From cvs at cvs.gnupg.org Wed May 4 01:22:10 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 04 May 2011 01:22:10 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-174-g470899e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 470899e3a713129d8db3979469c7f711dc9b04d4 (commit) from 43f38db1afe9830b888076adeec1eec21f32335c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 470899e3a713129d8db3979469c7f711dc9b04d4 Author: Marcus Brinkmann Date: Wed May 4 00:52:11 2011 +0200 Improve import tests for GnuPG 2.1. diff --git a/tests/ChangeLog b/tests/ChangeLog index 1a4494d..47e502d 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,9 @@ +2011-05-04 Marcus Brinkmann + + * gpg/t-import.c (check_result): Complete secret key pair counting + and disable status check, as GPG 2.1 currently emits two IMPORT_OK + lines and we only look at the first. + 2011-04-27 Marcus Brinkmann * gpg/Makefile.am (DISTCLEANFILES): Add S.gpg-agent. diff --git a/tests/gpg/t-import.c b/tests/gpg/t-import.c index 2324817..d673f87 100644 --- a/tests/gpg/t-import.c +++ b/tests/gpg/t-import.c @@ -108,7 +108,8 @@ check_result (gpgme_import_result_t result, char *fpr, int secret) result->secret_read); exit (1); } - if ((secret && result->secret_imported != 0 && result->secret_imported != 1) + if ((secret && result->secret_imported != 0 && result->secret_imported != 1 + && result->secret_imported != 2) || (!secret && result->secret_imported != 0)) { fprintf (stderr, "Unexpected number of secret keys imported %i\n", @@ -166,6 +167,7 @@ check_result (gpgme_import_result_t result, char *fpr, int secret) gpgme_strerror (result->imports->result)); exit (1); } +#if 0 if (secret) { if (result->secret_imported == 0) @@ -201,6 +203,7 @@ check_result (gpgme_import_result_t result, char *fpr, int secret) exit (1); } } +#endif } ----------------------------------------------------------------------- Summary of changes: tests/ChangeLog | 6 ++++++ tests/gpg/t-import.c | 5 ++++- 2 files changed, 10 insertions(+), 1 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 6 02:42:02 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Fri, 06 May 2011 02:42:02 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-175-gc79d8ad Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c79d8ad8189ff0a8c24547d4b0646247ca6f9a23 (commit) from 470899e3a713129d8db3979469c7f711dc9b04d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c79d8ad8189ff0a8c24547d4b0646247ca6f9a23 Author: Marcus Brinkmann Date: Fri May 6 02:11:40 2011 +0200 Make sure an existing agent doesn't interfere with test suite generation. diff --git a/tests/ChangeLog b/tests/ChangeLog index 47e502d..795e5a8 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,9 @@ +2011-05-05 Marcus Brinkmann + + * gpg/Makefile.am: Unset GPG_AGENT_INFO when setting up local + configuration. + (clean-local): Shut down local gpg-agent. + 2011-05-04 Marcus Brinkmann * gpg/t-import.c (check_result): Complete secret key pair counting diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index 3ca00cf..bca36b0 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -53,12 +53,15 @@ t_thread1_LDADD = ../../src/libgpgme-pthread.la noinst_PROGRAMS = $(TESTS) t-genkey clean-local: + -gpg-connect-agent KILLAGENT /bye -rm -fR private-keys-v1.d all-local: ./gpg.conf ./gpg-agent.conf ./pubring.gpg export GNUPGHOME := $(abs_builddir) +export GPG_AGENT_INFO := + ./pubring.gpg: $(srcdir)/pubdemo.asc -$(GPG) --no-permission-warning \ --import $(srcdir)/pubdemo.asc ----------------------------------------------------------------------- Summary of changes: tests/ChangeLog | 6 ++++++ tests/gpg/Makefile.am | 3 +++ 2 files changed, 9 insertions(+), 0 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 6 13:57:21 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Fri, 06 May 2011 13:57:21 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-176-g08ab0a5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 08ab0a5cdfa4f1b34bcbc27d3bcb37a673861681 (commit) from c79d8ad8189ff0a8c24547d4b0646247ca6f9a23 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 08ab0a5cdfa4f1b34bcbc27d3bcb37a673861681 Author: Marcus Brinkmann Date: Fri May 6 13:26:58 2011 +0200 Remove unused macro GNUPG_FIX_HDR_VERSION. diff --git a/ChangeLog b/ChangeLog index 505ea40..0a6edc1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2011-05-06 Marcus Brinkmann + + * acinclude.m4 (GNUPG_FIX_HDR_VERSION): Remove. + 2011-04-14 Werner Koch * configure.ac: Require automake 1.11. diff --git a/acinclude.m4 b/acinclude.m4 index 9676656..cdfe6e4 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -17,32 +17,6 @@ dnl You should have received a copy of the GNU Lesser General Public dnl License along with this program; if not, write to the Free Software dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA -dnl GNUPG_FIX_HDR_VERSION(FILE, NAME) -dnl Make the version number stored in NAME in the header file FILE the -dnl same as the one here. This is easier than to have a .in file just -dnl for one substitution. -dnl We must use a temp file in the current directory because make -dnl distcheck installs all sourcefiles RO. -dnl (wk 2001-12-18) -AC_DEFUN([GNUPG_FIX_HDR_VERSION], - [ sed "s/^#define $2 \".*/#define $2 \"$VERSION\"/" $srcdir/$1 > fixhdr.tmp - if cmp -s $srcdir/$1 fixhdr.tmp 2>/dev/null; then - rm -f fixhdr.tmp - else - rm -f $srcdir/$1 - if mv fixhdr.tmp $srcdir/$1 ; then - : - else - AC_MSG_ERROR([[ -*** -*** Failed to fix the version string macro $2 in $1. -*** The old file has been saved as fixhdr.tmp -***]]) - fi - AC_MSG_WARN([fixed the $2 macro in $1]) - fi - ]) - dnl GNUPG_CHECK_VA_COPY() dnl Do some check on how to implement va_copy. dnl May define MUST_COPY_VA_BY_VAL. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 4 ++++ acinclude.m4 | 26 -------------------------- 2 files changed, 4 insertions(+), 26 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 6 17:37:48 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Fri, 06 May 2011 17:37:48 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-178-g90bdbd4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 90bdbd4aaa29c2618d428273298f1510fe38da17 (commit) from f1ea0d9e3812d38e40a79f5337c2d2e172d387d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 90bdbd4aaa29c2618d428273298f1510fe38da17 Author: Marcus Brinkmann Date: Fri May 6 17:07:35 2011 +0200 Remove complus support. diff --git a/ChangeLog b/ChangeLog index 852a045..f5eefa6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2011-05-06 Marcus Brinkmann + * Makefile.am (SUBDIRS): Remove complus. + * configure.ac (AC_CONFIG_FILES): Remove complus/Makefile. (BUILD_COMPLUS): Remove AM_CONDITIONAL. * complus/: Remove very old and stale component. diff --git a/Makefile.am b/Makefile.am index cc619f7..fb06867 100644 --- a/Makefile.am +++ b/Makefile.am @@ -27,19 +27,13 @@ DISTCHECK_CONFIGURE_FLAGS = --with-gpg="@GPG@" EXTRA_DIST = gpgme.spec.in autogen.sh -if BUILD_COMPLUS -complus = complus -else -complus = -endif - if RUN_GPG_TESTS tests = tests else tests = endif -SUBDIRS = src ${tests} doc ${complus} lang +SUBDIRS = src ${tests} doc lang # Fix the version of the spec file and create a file named VERSION # to be used for patch's Prereq: feature. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 2 ++ Makefile.am | 8 +------- 2 files changed, 3 insertions(+), 7 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 6 18:16:17 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Fri, 06 May 2011 18:16:17 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-179-g6e32f8f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 6e32f8f0c12b90e61d94b4c0779b7da4ea0252f5 (commit) from 90bdbd4aaa29c2618d428273298f1510fe38da17 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6e32f8f0c12b90e61d94b4c0779b7da4ea0252f5 Author: Marcus Brinkmann Date: Fri May 6 17:46:03 2011 +0200 Update NEWS file. diff --git a/NEWS b/NEWS index 958053a..04aeb1e 100644 --- a/NEWS +++ b/NEWS @@ -1,13 +1,14 @@ Noteworthy changes in version 1.3.1 (unreleased) ------------------------------------------------ - * Under development. + * Ported to Windows CE. * Detect GPG versions not supporting ---passwd. * Interface changes relative to the 1.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPGME_EXPORT_MODE_MINIMAL NEW + GPGME_STATUS_SUCCESS NEW gpgme_err_code_from_syserror NEW gpgme_err_set_errno NEW gpgme_error_from_errno CHANGED: Return gpgme_error_t (compatible type). ----------------------------------------------------------------------- Summary of changes: NEWS | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 11 03:03:10 2011 From: cvs at cvs.gnupg.org (by Marcus Brinkmann) Date: Wed, 11 May 2011 03:03:10 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.1.8-180-gd11500a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via d11500a77ef3ae1a9dad789f687d6faeb8f4cfe8 (commit) from 6e32f8f0c12b90e61d94b4c0779b7da4ea0252f5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d11500a77ef3ae1a9dad789f687d6faeb8f4cfe8 Author: Marcus Brinkmann Date: Wed May 11 02:32:20 2011 +0200 Clean up the tests correctly. diff --git a/tests/ChangeLog b/tests/ChangeLog index 795e5a8..9c95489 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,11 @@ +2011-05-11 Marcus Brinkmann + + * gpgsm/Makefile.am (DISTCLEANFILES): Move to ... + (CLEANFILES): ... here. + (clean-local): New rule. + * gpg/Makefile.am (DISTCLEANFILES): Move to ... + (CLEANFILES): ... here. + 2011-05-05 Marcus Brinkmann * gpg/Makefile.am: Unset GPG_AGENT_INFO when setting up local diff --git a/tests/gpg/Makefile.am b/tests/gpg/Makefile.am index bca36b0..d4debd7 100644 --- a/tests/gpg/Makefile.am +++ b/tests/gpg/Makefile.am @@ -37,10 +37,11 @@ TESTS = t-encrypt t-encrypt-sym t-encrypt-sign t-sign t-signers \ t-import t-trustlist t-edit t-keylist t-keylist-sig t-wait \ t-encrypt-large t-file-name t-gpgconf $(tests_unix) -CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf -DISTCLEANFILES = pubring.gpg~ pubring.kbx~ random_seed gpg.conf gpg-agent.conf S.gpg-agent +CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ + gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \ + random_seed -EXTRA_DIST = mkdemodirs.in pubdemo.asc secdemo.asc cipher-1.asc cipher-2.asc \ +EXTRA_DIST = pubdemo.asc secdemo.asc cipher-1.asc cipher-2.asc \ geheim.txt pubkey-1.asc seckey-1.asc pinentry INCLUDES = -I$(top_builddir)/src diff --git a/tests/gpgsm/Makefile.am b/tests/gpgsm/Makefile.am index be7f66b..9086134 100644 --- a/tests/gpgsm/Makefile.am +++ b/tests/gpgsm/Makefile.am @@ -40,14 +40,21 @@ noinst_PROGRAMS = $(TESTS) t-genkey cms-keylist cms-decrypt key_id = 32100C27173EF6E9C4E9A25D3D69F86D37A4F939 -DISTCLEANFILES = pubring.kbx pubring.kbx~ gpgsm.conf trustlist.txt \ - private-keys-v1.d/$(key_id).key random_seed +CLEANFILES = pubring.kbx pubring.kbx~ gpgsm.conf trustlist.txt \ + random_seed S.gpg-agent +clean-local: + -gpg-connect-agent KILLAGENT /bye + -rm -fR private-keys-v1.d all-local: ./pubring.kbx ./gpgsm.conf ./private-keys-v1.d/$(key_id).key ./trustlist.txt +export GNUPGHOME := $(abs_builddir) + +export GPG_AGENT_INFO := + ./pubring.kbx: $(srcdir)/cert_g10code_test1.der - $(GPGSM) --homedir . --import $(srcdir)/cert_g10code_test1.der + $(GPGSM) --import $(srcdir)/cert_g10code_test1.der ./gpgsm.conf: echo disable-crl-checks > ./gpgsm.conf ----------------------------------------------------------------------- Summary of changes: tests/ChangeLog | 8 ++++++++ tests/gpg/Makefile.am | 7 ++++--- tests/gpgsm/Makefile.am | 13 ++++++++++--- 3 files changed, 22 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 11 18:18:01 2011 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 11 May 2011 18:18:01 +0200 Subject: [git] GCRYPT - branch, master, updated. post-nuke-of-trailing-ws-33-ge179813 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e179813cfbc8bc90ae4b3d5dbabeb437ef57613b (commit) via 16c460cb9309b4151928ee8b510e3d19a8f2bf80 (commit) via 51311ecf5d7e372b36d1bebd0e3ee7f999d3d608 (commit) from 1351cc95b5ee70fde396f8d5754214ef6db4baec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e179813cfbc8bc90ae4b3d5dbabeb437ef57613b Author: Werner Koch Date: Wed May 11 11:11:16 2011 +0200 Minor updates to the OAEP code. We now check that only one encoding method may be given. In the error case we make sure that a released OAEP label variable is set to NULL. As a failsafe feature we use gpg_err_code_from_syserror all over in pubkey.c; this has the advantage that a misbehaving gcry_free function which does not set ERRNO now returns an error code in all cases. diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 2ddd968..d524d2c 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,14 @@ +2011-05-11 Werner Koch + + * pubkey.c (sexp_to_enc, sexp_data_to_mpi): Set LABEL to NULL + after free. + (sexp_to_enc, sexp_data_to_mpi): Do not allow multiple encoding + flags. + (oaep_encode, oaep_decode, sexp_to_key, sexp_to_sig) + (sexp_to_enc, sexp_data_to_mpi, gcry_pk_encrypt, gcry_pk_sign) + (gcry_pk_genkey, _gcry_pk_get_elements): Replace access to ERRNO + by gpg_err_code_from_syserror. + 2011-05-11 Daiki Ueno * pubkey.c (sexp_data_to_mpi): Factor some code out to ... diff --git a/cipher/pubkey.c b/cipher/pubkey.c index a434b82..f4a1cad 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -843,7 +843,7 @@ oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, /* Can't encode a VALUELEN value in a NFRAME bytes frame. */ return GPG_ERR_TOO_SHORT; /* the key is too short */ if ( !(frame = gcry_malloc_secure (nframe))) - return gpg_err_code_from_errno (errno); + return gpg_err_code_from_syserror (); /* FRAME = 00 || SEED || DB */ memset (frame, 0, nframe); @@ -862,7 +862,7 @@ oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, if ( !(dmask = gcry_malloc_secure (nframe - dlen - 1))) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); gcry_free (frame); return rc; } @@ -874,7 +874,7 @@ oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, if ( !(smask = gcry_malloc_secure (dlen))) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); gcry_free (frame); return rc; } @@ -907,7 +907,7 @@ oaep_decode (gcry_mpi_t *r_result, unsigned int nbits, int algo, size_t n; if ( !(frame = gcry_malloc_secure (nframe))) - return gpg_err_code_from_errno (errno); + return gpg_err_code_from_syserror (); err = gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &n, value); if (err) @@ -933,7 +933,7 @@ oaep_decode (gcry_mpi_t *r_result, unsigned int nbits, int algo, } if ( !(smask = gcry_malloc_secure (dlen))) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); gcry_free (frame); return rc; } @@ -944,7 +944,7 @@ oaep_decode (gcry_mpi_t *r_result, unsigned int nbits, int algo, if ( !(dmask = gcry_malloc_secure (nframe - dlen - 1))) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); gcry_free (frame); return rc; } @@ -1243,7 +1243,7 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, const char *override_elems, elems = pubkey->elements_pkey; array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); if (!array) - err = gpg_err_code_from_errno (errno); + err = gpg_err_code_from_syserror (); if (!err) { if (is_ecc) @@ -1335,7 +1335,7 @@ sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, elems = pubkey->elements_sig; array = gcry_calloc (strlen (elems) + 1 , sizeof *array ); if (!array) - err = gpg_err_code_from_errno (errno); + err = gpg_err_code_from_syserror (); if (!err) err = sexp_elements_extract (list, elems, array, NULL); @@ -1426,6 +1426,8 @@ get_hash_algo (const char *s, size_t n) * )) * HASH-ALGO and LABEL are specific to OAEP. * RET_MODERN is set to true when at least an empty flags list has been found. + * CTX is used to return encoding information; it may be NULL in which + * case raw encoding is used. */ static gcry_err_code_t sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, @@ -1486,11 +1488,14 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, s = gcry_sexp_nth_data (l2, i, &n); if (! s) ; /* Not a data element - ignore. */ - else if (n == 3 && !memcmp (s, "raw", 3)) + else if (n == 3 && !memcmp (s, "raw", 3) + && ctx->encoding == PUBKEY_ENC_RAW) ; /* This is just a dummy as it is the default. */ - else if (n == 5 && !memcmp (s, "pkcs1", 5)) + else if (n == 5 && !memcmp (s, "pkcs1", 5) + && ctx->encoding == PUBKEY_ENC_RAW) ctx->encoding = PUBKEY_ENC_PKCS1; - else if (n == 4 && !memcmp (s, "oaep", 4)) + else if (n == 4 && !memcmp (s, "oaep", 4) + && ctx->encoding == PUBKEY_ENC_RAW) ctx->encoding = PUBKEY_ENC_OAEP; else if (n == 11 && ! memcmp (s, "no-blinding", 11)) parsed_flags |= PUBKEY_FLAG_NO_BLINDING; @@ -1536,7 +1541,7 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, { ctx->label = gcry_malloc (n); if (!ctx->label) - err = gpg_err_code_from_errno (errno); + err = gpg_err_code_from_syserror (); else { memcpy (ctx->label, s, n); @@ -1594,7 +1599,7 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); if (!array) { - err = gpg_err_code_from_errno (errno); + err = gpg_err_code_from_syserror (); goto leave; } @@ -1612,6 +1617,7 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, ath_mutex_unlock (&pubkeys_registered_lock); gcry_free (array); gcry_free (ctx->label); + ctx->label = NULL; } else { @@ -1689,11 +1695,14 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, s = gcry_sexp_nth_data (lflags, i, &n); if (!s) ; /* not a data element*/ - else if ( n == 3 && !memcmp (s, "raw", 3)) + else if ( n == 3 && !memcmp (s, "raw", 3) + && ctx->encoding == PUBKEY_ENC_UNKNOWN) ctx->encoding = PUBKEY_ENC_RAW; - else if ( n == 5 && !memcmp (s, "pkcs1", 5)) + else if ( n == 5 && !memcmp (s, "pkcs1", 5) + && ctx->encoding == PUBKEY_ENC_UNKNOWN) ctx->encoding = PUBKEY_ENC_PKCS1; - else if ( n == 4 && !memcmp (s, "oaep", 4)) + else if ( n == 4 && !memcmp (s, "oaep", 4) + && ctx->encoding == PUBKEY_ENC_UNKNOWN) ctx->encoding = PUBKEY_ENC_OAEP; else if (n == 11 && ! memcmp (s, "no-blinding", 11)) parsed_flags |= PUBKEY_FLAG_NO_BLINDING; @@ -1738,7 +1747,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, rc = GPG_ERR_TOO_SHORT; /* the key is too short */ } else if ( !(frame = gcry_malloc_secure (nframe))) - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); else { n = 0; @@ -1832,7 +1841,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, rc = GPG_ERR_TOO_SHORT; } else if ( !(frame = gcry_malloc (nframe)) ) - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); else { /* Assemble the pkcs#1 block type 1. */ n = 0; @@ -1896,7 +1905,7 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, { ctx->label = gcry_malloc (n); if (!ctx->label) - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); else { memcpy (ctx->label, s, n); @@ -1923,7 +1932,10 @@ sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, if (!rc) *flags = parsed_flags; else - gcry_free (ctx->label); + { + gcry_free (ctx->label); + ctx->label = NULL; + } return rc; } @@ -1996,7 +2008,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) ciph = gcry_calloc (strlen (algo_elems) + 1, sizeof (*ciph)); if (!ciph) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); goto leave; } rc = pubkey_encrypt (module->mod_id, ciph, data, pkey, flags); @@ -2017,7 +2029,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) string = p = gcry_malloc (needed); if (!string) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); goto leave; } p = stpcpy ( p, "(enc-val(" ); @@ -2037,7 +2049,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) arg_list = malloc (nelem * sizeof *arg_list); if (!arg_list) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); goto leave; } @@ -2244,7 +2256,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) result = gcry_calloc (strlen (algo_elems) + 1, sizeof (*result)); if (!result) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); goto leave; } rc = pubkey_sign (module->mod_id, result, hash, skey); @@ -2265,7 +2277,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) string = p = gcry_malloc (needed); if (!string) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); goto leave; } p = stpcpy (p, "(sig-val("); @@ -2281,7 +2293,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) arg_list = malloc (nelem * sizeof *arg_list); if (!arg_list) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); goto leave; } @@ -2596,7 +2608,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) string = p = gcry_malloc (needed); if (!string) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); goto leave; } p = stpcpy (p, "(key-data"); @@ -2660,7 +2672,7 @@ gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) arg_list = gcry_calloc (nelem_cp+1, sizeof *arg_list); if (!arg_list) { - rc = gpg_err_code_from_errno (errno); + rc = gpg_err_code_from_syserror (); goto leave; } for (i = j = 0; i < elem_n; i++) @@ -3219,7 +3231,7 @@ _gcry_pk_get_elements (int algo, char **enc, char **sig) enc_cp = strdup (spec->elements_enc); if (! enc_cp) { - err = gpg_err_code_from_errno (errno); + err = gpg_err_code_from_syserror (); goto out; } } @@ -3229,7 +3241,7 @@ _gcry_pk_get_elements (int algo, char **enc, char **sig) sig_cp = strdup (spec->elements_sig); if (! sig_cp) { - err = gpg_err_code_from_errno (errno); + err = gpg_err_code_from_syserror (); goto out; } } commit 16c460cb9309b4151928ee8b510e3d19a8f2bf80 Author: Werner Koch Date: Wed May 11 10:57:33 2011 +0200 Add missing ChangeLogs diff --git a/NEWS b/NEWS index b8d50e5..6657d76 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,8 @@ Noteworthy changes in version 1.5.x (unreleased) * Support ECDH. + * Support OAEP. + * gcry_sexp_build does now support opaque MPIs with "%m". * New functions gcry_pk_get_curve and gcry_pk_get_param to map ECC @@ -52,6 +54,8 @@ Noteworthy changes in version 1.5.x (unreleased) gcry_pk_get_param NEW. GCRYCTL_DISABLE_HWF NEW. gcry_kdf_derive NEW. + gcry_pk_encrypt EXTENDED: Support OAEP + gcry_pk_decrypt EXTENDED: Support OAEP * Interface changes relative to the 1.4.2 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/cipher/ChangeLog b/cipher/ChangeLog index fb05141..2ddd968 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,17 @@ +2011-05-11 Daiki Ueno + + * pubkey.c (sexp_data_to_mpi): Factor some code out to ... + (get_hash_algo): .. new. + (mgf1, oaep_encode, oaep_decode): New. + (sexp_to_enc): Add arg CTX. Remove arg RET_WANT_PKCS1. Support + OAEP. + (sexp_data_to_mpi): Add arg CTX. Support OAEP. + (gcry_pk_encrypt): Pass a CTX to sexp_data_to_mpi. + (gcry_pk_decrypt): Pass a CTX tp sexp_to_enc and replace + WANT_PKCS1. Implement unpadding for OAEP. + (gcry_pk_sign): Pass NULL for CTX arg of sexp_data_to_mpi. + (gcry_pk_verify): Ditto. + 2011-04-19 Werner Koch * cipher.c (gcry_cipher_open): Replace gpg_err_code_from_errno by diff --git a/src/ChangeLog b/src/ChangeLog index 2907e85..c95877f 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,9 @@ +2011-05-11 Daiki Ueno + + * cipher.h (PUBKEY_FLAG_UNPAD): New. + (enum pk_encoding): New. + (struct pk_encoding_ctx): New. + 2011-04-19 Werner Koch * stdmem.c (_gcry_private_malloc_secure, _gcry_private_malloc): diff --git a/tests/ChangeLog b/tests/ChangeLog index ccaf3bd..4687577 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,3 +1,10 @@ +2011-05-11 Daiki Ueno + + * basic.c (check_pubkey_sign): Add an OAEP flag parsing test case. + (check_pubkey_crypt): New. + (do_check_one_pubkey): Call it. + (check_one_pubkey): Free SKEY and PKEY. + 2011-04-11 Werner Koch * basic.c (mismatch): New. commit 51311ecf5d7e372b36d1bebd0e3ee7f999d3d608 Author: Daiki Ueno Date: Fri May 6 15:56:58 2011 +0900 Support RSA-OAEP padding for encryption. diff --git a/TODO b/TODO index 596912a..ffadc06 100644 --- a/TODO +++ b/TODO @@ -36,8 +36,6 @@ collectros need to run that bunch of Unix utilities we don't waste their precious results. -* Add OAEP - * gcryptrnd.c Requires a test for pth [done] as well as some other tests. diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 0fd87f9..a434b82 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -783,6 +783,205 @@ pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data, return rc; } +static gcry_err_code_t +mgf1 (unsigned char *output, size_t outlen, unsigned char *seed, size_t seedlen, + int algo) +{ + size_t dlen; + int idx; + gcry_md_hd_t hd; + gcry_error_t err; + unsigned char *p; + + err = gcry_md_test_algo (algo); + if (err) + return gpg_err_code (err); + + memset (output, 0, outlen); + dlen = gcry_md_get_algo_dlen (algo); + for (idx = 0, p = output; idx < (outlen + dlen - 1) / dlen; idx++, p += dlen) + { + unsigned char c[4], *digest; + + c[0] = (idx >> 24) & 0xFF; + c[1] = (idx >> 16) & 0xFF; + c[2] = (idx >> 8) & 0xFF; + c[3] = idx & 0xFF; + + err = gcry_md_open (&hd, algo, 0); + if (err) + return gpg_err_code (err); + + gcry_md_write (hd, seed, seedlen); + gcry_md_write (hd, c, 4); + digest = gcry_md_read (hd, 0); + if (outlen - (p - output) >= dlen) + memcpy (p, digest, dlen); + else + memcpy (p, digest, outlen - (p - output)); + gcry_md_close (hd); + } + return GPG_ERR_NO_ERROR; +} + +static gcry_err_code_t +oaep_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, + const unsigned char *value, size_t valuelen, + const unsigned char *label, size_t labellen) +{ + gcry_err_code_t rc = 0; + gcry_error_t err; + unsigned char *frame = NULL; + size_t nframe = (nbits+7) / 8; + unsigned char *dmask, *smask, *p; + size_t dlen; + gcry_md_hd_t hd; + size_t n; + + dlen = gcry_md_get_algo_dlen (algo); + if (valuelen > nframe - 2 * dlen - 1 || !nframe) + /* Can't encode a VALUELEN value in a NFRAME bytes frame. */ + return GPG_ERR_TOO_SHORT; /* the key is too short */ + if ( !(frame = gcry_malloc_secure (nframe))) + return gpg_err_code_from_errno (errno); + + /* FRAME = 00 || SEED || DB */ + memset (frame, 0, nframe); + n = 0; + frame[n++] = 0; + gcry_randomize (&frame[n], dlen, GCRY_STRONG_RANDOM); + + n += dlen; + gcry_md_open (&hd, algo, 0); + gcry_md_write (hd, label, labellen); + memcpy (&frame[n], gcry_md_read (hd, 0), dlen); + gcry_md_close (hd); + n = nframe - valuelen - 1; + frame[n++] = 1; + memcpy (&frame[n], value, valuelen); + + if ( !(dmask = gcry_malloc_secure (nframe - dlen - 1))) + { + rc = gpg_err_code_from_errno (errno); + gcry_free (frame); + return rc; + } + mgf1 (dmask, nframe - dlen - 1, &frame[1], dlen, algo); + for (n = 1 + dlen, p = dmask; n < nframe; n++) + frame[n] ^= *p++; + gcry_free (dmask); + n += valuelen; + + if ( !(smask = gcry_malloc_secure (dlen))) + { + rc = gpg_err_code_from_errno (errno); + gcry_free (frame); + return rc; + } + mgf1 (smask, dlen, &frame[1 + dlen], nframe - dlen - 1, algo); + for (n = 1, p = smask; n < 1 + dlen; n++) + frame[n] ^= *p++; + gcry_free (smask); + n = nframe; + + err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, frame, n, &nframe); + if (err) + rc = gcry_err_code (err); + else if (DBG_CIPHER) + log_mpidump ("OAEP encoded data", *r_result); + gcry_free (frame); + + return rc; +} + +static gcry_err_code_t +oaep_decode (gcry_mpi_t *r_result, unsigned int nbits, int algo, + gcry_mpi_t value, const unsigned char *label, size_t labellen) +{ + gcry_err_code_t rc = 0; + gcry_error_t err; + unsigned char *frame = NULL, *dmask, *smask, *p; + size_t nframe = (nbits+7) / 8; + size_t dlen; + gcry_md_hd_t hd; + size_t n; + + if ( !(frame = gcry_malloc_secure (nframe))) + return gpg_err_code_from_errno (errno); + + err = gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &n, value); + if (err) + return gcry_err_code (err); + if (n < nframe) + { + memmove (frame + (nframe - n), frame, n); + memset (frame, 0, (nframe - n)); + } + + /* FRAME = 00 || MASKED_SEED || MASKED_DB */ + if (frame[0]) + { + gcry_free (frame); + return GPG_ERR_ENCODING_PROBLEM; + } + + dlen = gcry_md_get_algo_dlen (algo); + if (nframe < 1 + 2 * dlen + 1) + { + gcry_free (frame); + return GPG_ERR_TOO_SHORT; + } + if ( !(smask = gcry_malloc_secure (dlen))) + { + rc = gpg_err_code_from_errno (errno); + gcry_free (frame); + return rc; + } + mgf1 (smask, dlen, &frame[1 + dlen], nframe - dlen - 1, algo); + for (n = 1, p = smask; n < 1 + dlen; n++) + frame[n] ^= *p++; + gcry_free (smask); + + if ( !(dmask = gcry_malloc_secure (nframe - dlen - 1))) + { + rc = gpg_err_code_from_errno (errno); + gcry_free (frame); + return rc; + } + mgf1 (dmask, nframe - dlen - 1, &frame[1], dlen, algo); + for (n = 1 + dlen, p = dmask; n < nframe; n++) + frame[n] ^= *p++; + gcry_free (dmask); + + gcry_md_open (&hd, algo, 0); + gcry_md_write (hd, label, labellen); + memcpy (&frame[1], gcry_md_read (hd, 0), dlen); + gcry_md_close (hd); + + if (memcmp (&frame[1], &frame[1 + dlen], dlen)) + { + gcry_free (frame); + return GPG_ERR_ENCODING_PROBLEM; + } + + for (n = 1 + dlen * 2; n < nframe && !frame[n]; n++) + ; + if (n < nframe && frame[n] != 1) + { + gcry_free (frame); + return GPG_ERR_ENCODING_PROBLEM; + } + + n++; + err = gcry_mpi_scan (r_result, GCRYMPI_FMT_USG, &frame[n], nframe - n, NULL); + if (err) + rc = gcry_err_code (err); + else if (DBG_CIPHER) + log_mpidump ("value extracted from OAEP encoded data", *r_result); + gcry_free (frame); + + return rc; +} /* Internal function. */ static gcry_err_code_t @@ -1161,22 +1360,76 @@ sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, return err; } +static inline int +get_hash_algo (const char *s, size_t n) +{ + static const struct { const char *name; int algo; } hashnames[] = { + { "sha1", GCRY_MD_SHA1 }, + { "md5", GCRY_MD_MD5 }, + { "sha256", GCRY_MD_SHA256 }, + { "ripemd160", GCRY_MD_RMD160 }, + { "rmd160", GCRY_MD_RMD160 }, + { "sha384", GCRY_MD_SHA384 }, + { "sha512", GCRY_MD_SHA512 }, + { "sha224", GCRY_MD_SHA224 }, + { "md2", GCRY_MD_MD2 }, + { "md4", GCRY_MD_MD4 }, + { "tiger", GCRY_MD_TIGER }, + { "haval", GCRY_MD_HAVAL }, + { NULL, 0 } + }; + int algo; + int i; + + for (i=0; hashnames[i].name; i++) + { + if ( strlen (hashnames[i].name) == n + && !memcmp (hashnames[i].name, s, n)) + break; + } + if (hashnames[i].name) + algo = hashnames[i].algo; + else + { + /* In case of not listed or dynamically allocated hash + algorithm we fall back to this somewhat slower + method. Further, it also allows to use OIDs as + algorithm names. */ + char *tmpname; + + tmpname = gcry_malloc (n+1); + if (!tmpname) + algo = 0; /* Out of core - silently give up. */ + else + { + memcpy (tmpname, s, n); + tmpname[n] = 0; + algo = gcry_md_map_name (tmpname); + gcry_free (tmpname); + } + } + return algo; +} + /**************** * Take sexp and return an array of MPI as used for our internal decrypt * function. * s_data = (enc-val - * [(flags [pkcs1])] + * [(flags [raw, pkcs1, oaep, no-blinding, unpad])] + * [(hash-algo )] + * [(label