @@ -1771,7 +1771,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, pk->version = version; pk->is_primary = pkttype == PKT_PUBLIC_KEY; pk->pubkey_algo = algorithm; - pk->req_usage = 0; + pk->req_usage = 0; pk->pubkey_usage = 0; /* not yet used */ pk->is_revoked = 0; pk->is_disabled = 0; @@ -1899,8 +1899,10 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, sk->protect.s2k.count = iobuf_get(inp); pktlen--; if( list_mode ) - fprintf (listfp, "\tprotect count: %lu\n", - (ulong)sk->protect.s2k.count); + fprintf (listfp, "\tprotect count: %lu (%lu)\n", + (ulong)S2K_DECODE_COUNT + ((ulong)sk->protect.s2k.count), + (ulong)sk->protect.s2k.count); } else if( sk->protect.s2k.mode == 1002 ) { /* Read the serial number. */ @@ -1964,7 +1966,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, * If the user is so careless, not to protect his secret key, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect it. */ - if( sk->protect.s2k.mode == 1001 + if( sk->protect.s2k.mode == 1001 || sk->protect.s2k.mode == 1002 ) { /* better set some dummy stuff here */ sk->skey[npkey] = gcry_mpi_set_opaque(NULL, @@ -1987,7 +1989,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, for(i=npkey; i < nskey; i++ ) { if ( sk->is_protected ) { sk->skey[i] = read_protected_v3_mpi (inp, &pktlen); - if( list_mode ) + if( list_mode ) fprintf (listfp, "\tskey[%d]: [encrypted]\n", i); } else { @@ -2044,7 +2046,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, } if (list_mode) - fprintf (listfp, "\tkeyid: %08lX%08lX\n", + fprintf (listfp, "\tkeyid: %08lX%08lX\n", (ulong)keyid[0], (ulong)keyid[1]); leave: @@ -2135,7 +2137,7 @@ parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) iobuf_skip_rest(inp, pktlen, 0); return G10ERR_INVALID_PACKET; } - + packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen); packet->pkt.user_id->len = pktlen; packet->pkt.user_id->ref=1; @@ -2365,7 +2367,7 @@ parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt, int new_ctb ) { PKT_compressed *zd; - + /* PKTLEN is here 0, but data follows (this should be the last object in a file or the compress algorithm should know the length). */ @@ -2374,7 +2376,7 @@ parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen, zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed); zd->algorithm = iobuf_get_noeof(inp); - zd->len = 0; /* not used */ + zd->len = 0; /* not used */ zd->new_ctb = new_ctb; zd->buf = inp; if (list_mode) @@ -2407,7 +2409,7 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, /* fixme: add some pktlen sanity checks */ int version; - version = iobuf_get_noeof(inp); + version = iobuf_get_noeof(inp); if (orig_pktlen) pktlen--; if( version != 1 ) { @@ -2467,7 +2469,7 @@ parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen, p = mdc->hash; for (; pktlen; pktlen--, p++) *p = iobuf_get_noeof(inp); - + leave: return rc; } ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 5 +++++ g10/parse-packet.c | 42 ++++++++++++++++++++++-------------------- 2 files changed, 27 insertions(+), 20 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 22 14:38:25 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 22 Jul 2011 14:38:25 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.11-17-g4fb59b1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 4fb59b131359db079df72d6fd1e9c846cbc29d33 (commit) from 6daa9dbd7cd689758c060cf516d006041dabcdd5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4fb59b131359db079df72d6fd1e9c846cbc29d33 Author: Werner Koch Date: Fri Jul 22 14:00:08 2011 +0200 Print the decoded iteration count witn --list-packets. Fixes bug#1355. diff --git a/g10/ChangeLog b/g10/ChangeLog index 19db8a4..fda3b85 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-07-22 Werner Koch + + * parse-packet.c (parse_key): Print the decoded iteration count. + Fixes bug#1355. + 2011-04-05 David Shaw * photoid.c (generate_photo_id): Check for the JPEG magic numbers diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 2594477..b22c63f 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -120,7 +120,7 @@ set_packet_list_mode( int mode ) be easy to add an option for the listing stream. Note that we initialize it only once; mainly because some code may switch the option value later back to 1 and we want to have all output - to the same stream. + to the same stream. Using stderr is not actually very clean because it bypasses the logging code but it is a special thing anyay. I am not sure @@ -459,7 +459,7 @@ parse( IOBUF inp, PACKET *pkt, int onlykeypkts, off_t *retpos, if (with_uid && pkttype == PKT_USER_ID) ; - else if( do_skip + else if( do_skip || !pkttype || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY && pkttype != PKT_PUBLIC_KEY @@ -858,10 +858,10 @@ dump_sig_subpkt( int hashed, int type, int critical, "the owner of this ARR key. Detailed info follows:\n", type, (unsigned)length ); } - + buffer++; length--; - + fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*)*/ critical ? "critical ":"", hashed ? "hashed ":"", type, (unsigned)length ); @@ -1606,7 +1606,7 @@ read_protected_v3_mpi (IOBUF inp, unsigned long *length) } /* convert buffer into an opaque MPI */ - val = mpi_set_opaque (NULL, buf, p-buf); + val = mpi_set_opaque (NULL, buf, p-buf); return val; } @@ -1690,7 +1690,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, sk->version = version; sk->is_primary = pkttype == PKT_SECRET_KEY; sk->pubkey_algo = algorithm; - sk->req_usage = 0; + sk->req_usage = 0; sk->pubkey_usage = 0; /* not yet used */ } else { @@ -1703,7 +1703,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, pk->version = version; pk->is_primary = pkttype == PKT_PUBLIC_KEY; pk->pubkey_algo = algorithm; - pk->req_usage = 0; + pk->req_usage = 0; pk->pubkey_usage = 0; /* not yet used */ pk->is_revoked = 0; pk->is_disabled = 0; @@ -1831,8 +1831,10 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, sk->protect.s2k.count = iobuf_get(inp); pktlen--; if( list_mode ) - fprintf (listfp, "\tprotect count: %lu\n", - (ulong)sk->protect.s2k.count); + fprintf (listfp, "\tprotect count: %lu (%lu)\n", + (ulong)S2K_DECODE_COUNT + ((ulong)sk->protect.s2k.count), + (ulong)sk->protect.s2k.count); } else if( sk->protect.s2k.mode == 1002 ) { /* Read the serial number. */ @@ -1902,7 +1904,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, * If the user is so careless, not to protect his secret key, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect it. */ - if( sk->protect.s2k.mode == 1001 + if( sk->protect.s2k.mode == 1001 || sk->protect.s2k.mode == 1002 ) { /* better set some dummy stuff here */ sk->skey[npkey] = mpi_set_opaque(NULL, xstrdup("dummydata"), 10); @@ -1923,7 +1925,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, for(i=npkey; i < nskey; i++ ) { if ( sk->is_protected ) { sk->skey[i] = read_protected_v3_mpi (inp, &pktlen); - if( list_mode ) + if( list_mode ) fprintf (listfp, "\tskey[%d]: [encrypted]\n", i); } else { @@ -2294,7 +2296,7 @@ parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen, */ zd = pkt->pkt.compressed = xmalloc(sizeof *pkt->pkt.compressed ); zd->algorithm = iobuf_get_noeof(inp); - zd->len = 0; /* not used */ + zd->len = 0; /* not used */ zd->new_ctb = new_ctb; zd->buf = inp; if( list_mode ) @@ -2327,7 +2329,7 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, /* fixme: add some pktlen sanity checks */ int version; - version = iobuf_get_noeof(inp); + version = iobuf_get_noeof(inp); if (orig_pktlen) pktlen--; if( version != 1 ) { ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 5 +++++ g10/parse-packet.c | 28 +++++++++++++++------------- 2 files changed, 20 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 27 11:50:04 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 27 Jul 2011 11:50:04 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-81-g809dfd7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 809dfd70e3d3597ac510517f3b54f40252cfd81e (commit) via 29af48840f1f5d39fae8ad7942f3676936134996 (commit) from 6f86ee812fa5b063f8feb79f9e3e59eaa59e0209 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 809dfd70e3d3597ac510517f3b54f40252cfd81e Author: Werner Koch Date: Wed Jul 27 11:10:15 2011 +0200 Make the inquire cancel fix a little bit more robust. diff --git a/agent/ChangeLog b/agent/ChangeLog index 25eabbc..60ea7ee 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,10 @@ +2011-07-27 Werner Koch + + * call-scd.c (struct inq_needpin_s): Add field ANY_INQ_SEEN. + (inq_needpin): Set it. + (agent_card_scd): Send the cancel only if an inquire was actually + used. + 2011-07-09 Ben Kibbey * call-scd.c (agent_card_scd): Send the CANCEL command back to SCD diff --git a/agent/call-scd.c b/agent/call-scd.c index 1ffb123..74f94c0 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -92,6 +92,7 @@ struct inq_needpin_s void *getpin_cb_arg; assuan_context_t passthru; /* If not NULL, pass unknown inquiries up to the caller. */ + int any_inq_seen; }; @@ -726,6 +727,7 @@ inq_needpin (void *opaque, const char *line) size_t pinlen; int rc; + parm->any_inq_seen = 1; if (!strncmp (line, "NEEDPIN", 7) && (line[7] == ' ' || !line[7])) { line += 7; @@ -857,6 +859,7 @@ agent_card_pksign (ctrl_t ctrl, inqparm.getpin_cb = getpin_cb; inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.passthru = 0; + inqparm.any_inq_seen = 0; if (ctrl->use_auth_call) snprintf (line, sizeof line, "PKAUTH %s", keyid); else @@ -935,6 +938,7 @@ agent_card_pkdecrypt (ctrl_t ctrl, inqparm.getpin_cb = getpin_cb; inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.passthru = 0; + inqparm.any_inq_seen = 0; snprintf (line, DIM(line)-1, "PKDECRYPT %s", keyid); line[DIM(line)-1] = 0; rc = assuan_transact (ctrl->scd_local->ctx, line, @@ -1169,14 +1173,20 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, inqparm.getpin_cb = getpin_cb; inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.passthru = assuan_context; + inqparm.any_inq_seen = 0; saveflag = assuan_get_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS); assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, 1); rc = assuan_transact (ctrl->scd_local->ctx, cmdline, pass_data_thru, assuan_context, inq_needpin, &inqparm, pass_status_thru, assuan_context); - if (gpg_err_code(rc) == GPG_ERR_ASS_CANCELED) + if (inqparm.any_inq_seen && gpg_err_code(rc) == GPG_ERR_ASS_CANCELED) { + /* The inquire callback was called and transact returned a + cancel error. We assume that the inquired process sent a + CANCEL. The passthrough code is not able to pass on the + CANCEL and thus scdaemon would stuck on this. As a + workaround we send a CANCEL now. */ rc = assuan_write_line(ctrl->scd_local->ctx, "CAN"); if (!rc) { char *line; commit 29af48840f1f5d39fae8ad7942f3676936134996 Author: Ben Kibbey Date: Sat Jul 9 08:25:22 2011 -0400 Fixed gpg-agent SCD inquire command cancellation. Need to send the CANCEL command back to scdaemon otherwise the next SCD command will fail. diff --git a/agent/ChangeLog b/agent/ChangeLog index e1becac..25eabbc 100644 --- a/agent/ChangeLog +++ b/agent/ChangeLog @@ -1,3 +1,8 @@ +2011-07-09 Ben Kibbey + + * call-scd.c (agent_card_scd): Send the CANCEL command back to SCD + when the SCD command is cancelled from the client. + 2011-07-22 Werner Koch * command-ssh.c (ssh_receive_key): Do not init comment to an empty diff --git a/agent/call-scd.c b/agent/call-scd.c index 710589f..1ffb123 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -1175,6 +1175,19 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, pass_data_thru, assuan_context, inq_needpin, &inqparm, pass_status_thru, assuan_context); + if (gpg_err_code(rc) == GPG_ERR_ASS_CANCELED) + { + rc = assuan_write_line(ctrl->scd_local->ctx, "CAN"); + if (!rc) { + char *line; + size_t len; + + rc = assuan_read_line(ctrl->scd_local->ctx, &line, &len); + if (!rc) + rc = gpg_error(GPG_ERR_ASS_CANCELED); + } + } + assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, saveflag); if (rc) { ----------------------------------------------------------------------- Summary of changes: agent/ChangeLog | 12 ++++++++++++ agent/call-scd.c | 23 +++++++++++++++++++++++ 2 files changed, 35 insertions(+), 0 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 29 10:38:25 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 29 Jul 2011 10:38:25 +0200 Subject: [git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-82-gfe8619d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fe8619d29ca599cc9f38538db62d1dd42bfbee40 (commit) from 809dfd70e3d3597ac510517f3b54f40252cfd81e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe8619d29ca599cc9f38538db62d1dd42bfbee40 Author: Werner Koch Date: Fri Jul 29 09:58:34 2011 +0200 Do not print read-only trustdb warning with --quiet. This is only a warning and gpg would anyway print an error message if it tries to write to the trustdb. diff --git a/g10/ChangeLog b/g10/ChangeLog index 4edbf23..6de122f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,7 @@ +2011-07-29 Werner Koch + + * tdbio.c (open_db): Do not print read-only warning in quiet mode. + 2011-07-18 Werner Koch * parse-packet.c (parse_key): Print the decoded iteration count. diff --git a/g10/tdbio.c b/g10/tdbio.c index 45ec73b..09f31aa 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -640,7 +640,7 @@ open_db() ) { /* Take care of read-only trustdbs. */ db_fd = open (db_name, O_RDONLY | MY_O_BINARY ); - if (db_fd != -1) + if (db_fd != -1 && !opt.quiet) log_info (_("NOTE: trustdb not writable\n")); } if ( db_fd == -1 ) ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 4 ++++ g10/tdbio.c | 2 +- 2 files changed, 5 insertions(+), 1 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 29 10:39:04 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 29 Jul 2011 10:39:04 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.16-44-gdea8ad4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via dea8ad45355beebf2be029263002dcbd9c74bd7d (commit) via ab0d29fdf0d9d9d07aa1fa1867ae6c75f6293371 (commit) from 3d99d3f5db44e0ca98ad68e1534aeadd7c06ea53 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dea8ad45355beebf2be029263002dcbd9c74bd7d Author: Werner Koch Date: Fri Jul 29 10:00:15 2011 +0200 Do not print read-only trustdb warning with --quiet. This is only a warning and gpg would anyway print an error message if it tries to write to the trustdb. diff --git a/g10/ChangeLog b/g10/ChangeLog index c0a4c73..806e5ce 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,7 @@ +2011-07-29 Werner Koch + + * tdbio.c (open_db): Do not print read-only warning in quiet mode. + 2011-07-22 Werner Koch * parse-packet.c (parse_key): Print the decoded iteration count. diff --git a/g10/tdbio.c b/g10/tdbio.c index 738f758..306935c 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -449,7 +449,7 @@ create_version_record (void) { TRUSTREC rec; int rc; - + memset( &rec, 0, sizeof rec ); rec.r.ver.version = 3; rec.r.ver.created = make_timestamp(); @@ -609,7 +609,7 @@ open_db() ) ) { db_fd = open (db_name, O_RDONLY | MY_O_BINARY ); - if (db_fd != -1) + if (db_fd != -1 && !opt.quiet) log_info (_("NOTE: trustdb not writable\n")); } if ( db_fd == -1 ) @@ -692,7 +692,7 @@ tdbio_read_model(void) { TRUSTREC vr; int rc; - + rc = tdbio_read_record( 0, &vr, RECTYPE_VER ); if( rc ) log_fatal( _("%s: error reading version record: %s\n"), @@ -1010,7 +1010,7 @@ drop_from_hashtable( ulong table, byte *key, int keylen, ulong recnum ) */ static int lookup_hashtable( ulong table, const byte *key, size_t keylen, - int (*cmpfnc)(const void*, const TRUSTREC *), + int (*cmpfnc)(const void*, const TRUSTREC *), const void *cmpdata, TRUSTREC *rec ) { int rc; commit ab0d29fdf0d9d9d07aa1fa1867ae6c75f6293371 Author: Werner Koch Date: Fri Jul 22 14:05:23 2011 +0200 Update config.{guess,sub}. diff --git a/po/remove-potcdate.sed b/po/remove-potcdate.sed deleted file mode 100644 index edb38d7..0000000 --- a/po/remove-potcdate.sed +++ /dev/null @@ -1,11 +0,0 @@ -/^"POT-Creation-Date: .*"$/{ -x -s/P/P/ -ta -g -d -bb -:a -x -:b -} diff --git a/scripts/ChangeLog b/scripts/ChangeLog index 8f43235..fd30923 100644 --- a/scripts/ChangeLog +++ b/scripts/ChangeLog @@ -1,3 +1,7 @@ +2011-07-22 Werner Koch + + * config.sub, config.guess: Update to version 2011-06-03. + 2011-01-11 Werner Koch * config.guess, config.sub: Update to version 2010-09-24. @@ -8,7 +12,7 @@ 2007-12-14 Werner Koch - * config.guess, config.sub: Update to version 2007-11-19. + * config.guess, config.sub: Update to version 2007-11-19. 2007-07-04 Werner Koch @@ -39,5 +43,5 @@ This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - + diff --git a/scripts/config.guess b/scripts/config.guess index 4c8f032..b02565c 100755 --- a/scripts/config.guess +++ b/scripts/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 -# Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011 Free Software Foundation, Inc. -timestamp='2010-09-24' +timestamp='2011-06-03' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -57,7 +57,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO @@ -92,7 +92,7 @@ if test $# != 0; then exit 1 fi -trap 'exit 1' HUP INT TERM +trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires @@ -106,7 +106,7 @@ trap 'exit 1' HUP INT TERM set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" HUP INT PIPE TERM ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || @@ -181,7 +181,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in fi ;; *) - os=netbsd + os=netbsd ;; esac # The OS release @@ -224,7 +224,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) - UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on @@ -270,7 +270,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit ;; + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead @@ -296,7 +299,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo s390-ibm-zvmoe exit ;; *:OS400:*:*) - echo powerpc-ibm-os400 + echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} @@ -395,23 +398,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit ;; + exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} - exit ;; + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} - exit ;; + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} - exit ;; + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; @@ -481,8 +484,8 @@ EOF echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) - # DG/UX returns AViiON for all architectures - UNAME_PROCESSOR=`/usr/bin/uname -p` + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ @@ -495,7 +498,7 @@ EOF else echo i586-dg-dgux${UNAME_RELEASE} fi - exit ;; + exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; @@ -595,52 +598,52 @@ EOF 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` - sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 - 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 - esac ;; - esac + esac ;; + esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + sed 's/^ //' << EOF >$dummy.c - #define _HPUX_SOURCE - #include - #include + #define _HPUX_SOURCE + #include + #include - int main () - { - #if defined(_SC_KERNEL_BITS) - long bits = sysconf(_SC_KERNEL_BITS); - #endif - long cpu = sysconf (_SC_CPU_VERSION); + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); - switch (cpu) - { - case CPU_PA_RISC1_0: puts ("hppa1.0"); break; - case CPU_PA_RISC1_1: puts ("hppa1.1"); break; - case CPU_PA_RISC2_0: - #if defined(_SC_KERNEL_BITS) - switch (bits) - { - case 64: puts ("hppa2.0w"); break; - case 32: puts ("hppa2.0n"); break; - default: puts ("hppa2.0"); break; - } break; - #else /* !defined(_SC_KERNEL_BITS) */ - puts ("hppa2.0"); break; - #endif - default: puts ("hppa1.0"); break; - } - exit (0); - } + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa @@ -731,22 +734,22 @@ EOF exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit ;; + exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit ;; + exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit ;; + exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit ;; + exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit ;; + exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; @@ -770,14 +773,14 @@ EOF exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} @@ -805,14 +808,14 @@ EOF echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) - case ${UNAME_MACHINE} in + case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; @@ -867,7 +870,7 @@ EOF EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; - esac + esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} @@ -879,7 +882,13 @@ EOF then echo ${UNAME_MACHINE}-unknown-linux-gnu else - echo ${UNAME_MACHINE}-unknown-linux-gnueabi + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabihf + fi fi exit ;; avr32*:Linux:*:*) @@ -892,7 +901,7 @@ EOF echo crisv32-axis-linux-gnu exit ;; frv:Linux:*:*) - echo frv-unknown-linux-gnu + echo frv-unknown-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu @@ -960,7 +969,7 @@ EOF echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -969,7 +978,7 @@ EOF echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-tilera-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu @@ -978,7 +987,7 @@ EOF echo x86_64-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -987,11 +996,11 @@ EOF echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) - # Unixware is an offshoot of SVR4, but it has its own version - # number series starting with 2... - # I am not positive that other SVR4 systems won't match this, + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. - # Use sysv4.2uw... so that sysv4* matches it. + # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) @@ -1023,7 +1032,7 @@ EOF fi exit ;; i*86:*:5:[678]*) - # UnixWare 7.x, OpenUNIX and OpenServer 6. + # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; @@ -1051,13 +1060,13 @@ EOF exit ;; pc:*:*:*) # Left here for compatibility: - # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i586. + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp - exit ;; + exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; @@ -1092,8 +1101,8 @@ EOF /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) - /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4; exit; } ;; + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ @@ -1136,10 +1145,10 @@ EOF echo ns32k-sni-sysv fi exit ;; - PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort - # says - echo i586-unisys-sysv4 - exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm @@ -1165,11 +1174,11 @@ EOF exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv${UNAME_RELEASE} else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv${UNAME_RELEASE} fi - exit ;; + exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; @@ -1282,13 +1291,13 @@ EOF echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} + echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) - UNAME_MACHINE=`(uname -p) 2>/dev/null` + UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; @@ -1328,11 +1337,11 @@ main () #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 - "4" + "4" #else - "" + "" #endif - ); exit (0); + ); exit (0); #endif #endif diff --git a/scripts/config.sub b/scripts/config.sub index 320e303..f9fcdc8 100755 --- a/scripts/config.sub +++ b/scripts/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 -# Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011 Free Software Foundation, Inc. -timestamp='2010-09-11' +timestamp='2011-06-03' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -76,7 +76,7 @@ version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, -2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO @@ -158,8 +158,8 @@ case $os in os= basic_machine=$1 ;; - -bluegene*) - os=-cnk + -bluegene*) + os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= @@ -175,10 +175,10 @@ case $os in os=-chorusos basic_machine=$1 ;; - -chorusrdb) - os=-chorusrdb + -chorusrdb) + os=-chorusrdb basic_machine=$1 - ;; + ;; -hiux*) os=-hiuxwe2 ;; @@ -286,9 +286,10 @@ case $basic_machine in | nds32 | nds32le | nds32be \ | nios | nios2 \ | ns16k | ns32k \ + | open8 \ | or32 \ | pdp10 | pdp11 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ | rx \ | score \ @@ -296,12 +297,12 @@ case $basic_machine in | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu | strongarm \ - | tahoe | thumb | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ - | v850 | v850e \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ | we32k \ - | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ + | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; @@ -325,6 +326,18 @@ case $basic_machine in basic_machine=mt-unknown ;; + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. @@ -382,24 +395,26 @@ case $basic_machine in | nds32-* | nds32le-* | nds32be-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ - | tahoe-* | thumb-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile-* | tilegx-* \ + | tile*-* \ | tron-* \ | ubicom32-* \ - | v850-* | v850e-* | vax-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) @@ -424,7 +439,7 @@ case $basic_machine in basic_machine=a29k-amd os=-udi ;; - abacus) + abacus) basic_machine=abacus-unknown ;; adobe68k) @@ -507,7 +522,7 @@ case $basic_machine in basic_machine=c90-cray os=-unicos ;; - cegcc) + cegcc) basic_machine=arm-unknown os=-cegcc ;; @@ -539,7 +554,7 @@ case $basic_machine in basic_machine=craynv-cray os=-unicosmp ;; - cr16) + cr16 | cr16-*) basic_machine=cr16-unknown os=-elf ;; @@ -755,7 +770,7 @@ case $basic_machine in basic_machine=ns32k-utek os=-sysv ;; - microblaze) + microblaze) basic_machine=microblaze-xilinx ;; mingw32) @@ -862,10 +877,10 @@ case $basic_machine in np1) basic_machine=np1-gould ;; - neo-tandem) + neo-tandem) basic_machine=neo-tandem ;; - nse-tandem) + nse-tandem) basic_machine=nse-tandem ;; nsr-tandem) @@ -950,9 +965,10 @@ case $basic_machine in ;; power) basic_machine=power-ibm ;; - ppc) basic_machine=powerpc-unknown + ppc | ppcbe) basic_machine=powerpc-unknown ;; - ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown @@ -1046,6 +1062,9 @@ case $basic_machine in basic_machine=i860-stratus os=-sysv4 ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; sun2) basic_machine=m68000-sun ;; @@ -1102,13 +1121,8 @@ case $basic_machine in basic_machine=t90-cray os=-unicos ;; - # This must be matched before tile*. - tilegx*) - basic_machine=tilegx-unknown - os=-linux-gnu - ;; tile*) - basic_machine=tile-unknown + basic_machine=$basic_machine-unknown os=-linux-gnu ;; tx39) @@ -1178,6 +1192,9 @@ case $basic_machine in xps | xps100) basic_machine=xps100-honeywell ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; ymp) basic_machine=ymp-cray os=-unicos @@ -1275,11 +1292,11 @@ esac if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases + # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. - -auroraux) - os=-auroraux + -auroraux) + os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` @@ -1364,7 +1381,7 @@ case $os in -opened*) os=-openedition ;; - -os400*) + -os400*) os=-os400 ;; -wince*) @@ -1413,7 +1430,7 @@ case $os in -sinix*) os=-sysv4 ;; - -tpf*) + -tpf*) os=-tpf ;; -triton*) @@ -1458,8 +1475,8 @@ case $os in -dicos*) os=-dicos ;; - -nacl*) - ;; + -nacl*) + ;; -none) ;; *) @@ -1482,10 +1499,10 @@ else # system, and we'll never get to this point. case $basic_machine in - score-*) + score-*) os=-elf ;; - spu-*) + spu-*) os=-elf ;; *-acorn) @@ -1497,8 +1514,8 @@ case $basic_machine in arm*-semi) os=-aout ;; - c4x-* | tic4x-*) - os=-coff + c4x-* | tic4x-*) + os=-coff ;; tic54x-*) os=-coff @@ -1534,7 +1551,7 @@ case $basic_machine in m68*-cisco) os=-aout ;; - mep-*) + mep-*) os=-elf ;; mips*-cisco) @@ -1561,7 +1578,7 @@ case $basic_machine in *-ibm) os=-aix ;; - *-knuth) + *-knuth) os=-mmixware ;; *-wec) ----------------------------------------------------------------------- Summary of changes: g10/ChangeLog | 4 + g10/tdbio.c | 8 +- po/remove-potcdate.sed | 11 --- scripts/ChangeLog | 8 ++- scripts/config.guess | 217 +++++++++++++++++++++++++----------------------- scripts/config.sub | 113 ++++++++++++++----------- 6 files changed, 192 insertions(+), 169 deletions(-) delete mode 100644 po/remove-potcdate.sed hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org