From cvs at cvs.gnupg.org Mon Jul 1 21:17:46 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 01 Jul 2013 21:17:46 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.20-11-ga139884
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via a1398844adb84392f4a1da6db2e50b914a1aada1 (commit)
via e0659690186f833e0e91b0a1cfef655c2d10ed87 (commit)
via b4cb20cfc3fe2296a163355f386544096e48c147 (commit)
via 4b4df62eaf7f46f83540536bfa373e78be2a6d7d (commit)
via cf7f9303272db65465ff45348cf18f7298e41e30 (commit)
via 901162579119585ebd3df9001b0370e6d32934ab (commit)
via 336112e519079f43278a8ca8c2937417bc667d8f (commit)
via fc7d033d8e62f6a289fdf7dba26af076accb5fd2 (commit)
via 7ce72c97bfe1ab2f58248a6afe629aafa20d058b (commit)
from 8ddf604659b93754ffa6dea295678a8adc293f90 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a1398844adb84392f4a1da6db2e50b914a1aada1
Author: Werner Koch
Date: Mon Jul 1 20:49:50 2013 +0200
Update NEWS.
--
diff --git a/NEWS b/NEWS
index bf6e11c..4295ee9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
Noteworthy changes in version 2.0.21 (unreleased)
-------------------------------------------------
+ * The included ssh agent does now support ECDSA keys.
+
+
Noteworthy changes in version 2.0.20 (2013-05-10)
-------------------------------------------------
commit e0659690186f833e0e91b0a1cfef655c2d10ed87
Author: Werner Koch
Date: Mon Jul 1 20:34:55 2013 +0200
ssh: Mark unused arg.
* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Cast spec to
void.
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 826d175..5da1a71 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1248,6 +1248,8 @@ ssh_signature_encoder_ecdsa (ssh_key_type_spec_t *spec,
gpg_error_t err;
int i;
+ (void)spec;
+
innerlen = 0;
for (i = 0; i < DIM(data); i++)
{
commit b4cb20cfc3fe2296a163355f386544096e48c147
Author: Werner Koch
Date: Wed Dec 12 18:47:21 2012 +0100
ssh: Support ECDSA keys.
* agent/command-ssh.c (SPEC_FLAG_IS_ECDSA): New.
(struct ssh_key_type_spec): Add fields CURVE_NAME and HASH_ALGO.
(ssh_key_types): Add types ecdsa-sha2-nistp{256,384,521}.
(ssh_signature_encoder_t): Add arg spec and adjust all callers.
(ssh_signature_encoder_ecdsa): New.
(sexp_key_construct, sexp_key_extract, ssh_receive_key)
(ssh_convert_key_to_blob): Support ecdsa.
(ssh_identifier_from_curve_name): New.
(ssh_send_key_public): Retrieve and pass the curve_name.
(key_secret_to_public): Ditto.
(data_sign): Add arg SPEC and change callers to pass it.
(ssh_handler_sign_request): Get the hash algo from SPEC.
* common/ssh-utils.c (get_fingerprint): Support ecdsa.
* agent/protect.c (protect_info): Add flag ECC_HACK.
(agent_protect): Allow the use of the "curve" parameter.
* agent/t-protect.c (test_agent_protect): Add a test case for ecdsa.
* agent/command-ssh.c (ssh_key_grip): Print a better error code.
--
The 3 standard curves are now supported in gpg-agent's ssh-agent
protocol implementation. I tested this with all 3 curves and keys
generated by OpenSSH 5.9p1.
Using existing non-ssh generated keys will likely fail for now. To fix
this, the code should first undergo some more cleanup; then the fixes
are pretty straightforward. And yes, the data structures are way too
complicated.
(cherry picked from commit 649b31c663b8674bc874b4ef283d714a13dc8cfe)
Solved conflicts:
agent/protect.c
agent/t-protect.c
common/ssh-utils.c (different variabale name)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 6b73a5d..826d175 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -17,7 +17,18 @@
* along with this program; if not, see .
*/
-/* Only v2 of the ssh-agent protocol is implemented. */
+/* Only v2 of the ssh-agent protocol is implemented. Relevant RFCs
+ are:
+
+ RFC-4250 - Protocol Assigned Numbers
+ RFC-4251 - Protocol Architecture
+ RFC-4252 - Authentication Protocol
+ RFC-4253 - Transport Layer Protocol
+ RFC-5656 - ECC support
+
+ The protocol for the agent is defined in OpenSSH's PROTOCL.agent
+ file.
+ */
#include
@@ -62,6 +73,7 @@
#define SSH_DSA_SIGNATURE_PADDING 20
#define SSH_DSA_SIGNATURE_ELEMS 2
#define SPEC_FLAG_USE_PKCS1V2 (1 << 0)
+#define SPEC_FLAG_IS_ECDSA (1 << 1)
/* The name of the control file. */
#define SSH_CONTROL_FILE_NAME "sshcontrol"
@@ -100,6 +112,10 @@ typedef gpg_error_t (*ssh_request_handler_t) (ctrl_t ctrl,
estream_t request,
estream_t response);
+
+struct ssh_key_type_spec;
+typedef struct ssh_key_type_spec ssh_key_type_spec_t;
+
/* Type, which is used for associating request handlers with the
appropriate request IDs. */
typedef struct ssh_request_spec
@@ -120,12 +136,13 @@ typedef gpg_error_t (*ssh_key_modifier_t) (const char *elems,
/* The encoding of a generated signature is dependent on the
algorithm; therefore algorithm specific signature encoding
functions are necessary. */
-typedef gpg_error_t (*ssh_signature_encoder_t) (estream_t signature_blob,
+typedef gpg_error_t (*ssh_signature_encoder_t) (ssh_key_type_spec_t *spec,
+ estream_t signature_blob,
gcry_mpi_t *mpis);
/* Type, which is used for boundling all the algorithm specific
information together in a single object. */
-typedef struct ssh_key_type_spec
+struct ssh_key_type_spec
{
/* Algorithm identifier as used by OpenSSH. */
const char *ssh_identifier;
@@ -158,9 +175,16 @@ typedef struct ssh_key_type_spec
algorithm. */
ssh_signature_encoder_t signature_encoder;
+ /* The name of the ECC curve or NULL. */
+ const char *curve_name;
+
+ /* The hash algorithm to be used with this key. 0 for using the
+ default. */
+ int hash_algo;
+
/* Misc flags. */
unsigned int flags;
-} ssh_key_type_spec_t;
+};
/* An object used to access the sshcontrol file. */
@@ -205,10 +229,15 @@ static gpg_error_t ssh_handler_unlock (ctrl_t ctrl,
estream_t response);
static gpg_error_t ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis);
-static gpg_error_t ssh_signature_encoder_rsa (estream_t signature_blob,
+static gpg_error_t ssh_signature_encoder_rsa (ssh_key_type_spec_t *spec,
+ estream_t signature_blob,
gcry_mpi_t *mpis);
-static gpg_error_t ssh_signature_encoder_dsa (estream_t signature_blob,
+static gpg_error_t ssh_signature_encoder_dsa (ssh_key_type_spec_t *spec,
+ estream_t signature_blob,
gcry_mpi_t *mpis);
+static gpg_error_t ssh_signature_encoder_ecdsa (ssh_key_type_spec_t *spec,
+ estream_t signature_blob,
+ gcry_mpi_t *mpis);
@@ -241,13 +270,29 @@ static ssh_key_type_spec_t ssh_key_types[] =
{
"ssh-rsa", "rsa", "nedupq", "en", "s", "nedpqu",
ssh_key_modifier_rsa, ssh_signature_encoder_rsa,
- SPEC_FLAG_USE_PKCS1V2
+ NULL, 0, SPEC_FLAG_USE_PKCS1V2
},
{
"ssh-dss", "dsa", "pqgyx", "pqgy", "rs", "pqgyx",
NULL, ssh_signature_encoder_dsa,
- 0
+ NULL, 0, 0
+ },
+ {
+ "ecdsa-sha2-nistp256", "ecdsa", "qd", "q", "rs", "qd",
+ NULL, ssh_signature_encoder_ecdsa,
+ "nistp256", GCRY_MD_SHA256, SPEC_FLAG_IS_ECDSA
},
+ {
+ "ecdsa-sha2-nistp384", "ecdsa", "qd", "q", "rs", "qd",
+ NULL, ssh_signature_encoder_ecdsa,
+ "nistp384", GCRY_MD_SHA384, SPEC_FLAG_IS_ECDSA
+ },
+ {
+ "ecdsa-sha2-nistp521", "ecdsa", "qd", "q", "rs", "qd",
+ NULL, ssh_signature_encoder_ecdsa,
+ "nistp521", GCRY_MD_SHA512, SPEC_FLAG_IS_ECDSA
+ }
+
};
@@ -342,6 +387,7 @@ stream_write_byte (estream_t stream, unsigned char b)
return err;
}
+
/* Read a uint32 from STREAM, store it in UINT32. */
static gpg_error_t
stream_read_uint32 (estream_t stream, u32 *uint32)
@@ -432,8 +478,9 @@ stream_write_data (estream_t stream, const unsigned char *buffer, size_t size)
}
/* Read a binary string from STREAM into STRING, store size of string
- in STRING_SIZE; depending on SECURE use secure memory for
- string. */
+ in STRING_SIZE. Append a hidden nul so that the result may
+ directly be used as a C string. Depending on SECURE use secure
+ memory for STRING. */
static gpg_error_t
stream_read_string (estream_t stream, unsigned int secure,
unsigned char **string, u32 *string_size)
@@ -1115,13 +1162,16 @@ ssh_key_modifier_rsa (const char *elems, gcry_mpi_t *mpis)
/* Signature encoder function for RSA. */
static gpg_error_t
-ssh_signature_encoder_rsa (estream_t signature_blob, gcry_mpi_t *mpis)
+ssh_signature_encoder_rsa (ssh_key_type_spec_t *spec,
+ estream_t signature_blob, gcry_mpi_t *mpis)
{
unsigned char *data;
size_t data_n;
gpg_error_t err;
gcry_mpi_t s;
+ (void)spec;
+
s = mpis[0];
err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &data, &data_n, s);
@@ -1139,7 +1189,8 @@ ssh_signature_encoder_rsa (estream_t signature_blob, gcry_mpi_t *mpis)
/* Signature encoder function for DSA. */
static gpg_error_t
-ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis)
+ssh_signature_encoder_dsa (ssh_key_type_spec_t *spec,
+ estream_t signature_blob, gcry_mpi_t *mpis)
{
unsigned char buffer[SSH_DSA_SIGNATURE_PADDING * SSH_DSA_SIGNATURE_ELEMS];
unsigned char *data;
@@ -1147,8 +1198,12 @@ ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis)
gpg_error_t err;
int i;
+ (void)spec;
+
data = NULL;
+ /* FIXME: Why this complicated code? Why collecting boths mpis in a
+ buffer instead of writing them out one after the other? */
for (i = 0; i < 2; i++)
{
err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &data, &data_n, mpis[i]);
@@ -1181,23 +1236,63 @@ ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis)
return err;
}
+
+/* Signature encoder function for ECDSA. */
+static gpg_error_t
+ssh_signature_encoder_ecdsa (ssh_key_type_spec_t *spec,
+ estream_t stream, gcry_mpi_t *mpis)
+{
+ unsigned char *data[2] = {NULL, NULL};
+ size_t data_n[2];
+ size_t innerlen;
+ gpg_error_t err;
+ int i;
+
+ innerlen = 0;
+ for (i = 0; i < DIM(data); i++)
+ {
+ err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &data[i], &data_n[i], mpis[i]);
+ if (err)
+ goto out;
+ innerlen += 4 + data_n[i];
+ }
+
+ err = stream_write_uint32 (stream, innerlen);
+ if (err)
+ goto out;
+
+ for (i = 0; i < DIM(data); i++)
+ {
+ err = stream_write_string (stream, data[i], data_n[i]);
+ if (err)
+ goto out;
+ }
+
+ out:
+ for (i = 0; i < DIM(data); i++)
+ xfree (data[i]);
+ return err;
+}
+
+
/*
S-Expressions.
*/
/* This function constructs a new S-Expression for the key identified
- by the KEY_SPEC, SECRET, MPIS and COMMENT, which is to be stored in
- *SEXP. Returns usual error code. */
+ by the KEY_SPEC, SECRET, CURVE_NAME, MPIS, and COMMENT, which is to
+ be stored at R_SEXP. Returns an error code. */
static gpg_error_t
sexp_key_construct (gcry_sexp_t *r_sexp,
ssh_key_type_spec_t key_spec, int secret,
- gcry_mpi_t *mpis, const char *comment)
+ const char *curve_name, gcry_mpi_t *mpis,
+ const char *comment)
{
const char *key_identifier[] = { "public-key", "private-key" };
gpg_error_t err;
gcry_sexp_t sexp_new = NULL;
- char *formatbuf = NULL;
+ void *formatbuf = NULL;
void **arg_list = NULL;
int arg_idx;
estream_t format;
@@ -1220,7 +1315,7 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
/* Key identifier, algorithm identifier, mpis, comment, and a NULL
as a safeguard. */
- arg_list = xtrymalloc (sizeof (*arg_list) * (2 + elems_n + 1 + 1));
+ arg_list = xtrymalloc (sizeof (*arg_list) * (2 + 1 + elems_n + 1 + 1));
if (!arg_list)
{
err = gpg_error_from_syserror ();
@@ -1231,6 +1326,11 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
es_fputs ("(%s(%s", format);
arg_list[arg_idx++] = &key_identifier[secret];
arg_list[arg_idx++] = &key_spec.identifier;
+ if (curve_name)
+ {
+ es_fputs ("(curve%s)", format);
+ arg_list[arg_idx++] = &curve_name;
+ }
for (i = 0; i < elems_n; i++)
{
@@ -1262,7 +1362,6 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
}
format = NULL;
- log_debug ("sexp formatbuf='%s' nargs=%d\n", formatbuf, arg_idx);
err = gcry_sexp_build_array (&sexp_new, NULL, formatbuf, arg_list);
if (err)
goto out;
@@ -1282,34 +1381,28 @@ sexp_key_construct (gcry_sexp_t *r_sexp,
/* This functions breaks up the key contained in the S-Expression SEXP
according to KEY_SPEC. The MPIs are bundled in a newly create
list, which is to be stored in MPIS; a newly allocated string
- holding the comment will be stored in COMMENT; SECRET will be
- filled with a boolean flag specifying what kind of key it is.
- Returns usual error code. */
+ holding the curve name may be stored at RCURVE, and a comment will
+ be stored at COMMENT; SECRET will be filled with a boolean flag
+ specifying what kind of key it is. Returns an error code. */
static gpg_error_t
sexp_key_extract (gcry_sexp_t sexp,
ssh_key_type_spec_t key_spec, int *secret,
- gcry_mpi_t **mpis, char **comment)
+ gcry_mpi_t **mpis, char **r_curve, char **comment)
{
- gpg_error_t err;
- gcry_sexp_t value_list;
- gcry_sexp_t value_pair;
- gcry_sexp_t comment_list;
+ gpg_error_t err = 0;
+ gcry_sexp_t value_list = NULL;
+ gcry_sexp_t value_pair = NULL;
+ gcry_sexp_t comment_list = NULL;
unsigned int i;
- char *comment_new;
+ char *comment_new = NULL;
const char *data;
size_t data_n;
int is_secret;
size_t elems_n;
const char *elems;
- gcry_mpi_t *mpis_new;
+ gcry_mpi_t *mpis_new = NULL;
gcry_mpi_t mpi;
-
- err = 0;
- value_list = NULL;
- value_pair = NULL;
- comment_list = NULL;
- comment_new = NULL;
- mpis_new = NULL;
+ char *curve_name = NULL;
data = gcry_sexp_nth_data (sexp, 0, &data_n);
if (! data)
@@ -1375,6 +1468,51 @@ sexp_key_extract (gcry_sexp_t sexp,
if (err)
goto out;
+ if ((key_spec.flags & SPEC_FLAG_IS_ECDSA))
+ {
+ /* Parse the "curve" parameter. We currently expect the curve
+ name for ECC and not the parameters of the curve. This can
+ easily be changed but then we need to find the curve name
+ from the parameters using gcry_pk_get_curve. */
+ const char *mapped;
+
+ value_pair = gcry_sexp_find_token (value_list, "curve", 5);
+ if (!value_pair)
+ {
+ err = gpg_error (GPG_ERR_INV_CURVE);
+ goto out;
+ }
+ curve_name = gcry_sexp_nth_string (value_pair, 1);
+ if (!curve_name)
+ {
+ err = gpg_error (GPG_ERR_INV_CURVE); /* (Or out of core.) */
+ goto out;
+ }
+
+ /* Fixme: The mapping should be done by using gcry_pk_get_curve
+ et al to iterate over all name aliases. */
+ if (!strcmp (curve_name, "NIST P-256"))
+ mapped = "nistp256";
+ else if (!strcmp (curve_name, "NIST P-384"))
+ mapped = "nistp384";
+ else if (!strcmp (curve_name, "NIST P-521"))
+ mapped = "nistp521";
+ else
+ mapped = NULL;
+ if (mapped)
+ {
+ xfree (curve_name);
+ curve_name = xtrystrdup (mapped);
+ if (!curve_name)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+ }
+ gcry_sexp_release (value_pair);
+ value_pair = NULL;
+ }
+
/* We do not require a comment sublist to be present here. */
data = NULL;
data_n = 0;
@@ -1399,6 +1537,7 @@ sexp_key_extract (gcry_sexp_t sexp,
*secret = is_secret;
*mpis = mpis_new;
*comment = comment_new;
+ *r_curve = curve_name;
out:
@@ -1408,6 +1547,7 @@ sexp_key_extract (gcry_sexp_t sexp,
if (err)
{
+ xfree (curve_name);
xfree (comment_new);
mpint_list_free (mpis_new);
}
@@ -1494,6 +1634,24 @@ ssh_key_type_lookup (const char *ssh_name, const char *name,
return err;
}
+
+/* Lookup the ssh-identifier for the ECC curve CURVE_NAME. Returns
+ NULL if not found. */
+static const char *
+ssh_identifier_from_curve_name (const char *curve_name)
+{
+ int i;
+
+ for (i = 0; i < DIM (ssh_key_types); i++)
+ if (ssh_key_types[i].curve_name
+ && !strcmp (ssh_key_types[i].curve_name, curve_name))
+ return ssh_key_types[i].ssh_identifier;
+
+ return NULL;
+}
+
+
+
/* Receive a key from STREAM, according to the key specification given
as KEY_SPEC. Depending on SECRET, receive a secret or a public
key. If READ_COMMENT is true, receive a comment string as well.
@@ -1510,6 +1668,8 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
ssh_key_type_spec_t spec;
gcry_mpi_t *mpi_list = NULL;
const char *elems;
+ char *curve_name = NULL;
+
err = stream_read_cstring (stream, &key_type);
@@ -1520,6 +1680,50 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
if (err)
goto out;
+ if ((spec.flags & SPEC_FLAG_IS_ECDSA))
+ {
+ /* The format of an ECDSA key is:
+ * string key_type ("ecdsa-sha2-nistp256" |
+ * "ecdsa-sha2-nistp384" |
+ * "ecdsa-sha2-nistp521" )
+ * string ecdsa_curve_name
+ * string ecdsa_public_key
+ * mpint ecdsa_private
+ *
+ * Note that we use the mpint reader instead of the string
+ * reader for ecsa_public_key.
+ */
+ unsigned char *buffer;
+ const char *mapped;
+
+ err = stream_read_string (stream, 0, &buffer, NULL);
+ if (err)
+ goto out;
+ curve_name = buffer;
+ /* Fixme: Check that curve_name matches the keytype. */
+ /* Because Libgcrypt < 1.6 has no support for the "nistpNNN"
+ curve names, we need to translate them here to Libgcrypt's
+ native names. */
+ if (!strcmp (curve_name, "nistp256"))
+ mapped = "NIST P-256";
+ else if (!strcmp (curve_name, "nistp384"))
+ mapped = "NIST P-384";
+ else if (!strcmp (curve_name, "nistp521"))
+ mapped = "NIST P-521";
+ else
+ mapped = NULL;
+ if (mapped)
+ {
+ xfree (curve_name);
+ curve_name = xtrystrdup (mapped);
+ if (!curve_name)
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+ }
+ }
+
err = ssh_receive_mpint_list (stream, secret, spec, &mpi_list);
if (err)
goto out;
@@ -1543,7 +1747,8 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
goto out;
}
- err = sexp_key_construct (&key, spec, secret, mpi_list, comment? comment:"");
+ err = sexp_key_construct (&key, spec, secret, curve_name, mpi_list,
+ comment? comment:"");
if (err)
goto out;
@@ -1552,8 +1757,8 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
*key_new = key;
out:
-
mpint_list_free (mpi_list);
+ xfree (curve_name);
xfree (key_type);
xfree (comment);
@@ -1565,7 +1770,8 @@ ssh_receive_key (estream_t stream, gcry_sexp_t *key_new, int secret,
BLOB/BLOB_SIZE. Returns zero on success or an error code. */
static gpg_error_t
ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size,
- const char *type, gcry_mpi_t *mpis)
+ ssh_key_type_spec_t *spec,
+ const char *curve_name, gcry_mpi_t *mpis)
{
unsigned char *blob_new;
long int blob_size_new;
@@ -1587,14 +1793,31 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size,
goto out;
}
- err = stream_write_cstring (stream, type);
- if (err)
- goto out;
+ if ((spec->flags & SPEC_FLAG_IS_ECDSA) && curve_name)
+ {
+ const char *sshname = ssh_identifier_from_curve_name (curve_name);
+ if (!curve_name)
+ {
+ err = gpg_error (GPG_ERR_UNKNOWN_CURVE);
+ goto out;
+ }
+ err = stream_write_cstring (stream, sshname);
+ if (err)
+ goto out;
+ err = stream_write_cstring (stream, curve_name);
+ if (err)
+ goto out;
+ }
+ else
+ {
+ err = stream_write_cstring (stream, spec->ssh_identifier);
+ if (err)
+ goto out;
+ }
- for (i = 0; mpis[i] && (! err); i++)
- err = stream_write_mpi (stream, mpis[i]);
- if (err)
- goto out;
+ for (i = 0; mpis[i]; i++)
+ if ((err = stream_write_mpi (stream, mpis[i])))
+ goto out;
blob_size_new = es_ftell (stream);
if (blob_size_new == -1)
@@ -1636,22 +1859,19 @@ ssh_convert_key_to_blob (unsigned char **blob, size_t *blob_size,
OVERRIDE_COMMENT is not NULL, it will be used instead of the
comment stored in the key. */
static gpg_error_t
-ssh_send_key_public (estream_t stream, gcry_sexp_t key_public,
+ssh_send_key_public (estream_t stream,
+ gcry_sexp_t key_public,
const char *override_comment)
{
ssh_key_type_spec_t spec;
- gcry_mpi_t *mpi_list;
- char *key_type;
- char *comment;
- unsigned char *blob;
+ gcry_mpi_t *mpi_list = NULL;
+ char *key_type = NULL;
+ char *curve;
+ char *comment = NULL;
+ unsigned char *blob = NULL;
size_t blob_n;
gpg_error_t err;
- key_type = NULL;
- mpi_list = NULL;
- comment = NULL;
- blob = NULL;
-
err = sexp_extract_identifier (key_public, &key_type);
if (err)
goto out;
@@ -1660,12 +1880,11 @@ ssh_send_key_public (estream_t stream, gcry_sexp_t key_public,
if (err)
goto out;
- err = sexp_key_extract (key_public, spec, NULL, &mpi_list, &comment);
+ err = sexp_key_extract (key_public, spec, NULL, &mpi_list, &curve, &comment);
if (err)
goto out;
- err = ssh_convert_key_to_blob (&blob, &blob_n,
- spec.ssh_identifier, mpi_list);
+ err = ssh_convert_key_to_blob (&blob, &blob_n, &spec, curve, mpi_list);
if (err)
goto out;
@@ -1679,8 +1898,9 @@ ssh_send_key_public (estream_t stream, gcry_sexp_t key_public,
out:
mpint_list_free (mpi_list);
- xfree (key_type);
+ xfree (curve);
xfree (comment);
+ xfree (key_type);
xfree (blob);
return err;
@@ -1733,7 +1953,10 @@ static gpg_error_t
ssh_key_grip (gcry_sexp_t key, unsigned char *buffer)
{
if (!gcry_pk_get_keygrip (key, buffer))
- return gpg_error (GPG_ERR_INTERNAL);
+ {
+ gpg_error_t err = gcry_pk_testkey (key);
+ return err? err : gpg_error (GPG_ERR_INTERNAL);
+ }
return 0;
}
@@ -1746,6 +1969,7 @@ static gpg_error_t
key_secret_to_public (gcry_sexp_t *key_public,
ssh_key_type_spec_t spec, gcry_sexp_t key_secret)
{
+ char *curve;
char *comment;
gcry_mpi_t *mpis;
gpg_error_t err;
@@ -1754,16 +1978,18 @@ key_secret_to_public (gcry_sexp_t *key_public,
comment = NULL;
mpis = NULL;
- err = sexp_key_extract (key_secret, spec, &is_secret, &mpis, &comment);
+ err = sexp_key_extract (key_secret, spec, &is_secret, &mpis,
+ &curve, &comment);
if (err)
goto out;
- err = sexp_key_construct (key_public, spec, 0, mpis, comment);
+ err = sexp_key_construct (key_public, spec, 0, curve, mpis, comment);
out:
mpint_list_free (mpis);
xfree (comment);
+ xfree (curve);
return err;
}
@@ -2136,7 +2362,7 @@ data_hash (unsigned char *data, size_t data_n,
signature in newly allocated memory in SIG and it's size in SIG_N;
SIG_ENCODER is the signature encoder to use. */
static gpg_error_t
-data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
+data_sign (ctrl_t ctrl, ssh_key_type_spec_t *spec,
unsigned char **sig, size_t *sig_n)
{
gpg_error_t err;
@@ -2147,10 +2373,6 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
gcry_mpi_t sig_value = NULL;
unsigned char *sig_blob = NULL;
size_t sig_blob_n = 0;
- char *identifier = NULL;
- const char *identifier_raw;
- size_t identifier_n;
- ssh_key_type_spec_t spec;
int ret;
unsigned int i;
const char *elems;
@@ -2229,29 +2451,11 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
goto out;
}
- identifier_raw = gcry_sexp_nth_data (valuelist, 0, &identifier_n);
- if (! identifier_raw)
- {
- err = gpg_error (GPG_ERR_INV_SEXP);
- goto out;
- }
-
- identifier = make_cstring (identifier_raw, identifier_n);
- if (! identifier)
- {
- err = gpg_error_from_syserror ();
- goto out;
- }
-
- err = ssh_key_type_lookup (NULL, identifier, &spec);
- if (err)
- goto out;
-
- err = stream_write_cstring (stream, spec.ssh_identifier);
+ err = stream_write_cstring (stream, spec->ssh_identifier);
if (err)
goto out;
- elems = spec.elems_signature;
+ elems = spec->elems_signature;
elems_n = strlen (elems);
mpis = xtrycalloc (elems_n + 1, sizeof *mpis);
@@ -2263,7 +2467,7 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
for (i = 0; i < elems_n; i++)
{
- sublist = gcry_sexp_find_token (valuelist, spec.elems_signature + i, 1);
+ sublist = gcry_sexp_find_token (valuelist, spec->elems_signature + i, 1);
if (! sublist)
{
err = gpg_error (GPG_ERR_INV_SEXP);
@@ -2284,7 +2488,7 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
if (err)
goto out;
- err = (*sig_encoder) (stream, mpis);
+ err = spec->signature_encoder (spec, stream, mpis);
if (err)
goto out;
@@ -2327,7 +2531,6 @@ data_sign (ctrl_t ctrl, ssh_signature_encoder_t sig_encoder,
gcry_sexp_release (signature_sexp);
gcry_sexp_release (sublist);
mpint_list_free (mpis);
- xfree (identifier);
return err;
}
@@ -2350,6 +2553,7 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
u32 flags;
gpg_error_t err;
gpg_error_t ret_err;
+ int hash_algo;
key_blob = NULL;
data = NULL;
@@ -2376,14 +2580,18 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
if (err)
goto out;
+ hash_algo = spec.hash_algo;
+ if (!hash_algo)
+ hash_algo = GCRY_MD_SHA1; /* Use the default. */
+
/* Hash data. */
- hash_n = gcry_md_get_algo_dlen (GCRY_MD_SHA1);
+ hash_n = gcry_md_get_algo_dlen (hash_algo);
if (! hash_n)
{
err = gpg_error (GPG_ERR_INTERNAL);
goto out;
}
- err = data_hash (data, data_size, GCRY_MD_SHA1, hash);
+ err = data_hash (data, data_size, hash_algo, hash);
if (err)
goto out;
@@ -2394,14 +2602,17 @@ ssh_handler_sign_request (ctrl_t ctrl, estream_t request, estream_t response)
/* Sign data. */
- ctrl->digest.algo = GCRY_MD_SHA1;
+ ctrl->digest.algo = hash_algo;
memcpy (ctrl->digest.value, hash, hash_n);
ctrl->digest.valuelen = hash_n;
- ctrl->digest.raw_value = ! (spec.flags & SPEC_FLAG_USE_PKCS1V2);
+ if ((spec.flags & SPEC_FLAG_USE_PKCS1V2))
+ ctrl->digest.raw_value = 0;
+ else
+ ctrl->digest.raw_value = 1;
ctrl->have_keygrip = 1;
memcpy (ctrl->keygrip, key_grip, 20);
- err = data_sign (ctrl, spec.signature_encoder, &sig, &sig_n);
+ err = data_sign (ctrl, &spec, &sig, &sig_n);
out:
@@ -2522,6 +2733,7 @@ reenter_compare_cb (struct pin_entry_info_s *pi)
return -1;
}
+
/* Store the ssh KEY into our local key storage and protect it after
asking for a passphrase. Cache that passphrase. TTL is the
maximum caching time for that key. If the key already exists in
@@ -2572,7 +2784,6 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm)
goto out;
}
-
pi = gcry_calloc_secure (2, sizeof (*pi) + 100 + 1);
if (!pi)
{
diff --git a/agent/protect.c b/agent/protect.c
index d4d7e00..2eefd6d 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -51,10 +51,14 @@ static struct {
const char *algo;
const char *parmlist;
int prot_from, prot_to;
+ int ecc_hack;
} protect_info[] = {
{ "rsa", "nedpqu", 2, 5 },
{ "dsa", "pqgyx", 4, 4 },
{ "elg", "pgyx", 3, 3 },
+ { "ecdsa","pabgnqd", 6, 6, 1 },
+ { "ecdh", "pabgnqd", 6, 6, 1 },
+ { "ecc", "pabgnqd", 6, 6, 1 },
{ NULL }
};
@@ -401,6 +405,8 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
unsigned char **result, size_t *resultlen)
{
int rc;
+ const char *parmlist;
+ int prot_from_idx, prot_to_idx;
const unsigned char *s;
const unsigned char *hash_begin, *hash_end;
const unsigned char *prot_begin, *prot_end, *real_end;
@@ -445,10 +451,13 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
if (!protect_info[infidx].algo)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
+ parmlist = protect_info[infidx].parmlist;
+ prot_from_idx = protect_info[infidx].prot_from;
+ prot_to_idx = protect_info[infidx].prot_to;
prot_begin = prot_end = NULL;
- for (i=0; (c=protect_info[infidx].parmlist[i]); i++)
+ for (i=0; (c=parmlist[i]); i++)
{
- if (i == protect_info[infidx].prot_from)
+ if (i == prot_from_idx)
prot_begin = s;
if (*s != '(')
return gpg_error (GPG_ERR_INV_SEXP);
@@ -458,7 +467,20 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (n != 1 || c != *s)
- return gpg_error (GPG_ERR_INV_SEXP);
+ {
+ if (n == 5 && !memcmp (s, "curve", 5)
+ && !i && protect_info[infidx].ecc_hack)
+ {
+ /* This is a private ECC key but the first parameter is
+ the name of the curve. We change the parameter list
+ here to the one we expect in this case. */
+ parmlist = "?qd";
+ prot_from_idx = 2;
+ prot_to_idx = 2;
+ }
+ else
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
s += n;
n = snext (&s);
if (!n)
@@ -467,7 +489,7 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
if (*s != ')')
return gpg_error (GPG_ERR_INV_SEXP);
depth--;
- if (i == protect_info[infidx].prot_to)
+ if (i == prot_to_idx)
prot_end = s;
s++;
}
@@ -484,7 +506,6 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
assert (!depth);
real_end = s-1;
-
/* Hash the stuff. Because the timestamp_exp won't get protected,
we can't simply hash a continuous buffer but need to use several
md_writes. */
diff --git a/agent/t-protect.c b/agent/t-protect.c
index 0e29caf..16ff7d7 100644
--- a/agent/t-protect.c
+++ b/agent/t-protect.c
@@ -137,7 +137,24 @@ test_agent_protect (void)
"\x9B\x7B\xE8\xDD\x1F\x87\x4E\x79\x7B\x50\x12\xA7\xB4\x8B\x52\x38\xEC\x7C\xBB\xB9"
"\x55\x87\x11\x1C\x74\xE7\x7F\xA0\xBA\xE3\x34\x5D\x61\xBF\x29\x29\x29\x00"
};
-
+
+ struct key_spec key_ecdsa_valid =
+ {
+ "\x28\x31\x31\x3A\x70\x72\x69\x76\x61\x74\x65\x2D\x6B\x65\x79\x28"
+ "\x35\x3A\x65\x63\x64\x73\x61\x28\x35\x3A\x63\x75\x72\x76\x65\x31"
+ "\x30\x3A\x4E\x49\x53\x54\x20\x50\x2D\x32\x35\x36\x29\x28\x31\x3A"
+ "\x71\x36\x35\x3A\x04\x64\x5A\x12\x6F\x86\x7C\x43\x87\x2B\x7C\xAF"
+ "\x77\xFE\xD8\x22\x31\xEA\xE6\x89\x9F\xAA\xEA\x63\x26\xBC\x49\xED"
+ "\x85\xC6\xD2\xC9\x8B\x38\xD2\x78\x75\xE6\x1C\x27\x57\x01\xC5\xA1"
+ "\xE3\xF9\x1F\xBE\xCF\xC1\x72\x73\xFE\xA4\x58\xB6\x6A\x92\x7D\x33"
+ "\x1D\x02\xC9\xCB\x12\x29\x28\x31\x3A\x64\x33\x33\x3A\x00\x81\x2D"
+ "\x69\x9A\x5F\x5B\x6F\x2C\x99\x61\x36\x15\x6B\x44\xD8\x06\xC1\x54"
+ "\xC1\x4C\xFB\x70\x6A\xB6\x64\x81\x78\xF3\x94\x2F\x30\x5D\x29\x29"
+ "\x28\x37\x3A\x63\x6F\x6D\x6D\x65\x6E\x74\x32\x32\x3A\x2F\x68\x6F"
+ "\x6D\x65\x2F\x77\x6B\x2F\x2E\x73\x73\x68\x2F\x69\x64\x5F\x65\x63"
+ "\x64\x73\x61\x29\x29"
+ };
+
struct
{
const char *key;
@@ -167,6 +184,9 @@ test_agent_protect (void)
{ key_rsa_bogus_1.string,
"passphrase", 0, 0, NULL, 0, GPG_ERR_INV_SEXP, NULL, 0 },
+ { key_ecdsa_valid.string,
+ "passphrase", 0, 0, NULL, 0, 0, NULL, 0 },
+
/* FIXME: add more test data. */
};
@@ -177,12 +197,12 @@ test_agent_protect (void)
&specs[i].result, &specs[i].resultlen);
if (gpg_err_code (ret) != specs[i].ret_expected)
{
- printf ("agent_protect() returned `%i/%s'; expected `%i/%s'\n",
- ret, gpg_strerror (ret),
+ printf ("agent_protect(%d) returned '%i/%s'; expected '%i/%s'\n",
+ i, ret, gpg_strerror (ret),
specs[i].ret_expected, gpg_strerror (specs[i].ret_expected));
abort ();
}
-
+
if (specs[i].no_result_expected)
{
assert (! specs[i].result);
@@ -234,14 +254,14 @@ static void
test_make_shadow_info (void)
{
#if 0
- static struct
+ static struct
{
- const char *snstr;
+ const char *snstr;
const char *idstr;
const char *expected;
} data[] = {
{ "", "", NULL },
-
+
};
int i;
unsigned char *result;
@@ -298,7 +318,7 @@ main (int argc, char **argv)
(void)argv;
gcry_control (GCRYCTL_DISABLE_SECMEM);
-
+
test_agent_protect ();
test_agent_unprotect ();
test_agent_private_key_type ();
diff --git a/common/ssh-utils.c b/common/ssh-utils.c
index e2de802..d8f057d 100644
--- a/common/ssh-utils.c
+++ b/common/ssh-utils.c
@@ -89,6 +89,34 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len,
elems = "pqgy";
gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
break;
+ case GCRY_PK_ECDSA:
+ /* We only support the 3 standard curves for now. It is just a
+ quick hack. */
+ elems = "q";
+ gcry_md_write (md, "\0\0\0\x13" "ecdsa-sha2-nistp", 20);
+ l2 = gcry_sexp_find_token (list, "curve", 0);
+ if (!l2)
+ elems = "";
+ else
+ {
+ gcry_free (name);
+ name = gcry_sexp_nth_string (l2, 1);
+ gcry_sexp_release (l2);
+ l2 = NULL;
+ if (!name)
+ elems = "";
+ else if (!strcmp (name, "NIST P-256") || !strcmp (name, "nistp256"))
+ gcry_md_write (md, "256\0\0\0\x08nistp256", 15);
+ else if (!strcmp (name, "NIST P-384") || !strcmp (name, "nistp384"))
+ gcry_md_write (md, "384\0\0\0\x08nistp521", 15);
+ else if (!strcmp (name, "NIST P-521") || !strcmp (name, "nistp521"))
+ gcry_md_write (md, "521\0\0\0\x08nistp521", 15);
+ else
+ elems = "";
+ }
+ if (!*elems)
+ err = gpg_err_make (errsource, GPG_ERR_UNKNOWN_CURVE);
+ break;
default:
elems = "";
err = gpg_err_make (errsource, GPG_ERR_PUBKEY_ALGO);
commit 4b4df62eaf7f46f83540536bfa373e78be2a6d7d
Author: Werner Koch
Date: Mon Jul 1 20:27:39 2013 +0200
estream: New function es_fclose_snatch.
* common/estream.c (cookie_ioctl_function_t): New type.
(es_fclose_snatch): New function.
(COOKIE_IOCTL_SNATCH_BUFFER): New constant.
(struct estream_internal): Add field FUNC_IOCTL.
(es_initialize): Clear FUNC_IOCTL.
(es_func_mem_ioctl): New function.
(es_fopenmem): Init FUNC_IOCTL.
--
(back ported from commit id 7737a2c269657189a583cde7f214f20871d264f8)
Signed-off-by: Werner Koch
diff --git a/common/estream.c b/common/estream.c
index 9c781a0..304e0e6 100644
--- a/common/estream.c
+++ b/common/estream.c
@@ -217,8 +217,16 @@ static int estream_pth_killed;
#define ES_DEFAULT_OPEN_MODE (S_IRUSR | S_IWUSR)
-/* An internal stream object. */
+/* A private cookie function to implement an internal IOCTL
+ service. */
+typedef int (*cookie_ioctl_function_t) (void *cookie, int cmd,
+ void *ptr, size_t *len);
+/* IOCTL commands for the private cookie function. */
+#define COOKIE_IOCTL_SNATCH_BUFFER 1
+
+
+/* An internal stream object. */
struct estream_internal
{
unsigned char buffer[BUFFER_BLOCK_SIZE];
@@ -232,6 +240,7 @@ struct estream_internal
es_cookie_read_function_t func_read;
es_cookie_write_function_t func_write;
es_cookie_seek_function_t func_seek;
+ cookie_ioctl_function_t func_ioctl;
es_cookie_close_function_t func_close;
int strategy;
int fd;
@@ -773,6 +782,34 @@ es_func_mem_seek (void *cookie, off_t *offset, int whence)
}
+/* An IOCTL function for memory objects. */
+static int
+es_func_mem_ioctl (void *cookie, int cmd, void *ptr, size_t *len)
+{
+ estream_cookie_mem_t mem_cookie = cookie;
+ int ret;
+
+ if (cmd == COOKIE_IOCTL_SNATCH_BUFFER)
+ {
+ /* Return the internal buffer of the stream to the caller and
+ invalidate it for the stream. */
+ *(void**)ptr = mem_cookie->memory;
+ *len = mem_cookie->offset;
+ mem_cookie->memory = NULL;
+ mem_cookie->memory_size = 0;
+ mem_cookie->offset = 0;
+ ret = 0;
+ }
+ else
+ {
+ _set_errno (EINVAL);
+ ret = -1;
+ }
+
+ return ret;
+}
+
+
/* Destroy function for memory objects. */
static int
es_func_mem_destroy (void *cookie)
@@ -1312,6 +1349,7 @@ es_initialize (estream_t stream,
stream->intern->func_read = functions.func_read;
stream->intern->func_write = functions.func_write;
stream->intern->func_seek = functions.func_seek;
+ stream->intern->func_ioctl = NULL;
stream->intern->func_close = functions.func_close;
stream->intern->strategy = _IOFBF;
stream->intern->fd = fd;
@@ -2317,6 +2355,9 @@ es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode)
if (es_create (&stream, cookie, -1, estream_functions_mem, modeflags, 0))
(*estream_functions_mem.func_close) (cookie);
+ if (stream)
+ stream->intern->func_ioctl = es_func_mem_ioctl;
+
return stream;
}
@@ -2604,6 +2645,66 @@ es_fclose (estream_t stream)
return err;
}
+
+/* This is a special version of es_fclose which can be used with
+ es_fopenmem to return the memory buffer. This is feature is useful
+ to write to a memory buffer using estream. Note that the function
+ does not close the stream if the stream does not support snatching
+ the buffer. On error NULL is stored at R_BUFFER. Note that if no
+ write operation has happened, NULL may also be stored at BUFFER on
+ success. The caller needs to release the returned memory using
+ es_free. */
+int
+es_fclose_snatch (estream_t stream, void **r_buffer, size_t *r_buflen)
+{
+ int err;
+
+ /* Note: There is no need to lock the stream in a close call. The
+ object will be destroyed after the close and thus any other
+ contender for the lock would work on a closed stream. */
+
+ if (r_buffer)
+ {
+ cookie_ioctl_function_t func_ioctl = stream->intern->func_ioctl;
+ size_t buflen;
+
+ *r_buffer = NULL;
+
+ if (!func_ioctl)
+ {
+ _set_errno (EOPNOTSUPP);
+ err = -1;
+ goto leave;
+ }
+
+ if (stream->flags.writing)
+ {
+ err = es_flush (stream);
+ if (err)
+ goto leave;
+ stream->flags.writing = 0;
+ }
+
+ err = func_ioctl (stream->intern->cookie, COOKIE_IOCTL_SNATCH_BUFFER,
+ r_buffer, &buflen);
+ if (err)
+ goto leave;
+ if (r_buflen)
+ *r_buflen = buflen;
+ }
+
+ err = es_destroy (stream, 0);
+
+ leave:
+ if (err && r_buffer)
+ {
+ mem_free (*r_buffer);
+ *r_buffer = NULL;
+ }
+ return err;
+}
+
+
int
es_fileno_unlocked (estream_t stream)
{
diff --git a/common/estream.h b/common/estream.h
index 69f19f4..f72e4c6 100644
--- a/common/estream.h
+++ b/common/estream.h
@@ -85,6 +85,7 @@
#define es_freopen _ESTREAM_PREFIX(es_freopen)
#define es_fopencookie _ESTREAM_PREFIX(es_fopencookie)
#define es_fclose _ESTREAM_PREFIX(es_fclose)
+#define es_fclose_snatch _ESTREAM_PREFIX(es_fclose_snatch)
#define es_fileno _ESTREAM_PREFIX(es_fileno)
#define es_fileno_unlocked _ESTREAM_PREFIX(es_fileno_unlocked)
#define es_flockfile _ESTREAM_PREFIX(es_flockfile)
@@ -253,6 +254,7 @@ estream_t es_fopencookie (void *ES__RESTRICT cookie,
const char *ES__RESTRICT mode,
es_cookie_io_functions_t functions);
int es_fclose (estream_t stream);
+int es_fclose_snatch (estream_t stream, void **r_buffer, size_t *r_buflen);
int es_fileno (estream_t stream);
int es_fileno_unlocked (estream_t stream);
commit cf7f9303272db65465ff45348cf18f7298e41e30
Author: Werner Koch
Date: Tue Dec 11 14:50:34 2012 +0100
ssh: Rewrite a function for better maintainability
* agent/command-ssh.c (ssh_signature_encoder_dsa): Rewrite.
--
Using es_fopenmem instead of a preallocated buffer is safer and easier
to read.
(cherry picked from commit f76a0312c3794afd81fe1e172df15eb0612deae0)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 18e155d..6b73a5d 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1190,65 +1190,51 @@ ssh_signature_encoder_dsa (estream_t signature_blob, gcry_mpi_t *mpis)
by the KEY_SPEC, SECRET, MPIS and COMMENT, which is to be stored in
*SEXP. Returns usual error code. */
static gpg_error_t
-sexp_key_construct (gcry_sexp_t *sexp,
+sexp_key_construct (gcry_sexp_t *r_sexp,
ssh_key_type_spec_t key_spec, int secret,
gcry_mpi_t *mpis, const char *comment)
{
const char *key_identifier[] = { "public-key", "private-key" };
- gcry_sexp_t sexp_new;
- char *sexp_template;
- size_t sexp_template_n;
gpg_error_t err;
+ gcry_sexp_t sexp_new = NULL;
+ char *formatbuf = NULL;
+ void **arg_list = NULL;
+ int arg_idx;
+ estream_t format;
const char *elems;
size_t elems_n;
- unsigned int i;
- unsigned int j;
- void **arg_list;
+ unsigned int i, j;
- err = 0;
- sexp_new = NULL;
- arg_list = NULL;
if (secret)
elems = key_spec.elems_sexp_order;
else
elems = key_spec.elems_key_public;
elems_n = strlen (elems);
- /*
- Calculate size for sexp_template_n:
-
- "(%s(%s)(comment%s))" -> 20 + sizeof ().
-
- mpi: (X%m) -> 5.
-
- */
- sexp_template_n = 20 + (elems_n * 5);
- sexp_template = xtrymalloc (sexp_template_n);
- if (! sexp_template)
+ format = es_fopenmem (0, "a+b");
+ if (!format)
{
err = gpg_error_from_syserror ();
goto out;
}
- /* Key identifier, algorithm identifier, mpis, comment. */
- arg_list = xtrymalloc (sizeof (*arg_list) * (2 + elems_n + 1));
- if (! arg_list)
+ /* Key identifier, algorithm identifier, mpis, comment, and a NULL
+ as a safeguard. */
+ arg_list = xtrymalloc (sizeof (*arg_list) * (2 + elems_n + 1 + 1));
+ if (!arg_list)
{
err = gpg_error_from_syserror ();
goto out;
}
+ arg_idx = 0;
- i = 0;
- arg_list[i++] = &key_identifier[secret];
- arg_list[i++] = &key_spec.identifier;
+ es_fputs ("(%s(%s", format);
+ arg_list[arg_idx++] = &key_identifier[secret];
+ arg_list[arg_idx++] = &key_spec.identifier;
- *sexp_template = 0;
- sexp_template_n = 0;
- sexp_template_n = sprintf (sexp_template + sexp_template_n, "(%%s(%%s");
for (i = 0; i < elems_n; i++)
{
- sexp_template_n += sprintf (sexp_template + sexp_template_n, "(%c%%m)",
- elems[i]);
+ es_fprintf (format, "(%c%%m)", elems[i]);
if (secret)
{
for (j = 0; j < elems_n; j++)
@@ -1257,27 +1243,42 @@ sexp_key_construct (gcry_sexp_t *sexp,
}
else
j = i;
- arg_list[i + 2] = &mpis[j];
+ arg_list[arg_idx++] = &mpis[j];
}
- sexp_template_n += sprintf (sexp_template + sexp_template_n,
- ")(comment%%s))");
+ es_fputs (")(comment%s))", format);
+ arg_list[arg_idx++] = &comment;
+ arg_list[arg_idx] = NULL;
- arg_list[i + 2] = &comment;
+ es_putc (0, format);
+ if (es_ferror (format))
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+ if (es_fclose_snatch (format, &formatbuf, NULL))
+ {
+ err = gpg_error_from_syserror ();
+ goto out;
+ }
+ format = NULL;
- err = gcry_sexp_build_array (&sexp_new, NULL, sexp_template, arg_list);
+ log_debug ("sexp formatbuf='%s' nargs=%d\n", formatbuf, arg_idx);
+ err = gcry_sexp_build_array (&sexp_new, NULL, formatbuf, arg_list);
if (err)
goto out;
- *sexp = sexp_new;
+ *r_sexp = sexp_new;
+ err = 0;
out:
-
+ es_fclose (format);
xfree (arg_list);
- xfree (sexp_template);
+ xfree (formatbuf);
return err;
}
+
/* This functions breaks up the key contained in the S-Expression SEXP
according to KEY_SPEC. The MPIs are bundled in a newly create
list, which is to be stored in MPIS; a newly allocated string
commit 901162579119585ebd3df9001b0370e6d32934ab
Author: Werner Koch
Date: Mon Dec 10 18:27:23 2012 +0100
ssh: Improve key lookup for many keys.
* agent/command-ssh.c: Remove dirent.h.
(control_file_s): Add struct item.
(rewind_control_file): New.
(search_control_file): Factor code out to ...
(read_control_file_item): New.
(ssh_handler_request_identities): Change to iterate over entries in
sshcontrol.
--
Formerly we scanned the private key directory for matches of entries
in sshcontrol. This patch changes it to scan the sshcontrol file and
thus considers only keys configured there. The rationale for this is
that it is common to have only a few ssh keys but many private keys.
Even if that assumption does not hold true, the scanning of the
sshcontrol file is faster than reading the directory and only then
scanning the ssh control for each directory entry.
(cherry picked from commit d2777f84be0ded5906a9bec3bc23cfed0a9be02f)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 5be86be..18e155d 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -27,7 +27,6 @@
#include
#include
#include
-#include
#include
#include "agent.h"
@@ -169,6 +168,14 @@ struct control_file_s
{
char *fname; /* Name of the file. */
FILE *fp; /* This is never NULL. */
+ int lnr; /* The current line number. */
+ struct {
+ int valid; /* True if the data of this structure is valid. */
+ int disabled; /* The item is disabled. */
+ int ttl; /* The TTL of the item. */
+ int confirm; /* The confirm flag is set. */
+ char hexgrip[40+1]; /* The hexgrip of the item (uppercase). */
+ } item;
};
typedef struct control_file_s *control_file_t;
@@ -742,6 +749,15 @@ open_control_file (control_file_t *r_cf, int append)
static void
+rewind_control_file (control_file_t cf)
+{
+ fseek (cf->fp, 0, SEEK_SET);
+ cf->lnr = 0;
+ clearerr (cf->fp);
+}
+
+
+static void
close_control_file (control_file_t cf)
{
if (!cf)
@@ -752,29 +768,19 @@ close_control_file (control_file_t cf)
}
-/* Search the control file CF from the beginning until a matching
- HEXGRIP is found; return success in this case and store true at
- DISABLED if the found key has been disabled. If R_TTL is not NULL
- a specified TTL for that key is stored there. If R_CONFIRM is not
- NULL it is set to 1 if the key has the confirm flag set. */
+
+/* Read the next line from the control file and store the data in CF.
+ Returns 0 on success, GPG_ERR_EOF on EOF, or other error codes. */
static gpg_error_t
-search_control_file (control_file_t cf, const char *hexgrip,
- int *r_disabled, int *r_ttl, int *r_confirm)
+read_control_file_item (control_file_t cf)
{
int c, i, n;
char *p, *pend, line[256];
- long ttl;
- int lnr = 0;
+ long ttl = 0;
- assert (strlen (hexgrip) == 40 );
-
- if (r_confirm)
- *r_confirm = 0;
-
- fseek (cf->fp, 0, SEEK_SET);
+ cf->item.valid = 0;
clearerr (cf->fp);
- *r_disabled = 0;
- next_line:
+
do
{
if (!fgets (line, DIM(line)-1, cf->fp) )
@@ -783,7 +789,7 @@ search_control_file (control_file_t cf, const char *hexgrip,
return gpg_error (GPG_ERR_EOF);
return gpg_error_from_syserror ();
}
- lnr++;
+ cf->lnr++;
if (!*line || line[strlen(line)-1] != '\n')
{
@@ -800,35 +806,34 @@ search_control_file (control_file_t cf, const char *hexgrip,
}
while (!*p || *p == '\n' || *p == '#');
- *r_disabled = 0;
+ cf->item.disabled = 0;
if (*p == '!')
{
- *r_disabled = 1;
+ cf->item.disabled = 1;
for (p++; spacep (p); p++)
;
}
for (i=0; hexdigitp (p) && i < 40; p++, i++)
- if (hexgrip[i] != (*p >= 'a'? (*p & 0xdf): *p))
- goto next_line;
+ cf->item.hexgrip[i] = (*p >= 'a'? (*p & 0xdf): *p);
+ cf->item.hexgrip[i] = 0;
if (i != 40 || !(spacep (p) || *p == '\n'))
{
- log_error ("invalid formatted line in `%s', line %d\n", cf->fname, lnr);
+ log_error ("%s:%d: invalid formatted line\n", cf->fname, cf->lnr);
return gpg_error (GPG_ERR_BAD_DATA);
}
ttl = strtol (p, &pend, 10);
p = pend;
- if (!(spacep (p) || *p == '\n') || ttl < -1)
+ if (!(spacep (p) || *p == '\n') || (int)ttl < -1)
{
- log_error ("invalid TTL value in `%s', line %d; assuming 0\n",
- cf->fname, lnr);
- ttl = 0;
+ log_error ("%s:%d: invalid TTL value; assuming 0\n", cf->fname, cf->lnr);
+ cf->item.ttl = 0;
}
- if (r_ttl)
- *r_ttl = ttl;
+ cf->item.ttl = ttl;
/* Now check for key-value pairs of the form NAME[=VALUE]. */
+ cf->item.confirm = 0;
while (*p)
{
for (; spacep (p) && *p != '\n'; p++)
@@ -838,22 +843,68 @@ search_control_file (control_file_t cf, const char *hexgrip,
n = strcspn (p, "= \t\n");
if (p[n] == '=')
{
- log_error ("assigning a value to a flag is not yet supported; "
- "in `%s', line %d; flag ignored\n", cf->fname, lnr);
+ log_error ("%s:%d: assigning a value to a flag is not yet supported; "
+ "flag ignored\n", cf->fname, cf->lnr);
p++;
}
else if (n == 7 && !memcmp (p, "confirm", 7))
{
- if (r_confirm)
- *r_confirm = 1;
+ cf->item.confirm = 1;
}
else
- log_error ("invalid flag `%.*s' in `%s', line %d; ignored\n",
- n, p, cf->fname, lnr);
+ log_error ("%s:%d: invalid flag '%.*s'; ignored\n",
+ cf->fname, cf->lnr, n, p);
p += n;
}
- return 0; /* Okay: found it. */
+ /* log_debug ("%s:%d: grip=%s ttl=%d%s%s\n", */
+ /* cf->fname, cf->lnr, */
+ /* cf->item.hexgrip, cf->item.ttl, */
+ /* cf->item.disabled? " disabled":"", */
+ /* cf->item.confirm? " confirm":""); */
+
+ cf->item.valid = 1;
+ return 0; /* Okay: valid entry found. */
+}
+
+
+
+/* Search the control file CF from the beginning until a matching
+ HEXGRIP is found; return success in this case and store true at
+ DISABLED if the found key has been disabled. If R_TTL is not NULL
+ a specified TTL for that key is stored there. If R_CONFIRM is not
+ NULL it is set to 1 if the key has the confirm flag set. */
+static gpg_error_t
+search_control_file (control_file_t cf, const char *hexgrip,
+ int *r_disabled, int *r_ttl, int *r_confirm)
+{
+ gpg_error_t err;
+
+ assert (strlen (hexgrip) == 40 );
+
+ *r_disabled = 0;
+ if (r_ttl)
+ *r_ttl = 0;
+ if (r_confirm)
+ *r_confirm = 0;
+
+ rewind_control_file (cf);
+ while (!(err=read_control_file_item (cf)))
+ {
+ if (!cf->item.valid)
+ continue; /* Should not happen. */
+ if (!strcmp (hexgrip, cf->item.hexgrip))
+ break;
+ }
+ if (!err)
+ {
+ *r_disabled = cf->item.disabled;
+ if (r_ttl)
+ *r_ttl = cf->item.ttl;
+ if (r_confirm)
+ *r_confirm = cf->item.confirm;
+ }
+ return err;
}
@@ -1898,19 +1949,13 @@ static gpg_error_t
ssh_handler_request_identities (ctrl_t ctrl,
estream_t request, estream_t response)
{
- char *key_type;
ssh_key_type_spec_t spec;
- struct dirent *dir_entry;
- char *key_directory;
- size_t key_directory_n;
- char *key_path;
- unsigned char *buffer;
- size_t buffer_n;
+ char *key_fname = NULL;
+ char *fnameptr;
u32 key_counter;
estream_t key_blobs;
gcry_sexp_t key_secret;
gcry_sexp_t key_public;
- DIR *dir;
gpg_error_t err;
int ret;
control_file_t cf = NULL;
@@ -1921,14 +1966,9 @@ ssh_handler_request_identities (ctrl_t ctrl,
/* Prepare buffer stream. */
- key_directory = NULL;
key_secret = NULL;
key_public = NULL;
- key_type = NULL;
- key_path = NULL;
key_counter = 0;
- buffer = NULL;
- dir = NULL;
err = 0;
key_blobs = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
@@ -1938,34 +1978,6 @@ ssh_handler_request_identities (ctrl_t ctrl,
goto out;
}
- /* Open key directory. */
- key_directory = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, NULL);
- if (! key_directory)
- {
- err = gpg_err_code_from_errno (errno);
- goto out;
- }
- key_directory_n = strlen (key_directory);
-
- key_path = xtrymalloc (key_directory_n + 46);
- if (! key_path)
- {
- err = gpg_err_code_from_errno (errno);
- goto out;
- }
-
- sprintf (key_path, "%s/", key_directory);
- sprintf (key_path + key_directory_n + 41, ".key");
-
- dir = opendir (key_directory);
- if (! dir)
- {
- err = gpg_err_code_from_errno (errno);
- goto out;
- }
-
-
-
/* First check whether a key is currently available in the card
reader - this should be allowed even without being listed in
sshcontrol. */
@@ -1984,77 +1996,93 @@ ssh_handler_request_identities (ctrl_t ctrl,
}
- /* Then look at all the registered an allowed keys. */
+ /* Prepare buffer for key name construction. */
+ {
+ char *dname;
+ dname = make_filename (opt.homedir, GNUPG_PRIVATE_KEYS_DIR, NULL);
+ if (!dname)
+ {
+ err = gpg_err_code_from_syserror ();
+ goto out;
+ }
- /* Fixme: We should better iterate over the control file and check
- whether the key file is there. This is better in respect to
- performance if there are a lot of keys in our key storage. */
- /* FIXME: make sure that buffer gets deallocated properly. */
+ key_fname = xtrymalloc (strlen (dname) + 1 + 40 + 4 + 1);
+ if (!key_fname)
+ {
+ err = gpg_err_code_from_syserror ();
+ xfree (dname);
+ goto out;
+ }
+ fnameptr = stpcpy (stpcpy (key_fname, dname), "/");
+ xfree (dname);
+ }
+
+ /* Then look at all the registered and non-disabled keys. */
err = open_control_file (&cf, 0);
if (err)
goto out;
- while ( (dir_entry = readdir (dir)) )
+ while (!read_control_file_item (cf))
{
- if ((strlen (dir_entry->d_name) == 44)
- && (! strncmp (dir_entry->d_name + 40, ".key", 4)))
- {
- char hexgrip[41];
- int disabled;
-
- /* We do only want to return keys listed in our control
- file. */
- strncpy (hexgrip, dir_entry->d_name, 40);
- hexgrip[40] = 0;
- if ( strlen (hexgrip) != 40 )
- continue;
- if (search_control_file (cf, hexgrip, &disabled, NULL, NULL)
- || disabled)
- continue;
-
- strncpy (key_path + key_directory_n + 1, dir_entry->d_name, 40);
+ if (!cf->item.valid)
+ continue; /* Should not happen. */
+ if (cf->item.disabled)
+ continue;
+ assert (strlen (cf->item.hexgrip) == 40);
- /* Read file content. */
- err = file_to_buffer (key_path, &buffer, &buffer_n);
- if (err)
- goto out;
+ stpcpy (stpcpy (fnameptr, cf->item.hexgrip), ".key");
- err = gcry_sexp_sscan (&key_secret, NULL, (char*)buffer, buffer_n);
- if (err)
- goto out;
+ /* Read file content. */
+ {
+ unsigned char *buffer;
+ size_t buffer_n;
+
+ err = file_to_buffer (key_fname, &buffer, &buffer_n);
+ if (err)
+ {
+ log_error ("%s:%d: key '%s' skipped: %s\n",
+ cf->fname, cf->lnr, cf->item.hexgrip,
+ gpg_strerror (err));
+ continue;
+ }
- xfree (buffer);
- buffer = NULL;
+ err = gcry_sexp_sscan (&key_secret, NULL, (char*)buffer, buffer_n);
+ xfree (buffer);
+ if (err)
+ goto out;
+ }
- err = sexp_extract_identifier (key_secret, &key_type);
- if (err)
- goto out;
+ {
+ char *key_type = NULL;
- err = ssh_key_type_lookup (NULL, key_type, &spec);
- if (err)
- goto out;
+ err = sexp_extract_identifier (key_secret, &key_type);
+ if (err)
+ goto out;
- xfree (key_type);
- key_type = NULL;
+ err = ssh_key_type_lookup (NULL, key_type, &spec);
+ xfree (key_type);
+ if (err)
+ goto out;
+ }
- err = key_secret_to_public (&key_public, spec, key_secret);
- if (err)
- goto out;
+ err = key_secret_to_public (&key_public, spec, key_secret);
+ if (err)
+ goto out;
- gcry_sexp_release (key_secret);
- key_secret = NULL;
+ gcry_sexp_release (key_secret);
+ key_secret = NULL;
- err = ssh_send_key_public (key_blobs, key_public, NULL);
- if (err)
- goto out;
+ err = ssh_send_key_public (key_blobs, key_public, NULL);
+ if (err)
+ goto out;
- gcry_sexp_release (key_public);
- key_public = NULL;
+ gcry_sexp_release (key_public);
+ key_public = NULL;
- key_counter++;
- }
+ key_counter++;
}
+ err = 0;
ret = es_fseek (key_blobs, 0, SEEK_SET);
if (ret)
@@ -2064,43 +2092,27 @@ ssh_handler_request_identities (ctrl_t ctrl,
}
out:
-
/* Send response. */
gcry_sexp_release (key_secret);
gcry_sexp_release (key_public);
- if (! err)
+ if (!err)
{
ret_err = stream_write_byte (response, SSH_RESPONSE_IDENTITIES_ANSWER);
- if (ret_err)
- goto leave;
- ret_err = stream_write_uint32 (response, key_counter);
- if (ret_err)
- goto leave;
- ret_err = stream_copy (response, key_blobs);
- if (ret_err)
- goto leave;
+ if (!ret_err)
+ ret_err = stream_write_uint32 (response, key_counter);
+ if (!ret_err)
+ ret_err = stream_copy (response, key_blobs);
}
else
{
ret_err = stream_write_byte (response, SSH_RESPONSE_FAILURE);
- goto leave;
- };
-
- leave:
-
- if (key_blobs)
- es_fclose (key_blobs);
- if (dir)
- closedir (dir);
+ }
+ es_fclose (key_blobs);
close_control_file (cf);
-
- xfree (key_directory);
- xfree (key_path);
- xfree (buffer);
- xfree (key_type);
+ xfree (key_fname);
return ret_err;
}
commit 336112e519079f43278a8ca8c2937417bc667d8f
Author: Werner Koch
Date: Mon Dec 10 16:39:12 2012 +0100
ssh: Cleanup sshcontrol file access code.
* agent/command-ssh.c (SSH_CONTROL_FILE_NAME): New macro to replace
the direct use of the string.
(struct control_file_s, control_file_t): New.
(open_control_file, close_control_file): New. Use them instead of
using fopen/fclose directly.
--
(cherry picked from commit 25fb53ab4ae7e1c098500229c776d29b82713a20)
Fixed conflicts in some variabale names.
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index fe0980e..5be86be 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1,5 +1,5 @@
/* command-ssh.c - gpg-agent's ssh-agent emulation layer
- * Copyright (C) 2004, 2005, 2006, 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2004, 2005, 2006, 2009, 2012 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -64,6 +64,8 @@
#define SSH_DSA_SIGNATURE_ELEMS 2
#define SPEC_FLAG_USE_PKCS1V2 (1 << 0)
+/* The name of the control file. */
+#define SSH_CONTROL_FILE_NAME "sshcontrol"
/* The blurb we put into the header of a newly created control file. */
static const char sshcontrolblurb[] =
@@ -80,7 +82,6 @@ static const char sshcontrolblurb[] =
"\n";
-
/* Macros. */
/* Return a new uint32 with b0 being the most significant byte and b3
@@ -163,6 +164,16 @@ typedef struct ssh_key_type_spec
} ssh_key_type_spec_t;
+/* An object used to access the sshcontrol file. */
+struct control_file_s
+{
+ char *fname; /* Name of the file. */
+ FILE *fp; /* This is never NULL. */
+};
+typedef struct control_file_s *control_file_t;
+
+
+
/* Prototypes. */
static gpg_error_t ssh_handler_request_identities (ctrl_t ctrl,
estream_t request,
@@ -660,92 +671,124 @@ file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n)
-/* Open the ssh control file and create it if not available. With
+/* Open the ssh control file and create it if not available. With
APPEND passed as true the file will be opened in append mode,
- otherwise in read only mode. On success a file pointer is stored
- at the address of R_FP. */
+ otherwise in read only mode. On success 0 is returned and a new
+ control file object stored at R_CF. On error an error code is
+ returned and NULL is stored at R_CF. */
static gpg_error_t
-open_control_file (FILE **r_fp, int append)
+open_control_file (control_file_t *r_cf, int append)
{
gpg_error_t err;
- char *fname;
- FILE *fp;
+ control_file_t cf;
+
+ cf = xtrycalloc (1, sizeof *cf);
+ if (!cf)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
/* Note: As soon as we start to use non blocking functions here
(i.e. where Pth might switch threads) we need to employ a
mutex. */
- *r_fp = NULL;
- fname = make_filename (opt.homedir, "sshcontrol", NULL);
+ cf->fname = make_filename_try (opt.homedir, SSH_CONTROL_FILE_NAME, NULL);
+ if (!cf->fname)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
/* FIXME: With "a+" we are not able to check whether this will will
be created and thus the blurb needs to be written first. */
- fp = fopen (fname, append? "a+":"r");
- if (!fp && errno == ENOENT)
+ cf->fp = fopen (cf->fname, append? "a+":"r");
+ if (!cf->fp && errno == ENOENT)
{
- estream_t stream = es_fopen (fname, "wx,mode=-rw-r");
+ estream_t stream = es_fopen (cf->fname, "wx,mode=-rw-r");
if (!stream)
{
err = gpg_error_from_syserror ();
- log_error (_("can't create `%s': %s\n"), fname, gpg_strerror (err));
- xfree (fname);
- return err;
+ log_error (_("can't create `%s': %s\n"),
+ cf->fname, gpg_strerror (err));
+ goto leave;
}
es_fputs (sshcontrolblurb, stream);
es_fclose (stream);
- fp = fopen (fname, append? "a+":"r");
+ cf->fp = fopen (cf->fname, append? "a+":"r");
}
- if (!fp)
+ if (!cf->fp)
{
- err = gpg_error (gpg_err_code_from_errno (errno));
- log_error (_("can't open `%s': %s\n"), fname, gpg_strerror (err));
- xfree (fname);
- return err;
+ err = gpg_error_from_syserror ();
+ log_error (_("can't open `%s': %s\n"),
+ cf->fname, gpg_strerror (err));
+ goto leave;
}
- *r_fp = fp;
+ err = 0;
- return 0;
+ leave:
+ if (err && cf)
+ {
+ if (cf->fp)
+ fclose (cf->fp);
+ xfree (cf->fname);
+ xfree (cf);
+ }
+ else
+ *r_cf = cf;
+
+ return err;
+}
+
+
+static void
+close_control_file (control_file_t cf)
+{
+ if (!cf)
+ return;
+ fclose (cf->fp);
+ xfree (cf->fname);
+ xfree (cf);
}
-/* Search the file at stream FP from the beginning until a matching
+/* Search the control file CF from the beginning until a matching
HEXGRIP is found; return success in this case and store true at
DISABLED if the found key has been disabled. If R_TTL is not NULL
a specified TTL for that key is stored there. If R_CONFIRM is not
NULL it is set to 1 if the key has the confirm flag set. */
static gpg_error_t
-search_control_file (FILE *fp, const char *hexgrip,
+search_control_file (control_file_t cf, const char *hexgrip,
int *r_disabled, int *r_ttl, int *r_confirm)
{
int c, i, n;
char *p, *pend, line[256];
long ttl;
int lnr = 0;
- const char fname[] = "sshcontrol";
assert (strlen (hexgrip) == 40 );
if (r_confirm)
*r_confirm = 0;
- fseek (fp, 0, SEEK_SET);
- clearerr (fp);
+ fseek (cf->fp, 0, SEEK_SET);
+ clearerr (cf->fp);
*r_disabled = 0;
next_line:
do
{
- if (!fgets (line, DIM(line)-1, fp) )
+ if (!fgets (line, DIM(line)-1, cf->fp) )
{
- if (feof (fp))
+ if (feof (cf->fp))
return gpg_error (GPG_ERR_EOF);
- return gpg_error (gpg_err_code_from_errno (errno));
+ return gpg_error_from_syserror ();
}
lnr++;
if (!*line || line[strlen(line)-1] != '\n')
{
/* Eat until end of line */
- while ( (c=getc (fp)) != EOF && c != '\n')
+ while ( (c=getc (cf->fp)) != EOF && c != '\n')
;
return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
: GPG_ERR_INCOMPLETE_LINE);
@@ -770,7 +813,7 @@ search_control_file (FILE *fp, const char *hexgrip,
goto next_line;
if (i != 40 || !(spacep (p) || *p == '\n'))
{
- log_error ("invalid formatted line in `%s', line %d\n", fname, lnr);
+ log_error ("invalid formatted line in `%s', line %d\n", cf->fname, lnr);
return gpg_error (GPG_ERR_BAD_DATA);
}
@@ -779,7 +822,7 @@ search_control_file (FILE *fp, const char *hexgrip,
if (!(spacep (p) || *p == '\n') || ttl < -1)
{
log_error ("invalid TTL value in `%s', line %d; assuming 0\n",
- fname, lnr);
+ cf->fname, lnr);
ttl = 0;
}
if (r_ttl)
@@ -796,7 +839,7 @@ search_control_file (FILE *fp, const char *hexgrip,
if (p[n] == '=')
{
log_error ("assigning a value to a flag is not yet supported; "
- "in `%s', line %d; flag ignored\n", fname, lnr);
+ "in `%s', line %d; flag ignored\n", cf->fname, lnr);
p++;
}
else if (n == 7 && !memcmp (p, "confirm", 7))
@@ -806,7 +849,7 @@ search_control_file (FILE *fp, const char *hexgrip,
}
else
log_error ("invalid flag `%.*s' in `%s', line %d; ignored\n",
- n, p, fname, lnr);
+ n, p, cf->fname, lnr);
p += n;
}
@@ -825,16 +868,16 @@ add_control_entry (ctrl_t ctrl, const char *hexgrip, const char *fmtfpr,
int ttl, int confirm)
{
gpg_error_t err;
- FILE *fp;
+ control_file_t cf;
int disabled;
(void)ctrl;
- err = open_control_file (&fp, 1);
+ err = open_control_file (&cf, 1);
if (err)
return err;
- err = search_control_file (fp, hexgrip, &disabled, NULL, NULL);
+ err = search_control_file (cf, hexgrip, &disabled, NULL, NULL);
if (err && gpg_err_code(err) == GPG_ERR_EOF)
{
struct tm *tp;
@@ -843,15 +886,16 @@ add_control_entry (ctrl_t ctrl, const char *hexgrip, const char *fmtfpr,
/* Not yet in the file - add it. Because the file has been
opened in append mode, we simply need to write to it. */
tp = localtime (&atime);
- fprintf (fp, ("# Key added on: %04d-%02d-%02d %02d:%02d:%02d\n"
- "# Fingerprint: %s\n"
- "%s %d%s\n"),
+ fprintf (cf->fp,
+ ("# Key added on: %04d-%02d-%02d %02d:%02d:%02d\n"
+ "# Fingerprint: %s\n"
+ "%s %d%s\n"),
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec,
fmtfpr, hexgrip, ttl, confirm? " confirm":"");
}
- fclose (fp);
+ close_control_file (cf);
return 0;
}
@@ -860,20 +904,20 @@ add_control_entry (ctrl_t ctrl, const char *hexgrip, const char *fmtfpr,
static int
ttl_from_sshcontrol (const char *hexgrip)
{
- FILE *fp;
+ control_file_t cf;
int disabled, ttl;
if (!hexgrip || strlen (hexgrip) != 40)
return 0; /* Wrong input: Use global default. */
- if (open_control_file (&fp, 0))
+ if (open_control_file (&cf, 0))
return 0; /* Error: Use the global default TTL. */
- if (search_control_file (fp, hexgrip, &disabled, &ttl, NULL)
+ if (search_control_file (cf, hexgrip, &disabled, &ttl, NULL)
|| disabled)
ttl = 0; /* Use the global default if not found or disabled. */
- fclose (fp);
+ close_control_file (cf);
return ttl;
}
@@ -883,21 +927,21 @@ ttl_from_sshcontrol (const char *hexgrip)
static int
confirm_flag_from_sshcontrol (const char *hexgrip)
{
- FILE *fp;
+ control_file_t cf;
int disabled, confirm;
if (!hexgrip || strlen (hexgrip) != 40)
return 1; /* Wrong input: Better ask for confirmation. */
- if (open_control_file (&fp, 0))
+ if (open_control_file (&cf, 0))
return 1; /* Error: Better ask for confirmation. */
- if (search_control_file (fp, hexgrip, &disabled, NULL, &confirm)
+ if (search_control_file (cf, hexgrip, &disabled, NULL, &confirm)
|| disabled)
confirm = 0; /* If not found or disabled, there is no reason to
ask for confirmation. */
- fclose (fp);
+ close_control_file (cf);
return confirm;
}
@@ -1869,7 +1913,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
DIR *dir;
gpg_error_t err;
int ret;
- FILE *ctrl_fp = NULL;
+ control_file_t cf = NULL;
char *cardsn;
gpg_error_t ret_err;
@@ -1944,10 +1988,10 @@ ssh_handler_request_identities (ctrl_t ctrl,
/* Fixme: We should better iterate over the control file and check
- whether the key file is there. This is better in resepct to
- performance if tehre are a lot of key sin our key storage. */
+ whether the key file is there. This is better in respect to
+ performance if there are a lot of keys in our key storage. */
/* FIXME: make sure that buffer gets deallocated properly. */
- err = open_control_file (&ctrl_fp, 0);
+ err = open_control_file (&cf, 0);
if (err)
goto out;
@@ -1965,7 +2009,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
hexgrip[40] = 0;
if ( strlen (hexgrip) != 40 )
continue;
- if (search_control_file (ctrl_fp, hexgrip, &disabled, NULL, NULL)
+ if (search_control_file (cf, hexgrip, &disabled, NULL, NULL)
|| disabled)
continue;
@@ -2051,8 +2095,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
if (dir)
closedir (dir);
- if (ctrl_fp)
- fclose (ctrl_fp);
+ close_control_file (cf);
xfree (key_directory);
xfree (key_path);
commit fc7d033d8e62f6a289fdf7dba26af076accb5fd2
Author: Werner Koch
Date: Mon Jul 1 18:29:21 2013 +0200
ssh: Do not look for a card based ssh key if scdaemon is disabled.
* agent/command-ssh.c (ssh_handler_request_identities): Do not call
card_key_available if the scdaemon is disabled.
--
(back ported from commit id 781e9746dff21fc2721373205e63d1d09722d590)
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index e96d6f5..fe0980e 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -1926,7 +1926,8 @@ ssh_handler_request_identities (ctrl_t ctrl,
reader - this should be allowed even without being listed in
sshcontrol. */
- if (!card_key_available (ctrl, &key_public, &cardsn))
+ if (!opt.disable_scdaemon
+ && !card_key_available (ctrl, &key_public, &cardsn))
{
err = ssh_send_key_public (key_blobs, key_public, cardsn);
gcry_sexp_release (key_public);
commit 7ce72c97bfe1ab2f58248a6afe629aafa20d058b
Author: Werner Koch
Date: Mon Jul 1 18:08:56 2013 +0200
ssh: Make the mode extension "x" portable by a call to es_fopen.
* agent/command-ssh.c (open_control_file): Use_es_fopen to support
the "wx" mode flag.
--
This also patch also specifies a file mode parameter. However, this
will only be used with an updated version of es_stream which we have
not yet done.
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 2f96ef5..e96d6f5 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -681,18 +681,16 @@ open_control_file (FILE **r_fp, int append)
fp = fopen (fname, append? "a+":"r");
if (!fp && errno == ENOENT)
{
- /* Fixme: "x" is a GNU extension. We might want to use the es_
- functions here. */
- fp = fopen (fname, "wx");
- if (!fp)
+ estream_t stream = es_fopen (fname, "wx,mode=-rw-r");
+ if (!stream)
{
- err = gpg_error (gpg_err_code_from_errno (errno));
+ err = gpg_error_from_syserror ();
log_error (_("can't create `%s': %s\n"), fname, gpg_strerror (err));
xfree (fname);
return err;
}
- fputs (sshcontrolblurb, fp);
- fclose (fp);
+ es_fputs (sshcontrolblurb, stream);
+ es_fclose (stream);
fp = fopen (fname, append? "a+":"r");
}
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +
agent/command-ssh.c | 950 +++++++++++++++++++++++++++++++++------------------
agent/protect.c | 31 ++-
agent/t-protect.c | 36 ++-
common/estream.c | 103 ++++++-
common/estream.h | 2 +
common/ssh-utils.c | 28 ++
7 files changed, 798 insertions(+), 355 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jul 3 15:00:07 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 03 Jul 2013 15:00:07 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.20-17-g8b0cf1f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 8b0cf1f59e660b1562ca3421b784172df84b1c5d (commit)
via 0c01a0436961af5b427a8ace8e57d12be22dbc96 (commit)
via 9f32499f99a0817f63f7a73b09bdcebe60d4775d (commit)
via ed056d67c7c93306b68829f83a2565e978dcfd9b (commit)
via 27e403bff7a6e46a390ae5f3d63ea63701d1435d (commit)
via 9b8518ffc97696634cd6d493fed872a512993c52 (commit)
from a1398844adb84392f4a1da6db2e50b914a1aada1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8b0cf1f59e660b1562ca3421b784172df84b1c5d
Author: Werner Koch
Date: Wed Jul 3 13:40:16 2013 +0200
po: Auto updates.
--
diff --git a/po/be.po b/po/be.po
index d29db17..da9d281 100644
--- a/po/be.po
+++ b/po/be.po
@@ -345,7 +345,10 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "?????????????????? ????????????\n"
-msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
+msgstr ""
+
+msgid "enable putty support"
msgstr ""
msgid "|FILE|write environment settings also to FILE"
diff --git a/po/ca.po b/po/ca.po
index 9ccfa8a..b4957ad 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -375,8 +375,21 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "error en la creaci?? de la contrasenya: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+# G??nere? Nombre? ivb
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "no ??s suportat"
+
+# G??nere? Nombre? ivb
+# Werner FIXME: please add translator comment saying *what* is
+# uncompressed so we know the gender. jm
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "no ??s suportat"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7686,12 +7699,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "s'ha utilitzat una clau secreta incorrecta"
-# G??nere? Nombre? ivb
-# Werner FIXME: please add translator comment saying *what* is
-# uncompressed so we know the gender. jm
-#~ msgid "not supported"
-#~ msgstr "no ??s suportat"
-
#~ msgid "bad key"
#~ msgstr "la clau ??s incorrecta"
diff --git a/po/cs.po b/po/cs.po
index a94d3c9..688bcfd 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -373,9 +373,16 @@ msgstr "dovolit klient??m ozna??it kl????e za ???d??v??ryhodn?????"
msgid "allow presetting passphrase"
msgstr "umo??nit p??ednastaven?? hesla"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "zapnout emulaci ssh-agenta"
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "nepodporov??no"
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|SOUBOR|zapsat nastaven?? prost??ed?? t???? do SOUBORU"
@@ -7220,9 +7227,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "je pou??it ??patn?? tajn?? kl????"
-#~ msgid "not supported"
-#~ msgstr "nepodporov??no"
-
#~ msgid "bad key"
#~ msgstr "??patn?? kl????"
diff --git a/po/da.po b/po/da.po
index 3e9608b..365f6bd 100644
--- a/po/da.po
+++ b/po/da.po
@@ -358,9 +358,14 @@ msgstr "tillad klienter at markere n??gler som ??trusted?? (trov??rdige)"
msgid "allow presetting passphrase"
msgstr "tillad forh??ndsindstilling af adgangsfrase"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "aktiver ssh-agent-emulering"
+msgid "enable putty support"
+msgstr ""
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|FIL|skriv ogs?? milj??indstillinger til FIL"
diff --git a/po/el.po b/po/el.po
index 02fb3f7..afc6a69 100644
--- a/po/el.po
+++ b/po/el.po
@@ -352,8 +352,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "?????? ??? ?????????? ??? ?????? ??????: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "??? ?????????????"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "??? ?????????????"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7520,9 +7527,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "????? ????? ???????? ????????"
-#~ msgid "not supported"
-#~ msgstr "??? ?????????????"
-
#~ msgid "bad key"
#~ msgstr "???? ??????"
diff --git a/po/eo.po b/po/eo.po
index 89d5724..c3f568d 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -352,8 +352,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "eraro dum kreado de pasfrazo: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "ne realigita"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "ne realigita"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7415,9 +7422,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "mal?usta sekreta ?losilo uzata"
-#~ msgid "not supported"
-#~ msgstr "ne realigita"
-
#~ msgid "bad key"
#~ msgstr "malbona ?losilo"
diff --git a/po/es.po b/po/es.po
index af58643..b3e9654 100644
--- a/po/es.po
+++ b/po/es.po
@@ -372,9 +372,16 @@ msgstr "permitir que los clientes marquen claves como \"fiables\""
msgid "allow presetting passphrase"
msgstr "permitir preestablecer frase contrase?a"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "permitir emulaci?n de ssh-agent"
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "no disponible"
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|FICHERO|escribir variables de entorno tambi?n en FICHERO"
@@ -7332,9 +7339,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "clave secreta incorrecta"
-#~ msgid "not supported"
-#~ msgstr "no disponible"
-
#~ msgid "bad key"
#~ msgstr "clave incorrecta"
diff --git a/po/et.po b/po/et.po
index b4560ea..6a047e9 100644
--- a/po/et.po
+++ b/po/et.po
@@ -349,8 +349,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "viga parooli loomisel: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "ei ole toetatud"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "ei ole toetatud"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7417,9 +7424,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "kasutati valet salajast v?tit"
-#~ msgid "not supported"
-#~ msgstr "ei ole toetatud"
-
#~ msgid "bad key"
#~ msgstr "halb v?ti"
diff --git a/po/fi.po b/po/fi.po
index a33efa5..15d22f4 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -365,8 +365,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "virhe luotaessa salasanaa: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "ei tuettu"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "ei tuettu"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7502,9 +7509,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "k??ytetty salainen avain on v????r??"
-#~ msgid "not supported"
-#~ msgstr "ei tuettu"
-
#~ msgid "bad key"
#~ msgstr "avain ei kelpaa"
diff --git a/po/fr.po b/po/fr.po
index 17d33d5..61faa9b 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -356,9 +356,16 @@ msgstr "permettre de marquer la confiance des clefs"
msgid "allow presetting passphrase"
msgstr "permettre de pr??configurer la phrase de passe"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "activer l'??mulation de ssh-agent"
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "non pris en charge"
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|FICHIER|??crire aussi les r??glages d'env. dans FICHIER"
@@ -7339,9 +7346,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "mauvaise clef secr??te utilis??e"
-#~ msgid "not supported"
-#~ msgstr "non pris en charge"
-
#~ msgid "bad key"
#~ msgstr "mauvaise clef"
diff --git a/po/gl.po b/po/gl.po
index c54c55b..fb7a180 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -352,8 +352,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "erro ao crea-lo contrasinal: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "non est? soportado"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "non est? soportado"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7526,9 +7533,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "empregouse unha chave secreta err?nea"
-#~ msgid "not supported"
-#~ msgstr "non est? soportado"
-
#~ msgid "bad key"
#~ msgstr "chave incorrecta"
diff --git a/po/hu.po b/po/hu.po
index d63681d..2aa53f6 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -349,8 +349,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "Hiba a jelsz? l?trehoz?sakor: %s.\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "nem t?mogatott"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "nem t?mogatott"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7463,9 +7470,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "rossz titkos kulcs haszn?lata"
-#~ msgid "not supported"
-#~ msgstr "nem t?mogatott"
-
#~ msgid "bad key"
#~ msgstr "rossz kulcs"
diff --git a/po/id.po b/po/id.po
index 9a5b483..8cf6765 100644
--- a/po/id.po
+++ b/po/id.po
@@ -354,8 +354,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "kesalahan penciptaan passphrase: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "tidak didukung"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "tidak didukung"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7464,9 +7471,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "digunakan kunci rahasia yang salah"
-#~ msgid "not supported"
-#~ msgstr "tidak didukung"
-
#~ msgid "bad key"
#~ msgstr "kunci yang buruk"
diff --git a/po/it.po b/po/it.po
index 3b8b797..eed6c30 100644
--- a/po/it.po
+++ b/po/it.po
@@ -349,8 +349,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "errore nella creazione della passhprase: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "non gestito"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "non gestito"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7521,9 +7528,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "? stata usata la chiave segreta sbagliata"
-#~ msgid "not supported"
-#~ msgstr "non gestito"
-
#~ msgid "bad key"
#~ msgstr "chiave sbagliata"
diff --git a/po/ja.po b/po/ja.po
index d3ab450..6944f33 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -342,9 +342,14 @@ msgstr "???????????????????????????\"trusted\"?????????????????????????????????
msgid "allow presetting passphrase"
msgstr "?????????????????????????????????????????????"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "ssh-agent??????????????????????????????????????????"
+msgid "enable putty support"
+msgstr ""
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|FILE|FILE???????????????????????????????????????"
diff --git a/po/nb.po b/po/nb.po
index 8fd63eb..809016d 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -361,7 +361,10 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "feil ved opprettelse av passfrase: %s\n"
-msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
+msgstr ""
+
+msgid "enable putty support"
msgstr ""
msgid "|FILE|write environment settings also to FILE"
diff --git a/po/pl.po b/po/pl.po
index 27a4e95..62abfa5 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -352,9 +352,14 @@ msgstr "zezwolenie klientom na oznaczanie kluczy jako \"zaufanych\""
msgid "allow presetting passphrase"
msgstr "zezwolenie na predefiniowane has?o"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "w??czenie emulacji ssh-agenta"
+msgid "enable putty support"
+msgstr ""
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|PLIK|zapis ustawie? ?rodowiska tak?e do PLIKU"
diff --git a/po/pt.po b/po/pt.po
index 915bac2..302399f 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -353,8 +353,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "erro na cria??o da frase secreta: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "n?o suportado"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "n?o suportado"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7459,9 +7466,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "chave secreta incorrecta"
-#~ msgid "not supported"
-#~ msgstr "n?o suportado"
-
#~ msgid "bad key"
#~ msgstr "chave incorrecta"
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 523b5ec..0a1aff5 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -357,8 +357,17 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "erro na cria??o da frase secreta: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+# suportado ???
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "n?o suportado"
+
+# suportado ???
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "n?o suportado"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7289,10 +7298,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "chave secreta incorreta"
-# suportado ???
-#~ msgid "not supported"
-#~ msgstr "n?o suportado"
-
#~ msgid "bad key"
#~ msgstr "chave incorreta"
diff --git a/po/ro.po b/po/ro.po
index 173c800..6583ef9 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -363,8 +363,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "eroare la crearea frazei-parol?: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "nu este suportat(?)"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "nu este suportat(?)"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7413,9 +7420,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "a fost folosit? o cheie secret? gre?it?"
-#~ msgid "not supported"
-#~ msgstr "nu este suportat(?)"
-
#~ msgid "bad key"
#~ msgstr "cheie incorect?"
diff --git a/po/ru.po b/po/ru.po
index 99ef956..0d6e3b2 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -355,9 +355,14 @@ msgstr "?????????????????? ???????????????? ???????????????? ?????????? ?????? \
msgid "allow presetting passphrase"
msgstr "?????????????????? ?????????????????????????????????? ??????????-????????????"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "?????????????????? ???????????????? ssh-????????????"
+msgid "enable putty support"
+msgstr ""
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|FILE|?????????????????? ?????????????????? ?????????????????? ?? ?? ????????"
diff --git a/po/sk.po b/po/sk.po
index 004c07e..12be517 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -352,8 +352,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "chyba pri vytv?ran? hesla: %s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "nepodporovan?"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "nepodporovan?"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7482,9 +7489,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "bol pou?it? nespr?vny tajn? k???"
-#~ msgid "not supported"
-#~ msgstr "nepodporovan?"
-
#~ msgid "bad key"
#~ msgstr "nespr?vny k???"
diff --git a/po/sv.po b/po/sv.po
index b9c1ba4..9a62da2 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -372,9 +372,14 @@ msgstr "till??t klienter att markera nycklar som \"trusted\""
msgid "allow presetting passphrase"
msgstr "till??t f??rinst??llning av l??senfras"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "aktivera ssh-agent-emulering"
+msgid "enable putty support"
+msgstr ""
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|FIL|skriv ??ven milj??inst??llningar till FIL"
diff --git a/po/tr.po b/po/tr.po
index 40bcbbb..1c73672 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -347,9 +347,14 @@ msgstr "istemcilerin anahtarlar?? \"g??venilir\" olarak imlemesine izin verilir"
msgid "allow presetting passphrase"
msgstr "anahtar parolas??n??n ??nceden atanmas??na izin verilir"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "ssh-agent ??yk??n??m?? etkinle??ir"
+msgid "enable putty support"
+msgstr ""
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|DOSYA|ortam ayarlar??n?? ayr??ca DOSYAya da yazar"
diff --git a/po/uk.po b/po/uk.po
index e14cc6e..571c754 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -357,9 +357,14 @@ msgstr "?????????????????? ???????????????? ?????????????????? ?????????? ????
msgid "allow presetting passphrase"
msgstr "?????????????????? ?????????????????? ???????????????????????? ????????????"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "?????????????????? ???????????????? ssh-????????????"
+msgid "enable putty support"
+msgstr ""
+
msgid "|FILE|write environment settings also to FILE"
msgstr "???????????????? ?????????????????? ???????????????????? ?? ???? ??????????"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index f8ed174..7f1a90f 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -361,8 +361,15 @@ msgstr ""
msgid "allow presetting passphrase"
msgstr "????????????????????????????????????%s\n"
-msgid "enable ssh-agent emulation"
-msgstr ""
+#, fuzzy
+#| msgid "not supported"
+msgid "enable ssh support"
+msgstr "????????????"
+
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "????????????"
msgid "|FILE|write environment settings also to FILE"
msgstr ""
@@ -7183,9 +7190,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "????????????????????????"
-#~ msgid "not supported"
-#~ msgstr "????????????"
-
#~ msgid "bad key"
#~ msgstr "???????????????"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 5ffea7a..7c6df10 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -336,9 +336,16 @@ msgstr "????????????????????????????????? \"?????????\""
msgid "allow presetting passphrase"
msgstr "????????????????????????"
-msgid "enable ssh-agent emulation"
+#, fuzzy
+#| msgid "enable ssh-agent emulation"
+msgid "enable ssh support"
msgstr "?????? ssh-agent ??????"
+#, fuzzy
+#| msgid "not supported"
+msgid "enable putty support"
+msgstr "?????????"
+
msgid "|FILE|write environment settings also to FILE"
msgstr "|??????|????????????????????????????????????"
@@ -7006,9 +7013,6 @@ msgstr ""
#~ msgid "wrong secret key used"
#~ msgstr "?????????????????????"
-#~ msgid "not supported"
-#~ msgstr "?????????"
-
#~ msgid "bad key"
#~ msgstr "???????????????"
commit 0c01a0436961af5b427a8ace8e57d12be22dbc96
Author: Werner Koch
Date: Wed Jul 3 13:32:52 2013 +0200
Update the German translation.
diff --git a/po/de.po b/po/de.po
index cb89471..14ff5f1 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.18\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2013-04-24 09:33+0200\n"
+"PO-Revision-Date: 2013-07-03 13:32+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -359,8 +359,11 @@ msgstr "erlaube Aufrufern Schl??ssel als \"vertrauensw??rdig\" zu markieren"
msgid "allow presetting passphrase"
msgstr "erlaube ein \"preset\" von Passphrases"
-msgid "enable ssh-agent emulation"
-msgstr "Die ssh-agent-Emulation anschalten"
+msgid "enable ssh support"
+msgstr "Die ssh-agent Komponente anschalten"
+
+msgid "enable putty support"
+msgstr "Die Pageant Komponente anschalten"
msgid "|FILE|write environment settings also to FILE"
msgstr "|DATEI|Schreibe die Umgebungsvariablen auf DATEI"
commit 9f32499f99a0817f63f7a73b09bdcebe60d4775d
Author: Werner Koch
Date: Wed Jul 3 13:29:47 2013 +0200
ssh: Add support for Putty.
* agent/gpg-agent.c [W32]: Include Several Windows header.
(opts): Change help text for enable-ssh-support.
(opts, main): Add option --enable-putty-support
(putty_support, PUTTY_IPC_MAGIC, PUTTY_IPC_MAXLEN): New for W32.
(agent_init_default_ctrl): Add and asssert call.
(putty_message_proc, putty_message_thread): New.
(handle_connections) [W32]: Start putty message thread.
* common/sysutils.c (w32_get_user_sid): New for W32 only
* tools/gpgconf-comp.c (gc_options_gpg_agent): Add
--enable-ssh-support and --enable-putty-support. Make the
configuration group visible at basic level.
* agent/command-ssh.c (serve_mmapped_ssh_request): New for W32 only.
--
This patch enables support for Putty. It has been tested with Putty
0.62 using an Unix created ssh key copied to the private-keys-v1.d
directory on Windows and with a manually crafted sshcontrol file. It
also works with a smartcard key.
May thanks to gniibe who implemented a proxy in Python to test the
putty/gpg-agent communication.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index 4295ee9..adaa257 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,9 @@ Noteworthy changes in version 2.0.21 (unreleased)
* The included ssh agent does now support ECDSA keys.
+ * New option --enable-putty-support to allow gpg-agent to act as a
+ Pageant replacement including full smartcard support.
+
Noteworthy changes in version 2.0.20 (2013-05-10)
-------------------------------------------------
diff --git a/agent/agent.h b/agent/agent.h
index 15cf8bf..4afe6e9 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -220,6 +220,10 @@ gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...)
void bump_key_eventcounter (void);
void bump_card_eventcounter (void);
void start_command_handler (ctrl_t, gnupg_fd_t, gnupg_fd_t);
+#ifdef HAVE_W32_SYSTEM
+int serve_mmapped_ssh_request (ctrl_t ctrl,
+ unsigned char *request, size_t maxreqlen);
+#endif /*HAVE_W32_SYSTEM*/
/*-- command-ssh.c --*/
void start_command_handler_ssh (ctrl_t, gnupg_fd_t);
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 4cd3537..6533730 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3362,3 +3362,149 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
if (stream_sock)
es_fclose (stream_sock);
}
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Serve one ssh-agent request. This is used for the Putty support.
+ REQUEST is the the mmapped memory which may be accessed up to a
+ length of MAXREQLEN. Returns 0 on success which also indicates
+ that a valid SSH response message is now in REQUEST. */
+int
+serve_mmapped_ssh_request (ctrl_t ctrl,
+ unsigned char *request, size_t maxreqlen)
+{
+ gpg_error_t err;
+ int send_err = 0;
+ int valid_response = 0;
+ ssh_request_spec_t *spec;
+ u32 msglen;
+ estream_t request_stream, response_stream;
+
+ if (setup_ssh_env (ctrl))
+ goto leave; /* Error setting up the environment. */
+
+ if (maxreqlen < 5)
+ goto leave; /* Caller error. */
+
+ msglen = uint32_construct (request[0], request[1], request[2], request[3]);
+ if (msglen < 1 || msglen > maxreqlen - 4)
+ {
+ log_error ("ssh message len (%u) out of range", (unsigned int)msglen);
+ goto leave;
+ }
+
+ spec = request_spec_lookup (request[4]);
+ if (!spec)
+ {
+ send_err = 1; /* Unknown request type. */
+ goto leave;
+ }
+
+ /* Create a stream object with the data part of the request. */
+ if (spec->secret_input)
+ request_stream = es_mopen (NULL, 0, 0, 1, realloc_secure, gcry_free, "r+");
+ else
+ request_stream = es_mopen (NULL, 0, 0, 1, gcry_realloc, gcry_free, "r+");
+ if (!request_stream)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ /* We have to disable the estream buffering, because the estream
+ core doesn't know about secure memory. */
+ if (es_setvbuf (request_stream, NULL, _IONBF, 0))
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+ /* Copy the request to the stream but omit the request type. */
+ err = stream_write_data (request_stream, request + 5, msglen - 1);
+ if (err)
+ goto leave;
+ es_rewind (request_stream);
+
+ response_stream = es_fopenmem (0, "r+b");
+ if (!response_stream)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
+ if (opt.verbose)
+ log_info ("ssh request handler for %s (%u) started\n",
+ spec->identifier, spec->type);
+
+ err = (*spec->handler) (ctrl, request_stream, response_stream);
+
+ if (opt.verbose)
+ {
+ if (err)
+ log_info ("ssh request handler for %s (%u) failed: %s\n",
+ spec->identifier, spec->type, gpg_strerror (err));
+ else
+ log_info ("ssh request handler for %s (%u) ready\n",
+ spec->identifier, spec->type);
+ }
+
+ es_fclose (request_stream);
+ request_stream = NULL;
+
+ if (err)
+ {
+ send_err = 1;
+ goto leave;
+ }
+
+ /* Put the response back into the mmapped buffer. */
+ {
+ void *response_data;
+ size_t response_size;
+
+ /* NB: In contrast to the request-stream, the response stream
+ includes the the message type byte. */
+ if (es_fclose_snatch (response_stream, &response_data, &response_size))
+ {
+ log_error ("snatching ssh response failed: %s",
+ gpg_strerror (gpg_error_from_syserror ()));
+ send_err = 1; /* Ooops. */
+ goto leave;
+ }
+
+ if (opt.verbose > 1)
+ log_info ("sending ssh response of length %u\n",
+ (unsigned int)response_size);
+ if (response_size > maxreqlen - 4)
+ {
+ log_error ("invalid length of the ssh response: %s",
+ gpg_strerror (GPG_ERR_INTERNAL));
+ es_free (response_data);
+ send_err = 1;
+ goto leave;
+ }
+
+ request[0] = response_size >> 24;
+ request[1] = response_size >> 16;
+ request[2] = response_size >> 8;
+ request[3] = response_size >> 0;
+ memcpy (request+4, response_data, response_size);
+ es_free (response_data);
+ valid_response = 1;
+ }
+
+ leave:
+ if (send_err)
+ {
+ request[0] = 0;
+ request[1] = 0;
+ request[2] = 0;
+ request[3] = 1;
+ request[4] = SSH_RESPONSE_FAILURE;
+ valid_response = 1;
+ }
+
+ /* Reset the SCD in case it has been used. */
+ agent_reset_scd (ctrl);
+
+ return valid_response? 0 : -1;
+}
+#endif /*HAVE_W32_SYSTEM*/
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index ba25875..9d53de9 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -1,6 +1,7 @@
/* gpg-agent.c - The GnuPG Agent
* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
* 2006, 2007, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Werner Koch
*
* This file is part of GnuPG.
*
@@ -30,7 +31,16 @@
#include
#include
#include
-#ifndef HAVE_W32_SYSTEM
+#ifdef HAVE_W32_SYSTEM
+# ifndef WINVER
+# define WINVER 0x0500 /* Same as in common/sysutils.c */
+# endif
+# ifdef HAVE_WINSOCK2_H
+# include
+# endif
+# include
+# include
+#else /*!HAVE_W32_SYSTEM*/
# include
# include
#endif /*!HAVE_W32_SYSTEM*/
@@ -106,6 +116,7 @@ enum cmd_and_opt_values
oKeepTTY,
oKeepDISPLAY,
oSSHSupport,
+ oPuttySupport,
oDisableScdaemon,
oWriteEnvFile
};
@@ -177,7 +188,14 @@ static ARGPARSE_OPTS opts[] = {
N_("allow clients to mark keys as \"trusted\"")},
{ oAllowPresetPassphrase, "allow-preset-passphrase", 0,
N_("allow presetting passphrase")},
- { oSSHSupport, "enable-ssh-support", 0, N_("enable ssh-agent emulation") },
+ { oSSHSupport, "enable-ssh-support", 0, N_("enable ssh support") },
+ { oPuttySupport, "enable-putty-support", 0,
+#ifdef HAVE_W32_SYSTEM
+ N_("enable putty support")
+#else
+ "@"
+#endif
+ },
{ oWriteEnvFile, "write-env-file", 2|8,
N_("|FILE|write environment settings also to FILE")},
{0}
@@ -202,6 +220,17 @@ static ARGPARSE_OPTS opts[] = {
#endif
+#ifdef HAVE_W32_SYSTEM
+/* Flag indicating that support for Putty has been enabled. */
+static int putty_support;
+/* A magic value used with WM_COPYDATA. */
+#define PUTTY_IPC_MAGIC 0x804e50ba
+/* To avoid surprises we limit the size of the mapped IPC file to this
+ value. Putty currently (0.62) uses 8k, thus 16k should be enough
+ for the foreseeable future. */
+#define PUTTY_IPC_MAXLEN 16384
+#endif /*HAVE_W32_SYSTEM*/
+
/* The list of open file descriptors at startup. Note that this list
has been allocated using the standard malloc. */
static int *startup_fd_list;
@@ -805,6 +834,13 @@ main (int argc, char **argv )
case oKeepDISPLAY: opt.keep_display = 1; break;
case oSSHSupport: opt.ssh_support = 1; break;
+ case oPuttySupport:
+# ifdef HAVE_W32_SYSTEM
+ putty_support = 1;
+ opt.ssh_support = 1;
+# endif
+ break;
+
case oWriteEnvFile:
if (pargs.r_type)
env_file_name = pargs.r.ret_str;
@@ -928,6 +964,11 @@ main (int argc, char **argv )
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("disable-scdaemon:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
+#ifdef HAVE_W32_SYSTEM
+ printf ("enable-putty-support:%lu:\n", GC_OPT_FLAG_NONE);
+#else
+ printf ("enable-ssh-support:%lu:\n", GC_OPT_FLAG_NONE);
+#endif
agent_exit (0);
}
@@ -1292,6 +1333,8 @@ agent_exit (int rc)
static void
agent_init_default_ctrl (ctrl_t ctrl)
{
+ assert (ctrl->session_env);
+
/* Note we ignore malloc errors because we can't do much about it
and the request will fail anyway shortly after this
initialization. */
@@ -1309,7 +1352,6 @@ agent_init_default_ctrl (ctrl_t ctrl)
xfree (ctrl->lc_messages);
ctrl->lc_messages = default_lc_messages? xtrystrdup (default_lc_messages)
/**/ : NULL;
-
}
@@ -1788,6 +1830,199 @@ check_nonce (ctrl_t ctrl, assuan_sock_nonce_t *nonce)
}
+#ifdef HAVE_W32_SYSTEM
+/* The window message processing function for Putty. Warning: This
+ code runs as a native Windows thread. Use of our own functions
+ needs to be bracket with pth_leave/pth_enter. */
+static LRESULT CALLBACK
+putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam)
+{
+ int ret = 0;
+ int w32rc;
+ COPYDATASTRUCT *cds;
+ const char *mapfile;
+ HANDLE maphd;
+ PSID mysid = NULL;
+ PSID mapsid = NULL;
+ void *data = NULL;
+ PSECURITY_DESCRIPTOR psd = NULL;
+ ctrl_t ctrl = NULL;
+
+ if (msg != WM_COPYDATA)
+ {
+ /* pth_leave (); */
+ /* log_debug ("putty loop: received WM_%u\n", msg ); */
+ /* pth_enter (); */
+ return DefWindowProc (hwnd, msg, wparam, lparam);
+ }
+
+ cds = (COPYDATASTRUCT*)lparam;
+ if (cds->dwData != PUTTY_IPC_MAGIC)
+ return 0; /* Ignore data with the wrong magic. */
+ mapfile = cds->lpData;
+ if (!cds->cbData || mapfile[cds->cbData - 1])
+ return 0; /* Ignore empty and non-properly terminated strings. */
+
+ if (DBG_ASSUAN)
+ {
+ pth_leave ();
+ log_debug ("ssh map file '%s'", mapfile);
+ pth_enter ();
+ }
+
+ maphd = OpenFileMapping (FILE_MAP_ALL_ACCESS, FALSE, mapfile);
+ if (DBG_ASSUAN)
+ {
+ pth_leave ();
+ log_debug ("ssh map handle %p\n", maphd);
+ pth_enter ();
+ }
+
+ if (!maphd || maphd == INVALID_HANDLE_VALUE)
+ return 0;
+
+ pth_leave ();
+
+ mysid = w32_get_user_sid ();
+ if (!mysid)
+ {
+ log_error ("error getting my sid\n");
+ goto leave;
+ }
+
+ w32rc = GetSecurityInfo (maphd, SE_KERNEL_OBJECT,
+ OWNER_SECURITY_INFORMATION,
+ &mapsid, NULL, NULL, NULL,
+ &psd);
+ if (w32rc)
+ {
+ log_error ("error getting sid of ssh map file: rc=%d", w32rc);
+ goto leave;
+ }
+
+ if (DBG_ASSUAN)
+ {
+ char *sidstr;
+
+ if (!ConvertSidToStringSid (mysid, &sidstr))
+ sidstr = NULL;
+ log_debug (" my sid: '%s'", sidstr? sidstr: "[error]");
+ LocalFree (sidstr);
+ if (!ConvertSidToStringSid (mapsid, &sidstr))
+ sidstr = NULL;
+ log_debug ("ssh map file sid: '%s'", sidstr? sidstr: "[error]");
+ LocalFree (sidstr);
+ }
+
+ if (!EqualSid (mysid, mapsid))
+ {
+ log_error ("ssh map file has a non-matching sid\n");
+ goto leave;
+ }
+
+ data = MapViewOfFile (maphd, FILE_MAP_ALL_ACCESS, 0, 0, 0);
+ if (DBG_ASSUAN)
+ log_debug ("ssh IPC buffer at %p\n", data);
+ if (!data)
+ goto leave;
+
+ /* log_printhex ("request:", data, 20); */
+
+ ctrl = xtrycalloc (1, sizeof *ctrl);
+ if (!ctrl)
+ {
+ log_error ("error allocating connection control data: %s\n",
+ strerror (errno) );
+ goto leave;
+ }
+ ctrl->session_env = session_env_new ();
+ if (!ctrl->session_env)
+ {
+ log_error ("error allocating session environment block: %s\n",
+ strerror (errno) );
+ goto leave;
+ }
+
+ agent_init_default_ctrl (ctrl);
+ if (!serve_mmapped_ssh_request (ctrl, data, PUTTY_IPC_MAXLEN))
+ ret = 1; /* Valid ssh message has been constructed. */
+ agent_deinit_default_ctrl (ctrl);
+ /* log_printhex (" reply:", data, 20); */
+
+ leave:
+ xfree (ctrl);
+ if (data)
+ UnmapViewOfFile (data);
+ xfree (mapsid);
+ if (psd)
+ LocalFree (psd);
+ xfree (mysid);
+ CloseHandle (maphd);
+
+ pth_enter ();
+
+ return ret;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
+#ifdef HAVE_W32_SYSTEM
+/* The thread handling Putty's IPC requests. */
+static void *
+putty_message_thread (void *arg)
+{
+ WNDCLASS wndwclass = {0, putty_message_proc, 0, 0,
+ NULL, NULL, NULL, NULL, NULL, "Pageant"};
+ HWND hwnd;
+ MSG msg;
+
+ (void)arg;
+
+ if (opt.verbose)
+ log_info ("putty message loop thread 0x%lx started\n", pth_thread_id ());
+
+ /* The message loop runs as thread independet from out Pth system.
+ This also meand that we need to make sure that we switch back to
+ our system before calling any no-windows function. */
+ pth_enter ();
+
+ /* First create a window to make sure that a message queue exists
+ for this thread. */
+ if (!RegisterClass (&wndwclass))
+ {
+ pth_leave ();
+ log_error ("error registering Pageant window class");
+ return NULL;
+ }
+ hwnd = CreateWindowEx (0, "Pageant", "Pageant", 0,
+ 0, 0, 0, 0,
+ HWND_MESSAGE, /* hWndParent */
+ NULL, /* hWndMenu */
+ NULL, /* hInstance */
+ NULL); /* lpParm */
+ if (!hwnd)
+ {
+ pth_leave ();
+ log_error ("error creating Pageant window");
+ return NULL;
+ }
+
+ while (GetMessage(&msg, NULL, 0, 0))
+ {
+ TranslateMessage(&msg);
+ DispatchMessage(&msg);
+ }
+
+ /* Back to Pth. */
+ pth_leave ();
+
+ if (opt.verbose)
+ log_info ("putty message loop thread 0x%lx stopped\n", pth_thread_id ());
+ return NULL;
+}
+#endif /*HAVE_W32_SYSTEM*/
+
+
/* This is the standard connection thread's main function. */
static void *
start_connection_thread (void *arg)
@@ -1897,6 +2132,21 @@ handle_connections (gnupg_fd_t listen_fd, gnupg_fd_t listen_fd_ssh)
#endif
time_ev = NULL;
+ /* On Windows we need to fire up a separate thread to listen for
+ requests from Putty (an SSH client), so we can replace Putty's
+ Pageant (its ssh-agent implementation). */
+#ifdef HAVE_W32_SYSTEM
+ if (putty_support)
+ {
+ pth_attr_set (tattr, PTH_ATTR_NAME, "putty message loop");
+ if (!pth_spawn (tattr, putty_message_thread, NULL))
+ {
+ log_error ("error spawning putty message loop: %s\n",
+ strerror (errno) );
+ }
+ }
+#endif /*HAVE_W32_SYSTEM*/
+
/* Set a flag to tell call-scd.c that it may enable event
notifications. */
opt.sigusr2_enabled = 1;
diff --git a/common/sysutils.c b/common/sysutils.c
index 82bc81f..8f93ff5 100644
--- a/common/sysutils.c
+++ b/common/sysutils.c
@@ -1,6 +1,7 @@
/* sysutils.c - system helpers
* Copyright (C) 1998, 1999, 2000, 2001, 2003, 2004,
* 2007, 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Werner Koch
*
* This file is part of GnuPG.
*
@@ -495,3 +496,59 @@ gnupg_allow_set_foregound_window (pid_t pid)
(unsigned long)pid, w32_strerror (-1));
#endif
}
+
+
+#ifdef HAVE_W32_SYSTEM
+/* Return the user's security identifier from the current process. */
+PSID
+w32_get_user_sid (void)
+{
+ int okay = 0;
+ HANDLE proc = NULL;
+ HANDLE token = NULL;
+ TOKEN_USER *user = NULL;
+ PSID sid = NULL;
+ DWORD tokenlen, sidlen;
+
+ proc = OpenProcess (PROCESS_QUERY_INFORMATION, FALSE, GetCurrentProcessId());
+ if (!proc)
+ goto leave;
+
+ if (!OpenProcessToken (proc, TOKEN_QUERY, &token))
+ goto leave;
+
+ if (!GetTokenInformation (token, TokenUser, NULL, 0, &tokenlen)
+ && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+ goto leave;
+
+ user = xtrymalloc (tokenlen);
+ if (!user)
+ goto leave;
+
+ if (!GetTokenInformation (token, TokenUser, user, tokenlen, &tokenlen))
+ goto leave;
+ if (!IsValidSid (user->User.Sid))
+ goto leave;
+ sidlen = GetLengthSid (user->User.Sid);
+ sid = xtrymalloc (sidlen);
+ if (!sid)
+ goto leave;
+ if (!CopySid (sidlen, sid, user->User.Sid))
+ goto leave;
+ okay = 1;
+
+ leave:
+ xfree (user);
+ if (token)
+ CloseHandle (token);
+ if (proc)
+ CloseHandle (proc);
+
+ if (!okay)
+ {
+ xfree (sid);
+ sid = NULL;
+ }
+ return sid;
+}
+#endif /*HAVE_W32_SYSTEM*/
diff --git a/common/sysutils.h b/common/sysutils.h
index fd4340f..0a05e2b 100644
--- a/common/sysutils.h
+++ b/common/sysutils.h
@@ -51,8 +51,9 @@ void gnupg_allow_set_foregound_window (pid_t pid);
#ifdef HAVE_W32_SYSTEM
+void *w32_get_user_sid (void);
-#include "../jnlib/w32help.h"
+# include "../jnlib/w32help.h"
#endif /*HAVE_W32_SYSTEM*/
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 49c082b..72e7134 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -482,7 +482,7 @@ static gc_option_t gc_options_gpg_agent[] =
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "Configuration",
- GC_OPT_FLAG_GROUP, GC_LEVEL_EXPERT,
+ GC_OPT_FLAG_GROUP, GC_LEVEL_BASIC,
"gnupg", N_("Options controlling the configuration") },
{ "options", GC_OPT_FLAG_NONE, GC_LEVEL_EXPERT,
"gnupg", "|FILE|read options from FILE",
@@ -490,6 +490,12 @@ static gc_option_t gc_options_gpg_agent[] =
{ "disable-scdaemon", GC_OPT_FLAG_NONE, GC_LEVEL_ADVANCED,
"gnupg", "do not use the SCdaemon",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "enable-ssh-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", "enable ssh support",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
+ { "enable-putty-support", GC_OPT_FLAG_NONE, GC_LEVEL_BASIC,
+ "gnupg", "enable putty support",
+ GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "Debug",
GC_OPT_FLAG_GROUP, GC_LEVEL_ADVANCED,
commit ed056d67c7c93306b68829f83a2565e978dcfd9b
Author: Werner Koch
Date: Wed Jul 3 13:10:29 2013 +0200
agent: Fix binary vs. text mode problem in ssh.
* agent/command-ssh.c (file_to_buffer)
(ssh_handler_request_identities): Open streams in binary mode.
(start_command_handler_ssh): Factor some code out to ..
(setup_ssh_env): new function.
--
This is for now a theoretical fix because there is no ssh client yet
which uses the GnuPG style IPC. OpenSSL for Cygwin uses only a quite
similar one. gniibe suggested to implement that IPC style in
Libassuan so that a Cygwin version of OpenSSL may be used with GnuPG.
Signed-off-by: Werner Koch
diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index 5da1a71..4cd3537 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -683,7 +683,7 @@ file_to_buffer (const char *filename, unsigned char **buffer, size_t *buffer_n)
buffer_new = NULL;
err = 0;
- stream = es_fopen (filename, "r");
+ stream = es_fopen (filename, "rb");
if (! stream)
{
err = gpg_error_from_syserror ();
@@ -2200,7 +2200,7 @@ ssh_handler_request_identities (ctrl_t ctrl,
key_counter = 0;
err = 0;
- key_blobs = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+");
+ key_blobs = es_mopen (NULL, 0, 0, 1, NULL, NULL, "r+b");
if (! key_blobs)
{
err = gpg_error_from_syserror ();
@@ -3275,44 +3275,51 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock)
return !!err;
}
-/* Start serving client on SOCK_CLIENT. */
-void
-start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
+
+/* Because the ssh protocol does not send us information about the the
+ current TTY setting, we use this function to use those from startup
+ or those explictly set. */
+static gpg_error_t
+setup_ssh_env (ctrl_t ctrl)
{
- estream_t stream_sock = NULL;
+ static const char *names[] =
+ {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
gpg_error_t err = 0;
- int ret;
+ int idx;
+ const char *value;
- /* Because the ssh protocol does not send us information about the
- the current TTY setting, we resort here to use those from startup
- or those explictly set. */
- {
- static const char *names[] =
- {"GPG_TTY", "DISPLAY", "TERM", "XAUTHORITY", "PINENTRY_USER_DATA", NULL};
- int idx;
- const char *value;
+ for (idx=0; !err && names[idx]; idx++)
+ if (!session_env_getenv (ctrl->session_env, names[idx])
+ && (value = session_env_getenv (opt.startup_env, names[idx])))
+ err = session_env_setenv (ctrl->session_env, names[idx], value);
- for (idx=0; !err && names[idx]; idx++)
- if (!session_env_getenv (ctrl->session_env, names[idx])
- && (value = session_env_getenv (opt.startup_env, names[idx])))
- err = session_env_setenv (ctrl->session_env, names[idx], value);
+ if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
+ if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
+ err = gpg_error_from_syserror ();
- if (!err && !ctrl->lc_ctype && opt.startup_lc_ctype)
- if (!(ctrl->lc_ctype = xtrystrdup (opt.startup_lc_ctype)))
- err = gpg_error_from_syserror ();
+ if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
+ if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
+ err = gpg_error_from_syserror ();
- if (!err && !ctrl->lc_messages && opt.startup_lc_messages)
- if (!(ctrl->lc_messages = xtrystrdup (opt.startup_lc_messages)))
- err = gpg_error_from_syserror ();
+ if (err)
+ log_error ("error setting default session environment: %s\n",
+ gpg_strerror (err));
- if (err)
- {
- log_error ("error setting default session environment: %s\n",
- gpg_strerror (err));
- goto out;
- }
- }
+ return err;
+}
+
+
+/* Start serving client on SOCK_CLIENT. */
+void
+start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client)
+{
+ estream_t stream_sock = NULL;
+ gpg_error_t err;
+ int ret;
+ err = setup_ssh_env (ctrl);
+ if (err)
+ goto out;
/* Create stream from socket. */
stream_sock = es_fdopen (FD2INT(sock_client), "r+");
commit 27e403bff7a6e46a390ae5f3d63ea63701d1435d
Author: Werner Koch
Date: Wed Jul 3 12:59:56 2013 +0200
Silence deprecated warnings from gcc 4.6.3.
* configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
--
Frankly, I don't understand why gcc prints them. We don't use them.
Signed-off-by: Werner Koch
diff --git a/configure.ac b/configure.ac
index b85124c..702b8d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -442,6 +442,9 @@ AH_BOTTOM([
/* We don't want the old assuan codes anymore. */
#define _ASSUAN_ONLY_GPG_ERRORS 1
+/* We don't need any of the old gcrypt functions. */
+#define GCRYPT_NO_DEPRECATED 1
+
/* We explicitly need to disable PTH's soft mapping as Debian
currently enables it by default for no reason. */
#define PTH_SYSCALL_SOFT 0
commit 9b8518ffc97696634cd6d493fed872a512993c52
Author: Werner Koch
Date: Wed Jul 3 09:30:22 2013 +0200
estream: Backport es_fopemem_init from master.
* common/estream.c (es_fopenmem_init): New.
Signed-off-by: Werner Koch
diff --git a/common/estream.c b/common/estream.c
index 304e0e6..35b2af0 100644
--- a/common/estream.c
+++ b/common/estream.c
@@ -2362,6 +2362,38 @@ es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode)
}
+/* This is the same as es_fopenmem but intializes the memory with a
+ copy of (DATA,DATALEN). The stream is initally set to the
+ beginning. If MEMLIMIT is not 0 but shorter than DATALEN it
+ DATALEN will be used as the value for MEMLIMIT. */
+estream_t
+es_fopenmem_init (size_t memlimit, const char *ES__RESTRICT mode,
+ const void *data, size_t datalen)
+{
+ estream_t stream;
+
+ if (memlimit && memlimit < datalen)
+ memlimit = datalen;
+
+ stream = es_fopenmem (memlimit, mode);
+ if (stream && data && datalen)
+ {
+ if (es_writen (stream, data, datalen, NULL))
+ {
+ int saveerrno = errno;
+ es_fclose (stream);
+ stream = NULL;
+ _set_errno (saveerrno);
+ }
+ else
+ {
+ es_seek (stream, 0L, SEEK_SET, NULL);
+ es_set_indicators (stream, 0, 0);
+ }
+ }
+ return stream;
+}
+
estream_t
es_fopencookie (void *ES__RESTRICT cookie,
diff --git a/common/estream.h b/common/estream.h
index f72e4c6..35df20b 100644
--- a/common/estream.h
+++ b/common/estream.h
@@ -76,6 +76,7 @@
#define es_fopen _ESTREAM_PREFIX(es_fopen)
#define es_mopen _ESTREAM_PREFIX(es_mopen)
#define es_fopenmem _ESTREAM_PREFIX(es_fopenmem)
+#define es_fopenmem_init _ESTREAM_PREFIX(es_fopenmem_init)
#define es_fdopen _ESTREAM_PREFIX(es_fdopen)
#define es_fdopen_nc _ESTREAM_PREFIX(es_fdopen_nc)
#define es_fpopen _ESTREAM_PREFIX(es_fpopen)
@@ -243,6 +244,8 @@ estream_t es_mopen (unsigned char *ES__RESTRICT data,
void (*func_free) (void *mem),
const char *ES__RESTRICT mode);
estream_t es_fopenmem (size_t memlimit, const char *ES__RESTRICT mode);
+estream_t es_fopenmem_init (size_t memlimit, const char *ES__RESTRICT mode,
+ const void *data, size_t datalen);
estream_t es_fdopen (int filedes, const char *mode);
estream_t es_fdopen_nc (int filedes, const char *mode);
estream_t es_fpopen (FILE *fp, const char *mode);
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +
agent/agent.h | 4 +
agent/command-ssh.c | 217 ++++++++++++++++++++++++++++++++++++------
agent/gpg-agent.c | 256 +++++++++++++++++++++++++++++++++++++++++++++++++-
common/estream.c | 32 ++++++
common/estream.h | 3 +
common/sysutils.c | 57 +++++++++++
common/sysutils.h | 3 +-
configure.ac | 3 +
po/be.po | 5 +-
po/ca.po | 23 +++--
po/cs.po | 12 ++-
po/da.po | 7 +-
po/de.po | 9 +-
po/el.po | 14 ++-
po/eo.po | 14 ++-
po/es.po | 12 ++-
po/et.po | 14 ++-
po/fi.po | 14 ++-
po/fr.po | 12 ++-
po/gl.po | 14 ++-
po/hu.po | 14 ++-
po/id.po | 14 ++-
po/it.po | 14 ++-
po/ja.po | 7 +-
po/nb.po | 5 +-
po/pl.po | 7 +-
po/pt.po | 14 ++-
po/pt_BR.po | 17 ++-
po/ro.po | 14 ++-
po/ru.po | 7 +-
po/sk.po | 14 ++-
po/sv.po | 7 +-
po/tr.po | 7 +-
po/uk.po | 7 +-
po/zh_CN.po | 14 ++-
po/zh_TW.po | 12 ++-
tools/gpgconf-comp.c | 8 ++-
38 files changed, 771 insertions(+), 139 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jul 3 16:04:00 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 03 Jul 2013 16:04:00 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0,
updated. gnupg-2.0.20-20-gc3a57d7
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via c3a57d767719a58ec791a0791842bcc80c859081 (commit)
via ebbce67489b8d0eded74be66cbd6bf42f5147725 (commit)
via 90b419f3e9d05e509348d047e05fcc79e87be6cf (commit)
from 8b0cf1f59e660b1562ca3421b784172df84b1c5d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c3a57d767719a58ec791a0791842bcc80c859081
Author: Werner Koch
Date: Wed Jul 3 15:22:00 2013 +0200
po: Auto updates.
--
diff --git a/po/be.po b/po/be.po
index da9d281..3b64370 100644
--- a/po/be.po
+++ b/po/be.po
@@ -283,10 +283,10 @@ msgstr ""
"????????????:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -338,7 +338,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/ca.po b/po/ca.po
index b4957ad..ef417f7 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -308,10 +308,10 @@ msgstr ""
"Opcions:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
# Un dels dos ??s en la llista d'opcions amb --help. Urgh. jm
@@ -368,7 +368,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/cs.po b/po/cs.po
index 688bcfd..7b21586 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -313,12 +313,12 @@ msgstr ""
"@Volby:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "b????et v??re??imu serveru (na pop??ed??)"
-
msgid "run in daemon mode (background)"
msgstr "b????en v??re??imu d??mona (na pozad??)"
+msgid "run in server mode (foreground)"
+msgstr "b????et v??re??imu serveru (na pop??ed??)"
+
msgid "verbose"
msgstr "s dodate??n??mi informacemi"
@@ -367,7 +367,9 @@ msgstr "|N|zahodit zapamatovan?? PINy po N sekund??ch"
msgid "do not use the PIN cache when signing"
msgstr "nepou????vat pam???? PIN?? na podepisov??n??"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "dovolit klient??m ozna??it kl????e za ???d??v??ryhodn?????"
msgid "allow presetting passphrase"
diff --git a/po/da.po b/po/da.po
index 365f6bd..f64b87c 100644
--- a/po/da.po
+++ b/po/da.po
@@ -298,12 +298,12 @@ msgstr ""
"@Indstillinger:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "k??r i servertilstand (forgrunden)"
-
msgid "run in daemon mode (background)"
msgstr "k??r i d??montilstand (baggrunden)"
+msgid "run in server mode (foreground)"
+msgstr "k??r i servertilstand (forgrunden)"
+
msgid "verbose"
msgstr "uddybende"
@@ -352,7 +352,9 @@ msgstr "|N|udl??b mellemlagrede PIN'er efter N sekunder"
msgid "do not use the PIN cache when signing"
msgstr "brug ikke PIN-mellemlageret n??r der underskrives"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "tillad klienter at markere n??gler som ??trusted?? (trov??rdige)"
msgid "allow presetting passphrase"
diff --git a/po/de.po b/po/de.po
index de55432..8c37ac6 100644
--- a/po/de.po
+++ b/po/de.po
@@ -299,12 +299,12 @@ msgstr ""
"@Optionen:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "Im Server Modus ausf??hren"
-
msgid "run in daemon mode (background)"
msgstr "Im Daemon Modus ausf??hren"
+msgid "run in server mode (foreground)"
+msgstr "Im Server Modus ausf??hren"
+
msgid "verbose"
msgstr "Detaillierte Informationen"
diff --git a/po/el.po b/po/el.po
index afc6a69..321ff3b 100644
--- a/po/el.po
+++ b/po/el.po
@@ -286,10 +286,10 @@ msgstr ""
"????????:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -345,7 +345,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/eo.po b/po/eo.po
index c3f568d..17f035c 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -287,10 +287,10 @@ msgstr ""
"Opcioj:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -345,7 +345,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/es.po b/po/es.po
index b3e9654..ba9aa7b 100644
--- a/po/es.po
+++ b/po/es.po
@@ -312,12 +312,12 @@ msgstr ""
"@Opciones:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "ejecutar en modo servidor (primer plano)"
-
msgid "run in daemon mode (background)"
msgstr "ejecutar en modo demonio (segundo plano)"
+msgid "run in server mode (foreground)"
+msgstr "ejecutar en modo servidor (primer plano)"
+
msgid "verbose"
msgstr "prolijo"
@@ -366,7 +366,9 @@ msgstr "|N|los PINs en la cach
msgid "do not use the PIN cache when signing"
msgstr "no usar el cach? de PINs al firmar"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "permitir que los clientes marquen claves como \"fiables\""
msgid "allow presetting passphrase"
diff --git a/po/et.po b/po/et.po
index 6a047e9..dcdd036 100644
--- a/po/et.po
+++ b/po/et.po
@@ -284,10 +284,10 @@ msgstr ""
"V?tmed:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -342,7 +342,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/fi.po b/po/fi.po
index 15d22f4..b530eea 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -300,10 +300,10 @@ msgstr ""
"Valitsimet:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -358,7 +358,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/fr.po b/po/fr.po
index 61faa9b..17afec7 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -296,12 +296,12 @@ msgstr ""
"@Options??:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "ex??cuter en mode serveur (premier plan)"
-
msgid "run in daemon mode (background)"
msgstr "ex??cuter en mode d??mon (arri??re-plan)"
+msgid "run in server mode (foreground)"
+msgstr "ex??cuter en mode serveur (premier plan)"
+
msgid "verbose"
msgstr "bavard"
@@ -350,7 +350,9 @@ msgstr "|N|oublier les codes personnels apr??s N??secondes"
msgid "do not use the PIN cache when signing"
msgstr "ne pas utiliser le cache de code pour signer"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "permettre de marquer la confiance des clefs"
msgid "allow presetting passphrase"
diff --git a/po/gl.po b/po/gl.po
index fb7a180..fb5f358 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -285,10 +285,10 @@ msgstr ""
"Opci?ns:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -345,7 +345,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/hu.po b/po/hu.po
index 2aa53f6..086fff2 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -284,10 +284,10 @@ msgstr ""
"Opci?k:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -342,7 +342,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/id.po b/po/id.po
index 8cf6765..86b5ee0 100644
--- a/po/id.po
+++ b/po/id.po
@@ -289,10 +289,10 @@ msgstr ""
"Pilihan:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -347,7 +347,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/it.po b/po/it.po
index eed6c30..0f7159f 100644
--- a/po/it.po
+++ b/po/it.po
@@ -284,10 +284,10 @@ msgstr ""
"Opzioni:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -342,7 +342,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/ja.po b/po/ja.po
index 6944f33..c7f585e 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -282,12 +282,12 @@ msgstr ""
"@???????????????:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "?????????????????????????????? (????????????????????????)"
-
msgid "run in daemon mode (background)"
msgstr "????????????????????????????????? (????????????????????????)"
+msgid "run in server mode (foreground)"
+msgstr "?????????????????????????????? (????????????????????????)"
+
msgid "verbose"
msgstr "??????"
@@ -336,7 +336,9 @@ msgstr "|N|N?????????????????????PIN??????????????????"
msgid "do not use the PIN cache when signing"
msgstr "??????????????????PIN????????????????????????"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "???????????????????????????\"trusted\"???????????????????????????????????????"
msgid "allow presetting passphrase"
diff --git a/po/nb.po b/po/nb.po
index 809016d..6849dc7 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -296,10 +296,10 @@ msgstr ""
"Valg:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -354,7 +354,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/pl.po b/po/pl.po
index 62abfa5..d1ee871 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -292,12 +292,12 @@ msgstr ""
"@Opcje:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "uruchomienie w trybie serwera (pierwszoplanowo)"
-
msgid "run in daemon mode (background)"
msgstr "uruchomienie w trybie demona (w tle)"
+msgid "run in server mode (foreground)"
+msgstr "uruchomienie w trybie serwera (pierwszoplanowo)"
+
msgid "verbose"
msgstr "z dodatkowymi informacjami"
@@ -346,7 +346,9 @@ msgstr "|N|przedawnienie pami
msgid "do not use the PIN cache when signing"
msgstr "nie u?ywanie pami?ci PIN-?w przy podpisywaniu"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "zezwolenie klientom na oznaczanie kluczy jako \"zaufanych\""
msgid "allow presetting passphrase"
diff --git a/po/pt.po b/po/pt.po
index 302399f..6f1eb46 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -287,10 +287,10 @@ msgstr ""
"Op??es:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -346,7 +346,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/pt_BR.po b/po/pt_BR.po
index 0a1aff5..067566b 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -292,10 +292,10 @@ msgstr ""
"Op??es:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -350,7 +350,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/ro.po b/po/ro.po
index 6583ef9..0227d3e 100644
--- a/po/ro.po
+++ b/po/ro.po
@@ -298,10 +298,10 @@ msgstr ""
"Op?iuni:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -356,7 +356,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/ru.po b/po/ru.po
index 0d6e3b2..a264d78 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -295,12 +295,12 @@ msgstr ""
"@??????????????????:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "???????????? ?? ???????????? ?????????????? (foreground)"
-
msgid "run in daemon mode (background)"
msgstr "???????????? ?? ???????????? ???????????? (background)"
+msgid "run in server mode (foreground)"
+msgstr "???????????? ?? ???????????? ?????????????? (foreground)"
+
msgid "verbose"
msgstr "????????????????"
@@ -349,7 +349,9 @@ msgstr "|N|?????? PIN ?????????????????? ?????????? N ????????????"
msgid "do not use the PIN cache when signing"
msgstr "???? ???????????????????????? ?????? PIN ?????? ????????????????????????"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "?????????????????? ???????????????? ???????????????? ?????????? ?????? \"????????????????????\""
msgid "allow presetting passphrase"
diff --git a/po/sk.po b/po/sk.po
index 12be517..3a57da1 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -287,10 +287,10 @@ msgstr ""
"Mo?nosti:\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -345,7 +345,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/sv.po b/po/sv.po
index 9a62da2..383e329 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -311,12 +311,12 @@ msgstr ""
"@Flaggor:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "k??r i serverl??ge (f??rgrund)"
-
msgid "run in daemon mode (background)"
msgstr "k??r i demonl??ge (bakgrund)"
+msgid "run in server mode (foreground)"
+msgstr "k??r i serverl??ge (f??rgrund)"
+
msgid "verbose"
msgstr "utf??rlig"
@@ -366,7 +366,9 @@ msgid "do not use the PIN cache when signing"
msgstr "anv??nd inte mellanlagring av PIN-kod vid signering"
# Antar att v??rdet inte ska ??vers??ttas.
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "till??t klienter att markera nycklar som \"trusted\""
msgid "allow presetting passphrase"
diff --git a/po/tr.po b/po/tr.po
index 1c73672..4d99c82 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -287,12 +287,12 @@ msgstr ""
"@Se??enekler:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "sunucu olarak (??nalanda) ??al??????r"
-
msgid "run in daemon mode (background)"
msgstr "artalan s??reci olarak ??al??????r"
+msgid "run in server mode (foreground)"
+msgstr "sunucu olarak (??nalanda) ??al??????r"
+
msgid "verbose"
msgstr "ayr??nt??l??"
@@ -341,7 +341,9 @@ msgstr "|N|arabellekteki PINler N saniyede zamana????m??na u??rar"
msgid "do not use the PIN cache when signing"
msgstr "imzalarken PIN arabelle??i kullan??lmaz"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "istemcilerin anahtarlar?? \"g??venilir\" olarak imlemesine izin verilir"
msgid "allow presetting passphrase"
diff --git a/po/uk.po b/po/uk.po
index 571c754..903d2c5 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -297,12 +297,12 @@ msgstr ""
"@??????????????????:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "?????????????????? ?? ???????????? ?????????????? (??????????????????)"
-
msgid "run in daemon mode (background)"
msgstr "?????????????????? ?? ???????????? ?????????????? ???????????? (??????????????)"
+msgid "run in server mode (foreground)"
+msgstr "?????????????????? ?? ???????????? ?????????????? (??????????????????)"
+
msgid "verbose"
msgstr "?????????????????? ??????????"
@@ -351,7 +351,9 @@ msgstr "?????????????? ???????????????? ?????????????? ???? ?????????????? ????
msgid "do not use the PIN cache when signing"
msgstr "???? ?????????????????????????????? ?????? ??????-?????????? ?????? ????????????????????????"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "?????????????????? ???????????????? ?????????????????? ?????????? ???? ??????????????"
msgid "allow presetting passphrase"
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 7f1a90f..fe86621 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -296,10 +296,10 @@ msgstr ""
"?????????\n"
" "
-msgid "run in server mode (foreground)"
+msgid "run in daemon mode (background)"
msgstr ""
-msgid "run in daemon mode (background)"
+msgid "run in server mode (foreground)"
msgstr ""
msgid "verbose"
@@ -354,7 +354,7 @@ msgstr ""
msgid "do not use the PIN cache when signing"
msgstr ""
-msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr ""
#, fuzzy
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 7c6df10..4ac3df2 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -276,12 +276,12 @@ msgstr ""
"@??????:\n"
" "
-msgid "run in server mode (foreground)"
-msgstr "???????????????????????? (??????)"
-
msgid "run in daemon mode (background)"
msgstr "????????????????????? (??????)"
+msgid "run in server mode (foreground)"
+msgstr "???????????????????????? (??????)"
+
msgid "verbose"
msgstr "????????????"
@@ -330,7 +330,9 @@ msgstr "|N|?????????????????????????????? (PIN) ??? N ????????????"
msgid "do not use the PIN cache when signing"
msgstr "???????????????????????????????????? (PIN) ??????"
-msgid "allow clients to mark keys as \"trusted\""
+#, fuzzy
+#| msgid "allow clients to mark keys as \"trusted\""
+msgid "disallow clients to mark keys as \"trusted\""
msgstr "????????????????????????????????? \"?????????\""
msgid "allow presetting passphrase"
commit ebbce67489b8d0eded74be66cbd6bf42f5147725
Author: Werner Koch
Date: Wed Jul 3 15:21:33 2013 +0200
Update the German translation.
diff --git a/po/de.po b/po/de.po
index 14ff5f1..de55432 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg-2.0.18\n"
"Report-Msgid-Bugs-To: translations at gnupg.org\n"
-"PO-Revision-Date: 2013-07-03 13:32+0200\n"
+"PO-Revision-Date: 2013-07-03 15:03+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: German \n"
"Language: de\n"
@@ -353,8 +353,8 @@ msgstr "|N|lasse PINs im Cache nach N Sekunden verfallen"
msgid "do not use the PIN cache when signing"
msgstr "benutze PINs im Cache nicht beim Signieren"
-msgid "allow clients to mark keys as \"trusted\""
-msgstr "erlaube Aufrufern Schl??ssel als \"vertrauensw??rdig\" zu markieren"
+msgid "disallow clients to mark keys as \"trusted\""
+msgstr "verbite Aufrufern Schl??ssel als \"vertrauensw??rdig\" zu markieren"
msgid "allow presetting passphrase"
msgstr "erlaube ein \"preset\" von Passphrases"
commit 90b419f3e9d05e509348d047e05fcc79e87be6cf
Author: Werner Koch
Date: Wed Jul 3 15:20:25 2013 +0200
agent: Make --allow-mark-trusted the default.
* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.
* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.
--
These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0. Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index adaa257..782a54b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,15 @@
Noteworthy changes in version 2.0.21 (unreleased)
-------------------------------------------------
+ * gpg-agent: By default the users are now asked via the Pinentry
+ whether they trust an X.509 root key. To prohibit interactive
+ marking of such keys, the new option --no-allow-mark-trusted may
+ be used.
+
* The included ssh agent does now support ECDSA keys.
- * New option --enable-putty-support to allow gpg-agent to act as a
- Pageant replacement including full smartcard support.
+ * The new option --enable-putty-support allows gpg-agent on Windows
+ to act as a Pageant replacement with full smartcard support.
Noteworthy changes in version 2.0.20 (2013-05-10)
diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c
index 9d53de9..1f53a37 100644
--- a/agent/gpg-agent.c
+++ b/agent/gpg-agent.c
@@ -112,6 +112,7 @@ enum cmd_and_opt_values
oIgnoreCacheForSigning,
oAllowMarkTrusted,
+ oNoAllowMarkTrusted,
oAllowPresetPassphrase,
oKeepTTY,
oKeepDISPLAY,
@@ -131,8 +132,8 @@ static ARGPARSE_OPTS opts[] = {
{ 301, NULL, 0, N_("@Options:\n ") },
- { oServer, "server", 0, N_("run in server mode (foreground)") },
{ oDaemon, "daemon", 0, N_("run in daemon mode (background)") },
+ { oServer, "server", 0, N_("run in server mode (foreground)") },
{ oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") },
{ oSh, "sh", 0, N_("sh-style command output") },
@@ -184,8 +185,9 @@ static ARGPARSE_OPTS opts[] = {
{ oIgnoreCacheForSigning, "ignore-cache-for-signing", 0,
N_("do not use the PIN cache when signing")},
- { oAllowMarkTrusted, "allow-mark-trusted", 0,
- N_("allow clients to mark keys as \"trusted\"")},
+ { oNoAllowMarkTrusted, "no-allow-mark-trusted", 0,
+ N_("disallow clients to mark keys as \"trusted\"")},
+ { oAllowMarkTrusted, "allow-mark-trusted", 0, "@"},
{ oAllowPresetPassphrase, "allow-preset-passphrase", 0,
N_("allow presetting passphrase")},
{ oSSHSupport, "enable-ssh-support", 0, N_("enable ssh support") },
@@ -503,7 +505,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
opt.max_passphrase_days = MAX_PASSPHRASE_DAYS;
opt.enable_passhrase_history = 0;
opt.ignore_cache_for_signing = 0;
- opt.allow_mark_trusted = 0;
+ opt.allow_mark_trusted = 1;
opt.disable_scdaemon = 0;
return 1;
}
@@ -563,6 +565,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread)
case oIgnoreCacheForSigning: opt.ignore_cache_for_signing = 1; break;
case oAllowMarkTrusted: opt.allow_mark_trusted = 1; break;
+ case oNoAllowMarkTrusted: opt.allow_mark_trusted = 0; break;
case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break;
@@ -960,7 +963,7 @@ main (int argc, char **argv )
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("ignore-cache-for-signing:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
- printf ("allow-mark-trusted:%lu:\n",
+ printf ("no-allow-mark-trusted:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
printf ("disable-scdaemon:%lu:\n",
GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME);
diff --git a/agent/trustlist.c b/agent/trustlist.c
index be5406b..ef9c661 100644
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@@ -731,7 +731,8 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
}
else
es_fputs (nameformatted, fp);
- es_fprintf (fp, "\n%s%s %c\n", yes_i_trust?"":"!", fprformatted, flag);
+ es_fprintf (fp, "\n%s%s %c%s\n", yes_i_trust?"":"!", fprformatted, flag,
+ flag == 'S'? " relax":"");
if (es_ferror (fp))
err = gpg_error_from_syserror ();
diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 72e7134..078dcea 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -532,8 +532,8 @@ static gc_option_t gc_options_gpg_agent[] =
{ "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME,
GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
- { "allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
- GC_LEVEL_ADVANCED, "gnupg", "allow clients to mark keys as \"trusted\"",
+ { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME,
+ GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"",
GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT },
{ "no-grab", GC_OPT_FLAG_RUNTIME, GC_LEVEL_EXPERT,
"gnupg", "do not grab keyboard and mouse",
-----------------------------------------------------------------------
Summary of changes:
NEWS | 9 +++++++--
agent/gpg-agent.c | 13 ++++++++-----
agent/trustlist.c | 3 ++-
po/be.po | 6 +++---
po/ca.po | 6 +++---
po/cs.po | 10 ++++++----
po/da.po | 10 ++++++----
po/de.po | 12 ++++++------
po/el.po | 6 +++---
po/eo.po | 6 +++---
po/es.po | 10 ++++++----
po/et.po | 6 +++---
po/fi.po | 6 +++---
po/fr.po | 10 ++++++----
po/gl.po | 6 +++---
po/hu.po | 6 +++---
po/id.po | 6 +++---
po/it.po | 6 +++---
po/ja.po | 10 ++++++----
po/nb.po | 6 +++---
po/pl.po | 10 ++++++----
po/pt.po | 6 +++---
po/pt_BR.po | 6 +++---
po/ro.po | 6 +++---
po/ru.po | 10 ++++++----
po/sk.po | 6 +++---
po/sv.po | 10 ++++++----
po/tr.po | 10 ++++++----
po/uk.po | 10 ++++++----
po/zh_CN.po | 6 +++---
po/zh_TW.po | 10 ++++++----
tools/gpgconf-comp.c | 4 ++--
32 files changed, 139 insertions(+), 108 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jul 4 16:45:45 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 04 Jul 2013 16:45:45 +0200
Subject: [git] GpgEX - branch, master, updated. gpgex-0.9.7-26-gb5d1172
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnupG extension for the Windows Explorer".
The branch, master has been updated
via b5d1172f5fc2cddfbdfeb473c65b6508c5a73287 (commit)
via 7329e9a8d0ef661d8c306cc2f996bac718990f14 (commit)
from e84489cd5e3b2e6c6c8a8a252cb5b2028dbf3dd9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b5d1172f5fc2cddfbdfeb473c65b6508c5a73287
Author: Werner Koch
Date: Thu Jun 27 17:39:01 2013 +0200
Minor fixes to the help texts.
--
We definitely need beter help texts.
diff --git a/doc/gpgex-de.html b/doc/gpgex-de.html
index a54778c..e7fce25 100644
--- a/doc/gpgex-de.html
+++ b/doc/gpgex-de.html
@@ -1,4 +1,4 @@
-
+
@@ -18,47 +18,46 @@
Entschl?sseln und ?berpr?fen, Entschl?sseln, ?berpr?fen
Entschl?sselt und/oder ?berpr?ft die ausgew?hlten Dateien.
- FIXME: Hier wird ein Link zur Kleopatra-Dokumentation f?r die
- Entschl?ssel- und Verifizier-Funktionen eingestellt.
+ FIXME: Einen Link zur Gpg4win Dokumentation f?r die
+ Entschl?ssel- und Verifizier-Funktionen einbauen.
Signieren und verschl?sseln, Signieren, Verschl?sseln
Signiert und/oder verschl?sselt die ausgew?hlten Dateien.
- FIXME: Hier wird ein Link zur Kleopatra-Dokumentation f?r die
- Verschl?ssel- und Signier-Funktionen eingestellt.
+ FIXME: Einen Link zur Gpg4win Dokumentation f?r die
+ Verschl?ssel- und Signier-Funktionen einbauen.
Zertifikate importieren
- Import die Zertifikate in den ausgew?hlten Dateien. FIXME: Hier
- wird ein Link zur Kleopatra-Dokumentation f?r die
- Import-Funktion eingestellt.
+ Import die Zertifikate in den ausgew?hlten Dateien.
Hilfe zu GpgEX
Stellt diese Hilfe dar.
+
Über GpgEX
+
+ Zeigt die Version von GpgEX an.
+
+
Debugging
- Falls nicht auf Kleopatra zugegriffen werden kann, wird ein
+ Falls nicht auf die GnuPG Benutzerschnittstelle zugegriffen werden kann, wird ein
Nachrichtenfenster mit einer Fehlermeldung angezeigt. Um mehr
Informationen zu erhalten, kann der Fehlerbericht von Kleopatra
- eingesehen werden (Anleitung siehe Gpg4win-Kompendium),
+ oder GPA eingesehen werden (Anleitung siehe Gpg4win-Kompendium),
oder es kann eine GpgEX-Diagnosedatei angegeben werden. Dazu
im Registrierungs-Editor den Schl?ssel
HKLM\Software\GNU\GnuPG
- ausw?hlen, eine neue "Zeichenfolge" mit dem Namen GpgEX Debug File
- anlegen und als Wert einen Dateinamen (z.B. c:\temp\gpgex-debug-file.log)
- angeben. Informationen zum Protokoll werden dann nach
- einem Neustart von Windows an diese Datei angehangen.
+ ausw?hlen, eine neue "Zeichenfolge" mit dem Namen GpgEX
+ Debug File anlegen und als Wert einen Dateinamen
+ (z.B. c:\temp\gpgex-debug-file.log)
+ angeben. Informationen zum Protokoll werden dann nach einem
+ Neustart von Windows an diese Datei angehangen.
Hinweis
- Mehr Informationen ?ber die Krypto-Operationen befinden sich im
- Kleopatra Handbuch
- (Englisch).
-
-
- Mehr Informationen und aktuelle Programmversionen sind auf der
+ Mehr Informationen und aktuelle Programmversionen sind auf der
Gpg4win Webpr?senz
verf?gbar.
The GNU Privacy Guard extensions for the Windows Explorer shell
- allow you to access cryptographic functions in Kleopatra using
- the context menu to files.
+ allow you to access cryptographic functions of the GnuPG user
+ interface using the context menu to files.
Commands
Decrypt and verify, Decrypt, Verify
- Decrypt and/or verify the selected files. FIXME: Here will be a
- link to the Kleopatra documentation for the decrypt and verify
+ Decrypt and/or verify the selected files. FIXME: Add a link
+ to the Gpg4win documentation for the decrypt and verify
functions.
Encrypt and sign, Encrypt, Sign
- Encrypt and/or sign the selected files. FIXME: Here will be a
- link to the Kleopatra documentation for the sign and encrypt
+ Encrypt and/or sign the selected files. FIXME: Add a link to the
+ Gpg4win documentation for the sign and encrypt
functions.
Import keys
- Import certificates in the selected files. FIXME: Here will be
- a link to the Kleopatra documentation for the import function.
+ Import certificates in the selected files. FIXME: Add a link to the
+ Gpg4win documentation for the import function.
Help on GpgEX
Display this help.
+
About GpgEX
+
+ Display the version number.
+
+
Debugging
- If Kleopatra can not be accessed, a message box with an error
- message will be displayed. To get more information, you can
- either check the error log of Kleopatra, or specify a debug
- file: Select the key HKLM\Software\GNU\GnuPG
+ If the GnuPG user interface (either GPA or Kleopatra) can not be
+ accessed, a message box with an error message will be displayed.
+ To get more information, you can either check the error log, or
+ specify a debug file: Select the
+ key HKLM\Software\GNU\GnuPG
in the registry editor, create a new string value with the name
GpgEX Debug File and the value of the debug filename
(e.g. c:\temp\gpgex-debug-file.log). To this file
@@ -49,10 +55,6 @@
Reference
- More information about these crypto operations can be found in
- the Kleopatra
- manual.
-
Please find more information and new software versions at
the Gpg4win website.
commit 7329e9a8d0ef661d8c306cc2f996bac718990f14
Author: Werner Koch
Date: Thu Jun 27 17:38:25 2013 +0200
Improve error message from the UI-server.
* client.cc (call_assuan): Distinguish between connection and and
server errors.
--
I consider it better not to use the term "server" here. To the user
it is a user interface and not a server.
diff --git a/src/ChangeLog b/src/ChangeLog
index a6f7a7c..05ecb0c 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2013-06-27 Werner Koch
+
+ * client.cc (call_assuan): Distinguish between connection and and
+ server errors.
+
2013-06-26 Werner Koch
* client.cc (default_uiserver_cmdline): Replace code with code
diff --git a/src/client.cc b/src/client.cc
index 6fc9162..37fe7ef 100644
--- a/src/client.cc
+++ b/src/client.cc
@@ -356,6 +356,8 @@ bool
client_t::call_assuan (const char *cmd, vector &filenames)
{
int rc = 0;
+ int connect_failed = 0;
+
assuan_context_t ctx = NULL;
string msg;
@@ -364,7 +366,10 @@ client_t::call_assuan (const char *cmd, vector &filenames)
rc = uiserver_connect (&ctx, this->window);
if (rc)
- goto leave;
+ {
+ connect_failed = 1;
+ goto leave;
+ }
try
{
@@ -405,12 +410,21 @@ client_t::call_assuan (const char *cmd, vector &filenames)
if (rc)
{
char buf[256];
- snprintf (buf, sizeof (buf),
- _("Can not access the UI-server%s%s%s:\r\n%s"),
- gpgex_server::ui_server? " (":"",
- gpgex_server::ui_server? gpgex_server::ui_server:"",
- gpgex_server::ui_server? ")":"",
- gpg_strerror (rc));
+
+ if (connect_failed)
+ snprintf (buf, sizeof (buf),
+ _("Can not connect to the GnuPG user interface%s%s%s:\r\n%s"),
+ gpgex_server::ui_server? " (":"",
+ gpgex_server::ui_server? gpgex_server::ui_server:"",
+ gpgex_server::ui_server? ")":"",
+ gpg_strerror (rc));
+ else
+ snprintf (buf, sizeof (buf),
+ _("Error returned by the GnuPG user interface%s%s%s:\r\n%s"),
+ gpgex_server::ui_server? " (":"",
+ gpgex_server::ui_server? gpgex_server::ui_server:"",
+ gpgex_server::ui_server? ")":"",
+ gpg_strerror (rc));
MessageBox (this->window, buf, "GpgEX", MB_ICONINFORMATION);
}
-----------------------------------------------------------------------
Summary of changes:
doc/gpgex-de.html | 39 +++++++++++++++++++--------------------
doc/gpgex-en.html | 34 ++++++++++++++++++----------------
src/ChangeLog | 5 +++++
src/client.cc | 28 +++++++++++++++++++++-------
4 files changed, 63 insertions(+), 43 deletions(-)
hooks/post-receive
--
GnupG extension for the Windows Explorer
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 5 10:25:55 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 05 Jul 2013 10:25:55 +0200
Subject: [git] GpgOL - branch, outlook14, created. gpgol-1.1.3-4-ge185317
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been created
at e1853176eaf2e0411f471f1cc30a783676a5d912 (commit)
- Log -----------------------------------------------------------------
commit e1853176eaf2e0411f471f1cc30a783676a5d912
Author: Andre Heinecke
Date: Fri Jul 5 08:00:58 2013 +0000
Prototype Outlook 14 support
This adds a prototype "Save and decrypt" action for attachments.
The main advancement is that gpgOl can now interact with
Outlook 14 using the Ribbon extension interface.
* src/gpgoladdin.cpp, src/gpgoladdin.h: New. Classes implementing
the COM Objects to interact with outlook.
* src/gpgoladdin.cpp, src/gpgol.def (DllGetClassObject),
(DllCanUnloadNow): New entry points into the library.
* src/olflange.cpp (DllRegisterServer, DllUnregisterServer):
Register / Unregister gpgOl as an Outlook Addin.
(GpgolExt): Use VERSION macro.
(install_sinks, install_forms): Expose for other classes.
* src/olflange.h: Move GUID and some string definitions into
header. Add function declarations.
--
In outlook 14 the exchange extension interface was removed. Now
we have to use the IDT_EXTENSIBILITY2 interface to interact with
outlook (or other office applications).
Similarly the context menu events in the OOM have been removed now
we must use the Ribbon Extensibility Interface to extend context
Menus. This is also the only way to avoid having all added buttons
placed in a generic "Addins" tab and gives us some more flexibility
how we can modify the UI.
There are still some fixmes and todos in there but basically it
works.
Not tested with older outlook versions where the Exchange interface
also works. In that case it might be best to check the Version in
OnConnection and disable all functionality in case it is < 14.
diff --git a/src/Makefile.am b/src/Makefile.am
index 220a013..3f73dba 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -79,7 +79,8 @@ gpgol_SOURCES = \
inspectors.cpp inspectors.h \
mailitem.cpp mailitem.h \
cmdbarcontrols.cpp cmdbarcontrols.h \
- w32-gettext.c w32-gettext.h
+ w32-gettext.c w32-gettext.h \
+ gpgoladdin.cpp gpgoladdin.h
#treeview_SOURCES = treeview.c
@@ -110,7 +111,8 @@ clean-local:
gpgol_LDADD = $(srcdir)/gpgol.def \
-L . -lgpgme -lassuan -lgpg-error \
-lmapi32 -lshell32 -lgdi32 -lcomdlg32 \
- -lole32 -loleaut32 -lws2_32 -ladvapi32
+ -lole32 -loleaut32 -lws2_32 -ladvapi32 \
+ -luuid
resource.o: resource.rc versioninfo.rc dialogs.rc
diff --git a/src/gpgol-ids.h b/src/gpgol-ids.h
index 0c02123..ff8f206 100644
--- a/src/gpgol-ids.h
+++ b/src/gpgol-ids.h
@@ -1,6 +1,6 @@
/* gpgol-ids.h
- Resource IDs used by gpgol-rsrcs.rc.
+ Resource IDs used by gpgol resource files
*/
#ifndef GPGOL_IDS_H
@@ -32,6 +32,7 @@
#define IDC_OPT_HOMEDIR 1027
#define IDC_OPT_SELHOMEDIR 1028
+#define IDR_XML_EXPLORER 203
#endif /*GPGOL_IDS_H*/
diff --git a/src/gpgol.def b/src/gpgol.def
index 4d319ed..79cf727 100644
--- a/src/gpgol.def
+++ b/src/gpgol.def
@@ -6,6 +6,8 @@ EXPORTS
ExchEntryPoint = ExchEntryPoint at 0 @1
DllRegisterServer = DllRegisterServer at 0 @2 PRIVATE
DllUnregisterServer = DllUnregisterServer at 0 @3 PRIVATE
+ DllGetClassObject = DllGetClassObject at 12 @4 PRIVATE
+ DllCanUnloadNow = DllCanUnloadNow at 0 @5 PRIVATE
gpgol_check_version = gpgol_check_version at 4 @11
gpgol_message_revert = gpgol_message_revert at 12 @12
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
new file mode 100644
index 0000000..7f55b69
--- /dev/null
+++ b/src/gpgoladdin.cpp
@@ -0,0 +1,636 @@
+/* gpgoladdin.cpp - Connect GpgOL to Outlook as an addin
+ * Copyright (C) 2013 Intevation GmbH
+ *
+ * This file is part of GpgOL.
+ *
+ * GpgOL is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * GpgOL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ */
+
+#ifdef HAVE_CONFIG_H
+#include
+#endif
+
+#include
+#include
+#include
+
+#include "util.h"
+#include "gpgoladdin.h"
+
+#include "mymapi.h"
+#include "mymapitags.h"
+#include "myexchext.h"
+
+#include "common.h"
+#include "display.h"
+#include "msgcache.h"
+#include "engine.h"
+#include "engine-assuan.h"
+#include "mapihelp.h"
+
+#include "oomhelp.h"
+
+#include "olflange.h"
+
+#include "gpgol-ids.h"
+
+#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
+ SRCNAME, __func__, __LINE__); \
+ } while (0)
+
+/* Id's of our callbacks */
+#define ID_CMD_DECRYPT_VERIFY 1
+#define ID_CMD_DECRYPT 2
+#define ID_CMD_VERIFY 3
+
+ULONG addinLocks = 0;
+
+/* This is the main entry point for the addin
+ Outlook uses this function to query for an Object implementing
+ the IClassFactory interface.
+*/
+STDAPI DllGetClassObject (REFCLSID rclsid, REFIID riid, LPVOID* ppvObj)
+{
+ if (!ppvObj)
+ return E_POINTER;
+
+ *ppvObj = NULL;
+ if (rclsid != CLSID_GPGOL)
+ return CLASS_E_CLASSNOTAVAILABLE;
+
+ /* Let the factory give the requested interface. */
+ GpgolAddinFactory* factory = new GpgolAddinFactory();
+ if (!factory)
+ return E_OUTOFMEMORY;
+
+ HRESULT hr = factory->QueryInterface (riid, ppvObj);
+ if(FAILED(hr))
+ {
+ *ppvObj = NULL;
+ delete factory;
+ }
+
+ return hr;
+}
+
+
+STDAPI DllCanUnloadNow()
+{
+ return addinLocks == 0 ? S_OK : S_FALSE;
+}
+
+/* Class factory */
+STDMETHODIMP GpgolAddinFactory::QueryInterface (REFIID riid, LPVOID* ppvObj)
+{
+ HRESULT hr = S_OK;
+
+ *ppvObj = NULL;
+
+ if ((IID_IUnknown == riid) || (IID_IClassFactory == riid))
+ *ppvObj = static_cast(this);
+ else
+ {
+ hr = E_NOINTERFACE;
+ LPOLESTR sRiid = NULL;
+ StringFromIID (riid, &sRiid);
+ /* Should not happen */
+ log_debug ("GpgolAddinFactory queried for unknown interface: %S \n", sRiid);
+ }
+
+ if (*ppvObj)
+ ((LPUNKNOWN)*ppvObj)->AddRef();
+
+ return hr;
+}
+
+
+/* This actually creates the instance of our COM object */
+STDMETHODIMP GpgolAddinFactory::CreateInstance (LPUNKNOWN punk, REFIID riid,
+ LPVOID* ppvObj)
+{
+ *ppvObj = NULL;
+
+ GpgolAddin* obj = new GpgolAddin();
+ if (NULL == obj)
+ return E_OUTOFMEMORY;
+
+ HRESULT hr = obj->QueryInterface (riid, ppvObj);
+
+ if (FAILED(hr))
+ {
+ LPOLESTR sRiid = NULL;
+ StringFromIID (riid, &sRiid);
+ fprintf(stderr, "failed to create instance for: %S", sRiid);
+ }
+
+ return hr;
+}
+
+/* GpgolAddin definition */
+
+
+/* Constructor of GpgolAddin
+
+ Initializes members and creates the interface objects for the new
+ context. Does the DLL initialization if it has not been done
+ before.
+
+ The ref count is set by the factory after creation.
+*/
+GpgolAddin::GpgolAddin (void) : m_lRef(0), m_application(0), m_addin(0)
+{
+ /* Create the COM Extension Object that handles the startup and
+ endinge initialization
+ */
+ m_gpgolext = new GpgolExt();
+
+ /* RibbonExtender is it's own object to avoid the pitfalls of
+ multiple inheritance
+ */
+ m_ribbonExtender = new GpgolRibbonExtender();
+}
+
+GpgolAddin::~GpgolAddin (void)
+{
+ log_debug ("%s:%s: cleaning up GpgolAddin object;",
+ SRCNAME, __func__);
+
+ engine_deinit ();
+ write_options ();
+ delete m_gpgolext;
+ delete m_ribbonExtender;
+
+ log_debug ("%s:%s: Object deleted\n", SRCNAME, __func__);
+}
+
+STDMETHODIMP
+GpgolAddin::QueryInterface (REFIID riid, LPVOID* ppvObj)
+{
+ HRESULT hr = S_OK;
+
+ *ppvObj = NULL;
+
+ if ((riid == IID_IUnknown) || (riid == IID_IDTExtensibility2) ||
+ (riid == IID_IDispatch))
+ {
+ *ppvObj = (LPUNKNOWN) this;
+ }
+ else if (riid == IID_IRibbonExtensibility)
+ {
+ return m_ribbonExtender->QueryInterface (riid, ppvObj);
+ }
+ else
+ {
+ hr = m_gpgolext->QueryInterface (riid, ppvObj);
+#if 0
+ if (FAILED(hr))
+ {
+ LPOLESTR sRiid = NULL;
+ StringFromIID(riid, &sRiid);
+ log_debug ("%s:%s: queried for unimplmented interface: %S",
+ SRCNAME, __func__, sRiid);
+ }
+#endif
+ }
+
+ if (*ppvObj)
+ ((LPUNKNOWN)*ppvObj)->AddRef();
+
+ return hr;
+}
+
+STDMETHODIMP
+GpgolAddin::OnConnection (LPDISPATCH Application, ext_ConnectMode ConnectMode,
+ LPDISPATCH AddInInst, SAFEARRAY ** custom)
+{
+ (void)custom;
+ TRACEPOINT();
+
+ if (!m_application)
+ {
+ m_application = Application;
+ m_application->AddRef();
+ m_addin = AddInInst;
+ }
+ else
+ {
+ /* This should not happen but happened during development when
+ the vtable was incorrect and the wrong function was called */
+ log_debug ("%s:%s: Application already set. Ignoring new value.",
+ SRCNAME, __func__);
+ return S_OK;
+ }
+
+ if (ConnectMode != ext_cm_Startup)
+ {
+ OnStartupComplete (custom);
+ }
+ return S_OK;
+}
+
+STDMETHODIMP
+GpgolAddin::OnDisconnection (ext_DisconnectMode RemoveMode,
+ SAFEARRAY** custom)
+{
+ (void)custom;
+ return S_OK;
+}
+
+STDMETHODIMP
+GpgolAddin::OnAddInsUpdate (SAFEARRAY** custom)
+{
+ (void)custom;
+ return S_OK;
+}
+
+STDMETHODIMP
+GpgolAddin::OnStartupComplete (SAFEARRAY** custom)
+{
+ (void)custom;
+ TRACEPOINT();
+
+ if (m_application)
+ {
+ /*
+ An install_sinks here works this but we
+ don't implement all the old extension feature
+ in the addin yet.
+ install_sinks ((LPEXCHEXTCALLBACK)m_application);
+ */
+ return S_OK;
+ }
+ /* Should not happen as OnConnection should be called before */
+ log_error ("%s:%s: no application set;",
+ SRCNAME, __func__);
+ return E_NOINTERFACE;
+}
+
+STDMETHODIMP
+GpgolAddin::OnBeginShutdown (SAFEARRAY * * custom)
+{
+ (void)custom;
+ TRACEPOINT();
+ return S_OK;
+}
+
+STDMETHODIMP
+GpgolAddin::GetTypeInfoCount (UINT *r_count)
+{
+ *r_count = 0;
+ TRACEPOINT(); /* Should not happen */
+ return S_OK;
+}
+
+STDMETHODIMP
+GpgolAddin::GetTypeInfo (UINT iTypeInfo, LCID lcid,
+ LPTYPEINFO *r_typeinfo)
+{
+ (void)iTypeInfo;
+ (void)lcid;
+ (void)r_typeinfo;
+ TRACEPOINT(); /* Should not happen */
+ return S_OK;
+}
+
+STDMETHODIMP
+GpgolAddin::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
+ UINT cNames, LCID lcid,
+ DISPID *rgDispId)
+{
+ (void)riid;
+ (void)rgszNames;
+ (void)cNames;
+ (void)lcid;
+ (void)rgDispId;
+ TRACEPOINT(); /* Should not happen */
+ return E_NOINTERFACE;
+}
+
+STDMETHODIMP
+GpgolAddin::Invoke (DISPID dispid, REFIID riid, LCID lcid,
+ WORD flags, DISPPARAMS *parms, VARIANT *result,
+ EXCEPINFO *exepinfo, UINT *argerr)
+{
+ TRACEPOINT(); /* Should not happen */
+ return DISP_E_MEMBERNOTFOUND;
+}
+
+
+
+/* Definition of GpgolRibbonExtender */
+
+GpgolRibbonExtender::GpgolRibbonExtender (void) : m_lRef(0)
+{
+}
+
+GpgolRibbonExtender::~GpgolRibbonExtender (void)
+{
+ log_debug ("%s:%s: cleaning up GpgolRibbonExtender object;",
+ SRCNAME, __func__);
+ log_debug ("%s:%s: Object deleted\n", SRCNAME, __func__);
+}
+
+STDMETHODIMP
+GpgolRibbonExtender::QueryInterface(REFIID riid, LPVOID* ppvObj)
+{
+ HRESULT hr = S_OK;
+
+ *ppvObj = NULL;
+
+ if ((riid == IID_IUnknown) || (riid == IID_IRibbonExtensibility) ||
+ (riid == IID_IDispatch))
+ {
+ *ppvObj = (LPUNKNOWN) this;
+ }
+ else
+ {
+ LPOLESTR sRiid = NULL;
+ StringFromIID (riid, &sRiid);
+ log_debug ("%s:%s: queried for unknown interface: %S",
+ SRCNAME, __func__, sRiid);
+ }
+
+ if (*ppvObj)
+ ((LPUNKNOWN)*ppvObj)->AddRef();
+
+ return hr;
+}
+
+STDMETHODIMP
+GpgolRibbonExtender::GetTypeInfoCount (UINT *r_count)
+{
+ *r_count = 0;
+ TRACEPOINT(); /* Should not happen */
+ return S_OK;
+}
+
+STDMETHODIMP
+GpgolRibbonExtender::GetTypeInfo (UINT iTypeInfo, LCID lcid,
+ LPTYPEINFO *r_typeinfo)
+{
+ (void)iTypeInfo;
+ (void)lcid;
+ (void)r_typeinfo;
+ TRACEPOINT(); /* Should not happen */
+ return S_OK;
+}
+
+/* Good documentation of what this function is supposed to do can
+ be found at: http://msdn.microsoft.com/en-us/library/cc237568.aspx
+
+ There is also a very good blog explaining how Ribbon Extensibility
+ is supposed to work.
+ http://blogs.msdn.com/b/andreww/archive/2007/03/09/
+why-is-it-so-hard-to-shim-iribbonextensibility.aspx
+ */
+STDMETHODIMP
+GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
+ UINT cNames, LCID lcid,
+ DISPID *rgDispId)
+{
+ (void)riid;
+ (void)lcid;
+ bool found = false;
+
+ if (!rgszNames || !cNames || !rgDispId)
+ {
+ return E_POINTER;
+ }
+
+ for (unsigned int i = 0; i < cNames; i++)
+ {
+ log_debug ("%s:%s: GetIDsOfNames for: %S",
+ SRCNAME, __func__, rgszNames[0]);
+ /* How this is supposed to work with cNames > 1 is unknown,
+ but we can just say that we won't support callbacks with
+ different parameters and just match the name (the first element)
+ and we give it one of our own dispIds's that are later handled in
+ the invoke part */
+ if (!wcscmp (rgszNames[i], L"AttachmentDecryptCallback"))
+ {
+ found = true;
+ rgDispId[i] = ID_CMD_DECRYPT;
+ }
+ }
+
+ if (cNames > 1)
+ {
+ log_debug ("More then one name provided. Should not happen");
+ }
+
+ return found ? S_OK : E_NOINTERFACE;
+}
+
+HRESULT
+GpgolRibbonExtender::decryptAttachments(LPRIBBONCONTROL ctrl)
+{
+ BSTR idStr = NULL;
+ LPDISPATCH context = NULL;
+ int attachmentCount;
+ HRESULT hr = 0;
+ int i = 0;
+ HWND curWindow;
+ LPOLEWINDOW actExplorer;
+ int err;
+
+ /* We got the vtable right so we can save us the invoke and
+ property lookup hassle and call it directly */
+ hr = ctrl->get_Id (&idStr);
+ hr |= ctrl->get_Context (&context);
+
+ if (FAILED(hr))
+ {
+ log_debug ("%s:%s:Context / ID lookup failed. hr: %x",
+ SRCNAME, __func__, (unsigned int) hr);
+ SysFreeString (idStr);
+ return E_FAIL;
+ }
+ else
+ {
+ log_debug ("%s:%s: contextId: %S, contextObj: %s",
+ SRCNAME, __func__, idStr, get_object_name (context));
+ SysFreeString (idStr);
+ }
+
+ attachmentCount = get_oom_int (context, "Count");
+ log_debug ("Count: %i ", attachmentCount);
+
+ actExplorer = (LPOLEWINDOW) get_oom_object(context,
+ "Application.ActiveExplorer");
+ if (actExplorer)
+ actExplorer->GetWindow (&curWindow);
+ else
+ {
+ log_debug ("%s:%s: Could not find active window",
+ SRCNAME, __func__);
+ curWindow = NULL;
+ }
+
+ char *filenames[attachmentCount + 1];
+ filenames[attachmentCount] = NULL;
+ /* Yes the items start at 1! */
+ for (i = 1; i <= attachmentCount; i++)
+ {
+ char buf[16];
+ char *filename;
+ wchar_t *wcsOutFilename;
+ DISPPARAMS saveParams;
+ VARIANT aVariant[1];
+ LPDISPATCH attachmentObj;
+ DISPID saveID;
+
+ snprintf (buf, sizeof (buf), "Item(%i)", i);
+ attachmentObj = get_oom_object (context, buf);
+ filename = get_oom_string (attachmentObj, "FileName");
+
+ saveID = lookup_oom_dispid (attachmentObj, "SaveAsFile");
+
+ saveParams.rgvarg = aVariant;
+ saveParams.rgvarg[0].vt = VT_BSTR;
+ filenames[i-1] = get_save_filename (NULL, filename);
+ xfree (filename);
+
+ wcsOutFilename = utf8_to_wchar2 (filenames[i-1],
+ strlen(filenames[i-1]));
+ saveParams.rgvarg[0].bstrVal = SysAllocString (wcsOutFilename);
+ saveParams.cArgs = 1;
+ saveParams.cNamedArgs = 0;
+
+ hr = attachmentObj->Invoke (saveID, IID_NULL, LOCALE_SYSTEM_DEFAULT,
+ DISPATCH_METHOD, &saveParams,
+ NULL, NULL, NULL);
+ SysFreeString (saveParams.rgvarg[0].bstrVal);
+ if (FAILED(hr))
+ {
+ int j;
+ log_debug ("%s:%s: Saving to file failed. hr: %x",
+ SRCNAME, __func__, (unsigned int) hr);
+ for (j = 0; j < i; j++)
+ xfree (filenames[j]);
+ return hr;
+ }
+ }
+ err = op_assuan_start_decrypt_files (curWindow, filenames);
+
+ for (i = 0; i < attachmentCount; i++)
+ xfree (filenames[i]);
+
+ return err ? E_FAIL : S_OK;
+}
+
+STDMETHODIMP
+GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
+ WORD flags, DISPPARAMS *parms, VARIANT *result,
+ EXCEPINFO *exepinfo, UINT *argerr)
+{
+ log_debug ("%s:%s: enter with dispid: %x",
+ SRCNAME, __func__, (int)dispid);
+
+ if (!(flags & DISPATCH_METHOD))
+ {
+ log_debug ("%s:%s: not called in method mode. Bailing out.",
+ SRCNAME, __func__);
+ return DISP_E_MEMBERNOTFOUND;
+ }
+
+ switch (dispid)
+ {
+ case ID_CMD_DECRYPT:
+ /* We can assume that this points to an implementation of
+ IRibbonControl as we know the callback dispid. */
+ return decryptAttachments ((LPRIBBONCONTROL)
+ parms->rgvarg[0].pdispVal);
+ }
+
+ log_debug ("%s:%s: leave", SRCNAME, __func__);
+
+ return DISP_E_MEMBERNOTFOUND;
+}
+
+BSTR
+loadXMLResource (int id)
+{
+ /* XXX I do not know how to get the handle of the currently
+ executed code as we never had a chance in DllMain to save
+ that handle. */
+
+ /* FIXME this does not work as intended */
+ HMODULE hModule = GetModuleHandle("gpgol.dll");
+
+ HRSRC hRsrc = FindResourceEx (hModule, MAKEINTRESOURCE(id), TEXT("XML"),
+ MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL));
+
+ if (!hRsrc)
+ {
+ log_error_w32 (-1, "%s:%s: FindResource(%d) failed\n",
+ SRCNAME, __func__, id);
+ return NULL;
+ }
+
+ HGLOBAL hGlobal = LoadResource(hModule, hRsrc);
+
+ if (!hGlobal)
+ {
+ log_error_w32 (-1, "%s:%s: LoadResource(%d) failed\n",
+ SRCNAME, __func__, id);
+ return NULL;
+ }
+
+ LPVOID xmlData = LockResource (hGlobal);
+
+ return SysAllocString (reinterpret_cast(xmlData));
+}
+
+STDMETHODIMP
+GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
+{
+ log_debug ("%s:%s: GetCustomUI for id: %S", SRCNAME, __func__, RibbonID);
+
+ if (!RibbonXml)
+ return E_POINTER;
+
+ /*if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer"))
+ {*/
+ // *RibbonXml = loadXMLResource (IDR_XML_EXPLORER);
+ /* TODO use callback for label's and Icons, load xml from resource */
+ *RibbonXml = SysAllocString (
+ L""
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L""
+ L" "
+ L""
+ );
+ /* } */
+
+ return S_OK;
+}
diff --git a/src/gpgoladdin.h b/src/gpgoladdin.h
new file mode 100644
index 0000000..ee4583a
--- /dev/null
+++ b/src/gpgoladdin.h
@@ -0,0 +1,233 @@
+/* gpgoladdin.h - Connect GpgOL to Outlook as an addin
+ * Copyright (C) 2013 Intevation GmbH
+ *
+ * This file is part of GpgOL.
+ *
+ * GpgOL is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * GpgOL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ */
+
+#ifndef GPGOLADDIN_H
+#define GPGOLADDIN_H
+
+#include
+
+class GpgolAddinRibbonExt;
+class GpgolExt;
+
+/* Enums for the IDTExtensibility2 interface*/
+typedef enum
+ {
+ ext_cm_AfterStartup = 0,
+ ext_cm_Startup,
+ ext_cm_External,
+ ext_cm_CommandLine,
+ ext_cm_Solution,
+ ext_cm_UISetup
+ }
+ext_ConnectMode;
+
+typedef enum
+ {
+ ext_dm_HostShutdown = 0,
+ ext_dm_UserClosed,
+ ext_dm_UISetupComplete,
+ ext_dm_SolutionClosed
+ }
+ext_DisconnectMode;
+
+/* Global class locks */
+extern ULONG addinLocks;
+
+struct IDTExtensibility2;
+typedef struct IDTExtensibility2 *LEXTENSIBILTY2;
+
+/* Interface definitions */
+DEFINE_GUID(IID_IDTExtensibility2, 0xB65AD801, 0xABAF, 0x11D0, 0xBB, 0x8B,
+ 0x00, 0xA0, 0xC9, 0x0F, 0x27, 0x44);
+
+#undef INTERFACE
+#define INTERFACE IDTExtensibility2
+DECLARE_INTERFACE_(IDTExtensibility2, IDispatch)
+{
+ STDMETHOD(OnConnection)(LPDISPATCH, ext_ConnectMode, LPDISPATCH,
+ SAFEARRAY**);
+ STDMETHOD(OnDisconnection)(ext_DisconnectMode, SAFEARRAY**);
+ STDMETHOD(OnAddInsUpdate)(SAFEARRAY **);
+ STDMETHOD(OnStartupComplete)(SAFEARRAY**);
+ STDMETHOD(OnBeginShutdown)(SAFEARRAY**);
+};
+
+DEFINE_GUID(IID_IRibbonExtensibility, 0x000C0396, 0x0000, 0x0000, 0xC0, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x46);
+
+struct IRibbonExtensibility;
+typedef struct IRibbonExtensibility *LRIBBONEXTENSIBILITY;
+
+#undef INTERFACE
+#define INTERFACE IRibbonExtensibility
+DECLARE_INTERFACE_(IRibbonExtensibility, IDispatch)
+{
+ STDMETHOD(GetCustomUI)(BSTR RibbonID, BSTR * RibbonXml);
+};
+
+DEFINE_GUID(IID_IRibbonCallback, 0xCE895442, 0x9981, 0x4315, 0xAA, 0x85,
+ 0x4B, 0x9A, 0x5C, 0x77, 0x39, 0xD8);
+
+struct IRibbonCallback;
+typedef struct IRibbonCallback *LRIBBONCALLBACK;
+
+#undef INTERFACE
+#define INTERFACE IRibbonCallback
+DECLARE_INTERFACE(IRibbonCallback)
+{
+ STDMETHOD(OnRibbonLoad)(IUnknown* pRibbonUIUnk);
+ STDMETHOD(ButtonClicked)(IDispatch* ribbon);
+};
+
+DEFINE_GUID(IID_IRibbonControl, 0x000C0395, 0x0000, 0x0000, 0xC0, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x46);
+
+struct IRibbonControl;
+typedef struct IRibbonControl *LPRIBBONCONTROL;
+
+#undef INTERFACE
+#define INTERFACE IRibbonControl
+DECLARE_INTERFACE_(IRibbonControl, IDispatch)
+{
+ STDMETHOD(get_Id)(BSTR* id);
+ STDMETHOD(get_Context)(IDispatch** context);
+ STDMETHOD(get_Tag)(BSTR* Tag);
+};
+
+
+DEFINE_GUID(IID_ICustomTaskPaneConsumer, 0x000C033E, 0x0000, 0x0000, 0xC0,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46);
+
+class GpgolRibbonExtender : public IRibbonExtensibility
+{
+public:
+ GpgolRibbonExtender(void);
+ ~GpgolRibbonExtender();
+
+ /* IUnknown */
+ STDMETHODIMP QueryInterface (REFIID riid, LPVOID* ppvObj);
+ inline STDMETHODIMP_(ULONG) AddRef() { ++m_lRef; return m_lRef; };
+ inline STDMETHODIMP_(ULONG) Release()
+ {
+ ULONG lCount = --m_lRef;
+ if (!lCount)
+ delete this;
+ return lCount;
+ };
+
+ /* IDispatch */
+ STDMETHODIMP GetTypeInfoCount (UINT*);
+ STDMETHODIMP GetTypeInfo (UINT, LCID, LPTYPEINFO*);
+ STDMETHODIMP GetIDsOfNames (REFIID, LPOLESTR*, UINT, LCID, DISPID*);
+ STDMETHODIMP Invoke (DISPID, REFIID, LCID, WORD,
+ DISPPARAMS*, VARIANT*, EXCEPINFO*, UINT*);
+
+ /* IRibbonExtensibility */
+ STDMETHODIMP GetCustomUI (BSTR RibbonID, BSTR* RibbonXml);
+
+private:
+ ULONG m_lRef;
+
+ /* Callback implementations */
+ HRESULT decryptAttachments (LPRIBBONCONTROL ctrl);
+
+};
+
+class GpgolAddin : public IDTExtensibility2
+{
+public:
+ GpgolAddin(void);
+ ~GpgolAddin();
+
+public:
+
+ /* IUnknown */
+ STDMETHODIMP QueryInterface (REFIID riid, LPVOID* ppvObj);
+ inline STDMETHODIMP_(ULONG) AddRef() { ++m_lRef; return m_lRef; };
+ inline STDMETHODIMP_(ULONG) Release()
+ {
+ ULONG lCount = --m_lRef;
+ if (!lCount)
+ delete this;
+ return lCount;
+ };
+
+ /* IDispatch */
+ STDMETHODIMP GetTypeInfoCount (UINT*);
+ STDMETHODIMP GetTypeInfo (UINT, LCID, LPTYPEINFO*);
+ STDMETHODIMP GetIDsOfNames (REFIID, LPOLESTR*, UINT, LCID, DISPID*);
+ STDMETHODIMP Invoke (DISPID, REFIID, LCID, WORD,
+ DISPPARAMS*, VARIANT*, EXCEPINFO*, UINT*);
+
+ /* IDTExtensibility */
+ STDMETHODIMP OnConnection (LPDISPATCH Application,
+ ext_ConnectMode ConnectMode,
+ LPDISPATCH AddInInst,
+ SAFEARRAY** custom);
+ STDMETHODIMP OnDisconnection (ext_DisconnectMode RemoveMode,
+ SAFEARRAY** custom);
+ STDMETHODIMP OnAddInsUpdate (SAFEARRAY** custom);
+ STDMETHODIMP OnStartupComplete (SAFEARRAY** custom);
+ STDMETHODIMP OnBeginShutdown (SAFEARRAY** custom);
+
+private:
+ ULONG m_lRef;
+ GpgolExt* m_gpgolext;
+ GpgolRibbonExtender* m_ribbonExtender;
+
+ LPDISPATCH m_application;
+ LPDISPATCH m_addin;
+
+};
+
+class GpgolAddinFactory: public IClassFactory
+{
+public:
+ GpgolAddinFactory(): m_lRef(0){}
+ ~GpgolAddinFactory(){}
+
+ STDMETHODIMP QueryInterface (REFIID riid, LPVOID* ppvObj);
+ inline STDMETHODIMP_(ULONG) AddRef() { ++m_lRef; return m_lRef; };
+ inline STDMETHODIMP_(ULONG) Release()
+ {
+ ULONG lCount = --m_lRef;
+ if (!lCount)
+ delete this;
+ return lCount;
+ };
+
+ /* IClassFactory */
+ STDMETHODIMP CreateInstance (LPUNKNOWN unknown, REFIID riid,
+ LPVOID* ppvObj);
+ STDMETHODIMP LockServer (BOOL lock)
+ {
+ if (lock)
+ ++addinLocks;
+ else
+ --addinLocks;
+ return S_OK;
+ }
+
+private:
+ ULONG m_lRef;
+};
+
+STDAPI DllGetClassObject (REFCLSID rclsid, REFIID riid, LPVOID* ppvObj);
+
+#endif /*GPGOLADDIN_H*/
diff --git a/src/olflange.cpp b/src/olflange.cpp
index a7fd5fe..e51521e 100644
--- a/src/olflange.cpp
+++ b/src/olflange.cpp
@@ -25,6 +25,9 @@
#include
#ifndef INITGUID
+/* Include every header that defines a GUID below this
+ macro. Otherwise the GUID's will only be declared and
+ not defined. */
#define INITGUID
#endif
@@ -41,6 +44,7 @@
#include "olflange-def.h"
#include "olflange.h"
+#include "gpgoladdin.h"
#include "ext-commands.h"
#include "user-events.h"
#include "session-events.h"
@@ -53,30 +57,14 @@
#include "mailitem.h"
#include "cmdbarcontrols.h"
-/* The GUID for this plugin. */
-#define CLSIDSTR_GPGOL "{42d30988-1a3a-11da-c687-000d6080e735}"
-DEFINE_GUID(CLSID_GPGOL, 0x42d30988, 0x1a3a, 0x11da,
- 0xc6, 0x87, 0x00, 0x0d, 0x60, 0x80, 0xe7, 0x35);
-
-/* For documentation: The GUID used for our custom properties:
- {31805ab8-3e92-11dc-879c-00061b031004}
- */
-
-
#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
SRCNAME, __func__, __LINE__); \
} while (0)
-
static bool g_initdll = FALSE;
-static void install_forms (void);
-static void install_sinks (LPEXCHEXTCALLBACK eecb);
-
-
static char *olversion;
-
/* Return a string for the context NO. This never return NULL. */
const char *
@@ -126,8 +114,11 @@ get_ol_main_version (void)
-/* Registers this module as an Exchange extension. This basically updates
- some Registry entries. */
+/* Registers this module as an Exchange extension and as an addin for
+ outlook 2010. This basically updates some Registry entries.
+ Documentation to be found at:
+ http://msdn.microsoft.com/en-us/library/bb386106%28v=vs.110%29.aspx
+ */
STDAPI
DllRegisterServer (void)
{
@@ -221,8 +212,9 @@ DllRegisterServer (void)
if (hkey != NULL)
RegCloseKey (hkey);
+ /* Register the CLSID in the registry */
hkey = NULL;
- strcpy (szKeyBuf, "CLSID\\" CLSIDSTR_GPGOL );
+ strcpy (szKeyBuf, "CLSID\\" CLSIDSTR_GPGOL);
ec = RegCreateKeyEx (HKEY_CLASSES_ROOT, szKeyBuf, 0, NULL,
REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey, NULL);
if (ec != ERROR_SUCCESS)
@@ -231,10 +223,11 @@ DllRegisterServer (void)
return E_ACCESSDENIED;
}
- strcpy (szEntry, "GpgOL - The GnuPG Outlook Plugin");
+ strcpy (szEntry, GPGOL_PRETTY);
dwTemp = strlen (szEntry) + 1;
RegSetValueEx (hkey, NULL, 0, REG_SZ, (BYTE*)szEntry, dwTemp);
+ /* Set the Inproc server value */
strcpy (szKeyBuf, "InprocServer32");
ec = RegCreateKeyEx (hkey, szKeyBuf, 0, NULL, REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS, NULL, &hkey2, NULL);
@@ -248,10 +241,87 @@ DllRegisterServer (void)
dwTemp = strlen (szEntry) + 1;
RegSetValueEx (hkey2, NULL, 0, REG_SZ, (BYTE*)szEntry, dwTemp);
- strcpy (szEntry, "Neutral");
+ /* Set the threading model used */
+ strcpy (szEntry, "Both");
dwTemp = strlen (szEntry) + 1;
RegSetValueEx (hkey2, "ThreadingModel", 0, REG_SZ, (BYTE*)szEntry, dwTemp);
+ /* Set the Prog ID */
+ strcpy (szKeyBuf, "ProgID");
+ ec = RegCreateKeyEx (hkey, szKeyBuf, 0, NULL, REG_OPTION_NON_VOLATILE,
+ KEY_ALL_ACCESS, NULL, &hkey2, NULL);
+ if (ec != ERROR_SUCCESS)
+ {
+ fprintf (stderr, "creating key `%s' failed: ec=%#lx\n", szKeyBuf, ec);
+ RegCloseKey (hkey);
+ return E_ACCESSDENIED;
+ }
+ strcpy (szEntry, GPGOL_PROGID);
+ dwTemp = strlen (szEntry) + 1;
+ RegSetValueEx (hkey2, NULL, 0, REG_SZ, (BYTE*)szEntry, dwTemp);
+
+ /* Make the Prog ID known. This is basically the same as above
+ * but necessary so we can refer to the Prog ID as an Outlook
+ * Extension
+ */
+ hkey = NULL;
+ strcpy (szKeyBuf, GPGOL_PROGID);
+ ec = RegCreateKeyEx (HKEY_CLASSES_ROOT, szKeyBuf, 0, NULL,
+ REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey, NULL);
+ if (ec != ERROR_SUCCESS)
+ {
+ fprintf (stderr, "creating key `%s' failed: ec=%#lx\n", szKeyBuf, ec);
+ return E_ACCESSDENIED;
+ }
+
+ strcpy (szEntry, GPGOL_PRETTY);
+ dwTemp = strlen (szEntry) + 1;
+ RegSetValueEx (hkey, NULL, 0, REG_SZ, (BYTE*)szEntry, dwTemp);
+
+ /* Point from the Prog ID entry to the CSLID */
+
+ strcpy (szKeyBuf, "CLSID");
+ ec = RegCreateKeyEx (hkey, szKeyBuf, 0, NULL, REG_OPTION_NON_VOLATILE,
+ KEY_ALL_ACCESS, NULL, &hkey2, NULL);
+ if (ec != ERROR_SUCCESS)
+ {
+ fprintf (stderr, "creating key `%s' failed: ec=%#lx\n", szKeyBuf, ec);
+ RegCloseKey (hkey);
+ return E_ACCESSDENIED;
+ }
+ strcpy (szEntry, CLSIDSTR_GPGOL);
+ dwTemp = strlen (szEntry) + 1;
+ RegSetValueEx (hkey2, NULL, 0, REG_SZ, (BYTE*)szEntry, dwTemp);
+
+ /* Register ourself as an extension for outlook >= 14 */
+
+ strcpy (szKeyBuf, "Software\\Microsoft\\Office\\Outlook\\Addins\\" GPGOL_PROGID);
+ ec = RegCreateKeyEx (HKEY_LOCAL_MACHINE, szKeyBuf, 0, NULL,
+ REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey, NULL);
+ if (ec != ERROR_SUCCESS)
+ {
+ fprintf (stderr, "creating key `%s' failed: ec=%#lx\n", szKeyBuf, ec);
+ return E_ACCESSDENIED;
+ }
+
+ /* Load connected and load Bootload */
+ dwTemp = 0x01 | 0x02;
+ RegSetValueEx (hkey, "LoadBehavior", 0, REG_DWORD, (BYTE*)&dwTemp, 4);
+
+ /* We are not commandline save */
+ dwTemp = 0;
+ RegSetValueEx (hkey, "CommandLineSafe", 0, REG_DWORD, (BYTE*)&dwTemp, 4);
+
+ /* A friendly name (visible in outlook) */
+ strcpy (szEntry, GPGOL_PRETTY);
+ dwTemp = strlen (szEntry) + 1;
+ RegSetValueEx (hkey, "FriendlyName", 0, REG_SZ, (BYTE*)szEntry, dwTemp);
+
+ /* A short description (visible in outlook) */
+ strcpy (szEntry, GPGOL_DESCRIPTION);
+ dwTemp = strlen (szEntry) + 1;
+ RegSetValueEx (hkey, "Description", 0, REG_SZ, (BYTE*)szEntry, dwTemp);
+
RegCloseKey (hkey2);
RegCloseKey (hkey);
@@ -261,7 +331,7 @@ DllRegisterServer (void)
}
-/* Unregisters this module as an Exchange extension. */
+/* Unregisters this module as an Exchange extension / Addin. */
STDAPI
DllUnregisterServer (void)
{
@@ -292,9 +362,21 @@ DllUnregisterServer (void)
/* Delete CLSIDs. */
strcpy (buf, "CLSID\\" CLSIDSTR_GPGOL "\\InprocServer32");
RegDeleteKey (HKEY_CLASSES_ROOT, buf);
+ strcpy (buf, "CLSID\\" CLSIDSTR_GPGOL "\\ProgID");
+ RegDeleteKey (HKEY_CLASSES_ROOT, buf);
strcpy (buf, "CLSID\\" CLSIDSTR_GPGOL);
RegDeleteKey (HKEY_CLASSES_ROOT, buf);
+ /* Delete ProgID */
+ strcpy (buf, GPGOL_PROGID "\\CLSID");
+ RegDeleteKey (HKEY_CLASSES_ROOT, buf);
+ strcpy (buf, GPGOL_PROGID);
+ RegDeleteKey (HKEY_CLASSES_ROOT, buf);
+
+ /* Delete Addin entry */
+ strcpy (buf, "Software\\Microsoft\\Office\\Outlook\\Addins\\" GPGOL_PROGID);
+ RegDeleteKey (HKEY_LOCAL_MACHINE, buf);
+
return S_OK;
}
@@ -441,7 +523,7 @@ GpgolExt::GpgolExt (void)
that a user will see this message only once. */
MessageBox
(NULL,
- _("Welcome to GpgOL 1.0\n"
+ _("Welcome to GpgOL " VERSION "\n"
"\n"
"GpgOL adds integrated OpenPGP and S/MIME encryption "
"and digital signing support to Outlook 2003 and 2007.\n"
@@ -706,7 +788,7 @@ GpgolExt::Install(LPEXCHEXTCALLBACK pEECB, ULONG lContext, ULONG lFlags)
}
-static void
+void
install_forms (void)
{
HRESULT hr;
@@ -782,8 +864,7 @@ install_forms (void)
}
-
-static void
+void
install_sinks (LPEXCHEXTCALLBACK eecb)
{
static int done;
@@ -802,6 +883,12 @@ install_sinks (LPEXCHEXTCALLBACK eecb)
eecb->QueryInterface (IID_IOutlookExtCallback, (LPVOID*)&pCb);
if (pCb)
pCb->GetObject (&rootobj);
+ else
+ {
+ /* If we did not get an ExtCallback interface we might
+ as well try to find Application.Explorers directly */
+ rootobj = eecb;
+ }
if (rootobj)
{
LPDISPATCH disp;
diff --git a/src/olflange.h b/src/olflange.h
index 895cf7b..b4ab534 100644
--- a/src/olflange.h
+++ b/src/olflange.h
@@ -20,11 +20,33 @@
#ifndef OLFLANGE_H
#define OLFLANGE_H
+#include "mymapi.h"
+#include "mymapitags.h"
+#include "myexchext.h"
#include "mapihelp.h"
+#include "olflange-def.h"
+
+/* The GUID for this plugin. */
+#define CLSIDSTR_GPGOL "{42d30988-1a3a-11da-c687-000d6080e735}"
+DEFINE_GUID(CLSID_GPGOL, 0x42d30988, 0x1a3a, 0x11da,
+ 0xc6, 0x87, 0x00, 0x0d, 0x60, 0x80, 0xe7, 0x35);
+
+/* For documentation: The GUID used for our custom properties:
+ {31805ab8-3e92-11dc-879c-00061b031004}
+ */
+
+/* The ProgID used by us */
+#define GPGOL_PROGID "GNU.GpgOL"
+/* User friendly add in name */
+#define GPGOL_PRETTY "GpgOL - The GnuPG Outlook Plugin"
+/* Short description of the addin */
+#define GPGOL_DESCRIPTION "Cryptography for Outlook"
+
+
/*
- GpgolExt
+ GpgolExt
The GpgolExt class is the main exchange extension class. The other
extensions will be created in the constructor of this class.
@@ -71,5 +93,10 @@ EXTERN_C const char * __stdcall gpgol_check_version (const char *req_version);
EXTERN_C int get_ol_main_version (void);
+void install_sinks (LPEXCHEXTCALLBACK eecb);
+
+void install_forms (void);
+
+LPDISPATCH get_eecb_object (LPEXCHEXTCALLBACK eecb);
#endif /*OLFLANGE_H*/
commit bf9f567b67512b8b75785941eafdcf47fb5a7cf5
Author: Andre Heinecke
Date: Fri Jul 5 07:22:37 2013 +0000
Add decrypt_files operation to the assuan engine
To be used to decrypt a list of filenames.
* src/common.c (percent_escape): New. Taken from gpgEx to escape
file names.
* src/engine-assuan.c (op_assuan_start_decrypt_files): New. Handles
the assuan transactions.
* src/engine-assuan.h, src/util.h: Add prototypes
* src/util.h (tohex_lower): New. Taken from gpgEx
diff --git a/src/common.c b/src/common.c
index 68cae2d..b422154 100644
--- a/src/common.c
+++ b/src/common.c
@@ -999,4 +999,51 @@ parse_tlv (char const **buffer, size_t *size, tlvinfo_t *ti)
return 0;
}
+/* Percent-escape the string STR by replacing colons with '%3a'. If
+ EXTRA is not NULL all characters in it are also escaped. */
+char *
+percent_escape (const char *str, const char *extra)
+{
+ int i, j;
+ char *ptr;
+
+ if (!str)
+ return NULL;
+
+ for (i=j=0; str[i]; i++)
+ if (str[i] == ':' || str[i] == '%' || (extra && strchr (extra, str[i])))
+ j++;
+ ptr = (char *) malloc (i + 2 * j + 1);
+ i = 0;
+ while (*str)
+ {
+ /* FIXME: Work around a bug in Kleo. */
+ if (*str == ':')
+ {
+ ptr[i++] = '%';
+ ptr[i++] = '3';
+ ptr[i++] = 'a';
+ }
+ else
+ {
+ if (*str == '%')
+ {
+ ptr[i++] = '%';
+ ptr[i++] = '2';
+ ptr[i++] = '5';
+ }
+ else if (extra && strchr (extra, *str))
+ {
+ ptr[i++] = '%';
+ ptr[i++] = tohex_lower ((*str >> 4) & 15);
+ ptr[i++] = tohex_lower (*str & 15);
+ }
+ else
+ ptr[i++] = *str;
+ }
+ str++;
+ }
+ ptr[i] = '\0';
+ return ptr;
+}
diff --git a/src/engine-assuan.c b/src/engine-assuan.c
index ff17cf4..8e0737f 100644
--- a/src/engine-assuan.c
+++ b/src/engine-assuan.c
@@ -33,6 +33,7 @@
#include "common.h"
#include "engine.h"
#include "engine-assuan.h"
+#include "util.h"
#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
@@ -2207,3 +2208,35 @@ op_assuan_start_confdialog (void *hwnd)
}
return err;
}
+
+/* Send a decrypt files command to the server.
+ Filenames should be a null terminated array of char*
+*/
+int
+op_assuan_start_decrypt_files (void *hwnd, char **filenames)
+{
+ gpg_error_t err;
+ assuan_context_t ctx;
+ ULONG cmdid;
+ pid_t pid;
+ char line[1024];
+
+ err = connect_uiserver (&ctx, &pid, &cmdid, hwnd);
+ if (!err)
+ {
+ while (*filenames != NULL)
+ {
+ snprintf(line, sizeof(line), "FILE %s",
+ percent_escape(*filenames, NULL));
+ err = assuan_transact (ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (err)
+ return err;
+ filenames++;
+ }
+ err = assuan_transact (ctx, "DECRYPT_FILES",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ assuan_release (ctx);
+ }
+ return err;
+}
diff --git a/src/engine-assuan.h b/src/engine-assuan.h
index 7e9d0cb..de2a144 100644
--- a/src/engine-assuan.h
+++ b/src/engine-assuan.h
@@ -64,6 +64,8 @@ int op_assuan_start_keymanager (void *hwnd);
int op_assuan_start_confdialog (void *hwnd);
+int op_assuan_start_decrypt_files (void *hwnd, char **filenames);
+
#ifdef __cplusplus
}
diff --git a/src/util.h b/src/util.h
index f50b9d7..77cdef0 100644
--- a/src/util.h
+++ b/src/util.h
@@ -70,7 +70,7 @@ char *trim_spaces (char *string);
char *trim_trailing_spaces (char *string);
char *read_w32_registry_string (const char *root, const char *dir,
const char *name);
-
+char *percent_escape (const char *str, const char *extra);
/*-- main.c --*/
const void *get_128bit_session_key (void);
@@ -123,6 +123,7 @@ int write_options (void);
#define tohex(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'A'))
+#define tohex_lower(n) ((n) < 10 ? ((n) + '0') : (((n) - 10) + 'a'))
/***** Inline functions. ****/
/* Return true if LINE consists only of white space (up to and
commit 5e2da8b3e8b65cd9642b830b2978dee269737d0d
Author: Andre Heinecke
Date: Fri Jul 5 07:20:54 2013 +0000
Update copyright year in resource file
* src/versioninfo.rc.in: Update copyright
diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in
index c88d6e3..bc0da84 100644
--- a/src/versioninfo.rc.in
+++ b/src/versioninfo.rc.in
@@ -39,7 +39,7 @@ BEGIN
VALUE "FileDescription", "GpgOL - GnuPG plugin for Outlook\0"
VALUE "FileVersion", "@VERSION@\0"
VALUE "InternalName", "gpgol\0"
- VALUE "LegalCopyright", "Copyright ? 2009 g10 Code GmbH\0"
+ VALUE "LegalCopyright", "Copyright ? 2013 g10 Code GmbH\0"
VALUE "LegalTrademarks", "\0"
VALUE "OriginalFilename", "gpgol.dll\0"
VALUE "PrivateBuild", "\0"
-----------------------------------------------------------------------
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 5 11:28:20 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 05 Jul 2013 11:28:20 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-5-g5dd6e2b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 5dd6e2b9a52e05f754109c5858eebc330f6a0176 (commit)
from e1853176eaf2e0411f471f1cc30a783676a5d912 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5dd6e2b9a52e05f754109c5858eebc330f6a0176
Author: Andre Heinecke
Date: Fri Jul 5 09:01:45 2013 +0000
Add ContextualTab action for Attachments
Proof of concept how additional ui elements can be added.
* src/gpgoladdin.cpp (GetCustomUI): Add contextualTabs element,
add comment pointing to the documentation for this.
(decryptAttachments): Handle Explorer context additionally
to the AttachmentSelection context. Better error handling.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 7f55b69..40063d0 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -437,6 +437,7 @@ GpgolRibbonExtender::decryptAttachments(LPRIBBONCONTROL ctrl)
{
BSTR idStr = NULL;
LPDISPATCH context = NULL;
+ LPDISPATCH attachmentSelection;
int attachmentCount;
HRESULT hr = 0;
int i = 0;
@@ -463,10 +464,18 @@ GpgolRibbonExtender::decryptAttachments(LPRIBBONCONTROL ctrl)
SysFreeString (idStr);
}
- attachmentCount = get_oom_int (context, "Count");
- log_debug ("Count: %i ", attachmentCount);
+ attachmentSelection = get_oom_object (context, "AttachmentSelection");
+ if (!attachmentSelection)
+ {
+ /* We can be called from a context menu, in that case we
+ directly have an AttachmentSelection context. Otherwise
+ we have an Explorer context with an Attachment Selection property. */
+ attachmentSelection = context;
+ }
+
+ attachmentCount = get_oom_int (attachmentSelection, "Count");
- actExplorer = (LPOLEWINDOW) get_oom_object(context,
+ actExplorer = (LPOLEWINDOW) get_oom_object(attachmentSelection,
"Application.ActiveExplorer");
if (actExplorer)
actExplorer->GetWindow (&curWindow);
@@ -491,7 +500,15 @@ GpgolRibbonExtender::decryptAttachments(LPRIBBONCONTROL ctrl)
DISPID saveID;
snprintf (buf, sizeof (buf), "Item(%i)", i);
- attachmentObj = get_oom_object (context, buf);
+ attachmentObj = get_oom_object (attachmentSelection, buf);
+ if (!attachmentObj)
+ {
+ /* Should be impossible */
+ filenames[i-1] = NULL;
+ log_error ("%s:%s: could not find Item %i;",
+ SRCNAME, __func__, i);
+ break;
+ }
filename = get_oom_string (attachmentObj, "FileName");
saveID = lookup_oom_dispid (attachmentObj, "SaveAsFile");
@@ -526,7 +543,11 @@ GpgolRibbonExtender::decryptAttachments(LPRIBBONCONTROL ctrl)
for (i = 0; i < attachmentCount; i++)
xfree (filenames[i]);
- return err ? E_FAIL : S_OK;
+ log_debug ("%s:%s: Leaving. Err: %i",
+ SRCNAME, __func__, err);
+
+ return S_OK; /* If we return an error outlook will show that our
+ callback function failed in an ugly window. */
}
STDMETHODIMP
@@ -592,6 +613,14 @@ loadXMLResource (int id)
return SysAllocString (reinterpret_cast(xmlData));
}
+/* Returns the XML markup for the various RibbonID's
+
+ The custom ui syntax is documented at:
+ http://msdn.microsoft.com/en-us/library/dd926139%28v=office.12%29.aspx
+
+ The outlook specific elements are documented at:
+ http://msdn.microsoft.com/en-us/library/office/ee692172%28v=office.14%29.aspx
+*/
STDMETHODIMP
GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
{
@@ -620,12 +649,25 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" "
L" "
L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
L" "
L" "
L" "
- L""
L" "
L""
-----------------------------------------------------------------------
Summary of changes:
src/gpgoladdin.cpp | 58 ++++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 50 insertions(+), 8 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jul 9 17:05:12 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Tue, 09 Jul 2013 17:05:12 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-9-gd737d16
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via d737d168278cfec479cb1bd49b8825d98e7260c0 (commit)
via 3aae0ada6f19ef45ee2392afbb93df92bb093bf0 (commit)
via 3fc86e1ca4700c6a91ddab8168fdbe486616e996 (commit)
via 2dec95936ebfa8e8a8b5f474bfb423b5d18b40bb (commit)
from 5dd6e2b9a52e05f754109c5858eebc330f6a0176 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d737d168278cfec479cb1bd49b8825d98e7260c0
Author: Andre Heinecke
Date: Tue Jul 9 14:40:12 2013 +0000
Add nohup option to decrypt command
Otherwise Outlook would block until the decryption
completes.
* src/engine-assuan.c (op_assuan_start_decrypt_files):
Add --nohup to decrypt files command
diff --git a/src/engine-assuan.c b/src/engine-assuan.c
index 8e0737f..6523e1b 100644
--- a/src/engine-assuan.c
+++ b/src/engine-assuan.c
@@ -2234,7 +2234,7 @@ op_assuan_start_decrypt_files (void *hwnd, char **filenames)
return err;
filenames++;
}
- err = assuan_transact (ctx, "DECRYPT_FILES",
+ err = assuan_transact (ctx, "DECRYPT_FILES --nohup",
NULL, NULL, NULL, NULL, NULL, NULL);
assuan_release (ctx);
}
commit 3aae0ada6f19ef45ee2392afbb93df92bb093bf0
Author: Andre Heinecke
Date: Tue Jul 9 14:30:31 2013 +0000
Add encrypt selection command and improve for OL14
This implements a context menu action to encrypt selected
text when composing a mail. This also removes a crash
under some optimization circumstances because it no longer uses
the RibbonCallback interface directly.
* src/gpgoladdin.cpp, src/gpgoladdin.h (decrypt_attachments):
Moved into ribbon-callbacks.cpp. Removed usage of
LPRIBBONCALLBACK as a structure.
* src/gpgoladdin.cpp (Invoke): Add support for encryptSelection
* src/gpgoladdin.cpp (GetCustomUI): Add ui prototype for
encryptSelection
* src/ribbon-callbacks.cpp, src/ribbon-callbacks.h: New.
Source files to handle the Ribbon UI actions.
(encryptSelection): New. Parse an Inspector context to replace
selected plain text with encrpyted text. Based on mimemaker code.
* src/Makefile.am: Add ribbon callbacks
diff --git a/src/Makefile.am b/src/Makefile.am
index 3f73dba..4c59507 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -80,7 +80,8 @@ gpgol_SOURCES = \
mailitem.cpp mailitem.h \
cmdbarcontrols.cpp cmdbarcontrols.h \
w32-gettext.c w32-gettext.h \
- gpgoladdin.cpp gpgoladdin.h
+ gpgoladdin.cpp gpgoladdin.h \
+ ribbon-callbacks.cpp ribbon-callbacks.h
#treeview_SOURCES = treeview.c
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 40063d0..0a7323d 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -44,16 +44,12 @@
#include "olflange.h"
#include "gpgol-ids.h"
+#include "ribbon-callbacks.h"
#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
SRCNAME, __func__, __LINE__); \
} while (0)
-/* Id's of our callbacks */
-#define ID_CMD_DECRYPT_VERIFY 1
-#define ID_CMD_DECRYPT 2
-#define ID_CMD_VERIFY 3
-
ULONG addinLocks = 0;
/* This is the main entry point for the addin
@@ -417,10 +413,17 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
different parameters and just match the name (the first element)
and we give it one of our own dispIds's that are later handled in
the invoke part */
- if (!wcscmp (rgszNames[i], L"AttachmentDecryptCallback"))
+ if (!wcscmp (rgszNames[i], L"attachmentDecryptCallback"))
{
found = true;
rgDispId[i] = ID_CMD_DECRYPT;
+ break;
+ }
+ if (!wcscmp (rgszNames[i], L"encryptSelection"))
+ {
+ found = true;
+ rgDispId[i] = ID_CMD_ENCRYPT_SELECTION;
+ break;
}
}
@@ -432,124 +435,6 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
return found ? S_OK : E_NOINTERFACE;
}
-HRESULT
-GpgolRibbonExtender::decryptAttachments(LPRIBBONCONTROL ctrl)
-{
- BSTR idStr = NULL;
- LPDISPATCH context = NULL;
- LPDISPATCH attachmentSelection;
- int attachmentCount;
- HRESULT hr = 0;
- int i = 0;
- HWND curWindow;
- LPOLEWINDOW actExplorer;
- int err;
-
- /* We got the vtable right so we can save us the invoke and
- property lookup hassle and call it directly */
- hr = ctrl->get_Id (&idStr);
- hr |= ctrl->get_Context (&context);
-
- if (FAILED(hr))
- {
- log_debug ("%s:%s:Context / ID lookup failed. hr: %x",
- SRCNAME, __func__, (unsigned int) hr);
- SysFreeString (idStr);
- return E_FAIL;
- }
- else
- {
- log_debug ("%s:%s: contextId: %S, contextObj: %s",
- SRCNAME, __func__, idStr, get_object_name (context));
- SysFreeString (idStr);
- }
-
- attachmentSelection = get_oom_object (context, "AttachmentSelection");
- if (!attachmentSelection)
- {
- /* We can be called from a context menu, in that case we
- directly have an AttachmentSelection context. Otherwise
- we have an Explorer context with an Attachment Selection property. */
- attachmentSelection = context;
- }
-
- attachmentCount = get_oom_int (attachmentSelection, "Count");
-
- actExplorer = (LPOLEWINDOW) get_oom_object(attachmentSelection,
- "Application.ActiveExplorer");
- if (actExplorer)
- actExplorer->GetWindow (&curWindow);
- else
- {
- log_debug ("%s:%s: Could not find active window",
- SRCNAME, __func__);
- curWindow = NULL;
- }
-
- char *filenames[attachmentCount + 1];
- filenames[attachmentCount] = NULL;
- /* Yes the items start at 1! */
- for (i = 1; i <= attachmentCount; i++)
- {
- char buf[16];
- char *filename;
- wchar_t *wcsOutFilename;
- DISPPARAMS saveParams;
- VARIANT aVariant[1];
- LPDISPATCH attachmentObj;
- DISPID saveID;
-
- snprintf (buf, sizeof (buf), "Item(%i)", i);
- attachmentObj = get_oom_object (attachmentSelection, buf);
- if (!attachmentObj)
- {
- /* Should be impossible */
- filenames[i-1] = NULL;
- log_error ("%s:%s: could not find Item %i;",
- SRCNAME, __func__, i);
- break;
- }
- filename = get_oom_string (attachmentObj, "FileName");
-
- saveID = lookup_oom_dispid (attachmentObj, "SaveAsFile");
-
- saveParams.rgvarg = aVariant;
- saveParams.rgvarg[0].vt = VT_BSTR;
- filenames[i-1] = get_save_filename (NULL, filename);
- xfree (filename);
-
- wcsOutFilename = utf8_to_wchar2 (filenames[i-1],
- strlen(filenames[i-1]));
- saveParams.rgvarg[0].bstrVal = SysAllocString (wcsOutFilename);
- saveParams.cArgs = 1;
- saveParams.cNamedArgs = 0;
-
- hr = attachmentObj->Invoke (saveID, IID_NULL, LOCALE_SYSTEM_DEFAULT,
- DISPATCH_METHOD, &saveParams,
- NULL, NULL, NULL);
- SysFreeString (saveParams.rgvarg[0].bstrVal);
- if (FAILED(hr))
- {
- int j;
- log_debug ("%s:%s: Saving to file failed. hr: %x",
- SRCNAME, __func__, (unsigned int) hr);
- for (j = 0; j < i; j++)
- xfree (filenames[j]);
- return hr;
- }
- }
- err = op_assuan_start_decrypt_files (curWindow, filenames);
-
- for (i = 0; i < attachmentCount; i++)
- xfree (filenames[i]);
-
- log_debug ("%s:%s: Leaving. Err: %i",
- SRCNAME, __func__, err);
-
- return S_OK; /* If we return an error outlook will show that our
- callback function failed in an ugly window. */
-}
-
STDMETHODIMP
GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
WORD flags, DISPPARAMS *parms, VARIANT *result,
@@ -570,8 +455,9 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
case ID_CMD_DECRYPT:
/* We can assume that this points to an implementation of
IRibbonControl as we know the callback dispid. */
- return decryptAttachments ((LPRIBBONCONTROL)
- parms->rgvarg[0].pdispVal);
+ return decryptAttachments (parms->rgvarg[0].pdispVal);
+ case ID_CMD_ENCRYPT_SELECTION:
+ return encryptSelection (parms->rgvarg[0].pdispVal);
}
log_debug ("%s:%s: leave", SRCNAME, __func__);
@@ -624,15 +510,55 @@ loadXMLResource (int id)
STDMETHODIMP
GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
{
+ /* TODO use callback for label's and Icons, load xml from resource */
log_debug ("%s:%s: GetCustomUI for id: %S", SRCNAME, __func__, RibbonID);
if (!RibbonXml)
return E_POINTER;
- /*if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer"))
- {*/
+ if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Compose"))
+ {
+ *RibbonXml = SysAllocString (
+ L""
+ L""
+ L""
+ L" "
+ L" "
+ L""
+ L""
+/*
+ L""
+L""
+L" "
+L" "
+L" "
+L""
+ L""*/
+ );
+ }
+ else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Read"))
+ {
+ *RibbonXml = SysAllocString (
+ L""
+ L""
+ L""
+ L" "
+ L" "
+ L""
+ L""
+ );
+
+ }
+
+ else /*if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer")) */
+ {
// *RibbonXml = loadXMLResource (IDR_XML_EXPLORER);
- /* TODO use callback for label's and Icons, load xml from resource */
*RibbonXml = SysAllocString (
L""
L" "
@@ -657,7 +583,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" size=\"large\""
L" label=\"Save and decrypt\""
L" imageMso=\"HappyFace\""
- L" onAction=\"AttachmentDecryptCallback\" />"
+ L" onAction=\"attachmentDecryptCallback\" />"
L" "
L" "
L" "
@@ -667,12 +593,12 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" "
L" "
+ L" onAction=\"attachmentDecryptCallback\"/>"
L" "
L" "
L""
);
- /* } */
+ }
return S_OK;
}
diff --git a/src/gpgoladdin.h b/src/gpgoladdin.h
index ee4583a..9518d9e 100644
--- a/src/gpgoladdin.h
+++ b/src/gpgoladdin.h
@@ -144,9 +144,6 @@ public:
private:
ULONG m_lRef;
- /* Callback implementations */
- HRESULT decryptAttachments (LPRIBBONCONTROL ctrl);
-
};
class GpgolAddin : public IDTExtensibility2
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
new file mode 100644
index 0000000..cf390ec
--- /dev/null
+++ b/src/ribbon-callbacks.cpp
@@ -0,0 +1,417 @@
+/* ribbon-callbacks.h - Callbacks for the ribbon extension interface
+ * Copyright (C) 2013 Intevation GmbH
+ *
+ * This file is part of GpgOL.
+ *
+ * GpgOL is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * GpgOL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ */
+
+#ifdef HAVE_CONFIG_H
+#include
+#endif
+
+#include
+#include
+#include
+
+#include
+
+#include "ribbon-callbacks.h"
+#include "gpgoladdin.h"
+#include "util.h"
+
+#include "mymapi.h"
+#include "mymapitags.h"
+#include "myexchext.h"
+
+#include "common.h"
+#include "display.h"
+#include "msgcache.h"
+#include "engine.h"
+#include "engine-assuan.h"
+#include "mapihelp.h"
+#include "mimemaker.h"
+
+/* Gets the context of a ribbon control. And prints some
+ useful debug output */
+HRESULT getContext (LPDISPATCH ctrl, LPDISPATCH *context)
+{
+ *context = get_oom_object (ctrl, "get_Context");
+ log_debug ("%s:%s: contextObj: %s",
+ SRCNAME, __func__, get_object_name (*context));
+ return context ? S_OK : E_FAIL;
+}
+
+
+HRESULT
+encryptSelection (LPDISPATCH ctrl)
+{
+ LPDISPATCH context = NULL;
+ LPDISPATCH selection;
+ LPDISPATCH wordEditor;
+ LPDISPATCH application;
+ LPDISPATCH mailItem;
+ LPDISPATCH sender;
+ LPDISPATCH recipients;
+
+ struct sink_s encsinkmem;
+ sink_t encsink = &encsinkmem;
+ struct sink_s sinkmem;
+ sink_t sink = &sinkmem;
+ char* senderAddr = NULL;
+ LPSTREAM tmpstream = NULL;
+ engine_filter_t filter = NULL;
+ char* text = NULL;
+ int rc = 0;
+ HRESULT hr;
+ int recipientsCnt;
+ HWND curWindow;
+ LPOLEWINDOW actExplorer;
+ protocol_t protocol;
+ unsigned int session_number;
+ int i;
+ STATSTG tmpStat;
+
+ hr = getContext (ctrl, &context);
+ if (FAILED(hr))
+ return hr;
+
+ memset (encsink, 0, sizeof *encsink);
+ memset (sink, 0, sizeof *sink);
+
+ actExplorer = (LPOLEWINDOW) get_oom_object(context,
+ "Application.ActiveExplorer");
+ if (actExplorer)
+ actExplorer->GetWindow (&curWindow);
+ else
+ {
+ log_debug ("%s:%s: Could not find active window",
+ SRCNAME, __func__);
+ curWindow = NULL;
+ }
+
+ wordEditor = get_oom_object (context, "WordEditor");
+ application = get_oom_object (wordEditor, "get_Application");
+ selection = get_oom_object (application, "get_Selection");
+ mailItem = get_oom_object (context, "CurrentItem");
+ sender = get_oom_object (mailItem, "Session.CurrentUser");
+ recipients = get_oom_object (mailItem, "Recipients");
+
+ if (!wordEditor || !application || !selection || !mailItem ||
+ !sender || !recipients)
+ {
+ MessageBox (NULL,
+ _("Internal error in GpgOL.\n"
+ "Could not find all objects."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ log_error ("%s:%s: Could not find all objects.",
+ SRCNAME, __func__);
+ return S_OK;
+ }
+
+ text = get_oom_string (selection, "Text");
+
+ if (!text || strlen (text) <= 1)
+ {
+ /* TODO more usable if we just use all text in this case? */
+ MessageBox (NULL,
+ _("Please select some text for encryption."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ return S_OK;
+ }
+
+ /* Create a temporary sink to construct the encrypted data. */
+ hr = OpenStreamOnFile (MAPIAllocateBuffer, MAPIFreeBuffer,
+ (SOF_UNIQUEFILENAME | STGM_DELETEONRELEASE
+ | STGM_CREATE | STGM_READWRITE),
+ NULL, "GPG", &tmpstream);
+
+ if (FAILED (hr))
+ {
+ log_error ("%s:%s: can't create temp file: hr=%#lx\n",
+ SRCNAME, __func__, hr);
+ rc = -1;
+ goto failure;
+ }
+
+ sink->cb_data = tmpstream;
+ sink->writefnc = sink_std_write;
+
+ senderAddr = get_oom_string (sender, "Address");
+
+ recipientsCnt = get_oom_int (recipients, "Count");
+
+ if (!recipientsCnt)
+ {
+ MessageBox (NULL,
+ _("Please enter the recipent of the encrypted text first."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ return S_OK;
+ }
+
+ {
+ /* Get the recipients */
+ char *recipientAddrs[recipientsCnt + 1];
+ recipientAddrs[recipientsCnt] = NULL;
+ for (i = 1; i <= recipientsCnt; i++)
+ {
+ char buf[16];
+ LPDISPATCH recipient;
+ snprintf (buf, sizeof (buf), "Item(%i)", i);
+ recipient = get_oom_object (recipients, buf);
+ if (!recipient)
+ {
+ /* Should be impossible */
+ recipientAddrs[i-1] = NULL;
+ log_error ("%s:%s: could not find Item %i;",
+ SRCNAME, __func__, i);
+ break;
+ }
+ recipientAddrs[i-1] = get_oom_string (recipient, "Address");
+ }
+
+ /* Not lets prepare our encryption */
+ session_number = engine_new_session_number ();
+
+ /* Prepare the encryption sink */
+
+ if (engine_create_filter (&filter, write_buffer_for_cb, sink))
+ {
+ for (i = 0; i < recipientsCnt; i++)
+ xfree (recipientAddrs[i]);
+ goto failure;
+ }
+
+ encsink->cb_data = filter;
+ encsink->writefnc = sink_encryption_write;
+
+ engine_set_session_number (filter, session_number);
+ {
+ char *tmp = get_oom_string (mailItem, "Subject");
+ engine_set_session_title (filter, tmp);
+ xfree (tmp);
+ }
+
+ if ((rc=engine_encrypt_prepare (filter, curWindow,
+ protocol,
+ 0 /* ENGINE_FLAG_SIGN_FOLLOWS */,
+ senderAddr, recipientAddrs, &protocol)))
+ {
+ for (i = 0; i < recipientsCnt; i++)
+ xfree (recipientAddrs[i]);
+ log_error ("%s:%s: engine encrypt prepare failed : %s",
+ SRCNAME, __func__, gpg_strerror (rc));
+ goto failure;
+ }
+ for (i = 0; i < recipientsCnt; i++)
+ xfree (recipientAddrs[i]);
+
+ /* lets go */
+
+ if ((rc=engine_encrypt_start (filter, 0)))
+ {
+ log_error ("%s:%s: engine encrypt start failed: %s",
+ SRCNAME, __func__, gpg_strerror (rc));
+ goto failure;
+ }
+
+ /* Write the text in the encryption sink. */
+ rc = write_buffer (encsink, text, strlen (text));
+
+ if (rc)
+ {
+ log_error ("%s:%s: writing tmpstream to encsink failed: %s",
+ SRCNAME, __func__, gpg_strerror (rc));
+ goto failure;
+ }
+ /* Flush the encryption sink and wait for the encryption to get
+ ready. */
+ if ((rc = write_buffer (encsink, NULL, 0)))
+ goto failure;
+ if ((rc = engine_wait (filter)))
+ goto failure;
+ filter = NULL; /* Not valid anymore. */
+ encsink->cb_data = NULL; /* Not needed anymore. */
+
+ if (!sink->enc_counter)
+ {
+ log_debug ("%s:%s: nothing received from engine", SRCNAME, __func__);
+ goto failure;
+ }
+ }
+
+ /* Check the size of the encrypted data */
+ tmpstream->Stat (&tmpStat, 0);
+
+ if (tmpStat.cbSize.QuadPart > UINT_MAX)
+ {
+ MessageBox (curWindow, _("GpgOL"),
+ _("Selected text too long."),
+ MB_ICONINFORMATION|MB_OK);
+ log_error ("%s:%s: No one should write so large mails.",
+ SRCNAME, __func__);
+ goto failure;
+ }
+
+ /* Copy the encrypted stream to the message editor. */
+ {
+ LARGE_INTEGER off;
+ ULONG nread;
+ char buffer[(unsigned int)tmpStat.cbSize.QuadPart];
+
+ off.QuadPart = 0;
+ hr = tmpstream->Seek (off, STREAM_SEEK_SET, NULL);
+ if (hr)
+ {
+ log_error ("%s:%s: seeking back to the begin failed: hr=%#lx",
+ SRCNAME, __func__, hr);
+ rc = gpg_error (GPG_ERR_EIO);
+ goto failure;
+ }
+ hr = tmpstream->Read (buffer, sizeof buffer, &nread);
+ if (hr)
+ {
+ log_error ("%s:%s: IStream::Read failed: hr=%#lx",
+ SRCNAME, __func__, hr);
+ rc = gpg_error (GPG_ERR_EIO);
+ goto failure;
+ }
+ if (strlen (buffer) > 1)
+ {
+ /* Now replace the selection with the encrypted text */
+ put_oom_string (selection, "Text", buffer);
+ }
+ else
+ {
+ /* Just to be save not to overwrite the selection with
+ an empty buffer */
+ log_error ("%s:%s: unexpected problem ", SRCNAME, __func__);
+ goto failure;
+ }
+ }
+
+ failure:
+ if (rc)
+ log_debug ("%s:%s: failed rc=%d (%s) <%s>", SRCNAME, __func__, rc,
+ gpg_strerror (rc), gpg_strsource (rc));
+ engine_cancel (filter);
+ if (tmpstream)
+ tmpstream->Release();
+ xfree (senderAddr);
+
+ return S_OK;
+}
+
+HRESULT
+decryptAttachments (LPDISPATCH ctrl)
+{
+ LPDISPATCH context = NULL;
+ LPDISPATCH attachmentSelection;
+ int attachmentCount;
+ HRESULT hr = 0;
+ int i = 0;
+ HWND curWindow;
+ LPOLEWINDOW actExplorer;
+ int err;
+
+ hr = getContext(ctrl, &context);
+
+ attachmentSelection = get_oom_object (context, "AttachmentSelection");
+ if (!attachmentSelection)
+ {
+ /* We can be called from a context menu, in that case we
+ directly have an AttachmentSelection context. Otherwise
+ we have an Explorer context with an Attachment Selection property. */
+ attachmentSelection = context;
+ }
+
+ attachmentCount = get_oom_int (attachmentSelection, "Count");
+
+ actExplorer = (LPOLEWINDOW) get_oom_object(attachmentSelection,
+ "Application.ActiveExplorer");
+ if (actExplorer)
+ actExplorer->GetWindow (&curWindow);
+ else
+ {
+ log_debug ("%s:%s: Could not find active window",
+ SRCNAME, __func__);
+ curWindow = NULL;
+ }
+ {
+ char *filenames[attachmentCount + 1];
+ filenames[attachmentCount] = NULL;
+ /* Yes the items start at 1! */
+ for (i = 1; i <= attachmentCount; i++)
+ {
+ char buf[16];
+ char *filename;
+ wchar_t *wcsOutFilename;
+ DISPPARAMS saveParams;
+ VARIANT aVariant[1];
+ LPDISPATCH attachmentObj;
+ DISPID saveID;
+
+ snprintf (buf, sizeof (buf), "Item(%i)", i);
+ attachmentObj = get_oom_object (attachmentSelection, buf);
+ if (!attachmentObj)
+ {
+ /* Should be impossible */
+ filenames[i-1] = NULL;
+ log_error ("%s:%s: could not find Item %i;",
+ SRCNAME, __func__, i);
+ break;
+ }
+ filename = get_oom_string (attachmentObj, "FileName");
+
+ saveID = lookup_oom_dispid (attachmentObj, "SaveAsFile");
+
+ saveParams.rgvarg = aVariant;
+ saveParams.rgvarg[0].vt = VT_BSTR;
+ filenames[i-1] = get_save_filename (NULL, filename);
+ xfree (filename);
+
+ wcsOutFilename = utf8_to_wchar2 (filenames[i-1],
+ strlen(filenames[i-1]));
+ saveParams.rgvarg[0].bstrVal = SysAllocString (wcsOutFilename);
+ saveParams.cArgs = 1;
+ saveParams.cNamedArgs = 0;
+
+ hr = attachmentObj->Invoke (saveID, IID_NULL, LOCALE_SYSTEM_DEFAULT,
+ DISPATCH_METHOD, &saveParams,
+ NULL, NULL, NULL);
+ SysFreeString (saveParams.rgvarg[0].bstrVal);
+ if (FAILED(hr))
+ {
+ int j;
+ log_debug ("%s:%s: Saving to file failed. hr: %x",
+ SRCNAME, __func__, (unsigned int) hr);
+ for (j = 0; j < i; j++)
+ xfree (filenames[j]);
+ return hr;
+ }
+ }
+ err = op_assuan_start_decrypt_files (curWindow, filenames);
+ for (i = 0; i < attachmentCount; i++)
+ xfree (filenames[i]);
+ }
+
+ log_debug ("%s:%s: Leaving. Err: %i",
+ SRCNAME, __func__, err);
+
+ return S_OK; /* If we return an error outlook will show that our
+ callback function failed in an ugly window. */
+}
diff --git a/src/ribbon-callbacks.h b/src/ribbon-callbacks.h
new file mode 100644
index 0000000..547e17d
--- /dev/null
+++ b/src/ribbon-callbacks.h
@@ -0,0 +1,31 @@
+/* ribbon-callbacks.h - Callbacks for the ribbon extension interface
+ * Copyright (C) 2013 Intevation GmbH
+ *
+ * This file is part of GpgOL.
+ *
+ * GpgOL is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * GpgOL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ */
+
+#ifndef RIBBON_CALLBACKS_H
+#define RIBBON_CALLBACKS_H
+
+#include "gpgoladdin.h"
+
+/* Id's of our callbacks */
+#define ID_CMD_DECRYPT 2
+#define ID_CMD_ENCRYPT_SELECTION 3
+
+HRESULT decryptAttachments (LPDISPATCH ctrl);
+HRESULT encryptSelection (LPDISPATCH ctrl);
+#endif
commit 3fc86e1ca4700c6a91ddab8168fdbe486616e996
Author: Andre Heinecke
Date: Tue Jul 9 14:25:15 2013 +0000
Excpose sink functions and structures
* src/mimemaker.c (write_buffer, sink_std_write),
(write_buffer_for_cb, sink_encryption_write): Remove staticness.
* src/mimemaker.h (write_buffer, sink_std_write),
(write_buffer_for_cb, sink_encryption_write): Add prototypes.
* src/mimemaker.c, src/mimemaker.h (sink_s, sink_t): Move
declaration into header.
--
Those will be used in the ribbon callbacks
diff --git a/src/mimemaker.c b/src/mimemaker.c
index 8f25171..6a358a4 100644
--- a/src/mimemaker.c
+++ b/src/mimemaker.c
@@ -53,24 +53,6 @@ static unsigned char bintoasc[64+1] = ("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789+/");
-/* The object we use instead of IStream. It allows us to have a
- callback method for output and thus for processing stuff
- recursively. */
-struct sink_s;
-typedef struct sink_s *sink_t;
-struct sink_s
-{
- void *cb_data;
- sink_t extrasink;
- int (*writefnc)(sink_t sink, const void *data, size_t datalen);
- unsigned long enc_counter; /* Used by write_buffer_for_cb. */
-/* struct { */
-/* int idx; */
-/* unsigned char inbuf[4]; */
-/* int quads; */
-/* } b64; */
-};
-
/* Object used to collect data in a memory buffer. */
struct databuf_s
@@ -90,7 +72,7 @@ static int write_multistring (sink_t sink, const char *text1,
/* Standard write method used with a sink_t object. */
-static int
+int
sink_std_write (sink_t sink, const void *data, size_t datalen)
{
HRESULT hr;
@@ -233,7 +215,7 @@ create_mapi_attachment (LPMESSAGE message, sink_t sink)
/* Write data to a sink_t. */
-static int
+int
write_buffer (sink_t sink, const void *data, size_t datalen)
{
if (!sink || !sink->writefnc)
@@ -247,7 +229,7 @@ write_buffer (sink_t sink, const void *data, size_t datalen)
/* Same as above but used for passing as callback function. This
fucntion does not return an error code but the number of bytes
written. */
-static int
+int
write_buffer_for_cb (void *opaque, const void *data, size_t datalen)
{
sink_t sink = opaque;
@@ -1430,7 +1412,7 @@ mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol)
/* Sink write method used by mime_encrypt. */
-static int
+int
sink_encryption_write (sink_t encsink, const void *data, size_t datalen)
{
engine_filter_t filter = encsink->cb_data;
diff --git a/src/mimemaker.h b/src/mimemaker.h
index 3c79e5a..0c804b3 100644
--- a/src/mimemaker.h
+++ b/src/mimemaker.h
@@ -26,12 +26,33 @@ extern "C" {
#endif
#endif
+/* The object we use instead of IStream. It allows us to have a
+ callback method for output and thus for processing stuff
+ recursively. */
+struct sink_s;
+typedef struct sink_s *sink_t;
+struct sink_s
+{
+ void *cb_data;
+ sink_t extrasink;
+ int (*writefnc)(sink_t sink, const void *data, size_t datalen);
+ unsigned long enc_counter; /* Used by write_buffer_for_cb. */
+/* struct { */
+/* int idx; */
+/* unsigned char inbuf[4]; */
+/* int quads; */
+/* } b64; */
+};
+
int mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol);
int mime_encrypt (LPMESSAGE message, HWND hwnd,
protocol_t protocol, char **recipients);
int mime_sign_encrypt (LPMESSAGE message, HWND hwnd,
protocol_t protocol, char **recipients);
-
+int sink_std_write (sink_t sink, const void *data, size_t datalen);
+int sink_encryption_write (sink_t encsink, const void *data, size_t datalen);
+int write_buffer_for_cb (void *opaque, const void *data, size_t datalen);
+int write_buffer (sink_t sink, const void *data, size_t datalen);
#ifdef __cplusplus
}
commit 2dec95936ebfa8e8a8b5f474bfb423b5d18b40bb
Author: Andre Heinecke
Date: Tue Jul 9 14:21:41 2013 +0000
Improve debug output in get_oom_object
Sometimes there is some additional information hidden
in the execpinfo structure. So print it in case of an error.
* src/oomhelp.cpp (dump_excepinfo): New. Dumps an excepinfo
structure to log_debug.
(get_oom_object): Use exceptinfo from Invoke call.
diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index 7ee9108..c660629 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -105,6 +105,26 @@ lookup_oom_dispid (LPDISPATCH pDisp, const char *name)
return dispid;
}
+void
+dump_excepinfo (EXCEPINFO err)
+{
+ log_debug ("%s:%s: Dumping exception: \n"
+ " wCode: 0x%x\n"
+ " wReserved: 0x%x\n"
+ " desc: %S\n"
+ " help: %S\n"
+ " helpCtx: 0x%x\n"
+ " deferredFill: 0x%x\n"
+ " scode: 0x%x\n"
+ "%s:%s: Dump done." ,
+ SRCNAME, __func__, (unsigned int) err.wCode,
+ (unsigned int) err.wReserved,
+ err.bstrSource, err.bstrDescription, err.bstrHelpFile,
+ (unsigned int) err.dwHelpContext,
+ (unsigned int) err.pfnDeferredFillIn,
+ (unsigned int) err.scode,
+ SRCNAME, __func__);
+}
/* Return the OOM object's IDispatch interface described by FULLNAME.
Returns NULL if not found. PSTART is the object where the search
@@ -135,6 +155,8 @@ get_oom_object (LPDISPATCH pStart, const char *fullname)
DISPID dispid;
char *p, *pend;
int dispmethod;
+ unsigned int argErr = 0;
+ EXCEPINFO execpinfo;
if (pDisp)
{
@@ -257,14 +279,16 @@ get_oom_object (LPDISPATCH pStart, const char *fullname)
VariantInit (&vtResult);
hr = pDisp->Invoke (dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT,
dispmethod, &dispparams,
- &vtResult, NULL, NULL);
+ &vtResult, &execpinfo, &argErr);
if (parmstr)
SysFreeString (parmstr);
if (hr != S_OK || vtResult.vt != VT_DISPATCH)
{
- log_debug ("%s:%s: error: '%s' p=%p vt=%d hr=0x%x",
+ log_debug ("%s:%s: error: '%s' p=%p vt=%d hr=0x%x argErr=0x%x",
SRCNAME, __func__,
- name, vtResult.pdispVal, vtResult.vt, (unsigned int)hr);
+ name, vtResult.pdispVal, vtResult.vt, (unsigned int)hr,
+ (unsigned int)argErr);
+ dump_excepinfo (execpinfo);
VariantClear (&vtResult);
if (parmstr)
SysFreeString (parmstr);
-----------------------------------------------------------------------
Summary of changes:
src/Makefile.am | 3 +-
src/engine-assuan.c | 2 +-
src/gpgoladdin.cpp | 190 +++++-----------
src/gpgoladdin.h | 3 -
src/mimemaker.c | 26 +--
src/mimemaker.h | 23 ++-
src/oomhelp.cpp | 30 +++-
src/ribbon-callbacks.cpp | 417 +++++++++++++++++++++++++++++++++
src/{xmalloc.h => ribbon-callbacks.h} | 37 +--
9 files changed, 544 insertions(+), 187 deletions(-)
create mode 100644 src/ribbon-callbacks.cpp
copy src/{xmalloc.h => ribbon-callbacks.h} (62%)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jul 10 12:36:16 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 10 Jul 2013 12:36:16 +0200
Subject: [git] GPA - branch, master, updated. gpa-0.9.4-2-g7a5b070
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Assistant".
The branch, master has been updated
via 7a5b070eb786fb09efe2f8c57784882219ade2d9 (commit)
from 189a314712f9ca3ca1f4506226a04decbd258725 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7a5b070eb786fb09efe2f8c57784882219ade2d9
Author: Werner Koch
Date: Wed Jul 10 12:08:28 2013 +0200
Change the license of some files to LGPLv2.1.
* src/filetype.c: Change license notice
* src/filetype.h: Ditto.
* src/parsetlv.c: Ditto.
* src/parsetlv.h: Ditto.
--
Those files are useful for other projects and thus we (g10 Code) allow
its use under the less restrictive LGPLv2.1.
NB: If you think that other parts of the code are also useful for
projects with different licenses requirements, please write to me. If
g10 Code is the sole copyright holder, we may be able to change the
license for that code as well.
diff --git a/AUTHORS b/AUTHORS
index d8cdd8f..9a3c148 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,6 +1,6 @@
Program: GPA
-Maintainer: None, check the mailing list gpa-dev at gnupg.org.
-Bug reports:
+Maintainer: Werner Koch
+Bug reports: http://bugs.gnupg.org
Security related bug reports:
License: GPLv3+
@@ -75,12 +75,12 @@ Can Berk G?der
Emilian Nowak
Polish translation.
-
+
Daniel Nylander
Swedish translation.
-
+
Zdenek Hatas
- Czech translation.
+ Czech translation.
Maxim Britov
Russian translation.
@@ -88,3 +88,19 @@ Maxim Britov
Marcus Brinkmann
Clipboard code, cleanups, bug fixes.
+
+
+Copyright and Redistribution
+============================
+
+The copyright for GPA is hold by the authors. Check the above list
+and each source file for the details. The file src/helpmenu.c is used
+to show the names of the author and of the major copyright holders.
+
+GPA is distributed under the GNU General Public License, version 3 or
+later.
+
+To allow easy reuse of certain parts of the code, some files are under
+a different license, for example the GNU Lesser General Public
+License. These licenses are compatible with the GPLv3 which covers
+the entire work.
diff --git a/src/filetype.c b/src/filetype.c
index 87c2523..c59dde7 100644
--- a/src/filetype.c
+++ b/src/filetype.c
@@ -1,19 +1,17 @@
/* filetype.c - Identify file types
* Copyright (C) 2012 g10 Code GmbH
*
- * This file is part of GPA
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
*
- * GPA is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
*
- * GPA is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- * License for more details.
- *
- * You should have received a copy of the GNU General Public License
+ * You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, see .
*/
diff --git a/src/filetype.h b/src/filetype.h
index da554ae..6c88c68 100644
--- a/src/filetype.h
+++ b/src/filetype.h
@@ -1,19 +1,17 @@
/* filetype.h - Identify file types
* Copyright (C) 2012 g10 Code GmbH
*
- * This file is part of GPA
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
*
- * GPA is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
*
- * GPA is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- * License for more details.
- *
- * You should have received a copy of the GNU General Public License
+ * You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, see .
*/
diff --git a/src/parsetlv.c b/src/parsetlv.c
index d673f02..afdc522 100644
--- a/src/parsetlv.c
+++ b/src/parsetlv.c
@@ -1,19 +1,17 @@
/* parsetlv.c - ASN.1 TLV functions
* Copyright (C) 2005, 2007, 2008, 2012 g10 Code GmbH
*
- * This file is part of GPA
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
*
- * GPA is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
*
- * GPA is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- * License for more details.
- *
- * You should have received a copy of the GNU General Public License
+ * You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, see .
*/
diff --git a/src/parsetlv.h b/src/parsetlv.h
index 9840b24..d61a1c3 100644
--- a/src/parsetlv.h
+++ b/src/parsetlv.h
@@ -1,19 +1,17 @@
/* parsetlv.h - TLV functions defintions
* Copyright (C) 2012 g10 Code GmbH
*
- * This file is part of GPA
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
*
- * GPA is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
*
- * GPA is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
- * License for more details.
- *
- * You should have received a copy of the GNU General Public License
+ * You should have received a copy of the GNU Lesser General Public License
* along with this program; if not, see .
*/
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 26 +++++++++++++++++++++-----
src/filetype.c | 20 +++++++++-----------
src/filetype.h | 20 +++++++++-----------
src/parsetlv.c | 20 +++++++++-----------
src/parsetlv.h | 20 +++++++++-----------
5 files changed, 57 insertions(+), 49 deletions(-)
hooks/post-receive
--
The GNU Privacy Assistant
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jul 10 20:03:51 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Wed, 10 Jul 2013 20:03:51 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-12-g3f9cedf
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 3f9cedf40b5bbba3ddf4fdcaad46e3749ce91724 (commit)
via bd44cdf7984cc6e41c6b390577626a6c60c8ae75 (commit)
via 76061280cb9e28971e05b473b1a0d771dc592ae8 (commit)
from d737d168278cfec479cb1bd49b8825d98e7260c0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3f9cedf40b5bbba3ddf4fdcaad46e3749ce91724
Author: Andre Heinecke
Date: Wed Jul 10 17:28:47 2013 +0000
Add icon callbacks and decrypt selection action
This uses the same icons / icon ID's as the old extension
and does not handle transparency. There is some prepared
code to enable full alpha channel handling by using PNG included.
* src/gpgoladdin.cpp (GetIDsOfNames): Return dispID's for new
callbacks. Use new ID_MAPPER macro.
(Invoke): Resolve getIcon and decryptSelection calls.
(GetCustomUI): Add image callbacks and decrypt selection.
* src/ribbon-callbacks.cpp (encryptSelection): Add missing free.
(decryptSelection): New. Decrypt selected text and replace it
by plaintext if decryption was successful.
(getIcon): Create picturedispatcher on the queried ressource
bitmap.
* src/ribbon-callbacks.h: Add new ID's and prototypes
--
The old image mechanism for CommandBar items was to combine a
trasparancy mask with a picture bitmap to create transparent
images. This can no longer be used and the suggested / documented
way instead is now to use bitmaps generated from PNGs. For now
we just return the picture part of the bitmaps. Looks ugly but
should be ok for now.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 0a7323d..807e5a6 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -50,6 +50,9 @@
SRCNAME, __func__, __LINE__); \
} while (0)
+#define ICON_SIZE_LARGE 32
+#define ICON_SIZE_NORMAL 16
+
ULONG addinLocks = 0;
/* This is the main entry point for the addin
@@ -390,6 +393,16 @@ GpgolRibbonExtender::GetTypeInfo (UINT iTypeInfo, LCID lcid,
http://blogs.msdn.com/b/andreww/archive/2007/03/09/
why-is-it-so-hard-to-shim-iribbonextensibility.aspx
*/
+
+#define ID_MAPPER(name,id) \
+ if (!wcscmp (rgszNames[i], name)) \
+ { \
+ found = true; \
+ rgDispId[i] = id; \
+ break; \
+ } \
+
+
STDMETHODIMP
GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
UINT cNames, LCID lcid,
@@ -407,24 +420,19 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
for (unsigned int i = 0; i < cNames; i++)
{
log_debug ("%s:%s: GetIDsOfNames for: %S",
- SRCNAME, __func__, rgszNames[0]);
+ SRCNAME, __func__, rgszNames[i]);
/* How this is supposed to work with cNames > 1 is unknown,
but we can just say that we won't support callbacks with
different parameters and just match the name (the first element)
and we give it one of our own dispIds's that are later handled in
the invoke part */
- if (!wcscmp (rgszNames[i], L"attachmentDecryptCallback"))
- {
- found = true;
- rgDispId[i] = ID_CMD_DECRYPT;
- break;
- }
- if (!wcscmp (rgszNames[i], L"encryptSelection"))
- {
- found = true;
- rgDispId[i] = ID_CMD_ENCRYPT_SELECTION;
- break;
- }
+ ID_MAPPER (L"attachmentDecryptCallback", ID_CMD_DECRYPT)
+ ID_MAPPER (L"encryptSelection", ID_CMD_ENCRYPT_SELECTION)
+ ID_MAPPER (L"decryptSelection", ID_CMD_DECRYPT_SELECTION)
+ ID_MAPPER (L"btnCertManager", ID_BTN_CERTMANAGER)
+ ID_MAPPER (L"btnDecrypt", ID_BTN_DECRYPT)
+ ID_MAPPER (L"btnDecryptLarge", ID_BTN_DECRYPT_LARGE)
+ ID_MAPPER (L"btnEncrypt", ID_BTN_ENCRYPT)
}
if (cNames > 1)
@@ -458,6 +466,16 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
return decryptAttachments (parms->rgvarg[0].pdispVal);
case ID_CMD_ENCRYPT_SELECTION:
return encryptSelection (parms->rgvarg[0].pdispVal);
+ case ID_CMD_DECRYPT_SELECTION:
+ return decryptSelection (parms->rgvarg[0].pdispVal);
+ case ID_BTN_CERTMANAGER:
+ return getIcon (ID_BTN_CERTMANAGER, ICON_SIZE_LARGE, result);
+ case ID_BTN_ENCRYPT:
+ return getIcon (ID_BTN_ENCRYPT, ICON_SIZE_NORMAL, result);
+ case ID_BTN_DECRYPT:
+ return getIcon (ID_BTN_DECRYPT, ICON_SIZE_NORMAL, result);
+ case ID_BTN_DECRYPT_LARGE:
+ return getIcon (ID_BTN_DECRYPT_LARGE, ICON_SIZE_LARGE, result);
}
log_debug ("%s:%s: leave", SRCNAME, __func__);
@@ -524,20 +542,15 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L""
L" "
+ L" "
L" "
L""
L""
-/*
- L""
-L""
-L" "
-L" "
-L" "
-L""
- L""*/
);
}
else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Read"))
@@ -568,7 +581,7 @@ L""
L" "
L" "
@@ -582,7 +595,7 @@ L""
L" "
L" "
L" "
@@ -592,8 +605,9 @@ L""
L" "
L" "
L" "
+ L" label=\"Save and decrypt\""
+ L" getImage=\"btnDecrypt\""
+ L" onAction=\"attachmentDecryptCallback\"/>"
L" "
L" "
L""
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index cf390ec..7499eeb 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -22,6 +22,7 @@
#endif
#include
+#include
#include
#include
@@ -42,6 +43,7 @@
#include "engine-assuan.h"
#include "mapihelp.h"
#include "mimemaker.h"
+#include "filetype.h"
/* Gets the context of a ribbon control. And prints some
useful debug output */
@@ -311,6 +313,7 @@ encryptSelection (LPDISPATCH ctrl)
engine_cancel (filter);
if (tmpstream)
tmpstream->Release();
+ xfree (text);
xfree (senderAddr);
return S_OK;
@@ -415,3 +418,257 @@ decryptAttachments (LPDISPATCH ctrl)
return S_OK; /* If we return an error outlook will show that our
callback function failed in an ugly window. */
}
+
+HRESULT
+decryptSelection (LPDISPATCH ctrl)
+{
+ LPDISPATCH context;
+ LPDISPATCH selection;
+ LPDISPATCH wordEditor;
+ LPDISPATCH wordApplication;
+
+ struct sink_s decsinkmem;
+ sink_t decsink = &decsinkmem;
+ struct sink_s sinkmem;
+ sink_t sink = &sinkmem;
+
+ LPSTREAM tmpstream = NULL;
+ engine_filter_t filter = NULL;
+ LPOLEWINDOW actExplorer;
+ HWND curWindow;
+ char* text = NULL;
+ int rc = 0;
+ unsigned int session_number;
+ HRESULT hr;
+ STATSTG tmpStat;
+
+ protocol_t protocol;
+
+ hr = getContext (ctrl, &context);
+ if (FAILED(hr))
+ return hr;
+
+ memset (decsink, 0, sizeof *decsink);
+ memset (sink, 0, sizeof *sink);
+
+ actExplorer = (LPOLEWINDOW) get_oom_object(context,
+ "Application.ActiveExplorer");
+ if (actExplorer)
+ actExplorer->GetWindow (&curWindow);
+ else
+ {
+ log_debug ("%s:%s: Could not find active window",
+ SRCNAME, __func__);
+ curWindow = NULL;
+ }
+
+ wordEditor = get_oom_object (context, "WordEditor");
+ wordApplication = get_oom_object (wordEditor, "get_Application");
+ selection = get_oom_object (wordApplication, "get_Selection");
+
+ if (!wordEditor || !wordApplication || !selection)
+ {
+ MessageBox (NULL,
+ _("Internal error in GpgOL.\n"
+ "Could not find all objects."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ log_error ("%s:%s: Could not find all objects.",
+ SRCNAME, __func__);
+ return S_OK;
+ }
+
+ text = get_oom_string (selection, "Text");
+
+ if (!text || strlen (text) <= 1)
+ {
+ /* TODO more usable if we just use all text in this case? */
+ MessageBox (NULL,
+ _("Please select the data you wish to decrypt."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ return S_OK;
+ }
+
+ /* Determine the protocol based on the content */
+ protocol = is_cms_data (text, strlen (text)) ? PROTOCOL_SMIME :
+ PROTOCOL_OPENPGP;
+
+ hr = OpenStreamOnFile (MAPIAllocateBuffer, MAPIFreeBuffer,
+ (SOF_UNIQUEFILENAME | STGM_DELETEONRELEASE
+ | STGM_CREATE | STGM_READWRITE),
+ NULL, "GPG", &tmpstream);
+
+ if (FAILED (hr))
+ {
+ log_error ("%s:%s: can't create temp file: hr=%#lx\n",
+ SRCNAME, __func__, hr);
+ rc = -1;
+ goto failure;
+ }
+
+ sink->cb_data = tmpstream;
+ sink->writefnc = sink_std_write;
+
+ session_number = engine_new_session_number ();
+ if (engine_create_filter (&filter, write_buffer_for_cb, sink))
+ goto failure;
+
+ decsink->cb_data = filter;
+ decsink->writefnc = sink_encryption_write;
+
+ engine_set_session_number (filter, session_number);
+ engine_set_session_title (filter, _("Decrypt Selection"));
+
+ if ((rc=engine_decrypt_start (filter, curWindow,
+ protocol,
+ 1, NULL)))
+ {
+ log_error ("%s:%s: engine decrypt start failed: %s",
+ SRCNAME, __func__, gpg_strerror (rc));
+ goto failure;
+ }
+
+ /* Write the text in the decryption sink. */
+ rc = write_buffer (decsink, text, strlen (text));
+
+ /* Flush the decryption sink and wait for the encryption to get
+ ready. */
+ if ((rc = write_buffer (decsink, NULL, 0)))
+ goto failure;
+ if ((rc = engine_wait (filter)))
+ goto failure;
+ filter = NULL; /* Not valid anymore. */
+ decsink->cb_data = NULL; /* Not needed anymore. */
+
+ if (!sink->enc_counter)
+ {
+ log_debug ("%s:%s: nothing received from engine", SRCNAME, __func__);
+ goto failure;
+ }
+
+ /* Check the size of the decrypted data */
+ tmpstream->Stat (&tmpStat, 0);
+
+ if (tmpStat.cbSize.QuadPart > UINT_MAX)
+ {
+ MessageBox (curWindow, _("GpgOL"),
+ _("Selected text too long."),
+ MB_ICONINFORMATION|MB_OK);
+ log_error ("%s:%s: No one should write so large mails.",
+ SRCNAME, __func__);
+ goto failure;
+ }
+
+ /* Copy the encrypted stream to the message editor. */
+ {
+ LARGE_INTEGER off;
+ ULONG nread;
+ char buffer[(unsigned int)tmpStat.cbSize.QuadPart];
+
+ off.QuadPart = 0;
+ hr = tmpstream->Seek (off, STREAM_SEEK_SET, NULL);
+ if (hr)
+ {
+ log_error ("%s:%s: seeking back to the begin failed: hr=%#lx",
+ SRCNAME, __func__, hr);
+ rc = gpg_error (GPG_ERR_EIO);
+ goto failure;
+ }
+ hr = tmpstream->Read (buffer, sizeof buffer, &nread);
+ if (hr)
+ {
+ log_error ("%s:%s: IStream::Read failed: hr=%#lx",
+ SRCNAME, __func__, hr);
+ rc = gpg_error (GPG_ERR_EIO);
+ goto failure;
+ }
+ if (strlen (buffer) > 1)
+ {
+ /* Now replace the selection with the encrypted text */
+ put_oom_string (selection, "Text", buffer);
+ }
+ else
+ {
+ /* Just to be save not to overwrite the selection with
+ an empty buffer */
+ log_error ("%s:%s: unexpected problem ", SRCNAME, __func__);
+ goto failure;
+ }
+ }
+
+ failure:
+ if (rc)
+ log_debug ("%s:%s: failed rc=%d (%s) <%s>", SRCNAME, __func__, rc,
+ gpg_strerror (rc), gpg_strsource (rc));
+ engine_cancel (filter);
+ xfree (text);
+ if (tmpstream)
+ tmpstream->Release();
+
+ return S_OK;
+}
+
+HRESULT
+getIcon (int id, int size, VARIANT* result)
+{
+ PICTDESC pdesc;
+ LPDISPATCH pPict;
+ HRESULT hr;
+ UINT fuload;
+
+ memset (&pdesc, 0, sizeof pdesc);
+ pdesc.cbSizeofstruct = sizeof pdesc;
+ pdesc.picType = PICTYPE_BITMAP;
+
+/*
+ In the future we might want to use PNGs here to have
+ full Alpha Channel support for the icons
+
+ Here is an example how this could look like with gdiplus:
+
+ GdiplusStartupInput gdiplusStartupInput;
+ ULONG_PTR gdiplusToken;
+ Bitmap* pbitmap;
+
+ GetModuleFileName(glob_hinst, szModuleFileName, MAX_PATH);
+
+ gdiplusStartupInput.DebugEventCallback = NULL;
+ gdiplusStartupInput.SuppressBackgroundThread = FALSE;
+ gdiplusStartupInput.SuppressExternalCodecs = FALSE;
+ gdiplusStartupInput.GdiplusVersion = 1;
+ GdiplusStartup (&gdiplusToken, &gdiplusStartupInput, NULL);
+
+ pbitmap = Bitmap::FromFile (L"c:\\foo.png", FALSE);
+ if (!pbitmap || pbitmap->GetHBITMAP (0, &pdesc.bmp.hbitmap))
+ {
+ log_error ("%s:%s: failed to load file.",
+ SRCNAME, __func__);
+ }
+*/
+
+ fuload = LR_CREATEDIBSECTION | LR_SHARED;
+
+ pdesc.bmp.hbitmap = (HBITMAP) LoadImage (glob_hinst,
+ MAKEINTRESOURCE (id),
+ IMAGE_BITMAP, size, size, fuload);
+
+ /* Wrap the image into an OLE object. */
+ hr = OleCreatePictureIndirect (&pdesc, IID_IPictureDisp,
+ TRUE, (void **) &pPict);
+ if (hr != S_OK || !pPict)
+ {
+ log_error ("%s:%s: OleCreatePictureIndirect failed: hr=%#lx\n",
+ SRCNAME, __func__, hr);
+ return -1;
+ }
+
+ result->pdispVal = pPict;
+ result->vt = VT_DISPATCH;
+
+ /*
+ GdiplusShutdown (gdiplusToken);
+ */
+
+ return S_OK;
+}
diff --git a/src/ribbon-callbacks.h b/src/ribbon-callbacks.h
index 547e17d..3eed831 100644
--- a/src/ribbon-callbacks.h
+++ b/src/ribbon-callbacks.h
@@ -22,10 +22,20 @@
#include "gpgoladdin.h"
+/* For the Icon IDS */
+#include "dialogs.h"
+
/* Id's of our callbacks */
#define ID_CMD_DECRYPT 2
#define ID_CMD_ENCRYPT_SELECTION 3
+#define ID_CMD_DECRYPT_SELECTION 4
+#define ID_BTN_CERTMANAGER IDB_KEY_MANAGER_32
+#define ID_BTN_DECRYPT IDB_DECRYPT_16
+#define ID_BTN_DECRYPT_LARGE IDB_DECRYPT_32
+#define ID_BTN_ENCRYPT IDB_ENCRYPT_16
HRESULT decryptAttachments (LPDISPATCH ctrl);
HRESULT encryptSelection (LPDISPATCH ctrl);
+HRESULT decryptSelection (LPDISPATCH ctrl);
+HRESULT getIcon (int id, int size, VARIANT* result);
#endif
commit bd44cdf7984cc6e41c6b390577626a6c60c8ae75
Author: Andre Heinecke
Date: Wed Jul 10 17:24:50 2013 +0000
Fix debug output in dump_excepinfo
One line was accidentally removed.
* src/oomhelp.cpp (dump_excepinfo): Add source line.
--
Source is actually pretty important as it tells you where
your exception occured like "Microsoft Word" even if you originally
started in the OOM.
diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp
index c660629..59e5cdb 100644
--- a/src/oomhelp.cpp
+++ b/src/oomhelp.cpp
@@ -111,6 +111,7 @@ dump_excepinfo (EXCEPINFO err)
log_debug ("%s:%s: Dumping exception: \n"
" wCode: 0x%x\n"
" wReserved: 0x%x\n"
+ " source: %S\n"
" desc: %S\n"
" help: %S\n"
" helpCtx: 0x%x\n"
commit 76061280cb9e28971e05b473b1a0d771dc592ae8
Author: Andre Heinecke
Date: Wed Jul 10 17:23:43 2013 +0000
Use CMS object detection from GPA
* src/common.c, src/common.h: Remove old tlv parser code which
was the base for the gpa implementation.
* src/mapihelp.cpp, src/mimeparser.c: Use new macro names
* src/parsetlv.c, src/parsetlv.h, src/filetype.c, src/filetype.h:
New. Taken from GPA revision 7a5b070
* src/Makefile.am: Add new files
--
The filetype code can be used to detect the protocol of decryped
content and will be used in decrypt selection.
diff --git a/src/Makefile.am b/src/Makefile.am
index 4c59507..18c1355 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -81,7 +81,9 @@ gpgol_SOURCES = \
cmdbarcontrols.cpp cmdbarcontrols.h \
w32-gettext.c w32-gettext.h \
gpgoladdin.cpp gpgoladdin.h \
- ribbon-callbacks.cpp ribbon-callbacks.h
+ ribbon-callbacks.cpp ribbon-callbacks.h \
+ parsetlv.c parsetlv.h \
+ filetype.c filetype.h
#treeview_SOURCES = treeview.c
diff --git a/src/common.c b/src/common.c
index b422154..fa75d52 100644
--- a/src/common.c
+++ b/src/common.c
@@ -921,84 +921,6 @@ gpgol_spawn_detached (const char *cmdline)
-
-/* Simple but pretty complete ASN.1 BER parser. Parse the data at the
- address of BUFFER with a length given at the address of SIZE. On
- success return 0 and update BUFFER and SIZE to point to the value.
- Do not update them on error. The information about the object are
- stored in the caller allocated TI structure. */
-int
-parse_tlv (char const **buffer, size_t *size, tlvinfo_t *ti)
-{
- int c;
- unsigned long tag;
- const unsigned char *buf = (const unsigned char *)(*buffer);
- size_t length = *size;
-
- ti->cls = 0;
- ti->tag = 0;
- ti->is_cons = 0;
- ti->is_ndef = 0;
- ti->length = 0;
- ti->nhdr = 0;
-
- if (!length)
- return -1;
- c = *buf++; length--; ++ti->nhdr;
-
- ti->cls = (c & 0xc0) >> 6;
- ti->is_cons = !!(c & 0x20);
- tag = c & 0x1f;
-
- if (tag == 0x1f)
- {
- tag = 0;
- do
- {
- tag <<= 7;
- if (!length)
- return -1;
- c = *buf++; length--; ++ti->nhdr;
- tag |= c & 0x7f;
- }
- while (c & 0x80);
- }
- ti->tag = tag;
-
- if (!length)
- return -1;
- c = *buf++; length--; ++ti->nhdr;
-
- if ( !(c & 0x80) )
- ti->length = c;
- else if (c == 0x80)
- ti->is_ndef = 1;
- else if (c == 0xff)
- return -1;
- else
- {
- unsigned long len = 0;
- int count = (c & 0x7f);
-
- if (count > sizeof (len) || count > sizeof (size_t))
- return -1;
-
- for (; count; count--)
- {
- len <<= 8;
- if (!length)
- return -1;
- c = *buf++; length--; ++ti->nhdr;
- len |= c & 0xff;
- }
- ti->length = len;
- }
-
- *buffer = buf;
- *size = length;
- return 0;
-}
-
/* Percent-escape the string STR by replacing colons with '%3a'. If
EXTRA is not NULL all characters in it are also escaped. */
char *
diff --git a/src/common.h b/src/common.h
index 6097568..ede4d2b 100644
--- a/src/common.h
+++ b/src/common.h
@@ -175,27 +175,6 @@ typedef struct b64_state_s b64_state_t;
/* Macros to used in conditionals to enable debug output. */
#define debug_commands (opt.enable_debug & DBG_COMMANDS)
-
-/* Type and constants used with parse_tlv. */
-struct tlvinfo_s
-{
- int cls; /* The class of the tag. */
- int tag; /* The tag. */
- int is_cons; /* True if it is a constructed object. */
- int is_ndef; /* True if the object has an indefinite length. */
- size_t length; /* The length of the value. */
- size_t nhdr; /* The number of octets in the header (tag,length). */
-};
-typedef struct tlvinfo_s tlvinfo_t;
-#define MY_ASN_CLASS_UNIVERSAL 0
-#define MY_ASN_CLASS_APPLICATION 1
-#define MY_ASN_CLASS_CONTEXT 2
-#define MY_ASN_CLASS_PRIVATE 3
-#define MY_ASN_TAG_OBJECT_ID 6
-#define MY_ASN_TAG_SEQUENCE 16
-
-
-
/*-- common.c --*/
void set_global_hinstance (HINSTANCE hinst);
void center_window (HWND childwnd, HWND style);
@@ -217,9 +196,6 @@ char *generate_boundary (char *buffer);
int gpgol_spawn_detached (const char *cmdline);
-int parse_tlv (char const **buffer, size_t *size, tlvinfo_t *ti);
-
-
/*-- recipient-dialog.c --*/
unsigned int recipient_dialog_box (gpgme_key_t **ret_rset);
unsigned int recipient_dialog_box2 (gpgme_key_t *fnd, char **unknown,
diff --git a/src/filetype.c b/src/filetype.c
new file mode 100644
index 0000000..c59dde7
--- /dev/null
+++ b/src/filetype.c
@@ -0,0 +1,150 @@
+/* filetype.c - Identify file types
+ * Copyright (C) 2012 g10 Code GmbH
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ */
+
+#ifdef HAVE_CONFIG_H
+# include
+#endif
+
+#include
+#include
+#include
+
+#include "parsetlv.h"
+#include "filetype.h"
+
+
+/* The size of the buffer we use to identify CMS objects. */
+#define CMS_BUFFER_SIZE 2048
+
+
+/* Warning: DATA may be binary but there must be a Nul before DATALEN. */
+static int
+detect_cms (const char *data, size_t datalen)
+{
+ tlvinfo_t ti;
+ const char *s;
+ size_t n;
+
+ if (datalen < 24) /* Object is probably too short for CMS. */
+ return 0;
+
+ s = data;
+ n = datalen;
+ if (parse_tlv (&s, &n, &ti))
+ goto try_pgp; /* Not properly BER encoded. */
+ if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_SEQUENCE
+ && ti.is_cons))
+ goto try_pgp; /* A CMS object always starts witn a sequence. */
+ if (parse_tlv (&s, &n, &ti))
+ goto try_pgp; /* Not properly BER encoded. */
+ if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_OBJECT_ID
+ && !ti.is_cons && ti.length) || ti.length > n)
+ goto try_pgp; /* This is not an OID as expected. */
+ if (ti.length == 9)
+ {
+ if (!memcmp (s, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03", 9))
+ return 1; /* Encrypted (aka Enveloped Data). */
+ if (!memcmp (s, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02", 9))
+ return 1; /* Signed. */
+ }
+
+ try_pgp:
+ /* Check whether this might be a non-armored PGP message. We need
+ to do this before checking for armor lines, so that we don't get
+ fooled by armored messages inside a signed binary PGP message. */
+ if ((data[0] & 0x80))
+ {
+ /* That might be a binary PGP message. At least it is not plain
+ ASCII. Of course this might be certain lead-in text of
+ armored CMS messages. However, I am not sure whether this is
+ at all defined and in any case it is uncommon. Thus we don't
+ do any further plausibility checks but stupidly assume no CMS
+ armored data will follow. */
+ return 0;
+ }
+
+ /* Now check whether there are armor lines. */
+ for (s = data; s && *s; s = (*s=='\n')?(s+1):((s=strchr (s,'\n'))?(s+1):s))
+ {
+ if (!strncmp (s, "-----BEGIN ", 11))
+ {
+ if (!strncmp (s+11, "PGP ", 4))
+ return 0; /* This is PGP */
+ return 1; /* Not PGP, thus we assume CMS. */
+ }
+ }
+
+ return 0;
+}
+
+
+/* Return true if the file FNAME looks like an CMS file. There is no
+ error return, just a best effort try to identify CMS in a file with
+ a CMS object. */
+int
+is_cms_file (const char *fname)
+{
+ int result;
+ FILE *fp;
+ char *data;
+ size_t datalen;
+
+ fp = fopen (fname, "rb");
+ if (!fp)
+ return 0; /* Not found - can't be a CMS file. */
+
+ data = malloc (CMS_BUFFER_SIZE);
+ if (!data)
+ {
+ fclose (fp);
+ return 0; /* Oops */
+ }
+
+ datalen = fread (data, 1, CMS_BUFFER_SIZE - 1, fp);
+ data[datalen] = 0;
+ fclose (fp);
+
+ result = detect_cms (data, datalen);
+ free (data);
+ return result;
+}
+
+
+/* Return true if the data (DATA,DATALEN) looks like an CMS object.
+ There is no error return, just a best effort try to identify CMS. */
+int
+is_cms_data (const char *data, size_t datalen)
+{
+ int result;
+ char *buffer;
+
+ if (datalen < 24)
+ return 0; /* Too short - don't bother to copy the buffer. */
+
+ if (datalen > CMS_BUFFER_SIZE - 1)
+ datalen = CMS_BUFFER_SIZE - 1;
+
+ buffer = malloc (datalen + 1);
+ if (!buffer)
+ return 0; /* Oops */
+ memcpy (buffer, data, datalen);
+ buffer[datalen] = 0;
+
+ result = detect_cms (buffer, datalen);
+ free (buffer);
+ return result;
+}
diff --git a/src/filetype.h b/src/filetype.h
new file mode 100644
index 0000000..ae24726
--- /dev/null
+++ b/src/filetype.h
@@ -0,0 +1,35 @@
+/* filetype.h - Identify file types
+ * Copyright (C) 2012 g10 Code GmbH
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ */
+
+#ifndef FILETYPE_H
+#define FILETYPE_H
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+}
+#endif
+#endif
+
+int is_cms_file (const char *fname);
+int is_cms_data (const char *data, size_t datalen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /*FILETYPE_H*/
diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp
index 0385bed..1d6d7c5 100644
--- a/src/mapihelp.cpp
+++ b/src/mapihelp.cpp
@@ -30,6 +30,7 @@
#include "rfc822parse.h"
#include "serpent.h"
#include "mapihelp.h"
+#include "parsetlv.h"
#ifndef CRYPT_E_STREAM_INSUFFICIENT_DATA
#define CRYPT_E_STREAM_INSUFFICIENT_DATA 0x80091011
@@ -761,12 +762,12 @@ is_really_cms_encrypted (LPMESSAGE message)
n = nread;
if (parse_tlv (&p, &n, &ti))
goto leave;
- if (!(ti.cls == MY_ASN_CLASS_UNIVERSAL && ti.tag == MY_ASN_TAG_SEQUENCE
+ if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_SEQUENCE
&& ti.is_cons) )
goto leave;
if (parse_tlv (&p, &n, &ti))
goto leave;
- if (!(ti.cls == MY_ASN_CLASS_UNIVERSAL && ti.tag == MY_ASN_TAG_OBJECT_ID
+ if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_OBJECT_ID
&& !ti.is_cons && ti.length) || ti.length > n)
goto leave;
/* Now is this enveloped data (1.2.840.113549.1.7.3)
diff --git a/src/mimeparser.c b/src/mimeparser.c
index b43bead..e885729 100644
--- a/src/mimeparser.c
+++ b/src/mimeparser.c
@@ -42,6 +42,7 @@
#include "mapihelp.h"
#include "serpent.h"
#include "mimeparser.h"
+#include "parsetlv.h"
#define TRACEPOINT() do { log_debug ("%s:%s:%d: tracepoint\n", \
@@ -234,12 +235,12 @@ is_cms_signed_data (const char *buffer, size_t length)
if (parse_tlv (&p, &n, &ti))
return 0;
- if (!(ti.cls == MY_ASN_CLASS_UNIVERSAL && ti.tag == MY_ASN_TAG_SEQUENCE
+ if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_SEQUENCE
&& ti.is_cons) )
return 0;
if (parse_tlv (&p, &n, &ti))
return 0;
- if (!(ti.cls == MY_ASN_CLASS_UNIVERSAL && ti.tag == MY_ASN_TAG_OBJECT_ID
+ if (!(ti.cls == ASN1_CLASS_UNIVERSAL && ti.tag == ASN1_TAG_OBJECT_ID
&& !ti.is_cons && ti.length) || ti.length > n)
return 0;
if (ti.length == 9 && !memcmp (p, "\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02", 9))
diff --git a/src/parsetlv.c b/src/parsetlv.c
new file mode 100644
index 0000000..afdc522
--- /dev/null
+++ b/src/parsetlv.c
@@ -0,0 +1,103 @@
+/* parsetlv.c - ASN.1 TLV functions
+ * Copyright (C) 2005, 2007, 2008, 2012 g10 Code GmbH
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ */
+
+#ifdef HAVE_CONFIG_H
+# include
+#endif
+#include
+#include
+#include
+
+#include "parsetlv.h"
+
+
+/* Simple but pretty complete ASN.1 BER parser. Parse the data at the
+ address of BUFFER with a length given at the address of SIZE. On
+ success return 0 and update BUFFER and SIZE to point to the value.
+ Do not update them on error. The information about the object are
+ stored in the caller allocated TI structure. */
+int
+parse_tlv (char const **buffer, size_t *size, tlvinfo_t *ti)
+{
+ int c;
+ unsigned long tag;
+ const unsigned char *buf = (const unsigned char *)(*buffer);
+ size_t length = *size;
+
+ ti->cls = 0;
+ ti->tag = 0;
+ ti->is_cons = 0;
+ ti->is_ndef = 0;
+ ti->length = 0;
+ ti->nhdr = 0;
+
+ if (!length)
+ return -1;
+ c = *buf++; length--; ++ti->nhdr;
+
+ ti->cls = (c & 0xc0) >> 6;
+ ti->is_cons = !!(c & 0x20);
+ tag = c & 0x1f;
+
+ if (tag == 0x1f)
+ {
+ tag = 0;
+ do
+ {
+ tag <<= 7;
+ if (!length)
+ return -1;
+ c = *buf++; length--; ++ti->nhdr;
+ tag |= c & 0x7f;
+ }
+ while (c & 0x80);
+ }
+ ti->tag = tag;
+
+ if (!length)
+ return -1;
+ c = *buf++; length--; ++ti->nhdr;
+
+ if ( !(c & 0x80) )
+ ti->length = c;
+ else if (c == 0x80)
+ ti->is_ndef = 1;
+ else if (c == 0xff)
+ return -1;
+ else
+ {
+ unsigned long len = 0;
+ int count = (c & 0x7f);
+
+ if (count > sizeof (len) || count > sizeof (size_t))
+ return -1;
+
+ for (; count; count--)
+ {
+ len <<= 8;
+ if (!length)
+ return -1;
+ c = *buf++; length--; ++ti->nhdr;
+ len |= c & 0xff;
+ }
+ ti->length = len;
+ }
+
+ *buffer = buf;
+ *size = length;
+ return 0;
+}
diff --git a/src/parsetlv.h b/src/parsetlv.h
new file mode 100644
index 0000000..8ae548b
--- /dev/null
+++ b/src/parsetlv.h
@@ -0,0 +1,55 @@
+/* parsetlv.h - TLV functions defintions
+ * Copyright (C) 2012 g10 Code GmbH
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ */
+
+#ifndef PARSETLV_H
+#define PARSETLV_H
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+}
+#endif
+#endif
+
+/* ASN.1 constants. */
+#define ASN1_CLASS_UNIVERSAL 0
+#define ASN1_CLASS_APPLICATION 1
+#define ASN1_CLASS_CONTEXT 2
+#define ASN1_CLASS_PRIVATE 3
+#define ASN1_TAG_OBJECT_ID 6
+#define ASN1_TAG_SEQUENCE 16
+
+
+/* Object used with parse_tlv. */
+struct tlvinfo_s
+{
+ int cls; /* The class of the tag. */
+ int tag; /* The tag. */
+ int is_cons; /* True if it is a constructed object. */
+ int is_ndef; /* True if the object has an indefinite length. */
+ size_t length; /* The length of the value. */
+ size_t nhdr; /* The number of octets in the header (tag,length). */
+};
+typedef struct tlvinfo_s tlvinfo_t;
+
+/*-- parsetlv.c --*/
+int parse_tlv (char const **buffer, size_t *size, tlvinfo_t *ti);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*PARSETLV_H*/
-----------------------------------------------------------------------
Summary of changes:
src/Makefile.am | 4 +-
src/common.c | 78 --------------
src/common.h | 24 -----
src/filetype.c | 150 +++++++++++++++++++++++++++
src/filetype.h | 35 ++++++
src/gpgoladdin.cpp | 68 ++++++++-----
src/mapihelp.cpp | 5 +-
src/mimeparser.c | 5 +-
src/oomhelp.cpp | 1 +
src/parsetlv.c | 103 ++++++++++++++++++
src/parsetlv.h | 55 ++++++++++
src/ribbon-callbacks.cpp | 257 ++++++++++++++++++++++++++++++++++++++++++++++
src/ribbon-callbacks.h | 10 ++
13 files changed, 661 insertions(+), 134 deletions(-)
create mode 100644 src/filetype.c
create mode 100644 src/filetype.h
create mode 100644 src/parsetlv.c
create mode 100644 src/parsetlv.h
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jul 10 21:38:22 2013
From: cvs at cvs.gnupg.org (by Jussi Kivilinna)
Date: Wed, 10 Jul 2013 21:38:22 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-161-gd6c9c86
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via d6c9c86cb7f571ae0bd9aee4efa01a0f9c4c3104 (commit)
via c64a0dcbefc5b0055954e37a3c86b32ff7a1b1da (commit)
via ed0a598172208ec67234a4edd73189bf6808fd04 (commit)
via c3902a6b5cea9acef2e15fbee24eb601eeb25168 (commit)
via 97f392f43cf2e4da1297cbecacbfbff33a869478 (commit)
via 8aa4f2161cf643ce36d87d2e2786b546736f8232 (commit)
via 71dda4507053379433dc8b0fc6462c15de7299df (commit)
from 6540b84a6e9113813e7e49e3ad2024d4a0073300 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d6c9c86cb7f571ae0bd9aee4efa01a0f9c4c3104
Author: Jussi Kivilinna
Date: Wed Jun 26 15:28:49 2013 +0300
Fix 'Please include winsock2.h before windows.h' warnings with mingw32
* random/rndw32.c: include winsock2.h before windows.h.
* src/ath.h [_WIN32]: Ditto.
* tests/benchmark.c [_WIN32]: Ditto.
--
Patch silences warnings of following type:
/usr/lib/gcc/i686-w64-mingw32/4.6/../../../../i686-w64-mingw32/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp]
Signed-off-by: Jussi Kivilinna
diff --git a/random/rndw32.c b/random/rndw32.c
index f8a83b6..5c5d6c6 100644
--- a/random/rndw32.c
+++ b/random/rndw32.c
@@ -78,6 +78,7 @@
#include
#endif
+#include
#include
diff --git a/src/ath.h b/src/ath.h
index 6ffa928..a132e0b 100644
--- a/src/ath.h
+++ b/src/ath.h
@@ -23,6 +23,7 @@
#include
#ifdef _WIN32
+# include
# include
#else /* !_WIN32 */
# ifdef HAVE_SYS_SELECT_H
diff --git a/tests/benchmark.c b/tests/benchmark.c
index c4b5258..79048a3 100644
--- a/tests/benchmark.c
+++ b/tests/benchmark.c
@@ -25,6 +25,7 @@
#include
#include
#ifdef _WIN32
+#include
#include
#else
#include
commit c64a0dcbefc5b0055954e37a3c86b32ff7a1b1da
Author: Jussi Kivilinna
Date: Wed Jun 26 16:57:00 2013 +0300
Remove duplicate header from mpi/amd64/mpih-mul2.S
* mpi/amd64/mpih-mul2.S: remove duplicated header.
--
Signed-off-by: Jussi Kivilinna
diff --git a/mpi/amd64/mpih-mul2.S b/mpi/amd64/mpih-mul2.S
index 1180f76..a332a1d 100644
--- a/mpi/amd64/mpih-mul2.S
+++ b/mpi/amd64/mpih-mul2.S
@@ -31,49 +31,6 @@
#include "sysdep.h"
#include "asm-syntax.h"
-
-/*******************
- * mpi_limb_t
- * _gcry_mpih_addmul_2( mpi_ptr_t res_ptr, (sp + 4)
- * mpi_ptr_t s1_ptr, (sp + 8)
- * mpi_size_t s1_size, (sp + 12)
- * mpi_limb_t s2_limb) (sp + 16)
- */
-
- /* i80386 addmul_1 -- Multiply a limb vector with a limb and add
- * the result to a second limb vector.
- *
- * Copyright (C) 1992, 1994, 1998,
- * 2001, 2002 Free Software Foundation, Inc.
- *
- * This file is part of Libgcrypt.
- *
- * Libgcrypt is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * Libgcrypt is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- *
- * Note: This code is heavily based on the GNU MP Library.
- * Actually it's the same code with only minor changes in the
- * way the data is stored; this is to support the abstraction
- * of an optional secure memory allocation which may be used
- * to avoid revealing of sensitive data due to paging etc.
- */
-
-
-#include "sysdep.h"
-#include "asm-syntax.h"
-
-
/*******************
* mpi_limb_t
* _gcry_mpih_addmul_1( mpi_ptr_t res_ptr, (rdi)
commit ed0a598172208ec67234a4edd73189bf6808fd04
Author: Jussi Kivilinna
Date: Thu Jun 27 14:40:12 2013 +0300
Fix i386/amd64 inline assembly "cc" clobbers
* cipher/bithelp.h [__GNUC__, __i386__] (rol, ror): add "cc" globber
for inline assembly.
* cipher/cast5.c [__GNUC__, __i386__] (rol): Ditto.
* random/rndhw.c [USE_DRNG] (rdrand_long): Ditto.
* src/hmac256.c [__GNUC__, __i386__] (ror): Ditto.
* mpi/longlong.c [__i386__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
(udiv_qrnnd, count_leading_zeros, count_trailing_zeros): Ditto.
--
These assembly snippets modify cflags but do not mark "cc" clobber.
Signed-off-by: Jussi Kivilinna
diff --git a/cipher/bithelp.h b/cipher/bithelp.h
index 1505324..785701e 100644
--- a/cipher/bithelp.h
+++ b/cipher/bithelp.h
@@ -30,7 +30,8 @@ rol( u32 x, int n)
{
__asm__("roll %%cl,%0"
:"=r" (x)
- :"0" (x),"c" (n));
+ :"0" (x),"c" (n)
+ :"cc");
return x;
}
#else
@@ -43,7 +44,8 @@ ror(u32 x, int n)
{
__asm__("rorl %%cl,%0"
:"=r" (x)
- :"0" (x),"c" (n));
+ :"0" (x),"c" (n)
+ :"cc");
return x;
}
#else
diff --git a/cipher/cast5.c b/cipher/cast5.c
index 41bc9ff..6017bf0 100644
--- a/cipher/cast5.c
+++ b/cipher/cast5.c
@@ -393,7 +393,8 @@ rol(int n, u32 x)
{
__asm__("roll %%cl,%0"
:"=r" (x)
- :"0" (x),"c" (n));
+ :"0" (x),"c" (n)
+ :"cc");
return x;
}
#else
diff --git a/mpi/longlong.h b/mpi/longlong.h
index 699b6b3..773d1c7 100644
--- a/mpi/longlong.h
+++ b/mpi/longlong.h
@@ -473,7 +473,8 @@ extern USItype __udiv_qrnnd ();
: "%0" ((USItype)(ah)), \
"g" ((USItype)(bh)), \
"%1" ((USItype)(al)), \
- "g" ((USItype)(bl)))
+ "g" ((USItype)(bl)) \
+ __CLOBBER_CC)
#define sub_ddmmss(sh, sl, ah, al, bh, bl) \
__asm__ ("subl %5,%1\n" \
"sbbl %3,%0" \
@@ -482,29 +483,33 @@ extern USItype __udiv_qrnnd ();
: "0" ((USItype)(ah)), \
"g" ((USItype)(bh)), \
"1" ((USItype)(al)), \
- "g" ((USItype)(bl)))
+ "g" ((USItype)(bl)) \
+ __CLOBBER_CC)
#define umul_ppmm(w1, w0, u, v) \
__asm__ ("mull %3" \
: "=a" ((USItype)(w0)), \
"=d" ((USItype)(w1)) \
: "%0" ((USItype)(u)), \
- "rm" ((USItype)(v)))
+ "rm" ((USItype)(v)) \
+ __CLOBBER_CC)
#define udiv_qrnnd(q, r, n1, n0, d) \
__asm__ ("divl %4" \
: "=a" ((USItype)(q)), \
"=d" ((USItype)(r)) \
: "0" ((USItype)(n0)), \
"1" ((USItype)(n1)), \
- "rm" ((USItype)(d)))
+ "rm" ((USItype)(d)) \
+ __CLOBBER_CC)
#define count_leading_zeros(count, x) \
do { \
USItype __cbtmp; \
__asm__ ("bsrl %1,%0" \
- : "=r" (__cbtmp) : "rm" ((USItype)(x))); \
+ : "=r" (__cbtmp) : "rm" ((USItype)(x)) \
+ __CLOBBER_CC); \
(count) = __cbtmp ^ 31; \
} while (0)
#define count_trailing_zeros(count, x) \
- __asm__ ("bsfl %1,%0" : "=r" (count) : "rm" ((USItype)(x)))
+ __asm__ ("bsfl %1,%0" : "=r" (count) : "rm" ((USItype)(x)) __CLOBBER_CC)
#ifndef UMUL_TIME
#define UMUL_TIME 40
#endif
diff --git a/random/rndhw.c b/random/rndhw.c
index cbb28d1..ca99c5f 100644
--- a/random/rndhw.c
+++ b/random/rndhw.c
@@ -138,7 +138,8 @@ rdrand_long (unsigned long *v)
"jnz 1b\n\t"
"2:"
: "=r" (ok), "=a" (*v)
- : "0" (RDRAND_RETRY_LOOPS));
+ : "0" (RDRAND_RETRY_LOOPS)
+ : "cc");
return ok;
}
diff --git a/src/hmac256.c b/src/hmac256.c
index 34def76..2fda47b 100644
--- a/src/hmac256.c
+++ b/src/hmac256.c
@@ -104,7 +104,8 @@ ror(u32 x, int n)
{
__asm__("rorl %%cl,%0"
:"=r" (x)
- :"0" (x),"c" (n));
+ :"0" (x),"c" (n)
+ :"cc");
return x;
}
#else
commit c3902a6b5cea9acef2e15fbee24eb601eeb25168
Author: Jussi Kivilinna
Date: Wed Jul 3 12:14:56 2013 +0300
bufhelp: Suppress 'cast increases required alignment' warning
* cipher/bufhelp.h (buf_xor, buf_xor_2dst, buf_xor_n_copy): Cast
to larger element pointer through (void *) to suppress -Wcast-error.
--
Patch disables bogus warnings caused by -Wcast-error. We know that byte
pointers are properly aligned at these phases, or that hardware can handle
unaligned accesses.
Signed-off-by: Jussi Kivilinna
diff --git a/cipher/bufhelp.h b/cipher/bufhelp.h
index 638ca1b..1c173e2 100644
--- a/cipher/bufhelp.h
+++ b/cipher/bufhelp.h
@@ -30,7 +30,7 @@
#if defined(__i386__) || defined(__x86_64__)
-/* These architechtures are able of unaligned memory accesses and can
+/* These architectures are able of unaligned memory accesses and can
handle those fast.
*/
# define BUFHELP_FAST_UNALIGNED_ACCESS 1
@@ -59,9 +59,9 @@ buf_xor(void *_dst, const void *_src1, const void *_src2, size_t len)
*dst++ = *src1++ ^ *src2++;
#endif
- ldst = (uintptr_t *)dst;
- lsrc1 = (const uintptr_t *)src1;
- lsrc2 = (const uintptr_t *)src2;
+ ldst = (uintptr_t *)(void *)dst;
+ lsrc1 = (const uintptr_t *)(const void *)src1;
+ lsrc2 = (const uintptr_t *)(const void *)src2;
for (; len >= sizeof(uintptr_t); len -= sizeof(uintptr_t))
*ldst++ = *lsrc1++ ^ *lsrc2++;
@@ -102,9 +102,9 @@ buf_xor_2dst(void *_dst1, void *_dst2, const void *_src, size_t len)
*dst1++ = (*dst2++ ^= *src++);
#endif
- ldst1 = (uintptr_t *)dst1;
- ldst2 = (uintptr_t *)dst2;
- lsrc = (const uintptr_t *)src;
+ ldst1 = (uintptr_t *)(void *)dst1;
+ ldst2 = (uintptr_t *)(void *)dst2;
+ lsrc = (const uintptr_t *)(const void *)src;
for (; len >= sizeof(uintptr_t); len -= sizeof(uintptr_t))
*ldst1++ = (*ldst2++ ^= *lsrc++);
@@ -151,9 +151,9 @@ buf_xor_n_copy(void *_dst_xor, void *_srcdst_cpy, const void *_src, size_t len)
}
#endif
- ldst_xor = (uintptr_t *)dst_xor;
- lsrcdst_cpy = (uintptr_t *)srcdst_cpy;
- lsrc = (const uintptr_t *)src;
+ ldst_xor = (uintptr_t *)(void *)dst_xor;
+ lsrcdst_cpy = (uintptr_t *)(void *)srcdst_cpy;
+ lsrc = (const uintptr_t *)(const void *)src;
for (; len >= sizeof(uintptr_t); len -= sizeof(uintptr_t))
{
commit 97f392f43cf2e4da1297cbecacbfbff33a869478
Author: Jussi Kivilinna
Date: Wed Jul 3 11:32:25 2013 +0300
mpi: Add __ARM_ARCH for older GCC
* mpi/longlong.h [__arm__]: Construct __ARM_ARCH if not provided by
compiler.
--
GCC 4.8 defines __ARM_ARCH which provides forward compatible way to detect
ARM architecture. Use this when available and construct otherwise.
Signed-off-by: Jussi Kivilinna
diff --git a/mpi/longlong.h b/mpi/longlong.h
index 0f860af..699b6b3 100644
--- a/mpi/longlong.h
+++ b/mpi/longlong.h
@@ -186,6 +186,30 @@ extern UDItype __udiv_qrnnd ();
***************************************/
#if defined (__arm__) && W_TYPE_SIZE == 32 && \
(!defined (__thumb__) || defined (__thumb2__))
+/* The __ARM_ARCH define is provided by gcc 4.8. Construct it otherwise. */
+#ifndef __ARM_ARCH
+# ifdef __ARM_ARCH_2__
+# define __ARM_ARCH 2
+# elif defined (__ARM_ARCH_3__) || defined (__ARM_ARCH_3M__)
+# define __ARM_ARCH 3
+# elif defined (__ARM_ARCH_4__) || defined (__ARM_ARCH_4T__)
+# define __ARM_ARCH 4
+# elif defined (__ARM_ARCH_5__) || defined (__ARM_ARCH_5E__) \
+ || defined(__ARM_ARCH_5T__) || defined(__ARM_ARCH_5TE__) \
+ || defined(__ARM_ARCH_5TEJ__)
+# define __ARM_ARCH 5
+# elif defined (__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) \
+ || defined (__ARM_ARCH_6Z__) || defined(__ARM_ARCH_6ZK__) \
+ || defined (__ARM_ARCH_6K__) || defined(__ARM_ARCH_6T2__)
+# define __ARM_ARCH 6
+# elif defined (__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) \
+ || defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) \
+ || defined(__ARM_ARCH_7EM__)
+# define __ARM_ARCH 7
+# else
+ /* could not detect? */
+# endif
+#endif
#define add_ssaaaa(sh, sl, ah, al, bh, bl) \
__asm__ ("adds %1, %4, %5\n" \
"adc %0, %2, %3" \
@@ -204,9 +228,7 @@ extern UDItype __udiv_qrnnd ();
"rI" ((USItype)(bh)), \
"r" ((USItype)(al)), \
"rI" ((USItype)(bl)) __CLOBBER_CC)
-/* The __ARM_ARCH define is provided by gcc 4.8 */
-#if (defined __ARM_ARCH && __ARM_ARCH <= 3) || \
- defined __ARM_ARCH_2__ || defined __ARM_ARCH_3__
+#if (defined __ARM_ARCH && __ARM_ARCH <= 3)
#define umul_ppmm(xh, xl, a, b) \
__asm__ ("%@ Inlined umul_ppmm\n" \
"mov %|r0, %2, lsr #16 @ AAAA\n" \
@@ -238,10 +260,7 @@ extern UDItype __udiv_qrnnd ();
#endif /* __ARM_ARCH >= 4 */
#define UMUL_TIME 20
#define UDIV_TIME 100
-/* The __ARM_ARCH define is provided by gcc 4.8 */
-#if (defined __ARM_ARCH && __ARM_ARCH >= 5) || !(defined __ARM_ARCH_2__ || \
- defined __ARM_ARCH_3__ || defined __ARM_ARCH_3M__ || __ARM_ARCH_4__ || \
- __ARM_ARCH_4T__)
+#if (defined __ARM_ARCH && __ARM_ARCH >= 5)
#define count_leading_zeros(count, x) \
__asm__ ("clz %0, %1" \
: "=r" ((USItype)(count)) \
commit 8aa4f2161cf643ce36d87d2e2786b546736f8232
Author: Jussi Kivilinna
Date: Wed Jul 3 15:10:11 2013 +0300
mpi: add missing "cc" clobber for ARM assembly
* mpi/longlong.h [__arm__] (add_ssaaaa, sub_ddmmss): Add __CLOBBER_CC.
[__arm__][__ARM_ARCH <= 3] (umul_ppmm): Ditto.
--
Signed-off-by: Jussi Kivilinna
diff --git a/mpi/longlong.h b/mpi/longlong.h
index bb34fd7..0f860af 100644
--- a/mpi/longlong.h
+++ b/mpi/longlong.h
@@ -194,7 +194,7 @@ extern UDItype __udiv_qrnnd ();
: "%r" ((USItype)(ah)), \
"rI" ((USItype)(bh)), \
"%r" ((USItype)(al)), \
- "rI" ((USItype)(bl)))
+ "rI" ((USItype)(bl)) __CLOBBER_CC)
#define sub_ddmmss(sh, sl, ah, al, bh, bl) \
__asm__ ("subs %1, %4, %5\n" \
"sbc %0, %2, %3" \
@@ -203,7 +203,7 @@ extern UDItype __udiv_qrnnd ();
: "r" ((USItype)(ah)), \
"rI" ((USItype)(bh)), \
"r" ((USItype)(al)), \
- "rI" ((USItype)(bl)))
+ "rI" ((USItype)(bl)) __CLOBBER_CC)
/* The __ARM_ARCH define is provided by gcc 4.8 */
#if (defined __ARM_ARCH && __ARM_ARCH <= 3) || \
defined __ARM_ARCH_2__ || defined __ARM_ARCH_3__
@@ -225,7 +225,7 @@ extern UDItype __udiv_qrnnd ();
"=r" ((USItype)(xl)) \
: "r" ((USItype)(a)), \
"r" ((USItype)(b)) \
- : "r0", "r1", "r2")
+ : "r0", "r1", "r2" __CLOBBER_CC)
#else /* __ARM_ARCH >= 4 */
#define umul_ppmm(xh, xl, a, b) \
__asm__ ("%@ Inlined umul_ppmm\n" \
commit 71dda4507053379433dc8b0fc6462c15de7299df
Author: Jussi Kivilinna
Date: Wed Jul 3 11:14:56 2013 +0300
Tweak ARM inline assembly for mpi
mpi/longlong.h [__arm__]: Enable inline assembly if __thumb2__ is
defined.
[__arm__]: Use __ARCH_ARM when defined.
[__arm__] [__ARM_ARCH >= 5] (count_leading_zeros): New.
--
Current ARM Linux distributions use EABI that enables thumb2, and therefore
inline assembly is disable (because !defined(__thumb__) selector). However
thumb2 allows the use of assembly instructions that longlong.h contains for
ARM. So this patch enables inline assembly for ARM when __thumb2__ is defined
in addition to __thumb__.
Patch also adds optimization for count_leading_zeros() macro for ARM.
Results on Cortex-A8, 1Ghz:
===
Before:
Algorithm generate 100*sign 100*verify
------------------------------------------------
RSA 1024 bit 750ms 2780ms 110ms
RSA 2048 bit 14280ms 17250ms 300ms
RSA 3072 bit 38630ms 51300ms 650ms
RSA 4096 bit 60940ms 111430ms 1000ms
jussi at cubie:~/libgcrypt$ tests/benchmark dsa
Algorithm generate 100*sign 100*verify
------------------------------------------------
DSA 1024/160 - 1410ms 1680ms
DSA 2048/224 - 6100ms 7390ms
DSA 3072/256 - 14350ms 17120ms
jussi at cubie:~/libgcrypt$ tests/benchmark ecc
Algorithm generate 100*sign 100*verify
------------------------------------------------
ECDSA 192 bit 90ms 2160ms 3940ms
ECDSA 224 bit 110ms 2810ms 5400ms
ECDSA 256 bit 150ms 3570ms 6970ms
ECDSA 384 bit 340ms 8320ms 16420ms
ECDSA 521 bit 850ms 19760ms 38480ms
After:
jussi at cubie:~/libgcrypt$ tests/benchmark rsa
Algorithm generate 100*sign 100*verify
------------------------------------------------
RSA 1024 bit 590ms 2230ms 80ms
RSA 2048 bit 2320ms 13090ms 240ms
RSA 3072 bit 60580ms 38420ms 460ms
RSA 4096 bit 115130ms 82250ms 750ms
jussi at cubie:~/libgcrypt$ tests/benchmark dsa
Algorithm generate 100*sign 100*verify
------------------------------------------------
DSA 1024/160 - 1070ms 1290ms
DSA 2048/224 - 4500ms 5550ms
DSA 3072/256 - 10280ms 12200ms
jussi at cubie:~/libgcrypt$ tests/benchmark ecc
Algorithm generate 100*sign 100*verify
------------------------------------------------
ECDSA 192 bit 70ms 1900ms 3560ms
ECDSA 224 bit 100ms 2490ms 4750ms
ECDSA 256 bit 120ms 3140ms 5920ms
ECDSA 384 bit 270ms 6990ms 13790ms
ECDSA 521 bit 680ms 17080ms 33490ms
Signed-off-by: Jussi Kivilinna
diff --git a/mpi/longlong.h b/mpi/longlong.h
index 5dba793..bb34fd7 100644
--- a/mpi/longlong.h
+++ b/mpi/longlong.h
@@ -184,7 +184,8 @@ extern UDItype __udiv_qrnnd ();
/***************************************
************** ARM ******************
***************************************/
-#if defined (__arm__) && W_TYPE_SIZE == 32 && !defined (__thumb__)
+#if defined (__arm__) && W_TYPE_SIZE == 32 && \
+ (!defined (__thumb__) || defined (__thumb2__))
#define add_ssaaaa(sh, sl, ah, al, bh, bl) \
__asm__ ("adds %1, %4, %5\n" \
"adc %0, %2, %3" \
@@ -203,7 +204,9 @@ extern UDItype __udiv_qrnnd ();
"rI" ((USItype)(bh)), \
"r" ((USItype)(al)), \
"rI" ((USItype)(bl)))
-#if defined __ARM_ARCH_2__ || defined __ARM_ARCH_3__
+/* The __ARM_ARCH define is provided by gcc 4.8 */
+#if (defined __ARM_ARCH && __ARM_ARCH <= 3) || \
+ defined __ARM_ARCH_2__ || defined __ARM_ARCH_3__
#define umul_ppmm(xh, xl, a, b) \
__asm__ ("%@ Inlined umul_ppmm\n" \
"mov %|r0, %2, lsr #16 @ AAAA\n" \
@@ -223,7 +226,7 @@ extern UDItype __udiv_qrnnd ();
: "r" ((USItype)(a)), \
"r" ((USItype)(b)) \
: "r0", "r1", "r2")
-#else
+#else /* __ARM_ARCH >= 4 */
#define umul_ppmm(xh, xl, a, b) \
__asm__ ("%@ Inlined umul_ppmm\n" \
"umull %r1, %r0, %r2, %r3" \
@@ -232,9 +235,18 @@ extern UDItype __udiv_qrnnd ();
: "r" ((USItype)(a)), \
"r" ((USItype)(b)) \
: "r0", "r1")
-#endif
+#endif /* __ARM_ARCH >= 4 */
#define UMUL_TIME 20
#define UDIV_TIME 100
+/* The __ARM_ARCH define is provided by gcc 4.8 */
+#if (defined __ARM_ARCH && __ARM_ARCH >= 5) || !(defined __ARM_ARCH_2__ || \
+ defined __ARM_ARCH_3__ || defined __ARM_ARCH_3M__ || __ARM_ARCH_4__ || \
+ __ARM_ARCH_4T__)
+#define count_leading_zeros(count, x) \
+ __asm__ ("clz %0, %1" \
+ : "=r" ((USItype)(count)) \
+ : "r" ((USItype)(x)))
+#endif /* __ARM_ARCH >= 5 */
#endif /* __arm__ */
/***************************************
-----------------------------------------------------------------------
Summary of changes:
cipher/bithelp.h | 6 +++-
cipher/bufhelp.h | 20 ++++++++--------
cipher/cast5.c | 3 +-
mpi/amd64/mpih-mul2.S | 43 ----------------------------------
mpi/longlong.h | 62 ++++++++++++++++++++++++++++++++++++++----------
random/rndhw.c | 3 +-
random/rndw32.c | 1 +
src/ath.h | 1 +
src/hmac256.c | 3 +-
tests/benchmark.c | 1 +
10 files changed, 72 insertions(+), 71 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jul 11 11:02:22 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 11 Jul 2013 11:02:22 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-15-ge928b6f
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via e928b6fee0ffa319e4c8d13faf1eda09a0aab302 (commit)
via a86891f29d9f495e8aafc3824d575b15c5205aa9 (commit)
via 1ac489eadc378b3326c912e930859c199aafd140 (commit)
from 3f9cedf40b5bbba3ddf4fdcaad46e3749ce91724 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e928b6fee0ffa319e4c8d13faf1eda09a0aab302
Author: Andre Heinecke
Date: Thu Jul 11 08:37:21 2013 +0000
Fix decryptSelection by handling \r breaks
* src/ribbon-callbacks.cpp (decryptSelection): Use fix_linebreaks.
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 3535239..666eb17 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -436,7 +436,8 @@ decryptSelection (LPDISPATCH ctrl)
engine_filter_t filter = NULL;
LPOLEWINDOW actExplorer;
HWND curWindow;
- char* text = NULL;
+ char* selectedText = NULL;
+ int selectedLen = 0;
int rc = 0;
unsigned int session_number;
HRESULT hr;
@@ -478,9 +479,9 @@ decryptSelection (LPDISPATCH ctrl)
return S_OK;
}
- text = get_oom_string (selection, "Text");
+ selectedText = get_oom_string (selection, "Text");
- if (!text || strlen (text) <= 1)
+ if (!selectedText || (selectedLen = strlen (selectedText)) <= 1)
{
/* TODO more usable if we just use all text in this case? */
MessageBox (NULL,
@@ -490,8 +491,10 @@ decryptSelection (LPDISPATCH ctrl)
return S_OK;
}
+ fix_linebreaks (selectedText, &selectedLen);
+
/* Determine the protocol based on the content */
- protocol = is_cms_data (text, strlen (text)) ? PROTOCOL_SMIME :
+ protocol = is_cms_data (selectedText, selectedLen) ? PROTOCOL_SMIME :
PROTOCOL_OPENPGP;
hr = OpenStreamOnFile (MAPIAllocateBuffer, MAPIFreeBuffer,
@@ -530,7 +533,7 @@ decryptSelection (LPDISPATCH ctrl)
}
/* Write the text in the decryption sink. */
- rc = write_buffer (decsink, text, strlen (text));
+ rc = write_buffer (decsink, selectedText, selectedLen);
/* Flush the decryption sink and wait for the encryption to get
ready. */
@@ -602,7 +605,7 @@ decryptSelection (LPDISPATCH ctrl)
log_debug ("%s:%s: failed rc=%d (%s) <%s>", SRCNAME, __func__, rc,
gpg_strerror (rc), gpg_strsource (rc));
engine_cancel (filter);
- xfree (text);
+ xfree (selectedText);
if (tmpstream)
tmpstream->Release();
commit a86891f29d9f495e8aafc3824d575b15c5205aa9
Author: Andre Heinecke
Date: Thu Jul 11 08:33:37 2013 +0000
Add fix_linebreaks function
This tries to fix linebreaks to be unix \n breaks.
* src/common.c, src/util.h (fix_linebreaks): New.
diff --git a/src/common.c b/src/common.c
index fa75d52..549d768 100644
--- a/src/common.c
+++ b/src/common.c
@@ -969,3 +969,29 @@ percent_escape (const char *str, const char *extra)
return ptr;
}
+
+/* Fix linebreaks.
+ This either removes the \r if it is followed by a \n
+ or replaces it by a \n. This is neccessary because
+ Micrsoft Word buffers appearently use only the \r
+ to indicate line breaks.
+*/
+void
+fix_linebreaks (char *str, int *len)
+{
+ char *src;
+ char *dst;
+
+ src = str;
+ dst = str;
+ while (*src)
+ {
+ if (src[0] == '\r' && src[1] == '\n')
+ src++;
+ else if (src[0] == '\r')
+ src[0] = '\n';
+ *(dst++) = *(src++);
+ }
+ *dst = '\0';
+ *len = dst - str;
+}
diff --git a/src/util.h b/src/util.h
index 77cdef0..09cde90 100644
--- a/src/util.h
+++ b/src/util.h
@@ -47,6 +47,7 @@ extern "C" {
while(*_vptr) { *_vptr=0; _vptr++; } \
} while(0)
+#include
/* i18n stuff */
#include "w32-gettext.h"
@@ -72,6 +73,8 @@ char *read_w32_registry_string (const char *root, const char *dir,
const char *name);
char *percent_escape (const char *str, const char *extra);
+void fix_linebreaks (char *str, int *len);
+
/*-- main.c --*/
const void *get_128bit_session_key (void);
const void *get_64bit_session_marker (void);
commit 1ac489eadc378b3326c912e930859c199aafd140
Author: Andre Heinecke
Date: Thu Jul 11 07:38:14 2013 +0000
Include information source in comment
The referenced blog contains a good explanation about
changes in image handling the ribbonUI
* src/ribbon-callbacks.cpp (getIcon): Expand comment about
PNG's
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 7499eeb..3535239 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -625,6 +625,9 @@ getIcon (int id, int size, VARIANT* result)
In the future we might want to use PNGs here to have
full Alpha Channel support for the icons
+ Some explanation about images and transparency in Ribbons:
+ http://blogs.msdn.com/b/jensenh/archive/2006/11/27/ribbonx-image-faq.aspx
+
Here is an example how this could look like with gdiplus:
GdiplusStartupInput gdiplusStartupInput;
-----------------------------------------------------------------------
Summary of changes:
src/common.c | 26 ++++++++++++++++++++++++++
src/ribbon-callbacks.cpp | 18 ++++++++++++------
src/util.h | 3 +++
3 files changed, 41 insertions(+), 6 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jul 11 21:00:23 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Thu, 11 Jul 2013 21:00:23 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-22-gd501119
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via d501119f6d14899bf27dfeb8eb98f54c8fa17da3 (commit)
via 40e13e006c87d47f001c9a0dfa42fa0a6cde5294 (commit)
via c7552e035bdf2cba949911fb6bb72f9a6c3d55e1 (commit)
via 0c1d76ee531268dc21346012d6bef5d52bf09777 (commit)
via a8ec27515b34aeecbf00393db6a2f54f073b88c8 (commit)
via a0aee83e9a355b32b6a1c952a0391d08039f0256 (commit)
via 984364ac4b150c39c4073f8dd70c238c2353aecf (commit)
from e928b6fee0ffa319e4c8d13faf1eda09a0aab302 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d501119f6d14899bf27dfeb8eb98f54c8fa17da3
Author: Andre Heinecke
Date: Thu Jul 11 18:11:49 2013 +0000
Implement start certificate manager
Simple wrapper for engine_start_keymanager using the callback
interface.
* src/gpgoladdin.cpp (GetIDsOfNames, Invoke): Handle
startCertManager.
* src/ribbon-callbacks.cpp, src/ribbon-callbacks.h
(startCertManager): New.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 080fb48..77ec44c 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -433,6 +433,7 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
ID_MAPPER (L"attachmentDecryptCallback", ID_CMD_DECRYPT)
ID_MAPPER (L"encryptSelection", ID_CMD_ENCRYPT_SELECTION)
ID_MAPPER (L"decryptSelection", ID_CMD_DECRYPT_SELECTION)
+ ID_MAPPER (L"startCertManager", ID_CMD_CERT_MANAGER)
ID_MAPPER (L"btnCertManager", ID_BTN_CERTMANAGER)
ID_MAPPER (L"btnDecrypt", ID_BTN_DECRYPT)
ID_MAPPER (L"btnDecryptLarge", ID_BTN_DECRYPT_LARGE)
@@ -472,6 +473,8 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
return encryptSelection (parms->rgvarg[0].pdispVal);
case ID_CMD_DECRYPT_SELECTION:
return decryptSelection (parms->rgvarg[0].pdispVal);
+ case ID_CMD_CERT_MANAGER:
+ return startCertManager (parms->rgvarg[0].pdispVal);
case ID_BTN_CERTMANAGER:
return getIcon (ID_BTN_CERTMANAGER, ICON_SIZE_LARGE, result);
case ID_BTN_ENCRYPT:
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 62d0ab7..d1b6224 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -692,3 +692,29 @@ getIcon (int id, int size, VARIANT* result)
return S_OK;
}
+
+HRESULT
+startCertManager (LPDISPATCH ctrl)
+{
+ HRESULT hr;
+ LPDISPATCH context;
+ HWND curWindow;
+ LPOLEWINDOW actExplorer;
+
+ hr = getContext (ctrl, &context);
+ if (FAILED(hr))
+ return hr;
+
+ actExplorer = (LPOLEWINDOW) get_oom_object(context,
+ "Application.ActiveExplorer");
+ if (actExplorer)
+ actExplorer->GetWindow (&curWindow);
+ else
+ {
+ log_debug ("%s:%s: Could not find active window",
+ SRCNAME, __func__);
+ curWindow = NULL;
+ }
+
+ engine_start_keymanager (curWindow);
+}
diff --git a/src/ribbon-callbacks.h b/src/ribbon-callbacks.h
index 3eed831..bf869a9 100644
--- a/src/ribbon-callbacks.h
+++ b/src/ribbon-callbacks.h
@@ -29,6 +29,7 @@
#define ID_CMD_DECRYPT 2
#define ID_CMD_ENCRYPT_SELECTION 3
#define ID_CMD_DECRYPT_SELECTION 4
+#define ID_CMD_CERT_MANAGER 5
#define ID_BTN_CERTMANAGER IDB_KEY_MANAGER_32
#define ID_BTN_DECRYPT IDB_DECRYPT_16
#define ID_BTN_DECRYPT_LARGE IDB_DECRYPT_32
@@ -38,4 +39,5 @@ HRESULT decryptAttachments (LPDISPATCH ctrl);
HRESULT encryptSelection (LPDISPATCH ctrl);
HRESULT decryptSelection (LPDISPATCH ctrl);
HRESULT getIcon (int id, int size, VARIANT* result);
+HRESULT startCertManager (LPDISPATCH ctrl);
#endif
commit 40e13e006c87d47f001c9a0dfa42fa0a6cde5294
Author: Andre Heinecke
Date: Thu Jul 11 18:03:02 2013 +0000
Add decrypt selection to reader context
* src/gpgoladdin.cpp (GetCustomUI): Add context menu actions
* src/ribbon-callbacks.cpp (decryptSelection): Show MessageBox
with text in case the selected Text can not be set.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 26bd0db..080fb48 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -505,7 +505,6 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
log_debug ("%s:%s: GetCustomUI for id: %S", SRCNAME, __func__, RibbonID);
-
if (!RibbonXml)
return E_POINTER;
@@ -532,17 +531,16 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
swprintf (buffer,
L""
L""
- L""
- L" "
+ L" "
+ L" onAction=\"decryptSelection\"/>"
L" "
L""
- L"", _("Encrypt"));
+ L"", _("Decrypt"));
}
- else /*if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer")) */
+ else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer"))
{
- // *RibbonXml = loadXMLResource (IDR_XML_EXPLORER);
swprintf (buffer,
L""
L" "
@@ -574,6 +572,15 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" "
L" "
L" "
+ /*
+ There appears to be no way to access the word editor
+ / get the selected text from that Context.
+ L" "
+ L" "
+ L" "
+ */
L" "
L" "
L"",
_("GpgOL"), _("General"), _("Start Certificate Manager"),
- _("GpgOL"), _("Save and decrypt"), _("Save and decrypt"));
+ _("GpgOL"), _("Save and decrypt"),/*_("Decrypt"), */
+ _("Save and decrypt"));
}
if (wcslen (buffer))
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 5dbcd4c..62d0ab7 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -261,9 +261,6 @@ encryptSelection (LPDISPATCH ctrl)
if (tmpStat.cbSize.QuadPart > UINT_MAX)
{
- MessageBox (curWindow, _("GpgOL"),
- "Selected text too long.",
- MB_ICONINFORMATION|MB_OK);
log_error ("%s:%s: No one should write so large mails.",
SRCNAME, __func__);
goto failure;
@@ -569,9 +566,6 @@ decryptSelection (LPDISPATCH ctrl)
if (tmpStat.cbSize.QuadPart > UINT_MAX)
{
- MessageBox (curWindow, _("GpgOL"),
- "Selected text too long.",
- MB_ICONINFORMATION|MB_OK);
log_error ("%s:%s: No one should write so large mails.",
SRCNAME, __func__);
goto failure;
@@ -602,8 +596,14 @@ decryptSelection (LPDISPATCH ctrl)
}
if (strlen (buffer) > 1)
{
- /* Now replace the selection with the encrypted text */
- put_oom_string (selection, "Text", buffer);
+ /* Now replace the selection with the encrypted or show it
+ somehow.*/
+ if (put_oom_string (selection, "Text", buffer))
+ {
+ MessageBox (NULL, buffer,
+ _("Plain text"),
+ MB_ICONINFORMATION|MB_OK);
+ }
}
else
{
commit c7552e035bdf2cba949911fb6bb72f9a6c3d55e1
Author: Andre Heinecke
Date: Thu Jul 11 16:42:52 2013 +0000
Encapsulate SMIME data in the message
This adds the same BEGIN and END lines as gnupg adds
when using the armor option.
* src/ribbon-callbacks.cpp (encrypt_selection): Encapsulate
encrypted data
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index aa55808..5dbcd4c 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -209,7 +209,7 @@ encryptSelection (LPDISPATCH ctrl)
}
if ((rc=engine_encrypt_prepare (filter, curWindow,
- protocol,
+ PROTOCOL_UNKNOWN,
0 /* ENGINE_FLAG_SIGN_FOLLOWS */,
senderAddr, recipientAddrs, &protocol)))
{
@@ -295,7 +295,18 @@ encryptSelection (LPDISPATCH ctrl)
if (strlen (buffer) > 1)
{
/* Now replace the selection with the encrypted text */
- put_oom_string (selection, "Text", buffer);
+ if (protocol == PROTOCOL_SMIME)
+ {
+ unsigned int enclosedSize = strlen (buffer) + 34 + 31 + 1;
+ char enclosedData[enclosedSize];
+ snprintf (enclosedData, sizeof enclosedData,
+ "-----BEGIN ENCRYPTED MESSAGE-----\n"
+ "%s"
+ "-----END ENCRYPTED MESSAGE-----\n", buffer);
+ put_oom_string (selection, "Text", enclosedData);
+ }
+ else
+ put_oom_string (selection, "Text", buffer);
}
else
{
commit 0c1d76ee531268dc21346012d6bef5d52bf09777
Author: Andre Heinecke
Date: Thu Jul 11 16:40:59 2013 +0000
Fix crash in decryptAttachments
If the save file dialog was aborted it crashed.
* src/ribbon-callbacks.cpp (decryptAttachments): Continue
if get_save_file_name returns NULL.
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 3d1ced0..aa55808 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -387,6 +387,9 @@ decryptAttachments (LPDISPATCH ctrl)
filenames[i-1] = get_save_filename (NULL, filename);
xfree (filename);
+ if (!filenames [i-1])
+ continue;
+
wcsOutFilename = utf8_to_wchar2 (filenames[i-1],
strlen(filenames[i-1]));
saveParams.rgvarg[0].bstrVal = SysAllocString (wcsOutFilename);
commit a8ec27515b34aeecbf00393db6a2f54f073b88c8
Author: Andre Heinecke
Date: Thu Jul 11 16:39:05 2013 +0000
Change some user visible strings
* src/ribbon-callbacks.cpp: Change wording in some Messages.
Do not localize very unlikely errors.
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 666eb17..3d1ced0 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -114,8 +114,8 @@ encryptSelection (LPDISPATCH ctrl)
!sender || !recipients)
{
MessageBox (NULL,
- _("Internal error in GpgOL.\n"
- "Could not find all objects."),
+ "Internal error in GpgOL.\n"
+ "Could not find all objects.",
_("GpgOL"),
MB_ICONINFORMATION|MB_OK);
log_error ("%s:%s: Could not find all objects.",
@@ -129,7 +129,7 @@ encryptSelection (LPDISPATCH ctrl)
{
/* TODO more usable if we just use all text in this case? */
MessageBox (NULL,
- _("Please select some text for encryption."),
+ _("Please select text to encrypt."),
_("GpgOL"),
MB_ICONINFORMATION|MB_OK);
return S_OK;
@@ -159,7 +159,7 @@ encryptSelection (LPDISPATCH ctrl)
if (!recipientsCnt)
{
MessageBox (NULL,
- _("Please enter the recipent of the encrypted text first."),
+ _("Please add at least one recipent."),
_("GpgOL"),
MB_ICONINFORMATION|MB_OK);
return S_OK;
@@ -262,7 +262,7 @@ encryptSelection (LPDISPATCH ctrl)
if (tmpStat.cbSize.QuadPart > UINT_MAX)
{
MessageBox (curWindow, _("GpgOL"),
- _("Selected text too long."),
+ "Selected text too long.",
MB_ICONINFORMATION|MB_OK);
log_error ("%s:%s: No one should write so large mails.",
SRCNAME, __func__);
@@ -470,8 +470,8 @@ decryptSelection (LPDISPATCH ctrl)
if (!wordEditor || !wordApplication || !selection)
{
MessageBox (NULL,
- _("Internal error in GpgOL.\n"
- "Could not find all objects."),
+ "Internal error in GpgOL.\n"
+ "Could not find all objects.",
_("GpgOL"),
MB_ICONINFORMATION|MB_OK);
log_error ("%s:%s: Could not find all objects.",
@@ -521,7 +521,7 @@ decryptSelection (LPDISPATCH ctrl)
decsink->writefnc = sink_encryption_write;
engine_set_session_number (filter, session_number);
- engine_set_session_title (filter, _("Decrypt Selection"));
+ engine_set_session_title (filter, _("Decrypt"));
if ((rc=engine_decrypt_start (filter, curWindow,
protocol,
@@ -556,7 +556,7 @@ decryptSelection (LPDISPATCH ctrl)
if (tmpStat.cbSize.QuadPart > UINT_MAX)
{
MessageBox (curWindow, _("GpgOL"),
- _("Selected text too long."),
+ "Selected text too long.",
MB_ICONINFORMATION|MB_OK);
log_error ("%s:%s: No one should write so large mails.",
SRCNAME, __func__);
commit a0aee83e9a355b32b6a1c952a0391d08039f0256
Author: Andre Heinecke
Date: Thu Jul 11 16:32:03 2013 +0000
Localize ribbon UI
Using swprintf we can directly use gettext strings to include
UTF-8 encoded strings in the CustomUI XML code.
* src/gpgoladdin.cpp (getCustomUI): Add gettext usage.
(loadXMLResource): Removed.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index bfe16d9..26bd0db 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -487,39 +487,6 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
return DISP_E_MEMBERNOTFOUND;
}
-BSTR
-loadXMLResource (int id)
-{
- /* XXX I do not know how to get the handle of the currently
- executed code as we never had a chance in DllMain to save
- that handle. */
-
- /* FIXME this does not work as intended */
- HMODULE hModule = GetModuleHandle("gpgol.dll");
-
- HRSRC hRsrc = FindResourceEx (hModule, MAKEINTRESOURCE(id), TEXT("XML"),
- MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL));
-
- if (!hRsrc)
- {
- log_error_w32 (-1, "%s:%s: FindResource(%d) failed\n",
- SRCNAME, __func__, id);
- return NULL;
- }
-
- HGLOBAL hGlobal = LoadResource(hModule, hRsrc);
-
- if (!hGlobal)
- {
- log_error_w32 (-1, "%s:%s: LoadResource(%d) failed\n",
- SRCNAME, __func__, id);
- return NULL;
- }
-
- LPVOID xmlData = LockResource (hGlobal);
-
- return SysAllocString (reinterpret_cast(xmlData));
-}
/* Returns the XML markup for the various RibbonID's
@@ -532,62 +499,62 @@ loadXMLResource (int id)
STDMETHODIMP
GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
{
- /* TODO use callback for label's and Icons, load xml from resource */
+ wchar_t buffer[4096];
+
+ memset(buffer, 0, sizeof buffer);
+
log_debug ("%s:%s: GetCustomUI for id: %S", SRCNAME, __func__, RibbonID);
+
if (!RibbonXml)
return E_POINTER;
if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Compose"))
{
- *RibbonXml = SysAllocString (
+ swprintf (buffer,
L""
L""
L""
L" "
L" "
L" "
L""
- L""
- );
+ L"", _("Encrypt"), _("Decrypt"));
}
else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Read"))
{
- *RibbonXml = SysAllocString (
+ swprintf (buffer,
L""
L""
L""
L" "
L" "
L""
- L""
- );
-
+ L"", _("Encrypt"));
}
-
else /*if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer")) */
{
// *RibbonXml = loadXMLResource (IDR_XML_EXPLORER);
- *RibbonXml = SysAllocString (
+ swprintf (buffer,
L""
L" "
L" "
L" "
+ L" label=\"%S\">"
L" "
+ L" label=\"%S\">"
L" "
L" "
L" "
@@ -595,10 +562,10 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" "
L" "
L" "
- L" "
+ L" "
L" "
L" "
@@ -609,14 +576,20 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" "
L" "
L" "
L" "
L" "
- L""
- );
+ L"",
+ _("GpgOL"), _("General"), _("Start Certificate Manager"),
+ _("GpgOL"), _("Save and decrypt"), _("Save and decrypt"));
}
+ if (wcslen (buffer))
+ *RibbonXml = SysAllocString (buffer);
+ else
+ *RibbonXml = NULL;
+
return S_OK;
}
commit 984364ac4b150c39c4073f8dd70c238c2353aecf
Author: Andre Heinecke
Date: Thu Jul 11 16:30:00 2013 +0000
Handle OnDisconnect call
* src/gpgoladdin.cpp (OnDisconnect): Delete gpgolext object
* src/olflange.cpp (~GpgolExt): Shutdown also in case there
is no context set.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 807e5a6..bfe16d9 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -243,6 +243,10 @@ GpgolAddin::OnDisconnection (ext_DisconnectMode RemoveMode,
SAFEARRAY** custom)
{
(void)custom;
+ (void)RemoveMode;
+ /* Deleting the extension causes everything to be cleaned up */
+ delete m_gpgolext;
+
return S_OK;
}
diff --git a/src/olflange.cpp b/src/olflange.cpp
index e51521e..109c6a7 100644
--- a/src/olflange.cpp
+++ b/src/olflange.cpp
@@ -577,7 +577,7 @@ GpgolExt::~GpgolExt (void)
// if (m_pOutlookExtItemEvents)
// m_pOutlookExtItemEvents->Release ();
- if (m_lContext == EECONTEXT_SESSION)
+ if (m_lContext == EECONTEXT_SESSION || !m_lContext)
{
if (g_initdll)
{
-----------------------------------------------------------------------
Summary of changes:
src/gpgoladdin.cpp | 106 ++++++++++++++++++++-------------------------
src/olflange.cpp | 2 +-
src/ribbon-callbacks.cpp | 74 +++++++++++++++++++++++++-------
src/ribbon-callbacks.h | 2 +
4 files changed, 107 insertions(+), 77 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 09:46:30 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 12 Jul 2013 09:46:30 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-23-g289c070
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 289c0700ecf91048f122adddf86b00eb4b22675a (commit)
from d501119f6d14899bf27dfeb8eb98f54c8fa17da3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 289c0700ecf91048f122adddf86b00eb4b22675a
Author: Andre Heinecke
Date: Fri Jul 12 07:21:16 2013 +0000
Update translation
* po/POTFILES.in: Add new files.
* po/de.po: Add new translations.
* po/pt.po, po/sv.po: Update generated content.
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 55af50f..4d78f3a 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -24,4 +24,6 @@ src/w32-gettext.c
src/inspectors.cpp
src/explorers.cpp
src/mailitem.cpp
+src/gpgoladdin.cpp
+src/ribbon-callbacks.cpp
diff --git a/po/de.po b/po/de.po
index dc60958..90f0457 100644
--- a/po/de.po
+++ b/po/de.po
@@ -7,10 +7,11 @@ msgid ""
msgstr ""
"Project-Id-Version: GpgOL 1.0.0\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2011-12-27 12:49+0100\n"
+"POT-Creation-Date: 2013-07-12 07:18+0000\n"
"PO-Revision-Date: 2009-06-18 19:18+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: de\n"
+"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -40,7 +41,7 @@ msgstr ""
"um die gesamte Nachricht nochmal zu entschl??sseln. Danach k??nnen\n"
"Sie das Attachment wieder ??ffenen."
-#: src/common.c:216
+#: src/common.c:217
msgid "GpgOL - Save decrypted attachment"
msgstr "GpgOL - Sichern der entschl??sselten Anlage"
@@ -58,6 +59,9 @@ msgstr ""
#: src/engine.c:395 src/engine.c:405 src/main.c:699 src/main.c:705
#: src/message.cpp:303 src/explorers.cpp:204 src/explorers.cpp:209
+#: src/gpgoladdin.cpp:593 src/gpgoladdin.cpp:594 src/ribbon-callbacks.cpp:119
+#: src/ribbon-callbacks.cpp:133 src/ribbon-callbacks.cpp:163
+#: src/ribbon-callbacks.cpp:486 src/ribbon-callbacks.cpp:500
msgid "GpgOL"
msgstr "GpgOL"
@@ -233,11 +237,11 @@ msgstr ""
"\n"
"geschrieben."
-#: src/mapihelp.cpp:1527 src/mapihelp.cpp:1535 src/mapihelp.cpp:1543
+#: src/mapihelp.cpp:1528 src/mapihelp.cpp:1536 src/mapihelp.cpp:1544
msgid "[no subject]"
msgstr "[Kein Betreff]"
-#: src/mapihelp.cpp:2152
+#: src/mapihelp.cpp:2153
msgid ""
"[The content of this message is not visible because it has been decrypted by "
"another Outlook session. Use the \"decrypt/verify\" command to make it "
@@ -247,7 +251,7 @@ msgstr ""
"Outlook Sitzung entschl??sselt wurde. Verwenden Sie den Men??punkt "
"\"entschl??sseln/??berpr??fen\" um den Inhalt wieder sichtbar zu machen.]"
-#: src/mapihelp.cpp:3004
+#: src/mapihelp.cpp:3005
msgid ""
"[The content of this message is not visible due to an processing error in "
"GpgOL.]"
@@ -344,15 +348,15 @@ msgstr "Verschl??sselungsfehler (%s)"
msgid "Signing failed (%s)"
msgstr "Signaturerstellungsfehler (%s)"
-#: src/mimeparser.c:1203
+#: src/mimeparser.c:1204
msgid "Error writing to stream"
msgstr "Dateischreibfehler"
-#: src/mimeparser.c:1204
+#: src/mimeparser.c:1205
msgid "I/O-Error"
msgstr "Ein-/Ausgabefehler"
-#: src/olflange-dlgs.cpp:43
+#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:593
msgid "General"
msgstr "Allgemein"
@@ -420,46 +424,11 @@ msgstr ""
msgid "This is GpgOL version %s"
msgstr "Dies ist GpgOL Version %s"
-#: src/olflange.cpp:444
-msgid ""
-"Welcome to GpgOL 1.0\n"
-"\n"
-"GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
-"support to Outlook 2003 and 2007.\n"
-"\n"
-"Although we tested this software extensively, we can't give you any "
-"guarantee that it will work as expected. The programming interface we are "
-"using has not been properly documented by Microsoft and thus the "
-"functionality of GpgOL may cease to work with an update of your Windows "
-"system.\n"
-"\n"
-"WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL ON "
-"ANY SENSITIVE DATA!\n"
-"\n"
-"There are some known problems, the most severe being that sending encrypted "
-"or signed mails using an Exchange based account does not work. Using GpgOL "
-"along with other Outlook plugins may in some cases not work.\n"
-msgstr ""
-"Willkommen zu GpgOL 1.0 !\n"
-"\n"
-"GpgOL erweitert Outlook 2003 und 2007 um integrierte OpenPGP und S/MIME "
-"Verschl??sselung und digitale Signaturen.\n"
-"\n"
-"Obgleich wir diese Software ausgiebig getestet haben, k??nnen wir leider "
-"nicht garantieren, da?? sie einwandfrei funktionieren wird. Die benutzte "
-"Programmierschnittstelle zu Outlook ist von Microsoft nur sehr ungen??gend "
-"dokumentiert worden. M??glicherweise k??nnte die korrekte Funktion von GpgOL "
-"durch ein Update von Windows beeintr??chtig werden.\n"
-"\n"
-"WIR RATEN DRINGEND DAZU, TESTS DER VERSCHL??SSELUNG DURCHZUF??HREN, BEVOR "
-"GPGOL F??R SENSIBLE DATEN BENUTZT WIRD!\n"
-"\n"
-"Es sind einige Problem bekannt: Insbesondere funktioniert das Senden von "
-"verschl??sselten oder signierten Nachrichten ??ber ein Exchange basiertes "
-"Konto nicht. Wird GpgOL zusammen mit anderen Outlook Plugins benutzt, kann "
-"es m??glicherweise nicht richtig arbeiten.\n"
+#: src/olflange.cpp:526
+msgid "Welcome to GpgOL "
+msgstr "Willkommen zu GpgOL "
-#: src/olflange.cpp:472
+#: src/olflange.cpp:554
msgid ""
"You have installed a new version of GpgOL.\n"
"\n"
@@ -473,7 +442,7 @@ msgstr ""
"die Einstellungen f??r Sie noch stimmen. Sie finden die Einstellungen im "
"Hauptmenu unter: Extras->Optionen->GpgOL.\n"
-#: src/olflange.cpp:672
+#: src/olflange.cpp:754
msgid ""
"This version of Outlook is too old!\n"
"\n"
@@ -715,6 +684,90 @@ msgstr ""
msgid "Do you want to revert this folder?"
msgstr "M??chten Sie diesen Ordner von GpgOL befreien?"
+#: src/gpgoladdin.cpp:528
+msgid "Encrypt"
+msgstr "Verschl??sseln"
+
+#: src/gpgoladdin.cpp:528 src/gpgoladdin.cpp:541 src/ribbon-callbacks.cpp:535
+msgid "Decrypt"
+msgstr "Entschl??sseln"
+
+#: src/gpgoladdin.cpp:593
+msgid "Start Certificate Manager"
+msgstr "Zertifikatsverwaltung starten"
+
+#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:595
+msgid "Save and decrypt"
+msgstr "Speichern und Entschl??sseln"
+
+#: src/ribbon-callbacks.cpp:132
+msgid "Please select text to encrypt."
+msgstr "Bitte selektieren Sie den zu verschl??sselnden Text."
+
+#: src/ribbon-callbacks.cpp:162
+msgid "Please add at least one recipent."
+msgstr "Bitte f??gen Sie mindestens einen Empf??nger hinzu."
+
+#: src/ribbon-callbacks.cpp:499
+msgid "Please select the data you wish to decrypt."
+msgstr "Bitte selektieren Sie die zu entschl??sselnden Daten."
+
+#: src/ribbon-callbacks.cpp:604
+msgid "Plain text"
+msgstr "Klartext"
+
+#~ msgid ""
+#~ "Internal error in GpgOL.\n"
+#~ "Could not find all objects."
+#~ msgstr ""
+#~ "Interner Fehler in GpgOL.\n"
+#~ "Nicht alle Objekte konnten gefunden werden."
+
+#~ msgid "Selected text too long."
+#~ msgstr "Ausgew??hlter Text ist zu lang"
+
+#, fuzzy
+#~ msgid "Decrypt Selection"
+#~ msgstr "Entschl??sselung"
+
+#~ msgid ""
+#~ "Welcome to GpgOL 1.0\n"
+#~ "\n"
+#~ "GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
+#~ "support to Outlook 2003 and 2007.\n"
+#~ "\n"
+#~ "Although we tested this software extensively, we can't give you any "
+#~ "guarantee that it will work as expected. The programming interface we are "
+#~ "using has not been properly documented by Microsoft and thus the "
+#~ "functionality of GpgOL may cease to work with an update of your Windows "
+#~ "system.\n"
+#~ "\n"
+#~ "WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL "
+#~ "ON ANY SENSITIVE DATA!\n"
+#~ "\n"
+#~ "There are some known problems, the most severe being that sending "
+#~ "encrypted or signed mails using an Exchange based account does not work. "
+#~ "Using GpgOL along with other Outlook plugins may in some cases not work.\n"
+#~ msgstr ""
+#~ "Willkommen zu GpgOL 1.0 !\n"
+#~ "\n"
+#~ "GpgOL erweitert Outlook 2003 und 2007 um integrierte OpenPGP und S/MIME "
+#~ "Verschl??sselung und digitale Signaturen.\n"
+#~ "\n"
+#~ "Obgleich wir diese Software ausgiebig getestet haben, k??nnen wir leider "
+#~ "nicht garantieren, da?? sie einwandfrei funktionieren wird. Die benutzte "
+#~ "Programmierschnittstelle zu Outlook ist von Microsoft nur sehr ungen??gend "
+#~ "dokumentiert worden. M??glicherweise k??nnte die korrekte Funktion von "
+#~ "GpgOL durch ein Update von Windows beeintr??chtig werden.\n"
+#~ "\n"
+#~ "WIR RATEN DRINGEND DAZU, TESTS DER VERSCHL??SSELUNG DURCHZUF??HREN, BEVOR "
+#~ "GPGOL F??R SENSIBLE DATEN BENUTZT WIRD!\n"
+#~ "\n"
+#~ "Es sind einige Problem bekannt: Insbesondere funktioniert das Senden von "
+#~ "verschl??sselten oder signierten Nachrichten ??ber ein Exchange basiertes "
+#~ "Konto nicht. Wird GpgOL zusammen mit anderen Outlook Plugins benutzt, "
+#~ "kann es m??glicherweise nicht richtig arbeiten.\n"
+
#~ msgid "Select this option to encrypt the message."
#~ msgstr "W??hlen Sie diese Option zum Verschl??sseln der Nachricht."
@@ -818,9 +871,6 @@ msgstr "M??chten Sie diesen Ordner von GpgOL befreien?"
#~ msgid "Path to certificate manager binary"
#~ msgstr "Dateiname der Zertifikatsverwaltung"
-#~ msgid "Select Certificate Manager"
-#~ msgstr "GnuPG Zertifikats&verwaltung"
-
#~ msgid "Passphrase"
#~ msgstr "Passphrase"
@@ -884,9 +934,6 @@ msgstr "M??chten Sie diesen Ordner von GpgOL befreien?"
#~ msgid "No valid OpenPGP data found."
#~ msgstr "Keine g??ltigen OpenPGP Daten gefunden"
-#~ msgid "Decryption"
-#~ msgstr "Entschl??sselung"
-
#~ msgid ""
#~ "[This is a PGP/MIME message]\r\n"
#~ "\r\n"
diff --git a/po/pt.po b/po/pt.po
index 2f4a70e..53d0a49 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7,10 +7,11 @@ msgid ""
msgstr ""
"Project-Id-Version: GpgOL 1.1.1\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2011-12-27 12:49+0100\n"
+"POT-Creation-Date: 2013-07-12 07:18+0000\n"
"PO-Revision-Date: 2010-07-18 20:41-0000\n"
"Last-Translator: Marco A.G.Pinto \n"
"Language-Team: Portuguese \n"
+"Language: pt\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=iso-8859-1\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -42,7 +43,7 @@ msgstr ""
"Por favor usa o bot?o Desencriptar/Verificar para desencriptar\n"
"a mensagem completa novamente. Depois abre este anexo."
-#: src/common.c:216
+#: src/common.c:217
msgid "GpgOL - Save decrypted attachment"
msgstr "GpgOL - Gravar anexo desencriptado"
@@ -60,6 +61,9 @@ msgstr ""
#: src/engine.c:395 src/engine.c:405 src/main.c:699 src/main.c:705
#: src/message.cpp:303 src/explorers.cpp:204 src/explorers.cpp:209
+#: src/gpgoladdin.cpp:593 src/gpgoladdin.cpp:594 src/ribbon-callbacks.cpp:119
+#: src/ribbon-callbacks.cpp:133 src/ribbon-callbacks.cpp:163
+#: src/ribbon-callbacks.cpp:486 src/ribbon-callbacks.cpp:500
msgid "GpgOL"
msgstr "GpgOL"
@@ -224,11 +228,11 @@ msgstr ""
"\n"
"\"%s\""
-#: src/mapihelp.cpp:1527 src/mapihelp.cpp:1535 src/mapihelp.cpp:1543
+#: src/mapihelp.cpp:1528 src/mapihelp.cpp:1536 src/mapihelp.cpp:1544
msgid "[no subject]"
msgstr "[sem assunto]"
-#: src/mapihelp.cpp:2152
+#: src/mapihelp.cpp:2153
msgid ""
"[The content of this message is not visible because it has been decrypted by "
"another Outlook session. Use the \"decrypt/verify\" command to make it "
@@ -238,7 +242,7 @@ msgstr ""
"sess?o do Outlook. Usa o comando \"Desencriptar/Verificar\" para torn?-lo "
"vis?vel]"
-#: src/mapihelp.cpp:3004
+#: src/mapihelp.cpp:3005
msgid ""
"[The content of this message is not visible due to an processing error in "
"GpgOL.]"
@@ -329,15 +333,15 @@ msgstr "A encripta
msgid "Signing failed (%s)"
msgstr "A assinatura falhou (%s)"
-#: src/mimeparser.c:1203
+#: src/mimeparser.c:1204
msgid "Error writing to stream"
msgstr "Erro ao escrever no stream"
-#: src/mimeparser.c:1204
+#: src/mimeparser.c:1205
msgid "I/O-Error"
msgstr "I/O-Erro"
-#: src/olflange-dlgs.cpp:43
+#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:593
msgid "General"
msgstr "Geral"
@@ -400,45 +404,11 @@ msgstr ""
msgid "This is GpgOL version %s"
msgstr "Esta ? a vers?o do GpgOL %s"
-#: src/olflange.cpp:444
-msgid ""
-"Welcome to GpgOL 1.0\n"
-"\n"
-"GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
-"support to Outlook 2003 and 2007.\n"
-"\n"
-"Although we tested this software extensively, we can't give you any "
-"guarantee that it will work as expected. The programming interface we are "
-"using has not been properly documented by Microsoft and thus the "
-"functionality of GpgOL may cease to work with an update of your Windows "
-"system.\n"
-"\n"
-"WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL ON "
-"ANY SENSITIVE DATA!\n"
-"\n"
-"There are some known problems, the most severe being that sending encrypted "
-"or signed mails using an Exchange based account does not work. Using GpgOL "
-"along with other Outlook plugins may in some cases not work.\n"
+#: src/olflange.cpp:526
+msgid "Welcome to GpgOL "
msgstr ""
-"Bem-vindo ao GpgOL 1.0\n"
-"\n"
-"O GpgOL adiciona suporte de encripta??o e assinatura digital OpenPGP e S/"
-"MIME integrado ao Outlook 2003 e 2007.\n"
-"\n"
-"Embora test?mos este software extensivamente, n?o podemos dar qualquer "
-"garantia que funcione da forma esperada. O interface de programa??o em uso "
-"n?o foi propriamente documentado pela Microsoft e da? a funcionalidade do "
-"GpgOL pode deixar de funcionar com uma actualiza??o do teu sistema Windows.\n"
-"\n"
-"ACONSELHAMOS FORTEMENTE A EXECUTAR TESTES DE ENCRIPTA??O ANTES DE COME?ARES "
-"A USAR O GPGOL EM DADOS SENS?VEIS!\n"
-"\n"
-"Existem alguns problemas conhecidos, os mais graves s?o o n?o funcionamento "
-"de enviar e-mails encriptados ou assinados usando uma conta com base no "
-"Exchange. Usar o GpgOL com outros plugins do Outlook poder? n?o funcionar em "
-"alguns casos.\n"
-#: src/olflange.cpp:472
+#: src/olflange.cpp:554
msgid ""
"You have installed a new version of GpgOL.\n"
"\n"
@@ -452,7 +422,7 @@ msgstr ""
"correctas para as tuas necessidades. O di?logo de op??es pode ser encontrado "
"em: Extras->Op??es->GpgOL\n"
-#: src/olflange.cpp:672
+#: src/olflange.cpp:754
msgid ""
"This version of Outlook is too old!\n"
"\n"
@@ -694,6 +664,86 @@ msgstr ""
msgid "Do you want to revert this folder?"
msgstr "Queres reverter esta pasta?"
+#: src/gpgoladdin.cpp:528
+#, fuzzy
+msgid "Encrypt"
+msgstr "Encripta??o"
+
+#: src/gpgoladdin.cpp:528 src/gpgoladdin.cpp:541 src/ribbon-callbacks.cpp:535
+#, fuzzy
+msgid "Decrypt"
+msgstr "Entschl?sselung"
+
+#: src/gpgoladdin.cpp:593
+#, fuzzy
+msgid "Start Certificate Manager"
+msgstr "GnuPG Zertifikats&verwaltung"
+
+#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:595
+msgid "Save and decrypt"
+msgstr ""
+
+#: src/ribbon-callbacks.cpp:132
+#, fuzzy
+msgid "Please select text to encrypt."
+msgstr "Por favor selecciona pelo menos um certificado de destinat?rio."
+
+#: src/ribbon-callbacks.cpp:162
+#, fuzzy
+msgid "Please add at least one recipent."
+msgstr "Por favor selecciona pelo menos um certificado de destinat?rio."
+
+#: src/ribbon-callbacks.cpp:499
+#, fuzzy
+msgid "Please select the data you wish to decrypt."
+msgstr "Por favor selecciona pelo menos um certificado de destinat?rio."
+
+#: src/ribbon-callbacks.cpp:604
+msgid "Plain text"
+msgstr ""
+
+#, fuzzy
+#~ msgid "Decrypt Selection"
+#~ msgstr "Entschl?sselung"
+
+#~ msgid ""
+#~ "Welcome to GpgOL 1.0\n"
+#~ "\n"
+#~ "GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
+#~ "support to Outlook 2003 and 2007.\n"
+#~ "\n"
+#~ "Although we tested this software extensively, we can't give you any "
+#~ "guarantee that it will work as expected. The programming interface we are "
+#~ "using has not been properly documented by Microsoft and thus the "
+#~ "functionality of GpgOL may cease to work with an update of your Windows "
+#~ "system.\n"
+#~ "\n"
+#~ "WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL "
+#~ "ON ANY SENSITIVE DATA!\n"
+#~ "\n"
+#~ "There are some known problems, the most severe being that sending "
+#~ "encrypted or signed mails using an Exchange based account does not work. "
+#~ "Using GpgOL along with other Outlook plugins may in some cases not work.\n"
+#~ msgstr ""
+#~ "Bem-vindo ao GpgOL 1.0\n"
+#~ "\n"
+#~ "O GpgOL adiciona suporte de encripta??o e assinatura digital OpenPGP e S/"
+#~ "MIME integrado ao Outlook 2003 e 2007.\n"
+#~ "\n"
+#~ "Embora test?mos este software extensivamente, n?o podemos dar qualquer "
+#~ "garantia que funcione da forma esperada. O interface de programa??o em "
+#~ "uso n?o foi propriamente documentado pela Microsoft e da? a "
+#~ "funcionalidade do GpgOL pode deixar de funcionar com uma actualiza??o do "
+#~ "teu sistema Windows.\n"
+#~ "\n"
+#~ "ACONSELHAMOS FORTEMENTE A EXECUTAR TESTES DE ENCRIPTA??O ANTES DE "
+#~ "COME?ARES A USAR O GPGOL EM DADOS SENS?VEIS!\n"
+#~ "\n"
+#~ "Existem alguns problemas conhecidos, os mais graves s?o o n?o "
+#~ "funcionamento de enviar e-mails encriptados ou assinados usando uma conta "
+#~ "com base no Exchange. Usar o GpgOL com outros plugins do Outlook poder? "
+#~ "n?o funcionar em alguns casos.\n"
+
#~ msgid "Select this option to encrypt the message."
#~ msgstr "W?hlen Sie diese Option zum Verschl?sseln der Nachricht."
@@ -797,9 +847,6 @@ msgstr "Queres reverter esta pasta?"
#~ msgid "Path to certificate manager binary"
#~ msgstr "Dateiname der Zertifikatsverwaltung"
-#~ msgid "Select Certificate Manager"
-#~ msgstr "GnuPG Zertifikats&verwaltung"
-
#~ msgid "Passphrase"
#~ msgstr "Passphrase"
@@ -863,9 +910,6 @@ msgstr "Queres reverter esta pasta?"
#~ msgid "No valid OpenPGP data found."
#~ msgstr "Keine g?ltigen OpenPGP Daten gefunden"
-#~ msgid "Decryption"
-#~ msgstr "Entschl?sselung"
-
#~ msgid ""
#~ "[This is a PGP/MIME message]\r\n"
#~ "\r\n"
diff --git a/po/sv.po b/po/sv.po
index 9bc4037..327c9c7 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -7,10 +7,11 @@ msgid ""
msgstr ""
"Project-Id-Version: GPGol\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2011-12-27 12:49+0100\n"
+"POT-Creation-Date: 2013-07-12 07:18+0000\n"
"PO-Revision-Date: 2006-12-12 23:52+0100\n"
"Last-Translator: Daniel Nylander \n"
"Language-Team: Swedish \n"
+"Language: sv\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -39,7 +40,7 @@ msgid ""
"entire message again. Then open this attachment."
msgstr ""
-#: src/common.c:216
+#: src/common.c:217
#, fuzzy
msgid "GpgOL - Save decrypted attachment"
msgstr "GPG - Spara dekrypterad bilaga"
@@ -56,6 +57,9 @@ msgstr ""
#: src/engine.c:395 src/engine.c:405 src/main.c:699 src/main.c:705
#: src/message.cpp:303 src/explorers.cpp:204 src/explorers.cpp:209
+#: src/gpgoladdin.cpp:593 src/gpgoladdin.cpp:594 src/ribbon-callbacks.cpp:119
+#: src/ribbon-callbacks.cpp:133 src/ribbon-callbacks.cpp:163
+#: src/ribbon-callbacks.cpp:486 src/ribbon-callbacks.cpp:500
msgid "GpgOL"
msgstr ""
@@ -218,18 +222,18 @@ msgid ""
"\"%s\""
msgstr ""
-#: src/mapihelp.cpp:1527 src/mapihelp.cpp:1535 src/mapihelp.cpp:1543
+#: src/mapihelp.cpp:1528 src/mapihelp.cpp:1536 src/mapihelp.cpp:1544
msgid "[no subject]"
msgstr ""
-#: src/mapihelp.cpp:2152
+#: src/mapihelp.cpp:2153
msgid ""
"[The content of this message is not visible because it has been decrypted by "
"another Outlook session. Use the \"decrypt/verify\" command to make it "
"visible]"
msgstr ""
-#: src/mapihelp.cpp:3004
+#: src/mapihelp.cpp:3005
msgid ""
"[The content of this message is not visible due to an processing error in "
"GpgOL.]"
@@ -311,16 +315,16 @@ msgstr "Kryptering misslyckades"
msgid "Signing failed (%s)"
msgstr "Signering misslyckades"
-#: src/mimeparser.c:1203
+#: src/mimeparser.c:1204
#, fuzzy
msgid "Error writing to stream"
msgstr "Fel vid skrivning av fil"
-#: src/mimeparser.c:1204
+#: src/mimeparser.c:1205
msgid "I/O-Error"
msgstr "In-/Ut-fel"
-#: src/olflange-dlgs.cpp:43
+#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:593
msgid "General"
msgstr ""
@@ -367,28 +371,11 @@ msgstr ""
msgid "This is GpgOL version %s"
msgstr ""
-#: src/olflange.cpp:444
-msgid ""
-"Welcome to GpgOL 1.0\n"
-"\n"
-"GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
-"support to Outlook 2003 and 2007.\n"
-"\n"
-"Although we tested this software extensively, we can't give you any "
-"guarantee that it will work as expected. The programming interface we are "
-"using has not been properly documented by Microsoft and thus the "
-"functionality of GpgOL may cease to work with an update of your Windows "
-"system.\n"
-"\n"
-"WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL ON "
-"ANY SENSITIVE DATA!\n"
-"\n"
-"There are some known problems, the most severe being that sending encrypted "
-"or signed mails using an Exchange based account does not work. Using GpgOL "
-"along with other Outlook plugins may in some cases not work.\n"
+#: src/olflange.cpp:526
+msgid "Welcome to GpgOL "
msgstr ""
-#: src/olflange.cpp:472
+#: src/olflange.cpp:554
msgid ""
"You have installed a new version of GpgOL.\n"
"\n"
@@ -397,7 +384,7 @@ msgid ""
">Options->GpgOL.\n"
msgstr ""
-#: src/olflange.cpp:672
+#: src/olflange.cpp:754
msgid ""
"This version of Outlook is too old!\n"
"\n"
@@ -637,6 +624,48 @@ msgstr ""
msgid "Do you want to revert this folder?"
msgstr ""
+#: src/gpgoladdin.cpp:528
+#, fuzzy
+msgid "Encrypt"
+msgstr "Kryptering"
+
+#: src/gpgoladdin.cpp:528 src/gpgoladdin.cpp:541 src/ribbon-callbacks.cpp:535
+#, fuzzy
+msgid "Decrypt"
+msgstr "Dekryptering"
+
+#: src/gpgoladdin.cpp:593
+#, fuzzy
+msgid "Start Certificate Manager"
+msgstr "GPG-nyckel&hanterare"
+
+#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:595
+msgid "Save and decrypt"
+msgstr ""
+
+#: src/ribbon-callbacks.cpp:132
+#, fuzzy
+msgid "Please select text to encrypt."
+msgstr "V??lj ??tminstone en mottagarnyckel."
+
+#: src/ribbon-callbacks.cpp:162
+#, fuzzy
+msgid "Please add at least one recipent."
+msgstr "V??lj ??tminstone en mottagarnyckel."
+
+#: src/ribbon-callbacks.cpp:499
+#, fuzzy
+msgid "Please select the data you wish to decrypt."
+msgstr "V??lj ??tminstone en mottagarnyckel."
+
+#: src/ribbon-callbacks.cpp:604
+msgid "Plain text"
+msgstr ""
+
+#, fuzzy
+#~ msgid "Decrypt Selection"
+#~ msgstr "Dekryptering"
+
#~ msgid "Select this option to encrypt the message."
#~ msgstr "V??lj det h??r alternativet f??r att kryptera meddelandet."
@@ -715,9 +744,6 @@ msgstr ""
#~ msgid "No valid OpenPGP data found."
#~ msgstr "Inget giltigt OpenPGP-data hittades."
-#~ msgid "Decryption"
-#~ msgstr "Dekryptering"
-
#~ msgid ""
#~ "[This is a PGP/MIME message]\r\n"
#~ "\r\n"
-----------------------------------------------------------------------
Summary of changes:
po/POTFILES.in | 2 +
po/de.po | 155 ++++++++++++++++++++++++++++++++++++-------------------
po/pt.po | 148 ++++++++++++++++++++++++++++++++++-------------------
po/sv.po | 90 +++++++++++++++++++++------------
4 files changed, 257 insertions(+), 138 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 10:35:46 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 12 Jul 2013 10:35:46 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-24-g7d3eccb
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 7d3eccb79093dab365b2e4124b98baacfa527671 (commit)
from 289c0700ecf91048f122adddf86b00eb4b22675a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7d3eccb79093dab365b2e4124b98baacfa527671
Author: Andre Heinecke
Date: Fri Jul 12 08:03:34 2013 +0000
Remove GpgolExt reference and check Version
The addin should only be used in Ol 14 otherwise
the old ExchangeExtension is used.
* src/gpgoladdin.cpp, src/gpgoladdin.h (GpgolAddin): Remove
reference to GpgolExt Object.
(QueryInterface, ~GpgolAddin): Check if addin is enabled.
(OnConnection): Disable based on Version and handle
initialization.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 77ec44c..bd1368b 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -147,13 +147,10 @@ STDMETHODIMP GpgolAddinFactory::CreateInstance (LPUNKNOWN punk, REFIID riid,
The ref count is set by the factory after creation.
*/
-GpgolAddin::GpgolAddin (void) : m_lRef(0), m_application(0), m_addin(0)
+GpgolAddin::GpgolAddin (void) : m_lRef(0), m_application(0),
+ m_addin(0), m_disabled(false)
{
- /* Create the COM Extension Object that handles the startup and
- endinge initialization
- */
- m_gpgolext = new GpgolExt();
-
+ read_options ();
/* RibbonExtender is it's own object to avoid the pitfalls of
multiple inheritance
*/
@@ -165,11 +162,14 @@ GpgolAddin::~GpgolAddin (void)
log_debug ("%s:%s: cleaning up GpgolAddin object;",
SRCNAME, __func__);
- engine_deinit ();
- write_options ();
- delete m_gpgolext;
delete m_ribbonExtender;
+ if (!m_disabled)
+ {
+ engine_deinit ();
+ write_options ();
+ }
+
log_debug ("%s:%s: Object deleted\n", SRCNAME, __func__);
}
@@ -180,6 +180,9 @@ GpgolAddin::QueryInterface (REFIID riid, LPVOID* ppvObj)
*ppvObj = NULL;
+ if (m_disabled)
+ return E_NOINTERFACE;
+
if ((riid == IID_IUnknown) || (riid == IID_IDTExtensibility2) ||
(riid == IID_IDispatch))
{
@@ -191,15 +194,12 @@ GpgolAddin::QueryInterface (REFIID riid, LPVOID* ppvObj)
}
else
{
- hr = m_gpgolext->QueryInterface (riid, ppvObj);
+ hr = E_NOINTERFACE;
#if 0
- if (FAILED(hr))
- {
- LPOLESTR sRiid = NULL;
- StringFromIID(riid, &sRiid);
- log_debug ("%s:%s: queried for unimplmented interface: %S",
- SRCNAME, __func__, sRiid);
- }
+ LPOLESTR sRiid = NULL;
+ StringFromIID(riid, &sRiid);
+ log_debug ("%s:%s: queried for unimplmented interface: %S",
+ SRCNAME, __func__, sRiid);
#endif
}
@@ -214,22 +214,32 @@ GpgolAddin::OnConnection (LPDISPATCH Application, ext_ConnectMode ConnectMode,
LPDISPATCH AddInInst, SAFEARRAY ** custom)
{
(void)custom;
- TRACEPOINT();
+ char* version;
- if (!m_application)
- {
- m_application = Application;
- m_application->AddRef();
- m_addin = AddInInst;
- }
- else
+ log_debug ("%s:%s: this is GpgOL %s\n",
+ SRCNAME, __func__, PACKAGE_VERSION);
+ log_debug ("%s:%s: in Outlook %s\n",
+ SRCNAME, __func__, gpgme_check_version (NULL));
+
+ m_application = Application;
+ m_application->AddRef();
+ m_addin = AddInInst;
+
+ version = get_oom_string (Application, "Version");
+
+ log_debug ("%s:%s: using GPGME %s\n",
+ SRCNAME, __func__, version);
+
+ if (!version || !strlen (version) || strncmp (version, "14", 2))
{
- /* This should not happen but happened during development when
- the vtable was incorrect and the wrong function was called */
- log_debug ("%s:%s: Application already set. Ignoring new value.",
+ m_disabled = true;
+ log_debug ("%s:%s: Disabled addin for unsupported version.",
SRCNAME, __func__);
+
+ xfree (version);
return S_OK;
}
+ engine_init ();
if (ConnectMode != ext_cm_Startup)
{
@@ -244,9 +254,8 @@ GpgolAddin::OnDisconnection (ext_DisconnectMode RemoveMode,
{
(void)custom;
(void)RemoveMode;
- /* Deleting the extension causes everything to be cleaned up */
- delete m_gpgolext;
+ write_options();
return S_OK;
}
diff --git a/src/gpgoladdin.h b/src/gpgoladdin.h
index 9518d9e..cf98e8c 100644
--- a/src/gpgoladdin.h
+++ b/src/gpgoladdin.h
@@ -185,11 +185,11 @@ public:
private:
ULONG m_lRef;
- GpgolExt* m_gpgolext;
GpgolRibbonExtender* m_ribbonExtender;
LPDISPATCH m_application;
LPDISPATCH m_addin;
+ bool m_disabled;
};
-----------------------------------------------------------------------
Summary of changes:
src/gpgoladdin.cpp | 69 +++++++++++++++++++++++++++++----------------------
src/gpgoladdin.h | 2 +-
2 files changed, 40 insertions(+), 31 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 11:00:15 2013
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Fri, 12 Jul 2013 11:00:15 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.13-8-g212a325
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 212a325d428e0ab5c51c42a3ea33efb21ad1f79f (commit)
from 6f0ec6ab485f48c8079ab2a16ed41ee7859f88ab (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 212a325d428e0ab5c51c42a3ea33efb21ad1f79f
Author: NIIBE Yutaka
Date: Fri Jul 12 17:26:55 2013 +0900
gpg: signal handling fix
* include/dotlock.h (dotlock_remove_lockfiles_reclaim): New.
(dotlock_destroy, dotlock_remove_lockfiles): Add a flag to reclaim
memory or not.
* util/dotlock.c (dotlock_create): Use
dotlock_remove_lockfiles_reclaim for atexit.
(dotlock_destroy_unix, dotlock_destroy)
(dotlock_remove_lockfiles): Add a reclaim flag.
(dotlock_remove_lockfiles_reclaim): New.
* g10/signal.c (got_fatal_signal): Disable flag of reclaim memory to
avoid non-async-face call.
* g10/keydb.c (maybe_create_keyring): Follow the API change.
* g10/gpgv.c: Follow the API change.
--
signal handler got_fatal_signal should not call non-async-signal-safe
functions. When malloc is interrupted by a signal, it screws up.
This issue is reported:
https://bugs.g10code.com/gnupg/issue1515
http://bugs.debian.org/399904
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 9ee8032..2d51829 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -434,7 +434,7 @@ void rl_free_line_state (void) {}
void dotlock_disable(void) {}
dotlock_t dotlock_create (const char *file_to_lock, unsigned int flags)
{ return NULL; }
-void dotlock_destroy (dotlock_t h) {}
+void dotlock_destroy (dotlock_t h, int reclaim) {}
int dotlock_take (dotlock_t h, long timeout) { return 0;}
int dotlock_release (dotlock_t h) {return 0;}
-void dotlock_remove_lockfiles (void) {}
+void dotlock_remove_lockfiles (void, int reclaim) {}
diff --git a/g10/keydb.c b/g10/keydb.c
index d6d83e2..8be1945 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -181,7 +181,7 @@ maybe_create_keyring (char *filename, int force)
if (lockhd)
{
dotlock_release (lockhd);
- dotlock_destroy (lockhd);
+ dotlock_destroy (lockhd, 1);
}
return rc;
}
diff --git a/g10/signal.c b/g10/signal.c
index 086bf51..44b863d 100644
--- a/g10/signal.c
+++ b/g10/signal.c
@@ -122,7 +122,7 @@ got_fatal_signal( int sig )
/* Reset action to default action and raise signal again. */
init_one_signal (sig, SIG_DFL, 0);
- dotlock_remove_lockfiles ();
+ dotlock_remove_lockfiles (0);
#ifdef __riscos__
riscos_close_fds ();
#endif /* __riscos__ */
diff --git a/include/dotlock.h b/include/dotlock.h
index 920a81a..0453792 100644
--- a/include/dotlock.h
+++ b/include/dotlock.h
@@ -101,10 +101,11 @@ void dotlock_disable (void);
dotlock_t dotlock_create (const char *file_to_lock, unsigned int flags);
void dotlock_set_fd (dotlock_t h, int fd);
int dotlock_get_fd (dotlock_t h);
-void dotlock_destroy (dotlock_t h);
+void dotlock_destroy (dotlock_t h, int reclaim);
int dotlock_take (dotlock_t h, long timeout);
int dotlock_release (dotlock_t h);
-void dotlock_remove_lockfiles (void);
+void dotlock_remove_lockfiles (int reclaim);
+void dotlock_remove_lockfiles_reclaim (void);
#ifdef __cplusplus
}
diff --git a/util/dotlock.c b/util/dotlock.c
index c5f3a78..27c2bb2 100644
--- a/util/dotlock.c
+++ b/util/dotlock.c
@@ -128,7 +128,7 @@
unlinked using the atexit handler. If you don't need the lock file
anymore, you may also explicitly remove it with a call to:
- dotlock_destroy (h);
+ dotlock_destroy (h, 1);
To actually lock the file, you use:
@@ -823,7 +823,7 @@ dotlock_create (const char *file_to_lock, unsigned int flags)
if ( !initialized )
{
- atexit (dotlock_remove_lockfiles);
+ atexit (dotlock_remove_lockfiles_reclaim);
initialized = 1;
}
@@ -881,13 +881,14 @@ dotlock_get_fd (dotlock_t h)
#ifdef HAVE_POSIX_SYSTEM
/* Unix specific code of destroy_dotlock. */
static void
-dotlock_destroy_unix (dotlock_t h)
+dotlock_destroy_unix (dotlock_t h, int reclaim)
{
if (h->locked && h->lockname)
unlink (h->lockname);
if (h->tname && !h->use_o_excl)
unlink (h->tname);
- jnlib_free (h->tname);
+ if (reclaim)
+ jnlib_free (h->tname);
}
#endif /*HAVE_POSIX_SYSTEM*/
@@ -911,7 +912,7 @@ dotlock_destroy_w32 (dotlock_t h)
/* Destroy the locck handle H and release the lock. */
void
-dotlock_destroy (dotlock_t h)
+dotlock_destroy (dotlock_t h, int reclaim)
{
dotlock_t hprev, htmp;
@@ -938,11 +939,13 @@ dotlock_destroy (dotlock_t h)
#ifdef HAVE_DOSISH_SYSTEM
dotlock_destroy_w32 (h);
#else /* !HAVE_DOSISH_SYSTEM */
- dotlock_destroy_unix (h);
+ dotlock_destroy_unix (h, reclaim);
#endif /* HAVE_DOSISH_SYSTEM */
- jnlib_free (h->lockname);
+ if (reclaim)
+ jnlib_free (h->lockname);
}
- jnlib_free(h);
+ if (reclaim)
+ jnlib_free (h);
}
@@ -1284,9 +1287,14 @@ dotlock_release (dotlock_t h)
/* Remove all lockfiles. This is called by the atexit handler
installed by this module but may also be called by other
- termination handlers. */
+ termination handlers.
+
+ When RECLAIM == 0, it doesn't reclaim memory allocated.
+ This is useful calling by signal handlers.
+*/
+
void
-dotlock_remove_lockfiles (void)
+dotlock_remove_lockfiles (int reclaim)
{
dotlock_t h, h2;
@@ -1301,7 +1309,13 @@ dotlock_remove_lockfiles (void)
while ( h )
{
h2 = h->next;
- dotlock_destroy (h);
+ dotlock_destroy (h, reclaim);
h = h2;
}
}
+
+void
+dotlock_remove_lockfiles_reclaim (void)
+{
+ dotlock_remove_lockfiles (1);
+}
-----------------------------------------------------------------------
Summary of changes:
g10/gpgv.c | 4 ++--
g10/keydb.c | 2 +-
g10/signal.c | 2 +-
include/dotlock.h | 5 +++--
util/dotlock.c | 36 +++++++++++++++++++++++++-----------
5 files changed, 32 insertions(+), 17 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 13:17:18 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 12 Jul 2013 13:17:18 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-26-ge343c18
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via e343c1843b4103749e20796aea94e90035a61bf5 (commit)
via 1a5693177632f4cc7b7480aa0047de274ffab0d1 (commit)
from 7d3eccb79093dab365b2e4124b98baacfa527671 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e343c1843b4103749e20796aea94e90035a61bf5
Author: Andre Heinecke
Date: Fri Jul 12 10:50:41 2013 +0000
Load png images from resource for RibbonUi
This uses gdiplus to convert the PNG data. It also
simplyfies the invoke as the size is now taken
from the resource file.
* src/Makefile.am: Link gdiplus
* src/gpgoladdin.cpp (Invoke): Just call getIcon for button
callbacks
* src/ribbon-callbacks.cpp (getIcon): Load images from resource
as PNG and convert them.
* src/ribbon-callbacks.h: Use png icons.
diff --git a/src/Makefile.am b/src/Makefile.am
index 137cc59..a385d5b 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -118,7 +118,7 @@ gpgol_LDADD = $(srcdir)/gpgol.def \
-L . -lgpgme -lassuan -lgpg-error \
-lmapi32 -lshell32 -lgdi32 -lcomdlg32 \
-lole32 -loleaut32 -lws2_32 -ladvapi32 \
- -luuid
+ -luuid -lgdiplus
resource.o: resource.rc versioninfo.rc dialogs.rc
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index bd1368b..e6cde64 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -485,13 +485,10 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
case ID_CMD_CERT_MANAGER:
return startCertManager (parms->rgvarg[0].pdispVal);
case ID_BTN_CERTMANAGER:
- return getIcon (ID_BTN_CERTMANAGER, ICON_SIZE_LARGE, result);
case ID_BTN_ENCRYPT:
- return getIcon (ID_BTN_ENCRYPT, ICON_SIZE_NORMAL, result);
case ID_BTN_DECRYPT:
- return getIcon (ID_BTN_DECRYPT, ICON_SIZE_NORMAL, result);
case ID_BTN_DECRYPT_LARGE:
- return getIcon (ID_BTN_DECRYPT_LARGE, ICON_SIZE_LARGE, result);
+ return getIcon (dispid, result);
}
log_debug ("%s:%s: leave", SRCNAME, __func__);
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index d1b6224..f686fa6 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -25,6 +25,7 @@
#include
#include
#include
+#include
#include
@@ -626,52 +627,89 @@ decryptSelection (LPDISPATCH ctrl)
return S_OK;
}
+
+/* getIcon
+ Loads a PNG image from the resurce converts it into a Bitmap
+ and Wraps it in an PictureDispatcher that is returned as result.
+
+ Based on documentation from:
+ http://www.codeproject.com/Articles/3537/Loading-JPG-PNG-resources-using-GDI
+*/
+
HRESULT
-getIcon (int id, int size, VARIANT* result)
+getIcon (int id, VARIANT* result)
{
PICTDESC pdesc;
LPDISPATCH pPict;
HRESULT hr;
UINT fuload;
+ Gdiplus::GdiplusStartupInput gdiplusStartupInput;
+ Gdiplus::Bitmap* pbitmap;
+ ULONG_PTR gdiplusToken;
+ HRSRC hResource;
+ DWORD imageSize;
+ const void* pResourceData;
+ HGLOBAL hBuffer;
memset (&pdesc, 0, sizeof pdesc);
pdesc.cbSizeofstruct = sizeof pdesc;
pdesc.picType = PICTYPE_BITMAP;
-/*
- In the future we might want to use PNGs here to have
- full Alpha Channel support for the icons
-
- Some explanation about images and transparency in Ribbons:
- http://blogs.msdn.com/b/jensenh/archive/2006/11/27/ribbonx-image-faq.aspx
+ /* Initialize GDI */
+ gdiplusStartupInput.DebugEventCallback = NULL;
+ gdiplusStartupInput.SuppressBackgroundThread = FALSE;
+ gdiplusStartupInput.SuppressExternalCodecs = FALSE;
+ gdiplusStartupInput.GdiplusVersion = 1;
+ GdiplusStartup (&gdiplusToken, &gdiplusStartupInput, NULL);
- Here is an example how this could look like with gdiplus:
+ /* Get the image from the resource file */
+ hResource = FindResource (glob_hinst, MAKEINTRESOURCE(id), RT_RCDATA);
+ if (!hResource)
+ {
+ log_error ("%s:%s: failed to find image: %i",
+ SRCNAME, __func__, id);
+ return E_FAIL;
+ }
- GdiplusStartupInput gdiplusStartupInput;
- ULONG_PTR gdiplusToken;
- Bitmap* pbitmap;
+ imageSize = SizeofResource (glob_hinst, hResource);
+ if (!imageSize)
+ return E_FAIL;
- GetModuleFileName(glob_hinst, szModuleFileName, MAX_PATH);
+ pResourceData = LockResource (LoadResource(glob_hinst, hResource));
- gdiplusStartupInput.DebugEventCallback = NULL;
- gdiplusStartupInput.SuppressBackgroundThread = FALSE;
- gdiplusStartupInput.SuppressExternalCodecs = FALSE;
- gdiplusStartupInput.GdiplusVersion = 1;
- GdiplusStartup (&gdiplusToken, &gdiplusStartupInput, NULL);
+ if (!pResourceData)
+ {
+ log_error ("%s:%s: failed to load image: %i",
+ SRCNAME, __func__, id);
+ return E_FAIL;
+ }
- pbitmap = Bitmap::FromFile (L"c:\\foo.png", FALSE);
- if (!pbitmap || pbitmap->GetHBITMAP (0, &pdesc.bmp.hbitmap))
- {
- log_error ("%s:%s: failed to load file.",
- SRCNAME, __func__);
- }
-*/
+ hBuffer = GlobalAlloc (GMEM_MOVEABLE, imageSize);
- fuload = LR_CREATEDIBSECTION | LR_SHARED;
+ if (hBuffer)
+ {
+ void* pBuffer = GlobalLock (hBuffer);
+ if (pBuffer)
+ {
+ IStream* pStream = NULL;
+ CopyMemory (pBuffer, pResourceData, imageSize);
+
+ if (CreateStreamOnHGlobal (hBuffer, FALSE, &pStream) == S_OK)
+ {
+ pbitmap = Gdiplus::Bitmap::FromStream (pStream);
+ pStream->Release();
+ if (!pbitmap || pbitmap->GetHBITMAP (0, &pdesc.bmp.hbitmap))
+ {
+ log_error ("%s:%s: failed to get PNG.",
+ SRCNAME, __func__);
+ }
+ }
+ }
+ GlobalUnlock (pBuffer);
+ }
+ GlobalFree (hBuffer);
- pdesc.bmp.hbitmap = (HBITMAP) LoadImage (glob_hinst,
- MAKEINTRESOURCE (id),
- IMAGE_BITMAP, size, size, fuload);
+ Gdiplus::GdiplusShutdown (gdiplusToken);
/* Wrap the image into an OLE object. */
hr = OleCreatePictureIndirect (&pdesc, IID_IPictureDisp,
@@ -686,9 +724,6 @@ getIcon (int id, int size, VARIANT* result)
result->pdispVal = pPict;
result->vt = VT_DISPATCH;
- /*
- GdiplusShutdown (gdiplusToken);
- */
return S_OK;
}
diff --git a/src/ribbon-callbacks.h b/src/ribbon-callbacks.h
index bf869a9..9396c0f 100644
--- a/src/ribbon-callbacks.h
+++ b/src/ribbon-callbacks.h
@@ -30,14 +30,15 @@
#define ID_CMD_ENCRYPT_SELECTION 3
#define ID_CMD_DECRYPT_SELECTION 4
#define ID_CMD_CERT_MANAGER 5
-#define ID_BTN_CERTMANAGER IDB_KEY_MANAGER_32
-#define ID_BTN_DECRYPT IDB_DECRYPT_16
-#define ID_BTN_DECRYPT_LARGE IDB_DECRYPT_32
-#define ID_BTN_ENCRYPT IDB_ENCRYPT_16
+#define ID_BTN_CERTMANAGER IDI_KEY_MANAGER_64_PNG
+#define ID_BTN_DECRYPT IDI_DECRYPT_16_PNG
+#define ID_BTN_DECRYPT_LARGE IDI_DECRYPT_48_PNG
+#define ID_BTN_ENCRYPT IDI_ENCRYPT_16_PNG
+#define ID_BTN_ENCRYPT_LARGE IDI_ENCRYPT_48_PNG
HRESULT decryptAttachments (LPDISPATCH ctrl);
HRESULT encryptSelection (LPDISPATCH ctrl);
HRESULT decryptSelection (LPDISPATCH ctrl);
-HRESULT getIcon (int id, int size, VARIANT* result);
+HRESULT getIcon (int id, VARIANT* result);
HRESULT startCertManager (LPDISPATCH ctrl);
#endif
commit 1a5693177632f4cc7b7480aa0047de274ffab0d1
Author: Andre Heinecke
Date: Fri Jul 12 10:47:36 2013 +0000
Add png icons to be used in RibbonUI
* src/Makefile.am (extra_dist): Add added Icons
* src/README.icons: Add documentation
* src/decrypt-16.png, src/decrypt-48.png, src/encrypt-16.png,
src/encrypt-48.png, src/key-manager-64.png: New.
* src/dialogs.h, src/dialogs.rc: Add new Ressources
diff --git a/src/Makefile.am b/src/Makefile.am
index 18c1355..137cc59 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -30,6 +30,9 @@ EXTRA_DIST = \
verify-32.bmp verify-32m.bmp \
decrypt-verify-16.bmp decrypt-verify-16m.bmp \
decrypt-verify-32.bmp decrypt-verify-32m.bmp \
+ encrypt-16.png encrypt-48.png \
+ key-manager-64.png \
+ decrypt-16.png decrypt-48.png \
logo.bmp README.icons
EXEEXT = .dll
diff --git a/src/README.icons b/src/README.icons
index c9a9979..3d55741 100644
--- a/src/README.icons
+++ b/src/README.icons
@@ -11,24 +11,30 @@ and those installed via the forms extensions from external files.
ECE semi-documented way of installing icons. This required a
special palette (file Outlook.gpl) and the pink background colour as
the transparency hack. Now we are using the OOM and things are much
- easier.
+ easier.
+
+ For Outlook 2010 and later versions we use PNG's directly with full
+ alpha channel support. They are converted to bitmaps in
+ ribbon-callbacks getIcon function.
Icons are included by the resource compiler which reads the file
dialogs.rc to create the resource. This is all integtraged into the
Makefile. A sample entry in dialogs.rc looks like this:
IDB_KEY_MANAGER_16 BITMAP DISCARDABLE "key-manager-16.bmp"
- IDB_KEY_MANAGER_16M BITMAP DISCARDABLE "key-manager-16m.bmp"
- IDB_KEY_MANAGER_32 BITMAP DISCARDABLE "key-manager-32.bmp"
- IDB_KEY_MANAGER_32M BITMAP DISCARDABLE "key-manager-32m.bmp"
- //IDB_KEY_MANAGER_64 BITMAP DISCARDABLE
- //IDB_KEY_MANAGER_64M BITMAP DISCARDABLE
+ IDB_KEY_MANAGER_16M BITMAP DISCARDABLE "key-manager-16m.bmp"
+ IDB_KEY_MANAGER_32 BITMAP DISCARDABLE "key-manager-32.bmp"
+ IDB_KEY_MANAGER_32M BITMAP DISCARDABLE "key-manager-32m.bmp"
+ //IDB_KEY_MANAGER_64 BITMAP DISCARDABLE
+ //IDB_KEY_MANAGER_64M BITMAP DISCARDABLE
+ IDI_KEY_MANAGER_64_PNG RCDATA "key-manager-64.png"
This is the icon for the certificate manager. We provide two
resolutions: 16x16 and 32x32 pixel. I have not yet encountered the
32x32 thus most other icons are only available in the 16x16 variant.
The IDB_foo identifiers are defined in dialogs.h; see the comments
at the top of that file for details.
+ PNG icons have to be added with the type RCDATA.
For compatibility with OL2003 we can't use PNGs directly but we need
to provide bitmaps and a mask for transparency.
diff --git a/src/decrypt-16.png b/src/decrypt-16.png
new file mode 100644
index 0000000..8ebe5b1
Binary files /dev/null and b/src/decrypt-16.png differ
diff --git a/src/decrypt-48.png b/src/decrypt-48.png
new file mode 100644
index 0000000..2dfad6a
Binary files /dev/null and b/src/decrypt-48.png differ
diff --git a/src/dialogs.h b/src/dialogs.h
index a950c44..314047d 100644
--- a/src/dialogs.h
+++ b/src/dialogs.h
@@ -134,6 +134,11 @@
#define IDC_VRY_AKALIST 4420
#define IDC_VRY_HINT 4421
-
+/* Ids for PNG Images */
+#define IDI_ENCRYPT_16_PNG 6000
+#define IDI_ENCRYPT_48_PNG 6001
+#define IDI_DECRYPT_16_PNG 6010
+#define IDI_DECRYPT_48_PNG 6011
+#define IDI_KEY_MANAGER_64_PNG 6020
#endif /*DIALOGS_H*/
diff --git a/src/dialogs.rc b/src/dialogs.rc
index 357d595..586ebdb 100644
--- a/src/dialogs.rc
+++ b/src/dialogs.rc
@@ -24,31 +24,36 @@
IDB_ENCRYPT_16 BITMAP DISCARDABLE "encrypt-16.bmp"
-IDB_ENCRYPT_16M BITMAP DISCARDABLE "encrypt-16m.bmp"
+IDB_ENCRYPT_16M BITMAP DISCARDABLE "encrypt-16m.bmp"
IDB_ENCRYPT_32 BITMAP DISCARDABLE "encrypt-32.bmp"
-IDB_ENCRYPT_32M BITMAP DISCARDABLE "encrypt-32m.bmp"
+IDB_ENCRYPT_32M BITMAP DISCARDABLE "encrypt-32m.bmp"
+IDI_ENCRYPT_16_PNG RCDATA "encrypt-16.png"
+IDI_ENCRYPT_48_PNG RCDATA "encrypt-48.png"
IDB_SIGN_16 BITMAP DISCARDABLE "sign-16.bmp"
-IDB_SIGN_16M BITMAP DISCARDABLE "sign-16m.bmp"
-IDB_SIGN_32 BITMAP DISCARDABLE "sign-32.bmp"
-IDB_SIGN_32M BITMAP DISCARDABLE "sign-32m.bmp"
+IDB_SIGN_16M BITMAP DISCARDABLE "sign-16m.bmp"
+IDB_SIGN_32 BITMAP DISCARDABLE "sign-32.bmp"
+IDB_SIGN_32M BITMAP DISCARDABLE "sign-32m.bmp"
IDB_KEY_MANAGER_16 BITMAP DISCARDABLE "key-manager-16.bmp"
-IDB_KEY_MANAGER_16M BITMAP DISCARDABLE "key-manager-16m.bmp"
-IDB_KEY_MANAGER_32 BITMAP DISCARDABLE "key-manager-32.bmp"
-IDB_KEY_MANAGER_32M BITMAP DISCARDABLE "key-manager-32m.bmp"
-IDB_KEY_MANAGER_64 BITMAP DISCARDABLE "key-manager-64.bmp"
+IDB_KEY_MANAGER_16M BITMAP DISCARDABLE "key-manager-16m.bmp"
+IDB_KEY_MANAGER_32 BITMAP DISCARDABLE "key-manager-32.bmp"
+IDB_KEY_MANAGER_32M BITMAP DISCARDABLE "key-manager-32m.bmp"
+IDB_KEY_MANAGER_64 BITMAP DISCARDABLE "key-manager-64.bmp"
IDB_KEY_MANAGER_64M BITMAP DISCARDABLE "key-manager-64m.bmp"
+IDI_KEY_MANAGER_64_PNG RCDATA "key-manager-64.png"
IDB_DECRYPT_16 BITMAP DISCARDABLE "decrypt-16.bmp"
-IDB_DECRYPT_16M BITMAP DISCARDABLE "decrypt-16m.bmp"
+IDB_DECRYPT_16M BITMAP DISCARDABLE "decrypt-16m.bmp"
IDB_DECRYPT_32 BITMAP DISCARDABLE "decrypt-32.bmp"
IDB_DECRYPT_32M BITMAP DISCARDABLE "decrypt-32m.bmp"
+IDI_DECRYPT_16_PNG RCDATA "decrypt-16.png"
+IDI_DECRYPT_48_PNG RCDATA "decrypt-48.png"
-IDB_VERIFY_16 BITMAP DISCARDABLE "verify-16.bmp"
-IDB_VERIFY_16M BITMAP DISCARDABLE "verify-16m.bmp"
-IDB_VERIFY_32 BITMAP DISCARDABLE "verify-32.bmp"
-IDB_VERIFY_32M BITMAP DISCARDABLE "verify-32m.bmp"
+IDB_VERIFY_16 BITMAP DISCARDABLE "verify-16.bmp"
+IDB_VERIFY_16M BITMAP DISCARDABLE "verify-16m.bmp"
+IDB_VERIFY_32 BITMAP DISCARDABLE "verify-32.bmp"
+IDB_VERIFY_32M BITMAP DISCARDABLE "verify-32m.bmp"
IDB_DECRYPT_VERIFY_16 BITMAP DISCARDABLE "decrypt-verify-16.bmp"
IDB_DECRYPT_VERIFY_16M BITMAP DISCARDABLE "decrypt-verify-16m.bmp"
diff --git a/src/encrypt-16.png b/src/encrypt-16.png
new file mode 100644
index 0000000..403f4a7
Binary files /dev/null and b/src/encrypt-16.png differ
diff --git a/src/encrypt-48.png b/src/encrypt-48.png
new file mode 100644
index 0000000..fb27604
Binary files /dev/null and b/src/encrypt-48.png differ
diff --git a/src/key-manager-64.png b/src/key-manager-64.png
new file mode 100644
index 0000000..38b7ed0
Binary files /dev/null and b/src/key-manager-64.png differ
-----------------------------------------------------------------------
Summary of changes:
src/Makefile.am | 5 ++-
src/README.icons | 18 ++++++---
src/decrypt-16.png | Bin 0 -> 418 bytes
src/decrypt-48.png | Bin 0 -> 2104 bytes
src/dialogs.h | 7 +++-
src/dialogs.rc | 33 +++++++++-------
src/encrypt-16.png | Bin 0 -> 383 bytes
src/encrypt-48.png | Bin 0 -> 2474 bytes
src/gpgoladdin.cpp | 5 +--
src/key-manager-64.png | Bin 0 -> 3361 bytes
src/ribbon-callbacks.cpp | 97 +++++++++++++++++++++++++++++++---------------
src/ribbon-callbacks.h | 11 +++--
12 files changed, 114 insertions(+), 62 deletions(-)
create mode 100644 src/decrypt-16.png
create mode 100644 src/decrypt-48.png
create mode 100644 src/encrypt-16.png
create mode 100644 src/encrypt-48.png
create mode 100644 src/key-manager-64.png
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 15:25:02 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 12 Jul 2013 15:25:02 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.8.3-4-g54b9b92
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".
The branch, master has been updated
via 54b9b92c13a496a33868501dec893bc8d82b1a8d (commit)
from 0b3a8568e14b994a8d1f4c1cb42aed4959dfc811 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 54b9b92c13a496a33868501dec893bc8d82b1a8d
Author: Werner Koch
Date: Fri Jul 12 14:57:00 2013 +0200
Fix for commit fb38be9 to allow for "make distcheck".
* qt4/Makefile.am: Make correct use of BUILT_SOURCES.
--
This also remove some GNU make specific hacks.
diff --git a/.gitignore b/.gitignore
index 872e4af..575e011 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,3 +35,6 @@ secmem/Makefile
w32/Makefile.in
w32/Makefile
+/qt4/pinentryconfirm.moc
+/qt4/pinentrydialog.moc
+/qt4/qsecurelineedit.moc
diff --git a/qt4/Makefile.am b/qt4/Makefile.am
index 6606d71..6dd5f25 100644
--- a/qt4/Makefile.am
+++ b/qt4/Makefile.am
@@ -41,17 +41,20 @@ pinentry_qt4_LDADD = $(QT4_CORE_LIBS) $(QT4_GUI_LIBS) $(libcurses) \
../pinentry/libpinentry.a $(top_builddir)/assuan/libassuan.a \
$(top_builddir)/secmem/libsecmem.a $(LIBCAP)
-$(pinentry_qt4_OBJECTS) : pinentryconfirm.moc qsecurelineedit.moc pinentrydialog.moc
+BUILT_SOURCES = \
+ pinentryconfirm.moc qsecurelineedit.moc pinentrydialog.moc
+
+MAINTAINERCLEANFILES = \
+ pinentryconfirm.moc qsecurelineedit.moc pinentrydialog.moc
+
+EXTRA_DIST += \
+ pinentryconfirm.moc qsecurelineedit.moc pinentrydialog.moc
pinentry_qt4_SOURCES = pinentrydialog.h pinentrydialog.cpp \
main.cpp secstring.h secstring.cpp qsecurelineedit.h \
qsecurelineedit.cpp qrc_pinentry.cpp \
- qsecurelineedit_p.h pinentryconfirm.cpp pinentryconfirm.h
-
-clean-moc-extra:
- rm -vf *.moc
-
-clean-am: clean-moc-extra
+ qsecurelineedit_p.h pinentryconfirm.cpp pinentryconfirm.h \
+ pinentryconfirm.moc qsecurelineedit.moc pinentrydialog.moc
-%.moc: %.h
- $(MOC) $< -o $@
+.h.moc:
+ $(MOC) `test -f '$<' || echo '$(srcdir)/'`$< -o $@
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 3 +++
qt4/Makefile.am | 21 ++++++++++++---------
2 files changed, 15 insertions(+), 9 deletions(-)
hooks/post-receive
--
The standard pinentry collection
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 15:52:10 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 12 Jul 2013 15:52:10 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-27-g532d741
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 532d7417713e4f3ac9ad4db011fbe117e0fa15de (commit)
from e343c1843b4103749e20796aea94e90035a61bf5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 532d7417713e4f3ac9ad4db011fbe117e0fa15de
Author: Andre Heinecke
Date: Fri Jul 12 13:25:51 2013 +0000
Handle fileextensions in save attachment dialog
If the filename has an extension add it as the first filter
entry.
* src/common.c (get_save_filename): Add file extension as Filter.
Generalize dialog title.
--
This is important because it is now used to save an encrypted
attachment and call decrypt files on that file file afterwards.
For SMIME the file extension is then important.
diff --git a/src/common.c b/src/common.c
index 549d768..ec8c370 100644
--- a/src/common.c
+++ b/src/common.c
@@ -197,14 +197,29 @@ get_system_check_bitmap (int checked)
char *
get_save_filename (HWND root, const char *srcname)
{
- char filter[] = "All Files (*.*)\0*.*\0\0";
+ char filter[21] = "All Files (*.*)\0*.*\0\0";
char fname[MAX_PATH+1];
+ char filterBuf[32];
+ char* extSep;
OPENFILENAME ofn;
memset (fname, 0, sizeof (fname));
+ memset (filterBuf, 0, sizeof (filterBuf));
strncpy (fname, srcname, MAX_PATH-1);
fname[MAX_PATH] = 0;
+ if ((extSep = strrchr (srcname, '.')) && strlen (extSep) <= 4)
+ {
+ /* Windows removes the file extension by default so we
+ need to set the first filter to the file extension.
+ */
+ strcpy (filterBuf, extSep);
+ strcpy (filterBuf + strlen (filterBuf) + 1, extSep);
+ memcpy (filterBuf + strlen (extSep) * 2 + 2, filter, 21);
+ }
+ else
+ memcpy (filterBuf, filter, 21);
+
memset (&ofn, 0, sizeof (ofn));
ofn.lStructSize = sizeof (ofn);
@@ -214,8 +229,8 @@ get_save_filename (HWND root, const char *srcname)
ofn.lpstrFileTitle = NULL;
ofn.nMaxFileTitle = 0;
ofn.Flags |= OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT;
- ofn.lpstrTitle = _("GpgOL - Save decrypted attachment");
- ofn.lpstrFilter = filter;
+ ofn.lpstrTitle = _("GpgOL - Save attachment");
+ ofn.lpstrFilter = filterBuf;
if (GetSaveFileName (&ofn))
return xstrdup (fname);
-----------------------------------------------------------------------
Summary of changes:
src/common.c | 21 ++++++++++++++++++---
1 files changed, 18 insertions(+), 3 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 20:06:52 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 12 Jul 2013 20:06:52 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-33-g98acc5a
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 98acc5a6122cb1c664a4c7c0d91472911fcb96f2 (commit)
via 29dccaed22246f9546aa522a1c4a314fe9c813a4 (commit)
via 7ffe414c43e5b8c75da60d23e00fb6943ffdfed2 (commit)
via 22a5a7f43cc683102ff05df98c4d9e4b9d177253 (commit)
via a0a963a941ee89e70afd01115c6b2d46ce22604a (commit)
via 8ee687d2167b2af81784dc3adb00033dfa645db5 (commit)
from 532d7417713e4f3ac9ad4db011fbe117e0fa15de (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 98acc5a6122cb1c664a4c7c0d91472911fcb96f2
Author: Andre Heinecke
Date: Fri Jul 12 17:33:50 2013 +0000
Update UI to reflect implementation
Comment out add encrypted attachment selection and
the decrypt action in the explorer context.
* src/gpgoladdin.cpp (GetContext): Comment out code.
--
AddEncryptedAttachment is something for later.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index d8f1b65..047858d 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -559,14 +559,17 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" label=\"%S\""
L" onAction=\"decryptBody\"/>"
L" "
+ /*
+ TODO: Implement
L" "
L" "
+ L" onAction=\"addEncSignedAttachment\"/>"
L" "
+ */
L" "
L" "
L" "
@@ -587,8 +590,11 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
_("Textbody"),
_("Encrypt"),
_("Decrypt"),
+ /*
+ TODO: Implement
_("Attachments"),
_("Encrypted file"),
+ */
_("Encrypt"), _("Decrypt")
);
}
@@ -596,6 +602,29 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
{
swprintf (buffer,
L""
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
L""
L""
L" "
L" "
L""
- L"", _("Decrypt"));
+ L"", _("GpgOL"), _("General"),
+ _("Start Certificate Manager"),
+ _("Textbody"),
+ _("Decrypt"),
+ _("Decrypt"));
}
else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer"))
{
@@ -621,6 +654,18 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" label=\"%S\""
L" onAction=\"startCertManager\"/>"
L" "
+ /* This would be totally nice but Outlook
+ saves the decrypted text aftewards automatically.
+ Yay,..
+ L" "
+ L" "
+ L" "
+ */
L" "
L" "
L" "
@@ -656,6 +701,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" "
L"",
_("GpgOL"), _("General"), _("Start Certificate Manager"),
+ /*_("Mail Body"), _("Decrypt"),*/
_("GpgOL"), _("Save and decrypt"),/*_("Decrypt"), */
_("Save and decrypt"));
}
commit 29dccaed22246f9546aa522a1c4a314fe9c813a4
Author: Andre Heinecke
Date: Fri Jul 12 17:28:25 2013 +0000
Make decryptInspector work for Explorer Context
Beware: If you decrypt a Mail in the explorer context outlook
automatically saves it!
* src/ribbon-callbacks.cpp (decryptInspector): Handle explorer
context. Clean up variable names.
--
This code is not called in that context there might be a way
to avoid the save or maybe we can offer something like
"Permanently Decrypt"
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 417cf13..e66adf2 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -503,8 +503,8 @@ decryptInspector (LPDISPATCH ctrl, int flags)
engine_filter_t filter = NULL;
LPOLEWINDOW actExplorer;
HWND curWindow;
- char* plaintext = NULL;
- int plaintextLen = 0;
+ char* encData = NULL;
+ int encDataLen = 0;
int rc = 0;
unsigned int session_number;
HRESULT hr;
@@ -531,12 +531,16 @@ decryptInspector (LPDISPATCH ctrl, int flags)
}
RELDISP (actExplorer);
- wordEditor = get_oom_object (context, "WordEditor");
- wordApplication = get_oom_object (wordEditor, "get_Application");
- selection = get_oom_object (wordApplication, "get_Selection");
+ if ( !flags & DECRYPT_INSPECTOR_BODY)
+ {
+ wordEditor = get_oom_object (context, "WordEditor");
+ wordApplication = get_oom_object (wordEditor, "get_Application");
+ selection = get_oom_object (wordApplication, "get_Selection");
+ }
mailItem = get_oom_object (context, "CurrentItem");
- if (!wordEditor || !wordApplication || !selection || !mailItem)
+ if ((!wordEditor || !wordApplication || !selection || !mailItem) &&
+ (!flags & DECRYPT_INSPECTOR_BODY))
{
MessageBox (NULL,
"Internal error in GpgOL.\n"
@@ -548,11 +552,27 @@ decryptInspector (LPDISPATCH ctrl, int flags)
goto failure;
}
+ if (!mailItem)
+ {
+ /* This happens when we try to decrypt the body of a mail in the
+ explorer context. */
+ mailItem = get_oom_object (context, "Selection.Item(1)");
+
+ if (!mailItem)
+ {
+ MessageBox (NULL,
+ _("Please select a Mail."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ goto failure;
+ }
+ }
+
if (flags & DECRYPT_INSPECTOR_SELECTION)
{
- plaintext = get_oom_string (selection, "Text");
+ encData = get_oom_string (selection, "Text");
- if (!plaintext || (plaintextLen = strlen (plaintext)) <= 1)
+ if (!encData || (encDataLen = strlen (encData)) <= 1)
{
MessageBox (NULL,
_("Please select the data you wish to decrypt."),
@@ -563,9 +583,9 @@ decryptInspector (LPDISPATCH ctrl, int flags)
}
else if (flags & DECRYPT_INSPECTOR_BODY)
{
- plaintext = get_oom_string (mailItem, "Body");
+ encData = get_oom_string (mailItem, "Body");
- if (!plaintext || (plaintextLen = strlen (plaintext)) <= 1)
+ if (!encData || (encDataLen = strlen (encData)) <= 1)
{
MessageBox (NULL,
_("Nothing to decrypt."),
@@ -575,10 +595,10 @@ decryptInspector (LPDISPATCH ctrl, int flags)
}
}
- fix_linebreaks (plaintext, &plaintextLen);
+ fix_linebreaks (encData, &encDataLen);
/* Determine the protocol based on the content */
- protocol = is_cms_data (plaintext, plaintextLen) ? PROTOCOL_SMIME :
+ protocol = is_cms_data (encData, encDataLen) ? PROTOCOL_SMIME :
PROTOCOL_OPENPGP;
hr = OpenStreamOnFile (MAPIAllocateBuffer, MAPIFreeBuffer,
@@ -617,7 +637,7 @@ decryptInspector (LPDISPATCH ctrl, int flags)
}
/* Write the text in the decryption sink. */
- rc = write_buffer (decsink, plaintext, plaintextLen);
+ rc = write_buffer (decsink, encData, encDataLen);
/* Flush the decryption sink and wait for the encryption to get
ready. */
@@ -669,7 +689,7 @@ decryptInspector (LPDISPATCH ctrl, int flags)
}
if (strlen (buffer) > 1)
{
- /* Now replace the crypto data with the plaintext or show it
+ /* Now replace the crypto data with the encData or show it
somehow.*/
int err;
if (flags & DECRYPT_INSPECTOR_SELECTION)
@@ -706,7 +726,7 @@ decryptInspector (LPDISPATCH ctrl, int flags)
RELDISP (selection);
RELDISP (wordEditor);
RELDISP (wordApplication);
- xfree (plaintext);
+ xfree (encData);
if (tmpstream)
tmpstream->Release();
@@ -866,5 +886,6 @@ encryptSelection (LPDISPATCH ctrl)
HRESULT
addEncSignedAttachment (LPDISPATCH ctrl)
{
+ /* TODO */
return S_OK;
}
commit 7ffe414c43e5b8c75da60d23e00fb6943ffdfed2
Author: Andre Heinecke
Date: Fri Jul 12 15:41:56 2013 +0000
Implement decryptBody command
Similar to the split in encryptSelection / encryptInspector.
* src/ribbon-callbacks.cpp (decryptInspector): New.
(decryptSelection, decryptBody): Wrapper around decryptInspector.
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 83324ee..417cf13 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -477,12 +477,21 @@ decryptAttachments (LPDISPATCH ctrl)
callback function failed in an ugly window. */
}
+#define DECRYPT_INSPECTOR_SELECTION 1
+#define DECRYPT_INSPECTOR_BODY 2
+
+/* decryptInspector
+ decrypts the content of an inspector. Controled by flags
+ similary to the encryptInspector.
+*/
+
HRESULT
-decryptSelection (LPDISPATCH ctrl)
+decryptInspector (LPDISPATCH ctrl, int flags)
{
LPDISPATCH context;
LPDISPATCH selection;
LPDISPATCH wordEditor;
+ LPDISPATCH mailItem;
LPDISPATCH wordApplication;
struct sink_s decsinkmem;
@@ -494,8 +503,8 @@ decryptSelection (LPDISPATCH ctrl)
engine_filter_t filter = NULL;
LPOLEWINDOW actExplorer;
HWND curWindow;
- char* selectedText = NULL;
- int selectedLen = 0;
+ char* plaintext = NULL;
+ int plaintextLen = 0;
int rc = 0;
unsigned int session_number;
HRESULT hr;
@@ -525,8 +534,9 @@ decryptSelection (LPDISPATCH ctrl)
wordEditor = get_oom_object (context, "WordEditor");
wordApplication = get_oom_object (wordEditor, "get_Application");
selection = get_oom_object (wordApplication, "get_Selection");
+ mailItem = get_oom_object (context, "CurrentItem");
- if (!wordEditor || !wordApplication || !selection)
+ if (!wordEditor || !wordApplication || !selection || !mailItem)
{
MessageBox (NULL,
"Internal error in GpgOL.\n"
@@ -538,22 +548,37 @@ decryptSelection (LPDISPATCH ctrl)
goto failure;
}
- selectedText = get_oom_string (selection, "Text");
+ if (flags & DECRYPT_INSPECTOR_SELECTION)
+ {
+ plaintext = get_oom_string (selection, "Text");
- if (!selectedText || (selectedLen = strlen (selectedText)) <= 1)
+ if (!plaintext || (plaintextLen = strlen (plaintext)) <= 1)
+ {
+ MessageBox (NULL,
+ _("Please select the data you wish to decrypt."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ goto failure;
+ }
+ }
+ else if (flags & DECRYPT_INSPECTOR_BODY)
{
- /* TODO more usable if we just use all text in this case? */
- MessageBox (NULL,
- _("Please select the data you wish to decrypt."),
- _("GpgOL"),
- MB_ICONINFORMATION|MB_OK);
- goto failure;
+ plaintext = get_oom_string (mailItem, "Body");
+
+ if (!plaintext || (plaintextLen = strlen (plaintext)) <= 1)
+ {
+ MessageBox (NULL,
+ _("Nothing to decrypt."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ goto failure;
+ }
}
- fix_linebreaks (selectedText, &selectedLen);
+ fix_linebreaks (plaintext, &plaintextLen);
/* Determine the protocol based on the content */
- protocol = is_cms_data (selectedText, selectedLen) ? PROTOCOL_SMIME :
+ protocol = is_cms_data (plaintext, plaintextLen) ? PROTOCOL_SMIME :
PROTOCOL_OPENPGP;
hr = OpenStreamOnFile (MAPIAllocateBuffer, MAPIFreeBuffer,
@@ -592,7 +617,7 @@ decryptSelection (LPDISPATCH ctrl)
}
/* Write the text in the decryption sink. */
- rc = write_buffer (decsink, selectedText, selectedLen);
+ rc = write_buffer (decsink, plaintext, plaintextLen);
/* Flush the decryption sink and wait for the encryption to get
ready. */
@@ -644,9 +669,19 @@ decryptSelection (LPDISPATCH ctrl)
}
if (strlen (buffer) > 1)
{
- /* Now replace the selection with the encrypted or show it
+ /* Now replace the crypto data with the plaintext or show it
somehow.*/
- if (put_oom_string (selection, "Text", buffer))
+ int err;
+ if (flags & DECRYPT_INSPECTOR_SELECTION)
+ {
+ err = put_oom_string (selection, "Text", buffer);
+ }
+ else if (flags & DECRYPT_INSPECTOR_BODY)
+ {
+ err = put_oom_string (mailItem, "Body", buffer);
+ }
+
+ if (err)
{
MessageBox (NULL, buffer,
_("Plain text"),
@@ -667,10 +702,11 @@ decryptSelection (LPDISPATCH ctrl)
log_debug ("%s:%s: failed rc=%d (%s) <%s>", SRCNAME, __func__, rc,
gpg_strerror (rc), gpg_strsource (rc));
engine_cancel (filter);
+ RELDISP (mailItem);
RELDISP (selection);
RELDISP (wordEditor);
RELDISP (wordApplication);
- xfree (selectedText);
+ xfree (plaintext);
if (tmpstream)
tmpstream->Release();
@@ -773,7 +809,6 @@ getIcon (int id, VARIANT* result)
result->pdispVal = pPict;
result->vt = VT_DISPATCH;
-
return S_OK;
}
@@ -799,6 +834,7 @@ startCertManager (LPDISPATCH ctrl)
SRCNAME, __func__);
curWindow = NULL;
}
+ RELDISP (actExplorer);
engine_start_keymanager (curWindow);
}
@@ -806,7 +842,13 @@ startCertManager (LPDISPATCH ctrl)
HRESULT
decryptBody (LPDISPATCH ctrl)
{
- return S_OK;
+ return decryptInspector (ctrl, DECRYPT_INSPECTOR_BODY);
+}
+
+HRESULT
+decryptSelection (LPDISPATCH ctrl)
+{
+ return decryptInspector (ctrl, DECRYPT_INSPECTOR_SELECTION);
}
HRESULT
commit 22a5a7f43cc683102ff05df98c4d9e4b9d177253
Author: Andre Heinecke
Date: Fri Jul 12 15:19:19 2013 +0000
Release dispatcher objects
QueryInterface adds a reference that has to be released.
* src/ribbon-callbacks.cpp (encryptInspector, decryptAttachments),
(startCertManager, decryptSelection): Release dispatcher.
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 0227893..83324ee 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -114,6 +114,7 @@ encryptInspector (LPDISPATCH ctrl, int flags)
SRCNAME, __func__);
curWindow = NULL;
}
+ RELDISP (actExplorer);
wordEditor = get_oom_object (context, "WordEditor");
application = get_oom_object (wordEditor, "get_Application");
@@ -132,7 +133,7 @@ encryptInspector (LPDISPATCH ctrl, int flags)
MB_ICONINFORMATION|MB_OK);
log_error ("%s:%s: Could not find all objects.",
SRCNAME, __func__);
- return S_OK;
+ goto failure;
}
if (flags & ENCRYPT_INSPECTOR_SELECTION)
@@ -230,11 +231,7 @@ encryptInspector (LPDISPATCH ctrl, int flags)
encsink->writefnc = sink_encryption_write;
engine_set_session_number (filter, session_number);
- {
- char *tmp = get_oom_string (mailItem, "Subject");
- engine_set_session_title (filter, tmp);
- xfree (tmp);
- }
+ engine_set_session_title (filter, _("GpgOL"));
if ((rc=engine_encrypt_prepare (filter, curWindow,
PROTOCOL_UNKNOWN,
@@ -406,6 +403,9 @@ decryptAttachments (LPDISPATCH ctrl)
SRCNAME, __func__);
curWindow = NULL;
}
+
+ RELDISP (actExplorer);
+
{
char *filenames[attachmentCount + 1];
filenames[attachmentCount] = NULL;
@@ -452,6 +452,7 @@ decryptAttachments (LPDISPATCH ctrl)
DISPATCH_METHOD, &saveParams,
NULL, NULL, NULL);
SysFreeString (saveParams.rgvarg[0].bstrVal);
+ RELDISP (attachmentObj);
if (FAILED(hr))
{
int j;
@@ -459,9 +460,11 @@ decryptAttachments (LPDISPATCH ctrl)
SRCNAME, __func__, (unsigned int) hr);
for (j = 0; j < i; j++)
xfree (filenames[j]);
+ RELDISP (attachmentSelection);
return hr;
}
}
+ RELDISP (attachmentSelection);
err = op_assuan_start_decrypt_files (curWindow, filenames);
for (i = 0; i < attachmentCount; i++)
xfree (filenames[i]);
@@ -517,6 +520,7 @@ decryptSelection (LPDISPATCH ctrl)
SRCNAME, __func__);
curWindow = NULL;
}
+ RELDISP (actExplorer);
wordEditor = get_oom_object (context, "WordEditor");
wordApplication = get_oom_object (wordEditor, "get_Application");
@@ -531,7 +535,7 @@ decryptSelection (LPDISPATCH ctrl)
MB_ICONINFORMATION|MB_OK);
log_error ("%s:%s: Could not find all objects.",
SRCNAME, __func__);
- return S_OK;
+ goto failure;
}
selectedText = get_oom_string (selection, "Text");
@@ -543,7 +547,7 @@ decryptSelection (LPDISPATCH ctrl)
_("Please select the data you wish to decrypt."),
_("GpgOL"),
MB_ICONINFORMATION|MB_OK);
- return S_OK;
+ goto failure;
}
fix_linebreaks (selectedText, &selectedLen);
@@ -576,7 +580,7 @@ decryptSelection (LPDISPATCH ctrl)
decsink->writefnc = sink_encryption_write;
engine_set_session_number (filter, session_number);
- engine_set_session_title (filter, _("Decrypt"));
+ engine_set_session_title (filter, _("GpgOL"));
if ((rc=engine_decrypt_start (filter, curWindow,
protocol,
@@ -663,6 +667,9 @@ decryptSelection (LPDISPATCH ctrl)
log_debug ("%s:%s: failed rc=%d (%s) <%s>", SRCNAME, __func__, rc,
gpg_strerror (rc), gpg_strsource (rc));
engine_cancel (filter);
+ RELDISP (selection);
+ RELDISP (wordEditor);
+ RELDISP (wordApplication);
xfree (selectedText);
if (tmpstream)
tmpstream->Release();
@@ -795,6 +802,7 @@ startCertManager (LPDISPATCH ctrl)
engine_start_keymanager (curWindow);
}
+
HRESULT
decryptBody (LPDISPATCH ctrl)
{
@@ -813,7 +821,6 @@ encryptSelection (LPDISPATCH ctrl)
return encryptInspector (ctrl, ENCRYPT_INSPECTOR_SELECTION);
}
-
HRESULT
addEncSignedAttachment (LPDISPATCH ctrl)
{
commit a0a963a941ee89e70afd01115c6b2d46ce22604a
Author: Andre Heinecke
Date: Fri Jul 12 15:01:48 2013 +0000
Implent encryptBody and add some dummy callbacks
The old encryptSelection is now split up into encryptInspector
and encryptSelection. encryptInspector accepts flags to control
it's behavior.
* src/gpgoladdin.cpp (GetIDsOfNames, Invoke): Handle command
callbacks
* src/ribbon-callbacks.cpp (encryptInspector): New. More
general version of encryptSelection.
(encryptBody): New. Calls encryptSelection with body flags.
(addEncSignedAttachment): New. Dummy.
(decryptBody): New. Dummy.
* src/ribbon-callbacks.h: Add new command ids
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 9a7df61..d8f1b65 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -449,6 +449,9 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
ID_MAPPER (L"btnEncrypt", ID_BTN_ENCRYPT)
ID_MAPPER (L"btnEncryptLarge", ID_BTN_ENCRYPT_LARGE)
ID_MAPPER (L"btnEncryptFileLarge", ID_BTN_ENCSIGN_LARGE)
+ ID_MAPPER (L"encryptBody", ID_CMD_ENCRYPT_BODY)
+ ID_MAPPER (L"decryptBody", ID_CMD_DECRYPT_BODY)
+ ID_MAPPER (L"addEncSignedAttachment", ID_CMD_ATT_ENCSIGN_FILE)
}
if (cNames > 1)
@@ -486,6 +489,12 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
return decryptSelection (parms->rgvarg[0].pdispVal);
case ID_CMD_CERT_MANAGER:
return startCertManager (parms->rgvarg[0].pdispVal);
+ case ID_CMD_ENCRYPT_BODY:
+ return encryptBody (parms->rgvarg[0].pdispVal);
+ case ID_CMD_DECRYPT_BODY:
+ return decryptBody (parms->rgvarg[0].pdispVal);
+ case ID_CMD_ATT_ENCSIGN_FILE:
+ return addEncSignedAttachment (parms->rgvarg[0].pdispVal);
case ID_BTN_CERTMANAGER:
case ID_BTN_ENCRYPT:
case ID_BTN_DECRYPT:
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index f686fa6..0227893 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -46,6 +46,9 @@
#include "mimemaker.h"
#include "filetype.h"
+/* Helper to release dispatcher */
+#define RELDISP(dispatcher) if (dispatcher) dispatcher->Release()
+
/* Gets the context of a ribbon control. And prints some
useful debug output */
HRESULT getContext (LPDISPATCH ctrl, LPDISPATCH *context)
@@ -56,9 +59,17 @@ HRESULT getContext (LPDISPATCH ctrl, LPDISPATCH *context)
return context ? S_OK : E_FAIL;
}
+#define ENCRYPT_INSPECTOR_SELECTION 1
+#define ENCRYPT_INSPECTOR_BODY 2
+
+/* encryptInspector
+ Encrypts text in an IInspector context. Depending on
+ the flags either the active selection or the full body
+ is encrypted.
+*/
HRESULT
-encryptSelection (LPDISPATCH ctrl)
+encryptInspector (LPDISPATCH ctrl, int flags)
{
LPDISPATCH context = NULL;
LPDISPATCH selection;
@@ -75,7 +86,7 @@ encryptSelection (LPDISPATCH ctrl)
char* senderAddr = NULL;
LPSTREAM tmpstream = NULL;
engine_filter_t filter = NULL;
- char* text = NULL;
+ char* plaintext = NULL;
int rc = 0;
HRESULT hr;
int recipientsCnt;
@@ -124,16 +135,32 @@ encryptSelection (LPDISPATCH ctrl)
return S_OK;
}
- text = get_oom_string (selection, "Text");
+ if (flags & ENCRYPT_INSPECTOR_SELECTION)
+ {
+ plaintext = get_oom_string (selection, "Text");
- if (!text || strlen (text) <= 1)
+ if (!plaintext || strlen (plaintext) <= 1)
+ {
+ /* TODO more usable if we just use all text in this case? */
+ MessageBox (NULL,
+ _("Please select text to encrypt."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ goto failure;
+ }
+ }
+ else if (flags & ENCRYPT_INSPECTOR_BODY)
{
- /* TODO more usable if we just use all text in this case? */
- MessageBox (NULL,
- _("Please select text to encrypt."),
- _("GpgOL"),
- MB_ICONINFORMATION|MB_OK);
- return S_OK;
+ plaintext = get_oom_string (mailItem, "Body");
+ if (!plaintext || strlen (plaintext) <= 1)
+ {
+ /* TODO more usable if we just use all text in this case? */
+ MessageBox (NULL,
+ _("Textbody empty."),
+ _("GpgOL"),
+ MB_ICONINFORMATION|MB_OK);
+ goto failure;
+ }
}
/* Create a temporary sink to construct the encrypted data. */
@@ -163,7 +190,7 @@ encryptSelection (LPDISPATCH ctrl)
_("Please add at least one recipent."),
_("GpgOL"),
MB_ICONINFORMATION|MB_OK);
- return S_OK;
+ goto failure;
}
{
@@ -233,7 +260,7 @@ encryptSelection (LPDISPATCH ctrl)
}
/* Write the text in the encryption sink. */
- rc = write_buffer (encsink, text, strlen (text));
+ rc = write_buffer (encsink, plaintext, strlen (plaintext));
if (rc)
{
@@ -298,13 +325,24 @@ encryptSelection (LPDISPATCH ctrl)
unsigned int enclosedSize = strlen (buffer) + 34 + 31 + 1;
char enclosedData[enclosedSize];
snprintf (enclosedData, sizeof enclosedData,
- "-----BEGIN ENCRYPTED MESSAGE-----\n"
+ "-----BEGIN ENCRYPTED MESSAGE-----\r\n"
"%s"
- "-----END ENCRYPTED MESSAGE-----\n", buffer);
- put_oom_string (selection, "Text", enclosedData);
+ "-----END ENCRYPTED MESSAGE-----\r\n", buffer);
+ if (flags & ENCRYPT_INSPECTOR_SELECTION)
+ put_oom_string (selection, "Text", enclosedData);
+ else if (flags & ENCRYPT_INSPECTOR_BODY)
+ put_oom_string (mailItem, "Body", enclosedData);
+
}
else
- put_oom_string (selection, "Text", buffer);
+ {
+ if (flags & ENCRYPT_INSPECTOR_SELECTION)
+ put_oom_string (selection, "Text", buffer);
+ else if (flags & ENCRYPT_INSPECTOR_BODY)
+ {
+ put_oom_string (mailItem, "Body", buffer);
+ }
+ }
}
else
{
@@ -320,9 +358,14 @@ encryptSelection (LPDISPATCH ctrl)
log_debug ("%s:%s: failed rc=%d (%s) <%s>", SRCNAME, __func__, rc,
gpg_strerror (rc), gpg_strsource (rc));
engine_cancel (filter);
- if (tmpstream)
- tmpstream->Release();
- xfree (text);
+ RELDISP(wordEditor);
+ RELDISP(application);
+ RELDISP(selection);
+ RELDISP(sender);
+ RELDISP(recipients);
+ RELDISP(mailItem);
+ RELDISP(tmpstream);
+ xfree (plaintext);
xfree (senderAddr);
return S_OK;
@@ -642,7 +685,6 @@ getIcon (int id, VARIANT* result)
PICTDESC pdesc;
LPDISPATCH pPict;
HRESULT hr;
- UINT fuload;
Gdiplus::GdiplusStartupInput gdiplusStartupInput;
Gdiplus::Bitmap* pbitmap;
ULONG_PTR gdiplusToken;
@@ -753,3 +795,27 @@ startCertManager (LPDISPATCH ctrl)
engine_start_keymanager (curWindow);
}
+HRESULT
+decryptBody (LPDISPATCH ctrl)
+{
+ return S_OK;
+}
+
+HRESULT
+encryptBody (LPDISPATCH ctrl)
+{
+ return encryptInspector (ctrl, ENCRYPT_INSPECTOR_BODY);
+}
+
+HRESULT
+encryptSelection (LPDISPATCH ctrl)
+{
+ return encryptInspector (ctrl, ENCRYPT_INSPECTOR_SELECTION);
+}
+
+
+HRESULT
+addEncSignedAttachment (LPDISPATCH ctrl)
+{
+ return S_OK;
+}
diff --git a/src/ribbon-callbacks.h b/src/ribbon-callbacks.h
index 6737a22..f3b2eb2 100644
--- a/src/ribbon-callbacks.h
+++ b/src/ribbon-callbacks.h
@@ -30,6 +30,10 @@
#define ID_CMD_ENCRYPT_SELECTION 3
#define ID_CMD_DECRYPT_SELECTION 4
#define ID_CMD_CERT_MANAGER 5
+#define ID_CMD_ENCRYPT_BODY 6
+#define ID_CMD_DECRYPT_BODY 8
+#define ID_CMD_ATT_ENCSIGN_FILE 9
+
#define ID_BTN_CERTMANAGER IDI_KEY_MANAGER_64_PNG
#define ID_BTN_DECRYPT IDI_DECRYPT_16_PNG
#define ID_BTN_DECRYPT_LARGE IDI_DECRYPT_48_PNG
@@ -40,6 +44,9 @@
HRESULT decryptAttachments (LPDISPATCH ctrl);
HRESULT encryptSelection (LPDISPATCH ctrl);
HRESULT decryptSelection (LPDISPATCH ctrl);
+HRESULT decryptBody (LPDISPATCH ctrl);
+HRESULT encryptBody (LPDISPATCH ctrl);
+HRESULT addEncSignedAttachment (LPDISPATCH ctrl);
HRESULT getIcon (int id, VARIANT* result);
HRESULT startCertManager (LPDISPATCH ctrl);
#endif
commit 8ee687d2167b2af81784dc3adb00033dfa645db5
Author: Andre Heinecke
Date: Fri Jul 12 14:15:19 2013 +0000
Add ui for additional composer actions
Add dummy buttons for encrypt/decrypt body and adding of
an encrypted attachment.
* src/Makefile.am: Add new icon.
* src/encrypt-sign-file-48.png: New.
* src/gpgoladdin.cpp (GetCustomUI): Add UiXML for new actions
(Invoke, GetIDsOfNames): Handle new callbacks.
* src/ribbon-callbacks.h: Map new Icon.
diff --git a/src/Makefile.am b/src/Makefile.am
index a385d5b..1c01565 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -33,6 +33,7 @@ EXTRA_DIST = \
encrypt-16.png encrypt-48.png \
key-manager-64.png \
decrypt-16.png decrypt-48.png \
+ encrypt-sign-file-48.png \
logo.bmp README.icons
EXEEXT = .dll
diff --git a/src/dialogs.h b/src/dialogs.h
index 314047d..e140507 100644
--- a/src/dialogs.h
+++ b/src/dialogs.h
@@ -140,5 +140,6 @@
#define IDI_DECRYPT_16_PNG 6010
#define IDI_DECRYPT_48_PNG 6011
#define IDI_KEY_MANAGER_64_PNG 6020
+#define IDI_ENCSIGN_FILE_48_PNG 6030
#endif /*DIALOGS_H*/
diff --git a/src/dialogs.rc b/src/dialogs.rc
index 586ebdb..a5ba635 100644
--- a/src/dialogs.rc
+++ b/src/dialogs.rc
@@ -60,7 +60,7 @@ IDB_DECRYPT_VERIFY_16M BITMAP DISCARDABLE "decrypt-verify-16m.bmp"
IDB_DECRYPT_VERIFY_32 BITMAP DISCARDABLE "decrypt-verify-32.bmp"
IDB_DECRYPT_VERIFY_32M BITMAP DISCARDABLE "decrypt-verify-32m.bmp"
-
+IDI_ENCSIGN_FILE_48_PNG RCDATA "encrypt-sign-file-48.png"
IDB_BANNER BITMAP DISCARDABLE "logo.bmp"
diff --git a/src/encrypt-sign-file-48.png b/src/encrypt-sign-file-48.png
new file mode 100644
index 0000000..aa83384
Binary files /dev/null and b/src/encrypt-sign-file-48.png differ
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index e6cde64..9a7df61 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -447,6 +447,8 @@ GpgolRibbonExtender::GetIDsOfNames (REFIID riid, LPOLESTR *rgszNames,
ID_MAPPER (L"btnDecrypt", ID_BTN_DECRYPT)
ID_MAPPER (L"btnDecryptLarge", ID_BTN_DECRYPT_LARGE)
ID_MAPPER (L"btnEncrypt", ID_BTN_ENCRYPT)
+ ID_MAPPER (L"btnEncryptLarge", ID_BTN_ENCRYPT_LARGE)
+ ID_MAPPER (L"btnEncryptFileLarge", ID_BTN_ENCSIGN_LARGE)
}
if (cNames > 1)
@@ -488,6 +490,8 @@ GpgolRibbonExtender::Invoke (DISPID dispid, REFIID riid, LCID lcid,
case ID_BTN_ENCRYPT:
case ID_BTN_DECRYPT:
case ID_BTN_DECRYPT_LARGE:
+ case ID_BTN_ENCRYPT_LARGE:
+ case ID_BTN_ENCSIGN_LARGE:
return getIcon (dispid, result);
}
@@ -521,19 +525,63 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
{
swprintf (buffer,
L""
- L""
- L""
- L" "
- L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
L" "
L""
- L"", _("Encrypt"), _("Decrypt"));
+ L"", _("GpgOL"), _("General"),
+ _("Start Certificate Manager"),
+ _("Textbody"),
+ _("Encrypt"),
+ _("Decrypt"),
+ _("Attachments"),
+ _("Encrypted file"),
+ _("Encrypt"), _("Decrypt")
+ );
}
else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Read"))
{
diff --git a/src/ribbon-callbacks.h b/src/ribbon-callbacks.h
index 9396c0f..6737a22 100644
--- a/src/ribbon-callbacks.h
+++ b/src/ribbon-callbacks.h
@@ -35,6 +35,7 @@
#define ID_BTN_DECRYPT_LARGE IDI_DECRYPT_48_PNG
#define ID_BTN_ENCRYPT IDI_ENCRYPT_16_PNG
#define ID_BTN_ENCRYPT_LARGE IDI_ENCRYPT_48_PNG
+#define ID_BTN_ENCSIGN_LARGE IDI_ENCSIGN_FILE_48_PNG
HRESULT decryptAttachments (LPDISPATCH ctrl);
HRESULT encryptSelection (LPDISPATCH ctrl);
-----------------------------------------------------------------------
Summary of changes:
src/Makefile.am | 1 +
src/dialogs.h | 1 +
src/dialogs.rc | 2 +-
src/encrypt-sign-file-48.png | Bin 0 -> 9415 bytes
src/gpgoladdin.cpp | 127 ++++++++++++++++++++--
src/ribbon-callbacks.cpp | 236 +++++++++++++++++++++++++++++++++---------
src/ribbon-callbacks.h | 8 ++
7 files changed, 312 insertions(+), 63 deletions(-)
create mode 100644 src/encrypt-sign-file-48.png
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 20:24:33 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 12 Jul 2013 20:24:33 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-34-g7963564
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 7963564cb41b4b3c8aede32bdc7a88e76bf326f3 (commit)
from 98acc5a6122cb1c664a4c7c0d91472911fcb96f2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7963564cb41b4b3c8aede32bdc7a88e76bf326f3
Author: Andre Heinecke
Date: Fri Jul 12 17:59:00 2013 +0000
Add temporary Hack for strange encrypted data
When encrypting with SMIME there is some garbage added
to the end of the stream. Until we figure out where that
comes from. Cut it of.
* src/ribbon-callbacks.cpp (encryptInspector): Cut of
SMIME data after the last linebreak.
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index e66adf2..2cb14d7 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -319,6 +319,14 @@ encryptInspector (LPDISPATCH ctrl, int flags)
/* Now replace the selection with the encrypted text */
if (protocol == PROTOCOL_SMIME)
{
+ char* lastlinebreak = strrchr (buffer, '\n');
+ if (lastlinebreak && (lastlinebreak - buffer) > 1)
+ {
+ /*XXX there is some strange data in the buffer
+ after the last linebreak investigate this and
+ fix it! */
+ lastlinebreak[1] = '\0';
+ }
unsigned int enclosedSize = strlen (buffer) + 34 + 31 + 1;
char enclosedData[enclosedSize];
snprintf (enclosedData, sizeof enclosedData,
-----------------------------------------------------------------------
Summary of changes:
src/ribbon-callbacks.cpp | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 12 20:32:43 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Fri, 12 Jul 2013 20:32:43 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-36-g3d80d4e
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 3d80d4e9fe7dad640a0b1c283d6f458ee36d53dc (commit)
via 4df9001367b5438937191466db288facdffe4204 (commit)
from 7963564cb41b4b3c8aede32bdc7a88e76bf326f3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3d80d4e9fe7dad640a0b1c283d6f458ee36d53dc
Author: Andre Heinecke
Date: Fri Jul 12 18:08:22 2013 +0000
Fix operator priority
* src/ribbon-callbacks.cpp (decryptInspector): Fix operator
priorty in check for flags.
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 2cb14d7..7462f20 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -539,7 +539,7 @@ decryptInspector (LPDISPATCH ctrl, int flags)
}
RELDISP (actExplorer);
- if ( !flags & DECRYPT_INSPECTOR_BODY)
+ if (!(flags & DECRYPT_INSPECTOR_BODY))
{
wordEditor = get_oom_object (context, "WordEditor");
wordApplication = get_oom_object (wordEditor, "get_Application");
@@ -548,7 +548,7 @@ decryptInspector (LPDISPATCH ctrl, int flags)
mailItem = get_oom_object (context, "CurrentItem");
if ((!wordEditor || !wordApplication || !selection || !mailItem) &&
- (!flags & DECRYPT_INSPECTOR_BODY))
+ !(flags & DECRYPT_INSPECTOR_BODY))
{
MessageBox (NULL,
"Internal error in GpgOL.\n"
commit 4df9001367b5438937191466db288facdffe4204
Author: Andre Heinecke
Date: Fri Jul 12 18:03:04 2013 +0000
Update translations
* po/de.po: Update German translations.
* po/pt.po, po/sv.po: Update generated files
diff --git a/po/de.po b/po/de.po
index 90f0457..e3114a3 100644
--- a/po/de.po
+++ b/po/de.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: GpgOL 1.0.0\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2013-07-12 07:18+0000\n"
+"POT-Creation-Date: 2013-07-12 18:01+0000\n"
"PO-Revision-Date: 2009-06-18 19:18+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: de\n"
@@ -41,9 +41,9 @@ msgstr ""
"um die gesamte Nachricht nochmal zu entschl??sseln. Danach k??nnen\n"
"Sie das Attachment wieder ??ffenen."
-#: src/common.c:217
-msgid "GpgOL - Save decrypted attachment"
-msgstr "GpgOL - Sichern der entschl??sselten Anlage"
+#: src/common.c:232
+msgid "GpgOL - Save attachment"
+msgstr "GpgOL - Anlage Speichern"
#: src/config-dialog.c:137
msgid "Debug output (for analysing problems)"
@@ -59,9 +59,13 @@ msgstr ""
#: src/engine.c:395 src/engine.c:405 src/main.c:699 src/main.c:705
#: src/message.cpp:303 src/explorers.cpp:204 src/explorers.cpp:209
-#: src/gpgoladdin.cpp:593 src/gpgoladdin.cpp:594 src/ribbon-callbacks.cpp:119
-#: src/ribbon-callbacks.cpp:133 src/ribbon-callbacks.cpp:163
-#: src/ribbon-callbacks.cpp:486 src/ribbon-callbacks.cpp:500
+#: src/gpgoladdin.cpp:588 src/gpgoladdin.cpp:635 src/gpgoladdin.cpp:703
+#: src/gpgoladdin.cpp:705 src/ribbon-callbacks.cpp:132
+#: src/ribbon-callbacks.cpp:148 src/ribbon-callbacks.cpp:161
+#: src/ribbon-callbacks.cpp:192 src/ribbon-callbacks.cpp:234
+#: src/ribbon-callbacks.cpp:556 src/ribbon-callbacks.cpp:573
+#: src/ribbon-callbacks.cpp:587 src/ribbon-callbacks.cpp:600
+#: src/ribbon-callbacks.cpp:636
msgid "GpgOL"
msgstr "GpgOL"
@@ -356,7 +360,8 @@ msgstr "Dateischreibfehler"
msgid "I/O-Error"
msgstr "Ein-/Ausgabefehler"
-#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:593
+#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:588 src/gpgoladdin.cpp:635
+#: src/gpgoladdin.cpp:703
msgid "General"
msgstr "Allgemein"
@@ -684,35 +689,52 @@ msgstr ""
msgid "Do you want to revert this folder?"
msgstr "M??chten Sie diesen Ordner von GpgOL befreien?"
-#: src/gpgoladdin.cpp:528
+#: src/gpgoladdin.cpp:589 src/gpgoladdin.cpp:636 src/gpgoladdin.cpp:703
+msgid "Start Certificate Manager"
+msgstr "Zertifikatsverwaltung starten"
+
+#: src/gpgoladdin.cpp:590 src/gpgoladdin.cpp:637
+msgid "Textbody"
+msgstr "Textk??rper"
+
+#: src/gpgoladdin.cpp:591 src/gpgoladdin.cpp:598
msgid "Encrypt"
msgstr "Verschl??sseln"
-#: src/gpgoladdin.cpp:528 src/gpgoladdin.cpp:541 src/ribbon-callbacks.cpp:535
+#: src/gpgoladdin.cpp:592 src/gpgoladdin.cpp:598 src/gpgoladdin.cpp:638
+#: src/gpgoladdin.cpp:639
msgid "Decrypt"
msgstr "Entschl??sseln"
-#: src/gpgoladdin.cpp:593
-msgid "Start Certificate Manager"
-msgstr "Zertifikatsverwaltung starten"
-
-#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:595
+#: src/gpgoladdin.cpp:705 src/gpgoladdin.cpp:706
msgid "Save and decrypt"
msgstr "Speichern und Entschl??sseln"
-#: src/ribbon-callbacks.cpp:132
+#: src/ribbon-callbacks.cpp:147
msgid "Please select text to encrypt."
msgstr "Bitte selektieren Sie den zu verschl??sselnden Text."
-#: src/ribbon-callbacks.cpp:162
+#: src/ribbon-callbacks.cpp:160
+msgid "Textbody empty."
+msgstr "Textk??rper leer."
+
+#: src/ribbon-callbacks.cpp:191
msgid "Please add at least one recipent."
msgstr "Bitte f??gen Sie mindestens einen Empf??nger hinzu."
-#: src/ribbon-callbacks.cpp:499
+#: src/ribbon-callbacks.cpp:572
+msgid "Please select a Mail."
+msgstr "Bitte w??heln Sie eine Mail aus."
+
+#: src/ribbon-callbacks.cpp:586
msgid "Please select the data you wish to decrypt."
msgstr "Bitte selektieren Sie die zu entschl??sselnden Daten."
-#: src/ribbon-callbacks.cpp:604
+#: src/ribbon-callbacks.cpp:599
+msgid "Nothing to decrypt."
+msgstr "Nichts zu entschl??sseln."
+
+#: src/ribbon-callbacks.cpp:715
msgid "Plain text"
msgstr "Klartext"
diff --git a/po/pt.po b/po/pt.po
index 53d0a49..0140e54 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: GpgOL 1.1.1\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2013-07-12 07:18+0000\n"
+"POT-Creation-Date: 2013-07-12 18:01+0000\n"
"PO-Revision-Date: 2010-07-18 20:41-0000\n"
"Last-Translator: Marco A.G.Pinto \n"
"Language-Team: Portuguese \n"
@@ -43,8 +43,9 @@ msgstr ""
"Por favor usa o bot?o Desencriptar/Verificar para desencriptar\n"
"a mensagem completa novamente. Depois abre este anexo."
-#: src/common.c:217
-msgid "GpgOL - Save decrypted attachment"
+#: src/common.c:232
+#, fuzzy
+msgid "GpgOL - Save attachment"
msgstr "GpgOL - Gravar anexo desencriptado"
#: src/config-dialog.c:137
@@ -61,9 +62,13 @@ msgstr ""
#: src/engine.c:395 src/engine.c:405 src/main.c:699 src/main.c:705
#: src/message.cpp:303 src/explorers.cpp:204 src/explorers.cpp:209
-#: src/gpgoladdin.cpp:593 src/gpgoladdin.cpp:594 src/ribbon-callbacks.cpp:119
-#: src/ribbon-callbacks.cpp:133 src/ribbon-callbacks.cpp:163
-#: src/ribbon-callbacks.cpp:486 src/ribbon-callbacks.cpp:500
+#: src/gpgoladdin.cpp:588 src/gpgoladdin.cpp:635 src/gpgoladdin.cpp:703
+#: src/gpgoladdin.cpp:705 src/ribbon-callbacks.cpp:132
+#: src/ribbon-callbacks.cpp:148 src/ribbon-callbacks.cpp:161
+#: src/ribbon-callbacks.cpp:192 src/ribbon-callbacks.cpp:234
+#: src/ribbon-callbacks.cpp:556 src/ribbon-callbacks.cpp:573
+#: src/ribbon-callbacks.cpp:587 src/ribbon-callbacks.cpp:600
+#: src/ribbon-callbacks.cpp:636
msgid "GpgOL"
msgstr "GpgOL"
@@ -341,7 +346,8 @@ msgstr "Erro ao escrever no stream"
msgid "I/O-Error"
msgstr "I/O-Erro"
-#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:593
+#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:588 src/gpgoladdin.cpp:635
+#: src/gpgoladdin.cpp:703
msgid "General"
msgstr "Geral"
@@ -664,41 +670,59 @@ msgstr ""
msgid "Do you want to revert this folder?"
msgstr "Queres reverter esta pasta?"
-#: src/gpgoladdin.cpp:528
+#: src/gpgoladdin.cpp:589 src/gpgoladdin.cpp:636 src/gpgoladdin.cpp:703
+#, fuzzy
+msgid "Start Certificate Manager"
+msgstr "GnuPG Zertifikats&verwaltung"
+
+#: src/gpgoladdin.cpp:590 src/gpgoladdin.cpp:637
+msgid "Textbody"
+msgstr ""
+
+#: src/gpgoladdin.cpp:591 src/gpgoladdin.cpp:598
#, fuzzy
msgid "Encrypt"
msgstr "Encripta??o"
-#: src/gpgoladdin.cpp:528 src/gpgoladdin.cpp:541 src/ribbon-callbacks.cpp:535
+#: src/gpgoladdin.cpp:592 src/gpgoladdin.cpp:598 src/gpgoladdin.cpp:638
+#: src/gpgoladdin.cpp:639
#, fuzzy
msgid "Decrypt"
msgstr "Entschl?sselung"
-#: src/gpgoladdin.cpp:593
-#, fuzzy
-msgid "Start Certificate Manager"
-msgstr "GnuPG Zertifikats&verwaltung"
-
-#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:595
+#: src/gpgoladdin.cpp:705 src/gpgoladdin.cpp:706
msgid "Save and decrypt"
msgstr ""
-#: src/ribbon-callbacks.cpp:132
+#: src/ribbon-callbacks.cpp:147
#, fuzzy
msgid "Please select text to encrypt."
msgstr "Por favor selecciona pelo menos um certificado de destinat?rio."
-#: src/ribbon-callbacks.cpp:162
+#: src/ribbon-callbacks.cpp:160
+msgid "Textbody empty."
+msgstr ""
+
+#: src/ribbon-callbacks.cpp:191
#, fuzzy
msgid "Please add at least one recipent."
msgstr "Por favor selecciona pelo menos um certificado de destinat?rio."
-#: src/ribbon-callbacks.cpp:499
+#: src/ribbon-callbacks.cpp:572
+#, fuzzy
+msgid "Please select a Mail."
+msgstr "Por favor selecciona pelo menos um certificado de destinat?rio."
+
+#: src/ribbon-callbacks.cpp:586
#, fuzzy
msgid "Please select the data you wish to decrypt."
msgstr "Por favor selecciona pelo menos um certificado de destinat?rio."
-#: src/ribbon-callbacks.cpp:604
+#: src/ribbon-callbacks.cpp:599
+msgid "Nothing to decrypt."
+msgstr ""
+
+#: src/ribbon-callbacks.cpp:715
msgid "Plain text"
msgstr ""
diff --git a/po/sv.po b/po/sv.po
index 327c9c7..d998ed8 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: GPGol\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2013-07-12 07:18+0000\n"
+"POT-Creation-Date: 2013-07-12 18:01+0000\n"
"PO-Revision-Date: 2006-12-12 23:52+0100\n"
"Last-Translator: Daniel Nylander \n"
"Language-Team: Swedish \n"
@@ -40,9 +40,9 @@ msgid ""
"entire message again. Then open this attachment."
msgstr ""
-#: src/common.c:217
+#: src/common.c:232
#, fuzzy
-msgid "GpgOL - Save decrypted attachment"
+msgid "GpgOL - Save attachment"
msgstr "GPG - Spara dekrypterad bilaga"
#: src/config-dialog.c:137
@@ -57,9 +57,13 @@ msgstr ""
#: src/engine.c:395 src/engine.c:405 src/main.c:699 src/main.c:705
#: src/message.cpp:303 src/explorers.cpp:204 src/explorers.cpp:209
-#: src/gpgoladdin.cpp:593 src/gpgoladdin.cpp:594 src/ribbon-callbacks.cpp:119
-#: src/ribbon-callbacks.cpp:133 src/ribbon-callbacks.cpp:163
-#: src/ribbon-callbacks.cpp:486 src/ribbon-callbacks.cpp:500
+#: src/gpgoladdin.cpp:588 src/gpgoladdin.cpp:635 src/gpgoladdin.cpp:703
+#: src/gpgoladdin.cpp:705 src/ribbon-callbacks.cpp:132
+#: src/ribbon-callbacks.cpp:148 src/ribbon-callbacks.cpp:161
+#: src/ribbon-callbacks.cpp:192 src/ribbon-callbacks.cpp:234
+#: src/ribbon-callbacks.cpp:556 src/ribbon-callbacks.cpp:573
+#: src/ribbon-callbacks.cpp:587 src/ribbon-callbacks.cpp:600
+#: src/ribbon-callbacks.cpp:636
msgid "GpgOL"
msgstr ""
@@ -324,7 +328,8 @@ msgstr "Fel vid skrivning av fil"
msgid "I/O-Error"
msgstr "In-/Ut-fel"
-#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:593
+#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:588 src/gpgoladdin.cpp:635
+#: src/gpgoladdin.cpp:703
msgid "General"
msgstr ""
@@ -624,41 +629,59 @@ msgstr ""
msgid "Do you want to revert this folder?"
msgstr ""
-#: src/gpgoladdin.cpp:528
+#: src/gpgoladdin.cpp:589 src/gpgoladdin.cpp:636 src/gpgoladdin.cpp:703
+#, fuzzy
+msgid "Start Certificate Manager"
+msgstr "GPG-nyckel&hanterare"
+
+#: src/gpgoladdin.cpp:590 src/gpgoladdin.cpp:637
+msgid "Textbody"
+msgstr ""
+
+#: src/gpgoladdin.cpp:591 src/gpgoladdin.cpp:598
#, fuzzy
msgid "Encrypt"
msgstr "Kryptering"
-#: src/gpgoladdin.cpp:528 src/gpgoladdin.cpp:541 src/ribbon-callbacks.cpp:535
+#: src/gpgoladdin.cpp:592 src/gpgoladdin.cpp:598 src/gpgoladdin.cpp:638
+#: src/gpgoladdin.cpp:639
#, fuzzy
msgid "Decrypt"
msgstr "Dekryptering"
-#: src/gpgoladdin.cpp:593
-#, fuzzy
-msgid "Start Certificate Manager"
-msgstr "GPG-nyckel&hanterare"
-
-#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:595
+#: src/gpgoladdin.cpp:705 src/gpgoladdin.cpp:706
msgid "Save and decrypt"
msgstr ""
-#: src/ribbon-callbacks.cpp:132
+#: src/ribbon-callbacks.cpp:147
#, fuzzy
msgid "Please select text to encrypt."
msgstr "V??lj ??tminstone en mottagarnyckel."
-#: src/ribbon-callbacks.cpp:162
+#: src/ribbon-callbacks.cpp:160
+msgid "Textbody empty."
+msgstr ""
+
+#: src/ribbon-callbacks.cpp:191
#, fuzzy
msgid "Please add at least one recipent."
msgstr "V??lj ??tminstone en mottagarnyckel."
-#: src/ribbon-callbacks.cpp:499
+#: src/ribbon-callbacks.cpp:572
+#, fuzzy
+msgid "Please select a Mail."
+msgstr "V??lj ??tminstone en mottagarnyckel."
+
+#: src/ribbon-callbacks.cpp:586
#, fuzzy
msgid "Please select the data you wish to decrypt."
msgstr "V??lj ??tminstone en mottagarnyckel."
-#: src/ribbon-callbacks.cpp:604
+#: src/ribbon-callbacks.cpp:599
+msgid "Nothing to decrypt."
+msgstr ""
+
+#: src/ribbon-callbacks.cpp:715
msgid "Plain text"
msgstr ""
-----------------------------------------------------------------------
Summary of changes:
po/de.po | 60 ++++++++++++++++++++++++++++++--------------
po/pt.po | 62 +++++++++++++++++++++++++++++++--------------
po/sv.po | 61 +++++++++++++++++++++++++++++++--------------
src/ribbon-callbacks.cpp | 4 +-
4 files changed, 128 insertions(+), 59 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jul 15 10:32:08 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 15 Jul 2013 10:32:08 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-163-g61b4481
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 61b44812728d1feca880a613c685040ba82c05ce (commit)
via a7b80e9fba6b1b095f7c53469747967b40ebfbfd (commit)
from d6c9c86cb7f571ae0bd9aee4efa01a0f9c4c3104 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 61b44812728d1feca880a613c685040ba82c05ce
Author: Werner Koch
Date: Mon Jul 15 09:46:38 2013 +0200
Register DCO for Dmitry Kasatkin.
--
diff --git a/AUTHORS b/AUTHORS
index fac0219..1c20cac 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -118,6 +118,9 @@ Christian Aistleitner
Christian Grothoff
2013-03-21:514B5D8A.6040705 at grothoff.org:
+Dmitry Eremin-Solenikov
+2013-07-13:20130713144407.GA27334 at fangorn.rup.mentorg.com:
+
Dmitry Kasatkin
2012-12-14:50CAE2DB.80302 at intel.com:
commit a7b80e9fba6b1b095f7c53469747967b40ebfbfd
Author: Dmitry Eremin-Solenikov
Date: Sat Jul 13 18:50:05 2013 +0400
Fix memory leak in t-mpi-point test
* tests/t-mpi-point.c (basic_ec_math, basic_ec_math_simplified): add
calls to gcry_ctx_release() to free contexts after they become unused.
Signed-off-by: Dmitry Eremin-Solenikov
diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c
index 2631a11..e6302c0 100644
--- a/tests/t-mpi-point.c
+++ b/tests/t-mpi-point.c
@@ -643,6 +643,7 @@ basic_ec_math (void)
gcry_mpi_point_release (G);
gcry_mpi_release (A);
gcry_mpi_release (P);
+ gcry_ctx_release (ctx);
}
@@ -761,6 +762,7 @@ basic_ec_math_simplified (void)
gcry_mpi_point_release (Q);
gcry_mpi_release (d);
gcry_mpi_point_release (G);
+ gcry_ctx_release (ctx);
}
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 3 +++
tests/t-mpi-point.c | 2 ++
2 files changed, 5 insertions(+), 0 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jul 15 10:57:51 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 15 Jul 2013 10:57:51 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-37-g6f19e71
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 6f19e712c4308fce5331ffb67c38b30a37446dcb (commit)
from 3d80d4e9fe7dad640a0b1c283d6f458ee36d53dc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6f19e712c4308fce5331ffb67c38b30a37446dcb
Author: Andre Heinecke
Date: Mon Jul 15 08:12:36 2013 +0000
Fix welcome page translation and update PO's
The welcome text was changed to no longer include the
Version in the i18n text.
* po/de.po: Update translation
* po/pt.po, po/sv.po: Update generated files.
* src/olflange.cpp: Fix translation macro in welcome text.
diff --git a/po/de.po b/po/de.po
index e3114a3..58b2b8d 100644
--- a/po/de.po
+++ b/po/de.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: GpgOL 1.0.0\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2013-07-12 18:01+0000\n"
+"POT-Creation-Date: 2013-07-15 08:09+0000\n"
"PO-Revision-Date: 2009-06-18 19:18+0200\n"
"Last-Translator: Werner Koch \n"
"Language-Team: de\n"
@@ -433,6 +433,41 @@ msgstr "Dies ist GpgOL Version %s"
msgid "Welcome to GpgOL "
msgstr "Willkommen zu GpgOL "
+#: src/olflange.cpp:528
+msgid ""
+"GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
+"support to Outlook 2003 and 2007.\n"
+"\n"
+"Although we tested this software extensively, we can't give you any "
+"guarantee that it will work as expected. The programming interface we are "
+"using has not been properly documented by Microsoft and thus the "
+"functionality of GpgOL may cease to work with an update of your Windows "
+"system.\n"
+"\n"
+"WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL ON "
+"ANY SENSITIVE DATA!\n"
+"\n"
+"There are some known problems, the most severe being that sending encrypted "
+"or signed mails using an Exchange based account does not work. Using GpgOL "
+"along with other Outlook plugins may in some cases not work.\n"
+msgstr ""
+"GpgOL erweitert Outlook 2003 und 2007 um integrierte OpenPGP und S/MIME "
+"Verschl??sselung und digitale Signaturen.\n"
+"\n"
+"Obgleich wir diese Software ausgiebig getestet haben, k??nnen wir leider "
+"nicht garantieren, da?? sie einwandfrei funktionieren wird. Die benutzte "
+"Programmierschnittstelle zu Outlook ist von Microsoft nur sehr ungen??gend "
+"dokumentiert worden. M??glicherweise k??nnte die korrekte Funktion von GpgOL "
+"durch ein Update von Windows beeintr??chtig werden.\n"
+"\n"
+"WIR RATEN DRINGEND DAZU, TESTS DER VERSCHL??SSELUNG DURCHZUF??HREN, BEVOR "
+"GPGOL F??R SENSIBLE DATEN BENUTZT WIRD!\n"
+"\n"
+"Es sind einige Problem bekannt: Insbesondere funktioniert das Senden von "
+"verschl??sselten oder signierten Nachrichten ??ber ein Exchange basiertes "
+"Konto nicht. Wird GpgOL zusammen mit anderen Outlook Plugins benutzt, kann "
+"es m??glicherweise nicht richtig arbeiten.\n"
+
#: src/olflange.cpp:554
msgid ""
"You have installed a new version of GpgOL.\n"
@@ -752,44 +787,6 @@ msgstr "Klartext"
#~ msgid "Decrypt Selection"
#~ msgstr "Entschl??sselung"
-#~ msgid ""
-#~ "Welcome to GpgOL 1.0\n"
-#~ "\n"
-#~ "GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
-#~ "support to Outlook 2003 and 2007.\n"
-#~ "\n"
-#~ "Although we tested this software extensively, we can't give you any "
-#~ "guarantee that it will work as expected. The programming interface we are "
-#~ "using has not been properly documented by Microsoft and thus the "
-#~ "functionality of GpgOL may cease to work with an update of your Windows "
-#~ "system.\n"
-#~ "\n"
-#~ "WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL "
-#~ "ON ANY SENSITIVE DATA!\n"
-#~ "\n"
-#~ "There are some known problems, the most severe being that sending "
-#~ "encrypted or signed mails using an Exchange based account does not work. "
-#~ "Using GpgOL along with other Outlook plugins may in some cases not work.\n"
-#~ msgstr ""
-#~ "Willkommen zu GpgOL 1.0 !\n"
-#~ "\n"
-#~ "GpgOL erweitert Outlook 2003 und 2007 um integrierte OpenPGP und S/MIME "
-#~ "Verschl??sselung und digitale Signaturen.\n"
-#~ "\n"
-#~ "Obgleich wir diese Software ausgiebig getestet haben, k??nnen wir leider "
-#~ "nicht garantieren, da?? sie einwandfrei funktionieren wird. Die benutzte "
-#~ "Programmierschnittstelle zu Outlook ist von Microsoft nur sehr ungen??gend "
-#~ "dokumentiert worden. M??glicherweise k??nnte die korrekte Funktion von "
-#~ "GpgOL durch ein Update von Windows beeintr??chtig werden.\n"
-#~ "\n"
-#~ "WIR RATEN DRINGEND DAZU, TESTS DER VERSCHL??SSELUNG DURCHZUF??HREN, BEVOR "
-#~ "GPGOL F??R SENSIBLE DATEN BENUTZT WIRD!\n"
-#~ "\n"
-#~ "Es sind einige Problem bekannt: Insbesondere funktioniert das Senden von "
-#~ "verschl??sselten oder signierten Nachrichten ??ber ein Exchange basiertes "
-#~ "Konto nicht. Wird GpgOL zusammen mit anderen Outlook Plugins benutzt, "
-#~ "kann es m??glicherweise nicht richtig arbeiten.\n"
-
#~ msgid "Select this option to encrypt the message."
#~ msgstr "W??hlen Sie diese Option zum Verschl??sseln der Nachricht."
diff --git a/po/pt.po b/po/pt.po
index 0140e54..cc5f5af 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: GpgOL 1.1.1\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2013-07-12 18:01+0000\n"
+"POT-Creation-Date: 2013-07-15 08:09+0000\n"
"PO-Revision-Date: 2010-07-18 20:41-0000\n"
"Last-Translator: Marco A.G.Pinto \n"
"Language-Team: Portuguese \n"
@@ -414,6 +414,43 @@ msgstr "Esta
msgid "Welcome to GpgOL "
msgstr ""
+#: src/olflange.cpp:528
+#, fuzzy
+msgid ""
+"GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
+"support to Outlook 2003 and 2007.\n"
+"\n"
+"Although we tested this software extensively, we can't give you any "
+"guarantee that it will work as expected. The programming interface we are "
+"using has not been properly documented by Microsoft and thus the "
+"functionality of GpgOL may cease to work with an update of your Windows "
+"system.\n"
+"\n"
+"WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL ON "
+"ANY SENSITIVE DATA!\n"
+"\n"
+"There are some known problems, the most severe being that sending encrypted "
+"or signed mails using an Exchange based account does not work. Using GpgOL "
+"along with other Outlook plugins may in some cases not work.\n"
+msgstr ""
+"Bem-vindo ao GpgOL 1.0\n"
+"\n"
+"O GpgOL adiciona suporte de encripta??o e assinatura digital OpenPGP e S/"
+"MIME integrado ao Outlook 2003 e 2007.\n"
+"\n"
+"Embora test?mos este software extensivamente, n?o podemos dar qualquer "
+"garantia que funcione da forma esperada. O interface de programa??o em uso "
+"n?o foi propriamente documentado pela Microsoft e da? a funcionalidade do "
+"GpgOL pode deixar de funcionar com uma actualiza??o do teu sistema Windows.\n"
+"\n"
+"ACONSELHAMOS FORTEMENTE A EXECUTAR TESTES DE ENCRIPTA??O ANTES DE COME?ARES "
+"A USAR O GPGOL EM DADOS SENS?VEIS!\n"
+"\n"
+"Existem alguns problemas conhecidos, os mais graves s?o o n?o funcionamento "
+"de enviar e-mails encriptados ou assinados usando uma conta com base no "
+"Exchange. Usar o GpgOL com outros plugins do Outlook poder? n?o funcionar em "
+"alguns casos.\n"
+
#: src/olflange.cpp:554
msgid ""
"You have installed a new version of GpgOL.\n"
@@ -730,44 +767,6 @@ msgstr ""
#~ msgid "Decrypt Selection"
#~ msgstr "Entschl?sselung"
-#~ msgid ""
-#~ "Welcome to GpgOL 1.0\n"
-#~ "\n"
-#~ "GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
-#~ "support to Outlook 2003 and 2007.\n"
-#~ "\n"
-#~ "Although we tested this software extensively, we can't give you any "
-#~ "guarantee that it will work as expected. The programming interface we are "
-#~ "using has not been properly documented by Microsoft and thus the "
-#~ "functionality of GpgOL may cease to work with an update of your Windows "
-#~ "system.\n"
-#~ "\n"
-#~ "WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL "
-#~ "ON ANY SENSITIVE DATA!\n"
-#~ "\n"
-#~ "There are some known problems, the most severe being that sending "
-#~ "encrypted or signed mails using an Exchange based account does not work. "
-#~ "Using GpgOL along with other Outlook plugins may in some cases not work.\n"
-#~ msgstr ""
-#~ "Bem-vindo ao GpgOL 1.0\n"
-#~ "\n"
-#~ "O GpgOL adiciona suporte de encripta??o e assinatura digital OpenPGP e S/"
-#~ "MIME integrado ao Outlook 2003 e 2007.\n"
-#~ "\n"
-#~ "Embora test?mos este software extensivamente, n?o podemos dar qualquer "
-#~ "garantia que funcione da forma esperada. O interface de programa??o em "
-#~ "uso n?o foi propriamente documentado pela Microsoft e da? a "
-#~ "funcionalidade do GpgOL pode deixar de funcionar com uma actualiza??o do "
-#~ "teu sistema Windows.\n"
-#~ "\n"
-#~ "ACONSELHAMOS FORTEMENTE A EXECUTAR TESTES DE ENCRIPTA??O ANTES DE "
-#~ "COME?ARES A USAR O GPGOL EM DADOS SENS?VEIS!\n"
-#~ "\n"
-#~ "Existem alguns problemas conhecidos, os mais graves s?o o n?o "
-#~ "funcionamento de enviar e-mails encriptados ou assinados usando uma conta "
-#~ "com base no Exchange. Usar o GpgOL com outros plugins do Outlook poder? "
-#~ "n?o funcionar em alguns casos.\n"
-
#~ msgid "Select this option to encrypt the message."
#~ msgstr "W?hlen Sie diese Option zum Verschl?sseln der Nachricht."
diff --git a/po/sv.po b/po/sv.po
index d998ed8..5f5c367 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: GPGol\n"
"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n"
-"POT-Creation-Date: 2013-07-12 18:01+0000\n"
+"POT-Creation-Date: 2013-07-15 08:09+0000\n"
"PO-Revision-Date: 2006-12-12 23:52+0100\n"
"Last-Translator: Daniel Nylander \n"
"Language-Team: Swedish \n"
@@ -380,6 +380,25 @@ msgstr ""
msgid "Welcome to GpgOL "
msgstr ""
+#: src/olflange.cpp:528
+msgid ""
+"GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing "
+"support to Outlook 2003 and 2007.\n"
+"\n"
+"Although we tested this software extensively, we can't give you any "
+"guarantee that it will work as expected. The programming interface we are "
+"using has not been properly documented by Microsoft and thus the "
+"functionality of GpgOL may cease to work with an update of your Windows "
+"system.\n"
+"\n"
+"WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL ON "
+"ANY SENSITIVE DATA!\n"
+"\n"
+"There are some known problems, the most severe being that sending encrypted "
+"or signed mails using an Exchange based account does not work. Using GpgOL "
+"along with other Outlook plugins may in some cases not work.\n"
+msgstr ""
+
#: src/olflange.cpp:554
msgid ""
"You have installed a new version of GpgOL.\n"
diff --git a/src/olflange.cpp b/src/olflange.cpp
index 109c6a7..7071ea5 100644
--- a/src/olflange.cpp
+++ b/src/olflange.cpp
@@ -523,9 +523,9 @@ GpgolExt::GpgolExt (void)
that a user will see this message only once. */
MessageBox
(NULL,
- _("Welcome to GpgOL " VERSION "\n"
+ _("Welcome to GpgOL ") VERSION "\n"
"\n"
- "GpgOL adds integrated OpenPGP and S/MIME encryption "
+ _("GpgOL adds integrated OpenPGP and S/MIME encryption "
"and digital signing support to Outlook 2003 and 2007.\n"
"\n"
"Although we tested this software extensively, we can't "
-----------------------------------------------------------------------
Summary of changes:
po/de.po | 75 +++++++++++++++++++++++++---------------------------
po/pt.po | 77 ++++++++++++++++++++++++++---------------------------
po/sv.po | 21 ++++++++++++++-
src/olflange.cpp | 4 +-
4 files changed, 96 insertions(+), 81 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jul 15 15:09:21 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 15 Jul 2013 15:09:21 +0200
Subject: [git] Pinentry - branch, master, updated. pinentry-0.8.3-8-g556d305
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The standard pinentry collection".
The branch, master has been updated
via 556d305b970ed60ef1dc2718fcafbf3bea6b7fea (commit)
via 9b154c9f87abd3ea5df4b763c958e538b19d0904 (commit)
via 4d56651dd4ab2568f8adc7e4448bb1239dbdbfb0 (commit)
via d4feabe153b096db896dfe25bd1bf763d23123d7 (commit)
from 54b9b92c13a496a33868501dec893bc8d82b1a8d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 556d305b970ed60ef1dc2718fcafbf3bea6b7fea
Author: Andre Heinecke
Date: Mon Jul 15 12:43:18 2013 +0000
Lower paste length limit to 300
This should be more then enough and avoids possible problems
with libassuan cmd line lenght or percent escaping etc.
* qt4/qsecurelineedit.cpp (insert): Lower paste limit
diff --git a/qt4/qsecurelineedit.cpp b/qt4/qsecurelineedit.cpp
index 3203433..9611bdb 100644
--- a/qt4/qsecurelineedit.cpp
+++ b/qt4/qsecurelineedit.cpp
@@ -1331,7 +1331,7 @@ void QSecureLineEdit::deselect()
void QSecureLineEdit::insert(const QString &newText)
{
if (!newText.isEmpty() && newText.at(0).isPrint()
- && newText.length() < 1024) {
+ && newText.length() < 300) {
insert( secqstring( newText.begin(), newText.end() ) );
}
}
commit 9b154c9f87abd3ea5df4b763c958e538b19d0904
Author: Andre Heinecke
Date: Mon Jul 15 10:48:15 2013 +0000
Limit paste length to 1023 characters
* qt4/qsecurelineedit.cpp (insert): Check for a maximum
length before allocation the secmem string.
diff --git a/qt4/qsecurelineedit.cpp b/qt4/qsecurelineedit.cpp
index 42c4987..3203433 100644
--- a/qt4/qsecurelineedit.cpp
+++ b/qt4/qsecurelineedit.cpp
@@ -1330,7 +1330,8 @@ void QSecureLineEdit::deselect()
* wanted. Defeats the purpose of the secmem implmentation */
void QSecureLineEdit::insert(const QString &newText)
{
- if (!newText.isEmpty() && newText.at(0).isPrint()) {
+ if (!newText.isEmpty() && newText.at(0).isPrint()
+ && newText.length() < 1024) {
insert( secqstring( newText.begin(), newText.end() ) );
}
}
commit 4d56651dd4ab2568f8adc7e4448bb1239dbdbfb0
Author: Andre Heinecke
Date: Mon Jul 15 09:43:54 2013 +0000
Fix contextmenu support for pasting.
MOC ignores preprocessor definitions so we can not conditionally
declare SLOTS. So we now move the ifdefs in the definition and
always declare the SLOTS.
* qt4/qsecurelinedit.cpp (cut, copy, paste): Do nothing if
QT_NO_CLIPBOARD is defined.
* qt4/qsecurelinedit.h: Always declare cut, copy and paste slots
diff --git a/qt4/qsecurelineedit.cpp b/qt4/qsecurelineedit.cpp
index a04b176..42c4987 100644
--- a/qt4/qsecurelineedit.cpp
+++ b/qt4/qsecurelineedit.cpp
@@ -1430,7 +1430,6 @@ void QSecureLineEdit::setReadOnly(bool enable)
}
-#ifndef QT_NO_CLIPBOARD
/*!
Copies the selected text to the clipboard and deletes it, if there
is any, and if echoMode() is \l Normal.
@@ -1443,10 +1442,12 @@ void QSecureLineEdit::setReadOnly(bool enable)
void QSecureLineEdit::cut()
{
+#ifndef QT_NO_CLIPBOARD
if (hasSelectedText()) {
copy();
del();
}
+#endif
}
@@ -1459,8 +1460,10 @@ void QSecureLineEdit::cut()
void QSecureLineEdit::copy() const
{
+#ifndef QT_NO_CLIPBOARD
Q_D(const QSecureLineEdit);
d->copy();
+#endif
}
/*!
@@ -1476,6 +1479,7 @@ void QSecureLineEdit::copy() const
void QSecureLineEdit::paste()
{
+#ifndef QT_NO_CLIPBOARD
Q_D(QSecureLineEdit);
if(echoMode() == PasswordEchoOnEdit)
{
@@ -1485,8 +1489,10 @@ void QSecureLineEdit::paste()
d->resumePassword = true;
}
insert(QApplication::clipboard()->text(QClipboard::Clipboard));
+#endif
}
+#ifndef QT_NO_CLIPBOARD
void QSecureLineEditPrivate::copy(bool clipboard) const
{
Q_Q(const QSecureLineEdit);
diff --git a/qt4/qsecurelineedit.h b/qt4/qsecurelineedit.h
index 4afdbb2..fec77f6 100644
--- a/qt4/qsecurelineedit.h
+++ b/qt4/qsecurelineedit.h
@@ -200,11 +200,9 @@ public Q_SLOTS:
void selectAll();
void undo();
void redo();
-#ifndef QT_NO_CLIPBOARD
void cut();
void copy() const;
void paste();
-#endif
public:
void deselect();
commit d4feabe153b096db896dfe25bd1bf763d23123d7
Author: Andre Heinecke
Date: Mon Jul 15 08:59:51 2013 +0000
Remove check for RTL extensions
Our code does nothing RTL specific there anyway. And the
qt_use_rtl_extensions symbol has been removed.
* qt4/qsecurelinedit.cpp: Remove check for RTL extensions.
diff --git a/qt4/qsecurelineedit.cpp b/qt4/qsecurelineedit.cpp
index 4384574..a04b176 100644
--- a/qt4/qsecurelineedit.cpp
+++ b/qt4/qsecurelineedit.cpp
@@ -2578,10 +2578,6 @@ void QSecureLineEdit::contextMenuEvent(QContextMenuEvent *event)
delete menu;
}
-#if defined(Q_WS_WIN)
- extern bool qt_use_rtl_extensions;
-#endif
-
/*! This function creates the standard context menu which is shown
when the user clicks on the line edit with the right mouse
button. It is called from the default contextMenuEvent() handler.
@@ -2648,11 +2644,7 @@ QMenu *QSecureLineEdit::createStandardContextMenu()
}
#endif
-#if defined(Q_WS_WIN)
- if (!d->readOnly && qt_use_rtl_extensions) {
-#else
if (!d->readOnly) {
-#endif
popup->addSeparator();
//QUnicodeControlCharacterMenu *ctrlCharacterMenu = new QUnicodeControlCharacterMenu(this, popup);
//popup->addMenu(ctrlCharacterMenu);
-----------------------------------------------------------------------
Summary of changes:
qt4/qsecurelineedit.cpp | 19 +++++++++----------
qt4/qsecurelineedit.h | 2 --
2 files changed, 9 insertions(+), 12 deletions(-)
hooks/post-receive
--
The standard pinentry collection
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jul 15 15:54:45 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 15 Jul 2013 15:54:45 +0200
Subject: [git] GpgOL - branch, outlook14, updated. gpgol-1.1.3-40-g51a9225
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been updated
via 51a92254556d17e3d3e3fe452fc9f411d5dae7b4 (commit)
via b8d5974cb98a48fb4e236e3838b3db63f328302b (commit)
via e7c013fa8c81bad7b6f340512204d690ffab172b (commit)
from 6f19e712c4308fce5331ffb67c38b30a37446dcb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 51a92254556d17e3d3e3fe452fc9f411d5dae7b4
Author: Andre Heinecke
Date: Mon Jul 15 13:29:30 2013 +0000
Handle attachments in the reader window.
Previously the UI was only shown in the Preview window (Explorer)
* src/gpgoladdin.cpp (GetCustomUI): Add contextualmenu and context
menu for attachments.
diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp
index 047858d..099015b 100644
--- a/src/gpgoladdin.cpp
+++ b/src/gpgoladdin.cpp
@@ -624,6 +624,19 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" "
L" "
L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
+ L" "
L" "
L""
L""
@@ -631,10 +644,17 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml)
L" label=\"%S\""
L" onAction=\"decryptSelection\"/>"
L" "
+ L" "
+ L" "
+ L" "
L""
- L"", _("GpgOL"), _("General"),
- _("Start Certificate Manager"),
- _("Textbody"),
+ L"",
+ _("GpgOL"), _("General"), _("Start Certificate Manager"),
+ _("Textbody"), _("Decrypt"),
+ _("GpgOL"), _("Save and decrypt"),
_("Decrypt"),
_("Decrypt"));
}
commit b8d5974cb98a48fb4e236e3838b3db63f328302b
Author: Andre Heinecke
Date: Mon Jul 15 13:28:14 2013 +0000
Really fix gettext usage for the welcome message
* src/olflange.cpp (GpgolExt): Combine welcome message strings
with printf.
diff --git a/src/olflange.cpp b/src/olflange.cpp
index 7071ea5..10be051 100644
--- a/src/olflange.cpp
+++ b/src/olflange.cpp
@@ -521,28 +521,28 @@ GpgolExt::GpgolExt (void)
/* Note: If you want to change the announcment, you need to
increment the ANNOUNCE_NUMBER above. The number assures
that a user will see this message only once. */
- MessageBox
- (NULL,
- _("Welcome to GpgOL ") VERSION "\n"
- "\n"
- _("GpgOL adds integrated OpenPGP and S/MIME encryption "
- "and digital signing support to Outlook 2003 and 2007.\n"
- "\n"
- "Although we tested this software extensively, we can't "
- "give you any guarantee that it will work as expected. "
- "The programming interface we are using has not been properly "
- "documented by Microsoft and thus the functionality of GpgOL "
- "may cease to work with an update of your Windows system.\n"
- "\n"
- "WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START "
- "TO USE GPGOL ON ANY SENSITIVE DATA!\n"
- "\n"
- "There are some known problems, the most severe being "
- "that sending encrypted or signed mails using an Exchange "
- "based account does not work. Using GpgOL along with "
- "other Outlook plugins may in some cases not work."
- "\n"),
- "GpgOL", MB_ICONINFORMATION|MB_OK);
+ char buffer[4096];
+
+ snprintf (buffer, sizeof buffer, "%s\n\n%s%s",
+ _("Welcome to GpgOL "), VERSION,
+ _("GpgOL adds integrated OpenPGP and S/MIME encryption "
+ "and digital signing support to Outlook 2003 and 2007.\n"
+ "\n"
+ "Although we tested this software extensively, we can't "
+ "give you any guarantee that it will work as expected. "
+ "The programming interface we are using has not been properly "
+ "documented by Microsoft and thus the functionality of GpgOL "
+ "may cease to work with an update of your Windows system.\n"
+ "\n"
+ "WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START "
+ "TO USE GPGOL ON ANY SENSITIVE DATA!\n"
+ "\n"
+ "There are some known problems, the most severe being "
+ "that sending encrypted or signed mails using an Exchange "
+ "based account does not work. Using GpgOL along with "
+ "other Outlook plugins may in some cases not work."
+ "\n"));
+ MessageBox (NULL, buffer, "GpgOL", MB_ICONINFORMATION|MB_OK);
/* Show this warning only once. */
opt.announce_number = ANNOUNCE_NUMBER;
write_options ();
commit e7c013fa8c81bad7b6f340512204d690ffab172b
Author: Andre Heinecke
Date: Mon Jul 15 13:25:03 2013 +0000
Also hack of garbage at the end of OpenPGP stream
Testing showed that this can also happen for OpenPGP
encrypted messages. Need to investigate what is wrong.
* src/ribbon-callbacks.cpp (encryptInspector): Cut of garbage
at the end of OpenPGP stream, too.
diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp
index 7462f20..7712d06 100644
--- a/src/ribbon-callbacks.cpp
+++ b/src/ribbon-callbacks.cpp
@@ -316,17 +316,17 @@ encryptInspector (LPDISPATCH ctrl, int flags)
}
if (strlen (buffer) > 1)
{
+ char* lastlinebreak = strrchr (buffer, '\n');
+ if (lastlinebreak && (lastlinebreak - buffer) > 1)
+ {
+ /*XXX there is some strange data in the buffer
+ after the last linebreak investigate this and
+ fix it! */
+ lastlinebreak[1] = '\0';
+ }
/* Now replace the selection with the encrypted text */
if (protocol == PROTOCOL_SMIME)
{
- char* lastlinebreak = strrchr (buffer, '\n');
- if (lastlinebreak && (lastlinebreak - buffer) > 1)
- {
- /*XXX there is some strange data in the buffer
- after the last linebreak investigate this and
- fix it! */
- lastlinebreak[1] = '\0';
- }
unsigned int enclosedSize = strlen (buffer) + 34 + 31 + 1;
char enclosedData[enclosedSize];
snprintf (enclosedData, sizeof enclosedData,
-----------------------------------------------------------------------
Summary of changes:
src/gpgoladdin.cpp | 26 +++++++++++++++++++++++---
src/olflange.cpp | 44 ++++++++++++++++++++++----------------------
src/ribbon-callbacks.cpp | 16 ++++++++--------
3 files changed, 53 insertions(+), 33 deletions(-)
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jul 15 15:59:38 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 15 Jul 2013 15:59:38 +0200
Subject: [git] GpgOL - branch, master, updated. gpgol-1.1.3-41-g3408e00
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, master has been updated
via 3408e003620e0c5a1c7f8a52085b9668dcdaf862 (commit)
via 51a92254556d17e3d3e3fe452fc9f411d5dae7b4 (commit)
via b8d5974cb98a48fb4e236e3838b3db63f328302b (commit)
via e7c013fa8c81bad7b6f340512204d690ffab172b (commit)
via 6f19e712c4308fce5331ffb67c38b30a37446dcb (commit)
via 3d80d4e9fe7dad640a0b1c283d6f458ee36d53dc (commit)
via 4df9001367b5438937191466db288facdffe4204 (commit)
via 7963564cb41b4b3c8aede32bdc7a88e76bf326f3 (commit)
via 98acc5a6122cb1c664a4c7c0d91472911fcb96f2 (commit)
via 29dccaed22246f9546aa522a1c4a314fe9c813a4 (commit)
via 7ffe414c43e5b8c75da60d23e00fb6943ffdfed2 (commit)
via 22a5a7f43cc683102ff05df98c4d9e4b9d177253 (commit)
via a0a963a941ee89e70afd01115c6b2d46ce22604a (commit)
via 8ee687d2167b2af81784dc3adb00033dfa645db5 (commit)
via 532d7417713e4f3ac9ad4db011fbe117e0fa15de (commit)
via e343c1843b4103749e20796aea94e90035a61bf5 (commit)
via 1a5693177632f4cc7b7480aa0047de274ffab0d1 (commit)
via 7d3eccb79093dab365b2e4124b98baacfa527671 (commit)
via 289c0700ecf91048f122adddf86b00eb4b22675a (commit)
via d501119f6d14899bf27dfeb8eb98f54c8fa17da3 (commit)
via 40e13e006c87d47f001c9a0dfa42fa0a6cde5294 (commit)
via c7552e035bdf2cba949911fb6bb72f9a6c3d55e1 (commit)
via 0c1d76ee531268dc21346012d6bef5d52bf09777 (commit)
via a8ec27515b34aeecbf00393db6a2f54f073b88c8 (commit)
via a0aee83e9a355b32b6a1c952a0391d08039f0256 (commit)
via 984364ac4b150c39c4073f8dd70c238c2353aecf (commit)
via e928b6fee0ffa319e4c8d13faf1eda09a0aab302 (commit)
via a86891f29d9f495e8aafc3824d575b15c5205aa9 (commit)
via 1ac489eadc378b3326c912e930859c199aafd140 (commit)
via 3f9cedf40b5bbba3ddf4fdcaad46e3749ce91724 (commit)
via bd44cdf7984cc6e41c6b390577626a6c60c8ae75 (commit)
via 76061280cb9e28971e05b473b1a0d771dc592ae8 (commit)
via d737d168278cfec479cb1bd49b8825d98e7260c0 (commit)
via 3aae0ada6f19ef45ee2392afbb93df92bb093bf0 (commit)
via 3fc86e1ca4700c6a91ddab8168fdbe486616e996 (commit)
via 2dec95936ebfa8e8a8b5f474bfb423b5d18b40bb (commit)
via 5dd6e2b9a52e05f754109c5858eebc330f6a0176 (commit)
via e1853176eaf2e0411f471f1cc30a783676a5d912 (commit)
via bf9f567b67512b8b75785941eafdcf47fb5a7cf5 (commit)
via 5e2da8b3e8b65cd9642b830b2978dee269737d0d (commit)
from 7ada63ab3c958dfbad3dba9192427bed704dc3dd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3408e003620e0c5a1c7f8a52085b9668dcdaf862
Merge: 7ada63a 51a9225
Author: Andre Heinecke
Date: Mon Jul 15 13:32:42 2013 +0000
Merge branch 'outlook14'
-----------------------------------------------------------------------
Summary of changes:
po/POTFILES.in | 2 +
po/de.po | 112 +++++--
po/pt.po | 107 ++++-
po/sv.po | 102 ++++-
src/Makefile.am | 13 +-
src/README.icons | 18 +-
src/common.c | 150 ++++----
src/common.h | 24 --
src/decrypt-16.png | Bin 0 -> 418 bytes
src/decrypt-48.png | Bin 0 -> 2104 bytes
src/dialogs.h | 8 +-
src/dialogs.rc | 35 +-
src/encrypt-16.png | Bin 0 -> 383 bytes
src/encrypt-48.png | Bin 0 -> 2474 bytes
src/encrypt-sign-file-48.png | Bin 0 -> 9415 bytes
src/engine-assuan.c | 33 ++
src/engine-assuan.h | 2 +
src/filetype.c | 150 +++++++
src/filetype.h | 35 ++
src/gpgol-ids.h | 3 +-
src/gpgol.def | 2 +
src/gpgoladdin.cpp | 735 ++++++++++++++++++++++++++++++++++
src/gpgoladdin.h | 230 +++++++++++
src/key-manager-64.png | Bin 0 -> 3361 bytes
src/mapihelp.cpp | 5 +-
src/mimemaker.c | 26 +-
src/mimemaker.h | 23 +-
src/mimeparser.c | 5 +-
src/olflange.cpp | 183 +++++++---
src/olflange.h | 29 ++-
src/oomhelp.cpp | 31 ++-
src/parsetlv.c | 103 +++++
src/parsetlv.h | 55 +++
src/ribbon-callbacks.cpp | 899 ++++++++++++++++++++++++++++++++++++++++++
src/ribbon-callbacks.h | 52 +++
src/util.h | 4 +
src/versioninfo.rc.in | 2 +-
37 files changed, 2919 insertions(+), 259 deletions(-)
create mode 100644 src/decrypt-16.png
create mode 100644 src/decrypt-48.png
create mode 100644 src/encrypt-16.png
create mode 100644 src/encrypt-48.png
create mode 100644 src/encrypt-sign-file-48.png
create mode 100644 src/filetype.c
create mode 100644 src/filetype.h
create mode 100644 src/gpgoladdin.cpp
create mode 100644 src/gpgoladdin.h
create mode 100644 src/key-manager-64.png
create mode 100644 src/parsetlv.c
create mode 100644 src/parsetlv.h
create mode 100644 src/ribbon-callbacks.cpp
create mode 100644 src/ribbon-callbacks.h
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jul 15 16:00:22 2013
From: cvs at cvs.gnupg.org (by Andre Heinecke)
Date: Mon, 15 Jul 2013 16:00:22 +0200
Subject: [git] GpgOL - branch, outlook14, deleted. gpgol-1.1.3-40-g51a9225
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GnuPG extension for MS Outlook".
The branch, outlook14 has been deleted
was 51a92254556d17e3d3e3fe452fc9f411d5dae7b4
-----------------------------------------------------------------------
51a92254556d17e3d3e3fe452fc9f411d5dae7b4 Handle attachments in the reader window.
-----------------------------------------------------------------------
hooks/post-receive
--
GnuPG extension for MS Outlook
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jul 15 16:07:14 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 15 Jul 2013 16:07:14 +0200
Subject: [git] GPG-ERROR - branch, master,
updated. libgpg-error-1.12-3-g52e1f2e
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Error codes used by GnuPG et al.".
The branch, master has been updated
via 52e1f2e131b422fdb66abeaf4a8f084689b39bf7 (commit)
via 659389fb01a924f1c2b24f59d2c2d6cccb17ce4e (commit)
from 670dc6c4a7082370be29861e13310555f62f2b4b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 52e1f2e131b422fdb66abeaf4a8f084689b39bf7
Author: Werner Koch
Date: Mon Jul 15 15:31:55 2013 +0200
w32: Fix corrupted string output.
* src/w32-gettext.c (get_string): Pass the nul of the utf-8 string to
the conversion function but keep TRANSLEN without the nul.
--
The bug first occurred on Windows 8 but it is a real thing. Assuming
that a malloced buffer is zeroed out is not solid assumptions ;-)
diff --git a/src/w32-gettext.c b/src/w32-gettext.c
index 936cafe..89f505d 100644
--- a/src/w32-gettext.c
+++ b/src/w32-gettext.c
@@ -1617,6 +1617,17 @@ get_string (struct loaded_domain *domain, uint32_t idx,
+ SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
plen_utf8 = SWAPIT(domain->must_swap, domain->trans_tab[idx].length);
+ /* We need to include the nul, so that the utf8->wchar->native
+ conversion chain works correctly and the nul is stored after
+ the conversion. */
+ if (p_utf8[plen_utf8])
+ {
+ trans = "ERROR in MO file"; /* Terminating zero is missing. */
+ translen = 0;
+ goto leave;
+ }
+ plen_utf8++;
+
buf = utf8_to_native (p_utf8, plen_utf8, &buflen);
if (!buf)
{
@@ -1640,10 +1651,10 @@ get_string (struct loaded_domain *domain, uint32_t idx,
/* There is not enough space for the translation (or for
whatever reason an empty string is used): Store it in the
overflow_space and mark that in the mapped array.
- Because UTF-8 strings are in general shorter than the
- Windows 2 byte encodings, we expect that this won't
- happen too often (if at all) and thus we use a linked
- list to manage this space. */
+ Because UTF-8 strings are in general longer than the
+ Windows native encoding, we expect that this won't happen
+ too often and thus we use a linked list to manage this
+ space. */
os = jnlib_malloc (sizeof *os + buflen);
if (os)
{
@@ -1662,6 +1673,8 @@ get_string (struct loaded_domain *domain, uint32_t idx,
translen = 0;
}
}
+ if (translen)
+ translen--; /* TRANSLEN shall be the size without the nul. */
jnlib_free (buf);
}
else if (domain->mapped[idx] == 1)
@@ -1688,6 +1701,7 @@ get_string (struct loaded_domain *domain, uint32_t idx,
translen = domain->mapped[idx];
}
+ leave:
if (use_plural && translen)
return get_plural (trans, translen, nplural);
else
commit 659389fb01a924f1c2b24f59d2c2d6cccb17ce4e
Author: Werner Koch
Date: Mon Jul 15 13:48:38 2013 +0200
Remove trailing spaces from w32-gettext.c.
--
diff --git a/src/w32-gettext.c b/src/w32-gettext.c
index fbb256e..936cafe 100644
--- a/src/w32-gettext.c
+++ b/src/w32-gettext.c
@@ -3,17 +3,17 @@
2008, 2010 Free Software Foundation, Inc.
This file is part of libgpg-error.
-
+
libgpg-error is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public License
as published by the Free Software Foundation; either version 2.1 of
the License, or (at your option) any later version.
-
+
libgpg-error is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
-
+
You should have received a copy of the GNU Lesser General Public
License along with this program; if not, see .
*/
@@ -634,8 +634,8 @@ MyCreateFileA (LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwSharedMode,
#ifndef SUBLANG_UZBEK_CYRILLIC
#define SUBLANG_UZBEK_CYRILLIC 0x02
#endif
-
-/* Return an XPG style locale name
+
+/* Return an XPG style locale name
language[_territory[.codeset]][@modifier].
Don't even bother determining the codeset; it's not useful in this
context, because message catalogs are not specific to a single
@@ -1081,7 +1081,7 @@ hash_string (const char *str_param)
{
unsigned long int hval, g;
const char *str = str_param;
-
+
hval = 0;
while (*str != '\0')
{
@@ -1225,7 +1225,7 @@ free_domain (struct loaded_domain *domain)
jnlib_free (domain);
}
-
+
static struct loaded_domain *
load_domain (const char *filename)
{
@@ -1293,7 +1293,7 @@ load_domain (const char *filename)
domain->data = (char *) data;
domain->data_native = (char *) data + size;
domain->must_swap = data->magic != MAGIC;
-
+
/* Fill in the information about the available tables. */
switch (SWAPIT (domain->must_swap, data->revision))
{
@@ -1307,7 +1307,7 @@ load_domain (const char *filename)
that many translations is very unlikely given that GnuPG
with its very large number of strings has only about 1600
strings + variants. */
- nstrings = SWAPIT (domain->must_swap, data->nstrings);
+ nstrings = SWAPIT (domain->must_swap, data->nstrings);
if (nstrings > 65534)
goto bailout;
domain->nstrings = nstrings;
@@ -1353,7 +1353,7 @@ utf8_to_wchar (const char *string, size_t length, size_t *retlen)
return NULL;
nbytes = (size_t)(n+1) * sizeof(*result);
- if (nbytes / sizeof(*result) != (n+1))
+ if (nbytes / sizeof(*result) != (n+1))
{
gpg_err_set_errno (ENOMEM);
return NULL;
@@ -1606,17 +1606,17 @@ get_string (struct loaded_domain *domain, uint32_t idx,
+ SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
translen = SWAPIT(domain->must_swap, domain->trans_tab[idx].length);
}
- else if (!domain->mapped[idx])
+ else if (!domain->mapped[idx])
{
/* Not yet mapped. Map from utf-8 to native encoding now. */
const char *p_utf8;
size_t plen_utf8, buflen;
char *buf;
- p_utf8 = (domain->data
+ p_utf8 = (domain->data
+ SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
plen_utf8 = SWAPIT(domain->must_swap, domain->trans_tab[idx].length);
-
+
buf = utf8_to_native (p_utf8, plen_utf8, &buflen);
if (!buf)
{
@@ -1628,7 +1628,7 @@ get_string (struct loaded_domain *domain, uint32_t idx,
/* Copy into the DATA_NATIVE area. */
char *p_tmp;
- p_tmp = (domain->data_native
+ p_tmp = (domain->data_native
+ SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
memcpy (p_tmp, buf, buflen);
domain->mapped[idx] = buflen;
@@ -1664,7 +1664,7 @@ get_string (struct loaded_domain *domain, uint32_t idx,
}
jnlib_free (buf);
}
- else if (domain->mapped[idx] == 1)
+ else if (domain->mapped[idx] == 1)
{
/* The translated string is in the overflow_space. */
for (os=domain->overflow_space; os; os = os->next)
@@ -1681,8 +1681,8 @@ get_string (struct loaded_domain *domain, uint32_t idx,
translen = 0;
}
}
- else
- {
+ else
+ {
trans = (domain->data_native
+ SWAPIT(domain->must_swap, domain->trans_tab[idx].offset));
translen = domain->mapped[idx];
@@ -1696,7 +1696,7 @@ get_string (struct loaded_domain *domain, uint32_t idx,
static const char *
-do_gettext (const char *domainname,
+do_gettext (const char *domainname,
const char *msgid, const char *msgid2, unsigned long nplural)
{
struct domainlist_s *dl;
@@ -1704,14 +1704,14 @@ do_gettext (const char *domainname,
int load_failed;
uint32_t top, bottom, nstr;
char *filename;
-
+
if (!domainname)
domainname = current_domainname? current_domainname : "";
/* FIXME: The whole locking stuff is a bit questionable because
gettext does not claim to be thread-safe. We need to investigate
this further. */
-
+
load_failed = 0;
domain = NULL;
filename = NULL;
@@ -1763,7 +1763,7 @@ do_gettext (const char *domainname,
domain = NULL;
}
}
-
+
if (!domain)
goto not_found; /* No MO file. */
@@ -1780,7 +1780,7 @@ do_gettext (const char *domainname,
{
nstr--;
if (nstr < domain->nstrings
- && SWAPIT(domain->must_swap,
+ && SWAPIT(domain->must_swap,
domain->orig_tab[nstr].length) >= len
&& !strcmp (msgid, (domain->data
+ SWAPIT(domain->must_swap,
@@ -1803,7 +1803,7 @@ do_gettext (const char *domainname,
while (bottom < top)
{
int cmp_val;
-
+
nstr = (bottom + top) / 2;
cmp_val = strcmp (msgid, (domain->data
+ SWAPIT(domain->must_swap,
@@ -1909,10 +1909,10 @@ _gpg_w32_gettext_use_utf8 (int value)
int
main (int argc, char **argv)
{
- const char atext1[] =
+ const char atext1[] =
"Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should be at least %u character long.";
- const char atext2[] =
+ const char atext2[] =
"Warning: You have entered an insecure passphrase.%%0A"
"A passphrase should be at least %u characters long.";
@@ -1921,7 +1921,7 @@ main (int argc, char **argv)
argc--;
argv++;
}
-
+
_gpg_err_w32_bindtextdomain ("gnupg2", "c:/programme/gnu/gnupg/share/locale");
printf ("locale is `%s'\n", _gpg_err_w32_gettext_localename ());
-----------------------------------------------------------------------
Summary of changes:
src/w32-gettext.c | 74 +++++++++++++++++++++++++++++++---------------------
1 files changed, 44 insertions(+), 30 deletions(-)
hooks/post-receive
--
Error codes used by GnuPG et al.
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jul 16 02:47:12 2013
From: cvs at cvs.gnupg.org (by NIIBE Yutaka)
Date: Tue, 16 Jul 2013 02:47:12 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.13-9-gf61d8fa
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via f61d8fa5a7591423f5a2ef43725b308acd5f2357 (commit)
from 212a325d428e0ab5c51c42a3ea33efb21ad1f79f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f61d8fa5a7591423f5a2ef43725b308acd5f2357
Author: NIIBE Yutaka
Date: Tue Jul 16 09:21:54 2013 +0900
gpg: fix previous change
* g10/gpgv.c: Fix void dotlock_remove_lockfiles.
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 2d51829..a337fc7 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -437,4 +437,4 @@ dotlock_t dotlock_create (const char *file_to_lock, unsigned int flags)
void dotlock_destroy (dotlock_t h, int reclaim) {}
int dotlock_take (dotlock_t h, long timeout) { return 0;}
int dotlock_release (dotlock_t h) {return 0;}
-void dotlock_remove_lockfiles (void, int reclaim) {}
+void dotlock_remove_lockfiles (int reclaim) {}
-----------------------------------------------------------------------
Summary of changes:
g10/gpgv.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jul 17 10:47:46 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 17 Jul 2013 10:47:46 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-164-g6e1adb0
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 6e1adb05d290aeeb1c230c763970695f4a538526 (commit)
from 61b44812728d1feca880a613c685040ba82c05ce (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6e1adb05d290aeeb1c230c763970695f4a538526
Author: Werner Koch
Date: Wed Jul 17 10:18:39 2013 +0200
Fix a special case bug in mpi_powm for e==0.
* mpi/mpi-pow.c (gcry_mpi_powm): For a zero exponent, make sure that
the result has been allocated.
--
This code triggered the problem:
modulus = gcry_mpi_set_ui(NULL, 100);
generator = gcry_mpi_set_ui(NULL, 3);
exponent = gcry_mpi_set_ui(NULL, 0);
result = gcry_mpi_new(0);
gcry_mpi_powm(result, generator, exponent, modulus);
gcry_mpi_new(0) does not allocate the limb space thus it is not
possible to write even into the first limb. Workaround was to use
gcry_mpi_new (1) but a real fix is better.
Reported-by: Ian Goldberg
Signed-off-by: Werner Koch
diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
index 891a7e6..7ec49d7 100644
--- a/mpi/mpi-pow.c
+++ b/mpi/mpi-pow.c
@@ -81,9 +81,14 @@ gcry_mpi_powm (gcry_mpi_t res,
if (!esize)
{
/* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0 depending
- on if MOD equals 1. */
- rp[0] = 1;
+ on if MOD equals 1. */
res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1;
+ if (res->nlimbs)
+ {
+ RESIZE_IF_NEEDED (res, 1);
+ rp = res->d;
+ rp[0] = 1;
+ }
res->sign = 0;
goto leave;
}
-----------------------------------------------------------------------
Summary of changes:
mpi/mpi-pow.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Wed Jul 17 10:53:13 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Wed, 17 Jul 2013 10:53:13 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH,
updated. libgcrypt-1.5.2-2-g366e7b1
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, LIBGCRYPT-1-5-BRANCH has been updated
via 366e7b1925cfebb259cc268ed3eb6687e9c8fd77 (commit)
from 0c528aff1b28f0a317ae94675228c04db7a832da (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 366e7b1925cfebb259cc268ed3eb6687e9c8fd77
Author: Werner Koch
Date: Wed Jul 17 10:18:39 2013 +0200
Fix a special case bug in mpi_powm for e==0.
* mpi/mpi-pow.c (gcry_mpi_powm): For a zero exponent, make sure that
the result has been allocated.
--
This code triggered the problem:
modulus = gcry_mpi_set_ui(NULL, 100);
generator = gcry_mpi_set_ui(NULL, 3);
exponent = gcry_mpi_set_ui(NULL, 0);
result = gcry_mpi_new(0);
gcry_mpi_powm(result, generator, exponent, modulus);
gcry_mpi_new(0) does not allocate the limb space thus it is not
possible to write even into the first limb. Workaround was to use
gcry_mpi_new (1) but a real fix is better.
Reported-by: Ian Goldberg
Signed-off-by: Werner Koch
(cherry picked from commit 6e1adb05d290aeeb1c230c763970695f4a538526)
diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
index 33bbebe..f4aebdb 100644
--- a/mpi/mpi-pow.c
+++ b/mpi/mpi-pow.c
@@ -81,9 +81,14 @@ gcry_mpi_powm (gcry_mpi_t res,
if (!esize)
{
/* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0 depending
- on if MOD equals 1. */
- rp[0] = 1;
+ on if MOD equals 1. */
res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1;
+ if (res->nlimbs)
+ {
+ RESIZE_IF_NEEDED (res, 1);
+ rp = res->d;
+ rp[0] = 1;
+ }
res->sign = 0;
goto leave;
}
-----------------------------------------------------------------------
Summary of changes:
mpi/mpi-pow.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jul 18 22:04:59 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 18 Jul 2013 22:04:59 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-168-gc488509
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via c4885092088431e7928e4459fda20cc0e8ceb201 (commit)
via f6d6e0200fa823d377a342efacaf3d61e4303dc3 (commit)
via 364d019e3ffedfcb434576702f73e767cb9389ef (commit)
via 5940e66cbefea3de5924f494f18aed69bb694bff (commit)
from 6e1adb05d290aeeb1c230c763970695f4a538526 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c4885092088431e7928e4459fda20cc0e8ceb201
Author: Werner Koch
Date: Thu Jul 18 21:32:05 2013 +0200
Add support for Salsa20.
* src/gcrypt.h.in (GCRY_CIPHER_SALSA20): New.
* cipher/salsa20.c: New.
* configure.ac (available_ciphers): Add Salsa20.
* cipher/cipher.c: Register Salsa20.
(cipher_setiv): Allow to divert an IV to a cipher module.
* src/cipher-proto.h (cipher_setiv_func_t): New.
(cipher_extra_spec): Add field setiv.
* src/cipher.h: Declare Salsa20 definitions.
* tests/basic.c (check_stream_cipher): New.
(check_stream_cipher_large_block): New.
(check_cipher_modes): Run new test functions.
(check_ciphers): Add simple test for Salsa20.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index ac60993..b1ad7ac 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,8 @@ Noteworthy changes in version 1.6.0 (unreleased)
* Added support for the IDEA cipher algorithm.
+ * Added support for the Salsa20 stream cipher.
+
* Added a random number generator to directly use the system's RNG.
Also added an interface to prefer the use of a specified RNG.
@@ -70,6 +72,7 @@ Noteworthy changes in version 1.6.0 (unreleased)
gcry_pubkey_get_sexp NEW.
GCRYCTL_DISABLE_LOCKED_SECMEM NEW.
GCRYCTL_DISABLE_PRIV_DROP NEW.
+ GCRY_CIPHER_SALSA20 NEW.
Noteworthy changes in version 1.5.0 (2011-06-29)
diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index c2a94c5..75ad987 100644
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@@ -67,6 +67,7 @@ md5.c \
rijndael.c rijndael-tables.h rijndael-amd64.S \
rmd160.c \
rsa.c \
+salsa20.c \
scrypt.c \
seed.c \
serpent.c serpent-sse2-amd64.S serpent-avx2-amd64.S \
diff --git a/cipher/cipher.c b/cipher/cipher.c
index d7ebea8..08d6165 100644
--- a/cipher/cipher.c
+++ b/cipher/cipher.c
@@ -104,6 +104,10 @@ static struct cipher_table_entry
{ &_gcry_cipher_spec_idea,
&dummy_extra_spec, GCRY_CIPHER_IDEA },
#endif
+#if USE_SALSA20
+ { &_gcry_cipher_spec_salsa20,
+ &_gcry_cipher_extraspec_salsa20, GCRY_CIPHER_SALSA20 },
+#endif
{ NULL }
};
@@ -845,8 +849,16 @@ cipher_setkey (gcry_cipher_hd_t c, byte *key, unsigned int keylen)
/* Set the IV to be used for the encryption context C to IV with
length IVLEN. The length should match the required length. */
static void
-cipher_setiv( gcry_cipher_hd_t c, const byte *iv, unsigned ivlen )
+cipher_setiv (gcry_cipher_hd_t c, const byte *iv, unsigned ivlen)
{
+ /* If the cipher has its own IV handler, we use only this one. This
+ is currently used for stream ciphers requiring a nonce. */
+ if (c->extraspec && c->extraspec->setiv)
+ {
+ c->extraspec->setiv (&c->context.c, iv, ivlen);
+ return;
+ }
+
memset (c->u_iv.iv, 0, c->cipher->blocksize);
if (iv)
{
diff --git a/cipher/salsa20.c b/cipher/salsa20.c
new file mode 100644
index 0000000..e26c328
--- /dev/null
+++ b/cipher/salsa20.c
@@ -0,0 +1,380 @@
+/* salsa20.c - Bernstein's Salsa20 cipher
+ * Copyright (C) 2012 Simon Josefsson, Niels M?ller
+ * Copyright (C) 2013 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser general Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see .
+ *
+ * For a description of the algorithm, see:
+ * http://cr.yp.to/snuffle/spec.pdf
+ * http://cr.yp.to/snuffle/design.pdf
+ */
+
+/* The code is based on the code in Nettle
+ (git commit id 9d2d8ddaee35b91a4e1a32ae77cba04bea3480e7)
+ which in turn is based on
+ salsa20-ref.c version 20051118
+ D. J. Bernstein
+ Public domain.
+*/
+
+
+#include
+#include
+#include
+#include
+#include "types.h"
+#include "g10lib.h"
+#include "cipher.h"
+#include "bufhelp.h"
+
+#define SALSA20_MIN_KEY_SIZE 16 /* Bytes. */
+#define SALSA20_MAX_KEY_SIZE 32 /* Bytes. */
+#define SALSA20_BLOCK_SIZE 64 /* Bytes. */
+#define SALSA20_IV_SIZE 8 /* Bytes. */
+#define SALSA20_INPUT_LENGTH 16 /* Bytes. */
+
+/* Number of rounds. The standard uses 20 rounds. In any case the
+ number of rounds must be even. */
+#define SALSA20_ROUNDS 20
+
+
+typedef struct
+{
+ /* Indices 1-4 and 11-14 holds the key (two identical copies for the
+ shorter key size), indices 0, 5, 10, 15 are constant, indices 6, 7
+ are the IV, and indices 8, 9 are the block counter:
+
+ C K K K
+ K C I I
+ B B C K
+ K K K C
+ */
+ u32 input[SALSA20_INPUT_LENGTH];
+ u32 pad[SALSA20_INPUT_LENGTH];
+ unsigned int unused; /* bytes in the pad. */
+} SALSA20_context_t;
+
+
+/* The masking of the right shift is needed to allow n == 0 (using
+ just 32 - n and 64 - n results in undefined behaviour). Most uses
+ of these macros use a constant and non-zero rotation count. */
+#define ROTL32(n,x) (((x)<<(n)) | ((x)>>((-(n)&31))))
+
+
+#ifdef WORDS_BIGENDIAN
+# define LE_SWAP32(v) \
+ ( (ROTL32( 8, v) & 0x00FF00FFul) \
+ |(ROTL32(24, v) & 0xFF00FF00ul))
+#else
+# define LE_SWAP32(v) (v)
+#endif
+
+#define LE_READ_UINT32(p) \
+ ( (((u32)(p)[3]) << 24) \
+ | (((u32)(p)[2]) << 16) \
+ | (((u32)(p)[1]) << 8) \
+ | ((u32)(p)[0]))
+
+
+static void salsa20_setiv (void *context, const byte *iv, unsigned int ivlen);
+static const char *selftest (void);
+
+
+
+#if 0
+# define SALSA20_CORE_DEBUG(i) do { \
+ unsigned debug_j; \
+ for (debug_j = 0; debug_j < 16; debug_j++) \
+ { \
+ if (debug_j == 0) \
+ fprintf(stderr, "%2d:", (i)); \
+ else if (debug_j % 4 == 0) \
+ fprintf(stderr, "\n "); \
+ fprintf(stderr, " %8x", pad[debug_j]); \
+ } \
+ fprintf(stderr, "\n"); \
+ } while (0)
+#else
+# define SALSA20_CORE_DEBUG(i)
+#endif
+
+#define QROUND(x0, x1, x2, x3) \
+ do { \
+ x1 ^= ROTL32 ( 7, x0 + x3); \
+ x2 ^= ROTL32 ( 9, x1 + x0); \
+ x3 ^= ROTL32 (13, x2 + x1); \
+ x0 ^= ROTL32 (18, x3 + x2); \
+ } while(0)
+
+static void
+salsa20_core (u32 *dst, const u32 *src)
+{
+ u32 pad[SALSA20_INPUT_LENGTH];
+ unsigned int i;
+
+ memcpy (pad, src, sizeof(pad));
+ for (i = 0; i < SALSA20_ROUNDS; i += 2)
+ {
+ SALSA20_CORE_DEBUG (i);
+ QROUND (pad[0], pad[4], pad[8], pad[12]);
+ QROUND (pad[5], pad[9], pad[13], pad[1] );
+ QROUND (pad[10], pad[14], pad[2], pad[6] );
+ QROUND (pad[15], pad[3], pad[7], pad[11]);
+
+ SALSA20_CORE_DEBUG (i+1);
+ QROUND (pad[0], pad[1], pad[2], pad[3] );
+ QROUND (pad[5], pad[6], pad[7], pad[4] );
+ QROUND (pad[10], pad[11], pad[8], pad[9] );
+ QROUND (pad[15], pad[12], pad[13], pad[14]);
+ }
+ SALSA20_CORE_DEBUG (i);
+
+ for (i = 0; i < SALSA20_INPUT_LENGTH; i++)
+ {
+ u32 t = pad[i] + src[i];
+ dst[i] = LE_SWAP32 (t);
+ }
+}
+#undef QROUND
+#undef SALSA20_CORE_DEBUG
+
+static gcry_err_code_t
+salsa20_do_setkey (SALSA20_context_t *ctx,
+ const byte *key, unsigned int keylen)
+{
+ static int initialized;
+ static const char *selftest_failed;
+
+ if (!initialized )
+ {
+ initialized = 1;
+ selftest_failed = selftest ();
+ if (selftest_failed)
+ log_error ("SALSA20 selftest failed (%s)\n", selftest_failed );
+ }
+ if (selftest_failed)
+ return GPG_ERR_SELFTEST_FAILED;
+
+ if (keylen != SALSA20_MIN_KEY_SIZE
+ && keylen != SALSA20_MAX_KEY_SIZE)
+ return GPG_ERR_INV_KEYLEN;
+
+ /* These constants are the little endian encoding of the string
+ "expand 32-byte k". For the 128 bit variant, the "32" in that
+ string will be fixed up to "16". */
+ ctx->input[0] = 0x61707865; /* "apxe" */
+ ctx->input[5] = 0x3320646e; /* "3 dn" */
+ ctx->input[10] = 0x79622d32; /* "yb-2" */
+ ctx->input[15] = 0x6b206574; /* "k et" */
+
+ ctx->input[1] = LE_READ_UINT32(key + 0);
+ ctx->input[2] = LE_READ_UINT32(key + 4);
+ ctx->input[3] = LE_READ_UINT32(key + 8);
+ ctx->input[4] = LE_READ_UINT32(key + 12);
+ if (keylen == SALSA20_MAX_KEY_SIZE) /* 256 bits */
+ {
+ ctx->input[11] = LE_READ_UINT32(key + 16);
+ ctx->input[12] = LE_READ_UINT32(key + 20);
+ ctx->input[13] = LE_READ_UINT32(key + 24);
+ ctx->input[14] = LE_READ_UINT32(key + 28);
+ }
+ else /* 128 bits */
+ {
+ ctx->input[11] = ctx->input[1];
+ ctx->input[12] = ctx->input[2];
+ ctx->input[13] = ctx->input[3];
+ ctx->input[14] = ctx->input[4];
+
+ ctx->input[5] -= 0x02000000; /* Change to "1 dn". */
+ ctx->input[10] += 0x00000004; /* Change to "yb-6". */
+ }
+
+ /* We default to a zero nonce. */
+ salsa20_setiv (ctx, NULL, 0);
+
+ return 0;
+}
+
+
+static gcry_err_code_t
+salsa20_setkey (void *context, const byte *key, unsigned int keylen)
+{
+ SALSA20_context_t *ctx = (SALSA20_context_t *)context;
+ gcry_err_code_t rc = salsa20_do_setkey (ctx, key, keylen);
+ _gcry_burn_stack (300/* FIXME*/);
+ return rc;
+}
+
+
+static void
+salsa20_setiv (void *context, const byte *iv, unsigned int ivlen)
+{
+ SALSA20_context_t *ctx = (SALSA20_context_t *)context;
+
+ if (!iv)
+ {
+ ctx->input[6] = 0;
+ ctx->input[7] = 0;
+ }
+ else if (ivlen == SALSA20_IV_SIZE)
+ {
+ ctx->input[6] = LE_READ_UINT32(iv + 0);
+ ctx->input[7] = LE_READ_UINT32(iv + 4);
+ }
+ else
+ {
+ log_info ("WARNING: salsa20_setiv: bad ivlen=%u\n", ivlen);
+ ctx->input[6] = 0;
+ ctx->input[7] = 0;
+ }
+ /* Reset the block counter. */
+ ctx->input[8] = 0;
+ ctx->input[9] = 0;
+ /* Reset the unused pad bytes counter. */
+ ctx->unused = 0;
+}
+
+
+
+/* Note: This function requires LENGTH > 0. */
+static void
+salsa20_do_encrypt_stream (SALSA20_context_t *ctx,
+ byte *outbuf, const byte *inbuf,
+ unsigned int length)
+{
+ if (ctx->unused)
+ {
+ unsigned char *p = (void*)ctx->pad;
+ unsigned int n;
+
+ gcry_assert (ctx->unused < SALSA20_BLOCK_SIZE);
+
+ n = ctx->unused;
+ if (n > length)
+ n = length;
+ buf_xor (outbuf, inbuf, p + SALSA20_BLOCK_SIZE - ctx->unused, n);
+ length -= n;
+ outbuf += n;
+ inbuf += n;
+ ctx->unused -= n;
+ if (!length)
+ return;
+ gcry_assert (!ctx->unused);
+ }
+
+ for (;;)
+ {
+ /* Create the next pad and bump the block counter. Note that it
+ is the user's duty to change to another nonce not later than
+ after 2^70 processed bytes. */
+ salsa20_core (ctx->pad, ctx->input);
+ if (!++ctx->input[8])
+ ctx->input[9]++;
+
+ if (length <= SALSA20_BLOCK_SIZE)
+ {
+ buf_xor (outbuf, inbuf, ctx->pad, length);
+ ctx->unused = SALSA20_BLOCK_SIZE - length;
+ return;
+ }
+ buf_xor (outbuf, inbuf, ctx->pad, SALSA20_BLOCK_SIZE);
+ length -= SALSA20_BLOCK_SIZE;
+ outbuf += SALSA20_BLOCK_SIZE;
+ inbuf += SALSA20_BLOCK_SIZE;
+ }
+}
+
+
+static void
+salsa20_encrypt_stream (void *context,
+ byte *outbuf, const byte *inbuf, unsigned int length)
+{
+ SALSA20_context_t *ctx = (SALSA20_context_t *)context;
+
+ if (length)
+ {
+ salsa20_do_encrypt_stream (ctx, outbuf, inbuf, length);
+ _gcry_burn_stack (/* salsa20_do_encrypt_stream: */
+ 2*sizeof (void*)
+ + 3*sizeof (void*) + sizeof (unsigned int)
+ /* salsa20_core: */
+ + 2*sizeof (void*)
+ + 2*sizeof (void*)
+ + 64
+ + sizeof (unsigned int)
+ + sizeof (u32)
+ );
+ }
+}
+
+
+
+static const char*
+selftest (void)
+{
+ SALSA20_context_t ctx;
+ byte scratch[8+1];
+
+ static byte key_1[] =
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ static const byte nonce_1[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ static const byte plaintext_1[] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ static const byte ciphertext_1[] =
+ { 0xE3, 0xBE, 0x8F, 0xDD, 0x8B, 0xEC, 0xA2, 0xE3};
+
+ salsa20_setkey (&ctx, key_1, sizeof key_1);
+ salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
+ scratch[8] = 0;
+ salsa20_encrypt_stream (&ctx, scratch, plaintext_1, sizeof plaintext_1);
+ if (memcmp (scratch, ciphertext_1, sizeof ciphertext_1))
+ return "Salsa20 encryption test 1 failed.";
+ if (scratch[8])
+ return "Salsa20 wrote too much.";
+ salsa20_setkey( &ctx, key_1, sizeof(key_1));
+ salsa20_setiv (&ctx, nonce_1, sizeof nonce_1);
+ salsa20_encrypt_stream (&ctx, scratch, scratch, sizeof plaintext_1);
+ if (memcmp (scratch, plaintext_1, sizeof plaintext_1))
+ return "Salsa20 decryption test 1 failed.";
+ return NULL;
+}
+
+
+gcry_cipher_spec_t _gcry_cipher_spec_salsa20 =
+ {
+ "SALSA20", /* name */
+ NULL, /* aliases */
+ NULL, /* oids */
+ 1, /* blocksize in bytes. */
+ SALSA20_MAX_KEY_SIZE*8, /* standard key length in bits. */
+ sizeof (SALSA20_context_t),
+ salsa20_setkey,
+ NULL,
+ NULL,
+ salsa20_encrypt_stream,
+ salsa20_encrypt_stream
+ };
+
+cipher_extra_spec_t _gcry_cipher_extraspec_salsa20 =
+ {
+ NULL,
+ NULL,
+ salsa20_setiv
+ };
diff --git a/configure.ac b/configure.ac
index 13541bb..06c0b79 100644
--- a/configure.ac
+++ b/configure.ac
@@ -184,7 +184,7 @@ LIBGCRYPT_CONFIG_HOST="$host"
# Definitions for symmetric ciphers.
available_ciphers="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed"
-available_ciphers="$available_ciphers camellia idea"
+available_ciphers="$available_ciphers camellia idea salsa20"
enabled_ciphers=""
# Definitions for public-key ciphers.
@@ -1356,6 +1356,12 @@ if test "$found" = "1" ; then
AC_DEFINE(USE_IDEA, 1, [Defined if this module should be included])
fi
+LIST_MEMBER(salsa20, $enabled_ciphers)
+if test "$found" = "1" ; then
+ GCRYPT_CIPHERS="$GCRYPT_CIPHERS salsa20.lo"
+ AC_DEFINE(USE_SALSA20, 1, [Defined if this module should be included])
+fi
+
LIST_MEMBER(dsa, $enabled_pubkey_ciphers)
if test "$found" = "1" ; then
GCRYPT_PUBKEY_CIPHERS="$GCRYPT_PUBKEY_CIPHERS dsa.lo"
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 4d24475..cfc0174 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -1487,8 +1487,7 @@ The value always evaluates to false.
@item GCRY_CIPHER_IDEA
@cindex IDEA
-This is the IDEA algorithm. The constant is provided but there is
-currently no implementation for it because the algorithm is patented.
+This is the IDEA algorithm.
@item GCRY_CIPHER_3DES
@cindex 3DES
@@ -1576,6 +1575,10 @@ A 128 bit cipher as described by RFC4269.
The Camellia cipher by NTT. See
@uref{http://info.isl.ntt.co.jp/@/crypt/@/eng/@/camellia/@/specifications.html}.
+ at item GCRY_CIPHER_SALSA20
+ at cindex Salsa20
+This is the Salsa20 stream cipher.
+
@end table
@node Available cipher modes
@@ -1717,6 +1720,10 @@ Set the initialization vector used for encryption or decryption. The
vector is passed as the buffer @var{K} of length @var{l} bytes and
copied to internal data structures. The function checks that the IV
matches the requirement of the selected algorithm and mode.
+
+This function is also used with the Salsa20 stream cipher to set or
+update the required nonce. In this case it needs to be called after
+setting the key.
@end deftypefun
@deftypefun gcry_error_t gcry_cipher_setctr (gcry_cipher_hd_t @var{h}, const void *@var{c}, size_t @var{l})
@@ -2356,6 +2363,34 @@ format should be used:
Here, the data to be signed is directly given as an @var{MPI}.
@noindent
+For DSA the input data is expected in this format:
+ at example
+(data
+ (flags raw)
+ (value @var{mpi}))
+ at end example
+
+ at noindent
+Here, the data to be signed is directly given as an @var{MPI}. It is
+expect that this MPI is the the hash value. For the standard DSA
+using a MPI is not a problem in regard to leading zeroes because the
+hash value is directly used as an MPI. For better standard
+conformance it would be better to explicit use a memory string (like
+with pkcs1) but that is currently not supported. However, for
+deterministic DSA as specified in RFC6979 this can't be used. Instead
+the following input is expected.
+
+ at example
+(data
+ (flags rfc6979)
+ (hash @var{hash-algo} @var{block}))
+ at end example
+
+Note that the provided hash-algo is used for the internal HMAC; it
+should match the hash-algo used to create @var{block}.
+
+
+ at noindent
The signature is returned as a newly allocated S-expression in
@var{r_sig} using this format for RSA:
@@ -2380,6 +2415,7 @@ operation. For Elgamal signing (which is slow, yields large numbers
and probably is not as secure as the other algorithms), the same format is
used with "elg" replacing "dsa"; for ECDSA signing, the same format is used
with "ecdsa" replacing "dsa".
+
@end deftypefun
@c end gcry_pk_sign
@@ -4115,7 +4151,10 @@ value. Two functions implement this kludge:
Store @var{nbits} of the value @var{p} points to in @var{a} and mark
@var{a} as an opaque value (i.e. an value that can't be used for any
math calculation and is only used to store an arbitrary bit pattern in
- at var{a}).
+ at var{a}). Ownership of @var{p} is taken by this function and thus the
+user may not use dereference the passed value anymore. It is required
+that them memory referenced by @var{p} has been allocated in a way
+that @code{gcry_free} is able to release it.
WARNING: Never use an opaque MPI for actual math operations. The only
valid functions are gcry_mpi_get_opaque and gcry_mpi_release. Use
diff --git a/src/cipher-proto.h b/src/cipher-proto.h
index e2f913d..e9f4bab 100644
--- a/src/cipher-proto.h
+++ b/src/cipher-proto.h
@@ -68,6 +68,9 @@ typedef gcry_sexp_t (*pk_get_curve_param_t)(const char *name);
typedef gpg_err_code_t (*cipher_set_extra_info_t)
(void *c, int what, const void *buffer, size_t buflen);
+/* The type used to set an IV directly in the algorithm module. */
+typedef void (*cipher_setiv_func_t)(void *c,
+ const byte *iv, unsigned int ivlen);
/* Extra module specification structures. These are used for internal
modules which provide more functions than available through the
@@ -76,6 +79,7 @@ typedef struct cipher_extra_spec
{
selftest_func_t selftest;
cipher_set_extra_info_t set_extra_info;
+ cipher_setiv_func_t setiv;
} cipher_extra_spec_t;
typedef struct md_extra_spec
diff --git a/src/cipher.h b/src/cipher.h
index 2620613..bb92758 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -27,6 +27,7 @@
#include "../random/random.h"
#define PUBKEY_FLAG_NO_BLINDING (1 << 0)
+#define PUBKEY_FLAG_RFC6979 (1 << 1)
enum pk_operation
{
@@ -194,12 +195,13 @@ extern gcry_cipher_spec_t _gcry_cipher_spec_camellia128;
extern gcry_cipher_spec_t _gcry_cipher_spec_camellia192;
extern gcry_cipher_spec_t _gcry_cipher_spec_camellia256;
extern gcry_cipher_spec_t _gcry_cipher_spec_idea;
+extern gcry_cipher_spec_t _gcry_cipher_spec_salsa20;
extern cipher_extra_spec_t _gcry_cipher_extraspec_tripledes;
extern cipher_extra_spec_t _gcry_cipher_extraspec_aes;
extern cipher_extra_spec_t _gcry_cipher_extraspec_aes192;
extern cipher_extra_spec_t _gcry_cipher_extraspec_aes256;
-
+extern cipher_extra_spec_t _gcry_cipher_extraspec_salsa20;
/* Declarations for the digest specifications. */
extern gcry_md_spec_t _gcry_digest_spec_crc32;
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 2292832..6bd615d 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -812,7 +812,8 @@ enum gcry_cipher_algos
GCRY_CIPHER_SEED = 309, /* 128 bit cipher described in RFC4269. */
GCRY_CIPHER_CAMELLIA128 = 310,
GCRY_CIPHER_CAMELLIA192 = 311,
- GCRY_CIPHER_CAMELLIA256 = 312
+ GCRY_CIPHER_CAMELLIA256 = 312,
+ GCRY_CIPHER_SALSA20 = 313
};
/* The Rijndael algorithm is basically AES, so provide some macros. */
diff --git a/tests/basic.c b/tests/basic.c
index d1b4002..88ae131 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -1,6 +1,7 @@
/* basic.c - basic regression tests
* Copyright (C) 2001, 2002, 2003, 2005, 2008,
* 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2013 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -1137,6 +1138,567 @@ check_ofb_cipher (void)
}
+static void
+check_stream_cipher (void)
+{
+ struct tv
+ {
+ const char *name;
+ int algo;
+ int keylen;
+ int ivlen;
+ const char *key;
+ const char *iv;
+ struct data
+ {
+ int inlen;
+ const char *plaintext;
+ const char *out;
+ } data[MAX_DATA_LEN];
+ } tv[] = {
+#ifdef USE_SALSA20
+ {
+ "Salsa20 128 bit, test 1",
+ GCRY_CIPHER_SALSA20, 16, 8,
+ "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ {
+ { 8,
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x4D\xFA\x5E\x48\x1D\xA2\x3E\xA0"
+ }
+ }
+ },
+ {
+ "Salsa20 128 bit, test 2",
+ GCRY_CIPHER_SALSA20, 16, 8,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x80\x00\x00\x00\x00\x00\x00\x00",
+ {
+ { 8,
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xB6\x6C\x1E\x44\x46\xDD\x95\x57"
+ }
+ }
+ },
+ {
+ "Salsa20 128 bit, test 3",
+ GCRY_CIPHER_SALSA20, 16, 8,
+ "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
+ "\x0D\x74\xDB\x42\xA9\x10\x77\xDE",
+ {
+ { 8,
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x05\xE1\xE7\xBE\xB6\x97\xD9\x99"
+ }
+ }
+ },
+ {
+ "Salsa20 256 bit, test 1",
+ GCRY_CIPHER_SALSA20, 32, 8,
+ "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ {
+ { 8,
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xE3\xBE\x8F\xDD\x8B\xEC\xA2\xE3"
+ }
+ }
+ },
+ {
+ "Salsa20 256 bit, test 2",
+ GCRY_CIPHER_SALSA20, 32, 8,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x80\x00\x00\x00\x00\x00\x00\x00",
+ {
+ { 8,
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x2A\xBA\x3D\xC4\x5B\x49\x47\x00"
+ }
+ }
+ },
+ {
+ "Salsa20 256 bit, ecrypt verified, set 6, vector 0",
+ GCRY_CIPHER_SALSA20, 32, 8,
+ "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD"
+ "\x30\x83\xD6\x29\x7C\xCF\x22\x75\xC8\x1B\x6E\xC1\x14\x67\xBA\x0D",
+ "\x0D\x74\xDB\x42\xA9\x10\x77\xDE",
+ {
+ { 8,
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xF5\xFA\xD5\x3F\x79\xF9\xDF\x58"
+ },
+ { 64,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\xF5\xFA\xD5\x3F\x79\xF9\xDF\x58\xC4\xAE\xA0\xD0\xED\x9A\x96\x01"
+ "\xF2\x78\x11\x2C\xA7\x18\x0D\x56\x5B\x42\x0A\x48\x01\x96\x70\xEA"
+ "\xF2\x4C\xE4\x93\xA8\x62\x63\xF6\x77\xB4\x6A\xCE\x19\x24\x77\x3D"
+ "\x2B\xB2\x55\x71\xE1\xAA\x85\x93\x75\x8F\xC3\x82\xB1\x28\x0B\x71"
+ }
+ }
+ }
+#endif /*USE_SALSA20*/
+ };
+
+ gcry_cipher_hd_t hde, hdd;
+ unsigned char out[MAX_DATA_LEN];
+ int i, j;
+ gcry_error_t err = 0;
+
+
+ if (verbose)
+ fprintf (stderr, " Starting stream cipher checks.\n");
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ if (verbose)
+ fprintf (stderr, " checking stream mode for %s [%i] (%s)\n",
+ gcry_cipher_algo_name (tv[i].algo), tv[i].algo, tv[i].name);
+
+ if (gcry_cipher_get_algo_blklen(tv[i].algo) != 1)
+ {
+ fail ("stream, gcry_cipher_get_algo_blklen: bad block length\n");
+ continue;
+ }
+
+ err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_STREAM, 0);
+ if (!err)
+ err = gcry_cipher_open (&hdd, tv[i].algo, GCRY_CIPHER_MODE_STREAM, 0);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_open for stream mode failed: %s\n",
+ gpg_strerror (err));
+ continue;
+ }
+
+ /* Now loop over all the data samples. */
+ for (j = 0; tv[i].data[j].inlen; j++)
+ {
+ err = gcry_cipher_setkey (hde, tv[i].key, tv[i].keylen);
+ if (!err)
+ err = gcry_cipher_setkey (hdd, tv[i].key, tv[i].keylen);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_setkey failed: %s\n",
+ gpg_strerror (err));
+ goto next;
+ }
+
+ err = gcry_cipher_setiv (hde, tv[i].iv, tv[i].ivlen);
+ if (!err)
+ err = gcry_cipher_setiv (hdd, tv[i].iv, tv[i].ivlen);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_setiv failed: %s\n",
+ gpg_strerror (err));
+ goto next;
+ }
+
+ err = gcry_cipher_encrypt (hde, out, MAX_DATA_LEN,
+ tv[i].data[j].plaintext,
+ tv[i].data[j].inlen);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_encrypt (%d, %d) failed: %s\n",
+ i, j, gpg_strerror (err));
+ goto next;
+ }
+
+ if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen))
+ {
+ fail ("stream, encrypt mismatch entry %d:%d\n", i, j);
+ mismatch (tv[i].data[j].out, tv[i].data[j].inlen,
+ out, tv[i].data[j].inlen);
+ }
+
+ err = gcry_cipher_decrypt (hdd, out, tv[i].data[j].inlen, NULL, 0);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_decrypt (%d, %d) failed: %s\n",
+ i, j, gpg_strerror (err));
+ goto next;
+ }
+
+ if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen))
+ fail ("stream, decrypt mismatch entry %d:%d\n", i, j);
+ }
+
+
+ /* This time we encrypt and decrypt one byte at a time */
+ for (j = 0; tv[i].data[j].inlen; j++)
+ {
+ int byteNum;
+
+ err = gcry_cipher_setkey (hde, tv[i].key, tv[i].keylen);
+ if (!err)
+ err = gcry_cipher_setkey (hdd, tv[i].key, tv[i].keylen);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_setkey failed: %s\n",
+ gpg_strerror (err));
+ goto next;
+ }
+
+ err = gcry_cipher_setiv (hde, tv[i].iv, tv[i].ivlen);
+ if (!err)
+ err = gcry_cipher_setiv (hdd, tv[i].iv, tv[i].ivlen);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_setiv failed: %s\n",
+ gpg_strerror (err));
+ goto next;
+ }
+
+ for (byteNum = 0; byteNum < tv[i].data[j].inlen; ++byteNum)
+ {
+ err = gcry_cipher_encrypt (hde, out+byteNum, 1,
+ (tv[i].data[j].plaintext) + byteNum,
+ 1);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_encrypt (%d, %d) failed: %s\n",
+ i, j, gpg_strerror (err));
+ goto next;
+ }
+ }
+
+ if (memcmp (tv[i].data[j].out, out, tv[i].data[j].inlen))
+ fail ("stream, encrypt mismatch entry %d:%d (byte-wise)\n", i, j);
+
+ for (byteNum = 0; byteNum < tv[i].data[j].inlen; ++byteNum)
+ {
+ err = gcry_cipher_decrypt (hdd, out+byteNum, 1, NULL, 0);
+ if (err)
+ {
+ fail ("stream, gcry_cipher_decrypt (%d, %d) failed: %s\n",
+ i, j, gpg_strerror (err));
+ goto next;
+ }
+ }
+
+ if (memcmp (tv[i].data[j].plaintext, out, tv[i].data[j].inlen))
+ fail ("stream, decrypt mismatch entry %d:%d (byte-wise)\n", i, j);
+ }
+
+ next:
+ gcry_cipher_close (hde);
+ gcry_cipher_close (hdd);
+ }
+ if (verbose)
+ fprintf (stderr, " Completed stream cipher checks.\n");
+}
+
+
+static void
+check_stream_cipher_large_block (void)
+{
+ struct tv
+ {
+ const char *name;
+ int algo;
+ int keylen;
+ int ivlen;
+ const char *key;
+ const char *iv;
+ struct data
+ {
+ int offset, length;
+ const char *result;
+ } data[MAX_DATA_LEN];
+ } tv[] = {
+#ifdef USE_SALSA20
+ {
+ "Salsa20 256 bit, ecrypt verified, set 6, vector 0",
+ GCRY_CIPHER_SALSA20, 32, 8,
+ "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD"
+ "\x30\x83\xD6\x29\x7C\xCF\x22\x75\xC8\x1B\x6E\xC1\x14\x67\xBA\x0D",
+ "\x0D\x74\xDB\x42\xA9\x10\x77\xDE",
+ {
+ { 0, 64,
+ "\xF5\xFA\xD5\x3F\x79\xF9\xDF\x58\xC4\xAE\xA0\xD0\xED\x9A\x96\x01"
+ "\xF2\x78\x11\x2C\xA7\x18\x0D\x56\x5B\x42\x0A\x48\x01\x96\x70\xEA"
+ "\xF2\x4C\xE4\x93\xA8\x62\x63\xF6\x77\xB4\x6A\xCE\x19\x24\x77\x3D"
+ "\x2B\xB2\x55\x71\xE1\xAA\x85\x93\x75\x8F\xC3\x82\xB1\x28\x0B\x71"
+ },
+ { 65472, 64,
+ "\xB7\x0C\x50\x13\x9C\x63\x33\x2E\xF6\xE7\x7A\xC5\x43\x38\xA4\x07"
+ "\x9B\x82\xBE\xC9\xF9\xA4\x03\xDF\xEA\x82\x1B\x83\xF7\x86\x07\x91"
+ "\x65\x0E\xF1\xB2\x48\x9D\x05\x90\xB1\xDE\x77\x2E\xED\xA4\xE3\xBC"
+ "\xD6\x0F\xA7\xCE\x9C\xD6\x23\xD9\xD2\xFD\x57\x58\xB8\x65\x3E\x70"
+ },
+ { 65536, 64,
+ "\x81\x58\x2C\x65\xD7\x56\x2B\x80\xAE\xC2\xF1\xA6\x73\xA9\xD0\x1C"
+ "\x9F\x89\x2A\x23\xD4\x91\x9F\x6A\xB4\x7B\x91\x54\xE0\x8E\x69\x9B"
+ "\x41\x17\xD7\xC6\x66\x47\x7B\x60\xF8\x39\x14\x81\x68\x2F\x5D\x95"
+ "\xD9\x66\x23\xDB\xC4\x89\xD8\x8D\xAA\x69\x56\xB9\xF0\x64\x6B\x6E"
+ },
+ { 131008, 64,
+ "\xA1\x3F\xFA\x12\x08\xF8\xBF\x50\x90\x08\x86\xFA\xAB\x40\xFD\x10"
+ "\xE8\xCA\xA3\x06\xE6\x3D\xF3\x95\x36\xA1\x56\x4F\xB7\x60\xB2\x42"
+ "\xA9\xD6\xA4\x62\x8C\xDC\x87\x87\x62\x83\x4E\x27\xA5\x41\xDA\x2A"
+ "\x5E\x3B\x34\x45\x98\x9C\x76\xF6\x11\xE0\xFE\xC6\xD9\x1A\xCA\xCC"
+ }
+ }
+ },
+ {
+ "Salsa20 256 bit, ecrypt verified, set 6, vector 1",
+ GCRY_CIPHER_SALSA20, 32, 8,
+ "\x05\x58\xAB\xFE\x51\xA4\xF7\x4A\x9D\xF0\x43\x96\xE9\x3C\x8F\xE2"
+ "\x35\x88\xDB\x2E\x81\xD4\x27\x7A\xCD\x20\x73\xC6\x19\x6C\xBF\x12",
+ "\x16\x7D\xE4\x4B\xB2\x19\x80\xE7",
+ {
+ { 0, 64,
+ "\x39\x44\xF6\xDC\x9F\x85\xB1\x28\x08\x38\x79\xFD\xF1\x90\xF7\xDE"
+ "\xE4\x05\x3A\x07\xBC\x09\x89\x6D\x51\xD0\x69\x0B\xD4\xDA\x4A\xC1"
+ "\x06\x2F\x1E\x47\xD3\xD0\x71\x6F\x80\xA9\xB4\xD8\x5E\x6D\x60\x85"
+ "\xEE\x06\x94\x76\x01\xC8\x5F\x1A\x27\xA2\xF7\x6E\x45\xA6\xAA\x87"
+ },
+ { 65472, 64,
+ "\x36\xE0\x3B\x4B\x54\xB0\xB2\xE0\x4D\x06\x9E\x69\x00\x82\xC8\xC5"
+ "\x92\xDF\x56\xE6\x33\xF5\xD8\xC7\x68\x2A\x02\xA6\x5E\xCD\x13\x71"
+ "\x8C\xA4\x35\x2A\xAC\xCB\x0D\xA2\x0E\xD6\xBB\xBA\x62\xE1\x77\xF2"
+ "\x10\xE3\x56\x0E\x63\xBB\x82\x2C\x41\x58\xCA\xA8\x06\xA8\x8C\x82"
+ },
+ { 65536, 64,
+ "\x1B\x77\x9E\x7A\x91\x7C\x8C\x26\x03\x9F\xFB\x23\xCF\x0E\xF8\xE0"
+ "\x8A\x1A\x13\xB4\x3A\xCD\xD9\x40\x2C\xF5\xDF\x38\x50\x10\x98\xDF"
+ "\xC9\x45\xA6\xCC\x69\xA6\xA1\x73\x67\xBC\x03\x43\x1A\x86\xB3\xED"
+ "\x04\xB0\x24\x5B\x56\x37\x9B\xF9\x97\xE2\x58\x00\xAD\x83\x7D\x7D"
+ },
+ { 131008, 64,
+ "\x7E\xC6\xDA\xE8\x1A\x10\x5E\x67\x17\x2A\x0B\x8C\x4B\xBE\x7D\x06"
+ "\xA7\xA8\x75\x9F\x91\x4F\xBE\xB1\xAF\x62\xC8\xA5\x52\xEF\x4A\x4F"
+ "\x56\x96\x7E\xA2\x9C\x74\x71\xF4\x6F\x3B\x07\xF7\xA3\x74\x6E\x95"
+ "\x3D\x31\x58\x21\xB8\x5B\x6E\x8C\xB4\x01\x22\xB9\x66\x35\x31\x3C"
+ }
+ }
+ },
+ {
+ "Salsa20 256 bit, ecrypt verified, set 6, vector 2",
+ GCRY_CIPHER_SALSA20, 32, 8,
+ "\x0A\x5D\xB0\x03\x56\xA9\xFC\x4F\xA2\xF5\x48\x9B\xEE\x41\x94\xE7"
+ "\x3A\x8D\xE0\x33\x86\xD9\x2C\x7F\xD2\x25\x78\xCB\x1E\x71\xC4\x17",
+ "\x1F\x86\xED\x54\xBB\x22\x89\xF0",
+ {
+ { 0, 64,
+ "\x3F\xE8\x5D\x5B\xB1\x96\x0A\x82\x48\x0B\x5E\x6F\x4E\x96\x5A\x44"
+ "\x60\xD7\xA5\x45\x01\x66\x4F\x7D\x60\xB5\x4B\x06\x10\x0A\x37\xFF"
+ "\xDC\xF6\xBD\xE5\xCE\x3F\x48\x86\xBA\x77\xDD\x5B\x44\xE9\x56\x44"
+ "\xE4\x0A\x8A\xC6\x58\x01\x15\x5D\xB9\x0F\x02\x52\x2B\x64\x40\x23"
+ },
+ { 65472, 64,
+ "\xC8\xD6\xE5\x4C\x29\xCA\x20\x40\x18\xA8\x30\xE2\x66\xCE\xEE\x0D"
+ "\x03\x7D\xC4\x7E\x92\x19\x47\x30\x2A\xCE\x40\xD1\xB9\x96\xA6\xD8"
+ "\x0B\x59\x86\x77\xF3\x35\x2F\x1D\xAA\x6D\x98\x88\xF8\x91\xAD\x95"
+ "\xA1\xC3\x2F\xFE\xB7\x1B\xB8\x61\xE8\xB0\x70\x58\x51\x51\x71\xC9"
+ },
+ { 65536, 64,
+ "\xB7\x9F\xD7\x76\x54\x2B\x46\x20\xEF\xCB\x88\x44\x95\x99\xF2\x34"
+ "\x03\xE7\x4A\x6E\x91\xCA\xCC\x50\xA0\x5A\x8F\x8F\x3C\x0D\xEA\x8B"
+ "\x00\xE1\xA5\xE6\x08\x1F\x55\x26\xAE\x97\x5B\x3B\xC0\x45\x0F\x1A"
+ "\x0C\x8B\x66\xF8\x08\xF1\x90\x4B\x97\x13\x61\x13\x7C\x93\x15\x6F"
+ },
+ { 131008, 64,
+ "\x79\x98\x20\x4F\xED\x70\xCE\x8E\x0D\x02\x7B\x20\x66\x35\xC0\x8C"
+ "\x8B\xC4\x43\x62\x26\x08\x97\x0E\x40\xE3\xAE\xDF\x3C\xE7\x90\xAE"
+ "\xED\xF8\x9F\x92\x26\x71\xB4\x53\x78\xE2\xCD\x03\xF6\xF6\x23\x56"
+ "\x52\x9C\x41\x58\xB7\xFF\x41\xEE\x85\x4B\x12\x35\x37\x39\x88\xC8"
+ }
+ }
+ },
+ {
+ "Salsa20 256 bit, ecrypt verified, set 6, vector 3",
+ GCRY_CIPHER_SALSA20, 32, 8,
+ "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
+ "\x3F\x92\xE5\x38\x8B\xDE\x31\x84\xD7\x2A\x7D\xD0\x23\x76\xC9\x1C",
+ "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9",
+ {
+ { 0, 64,
+ "\x5E\x5E\x71\xF9\x01\x99\x34\x03\x04\xAB\xB2\x2A\x37\xB6\x62\x5B"
+ "\xF8\x83\xFB\x89\xCE\x3B\x21\xF5\x4A\x10\xB8\x10\x66\xEF\x87\xDA"
+ "\x30\xB7\x76\x99\xAA\x73\x79\xDA\x59\x5C\x77\xDD\x59\x54\x2D\xA2"
+ "\x08\xE5\x95\x4F\x89\xE4\x0E\xB7\xAA\x80\xA8\x4A\x61\x76\x66\x3F"
+ },
+ { 65472, 64,
+ "\x2D\xA2\x17\x4B\xD1\x50\xA1\xDF\xEC\x17\x96\xE9\x21\xE9\xD6\xE2"
+ "\x4E\xCF\x02\x09\xBC\xBE\xA4\xF9\x83\x70\xFC\xE6\x29\x05\x6F\x64"
+ "\x91\x72\x83\x43\x6E\x2D\x3F\x45\x55\x62\x25\x30\x7D\x5C\xC5\xA5"
+ "\x65\x32\x5D\x89\x93\xB3\x7F\x16\x54\x19\x5C\x24\x0B\xF7\x5B\x16"
+ },
+ { 65536, 64,
+ "\xAB\xF3\x9A\x21\x0E\xEE\x89\x59\x8B\x71\x33\x37\x70\x56\xC2\xFE"
+ "\xF4\x2D\xA7\x31\x32\x75\x63\xFB\x67\xC7\xBE\xDB\x27\xF3\x8C\x7C"
+ "\x5A\x3F\xC2\x18\x3A\x4C\x6B\x27\x7F\x90\x11\x52\x47\x2C\x6B\x2A"
+ "\xBC\xF5\xE3\x4C\xBE\x31\x5E\x81\xFD\x3D\x18\x0B\x5D\x66\xCB\x6C"
+ },
+ { 131008, 64,
+ "\x1B\xA8\x9D\xBD\x3F\x98\x83\x97\x28\xF5\x67\x91\xD5\xB7\xCE\x23"
+ "\x50\x36\xDE\x84\x3C\xCC\xAB\x03\x90\xB8\xB5\x86\x2F\x1E\x45\x96"
+ "\xAE\x8A\x16\xFB\x23\xDA\x99\x7F\x37\x1F\x4E\x0A\xAC\xC2\x6D\xB8"
+ "\xEB\x31\x4E\xD4\x70\xB1\xAF\x6B\x9F\x8D\x69\xDD\x79\xA9\xD7\x50"
+ }
+ }
+ }
+#endif /*USE_SALSA20*/
+ };
+
+
+ char zeroes[512];
+ gcry_cipher_hd_t hde;
+ unsigned char *buffer;
+ unsigned char *p;
+ size_t buffersize;
+ unsigned int n;
+ int i, j;
+ gcry_error_t err = 0;
+
+ if (verbose)
+ fprintf (stderr, " Starting large block stream cipher checks.\n");
+
+ memset (zeroes, 0, 512);
+
+ buffersize = 128 * 1024;
+ buffer = gcry_xmalloc (buffersize+1024);
+ memset (buffer+buffersize, 0x5a, 1024);
+
+ for (i = 0; i < sizeof (tv) / sizeof (tv[0]); i++)
+ {
+ if (verbose)
+ fprintf (stderr, " checking large block stream for %s [%i] (%s)\n",
+ gcry_cipher_algo_name (tv[i].algo), tv[i].algo, tv[i].name);
+
+ err = gcry_cipher_open (&hde, tv[i].algo, GCRY_CIPHER_MODE_STREAM, 0);
+ if (err)
+ {
+ fail ("large stream, gcry_cipher_open for stream mode failed: %s\n",
+ gpg_strerror (err));
+ continue;
+ }
+
+ err = gcry_cipher_setkey (hde, tv[i].key, tv[i].keylen);
+ if (err)
+ {
+ fail ("large stream, gcry_cipher_setkey failed: %s\n",
+ gpg_strerror (err));
+ goto next;
+ }
+
+ err = gcry_cipher_setiv (hde, tv[i].iv, tv[i].ivlen);
+ if (err)
+ {
+ fail ("large stream, gcry_cipher_setiv failed: %s\n",
+ gpg_strerror (err));
+ goto next;
+ }
+
+ for (j=0, p=buffer; j < buffersize/512; j++, p += 512)
+ {
+ err = gcry_cipher_encrypt (hde, p, 512, zeroes, 512);
+ if (err)
+ {
+ fail ("large stream, "
+ "gcry_cipher_encrypt (%d) block %d failed: %s\n",
+ i, j, gpg_strerror (err));
+ goto next;
+ }
+ }
+ for (j=0, p=buffer+buffersize; j < 1024; j++, p++)
+ if (*p != 0x5a)
+ die ("large stream, buffer corrupted at j=%d\n", j);
+
+ /* Now loop over all the data samples. */
+ for (j = 0; tv[i].data[j].length; j++)
+ {
+ assert (tv[i].data[j].offset + tv[i].data[j].length <= buffersize);
+
+ if (memcmp (tv[i].data[j].result,
+ buffer + tv[i].data[j].offset, tv[i].data[j].length))
+ {
+ fail ("large stream, encrypt mismatch entry %d:%d\n", i, j);
+ mismatch (tv[i].data[j].result, tv[i].data[j].length,
+ buffer + tv[i].data[j].offset, tv[i].data[j].length);
+ }
+ }
+
+ /*
+ * Let's do the same thing again but using changing block sizes.
+ */
+ err = gcry_cipher_setkey (hde, tv[i].key, tv[i].keylen);
+ if (err)
+ {
+ fail ("large stream, gcry_cipher_setkey failed: %s\n",
+ gpg_strerror (err));
+ goto next;
+ }
+
+ err = gcry_cipher_setiv (hde, tv[i].iv, tv[i].ivlen);
+ if (err)
+ {
+ fail ("large stream, gcry_cipher_setiv failed: %s\n",
+ gpg_strerror (err));
+ goto next;
+ }
+
+ for (n=0, p=buffer, j = 0; n < buffersize; n += j, p += j)
+ {
+ switch (j)
+ {
+ case 0: j = 1; break;
+ case 1: j = 64; break;
+ case 64: j= 384; break;
+ case 384: j = 63; break;
+ case 63: j = 512; break;
+ case 512: j = 32; break;
+ case 32: j = 503; break;
+ default: j = 509; break;
+ }
+ if ( n + j >= buffersize )
+ j = buffersize - n;
+ assert (j <= 512);
+ err = gcry_cipher_encrypt (hde, p, j, zeroes, j);
+ if (err)
+ {
+ fail ("large stream, "
+ "gcry_cipher_encrypt (%d) offset %u failed: %s\n",
+ i, n, gpg_strerror (err));
+ goto next;
+ }
+ }
+ for (j=0, p=buffer+buffersize; j < 1024; j++, p++)
+ if (*p != 0x5a)
+ die ("large stream, buffer corrupted at j=%d (line %d)\n",
+ j, __LINE__);
+
+ /* Now loop over all the data samples. */
+ for (j = 0; tv[i].data[j].length; j++)
+ {
+ assert (tv[i].data[j].offset + tv[i].data[j].length <= buffersize);
+
+ if (memcmp (tv[i].data[j].result,
+ buffer + tv[i].data[j].offset, tv[i].data[j].length))
+ {
+ fail ("large stream var, encrypt mismatch entry %d:%d\n", i, j);
+ mismatch (tv[i].data[j].result, tv[i].data[j].length,
+ buffer + tv[i].data[j].offset, tv[i].data[j].length);
+ }
+ }
+
+ next:
+ gcry_cipher_close (hde);
+ }
+
+ gcry_free (buffer);
+ if (verbose)
+ fprintf (stderr, " Completed large block stream cipher checks.\n");
+}
+
+
+
/* Check that our bulk encryption fucntions work properly. */
static void
check_bulk_cipher_modes (void)
@@ -1606,6 +2168,9 @@ check_ciphers (void)
#if USE_ARCFOUR
GCRY_CIPHER_ARCFOUR,
#endif
+#if USE_SALSA20
+ GCRY_CIPHER_SALSA20,
+#endif
0
};
int i;
@@ -1644,7 +2209,7 @@ check_ciphers (void)
continue;
}
if (verbose)
- fprintf (stderr, " checking `%s'\n",
+ fprintf (stderr, " checking %s\n",
gcry_cipher_algo_name (algos2[i]));
check_one_cipher (algos2[i], GCRY_CIPHER_MODE_STREAM, 0);
@@ -1669,6 +2234,8 @@ check_cipher_modes(void)
check_ctr_cipher ();
check_cfb_cipher ();
check_ofb_cipher ();
+ check_stream_cipher ();
+ check_stream_cipher_large_block ();
if (verbose)
fprintf (stderr, "Completed Cipher Mode checks.\n");
commit f6d6e0200fa823d377a342efacaf3d61e4303dc3
Author: Werner Koch
Date: Wed Jul 17 16:55:37 2013 +0200
Typo fix in comment.
--
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 27a29ec..2292832 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -680,7 +680,7 @@ void gcry_mpi_rshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
void gcry_mpi_lshift (gcry_mpi_t x, gcry_mpi_t a, unsigned int n);
/* Store NBITS of the value P points to in A and mark A as an opaque
- value. WARNING: Never use an opaque MPI for anything thing else then
+ value. WARNING: Never use an opaque MPI for anything thing else than
gcry_mpi_release, gcry_mpi_get_opaque. */
gcry_mpi_t gcry_mpi_set_opaque (gcry_mpi_t a, void *p, unsigned int nbits);
commit 364d019e3ffedfcb434576702f73e767cb9389ef
Author: Werner Koch
Date: Wed Jul 17 16:55:02 2013 +0200
Allow gcry_mpi_dump to print opaque MPIs.
* mpi/mpicoder.c (gcry_mpi_dump): Detect abd print opaque MPIs.
* tests/mpitests.c (test_opaque): New.
(main): Call new test.
Signed-off-by: Werner Koch
diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index 06d5553..aca3710 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -187,6 +187,17 @@ gcry_mpi_dump (const gcry_mpi_t a)
log_printf (" ");
if (!a)
log_printf ("[MPI_NULL]");
+ else if (mpi_is_opaque (a))
+ {
+ unsigned int nbits;
+ const unsigned char *p;
+
+ p = gcry_mpi_get_opaque (a, &nbits);
+ log_printf ("[%u bit: ", nbits);
+ for (i=0; i < (nbits + 7)/8; i++)
+ log_printf ("%02x", p[i]);
+ log_printf ("]");
+ }
else
{
if (a->sign)
diff --git a/tests/mpitests.c b/tests/mpitests.c
index 5643c1b..432f3e8 100644
--- a/tests/mpitests.c
+++ b/tests/mpitests.c
@@ -150,6 +150,38 @@ test_const_and_immutable (void)
}
+static void
+test_opaque (void)
+{
+ gcry_mpi_t a;
+ char *p;
+ unsigned int nbits;
+
+ p = gcry_xstrdup ("This is a test buffer");
+ a = gcry_mpi_set_opaque (NULL, p, 21*8+1); /* (a non byte aligned length) */
+
+ if (!gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+ die ("opaque flag not set\n");
+
+ p = gcry_mpi_get_opaque (a, &nbits);
+ if (!p)
+ die ("gcry_mpi_get_opaque returned NULL\n");
+ if (nbits != 21*8+1)
+ die ("gcry_mpi_get_opaque returned a changed bit size\n");
+ if (strcmp (p, "This is a test buffer"))
+ die ("gcry_mpi_get_opaque returned a changed buffer\n");
+
+ if (verbose)
+ {
+ fprintf (stderr, "mpi: ");
+ gcry_mpi_dump (a);
+ putc ('\n', stderr);
+ }
+
+ gcry_mpi_release (a);
+}
+
+
static int
test_add (void)
{
@@ -354,6 +386,7 @@ main (int argc, char* argv[])
gcry_control(GCRYCTL_DISABLE_SECMEM);
test_const_and_immutable ();
+ test_opaque ();
test_add ();
test_sub ();
test_mul ();
commit 5940e66cbefea3de5924f494f18aed69bb694bff
Author: Werner Koch
Date: Wed Jul 17 15:54:32 2013 +0200
cipher: Prepare to pass extra info to the sign functions.
* src/gcrypt-module.h (gcry_pk_sign_t): Add parms flags and hashalgo.
* cipher/rsa.c (rsa_sign): Add parms and mark them as unused.
* cipher/dsa.c (dsa_sign): Ditto.
* cipher/elgamal.c (elg_sign): Ditto.
* cipher/pubkey.c (dummy_sign): Ditto.
(pubkey_sign): Pass 0 for the new args.
Signed-off-by: Werner Koch
diff --git a/cipher/dsa.c b/cipher/dsa.c
index 90edeb5..55805e2 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -906,12 +906,15 @@ dsa_check_secret_key (int algo, gcry_mpi_t *skey)
static gcry_err_code_t
-dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
+ int flags, int hashalgo)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
DSA_secret_key sk;
(void)algo;
+ (void)flags;
+ (void)hashalgo;
if ((! data)
|| (! skey[0]) || (! skey[1]) || (! skey[2])
diff --git a/cipher/ecc.c b/cipher/ecc.c
index e5a925b..e4b1799 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1317,12 +1317,15 @@ ecc_check_secret_key (int algo, gcry_mpi_t *skey)
static gcry_err_code_t
-ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
+ int flags, int hashalgo)
{
gpg_err_code_t err;
ECC_secret_key sk;
(void)algo;
+ (void)flags;
+ (void)hashalgo;
if (!data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4]
|| !skey[6] )
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index ce4be85..128dd99 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -753,12 +753,15 @@ elg_decrypt (int algo, gcry_mpi_t *result,
static gcry_err_code_t
-elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
+ int flags, int hashalgo)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
ELG_secret_key sk;
(void)algo;
+ (void)flags;
+ (void)hashalgo;
if ((! data)
|| (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index 378e072..23a4358 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -161,12 +161,16 @@ dummy_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
static gcry_err_code_t
dummy_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
- gcry_mpi_t *skey)
+ gcry_mpi_t *skey,
+ int flags, int hashalgo)
+
{
(void)algorithm;
(void)resarr;
(void)data;
(void)skey;
+ (void)flags;
+ (void)hashalgo;
fips_signal_error ("using dummy public key function");
return GPG_ERR_NOT_IMPLEMENTED;
}
@@ -728,7 +732,7 @@ pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
if (module)
{
pubkey = (gcry_pk_spec_t *) module->spec;
- rc = pubkey->sign (algorithm, resarr, data, skey);
+ rc = pubkey->sign (algorithm, resarr, data, skey, 0, 0);
_gcry_module_release (module);
goto ready;
}
diff --git a/cipher/rsa.c b/cipher/rsa.c
index ccc9f96..4787f81 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -993,11 +993,14 @@ rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
static gcry_err_code_t
-rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
+ int flags, int hashalgo)
{
RSA_secret_key sk;
(void)algo;
+ (void)flags;
+ (void)hashalgo;
sk.n = skey[0];
sk.e = skey[1];
diff --git a/src/gcrypt-module.h b/src/gcrypt-module.h
index 93f6162..cd55207 100644
--- a/src/gcrypt-module.h
+++ b/src/gcrypt-module.h
@@ -127,7 +127,9 @@ typedef gcry_err_code_t (*gcry_pk_decrypt_t) (int algo,
typedef gcry_err_code_t (*gcry_pk_sign_t) (int algo,
gcry_mpi_t *resarr,
gcry_mpi_t data,
- gcry_mpi_t *skey);
+ gcry_mpi_t *skey,
+ int flags,
+ int hashalgo);
/* Type for the pk_verify function. */
typedef gcry_err_code_t (*gcry_pk_verify_t) (int algo,
-----------------------------------------------------------------------
Summary of changes:
NEWS | 3 +
cipher/Makefile.am | 1 +
cipher/cipher.c | 14 ++-
cipher/dsa.c | 5 +-
cipher/ecc.c | 5 +-
cipher/elgamal.c | 5 +-
cipher/pubkey.c | 8 +-
cipher/rsa.c | 5 +-
cipher/salsa20.c | 380 ++++++++++++++++++++++++++++++++++
configure.ac | 8 +-
doc/gcrypt.texi | 45 ++++-
mpi/mpicoder.c | 11 +
src/cipher-proto.h | 4 +
src/cipher.h | 4 +-
src/gcrypt-module.h | 4 +-
src/gcrypt.h.in | 5 +-
tests/basic.c | 569 ++++++++++++++++++++++++++++++++++++++++++++++++++-
tests/mpitests.c | 33 +++
18 files changed, 1093 insertions(+), 16 deletions(-)
create mode 100644 cipher/salsa20.c
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jul 18 22:06:33 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 18 Jul 2013 22:06:33 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-169-g41e1a90
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 41e1a90fcf222affb4a06e50bdacd65f9a6797cf (commit)
from c4885092088431e7928e4459fda20cc0e8ceb201 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 41e1a90fcf222affb4a06e50bdacd65f9a6797cf
Author: Werner Koch
Date: Thu Jul 18 21:37:35 2013 +0200
Update AUTHORS with info on Salsa20.
--
diff --git a/AUTHORS b/AUTHORS
index 1c20cac..5cdf4a3 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -164,9 +164,9 @@ a part of libgcrypt proper. We distribute it merely for convenience.
It has a permissive license and is copyrighted by atsec information
security corporation. See the file for details.
+The file salsa20.c is based on D.J. Bernstein's public domain code and
+taken from Nettle. Copyright 2007 Simon Josefsson and Niels M?ller.
- Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2006,
- 2007, 2008, 2009, 2011, 2012 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
-----------------------------------------------------------------------
Summary of changes:
AUTHORS | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 19 18:44:28 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 19 Jul 2013 18:44:28 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-171-g37d0a1e
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 37d0a1ebdc2dc74df4fb6bf0621045018122a68f (commit)
via 2d3e8d4d9562d666420aadd9ffa8ac0456a1cd91 (commit)
from 41e1a90fcf222affb4a06e50bdacd65f9a6797cf (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 37d0a1ebdc2dc74df4fb6bf0621045018122a68f
Author: Werner Koch
Date: Fri Jul 19 18:14:38 2013 +0200
pk: Allow the use of a hash element for DSA sign and verify.
* cipher/pubkey.c (pubkey_sign): Add arg ctx and pass it to the sign
module.
(gcry_pk_sign): Pass CTX to pubkey_sign.
(sexp_data_to_mpi): Add flag rfc6979 and code to alls hash with *DSA
* cipher/rsa.c (rsa_sign, rsa_verify): Return an error if an opaque
MPI is given for DATA/HASH.
* cipher/elgamal.c (elg_sign, elg_verify): Ditto.
* cipher/dsa.c (dsa_sign, dsa_verify): Convert a given opaque MPI.
* cipher/ecc.c (ecc_sign, ecc_verify): Ditto.
* tests/basic.c (check_pubkey_sign_ecdsa): Add a test for using a hash
element with DSA.
--
This patch allows the use of
(data (flags raw)
(hash sha256 #80112233445566778899AABBCCDDEEFF
000102030405060708090A0B0C0D0E0F#))
in addition to the old but more efficient
(data (flags raw)
(value #80112233445566778899AABBCCDDEEFF
000102030405060708090A0B0C0D0E0F#))
for DSA and ECDSA. With the hash element the flag "raw" must be
explicitly given because existing regression test code expects that
conflict error is return if no flags but a hash element is given.
Note that the hash algorithm name is currently not checked. It may
eventually be used to cross-check the length of the provided hash
value. It is suggested that the correct hash name is given - even if
a truncated hash value is used.
Finally this patch adds a way to pass the hash algorithm and flag
values to the signing module. "rfc6979" as been implemented as a new
but not yet used flag.
Signed-off-by: Werner Koch
diff --git a/cipher/dsa.c b/cipher/dsa.c
index 55805e2..7652c19 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -1,6 +1,7 @@
/* dsa.c - DSA signature algorithm
* Copyright (C) 1998, 2000, 2001, 2002, 2003,
* 2006, 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2013 g10 Code GmbH.
*
* This file is part of Libgcrypt.
*
@@ -539,7 +540,7 @@ check_secret_key( DSA_secret_key *sk )
Make a DSA signature from HASH and put it into r and s.
*/
static void
-sign(gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )
+sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )
{
gcry_mpi_t k;
gcry_mpi_t kinv;
@@ -929,7 +930,22 @@ dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
sk.x = skey[4];
resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
- sign (resarr[0], resarr[1], data, &sk);
+ if (mpi_is_opaque (data))
+ {
+ const void *abuf;
+ unsigned int abits;
+ gcry_mpi_t a;
+
+ abuf = gcry_mpi_get_opaque (data, &abits);
+ err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, abits/8, NULL);
+ if (!err)
+ {
+ sign (resarr[0], resarr[1], a, &sk);
+ gcry_mpi_release (a);
+ }
+ }
+ else
+ sign (resarr[0], resarr[1], data, &sk);
}
return err;
}
@@ -954,8 +970,26 @@ dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
pk.q = pkey[1];
pk.g = pkey[2];
pk.y = pkey[3];
- if (! verify (data[0], data[1], hash, &pk))
- err = GPG_ERR_BAD_SIGNATURE;
+ if (mpi_is_opaque (hash))
+ {
+ const void *abuf;
+ unsigned int abits;
+ gcry_mpi_t a;
+
+ abuf = gcry_mpi_get_opaque (hash, &abits);
+ err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, abits/8, NULL);
+ if (!err)
+ {
+ if (!verify (data[0], data[1], a, &pk))
+ err = GPG_ERR_BAD_SIGNATURE;
+ gcry_mpi_release (a);
+ }
+ }
+ else
+ {
+ if (!verify (data[0], data[1], hash, &pk))
+ err = GPG_ERR_BAD_SIGNATURE;
+ }
}
return err;
}
diff --git a/cipher/ecc.c b/cipher/ecc.c
index e4b1799..725dfbe 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1347,7 +1347,24 @@ ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
- err = sign (data, &sk, resarr[0], resarr[1]);
+
+ if (mpi_is_opaque (data))
+ {
+ const void *abuf;
+ unsigned int abits;
+ gcry_mpi_t a;
+
+ abuf = gcry_mpi_get_opaque (data, &abits);
+ err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, abits/8, NULL);
+ if (!err)
+ {
+ err = sign (a, &sk, resarr[0], resarr[1]);
+ gcry_mpi_release (a);
+ }
+ }
+ else
+ err = sign (data, &sk, resarr[0], resarr[1]);
+
if (err)
{
mpi_free (resarr[0]);
@@ -1394,7 +1411,22 @@ ecc_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
return err;
}
- err = verify (hash, &pk, data[0], data[1]);
+ if (mpi_is_opaque (hash))
+ {
+ const void *abuf;
+ unsigned int abits;
+ gcry_mpi_t a;
+
+ abuf = gcry_mpi_get_opaque (hash, &abits);
+ err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, abits/8, NULL);
+ if (!err)
+ {
+ err = verify (a, &pk, data[0], data[1]);
+ gcry_mpi_release (a);
+ }
+ }
+ else
+ err = verify (hash, &pk, data[0], data[1]);
point_free (&pk.E.G);
point_free (&pk.Q);
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
index 128dd99..b40d132 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
@@ -763,6 +763,9 @@ elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
(void)flags;
(void)hashalgo;
+ if (mpi_is_opaque (data))
+ return GPG_ERR_INV_DATA;
+
if ((! data)
|| (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3]))
err = GPG_ERR_BAD_MPI;
@@ -792,6 +795,9 @@ elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
(void)cmp;
(void)opaquev;
+ if (mpi_is_opaque (hash))
+ return GPG_ERR_INV_DATA;
+
if ((! data[0]) || (! data[1]) || (! hash)
|| (! pkey[0]) || (! pkey[1]) || (! pkey[2]))
err = GPG_ERR_BAD_MPI;
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index 23a4358..606cedf 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -37,7 +37,8 @@ static gcry_err_code_t pubkey_decrypt (int algo, gcry_mpi_t *result,
gcry_mpi_t *data, gcry_mpi_t *skey,
int flags);
static gcry_err_code_t pubkey_sign (int algo, gcry_mpi_t *resarr,
- gcry_mpi_t hash, gcry_mpi_t *skey);
+ gcry_mpi_t hash, gcry_mpi_t *skey,
+ struct pk_encoding_ctx *ctx);
static gcry_err_code_t pubkey_verify (int algo, gcry_mpi_t hash,
gcry_mpi_t *data, gcry_mpi_t *pkey,
int (*cmp) (void *, gcry_mpi_t),
@@ -712,7 +713,7 @@ pubkey_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
*/
static gcry_err_code_t
pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
- gcry_mpi_t *skey)
+ gcry_mpi_t *skey, struct pk_encoding_ctx *ctx)
{
gcry_pk_spec_t *pubkey;
gcry_module_t module;
@@ -732,7 +733,8 @@ pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
if (module)
{
pubkey = (gcry_pk_spec_t *) module->spec;
- rc = pubkey->sign (algorithm, resarr, data, skey, 0, 0);
+ rc = pubkey->sign (algorithm, resarr, data, skey,
+ ctx->flags, ctx->hash_algo);
_gcry_module_release (module);
goto ready;
}
@@ -2477,7 +2479,7 @@ sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo,
()
or
(data
- [(flags [raw, pkcs1, oaep, pss, no-blinding])]
+ [(flags [raw, direct, pkcs1, oaep, pss, no-blinding, rfc6979])]
[(hash )]
[(value )]
[(hash-algo )]
@@ -2504,8 +2506,9 @@ sexp_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
int i;
size_t n;
const char *s;
- int unknown_flag=0;
+ int unknown_flag = 0;
int parsed_flags = 0;
+ int explicit_raw = 0;
*ret_mpi = NULL;
ldata = gcry_sexp_find_token (input, "data", 0);
@@ -2525,9 +2528,14 @@ sexp_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
s = gcry_sexp_nth_data (lflags, i, &n);
if (!s)
; /* not a data element*/
+ else if (n == 7 && ! memcmp (s, "rfc6979", 7))
+ parsed_flags |= PUBKEY_FLAG_RFC6979;
else if ( n == 3 && !memcmp (s, "raw", 3)
&& ctx->encoding == PUBKEY_ENC_UNKNOWN)
- ctx->encoding = PUBKEY_ENC_RAW;
+ {
+ ctx->encoding = PUBKEY_ENC_RAW;
+ explicit_raw = 1;
+ }
else if ( n == 5 && !memcmp (s, "pkcs1", 5)
&& ctx->encoding == PUBKEY_ENC_UNKNOWN)
ctx->encoding = PUBKEY_ENC_PKCS1;
@@ -2557,8 +2565,47 @@ sexp_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
rc = GPG_ERR_INV_OBJ; /* none or both given */
else if (unknown_flag)
rc = GPG_ERR_INV_FLAG;
+ else if (ctx->encoding == PUBKEY_ENC_RAW && lhash
+ && (explicit_raw || (parsed_flags & PUBKEY_FLAG_RFC6979)))
+ {
+ /* Raw encoding along with a hash element. This is commonly
+ used for DSA. For better backward error compatibility we
+ allow this only if either the rfc6979 flag has been given or
+ the raw flags was explicitly given. */
+ if (gcry_sexp_length (lhash) != 3)
+ rc = GPG_ERR_INV_OBJ;
+ else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n )
+ rc = GPG_ERR_INV_OBJ;
+ else
+ {
+ void *value;
+ size_t valuelen;
+
+ ctx->hash_algo = get_hash_algo (s, n);
+ if (!ctx->hash_algo)
+ rc = GPG_ERR_DIGEST_ALGO;
+ else if (!(value=gcry_sexp_nth_buffer (lhash, 2, &valuelen)))
+ rc = GPG_ERR_INV_OBJ;
+ else if ((valuelen * 8) < valuelen)
+ {
+ gcry_free (value);
+ rc = GPG_ERR_TOO_LARGE;
+ }
+ else
+ *ret_mpi = gcry_mpi_set_opaque (NULL, value, valuelen*8);
+ }
+ }
else if (ctx->encoding == PUBKEY_ENC_RAW && lvalue)
{
+ /* RFC6969 may only be used with the a hash value and not the
+ MPI based value. */
+ if (parsed_flags & PUBKEY_FLAG_RFC6979)
+ {
+ rc = GPG_ERR_CONFLICT;
+ goto leave;
+ }
+
+ /* Get the value */
*ret_mpi = gcry_sexp_nth_mpi (lvalue, 1, GCRYMPI_FMT_USG);
if (!*ret_mpi)
rc = GPG_ERR_INV_OBJ;
@@ -3214,7 +3261,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
rc = gpg_err_code_from_syserror ();
goto leave;
}
- rc = pubkey_sign (module->mod_id, result, hash, skey);
+ rc = pubkey_sign (module->mod_id, result, hash, skey, &ctx);
if (rc)
goto leave;
diff --git a/cipher/rsa.c b/cipher/rsa.c
index 4787f81..c9fcebf 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -700,7 +700,7 @@ stronger_key_check ( RSA_secret_key *skey )
* Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
*/
static void
-secret(gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
+secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey )
{
if (!skey->p || !skey->q || !skey->u)
{
@@ -1002,6 +1002,9 @@ rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
(void)flags;
(void)hashalgo;
+ if (mpi_is_opaque (data))
+ return GPG_ERR_INV_DATA;
+
sk.n = skey[0];
sk.e = skey[1];
sk.d = skey[2];
@@ -1028,6 +1031,9 @@ rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
(void)cmp;
(void)opaquev;
+ if (mpi_is_opaque (hash))
+ return GPG_ERR_INV_DATA;
+
pk.n = pkey[0];
pk.e = pkey[1];
result = gcry_mpi_new ( 160 );
diff --git a/tests/basic.c b/tests/basic.c
index 88ae131..46e213c 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -3073,6 +3073,14 @@ check_pubkey_sign_ecdsa (int n, gcry_sexp_t skey, gcry_sexp_t pkey)
int dummy;
} datas[] =
{
+ { 192,
+ "(data (flags raw)\n"
+ " (value #00112233445566778899AABBCCDDEEFF0001020304050607#))",
+ 0,
+ "(data (flags raw)\n"
+ " (value #80112233445566778899AABBCCDDEEFF0001020304050607#))",
+ 0
+ },
{ 256,
"(data (flags raw)\n"
" (value #00112233445566778899AABBCCDDEEFF"
@@ -3083,12 +3091,14 @@ check_pubkey_sign_ecdsa (int n, gcry_sexp_t skey, gcry_sexp_t pkey)
/* */ "000102030405060708090A0B0C0D0E0F#))",
0
},
- { 192,
+ { 256,
"(data (flags raw)\n"
- " (value #00112233445566778899AABBCCDDEEFF0001020304050607#))",
+ " (hash sha256 #00112233445566778899AABBCCDDEEFF"
+ /* */ "000102030405060708090A0B0C0D0E0F#))",
0,
"(data (flags raw)\n"
- " (value #80112233445566778899AABBCCDDEEFF0001020304050607#))",
+ " (hash sha256 #80112233445566778899AABBCCDDEEFF"
+ /* */ "000102030405060708090A0B0C0D0E0F#))",
0
},
{ 0, NULL }
commit 2d3e8d4d9562d666420aadd9ffa8ac0456a1cd91
Author: Werner Koch
Date: Fri Jul 19 15:54:03 2013 +0200
sexp: Add function gcry_sexp_nth_buffer.
* src/sexp.c (gcry_sexp_nth_buffer): New.
* src/visibility.c, src/visibility.h: Add function wrapper.
* src/libgcrypt.vers, src/libgcrypt.def: Add to API.
* src/gcrypt.h.in: Add prototype.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index b1ad7ac..508b943 100644
--- a/NEWS
+++ b/NEWS
@@ -73,6 +73,7 @@ Noteworthy changes in version 1.6.0 (unreleased)
GCRYCTL_DISABLE_LOCKED_SECMEM NEW.
GCRYCTL_DISABLE_PRIV_DROP NEW.
GCRY_CIPHER_SALSA20 NEW.
+ gcry_sexp_nth_buffer NEW.
Noteworthy changes in version 1.5.0 (2011-06-29)
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index cfc0174..770a245 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3596,6 +3596,30 @@ printf ("my name is %.*s\n", (int)len, name);
@end example
@end deftypefun
+ at deftypefun {void *} gcry_sexp_nth_buffer (@w{const gcry_sexp_t @var{list}}, @w{int @var{number}}, @w{size_t *@var{rlength}})
+
+This function is used to get data from a @var{list}. A malloced
+buffer with the actual data at list index @var{number} is returned and
+the length of this buffer will be stored to @var{rlength}. If there
+is no data at the given index or the index represents another list,
+ at code{NULL} is returned. The caller must release the result using
+ at code{gcry_free}.
+
+ at noindent
+Here is an example on how to extract and print the CRC value from the
+S-expression @samp{(hash crc32 #23ed00d7)}:
+
+ at example
+size_t len;
+char *value;
+
+value = gcry_sexp_nth_buffer (list, 2, &len);
+if (value)
+ fwrite (value, len, 1, stdout);
+gcry_free (value);
+ at end example
+ at end deftypefun
+
@deftypefun {char *} gcry_sexp_nth_string (@w{gcry_sexp_t @var{list}}, @w{int @var{number}})
This function is used to get and convert data from a @var{list}. The
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 6bd615d..06d6663 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -423,6 +423,13 @@ gcry_sexp_t gcry_sexp_cadr (const gcry_sexp_t list);
const char *gcry_sexp_nth_data (const gcry_sexp_t list, int number,
size_t *datalen);
+/* This function is used to get data from a LIST. A malloced buffer to the
+ data with index NUMBER is returned and the length of this
+ data will be stored to RLENGTH. If there is no data at the given
+ index or the index represents another list, `NULL' is returned. */
+void *gcry_sexp_nth_buffer (const gcry_sexp_t list, int number,
+ size_t *rlength);
+
/* This function is used to get and convert data from a LIST. The
data is assumed to be a Nul terminated string. The caller must
release the returned value using `gcry_free'. If there is no data
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index 9eaf8a7..bbc8f43 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -236,3 +236,8 @@ EXPORTS
gcry_pubkey_get_sexp @212
_gcry_mpi_get_const @213
+
+ gcry_sexp_get_buffer @214
+
+
+;; end of file with public symbols for Windows.
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index 6aaf0f1..473ee68 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -72,7 +72,7 @@ GCRYPT_1.6 {
gcry_sexp_build_array; gcry_sexp_cadr; gcry_sexp_canon_len;
gcry_sexp_car; gcry_sexp_cdr; gcry_sexp_cons; gcry_sexp_create;
gcry_sexp_dump; gcry_sexp_find_token; gcry_sexp_length;
- gcry_sexp_new; gcry_sexp_nth; gcry_sexp_nth_data;
+ gcry_sexp_new; gcry_sexp_nth; gcry_sexp_nth_buffer; gcry_sexp_nth_data;
gcry_sexp_nth_mpi; gcry_sexp_prepend; gcry_sexp_release;
gcry_sexp_sprint; gcry_sexp_sscan; gcry_sexp_vlist;
gcry_sexp_nth_string;
diff --git a/src/sexp.c b/src/sexp.c
index 62126d3..6dedf4e 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -1,6 +1,7 @@
/* sexp.c - S-Expression handling
* Copyright (C) 1999, 2000, 2001, 2002, 2003,
* 2004, 2006, 2007, 2008, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2013 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -713,6 +714,30 @@ gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen )
}
+/* Get the nth element of a list which needs to be a simple object.
+ The returned value is a malloced buffer and needs to be freed by
+ the caller. This is basically the same as gcry_sexp_nth_data but
+ with an allocated result. */
+void *
+gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength)
+{
+ const char *s;
+ size_t n;
+ char *buf;
+
+ *rlength = 0;
+ s = sexp_nth_data (list, number, &n);
+ if (!s || !n)
+ return NULL;
+ buf = gcry_malloc (n);
+ if (!buf)
+ return NULL;
+ memcpy (buf, s, n);
+ *rlength = n;
+ return buf;
+}
+
+
/* Get a string from the car. The returned value is a malloced string
and needs to be freed by the caller. */
char *
@@ -733,6 +758,7 @@ gcry_sexp_nth_string (const gcry_sexp_t list, int number)
return buf;
}
+
/*
* Get a MPI from the car
*/
diff --git a/src/visibility.c b/src/visibility.c
index c86d31b..bb51d58 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -226,6 +226,12 @@ gcry_sexp_nth_data (const gcry_sexp_t list, int number, size_t *datalen)
return _gcry_sexp_nth_data (list, number, datalen);
}
+void *
+gcry_sexp_nth_buffer (const gcry_sexp_t list, int number, size_t *rlength)
+{
+ return _gcry_sexp_nth_buffer (list, number, rlength);
+}
+
char *
gcry_sexp_nth_string (gcry_sexp_t list, int number)
{
diff --git a/src/visibility.h b/src/visibility.h
index 4837ed6..54da016 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -133,14 +133,15 @@
#define gcry_sexp_length _gcry_sexp_length
#define gcry_sexp_new _gcry_sexp_new
#define gcry_sexp_nth _gcry_sexp_nth
+#define gcry_sexp_nth_buffer _gcry_sexp_nth_buffer
#define gcry_sexp_nth_data _gcry_sexp_nth_data
#define gcry_sexp_nth_mpi _gcry_sexp_nth_mpi
+#define gcry_sexp_nth_string _gcry_sexp_nth_string
#define gcry_sexp_prepend _gcry_sexp_prepend
#define gcry_sexp_release _gcry_sexp_release
#define gcry_sexp_sprint _gcry_sexp_sprint
#define gcry_sexp_sscan _gcry_sexp_sscan
#define gcry_sexp_vlist _gcry_sexp_vlist
-#define gcry_sexp_nth_string _gcry_sexp_nth_string
#define gcry_mpi_add _gcry_mpi_add
#define gcry_mpi_add_ui _gcry_mpi_add_ui
@@ -348,14 +349,15 @@ gcry_err_code_t gcry_md_get (gcry_md_hd_t hd, int algo,
#undef gcry_sexp_length
#undef gcry_sexp_new
#undef gcry_sexp_nth
+#undef gcry_sexp_nth_buffer
#undef gcry_sexp_nth_data
#undef gcry_sexp_nth_mpi
+#undef gcry_sexp_nth_string
#undef gcry_sexp_prepend
#undef gcry_sexp_release
#undef gcry_sexp_sprint
#undef gcry_sexp_sscan
#undef gcry_sexp_vlist
-#undef gcry_sexp_nth_string
#undef gcry_mpi_add
#undef gcry_mpi_add_ui
@@ -524,14 +526,15 @@ MARK_VISIBLE (gcry_sexp_find_token)
MARK_VISIBLE (gcry_sexp_length)
MARK_VISIBLE (gcry_sexp_new)
MARK_VISIBLE (gcry_sexp_nth)
+MARK_VISIBLE (gcry_sexp_nth_buffer)
MARK_VISIBLE (gcry_sexp_nth_data)
MARK_VISIBLE (gcry_sexp_nth_mpi)
+MARK_VISIBLE (gcry_sexp_nth_string)
MARK_VISIBLE (gcry_sexp_prepend)
MARK_VISIBLE (gcry_sexp_release)
MARK_VISIBLE (gcry_sexp_sprint)
MARK_VISIBLE (gcry_sexp_sscan)
MARK_VISIBLE (gcry_sexp_vlist)
-MARK_VISIBLE (gcry_sexp_nth_string)
MARK_VISIBLE (gcry_mpi_add)
MARK_VISIBLE (gcry_mpi_add_ui)
-----------------------------------------------------------------------
Summary of changes:
NEWS | 1 +
cipher/dsa.c | 42 ++++++++++++++++++++++++++++++++---
cipher/ecc.c | 36 +++++++++++++++++++++++++++++-
cipher/elgamal.c | 6 +++++
cipher/pubkey.c | 61 ++++++++++++++++++++++++++++++++++++++++++++++------
cipher/rsa.c | 8 ++++++-
doc/gcrypt.texi | 24 ++++++++++++++++++++
src/gcrypt.h.in | 7 ++++++
src/libgcrypt.def | 5 ++++
src/libgcrypt.vers | 2 +-
src/sexp.c | 26 ++++++++++++++++++++++
src/visibility.c | 6 +++++
src/visibility.h | 9 +++++--
tests/basic.c | 16 +++++++++++--
14 files changed, 228 insertions(+), 21 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jul 25 11:32:02 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 25 Jul 2013 11:32:02 +0200
Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4,
updated. gnupg-1.4.13-17-g6f634b0
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-1-4 has been updated
via 6f634b0e089f253f07a470670449ba0722408d46 (commit)
via fb5c9deaa506249518705846cd9f4c178fe1c4e6 (commit)
via a0ee4fc7301fa64e38736db57074e78ce60d7a0d (commit)
via beb6a51df79ce25f16b9b37b25badbc02cb05782 (commit)
via 439999da117d9be9f88bb3e0ce7c444f9484ee2f (commit)
via 801803ab6e954173c2dcb7f0eb6eb8623238e99c (commit)
via 35646689f4b80955ff7dbe1687bf2c479c53421e (commit)
via fd86f3031161f11c3cbef643a213a04c821364dd (commit)
from f61d8fa5a7591423f5a2ef43725b308acd5f2357 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6f634b0e089f253f07a470670449ba0722408d46
Author: Werner Koch
Date: Thu Jul 25 11:00:04 2013 +0200
Post release updates.
--
diff --git a/NEWS b/NEWS
index a10103b..c632f0a 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Noteworthy changes in version 1.4.15 (unreleased)
+-------------------------------------------------
+
Noteworthy changes in version 1.4.14 (2013-07-25)
-------------------------------------------------
diff --git a/configure.ac b/configure.ac
index c4499e7..88701fb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,7 @@ min_automake_version="1.9.3"
# (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please
# bump the version number immediately *after* the release and do
# another commit and push so that the git magic is able to work.
-m4_define([mym4_version], [1.4.14])
+m4_define([mym4_version], [1.4.15])
# Below is m4 magic to extract and compute the git revision number,
# the decimalized short revision number, a beta version string and a
commit fb5c9deaa506249518705846cd9f4c178fe1c4e6
Author: Werner Koch
Date: Thu Jul 25 09:33:23 2013 +0200
Release 1.4.14.
diff --git a/NEWS b/NEWS
index b669539..a10103b 100644
--- a/NEWS
+++ b/NEWS
@@ -1,8 +1,8 @@
-Noteworthy changes in version 1.4.14 (unreleased)
+Noteworthy changes in version 1.4.14 (2013-07-25)
-------------------------------------------------
* Mitigate the Yarom/Falkner flush+reload side-channel attack on
- RSA secret keys.
+ RSA secret keys. See .
* Fixed IDEA for big-endian CPUs
diff --git a/README b/README
index ca002b2..df8902d 100644
--- a/README
+++ b/README
@@ -1,11 +1,11 @@
GnuPG - The GNU Privacy Guard
-------------------------------
- Version 1.4.13
+ Version 1.4.14
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004, 2005, 2006, 2007, 2008, 2009,
- 2010, 2012 Free Software Foundation, Inc.
+ 2010, 2012, 2013 Free Software Foundation, Inc.
This file is free software; as a special exception the author
gives unlimited permission to copy and/or distribute it, with or
diff --git a/util/argparse.c b/util/argparse.c
index 542957d..a0579cb 100644
--- a/util/argparse.c
+++ b/util/argparse.c
@@ -1046,7 +1046,7 @@ default_strusage( int level )
break;
case 11: p = "foo"; break;
case 13: p = "0.0"; break;
- case 14: p = "Copyright (C) 2012 Free Software Foundation, Inc."; break;
+ case 14: p = "Copyright (C) 2013 Free Software Foundation, Inc."; break;
case 15: p =
"This is free software: you are free to change and redistribute it.\n"
"There is NO WARRANTY, to the extent permitted by law.\n";
commit a0ee4fc7301fa64e38736db57074e78ce60d7a0d
Author: Werner Koch
Date: Thu Jul 25 10:44:01 2013 +0200
Autoupdate a translation.
--
diff --git a/po/zh_TW.po b/po/zh_TW.po
index da3e3d0..ddd7f46 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -12,6 +12,7 @@ msgstr ""
"PO-Revision-Date: 2012-05-13 10:57+0800\n"
"Last-Translator: Jedi Lin \n"
"Language-Team: Chinese (traditional) \n"
+"Language: zh_TW\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -190,6 +191,9 @@ msgstr "||????????"
msgid "Reset Code is too short; minimum length is %d\n"
msgstr "?????; ?????? %d\n"
+#. TRANSLATORS: Do not translate the "|*|" prefixes but
+#. keep it at the start of the string. We need this elsewhere
+#. to get some infos on the string.
msgid "|RN|New Reset Code"
msgstr "|RN|?????"
@@ -264,7 +268,8 @@ msgstr "????? %s ?????\n"
msgid "signatures created so far: %lu\n"
msgstr "???????: %lu\n"
-msgid "verification of Admin PIN is currently prohibited through this command\n"
+msgid ""
+"verification of Admin PIN is currently prohibited through this command\n"
msgstr "???????????????? (PIN) ??????\n"
#, c-format
@@ -326,7 +331,8 @@ msgstr "?????? OpenPGP ??.\n"
msgid "invalid armor: line longer than %d characters\n"
msgstr "?????: ???? %d ??\n"
-msgid "quoted printable character in armor - probably a buggy MTA has been used\n"
+msgid ""
+"quoted printable character in armor - probably a buggy MTA has been used\n"
msgstr "???????????????? - ??????????????\n"
#, c-format
@@ -707,15 +713,19 @@ msgstr "? --pgp2 ???, ???? 2048 ????? RSA ????
msgid "reading from `%s'\n"
msgstr "??? `%s' ???\n"
-msgid "unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgid ""
+"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
msgstr "????????????????? IDEA ???.\n"
#, c-format
-msgid "WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgid ""
+"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
msgstr "??: ???? %s (%d) ????????????????\n"
#, c-format
-msgid "WARNING: forcing compression algorithm %s (%d) violates recipient preferences\n"
+msgid ""
+"WARNING: forcing compression algorithm %s (%d) violates recipient "
+"preferences\n"
msgstr "??: ???? %s (%d) ???????????????\n"
#, c-format
@@ -738,7 +748,8 @@ msgstr "%s ??????\n"
msgid "encrypted with unknown algorithm %d\n"
msgstr "? %d ????????\n"
-msgid "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgid ""
+"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
msgstr "??: ?????????????????.\n"
msgid "problem handling encrypted packet\n"
@@ -751,7 +762,8 @@ msgstr "???????????\n"
msgid "can't create directory `%s': %s\n"
msgstr "?????? `%s': %s\n"
-msgid "external program calls are disabled due to unsafe options file permissions\n"
+msgid ""
+"external program calls are disabled due to unsafe options file permissions\n"
msgstr "????????????, ??????????\n"
msgid "this platform requires temporary files when calling external programs\n"
@@ -1001,15 +1013,21 @@ msgstr ""
" --fingerprint [??] ????\n"
msgid "Please report bugs to .\n"
-msgstr "?? ??????, ? ??????.\n"
+msgstr ""
+"?? ??????, ? ??????.\n"
msgid "Usage: gpg [options] [files] (-h for help)"
msgstr "??: gpg [??] [??] (?? -h ??)"
+#, fuzzy
+#| msgid ""
+#| "Syntax: gpg [options] [files]\n"
+#| "sign, check, encrypt or decrypt\n"
+#| "default operation depends on the input data\n"
msgid ""
"Syntax: gpg [options] [files]\n"
-"sign, check, encrypt or decrypt\n"
-"default operation depends on the input data\n"
+"Sign, check, encrypt or decrypt\n"
+"Default operation depends on the input data\n"
msgstr ""
"??: gpg [??] [??]\n"
"??, ??, ?????\n"
@@ -1053,10 +1071,6 @@ msgid "WARNING: unsafe ownership on configuration file `%s'\n"
msgstr "??: ???? `%s' ????????\n"
#, c-format
-msgid "WARNING: unsafe ownership on extension `%s'\n"
-msgstr "??: ???? `%s' ????????\n"
-
-#, c-format
msgid "WARNING: unsafe permissions on homedir `%s'\n"
msgstr "??: ??? `%s' ???????\n"
@@ -1065,34 +1079,24 @@ msgid "WARNING: unsafe permissions on configuration file `%s'\n"
msgstr "??: ???? `%s' ???????\n"
#, c-format
-msgid "WARNING: unsafe permissions on extension `%s'\n"
-msgstr "??: ???? `%s' ???????\n"
-
-#, c-format
msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
msgstr "??: ??? `%s' ????????????\n"
#, c-format
-msgid "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgid ""
+"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
msgstr "??: ???? `%s' ????????????\n"
#, c-format
-msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
-msgstr "??: ???? `%s' ????????????\n"
-
-#, c-format
msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
msgstr "??: ??? `%s' ???????????\n"
#, c-format
-msgid "WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgid ""
+"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
msgstr "??: ???? `%s' ???????????\n"
#, c-format
-msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
-msgstr "??: ???? `%s' ???????????\n"
-
-#, c-format
msgid "unknown configuration item `%s'\n"
msgstr "??????? `%s'\n"
@@ -1150,10 +1154,6 @@ msgid "NOTE: %s is not for normal use!\n"
msgstr "???: ????????? %s!\n"
#, c-format
-msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
-msgstr "??????? `%s' ???????????\n"
-
-#, c-format
msgid "`%s' is not a valid signature expiration\n"
msgstr "`%s' ????????????\n"
@@ -1522,7 +1522,8 @@ msgstr ""
msgid "If you want to use this untrusted key anyway, answer \"yes\"."
msgstr "????????????????????, ??? \"yes\"."
-msgid "Enter the user ID of the addressee to whom you want to send the message."
+msgid ""
+"Enter the user ID of the addressee to whom you want to send the message."
msgstr "???????????????? ID."
msgid ""
@@ -1582,12 +1583,19 @@ msgstr "????? (???????) ???????"
msgid "Please enter an optional comment"
msgstr "????????"
+#, fuzzy
+#| msgid ""
+#| "N to change the name.\n"
+#| "C to change the comment.\n"
+#| "E to change the email address.\n"
+#| "O to continue with key generation.\n"
+#| "Q to to quit the key generation."
msgid ""
"N to change the name.\n"
"C to change the comment.\n"
"E to change the email address.\n"
"O to continue with key generation.\n"
-"Q to to quit the key generation."
+"Q to quit the key generation."
msgstr ""
"N ????.\n"
"C ????.\n"
@@ -1603,26 +1611,36 @@ msgid ""
"belongs to the person named in the user ID. It is useful for others to\n"
"know how carefully you verified this.\n"
"\n"
-"\"0\" means you make no particular claim as to how carefully you verified the\n"
+"\"0\" means you make no particular claim as to how carefully you verified "
+"the\n"
" key.\n"
"\n"
"\"1\" means you believe the key is owned by the person who claims to own it\n"
-" but you could not, or did not verify the key at all. This is useful for\n"
-" a \"persona\" verification, where you sign the key of a pseudonymous user.\n"
+" but you could not, or did not verify the key at all. This is useful "
+"for\n"
+" a \"persona\" verification, where you sign the key of a pseudonymous "
+"user.\n"
"\n"
-"\"2\" means you did casual verification of the key. For example, this could\n"
-" mean that you verified the key fingerprint and checked the user ID on the\n"
+"\"2\" means you did casual verification of the key. For example, this "
+"could\n"
+" mean that you verified the key fingerprint and checked the user ID on "
+"the\n"
" key against a photo ID.\n"
"\n"
-"\"3\" means you did extensive verification of the key. For example, this could\n"
+"\"3\" means you did extensive verification of the key. For example, this "
+"could\n"
" mean that you verified the key fingerprint with the owner of the key in\n"
-" person, and that you checked, by means of a hard to forge document with a\n"
-" photo ID (such as a passport) that the name of the key owner matches the\n"
-" name in the user ID on the key, and finally that you verified (by exchange\n"
+" person, and that you checked, by means of a hard to forge document with "
+"a\n"
+" photo ID (such as a passport) that the name of the key owner matches "
+"the\n"
+" name in the user ID on the key, and finally that you verified (by "
+"exchange\n"
" of email) that the email address on the key belongs to the key owner.\n"
"\n"
"Note that the examples given above for levels 2 and 3 are *only* examples.\n"
-"In the end, it is up to you to decide just what \"casual\" and \"extensive\"\n"
+"In the end, it is up to you to decide just what \"casual\" and \"extensive"
+"\"\n"
"mean to you when you sign other keys.\n"
"\n"
"If you don't know what the right answer is, answer \"0\"."
@@ -1714,7 +1732,9 @@ msgstr ""
"???? (??????????) ??? ID ???????????.\n"
"???????????????????????.\n"
-msgid "Please enter the passhrase; this is a secret sentence \n"
+#, fuzzy
+#| msgid "Please enter the passhrase; this is a secret sentence \n"
+msgid "Please enter the passphrase; this is a secret sentence \n"
msgstr "?????; ???????? \n"
msgid "Please repeat the last passphrase, so you are sure what you typed in."
@@ -2186,8 +2206,10 @@ msgid "%d user IDs without valid self-signatures detected\n"
msgstr "??? %d ????????????? ID\n"
msgid ""
-"Please decide how far you trust this user to correctly verify other users' keys\n"
-"(by looking at passports, checking fingerprints from different sources, etc.)\n"
+"Please decide how far you trust this user to correctly verify other users' "
+"keys\n"
+"(by looking at passports, checking fingerprints from different sources, "
+"etc.)\n"
msgstr ""
"?????????????????????????\n"
"(???????, ????????????...????\n"
@@ -2295,14 +2317,17 @@ msgstr "?????? %s ??.\n"
msgid "Do you want your signature to expire at the same time? (Y/n) "
msgstr "??????????????????? (Y/n) "
-msgid "You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 mode.\n"
+msgid ""
+"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
+"mode.\n"
msgstr "???? --pgp2 ???, ? PGP 2.x ???? OpenPGP ??.\n"
msgid "This would make the key unusable in PGP 2.x.\n"
msgstr "???????? PGP 2.x ???????.\n"
msgid ""
-"How carefully have you verified the key you are about to sign actually belongs\n"
+"How carefully have you verified the key you are about to sign actually "
+"belongs\n"
"to the person named above? If you don't know what to answer, enter \"0\".\n"
msgstr ""
"????????????????????????????\n"
@@ -2536,7 +2561,8 @@ msgid "Please use the command \"toggle\" first.\n"
msgstr "???? \"toggle\" ??.\n"
msgid ""
-"* The `sign' command may be prefixed with an `l' for local signatures (lsign),\n"
+"* The `sign' command may be prefixed with an `l' for local signatures "
+"(lsign),\n"
" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
msgstr ""
@@ -2729,7 +2755,8 @@ msgstr ""
" ???????? ID ????? ID.\n"
msgid ""
-"WARNING: This is a PGP2-style key. Adding a photo ID may cause some versions\n"
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
+"versions\n"
" of PGP to reject this key.\n"
msgstr ""
"??: ???? PGP2 ?????.\n"
@@ -2788,7 +2815,8 @@ msgid "User ID \"%s\": already clean\n"
msgstr "??? ID \"%s\": ???????\n"
msgid ""
-"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may cause\n"
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
+"cause\n"
" some versions of PGP to reject this key.\n"
msgstr ""
"??: ???? PGP2 ?????.\n"
@@ -2815,7 +2843,8 @@ msgstr "????????????\n"
msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
msgstr "??: ????????????????, ??????!\n"
-msgid "Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgid ""
+"Are you sure you want to appoint this key as a designated revoker? (y/N) "
msgstr "?????????????????? (y/N) "
msgid "Please remove selections from the secret keys.\n"
@@ -3140,7 +3169,8 @@ msgstr "?????? (y/N) "
msgid ""
"\n"
-"You need a user ID to identify your key; the software constructs the user ID\n"
+"You need a user ID to identify your key; the software constructs the user "
+"ID\n"
"from the Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) \"\n"
"\n"
@@ -3293,11 +3323,13 @@ msgid "Key generation failed: %s\n"
msgstr "??????: %s\n"
#, c-format
-msgid "key has been created %lu second in future (time warp or clock problem)\n"
+msgid ""
+"key has been created %lu second in future (time warp or clock problem)\n"
msgstr "????? %lu ??????? (???????????????)\n"
#, c-format
-msgid "key has been created %lu seconds in future (time warp or clock problem)\n"
+msgid ""
+"key has been created %lu seconds in future (time warp or clock problem)\n"
msgstr "????? %lu ??????? (???????????????)\n"
msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
@@ -3677,7 +3709,8 @@ msgstr "??????: %s\n"
msgid "not a detached signature\n"
msgstr "?????????\n"
-msgid "WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgid ""
+"WARNING: multiple signatures detected. Only the first will be checked.\n"
msgstr "??: ???????. ????????????.\n"
#, c-format
@@ -3717,18 +3750,15 @@ msgstr "??: ???????? %s ?????\n"
msgid "WARNING: using experimental digest algorithm %s\n"
msgstr "??: ???????? %s ?????\n"
-msgid "the IDEA cipher plugin is not present\n"
-msgstr "IDEA ??????????\n"
+#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "??: ?????? %s ?????\n"
#, c-format
msgid "please see %s for more information\n"
msgstr "??? %s ???????\n"
#, c-format
-msgid "WARNING: digest algorithm %s is deprecated\n"
-msgstr "??: ?????? %s ?????\n"
-
-#, c-format
msgid "NOTE: This feature is not available in %s\n"
msgstr "???: %s ??????????\n"
@@ -3751,6 +3781,7 @@ msgstr "??: \"%s\" ????????? - ????\n"
msgid "Uncompressed"
msgstr "???"
+#. TRANSLATORS: See doc/TRANSLATE about this string.
msgid "uncompressed|none"
msgstr "uncompressed|none|???|?"
@@ -3937,6 +3968,16 @@ msgid "revocation comment: "
msgstr "????: "
# a string with valid answers
+#. TRANSLATORS: These are the allowed answers in lower and
+#. uppercase. Below you will find the matching strings which
+#. should be translated accordingly and the letter changed to
+#. match the one in the answer string.
+#.
+#. i = please show me more information
+#. m = back to the main menu
+#. s = skip this key
+#. q = quit
+#.
msgid "iImMqQsS"
msgstr "iImMqQsS"
@@ -3947,7 +3988,8 @@ msgstr "????????????:\n"
msgid " aka \"%s\"\n"
msgstr " ?? \"%s\"\n"
-msgid "How much do you trust that this key actually belongs to the named user?\n"
+msgid ""
+"How much do you trust that this key actually belongs to the named user?\n"
msgstr "???????????????????????\n"
#, c-format
@@ -4055,7 +4097,8 @@ msgstr "???: ?????????!\n"
msgid "WARNING: This key is not certified with a trusted signature!\n"
msgstr "??: ????????????????!\n"
-msgid " There is no indication that the signature belongs to the owner.\n"
+msgid ""
+" There is no indication that the signature belongs to the owner.\n"
msgstr " ?????????????????.\n"
msgid "WARNING: We do NOT trust this key!\n"
@@ -4064,7 +4107,8 @@ msgstr "??: ?? *?* ??????!\n"
msgid " The signature is probably a FORGERY.\n"
msgstr " ????????? *???*.\n"
-msgid "WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid ""
+"WARNING: This key is not certified with sufficiently trusted signatures!\n"
msgstr "??: ?????????????????!\n"
msgid " It is not certain that the signature belongs to the owner.\n"
@@ -4316,11 +4360,13 @@ msgid "public key %s is %lu seconds newer than the signature\n"
msgstr "?? %s ??????? %lu ?\n"
#, c-format
-msgid "key %s was created %lu second in the future (time warp or clock problem)\n"
+msgid ""
+"key %s was created %lu second in the future (time warp or clock problem)\n"
msgstr "?? %s ??? %lu ??????? (???????????????)\n"
#, c-format
-msgid "key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgid ""
+"key %s was created %lu seconds in the future (time warp or clock problem)\n"
msgstr "?? %s ??? %lu ??????? (???????????????)\n"
#, c-format
@@ -4344,11 +4390,14 @@ msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
msgstr "??: ?? %% ???? (???). ????????.\n"
#, c-format
-msgid "WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgid ""
+"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
msgstr "??: ?? URL ? %% ???? (???). ????????.\n"
#, c-format
-msgid "WARNING: unable to %%-expand preferred keyserver URL (too large). Using unexpanded.\n"
+msgid ""
+"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
+"unexpanded.\n"
msgstr "??: ??????? URL ? %% ???? (???). ????????.\n"
#, c-format
@@ -4363,7 +4412,8 @@ msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
msgstr "?? --pgp2 ???????? PGP 2.x ???????????\n"
#, c-format
-msgid "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgid ""
+"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
msgstr "??: ???? %s (%d) ???????????????\n"
msgid "signing:"
@@ -4584,6 +4634,14 @@ msgstr "??????????? (%d) - ???? %s ????\n"
msgid "using %s trust model\n"
msgstr "???? %s ????\n"
+#. TRANSLATORS: these strings are similar to those in
+#. trust_value_to_string(), but are a fixed length. This is needed to
+#. make attractive information listings where columns line up
+#. properly. The value "10" should be the length of the strings you
+#. choose to translate to. This is the length in printable columns.
+#. It gets passed to atoi() so everything after the number is
+#. essentially a comment and need not be translated. Either key and
+#. uid are both NULL, or neither are NULL.
msgid "10 translator see trustdb.c:uid_trust_string_fixed"
msgstr "10 ????? trustdb.c:uid_trust_string_fixed"
@@ -4664,7 +4722,8 @@ msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
msgstr "%d ??????? %d ?????? %s ?????????\n"
#, c-format
-msgid "depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgid ""
+"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
msgstr "??: %d ??: %3d ???: %3d ??: %d-, %dq, %dn, %dm, %df, %du\n"
#, c-format
@@ -4901,7 +4960,11 @@ msgstr "cC"
msgid "WARNING: using insecure memory!\n"
msgstr "??: ???????????!\n"
-msgid "please see http://www.gnupg.org/faq.html for more information\n"
+#, fuzzy
+#| msgid "please see http://www.gnupg.org/faq.html for more information\n"
+msgid ""
+"please see http://www.gnupg.org/documentation/faqs.html for more "
+"information\n"
msgstr "??? http://www.gnupg.org/faq.html ???????\n"
msgid "operation is not possible without initialized secure memory\n"
@@ -4910,6 +4973,24 @@ msgstr "???????????, ???????\n"
msgid "(you may have used the wrong program for this task)\n"
msgstr "(?????????????)\n"
+#~ msgid "WARNING: unsafe ownership on extension `%s'\n"
+#~ msgstr "??: ???? `%s' ????????\n"
+
+#~ msgid "WARNING: unsafe permissions on extension `%s'\n"
+#~ msgstr "??: ???? `%s' ???????\n"
+
+#~ msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+#~ msgstr "??: ???? `%s' ????????????\n"
+
+#~ msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+#~ msgstr "??: ???? `%s' ???????????\n"
+
+#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+#~ msgstr "??????? `%s' ???????????\n"
+
+#~ msgid "the IDEA cipher plugin is not present\n"
+#~ msgstr "IDEA ??????????\n"
+
#~ msgid "Command> "
#~ msgstr "??> "
commit beb6a51df79ce25f16b9b37b25badbc02cb05782
Author: Jedi Lin
Date: Thu Jul 25 09:30:05 2013 +0200
Update Chinese translation.
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 01ca3bd..da3e3d0 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -9,10 +9,9 @@ msgid ""
msgstr ""
"Project-Id-Version: gnupg 1.4.11\n"
"Report-Msgid-Bugs-To: gnupg-i18n at gnupg.org\n"
-"PO-Revision-Date: 2012-12-20 18:33+0100\n"
+"PO-Revision-Date: 2012-05-13 10:57+0800\n"
"Last-Translator: Jedi Lin \n"
"Language-Team: Chinese (traditional) \n"
-"Language: zh_TW\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
@@ -191,9 +190,6 @@ msgstr "||????????"
msgid "Reset Code is too short; minimum length is %d\n"
msgstr "?????; ?????? %d\n"
-#. TRANSLATORS: Do not translate the "|*|" prefixes but
-#. keep it at the start of the string. We need this elsewhere
-#. to get some infos on the string.
msgid "|RN|New Reset Code"
msgstr "|RN|?????"
@@ -268,8 +264,7 @@ msgstr "????? %s ?????\n"
msgid "signatures created so far: %lu\n"
msgstr "???????: %lu\n"
-msgid ""
-"verification of Admin PIN is currently prohibited through this command\n"
+msgid "verification of Admin PIN is currently prohibited through this command\n"
msgstr "???????????????? (PIN) ??????\n"
#, c-format
@@ -331,8 +326,7 @@ msgstr "?????? OpenPGP ??.\n"
msgid "invalid armor: line longer than %d characters\n"
msgstr "?????: ???? %d ??\n"
-msgid ""
-"quoted printable character in armor - probably a buggy MTA has been used\n"
+msgid "quoted printable character in armor - probably a buggy MTA has been used\n"
msgstr "???????????????? - ??????????????\n"
#, c-format
@@ -713,19 +707,15 @@ msgstr "? --pgp2 ???, ???? 2048 ????? RSA ????
msgid "reading from `%s'\n"
msgstr "??? `%s' ???\n"
-msgid ""
-"unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
+msgid "unable to use the IDEA cipher for all of the keys you are encrypting to.\n"
msgstr "????????????????? IDEA ???.\n"
#, c-format
-msgid ""
-"WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
+msgid "WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n"
msgstr "??: ???? %s (%d) ????????????????\n"
#, c-format
-msgid ""
-"WARNING: forcing compression algorithm %s (%d) violates recipient "
-"preferences\n"
+msgid "WARNING: forcing compression algorithm %s (%d) violates recipient preferences\n"
msgstr "??: ???? %s (%d) ???????????????\n"
#, c-format
@@ -748,8 +738,7 @@ msgstr "%s ??????\n"
msgid "encrypted with unknown algorithm %d\n"
msgstr "? %d ????????\n"
-msgid ""
-"WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
+msgid "WARNING: message was encrypted with a weak key in the symmetric cipher.\n"
msgstr "??: ?????????????????.\n"
msgid "problem handling encrypted packet\n"
@@ -762,8 +751,7 @@ msgstr "???????????\n"
msgid "can't create directory `%s': %s\n"
msgstr "?????? `%s': %s\n"
-msgid ""
-"external program calls are disabled due to unsafe options file permissions\n"
+msgid "external program calls are disabled due to unsafe options file permissions\n"
msgstr "????????????, ??????????\n"
msgid "this platform requires temporary files when calling external programs\n"
@@ -1013,16 +1001,15 @@ msgstr ""
" --fingerprint [??] ????\n"
msgid "Please report bugs to .\n"
-msgstr ""
-"?? ??????, ? ??????.\n"
+msgstr "?? ??????, ? ??????.\n"
msgid "Usage: gpg [options] [files] (-h for help)"
msgstr "??: gpg [??] [??] (?? -h ??)"
msgid ""
"Syntax: gpg [options] [files]\n"
-"Sign, check, encrypt or decrypt\n"
-"Default operation depends on the input data\n"
+"sign, check, encrypt or decrypt\n"
+"default operation depends on the input data\n"
msgstr ""
"??: gpg [??] [??]\n"
"??, ??, ?????\n"
@@ -1066,6 +1053,10 @@ msgid "WARNING: unsafe ownership on configuration file `%s'\n"
msgstr "??: ???? `%s' ????????\n"
#, c-format
+msgid "WARNING: unsafe ownership on extension `%s'\n"
+msgstr "??: ???? `%s' ????????\n"
+
+#, c-format
msgid "WARNING: unsafe permissions on homedir `%s'\n"
msgstr "??: ??? `%s' ???????\n"
@@ -1074,24 +1065,34 @@ msgid "WARNING: unsafe permissions on configuration file `%s'\n"
msgstr "??: ???? `%s' ???????\n"
#, c-format
+msgid "WARNING: unsafe permissions on extension `%s'\n"
+msgstr "??: ???? `%s' ???????\n"
+
+#, c-format
msgid "WARNING: unsafe enclosing directory ownership on homedir `%s'\n"
msgstr "??: ??? `%s' ????????????\n"
#, c-format
-msgid ""
-"WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
+msgid "WARNING: unsafe enclosing directory ownership on configuration file `%s'\n"
msgstr "??: ???? `%s' ????????????\n"
#, c-format
+msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
+msgstr "??: ???? `%s' ????????????\n"
+
+#, c-format
msgid "WARNING: unsafe enclosing directory permissions on homedir `%s'\n"
msgstr "??: ??? `%s' ???????????\n"
#, c-format
-msgid ""
-"WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
+msgid "WARNING: unsafe enclosing directory permissions on configuration file `%s'\n"
msgstr "??: ???? `%s' ???????????\n"
#, c-format
+msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
+msgstr "??: ???? `%s' ???????????\n"
+
+#, c-format
msgid "unknown configuration item `%s'\n"
msgstr "??????? `%s'\n"
@@ -1149,6 +1150,10 @@ msgid "NOTE: %s is not for normal use!\n"
msgstr "???: ????????? %s!\n"
#, c-format
+msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
+msgstr "??????? `%s' ???????????\n"
+
+#, c-format
msgid "`%s' is not a valid signature expiration\n"
msgstr "`%s' ????????????\n"
@@ -1517,8 +1522,7 @@ msgstr ""
msgid "If you want to use this untrusted key anyway, answer \"yes\"."
msgstr "????????????????????, ??? \"yes\"."
-msgid ""
-"Enter the user ID of the addressee to whom you want to send the message."
+msgid "Enter the user ID of the addressee to whom you want to send the message."
msgstr "???????????????? ID."
msgid ""
@@ -1583,7 +1587,7 @@ msgid ""
"C to change the comment.\n"
"E to change the email address.\n"
"O to continue with key generation.\n"
-"Q to quit the key generation."
+"Q to to quit the key generation."
msgstr ""
"N ????.\n"
"C ????.\n"
@@ -1599,36 +1603,26 @@ msgid ""
"belongs to the person named in the user ID. It is useful for others to\n"
"know how carefully you verified this.\n"
"\n"
-"\"0\" means you make no particular claim as to how carefully you verified "
-"the\n"
+"\"0\" means you make no particular claim as to how carefully you verified the\n"
" key.\n"
"\n"
"\"1\" means you believe the key is owned by the person who claims to own it\n"
-" but you could not, or did not verify the key at all. This is useful "
-"for\n"
-" a \"persona\" verification, where you sign the key of a pseudonymous "
-"user.\n"
+" but you could not, or did not verify the key at all. This is useful for\n"
+" a \"persona\" verification, where you sign the key of a pseudonymous user.\n"
"\n"
-"\"2\" means you did casual verification of the key. For example, this "
-"could\n"
-" mean that you verified the key fingerprint and checked the user ID on "
-"the\n"
+"\"2\" means you did casual verification of the key. For example, this could\n"
+" mean that you verified the key fingerprint and checked the user ID on the\n"
" key against a photo ID.\n"
"\n"
-"\"3\" means you did extensive verification of the key. For example, this "
-"could\n"
+"\"3\" means you did extensive verification of the key. For example, this could\n"
" mean that you verified the key fingerprint with the owner of the key in\n"
-" person, and that you checked, by means of a hard to forge document with "
-"a\n"
-" photo ID (such as a passport) that the name of the key owner matches "
-"the\n"
-" name in the user ID on the key, and finally that you verified (by "
-"exchange\n"
+" person, and that you checked, by means of a hard to forge document with a\n"
+" photo ID (such as a passport) that the name of the key owner matches the\n"
+" name in the user ID on the key, and finally that you verified (by exchange\n"
" of email) that the email address on the key belongs to the key owner.\n"
"\n"
"Note that the examples given above for levels 2 and 3 are *only* examples.\n"
-"In the end, it is up to you to decide just what \"casual\" and \"extensive"
-"\"\n"
+"In the end, it is up to you to decide just what \"casual\" and \"extensive\"\n"
"mean to you when you sign other keys.\n"
"\n"
"If you don't know what the right answer is, answer \"0\"."
@@ -1720,7 +1714,7 @@ msgstr ""
"???? (??????????) ??? ID ???????????.\n"
"???????????????????????.\n"
-msgid "Please enter the passphrase; this is a secret sentence \n"
+msgid "Please enter the passhrase; this is a secret sentence \n"
msgstr "?????; ???????? \n"
msgid "Please repeat the last passphrase, so you are sure what you typed in."
@@ -2192,10 +2186,8 @@ msgid "%d user IDs without valid self-signatures detected\n"
msgstr "??? %d ????????????? ID\n"
msgid ""
-"Please decide how far you trust this user to correctly verify other users' "
-"keys\n"
-"(by looking at passports, checking fingerprints from different sources, "
-"etc.)\n"
+"Please decide how far you trust this user to correctly verify other users' keys\n"
+"(by looking at passports, checking fingerprints from different sources, etc.)\n"
msgstr ""
"?????????????????????????\n"
"(???????, ????????????...????\n"
@@ -2303,17 +2295,14 @@ msgstr "?????? %s ??.\n"
msgid "Do you want your signature to expire at the same time? (Y/n) "
msgstr "??????????????????? (Y/n) "
-msgid ""
-"You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 "
-"mode.\n"
+msgid "You may not make an OpenPGP signature on a PGP 2.x key while in --pgp2 mode.\n"
msgstr "???? --pgp2 ???, ? PGP 2.x ???? OpenPGP ??.\n"
msgid "This would make the key unusable in PGP 2.x.\n"
msgstr "???????? PGP 2.x ???????.\n"
msgid ""
-"How carefully have you verified the key you are about to sign actually "
-"belongs\n"
+"How carefully have you verified the key you are about to sign actually belongs\n"
"to the person named above? If you don't know what to answer, enter \"0\".\n"
msgstr ""
"????????????????????????????\n"
@@ -2547,8 +2536,7 @@ msgid "Please use the command \"toggle\" first.\n"
msgstr "???? \"toggle\" ??.\n"
msgid ""
-"* The `sign' command may be prefixed with an `l' for local signatures "
-"(lsign),\n"
+"* The `sign' command may be prefixed with an `l' for local signatures (lsign),\n"
" a `t' for trust signatures (tsign), an `nr' for non-revocable signatures\n"
" (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n"
msgstr ""
@@ -2741,8 +2729,7 @@ msgstr ""
" ???????? ID ????? ID.\n"
msgid ""
-"WARNING: This is a PGP2-style key. Adding a photo ID may cause some "
-"versions\n"
+"WARNING: This is a PGP2-style key. Adding a photo ID may cause some versions\n"
" of PGP to reject this key.\n"
msgstr ""
"??: ???? PGP2 ?????.\n"
@@ -2801,8 +2788,7 @@ msgid "User ID \"%s\": already clean\n"
msgstr "??? ID \"%s\": ???????\n"
msgid ""
-"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may "
-"cause\n"
+"WARNING: This is a PGP 2.x-style key. Adding a designated revoker may cause\n"
" some versions of PGP to reject this key.\n"
msgstr ""
"??: ???? PGP2 ?????.\n"
@@ -2829,8 +2815,7 @@ msgstr "????????????\n"
msgid "WARNING: appointing a key as a designated revoker cannot be undone!\n"
msgstr "??: ????????????????, ??????!\n"
-msgid ""
-"Are you sure you want to appoint this key as a designated revoker? (y/N) "
+msgid "Are you sure you want to appoint this key as a designated revoker? (y/N) "
msgstr "?????????????????? (y/N) "
msgid "Please remove selections from the secret keys.\n"
@@ -3155,8 +3140,7 @@ msgstr "?????? (y/N) "
msgid ""
"\n"
-"You need a user ID to identify your key; the software constructs the user "
-"ID\n"
+"You need a user ID to identify your key; the software constructs the user ID\n"
"from the Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) \"\n"
"\n"
@@ -3309,13 +3293,11 @@ msgid "Key generation failed: %s\n"
msgstr "??????: %s\n"
#, c-format
-msgid ""
-"key has been created %lu second in future (time warp or clock problem)\n"
+msgid "key has been created %lu second in future (time warp or clock problem)\n"
msgstr "????? %lu ??????? (???????????????)\n"
#, c-format
-msgid ""
-"key has been created %lu seconds in future (time warp or clock problem)\n"
+msgid "key has been created %lu seconds in future (time warp or clock problem)\n"
msgstr "????? %lu ??????? (???????????????)\n"
msgid "NOTE: creating subkeys for v3 keys is not OpenPGP compliant\n"
@@ -3695,8 +3677,7 @@ msgstr "??????: %s\n"
msgid "not a detached signature\n"
msgstr "?????????\n"
-msgid ""
-"WARNING: multiple signatures detected. Only the first will be checked.\n"
+msgid "WARNING: multiple signatures detected. Only the first will be checked.\n"
msgstr "??: ???????. ????????????.\n"
#, c-format
@@ -3736,15 +3717,18 @@ msgstr "??: ???????? %s ?????\n"
msgid "WARNING: using experimental digest algorithm %s\n"
msgstr "??: ???????? %s ?????\n"
-#, c-format
-msgid "WARNING: digest algorithm %s is deprecated\n"
-msgstr "??: ?????? %s ?????\n"
+msgid "the IDEA cipher plugin is not present\n"
+msgstr "IDEA ??????????\n"
#, c-format
msgid "please see %s for more information\n"
msgstr "??? %s ???????\n"
#, c-format
+msgid "WARNING: digest algorithm %s is deprecated\n"
+msgstr "??: ?????? %s ?????\n"
+
+#, c-format
msgid "NOTE: This feature is not available in %s\n"
msgstr "???: %s ??????????\n"
@@ -3767,7 +3751,6 @@ msgstr "??: \"%s\" ????????? - ????\n"
msgid "Uncompressed"
msgstr "???"
-#. TRANSLATORS: See doc/TRANSLATE about this string.
msgid "uncompressed|none"
msgstr "uncompressed|none|???|?"
@@ -3954,16 +3937,6 @@ msgid "revocation comment: "
msgstr "????: "
# a string with valid answers
-#. TRANSLATORS: These are the allowed answers in lower and
-#. uppercase. Below you will find the matching strings which
-#. should be translated accordingly and the letter changed to
-#. match the one in the answer string.
-#.
-#. i = please show me more information
-#. m = back to the main menu
-#. s = skip this key
-#. q = quit
-#.
msgid "iImMqQsS"
msgstr "iImMqQsS"
@@ -3974,8 +3947,7 @@ msgstr "????????????:\n"
msgid " aka \"%s\"\n"
msgstr " ?? \"%s\"\n"
-msgid ""
-"How much do you trust that this key actually belongs to the named user?\n"
+msgid "How much do you trust that this key actually belongs to the named user?\n"
msgstr "???????????????????????\n"
#, c-format
@@ -4083,8 +4055,7 @@ msgstr "???: ?????????!\n"
msgid "WARNING: This key is not certified with a trusted signature!\n"
msgstr "??: ????????????????!\n"
-msgid ""
-" There is no indication that the signature belongs to the owner.\n"
+msgid " There is no indication that the signature belongs to the owner.\n"
msgstr " ?????????????????.\n"
msgid "WARNING: We do NOT trust this key!\n"
@@ -4093,8 +4064,7 @@ msgstr "??: ?? *?* ??????!\n"
msgid " The signature is probably a FORGERY.\n"
msgstr " ????????? *???*.\n"
-msgid ""
-"WARNING: This key is not certified with sufficiently trusted signatures!\n"
+msgid "WARNING: This key is not certified with sufficiently trusted signatures!\n"
msgstr "??: ?????????????????!\n"
msgid " It is not certain that the signature belongs to the owner.\n"
@@ -4346,13 +4316,11 @@ msgid "public key %s is %lu seconds newer than the signature\n"
msgstr "?? %s ??????? %lu ?\n"
#, c-format
-msgid ""
-"key %s was created %lu second in the future (time warp or clock problem)\n"
+msgid "key %s was created %lu second in the future (time warp or clock problem)\n"
msgstr "?? %s ??? %lu ??????? (???????????????)\n"
#, c-format
-msgid ""
-"key %s was created %lu seconds in the future (time warp or clock problem)\n"
+msgid "key %s was created %lu seconds in the future (time warp or clock problem)\n"
msgstr "?? %s ??? %lu ??????? (???????????????)\n"
#, c-format
@@ -4376,14 +4344,11 @@ msgid "WARNING: unable to %%-expand notation (too large). Using unexpanded.\n"
msgstr "??: ?? %% ???? (???). ????????.\n"
#, c-format
-msgid ""
-"WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
+msgid "WARNING: unable to %%-expand policy URL (too large). Using unexpanded.\n"
msgstr "??: ?? URL ? %% ???? (???). ????????.\n"
#, c-format
-msgid ""
-"WARNING: unable to %%-expand preferred keyserver URL (too large). Using "
-"unexpanded.\n"
+msgid "WARNING: unable to %%-expand preferred keyserver URL (too large). Using unexpanded.\n"
msgstr "??: ??????? URL ? %% ???? (???). ????????.\n"
#, c-format
@@ -4398,8 +4363,7 @@ msgid "you can only detach-sign with PGP 2.x style keys while in --pgp2 mode\n"
msgstr "?? --pgp2 ???????? PGP 2.x ???????????\n"
#, c-format
-msgid ""
-"WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
+msgid "WARNING: forcing digest algorithm %s (%d) violates recipient preferences\n"
msgstr "??: ???? %s (%d) ???????????????\n"
msgid "signing:"
@@ -4620,14 +4584,6 @@ msgstr "??????????? (%d) - ???? %s ????\n"
msgid "using %s trust model\n"
msgstr "???? %s ????\n"
-#. TRANSLATORS: these strings are similar to those in
-#. trust_value_to_string(), but are a fixed length. This is needed to
-#. make attractive information listings where columns line up
-#. properly. The value "10" should be the length of the strings you
-#. choose to translate to. This is the length in printable columns.
-#. It gets passed to atoi() so everything after the number is
-#. essentially a comment and need not be translated. Either key and
-#. uid are both NULL, or neither are NULL.
msgid "10 translator see trustdb.c:uid_trust_string_fixed"
msgstr "10 ????? trustdb.c:uid_trust_string_fixed"
@@ -4708,8 +4664,7 @@ msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n"
msgstr "%d ??????? %d ?????? %s ?????????\n"
#, c-format
-msgid ""
-"depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
+msgid "depth: %d valid: %3d signed: %3d trust: %d-, %dq, %dn, %dm, %df, %du\n"
msgstr "??: %d ??: %3d ???: %3d ??: %d-, %dq, %dn, %dm, %df, %du\n"
#, c-format
@@ -4946,10 +4901,8 @@ msgstr "cC"
msgid "WARNING: using insecure memory!\n"
msgstr "??: ???????????!\n"
-msgid ""
-"please see http://www.gnupg.org/documentation/faqs.html for more "
-"information\n"
-msgstr "??? http://www.gnupg.org/documentation/faqs.html ???????\n"
+msgid "please see http://www.gnupg.org/faq.html for more information\n"
+msgstr "??? http://www.gnupg.org/faq.html ???????\n"
msgid "operation is not possible without initialized secure memory\n"
msgstr "???????????, ???????\n"
@@ -4957,24 +4910,6 @@ msgstr "???????????, ???????\n"
msgid "(you may have used the wrong program for this task)\n"
msgstr "(?????????????)\n"
-#~ msgid "WARNING: unsafe ownership on extension `%s'\n"
-#~ msgstr "??: ???? `%s' ????????\n"
-
-#~ msgid "WARNING: unsafe permissions on extension `%s'\n"
-#~ msgstr "??: ???? `%s' ???????\n"
-
-#~ msgid "WARNING: unsafe enclosing directory ownership on extension `%s'\n"
-#~ msgstr "??: ???? `%s' ????????????\n"
-
-#~ msgid "WARNING: unsafe enclosing directory permissions on extension `%s'\n"
-#~ msgstr "??: ???? `%s' ???????????\n"
-
-#~ msgid "cipher extension `%s' not loaded due to unsafe permissions\n"
-#~ msgstr "??????? `%s' ???????????\n"
-
-#~ msgid "the IDEA cipher plugin is not present\n"
-#~ msgstr "IDEA ??????????\n"
-
#~ msgid "Command> "
#~ msgstr "??> "
commit 439999da117d9be9f88bb3e0ce7c444f9484ee2f
Author: Werner Koch
Date: Thu Jul 25 09:21:46 2013 +0200
Update to modern beta release numbering scheme.
* configure.ac: s/my_/mym4_/. Add new release building code.
diff --git a/configure.ac b/configure.ac
index 0154271..c4499e7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -22,24 +22,30 @@
AC_PREREQ(2.59)
min_automake_version="1.9.3"
-# Remember to change the version number immediately *after* a release.
-# Set my_issvn to "yes" for non-released code. Remember to run an
-# "svn up" and "autogen.sh --force" right before creating a distribution.
-m4_define([my_version], [1.4.14])
-m4_define([my_issvn], [yes])
-
-m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
- | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
-m4_define([git_revision],
+# To build a release you need to create a tag with the version number
+# (git tag -s gnupg-1.n.m) and run "./autogen.sh --force". Please
+# bump the version number immediately *after* the release and do
+# another commit and push so that the git magic is able to work.
+m4_define([mym4_version], [1.4.14])
+
+# Below is m4 magic to extract and compute the git revision number,
+# the decimalized short revision number, a beta version string and a
+# flag indicating a development version (mym4_isgit). Note that the
+# m4 processing is done by autoconf and not during the configure run.
+m4_define([mym4_revision],
m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r']))
-m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes],
- [m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])])
-
-AC_INIT([gnupg],[my_full_version],[http://bugs.gnupg.org])
-# Set development_version to yes if the minor number is odd or you
-# feel that the default check for a development version is not
-# sufficient.
-development_version=no
+m4_define([mym4_revision_dec],
+ m4_esyscmd_s([echo $((0x$(echo ]mym4_revision[|head -c 4)))]))
+m4_define([mym4_betastring],
+ m4_esyscmd_s([git describe --match 'gnupg-1.[0-9].*[0-9]' --long|\
+ awk -F- '$3!=0{print"-beta"$3}']))
+m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes]))
+m4_define([mym4_full_version],[mym4_version[]mym4_betastring])
+
+AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org])
+
+
+development_version=mym4_isgit
AC_CONFIG_AUX_DIR(scripts)
AC_CONFIG_SRCDIR(g10/gpg.c)
commit 801803ab6e954173c2dcb7f0eb6eb8623238e99c
Author: Werner Koch
Date: Thu Jul 25 09:11:08 2013 +0200
Prepare for a forthcoming new algorithm id.
* include/cipher.h (PUBKEY_ALGO_ECC): New.
* g10/keyid.c (pubkey_letter): Add letter 'C'.
--
ID 22 will be used for generic ECC, i.e. one which can be used for
ECDSA and ECDH. The only support in 1.4 will pretty printing the
algorithm id.
diff --git a/g10/keyid.c b/g10/keyid.c
index f04bea6..d7072d4 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -53,6 +53,7 @@ pubkey_letter( int algo )
case PUBKEY_ALGO_DSA: return 'D' ;
case PUBKEY_ALGO_ECDSA: return 'E' ; /* ECC DSA (sign only) */
case PUBKEY_ALGO_ECDH: return 'e' ; /* ECC DH (encrypt only) */
+ case PUBKEY_ALGO_ECC: return 'C' ; /* ECC generic */
default: return '?';
}
}
diff --git a/include/cipher.h b/include/cipher.h
index 9c25605..a69c6b3 100644
--- a/include/cipher.h
+++ b/include/cipher.h
@@ -50,6 +50,7 @@
#define PUBKEY_ALGO_ECDH 18
#define PUBKEY_ALGO_ECDSA 19
#define PUBKEY_ALGO_ELGAMAL 20 /* sign and encrypt elgamal */
+#define PUBKEY_ALGO_ECC 22 /* Generic ECC. */
#define PUBKEY_USAGE_SIG 1 /* key is good for signatures */
commit 35646689f4b80955ff7dbe1687bf2c479c53421e
Author: Werner Koch
Date: Fri Jul 19 13:49:23 2013 +0200
Mitigate a flush+reload cache attack on RSA secret exponents.
* mpi/mpi-pow.c (mpi_powm): Always perform the mpi_mul for exponents
hold in secure memory.
--
The attack is described in a paper to be pusblished at eprint.iacr.org:
Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
Flush+Reload is a cache side-channel attack that monitors access to
data in shared pages. In this paper we demonstrate how to use the
attack to extract private encryption keys from GnuPG. The high
resolution and low noise of the Flush+Reload attack enables a spy
program to recover over 98% of the bits of the private key in a
single decryption or signing round. Unlike previous attacks, the
attack targets the last level L3 cache. Consequently, the spy
program and the victim do not need to share the execution core of
the CPU. The attack is not limited to a traditional OS and can be
used in a virtualised environment, where it can attack programs
executing in a different VM.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index 110de6d..b669539 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,15 @@
Noteworthy changes in version 1.4.14 (unreleased)
-------------------------------------------------
+ * Mitigate the Yarom/Falkner flush+reload side-channel attack on
+ RSA secret keys.
+
+ * Fixed IDEA for big-endian CPUs
+
+ * Improved the diagnostics for failed keyserver lockups.
+
+ * Minor bug and portability fixes.
+
Noteworthy changes in version 1.4.13 (2012-12-20)
-------------------------------------------------
diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
index beb01f9..2253ea4 100644
--- a/mpi/mpi-pow.c
+++ b/mpi/mpi-pow.c
@@ -1,5 +1,6 @@
/* mpi-pow.c - MPI functions
- * Copyright (C) 1994, 1996, 1998, 2000 Free Software Foundation, Inc.
+ * Copyright (C) 1994, 1996, 1998, 2000 Free Software Foundation, Inc.
+ * Copyright (C) 2013 Werner Koch
*
* This file is part of GnuPG.
*
@@ -209,7 +210,14 @@ mpi_powm( MPI res, MPI base, MPI exponent, MPI mod)
tp = rp; rp = xp; xp = tp;
rsize = xsize;
- if( (mpi_limb_signed_t)e < 0 ) {
+ /* To mitigate the Yarom/Falkner flush+reload cache
+ * side-channel attack on the RSA secret exponent, we
+ * do the multiplication regardless of the value of
+ * the high-bit of E. But to avoid this performance
+ * penalty we do it only if the exponent has been
+ * stored in secure memory and we can thus assume it
+ * is a secret exponent. */
+ if (esec || (mpi_limb_signed_t)e < 0) {
/*mpihelp_mul( xp, rp, rsize, bp, bsize );*/
if( bsize < KARATSUBA_THRESHOLD ) {
mpihelp_mul( xp, rp, rsize, bp, bsize );
@@ -224,7 +232,8 @@ mpi_powm( MPI res, MPI base, MPI exponent, MPI mod)
mpihelp_divrem(xp + msize, 0, xp, xsize, mp, msize);
xsize = msize;
}
-
+ }
+ if ((mpi_limb_signed_t)e < 0) {
tp = rp; rp = xp; xp = tp;
rsize = xsize;
}
commit fd86f3031161f11c3cbef643a213a04c821364dd
Author: Werner Koch
Date: Fri Jul 19 13:56:24 2013 +0200
Fix git revision parsing.
* configure.ac: Use git rev-parse to retrieve the revision.
Signed-off-by: Werner Koch
diff --git a/configure.ac b/configure.ac
index bbf6e65..0154271 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,8 +30,8 @@ m4_define([my_issvn], [yes])
m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
| sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))
-m4_define([git_revision], m4_esyscmd([git branch -v 2>/dev/null \
- | awk '/^\* / {printf "%s",$3}']))
+m4_define([git_revision],
+ m4_esyscmd([git rev-parse --short HEAD | tr -d '\n\r']))
m4_define([my_full_version], [my_version[]m4_if(my_issvn,[yes],
[m4_if(git_revision,[],[-svn[]svn_revision],[-git[]git_revision])])])
-----------------------------------------------------------------------
Summary of changes:
NEWS | 14 +++++++++++++-
README | 4 ++--
configure.ac | 38 ++++++++++++++++++++++----------------
g10/keyid.c | 1 +
include/cipher.h | 1 +
mpi/mpi-pow.c | 15 ++++++++++++---
po/zh_TW.po | 20 ++++++++++++++++++--
util/argparse.c | 2 +-
8 files changed, 70 insertions(+), 25 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jul 25 12:04:39 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 25 Jul 2013 12:04:39 +0200
Subject: [git] GCRYPT - branch, LIBGCRYPT-1-5-BRANCH,
updated. libgcrypt-1.5.2-5-g64b8f6b
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, LIBGCRYPT-1-5-BRANCH has been updated
via 64b8f6b7d5d8fd40df2561dedf21729466d0412a (commit)
via a3eabcb6e97a88031f8fd56b7b650447cdda4206 (commit)
via e2202ff2b704623efc6277fb5256e4e15bac5676 (commit)
from 366e7b1925cfebb259cc268ed3eb6687e9c8fd77 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 64b8f6b7d5d8fd40df2561dedf21729466d0412a
Author: Werner Koch
Date: Thu Jul 25 11:34:14 2013 +0200
Post release updates.
--
diff --git a/NEWS b/NEWS
index 172abbb..88c7aea 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+Noteworthy changes in version 1.5.4 (unreleased)
+------------------------------------------------
+
Noteworthy changes in version 1.5.3 (2013-07-25)
------------------------------------------------
diff --git a/configure.ac b/configure.ac
index b2ca882..00da265 100644
--- a/configure.ac
+++ b/configure.ac
@@ -30,7 +30,7 @@ min_automake_version="1.11"
# for the LT versions.
m4_define(mym4_version_major, [1])
m4_define(mym4_version_minor, [5])
-m4_define(mym4_version_micro, [3])
+m4_define(mym4_version_micro, [4])
# Below is m4 magic to extract and compute the revision number, the
# decimalized short revision number, a beta version string, and a flag
diff --git a/doc/announce.txt b/doc/announce.txt
index 56dfdf6..9fcd17b 100644
--- a/doc/announce.txt
+++ b/doc/announce.txt
@@ -4,47 +4,41 @@ Cc: gcrypt-devel at gnupg.org
Hello!
-The GNU project is pleased to announce the availability of Libgcrypt
-version 1.5.2. This is a maintenance release for the stable branch.
+I am pleased to announce the availability of Libgcrypt version 1.5.3.
+This is a *security fix* release for the stable branch.
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
-Noteworthy changes in version 1.5.2:
-
- * Added support for IDEA.
-
- * Made the Padlock code work again (regression since 1.5.0).
-
- * Fixed alignment problems for Serpent.
-
- * Fixed two bugs in ECC computations.
+Noteworthy changes in version 1.5.3:
+ * Mitigate the Yarom/Falkner flush+reload side-channel attack on
+ RSA secret keys. See .
Source code is hosted at the GnuPG FTP server and its mirrors as
listed at http://www.gnupg.org/download/mirrors.html . On the primary
server the source file and its digital signatures is:
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.bz2 (1.5M)
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.bz2.sig
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.bz2 (1.5M)
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.bz2.sig
This file is bzip2 compressed. A gzip compressed version is also
available:
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.gz (1.8M)
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2.tar.gz.sig
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.gz (1.8M)
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.gz.sig
-Alternativley you may upgrade version 1.5.1 using this patch file:
+Alternativley you may upgrade version 1.5.2 using this patch file:
- ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.1-1.5.2.diff.bz2 (12k)
+ ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2-1.5.3.diff.bz2 (4k)
The SHA-1 checksums are:
-c9998383532ba3e8bcaf690f2f0d65e814b48d2f libgcrypt-1.5.2.tar.bz2
-fb54bfea3e276a366009c5a6296eb83cf5e7c14b libgcrypt-1.5.2.tar.gz
-086ac76cf91987f66666872cc7d5d5d33c68967e libgcrypt-1.5.1-1.5.2.diff.bz2
+2c6553cc17f2a1616d512d6870fe95edf6b0e26e libgcrypt-1.5.3.tar.bz2
+184405c91d1ab4877caefb1a6458767e5f0b639e libgcrypt-1.5.3.tar.gz
+b711fe3ddf534bb6f11823542036eb4a32e0c914 libgcrypt-1.5.2-1.5.3.diff.bz2
For help on developing with Libgcrypt you should read the included
commit a3eabcb6e97a88031f8fd56b7b650447cdda4206
Author: Werner Koch
Date: Thu Jul 25 11:21:12 2013 +0200
Release 1.5.3.
* configure.ac: Set LT version to C19/A8/R2.
diff --git a/NEWS b/NEWS
index 8abe6fe..172abbb 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
-Noteworthy changes in version 1.5.3 (unreleased)
+Noteworthy changes in version 1.5.3 (2013-07-25)
------------------------------------------------
+ * Mitigate the Yarom/Falkner flush+reload side-channel attack on
+ RSA secret keys. See .
+
Noteworthy changes in version 1.5.2 (2013-04-18)
------------------------------------------------
diff --git a/configure.ac b/configure.ac
index e631c94..b2ca882 100644
--- a/configure.ac
+++ b/configure.ac
@@ -59,7 +59,7 @@ AC_INIT([libgcrypt],[mym4_full_version],[http://bugs.gnupg.org])
#
LIBGCRYPT_LT_CURRENT=19
LIBGCRYPT_LT_AGE=8
-LIBGCRYPT_LT_REVISION=1
+LIBGCRYPT_LT_REVISION=2
# If the API is changed in an incompatible way: increment the next counter.
commit e2202ff2b704623efc6277fb5256e4e15bac5676
Author: Werner Koch
Date: Thu Jul 25 11:17:52 2013 +0200
Mitigate a flush+reload cache attack on RSA secret exponents.
* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
exponents in secure memory.
--
The attack is published as http://eprint.iacr.org/2013/448 :
Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
Flush+Reload is a cache side-channel attack that monitors access to
data in shared pages. In this paper we demonstrate how to use the
attack to extract private encryption keys from GnuPG. The high
resolution and low noise of the Flush+Reload attack enables a spy
program to recover over 98% of the bits of the private key in a
single decryption or signing round. Unlike previous attacks, the
attack targets the last level L3 cache. Consequently, the spy
program and the victim do not need to share the execution core of
the CPU. The attack is not limited to a traditional OS and can be
used in a virtualised environment, where it can attack programs
executing in a different VM.
diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
index f4aebdb..a63fc6d 100644
--- a/mpi/mpi-pow.c
+++ b/mpi/mpi-pow.c
@@ -1,6 +1,7 @@
/* mpi-pow.c - MPI functions for exponentiation
* Copyright (C) 1994, 1996, 1998, 2000, 2002
* 2003 Free Software Foundation, Inc.
+ * 2013 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -235,7 +236,13 @@ gcry_mpi_powm (gcry_mpi_t res,
tp = rp; rp = xp; xp = tp;
rsize = xsize;
- if ( (mpi_limb_signed_t)e < 0 )
+ /* To mitigate the Yarom/Falkner flush+reload cache
+ * side-channel attack on the RSA secret exponent, we do
+ * the multiplication regardless of the value of the
+ * high-bit of E. But to avoid this performance penalty
+ * we do it only if the exponent has been stored in secure
+ * memory and we can thus assume it is a secret exponent. */
+ if (esec || (mpi_limb_signed_t)e < 0)
{
/*mpih_mul( xp, rp, rsize, bp, bsize );*/
if( bsize < KARATSUBA_THRESHOLD )
@@ -250,7 +257,9 @@ gcry_mpi_powm (gcry_mpi_t res,
_gcry_mpih_divrem(xp + msize, 0, xp, xsize, mp, msize);
xsize = msize;
}
-
+ }
+ if ( (mpi_limb_signed_t)e < 0 )
+ {
tp = rp; rp = xp; xp = tp;
rsize = xsize;
}
-----------------------------------------------------------------------
Summary of changes:
NEWS | 8 +++++++-
configure.ac | 4 ++--
doc/announce.txt | 34 ++++++++++++++--------------------
mpi/mpi-pow.c | 13 +++++++++++--
4 files changed, 34 insertions(+), 25 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Thu Jul 25 12:16:04 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Thu, 25 Jul 2013 12:16:04 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-172-g287bf0e
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 287bf0e543f244d784cf8b58340bf0ab3c6aba97 (commit)
from 37d0a1ebdc2dc74df4fb6bf0621045018122a68f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 287bf0e543f244d784cf8b58340bf0ab3c6aba97
Author: Werner Koch
Date: Thu Jul 25 11:17:52 2013 +0200
Mitigate a flush+reload cache attack on RSA secret exponents.
* mpi/mpi-pow.c (gcry_mpi_powm): Always perfrom the mpi_mul for
exponents in secure memory.
--
The attack is published as http://eprint.iacr.org/2013/448 :
Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel
Attack by Yuval Yarom and Katrina Falkner. 18 July 2013.
Flush+Reload is a cache side-channel attack that monitors access to
data in shared pages. In this paper we demonstrate how to use the
attack to extract private encryption keys from GnuPG. The high
resolution and low noise of the Flush+Reload attack enables a spy
program to recover over 98% of the bits of the private key in a
single decryption or signing round. Unlike previous attacks, the
attack targets the last level L3 cache. Consequently, the spy
program and the victim do not need to share the execution core of
the CPU. The attack is not limited to a traditional OS and can be
used in a virtualised environment, where it can attack programs
executing in a different VM.
(cherry picked from commit 55237c8f6920c6629debd23db65e90b42a3767de)
diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c
index 7ec49d7..85d6fd8 100644
--- a/mpi/mpi-pow.c
+++ b/mpi/mpi-pow.c
@@ -1,6 +1,7 @@
/* mpi-pow.c - MPI functions for exponentiation
* Copyright (C) 1994, 1996, 1998, 2000, 2002
* 2003 Free Software Foundation, Inc.
+ * 2013 g10 Code GmbH
*
* This file is part of Libgcrypt.
*
@@ -235,7 +236,13 @@ gcry_mpi_powm (gcry_mpi_t res,
tp = rp; rp = xp; xp = tp;
rsize = xsize;
- if ( (mpi_limb_signed_t)e < 0 )
+ /* To mitigate the Yarom/Falkner flush+reload cache
+ * side-channel attack on the RSA secret exponent, we do
+ * the multiplication regardless of the value of the
+ * high-bit of E. But to avoid this performance penalty
+ * we do it only if the exponent has been stored in secure
+ * memory and we can thus assume it is a secret exponent. */
+ if (esec || (mpi_limb_signed_t)e < 0)
{
/*mpih_mul( xp, rp, rsize, bp, bsize );*/
if( bsize < KARATSUBA_THRESHOLD )
@@ -250,7 +257,9 @@ gcry_mpi_powm (gcry_mpi_t res,
_gcry_mpih_divrem(xp + msize, 0, xp, xsize, mp, msize);
xsize = msize;
}
-
+ }
+ if ( (mpi_limb_signed_t)e < 0 )
+ {
tp = rp; rp = xp; xp = tp;
rsize = xsize;
}
-----------------------------------------------------------------------
Summary of changes:
mpi/mpi-pow.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Fri Jul 26 20:51:04 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Fri, 26 Jul 2013 20:51:04 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-174-g1cfa79a
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 1cfa79aabc5d0fd8d124901054475e90ab7d9cde (commit)
via b72d312ad11887fc416aa821786f6bdb663c0f4a (commit)
from 287bf0e543f244d784cf8b58340bf0ab3c6aba97 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1cfa79aabc5d0fd8d124901054475e90ab7d9cde
Author: Werner Koch
Date: Fri Jul 26 20:15:53 2013 +0200
Implement deterministic DSA as specified by rfc-6979.
* cipher/dsa.c (dsa_sign): Move opaque mpi extraction to sign.
(sign): Add args FLAGS and HASHALGO. Implement deterministic DSA.
Add code path for R==0 to comply with the standard.
(dsa_verify): Left fill opaque mpi based hash values.
* cipher/dsa-common.c (int2octets, bits2octets): New.
(_gcry_dsa_gen_rfc6979_k): New.
* tests/dsa-rfc6979.c: New.
* tests/Makefile.am (TESTS): Add dsa-rfc6979.
--
This patch also fixes a recent patch (37d0a1e) which allows to pass
the hash in a (hash) element.
Support for deterministic ECDSA will come soon.
Signed-off-by: Werner Koch
diff --git a/cipher/dsa-common.c b/cipher/dsa-common.c
index a5854ce..c5386b7 100644
--- a/cipher/dsa-common.c
+++ b/cipher/dsa-common.c
@@ -84,13 +84,13 @@ _gcry_dsa_gen_k (gcry_mpi_t q, int security_level)
if (!(mpi_cmp (k, q) < 0)) /* check: k < q */
{
if (DBG_CIPHER)
- log_debug ("\tk too large - again");
+ log_debug ("\tk too large - again\n");
continue; /* no */
}
if (!(mpi_cmp_ui (k, 0) > 0)) /* check: k > 0 */
{
if (DBG_CIPHER)
- log_debug ("\tk is zero - again");
+ log_debug ("\tk is zero - again\n");
continue; /* no */
}
break; /* okay */
@@ -99,3 +99,267 @@ _gcry_dsa_gen_k (gcry_mpi_t q, int security_level)
return k;
}
+
+
+/* Turn VALUE into an octet string and store it in an allocated buffer
+ at R_FRAME. If the resulting octet string is shorter than NBYTES
+ the result will be left padded with zeroes. If VALUE does not fit
+ into NBYTES an error code is returned. */
+static gpg_err_code_t
+int2octets (unsigned char **r_frame, gcry_mpi_t value, size_t nbytes)
+{
+ gpg_err_code_t rc;
+ size_t nframe, noff, n;
+ unsigned char *frame;
+
+ rc = gpg_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0,
+ &nframe, value));
+ if (rc)
+ return rc;
+ if (nframe > nbytes)
+ return GPG_ERR_TOO_LARGE; /* Value too long to fit into NBYTES. */
+
+ noff = (nframe < nbytes)? nbytes - nframe : 0;
+ n = nframe + noff;
+ frame = mpi_is_secure (value)? gcry_malloc_secure (n) : gcry_malloc (n);
+ if (!frame)
+ return gpg_err_code_from_syserror ();
+ if (noff)
+ memset (frame, 0, noff);
+ nframe += noff;
+ rc = gpg_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, frame+noff, nframe-noff,
+ NULL, value));
+ if (rc)
+ {
+ gcry_free (frame);
+ return rc;
+ }
+
+ *r_frame = frame;
+ return 0;
+}
+
+
+/* Connert the bit string BITS of length NBITS into an octet string
+ with a length of (QBITS+7)/8 bytes. On success store the result at
+ R_FRAME. */
+static gpg_err_code_t
+bits2octets (unsigned char **r_frame,
+ const void *bits, unsigned int nbits,
+ gcry_mpi_t q, unsigned int qbits)
+{
+ gpg_err_code_t rc;
+ gcry_mpi_t z1;
+
+ /* z1 = bits2int (b) */
+ rc = gpg_err_code (gcry_mpi_scan (&z1, GCRYMPI_FMT_USG,
+ bits, (nbits+7)/8, NULL));
+ if (rc)
+ return rc;
+ if (nbits > qbits)
+ gcry_mpi_rshift (z1, z1, nbits - qbits);
+
+ /* z2 - z1 mod q */
+ if (mpi_cmp (z1, q) >= 0)
+ mpi_sub (z1, z1, q);
+
+ /* Convert to an octet string. */
+ rc = int2octets (r_frame, z1, (qbits+7)/8);
+
+ mpi_free (z1);
+ return rc;
+}
+
+
+/*
+ * Generate a deterministic secret exponent K less than DSA_Q. H1 is
+ * the to be signed digest with a length of HLEN bytes. HALGO is the
+ * algorithm used to create the hash. On success the value for K is
+ * stored at R_K.
+ */
+gpg_err_code_t
+_gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k,
+ gcry_mpi_t dsa_q, gcry_mpi_t dsa_x,
+ const unsigned char *h1, unsigned int hlen,
+ int halgo, unsigned int extraloops)
+{
+ gpg_err_code_t rc;
+ unsigned char *V = NULL;
+ unsigned char *K = NULL;
+ unsigned char *x_buf = NULL;
+ unsigned char *h1_buf = NULL;
+ gcry_md_hd_t hd = NULL;
+ unsigned char *t = NULL;
+ gcry_mpi_t k = NULL;
+ unsigned int tbits, qbits;
+ int i;
+
+ qbits = mpi_get_nbits (dsa_q);
+
+ if (!qbits || !h1 || !hlen)
+ return GPG_ERR_EINVAL;
+
+ if (gcry_md_get_algo_dlen (halgo) != hlen)
+ return GPG_ERR_DIGEST_ALGO;
+
+ /* Step b: V = 0x01 0x01 0x01 ... 0x01 */
+ V = gcry_malloc (hlen);
+ if (!V)
+ {
+ rc = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+ for (i=0; i < hlen; i++)
+ V[i] = 1;
+
+ /* Step c: K = 0x00 0x00 0x00 ... 0x00 */
+ K = gcry_calloc (1, hlen);
+ if (!K)
+ {
+ rc = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+
+ rc = int2octets (&x_buf, dsa_x, (qbits+7)/8);
+ if (rc)
+ goto leave;
+
+ rc = bits2octets (&h1_buf, h1, hlen*8, dsa_q, qbits);
+ if (rc)
+ goto leave;
+
+ /* Create a handle to compute the HMACs. */
+ rc = gpg_err_code (gcry_md_open (&hd, halgo,
+ (GCRY_MD_FLAG_SECURE | GCRY_MD_FLAG_HMAC)));
+ if (rc)
+ goto leave;
+
+ /* Step d: K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ gcry_md_write (hd, "", 1);
+ gcry_md_write (hd, x_buf, (qbits+7)/8);
+ gcry_md_write (hd, h1_buf, (qbits+7)/8);
+ memcpy (K, gcry_md_read (hd, 0), hlen);
+
+ /* Step e: V = HMAC_K(V) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ memcpy (V, gcry_md_read (hd, 0), hlen);
+
+ /* Step f: K = HMAC_K(V || 0x01 || int2octets(x) || bits2octets(h1) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ gcry_md_write (hd, "\x01", 1);
+ gcry_md_write (hd, x_buf, (qbits+7)/8);
+ gcry_md_write (hd, h1_buf, (qbits+7)/8);
+ memcpy (K, gcry_md_read (hd, 0), hlen);
+
+ /* Step g: V = HMAC_K(V) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ memcpy (V, gcry_md_read (hd, 0), hlen);
+
+ /* Step h. */
+ t = gcry_malloc ((qbits+7)/8+hlen);
+ if (!t)
+ {
+ rc = gpg_err_code_from_syserror ();
+ goto leave;
+ }
+
+ again:
+ for (tbits = 0; tbits < qbits;)
+ {
+ /* V = HMAC_K(V) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ memcpy (V, gcry_md_read (hd, 0), hlen);
+
+ /* T = T || V */
+ memcpy (t+(tbits+7)/8, V, hlen);
+ tbits += 8*hlen;
+ }
+
+ /* k = bits2int (T) */
+ mpi_free (k);
+ k = NULL;
+ rc = gpg_err_code (gcry_mpi_scan (&k, GCRYMPI_FMT_USG, t, (tbits+7)/8, NULL));
+ if (rc)
+ goto leave;
+ if (tbits > qbits)
+ gcry_mpi_rshift (k, k, tbits - qbits);
+
+ /* Check: k < q and k > 1 */
+ if (!(mpi_cmp (k, dsa_q) < 0 && mpi_cmp_ui (k, 0) > 0))
+ {
+ /* K = HMAC_K(V || 0x00) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ gcry_md_write (hd, "", 1);
+ memcpy (K, gcry_md_read (hd, 0), hlen);
+
+ /* V = HMAC_K(V) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ memcpy (V, gcry_md_read (hd, 0), hlen);
+
+ goto again;
+ }
+
+ /* The caller may have requested that we introduce some extra loops.
+ This is for example useful if the caller wants another value for
+ K because the last returned one yielded an R of 0. Becuase this
+ is very unlikely we implement it in a straightforward way. */
+ if (extraloops)
+ {
+ extraloops--;
+
+ /* K = HMAC_K(V || 0x00) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ gcry_md_write (hd, "", 1);
+ memcpy (K, gcry_md_read (hd, 0), hlen);
+
+ /* V = HMAC_K(V) */
+ rc = gpg_err_code (gcry_md_setkey (hd, K, hlen));
+ if (rc)
+ goto leave;
+ gcry_md_write (hd, V, hlen);
+ memcpy (V, gcry_md_read (hd, 0), hlen);
+
+ goto again;
+ }
+
+ /* log_mpidump (" k", k); */
+
+ leave:
+ gcry_free (t);
+ gcry_md_close (hd);
+ gcry_free (h1_buf);
+ gcry_free (x_buf);
+ gcry_free (K);
+ gcry_free (V);
+
+ if (rc)
+ mpi_free (k);
+ else
+ *r_k = k;
+ return rc;
+}
diff --git a/cipher/dsa.c b/cipher/dsa.c
index 7652c19..ac2dee1 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -105,8 +105,8 @@ static gpg_err_code_t generate (DSA_secret_key *sk,
int transient_key,
dsa_domain_t *domain,
gcry_mpi_t **ret_factors);
-static void sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
- DSA_secret_key *skey);
+static gpg_err_code_t sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
+ DSA_secret_key *skey, int flags, int hashalgo);
static int verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
DSA_public_key *pkey);
@@ -152,7 +152,7 @@ test_keys (DSA_secret_key *sk, unsigned int qbits)
gcry_mpi_randomize (data, qbits, GCRY_WEAK_RANDOM);
/* Sign DATA using the secret key. */
- sign (sig_a, sig_b, data, sk);
+ sign (sig_a, sig_b, data, sk, 0, 0);
/* Verify the signature using the public key. */
if ( !verify (sig_a, sig_b, data, &pk) )
@@ -537,17 +537,69 @@ check_secret_key( DSA_secret_key *sk )
/*
- Make a DSA signature from HASH and put it into r and s.
+ Make a DSA signature from INPUT and put it into r and s.
+
+ INPUT may either be a plain MPI or an opaque MPI which is then
+ internally converted to a plain MPI. FLAGS and HASHALGO may both
+ be 0 for standard operation mode.
+
+ The return value is 0 on success or an error code. Note that for
+ backward compatibility the function will not return any error if
+ FLAGS and HASHALGO are both 0 and INPUT is a plain MPI.
*/
-static void
-sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )
+static gpg_err_code_t
+sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey,
+ int flags, int hashalgo)
{
+ gpg_err_code_t rc;
+ gcry_mpi_t hash;
gcry_mpi_t k;
gcry_mpi_t kinv;
gcry_mpi_t tmp;
+ const void *abuf;
+ unsigned int abits, qbits;
+ int extraloops = 0;
- /* Select a random k with 0 < k < q */
- k = _gcry_dsa_gen_k (skey->q, GCRY_STRONG_RANDOM);
+ qbits = mpi_get_nbits (skey->q);
+
+ /* Convert the INPUT into an MPI. */
+ if (mpi_is_opaque (input))
+ {
+ abuf = gcry_mpi_get_opaque (input, &abits);
+ rc = gpg_err_code (gcry_mpi_scan (&hash, GCRYMPI_FMT_USG,
+ abuf, (abits+7)/8, NULL));
+ if (rc)
+ return rc;
+ if (abits > qbits)
+ gcry_mpi_rshift (hash, hash, abits - qbits);
+ }
+ else
+ hash = input;
+
+ again:
+ /* Create the K value. */
+ if ((flags & PUBKEY_FLAG_RFC6979) && hashalgo)
+ {
+ /* Use Pornin's method for deterministic DSA. If this flag is
+ set, it is expected that HASH is an opaque MPI with the to be
+ signed hash. That hash is also used as h1 from 3.2.a. */
+ if (!mpi_is_opaque (input))
+ {
+ rc = GPG_ERR_CONFLICT;
+ goto leave;
+ }
+
+ abuf = gcry_mpi_get_opaque (input, &abits);
+ rc = _gcry_dsa_gen_rfc6979_k (&k, skey->q, skey->x,
+ abuf, (abits+7)/8, hashalgo, extraloops);
+ if (rc)
+ goto leave;
+ }
+ else
+ {
+ /* Select a random k with 0 < k < q */
+ k = _gcry_dsa_gen_k (skey->q, GCRY_STRONG_RANDOM);
+ }
/* r = (a^k mod p) mod q */
gcry_mpi_powm( r, skey->g, k, skey->p );
@@ -566,6 +618,21 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_secret_key *skey )
mpi_free(k);
mpi_free(kinv);
mpi_free(tmp);
+
+ if (!mpi_cmp_ui (r, 0))
+ {
+ /* This is a highly unlikely code path. */
+ extraloops++;
+ goto again;
+ }
+
+ rc = 0;
+
+ leave:
+ if (hash != input)
+ mpi_free (hash);
+
+ return rc;
}
@@ -910,7 +977,7 @@ static gcry_err_code_t
dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
int flags, int hashalgo)
{
- gcry_err_code_t err = GPG_ERR_NO_ERROR;
+ gcry_err_code_t rc;
DSA_secret_key sk;
(void)algo;
@@ -920,7 +987,7 @@ dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
if ((! data)
|| (! skey[0]) || (! skey[1]) || (! skey[2])
|| (! skey[3]) || (! skey[4]))
- err = GPG_ERR_BAD_MPI;
+ rc = GPG_ERR_BAD_MPI;
else
{
sk.p = skey[0];
@@ -930,24 +997,9 @@ dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
sk.x = skey[4];
resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p));
resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p));
- if (mpi_is_opaque (data))
- {
- const void *abuf;
- unsigned int abits;
- gcry_mpi_t a;
-
- abuf = gcry_mpi_get_opaque (data, &abits);
- err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, abits/8, NULL);
- if (!err)
- {
- sign (resarr[0], resarr[1], a, &sk);
- gcry_mpi_release (a);
- }
- }
- else
- sign (resarr[0], resarr[1], data, &sk);
+ rc = sign (resarr[0], resarr[1], data, &sk, flags, hashalgo);
}
- return err;
+ return rc;
}
static gcry_err_code_t
@@ -973,13 +1025,18 @@ dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
if (mpi_is_opaque (hash))
{
const void *abuf;
- unsigned int abits;
+ unsigned int abits, qbits;
gcry_mpi_t a;
+ qbits = mpi_get_nbits (pk.q);
+
abuf = gcry_mpi_get_opaque (hash, &abits);
- err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, abits/8, NULL);
+ err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL);
if (!err)
{
+ if (abits > qbits)
+ gcry_mpi_rshift (a, a, abits - qbits);
+
if (!verify (data[0], data[1], a, &pk))
err = GPG_ERR_BAD_SIGNATURE;
gcry_mpi_release (a);
diff --git a/cipher/pubkey-internal.h b/cipher/pubkey-internal.h
index ae7e77b..9147cb2 100644
--- a/cipher/pubkey-internal.h
+++ b/cipher/pubkey-internal.h
@@ -22,6 +22,12 @@
/*-- dsa-common.h --*/
gcry_mpi_t _gcry_dsa_gen_k (gcry_mpi_t q, int security_level);
+gpg_err_code_t _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k,
+ gcry_mpi_t dsa_q, gcry_mpi_t dsa_x,
+ const unsigned char *h1,
+ unsigned int h1len,
+ int halgo,
+ unsigned int extraloops);
/*-- ecc.c --*/
diff --git a/tests/Makefile.am b/tests/Makefile.am
index c18142e..871e32b 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -20,7 +20,7 @@
TESTS = version t-mpi-bit t-mpi-point prime basic \
mpitests tsexp keygen pubkey hmac keygrip fips186-dsa aeswrap \
- curves t-kdf pkcs1v2 random
+ curves t-kdf pkcs1v2 random dsa-rfc6979
# The last test to run.
diff --git a/tests/dsa-rfc6979.c b/tests/dsa-rfc6979.c
new file mode 100644
index 0000000..6a9ac40
--- /dev/null
+++ b/tests/dsa-rfc6979.c
@@ -0,0 +1,475 @@
+/* dsa-rfc6979.c - Test for Deterministic DSA
+ * Copyright (C) 2008 Free Software Foundation, Inc.
+ * Copyright (C) 2013 g10 Code GmbH
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, see .
+ */
+
+#ifdef HAVE_CONFIG_H
+# include
+#endif
+#include
+#include
+#include
+#include
+
+#ifdef _GCRYPT_IN_LIBGCRYPT
+# include "../src/gcrypt-int.h"
+#else
+# include
+#endif
+
+
+#define my_isascii(c) (!((c) & 0x80))
+#define digitp(p) (*(p) >= '0' && *(p) <= '9')
+#define hexdigitp(a) (digitp (a) \
+ || (*(a) >= 'A' && *(a) <= 'F') \
+ || (*(a) >= 'a' && *(a) <= 'f'))
+#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
+ *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+#define DIM(v) (sizeof(v)/sizeof((v)[0]))
+#define DIMof(type,member) DIM(((type *)0)->member)
+
+static int verbose;
+static int error_count;
+
+static void
+info (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+}
+
+static void
+fail (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ error_count++;
+}
+
+static void
+die (const char *format, ...)
+{
+ va_list arg_ptr;
+
+ va_start (arg_ptr, format);
+ vfprintf (stderr, format, arg_ptr);
+ va_end (arg_ptr);
+ exit (1);
+}
+
+static void
+show_sexp (const char *prefix, gcry_sexp_t a)
+{
+ char *buf;
+ size_t size;
+
+ if (prefix)
+ fputs (prefix, stderr);
+ size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+ buf = gcry_xmalloc (size);
+
+ gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size);
+ fprintf (stderr, "%.*s", (int)size, buf);
+ gcry_free (buf);
+}
+
+
+/* Convert STRING consisting of hex characters into its binary
+ representation and return it as an allocated buffer. The valid
+ length of the buffer is returned at R_LENGTH. The string is
+ delimited by end of string. The function returns NULL on
+ error. */
+static void *
+data_from_hex (const char *string, size_t *r_length)
+{
+ const char *s;
+ unsigned char *buffer;
+ size_t length;
+
+ buffer = gcry_xmalloc (strlen(string)/2+1);
+ length = 0;
+ for (s=string; *s; s +=2 )
+ {
+ if (!hexdigitp (s) || !hexdigitp (s+1))
+ die ("error parsing hex string `%s'\n", string);
+ ((unsigned char*)buffer)[length++] = xtoi_2 (s);
+ }
+ *r_length = length;
+ return buffer;
+}
+
+
+static void
+extract_cmp_data (gcry_sexp_t sexp, const char *name, const char *expected)
+{
+ gcry_sexp_t l1;
+ const void *a;
+ size_t alen;
+ void *b;
+ size_t blen;
+
+ l1 = gcry_sexp_find_token (sexp, name, 0);
+ a = gcry_sexp_nth_data (l1, 1, &alen);
+ b = data_from_hex (expected, &blen);
+ if (!a)
+ fail ("parameter \"%s\" missing in key\n", name);
+ else if ( alen != blen || memcmp (a, b, alen) )
+ {
+ fail ("parameter \"%s\" does not match expected value\n", name);
+ if (verbose)
+ {
+ info ("expected: %s\n", expected);
+ show_sexp ("sexp: ", sexp);
+ }
+ }
+ gcry_free (b);
+ gcry_sexp_release (l1);
+}
+
+
+/* These test vectors are from RFC 6979. */
+static void
+check_dsa_rfc6979 (void)
+{
+ static struct {
+ const char *name;
+ const char *key;
+ } keys[] = {
+ {
+ "DSA, 1024 bits",
+ "(private-key"
+ " (DSA"
+ " (p #86F5CA03DCFEB225063FF830A0C769B9DD9D6153AD91D7CE27F787C43278B447"
+ " E6533B86B18BED6E8A48B784A14C252C5BE0DBF60B86D6385BD2F12FB763ED88"
+ " 73ABFD3F5BA2E0A8C0A59082EAC056935E529DAF7C610467899C77ADEDFC846C"
+ " 881870B7B19B2B58F9BE0521A17002E3BDD6B86685EE90B3D9A1B02B782B1779#)"
+ " (q #996F967F6C8E388D9E28D01E205FBA957A5698B1#)"
+ " (g #07B0F92546150B62514BB771E2A0C0CE387F03BDA6C56B505209FF25FD3C133D"
+ " 89BBCD97E904E09114D9A7DEFDEADFC9078EA544D2E401AEECC40BB9FBBF78FD"
+ " 87995A10A1C27CB7789B594BA7EFB5C4326A9FE59A070E136DB77175464ADCA4"
+ " 17BE5DCE2F40D10A46A3A3943F26AB7FD9C0398FF8C76EE0A56826A8A88F1DBD#)"
+ " (x #411602CB19A6CCC34494D79D98EF1E7ED5AF25F7#)"
+ " (y #5DF5E01DED31D0297E274E1691C192FE5868FEF9E19A84776454B100CF16F653"
+ " 92195A38B90523E2542EE61871C0440CB87C322FC4B4D2EC5E1E7EC766E1BE8D"
+ " 4CE935437DC11C3C8FD426338933EBFE739CB3465F4D3668C5E473508253B1E6"
+ " 82F65CBDC4FAE93C2EA212390E54905A86E2223170B44EAA7DA5DD9FFCFB7F3B#)"
+ " ))"
+ },
+ {
+ "DSA, 2048 bits",
+ "(private-key"
+ " (DSA"
+ " (p #9DB6FB5951B66BB6FE1E140F1D2CE5502374161FD6538DF1648218642F0B5C48"
+ " C8F7A41AADFA187324B87674FA1822B00F1ECF8136943D7C55757264E5A1A44F"
+ " FE012E9936E00C1D3E9310B01C7D179805D3058B2A9F4BB6F9716BFE6117C6B5"
+ " B3CC4D9BE341104AD4A80AD6C94E005F4B993E14F091EB51743BF33050C38DE2"
+ " 35567E1B34C3D6A5C0CEAA1A0F368213C3D19843D0B4B09DCB9FC72D39C8DE41"
+ " F1BF14D4BB4563CA28371621CAD3324B6A2D392145BEBFAC748805236F5CA2FE"
+ " 92B871CD8F9C36D3292B5509CA8CAA77A2ADFC7BFD77DDA6F71125A7456FEA15"
+ " 3E433256A2261C6A06ED3693797E7995FAD5AABBCFBE3EDA2741E375404AE25B#)"
+ " (q #F2C3119374CE76C9356990B465374A17F23F9ED35089BD969F61C6DDE9998C1F#)"
+ " (g #5C7FF6B06F8F143FE8288433493E4769C4D988ACE5BE25A0E24809670716C613"
+ " D7B0CEE6932F8FAA7C44D2CB24523DA53FBE4F6EC3595892D1AA58C4328A06C4"
+ " 6A15662E7EAA703A1DECF8BBB2D05DBE2EB956C142A338661D10461C0D135472"
+ " 085057F3494309FFA73C611F78B32ADBB5740C361C9F35BE90997DB2014E2EF5"
+ " AA61782F52ABEB8BD6432C4DD097BC5423B285DAFB60DC364E8161F4A2A35ACA"
+ " 3A10B1C4D203CC76A470A33AFDCBDD92959859ABD8B56E1725252D78EAC66E71"
+ " BA9AE3F1DD2487199874393CD4D832186800654760E1E34C09E4D155179F9EC0"
+ " DC4473F996BDCE6EED1CABED8B6F116F7AD9CF505DF0F998E34AB27514B0FFE7#)"
+ " (x #69C7548C21D0DFEA6B9A51C9EAD4E27C33D3B3F180316E5BCAB92C933F0E4DBC#)"
+ " (y #667098C654426C78D7F8201EAC6C203EF030D43605032C2F1FA937E5237DBD94"
+ " 9F34A0A2564FE126DC8B715C5141802CE0979C8246463C40E6B6BDAA2513FA61"
+ " 1728716C2E4FD53BC95B89E69949D96512E873B9C8F8DFD499CC312882561ADE"
+ " CB31F658E934C0C197F2C4D96B05CBAD67381E7B768891E4DA3843D24D94CDFB"
+ " 5126E9B8BF21E8358EE0E0A30EF13FD6A664C0DCE3731F7FB49A4845A4FD8254"
+ " 687972A2D382599C9BAC4E0ED7998193078913032558134976410B89D2C171D1"
+ " 23AC35FD977219597AA7D15C1A9A428E59194F75C721EBCBCFAE44696A499AFA"
+ " 74E04299F132026601638CB87AB79190D4A0986315DA8EEC6561C938996BEADF#)"
+ " ))"
+ },
+ { NULL }
+ };
+
+ static struct {
+ const char *keyname;
+ const char *name;
+ const char *hashname;
+ const char *message;
+ const char *k, *r, *s;
+ } tests[] = {
+ {
+ "DSA, 1024 bits",
+ "With SHA-1, message = \"sample\"",
+ "sha1", "sample",
+ "7BDB6B0FF756E1BB5D53583EF979082F9AD5BD5B",
+ "2E1A0C2562B2912CAAF89186FB0F42001585DA55",
+ "29EFB6B0AFF2D7A68EB70CA313022253B9A88DF5"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-224, message = \"sample\"",
+ "sha224", "sample",
+ "562097C06782D60C3037BA7BE104774344687649",
+ "4BC3B686AEA70145856814A6F1BB53346F02101E",
+ "410697B92295D994D21EDD2F4ADA85566F6F94C1"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-256, message = \"sample\"",
+ "sha256", "sample",
+ "519BA0546D0C39202A7D34D7DFA5E760B318BCFB",
+ "81F2F5850BE5BC123C43F71A3033E9384611C545",
+ "4CDD914B65EB6C66A8AAAD27299BEE6B035F5E89"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-384, message = \"sample\"",
+ "sha384", "sample",
+ "95897CD7BBB944AA932DBC579C1C09EB6FCFC595",
+ "07F2108557EE0E3921BC1774F1CA9B410B4CE65A",
+ "54DF70456C86FAC10FAB47C1949AB83F2C6F7595"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-512, message = \"sample\"",
+ "sha512", "sample",
+ "09ECE7CA27D0F5A4DD4E556C9DF1D21D28104F8B",
+ "16C3491F9B8C3FBBDD5E7A7B667057F0D8EE8E1B",
+ "02C36A127A7B89EDBB72E4FFBC71DABC7D4FC69C"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-1, message = \"test\"",
+ "sha1", "test",
+ "5C842DF4F9E344EE09F056838B42C7A17F4A6433",
+ "42AB2052FD43E123F0607F115052A67DCD9C5C77",
+ "183916B0230D45B9931491D4C6B0BD2FB4AAF088"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-224, message = \"test\"",
+ "sha224", "test",
+ "4598B8EFC1A53BC8AECD58D1ABBB0C0C71E67297",
+ "6868E9964E36C1689F6037F91F28D5F2C30610F2",
+ "49CEC3ACDC83018C5BD2674ECAAD35B8CD22940F"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-256, message = \"test\"",
+ "sha256", "test",
+ "5A67592E8128E03A417B0484410FB72C0B630E1A",
+ "22518C127299B0F6FDC9872B282B9E70D0790812",
+ "6837EC18F150D55DE95B5E29BE7AF5D01E4FE160"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-384, message = \"test\"",
+ "sha384", "test",
+ "220156B761F6CA5E6C9F1B9CF9C24BE25F98CD89",
+ "854CF929B58D73C3CBFDC421E8D5430CD6DB5E66",
+ "91D0E0F53E22F898D158380676A871A157CDA622"
+ },
+ {
+ "DSA, 1024 bits",
+ "With SHA-512, message = \"test\"",
+ "sha512", "test",
+ "65D2C2EEB175E370F28C75BFCDC028D22C7DBE9C",
+ "8EA47E475BA8AC6F2D821DA3BD212D11A3DEB9A0",
+ "7C670C7AD72B6C050C109E1790008097125433E8"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-1, message = \"sample\"",
+ "sha1", "sample",
+ "888FA6F7738A41BDC9846466ABDB8174C0338250AE50CE955CA16230F9CBD53E",
+ "3A1B2DBD7489D6ED7E608FD036C83AF396E290DBD602408E8677DAABD6E7445A",
+ "D26FCBA19FA3E3058FFC02CA1596CDBB6E0D20CB37B06054F7E36DED0CDBBCCF"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-224, message = \"sample\"",
+ "sha224", "sample",
+ "BC372967702082E1AA4FCE892209F71AE4AD25A6DFD869334E6F153BD0C4D806",
+ "DC9F4DEADA8D8FF588E98FED0AB690FFCE858DC8C79376450EB6B76C24537E2C",
+ "A65A9C3BC7BABE286B195D5DA68616DA8D47FA0097F36DD19F517327DC848CEC"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-256, message = \"sample\"",
+ "sha256", "sample",
+ "8926A27C40484216F052F4427CFD5647338B7B3939BC6573AF4333569D597C52",
+ "EACE8BDBBE353C432A795D9EC556C6D021F7A03F42C36E9BC87E4AC7932CC809",
+ "7081E175455F9247B812B74583E9E94F9EA79BD640DC962533B0680793A38D53"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-384, message = \"sample\"",
+ "sha384", "sample",
+ "C345D5AB3DA0A5BCB7EC8F8FB7A7E96069E03B206371EF7D83E39068EC564920",
+ "B2DA945E91858834FD9BF616EBAC151EDBC4B45D27D0DD4A7F6A22739F45C00B",
+ "19048B63D9FD6BCA1D9BAE3664E1BCB97F7276C306130969F63F38FA8319021B"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-512, message = \"sample\"",
+ "sha512", "sample",
+ "5A12994431785485B3F5F067221517791B85A597B7A9436995C89ED0374668FC",
+ "2016ED092DC5FB669B8EFB3D1F31A91EECB199879BE0CF78F02BA062CB4C942E",
+ "D0C76F84B5F091E141572A639A4FB8C230807EEA7D55C8A154A224400AFF2351"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-1, message = \"test\"",
+ "sha1", "test",
+ "6EEA486F9D41A037B2C640BC5645694FF8FF4B98D066A25F76BE641CCB24BA4F",
+ "C18270A93CFC6063F57A4DFA86024F700D980E4CF4E2CB65A504397273D98EA0",
+ "414F22E5F31A8B6D33295C7539C1C1BA3A6160D7D68D50AC0D3A5BEAC2884FAA"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-224, message = \"test\"",
+ "sha224", "test",
+ "06BD4C05ED74719106223BE33F2D95DA6B3B541DAD7BFBD7AC508213B6DA6670",
+ "272ABA31572F6CC55E30BF616B7A265312018DD325BE031BE0CC82AA17870EA3",
+ "E9CC286A52CCE201586722D36D1E917EB96A4EBDB47932F9576AC645B3A60806"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-256, message = \"test\"",
+ "sha256", "test",
+ "1D6CE6DDA1C5D37307839CD03AB0A5CBB18E60D800937D67DFB4479AAC8DEAD7",
+ "8190012A1969F9957D56FCCAAD223186F423398D58EF5B3CEFD5A4146A4476F0",
+ "7452A53F7075D417B4B013B278D1BB8BBD21863F5E7B1CEE679CF2188E1AB19E"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-384, message = \"test\"",
+ "sha384", "test",
+ "206E61F73DBE1B2DC8BE736B22B079E9DACD974DB00EEBBC5B64CAD39CF9F91C",
+ "239E66DDBE8F8C230A3D071D601B6FFBDFB5901F94D444C6AF56F732BEB954BE",
+ "6BD737513D5E72FE85D1C750E0F73921FE299B945AAD1C802F15C26A43D34961"
+ },
+ {
+ "DSA, 2048 bits",
+ "With SHA-512, message = \"test\"",
+ "sha512", "test",
+ "AFF1651E4CD6036D57AA8B2A05CCF1A9D5A40166340ECBBDC55BE10B568AA0AA",
+ "89EC4BB1400ECCFF8E7D9AA515CD1DE7803F2DAFF09693EE7FD1353E90A68307",
+ "C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
+ },
+ { NULL }
+ };
+
+ gpg_error_t err;
+ int tno, i, hashalgo;
+ gcry_sexp_t seckey, data, sig;
+ unsigned char digest[64];
+ int digestlen;
+
+ for (tno = 0; tests[tno].keyname; tno++)
+ {
+ if (verbose)
+ info ("Test %d: %s. %s.\n", tno, tests[tno].keyname, tests[tno].name);
+
+ {
+ for (i=0; keys[i].name; i++)
+ if (!strcmp (tests[tno].keyname, keys[i].name))
+ break;
+ if (!keys[i].name)
+ die ("Key '%s' used by test '%s' not found\n",
+ tests[tno].keyname, tests[tno].name);
+
+ err = gcry_sexp_new (&seckey, keys[i].key, 0, 1);
+ if (err)
+ die ("reading key failed: %s\n", gpg_strerror (err));
+ }
+
+ hashalgo = gcry_md_map_name (tests[tno].hashname);
+ if (!hashalgo)
+ die ("hash with name '%s' is not supported\n", tests[tno].hashname);
+
+ digestlen = gcry_md_get_algo_dlen (hashalgo);
+ if (digestlen > sizeof digest)
+ die ("internal error: digest does not fit into our buffer\n");
+
+ gcry_md_hash_buffer (hashalgo, digest,
+ tests[tno].message, strlen (tests[tno].message));
+
+ err = gcry_sexp_build (&data, NULL,
+ "(data "
+ " (flags rfc6979)"
+ " (hash %s %b))",
+ tests[tno].hashname, digestlen, digest);
+ if (err)
+ die ("building data sexp failed: %s\n", gpg_strerror (err));
+
+ err = gcry_pk_sign (&sig, data, seckey);
+ if (err)
+ fail ("signing failed: %s\n", gpg_strerror (err));
+
+ extract_cmp_data (sig, "r", tests[tno].r);
+ extract_cmp_data (sig, "s", tests[tno].s);
+
+ err = gcry_pk_verify (sig, data, seckey);
+ if (err)
+ fail ("verification failed: %s\n", gpg_strerror (err));
+
+
+ gcry_sexp_release (sig);
+ gcry_sexp_release (data);
+ gcry_sexp_release (seckey);
+ }
+}
+
+
+
+int
+main (int argc, char **argv)
+{
+ int debug = 0;
+
+ if (argc > 1 && !strcmp (argv[1], "--verbose"))
+ verbose = 1;
+ else if (argc > 1 && !strcmp (argv[1], "--debug"))
+ {
+ verbose = 2;
+ debug = 1;
+ }
+
+ gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
+ /* Check that we test exactly our version - including the patchlevel. */
+ if (strcmp (GCRYPT_VERSION, gcry_check_version (NULL)))
+ die ("version mismatch; pgm=%s, library=%s\n",
+ GCRYPT_VERSION,gcry_check_version (NULL));
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
+ if (debug)
+ gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
+ /* No valuable keys are create, so we can speed up our RNG. */
+ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+
+ check_dsa_rfc6979 ();
+
+ return error_count ? 1 : 0;
+}
commit b72d312ad11887fc416aa821786f6bdb663c0f4a
Author: Werner Koch
Date: Fri Jul 26 19:22:36 2013 +0200
Allow the use of a private-key s-expression with gcry_pk_verify.
* cipher/pubkey.c (sexp_to_key): Fallback to private key.
Signed-off-by: Werner Koch
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index 606cedf..b540bd5 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -2022,9 +2022,14 @@ sexp_to_key (gcry_sexp_t sexp, int want_private, int use,
pk_extra_spec_t *extraspec;
int is_ecc;
- /* Check that the first element is valid. */
+ /* Check that the first element is valid. If we are looking for a
+ public key but a private key was supplied, we allow the use of
+ the private key anyway. The rationale for this is that the
+ private key is a superset of the public key. */
list = gcry_sexp_find_token (sexp,
want_private? "private-key":"public-key", 0);
+ if (!list && !want_private)
+ list = gcry_sexp_find_token (sexp, "private-key", 0);
if (!list)
return GPG_ERR_INV_OBJ; /* Does not contain a key object. */
-----------------------------------------------------------------------
Summary of changes:
cipher/dsa-common.c | 268 ++++++++++++++++++++++++++-
cipher/dsa.c | 115 +++++++++---
cipher/pubkey-internal.h | 6 +
cipher/pubkey.c | 7 +-
tests/Makefile.am | 2 +-
tests/dsa-rfc6979.c | 475 ++++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 840 insertions(+), 33 deletions(-)
create mode 100644 tests/dsa-rfc6979.c
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Mon Jul 29 15:46:21 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Mon, 29 Jul 2013 15:46:21 +0200
Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-176-g4332096
Message-ID:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 43320961a8751ee28dc95cdb0ae01ea8a7ff7f91 (commit)
via 6e0a9786637d649b48aae0e611a12e12beef9b3b (commit)
from 1cfa79aabc5d0fd8d124901054475e90ab7d9cde (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 43320961a8751ee28dc95cdb0ae01ea8a7ff7f91
Author: Werner Koch
Date: Mon Jul 29 15:16:02 2013 +0200
sexp: Allow white space anywhere in a hex format.
* src/sexp.c (hextobyte): Remove.
(hextonibble): New.
(vsexp_sscan): Skip whtespace between hex nibbles.
--
Before that patch a string
"(a #123"
" 456#")
was not correctly parsed because white space was only allowed between
two hex digits but not in between nibbles.
Signed-off-by: Werner Koch
diff --git a/src/sexp.c b/src/sexp.c
index 6dedf4e..0e96f0b 100644
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -880,27 +880,17 @@ gcry_sexp_cadr ( const gcry_sexp_t list )
}
-static int
-hextobyte( const byte *s )
+static GPG_ERR_INLINE int
+hextonibble (int s)
{
- int c=0;
-
- if( *s >= '0' && *s <= '9' )
- c = 16 * (*s - '0');
- else if( *s >= 'A' && *s <= 'F' )
- c = 16 * (10 + *s - 'A');
- else if( *s >= 'a' && *s <= 'f' ) {
- c = 16 * (10 + *s - 'a');
- }
- s++;
- if( *s >= '0' && *s <= '9' )
- c += *s - '0';
- else if( *s >= 'A' && *s <= 'F' )
- c += 10 + *s - 'A';
- else if( *s >= 'a' && *s <= 'f' ) {
- c += 10 + *s - 'a';
- }
- return c;
+ if (s >= '0' && s <= '9')
+ return s - '0';
+ else if (s >= 'A' && s <= 'F')
+ return 10 + s - 'A';
+ else if (s >= 'a' && s <= 'f')
+ return 10 + s - 'a';
+ else
+ return 0;
}
@@ -1237,10 +1227,19 @@ vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
STORE_LEN (c.pos, datalen);
for (hexfmt++; hexfmt < p; hexfmt++)
{
+ int tmpc;
+
if (whitespacep (hexfmt))
continue;
- *c.pos++ = hextobyte ((const unsigned char*)hexfmt);
- hexfmt++;
+ tmpc = hextonibble (*(const unsigned char*)hexfmt);
+ for (hexfmt++; hexfmt < p && whitespacep (hexfmt); hexfmt++)
+ ;
+ if (hexfmt < p)
+ {
+ tmpc *= 16;
+ tmpc += hextonibble (*(const unsigned char*)hexfmt);
+ }
+ *c.pos++ = tmpc;
}
hexfmt = NULL;
}
commit 6e0a9786637d649b48aae0e611a12e12beef9b3b
Author: Werner Koch
Date: Mon Jul 29 15:09:33 2013 +0200
Implement deterministic ECDSA as specified by rfc-6979.
* cipher/ecc.c (sign): Add args FLAGS and HASHALGO. Convert an opaque
MPI as INPUT. Implement rfc-6979.
(ecc_sign): Remove the opaque MPI code and pass FLAGS to sign.
(verify): Do not allocate and compute Y; it is not used.
(ecc_verify): Truncate the hash value if needed.
* tests/dsa-rfc6979.c (check_dsa_rfc6979): Add ECDSA test cases.
Signed-off-by: Werner Koch
diff --git a/NEWS b/NEWS
index 508b943..ee737f9 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,11 @@ Noteworthy changes in version 1.6.0 (unreleased)
* Added support for the SCRYPT algorithm.
+ * Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA
+ secret keys. See [CVE-2013-4242].
+
+ * Support Deterministic DSA as per RFC-6969.
+
* Interface changes relative to the 1.5.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_ac_* REMOVED.
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 725dfbe..071879d 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -309,7 +309,8 @@ static void *progress_cb_data;
static void test_keys (ECC_secret_key * sk, unsigned int nbits);
static int check_secret_key (ECC_secret_key * sk);
static gpg_err_code_t sign (gcry_mpi_t input, ECC_secret_key *skey,
- gcry_mpi_t r, gcry_mpi_t s);
+ gcry_mpi_t r, gcry_mpi_t s,
+ int flags, int hashalgo);
static gpg_err_code_t verify (gcry_mpi_t input, ECC_public_key *pkey,
gcry_mpi_t r, gcry_mpi_t s);
@@ -641,7 +642,7 @@ test_keys (ECC_secret_key *sk, unsigned int nbits)
gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM);
- if (sign (test, sk, r, s) )
+ if (sign (test, sk, r, s, 0, 0) )
log_fatal ("ECDSA operation: sign failed\n");
if (verify (test, &pk, r, s))
@@ -739,16 +740,38 @@ check_secret_key (ECC_secret_key * sk)
* must have allocated R and S.
*/
static gpg_err_code_t
-sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s)
+sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s,
+ int flags, int hashalgo)
{
gpg_err_code_t err = 0;
+ int extraloops = 0;
gcry_mpi_t k, dr, sum, k_1, x;
mpi_point_struct I;
+ gcry_mpi_t hash;
+ const void *abuf;
+ unsigned int abits, qbits;
mpi_ec_t ctx;
if (DBG_CIPHER)
log_mpidump ("ecdsa sign hash ", input );
+ qbits = mpi_get_nbits (skey->E.n);
+
+ /* Convert the INPUT into an MPI if needed. */
+ if (mpi_is_opaque (input))
+ {
+ abuf = gcry_mpi_get_opaque (input, &abits);
+ err = gpg_err_code (gcry_mpi_scan (&hash, GCRYMPI_FMT_USG,
+ abuf, (abits+7)/8, NULL));
+ if (err)
+ return err;
+ if (abits > qbits)
+ gcry_mpi_rshift (hash, hash, abits - qbits);
+ }
+ else
+ hash = input;
+
+
k = NULL;
dr = mpi_alloc (0);
sum = mpi_alloc (0);
@@ -769,8 +792,32 @@ sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s)
once because r has been intialized to 0. We can't use a
do_while because we want to keep the value of R even if S
has to be recomputed. */
+
mpi_free (k);
- k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM);
+ k = NULL;
+ if ((flags & PUBKEY_FLAG_RFC6979) && hashalgo)
+ {
+ /* Use Pornin's method for deterministic DSA. If this
+ flag is set, it is expected that HASH is an opaque
+ MPI with the to be signed hash. That hash is also
+ used as h1 from 3.2.a. */
+ if (!mpi_is_opaque (input))
+ {
+ err = GPG_ERR_CONFLICT;
+ goto leave;
+ }
+
+ abuf = gcry_mpi_get_opaque (input, &abits);
+ err = _gcry_dsa_gen_rfc6979_k (&k, skey->E.n, skey->d,
+ abuf, (abits+7)/8,
+ hashalgo, extraloops);
+ if (err)
+ goto leave;
+ extraloops++;
+ }
+ else
+ k = _gcry_dsa_gen_k (skey->E.n, GCRY_STRONG_RANDOM);
+
_gcry_mpi_ec_mul_point (&I, k, &skey->E.G, ctx);
if (_gcry_mpi_ec_get_affine (x, NULL, &I, ctx))
{
@@ -782,7 +829,7 @@ sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s)
mpi_mod (r, x, skey->E.n); /* r = x mod n */
}
mpi_mulm (dr, skey->d, r, skey->E.n); /* dr = d*r mod n */
- mpi_addm (sum, input, dr, skey->E.n); /* sum = hash + (d*r) mod n */
+ mpi_addm (sum, hash, dr, skey->E.n); /* sum = hash + (d*r) mod n */
mpi_invm (k_1, k, skey->E.n); /* k_1 = k^(-1) mod n */
mpi_mulm (s, k_1, sum, skey->E.n); /* s = k^(-1)*(hash+(d*r)) mod n */
}
@@ -802,6 +849,9 @@ sign (gcry_mpi_t input, ECC_secret_key *skey, gcry_mpi_t r, gcry_mpi_t s)
mpi_free (dr);
mpi_free (k);
+ if (hash != input)
+ mpi_free (hash);
+
return err;
}
@@ -813,7 +863,7 @@ static gpg_err_code_t
verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
{
gpg_err_code_t err = 0;
- gcry_mpi_t h, h1, h2, x, y;
+ gcry_mpi_t h, h1, h2, x;
mpi_point_struct Q, Q1, Q2;
mpi_ec_t ctx;
@@ -826,7 +876,6 @@ verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
h1 = mpi_alloc (0);
h2 = mpi_alloc (0);
x = mpi_alloc (0);
- y = mpi_alloc (0);
point_init (&Q);
point_init (&Q1);
point_init (&Q2);
@@ -835,28 +884,16 @@ verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
/* h = s^(-1) (mod n) */
mpi_invm (h, s, pkey->E.n);
-/* log_mpidump (" h", h); */
/* h1 = hash * s^(-1) (mod n) */
mpi_mulm (h1, input, h, pkey->E.n);
-/* log_mpidump (" h1", h1); */
/* Q1 = [ hash * s^(-1) ]G */
_gcry_mpi_ec_mul_point (&Q1, h1, &pkey->E.G, ctx);
-/* log_mpidump ("Q1.x", Q1.x); */
-/* log_mpidump ("Q1.y", Q1.y); */
-/* log_mpidump ("Q1.z", Q1.z); */
/* h2 = r * s^(-1) (mod n) */
mpi_mulm (h2, r, h, pkey->E.n);
-/* log_mpidump (" h2", h2); */
/* Q2 = [ r * s^(-1) ]Q */
_gcry_mpi_ec_mul_point (&Q2, h2, &pkey->Q, ctx);
-/* log_mpidump ("Q2.x", Q2.x); */
-/* log_mpidump ("Q2.y", Q2.y); */
-/* log_mpidump ("Q2.z", Q2.z); */
/* Q = ([hash * s^(-1)]G) + ([r * s^(-1)]Q) */
_gcry_mpi_ec_add_points (&Q, &Q1, &Q2, ctx);
-/* log_mpidump (" Q.x", Q.x); */
-/* log_mpidump (" Q.y", Q.y); */
-/* log_mpidump (" Q.z", Q.z); */
if (!mpi_cmp_ui (Q.z, 0))
{
@@ -865,7 +902,7 @@ verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
err = GPG_ERR_BAD_SIGNATURE;
goto leave;
}
- if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx))
+ if (_gcry_mpi_ec_get_affine (x, NULL, &Q, ctx))
{
if (DBG_CIPHER)
log_debug ("ecc verify: Failed to get affine coordinates\n");
@@ -878,7 +915,6 @@ verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
if (DBG_CIPHER)
{
log_mpidump (" x", x);
- log_mpidump (" y", y);
log_mpidump (" r", r);
log_mpidump (" s", s);
log_debug ("ecc verify: Not verified\n");
@@ -894,7 +930,6 @@ verify (gcry_mpi_t input, ECC_public_key *pkey, gcry_mpi_t r, gcry_mpi_t s)
point_free (&Q2);
point_free (&Q1);
point_free (&Q);
- mpi_free (y);
mpi_free (x);
mpi_free (h2);
mpi_free (h1);
@@ -1324,8 +1359,6 @@ ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
ECC_secret_key sk;
(void)algo;
- (void)flags;
- (void)hashalgo;
if (!data || !skey[0] || !skey[1] || !skey[2] || !skey[3] || !skey[4]
|| !skey[6] )
@@ -1347,24 +1380,7 @@ ecc_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey,
resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.E.p));
-
- if (mpi_is_opaque (data))
- {
- const void *abuf;
- unsigned int abits;
- gcry_mpi_t a;
-
- abuf = gcry_mpi_get_opaque (data, &abits);
- err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, abits/8, NULL);
- if (!err)
- {
- err = sign (a, &sk, resarr[0], resarr[1]);
- gcry_mpi_release (a);
- }
- }
- else
- err = sign (data, &sk, resarr[0], resarr[1]);
-
+ err = sign (data, &sk, resarr[0], resarr[1], flags, hashalgo);
if (err)
{
mpi_free (resarr[0]);
@@ -1414,13 +1430,18 @@ ecc_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
if (mpi_is_opaque (hash))
{
const void *abuf;
- unsigned int abits;
+ unsigned int abits, qbits;
gcry_mpi_t a;
+ qbits = mpi_get_nbits (pk.E.n);
+
abuf = gcry_mpi_get_opaque (hash, &abits);
- err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, abits/8, NULL);
+ err = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL);
if (!err)
{
+ if (abits > qbits)
+ gcry_mpi_rshift (a, a, abits - qbits);
+
err = verify (a, &pk, data[0], data[1]);
gcry_mpi_release (a);
}
diff --git a/tests/dsa-rfc6979.c b/tests/dsa-rfc6979.c
index 6a9ac40..4ecdef9 100644
--- a/tests/dsa-rfc6979.c
+++ b/tests/dsa-rfc6979.c
@@ -209,6 +209,69 @@ check_dsa_rfc6979 (void)
" 74E04299F132026601638CB87AB79190D4A0986315DA8EEC6561C938996BEADF#)"
" ))"
},
+ {
+ "ECDSA, 192 bits (prime field)",
+ "(private-key"
+ " (ecdsa"
+ " (curve \"NIST P-192\")"
+ " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
+ " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
+ " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
+ " ))"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "(private-key"
+ " (ecdsa"
+ " (curve \"NIST P-224\")"
+ " (q #04"
+ " 00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C"
+ " EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A#)"
+ " (d #F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1#)"
+ " ))"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "(private-key"
+ " (ecdsa"
+ " (curve \"NIST P-256\")"
+ " (q #04"
+ " 60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6"
+ " 7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299#)"
+ " (d #C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721#)"
+ " ))"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "(private-key"
+ " (ecdsa"
+ " (curve \"NIST P-384\")"
+ " (q #04"
+ " EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64"
+ " DEF8F0EA9055866064A254515480BC13"
+ " 8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
+ " 288B231C3AE0D4FE7344FD2533264720#)"
+ " (d #6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
+ " 96D5724E4C70A825F872C9EA60D2EDF5#)"
+ " ))"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "(private-key"
+ " (ecdsa"
+ " (curve \"NIST P-521\")"
+ " (q #04"
+ " 01894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD"
+ " 371123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F50"
+ " 23A4"
+ " 00493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A"
+ " 28A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFD"
+ " FCF5#)"
+ " (d #FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75"
+ " CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B8"
+ " 3538#)"
+ " ))"
+ },
{ NULL }
};
@@ -379,6 +442,499 @@ check_dsa_rfc6979 (void)
"89EC4BB1400ECCFF8E7D9AA515CD1DE7803F2DAFF09693EE7FD1353E90A68307",
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
},
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-1, message = \"sample\"",
+ "sha1", "sample",
+ "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
+ "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
+ "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-224, message = \"sample\"",
+ "sha224", "sample",
+ "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
+ "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
+ "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-256, message = \"sample\"",
+ "sha256", "sample",
+ "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
+ "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
+ "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-384, message = \"sample\"",
+ "sha384", "sample",
+ "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
+ "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
+ "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-512, message = \"sample\"",
+ "sha512", "sample",
+ "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
+ "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
+ "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-1, message = \"test\"",
+ "sha1", "test",
+ "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
+ "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
+ "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-224, message = \"test\"",
+ "sha224", "test",
+ "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
+ "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
+ "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-256, message = \"test\"",
+ "sha256", "test",
+ "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
+ "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
+ "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-384, message = \"test\"",
+ "sha384", "test",
+ "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
+ "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
+ "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
+ },
+ {
+ "ECDSA, 192 bits (prime field)",
+ "With SHA-512, message = \"test\"",
+ "sha512", "test",
+ "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
+ "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
+ "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
+ },
+
+
+
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-1, message = \"sample\"",
+ "sha1", "sample",
+ "7EEFADD91110D8DE6C2C470831387C50D3357F7F4D477054B8B426BC",
+ "22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC",
+ "66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-224, message = \"sample\"",
+ "sha224", "sample",
+ "C1D1F2F10881088301880506805FEB4825FE09ACB6816C36991AA06D",
+ "1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E",
+ "A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-256, message = \"sample\"",
+ "sha256", "sample",
+ "AD3029E0278F80643DE33917CE6908C70A8FF50A411F06E41DEDFCDC",
+ "61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA",
+ "BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-384, message = \"sample\"",
+ "sha384", "sample",
+ "52B40F5A9D3D13040F494E83D3906C6079F29981035C7BD51E5CAC40",
+ "0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953",
+ "830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-512, message = \"sample\"",
+ "sha512", "sample",
+ "9DB103FFEDEDF9CFDBA05184F925400C1653B8501BAB89CEA0FBEC14",
+ "074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397",
+ "A4CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-1, message = \"test\"",
+ "sha1", "test",
+ "2519178F82C3F0E4F87ED5883A4E114E5B7A6E374043D8EFD329C253",
+ "DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C",
+ "95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-224, message = \"test\"",
+ "sha224", "test",
+ "DF8B38D40DCA3E077D0AC520BF56B6D565134D9B5F2EAE0D34900524",
+ "C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019",
+ "902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-256, message = \"test\"",
+ "sha256", "test",
+ "FF86F57924DA248D6E44E8154EB69F0AE2AEBAEE9931D0B5A969F904",
+ "AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6",
+ "178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-384, message = \"test\"",
+ "sha384", "test",
+ "7046742B839478C1B5BD31DB2E862AD868E1A45C863585B5F22BDC2D",
+ "389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4",
+ "414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB"
+ },
+ {
+ "ECDSA, 224 bits (prime field)",
+ "With SHA-512, message = \"test\"",
+ "sha512", "test",
+ "E39C2AA4EA6BE2306C72126D40ED77BF9739BB4D6EF2BBB1DCB6169D",
+ "049F050477C5ADD858CAC56208394B5A55BAEBBE887FDF765047C17C",
+ "077EB13E7005929CEFA3CD0403C7CDCC077ADF4E44F3C41B2F60ECFF"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-1, message = \"sample\"",
+ "sha1", "sample",
+ "882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
+ "61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32",
+ "6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-224, message = \"sample\"",
+ "sha224", "sample",
+ "103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
+ "53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F",
+ "B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-256, message = \"sample\"",
+ "sha256", "sample",
+ "A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
+ "EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716",
+ "F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-384, message = \"sample\"",
+ "sha384", "sample",
+ "09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
+ "0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719",
+ "4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-512, message = \"sample\"",
+ "sha512", "sample",
+ "5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
+ "8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F00",
+ "2362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-1, message = \"test\"",
+ "sha1", "test",
+ "8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
+ "0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89",
+ "01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-224, message = \"test\"",
+ "sha224", "test",
+ "669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
+ "C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692",
+ "C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-256, message = \"test\"",
+ "sha256", "test",
+ "D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
+ "F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367",
+ "019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-384, message = \"test\"",
+ "sha384", "test",
+ "16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
+ "83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB6",
+ "8DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
+ },
+ {
+ "ECDSA, 256 bits (prime field)",
+ "With SHA-512, message = \"test\"",
+ "sha512", "test",
+ "6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
+ "461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04",
+ "39AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-1, message = \"sample\"",
+ "sha1", "sample",
+ "4471EF7518BB2C7C20F62EAE1C387AD0C5E8E470995DB4ACF694466E6AB09663"
+ "0F29E5938D25106C3C340045A2DB01A7",
+ "EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA3"
+ "7B9BA002899F6FDA3A4A9386790D4EB2",
+ "A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF"
+ "26F49CA031D4857570CCB5CA4424A443"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-224, message = \"sample\"",
+ "sha224", "sample",
+ "A4E4D2F0E729EB786B31FC20AD5D849E304450E0AE8E3E341134A5C1AFA03CAB"
+ "8083EE4E3C45B06A5899EA56C51B5879",
+ "42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366"
+ "450F76EE3DE43F5A125333A6BE060122",
+ "9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E483"
+ "4C082C03D83028EFBF93A3C23940CA8D"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-256, message = \"sample\"",
+ "sha256", "sample",
+ "180AE9F9AEC5438A44BC159A1FCB277C7BE54FA20E7CF404B490650A8ACC414E"
+ "375572342863C899F9F2EDF9747A9B60",
+ "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
+ "BDE1E888E63355D92FA2B3C36D8FB2CD",
+ "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
+ "EFDC63ECCD1AC42EC0CB8668A4FA0AB0"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-384, message = \"sample\"",
+ "sha384", "sample",
+ "94ED910D1A099DAD3254E9242AE85ABDE4BA15168EAF0CA87A555FD56D10FBCA"
+ "2907E3E83BA95368623B8C4686915CF9",
+ "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C"
+ "81A648152E44ACF96E36DD1E80FABE46",
+ "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F"
+ "A329C145786E679E7B82C71A38628AC8"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-512, message = \"sample\"",
+ "sha512", "sample",
+ "92FC3C7183A883E24216D1141F1A8976C5B0DD797DFA597E3D7B32198BD35331"
+ "A4E966532593A52980D0E3AAA5E10EC3",
+ "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C"
+ "FE30F35CC900056D7C99CD7882433709",
+ "512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112"
+ "DC7CC3EF3446DEFCEB01A45C2667FDD5"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-1, message = \"test\"",
+ "sha1", "test",
+ "66CC2C8F4D303FC962E5FF6A27BD79F84EC812DDAE58CF5243B64A4AD8094D47"
+ "EC3727F3A3C186C15054492E30698497",
+ "4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678"
+ "ACD9D29876DAF46638645F7F404B11C7",
+ "D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A29916"
+ "95BA1C84541327E966FA7B50F7382282"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-224, message = \"test\"",
+ "sha224", "test",
+ "18FA39DB95AA5F561F30FA3591DC59C0FA3653A80DAFFA0B48D1A4C6DFCBFF6E"
+ "3D33BE4DC5EB8886A8ECD093F2935726",
+ "E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E624"
+ "64A9A817C47FF78B8C11066B24080E72",
+ "07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C614"
+ "1C53EA5ABEF0D8231077A04540A96B66"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-256, message = \"test\"",
+ "sha256", "test",
+ "0CFAC37587532347DC3389FDC98286BBA8C73807285B184C83E62E26C401C0FA"
+ "A48DD070BA79921A3457ABFF2D630AD7",
+ "6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559"
+ "F918EEDAF2293BE5B475CC8F0188636B",
+ "2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D"
+ "51AB373F9845C0514EEFB14024787265"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-384, message = \"test\"",
+ "sha384", "test",
+ "015EE46A5BF88773ED9123A5AB0807962D193719503C527B031B4C2D225092AD"
+ "A71F4A459BC0DA98ADB95837DB8312EA",
+ "8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB"
+ "0542A7F0812998DA8F1DD3CA3CF023DB",
+ "DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E0"
+ "6A739F040649A667BF3B828246BAA5A5"
+ },
+ {
+ "ECDSA, 384 bits (prime field)",
+ "With SHA-512, message = \"test\"",
+ "sha512", "test",
+ "3780C4F67CB15518B6ACAE34C9F83568D2E12E47DEAB6C50A4E4EE5319D1E8CE"
+ "0E2CC8A136036DC4B9C00E6888F66B6C",
+ "A0D5D090C9980FAF3C2CE57B7AE951D31977DD11C775D314AF55F76C676447D0"
+ "6FB6495CD21B4B6E340FC236584FB277",
+ "976984E59B4C77B0E8E4460DCA3D9F20E07B9BB1F63BEEFAF576F6B2E8B22463"
+ "4A2092CD3792E0159AD9CEE37659C736"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-1, message = \"sample\"",
+ "sha1", "sample",
+ "0089C071B419E1C2820962321787258469511958E80582E95D8378E0C2CCDB3CB"
+ "42BEDE42F50E3FA3C71F5A76724281D31D9C89F0F91FC1BE4918DB1C03A5838D"
+ "0F9",
+ "343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910"
+ "FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D"
+ "75D",
+ "E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D"
+ "5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5"
+ "D16"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-224, message = \"sample\"",
+ "sha224", "sample",
+ "121415EC2CD7726330A61F7F3FA5DE14BE9436019C4DB8CB4041F3B54CF31BE0"
+ "493EE3F427FB906393D895A19C9523F3A1D54BB8702BD4AA9C99DAB2597B9211"
+ "3F3",
+ "01776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A3"
+ "0715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2E"
+ "D2E",
+ "50CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17B"
+ "A41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B"
+ "41F"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-256, message = \"sample\"",
+ "sha256", "sample",
+ "0EDF38AFCAAECAB4383358B34D67C9F2216C8382AAEA44A3DAD5FDC9C3257576"
+ "1793FEF24EB0FC276DFC4F6E3EC476752F043CF01415387470BCBD8678ED2C7E"
+ "1A0",
+ "01511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
+ "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
+ "1A7",
+ "4A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
+ "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
+ "CFC"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-384, message = \"sample\"",
+ "sha384", "sample",
+ "1546A108BC23A15D6F21872F7DED661FA8431DDBD922D0DCDB77CC878C8553FF"
+ "AD064C95A920A750AC9137E527390D2D92F153E66196966EA554D9ADFCB109C4"
+ "211",
+ "01EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4"
+ "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67"
+ "451",
+ "01F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5"
+ "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65"
+ "D61"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-512, message = \"sample\"",
+ "sha512", "sample",
+ "1DAE2EA071F8110DC26882D4D5EAE0621A3256FC8847FB9022E2B7D28E6F1019"
+ "8B1574FDD03A9053C08A1854A168AA5A57470EC97DD5CE090124EF52A2F7ECBF"
+ "FD3",
+ "C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1"
+ "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37"
+ "7FA",
+ "617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF2"
+ "82623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A"
+ "67A"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-1, message = \"test\"",
+ "sha1", "test",
+ "0BB9F2BF4FE1038CCF4DABD7139A56F6FD8BB1386561BD3C6A4FC818B20DF5DD"
+ "BA80795A947107A1AB9D12DAA615B1ADE4F7A9DC05E8E6311150F47F5C57CE8B"
+ "222",
+ "013BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0"
+ "693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0"
+ "367",
+ "01E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90"
+ "F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC91679"
+ "7FF"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-224, message = \"test\"",
+ "sha224", "test",
+ "040D09FCF3C8A5F62CF4FB223CBBB2B9937F6B0577C27020A99602C25A011369"
+ "87E452988781484EDBBCF1C47E554E7FC901BC3085E5206D9F619CFF07E73D6F"
+ "706",
+ "01C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086"
+ "BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE1"
+ "7FB",
+ "0177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5"
+ "BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD51"
+ "9A4"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-256, message = \"test\"",
+ "sha256", "test",
+ "01DE74955EFAABC4C4F17F8E84D881D1310B5392D7700275F82F145C61E84384"
+ "1AF09035BF7A6210F5A431A6A9E81C9323354A9E69135D44EBD2FCAA7731B909"
+ "258",
+ "0E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D807104"
+ "2EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656"
+ "AA8",
+ "CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9"
+ "FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694"
+ "E86"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-384, message = \"test\"",
+ "sha384", "test",
+ "1F1FC4A349A7DA9A9E116BFDD055DC08E78252FF8E23AC276AC88B1770AE0B5D"
+ "CEB1ED14A4916B769A523CE1E90BA22846AF11DF8B300C38818F713DADD85DE0"
+ "C88",
+ "014BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C"
+ "89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF60755"
+ "78C",
+ "0133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0E"
+ "D94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B"
+ "979"
+ },
+ {
+ "ECDSA, 521 bits (prime field)",
+ "With SHA-512, message = \"test\"",
+ "sha512", "test",
+ "16200813020EC986863BEDFC1B121F605C1215645018AEA1A7B215A564DE9EB1"
+ "B38A67AA1128B80CE391C4FB71187654AAA3431027BFC7F395766CA988C964DC"
+ "56D",
+ "013E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10"
+ "CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47E"
+ "E6D",
+ "01FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78"
+ "A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4D"
+ "CE3"
+ },
{ NULL }
};
@@ -436,7 +992,6 @@ check_dsa_rfc6979 (void)
if (err)
fail ("verification failed: %s\n", gpg_strerror (err));
-
gcry_sexp_release (sig);
gcry_sexp_release (data);
gcry_sexp_release (seckey);
-----------------------------------------------------------------------
Summary of changes:
NEWS | 5 +
cipher/ecc.c | 109 ++++++----
src/sexp.c | 43 ++--
tests/dsa-rfc6979.c | 557 ++++++++++++++++++++++++++++++++++++++++++++++++++-
4 files changed, 647 insertions(+), 67 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
From cvs at cvs.gnupg.org Tue Jul 30 11:02:56 2013
From: cvs at cvs.gnupg.org (by Werner Koch)
Date: Tue, 30 Jul 2013 11:02:56 +0200
Subject: [git] GpgEX - branch, master, updated. gpgex-0.9.7-34-g7df2814
Message-ID: