[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta895-18-gd95f05c

by Werner Koch cvs at cvs.gnupg.org
Sun Nov 2 16:42:29 CET 2014


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  d95f05c314adfecbe0af9073f964030010442f9b (commit)
       via  440e8f517008107a9fe1b72cb659b97b7d840de6 (commit)
       via  a929f36693567e57eca89fb48f23cada8ce7291a (commit)
      from  794a687be0855a71d48793986a90ea1d8695e286 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d95f05c314adfecbe0af9073f964030010442f9b
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Nov 2 16:36:40 2014 +0100

    gpg: Fix endless loop in keylisting with fingerprint.
    
    * g10/getkey.c (getkey_next): Disable cache.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/getkey.c b/g10/getkey.c
index fe183fa..4a4dd55 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1232,6 +1232,12 @@ getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
 {
   int rc; /* Fixme:  Make sure this is proper gpg_error */
 
+  /* We need to disable the caching so that for an exact key search we
+     won't get the result back from the cache and thus end up in an
+     endless loop.  Disabling this here is sufficient because although
+     the result has been cached, if won't be used then.  */
+  keydb_disable_caching (ctx->kr_handle);
+
   rc = lookup (ctx, ret_keyblock, ctx->want_secret);
   if (!rc && pk && ret_keyblock)
     pk_from_block (ctx, pk, *ret_keyblock);

commit 440e8f517008107a9fe1b72cb659b97b7d840de6
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Nov 2 16:31:30 2014 +0100

    gpg: Minor cleanup for key listing related code.
    
    * g10/getkey.c (get_pubkey_next): Divert to getkey_next.
    (get_pubkey_end): Move code to getkey_end.
    * g10/keydb.c (keydb_search_reset): Add a debug statement.
    (dump_search_desc): Add arg HD and print the handle.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/g10/getkey.c b/g10/getkey.c
index 279b3d9..fe183fa 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -928,26 +928,13 @@ get_pubkey_bynames (GETKEY_CTX * retctx, PKT_public_key * pk,
 int
 get_pubkey_next (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE * ret_keyblock)
 {
-  int rc;
-
-  rc = lookup (ctx, ret_keyblock, 0);
-  if (!rc && pk && ret_keyblock)
-    pk_from_block (ctx, pk, *ret_keyblock);
-
-  return rc;
+  return gpg_err_code (getkey_next (ctx, pk, ret_keyblock));
 }
 
 void
 get_pubkey_end (GETKEY_CTX ctx)
 {
-  if (ctx)
-    {
-      memset (&ctx->kbpos, 0, sizeof ctx->kbpos);
-      keydb_release (ctx->kr_handle);
-      free_strlist (ctx->extra_list);
-      if (!ctx->not_allocated)
-	xfree (ctx);
-    }
+  getkey_end (ctx);
 }
 
 
@@ -1257,7 +1244,14 @@ getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
 void
 getkey_end (getkey_ctx_t ctx)
 {
-  get_pubkey_end (ctx);
+  if (ctx)
+    {
+      memset (&ctx->kbpos, 0, sizeof ctx->kbpos);
+      keydb_release (ctx->kr_handle);
+      free_strlist (ctx->extra_list);
+      if (!ctx->not_allocated)
+	xfree (ctx);
+    }
 }
 
 
diff --git a/g10/keydb.c b/g10/keydb.c
index a2cab18..bafae18 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -603,8 +603,8 @@ keydb_release (KEYDB_HANDLE hd)
 
 
 /* Set a flag on handle to not use cached results.  This is required
-   for updating a keyring.  Fixme: Using a new parameter for keydb_new
-   might be a better solution.  */
+   for updating a keyring and for key listins.  Fixme: Using a new
+   parameter for keydb_new might be a better solution.  */
 void
 keydb_disable_caching (KEYDB_HANDLE hd)
 {
@@ -1328,6 +1328,9 @@ keydb_search_reset (KEYDB_HANDLE hd)
   if (DBG_CLOCK)
     log_clock ("keydb_search_reset");
 
+  if (DBG_CACHE)
+    log_debug ("keydb_search: reset  (hd=%p)", hd);
+
   hd->skipped_long_blobs = 0;
   hd->current = 0;
   hd->found = -1;
@@ -1351,7 +1354,8 @@ keydb_search_reset (KEYDB_HANDLE hd)
 
 
 static void
-dump_search_desc (const char *text, KEYDB_SEARCH_DESC *desc, size_t ndesc)
+dump_search_desc (KEYDB_HANDLE hd, const char *text,
+                  KEYDB_SEARCH_DESC *desc, size_t ndesc)
 {
   int n;
   const char *s;
@@ -1382,7 +1386,7 @@ dump_search_desc (const char *text, KEYDB_SEARCH_DESC *desc, size_t ndesc)
         default:                          s = "?";         break;
         }
       if (!n)
-        log_debug ("%s: mode=%s", text, s);
+        log_debug ("%s: mode=%s  (hd=%p)", text, s, hd);
       else
         log_debug ("%*s  mode=%s", (int)strlen (text), "", s);
       if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID)
@@ -1418,7 +1422,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
     log_clock ("keydb_search enter");
 
   if (DBG_CACHE)
-    dump_search_desc ("keydb_search", desc, ndesc);
+    dump_search_desc (hd, "keydb_search", desc, ndesc);
 
   if (!hd->no_caching
       && ndesc == 1

commit a929f36693567e57eca89fb48f23cada8ce7291a
Author: Werner Koch <wk at gnupg.org>
Date:   Sun Nov 2 15:43:52 2014 +0100

    gpg: Do not show an useless passphrase prompt in batch mode.
    
    * g10/keygen.c: Remove unused PASSPHRASE related code.
    (proc_parameter_file): Remove useless asking for a passphrase in batch
    mode.
    --
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/doc/gpg.texi b/doc/gpg.texi
index e894f5c..cfd46a6 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -3312,12 +3312,18 @@ control statements must be given. For GnuPG 2.1 and later
 
 @item %ask-passphrase
 @itemx %no-ask-passphrase
+ at ifclear gpgtwoone
 Enable (or disable) a mode where the command @option{passphrase} is
 ignored and instead the usual passphrase dialog is used.  This does
 not make sense for batch key generation; however the unattended key
 generation feature is also used by GUIs and this feature relinquishes
 the GUI from implementing its own passphrase entry code.  These are
 global control statements and affect all future key genrations.
+ at end ifclear
+ at ifset gpgtwoone
+This option is a no-op for GnuPG 2.1 and later.
+ at end ifset
+
 
 @item %no-protection
 Since GnuPG version 2.1 it is not anymore possible to specify a
diff --git a/g10/keygen.c b/g10/keygen.c
index e25ecc3..7aff438 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -83,8 +83,6 @@ enum para_name {
   pKEYEXPIRE, /* in n seconds */
   pSUBKEYEXPIRE, /* in n seconds */
   pPASSPHRASE,
-  pPASSPHRASE_DEK,
-  pPASSPHRASE_S2K,
   pSERIALNO,
   pCARDBACKUPKEY,
   pHANDLE,
@@ -96,8 +94,6 @@ struct para_data_s {
     int lnr;
     enum para_name key;
     union {
-        DEK *dek;
-        STRING2KEY *s2k;
         u32 expire;
         u32 creation;
         unsigned int usage;
@@ -110,7 +106,6 @@ struct output_control_s
 {
   int lnr;
   int dryrun;
-  int ask_passphrase;
   unsigned int keygen_flags;
   int use_files;
   struct {
@@ -2676,6 +2671,7 @@ ask_user_id (int mode, int full, KBNODE keyblock)
 
 /*  MODE  0 - standard
           1 - Ask for passphrase of the card backup key.  */
+#if 0
 static DEK *
 do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
 {
@@ -2720,6 +2716,7 @@ do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
     *ret_s2k = s2k;
     return dek;
 }
+#endif /* 0 */
 
 
 /* Basic key generation.  Here we divert to the actual generation
@@ -2795,11 +2792,6 @@ release_parameter_list (struct para_data_s *r)
   for (; r ; r = r2)
     {
       r2 = r->next;
-      if (r->key == pPASSPHRASE_DEK)
-        xfree (r->u.dek);
-      else if (r->key == pPASSPHRASE_S2K )
-        xfree (r->u.s2k);
-
       xfree (r);
     }
 }
@@ -3123,72 +3115,6 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
   if (parse_revocation_key (fname, para, pREVOKER))
     return -1;
 
-  /* Make DEK and S2K from the Passphrase. */
-  if (outctrl->ask_passphrase)
-    {
-      /* %ask-passphrase is active - ignore pPASSPRASE and ask.  This
-         feature is required so that GUIs are able to do a key
-         creation but have gpg-agent ask for the passphrase.  */
-      int canceled = 0;
-      STRING2KEY *s2k;
-      DEK *dek;
-
-      dek = do_ask_passphrase (&s2k, 0, &canceled);
-      if (dek)
-        {
-          r = xmalloc_clear( sizeof *r );
-          r->key = pPASSPHRASE_DEK;
-          r->u.dek = dek;
-          append_to_parameter (para, r);
-          r = xmalloc_clear( sizeof *r );
-          r->key = pPASSPHRASE_S2K;
-          r->u.s2k = s2k;
-          append_to_parameter (para, r);
-        }
-
-      if (canceled)
-        {
-	  log_error ("%s:%d: key generation canceled\n", fname, r->lnr );
-          return -1;
-        }
-    }
-  else
-    {
-      r = get_parameter( para, pPASSPHRASE );
-      if ( r && *r->u.value )
-        {
-          /* We have a plain text passphrase - create a DEK from it.
-           * It is a little bit ridiculous to keep it in secure memory
-           * but because we do this always, why not here.  */
-          STRING2KEY *s2k;
-          DEK *dek;
-
-          s2k = xmalloc ( sizeof *s2k );
-          s2k->mode = opt.s2k_mode;
-          s2k->hash_algo = S2K_DIGEST_ALGO;
-          set_next_passphrase ( r->u.value );
-          dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
-                                   NULL, NULL);
-          if (!dek)
-            {
-              log_error ("%s:%d: error post processing the passphrase\n",
-                         fname, r->lnr );
-              xfree (s2k);
-              return -1;
-            }
-          set_next_passphrase (NULL);
-          memset (r->u.value, 0, strlen(r->u.value));
-
-          r = xmalloc_clear (sizeof *r);
-          r->key = pPASSPHRASE_S2K;
-          r->u.s2k = s2k;
-          append_to_parameter (para, r);
-          r = xmalloc_clear (sizeof *r);
-          r->key = pPASSPHRASE_DEK;
-          r->u.dek = dek;
-          append_to_parameter (para, r);
-        }
-    }
 
   /* Make KEYCREATIONDATE from Creation-Date.  */
   r = get_parameter (para, pCREATIONDATE);
@@ -3324,9 +3250,9 @@ read_parameter_file( const char *fname )
 	    else if( !ascii_strcasecmp( keyword, "%dry-run" ) )
 		outctrl.dryrun = 1;
 	    else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) )
-		outctrl.ask_passphrase = 1;
+              ; /* Dummy for backward compatibility. */
 	    else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
-		outctrl.ask_passphrase = 0;
+	      ; /* Dummy for backward compatibility. */
 	    else if( !ascii_strcasecmp( keyword, "%no-protection" ) )
                 outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION;
 	    else if( !ascii_strcasecmp( keyword, "%transient-key" ) )

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi |    6 +++++
 g10/getkey.c |   32 +++++++++++------------
 g10/keydb.c  |   14 ++++++----
 g10/keygen.c |   82 +++-------------------------------------------------------
 4 files changed, 35 insertions(+), 99 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org




More information about the Gnupg-commits mailing list