From cvs at cvs.gnupg.org Fri Apr 3 10:51:21 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 03 Apr 2015 10:51:21 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-77-gf82c4a6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f82c4a6d0d76e716b6a7b22ca964fa2da1f962a0 (commit) via 4ffadb74b3ada8a5d69ef8d87f4326df9bd97e97 (commit) from d0ff2ee04187fbedacbe4d3884ee75d957a0b8c6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f82c4a6d0d76e716b6a7b22ca964fa2da1f962a0 Author: NIIBE Yutaka Date: Fri Apr 3 17:39:59 2015 +0900 g10: Fix keytocard. g10/call-agent.h (agent_scd_learn): Add FORCE option. g10/call-agent.c (agent_scd_learn): Implement FORCE option. g10/keygen.c (gen_card_key): Follow the change of option. g10/card-util.c (change_pin, card_status, factory_reset): Likewise. g10/keyedit.c (keyedit_menu): Update private key storage by agent_scd_learn. -- This is not a perfect solution since there is a possibility user unplug card before quitting 'gpg --keyedit' session. Usually, it works well. GnuPG-bug-id: 1846 diff --git a/g10/call-agent.c b/g10/call-agent.c index 4bac8a0..2a80f22 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -673,7 +673,7 @@ learn_status_cb (void *opaque, const char *line) /* Call the scdaemon to learn about a smartcard */ int -agent_scd_learn (struct agent_card_info_s *info) +agent_scd_learn (struct agent_card_info_s *info, int force) { int rc; struct default_inq_parm_s parm; @@ -701,7 +701,8 @@ agent_scd_learn (struct agent_card_info_s *info) return rc; parm.ctx = agent_ctx; - rc = assuan_transact (agent_ctx, "LEARN --sendinfo", + rc = assuan_transact (agent_ctx, + force ? "LEARN --sendinfo --force" : "LEARN --sendinfo", dummy_data_cb, NULL, default_inq_cb, &parm, learn_status_cb, info); /* Also try to get the key attributes. */ diff --git a/g10/call-agent.h b/g10/call-agent.h index 9c104e8..df570a4 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -77,7 +77,7 @@ struct agent_card_genkey_s { void agent_release_card_info (struct agent_card_info_s *info); /* Return card info. */ -int agent_scd_learn (struct agent_card_info_s *info); +int agent_scd_learn (struct agent_card_info_s *info, int force); /* Send an APDU to the card. */ gpg_error_t agent_scd_apdu (const char *hexapdu, unsigned int *r_sw); diff --git a/g10/card-util.c b/g10/card-util.c index 4b584bf..a291a07 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -81,7 +81,7 @@ change_pin (int unblock_v2, int allow_admin) struct agent_card_info_s info; int rc; - rc = agent_scd_learn (&info); + rc = agent_scd_learn (&info, 0); if (rc) { log_error (_("OpenPGP card not available: %s\n"), @@ -374,7 +374,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) if (serialno && serialnobuflen) *serialno = 0; - rc = agent_scd_learn (&info); + rc = agent_scd_learn (&info, 0); if (rc) { if (opt.with_colons) @@ -1702,7 +1702,7 @@ factory_reset (void) but tries to find out something about the card first. */ - err = agent_scd_learn (&info); + err = agent_scd_learn (&info, 0); if (gpg_err_code (err) == GPG_ERR_OBJ_TERM_STATE && gpg_err_source (err) == GPG_ERR_SOURCE_SCD) termstate = 1; diff --git a/g10/keyedit.c b/g10/keyedit.c index 91f5dae..2f9469f 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1450,6 +1450,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, char *answer = NULL; int redisplay = 1; int modified = 0; + int sec_shadowing = 0; int run_subkey_warnings = 0; int toggle; int have_commands = !!commands; @@ -1836,8 +1837,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, if (card_store_subkey (node, xxpk ? xxpk->pubkey_usage : 0)) { redisplay = 1; - /* Only the secret key has been modified; thus - there is no need to set the modified flag. */ + sec_shadowing = 1; } } } @@ -1923,7 +1923,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, if (card_store_subkey (node, 0)) { redisplay = 1; - /* FIXME:sec_modified = 1;*/ + sec_shadowing = 1; } } release_kbnode (node); @@ -2182,7 +2182,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, case cmdQUIT: if (have_commands) goto leave; - if (!modified) + if (!modified && !sec_shadowing) goto leave; if (!cpr_get_answer_is_yes ("keyedit.save.okay", _("Save changes? (y/N) "))) @@ -2204,7 +2204,18 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, break; } } - else + + if (sec_shadowing) + { + err = agent_scd_learn (NULL, 1); + if (err) + { + log_error (_("update failed: %s\n"), gpg_strerror (err)); + break; + } + } + + if (!modified && !sec_shadowing) tty_printf (_("Key not changed so no update needed.\n")); if (update_trust) diff --git a/g10/keygen.c b/g10/keygen.c index 769e193..4b0398a 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4487,7 +4487,7 @@ gen_card_key (int algo, int keyno, int is_primary, kbnode_t pub_root, /* Send the learn command so that the agent creates a shadow key for card key. We need to do that now so that we are able to create the self-signatures. */ - err = agent_scd_learn (NULL); + err = agent_scd_learn (NULL, 0); if (err) { /* Oops: Card removed during generation. */ commit 4ffadb74b3ada8a5d69ef8d87f4326df9bd97e97 Author: NIIBE Yutaka Date: Fri Apr 3 17:33:11 2015 +0900 agent: Add --force option for LEARN. * agent/command.c (cmd_learn): Handle --force option. (cmd_keytocard): Don't update key storage file. * agent/agent.h (agent_handle_learn): Add FORCE. * agent/learncard.c (agent_handle_learn): Implement FORCE to update key stroage file. -- diff --git a/agent/agent.h b/agent/agent.h index f60061e..d61e634 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -495,7 +495,7 @@ int agent_card_scd (ctrl_t ctrl, const char *cmdline, /*-- learncard.c --*/ -int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context); +int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force); /*-- cvt-openpgp.c --*/ diff --git a/agent/command.c b/agent/command.c index 96fbf19..3188bbd 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1655,25 +1655,27 @@ cmd_get_confirmation (assuan_context_t ctx, char *line) static const char hlp_learn[] = - "LEARN [--send][--sendinfo]\n" + "LEARN [--send] [--sendinfo] [--force]\n" "\n" "Learn something about the currently inserted smartcard. With\n" "--sendinfo information about the card is returned; with --send\n" - "the available certificates are returned as D lines."; + "the available certificates are returned as D lines; with --force\n" + "private key storage will be updated by the result."; static gpg_error_t cmd_learn (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; - int send, sendinfo; + int send, sendinfo, force; send = has_option (line, "--send"); sendinfo = send? 1 : has_option (line, "--sendinfo"); + force = has_option (line, "--force"); if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); - err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL); + err = agent_handle_learn (ctrl, send, sendinfo? ctx : NULL, force); return leave_cmd (ctx, err); } @@ -2409,12 +2411,10 @@ cmd_keytocard (assuan_context_t ctx, char *line) gpg_error_t err = 0; unsigned char grip[20]; gcry_sexp_t s_skey = NULL; - gcry_sexp_t s_pkey = NULL; unsigned char *keydata; size_t keydatalen, timestamplen; const char *serialno, *timestamp_str, *id; unsigned char *shadow_info = NULL; - unsigned char *shdkey; time_t timestamp; if (ctrl->restricted) @@ -2492,48 +2492,8 @@ cmd_keytocard (assuan_context_t ctx, char *line) snprintf (keydata+keydatalen-1, 30, "(10:created-at10:%010lu))", timestamp); keydatalen += 10 + 19 - 1; err = divert_writekey (ctrl, force, serialno, id, keydata, keydatalen); - if (err) - { - xfree (keydata); - goto leave; - } - xfree (keydata); - - err = agent_public_key_from_file (ctrl, grip, &s_pkey); - if (err) - goto leave; - - shadow_info = make_shadow_info (serialno, id); - if (!shadow_info) - { - err = gpg_error (GPG_ERR_ENOMEM); - gcry_sexp_release (s_pkey); - goto leave; - } - keydatalen = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); - keydata = xtrymalloc (keydatalen); - if (keydata == NULL) - { - err = gpg_error_from_syserror (); - gcry_sexp_release (s_pkey); - goto leave; - } - gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keydata, keydatalen); - gcry_sexp_release (s_pkey); - err = agent_shadow_key (keydata, shadow_info, &shdkey); xfree (keydata); - xfree (shadow_info); - if (err) - { - log_error ("shadowing the key failed: %s\n", gpg_strerror (err)); - goto leave; - } - - keydatalen = gcry_sexp_canon_len (shdkey, 0, NULL, NULL); - err = agent_write_private_key (grip, shdkey, keydatalen, 1); - xfree (shdkey); - leave: return leave_cmd (ctx, err); } diff --git a/agent/learncard.c b/agent/learncard.c index 62569ce..e0f2340 100644 --- a/agent/learncard.c +++ b/agent/learncard.c @@ -299,7 +299,7 @@ send_cert_back (ctrl_t ctrl, const char *id, void *assuan_context) /* Perform the learn operation. If ASSUAN_CONTEXT is not NULL and SEND is true all new certificates are send back via Assuan. */ int -agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context) +agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context, int force) { int rc; @@ -399,7 +399,7 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context) for (p=item->hexgrip, i=0; i < 20; p += 2, i++) grip[i] = xtoi_2 (p); - if (!agent_key_available (grip)) + if (!force && !agent_key_available (grip)) continue; /* The key is already available. */ /* Unknown key - store it. */ @@ -430,7 +430,7 @@ agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context) n = gcry_sexp_canon_len (shdkey, 0, NULL, NULL); assert (n); - rc = agent_write_private_key (grip, shdkey, n, 0); + rc = agent_write_private_key (grip, shdkey, n, force); xfree (shdkey); if (rc) { ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 2 +- agent/command.c | 52 ++++++---------------------------------------------- agent/learncard.c | 6 +++--- g10/call-agent.c | 5 +++-- g10/call-agent.h | 2 +- g10/card-util.c | 6 +++--- g10/keyedit.c | 21 ++++++++++++++++----- g10/keygen.c | 2 +- 8 files changed, 34 insertions(+), 62 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 3 13:35:58 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 03 Apr 2015 13:35:58 +0200 Subject: [git] gnupg-doc - branch, master, updated. 77d707ec8587c9684e9b1897607020fb02d9ea2b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 77d707ec8587c9684e9b1897607020fb02d9ea2b (commit) from 813ad5c401e1d2effca419f9687545920bc1ff5c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 77d707ec8587c9684e9b1897607020fb02d9ea2b Author: Werner Koch Date: Fri Apr 3 13:31:58 2015 +0200 faq: Fixed migration instructions in Whats-new-in-2.1 Reported-by: Peter Lebbing diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index bc312da..1056dd0 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -561,7 +561,7 @@ then run import, and finally restore the ownertrust values: $ cd ~/.gnupg $ gpg --export-ownertrust >otrust.lst $ mv pubring.gpg publickeys -$ gpg2 --import publickeys +$ gpg2 --import-options import-local-sigs --import publickeys $ gpg2 --import-ownertrust otrust.lst #+end_example ----------------------------------------------------------------------- Summary of changes: web/faq/whats-new-in-2.1.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Apr 5 12:51:31 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 05 Apr 2015 12:51:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-78-gd901efc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a (commit) from f82c4a6d0d76e716b6a7b22ca964fa2da1f962a0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a Author: Werner Koch Date: Sun Apr 5 12:48:14 2015 +0200 gpg: Fix DoS while parsing mangled secret key packets. * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read et al. -- Due to the missing length checks PKTLEN may turn negative. Because PKTLEN is an unsigned int the malloc in read_rest would try to malloc a too large number and terminate the process with "error reading rest of packet: Cannot allocate memory". Reported-by: Hanno B?ck. Signed-off-by: Werner Koch diff --git a/g10/parse-packet.c b/g10/parse-packet.c index d6a6d10..c80b7df 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2103,6 +2103,12 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, byte temp[16]; size_t snlen = 0; + if (pktlen < 1) + { + err = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } + pk->seckey_info = ski = xtrycalloc (1, sizeof *ski); if (!pk->seckey_info) { @@ -2303,6 +2309,12 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, } else if (ski->is_protected) { + if (pktlen < 2) /* At least two bytes for the length. */ + { + err = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } + /* Ugly: The length is encrypted too, so we read all stuff * up to the end of the packet into the first SKEY * element. */ @@ -2323,7 +2335,14 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, /* Not encrypted. */ for (i = npkey; i < nskey; i++) { - unsigned int n = pktlen; + unsigned int n; + + if (pktlen < 2) /* At least two bytes for the length. */ + { + err = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } + n = pktlen; pk->pkey[i] = mpi_read (inp, &n, 0); pktlen -= n; if (list_mode) @@ -2339,6 +2358,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, if (err) goto leave; + if (pktlen < 2) + { + err = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } ski->csum = read_16 (inp); pktlen -= 2; if (list_mode) ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Apr 5 19:35:19 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 05 Apr 2015 19:35:19 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-8-g0aac920 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 0aac920f23fd07e152fdb7385299c92bb9a4ade3 (commit) from 2a2da1b165f0a3050bca51dea67db9c04b9cb734 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0aac920f23fd07e152fdb7385299c92bb9a4ade3 Author: Werner Koch Date: Sun Apr 5 19:33:36 2015 +0200 gpg: Fix DoS while parsing mangled secret key packets. * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read et al. -- Due to the missing length checks PKTLEN may turn negative. Because PKTLEN is an unsigned int the malloc in read_rest would try to malloc a too large number and terminate the process with "error reading rest of packet: Cannot allocate memory". Reported-by: Hanno B?ck. Signed-off-by: Werner Koch (backported from 2.1 commit d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 5a98961..a8f9d99 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1828,6 +1828,12 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, byte temp[16]; size_t snlen = 0; + if (pktlen < 1) + { + rc = GPG_ERR_INV_PACKET; + goto leave; + } + if( !npkey ) { sk->skey[0] = gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0), pktlen*8 ); @@ -1836,7 +1842,9 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, } for(i=0; i < npkey; i++ ) { - n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; + n = pktlen; + sk->skey[i] = mpi_read(inp, &n, 0 ); + pktlen -=n; if( list_mode ) { fprintf (listfp, "\tskey[%d]: ", i); mpi_print(listfp, sk->skey[i], mpi_print_mode ); @@ -1847,7 +1855,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, } if (rc) /* one of the MPIs were bad */ goto leave; - sk->protect.algo = iobuf_get_noeof(inp); pktlen--; + sk->protect.algo = iobuf_get_noeof(inp); + pktlen--; sk->protect.sha1chk = 0; if( sk->protect.algo ) { sk->is_protected = 1; @@ -1858,12 +1867,15 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, goto leave; } sk->protect.sha1chk = (sk->protect.algo == 254); - sk->protect.algo = iobuf_get_noeof(inp); pktlen--; + sk->protect.algo = iobuf_get_noeof(inp); + pktlen--; /* Note that a sk->protect.algo > 110 is illegal, but I'm not erroring on it here as otherwise there would be no way to delete such a key. */ - sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--; - sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--; + sk->protect.s2k.mode = iobuf_get_noeof(inp); + pktlen--; + sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); + pktlen--; /* check for the special GNU extension */ if( is_v4 && sk->protect.s2k.mode == 101 ) { for(i=0; i < 4 && pktlen; i++, pktlen-- ) @@ -2013,6 +2025,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, /* ugly; the length is encrypted too, so we read all * stuff up to the end of the packet into the first * skey element */ + if (pktlen < 2) /* At least two bytes for the length. */ + { + rc = GPG_ERR_INV_PACKET; + goto leave; + } sk->skey[npkey] = gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0), pktlen*8); @@ -2029,6 +2046,11 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, fprintf (listfp, "\tskey[%d]: [encrypted]\n", i); } else { + if (pktlen < 2) /* At least two bytes for the length. */ + { + rc = GPG_ERR_INV_PACKET; + goto leave; + } n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; @@ -2045,7 +2067,13 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, if (rc) goto leave; - sk->csum = read_16(inp); pktlen -= 2; + if (pktlen < 2) + { + rc = GPG_ERR_INV_PACKET; + goto leave; + } + sk->csum = read_16(inp); + pktlen -= 2; if( list_mode ) { fprintf (listfp, "\tchecksum: %04hx\n", sk->csum); } @@ -2057,6 +2085,12 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, else { PKT_public_key *pk = pkt->pkt.public_key; + if (pktlen < 1) + { + rc = GPG_ERR_INV_PACKET; + goto leave; + } + if( !npkey ) { pk->pkey[0] = gcry_mpi_set_opaque ( NULL, read_rest(inp, pktlen, 0), @@ -2066,7 +2100,9 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, } for(i=0; i < npkey; i++ ) { - n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; + n = pktlen; + pk->pkey[i] = mpi_read(inp, &n, 0 ); + pktlen -=n; if( list_mode ) { fprintf (listfp, "\tpkey[%d]: ", i); mpi_print(listfp, pk->pkey[i], mpi_print_mode ); ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 50 +++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Apr 5 19:44:45 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 05 Apr 2015 19:44:45 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.19-3-g506eb6f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 506eb6fec67f170827777f2f44ced6f50745a0ad (commit) from f34d88364a984947bcd7c344f9532f683b856353 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 506eb6fec67f170827777f2f44ced6f50745a0ad Author: Werner Koch Date: Sun Apr 5 19:42:59 2015 +0200 gpg: Fix DoS while parsing mangled secret key packets. * g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read et al. -- Due to the missing length checks PKTLEN may turn negative. Because PKTLEN is an unsigned int the malloc in read_rest would try to malloc a too large number and terminate the process with "error reading rest of packet: Cannot allocate memory". Reported-by: Hanno B?ck. Signed-off-by: Werner Koch (backported from 2.0 commit 0aac920f23fd07e152fdb7385299c92bb9a4ade3) diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 862ec6e..8d4450c 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1747,6 +1747,12 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, byte temp[16]; size_t snlen = 0; + if (pktlen < 1) + { + rc = G10ERR_INVALID_PACKET; + goto leave; + } + if( !npkey ) { sk->skey[0] = mpi_set_opaque( NULL, read_rest(inp, pktlen, 0), pktlen ); @@ -1755,7 +1761,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, } for(i=0; i < npkey; i++ ) { - n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; + n = pktlen; + sk->skey[i] = mpi_read(inp, &n, 0 ); + pktlen -=n; if( list_mode ) { fprintf (listfp, "\tskey[%d]: ", i); mpi_print(listfp, sk->skey[i], mpi_print_mode ); @@ -1769,7 +1777,8 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, if (list_mode && npkey) keyid_from_sk (sk, keyid); - sk->protect.algo = iobuf_get_noeof(inp); pktlen--; + sk->protect.algo = iobuf_get_noeof(inp); + pktlen--; sk->protect.sha1chk = 0; if( sk->protect.algo ) { sk->is_protected = 1; @@ -1780,12 +1789,15 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, goto leave; } sk->protect.sha1chk = (sk->protect.algo == 254); - sk->protect.algo = iobuf_get_noeof(inp); pktlen--; + sk->protect.algo = iobuf_get_noeof(inp); + pktlen--; /* Note that a sk->protect.algo > 110 is illegal, but I'm not erroring on it here as otherwise there would be no way to delete such a key. */ - sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--; - sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--; + sk->protect.s2k.mode = iobuf_get_noeof(inp); + pktlen--; + sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); + pktlen--; /* check for the special GNU extension */ if( is_v4 && sk->protect.s2k.mode == 101 ) { for(i=0; i < 4 && pktlen; i++, pktlen-- ) @@ -1940,6 +1952,11 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, /* ugly; the length is encrypted too, so we read all * stuff up to the end of the packet into the first * skey element */ + if (pktlen < 2) /* At least two bytes for the length. */ + { + rc = G10ERR_INVALID_PACKET; + goto leave; + } sk->skey[npkey] = mpi_set_opaque(NULL, read_rest(inp, pktlen, 0),pktlen); pktlen = 0; @@ -1955,6 +1972,11 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, fprintf (listfp, "\tskey[%d]: [encrypted]\n", i); } else { + if (pktlen < 2) /* At least two bytes for the length. */ + { + rc = G10ERR_INVALID_PACKET; + goto leave; + } n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; @@ -1971,7 +1993,13 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, if (rc) goto leave; - sk->csum = read_16(inp); pktlen -= 2; + if (pktlen < 2) + { + rc = G10ERR_INVALID_PACKET; + goto leave; + } + sk->csum = read_16(inp); + pktlen -= 2; if( list_mode ) { fprintf (listfp, "\tchecksum: %04hx\n", sk->csum); } @@ -1980,6 +2008,12 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, else { PKT_public_key *pk = pkt->pkt.public_key; + if (pktlen < 1) + { + rc = G10ERR_INVALID_PACKET; + goto leave; + } + if( !npkey ) { pk->pkey[0] = mpi_set_opaque( NULL, read_rest(inp, pktlen, 0), pktlen ); @@ -1988,7 +2022,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, } for(i=0; i < npkey; i++ ) { - n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; + n = pktlen; + pk->pkey[i] = mpi_read(inp, &n, 0 ); + pktlen -=n; if( list_mode ) { fprintf (listfp, "\tpkey[%d]: ", i); mpi_print(listfp, pk->pkey[i], mpi_print_mode ); ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 50 +++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 6 14:09:55 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 06 Apr 2015 14:09:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-82-gc581ed7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c581ed717ad2cc4be90c46253baa44a0d3ba5b80 (commit) via 24a75201da6be72edf85b96dbc0c01c747d02c6a (commit) via 2f099eb62ac6491675bbcccaca4e076b2d8e7ea0 (commit) via 4de8a58e44262a25564e2acef8c8865d1755982e (commit) from d901efcebaefaf6eae4a9b9aa8f0c2c055d3518a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c581ed717ad2cc4be90c46253baa44a0d3ba5b80 Author: Werner Koch Date: Mon Apr 6 14:07:50 2015 +0200 gpg: Add new option --debug-iolbf. * g10/gpg.c (oDebugIOLBF): new. (opts): Add --debug-iolbf. (main): Set option. -- This option is convenient for debugging to make sure that debug output to stderr is synced with output to stdout. Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 741271e..393cf24 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2451,6 +2451,11 @@ be given in C syntax (e.g. 0x0042). @opindex debug-all Set all useful debugging flags. + at item --debug-iolbf + at opindex debug-iolbf +Set stdout into line buffered mode. This option is only honored when +given on the command line. + @item --faked-system-time @var{epoch} @opindex faked-system-time This option is only useful for testing; it sets the system time back or diff --git a/g10/gpg.c b/g10/gpg.c index a52d1d9..aec6e80 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -196,7 +196,7 @@ enum cmd_and_opt_values oDebug, oDebugLevel, oDebugAll, - oDebugCCIDDriver, + oDebugIOLBF, oStatusFD, oStatusFile, oAttributeFD, @@ -557,6 +557,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_p_u (oDebug, "debug", "@"), ARGPARSE_s_s (oDebugLevel, "debug-level", "@"), ARGPARSE_s_n (oDebugAll, "debug-all", "@"), + ARGPARSE_s_n (oDebugIOLBF, "debug-iolbf", "@"), ARGPARSE_s_i (oStatusFD, "status-fd", "@"), ARGPARSE_s_s (oStatusFile, "status-file", "@"), ARGPARSE_s_i (oAttributeFD, "attribute-fd", "@"), @@ -2158,6 +2159,8 @@ main (int argc, char **argv) while( arg_parse( &pargs, opts) ) { if( pargs.r_opt == oDebug || pargs.r_opt == oDebugAll ) parse_debug++; + else if (pargs.r_opt == oDebugIOLBF) + es_setvbuf (es_stdout, NULL, _IOLBF, 0); else if( pargs.r_opt == oOptions ) { /* yes there is one, so we do not try the default one, but * read the option file when it is encountered at the commandline @@ -2419,6 +2422,8 @@ main (int argc, char **argv) case oDebugAll: opt.debug = ~0; break; case oDebugLevel: debug_level = pargs.r.ret_str; break; + case oDebugIOLBF: break; /* Already set in pre-parse step. */ + case oStatusFD: set_status_fd ( translate_sys2libc_fd_int (pargs.r.ret_int, 1) ); break; commit 24a75201da6be72edf85b96dbc0c01c747d02c6a Author: Werner Koch Date: Mon Apr 6 13:42:17 2015 +0200 Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG. * g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE. diff --git a/agent/agent.h b/agent/agent.h index d61e634..30d0ffb 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -146,7 +146,7 @@ struct #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ -#define DBG_ASSUAN_VALUE 1024 /* Enable Assuan debugging. */ +#define DBG_IPC_VALUE 1024 /* Enable Assuan debugging. */ /* Test macros for the debug option. */ #define DBG_COMMAND (opt.debug & DBG_COMMAND_VALUE) @@ -154,7 +154,7 @@ struct #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) -#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) /* Forward reference for local definitions in command.c. */ struct server_local_s; diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index ef1bfa4..6db429c 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -135,7 +135,7 @@ unlock_pinentry (int rc) if (rc) { - if (DBG_ASSUAN) + if (DBG_IPC) log_debug ("error calling pinentry: %s <%s>\n", gpg_strerror (rc), gpg_strsource (rc)); @@ -351,7 +351,7 @@ start_pinentry (ctrl_t ctrl) } entry_ctx = ctx; - if (DBG_ASSUAN) + if (DBG_IPC) log_debug ("connection to PIN entry established\n"); rc = assuan_transact (entry_ctx, diff --git a/agent/call-scd.c b/agent/call-scd.c index ade7ef1..6cd5825 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -366,7 +366,7 @@ start_scd (ctrl_t ctrl) { memcpy (socket_name, databuf, datalen); socket_name[datalen] = 0; - if (DBG_ASSUAN) + if (DBG_IPC) log_debug ("additional connections at '%s'\n", socket_name); } } diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 6e1c76e..740af75 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -435,11 +435,11 @@ set_debug (void) else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) - opt.debug = DBG_ASSUAN_VALUE; + opt.debug = DBG_IPC_VALUE; else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) - opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE; + opt.debug = DBG_IPC_VALUE|DBG_COMMAND_VALUE; else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) - opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE + opt.debug = (DBG_IPC_VALUE|DBG_COMMAND_VALUE |DBG_CACHE_VALUE); else if (!strcmp (debug_level, "guru") || numok) { @@ -478,7 +478,7 @@ set_debug (void) (opt.debug & DBG_CACHE_VALUE )? " cache":"", (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", (opt.debug & DBG_HASHING_VALUE)? " hashing":"", - (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); + (opt.debug & DBG_IPC_VALUE )? " ipc":""); } @@ -1952,7 +1952,7 @@ putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam) if (!cds->cbData || mapfile[cds->cbData - 1]) return 0; /* Ignore empty and non-properly terminated strings. */ - if (DBG_ASSUAN) + if (DBG_IPC) { npth_protect (); log_debug ("ssh map file '%s'", mapfile); @@ -1960,7 +1960,7 @@ putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam) } maphd = OpenFileMapping (FILE_MAP_ALL_ACCESS, FALSE, mapfile); - if (DBG_ASSUAN) + if (DBG_IPC) { npth_protect (); log_debug ("ssh map handle %p\n", maphd); @@ -1989,7 +1989,7 @@ putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam) goto leave; } - if (DBG_ASSUAN) + if (DBG_IPC) { char *sidstr; @@ -2010,7 +2010,7 @@ putty_message_proc (HWND hwnd, UINT msg, WPARAM wparam, LPARAM lparam) } data = MapViewOfFile (maphd, FILE_MAP_ALL_ACCESS, 0, 0, 0); - if (DBG_ASSUAN) + if (DBG_IPC) log_debug ("ssh IPC buffer at %p\n", data); if (!data) goto leave; diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 94d6692..4c17c8c 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -393,11 +393,11 @@ set_debug (void) else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) - opt.debug = DBG_ASSUAN_VALUE; + opt.debug = DBG_IPC_VALUE; else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) - opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE); + opt.debug = (DBG_IPC_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE); else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) - opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE + opt.debug = (DBG_IPC_VALUE|DBG_X509_VALUE|DBG_LOOKUP_VALUE |DBG_CACHE_VALUE|DBG_CRYPTO_VALUE); else if (!strcmp (debug_level, "guru") || numok) { diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 3185778..56abc86 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -138,7 +138,7 @@ struct #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ -#define DBG_ASSUAN_VALUE 1024 /* debug assuan communication */ +#define DBG_IPC_VALUE 1024 /* debug assuan communication */ #define DBG_LOOKUP_VALUE 8192 /* debug lookup details */ #define DBG_X509 (opt.debug & DBG_X509_VALUE) @@ -146,7 +146,7 @@ struct #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) -#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) #define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) /* A simple list of certificate references. */ diff --git a/g10/call-agent.c b/g10/call-agent.c index 2a80f22..017e916 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -43,10 +43,6 @@ #include "../common/shareddefs.h" #include "host2net.h" -#ifndef DBG_ASSUAN -# define DBG_ASSUAN 1 -#endif - #define CONTROL_D ('D' - 'A' + 1) @@ -286,7 +282,7 @@ start_agent (ctrl_t ctrl, int for_card) opt.agent_program, opt.lc_ctype, opt.lc_messages, opt.session_env, - opt.autostart, opt.verbose, DBG_ASSUAN, + opt.autostart, opt.verbose, DBG_IPC, NULL, NULL); if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT) { diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index e2f63fb..ef4ca76 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -131,7 +131,7 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx) GPG_ERR_SOURCE_DEFAULT, opt.homedir, opt.dirmngr_program, - opt.autostart, opt.verbose, DBG_ASSUAN, + opt.autostart, opt.verbose, DBG_IPC, NULL /*gpg_status2*/, ctrl); if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR) { diff --git a/g10/gpg.c b/g10/gpg.c index 2d6dabf..a52d1d9 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1136,7 +1136,7 @@ set_debug (const char *level) (opt.debug & DBG_HASHING_VALUE)? " hashing":"", (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"", (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"", - (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"", + (opt.debug & DBG_IPC_VALUE )? " ipc":"", (opt.debug & DBG_CLOCK_VALUE )? " clock":"", (opt.debug & DBG_LOOKUP_VALUE )? " lookup":""); } diff --git a/g10/options.h b/g10/options.h index c86ddc5..6c96d18 100644 --- a/g10/options.h +++ b/g10/options.h @@ -277,14 +277,11 @@ struct { #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_TRUST_VALUE 256 /* debug the trustdb */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ -#define DBG_EXTPROG_VALUE 1024 /* debug external program calls */ +#define DBG_IPC_VALUE 1024 /* debug assuan communication */ #define DBG_CARD_IO_VALUE 2048 /* debug smart card I/O. */ #define DBG_CLOCK_VALUE 4096 #define DBG_LOOKUP_VALUE 8192 /* debug the kety lookup */ - -/* Fixme: For now alias this value. */ -#define DBG_ASSUAN_VALUE DBG_EXTPROG_VALUE - +#define DBG_EXTPROG_VALUE 16384 /* debug external program calls */ /* Tests for the debugging flags. */ #define DBG_PACKET (opt.debug & DBG_PACKET_VALUE) @@ -293,11 +290,12 @@ struct { #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_TRUST (opt.debug & DBG_TRUST_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) -#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) #define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE) -#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) #define DBG_CLOCK (opt.debug & DBG_CLOCK_VALUE) #define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) +#define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE) /* FIXME: We need to check whey we did not put this into opt. */ #define DBG_MEMORY memory_debug_mode diff --git a/g13/call-gpg.c b/g13/call-gpg.c index 54f6056..0bd935c 100644 --- a/g13/call-gpg.c +++ b/g13/call-gpg.c @@ -136,7 +136,7 @@ start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx) *r_ctx = ctx; - if (DBG_ASSUAN) + if (DBG_IPC) log_debug ("connection to GPG established\n"); return 0; } diff --git a/g13/g13.c b/g13/g13.c index 157e646..2e4e63d 100644 --- a/g13/g13.c +++ b/g13/g13.c @@ -260,11 +260,11 @@ set_debug (void) else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) - opt.debug = DBG_ASSUAN_VALUE|DBG_MOUNT_VALUE; + opt.debug = DBG_IPC_VALUE|DBG_MOUNT_VALUE; else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) - opt.debug = DBG_ASSUAN_VALUE|DBG_MOUNT_VALUE; + opt.debug = DBG_IPC_VALUE|DBG_MOUNT_VALUE; else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) - opt.debug = (DBG_ASSUAN_VALUE|DBG_MOUNT_VALUE|DBG_CRYPTO_VALUE); + opt.debug = (DBG_IPC_VALUE|DBG_MOUNT_VALUE|DBG_CRYPTO_VALUE); else if (!strcmp (debug_level, "guru") || numok) { opt.debug = ~0; @@ -294,7 +294,7 @@ set_debug (void) (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", (opt.debug & DBG_MEMORY_VALUE )? " memory":"", (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", - (opt.debug & DBG_ASSUAN_VALUE )? " assuan":""); + (opt.debug & DBG_IPC_VALUE )? " ipc":""); } diff --git a/g13/g13.h b/g13/g13.h index bdcc02a..371833d 100644 --- a/g13/g13.h +++ b/g13/g13.h @@ -70,12 +70,12 @@ struct #define DBG_CRYPTO_VALUE 4 /* Debug low level crypto. */ #define DBG_MEMORY_VALUE 32 /* Debug memory allocation stuff. */ #define DBG_MEMSTAT_VALUE 128 /* Show memory statistics. */ -#define DBG_ASSUAN_VALUE 1024 /* Debug assuan communication. */ +#define DBG_IPC_VALUE 1024 /* Debug assuan communication. */ #define DBG_MOUNT (opt.debug & DBG_MOUNT_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) -#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) /* Forward declaration for an object defined in server.c. */ struct server_local_s; diff --git a/scd/scdaemon.c b/scd/scdaemon.c index d0777e8..39925ce 100644 --- a/scd/scdaemon.c +++ b/scd/scdaemon.c @@ -309,11 +309,11 @@ set_debug (const char *level) else if (!strcmp (level, "none") || (numok && numlvl < 1)) opt.debug = 0; else if (!strcmp (level, "basic") || (numok && numlvl <= 2)) - opt.debug = DBG_ASSUAN_VALUE; + opt.debug = DBG_IPC_VALUE; else if (!strcmp (level, "advanced") || (numok && numlvl <= 5)) - opt.debug = DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE; + opt.debug = DBG_IPC_VALUE|DBG_COMMAND_VALUE; else if (!strcmp (level, "expert") || (numok && numlvl <= 8)) - opt.debug = (DBG_ASSUAN_VALUE|DBG_COMMAND_VALUE + opt.debug = (DBG_IPC_VALUE|DBG_COMMAND_VALUE |DBG_CACHE_VALUE|DBG_CARD_IO_VALUE); else if (!strcmp (level, "guru") || numok) { @@ -352,7 +352,7 @@ set_debug (const char *level) (opt.debug & DBG_CACHE_VALUE )? " cache":"", (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", (opt.debug & DBG_HASHING_VALUE)? " hashing":"", - (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"", + (opt.debug & DBG_IPC_VALUE )? " ipc":"", (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"", (opt.debug & DBG_READER_VALUE )? " reader":""); } diff --git a/scd/scdaemon.h b/scd/scdaemon.h index ab63425..35ada43 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -73,7 +73,7 @@ struct #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ -#define DBG_ASSUAN_VALUE 1024 +#define DBG_IPC_VALUE 1024 #define DBG_CARD_IO_VALUE 2048 #define DBG_READER_VALUE 4096 /* Trace reader related functions. */ @@ -82,7 +82,7 @@ struct #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) -#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) #define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE) #define DBG_READER (opt.debug & DBG_READER_VALUE) diff --git a/sm/call-agent.c b/sm/call-agent.c index f579200..4b2ec33 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -95,7 +95,7 @@ start_agent (ctrl_t ctrl) opt.agent_program, opt.lc_ctype, opt.lc_messages, opt.session_env, - opt.autostart, opt.verbose, DBG_ASSUAN, + opt.autostart, opt.verbose, DBG_IPC, gpgsm_status2, ctrl); if (!opt.autostart && gpg_err_code (rc) == GPG_ERR_NO_AGENT) diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index f8cfdf8..560ea72 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -209,7 +209,7 @@ start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r) err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT, opt.homedir, opt.dirmngr_program, - opt.autostart, opt.verbose, DBG_ASSUAN, + opt.autostart, opt.verbose, DBG_IPC, gpgsm_status2, ctrl); if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR) { diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 773cf9c..8cd7e84 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -670,11 +670,11 @@ set_debug (void) else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) opt.debug = 0; else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) - opt.debug = DBG_ASSUAN_VALUE; + opt.debug = DBG_IPC_VALUE; else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) - opt.debug = DBG_ASSUAN_VALUE|DBG_X509_VALUE; + opt.debug = DBG_IPC_VALUE|DBG_X509_VALUE; else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) - opt.debug = (DBG_ASSUAN_VALUE|DBG_X509_VALUE + opt.debug = (DBG_IPC_VALUE|DBG_X509_VALUE |DBG_CACHE_VALUE|DBG_CRYPTO_VALUE); else if (!strcmp (debug_level, "guru") || numok) { @@ -714,7 +714,7 @@ set_debug (void) (opt.debug & DBG_CACHE_VALUE )? " cache":"", (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"", (opt.debug & DBG_HASHING_VALUE)? " hashing":"", - (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"" ); + (opt.debug & DBG_IPC_VALUE )? " ipc":"" ); } diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 63c9d0b..187ed83 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -153,14 +153,14 @@ struct #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ -#define DBG_ASSUAN_VALUE 1024 /* debug assuan communication */ +#define DBG_IPC_VALUE 1024 /* debug assuan communication */ #define DBG_X509 (opt.debug & DBG_X509_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) -#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) +#define DBG_IPC (opt.debug & DBG_IPC_VALUE) /* Forward declaration for an object defined in server.c */ struct server_local_s; commit 2f099eb62ac6491675bbcccaca4e076b2d8e7ea0 Author: Werner Koch Date: Mon Apr 6 13:27:26 2015 +0200 Fix use of DBG_CACHE and DBG_LOOKUP * dirmngr/dirmngr.h (DBG_LOOKUP_VALUE): Change to 8192. * g10/options.h (DBG_LOOKUP_VALUE, DBG_LOOKUP): New. * g10/getkey.c: Use DBG_LOOKUP instead of DBG_CACHE at most places. diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 320d178..3185778 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -133,21 +133,21 @@ struct #define DBG_X509_VALUE 1 /* debug x.509 parsing */ -#define DBG_LOOKUP_VALUE 2 /* debug lookup details */ #define DBG_CRYPTO_VALUE 4 /* debug low level crypto */ #define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */ #define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ #define DBG_ASSUAN_VALUE 1024 /* debug assuan communication */ +#define DBG_LOOKUP_VALUE 8192 /* debug lookup details */ #define DBG_X509 (opt.debug & DBG_X509_VALUE) -#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) #define DBG_MEMORY (opt.debug & DBG_MEMORY_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) -#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) +#define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) +#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) /* A simple list of certificate references. */ struct cert_ref_s diff --git a/g10/getkey.c b/g10/getkey.c index d54bd57..998f111 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2373,7 +2373,7 @@ finish_lookup (GETKEY_CTX ctx) } } - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x)\n", (ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL), foundk ? "one" : "all", req_usage); @@ -2400,43 +2400,43 @@ finish_lookup (GETKEY_CTX ctx) if (foundk) nextk = NULL; /* what a hack */ pk = k->pkt->pkt.public_key; - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tchecking subkey %08lX\n", (ulong) keyid_from_pk (pk, NULL)); if (!pk->flags.valid) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tsubkey not valid\n"); continue; } if (pk->flags.revoked) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tsubkey has been revoked\n"); continue; } if (pk->has_expired) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tsubkey has expired\n"); continue; } if (pk->timestamp > curtime && !opt.ignore_valid_from) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tsubkey not yet valid\n"); continue; } if (!((pk->pubkey_usage & USAGE_MASK) & req_usage)) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tusage does not match: want=%x have=%x\n", req_usage, pk->pubkey_usage); continue; } - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tsubkey might be fine\n"); /* In case a key has a timestamp of 0 set, we make sure that it is used. A better change would be to compare @@ -2455,33 +2455,33 @@ finish_lookup (GETKEY_CTX ctx) if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) { PKT_public_key *pk; - if (DBG_CACHE && !foundk && !req_prim) + if (DBG_LOOKUP && !foundk && !req_prim) log_debug ("\tno suitable subkeys found - trying primary\n"); pk = keyblock->pkt->pkt.public_key; if (!pk->flags.valid) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tprimary key not valid\n"); } else if (pk->flags.revoked) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tprimary key has been revoked\n"); } else if (pk->has_expired) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tprimary key has expired\n"); } else if (!((pk->pubkey_usage & USAGE_MASK) & req_usage)) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tprimary key usage does not match: " "want=%x have=%x\n", req_usage, pk->pubkey_usage); } else /* Okay. */ { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tprimary key may be used\n"); latest_key = keyblock; latest_date = pk->timestamp; @@ -2490,13 +2490,13 @@ finish_lookup (GETKEY_CTX ctx) if (!latest_key) { - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tno suitable key found - giving up\n"); return 0; /* Not found. */ } found: - if (DBG_CACHE) + if (DBG_LOOKUP) log_debug ("\tusing key %08lX\n", (ulong) keyid_from_pk (latest_key->pkt->pkt.public_key, NULL)); diff --git a/g10/gpg.c b/g10/gpg.c index 7df2d1d..2d6dabf 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1093,7 +1093,7 @@ set_debug (const char *level) opt.debug = DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE; else if (!strcmp (level, "expert") || (numok && numlvl <= 8)) opt.debug = (DBG_MEMSTAT_VALUE|DBG_TRUST_VALUE|DBG_EXTPROG_VALUE - |DBG_CACHE_VALUE|DBG_FILTER_VALUE|DBG_PACKET_VALUE); + |DBG_CACHE_VALUE|DBG_LOOKUP|DBG_FILTER_VALUE|DBG_PACKET_VALUE); else if (!strcmp (level, "guru") || numok) { opt.debug = ~0; @@ -1123,7 +1123,7 @@ set_debug (const char *level) gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); if (opt.debug) - log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", + log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (opt.debug & DBG_PACKET_VALUE )? " packet":"", (opt.debug & DBG_MPI_VALUE )? " mpi":"", (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", @@ -1137,7 +1137,8 @@ set_debug (const char *level) (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"", (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"", (opt.debug & DBG_ASSUAN_VALUE )? " assuan":"", - (opt.debug & DBG_CLOCK_VALUE )? " clock":""); + (opt.debug & DBG_CLOCK_VALUE )? " clock":"", + (opt.debug & DBG_LOOKUP_VALUE )? " lookup":""); } diff --git a/g10/options.h b/g10/options.h index 217a960..c86ddc5 100644 --- a/g10/options.h +++ b/g10/options.h @@ -273,13 +273,14 @@ struct { #define DBG_FILTER_VALUE 8 /* debug internal filter handling */ #define DBG_IOBUF_VALUE 16 /* debug iobuf stuff */ #define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */ -#define DBG_CACHE_VALUE 64 /* debug the cacheing */ +#define DBG_CACHE_VALUE 64 /* debug the caching */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_TRUST_VALUE 256 /* debug the trustdb */ #define DBG_HASHING_VALUE 512 /* debug hashing operations */ #define DBG_EXTPROG_VALUE 1024 /* debug external program calls */ #define DBG_CARD_IO_VALUE 2048 /* debug smart card I/O. */ #define DBG_CLOCK_VALUE 4096 +#define DBG_LOOKUP_VALUE 8192 /* debug the kety lookup */ /* Fixme: For now alias this value. */ #define DBG_ASSUAN_VALUE DBG_EXTPROG_VALUE @@ -296,6 +297,7 @@ struct { #define DBG_CARD_IO (opt.debug & DBG_CARD_IO_VALUE) #define DBG_ASSUAN (opt.debug & DBG_ASSUAN_VALUE) #define DBG_CLOCK (opt.debug & DBG_CLOCK_VALUE) +#define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) /* FIXME: We need to check whey we did not put this into opt. */ #define DBG_MEMORY memory_debug_mode commit 4de8a58e44262a25564e2acef8c8865d1755982e Author: Werner Koch Date: Mon Apr 6 13:07:09 2015 +0200 gpg: Rename a debug macro. * g10/options.h (DBG_CIPHER_VALUE): Rename to DBG_CRYPTO_VALUE. (DBG_CIPHER): Rename to DBG_CRYPTO. diff --git a/g10/ecdh.c b/g10/ecdh.c index 07f3983..9576a1c 100644 --- a/g10/ecdh.c +++ b/g10/ecdh.c @@ -76,7 +76,7 @@ pk_ecdh_default_params (unsigned int qbits) } } assert (i < DIM (kek_params_table)); - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("ECDH KEK params are", kek_params, sizeof(kek_params) ); return gcry_mpi_set_opaque (NULL, kek_params, 4 * 8); @@ -138,7 +138,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, memmove (secret_x, secret_x+1, secret_x_size); memset (secret_x+secret_x_size, 0, nbytes-secret_x_size); - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size ); } @@ -158,7 +158,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, kek_params = gcry_mpi_get_opaque (pkey[2], &nbits); kek_params_size = (nbits+7)/8; - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("ecdh KDF params:", kek_params, kek_params_size); /* Expect 4 bytes 03 01 hash_alg symm_alg. */ @@ -171,7 +171,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, kdf_hash_algo = kek_params[2]; kdf_encr_algo = kek_params[3]; - if (DBG_CIPHER) + if (DBG_CRYPTO) log_debug ("ecdh KDF algorithms %s+%s with aeswrap\n", openpgp_md_algo_name (kdf_hash_algo), openpgp_cipher_algo_name (kdf_encr_algo)); @@ -215,7 +215,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, return err; } - if(DBG_CIPHER) + if(DBG_CRYPTO) log_printhex ("ecdh KDF message params are:", message, message_size); } @@ -251,7 +251,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, /* We could have allocated more, so clean the tail before returning. */ memset (secret_x+secret_x_size, 0, old_size - secret_x_size); - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("ecdh KEK is:", secret_x, secret_x_size ); } @@ -317,7 +317,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, return err; } - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("ecdh encrypting :", in, data_buf_size ); err = gcry_cipher_encrypt (hd, data_buf+1, data_buf_size+8, @@ -333,7 +333,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, } data_buf[0] = data_buf_size+8; - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("ecdh encrypted to:", data_buf+1, data_buf[0] ); result = gcry_mpi_set_opaque (NULL, data_buf, 8 * (1+data_buf[0])); @@ -370,7 +370,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, in = data_buf+data_buf_size; data_buf_size = data_buf[0]; - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("ecdh decrypting :", data_buf+1, data_buf_size); err = gcry_cipher_decrypt (hd, in, data_buf_size, data_buf+1, @@ -386,7 +386,7 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, data_buf_size -= 8; - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("ecdh decrypted to :", in, data_buf_size); /* Padding is removed later. */ @@ -420,12 +420,12 @@ gen_k (unsigned nbits) gcry_mpi_t k; k = gcry_mpi_snew (nbits); - if (DBG_CIPHER) + if (DBG_CRYPTO) log_debug ("choosing a random k of %u bits\n", nbits); gcry_mpi_randomize (k, nbits-1, GCRY_STRONG_RANDOM); - if (DBG_CIPHER) + if (DBG_CRYPTO) { unsigned char *buffer; if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, k)) diff --git a/g10/encrypt.c b/g10/encrypt.c index 7b5028d..d5835d4 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -621,7 +621,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename, } make_session_key (cfx.dek); - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("DEK is: ", cfx.dek->key, cfx.dek->keylen ); rc = write_pubkey_enc_from_list (pk_list, cfx.dek, out); @@ -815,7 +815,7 @@ encrypt_filter (void *opaque, int control, efx->cfx.dek->use_mdc = use_mdc (efx->pk_list,efx->cfx.dek->algo); make_session_key ( efx->cfx.dek ); - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("DEK is: ", efx->cfx.dek->key, efx->cfx.dek->keylen); rc = write_pubkey_enc_from_list (efx->pk_list, efx->cfx.dek, a); diff --git a/g10/gpg.c b/g10/gpg.c index da4224f..7df2d1d 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1116,7 +1116,7 @@ set_debug (const char *level) memory_stat_debug_mode = 1; if (opt.debug & DBG_MPI_VALUE) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 2); - if (opt.debug & DBG_CIPHER_VALUE ) + if (opt.debug & DBG_CRYPTO_VALUE ) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); if (opt.debug & DBG_IOBUF_VALUE ) iobuf_debug_mode = 1; @@ -1126,7 +1126,7 @@ set_debug (const char *level) log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", (opt.debug & DBG_PACKET_VALUE )? " packet":"", (opt.debug & DBG_MPI_VALUE )? " mpi":"", - (opt.debug & DBG_CIPHER_VALUE )? " cipher":"", + (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"", (opt.debug & DBG_FILTER_VALUE )? " filter":"", (opt.debug & DBG_IOBUF_VALUE )? " iobuf":"", (opt.debug & DBG_MEMORY_VALUE )? " memory":"", diff --git a/g10/options.h b/g10/options.h index 18cca2b..217a960 100644 --- a/g10/options.h +++ b/g10/options.h @@ -268,7 +268,7 @@ struct { #define DBG_PACKET_VALUE 1 /* debug packet reading/writing */ #define DBG_MPI_VALUE 2 /* debug mpi details */ -#define DBG_CIPHER_VALUE 4 /* debug cipher handling */ +#define DBG_CRYPTO_VALUE 4 /* debug crypto handling */ /* (may reveal sensitive data) */ #define DBG_FILTER_VALUE 8 /* debug internal filter handling */ #define DBG_IOBUF_VALUE 16 /* debug iobuf stuff */ @@ -287,7 +287,7 @@ struct { /* Tests for the debugging flags. */ #define DBG_PACKET (opt.debug & DBG_PACKET_VALUE) -#define DBG_CIPHER (opt.debug & DBG_CIPHER_VALUE) +#define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) #define DBG_FILTER (opt.debug & DBG_FILTER_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_TRUST (opt.debug & DBG_TRUST_VALUE) diff --git a/g10/pkglue.c b/g10/pkglue.c index 684ce8a..d72275b 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -263,7 +263,7 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data, public = get_mpi_from_sexp (s_ciph, "e", GCRYMPI_FMT_USG); gcry_sexp_release (s_ciph); s_ciph = NULL; - if (DBG_CIPHER) + if (DBG_CRYPTO) { log_debug ("ECDH ephemeral key:"); gcry_mpi_dump (public); diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 9574769..cb834af 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -227,7 +227,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) * DEK is the encryption key (session key) with length k * CSUM */ - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("DEK frame:", frame, nframe); n = 0; @@ -333,7 +333,7 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) } if (DBG_CLOCK) log_clock ("decryption ready"); - if (DBG_CIPHER) + if (DBG_CRYPTO) log_printhex ("DEK is:", dek->key, dek->keylen); /* Check that the algo is in the preferences and whether it has expired. */ diff --git a/g10/seskey.c b/g10/seskey.c index 410f0bf..e79faf8 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -82,7 +82,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits) u16 csum; gcry_mpi_t a; - if (DBG_CIPHER) + if (DBG_CRYPTO) log_debug ("encode_session_key: encoding %d byte DEK", dek->keylen); csum = 0; @@ -116,7 +116,7 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits) memset (frame+n, i, i); /* Use it as the value of each padded byte. */ assert (n+i == nframe); - if (DBG_CIPHER) + if (DBG_CRYPTO) log_debug ("encode_session_key: " "[%d] %02x %02x %02x ... %02x %02x %02x\n", (int) nframe, frame[0], frame[1], frame[2], ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 4 ++-- agent/call-pinentry.c | 4 ++-- agent/call-scd.c | 2 +- agent/gpg-agent.c | 16 ++++++++-------- dirmngr/dirmngr.c | 6 +++--- dirmngr/dirmngr.h | 8 ++++---- doc/gpg.texi | 5 +++++ g10/call-agent.c | 6 +----- g10/call-dirmngr.c | 2 +- g10/ecdh.c | 24 ++++++++++++------------ g10/encrypt.c | 4 ++-- g10/getkey.c | 32 ++++++++++++++++---------------- g10/gpg.c | 20 +++++++++++++------- g10/options.h | 20 ++++++++++---------- g10/pkglue.c | 2 +- g10/pubkey-enc.c | 4 ++-- g10/seskey.c | 4 ++-- g13/call-gpg.c | 2 +- g13/g13.c | 8 ++++---- g13/g13.h | 4 ++-- scd/scdaemon.c | 8 ++++---- scd/scdaemon.h | 4 ++-- sm/call-agent.c | 2 +- sm/call-dirmngr.c | 2 +- sm/gpgsm.c | 8 ++++---- sm/gpgsm.h | 4 ++-- 26 files changed, 106 insertions(+), 99 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 6 21:22:15 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 06 Apr 2015 21:22:15 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-85-gc238340 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c2383407bba5eefea486464a31e02846124c9da5 (commit) via 67a58118ab6171c0cf28b65a39973062690d1313 (commit) via f577d5c1a747d673fa1d5c012ce3e3b78b699c6a (commit) from c581ed717ad2cc4be90c46253baa44a0d3ba5b80 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c2383407bba5eefea486464a31e02846124c9da5 Author: Werner Koch Date: Mon Apr 6 20:23:05 2015 +0200 gpg: Print the user id in --fast-list-mode. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Change. diff --git a/g10/keylist.c b/g10/keylist.c index ac46691..d62bc20 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -998,7 +998,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) { - if (node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode) + if (node->pkt->pkttype == PKT_USER_ID) { PKT_user_id *uid = node->pkt->pkt.user_id; @@ -1370,7 +1370,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr) for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) { - if (node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode) + if (node->pkt->pkttype == PKT_USER_ID) { char *str; PKT_user_id *uid = node->pkt->pkt.user_id; commit 67a58118ab6171c0cf28b65a39973062690d1313 Author: Werner Koch Date: Mon Apr 6 19:46:25 2015 +0200 gpg: Prepare to pass additional context to the list functions. * g10/keylist.c (struct sig_stats): Rename to keylist_context and add field check_sigs. (keylist_context_release): New. (list_all): Set listctx.check_sigs and call release func. (list_one): Ditto. (locate_one): Ditto. (list_keyblock_print): Use .check_sigs field. Repalce arg opaque by listctx. (list_keyblock): Ditto. Make static. (list_keyblock_direct): New. * g10/keygen.c (do_generate_keypair): Replace list_keyblock by list_keyblock_direct. -- This is in preparation for the server mode and for a patch to speed up --list-sigs. Signed-off-by: Werner Koch diff --git a/g10/keygen.c b/g10/keygen.c index 4b0398a..ccd01f9 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4152,7 +4152,7 @@ do_generate_keypair (struct para_data_s *para, { tty_printf (_("public and secret key created and signed.\n") ); tty_printf ("\n"); - list_keyblock (pub_root, 0, 1, 1, NULL); + list_keyblock_direct (pub_root, 0, 1, 1); } diff --git a/g10/keylist.c b/g10/keylist.c index 925109a..ac46691 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -50,17 +50,31 @@ static void list_one (strlist_t names, int secret, int mark_secret); static void locate_one (ctrl_t ctrl, strlist_t names); static void print_card_serialno (const char *serialno); -struct sig_stats +struct keylist_context { - int inv_sigs; - int no_key; - int oth_err; + int check_sigs; /* If set signatures shall be verified. */ + int inv_sigs; /* Counter used if CHECK_SIGS is set. */ + int no_key; /* Counter used if CHECK_SIGS is set. */ + int oth_err; /* Counter used if CHECK_SIGS is set. */ }; + +static void list_keyblock (kbnode_t keyblock, int secret, int has_secret, + int fpr, struct keylist_context *listctx); + + /* The stream used to write attribute packets to. */ static estream_t attrib_fp; +/* Release resources from a keylist context. */ +static void +keylist_context_release (struct keylist_context *listctx) +{ + (void)listctx; /* Nothing to release. */ +} + + /* List the keys. If list is NULL, all available keys are listed. With LOCATE_MODE set the locate algorithm is used to find a key. */ @@ -416,9 +430,13 @@ show_notation (PKT_signature * sig, int indent, int mode, int which) free_notation (notations); } + static void -print_signature_stats (struct sig_stats *s) +print_signature_stats (struct keylist_context *s) { + if (!s->check_sigs) + return; /* Signature checking was not requested. */ + if (s->inv_sigs == 1) tty_printf (_("1 bad signature\n")); else if (s->inv_sigs) @@ -446,9 +464,11 @@ list_all (int secret, int mark_secret) int rc = 0; int any_secret; const char *lastresname, *resname; - struct sig_stats stats; + struct keylist_context listctx; - memset (&stats, 0, sizeof (stats)); + memset (&listctx, 0, sizeof (listctx)); + if (opt.check_sigs) + listctx.check_sigs = 1; hd = keydb_new (); if (!hd) @@ -499,7 +519,7 @@ list_all (int secret, int mark_secret) } merge_keys_and_selfsig (keyblock); list_keyblock (keyblock, secret, any_secret, opt.fingerprint, - opt.check_sigs ? &stats : NULL); + &listctx); } release_kbnode (keyblock); keyblock = NULL; @@ -513,9 +533,10 @@ list_all (int secret, int mark_secret) keydb_get_skipped_counter (hd)); if (opt.check_sigs && !opt.with_colons) - print_signature_stats (&stats); + print_signature_stats (&listctx); -leave: + leave: + keylist_context_release (&listctx); release_kbnode (keyblock); keydb_release (hd); } @@ -530,9 +551,11 @@ list_one (strlist_t names, int secret, int mark_secret) const char *resname; const char *keyring_str = _("Keyring"); int i; - struct sig_stats stats; + struct keylist_context listctx; - memset (&stats, 0, sizeof (stats)); + memset (&listctx, 0, sizeof (listctx)); + if (!secret && opt.check_sigs) + listctx.check_sigs = 1; /* fixme: using the bynames function has the disadvantage that we * don't know wether one of the names given was not found. OTOH, @@ -561,15 +584,16 @@ list_one (strlist_t names, int secret, int mark_secret) es_putc ('-', es_stdout); es_putc ('\n', es_stdout); } - list_keyblock (keyblock, secret, mark_secret, opt.fingerprint, - (!secret && opt.check_sigs)? &stats : NULL); + list_keyblock (keyblock, secret, mark_secret, opt.fingerprint, &listctx); release_kbnode (keyblock); } while (!getkey_next (ctx, NULL, &keyblock)); getkey_end (ctx); if (opt.check_sigs && !opt.with_colons) - print_signature_stats (&stats); + print_signature_stats (&listctx); + + keylist_context_release (&listctx); } @@ -580,9 +604,11 @@ locate_one (ctrl_t ctrl, strlist_t names) strlist_t sl; GETKEY_CTX ctx = NULL; KBNODE keyblock = NULL; - struct sig_stats stats; + struct keylist_context listctx; - memset (&stats, 0, sizeof (stats)); + memset (&listctx, 0, sizeof (listctx)); + if (opt.check_sigs) + listctx.check_sigs = 1; for (sl = names; sl; sl = sl->next) { @@ -596,8 +622,7 @@ locate_one (ctrl_t ctrl, strlist_t names) { do { - list_keyblock (keyblock, 0, 0, opt.fingerprint, - opt.check_sigs ? &stats : NULL); + list_keyblock (keyblock, 0, 0, opt.fingerprint, &listctx); release_kbnode (keyblock); } while (ctx && !get_pubkey_next (ctx, NULL, &keyblock)); @@ -607,7 +632,9 @@ locate_one (ctrl_t ctrl, strlist_t names) } if (opt.check_sigs && !opt.with_colons) - print_signature_stats (&stats); + print_signature_stats (&listctx); + + keylist_context_release (&listctx); } @@ -869,13 +896,13 @@ list_keyblock_pka (kbnode_t keyblock) static void -list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque) +list_keyblock_print (KBNODE keyblock, int secret, int fpr, + struct keylist_context *listctx) { int rc; KBNODE kbctx; KBNODE node; PKT_public_key *pk; - struct sig_stats *stats = opaque; int skip_sigs = 0; int s2k_char; char *hexgrip = NULL; @@ -1103,7 +1130,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque) int sigrc; char *sigstr; - if (stats) + if (listctx->check_sigs) { rc = check_key_signature (keyblock, node, NULL); switch (gpg_err_code (rc)) @@ -1112,15 +1139,15 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque) sigrc = '!'; break; case GPG_ERR_BAD_SIGNATURE: - stats->inv_sigs++; + listctx->inv_sigs++; sigrc = '-'; break; case GPG_ERR_NO_PUBKEY: case GPG_ERR_UNUSABLE_PUBKEY: - stats->no_key++; + listctx->no_key++; continue; default: - stats->oth_err++; + listctx->oth_err++; sigrc = '%'; break; } @@ -1641,9 +1668,9 @@ reorder_keyblock (KBNODE keyblock) do_reorder_keyblock (keyblock, 0); } -void +static void list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr, - void *opaque) + struct keylist_context *listctx) { reorder_keyblock (keyblock); if (opt.print_pka_records) @@ -1651,12 +1678,24 @@ list_keyblock (KBNODE keyblock, int secret, int has_secret, int fpr, else if (opt.with_colons) list_keyblock_colon (keyblock, secret, has_secret, fpr); else - list_keyblock_print (keyblock, secret, fpr, opaque); + list_keyblock_print (keyblock, secret, fpr, listctx); if (secret) es_fflush (es_stdout); } +/* Public function used by keygen to list a keyblock. */ +void +list_keyblock_direct (kbnode_t keyblock, int secret, int has_secret, int fpr) +{ + struct keylist_context listctx; + + memset (&listctx, 0, sizeof (listctx)); + list_keyblock (keyblock, secret, has_secret, fpr, &listctx); + keylist_context_release (&listctx); +} + + /* Print an hex digit in ICAO spelling. */ static void print_icao_hexdigit (estream_t fp, int c) diff --git a/g10/main.h b/g10/main.h index 39a1feb..01eeb7f 100644 --- a/g10/main.h +++ b/g10/main.h @@ -346,8 +346,8 @@ void public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode ); void secret_key_list (ctrl_t ctrl, strlist_t list ); void print_subpackets_colon(PKT_signature *sig); void reorder_keyblock (KBNODE keyblock); -void list_keyblock (kbnode_t keyblock, int secret, int has_secret, - int fpr, void *opaque); +void list_keyblock_direct (kbnode_t keyblock, int secret, int has_secret, + int fpr); void print_fingerprint (estream_t fp, PKT_public_key *pk, int mode); void print_revokers (estream_t fp, PKT_public_key *pk); void show_policy_url(PKT_signature *sig,int indent,int mode); commit f577d5c1a747d673fa1d5c012ce3e3b78b699c6a Author: Werner Koch Date: Mon Apr 6 18:57:05 2015 +0200 gpg: Merge duplicated code for get_user_id et al. * g10/getkey.c (get_user_id_string): Add args mode and r_LEN. (get_user_id_string_native): Add new args. (get_long_user_id_string, get_user_id): Rewrite using get_user_id_string. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 998f111..20b37d8 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2754,34 +2754,69 @@ enum_secret_keys (void **context, PKT_public_key *sk) /* Return a string with a printable representation of the user_id. * this string must be freed by xfree. */ static char * -get_user_id_string (u32 * keyid) +get_user_id_string (u32 * keyid, int mode, size_t *r_len) { user_id_db_t r; + keyid_list_t a; int pass = 0; + char *p; + /* Try it two times; second pass reads from key resources. */ do { for (r = user_id_db; r; r = r->next) { - keyid_list_t a; for (a = r->keyids; a; a = a->next) { if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1]) { - return xasprintf ("%s %.*s", keystr (keyid), r->len, r->name); + if (mode == 2) + { + /* An empty string as user id is possible. Make + sure that the malloc allocates one byte and + does not bail out. */ + p = xmalloc (r->len? r->len : 1); + memcpy (p, r->name, r->len); + if (r_len) + *r_len = r->len; + } + else + { + if (mode) + p = xasprintf ("%08lX%08lX %.*s", + (ulong) keyid[0], (ulong) keyid[1], + r->len, r->name); + else + p = xasprintf ("%s %.*s", keystr (keyid), + r->len, r->name); + if (r_len) + *r_len = strlen (p); + } + + return p; } } } } while (++pass < 2 && !get_pubkey (NULL, keyid)); - return xasprintf ("%s [?]", keystr (keyid)); + + if (mode == 2) + p = xstrdup (user_id_not_found_utf8 ()); + else if (mode) + p = xasprintf ("%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]); + else + p = xasprintf ("%s [?]", keystr (keyid)); + + if (r_len) + *r_len = strlen (p); + return p; } char * get_user_id_string_native (u32 * keyid) { - char *p = get_user_id_string (keyid); + char *p = get_user_id_string (keyid, 0, NULL); char *p2 = utf8_to_native (p, strlen (p), 0); xfree (p); return p2; @@ -2791,65 +2826,18 @@ get_user_id_string_native (u32 * keyid) char * get_long_user_id_string (u32 * keyid) { - user_id_db_t r; - keyid_list_t a; - int pass = 0; - /* Try it two times; second pass reads from key resources. */ - do - { - for (r = user_id_db; r; r = r->next) - { - for (a = r->keyids; a; a = a->next) - { - if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1]) - { - return xasprintf ("%08lX%08lX %.*s", - (ulong) keyid[0], (ulong) keyid[1], - r->len, r->name); - } - } - } - } - while (++pass < 2 && !get_pubkey (NULL, keyid)); - return xasprintf ("%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]); + return get_user_id_string (keyid, 1, NULL); } -/* Please try to use get_user_id_native instead of this one. */ +/* Please try to use get_user_byfpr instead of this one. */ char * get_user_id (u32 * keyid, size_t * rn) { - user_id_db_t r; - char *p; - int pass = 0; - - /* Try it two times; second pass reads from key resources. */ - do - { - for (r = user_id_db; r; r = r->next) - { - keyid_list_t a; - for (a = r->keyids; a; a = a->next) - { - if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1]) - { - /* An empty string as user id is possible. Make - sure that the malloc allocates one byte and does - not bail out. */ - p = xmalloc (r->len? r->len : 1); - memcpy (p, r->name, r->len); - *rn = r->len; - return p; - } - } - } - } - while (++pass < 2 && !get_pubkey (NULL, keyid)); - p = xstrdup (user_id_not_found_utf8 ()); - *rn = strlen (p); - return p; + return get_user_id_string (keyid, 2, rn); } + /* Please try to use get_user_id_byfpr_native instead of this one. */ char * get_user_id_native (u32 * keyid) @@ -2863,7 +2851,7 @@ get_user_id_native (u32 * keyid) /* Return a user id from the caching by looking it up using the FPR - which mustbe of size MAX_FINGERPRINT_LEN. */ + which must be of size MAX_FINGERPRINT_LEN. */ char * get_user_id_byfpr (const byte *fpr, size_t *rn) { ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 102 ++++++++++++++++++++++++++-------------------------------- g10/keygen.c | 2 +- g10/keylist.c | 101 +++++++++++++++++++++++++++++++++++++++------------------ g10/main.h | 4 +-- 4 files changed, 118 insertions(+), 91 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 8 16:23:18 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 08 Apr 2015 16:23:18 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-86-g6619ead Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6619ead2cfd2abcb95b66dc70622fdeef624fb8a (commit) from c2383407bba5eefea486464a31e02846124c9da5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6619ead2cfd2abcb95b66dc70622fdeef624fb8a Author: Werner Koch Date: Wed Apr 8 15:58:16 2015 +0200 sm: Fix certificate lookup in dirmngr cache. * sm/call-dirmngr.c (get_cached_cert): Fix typo in LOOKUP command. -- This bug has been here since the code was written. The commit message for commit 2d0ca28a226773b9779a93c39bba9bace13232fe actually had the warning that the code has not been tested. Now the funny thing is that when the code was backported to the 2.0 branch just a few minutes later that typo was fixed en passant in that branch. diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index 560ea72..8e4841b 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -823,7 +823,7 @@ get_cached_cert (assuan_context_t ctx, *r_cert = NULL; bin2hex (fpr, 20, hexfpr); - snprintf (line, DIM(line)-1, "LOOKUP --signle --cache-only 0x%s", hexfpr); + snprintf (line, DIM(line)-1, "LOOKUP --single --cache-only 0x%s", hexfpr); init_membuf (&mb, 4096); err = assuan_transact (ctx, line, get_cached_cert_data_cb, &mb, ----------------------------------------------------------------------- Summary of changes: sm/call-dirmngr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 9 11:52:22 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 09 Apr 2015 11:52:22 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.2-8-g07116a3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 07116a314f4dcd4d96990bbd74db95a03a9f650a (commit) via aea7b6032865740478ca4b706850a5217f1c3887 (commit) via 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 (commit) from 792f4b36f998beba3515b776e8ca76ecbf20e468 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 07116a314f4dcd4d96990bbd74db95a03a9f650a Author: Werner Koch Date: Thu Apr 9 11:50:03 2015 +0200 Do not abort on decoder stack overflow. * src/ber-decoder.c (push_decoder_state, pop_decoder_state): Return an error code. (set_error): Prefix error message with "ksba:". Act on new return code. (decoder_next): Act on new return code. -- This changes the behaviour from gpgsm: unknown hash algorithm '1.8.48.48.48.48.48.48.48.48' gpgsm: detached signature w/o data - assuming certs-only ERROR: decoder stack overflow! Aborted to gpgsm: detached signature w/o data - assuming certs-only ksba: ber-decoder: stack overflow! gpgsm: ksba_cms_parse failed: Limit reached Use "gpgsm --verify FILE" to exhibit the problem. FILE is -----BEGIN PGP ARMORED FILE----- MDAGCSqGSIb3DQEHAqCAMDACAQExDzANBgkwMDAwMDAwMDAwADCABgkwMDAwMDAw MDAAMDEwoIGTMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAjMDA= =PQdP -----END PGP ARMORED FILE----- Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/src/ber-decoder.c b/src/ber-decoder.c index b4689fa..9e70d92 100644 --- a/src/ber-decoder.c +++ b/src/ber-decoder.c @@ -1,5 +1,5 @@ /* ber-decoder.c - Basic Encoding Rules Decoder - * Copyright (C) 2001, 2004, 2006, 2012 g10 Code GmbH + * Copyright (C) 2001, 2004, 2006, 2012, 2015 g10 Code GmbH * * This file is part of KSBA. * @@ -175,26 +175,28 @@ dump_decoder_state (DECODER_STATE ds) } /* Push ITEM onto the stack */ -static void +static gpg_error_t push_decoder_state (DECODER_STATE ds) { if (ds->idx >= ds->stacksize) { - fprintf (stderr, "ERROR: decoder stack overflow!\n"); - abort (); + fprintf (stderr, "ksba: ber-decoder: stack overflow!\n"); + return gpg_error (GPG_ERR_LIMIT_REACHED); } ds->stack[ds->idx++] = ds->cur; + return 0; } -static void +static gpg_error_t pop_decoder_state (DECODER_STATE ds) { if (!ds->idx) { - fprintf (stderr, "ERROR: decoder stack underflow!\n"); - abort (); + fprintf (stderr, "ksba: ber-decoder: stack underflow!\n"); + return gpg_error (GPG_ERR_INTERNAL); } ds->cur = ds->stack[--ds->idx]; + return 0; } @@ -202,7 +204,7 @@ pop_decoder_state (DECODER_STATE ds) static int set_error (BerDecoder d, AsnNode node, const char *text) { - fprintf (stderr,"ber-decoder: node `%s': %s\n", + fprintf (stderr,"ksba: ber-decoder: node `%s': %s\n", node? node->name:"?", text); d->last_errdesc = text; return gpg_error (GPG_ERR_BAD_BER); @@ -955,9 +957,9 @@ decoder_next (BerDecoder d) && (ds->cur.nread > ds->stack[ds->idx-1].length)) { - fprintf (stderr, " ERROR: object length field " + fprintf (stderr, "ksba: ERROR: object length field " "%d octects too large\n", - ds->cur.nread > ds->cur.length); + ds->cur.nread - ds->cur.length); ds->cur.nread = ds->cur.length; } if ( ds->idx @@ -967,7 +969,9 @@ decoder_next (BerDecoder d) >= ds->stack[ds->idx-1].length)))) { int n = ds->cur.nread; - pop_decoder_state (ds); + err = pop_decoder_state (ds); + if (err) + return err; ds->cur.nread += n; ds->cur.went_up++; } @@ -983,7 +987,9 @@ decoder_next (BerDecoder d) /* prepare for the next level */ ds->cur.length = ti.length; ds->cur.ndef_length = ti.ndef; - push_decoder_state (ds); + err = push_decoder_state (ds); + if (err) + return err; ds->cur.length = 0; ds->cur.ndef_length = 0; ds->cur.nread = 0; commit aea7b6032865740478ca4b706850a5217f1c3887 Author: Werner Koch Date: Thu Apr 9 11:17:28 2015 +0200 Fix integer overflow in the BER decoder. * src/ber-decoder.c (ber_decoder_s): Change val.length from int to size_t. (sum_a1_a2_gt_b, sum_a1_a2_ge_b): New. (decoder_next): Check for integer overflow. Use new sum function for size check. (_ksba_ber_decoder_dump): Use size_t for n to match change of val.length. Adjust printf fomrat. Check for integer overflow and use gpg_error_from_syserror instead of GPG_ERR_ENOMEM. (_ksba_ber_decoder_decode): Use new sum function for size check. Check for integer overflow. Use size_t for n to match change of val.length. -- The actual bug described below is due to assigning an int (val.length) to a size_t (ti.length). The int was too large and thus negative so that the condition to check for too large objects didn't worked. Changing the type would have been enough but other conditions are possible. Thus the introduction of sum_a1_a2_ge_b for overflow checking and checks when adding 100 extra bytes to malloc calls are added. Use "gpgsm --verify FILE" to exhibit the problem. FILE is -----BEGIN PGP ARMORED FILE----- MDAGCSqGSIb3DQEHAqCAMIACAQExDzANBgkwMDAwMDAwMDAwADAwBhcwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMAAwMTAGCTAwMDAwMDAwMDAwBgkwMDAwMDAwMDAwMAYJ MDAwMDAwMDAwMDAXLDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwCoYwMP////UwMDAwMDAwMDAwMDAwMDAwMA== =tvju -----END PGP ARMORED FILE----- Without the patch this error occured: gpgsm: unknown hash algorithm '1.8.48.48.48.48.48.48.48.48' gpgsm: detached signature w/o data - assuming certs-only ================================================================= ==14322==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60b00000aded at pc 0x462ca8 bp 0x7fffd5928d90 sp 0x7fffd5928d80 WRITE of size 1 at 0x60b00000aded thread T0 #0 0x462ca7 in base64_reader_cb [...]-2.1.2/sm/base64.c:363 #1 0x7f35e70b6365 (/usr/lib64/libksba.so.8+0x7365) #2 0x7f35e70bee11 (/usr/lib64/libksba.so.8+0xfe11) #3 0x7f35e70c75ed (/usr/lib64/libksba.so.8+0x185ed) #4 0x7f35e70c7a9d (/usr/lib64/libksba.so.8+0x18a9d) #5 0x7f35e70c356f (/usr/lib64/libksba.so.8+0x1456f) #6 0x7f35e70c58bf (/usr/lib64/libksba.so.8+0x168bf) #7 0x48cbee in gpgsm_verify [...]/gnupg-2.1.2/sm/verify.c:171 #8 0x412901 in main /data/gnupg/gnupg-2.1.2/sm/gpgsm.c:1795 #9 0x7f35e68d5f9f in __libc_start_main ([...] #10 0x415a91 (/data/gnupg/gnupg-2.1.2/sm/gpgsm+0x415a91) 0x60b00000aded is located 0 bytes to the right of 109-byte region [0x60b00000ad80,0x60b00000aded) allocated by thread T0 here: #0 0x7f35e782e6f7 in malloc [...] #1 0x7f35e75040b0 (/usr/lib64/libgcrypt.so.20+0xc0b0) SUMMARY: AddressSanitizer: heap-buffer-overflow [...] Shadow bytes around the buggy address: 0x0c167fff9560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c167fff9570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c167fff9580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c167fff9590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c167fff95a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c167fff95b0: 00 00 00 00 00 00 00 00 00 00 00 00 00[05]fa fa 0x0c167fff95c0: fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00 0x0c167fff95d0: 00 00 00 fa fa fa fa fa fa fa fa fa 00 00 00 00 Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/src/ber-decoder.c b/src/ber-decoder.c index 873f810..b4689fa 100644 --- a/src/ber-decoder.c +++ b/src/ber-decoder.c @@ -100,7 +100,7 @@ struct ber_decoder_s struct { int primitive; /* current value is a primitive one */ - int length; /* length of the primitive one */ + size_t length; /* length of the primitive one */ int nhdr; /* length of the header */ int tag; int is_endtag; @@ -109,6 +109,23 @@ struct ber_decoder_s }; + +/* Evaluate with overflow check: A1 + A2 > B */ +static inline int +sum_a1_a2_gt_b (size_t a1, size_t a2, size_t b) +{ + size_t sum = a1 + a2; + return (sum < a1 || sum > b); +} + +/* Evaluate with overflow check: A1 + A2 >= B */ +static inline int +sum_a1_a2_ge_b (size_t a1, size_t a2, size_t b) +{ + size_t sum = a1 + a2; + return (sum < a1 || sum >= b); +} + static DECODER_STATE @@ -839,14 +856,16 @@ decoder_next (BerDecoder d) { /* We need some extra bytes to store the stuff we read ahead at the end of the module which is later pushed back. */ - d->image.length = ti.length + 100; d->image.used = 0; + d->image.length = ti.length + 100; + if (d->image.length < ti.length) + return gpg_error (GPG_ERR_BAD_BER); d->image.buf = xtrymalloc (d->image.length); if (!d->image.buf) return gpg_error (GPG_ERR_ENOMEM); } - if (ti.nhdr + d->image.used >= d->image.length) + if (sum_a1_a2_ge_b (ti.nhdr, d->image.used, d->image.length)) return set_error (d, NULL, "image buffer too short to store the tag"); memcpy (d->image.buf + d->image.used, ti.buf, ti.nhdr); @@ -1041,7 +1060,7 @@ _ksba_ber_decoder_dump (BerDecoder d, FILE *fp) int depth = 0; AsnNode node; unsigned char *buf = NULL; - size_t buflen = 0;; + size_t buflen = 0; if (!d) return gpg_error (GPG_ERR_INV_VALUE); @@ -1063,9 +1082,9 @@ _ksba_ber_decoder_dump (BerDecoder d, FILE *fp) if (node) depth = distance (d->root, node); - fprintf (fp, "%4lu %4u:%*s", + fprintf (fp, "%4lu %4lu:%*s", ksba_reader_tell (d->reader) - d->val.nhdr, - d->val.length, + (unsigned long)d->val.length, depth*2, ""); if (node) _ksba_asn_node_dump (node, fp); @@ -1074,16 +1093,22 @@ _ksba_ber_decoder_dump (BerDecoder d, FILE *fp) if (node && d->val.primitive) { - int i, n, c; + size_t n; + int i, c; char *p; if (!buf || buflen < d->val.length) { xfree (buf); buflen = d->val.length + 100; - buf = xtrymalloc (buflen); - if (!buf) - err = gpg_error (GPG_ERR_ENOMEM); + if (buflen < d->val.length) + err = gpg_error (GPG_ERR_BAD_BER); /* Overflow */ + else + { + buf = xtrymalloc (buflen); + if (!buf) + err = gpg_error_from_syserror (); + } } for (n=0; !err && n < d->val.length; n++) @@ -1171,8 +1196,6 @@ _ksba_ber_decoder_decode (BerDecoder d, const char *start_name, while (!(err = decoder_next (d))) { - int n, c; - node = d->val.node; /* Fixme: USE_IMAGE is only not used with the ber-dump utility and thus of no big use. We should remove the other code @@ -1188,7 +1211,7 @@ _ksba_ber_decoder_decode (BerDecoder d, const char *start_name, if (node->type == TYPE_ANY) node->actual_type = d->val.tag; } - if (d->image.used + d->val.length > d->image.length) + if (sum_a1_a2_gt_b (d->image.used, d->val.length, d->image.length)) err = set_error(d, NULL, "TLV length too large"); else if (d->val.primitive) { @@ -1196,18 +1219,32 @@ _ksba_ber_decoder_decode (BerDecoder d, const char *start_name, d->image.buf + d->image.used, d->val.length)) err = eof_or_error (d, 1); else - d->image.used += d->val.length; + { + size_t sum = d->image.used + d->val.length; + if (sum < d->image.used) + err = gpg_error (GPG_ERR_BAD_BER); + else + d->image.used = sum; + } } } else if (node && d->val.primitive) { + size_t n; + int c; + if (!buf || buflen < d->val.length) { xfree (buf); buflen = d->val.length + 100; - buf = xtrymalloc (buflen); - if (!buf) - err = gpg_error (GPG_ERR_ENOMEM); + if (buflen < d->val.length) + err = gpg_error (GPG_ERR_BAD_BER); + else + { + buf = xtrymalloc (buflen); + if (!buf) + err = gpg_error_from_syserror (); + } } for (n=0; !err && n < d->val.length; n++) commit 243d12fdec66a4360fbb3e307a046b39b5b4ffc3 Author: Werner Koch Date: Wed Apr 8 18:51:21 2015 +0200 Fix encoding of invalid utf-8 strings in dn.c * src/dn.c (append_quoted, append_atv): Use snprintf. (append_utf8_value): Fix invalid encoding handling. -- An invalid utf-8 encoding will make the loop in append_utf8_value run once more with N > length which is not found by the termination condition and only the former assert terminates the process if the byte following the bad encoding has the high bit cleared. This will lead to a read access out of bounds. The patch removes the assert and fixes the handling of bad encoding. Due to the new quoting the output of a badly encoded utf-8 string will be different than in previous versions. Replacing sprintf is only for cosmetic reasons. Use "gpgsm --verify FILE" to exhibit the problem. FILE is -----BEGIN PGP ARMORED FILE----- MDAGCSqGSIb3DQEHAqCAMDACAQExDzANBgkwMDAwMDAwMDAwADCABgkwMDAwMDAw MDAAMDEwAgEwMDAwMDEwMDAGA1UEAwwB/4AwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw =NJTr -----END PGP ARMORED FILE----- Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/src/dn.c b/src/dn.c index 4fab689..d207bf0 100644 --- a/src/dn.c +++ b/src/dn.c @@ -260,7 +260,7 @@ append_quoted (struct stringbuf *sb, const unsigned char *value, size_t length, n += skip; if ( *s < ' ' || *s > 126 ) { - sprintf (tmp, "\\%02X", *s); + snprintf (tmp, sizeof tmp, "\\%02X", *s); put_stringbuf_mem (sb, tmp, 3); } else @@ -300,7 +300,6 @@ append_utf8_value (const unsigned char *value, size_t length, length--; } - /* FIXME: check that the invalid encoding handling is correct */ for (s=value, n=0;;) { for (value = s; n < length && !(*s & 0x80); n++, s++) @@ -309,8 +308,9 @@ append_utf8_value (const unsigned char *value, size_t length, append_quoted (sb, value, s-value, 0); if (n==length) return; /* ready */ - assert ((*s & 0x80)); - if ( (*s & 0xe0) == 0xc0 ) /* 110x xxxx */ + if (!(*s & 0x80)) + nmore = 0; /* Not expected here: high bit not set. */ + else if ( (*s & 0xe0) == 0xc0 ) /* 110x xxxx */ nmore = 1; else if ( (*s & 0xf0) == 0xe0 ) /* 1110 xxxx */ nmore = 2; @@ -320,21 +320,31 @@ append_utf8_value (const unsigned char *value, size_t length, nmore = 4; else if ( (*s & 0xfe) == 0xfc ) /* 1111 110x */ nmore = 5; - else /* invalid encoding */ - nmore = 5; /* we will reduce the check length anyway */ - - if (n+nmore > length) - nmore = length - n; /* oops, encoding to short */ + else /* Invalid encoding */ + nmore = 0; - tmp[0] = *s++; n++; - for (i=1; i <= nmore; i++) + if (!nmore) { - if ( (*s & 0xc0) != 0x80) - break; /* invalid encoding - stop */ - tmp[i] = *s++; - n++; + /* Encoding error: We quote the bad byte. */ + snprintf (tmp, sizeof tmp, "\\%02X", *s); + put_stringbuf_mem (sb, tmp, 3); + s++; n++; + } + else + { + if (n+nmore > length) + nmore = length - n; /* Oops, encoding to short */ + + tmp[0] = *s++; n++; + for (i=1; i <= nmore; i++) + { + if ( (*s & 0xc0) != 0x80) + break; /* Invalid encoding - let the next cycle detect this. */ + tmp[i] = *s++; + n++; + } + put_stringbuf_mem (sb, tmp, i); } - put_stringbuf_mem (sb, tmp, i); } } @@ -618,7 +628,7 @@ append_atv (const unsigned char *image, AsnNode root, struct stringbuf *sb) for (i=0; i < node->len; i++) { char tmp[3]; - sprintf (tmp, "%02X", image[node->off+node->nhdr+i]); + snprintf (tmp, sizeof tmp, "%02X", image[node->off+node->nhdr+i]); put_stringbuf (sb, tmp); } break; ----------------------------------------------------------------------- Summary of changes: src/ber-decoder.c | 101 ++++++++++++++++++++++++++++++++++++++---------------- src/dn.c | 44 +++++++++++++++--------- 2 files changed, 99 insertions(+), 46 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 9 19:10:48 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 09 Apr 2015 19:10:48 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-89-g3f2bdac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3f2bdac2f28e3cd31e2ecfc83573e91dff18c982 (commit) via 787cb8e261e775ae76496ae68344203e356d071b (commit) via 3fbeba64a8bfb2b673230c124a3d616b6568fd2f (commit) from 6619ead2cfd2abcb95b66dc70622fdeef624fb8a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f2bdac2f28e3cd31e2ecfc83573e91dff18c982 Author: Werner Koch Date: Thu Apr 9 19:08:57 2015 +0200 speedo: Fix libgpg-error build in w64 builds -- This typo was recently introduced. diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index 8a2053a..a0e29a5 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -206,7 +206,7 @@ endif # a full installer. speedo_w64_spkgs = ifeq ($(WITH_GUI),1) -speedo_w64_spkgs += ibgpg-error libiconv gettext libassuan gpgex +speedo_w64_spkgs += libgpg-error libiconv gettext libassuan gpgex endif # Packages which use the gnupg autogen.sh build style commit 787cb8e261e775ae76496ae68344203e356d071b Author: Werner Koch Date: Thu Apr 9 19:07:21 2015 +0200 tools: Remove trailing spaces. -- diff --git a/tools/gpgparsemail.c b/tools/gpgparsemail.c index a8b3dc7..e142f3b 100644 --- a/tools/gpgparsemail.c +++ b/tools/gpgparsemail.c @@ -69,7 +69,7 @@ struct parse_info_s { char *signing_protocol; int hashing_level; /* The nesting level we are hashing. */ - int hashing; + int hashing; FILE *hash_file; FILE *sig_file; /* Signature part with MIME or full @@ -156,7 +156,7 @@ stpcpy (char *a,const char *b) while (*b) *a++ = *b++; *a = 0; - + return (char*)a; } #endif @@ -189,7 +189,7 @@ run_gnupg (int smime, int sig_fd, int data_fd, int *close_list) if (dup2 (sig_fd, 0) == -1) die ("dup2 stdin failed: %s", strerror (errno)); } - + /* Keep our data fd and format it for gpg/gpgsm use. */ if (data_fd == -1) *data_fd_buf = 0; @@ -205,7 +205,7 @@ run_gnupg (int smime, int sig_fd, int data_fd, int *close_list) if (dup2 (fd, 1) == -1) die ("dup2 stderr failed: %s", strerror (errno)); } - + /* Connect stderr to our pipe. */ if (rp[1] != 2) { @@ -237,11 +237,11 @@ run_gnupg (int smime, int sig_fd, int data_fd, int *close_list) "--", "-", data_fd == -1? NULL : data_fd_buf, NULL); - + die ("failed to exec the crypto command: %s", strerror (errno)); } - /* Parent. */ + /* Parent. */ close (rp[1]); fp = fdopen (rp[0], "r"); @@ -255,7 +255,7 @@ run_gnupg (int smime, int sig_fd, int data_fd, int *close_list) { if (pos < 9) status_buf[pos] = c; - else + else { if (pos == 9) { @@ -342,7 +342,7 @@ verify_signature (struct parse_info_s *info) -/* Prepare for a multipart/signed. +/* Prepare for a multipart/signed. FIELD_CTX is the parsed context of the content-type header.*/ static void mime_signed_begin (struct parse_info_s *info, rfc822parse_t msg, @@ -387,7 +387,7 @@ mime_signed_begin (struct parse_info_s *info, rfc822parse_t msg, } -/* Prepare for a multipart/encrypted. +/* Prepare for a multipart/encrypted. FIELD_CTX is the parsed context of the content-type header.*/ static void mime_encrypted_begin (struct parse_info_s *info, rfc822parse_t msg, @@ -410,7 +410,7 @@ pkcs7_begin (struct parse_info_s *info, rfc822parse_t msg, rfc822parse_field_t field_ctx) { const char *s; - + (void)msg; s = rfc822parse_query_parameter (field_ctx, "name", 0); @@ -509,7 +509,7 @@ message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg) s1 = rfc822parse_query_media_type (ctx, &s2); if (s1) { - printf ("h media: %*s%s %s\n", + printf ("h media: %*s%s %s\n", info->nesting_level*2, "", s1, s2); if (info->moss_state == 3) { @@ -549,7 +549,7 @@ message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg) } else printf ("h media: %*s none\n", info->nesting_level*2, ""); - + rfc822parse_release_field (ctx); } else @@ -573,7 +573,7 @@ message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg) printf ("b up\n"); if (info->nesting_level) info->nesting_level--; - else + else err ("invalid structure (bad nesting level)"); } else if (event == RFC822PARSE_BOUNDARY || event == RFC822PARSE_LAST_BOUNDARY) @@ -586,7 +586,7 @@ message_cb (void *opaque, rfc822parse_event_t event, rfc822parse_t msg) info->skip_show = 1; printf ("b part\n"); } - else + else printf ("b last\n"); if (info->moss_state == 2 && info->nesting_level == info->hashing_level) @@ -648,7 +648,7 @@ parse_message (FILE *fp) if (rfc822parse_insert (msg, line, length)) die ("parser failed: %s", strerror (errno)); - + if (info.hashing) { /* Delay hashing of the CR/LF because the last line ending @@ -689,7 +689,7 @@ parse_message (FILE *fp) die ("error writing to temporary file: %s", strerror (errno)); } } - + if (info.show_boundary) { if (!opt_no_header) @@ -727,11 +727,11 @@ parse_message (FILE *fp) } -int +int main (int argc, char **argv) { int last_argc = -1; - + if (argc) { argc--; argv++; @@ -780,8 +780,8 @@ main (int argc, char **argv) opt_no_header = 1; argc--; argv++; } - } - + } + if (argc > 1) die ("usage: " PGM " [OPTION] [FILE] (try --help for more information)\n"); commit 3fbeba64a8bfb2b673230c124a3d616b6568fd2f Author: Werner Koch Date: Thu Apr 9 19:06:33 2015 +0200 gpgparsemail: Fix case of zero length continuation lines. * tools/rfc822parse.c (parse_field): Loop after continuation line. -- Using header lines like Name:[lf] [space][lf] [lf] resulted in running into the "(s2 = strchr (delimiters2, *s)" branch and inserting a new token for the empty continuation line. This also led to one byte read after the string which is what Hanno figured. The new code should handle empty continuation lines correct. Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c index a70f6a4..e8164ce 100644 --- a/tools/rfc822parse.c +++ b/tools/rfc822parse.c @@ -808,10 +808,12 @@ parse_field (HDR_LINE hdr) s++; /* Move over the colon. */ for (;;) { - if (!*s) + while (!*s) { if (!hdr->next || !hdr->next->cont) - break; + return tok; /* Ready. */ + + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -824,10 +826,11 @@ parse_field (HDR_LINE hdr) invalid = 0; for (s++;; s++) { - if (!*s) + while (!*s) { if (!hdr->next || !hdr->next->cont) break; + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -880,6 +883,7 @@ parse_field (HDR_LINE hdr) if (*s2 || !hdr->next || !hdr->next->cont) break; + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -931,8 +935,7 @@ parse_field (HDR_LINE hdr) s++; } } - - return tok; + /*NOTREACHED*/ failure: { ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 2 +- tools/gpgparsemail.c | 40 ++++++++++++++++++++-------------------- tools/rfc822parse.c | 13 ++++++++----- 3 files changed, 29 insertions(+), 26 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 9 19:18:52 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 09 Apr 2015 19:18:52 +0200 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-7-g35e6859 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 35e68591863b7da1698ddc24d8f035fc4c382b9a (commit) from 230930b568bb016ed13f0daa70b69922c3f4214a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 35e68591863b7da1698ddc24d8f035fc4c382b9a Author: Werner Koch Date: Thu Apr 9 19:17:08 2015 +0200 Fix case of zero length continuation lines in mail parser. * src/rfc822parse.c (parse_field): Loop after continuation line. -- Using header lines like Name:[lf] [space][lf] [lf] resulted in running into the "(s2 = strchr (delimiters2, *s)" branch and inserting a new token for the empty continuation line. This also led to one byte read after the string which is what Hanno figured. The new code should handle empty continuation lines correct. Reported-by: Hanno B?ck Signed-off-by: Werner Koch (backported from gnupg 2.1 commit 3fbeba64a8bfb2b673230c124a3d616b6568fd2f) diff --git a/src/rfc822parse.c b/src/rfc822parse.c index 8d0c5d0..7f643b8 100644 --- a/src/rfc822parse.c +++ b/src/rfc822parse.c @@ -6,12 +6,12 @@ * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. - * + * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, see . */ @@ -105,7 +105,7 @@ length_sans_trailing_ws (const unsigned char *line, size_t len) { const unsigned char *p, *mark; size_t n; - + for (mark=NULL, p=line, n=0; n < len; n++, p++) { if (strchr (" \t\r\n", *p )) @@ -116,8 +116,8 @@ length_sans_trailing_ws (const unsigned char *line, size_t len) else mark = NULL; } - - if (mark) + + if (mark) return mark - line; return len; } @@ -161,7 +161,7 @@ stpcpy (char *a,const char *b) while (*b) *a++ = *b++; *a = 0; - + return (char*)a; } #endif @@ -250,7 +250,7 @@ rfc822parse_open (rfc822parse_cb_t cb, void *cb_value) { release_handle_data (msg); free (msg); - errno = 0;/* Not meaningful after the callback. */ + errno = 0;/* Not meaningful after the callback. */ msg = NULL; } } @@ -357,10 +357,10 @@ transition_to_body (rfc822parse_t msg) { assert (!msg->current_part->boundary); msg->current_part->boundary = malloc (strlen (s) + 1); - if (msg->current_part->boundary) + if (msg->current_part->boundary) { part_t part; - + strcpy (msg->current_part->boundary, s); msg->boundary = msg->current_part->boundary; part = new_part (); @@ -429,7 +429,7 @@ insert_header (rfc822parse_t msg, const unsigned char *line, size_t length) hdr->cont = (*line == ' ' || *line == '\t'); memcpy (hdr->line, line, length); hdr->line[length] = 0; /* Make it a string. */ - + /* Transform a field name into canonical format. */ if (!hdr->cont && strchr (line, ':')) capitalize_header_name (hdr->line); @@ -491,7 +491,7 @@ insert_body (rfc822parse_t msg, const unsigned char *line, size_t length) int rfc822parse_insert (rfc822parse_t msg, const unsigned char *line, size_t length) { - return (msg->in_body + return (msg->in_body ? insert_body (msg, line, length) : insert_header (msg, line, length)); } @@ -517,11 +517,11 @@ rfc822parse_finish (rfc822parse_t msg) * WHICH gives the mode: * -1 := Take the last occurence * n := Take the n-th one. - * + * * Returns a newly allocated buffer or NULL on error. errno is set in * case of a memory failure or set to 0 if the requested field is not * available. - * + * * If VALUEOFF is not NULL it will receive the offset of the first non * space character in the value part of the line (i.e. after the first * colon). @@ -590,7 +590,7 @@ rfc822parse_enum_header_lines (rfc822parse_t msg, void **context) HDR_LINE l; if (!msg) /* Close. */ - return NULL; + return NULL; if (*context == msg || !msg->current_part) return NULL; @@ -761,7 +761,7 @@ parse_field (HDR_LINE hdr) static const char tspecials[] = "/?=<>@,;:\\[]\"()"; static const char tspecials2[] = "/?=<>@.,;:"; /* FIXME: really include '.'?*/ - static struct + static struct { const unsigned char *name; size_t namelen; @@ -809,10 +809,11 @@ parse_field (HDR_LINE hdr) s++; /* Move over the colon. */ for (;;) { - if (!*s) + while (!*s) { if (!hdr->next || !hdr->next->cont) - break; + return tok; /* Ready. */ + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -825,10 +826,11 @@ parse_field (HDR_LINE hdr) invalid = 0; for (s++;; s++) { - if (!*s) + while (!*s) { if (!hdr->next || !hdr->next->cont) break; + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -872,15 +874,16 @@ parse_field (HDR_LINE hdr) else if (*s2 == '\\' && s2[1]) /* what about continuation? */ s2++; } - + t = (t ? append_to_token (t, s, s2 - s) : new_token (term == '\"'? tQUOTED : tDOMAINLIT, s, s2 - s)); if (!t) goto failure; - + if (*s2 || !hdr->next || !hdr->next->cont) break; + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -932,8 +935,7 @@ parse_field (HDR_LINE hdr) s++; } } - - return tok; + /*NOTREACHED*/ failure: { @@ -1008,10 +1010,10 @@ is_parameter (TOKEN t) Returns a pointer to the value which is valid as long as the parse context is valid; NULL is returned in case that attr is not defined in the header, a missing value is represented by an empty string. - + With LOWER_VALUE set to true, a matching field value will be lowercased. - + Note, that ATTR should be lowercase. If ATTR is NULL the fucntion returns the first token of the field; i.e. not the parameter but the actual value. A CTX of NULL is allowed and will return NULL. @@ -1134,7 +1136,7 @@ dump_structure (rfc822parse_t msg, part_t part, int indent) part_t save_part; /* ugly hack - we should have a function to get part inforation. */ const char *s; - + save_part = msg->current_part; msg->current_part = part; ctx = rfc822parse_parse_field (msg, "Content-Type", -1); @@ -1160,7 +1162,7 @@ dump_structure (rfc822parse_t msg, part_t part, int indent) if (part->down) dump_structure (msg, part->down, indent + 1); } - + } ----------------------------------------------------------------------- Summary of changes: src/rfc822parse.c | 54 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 26 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 10 08:36:59 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 10 Apr 2015 08:36:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-90-g9433661 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9433661419043431a6cfc7d84c8450e0b2f6c353 (commit) from 3f2bdac2f28e3cd31e2ecfc83573e91dff18c982 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9433661419043431a6cfc7d84c8450e0b2f6c353 Author: Werner Koch Date: Fri Apr 10 08:34:35 2015 +0200 gpgparsemail: Fix last commit (3f2bdac) * tools/rfc822parse.c (parse_field): Replace break by goto. -- Brown paper bag bug: Changing an IF to a WHILE inside another loop requires to fix the inner break. Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c index e8164ce..285e084 100644 --- a/tools/rfc822parse.c +++ b/tools/rfc822parse.c @@ -829,7 +829,7 @@ parse_field (HDR_LINE hdr) while (!*s) { if (!hdr->next || !hdr->next->cont) - break; + goto oparen_out; /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; @@ -852,6 +852,7 @@ parse_field (HDR_LINE hdr) else if (*s == '\"') in_quote = 1; } + oparen_out: if (!*s) ; /* Actually this is an error, but we don't care about it. */ else ----------------------------------------------------------------------- Summary of changes: tools/rfc822parse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 10 08:40:54 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 10 Apr 2015 08:40:54 +0200 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-8-geb1b9bf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via eb1b9bfc088ce33c398dd6f6b7bf80797fbb9011 (commit) from 35e68591863b7da1698ddc24d8f035fc4c382b9a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eb1b9bfc088ce33c398dd6f6b7bf80797fbb9011 Author: Werner Koch Date: Fri Apr 10 08:39:25 2015 +0200 Fix last commit (35e6859) * src/rfc822parse.c (parse_field): Replace break by goto. -- Brown paper bag bug: Changing an IF to a WHILE inside another loop requires to fix the inner break. Reported-by: Hanno B?ck Signed-off-by: Werner Koch (backported from gnupg 2.1 commit 9433661419043431a6cfc7d84c8450e0b2f6c353) diff --git a/src/rfc822parse.c b/src/rfc822parse.c index 7f643b8..760e8f7 100644 --- a/src/rfc822parse.c +++ b/src/rfc822parse.c @@ -829,7 +829,7 @@ parse_field (HDR_LINE hdr) while (!*s) { if (!hdr->next || !hdr->next->cont) - break; + goto oparen_out; /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; @@ -852,6 +852,7 @@ parse_field (HDR_LINE hdr) else if (*s == '\"') in_quote = 1; } + oparen_out: if (!*s) ; /* Actually this is an error, but we don't care about it. */ else ----------------------------------------------------------------------- Summary of changes: src/rfc822parse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 10 13:21:31 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 10 Apr 2015 13:21:31 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-95-g67158ff Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 67158ff155ef52fd54a6bbe680551c0e12b31e69 (commit) via 0fb224c2c5e0c6770d4a6044d62d84f6bbc1b26b (commit) via 5d60c7f7e05a06e46e23bafe61cef09ad32aa998 (commit) via f6670100b7a15b2071c2e4062f5c5a678f2a30f6 (commit) via 6ad95fe6f1f130c8f6d139a9bd57fc4a0d38292b (commit) from 9433661419043431a6cfc7d84c8450e0b2f6c353 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 67158ff155ef52fd54a6bbe680551c0e12b31e69 Author: Werner Koch Date: Fri Apr 10 13:11:59 2015 +0200 Remove obsolete directories from AM_CPPFLAGS. diff --git a/agent/Makefile.am b/agent/Makefile.am index bcf1788..b33593d 100644 --- a/agent/Makefile.am +++ b/agent/Makefile.am @@ -28,7 +28,7 @@ noinst_PROGRAMS = $(TESTS) EXTRA_DIST = ChangeLog-2011 gpg-agent-w32info.rc -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl +AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am diff --git a/common/Makefile.am b/common/Makefile.am index 2ba6dc0..51923e8 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -34,7 +34,7 @@ BUILT_SOURCES = audit-events.h status-codes.h MAINTAINERCLEANFILES = audit-events.h status-codes.h -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl +AM_CPPFLAGS = AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(KSBA_CFLAGS) diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index c8613bb..d80dd6d 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -30,7 +30,7 @@ endif noinst_PROGRAMS = $(module_tests) TESTS = $(module_tests) -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common +AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am diff --git a/g10/Makefile.am b/g10/Makefile.am index 0a02119..b66abb8 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -21,8 +21,7 @@ EXTRA_DIST = options.skel distsigkey.gpg ChangeLog-2011 gpg-w32info.rc \ gpg.w32-manifest.in -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \ - -I$(top_srcdir)/include -I$(top_srcdir)/intl +AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am diff --git a/g13/Makefile.am b/g13/Makefile.am index bbffe02..7d627cb 100644 --- a/g13/Makefile.am +++ b/g13/Makefile.am @@ -22,7 +22,7 @@ EXTRA_DIST = ChangeLog-2011 bin_PROGRAMS = g13 -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common +AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am diff --git a/kbx/Makefile.am b/kbx/Makefile.am index eb434b6..5df2bba 100644 --- a/kbx/Makefile.am +++ b/kbx/Makefile.am @@ -20,8 +20,7 @@ EXTRA_DIST = mkerrors -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common \ - -I$(top_srcdir)/intl +AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am diff --git a/scd/Makefile.am b/scd/Makefile.am index f7217e3..6212e61 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -21,7 +21,7 @@ EXTRA_DIST = ChangeLog-2011 scdaemon-w32info.rc libexec_PROGRAMS = scdaemon -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common +AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am diff --git a/sm/Makefile.am b/sm/Makefile.am index 7f6df3a..dda3eb8 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -23,7 +23,7 @@ bin_PROGRAMS = gpgsm AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/common -I$(top_srcdir)/intl +AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am if HAVE_W32_SYSTEM diff --git a/tools/Makefile.am b/tools/Makefile.am index 1ba0377..5c28954 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -23,7 +23,7 @@ EXTRA_DIST = \ ccidmon.c ChangeLog-2011 gpg-connect-agent-w32info.rc -AM_CPPFLAGS = -I$(top_srcdir)/gl -I$(top_srcdir)/intl -I$(top_srcdir)/common +AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am if HAVE_W32_SYSTEM commit 0fb224c2c5e0c6770d4a6044d62d84f6bbc1b26b Author: Werner Koch Date: Fri Apr 10 13:05:38 2015 +0200 dirmngr,w32: Replace functions not available under Windows. * dirmngr/ks-engine-ldap.c (extract_attributes): Replace isoptime and gmtime_r. diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 82d6234..aefd12a 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -1748,12 +1748,13 @@ extract_attributes (LDAPMod ***modlist, char *line) Check that first and then if it fails, then try parse_timestamp. */ - if (strptime (create_time, "%Y-%m-%d", &tm)) + if (!isodate_human_to_tm (create_time, &tm)) create_time = tm2ldaptime (&tm); else if ((t = parse_timestamp (create_time, &end)) != (time_t) -1 && *end == '\0') { - if (! gmtime_r (&t, &tm)) + + if (!gnupg_gmtime (&t, &tm)) create_time = NULL; else create_time = tm2ldaptime (&tm); @@ -1795,12 +1796,12 @@ extract_attributes (LDAPMod ***modlist, char *line) Check that first and then if it fails, then try parse_timestamp. */ - if (strptime (expire_time, "%Y-%m-%d", &tm)) + if (!isodate_human_to_tm (expire_time, &tm)) expire_time = tm2ldaptime (&tm); else if ((t = parse_timestamp (expire_time, &end)) != (time_t) -1 && *end == '\0') { - if (! gmtime_r (&t, &tm)) + if (!gnupg_gmtime (&t, &tm)) expire_time = NULL; else expire_time = tm2ldaptime (&tm); commit 5d60c7f7e05a06e46e23bafe61cef09ad32aa998 Author: Werner Koch Date: Fri Apr 10 12:24:43 2015 +0200 common: Add new function gnupg_gmtime. * common/gettime.c (gnupg_gmtime): New. (gnupg_get_isotime): Use it. Also take care of an gmtime_t returning an error. -- The fix in gnupg_get_isotime is only to cover up a theoretical broken time (e.g. a value of (time_t)(-2) which is not mapped beyond 2038 on 32 bit systems). Signed-off-by: Werner Koch diff --git a/common/gettime.c b/common/gettime.c index 5a7a745..115f725 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -71,6 +71,29 @@ gnupg_get_time () } +/* Wrapper around gmtime_r. + + On systems without gmtime_r this implementation works within gnupg + because we use only one thread a time. FIXME: An independent + library may use gmtime in one of its own thread (or via + npth_enter/npth_leave) - in this case we run into a problem. The + solution would be to use a mutex here. */ +struct tm * +gnupg_gmtime (const time_t *timep, struct tm *result) +{ +#ifdef HAVE_GMTIME_R + return gmtime_r (timep, result); +#else + struct tm *tp; + + tp = gmtime (timep); + if (tp) + memcpy (result, tp, sizeof *result); + return tp; +#endif +} + + /* Return the current time (possibly faked) in ISO format. */ void gnupg_get_isotime (gnupg_isotime_t timebuf) @@ -82,16 +105,15 @@ gnupg_get_isotime (gnupg_isotime_t timebuf) else { struct tm *tp; -#ifdef HAVE_GMTIME_R struct tm tmbuf; - tp = gmtime_r (&atime, &tmbuf); -#else - tp = gmtime (&atime); -#endif - snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d", - 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday, - tp->tm_hour, tp->tm_min, tp->tm_sec); + tp = gnupg_gmtime (&atime, &tmbuf); + if (!tp) + *timebuf = 0; + else + snprintf (timebuf, 16, "%04d%02d%02dT%02d%02d%02d", + 1900 + tp->tm_year, tp->tm_mon+1, tp->tm_mday, + tp->tm_hour, tp->tm_min, tp->tm_sec); } } diff --git a/common/gettime.h b/common/gettime.h index 25886d2..ec68faa 100644 --- a/common/gettime.h +++ b/common/gettime.h @@ -29,6 +29,7 @@ typedef char gnupg_isotime_t[16]; time_t gnupg_get_time (void); +struct tm *gnupg_gmtime (const time_t *timep, struct tm *result); void gnupg_get_isotime (gnupg_isotime_t timebuf); void gnupg_set_time (time_t newtime, int freeze); int gnupg_faked_time_p (void); commit f6670100b7a15b2071c2e4062f5c5a678f2a30f6 Author: Werner Koch Date: Fri Apr 10 12:02:31 2015 +0200 common: Add new function isodate_human_to_tm * common/gettime.c (isotime_human_p): Add arg date_only. (isodate_human_to_tm): New. * common/t-gettime.c (test_isodate_human_to_tm): New. (main): Call new test. -- This function in intended as replacement for strptime (foo, "%Y-%m-%d", &bar) which is not available under Windows. diff --git a/common/gettime.c b/common/gettime.c index 80a56bb..5a7a745 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -216,9 +216,11 @@ isotime_p (const char *string) /* Scan a string and return true if the string represents the human readable format of an ISO time. This format is: yyyy-mm-dd[ hh[:mm[:ss]]] - Scanning stops at the second space or at a comma. */ + Scanning stops at the second space or at a comma. If DATE_ONLY is + true the time part is not expected and the scanning stops at the + first space or at a comma. */ int -isotime_human_p (const char *string) +isotime_human_p (const char *string, int date_only) { const char *s; int i; @@ -247,6 +249,8 @@ isotime_human_p (const char *string) return 1; /* Okay; only date given. */ if (!spacep (s)) return 0; + if (date_only) + return 1; /* Okay; only date was requested. */ s++; if (spacep (s)) return 1; /* Okay, second space stops scanning. */ @@ -303,7 +307,7 @@ string2isotime (gnupg_isotime_t atime, const char *string) atime[15] = 0; return 15; } - if (!isotime_human_p (string)) + if (!isotime_human_p (string, 0)) return 0; atime[0] = string[0]; atime[1] = string[1]; @@ -393,6 +397,36 @@ epoch2isotime (gnupg_isotime_t timebuf, time_t atime) } +/* Parse a short ISO date string (YYYY-MM-DD) into a TM structure. + Returns 0 on success. */ +int +isodate_human_to_tm (const char *string, struct tm *t) +{ + int year, month, day; + + if (!isotime_human_p (string, 1)) + return -1; + + year = atoi_4 (string); + month = atoi_2 (string + 5); + day = atoi_2 (string + 8); + + /* Basic checks. */ + if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31) + return -1; + + memset (t, 0, sizeof *t); + t->tm_sec = 0; + t->tm_min = 0; + t->tm_hour = 0; + t->tm_mday = day; + t->tm_mon = month-1; + t->tm_year = year - 1900; + t->tm_isdst = -1; + return 0; +} + + /* This function is a copy of gpgme/src/conversion.c:_gpgme_timegm. If you change it, then update the other one too. */ #ifdef HAVE_W32_SYSTEM diff --git a/common/gettime.h b/common/gettime.h index 10cae17..25886d2 100644 --- a/common/gettime.h +++ b/common/gettime.h @@ -37,10 +37,11 @@ char *elapsed_time_string (time_t since, time_t now); u32 scan_isodatestr (const char *string); int isotime_p (const char *string); -int isotime_human_p (const char *string); +int isotime_human_p (const char *string, int date_only); size_t string2isotime (gnupg_isotime_t atime, const char *string); time_t isotime2epoch (const char *string); void epoch2isotime (gnupg_isotime_t timebuf, time_t atime); +int isodate_human_to_tm (const char *string, struct tm *t); time_t parse_timestamp (const char *timestamp, char **endp); u32 add_days_to_timestamp (u32 stamp, u16 days); const char *strtimevalue (u32 stamp); diff --git a/common/t-gettime.c b/common/t-gettime.c index 5d554ee..9b3139d 100644 --- a/common/t-gettime.c +++ b/common/t-gettime.c @@ -174,6 +174,80 @@ test_string2isotime (void) } +static void +test_isodate_human_to_tm (void) +{ + struct { + const char *string; + int okay; + int year, mon, mday; + } array [] = { + { "1970-01-01", 1, 1970, 1, 1 }, + { "1970-02-01", 1, 1970, 2, 1 }, + { "1970-12-31", 1, 1970, 12, 31 }, + { "1971-01-01", 1, 1971, 1, 1 }, + { "1998-08-15", 1, 1998, 8, 15 }, + { "2015-04-10", 1, 2015, 4, 10 }, + { "2015-04-10 11:30",1, 2015, 4, 10 }, + { "1969-12-31", 0, 0, 0, 0 }, + { "1900-01-01", 0, 0, 0, 0 }, + { "", 0, 0, 0, 0 }, + { "1970-12-32", 0, 0, 0, 0 }, + { "1970-13-01", 0, 0, 0, 0 }, + { "1970-01-00", 0, 0, 0, 0 }, + { "1970-00-01", 0, 0, 0, 0 }, + { "1970-00-01", 0, 0, 0, 0 }, + { "1970", 0, 0, 0, 0 }, + { "1970-01", 0, 0, 0, 0 }, + { "1970-01-1", 0, 0, 0, 0 }, + { "1970-1--01", 0, 0, 0, 0 }, + { "1970-01-01,", 1, 1970, 1, 1 }, + { "1970-01-01 ", 1, 1970, 1, 1 }, + { "1970-01-01\t", 1, 1970, 1, 1 }, + { "1970-01-01;", 0, 0, 0, 0 }, + { "1970-01-01:", 0, 0, 0, 0 }, + { "1970_01-01", 0, 0, 0, 0 }, + { "1970-01_01", 0, 0, 0, 0 }, + { NULL, 0 } + }; + int idx; + int okay; + struct tm tmbuf; + + for (idx=0; array[idx].string; idx++) + { + okay = !isodate_human_to_tm (array[idx].string, &tmbuf); + if (okay != array[idx].okay) + { + fail (idx); + if (verbose) + fprintf (stderr, "string '%s' expected: %d, got: %d\n", + array[idx].string, (int)array[idx].okay, okay); + } + else if (!okay) + ; + else if (tmbuf.tm_year + 1900 != array[idx].year + || tmbuf.tm_mon +1 != array[idx].mon + || tmbuf.tm_mday != array[idx].mday) + { + fail (idx); + if (verbose) + fprintf (stderr, "string '%s' returned %04d-%02d-%02d\n", + array[idx].string, + tmbuf.tm_year + 1900, tmbuf.tm_mon + 1, tmbuf.tm_mday); + } + else if (tmbuf.tm_sec || tmbuf.tm_min || tmbuf.tm_hour + || tmbuf.tm_isdst != -1) + { + fail (idx); + if (verbose) + fprintf (stderr, "string '%s' returned bad time part\n", + array[idx].string); + } + } +} + + int main (int argc, char **argv) { @@ -182,6 +256,7 @@ main (int argc, char **argv) test_isotime2epoch (); test_string2isotime (); + test_isodate_human_to_tm (); return !!errcount; } commit 6ad95fe6f1f130c8f6d139a9bd57fc4a0d38292b Author: Werner Koch Date: Fri Apr 10 10:59:28 2015 +0200 dirmngr,w32: Avoid name clash with existing function * dirmngr/ks-engine-ldap.c (ldap_connect): Rename to my_ldap_connect. diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 1ce709d..82d6234 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -439,8 +439,8 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact) OpenPGP Keyserver. In this case, you also do not need to xfree *pgpkeyattrp. */ static int -ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, - char **basednp, char **pgpkeyattrp, int *real_ldapp) +my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, + char **basednp, char **pgpkeyattrp, int *real_ldapp) { int err = 0; @@ -455,7 +455,7 @@ ldap_connect (parsed_uri_t uri, LDAP **ldap_connp, char *pgpkeyattr = "pgpKey"; int real_ldap = 0; - log_debug ("ldap_connect(%s:%d/%s????%s%s%s%s%s)\n", + log_debug ("my_ldap_connect(%s:%d/%s????%s%s%s%s%s)\n", uri->host, uri->port, uri->path ?: "", uri->auth ? "bindname=" : "", uri->auth ?: "", @@ -842,7 +842,7 @@ ks_ldap_get (ctrl_t ctrl, parsed_uri_t uri, const char *keyspec, return (err); /* Make sure we are talking to an OpenPGP LDAP server. */ - ldap_err = ldap_connect (uri, &ldap_conn, &basedn, &pgpkeyattr, NULL); + ldap_err = my_ldap_connect (uri, &ldap_conn, &basedn, &pgpkeyattr, NULL); if (ldap_err || !basedn) { if (ldap_err) @@ -1021,7 +1021,7 @@ ks_ldap_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern, } /* Make sure we are talking to an OpenPGP LDAP server. */ - ldap_err = ldap_connect (uri, &ldap_conn, &basedn, NULL, NULL); + ldap_err = my_ldap_connect (uri, &ldap_conn, &basedn, NULL, NULL); if (ldap_err || !basedn) { if (ldap_err) @@ -1878,7 +1878,8 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri, /* Elide a warning. */ (void) ctrl; - ldap_err = ldap_connect (uri, &ldap_conn, &basedn, &pgpkeyattr, &real_ldap); + ldap_err = my_ldap_connect (uri, + &ldap_conn, &basedn, &pgpkeyattr, &real_ldap); if (ldap_err || !basedn) { if (ldap_err) ----------------------------------------------------------------------- Summary of changes: agent/Makefile.am | 2 +- common/Makefile.am | 2 +- common/gettime.c | 78 +++++++++++++++++++++++++++++++++++++++++------- common/gettime.h | 4 ++- common/t-gettime.c | 75 ++++++++++++++++++++++++++++++++++++++++++++++ dirmngr/Makefile.am | 2 +- dirmngr/ks-engine-ldap.c | 22 +++++++------- g10/Makefile.am | 3 +- g13/Makefile.am | 2 +- kbx/Makefile.am | 3 +- scd/Makefile.am | 2 +- sm/Makefile.am | 2 +- tools/Makefile.am | 2 +- 13 files changed, 166 insertions(+), 33 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 10 17:50:51 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 10 Apr 2015 17:50:51 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.2-10-g766280c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 766280caf19ed78a7efe8a0e1fd2725447185992 (commit) via b46ea28e82d67a2072817294115360fd3e1ab20c (commit) from 07116a314f4dcd4d96990bbd74db95a03a9f650a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 766280caf19ed78a7efe8a0e1fd2725447185992 Author: Werner Koch Date: Fri Apr 10 17:49:04 2015 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index 693f8ef..cc25641 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.3.4 (unreleased) [C19/A11/R ] +------------------------------------------------ + + Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 9b83206..fcf021c 100644 --- a/configure.ac +++ b/configure.ac @@ -30,7 +30,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libksba]) m4_define([mym4_major], [1]) m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [3]) +m4_define([mym4_micro], [4]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit b46ea28e82d67a2072817294115360fd3e1ab20c Author: Werner Koch Date: Fri Apr 10 17:42:25 2015 +0200 Release 1.3.3. diff --git a/AUTHORS b/AUTHORS index e479889..b18904c 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2,7 +2,7 @@ Program: Libksba Download: ftp://ftp.gnupg.org/gcrypt/libksba/ Repository: git://git.gnupg.org/libksba.git Maintainer: Werner Koch -Bug reports: http://bugs.gnupg.org +Bug reports: https://bugs.gnupg.org Security related bug reports: License (library): LGPLv3+/GPLv2+ License (tools, manual): GPLv3+ @@ -24,7 +24,7 @@ Copyright ========= | Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2010, 2011 - | 2012 g10 Code GmbH + | 2012, 2013, 2014, 2015 g10 Code GmbH | Copyright (C) 2001, 2002, 2003, 2007 Free Software Foundation, Inc. | Copyright (C) 2000, 2001 Fabio Fiorina diff --git a/NEWS b/NEWS index 49c45fe..693f8ef 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,17 @@ -Noteworthy changes in version 1.3.3 (unreleased) [C19/A11/R_] +Noteworthy changes in version 1.3.3 (2015-04-10) [C19/A11/R4] ------------------------------------------------ + * Fixed an integer overflow in the DN decoder. + + * Now returns an error instead of terminating the process for certain + bad BER encodings. + + * Improved the parsing of utf-8 strings in DNs. + + * Allow building with newer versions of Bison. + + * Improvement building on Windows with newer versions of Mingw. + Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3] ------------------------------------------------ diff --git a/README b/README index bce2ba5..e3a1df2 100644 --- a/README +++ b/README @@ -2,7 +2,7 @@ --------- Copyright 2001, 2006, 2007, 2008, 2009, 2010, 2011, - 2012 g10 Code GmbH + 2012, 2013, 2014, 2015 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/configure.ac b/configure.ac index 3bd8103..9b83206 100644 --- a/configure.ac +++ b/configure.ac @@ -52,7 +52,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # Please remember to document interface changes in the NEWS file. LIBKSBA_LT_CURRENT=19 LIBKSBA_LT_AGE=11 -LIBKSBA_LT_REVISION=3 +LIBKSBA_LT_REVISION=4 #------------------- # If the API is changed in an incompatible way: increment the next counter. KSBA_CONFIG_API_VERSION=1 diff --git a/src/ksba.h b/src/ksba.h index 0680d90..955dc06 100644 --- a/src/ksba.h +++ b/src/ksba.h @@ -1,6 +1,6 @@ /* ksba.h - X.509 library used by GnuPG * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2010, 2011 - * 2012 g10 Code GmbH + * 2012, 2013, 2104, 2015 g10 Code GmbH * * This file is part of KSBA. * diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index 9828456..ef25eb8 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -40,7 +40,7 @@ BEGIN VALUE "FileDescription", "Libksba - X.509 and CMS Library\0" VALUE "FileVersion", "@LIBKSBA_LT_CURRENT at .@LIBKSBA_LT_AGE at .@LIBKSBA_LT_REVISION at .@BUILD_REVISION@\0" VALUE "InternalName", "libksba\0" - VALUE "LegalCopyright", "Copyright ? 2012 g10 Code GmbH\0" + VALUE "LegalCopyright", "Copyright ? 2015 g10 Code GmbH\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libksba.dll\0" VALUE "PrivateBuild", "\0" ----------------------------------------------------------------------- Summary of changes: AUTHORS | 4 ++-- NEWS | 17 ++++++++++++++++- README | 2 +- configure.ac | 4 ++-- src/ksba.h | 2 +- src/versioninfo.rc.in | 2 +- 6 files changed, 23 insertions(+), 8 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Sat Apr 11 14:17:40 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 11 Apr 2015 14:17:40 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-100-g482b2f8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 482b2f8b5db20fb2fb827a5032bd108fc02e5f89 (commit) via b1e1959d59a12b53c016ca9c95aee3a62c0bfc00 (commit) via 896f438967b66b4836419aa737c706ced6b6454a (commit) via b69d7064f30c38ffe18e71de6a0fc14b5da0452f (commit) via c8bb5000d4c86a055348dc08352f573c599743a7 (commit) from 67158ff155ef52fd54a6bbe680551c0e12b31e69 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 482b2f8b5db20fb2fb827a5032bd108fc02e5f89 Author: Werner Koch Date: Sat Apr 11 13:33:41 2015 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index c026432..bf106b0 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.4 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.1.3 (2015-04-11) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index d02137a..05d4231 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [3]) +m4_define([mym4_micro], [4]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit b1e1959d59a12b53c016ca9c95aee3a62c0bfc00 Author: Werner Koch Date: Sat Apr 11 13:14:43 2015 +0200 Release 2.1.3. diff --git a/NEWS b/NEWS index 48142bc..c026432 100644 --- a/NEWS +++ b/NEWS @@ -1,9 +1,38 @@ -Noteworthy changes in version 2.1.3 (unreleased) +Noteworthy changes in version 2.1.3 (2015-04-11) ------------------------------------------------ + * gpg: LDAP keyservers are now supported by 2.1. + + * gpg: New option --with-icao-spelling. + + * gpg: New option --print-pka-records. Changed the PKA method to use + CERT records and hashed names. + + * gpg: New command --list-gcrypt-config. New parameter "curve" + for --list-config. + + * gpg: Print a NEWSIG status line like gpgsm always did. + + * gpg: Print MPI values with --list-packets and --verbose. + + * gpg: Write correct MPI lengths with ECC keys. + + * gpg: Skip legacy PGP-2 keys while searching. + + * gpg: Improved searching for mail addresses when using a keybox. + + * gpgsm: Changed default algos to AES-128 and SHA-256. + + * gpgtar: Fixed extracting files with sizes of a multiple of 512. + + * dirmngr: Fixed SNI handling for hkps pools. + * dirmngr: extra-certs and trusted-certs are now always loaded from the sysconfig dir instead of the homedir. + * Fixed possible problems due to compiler optimization, two minor + regressions, and other bugs. + Noteworthy changes in version 2.1.2 (2015-02-11) ------------------------------------------------ commit 896f438967b66b4836419aa737c706ced6b6454a Author: Yuri Chornoivan Date: Wed Feb 18 19:12:43 2015 +0200 po: Update Ukrainian translation diff --git a/po/uk.po b/po/uk.po index f04bf0f..2f29aee 100644 --- a/po/uk.po +++ b/po/uk.po @@ -2,12 +2,12 @@ # Copyright (C) 2011 Free Software Foundation, Inc. # This file is distributed under the same license as the GnuPG package. # -# Yuri Chornoivan , 2011, 2014. +# Yuri Chornoivan , 2011, 2014, 2015. msgid "" msgstr "" "Project-Id-Version: GNU gnupg 2.1.0-gitfe8619d\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-11-07 18:02+0200\n" +"PO-Revision-Date: 2015-02-18 19:09+0200\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -339,7 +339,7 @@ msgid "allow presetting passphrase" msgstr "????????? ????????? ???????????? ??????" msgid "allow caller to override the pinentry" -msgstr "" +msgstr "????????? ??????? ??????? ????????????? pinentry" msgid "enable ssh support" msgstr "????????? ????????? ssh" @@ -779,10 +779,8 @@ msgstr "?????????? ?? ?????????????? ??????? ( msgid "connection to agent established\n" msgstr "??????????? ????????? ? ???????\n" -#, fuzzy -#| msgid "connection to agent established\n" msgid "connection to agent is in restricted mode\n" -msgstr "??????????? ????????? ? ???????\n" +msgstr "????????? ? ??????? ???????????? ? ?????????? ??????\n" #, c-format msgid "no running Dirmngr - starting '%s'\n" @@ -1337,23 +1335,20 @@ msgstr "???????? ??????? ??? ?????????? ?????:\ msgid "KEYTOCARD failed: %s\n" msgstr "??????? KEYTOCARD: %s\n" -#, fuzzy -#| msgid "This command is not allowed while in %s mode.\n" msgid "This command is not supported by this card\n" -msgstr "???? ???????? ?? ????? ????????????? ? ?????? %s.\n" +msgstr "???? ??????? ?? ??????????? ????????? ???????? ???????\n" -#, fuzzy -#| msgid "Note: keys are already stored on the card!\n" msgid "Note: This command destroys all keys stored on the card!\n" -msgstr "??????????: ????? ??? ????????? ?? ??????!\n" +msgstr "" +"??????????: ? ?????????? ????????? ???? ??????? ??? ????? ?? ?????? ???? " +"???????!\n" -#, fuzzy -#| msgid "Continue? (Y/n) " msgid "Continue? (y/N) " -msgstr "??????????? (Y (???)/n (??)) " +msgstr "??????????? (y (???)/N (??)) " msgid "Really do a factory reset? (enter \"yes\") " msgstr "" +"??????? ?????? ??????? ??? ?? ??????? ???????????? (??????? ?yes? (?????)) " msgid "quit this menu" msgstr "????? ? ????? ????" @@ -1404,7 +1399,7 @@ msgid "unblock the PIN using a Reset Code" msgstr "???????????? ??? ???? ?? ????????? ???? ????????" msgid "destroy all keys and data" -msgstr "" +msgstr "??????? ??? ????? ? ????" msgid "gpg/card> " msgstr "gpg/??????> " @@ -2314,10 +2309,8 @@ msgstr "??????????? ???????, ????????? ?? ???? msgid "repair damage from the pks keyserver during import" msgstr "???????????? ??????????? ???????? ?????? pks ??? ??? ????????????" -#, fuzzy -#| msgid "do not update the trustdb after import" msgid "do not clear the ownertrust values during import" -msgstr "?? ?????????? ???? ????? ?????? ????? ????????????" +msgstr "?? ???????? ??????? ??????? ?????? ??? ??? ????????????" msgid "do not update the trustdb after import" msgstr "?? ?????????? ???? ????? ?????? ????? ????????????" @@ -2343,10 +2336,9 @@ msgstr "????????? %lu ??????\n" msgid "Total number processed: %lu\n" msgstr "??????? ?????????: %lu\n" -#, fuzzy, c-format -#| msgid " skipped new keys: %lu\n" +#, c-format msgid " skipped PGP-2 keys: %lu\n" -msgstr "????????? ????? ??????: %lu\n" +msgstr " ????????? ?????? PGP-2: %lu\n" #, c-format msgid " skipped new keys: %lu\n" @@ -4292,7 +4284,7 @@ msgstr ", ???????? ????? " #, c-format msgid "WARNING: not a detached signature; file '%s' was NOT verified!\n" -msgstr "" +msgstr "?????: ?? ??????????? ??????; ???? ?%s? ?? ???? ??????????!\n" #, c-format msgid "Can't check signature: %s\n" @@ -5555,10 +5547,8 @@ msgstr "" msgid "failed to store the key: %s\n" msgstr "?? ??????? ???????? ????: %s\n" -#, fuzzy -#| msgid "unsupported inquiry '%s'\n" msgid "unsupported curve\n" -msgstr "??????????????? ????? ?%s?\n" +msgstr "?????????????? ?????\n" msgid "please wait while key is being generated ...\n" msgstr "????????? ?? ?????????? ????????? ?????...\n" @@ -5661,10 +5651,8 @@ msgstr "?????? ????????? ??? ??????????? %d ??? msgid "invalid radix64 character %02x skipped\n" msgstr "????????? ??????????? ?????? radix64 %02x\n" -#, fuzzy -#| msgid "no gpg-agent running in this session\n" msgid "no dirmngr running in this session\n" -msgstr "? ????? ?????? ?? ???????? gpg-agent\n" +msgstr "? ????? ?????? ?? ???????? dirmngr\n" #, c-format msgid "validation model requested by certificate: %s" commit b69d7064f30c38ffe18e71de6a0fc14b5da0452f Author: Ineiev Date: Mon Feb 16 17:29:47 2015 +0000 po: Update and review Russian translation diff --git a/po/ru.po b/po/ru.po index e6f82f7..15ddf27 100644 --- a/po/ru.po +++ b/po/ru.po @@ -4,14 +4,14 @@ # !-- no such user (2011-01-11) # Thanks Pawel I. Shajdo . # Thanks Cmecb for the inspiration. -# Ineiev , 2014 +# Ineiev , 2014, 2015 # # Designated-Translator: none msgid "" msgstr "" "Project-Id-Version: GnuPG 2.1.0\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-12-12 17:16+0000\n" +"PO-Revision-Date: 2015-02-12 17:17+0000\n" "Last-Translator: Ineiev \n" "Language-Team: Russian \n" "Language: ru\n" @@ -128,7 +128,7 @@ msgstr "?? ????? ??? ????????? ??????????????? #, c-format msgid "no suitable card key found: %s\n" -msgstr "? ????? ?? ??????? ??????????? ?????: %s\n" +msgstr "?? ????? ?? ??????? ??????????? ?????: %s\n" #, c-format msgid "shadowing the key failed: %s\n" @@ -346,7 +346,7 @@ msgid "allow presetting passphrase" msgstr "????????? ????????????????? ?????-??????" msgid "allow caller to override the pinentry" -msgstr "" +msgstr "????????? ???????? ???????? ????? pinentry" msgid "enable ssh support" msgstr "???????? ????????? ssh" @@ -1041,13 +1041,13 @@ msgid "armor: %s\n" msgstr "????????? ??????: %s\n" msgid "invalid armor header: " -msgstr "???????????? ????????? ?????????: " +msgstr "???????????? ????????? ?????????: " msgid "armor header: " msgstr "????????? ?????????: " msgid "invalid clearsig header\n" -msgstr "???????????? ????????? ????????? ???????\n" +msgstr "???????????? ????????? ????????? ???????\n" msgid "unknown armor header: " msgstr "??????????? ????????? ?????????: " @@ -1059,7 +1059,7 @@ msgid "unexpected armor: " msgstr "??????????? ????????? ??????: " msgid "invalid dash escaped line: " -msgstr "???????????? ??????, ?????????? ????????: " +msgstr "???????????? ??????, ?????????? ????????: " #, c-format msgid "invalid radix64 character %02X skipped\n" @@ -1089,7 +1089,7 @@ msgstr "?? ??????? ?????? ??????? OpenPGP.\n" #, c-format msgid "invalid armor: line longer than %d characters\n" -msgstr "???????????? ????????? ??????: ?????? ??????? %d ????????\n" +msgstr "???????????? ????????? ??????: ?????? ??????? %d ????????\n" msgid "" "quoted printable character in armor - probably a buggy MTA has been used\n" @@ -1136,7 +1136,7 @@ msgid "OpenPGP card no. %s detected\n" msgstr "?????????? ????? OpenPGP ????? %s\n" msgid "can't do this in batch mode\n" -msgstr "?????????? ??????? ??? ? ???????? ??????\n" +msgstr "? ???????? ?????? ??? ???????? ??????????\n" msgid "This command is only available for version 2 cards\n" msgstr "??? ??????? ???????? ?????? ??? ???? ?????? 2.\n" @@ -1160,13 +1160,13 @@ msgid "unspecified" msgstr "?? ??????" msgid "not forced" -msgstr "?? ?????????????" +msgstr "?? ??????????????" msgid "forced" -msgstr "?????????????" +msgstr "??????????????" msgid "Error: Only plain ASCII is currently allowed.\n" -msgstr "??????: ???????? ?????? ?????? ASCII.\n" +msgstr "??????: ???????? ?????? ??????? ????? ASCII.\n" msgid "Error: The \"<\" character may not be used.\n" msgstr "??????: ?????? ???????????? ?????? \"<\".\n" @@ -1204,7 +1204,7 @@ msgid "error writing '%s': %s\n" msgstr "?????? ?????? '%s': %s\n" msgid "Login data (account name): " -msgstr "??????? ?????? (???):" +msgstr "??????? ?????? (???): " #, c-format msgid "Error: Login data too long (limit is %d characters).\n" @@ -1237,7 +1237,7 @@ msgid "CA fingerprint: " msgstr "????????? ??????????????? ??????: " msgid "Error: invalid formatted fingerprint.\n" -msgstr "??????: ???????????? ?????? ?????????.\n" +msgstr "??????: ???????????? ?????? ?????????.\n" #, c-format msgid "key operation not possible: %s\n" @@ -1291,7 +1291,7 @@ msgid "error changing size of key %d to %u bits: %s\n" msgstr "?????? ????????? ??????? ????? %d ?? %u ???: %s\n" msgid "Make off-card backup of encryption key? (Y/n) " -msgstr "??????? ??? ????? ???????? ????? ????? ??????????? (Y/n)" +msgstr "??????? ??? ????? ???????? ????? ????? ??????????? (Y/n) " msgid "Note: keys are already stored on the card!\n" msgstr "?????????: ????? ??? ???????? ?? ?????!\n" @@ -1331,23 +1331,17 @@ msgstr "????????, ??? ??????? ????:\n" msgid "KEYTOCARD failed: %s\n" msgstr "???? ?????? ????? ?? ?????: %s\n" -#, fuzzy -#| msgid "This command is not allowed while in %s mode.\n" msgid "This command is not supported by this card\n" -msgstr "?????? ??????? ? ?????? %s ???????????.\n" +msgstr "?????? ??????? ???? ?????? ?? ??????????????.\n" -#, fuzzy -#| msgid "Note: keys are already stored on the card!\n" msgid "Note: This command destroys all keys stored on the card!\n" -msgstr "?????????: ????? ??? ???????? ?? ?????!\n" +msgstr "?????????: ??? ??????? ?????? ? ????? ??? ?????!\n" -#, fuzzy -#| msgid "Continue? (Y/n) " msgid "Continue? (y/N) " -msgstr "??????????? (Y/n) " +msgstr "??????????? (y/N) " msgid "Really do a factory reset? (enter \"yes\") " -msgstr "" +msgstr "??????????? ????? ? ????????? ?????????? (??????? \"yes\") " msgid "quit this menu" msgstr "????? ?? ????? ????" @@ -1368,7 +1362,7 @@ msgid "change URL to retrieve key" msgstr "???????? URL ????????? ?????" msgid "fetch the key specified in the card URL" -msgstr "????????? ????, ????????? ?? ????????? ?????? URL" +msgstr "????????? ???? ?? ????????? ?????? URL" msgid "change the login name" msgstr "???????? ??? ??????? ??????" @@ -1398,7 +1392,7 @@ msgid "unblock the PIN using a Reset Code" msgstr "?????????????? PIN ? ??????? ???? ??????" msgid "destroy all keys and data" -msgstr "" +msgstr "?????????? ??? ????? ? ??????" msgid "gpg/card> " msgstr "gpg/card> " @@ -1437,10 +1431,10 @@ msgid "can't do this in batch mode without \"--yes\"\n" msgstr "?? ???? ????????? ? ???????? ?????? ??? \"--yes\"\n" msgid "Delete this key from the keyring? (y/N) " -msgstr "??????? ?????? ???? ?? ???????? (y/N)" +msgstr "??????? ?????? ???? ?? ???????? (y/N) " msgid "This is a secret key! - really delete? (y/N) " -msgstr "??? ???????? ????! - ??? ????? ???????? (y/N)" +msgstr "??? ???????? ????! - ??? ????? ???????? (y/N) " #, c-format msgid "deleting secret %s failed: %s\n" @@ -1457,7 +1451,7 @@ msgid "deleting keyblock failed: %s\n" msgstr "???? ??? ???????? ????? ?????: %s\n" msgid "ownertrust information cleared\n" -msgstr "?????????? ? ??????? ????????? ??????\n" +msgstr "???????? ? ??????? ????????? ????????\n" #, c-format msgid "there is a secret key for public key \"%s\"!\n" @@ -1494,20 +1488,19 @@ msgid "" "WARNING: forcing symmetric cipher %s (%d) violates recipient preferences\n" msgstr "" "????????: ?????????????? ????????????? ????????????? ????? %s (%d)\n" -" ???????????? ????????????? ??????????\n" +" ???????? ???????????? ??????????\n" #, c-format msgid "" "WARNING: forcing compression algorithm %s (%d) violates recipient " "preferences\n" -msgstr "" -"????????: ?????? ?????????? %s (%d) ???????????? ????????????? ??????????\n" +msgstr "????????: ?????? ?????????? %s (%d) ???????? ???????????? ??????????\n" #, c-format msgid "forcing symmetric cipher %s (%d) violates recipient preferences\n" msgstr "" -"?????????????? ????????????? ????????????? ????? %s (%d) ???????????? " -"????????????? ??????????\n" +"?????????????? ????????????? ????????????? ????? %s (%d) ???????? " +"???????????? ??????????\n" #, c-format msgid "you may not use %s while in %s mode\n" @@ -1544,8 +1537,7 @@ msgstr "" msgid "this platform requires temporary files when calling external programs\n" msgstr "" -"?? ?????? ????????? ????????? ????????????? ????????? ?????? ??? ?????? " -"??????? ????????\n" +"?? ?????? ????????? ??? ?????? ??????? ???????? ????????? ????????? ?????\n" #, c-format msgid "unable to execute program '%s': %s\n" @@ -2299,7 +2291,7 @@ msgstr "???????? ???? ???? %d\n" #, c-format msgid "%lu keys processed so far\n" -msgstr "%lu ?????? ??????????\n" +msgstr "?????????? %lu ??????\n" #, c-format msgid "Total number processed: %lu\n" @@ -2390,14 +2382,12 @@ msgstr "?????? ??????????, ????? ?? ???????? ?? msgid "re-distribute this key to avoid potential algorithm mismatch problems\n" msgstr "" -"?????????????? ???? ????, ????? ???????? ????????????? ??????? ???????????? " -"??????????\n" +"?????????????? ???? ???? ?? ????????? ????????? ?????????? ??????????\n" #, c-format msgid "you can update your preferences with: gpg --edit-key %s updpref save\n" msgstr "" -"?? ?????? ???????? ?????? ???????????? ????????\n" -" gpg --edit-key %s updpref save\n" +"???? ???????????? ????? ???????? ???????? gpg --edit-key %s updpref save\n" #, c-format msgid "key %s: no user ID\n" @@ -2423,7 +2413,7 @@ msgid "key %s: no valid user IDs\n" msgstr "???? %s: ??? ?????????????? ID ????????????\n" msgid "this may be caused by a missing self-signature\n" -msgstr "???????? ????? ????? ???? ?????????? ???????????\n" +msgstr "????? ????, ??-?? ?????????? ???????????\n" #, c-format msgid "key %s: public key not found: %s\n" @@ -2455,11 +2445,11 @@ msgstr "???? %s: ?? ????????? ? ????? ??????\n" #, c-format msgid "key %s: can't locate original keyblock: %s\n" -msgstr "???? %s: ?? ?????? ???????????? ???? ?????: %s\n" +msgstr "???? %s: ???????????? ???? ?????? ?? ??????: %s\n" #, c-format msgid "key %s: can't read original keyblock: %s\n" -msgstr "???? %s: ?? ???? ????????? ???????????? ???? ?????: %s\n" +msgstr "???? %s: ???????????? ???? ?????? ?? ????????: %s\n" #, c-format msgid "key %s: \"%s\" 1 new user ID\n" @@ -2522,7 +2512,7 @@ msgid "secret key %s: %s\n" msgstr "???????? ???? %s: %s\n" msgid "importing secret keys not allowed\n" -msgstr "?????? ????????? ????? ?? ????????\n" +msgstr "?????? ????????? ????? ?? ???????????\n" #, c-format msgid "key %s: secret key with invalid cipher %d - skipped\n" @@ -2568,7 +2558,7 @@ msgstr "???? %s: ??? ???????? ??? ?????????? ??? #, c-format msgid "key %s: invalid subkey binding\n" -msgstr "???? %s: ???????????? ????? ?????????\n" +msgstr "???? %s: ???????????? ????? ?????????\n" #, c-format msgid "key %s: removed multiple subkey binding\n" @@ -2580,7 +2570,7 @@ msgstr "???? %s: ??? ???????? ??? ?????? ?????\n" #, c-format msgid "key %s: invalid subkey revocation\n" -msgstr "???? %s: ???????????????? ????? ????????\n" +msgstr "???? %s: ???????? ????? ????????\n" #, c-format msgid "key %s: removed multiple subkey revocation\n" @@ -2628,7 +2618,7 @@ msgstr "????????: ???? %s, ????????, ???????: ??? #, c-format msgid "key %s: \"%s\" revocation certificate added\n" -msgstr "???? %s: \"%s\" ???????? ?????????? ??????\n" +msgstr "???? %s: ???????? ?????????? ?????? \"%s\"\n" #, c-format msgid "key %s: direct key signature added\n" @@ -2791,7 +2781,7 @@ msgid "\"%s\" was already signed by key %s\n" msgstr "\"%s\" ??? ???????? ?????? %s\n" msgid "Do you want to sign it again anyway? (y/N) " -msgstr "?? ??? ????? ?????? ????? ????????? ???? (y/N)" +msgstr "?? ??? ????? ?????? ????? ????????? ???? (y/N) " #, c-format msgid "Nothing to sign with key %s\n" @@ -2840,7 +2830,7 @@ msgid "" "Are you sure that you want to sign this key with your\n" "key \"%s\" (%s)\n" msgstr "" -"??????? ?? ??, ??? ?????? ????????? ???? ????\n" +"?? ???????, ??? ?????? ????????? ???? ????\n" "????? ?????? \"%s\" (%s)?\n" msgid "This will be a self-signature.\n" @@ -2868,16 +2858,16 @@ msgid "I have checked this key very carefully.\n" msgstr "???? ???? ???????? ???? ????? ?????????.\n" msgid "Really sign? (y/N) " -msgstr "????????????? ?????????? (y/N)" +msgstr "????????????? ?????????? (y/N) " #, c-format msgid "signing failed: %s\n" -msgstr "?? ??????? ?????????: %s\n" +msgstr "????????? ?? ???????: %s\n" msgid "Key has only stub or on-card key items - no passphrase to change.\n" msgstr "" "? ????? ?????? ????????? ??? ???????? ??? ????? -\n" -"??? ?????-?????? ??? ?????????.\n" +"?????-?????? ??? ????????? ???.\n" #, c-format msgid "key %s: error changing passphrase: %s\n" @@ -2987,7 +2977,7 @@ msgid "revoke key or selected subkeys" msgstr "???????? ???? ??? ????????? ????????" msgid "enable key" -msgstr "???????? ????" +msgstr "?????????? ????" msgid "disable key" msgstr "????????? ????" @@ -3017,7 +3007,7 @@ msgid "" " a 't' for trust signatures (tsign), an 'nr' for non-revocable signatures\n" " (nrsign), or any combination thereof (ltsign, tnrsign, etc.).\n" msgstr "" -"* ??????? 'sign' ????? ????? ??????? 'l' (????????? ???????, lsign),\n" +"* ? ??????? 'sign' ????? ???? ????????? 'l' (????????? ???????, lsign),\n" " 't' (??????? ???????, tsign), 'nr' (????????????, \n" " nrsign) ??? ????? ?? ????????? (ltsign, tnrsign ? ?.?.).\n" @@ -3166,11 +3156,11 @@ msgstr "(????? ??????)" #, c-format msgid "created: %s" -msgstr "??????: %s" +msgstr " ??????: %s" #, c-format msgid "revoked: %s" -msgstr "???????: %s" +msgstr " ???????: %s" #, c-format msgid "expired: %s" @@ -3178,7 +3168,7 @@ msgstr "????????? ?: %s" #, c-format msgid "expires: %s" -msgstr "???? ???????? ????????: %s" +msgstr " ????? ??: %s" # perhaps this should be somewhere in help/man # (S - ???????, C - ????????????, E - ??????????, A - ??????????????) @@ -3340,7 +3330,7 @@ msgid "subkey %s does not sign and so does not need to be cross-certified\n" msgstr "??????? %s ?? ??? ????????, ?? ?? ????????? ? ???????????? ?????????\n" msgid "Please select exactly one user ID.\n" -msgstr "???????? ?????? ???? ID ????????????.\n" +msgstr "???????? ????? ???? ID ????????????.\n" #, c-format msgid "skipping v3 self-signature on user ID \"%s\"\n" @@ -3504,10 +3494,10 @@ msgstr "11223300" #, c-format msgid "Possible actions for a %s key: " -msgstr "????????? ???????? ??? ????? %s:" +msgstr "????????? ???????? ??? ????? %s: " msgid "Current allowed actions: " -msgstr "????????? ????????:" +msgstr "????????? ????????: " #, c-format msgid " (%c) Toggle the sign capability\n" @@ -3591,7 +3581,7 @@ msgstr "??? ????? ? ????? ?????\n" #, c-format msgid "%s keys may be between %u and %u bits long.\n" -msgstr "????? %s ????? ????? ????? ?? %u ?? %u ???.\n" +msgstr "????? ?????? %s ????? ???? ?? %u ?? %u ???.\n" #, c-format msgid "What keysize do you want for the subkey? (%u) " @@ -3622,10 +3612,10 @@ msgid "" msgstr "" "???????? ???? ???????? ?????.\n" " 0 = ?? ?????????\n" -" = ???? ???????? - n ????\n" -" w = ???? ???????? - n ??????\n" -" m = ???? ???????? - n ???????\n" -" y = ???? ???????? - n ???\n" +" = ???? ???????? ????? - n ????\n" +" w = ???? ???????? ????? - n ??????\n" +" m = ???? ???????? ????? - n ???????\n" +" y = ???? ???????? ????? - n ???\n" msgid "" "Please specify how long the signature should be valid.\n" @@ -3816,8 +3806,8 @@ msgid "" "generator a better chance to gain enough entropy.\n" msgstr "" "?????????? ???????? ????? ????????? ?????. ??????????, ????? ??\n" -"????????? ????????? ?????? ???????? (?????? ?? ??????????, ???????? ????,\n" -"????????? ? ??????) ? ???????? ?????????; ??? ???? ??????????\n" +"? ???????? ????????? ????????? ?????-?? ?????? ???????? (??????\n" +"?? ??????????, ???????? ????, ????????? ? ??????); ??? ???? ??????????\n" "????????? ????? ?????? ???????????? ???????? ??????????? ?????????? " "????????.\n" @@ -3920,7 +3910,7 @@ msgid "never " msgstr "??????? " msgid "Critical signature policy: " -msgstr "??????????? ??????? ??? ???????: " +msgstr "??????????? ??????? ???????: " msgid "Signature policy: " msgstr "??????? ???????: " @@ -4005,7 +3995,7 @@ msgstr "????????? ????? ??????? PKA ??? ???????? #, c-format msgid "WARNING: keyserver option '%s' is not used on this platform\n" msgstr "" -"????????: ???????? ??????? ?????? '%s' ?? ???????????? ?? ?????? ?????????\n" +"????????: ???????? ??????? ?????? `%s' ?? ?????? ????????? ?? ????????????\n" msgid "disabled" msgstr "????????" @@ -4045,7 +4035,7 @@ msgstr "???? ?? ?????? ?? ??????? ??????\n" #, c-format msgid "requesting key %s from %s server %s\n" -msgstr "?????????? ???? %s ? %s ??????? %s\n" +msgstr "?????????? ???? %s ? ??????? %s %s\n" #, c-format msgid "requesting key %s from %s\n" @@ -4057,7 +4047,7 @@ msgstr "????????? \"%s\": %s\n" #, c-format msgid "sending key %s to %s server %s\n" -msgstr "???????? ????? %s ?? %s ?????? %s\n" +msgstr "???????? ????? %s ?? ?????? %s %s\n" #, c-format msgid "sending key %s to %s\n" @@ -4236,7 +4226,7 @@ msgstr "" #, c-format msgid "standalone signature of class 0x%02x\n" -msgstr "??????????????? ??????? ?????? 0x%02x\n" +msgstr "????????? ??????? ?????? 0x%02x\n" msgid "old style (PGP 2.x) signature\n" msgstr "??????? ??????? ???? (PGP 2.x)\n" @@ -4396,7 +4386,7 @@ msgstr "" "?????? %s%s.\n" msgid "Enter passphrase\n" -msgstr "??????? ??????\n" +msgstr "??????? ?????-??????\n" msgid "cancelled by user\n" msgstr "???????? ?????????????\n" @@ -4849,7 +4839,7 @@ msgstr "??????" #, c-format msgid "(Probably you want to select %d here)\n" -msgstr "(????????, ?? ????? ???????? %d)\n" +msgstr "(?????? ?????, ?? ????? ???????? %d)\n" msgid "Enter an optional description; end it with an empty line:\n" msgstr "??????? ?????????????? ?????????; ????????? ?????? ???????:\n" @@ -4928,7 +4918,7 @@ msgstr "?????????: ???? ??? ???????? %s ???????\n #, c-format msgid "assuming bad signature from key %s due to an unknown critical bit\n" msgstr "" -"?????????????? ?????? ??????? ????? %s ??-?? ???????????? ???????????? ????\n" +"??????? ????? %s ????????? ?????? ??-?? ???????????? ???????????? ????\n" #, c-format msgid "key %s: no subkey for subkey revocation signature\n" @@ -5252,7 +5242,7 @@ msgstr "" #, c-format msgid "input line %u too long or missing LF\n" -msgstr "??????? ?????? %u ??????? ??????? ??? ???????? ??????? ??????\n" +msgstr "??????? ??????? ??????? ?????? %u ??? ???????? ??????? ??????\n" #, c-format msgid "can't open fd %d: %s\n" @@ -5485,7 +5475,7 @@ msgstr "" #, c-format msgid "can't access %s - invalid OpenPGP card?\n" -msgstr "??? ??????? ? %s - ????????????????? ????? OpenPGP?\n" +msgstr "??? ??????? ? %s - ??????????? ????? OpenPGP?\n" msgid "||Please enter your PIN at the reader's pinpad" msgstr "||??????? PIN ?? ?????????? ???????????" @@ -5767,8 +5757,8 @@ msgid "" "S/N %s, ID 0x%08lX,\n" "created %s, expires %s.\n" msgstr "" -"??????? ?????-?????? ??? ??????? ? ????????? ????? ??? ??????????? X.509:\"%s" -"\"\n" +"??????? ?????-?????? ??? ??????? ? ????????? ????? ??????????? X.509:\n" +"\"%s\"\n" "S/N %s, ID 0x%08lX,\n" "?????? %s, ???????? %s.\n" @@ -7589,7 +7579,7 @@ msgid "|N|set minimal required length for new passphrases to N" msgstr "|N|?????????? ??????????? ????? ?????-?????? ?????? N" msgid "|N|require at least N non-alpha characters for a new passphrase" -msgstr "|n|????????? ?? ????? N ???????????? ???????? ??? ????? ?????-??????" +msgstr "|n|????????? ??? ????? ?????-?????? ?? ????? N ???????????? ????????" msgid "|FILE|check new passphrases against pattern in FILE" msgstr "|FILE|????????? ????? ?????-?????? ?? ????? ???????? FILE" commit c8bb5000d4c86a055348dc08352f573c599743a7 Author: Werner Koch Date: Fri Apr 10 15:08:50 2015 +0200 dirmngr,w32: Make it build for Windows. * dirmngr/Makefile.am (t_common_ldadd): Add missing libs. diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index d80dd6d..a8b1c52 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -110,12 +110,14 @@ no-libgcrypt.c : $(top_srcdir)/tools/no-libgcrypt.c t_common_src = t-support.h # We need libcommontls, because we use the http functions. t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o \ - $(GPG_ERROR_LIBS) $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS) + $(GPG_ERROR_LIBS) $(NETLIBS) \ + $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \ + $(DNSLIBS) $(LIBINTL) $(LIBICONV) module_tests = t-ldap-parse-uri t_ldap_parse_uri_SOURCES = \ t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \ - $(t_common_src) + $(ldap_url) $(t_common_src) t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(PROGRAMS) : $(libcommon) $(libcommonpth) $(libcommontls) $(libcommontlsnpth) ----------------------------------------------------------------------- Summary of changes: NEWS | 35 +++++++++++- configure.ac | 2 +- dirmngr/Makefile.am | 6 +- po/ru.po | 154 ++++++++++++++++++++++++---------------------------- po/uk.po | 46 ++++++---------- 5 files changed, 128 insertions(+), 115 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Apr 12 19:52:22 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 12 Apr 2015 19:52:22 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-182-g6e31a28 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6e31a2805c5e808fe50a0c2529823f6501db2d38 (commit) from a06fbc0d1e98eb1218eff55ad2f37d471e4f33b2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6e31a2805c5e808fe50a0c2529823f6501db2d38 Author: Werner Koch Date: Sun Apr 12 19:50:49 2015 +0200 Add git url to AUTHORS -- diff --git a/AUTHORS b/AUTHORS index e186a48..1e34aed 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,7 +1,9 @@ Library: Libgcrypt Homepage: http://www.gnu.org/software/libgcrypt/ +Download: ftp://ftp.gnupg.org/gcrypt/libgcrypt/ +Repository: git://git.gnupg.org/libgcrypt.git Maintainer: Werner Koch -Bug reports: http://bugs.gnupg.org +Bug reports: https://bugs.gnupg.org Security related bug reports: License (library): LGPLv2.1+ License (manual and tools): GPLv2+ ----------------------------------------------------------------------- Summary of changes: AUTHORS | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sun Apr 12 20:00:14 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 12 Apr 2015 20:00:14 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.2-101-geb54282 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via eb54282e39fe4bc7bea447e6f0d1f446c529b482 (commit) from 482b2f8b5db20fb2fb827a5032bd108fc02e5f89 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eb54282e39fe4bc7bea447e6f0d1f446c529b482 Author: Werner Koch Date: Sun Apr 12 19:58:28 2015 +0200 build: Update gpg-error.m4. -- diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 index 1362709..1661204 100644 --- a/m4/gpg-error.m4 +++ b/m4/gpg-error.m4 @@ -26,19 +26,20 @@ dnl is added to the gpg_config_script_warn variable. dnl AC_DEFUN([AM_PATH_GPG_ERROR], [ AC_REQUIRE([AC_CANONICAL_HOST]) + gpg_error_config_prefix="" dnl --with-libgpg-error-prefix=PFX is the preferred name for this option, dnl since that is consistent with how our three siblings use the directory/ dnl package name in --with-$dir_name-prefix=PFX. AC_ARG_WITH(libgpg-error-prefix, - AC_HELP_STRING([--with-libgpg-error-prefix=PFX], - [prefix where GPG Error is installed (optional)]), - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + AC_HELP_STRING([--with-libgpg-error-prefix=PFX], + [prefix where GPG Error is installed (optional)]), + [gpg_error_config_prefix="$withval"]) dnl Accept --with-gpg-error-prefix and make it work the same as dnl --with-libgpg-error-prefix above, for backwards compatibility, dnl but do not document this old, inconsistently-named option. AC_ARG_WITH(gpg-error-prefix,, - gpg_error_config_prefix="$withval", gpg_error_config_prefix="") + [gpg_error_config_prefix="$withval"]) if test x"${GPG_ERROR_CONFIG}" = x ; then if test x"${gpg_error_config_prefix}" != x ; then @@ -63,7 +64,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR], min_gpg_error_version=ifelse([$1], ,0.0,$1) AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) ok=no - if test "$GPG_ERROR_CONFIG" != "no" ; then + if test "$GPG_ERROR_CONFIG" != "no" \ + && test -f "$GPG_ERROR_CONFIG" ; then req_major=`echo $min_gpg_error_version | \ sed 's/$[[0-9]]*$\.$[[0-9]]*$/\1/'` req_minor=`echo $min_gpg_error_version | \ ----------------------------------------------------------------------- Summary of changes: m4/gpg-error.m4 | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 13 09:59:17 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Apr 2015 09:59:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-3-g454f603 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 454f60399c7318fffd3de2afadd58c7a490178bd (commit) from eb54282e39fe4bc7bea447e6f0d1f446c529b482 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 454f60399c7318fffd3de2afadd58c7a490178bd Author: Werner Koch Date: Mon Apr 13 09:57:33 2015 +0200 common: Do without nested fucntions to support non-gcc. * common/t-stringhelp.c (test_strsplit): Remove nested function. Signed-off-by: Werner Koch diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c index f5b6cd9..9d1d20c 100644 --- a/common/t-stringhelp.c +++ b/common/t-stringhelp.c @@ -482,58 +482,60 @@ test_make_absfilename_try (void) static void test_strsplit (void) { - int test_count = 0; - void test (const char *s, char delim, char replacement, - const char *fields_expected[]) - { - char *s2; - int field_count; - char **fields; - int field_count_expected; - int i; - - /* Count the fields. */ - for (field_count_expected = 0; - fields_expected[field_count_expected]; - field_count_expected ++) - ; - - test_count ++; - - /* We need to copy s since strsplit modifies it in place. */ - s2 = xstrdup (s); - fields = strsplit (s2, delim, replacement, &field_count); - - if (field_count != field_count_expected) - fail (test_count * 1000); - - for (i = 0; i < field_count_expected; i ++) - if (strcmp (fields_expected[i], fields[i]) != 0) - { - printf ("For field %d, expected '%s', but got '%s'\n", - i, fields_expected[i], fields[i]); - fail (test_count * 1000 + i + 1); - } - - xfree (s2); - } - - { - const char *expected_result[] = - { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL }; - test ("a:bc:cde:fghi:jklmn::foo:", ':', '\0', expected_result); - } - - { - const char *expected_result[] = - { "!a!bc!!def!", "a!bc!!def!", "bc!!def!", "!def!", "def!", "", NULL }; - test (",a,bc,,def,", ',', '!', expected_result); - } - - { - const char *expected_result[] = { "", NULL }; - test ("", ':', ',', expected_result); - } + struct { + const char *s; + char delim; + char replacement; + const char *fields_expected[10]; + } tv[] = { + { + "a:bc:cde:fghi:jklmn::foo:", ':', '\0', + { "a", "bc", "cde", "fghi", "jklmn", "", "foo", "", NULL } + }, + { + ",a,bc,,def,", ',', '!', + { "!a!bc!!def!", "a!bc!!def!", "bc!!def!", "!def!", "def!", "", NULL } + }, + { + "", ':', ',', + { "", NULL } + } + }; + + int tidx; + + for (tidx = 0; tidx < DIM(tv); tidx++) + { + char *s2; + int field_count; + char **fields; + int field_count_expected; + int i; + + /* Count the fields. */ + for (field_count_expected = 0; + tv[tidx].fields_expected[field_count_expected]; + field_count_expected ++) + ; + + /* We need to copy s since strsplit modifies it in place. */ + s2 = xstrdup (tv[tidx].s); + fields = strsplit (s2, tv[tidx].delim, tv[tidx].replacement, + &field_count); + + if (field_count != field_count_expected) + fail (tidx * 1000); + + for (i = 0; i < field_count_expected; i ++) + if (strcmp (tv[tidx].fields_expected[i], fields[i]) != 0) + { + printf ("For field %d, expected '%s', but got '%s'\n", + i, tv[tidx].fields_expected[i], fields[i]); + fail (tidx * 1000 + i + 1); + } + + xfree (s2); + } } int ----------------------------------------------------------------------- Summary of changes: common/t-stringhelp.c | 106 +++++++++++++++++++++++++------------------------- 1 file changed, 54 insertions(+), 52 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 13 12:02:47 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 13 Apr 2015 12:02:47 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-4-g5cde5bf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5cde5bf37339cdeb0bd0a33d39477382eafebede (commit) from 454f60399c7318fffd3de2afadd58c7a490178bd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5cde5bf37339cdeb0bd0a33d39477382eafebede Author: Neal H. Walfield Date: Mon Apr 13 12:02:40 2015 +0200 dirmngr: If LDAP is not enable, don't build the LDAP bits. * dirmngr/Makefile.am (dirmngr_SOURCES): Only include ks-engine-ldap.c, ldap-parse-uri.c and ldap-parse-uri.h if USE_LDAP is TRUE. (module_tests): Only add t-ldap-parse-uri if USE_LDAP is TRUE. * dirmngr/ks-action.c: Only include "ldap-parse-uri.h" if USE_LDAP is TRUE. (ks_action_help): Don't invoke LDAP functionality if USE_LDAP is not TRUE. (ks_action_search): Likewise. (ks_action_get): Likewise. (ks_action_put): Likewise. * dirmngr/server.c: Only include "ldap-parse-uri.h" if USE_LDAP is TRUE. (cmd_keyserver): Don't invoke LDAP functionality if USE_LDAP is not TRUE. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1949 diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index a8b1c52..c5713a7 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -62,13 +62,12 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ cdb.h cdblib.c misc.c dirmngr-err.h \ ocsp.c ocsp.h validate.c validate.h \ ks-action.c ks-action.h ks-engine.h \ - ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c \ - ks-engine-ldap.c \ - ldap-parse-uri.c ldap-parse-uri.h + ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c if USE_LDAP dirmngr_SOURCES += ldapserver.h ldapserver.c ldap.c w32-ldap-help.h \ - ldap-wrapper.h $(ldap_url) $(extraldap_src) + ldap-wrapper.h ldap-parse-uri.c ldap-parse-uri.h \ + ks-engine-ldap.c $(ldap_url) $(extraldap_src) ldaplibs = $(LDAPLIBS) else ldaplibs = @@ -114,7 +113,12 @@ t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o \ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \ $(DNSLIBS) $(LIBINTL) $(LIBICONV) -module_tests = t-ldap-parse-uri +module_tests = + +if USE_LDAP +module_tests += t-ldap-parse-uri +endif + t_ldap_parse_uri_SOURCES = \ t-ldap-parse-uri.c ldap-parse-uri.c ldap-parse-uri.h \ $(ldap_url) $(t_common_src) diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c index c76aaaa..dd4516a 100644 --- a/dirmngr/ks-action.c +++ b/dirmngr/ks-action.c @@ -30,7 +30,9 @@ #include "misc.h" #include "ks-engine.h" #include "ks-action.h" -#include "ldap-parse-uri.h" +#if USE_LDAP +# include "ldap-parse-uri.h" +#endif /* Called by the engine's help functions to print the actual help. */ gpg_error_t @@ -73,10 +75,14 @@ ks_action_help (ctrl_t ctrl, const char *url) } else { +#if USE_LDAP if (ldap_uri_p (url)) err = ldap_parse_uri (&parsed_uri, url); else - err = http_parse_uri (&parsed_uri, url, 1); +#endif + { + err = http_parse_uri (&parsed_uri, url, 1); + } if (err) return err; @@ -90,8 +96,10 @@ ks_action_help (ctrl_t ctrl, const char *url) err = ks_finger_help (ctrl, parsed_uri); if (!err) err = ks_kdns_help (ctrl, parsed_uri); +#if USE_LDAP if (!err) err = ks_ldap_help (ctrl, parsed_uri); +#endif if (!parsed_uri) ks_print_help (ctrl, @@ -151,16 +159,23 @@ ks_action_search (ctrl_t ctrl, uri_item_t keyservers, for (uri = keyservers; !err && uri; uri = uri->next) { int is_http = uri->parsed_uri->is_http; - int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0 - || strcmp (uri->parsed_uri->scheme, "ldaps") == 0 - || strcmp (uri->parsed_uri->scheme, "ldapi") == 0); + int is_ldap = 0; +#if USE_LDAP + is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0 + || strcmp (uri->parsed_uri->scheme, "ldaps") == 0 + || strcmp (uri->parsed_uri->scheme, "ldapi") == 0); +#endif if (is_http || is_ldap) { any_server = 1; - if (is_http) - err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp); - else if (is_ldap) +#if USE_LDAP + if (is_ldap) err = ks_ldap_search (ctrl, uri->parsed_uri, patterns->d, &infp); + else +#endif + { + err = ks_hkp_search (ctrl, uri->parsed_uri, patterns->d, &infp); + } if (!err) { @@ -203,18 +218,27 @@ ks_action_get (ctrl_t ctrl, uri_item_t keyservers, for (uri = keyservers; !err && uri; uri = uri->next) { int is_http = uri->parsed_uri->is_http; - int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0 - || strcmp (uri->parsed_uri->scheme, "ldaps") == 0 - || strcmp (uri->parsed_uri->scheme, "ldapi") == 0); + int is_ldap = 0; + +#if USE_LDAP + is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0 + || strcmp (uri->parsed_uri->scheme, "ldaps") == 0 + || strcmp (uri->parsed_uri->scheme, "ldapi") == 0); +#endif + if (is_http || is_ldap) { any_server = 1; for (sl = patterns; !err && sl; sl = sl->next) { - if (is_http) - err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp); - else +#if USE_LDAP + if (is_ldap) err = ks_ldap_get (ctrl, uri->parsed_uri, sl->d, &infp); + else +#endif + { + err = ks_hkp_get (ctrl, uri->parsed_uri, sl->d, &infp); + } if (err) { @@ -322,22 +346,32 @@ ks_action_put (ctrl_t ctrl, uri_item_t keyservers, int any_server = 0; uri_item_t uri; + (void) info; + (void) infolen; + for (uri = keyservers; !err && uri; uri = uri->next) { int is_http = uri->parsed_uri->is_http; - int is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0 - || strcmp (uri->parsed_uri->scheme, "ldaps") == 0 - || strcmp (uri->parsed_uri->scheme, "ldapi") == 0); + int is_ldap = 0; + +#if USE_LDAP + is_ldap = (strcmp (uri->parsed_uri->scheme, "ldap") == 0 + || strcmp (uri->parsed_uri->scheme, "ldaps") == 0 + || strcmp (uri->parsed_uri->scheme, "ldapi") == 0); +#endif if (is_http || is_ldap) { any_server = 1; - if (is_http) - err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen); - else +#if USE_LDAP + if (is_ldap) err = ks_ldap_put (ctrl, uri->parsed_uri, data, datalen, info, infolen); - + else +#endif + { + err = ks_hkp_put (ctrl, uri->parsed_uri, data, datalen); + } if (err) { first_err = err; diff --git a/dirmngr/server.c b/dirmngr/server.c index 506b137..3e6d99d 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -48,7 +48,9 @@ #endif #include "ks-action.h" #include "ks-engine.h" /* (ks_hkp_print_hosttable) */ -#include "ldap-parse-uri.h" +#if USE_LDAP +# include "ldap-parse-uri.h" +#endif /* To avoid DoS attacks we limit the size of a certificate to something reasonable. */ @@ -1530,10 +1532,14 @@ cmd_keyserver (assuan_context_t ctx, char *line) item->parsed_uri = NULL; strcpy (item->uri, line); +#if USE_LDAP if (ldap_uri_p (item->uri)) err = ldap_parse_uri (&item->parsed_uri, line); else - err = http_parse_uri (&item->parsed_uri, line, 1); +#endif + { + err = http_parse_uri (&item->parsed_uri, line, 1); + } if (err) { xfree (item); ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 14 ++++++---- dirmngr/ks-action.c | 76 ++++++++++++++++++++++++++++++++++++++--------------- dirmngr/server.c | 10 +++++-- 3 files changed, 72 insertions(+), 28 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 13 17:12:35 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Apr 2015 17:12:35 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.3-8-g7dcb654 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 7dcb65428116e76cba9c5b171a653e791a5efaf1 (commit) via d2712d9f6f086911184453219a096c61f6829d3b (commit) via 524dacfbb6bb131f05a4ecab3d7bcd91c1b43d33 (commit) from 8cfcdfe5564f87362e5ec1bfdca5c14aed9c45f0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7dcb65428116e76cba9c5b171a653e791a5efaf1 Author: Werner Koch Date: Mon Apr 13 15:50:59 2015 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index dc3bbfc..09cc930 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.6.0 (unreleased) [C__/A__/R_] +------------------------------------------------ + + Noteworthy changes in version 1.5.4 (2015-04-13) [C24/A13/R3] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 298a22b..2f47719 100644 --- a/configure.ac +++ b/configure.ac @@ -28,8 +28,8 @@ min_automake_version="1.14" # commit and push so that the git magic is able to work. See below # for the LT versions. m4_define(mym4_version_major, [1]) -m4_define(mym4_version_minor, [5]) -m4_define(mym4_version_micro, [4]) +m4_define(mym4_version_minor, [6]) +m4_define(mym4_version_micro, [0]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit d2712d9f6f086911184453219a096c61f6829d3b Author: Werner Koch Date: Mon Apr 13 15:43:13 2015 +0200 Release 1.5.4. diff --git a/NEWS b/NEWS index 399c1e0..dc3bbfc 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,9 @@ -Noteworthy changes in version 1.6.0 (unreleased) [C__/A__/R0] -------------------------------------------------------------- +Noteworthy changes in version 1.5.4 (2015-04-13) [C24/A13/R3] +------------------------------------------------ - * Interface changes relative to the 1.5.3 release: - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * Fixed a possible crash in the debug code. + + * Fixed building for Windows with newer versions of Mingw. Noteworthy changes in version 1.5.3 (2014-12-11) [C24/A13/R2] diff --git a/README b/README index a16a066..6da94e5 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ GPGME - GnuPG Made Easy --------------------------- - Copyright 2004, 2006, 2010, 2012, 2013, 2014 g10 Code GmbH + Copyright 2004, 2006, 2010, 2012, 2013, 2014, 2015 g10 Code GmbH This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without diff --git a/configure.ac b/configure.ac index 3b444a0..298a22b 100644 --- a/configure.ac +++ b/configure.ac @@ -28,8 +28,8 @@ min_automake_version="1.14" # commit and push so that the git magic is able to work. See below # for the LT versions. m4_define(mym4_version_major, [1]) -m4_define(mym4_version_minor, [6]) -m4_define(mym4_version_micro, [0]) +m4_define(mym4_version_minor, [5]) +m4_define(mym4_version_micro, [4]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag @@ -59,7 +59,7 @@ LIBGPGME_LT_CURRENT=24 # Subtract 2 from this value if you want to make the LFS transition an # ABI break. [Note to self: Remove this comment with the next regular break.] LIBGPGME_LT_AGE=13 -LIBGPGME_LT_REVISION=2 +LIBGPGME_LT_REVISION=3 # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 @@ -546,7 +546,7 @@ AH_BOTTOM([ #define GPG_ERR_ENABLE_ERRNO_MACROS 1 #define CRIGHTBLURB "Copyright (C) 2000 Werner Koch\n" \ - "Copyright (C) 2001--2013 g10 Code GmbH\n" + "Copyright (C) 2001--2015 g10 Code GmbH\n" ]) commit 524dacfbb6bb131f05a4ecab3d7bcd91c1b43d33 Author: Werner Koch Date: Mon Apr 13 15:35:06 2015 +0200 w32: Use -static-libgcc to avoid linking to libgcc_s_sjlj-1.dll. * src/Makefile.am (extra_ltoptions): New. (libgpgme_la_LDFLAGS): Use it. (libgpgme_pthread_la_LDFLAGS): Ditto. (libgpgme_glib_la_LDFLAGS): Ditto. -- Since gcc 4.8 there is a regression in Mingw64 in that plain C programs may link to libgcc_s.a which has a dependency on libgcc_s_sjlj.dll. This is for example triggered by using long long arithmetic on a 32 bit Windows (e.g symbol __udivdi3). Note that we don't use this patch for the Qt version which, as C++ programs, actually requires that DLL, Signed-off-by: Werner Koch diff --git a/src/Makefile.am b/src/Makefile.am index b7ddbc1..58922f9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -153,6 +153,7 @@ SUFFIXES = .rc .lo gpgme_res = versioninfo.lo no_undefined = -no-undefined export_symbols = -export-symbols $(srcdir)/gpgme.def +extra_ltoptions = -XCClinker -static-libgcc install-def-file: -$(INSTALL) -d $(DESTDIR)$(libdir) @@ -167,20 +168,22 @@ else gpgme_res = no_undefined = export_symbols = +extra_ltoptions = install-def-file: uninstall-def-file: gpgme_deps = endif -libgpgme_la_LDFLAGS = $(no_undefined) $(export_symbols) \ +libgpgme_la_LDFLAGS = $(no_undefined) $(export_symbols) $(extra_ltoptions) \ $(libgpgme_version_script_cmd) -version-info \ @LIBGPGME_LT_CURRENT@:@LIBGPGME_LT_REVISION@:@LIBGPGME_LT_AGE@ libgpgme_la_DEPENDENCIES = @LTLIBOBJS@ $(srcdir)/libgpgme.vers $(gpgme_deps) libgpgme_la_LIBADD = $(gpgme_res) @LIBASSUAN_LIBS@ @LTLIBOBJS@ \ @GPG_ERROR_LIBS@ -libgpgme_pthread_la_LDFLAGS = $(no_undefined) $(export_symbols) \ +libgpgme_pthread_la_LDFLAGS = \ + $(no_undefined) $(export_symbols) $(extra_ltoptions) \ $(libgpgme_version_script_cmd) -version-info \ @LIBGPGME_LT_CURRENT@:@LIBGPGME_LT_REVISION@:@LIBGPGME_LT_AGE@ libgpgme_pthread_la_DEPENDENCIES = @LTLIBOBJS@ $(srcdir)/libgpgme.vers @@ -188,8 +191,9 @@ libgpgme_pthread_la_LIBADD = $(gpgme_res) @LIBASSUAN_LIBS@ @LTLIBOBJS@ \ -lpthread @GPG_ERROR_LIBS@ if BUILD_W32_GLIB -libgpgme_glib_la_LDFLAGS = $(no_undefined) \ - $(export_symbols) $(libgpgme_version_script_cmd) -version-info \ +libgpgme_glib_la_LDFLAGS = \ + $(no_undefined) $(export_symbols) $(extra_ltoptions) \ + $(libgpgme_version_script_cmd) -version-info \ @LIBGPGME_LT_CURRENT@:@LIBGPGME_LT_REVISION@:@LIBGPGME_LT_AGE@ libgpgme_glib_la_DEPENDENCIES = @LTLIBOBJS@ \ $(srcdir)/libgpgme.vers $(gpgme_deps) ----------------------------------------------------------------------- Summary of changes: NEWS | 13 +++++++++---- README | 2 +- configure.ac | 4 ++-- src/Makefile.am | 12 ++++++++---- 4 files changed, 20 insertions(+), 11 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 13 17:15:28 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Apr 2015 17:15:28 +0200 Subject: [git] ADNS-g10 - branch, master, updated. adns-1.4-g10-5-6-geaf33fc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "ADNS migrated to autotools/libtool". The branch, master has been updated via eaf33fc56b3cdf5f2f52d95c6ed1d3277e281cc8 (commit) via a3f87ce26280b8d1f350517b4bec1eb687143ccb (commit) from baa4774005963c8390cacb23db8f409a7f4fdd0e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eaf33fc56b3cdf5f2f52d95c6ed1d3277e281cc8 Author: Werner Koch Date: Mon Apr 13 12:05:08 2015 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index a74945f..c4cd807 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.4-g10-7 (unreleased) +---------------------------------------------------- + + Noteworthy changes in version 1.4-g10-6 (2015-04-13) ---------------------------------------------------- diff --git a/configure.ac b/configure.ac index 04822f9..4059627 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.14" # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. # See below for the LT version numbers. -m4_define([mym4_version], [1.4-g10-6]) +m4_define([mym4_version], [1.4-g10-7]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit a3f87ce26280b8d1f350517b4bec1eb687143ccb Author: Werner Koch Date: Mon Apr 13 11:57:58 2015 +0200 Release 1.4-g10-6 * configure.ac: Set LT version to C4/A3/R3. diff --git a/NEWS b/NEWS index 8586c46..a74945f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ -Noteworthy changes in version 1.4-g10-6 (unreleased) +Noteworthy changes in version 1.4-g10-6 (2015-04-13) ---------------------------------------------------- + * Fix building for Windows with newer versions of Mingw. + + Noteworthy changes in version 1.4-g10-5 (2014-12-12) ---------------------------------------------------- diff --git a/configure.ac b/configure.ac index aff9ec1..04822f9 100644 --- a/configure.ac +++ b/configure.ac @@ -54,7 +54,7 @@ AC_INIT([adns], [mym4_full_version], [bug-adns at g10code.com]) # Please remember to document interface changes in the NEWS file. ADNS_LT_CURRENT=4 ADNS_LT_AGE=3 -ADNS_LT_REVISION=2 +ADNS_LT_REVISION=3 # If the API is changed in an incompatible way: increment this counter. ADNS_CONFIG_API_VERSION=1 ----------------------------------------------------------------------- Summary of changes: NEWS | 9 ++++++++- configure.ac | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) hooks/post-receive -- ADNS migrated to autotools/libtool http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 13 17:19:09 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Apr 2015 17:19:09 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-183-g9fca468 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9fca46864e1b5a9c788072113589454adb89fa97 (commit) from 6e31a2805c5e808fe50a0c2529823f6501db2d38 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9fca46864e1b5a9c788072113589454adb89fa97 Author: Werner Koch Date: Mon Apr 13 11:48:33 2015 +0200 mpi: Fix gcry_mpi_copy for NULL opaque data. * mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed. -- gcry_mpi_set_opaque allows to store NULL as opaque data. Thus we also need to take care when copying such data. Signed-off-by: Werner Koch diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index fbbd3b4..71b3f1c 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -343,7 +343,8 @@ _gcry_mpi_copy (gcry_mpi_t a) if( a && (a->flags & 4) ) { void *p = _gcry_is_secure(a->d)? xmalloc_secure ((a->sign+7)/8) : xmalloc ((a->sign+7)/8); - memcpy( p, a->d, (a->sign+7)/8 ); + if (a->d) + memcpy( p, a->d, (a->sign+7)/8 ); b = mpi_set_opaque( NULL, p, a->sign ); b->flags &= ~(16|32); /* Reset the immutable and constant flags. */ } ----------------------------------------------------------------------- Summary of changes: mpi/mpiutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 13 17:21:35 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Apr 2015 17:21:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-5-g25fce93 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 25fce93ba19d997e234a674d5cc98df82c5b5496 (commit) from 5cde5bf37339cdeb0bd0a33d39477382eafebede (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 25fce93ba19d997e234a674d5cc98df82c5b5496 Author: Werner Koch Date: Mon Apr 13 11:44:10 2015 +0200 gpg: Fix NULL-segv due to invalid imported data. * g10/free-packet.c (my_mpi_copy): New. (copy_public_key, copy_signature): Use instead of mpi_copy. -- Reported-by: Hanno B?ck Signed-off-by: Werner Koch diff --git a/g10/free-packet.c b/g10/free-packet.c index 99e7404..49d54f4 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -31,6 +31,20 @@ #include "options.h" +/* This is mpi_copy with a fix for opaque MPIs which store a NULL + pointer. This will also be fixed in Libggcrypt 1.7.0. */ +static gcry_mpi_t +my_mpi_copy (gcry_mpi_t a) +{ + if (a + && gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE) + && !gcry_mpi_get_opaque (a, NULL)) + return NULL; + + return gcry_mpi_copy (a); +} + + void free_symkey_enc( PKT_symkey_enc *enc ) { @@ -190,11 +204,11 @@ copy_public_key (PKT_public_key *d, PKT_public_key *s) n = pubkey_get_npkey (s->pubkey_algo); i = 0; if (!n) - d->pkey[i++] = mpi_copy (s->pkey[0]); + d->pkey[i++] = my_mpi_copy (s->pkey[0]); else { for (; i < n; i++ ) - d->pkey[i] = mpi_copy( s->pkey[i] ); + d->pkey[i] = my_mpi_copy (s->pkey[i]); } for (; i < PUBKEY_MAX_NSKEY; i++) d->pkey[i] = NULL; @@ -237,10 +251,10 @@ copy_signature( PKT_signature *d, PKT_signature *s ) memcpy( d, s, sizeof *d ); n = pubkey_get_nsig( s->pubkey_algo ); if( !n ) - d->data[0] = mpi_copy(s->data[0]); + d->data[0] = my_mpi_copy(s->data[0]); else { for(i=0; i < n; i++ ) - d->data[i] = mpi_copy( s->data[i] ); + d->data[i] = my_mpi_copy( s->data[i] ); } d->pka_info = s->pka_info? cp_pka_info (s->pka_info) : NULL; d->hashed = cp_subpktarea (s->hashed); ----------------------------------------------------------------------- Summary of changes: g10/free-packet.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Apr 13 18:35:09 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 13 Apr 2015 18:35:09 +0200 Subject: [git] gnupg-doc - branch, master, updated. 4f0218d1ed51e25c8e8cef193a231ba45fda03a4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 4f0218d1ed51e25c8e8cef193a231ba45fda03a4 (commit) via 31028720370f027e118d261ec5229a80ee77d494 (commit) from 77d707ec8587c9684e9b1897607020fb02d9ea2b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4f0218d1ed51e25c8e8cef193a231ba45fda03a4 Author: Werner Koch Date: Mon Apr 13 18:29:51 2015 +0200 swdb: adns 1.4-g10-6 and gpgme-1.5.4 diff --git a/web/swdb.mac b/web/swdb.mac index 4cea27c..917f1b9 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -124,8 +124,8 @@ # # ADNS # -#+macro: adns_ver 1.4-g10-5 -#+macro: adns_sha1 aecd6213118f01aa38f535dc3bafc31b1e7c1c21 +#+macro: adns_ver 1.4-g10-6 +#+macro: adns_sha1 cc124d58828ab1d6fa7df49aaeb37985c5225de5 # commit 31028720370f027e118d261ec5229a80ee77d494 Author: Werner Koch Date: Sat Apr 11 14:40:38 2015 +0200 swdb: gnupg 2.1.3, npth 1.2, libksba 1.3.2, libgpg-error 1.19 diff --git a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org index 9d7b471..f06cdad 100644 --- a/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org +++ b/misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org @@ -3,7 +3,7 @@ #+AUTHOR: Sam Tuke #+DATE: 20th December 2013 - English | [[http://www.framablog.org/index.php/post/2013/12/20/gnupg-16-ans][French / Fran?ais]] | [[file:20131220-gnupg-turned-0x10.ph.org][Filipino]] | [[http://metahumano.org/log/16-anos-de-proteccion-de-la-privacidad/][Spanish / Espa?ol]] + English | [[http://www.framablog.org/index.php/post/2013/12/20/gnupg-16-ans][French / Fran?ais]] | [[file:20131220-gnupg-turned-0x10.ph.org][Filipino]] | [[http://metahumano.org/log/16-anos-de-proteccion-de-la-privacidad/][Spanish / Espa?ol]] | [[http://gnupg.hclippr.com/16th-announce.html][Japanese]] *** 16 Years of protecting privacy diff --git a/web/index.org b/web/index.org index d62593c..64ed27a 100644 --- a/web/index.org +++ b/web/index.org @@ -65,6 +65,11 @@ The latest release news:\\ # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.1.4 released (2015-04-11) + +This is another release of the /modern/ branch of GnuPG. It fixes +a lot of bugs. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q2/000365.html][anouncement mail]]. + ** GnuPG 1.4.19 released (2015-02-27) :important: GnuPG 1.4.19 is now available. This release mitigates two new of side diff --git a/web/swdb.mac b/web/swdb.mac index dd08436..4cea27c 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -17,10 +17,10 @@ # # GnuPG-2.1 # -#+macro: gnupg21_ver 2.1.2 +#+macro: gnupg21_ver 2.1.3 #+macro: gnupg21_branch master -#+macro: gnupg21_size 4720k -#+macro: gnupg21_sha1 7e972cb9af47d9b8ce164dcf37fc4f32634d6cd6 +#+macro: gnupg21_size 4762k +#+macro: gnupg21_sha1 091e69ec1ce3f0032e6b135e4da561e8d46d20a7 # #+macro: gnupg21_w32_ver 2.1.1_20141216 #+macro: gnupg21_w32_size 6364k @@ -78,9 +78,9 @@ # # LIBKSBA # -#+macro: libksba_ver 1.3.2 -#+macro: libksba_size 587k -#+macro: libksba_sha1 37d0893a587354af2b6e49f6ae701ca84f52da67 +#+macro: libksba_ver 1.3.3 +#+macro: libksba_size 604k +#+macro: libksba_sha1 86fe0436f3c8c394d32e142ee410a9f9560173fb # @@ -93,10 +93,10 @@ # # LIBGPG-ERROR -# -#+macro: libgpg_error_ver 1.18 -#+macro: libgpg_error_size 702k -#+macro: libgpg_error_sha1 7ba54f939da023af8f5b3e7a421a32eb742909c4 + +#+macro: libgpg_error_ver 1.19 +#+macro: libgpg_error_size 744k +#+macro: libgpg_error_sha1 4997951ab058788de48b989013668eb3df1e6939 # @@ -110,8 +110,8 @@ # # nPth # -#+macro: npth_ver 1.1 -#+macro: npth_sha1 597ce74402e5790553a6273130b214d7ddd0b05d +#+macro: npth_ver 1.2 +#+macro: npth_sha1 3bfa2a2d7521d6481850e8a611efe5bf5ed75200 # ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20131220-gnupg-turned-0x10.org | 2 +- web/index.org | 5 ++++ web/swdb.mac | 28 +++++++++++----------- 3 files changed, 20 insertions(+), 15 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 14 07:24:11 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 14 Apr 2015 07:24:11 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-6-g971d558 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 971d558e862db878a7310e06ed7116dbe36886ab (commit) from 25fce93ba19d997e234a674d5cc98df82c5b5496 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 971d558e862db878a7310e06ed7116dbe36886ab Author: NIIBE Yutaka Date: Tue Apr 14 14:17:03 2015 +0900 scd: better handling of extended APDU. * scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0. * scd/app-common.h (struct app_ctx_s): Use bit fields for flags. * scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard. (struct ccid_driver_s): New field of max_ccid_msglen. Remove ifsd field. (parse_ccid_descriptor): Initialize max_ccid_msglen. (ccid_transceive_apdu_level): Implement sending extended APDU in chain of CCID message. -- With this patch, we won't need PC/SC library/service any more. GnuPG-bug-id: 1947 diff --git a/scd/apdu.c b/scd/apdu.c index 53cc4b9..f6cca8c 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -3806,9 +3806,9 @@ send_le (int slot, int class, int ins, int p0, int p1, apdu[apdulen++] = ins; apdu[apdulen++] = p0; apdu[apdulen++] = p1; - apdu[apdulen++] = 0; /* Z byte: Extended length marker. */ - if (lc >= 0) + if (lc > 0) { + apdu[apdulen++] = 0; /* Z byte: Extended length marker. */ apdu[apdulen++] = ((lc >> 8) & 0xff); apdu[apdulen++] = (lc & 0xff); memcpy (apdu+apdulen, data, lc); @@ -3817,6 +3817,8 @@ send_le (int slot, int class, int ins, int p0, int p1, } if (le != -1) { + if (lc <= 0) + apdu[apdulen++] = 0; /* Z byte: Extended length marker. */ apdu[apdulen++] = ((le >> 8) & 0xff); apdu[apdulen++] = (le & 0xff); } diff --git a/scd/app-common.h b/scd/app-common.h index 50046a4..379bcd1 100644 --- a/scd/app-common.h +++ b/scd/app-common.h @@ -67,10 +67,10 @@ struct app_ctx_s { size_t serialnolen; /* Length in octets of serialnumber. */ const char *apptype; unsigned int card_version; - int did_chv1; - int force_chv1; /* True if the card does not cache CHV1. */ - int did_chv2; - int did_chv3; + unsigned int did_chv1:1; + unsigned int force_chv1:1; /* True if the card does not cache CHV1. */ + unsigned int did_chv2:1; + unsigned int did_chv3:1; struct app_local_s *app_local; /* Local to the application. */ struct { void (*deinit) (app_t app); diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 1926f71..151b371 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -96,6 +96,16 @@ #define DRVNAME "ccid-driver: " +/* Max length of buffer with out CCID message header of 10-byte + Sending: 547 for RSA-4096 key import + APDU size = 540 (24+4+256+256) + commnd + lc + le = 4 + 3 + 0 + Sending: write data object of cardholder certificate + APDU size = 2048 + commnd + lc + le = 4 + 3 + 0 + Receiving: 2048 for cardholder certificate +*/ +#define CCID_MAX_BUF (2048+7+10) /* Depending on how this source is used we either define our error output to go to stderr or to the jnlib based logging functions. We @@ -242,7 +252,7 @@ struct ccid_driver_s unsigned char t1_nr; unsigned char nonnull_nad; int max_ifsd; - int ifsd; + int max_ccid_msglen; int ifsc; unsigned char apdu_level:2; /* Reader supports short APDU level exchange. With a value of 2 short @@ -711,7 +721,7 @@ prepare_special_transport (ccid_driver_t handle) handle->nonnull_nad = 0; handle->auto_ifsd = 0; handle->max_ifsd = 32; - handle->ifsd = 0; + handle->max_ccid_msglen = CCID_MAX_BUF; handle->has_pinpad = 0; handle->apdu_level = 0; switch (handle->id_product) @@ -743,7 +753,6 @@ parse_ccid_descriptor (ccid_driver_t handle, handle->nonnull_nad = 0; handle->auto_ifsd = 0; handle->max_ifsd = 32; - handle->ifsd = 0; handle->has_pinpad = 0; handle->apdu_level = 0; handle->auto_voltage = 0; @@ -884,6 +893,7 @@ parse_ccid_descriptor (ccid_driver_t handle, us = convert_le_u32(buf+44); DEBUGOUT_1 (" dwMaxCCIDMsgLen %5u\n", us); + handle->max_ccid_msglen = us; DEBUGOUT ( " bClassGetResponse "); if (buf[48] == 0xff) @@ -2794,109 +2804,101 @@ is_exlen_apdu (const unsigned char *apdu, size_t apdulen) /* Helper for ccid_transceive used for APDU level exchanges. */ static int ccid_transceive_apdu_level (ccid_driver_t handle, - const unsigned char *apdu_buf, size_t apdu_buflen, + const unsigned char *apdu_buf, size_t apdu_len, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; - unsigned char send_buffer[10+261+300], recv_buffer[10+261+300]; - const unsigned char *apdu; - size_t apdulen; - unsigned char *msg; + unsigned char msg[CCID_MAX_BUF]; + const unsigned char *apdu_p; + size_t apdu_part_len; size_t msglen; unsigned char seqno; int bwi = 4; + unsigned char chain = 0; - msg = send_buffer; + if (apdu_len == 0 || apdu_len > sizeof (msg) - 10) + return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */ - apdu = apdu_buf; - apdulen = apdu_buflen; - assert (apdulen); + apdu_p = apdu_buf; + while (1) + { + apdu_part_len = apdu_len; + if (apdu_part_len > handle->max_ccid_msglen - 10) + { + apdu_part_len = handle->max_ccid_msglen - 10; + chain |= 0x01; + } - /* The maximum length for a short APDU T=1 block is 261. For an - extended APDU T=1 block the maximum length 65544; however - extended APDU exchange level is not fully supported yet. */ - if (apdulen > sizeof (send_buffer) - 10) - return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */ + msg[0] = PC_to_RDR_XfrBlock; + msg[5] = 0; /* slot */ + msg[6] = seqno = handle->seqno++; + msg[7] = bwi; + msg[8] = chain; + msg[9] = 0; + memcpy (msg+10, apdu_p, apdu_part_len); + set_msg_len (msg, apdu_part_len); + msglen = 10 + apdu_part_len; - msg[0] = PC_to_RDR_XfrBlock; - msg[5] = 0; /* slot */ - msg[6] = seqno = handle->seqno++; - msg[7] = bwi; /* bBWI */ - msg[8] = 0; /* RFU */ - msg[9] = 0; /* RFU */ - memcpy (msg+10, apdu, apdulen); - set_msg_len (msg, apdulen); - msglen = 10 + apdulen; + rc = bulk_out (handle, msg, msglen, 0); + if (rc) + return rc; - rc = bulk_out (handle, msg, msglen, 0); - if (rc) - return rc; + apdu_p += apdu_part_len; + apdu_len -= apdu_part_len; - msg = recv_buffer; - rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, - RDR_to_PC_DataBlock, seqno, 5000, 0); - if (rc) - return rc; + rc = bulk_in (handle, msg, sizeof msg, &msglen, + RDR_to_PC_DataBlock, seqno, 5000, 0); + if (rc) + return rc; + + if (!(chain & 0x01)) + break; - if (msg[9] == 1) + chain = 0x02; + } + + apdu_len = 0; + while (1) { - size_t total_msglen = msglen; + apdu_part_len = msglen - 10; + if (resp && apdu_len + apdu_part_len <= maxresplen) + memcpy (resp + apdu_len, msg+10, apdu_part_len); + apdu_len += apdu_part_len; - while (1) - { - unsigned char status; + if (!(msg[9] & 0x01)) + break; - msg = recv_buffer + total_msglen; + msg[0] = PC_to_RDR_XfrBlock; + msg[5] = 0; /* slot */ + msg[6] = seqno = handle->seqno++; + msg[7] = bwi; + msg[8] = 0x10; /* Request next data block */ + msg[9] = 0; + set_msg_len (msg, 0); + msglen = 10; - msg[0] = PC_to_RDR_XfrBlock; - msg[5] = 0; /* slot */ - msg[6] = seqno = handle->seqno++; - msg[7] = bwi; /* bBWI */ - msg[8] = 0x10; /* Request next data block */ - msg[9] = 0; - set_msg_len (msg, 0); - msglen = 10; - - rc = bulk_out (handle, msg, msglen, 0); - if (rc) - return rc; - - rc = bulk_in (handle, msg, sizeof recv_buffer - total_msglen, &msglen, - RDR_to_PC_DataBlock, seqno, 5000, 0); - if (rc) - return rc; - status = msg[9]; - memmove (msg, msg+10, msglen - 10); - total_msglen += msglen - 10; - if (total_msglen >= sizeof recv_buffer) - return CCID_DRIVER_ERR_OUT_OF_CORE; - - if (status == 0x02) - break; - } + rc = bulk_out (handle, msg, msglen, 0); + if (rc) + return rc; - apdu = recv_buffer + 10; - apdulen = total_msglen - 10; - } - else - { - apdu = msg + 10; - apdulen = msglen - 10; + rc = bulk_in (handle, msg, sizeof msg, &msglen, + RDR_to_PC_DataBlock, seqno, 5000, 0); + if (rc) + return rc; } if (resp) { - if (apdulen > maxresplen) + if (apdu_len > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", - (unsigned int)apdulen, (unsigned int)maxresplen); + (unsigned int)apdu_len, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } - memcpy (resp, apdu, apdulen); - *nresp = apdulen; + *nresp = apdu_len; } return 0; ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 6 ++- scd/app-common.h | 8 +-- scd/ccid-driver.c | 156 +++++++++++++++++++++++++++--------------------------- 3 files changed, 87 insertions(+), 83 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 14 09:38:23 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 14 Apr 2015 09:38:23 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.19-2-g4171d61 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 4171d61a97d9628532db84b590a9c135f360fa90 (commit) from e906a33f5f4b02019faa83e882fffa8df3b14d49 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4171d61a97d9628532db84b590a9c135f360fa90 Author: NIIBE Yutaka Date: Tue Apr 14 16:38:13 2015 +0900 po: Update Japanese translation. diff --git a/po/ja.po b/po/ja.po index e86ea2b..80820e8 100644 --- a/po/ja.po +++ b/po/ja.po @@ -1,14 +1,14 @@ # Japanese messages for GnuPG libgpg-error -# Copyright (C) 2010, 2012, 2014 Free Software Foundation, Inc. +# Copyright (C) 2010, 2012, 2014, 2015 Free Software Foundation, Inc. # This file is distributed under the same license as the libgpg-error package. # Yasuaki Taniguchi , 2010. # Takeshi Hamasaki , 2012. -# NIIBE Yutaka , 2014. +# NIIBE Yutaka , 2014, 2015. msgid "" msgstr "" -"Project-Id-Version: libgpg-error 1.17\n" +"Project-Id-Version: libgpg-error 1.19\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-11-18 10:03+0900\n" +"PO-Revision-Date: 2015-04-14 16:35+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -90,7 +90,7 @@ msgid "Success" msgstr "????" msgid "General error" -msgstr "?????????" +msgstr "???????" msgid "Unknown packet" msgstr "?????????" @@ -330,7 +330,7 @@ msgid "Unspecific Assuan server fault" msgstr "???? Assuan ???????" msgid "General Assuan error" -msgstr "???? Assuan ?????" +msgstr "??Assuan ?????" msgid "Invalid session key" msgstr "???????????" @@ -729,20 +729,16 @@ msgid "Bad octal character in S-expression" msgstr "S??????8???????????" msgid "Legacy key" -msgstr "" +msgstr "??????" -#, fuzzy -#| msgid "Buffer too short" msgid "Request too short" -msgstr "??????????" +msgstr "???????????" -#, fuzzy -#| msgid "Line too long" msgid "Request too long" -msgstr "???????" +msgstr "???????????" msgid "Object is in termination state" -msgstr "" +msgstr "?????????????" msgid "No certificate chain" msgstr "???????????" @@ -820,7 +816,7 @@ msgid "Bogus string" msgstr "?????????" msgid "Forbidden" -msgstr "" +msgstr "??" msgid "Key disabled" msgstr "??????????" @@ -832,16 +828,16 @@ msgid "Invalid lock object" msgstr "???????????????" msgid "General IPC error" -msgstr "????IPC?????" +msgstr "??IPC?????" msgid "IPC accept call failed" -msgstr "IPC accept ???????" +msgstr "IPC accept???????" msgid "IPC connect call failed" -msgstr "IPC connect ???????????" +msgstr "IPC connect???????????" msgid "Invalid IPC response" -msgstr "??? IPC ????" +msgstr "???IPC????" msgid "Invalid value passed to IPC" msgstr "?????IPC???????" @@ -856,409 +852,295 @@ msgid "Nested IPC commands" msgstr "IPC???????????????" msgid "No data callback in IPC" -msgstr "IPC ?????????????????" +msgstr "IPC?????????????????" msgid "No inquire callback in IPC" msgstr "IPC??????????????????" msgid "Not an IPC server" -msgstr "IPC ??????????" +msgstr "IPC??????????" msgid "Not an IPC client" -msgstr "IPC ?????????????" +msgstr "IPC?????????????" msgid "Problem starting IPC server" msgstr "IPC????????????????" msgid "IPC read error" -msgstr "IPC ???????" +msgstr "IPC???????" msgid "IPC write error" -msgstr "IPC ???????" +msgstr "IPC???????" msgid "Too much data for IPC layer" -msgstr "IPC ?????????????" +msgstr "IPC?????????????" msgid "Unexpected IPC command" -msgstr "????? IPC ??????" +msgstr "?????IPC??????" msgid "Unknown IPC command" -msgstr "??? IPC ??????" +msgstr "???IPC??????" msgid "IPC syntax error" -msgstr "IPC ???????" +msgstr "IPC???????" msgid "IPC call has been cancelled" -msgstr "IPC ???????????????" +msgstr "IPC???????????????" msgid "No input source for IPC" -msgstr "IPC ???????????????" +msgstr "IPC???????????????" msgid "No output source for IPC" -msgstr "IPC ???????????????" +msgstr "IPC???????????????" msgid "IPC parameter error" -msgstr "IPC ??????????" +msgstr "IPC??????????" msgid "Unknown IPC inquire" -msgstr "??? IPC ???????" +msgstr "???IPC???????" -#, fuzzy -#| msgid "General IPC error" msgid "General LDAP error" -msgstr "????IPC?????" +msgstr "??LDAP?????" -#, fuzzy -#| msgid "General error" msgid "General LDAP attribute error" -msgstr "?????????" +msgstr "??LDAP???????" -#, fuzzy -#| msgid "General error" msgid "General LDAP name error" -msgstr "?????????" +msgstr "??LDAP?????" -#, fuzzy -#| msgid "General Assuan error" msgid "General LDAP security error" -msgstr "???? Assuan ?????" +msgstr "??Assuan?????" -#, fuzzy -#| msgid "General error" msgid "General LDAP service error" -msgstr "?????????" +msgstr "??LDAP????????" -#, fuzzy -#| msgid "General Assuan error" msgid "General LDAP update error" -msgstr "???? Assuan ?????" +msgstr "??LDAP???????" msgid "Experimental LDAP error code" -msgstr "" +msgstr "???LDAP??????" -#, fuzzy -#| msgid "IPC write error" msgid "Private LDAP error code" -msgstr "IPC ???????" +msgstr "??????LDAP??????" -#, fuzzy -#| msgid "General IPC error" msgid "Other general LDAP error" -msgstr "????IPC?????" +msgstr "??????LDAP?????" -#, fuzzy -#| msgid "IPC connect call failed" msgid "LDAP connecting failed (X)" -msgstr "IPC connect ???????????" +msgstr "LDAP????????? (X)" -#, fuzzy -#| msgid "General error" msgid "LDAP referral limit exceeded" -msgstr "?????????" +msgstr "LDAP??????????" msgid "LDAP client loop" -msgstr "" +msgstr "LDAP??????????" -#, fuzzy -#| msgid "Card reset required" msgid "No LDAP results returned" -msgstr "????????????" +msgstr "LDAP?????????????" -#, fuzzy -#| msgid "Element not found" msgid "LDAP control not found" -msgstr "?????????????" +msgstr "LDAP?????????????" -#, fuzzy -#| msgid "Not supported" msgid "Not supported by LDAP" -msgstr "???????????" +msgstr "LDAP????????????" -#, fuzzy -#| msgid "Unexpected error" msgid "LDAP connect error" -msgstr "??????????" +msgstr "LDAP connect?????" msgid "Out of memory in LDAP" -msgstr "" +msgstr "LDAP????????????" msgid "Bad parameter to an LDAP routine" -msgstr "" +msgstr "LDAP??????????????????" -#, fuzzy -#| msgid "Unsupported operation" msgid "User cancelled LDAP operation" -msgstr "??????????????" +msgstr "????LDAP????????????" -#, fuzzy -#| msgid "Bad certificate" msgid "Bad LDAP search filter" -msgstr "????????" +msgstr "???LDAP????????" -#, fuzzy -#| msgid "Unknown extension" msgid "Unknown LDAP authentication method" -msgstr "??????" +msgstr "???LDAP??????" -#, fuzzy -#| msgid "Timeout" msgid "Timeout in LDAP" -msgstr "????????" +msgstr "LDAP?????????" -#, fuzzy -#| msgid "dirmngr error" msgid "LDAP decoding error" -msgstr "dirmngr ????" +msgstr "LDAP????????" -#, fuzzy -#| msgid "dirmngr error" msgid "LDAP encoding error" -msgstr "dirmngr ????" +msgstr "LDAP?????????" -#, fuzzy -#| msgid "IPC read error" msgid "LDAP local error" -msgstr "IPC ???????" +msgstr "LDAP???????" -#, fuzzy -#| msgid "Not an IPC server" msgid "Cannot contact LDAP server" -msgstr "IPC ??????????" +msgstr "LDAP???????????" -#, fuzzy -#| msgid "Success" msgid "LDAP success" -msgstr "????" +msgstr "LDAP????" -#, fuzzy -#| msgid "Configuration error" msgid "LDAP operations error" -msgstr "????????" +msgstr "LDAP???????" -#, fuzzy -#| msgid "Protocol violation" msgid "LDAP protocol error" -msgstr "???????" +msgstr "LDAP???????" msgid "Time limit exceeded in LDAP" -msgstr "" +msgstr "LDAP???????????" msgid "Size limit exceeded in LDAP" -msgstr "" +msgstr "LDAP????????????" msgid "LDAP compare false" -msgstr "" +msgstr "LDAP?? ?" msgid "LDAP compare true" -msgstr "" +msgstr "LDAP?? ?" -#, fuzzy -#| msgid "Unknown extension" msgid "LDAP authentication method not supported" -msgstr "??????" +msgstr "LDAP??????????????" msgid "Strong(er) LDAP authentication required" -msgstr "" +msgstr "??LDAP???????" -#, fuzzy -#| msgid "Fatal alert message received" msgid "Partial LDAP results+referral received" -msgstr "??????????????????" +msgstr "???LDAP??/?????????" -#, fuzzy -#| msgid "General error" msgid "LDAP referral" -msgstr "?????????" +msgstr "LDAP??" msgid "Administrative LDAP limit exceeded" -msgstr "" +msgstr "??LDAP????????" msgid "Critical LDAP extension is unavailable" -msgstr "" +msgstr "???????LDAP??????????????" -#, fuzzy -#| msgid "Card reset required" msgid "Confidentiality required by LDAP" -msgstr "????????????" +msgstr "LDAP???????????" msgid "LDAP SASL bind in progress" -msgstr "" +msgstr "LDAP SASL???????????" msgid "No such LDAP attribute" -msgstr "" +msgstr "?????LDAP????????" -#, fuzzy -#| msgid "Invalid attribute" msgid "Undefined LDAP attribute type" -msgstr "???????" +msgstr "????LDAP?????" -#, fuzzy -#| msgid "Unsupported protection" msgid "Inappropriate matching in LDAP" -msgstr "??????????????" +msgstr "LDAP????????????" -#, fuzzy -#| msgid "Protocol violation" msgid "Constraint violation in LDAP" -msgstr "???????" +msgstr "LDAP??????" msgid "LDAP type or value exists" -msgstr "" +msgstr "LDAP????????????" -#, fuzzy -#| msgid "Invalid state" msgid "Invalid syntax in LDAP" -msgstr "???????" +msgstr "LDAP????????" -#, fuzzy -#| msgid "No CMS object" msgid "No such LDAP object" -msgstr "CMS ?????????????" +msgstr "?????LDAP????????????" -#, fuzzy -#| msgid "Hardware problem" msgid "LDAP alias problem" -msgstr "???????????" +msgstr "LDAP??????????" -#, fuzzy -#| msgid "Invalid state" msgid "Invalid DN syntax in LDAP" -msgstr "???????" +msgstr "LDAP????DN??????" msgid "LDAP entry is a leaf" -msgstr "" +msgstr "LDAP??????????" -#, fuzzy -#| msgid "Encoding problem" msgid "LDAP alias dereferencing problem" -msgstr "???????????" +msgstr "LDAP?????????????????" msgid "LDAP proxy authorization failure (X)" -msgstr "" +msgstr "LDAP???????????(X)" -#, fuzzy -#| msgid "Unsupported protection" msgid "Inappropriate LDAP authentication" -msgstr "??????????????" +msgstr "????LDAP????" -#, fuzzy -#| msgid "Invalid card" msgid "Invalid LDAP credentials" -msgstr "????????" +msgstr "???LDAP?????????" msgid "Insufficient access for LDAP" -msgstr "" +msgstr "LDAP???????????" msgid "LDAP server is busy" -msgstr "" +msgstr "LDAP?????????" -#, fuzzy -#| msgid "No keyserver available" msgid "LDAP server is unavailable" -msgstr "?????????????????" +msgstr "LDAP???????????????" msgid "LDAP server is unwilling to perform" -msgstr "" +msgstr "LDAP????????????????" msgid "Loop detected by LDAP" -msgstr "" +msgstr "LDAP????????????" -#, fuzzy -#| msgid "Missing action" msgid "LDAP naming violation" -msgstr "?????????????" +msgstr "LDAP??????" -#, fuzzy -#| msgid "Protocol violation" msgid "LDAP object class violation" -msgstr "???????" +msgstr "LDAP?????????????" -#, fuzzy -#| msgid "Operation not yet finished" msgid "LDAP operation not allowed on non-leaf" -msgstr "?????????????" +msgstr "LDAP???????????????" -#, fuzzy -#| msgid "Operation cancelled" msgid "LDAP operation not allowed on RDN" -msgstr "?????????????" +msgstr "LDAP???RDN????????" msgid "Already exists (LDAP)" -msgstr "" +msgstr "??????? (LDAP)" msgid "Cannot modify LDAP object class" -msgstr "" +msgstr "LDAP??????????????????" -#, fuzzy -#| msgid "Line too long" msgid "LDAP results too large" -msgstr "???????" +msgstr "LDAP?????????" -#, fuzzy -#| msgid "Operation cancelled" msgid "LDAP operation affects multiple DSAs" -msgstr "?????????????" +msgstr "LDAP??????DSA??????" msgid "Virtual LDAP list view error" -msgstr "" +msgstr "?????LDAP???view???" -#, fuzzy -#| msgid "General IPC error" msgid "Other LDAP error" -msgstr "????IPC?????" +msgstr "????LDAP?????" -#, fuzzy -#| msgid "Resources exhausted" msgid "Resources exhausted in LCUP" -msgstr "???????????" +msgstr "LCUP????????????" -#, fuzzy -#| msgid "Protocol violation" msgid "Security violation in LCUP" -msgstr "???????" +msgstr "LCUP?????????" -#, fuzzy -#| msgid "Invalid state" msgid "Invalid data in LCUP" -msgstr "???????" +msgstr "LCUP?????????" -#, fuzzy -#| msgid "Unsupported certificate" msgid "Unsupported scheme in LCUP" -msgstr "???????????????" +msgstr "LCUP?????????????????" -#, fuzzy -#| msgid "Card reset required" msgid "Reload required in LCUP" -msgstr "????????????" +msgstr "LCUP??????????" -#, fuzzy -#| msgid "Success" msgid "LDAP cancelled" -msgstr "????" +msgstr "LDAP???????????" -#, fuzzy -#| msgid "Not operational" msgid "No LDAP operation to cancel" -msgstr "???????" +msgstr "???????LDAP????????" -#, fuzzy -#| msgid "Not operational" msgid "Too late to cancel LDAP" -msgstr "???????" +msgstr "LDAP???????????????" -#, fuzzy -#| msgid "Not an IPC server" msgid "Cannot cancel LDAP" -msgstr "IPC ??????????" +msgstr "LDAP???????????" -#, fuzzy -#| msgid "Decryption failed" msgid "LDAP assertion failed" -msgstr "?????????" +msgstr "LDAP?????????????" msgid "Proxied authorization denied by LDAP" -msgstr "" +msgstr "LDAP????????????????" msgid "User defined error code 1" msgstr "??????????? 1" @@ -1327,28 +1209,3 @@ msgstr "???: %s GPG-ERROR [...]\n" #, c-format msgid "%s: warning: could not recognize %s\n" msgstr "%s: ??: %s ???????????\n" - -#, fuzzy -#~| msgid "Resources exhausted" -#~ msgid "LCUP Resources exhausted" -#~ msgstr "???????????" - -#, fuzzy -#~| msgid "Invalid data" -#~ msgid "LCUP Invalid data" -#~ msgstr "????????" - -#, fuzzy -#~| msgid "Decryption failed" -#~ msgid "Assertion failed in lDAP" -#~ msgstr "?????????" - -#, fuzzy -#~| msgid "General error" -#~ msgid "LDAP Other general error" -#~ msgstr "?????????" - -#, fuzzy -#~| msgid "dirmngr error" -#~ msgid "Encoding error" -#~ msgstr "dirmngr ????" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 363 +++++++++++++++++++-------------------------------------------- 1 file changed, 110 insertions(+), 253 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 14 15:25:29 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Apr 2015 15:25:29 +0200 Subject: [git] gnupg-doc - branch, master, updated. c688116d697686cdcdd5cdee4f10d10965ad7472 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c688116d697686cdcdd5cdee4f10d10965ad7472 (commit) via c0103b977e2a2e040cb05972fc2069d03fd4af0f (commit) from 4f0218d1ed51e25c8e8cef193a231ba45fda03a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c688116d697686cdcdd5cdee4f10d10965ad7472 Author: Werner Koch Date: Tue Apr 14 15:23:49 2015 +0200 web: Fix last release news entry. diff --git a/web/index.org b/web/index.org index 64ed27a..98fda69 100644 --- a/web/index.org +++ b/web/index.org @@ -65,7 +65,7 @@ The latest release news:\\ # point or paste the [[news.en.rss][RSS file]] into your aggregator. -** GnuPG 2.1.4 released (2015-04-11) +** GnuPG 2.1.3 released (2015-04-11) This is another release of the /modern/ branch of GnuPG. It fixes a lot of bugs. Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q2/000365.html][anouncement mail]]. diff --git a/web/swdb.mac b/web/swdb.mac index 917f1b9..acf6e8e 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -22,9 +22,9 @@ #+macro: gnupg21_size 4762k #+macro: gnupg21_sha1 091e69ec1ce3f0032e6b135e4da561e8d46d20a7 # -#+macro: gnupg21_w32_ver 2.1.1_20141216 -#+macro: gnupg21_w32_size 6364k -#+macro: gnupg21_w32_sha1 fb541b8685b78541c9b2fadb026787f535863b4a +#+macro: gnupg21_w32_ver 2.1.3_20150413 +#+macro: gnupg21_w32_size 2539k +#+macro: gnupg21_w32_sha1 d5630904b3d68eddc2730a00bfc67d52658cbe7e # @@ -61,10 +61,10 @@ # # GPGME # -#+macro: gpgme_ver 1.5.3 +#+macro: gpgme_ver 1.5.4 #+macro: gpgme_branch master -#+macro: gpgme_size 946k -#+macro: gpgme_sha1 8dd7711a4de117994fe2d45879ef8a9900d50f6a +#+macro: gpgme_size 953k +#+macro: gpgme_sha1 8cf1bcce8603bd7d006065f08059cf85462828c4 # commit c0103b977e2a2e040cb05972fc2069d03fd4af0f Author: Werner Koch Date: Tue Apr 14 15:23:03 2015 +0200 bugs.gnupg.org: Add used HTML files diff --git a/misc/bugs.gnupg.org/index.html b/misc/bugs.gnupg.org/index.html new file mode 100644 index 0000000..4b45f1a --- /dev/null +++ b/misc/bugs.gnupg.org/index.html @@ -0,0 +1,153 @@ + + +g10 Code's bug tracker + + + +

+ + +

Bug tracker for GnuPG and related projects

+ +

+ + +

Goto to the list of GnuPG related bugs. +

+ + +

Becoming a registered user

+To enter a bug into our bug tracker you need to be a registered user. +A registered user will be assigned a provisional user role +which allows to enter new bugs and to edit these bugs. The user +role will be granted by an administrator on demand. Just add +remark to your bug report that you wish to work more with the bug +tracker. We have these strict rules to avoid spam and keep trolls +away from the tracker. +

+Note that some actions (e.g. closing a bug) are even restricted from +regular users. A developer account is required for these actions. +The rationale is that only a developer will be able to fix things and +thus decides whether a bug is to be closed. A bug may be re-opened at +any time. + + +

How to add a new bug

+Please note that this bug tracker is a public resource and everything +you enter there will be available for the whole networked world. It +is similar to a public mailing list and there is no easy way to +retract any information. +

+You should follow these steps to enter a new bug (issue): +

Review the documentation and the mailing list archives to see + whether your problem has already been addressed. Often bugs are + mere configuration problems. +
+
Check that the bug has not yet been entered and that there is no + similar bug in the tracker. Use the search option for this. It + is best to also look through the already closed + (resolved) issue. +
+ +
Select the Create New menu entry. An empty page will be + presented. +
+ +
Come up with a meaningful short description of the bug and enter + this into the title field. +
+ +
Assign a priority for the bug. These priorities are + defined: +
+
+
bug
Use this for a regular bug. +
urgent
Use this if you believe that the problem should + be fixed soon. +
critical
Use this if your problem is really severe and inhibits + you from working with the software. Do not use it if you can + find a workaround for the problem. +
minor-bug
Use this for a minor bug +
feature
Use this for a technical feature requests. +
wish
Use this for everything else, for example to + request better documentation or a new FAQ entry. +
+
+ +
See whether you can assign category to the bug. There is a drop + down list with all available categories. A category is in + general the name of the application with the bug, but might also + be a library. If you can't figure out the category, keep it at + - no selection -. The dirmngr category is only + used for the old standalone package; since GnuPG 2.1 dirmngr + is part of GnuPG proper; thus use gnupg as category and + add dirmngr to the topic field. +
+ +
Now for the most important field: The description of the problem. + You enter this information into the Change Note field. + Please take care to use hard line breaks and format the report + as you would do by mail. No HTML please. +
+ Make sure that you describe the bug as good as possible and try + to come up with a minimal recipe on how to replicate the bug. We + need to know the version of the software and if + you are using a non-released version the GIT commit id. The type + and version of your operating system is usually important, so + please tell us. In particular tell us if you are problem occurs + on a non Unix system, i.e. MS Windows. +
+ +
If you need to enter more information, you may upload any kind of + file. However, please do this only if you are sure that these + information are important and that they do not contain + confidential data. This file will be public and it won't be + possible to retract it anymore. Avoid screen shots unless you + are asked for them. +
+ The problem with screen shots or, worse, screen casts is that we + would need to transcript them to text for evaluating the problem. + That takes away time we better spend solving the problem; it + is easy to help us by providing a transcription +
+ +
If you are sure that your bug is MS Windows specific, please + enter the string "w32" into the Topics field. You do + not need to do it if you select a Windows specific category (like + "gpgol"). +
+ +
If you want to refer to an external bug description (for example + a similar entry in Debian's bug tracker), enter the URL into the + ExtLink field. +
+ +
If everything is as you want it, select the Submit New + Entry button. This entry as well as all future changes will + also be mailed to you. +
+

+ + + + +

Contact information available at the g10 Code main pages. +

+Copyright (C) 2006 g10 Code GmbH, Erkrath-Hochdahl.
+Verbatim copying and distribution of this entire article is +permitted in any medium, provided this notice is preserved. +

+ + diff --git a/misc/bugs.gnupg.org/pagehead.png b/misc/bugs.gnupg.org/pagehead.png new file mode 100644 index 0000000..ec9b4d3 Binary files /dev/null and b/misc/bugs.gnupg.org/pagehead.png differ diff --git a/misc/bugs.gnupg.org/roundup-topics.html b/misc/bugs.gnupg.org/roundup-topics.html new file mode 100644 index 0000000..edf8b4a --- /dev/null +++ b/misc/bugs.gnupg.org/roundup-topics.html @@ -0,0 +1,106 @@ + + +g10 Code's bug tracker - Topics + + + +

+ + +

Topics used in the GnuPG tracker

+ +

+Roundup has a feature named "Topics" which allows to assign one or +more keywords to a certain bug ("issue" in Roundup parlance). These +keywords may for example be used in a search. As keywords are +usually short, there meaning and suggested usage ist not always +clear. This list shall help to make sensible use of the keywords. +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

Topics used in the GnuPG bug tracker
Name	Description
Keywords describing the location
agent	Related to the gpg-agent
keyserver	Keyserver or keyserver protocol + related +
scd	Related to the scd-daemon or general + smart card access problem +
pinentry	Related to the Pinentry
ssh	Related to gpg-agent's ssh-agent + implementation +
gpgtar	Related to gpgtar
iobuf	Related to gpg's iobuf mechanism
openpgp	OpenPGP protocol
smime	S/MIME (CMS, X.509) protocol
gpg4win	Related to the Gpg4win installer
uiserver	Related to the UI-Server (cf. gpg4win)
doc	Related to documentation
gpg14	Related to GnuPG 1.4.
gpg20	Related to GnuPG 2.0.
gpg21	Related to GnuPG 2.1.
i18n	Related to internationalization
ipc	Related to inter process communication
npth	Related to nPth
Keywords describing the environment
asm	Problem with low-level assembler code +
cross	Bug pertaining to cross-compiling
osx	Mac OS/X specific problem
w32	MS Windows specific problem
w64	MS Windows 64 bit specific problem
Keywords describing the action taken
backport	This needs to be ported to older branches. +
forwardport	This needs to be ported to newer branches. +
faq	This should be made an entry into the + FAQ or is already answered there. +
patch	Patch included
noinfo	Not enough information given
notdup	Problem duplicating the bug
dup	A similar bug report already exists
nobug	This is not a bug (maybe even a feature). + Note that there is also a category of + the same name. +
tooold	The report is too old. Spending time + on it is not justified. +
wontfix	The bug will not be fixed.
mistaken	Empty report or unrelated to GnuPG.
endoflife	Software version has reached EOL status.

+ + +

Contact information available at the g10 Code main pages. +

+Copyright (C) 2006 g10 Code GmbH, Erkrath-Hochdahl.
+Verbatim copying and distribution of this entire article is +permitted in any medium, provided this notice is preserved. +

+ + diff --git a/misc/bugs.gnupg.org/upload b/misc/bugs.gnupg.org/upload new file mode 100755 index 0000000..1927599 --- /dev/null +++ b/misc/bugs.gnupg.org/upload @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +user=$USER +host=kerckhoffs.g10code.com + +if [ "$(pwd | awk -F/ '{print $NF}')" != "bugs.gnupg.org" ]; then + echo "upload: not invoked from the bugs.gnupg.org directory" >&2; + exit 1 +fi + +rsync -vr --links --exclude '*~' --exclude upload \ + . ${user}@${host}:/var/www/all/bugs.gnupg.org/htdocs/ + +#eof ----------------------------------------------------------------------- Summary of changes: misc/bugs.gnupg.org/index.html | 153 ++++++++++++++++++++++++++++++++ misc/bugs.gnupg.org/pagehead.png | Bin 0 -> 2635 bytes misc/bugs.gnupg.org/roundup-topics.html | 106 ++++++++++++++++++++++ misc/bugs.gnupg.org/upload | 16 ++++ web/index.org | 2 +- web/swdb.mac | 12 +-- 6 files changed, 282 insertions(+), 7 deletions(-) create mode 100644 misc/bugs.gnupg.org/index.html create mode 100644 misc/bugs.gnupg.org/pagehead.png create mode 100644 misc/bugs.gnupg.org/roundup-topics.html create mode 100755 misc/bugs.gnupg.org/upload hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 14 18:39:03 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Apr 2015 18:39:03 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-2-g2bffbbf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 2bffbbff09177afb75ad667d949eed2a8cb846ea (commit) from d4a9144d12e6988e8ec5f20a7d2d4c87c1966161 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2bffbbff09177afb75ad667d949eed2a8cb846ea Author: Werner Koch Date: Tue Apr 14 18:37:07 2015 +0200 Add stub command SETKEYINFO. * pinentry/pinentry.c (cmd_setkeyinfo): New. (register_commands): Addd command. Signed-off-by: Werner Koch diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index e648695..04de1aa 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -771,6 +771,18 @@ cmd_setprompt (ASSUAN_CONTEXT ctx, char *line) } +/* The data provided at LINE may be used by pinentry implementations + to identify a key for caching strategies of its own. As of now + this is here only for documentation purposes. */ +static int +cmd_setkeyinfo (ASSUAN_CONTEXT ctx, char *line) +{ + (void)ctx; + (void)line; + return 0; +} + + static int cmd_setrepeat (ASSUAN_CONTEXT ctx, char *line) { @@ -1111,6 +1123,7 @@ register_commands (ASSUAN_CONTEXT ctx) { { "SETDESC", 0, cmd_setdesc }, { "SETPROMPT", 0, cmd_setprompt }, + { "SETKEYINFO", 0, cmd_setkeyinfo }, { "SETREPEAT", 0, cmd_setrepeat }, { "SETREPEATERROR",0, cmd_setrepeaterror }, { "SETERROR", 0, cmd_seterror }, ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 14 18:43:34 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 14 Apr 2015 18:43:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-7-g2180845 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2180845959839705200e3172dbafc94b70b9007f (commit) from 971d558e862db878a7310e06ed7116dbe36886ab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2180845959839705200e3172dbafc94b70b9007f Author: Werner Koch Date: Tue Apr 14 18:41:05 2015 +0200 agent: Send the new SETKEYINFO command to the Pinentry. * agent/call-pinentry.c (agent_askpin): Add args keyinfo and cache_mode. Change all callers to pass (NULL,0) for them. Send SETKEYINFO command. * agent/findkey.c (unprotect): Pass the keygrip and the cache_mode for the new args. Signed-off-by: Werner Koch diff --git a/agent/agent.h b/agent/agent.h index 30d0ffb..2a2658d 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -354,7 +354,8 @@ int pinentry_active_p (ctrl_t ctrl, int waitseconds); int agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *inital_errtext, - struct pin_entry_info_s *pininfo); + struct pin_entry_info_s *pininfo, + const char *keyinfo, cache_mode_t cache_mode); int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, const char *errtext, int with_qualitybar); diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 6db429c..d3a0547 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -737,12 +737,14 @@ close_button_status_cb (void *opaque, const char *line) /* Call the Entry and ask for the PIN. We do check for a valid PIN number here and repeat it as long as we have invalid formed - numbers. */ + numbers. KEYINFO and CACHEMODE are used to tell pinentry something + about the key. */ int agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *initial_errtext, - struct pin_entry_info_s *pininfo) + struct pin_entry_info_s *pininfo, + const char *keyinfo, cache_mode_t cache_mode) { int rc; char line[ASSUAN_LINELENGTH]; @@ -802,6 +804,24 @@ agent_askpin (ctrl_t ctrl, if (rc) return rc; + /* If we have a KYEINFO string and are normal, user, or ssh cache + mode, we tell that the Pinentry so it may use it for own caching + purposes. Most pinentries won't have this implemented and thus + we do not error out in this case. */ + if (keyinfo && (cache_mode == CACHE_MODE_NORMAL + || cache_mode == CACHE_MODE_USER + || cache_mode == CACHE_MODE_SSH)) + { + snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s", + cache_mode == CACHE_MODE_USER? 'u' : + cache_mode == CACHE_MODE_SSH? 's' : 'n', + keyinfo); + rc = assuan_transact (entry_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) + return unlock_pinentry (rc); + } + snprintf (line, DIM(line)-1, "SETDESC %s", desc_text); line[DIM(line)-1] = 0; rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); diff --git a/agent/command-ssh.c b/agent/command-ssh.c index fffdb00..a517827 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -3110,7 +3110,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec, pi2->check_cb_arg = pi->pin; next_try: - err = agent_askpin (ctrl, description, NULL, initial_errtext, pi); + err = agent_askpin (ctrl, description, NULL, initial_errtext, pi, NULL, 0); initial_errtext = NULL; if (err) goto out; @@ -3119,7 +3119,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec, it already did the repetition check, ask to confirm it. */ if (*pi->pin && !pi->repeat_okay) { - err = agent_askpin (ctrl, description2, NULL, NULL, pi2); + err = agent_askpin (ctrl, description2, NULL, NULL, pi2, NULL, 0); if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index b00f032..562179b 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -961,7 +961,7 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, err = try_do_unprotect_cb (pi); } if (gpg_err_code (err) == GPG_ERR_BAD_PASSPHRASE && !from_native) - err = agent_askpin (ctrl, prompt, NULL, NULL, pi); + err = agent_askpin (ctrl, prompt, NULL, NULL, pi, NULL, 0); skeyidx = pi_arg.skeyidx; if (!err && r_passphrase && is_protected) { diff --git a/agent/divert-scd.c b/agent/divert-scd.c index 1408d65..0c287b4 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -270,7 +270,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) if (any_flags) { - rc = agent_askpin (ctrl, info, prompt, again_text, pi); + rc = agent_askpin (ctrl, info, prompt, again_text, pi, NULL, 0); again_text = NULL; if (!rc && newpin) { @@ -292,7 +292,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) is_puk? _("Repeat this PUK"): _("Repeat this PIN")), - prompt, NULL, pi2); + prompt, NULL, pi2, NULL, 0); if (!rc && strcmp (pi->pin, pi2->pin)) { again_text = (resetcode? @@ -316,7 +316,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) info? info:"", info? ")":"") < 0) desc = NULL; - rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi); + rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi, NULL, 0); xfree (desc); } diff --git a/agent/findkey.c b/agent/findkey.c index 6f01789..80771c5 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -463,7 +463,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, arg.change_required = 0; pi->check_cb_arg = &arg; - rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi); + rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, hexgrip, cache_mode); if (!rc) { assert (arg.unprotected_key); diff --git a/agent/genkey.c b/agent/genkey.c index ecf676e..30fc44d 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -370,7 +370,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, pi2->check_cb_arg = pi->pin; next_try: - err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi); + err = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0); initial_errtext = NULL; if (!err) { @@ -384,7 +384,7 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, it already did the repetition check, ask to confirm it. */ if (*pi->pin && !pi->repeat_okay) { - err = agent_askpin (ctrl, text2, NULL, NULL, pi2); + err = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0); if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 3 ++- agent/call-pinentry.c | 24 ++++++++++++++++++++++-- agent/command-ssh.c | 4 ++-- agent/cvt-openpgp.c | 2 +- agent/divert-scd.c | 6 +++--- agent/findkey.c | 2 +- agent/genkey.c | 4 ++-- 7 files changed, 33 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 15 06:41:57 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 15 Apr 2015 06:41:57 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-9-g067b636 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 067b6360be6733f6faf7a6438f61393fdb7a5fb3 (commit) from 0aac920f23fd07e152fdb7385299c92bb9a4ade3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 067b6360be6733f6faf7a6438f61393fdb7a5fb3 Author: NIIBE Yutaka Date: Wed Apr 15 13:41:48 2015 +0900 po: Update Japanese translation. diff --git a/po/ja.po b/po/ja.po index 9a9309b..52abd81 100644 --- a/po/ja.po +++ b/po/ja.po @@ -7,9 +7,9 @@ # msgid "" msgstr "" -"Project-Id-Version: GNU gnupg 2.0.26\n" +"Project-Id-Version: GNU gnupg 2.0.27\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-11-18 11:04+0900\n" +"PO-Revision-Date: 2015-04-15 13:41+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: Japanese \n" "Language: ja\n" @@ -3083,21 +3083,18 @@ msgstr "" " ???ID??????????????????\n" msgid "WARNING: Your encryption subkey expires soon.\n" -msgstr "" +msgstr "*??*: ???????????????????" -#, fuzzy -#| msgid "You can't change the expiration date of a v3 key\n" msgid "You may want to change its expiration date too.\n" -msgstr "v3??????????????\n" +msgstr "???????????????\n" msgid "" "WARNING: This is a PGP2-style key. Adding a photo ID may cause some " "versions\n" " of PGP to reject this key.\n" msgstr "" -"*??*: ???PGP2??????????ID??????????????PGP?" -"??\n" -" ????????????????\n" +"*??*: ???PGP2??????????ID??????????????PGP???\n" +" ????????????????\n" msgid "Are you sure you still want to add it? (y/N) " msgstr "????????????? (y/N) " ----------------------------------------------------------------------- Summary of changes: po/ja.po | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 15 09:10:12 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 15 Apr 2015 09:10:12 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-14-g05f32c7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 05f32c702eaf6dc7fd5c0c8c01b4c731ed9a6011 (commit) via 93910b5b8d20c089b2578d757cf06509d7617978 (commit) via de7f7b98dfeb30675369d0bedc6d639314193e96 (commit) via a838e8f806693e9403541f482b58b66c606e376b (commit) via b4ec909186d0150c835942754283ecc2bdf6e3e0 (commit) from 067b6360be6733f6faf7a6438f61393fdb7a5fb3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 05f32c702eaf6dc7fd5c0c8c01b4c731ed9a6011 Author: NIIBE Yutaka Date: Tue Apr 14 14:17:03 2015 +0900 scd: better handling of extended APDU. * scd/apdu.c (send_le): Bug fix for not append Z when lc<0&&le<0. * scd/app-common.h (struct app_ctx_s): Use bit fields for flags. * scd/ccid-driver.c (CCID_MAX_BUF): New. Only for OpenPGPcard. (struct ccid_driver_s): New field of max_ccid_msglen. Remove ifsd field. (parse_ccid_descriptor): Initialize max_ccid_msglen. (ccid_transceive_apdu_level): Implement sending extended APDU in chain of CCID message. -- With this patch, we won't need PC/SC library/service any more. GnuPG-bug-id: 1947 (backported from 2.1 commit 971d558e862db878a7310e06ed7116dbe36886ab) diff --git a/scd/apdu.c b/scd/apdu.c index 5fa66a8..6fc1148 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -3678,9 +3678,9 @@ send_le (int slot, int class, int ins, int p0, int p1, apdu[apdulen++] = ins; apdu[apdulen++] = p0; apdu[apdulen++] = p1; - apdu[apdulen++] = 0; /* Z byte: Extended length marker. */ - if (lc >= 0) + if (lc > 0) { + apdu[apdulen++] = 0; /* Z byte: Extended length marker. */ apdu[apdulen++] = ((lc >> 8) & 0xff); apdu[apdulen++] = (lc & 0xff); memcpy (apdu+apdulen, data, lc); @@ -3689,6 +3689,8 @@ send_le (int slot, int class, int ins, int p0, int p1, } if (le != -1) { + if (lc <= 0) + apdu[apdulen++] = 0; /* Z byte: Extended length marker. */ apdu[apdulen++] = ((le >> 8) & 0xff); apdu[apdulen++] = (le & 0xff); } diff --git a/scd/app-common.h b/scd/app-common.h index 4b2e13e..e48db3c 100644 --- a/scd/app-common.h +++ b/scd/app-common.h @@ -64,10 +64,10 @@ struct app_ctx_s { size_t serialnolen; /* Length in octets of serialnumber. */ const char *apptype; unsigned int card_version; - int did_chv1; - int force_chv1; /* True if the card does not cache CHV1. */ - int did_chv2; - int did_chv3; + unsigned int did_chv1:1; + unsigned int force_chv1:1; /* True if the card does not cache CHV1. */ + unsigned int did_chv2:1; + unsigned int did_chv3:1; struct app_local_s *app_local; /* Local to the application. */ struct { void (*deinit) (app_t app); diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index a179aa8..490569f 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -98,6 +98,16 @@ #define DRVNAME "ccid-driver: " +/* Max length of buffer with out CCID message header of 10-byte + Sending: 547 for RSA-4096 key import + APDU size = 540 (24+4+256+256) + commnd + lc + le = 4 + 3 + 0 + Sending: write data object of cardholder certificate + APDU size = 2048 + commnd + lc + le = 4 + 3 + 0 + Receiving: 2048 for cardholder certificate +*/ +#define CCID_MAX_BUF (2048+7+10) /* Depending on how this source is used we either define our error output to go to stderr or to the jnlib based logging functions. We @@ -270,7 +280,7 @@ struct ccid_driver_s unsigned char t1_nr; unsigned char nonnull_nad; int max_ifsd; - int ifsd; + int max_ccid_msglen; int ifsc; unsigned char apdu_level:2; /* Reader supports short APDU level exchange. With a value of 2 short @@ -749,7 +759,7 @@ prepare_special_transport (ccid_driver_t handle) handle->nonnull_nad = 0; handle->auto_ifsd = 0; handle->max_ifsd = 32; - handle->ifsd = 0; + handle->max_ccid_msglen = CCID_MAX_BUF; handle->has_pinpad = 0; handle->apdu_level = 0; switch (handle->id_product) @@ -781,7 +791,6 @@ parse_ccid_descriptor (ccid_driver_t handle, handle->nonnull_nad = 0; handle->auto_ifsd = 0; handle->max_ifsd = 32; - handle->ifsd = 0; handle->has_pinpad = 0; handle->apdu_level = 0; handle->auto_voltage = 0; @@ -922,6 +931,7 @@ parse_ccid_descriptor (ccid_driver_t handle, us = convert_le_u32(buf+44); DEBUGOUT_1 (" dwMaxCCIDMsgLen %5u\n", us); + handle->max_ccid_msglen = us; DEBUGOUT ( " bClassGetResponse "); if (buf[48] == 0xff) @@ -2831,109 +2841,101 @@ is_exlen_apdu (const unsigned char *apdu, size_t apdulen) /* Helper for ccid_transceive used for APDU level exchanges. */ static int ccid_transceive_apdu_level (ccid_driver_t handle, - const unsigned char *apdu_buf, size_t apdu_buflen, + const unsigned char *apdu_buf, size_t apdu_len, unsigned char *resp, size_t maxresplen, size_t *nresp) { int rc; - unsigned char send_buffer[10+261+300], recv_buffer[10+261+300]; - const unsigned char *apdu; - size_t apdulen; - unsigned char *msg; + unsigned char msg[CCID_MAX_BUF]; + const unsigned char *apdu_p; + size_t apdu_part_len; size_t msglen; unsigned char seqno; int bwi = 4; + unsigned char chain = 0; - msg = send_buffer; + if (apdu_len == 0 || apdu_len > sizeof (msg) - 10) + return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */ - apdu = apdu_buf; - apdulen = apdu_buflen; - assert (apdulen); + apdu_p = apdu_buf; + while (1) + { + apdu_part_len = apdu_len; + if (apdu_part_len > handle->max_ccid_msglen - 10) + { + apdu_part_len = handle->max_ccid_msglen - 10; + chain |= 0x01; + } - /* The maximum length for a short APDU T=1 block is 261. For an - extended APDU T=1 block the maximum length 65544; however - extended APDU exchange level is not fully supported yet. */ - if (apdulen > sizeof (send_buffer) - 10) - return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */ + msg[0] = PC_to_RDR_XfrBlock; + msg[5] = 0; /* slot */ + msg[6] = seqno = handle->seqno++; + msg[7] = bwi; + msg[8] = chain; + msg[9] = 0; + memcpy (msg+10, apdu_p, apdu_part_len); + set_msg_len (msg, apdu_part_len); + msglen = 10 + apdu_part_len; - msg[0] = PC_to_RDR_XfrBlock; - msg[5] = 0; /* slot */ - msg[6] = seqno = handle->seqno++; - msg[7] = bwi; /* bBWI */ - msg[8] = 0; /* RFU */ - msg[9] = 0; /* RFU */ - memcpy (msg+10, apdu, apdulen); - set_msg_len (msg, apdulen); - msglen = 10 + apdulen; + rc = bulk_out (handle, msg, msglen, 0); + if (rc) + return rc; - rc = bulk_out (handle, msg, msglen, 0); - if (rc) - return rc; + apdu_p += apdu_part_len; + apdu_len -= apdu_part_len; - msg = recv_buffer; - rc = bulk_in (handle, msg, sizeof recv_buffer, &msglen, - RDR_to_PC_DataBlock, seqno, 5000, 0); - if (rc) - return rc; + rc = bulk_in (handle, msg, sizeof msg, &msglen, + RDR_to_PC_DataBlock, seqno, 5000, 0); + if (rc) + return rc; + + if (!(chain & 0x01)) + break; - if (msg[9] == 1) + chain = 0x02; + } + + apdu_len = 0; + while (1) { - size_t total_msglen = msglen; + apdu_part_len = msglen - 10; + if (resp && apdu_len + apdu_part_len <= maxresplen) + memcpy (resp + apdu_len, msg+10, apdu_part_len); + apdu_len += apdu_part_len; - while (1) - { - unsigned char status; + if (!(msg[9] & 0x01)) + break; - msg = recv_buffer + total_msglen; + msg[0] = PC_to_RDR_XfrBlock; + msg[5] = 0; /* slot */ + msg[6] = seqno = handle->seqno++; + msg[7] = bwi; + msg[8] = 0x10; /* Request next data block */ + msg[9] = 0; + set_msg_len (msg, 0); + msglen = 10; - msg[0] = PC_to_RDR_XfrBlock; - msg[5] = 0; /* slot */ - msg[6] = seqno = handle->seqno++; - msg[7] = bwi; /* bBWI */ - msg[8] = 0x10; /* Request next data block */ - msg[9] = 0; - set_msg_len (msg, 0); - msglen = 10; - - rc = bulk_out (handle, msg, msglen, 0); - if (rc) - return rc; - - rc = bulk_in (handle, msg, sizeof recv_buffer - total_msglen, &msglen, - RDR_to_PC_DataBlock, seqno, 5000, 0); - if (rc) - return rc; - status = msg[9]; - memmove (msg, msg+10, msglen - 10); - total_msglen += msglen - 10; - if (total_msglen >= sizeof recv_buffer) - return CCID_DRIVER_ERR_OUT_OF_CORE; - - if (status == 0x02) - break; - } + rc = bulk_out (handle, msg, msglen, 0); + if (rc) + return rc; - apdu = recv_buffer + 10; - apdulen = total_msglen - 10; - } - else - { - apdu = msg + 10; - apdulen = msglen - 10; + rc = bulk_in (handle, msg, sizeof msg, &msglen, + RDR_to_PC_DataBlock, seqno, 5000, 0); + if (rc) + return rc; } if (resp) { - if (apdulen > maxresplen) + if (apdu_len > maxresplen) { DEBUGOUT_2 ("provided buffer too short for received data " "(%u/%u)\n", - (unsigned int)apdulen, (unsigned int)maxresplen); + (unsigned int)apdu_len, (unsigned int)maxresplen); return CCID_DRIVER_ERR_INV_VALUE; } - memcpy (resp, apdu, apdulen); - *nresp = apdulen; + *nresp = apdu_len; } return 0; commit 93910b5b8d20c089b2578d757cf06509d7617978 Author: Werner Koch Date: Fri Apr 10 08:34:35 2015 +0200 gpgparsemail: Fix last commit (3f2bdac) * tools/rfc822parse.c (parse_field): Replace break by goto. -- Brown paper bag bug: Changing an IF to a WHILE inside another loop requires to fix the inner break. Reported-by: Hanno B?ck Signed-off-by: Werner Koch (backported from 2.1 commit 9433661419043431a6cfc7d84c8450e0b2f6c353) diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c index 7b86ea9..7895e0b 100644 --- a/tools/rfc822parse.c +++ b/tools/rfc822parse.c @@ -829,7 +829,7 @@ parse_field (HDR_LINE hdr) while (!*s) { if (!hdr->next || !hdr->next->cont) - break; + goto oparen_out; /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; @@ -852,6 +852,7 @@ parse_field (HDR_LINE hdr) else if (*s == '\"') in_quote = 1; } + oparen_out: if (!*s) ; /* Actually this is an error, but we don't care about it. */ else commit de7f7b98dfeb30675369d0bedc6d639314193e96 Author: Werner Koch Date: Thu Apr 9 19:06:33 2015 +0200 gpgparsemail: Fix case of zero length continuation lines. * tools/rfc822parse.c (parse_field): Loop after continuation line. -- Using header lines like Name:[lf] [space][lf] [lf] resulted in running into the "(s2 = strchr (delimiters2, *s)" branch and inserting a new token for the empty continuation line. This also led to one byte read after the string which is what Hanno figured. The new code should handle empty continuation lines correct. Reported-by: Hanno B?ck Signed-off-by: Werner Koch (backported from 2.1 commit 3fbeba64a8bfb2b673230c124a3d616b6568fd2f) diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c index 8fbe3c2..7b86ea9 100644 --- a/tools/rfc822parse.c +++ b/tools/rfc822parse.c @@ -808,10 +808,12 @@ parse_field (HDR_LINE hdr) s++; /* Move over the colon. */ for (;;) { - if (!*s) + while (!*s) { if (!hdr->next || !hdr->next->cont) - break; + return tok; /* Ready. */ + + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -824,10 +826,11 @@ parse_field (HDR_LINE hdr) invalid = 0; for (s++;; s++) { - if (!*s) + while (!*s) { if (!hdr->next || !hdr->next->cont) break; + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -880,6 +883,7 @@ parse_field (HDR_LINE hdr) if (*s2 || !hdr->next || !hdr->next->cont) break; + /* Next item is a header continuation line. */ hdr = hdr->next; s = hdr->line; } @@ -931,8 +935,7 @@ parse_field (HDR_LINE hdr) s++; } } - - return tok; + /*NOTREACHED*/ failure: { commit a838e8f806693e9403541f482b58b66c606e376b Author: Werner Koch Date: Sun Mar 15 13:04:48 2015 +0100 agent: Fix length test in sshcontrol parser. * agent/command-ssh.c (ssh_search_control_file): Check S before upcasing it. -- In contradiction to the comment we did not check the length of HEXGRIP and thus the GPG_ERR_INV_LENGTH was never triggered. Detected by Stack 0.3: bug: anti-simplify model: | %cmp8 = icmp ne i32 %i.0, 40, !dbg !986 --> false stack: - /home/wk/s/gnupg/agent/command-ssh.c:1226:0 ncore: 2 core: - /home/wk/s/gnupg/agent/command-ssh.c:1225:0 - buffer overflow - /home/wk/s/gnupg/agent/command-ssh.c:1225:0 - buffer overflow (backported from 2.1 commit 3529dd8bb5bafc4e02915648d5f409bd27a9cc37) diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 3583ea0..ea6080a 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -1113,7 +1113,7 @@ ssh_search_control_file (ssh_control_file_t cf, /* We need to make sure that HEXGRIP is all uppercase. The easiest way to do this and also check its length is by copying to a second buffer. */ - for (i=0, s=hexgrip; i < 40; s++, i++) + for (i=0, s=hexgrip; i < 40 && *s; s++, i++) uphexgrip[i] = *s >= 'a'? (*s & 0xdf): *s; uphexgrip[i] = 0; if (i != 40) commit b4ec909186d0150c835942754283ecc2bdf6e3e0 Author: Werner Koch Date: Sun Mar 15 12:15:55 2015 +0100 scd: Fix possible NULL deref in apdu.c * scd/apdu.c (control_pcsc_direct): Take care of BUFLEN being NULL. (control_pcsc_wrapped): Ditto. -- pcsc_vendor_specific_init calls the above with BUFFER and BUFLEN as NULL. Reported by Stack 0.3: bug: anti-dce model: | control_pcsc.exit77: %retval.0.i.i76 = phi i32 [ %rc.0.i.i.i73, \ %pcsc_error_to_sw.exit.i.i74 ], [ 0, %if.end.i.i75 ] %tobool198 = icmp ne i32 %retval.0.i.i76, 0, !dbg !728 br i1 %tobool198, label %if.then199, label %if.end200, !dbg !728 stack: - /home/wk/s/gnupg/scd/apdu.c:1882:0 ncore: 1 core: - /home/wk/s/gnupg/scd/apdu.c:1309:0 - buffer overflow (backported from 2.1 commit ef0a3abf7305133d071bf1a94a7f461082f9a9aa) diff --git a/scd/apdu.c b/scd/apdu.c index 5ce7f94..5fa66a8 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1269,7 +1269,7 @@ control_pcsc_direct (int slot, pcsc_dword_t ioctl_code, long err; err = pcsc_control (reader_table[slot].pcsc.card, ioctl_code, - cntlbuf, len, buffer, *buflen, buflen); + cntlbuf, len, buffer, buflen? *buflen:0, buflen); if (err) { log_error ("pcsc_control failed: %s (0x%lx)\n", @@ -1337,14 +1337,18 @@ control_pcsc_wrapped (int slot, pcsc_dword_t ioctl_code, full_len = len; - n = *buflen < len ? *buflen : len; + if (buflen) + n = *buflen < len ? *buflen : len; + else + n = 0; if ((i=readn (slotp->pcsc.rsp_fd, buffer, n, &len)) || len != n) { log_error ("error receiving PC/SC CONTROL response: %s\n", i? strerror (errno) : "premature EOF"); goto command_failed; } - *buflen = n; + if (buflen) + *buflen = n; full_len -= len; if (full_len) ----------------------------------------------------------------------- Summary of changes: agent/command-ssh.c | 2 +- scd/apdu.c | 16 ++++-- scd/app-common.h | 8 +-- scd/ccid-driver.c | 156 ++++++++++++++++++++++++++-------------------------- tools/rfc822parse.c | 16 ++++-- 5 files changed, 105 insertions(+), 93 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 15 12:36:46 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 15 Apr 2015 12:36:46 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-185-gfe38d38 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via fe38d3815b4cd203cd529949e244aca80d32897f (commit) via 3b03a3b493233a472da531d8d9582d1be6d376b0 (commit) from 9fca46864e1b5a9c788072113589454adb89fa97 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe38d3815b4cd203cd529949e244aca80d32897f Author: Werner Koch Date: Wed Apr 15 12:34:38 2015 +0200 tests: Add option to time the S2K function. * tests/t-kdf.c: Include stopwatch.h. (dummy_consumer): new. (bench_s2k): New. (main): Add option parser and option --s2k. -- For example: $ ./t-kdf --s2k 17659904 88.0ms $ ./t-kdf --s2k 65536 0.3ms This test is similar to the code done by gpg-agent to calibrate the S2K count. diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 8e728d5..18c8357 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -28,6 +28,8 @@ #include #include "../src/gcrypt-int.h" +#include "stopwatch.h" + #ifndef DIM # define DIM(v) (sizeof(v)/sizeof((v)[0])) @@ -62,6 +64,58 @@ die (const char *format, ...) static void +dummy_consumer (volatile char *buffer, size_t buflen) +{ + (void)buffer; + (void)buflen; +} + + +static void +bench_s2k (unsigned long s2kcount) +{ + gpg_error_t err; + const char passphrase[] = "123456789abcdef0"; + char keybuf[128/8]; + unsigned int repetitions = 10; + unsigned int count; + const char *elapsed; + int pass = 0; + + again: + start_timer (); + for (count = 0; count < repetitions; count++) + { + err = gcry_kdf_derive (passphrase, strlen (passphrase), + GCRY_KDF_ITERSALTED_S2K, + GCRY_MD_SHA1, "saltsalt", 8, s2kcount, + sizeof keybuf, keybuf); + if (err) + die ("gcry_kdf_derive failed: %s\n", gpg_strerror (err)); + dummy_consumer (keybuf, sizeof keybuf); + } + stop_timer (); + + elapsed = elapsed_time (repetitions); + if (!pass++) + { + if (!atoi (elapsed)) + { + repetitions = 10000; + goto again; + } + else if (atoi (elapsed) < 10) + { + repetitions = 100; + goto again; + } + } + + printf ("%s\n", elapsed); +} + + +static void check_openpgp (void) { /* Test vectors manually created with gpg 1.4 derived code: In @@ -1122,10 +1176,58 @@ check_scrypt (void) int main (int argc, char **argv) { - if (argc > 1 && !strcmp (argv[1], "--verbose")) - verbose = 1; - else if (argc > 1 && !strcmp (argv[1], "--debug")) - verbose = debug = 1; + int last_argc = -1; + unsigned long s2kcount = 0; + + if (argc) + { argc--; argv++; } + + while (argc && last_argc != argc ) + { + last_argc = argc; + if (!strcmp (*argv, "--")) + { + argc--; argv++; + break; + } + else if (!strcmp (*argv, "--help")) + { + fputs ("usage: t-kdf [options]" + "Options:\n" + " --verbose print timinigs etc.\n" + " --debug flyswatter\n" + " --s2k print the time needed for S2K\n", + stdout); + exit (0); + } + else if (!strcmp (*argv, "--verbose")) + { + verbose++; + argc--; argv++; + } + else if (!strcmp (*argv, "--debug")) + { + verbose += 2; + debug++; + argc--; argv++; + } + else if (!strcmp (*argv, "--s2k")) + { + s2kcount = 1; + argc--; argv++; + } + else if (!strncmp (*argv, "--", 2)) + die ("unknown option '%s'\n", *argv); + } + + if (s2kcount) + { + if (argc != 1) + die ("usage: t-kdf --s2k S2KCOUNT\n", stderr ); + s2kcount = strtoul (*argv, NULL, 10); + if (!s2kcount) + die ("t-kdf: S2KCOUNT must be positive\n", stderr ); + } if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); @@ -1135,9 +1237,14 @@ main (int argc, char **argv) if (debug) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); - check_openpgp (); - check_pbkdf2 (); - check_scrypt (); + if (s2kcount) + bench_s2k (s2kcount); + else + { + check_openpgp (); + check_pbkdf2 (); + check_scrypt (); + } return error_count ? 1 : 0; } commit 3b03a3b493233a472da531d8d9582d1be6d376b0 Author: Werner Koch Date: Wed Apr 15 12:30:50 2015 +0200 tests: Improve stopwatch.h * tests/stopwatch.h (elapsed_time): Add arg divisor. diff --git a/tests/benchmark.c b/tests/benchmark.c index 6be9509..b6cd7a8 100644 --- a/tests/benchmark.c +++ b/tests/benchmark.c @@ -463,7 +463,7 @@ random_bench (int very_strong) for (i=0; i < 100; i++) gcry_randomize (buf, sizeof buf, GCRY_STRONG_RANDOM); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); } start_timer (); @@ -471,7 +471,7 @@ random_bench (int very_strong) gcry_randomize (buf, 8, very_strong? GCRY_VERY_STRONG_RANDOM:GCRY_STRONG_RANDOM); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); putchar ('\n'); if (verbose) @@ -531,7 +531,7 @@ md_bench ( const char *algoname ) gcry_md_write (hd, buf, bufsize); gcry_md_final (hd); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_md_reset (hd); @@ -541,7 +541,7 @@ md_bench ( const char *algoname ) gcry_md_write (hd, buf, bufsize/10); gcry_md_final (hd); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_md_reset (hd); @@ -551,7 +551,7 @@ md_bench ( const char *algoname ) gcry_md_write (hd, buf, 1); gcry_md_final (hd); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -561,7 +561,7 @@ md_bench ( const char *algoname ) gcry_md_putc (hd, buf[j]); gcry_md_final (hd); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_md_close (hd); @@ -585,7 +585,7 @@ md_bench ( const char *algoname ) for (i=0; i < 100; i++) gcry_md_hash_buffer (algo, digest, largebuf, 10000); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); free (largebuf_base); putchar ('\n'); @@ -680,7 +680,7 @@ mac_bench ( const char *algoname ) macoutlen = maclen; gcry_mac_read (hd, mac[0], &macoutlen); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_mac_reset (hd); @@ -692,7 +692,7 @@ mac_bench ( const char *algoname ) macoutlen = maclen; gcry_mac_read (hd, mac[1], &macoutlen); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_mac_reset (hd); @@ -704,7 +704,7 @@ mac_bench ( const char *algoname ) macoutlen = maclen; gcry_mac_read (hd, mac[2], &macoutlen); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_mac_close (hd); @@ -968,7 +968,7 @@ cipher_bench ( const char *algoname ) } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_cipher_close (hd); if (err) @@ -1049,7 +1049,7 @@ cipher_bench ( const char *algoname ) } } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); gcry_cipher_close (hd); if (err) @@ -1113,7 +1113,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) gcry_sexp_release (key_spec); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); x = gcry_mpi_new (p_sizes[testno]); @@ -1133,7 +1133,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) die ("signing failed (%d): %s\n", count, gpg_strerror (err)); } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -1150,7 +1150,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) } } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); if (no_blinding) { @@ -1172,7 +1172,7 @@ rsa_bench (int iterations, int print_header, int no_blinding) die ("signing failed (%d): %s\n", count, gpg_strerror (err)); } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); } @@ -1260,7 +1260,7 @@ elg_bench (int iterations, int print_header) } } stop_timer (); - snprintf (timerbuf1, sizeof timerbuf1, " %s", elapsed_time ()); + snprintf (timerbuf1, sizeof timerbuf1, " %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -1278,7 +1278,7 @@ elg_bench (int iterations, int print_header) } stop_timer (); - printf (" %s %s\n", elapsed_time (), timerbuf1); + printf (" %s %s\n", elapsed_time (1), timerbuf1); fflush (stdout); gcry_sexp_release (plain); @@ -1368,7 +1368,7 @@ dsa_bench (int iterations, int print_header) } } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -1384,7 +1384,7 @@ dsa_bench (int iterations, int print_header) } } stop_timer (); - printf (" %s\n", elapsed_time ()); + printf (" %s\n", elapsed_time (1)); fflush (stdout); gcry_sexp_release (sig); @@ -1478,7 +1478,7 @@ ecc_bench (int iterations, int print_header) gcry_sexp_release (key_spec); stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); x = gcry_mpi_new (p_size); @@ -1513,7 +1513,7 @@ ecc_bench (int iterations, int print_header) } } stop_timer (); - printf (" %s", elapsed_time ()); + printf (" %s", elapsed_time (1)); fflush (stdout); start_timer (); @@ -1530,7 +1530,7 @@ ecc_bench (int iterations, int print_header) } } stop_timer (); - printf (" %s\n", elapsed_time ()); + printf (" %s\n", elapsed_time (1)); fflush (stdout); gcry_sexp_release (sig); @@ -1563,7 +1563,7 @@ do_powm ( const char *n_str, const char *e_str, const char *m_str) for (i=0; i < 1000; i++) gcry_mpi_powm (cip, msg, e, n); stop_timer (); - printf (" %s", elapsed_time ()); fflush (stdout); + printf (" %s", elapsed_time (1)); fflush (stdout); /* { */ /* char *buf; */ @@ -1645,7 +1645,7 @@ prime_bench (void) stop_timer (); if (with_progress) printf ("%-10s", "prime"); - printf (" %s\n", elapsed_time ()); fflush (stdout); + printf (" %s\n", elapsed_time (1)); fflush (stdout); single_char_progress = old_prog; } diff --git a/tests/hashtest.c b/tests/hashtest.c index 6fbce0c..e2178aa 100644 --- a/tests/hashtest.c +++ b/tests/hashtest.c @@ -484,6 +484,6 @@ main (int argc, char **argv) if (verbose) show ("All tests completed in %s. Errors: %d\n", - elapsed_time (), error_count); + elapsed_time (1), error_count); return !!error_count; } diff --git a/tests/stopwatch.h b/tests/stopwatch.h index bdca9ce..696e300 100644 --- a/tests/stopwatch.h +++ b/tests/stopwatch.h @@ -81,7 +81,7 @@ stop_timer (void) } static const char * -elapsed_time (void) +elapsed_time (unsigned int divisor) { static char buf[50]; #if _WIN32 @@ -95,11 +95,19 @@ elapsed_time (void) + stopped_at.kernel_time.dwLowDateTime); t2 += (((unsigned long long)stopped_at.user_time.dwHighDateTime << 32) + stopped_at.user_time.dwLowDateTime); - t = (t2 - t1)/10000; - snprintf (buf, sizeof buf, "%5.0fms", (double)t ); + t = ((t2 - t1)/divisor)/10000; + if (divisor != 1) + snprintf (buf, sizeof buf, "%5.1fms", (double)t ); + else + snprintf (buf, sizeof buf, "%5.0fms", (double)t ); #else - snprintf (buf, sizeof buf, "%5.0fms", - (((double) (stopped_at - started_at))/CLOCKS_PER_SEC)*10000000); + if (divisor != 1) + snprintf (buf, sizeof buf, "%5.1fms", + ((((double) (stopped_at - started_at)/(double)divisor) + /CLOCKS_PER_SEC)*10000000)); + else + snprintf (buf, sizeof buf, "%5.0fms", + (((double) (stopped_at - started_at)/CLOCKS_PER_SEC)*10000000)); #endif return buf; } diff --git a/tests/t-ed25519.c b/tests/t-ed25519.c index b7f3307..38e154d 100644 --- a/tests/t-ed25519.c +++ b/tests/t-ed25519.c @@ -555,6 +555,6 @@ main (int argc, char **argv) xfree (fname); show ("All tests completed in %s. Errors: %d\n", - elapsed_time (), error_count); + elapsed_time (1), error_count); return !!error_count; } ----------------------------------------------------------------------- Summary of changes: tests/benchmark.c | 50 +++++++++++----------- tests/hashtest.c | 2 +- tests/stopwatch.h | 18 +++++--- tests/t-ed25519.c | 2 +- tests/t-kdf.c | 121 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 5 files changed, 154 insertions(+), 39 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 16 02:08:14 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 16 Apr 2015 02:08:14 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-15-gc8c88bd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via c8c88bdd98e56d08b1965c620173731d3c6ffd03 (commit) from 05f32c702eaf6dc7fd5c0c8c01b4c731ed9a6011 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c8c88bdd98e56d08b1965c620173731d3c6ffd03 Author: Werner Koch Date: Thu Mar 19 20:38:25 2015 +0100 gpg: Emit status line NEWSIG before signature verification starts. * g10/mainproc.c (check_sig_and_print): Emit STATUS_NEWSIG. -- gpgsm does this for a long time but somehow it never made it into gpg. Signed-off-by: Werner Koch (backported from 2.1 commit e7ddaad0fd2c8774a1d3367adfaa68014eaf65de) diff --git a/doc/DETAILS b/doc/DETAILS index 927cc61..65974dd 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -219,9 +219,9 @@ more arguments in future versions. NEWSIG - May be issued right before a signature verification starts. This - is useful to define a context for parsing ERROR status - messages. No arguments are currently defined. + Is issued right before a signature verification starts. This is + useful to define a context for parsing ERROR status messages. No + arguments are currently defined. GOODSIG The signature with the keyid is good. For each signature only diff --git a/g10/mainproc.c b/g10/mainproc.c index 6288030..be4c73d 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1604,6 +1604,8 @@ check_sig_and_print( CTX c, KBNODE node ) } + write_status_text (STATUS_NEWSIG, NULL); + /* (Indendation below not yet changed to GNU style.) */ astr = openpgp_pk_algo_name ( sig->pubkey_algo ); ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 6 +++--- g10/mainproc.c | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 16 11:37:37 2015 From: cvs at cvs.gnupg.org (by Yuri D'Elia) Date: Thu, 16 Apr 2015 11:37:37 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-3-g9d2d8b6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 9d2d8b6bfaf2d5b07e7fb5be7188516e4158ed98 (commit) from 2bffbbff09177afb75ad667d949eed2a8cb846ea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9d2d8b6bfaf2d5b07e7fb5be7188516e4158ed98 Author: Yuri D'Elia Date: Thu Apr 16 11:34:58 2015 +0200 gtk: Make Escape key work. * gtk+-2/pinentry-gtk-2.c: Include gdk/gdkkeysyms.h. (enter_callback): Pass confirm_value_t to button_clicked. (confirm_button_clicked): Use confirm_value_t cast. (cancel_callback): New. (create_window): Add accelerator for the Escape key. -- GnuPG-bug-id: 1453 Original patch slighty modified by wk. diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 0063c3f..b3698c0 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -24,6 +24,7 @@ #ifdef HAVE_CONFIG_H #include "config.h" #endif +#include #include #include #include @@ -223,18 +224,34 @@ button_clicked (GtkWidget *widget, gpointer data) static void enter_callback (GtkWidget *widget, GtkWidget *anentry) { - button_clicked (widget, "ok"); + button_clicked (widget, (gpointer) CONFIRM_OK); } static void confirm_button_clicked (GtkWidget *widget, gpointer data) { - confirm_value = (int)(long) data; + confirm_value = (confirm_value_t) data; gtk_main_quit (); } +static void +cancel_callback (GtkAccelGroup *acc, GObject *accelerable, + guint keyval, GdkModifierType modifier, gpointer data) +{ + int confirm_mode = !!data; + + if (confirm_mode) + confirm_button_clicked (GTK_WIDGET (accelerable), + (gpointer)CONFIRM_CANCEL); + else + button_clicked (GTK_WIDGET (accelerable), + (gpointer)CONFIRM_CANCEL); +} + + + static gchar * pinentry_utf8_validate (gchar *text) { @@ -328,6 +345,7 @@ create_window (int confirm_mode) GtkWidget *win, *box; GtkWidget *wvbox, *chbox, *bbox; GtkAccelGroup *acc; + GClosure *acc_cl; gchar *msg; tooltips = gtk_tooltips_new (); @@ -561,6 +579,11 @@ create_window (int confirm_mode) G_CALLBACK (confirm_mode ? confirm_button_clicked : button_clicked), (gpointer) CONFIRM_CANCEL); + + acc_cl = g_cclosure_new (G_CALLBACK (cancel_callback), + (confirm_mode? "":NULL), NULL); + gtk_accel_group_connect (acc, GDK_KEY_Escape, 0, 0, acc_cl); + GTK_WIDGET_SET_FLAGS (w, GTK_CAN_DEFAULT); } ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 17 03:22:02 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Fri, 17 Apr 2015 03:22:02 +0200 Subject: [git] GnuPG - branch, bjk/passphrase-inquire, created. gnupg-2.1.3-9-g062eadf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, bjk/passphrase-inquire has been created at 062eadfa35739e6266118953c6e70ef343eebd73 (commit) - Log ----------------------------------------------------------------- commit 062eadfa35739e6266118953c6e70ef343eebd73 Author: Ben Kibbey Date: Thu Apr 16 21:00:30 2015 -0400 Inform a user about inquire length limit. * common/status.h (INQUIRE_MAXLEN): New. * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN. client when inquiring a passphrase over pinentry-loopback. -- This is to inform a user about the maximum length of a passphrase. The limit is the same that gpg-agent uses. diff --git a/common/status.h b/common/status.h index 9219bf4..3c78eda 100644 --- a/common/status.h +++ b/common/status.h @@ -125,7 +125,9 @@ enum STATUS_PINENTRY_LAUNCHED, STATUS_ERROR, - STATUS_SUCCESS + STATUS_SUCCESS, + + STATUS_INQUIRE_MAXLEN, }; diff --git a/g10/call-agent.c b/g10/call-agent.c index 017e916..e9c6ca8 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -177,11 +177,15 @@ default_inq_cb (void *opaque, const char *line) else { char *pw; + char buf[32]; if (parm->keyinfo.keyid) emit_status_need_passphrase (parm->keyinfo.keyid, parm->keyinfo.mainkeyid, parm->keyinfo.pubkey_algo); + + snprintf (buf, sizeof (buf), "%u", 100); + write_status_text (STATUS_INQUIRE_MAXLEN, buf); pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: ")); cpr_kill_prompt (); if (*pw == CONTROL_D && !pw[1]) commit 4b3433a0245e6923caa5fefb98f0e06d6bd8808a Author: Ben Kibbey Date: Tue Apr 14 18:48:57 2015 -0400 Allow --gen-key to inquire a passphrase. * g10/gpg.c (main): test for --command-fd during --gen-key parse. When --command-fd is set then imply --batch to let gpg inquire a passphrase rather than requiring a pinentry. diff --git a/g10/gpg.c b/g10/gpg.c index aec6e80..a6e42c1 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3904,9 +3904,18 @@ main (int argc, char **argv) generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0); } else { - if( argc ) - wrong_args("--gen-key"); - generate_keypair (ctrl, 0, NULL, NULL, 0); + if (opt.command_fd != -1 && argc) + { + if( argc > 1 ) + wrong_args("--gen-key [parameterfile]"); + + opt.batch = 1; + generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0); + } + else if (argc) + wrong_args ("--gen-key"); + else + generate_keypair (ctrl, 0, NULL, NULL, 0); } break; ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Apr 17 03:44:27 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Fri, 17 Apr 2015 03:44:27 +0200 Subject: [git] GPGME - branch, bjk/passphrase-inquire, created. gpgme-1.5.4-4-g2fe9ffe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, bjk/passphrase-inquire has been created at 2fe9ffe0205ef44ad7318bd92474051c6176bcc4 (commit) - Log ----------------------------------------------------------------- commit 2fe9ffe0205ef44ad7318bd92474051c6176bcc4 Author: Ben Kibbey Date: Thu Apr 16 21:05:01 2015 -0400 Parse the INQUIRE_MAXLEN status message. * src/gpgme.h.in: (gpgme_status_code_t): Add INQUIRE_MAXLEN. * src/status-table.c (status_table_s): Ditto. * src/genkey.c (genkey_status_handler): Parse INQUIRE_MAXLEN. * src/decrypt.c (_gpgme_decrypt_status_handler): Ditto. * src/sign.c (_gpgme_sign_status_handler): Ditto. This status message informs the client of the maximum length of an inquired line. It is sent from gpg and forwarded to the client via gpgme_status_cb_t. diff --git a/src/decrypt.c b/src/decrypt.c index 4742060..4fd92c6 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -291,6 +291,16 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, err = _gpgme_parse_plaintext (args, &opd->result.file_name); if (err) return err; + break; + + case GPGME_STATUS_INQUIRE_MAXLEN: + if (ctx->status_cb) + { + err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args); + if (err) + return err; + } + break; default: break; diff --git a/src/genkey.c b/src/genkey.c index 17009bd..18765dd 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -124,6 +124,15 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) return gpg_error (GPG_ERR_GENERAL); break; + case GPGME_STATUS_INQUIRE_MAXLEN: + if (ctx->status_cb) + { + err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args); + if (err) + return err; + } + break; + default: break; } diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 55bc568..893e11c 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -544,7 +544,8 @@ typedef enum GPGME_STATUS_PINENTRY_LAUNCHED = 88, GPGME_STATUS_ATTRIBUTE = 89, GPGME_STATUS_BEGIN_SIGNING = 90, - GPGME_STATUS_KEY_NOT_CREATED = 91 + GPGME_STATUS_KEY_NOT_CREATED = 91, + GPGME_STATUS_INQUIRE_MAXLEN = 92 } gpgme_status_code_t; diff --git a/src/sign.c b/src/sign.c index ffbde56..9e22fdb 100644 --- a/src/sign.c +++ b/src/sign.c @@ -338,6 +338,11 @@ _gpgme_sign_status_handler (void *priv, gpgme_status_code_t code, char *args) err = gpg_error (GPG_ERR_GENERAL); break; + case GPGME_STATUS_INQUIRE_MAXLEN: + if (ctx->status_cb) + err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args); + break; + default: break; } diff --git a/src/status-table.c b/src/status-table.c index b936997..c85fa95 100644 --- a/src/status-table.c +++ b/src/status-table.c @@ -80,6 +80,7 @@ static struct status_table_s status_table[] = { "IMPORT_PROBLEM", GPGME_STATUS_IMPORT_PROBLEM }, { "IMPORT_RES", GPGME_STATUS_IMPORT_RES }, { "IMPORTED", GPGME_STATUS_IMPORTED }, + { "INQUIRE_MAXLEN", GPGME_STATUS_INQUIRE_MAXLEN }, { "INV_RECP", GPGME_STATUS_INV_RECP }, { "INV_SGNR", GPGME_STATUS_INV_SGNR }, { "KEY_CREATED", GPGME_STATUS_KEY_CREATED }, commit 7e46a5e20c5e75c7a297047b5879f4a4d45e9d7c Author: Ben Kibbey Date: Thu Apr 16 20:23:38 2015 -0400 Add gpgme_set/get_status_cb(). * src/gpgme.h.in (gpgme_set_status_cb): New. (gpgme_get_status_cb): New. (gpgme_status_cb_t): New. * src/gpgme.c (gpgme_set_status_cb): New. (gpgme_get_status_cb): New. * src/context.h (status_cb): New. (status_cb_value): New. * src/gpgme.def: Export new symbols. * src/libgpgme.vers: Ditto. * doc/gpgme.texi: Document these new functions. -- This callback function is used to forward status messages from gpg back to the client. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 45c359d..a84a9d0 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -193,6 +193,7 @@ Context Attributes * Key Listing Mode:: Selecting key listing mode. * Passphrase Callback:: Getting the passphrase from the user. * Progress Meter Callback:: Being informed about the progress. +* Status Message Callback:: Status messages received from gpg. * Locale:: Setting the locale of a context. Key Management @@ -2289,6 +2290,7 @@ started. In fact, these references are accessed through the * Key Listing Mode:: Selecting key listing mode. * Passphrase Callback:: Getting the passphrase from the user. * Progress Meter Callback:: Being informed about the progress. +* Status Message Callback:: Status messages received from gpg. * Locale:: Setting the locale of a context. @end menu @@ -2642,6 +2644,48 @@ the corresponding value will not be returned. @end deftypefun + at node Status Message Callback + at subsection Status Message Callback + at cindex callback, status message + at cindex status message callback + + at deftp {Data type} {gpgme_error_t (*gpgme_status_cb_t)(void *@var{hook}, const char *@var{keyword}, const char *@var{args})} + at tindex gpgme_status_cb_t +The @code{gpgme_status_cb_t} type is the type of function usable as +a status message callback function. + +The argument @var{keyword} is the name of the status message while the + at var{args} argument contains any arguments for the status message. + +The status message may have come from gpg or libgpgme. + +If an error occurs, return the corresponding @code{gpgme_error_t} +value. Otherwise, return @code{0}. + at end deftp + + at deftypefun void gpgme_set_status_cb (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_status_cb_t @var{statusfunc}}, @w{void *@var{hook_value}}) +The function @code{gpgme_set_status_cb} sets the function that is used when a +status message is received from gpg to @var{statusfunc}. The function + at var{statusfunc} needs to implemented by the user, and whenever it is called, +it is called with its first argument being @var{hook_value}. By default, no +status message callback function is set. + +The user can disable the use of a status message callback function by calling + at code{gpgme_set_status_cb} with @var{statusfunc} being @code{NULL}. + at end deftypefun + + at deftypefun void gpgme_get_status_cb (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_status_cb_t *@var{statusfunc}}, @w{void **@var{hook_value}}) +The function @code{gpgme_get_status_cb} returns the function that is used to +process status messages from gpg in @var{*statusfunc}, and the first argument +for this function in @var{*hook_value}. If no status message callback is set, +or @var{ctx} is not a valid pointer, @code{NULL} is returned in both +variables. + + at var{statusfunc} or @var{hook_value} can be @code{NULL}. In this case, +the corresponding value will not be returned. + at end deftypefun + + @node Locale @subsection Locale @cindex locale, default diff --git a/src/context.h b/src/context.h index 745ffa8..a2977fc 100644 --- a/src/context.h +++ b/src/context.h @@ -132,6 +132,10 @@ struct gpgme_context gpgme_progress_cb_t progress_cb; void *progress_cb_value; + /* The user provided status callback and its hook value. */ + gpgme_status_cb_t status_cb; + void *status_cb_value; + /* A list of file descriptors in active use by the current operation. */ struct fd_table fdt; diff --git a/src/gpgme.c b/src/gpgme.c index 628cdae..ac2c95e 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -632,6 +632,37 @@ gpgme_get_progress_cb (gpgme_ctx_t ctx, gpgme_progress_cb_t *r_cb, } +/* This function sets a callback function to be used as a status + message forwarder. */ +void +gpgme_set_status_cb (gpgme_ctx_t ctx, gpgme_status_cb_t cb, void *cb_value) +{ + TRACE2 (DEBUG_CTX, "gpgme_set_status_cb", ctx, "status_cb=%p/%p", + cb, cb_value); + + if (!ctx) + return; + + ctx->status_cb = cb; + ctx->status_cb_value = cb_value; +} + + +/* This function returns the callback function to be used as a + status message forwarder. */ +void +gpgme_get_status_cb (gpgme_ctx_t ctx, gpgme_status_cb_t *r_cb, + void **r_cb_value) +{ + TRACE2 (DEBUG_CTX, "gpgme_get_status_cb", ctx, "ctx->status_cb=%p/%p", + ctx->status_cb, ctx->status_cb_value); + if (r_cb) + *r_cb = ctx->status_cb; + if (r_cb_value) + *r_cb_value = ctx->status_cb_value; +} + + /* Set the I/O callback functions for CTX to IO_CBS. */ void gpgme_set_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs) diff --git a/src/gpgme.def b/src/gpgme.def index dc18948..ab1f643 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -217,5 +217,8 @@ EXPORTS gpgme_op_spawn_start @163 gpgme_op_spawn @164 + + gpgme_set_status_cb @165 + gpgme_get_status_cb @166 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 15ed803..55bc568 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -839,6 +839,11 @@ typedef gpgme_error_t (*gpgme_passphrase_cb_t) (void *hook, typedef void (*gpgme_progress_cb_t) (void *opaque, const char *what, int type, int current, int total); +/* Status messages from gpg. */ +typedef gpgme_error_t (*gpgme_status_cb_t) (void *opaque, const char *keyword, + const char *args); + + /* Interact with the user about an edit operation. */ typedef gpgme_error_t (*gpgme_edit_cb_t) (void *opaque, gpgme_status_code_t status, @@ -930,6 +935,16 @@ void gpgme_set_progress_cb (gpgme_ctx_t c, gpgme_progress_cb_t cb, void gpgme_get_progress_cb (gpgme_ctx_t ctx, gpgme_progress_cb_t *cb, void **hook_value); +/* Set the status callback function in CTX to CB. HOOK_VALUE is + passed as first argument to thes status callback function. */ +void gpgme_set_status_cb (gpgme_ctx_t c, gpgme_status_cb_t cb, + void *hook_value); + +/* Get the current status callback function in *CB and the current + hook value in *HOOK_VALUE. */ +void gpgme_get_status_cb (gpgme_ctx_t ctx, gpgme_status_cb_t *cb, + void **hook_value); + /* This function sets the locale for the context CTX, or the default locale if CTX is a null pointer. */ gpgme_error_t gpgme_set_locale (gpgme_ctx_t ctx, int category, diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 39663c1..decfc8a 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -92,6 +92,9 @@ GPGME_1.1 { gpgme_op_spawn_start; gpgme_op_spawn; + + gpgme_set_status_cb; + gpgme_get_status_cb; }; commit f543631aae3e52f010173926b646dba1e2b14ab9 Author: Ben Kibbey Date: Tue Apr 14 18:39:26 2015 -0400 Make use of user passphrase handler during genkey. * src/genkey.c (genkey_start): set engine passphrase command handler. This allows for inquiring a new passphrase during key generation rather than requiring a pinentry. diff --git a/src/genkey.c b/src/genkey.c index fd6685e..17009bd 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -186,6 +186,14 @@ genkey_start (gpgme_ctx_t ctx, int synchronous, const char *parms, _gpgme_engine_set_status_handler (ctx->engine, genkey_status_handler, ctx); + if (ctx->passphrase_cb) + { + err = _gpgme_engine_set_command_handler + (ctx->engine, _gpgme_passphrase_command_handler, ctx, NULL); + if (err) + return err; + } + return _gpgme_engine_op_genkey (ctx->engine, opd->key_parameter, ctx->use_armor, pubkey, seckey); } ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Apr 21 19:30:54 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 21 Apr 2015 19:30:54 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-14-gc4d9873 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c4d98734c5df39f57a71f0ec1c0c80e82ff08508 (commit) via 54e55149f2af96eff08bfd6f70ef13d007fb58c7 (commit) via a0dead5edce07838cf5ff3ec7205a3bff2a6ef70 (commit) via 727fe4f8d7d5fc3eac0b0aa6fafa4a314686d7dc (commit) via ae0d65f86413a82a40cf68e08aaeca405eee8c78 (commit) via da1990bac71f6447d8ebd169c3b3b186e9f287d9 (commit) from 62b2cee85f15ee083896efdb44d10208ef1212a7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c4d98734c5df39f57a71f0ec1c0c80e82ff08508 Author: Werner Koch Date: Tue Apr 21 19:29:53 2015 +0200 gpg: Make keyserver-option http_proxy work. * g10/options.h (opt): Add field keyserver_options.http_proxy. * g10/keyserver.c (warn_kshelper_option): Add arg noisy. (parse_keyserver_options): Parse into new http_proxy field. * g10/call-dirmngr.c (create_context): Send the http-proxy option. diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index 26955ab..bb571b2 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -148,9 +148,24 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx) } else if (!err) { + char *line; + /* Tell the dirmngr that we want to collect audit event. */ /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */ /* NULL, NULL, NULL, NULL, NULL, NULL); */ + if (opt.keyserver_options.http_proxy) + { + line = xtryasprintf ("OPTION http-proxy=%s", + opt.keyserver_options.http_proxy); + if (!line) + err = gpg_error_from_syserror (); + else + { + err = assuan_transact (ctx, line, NULL, NULL, NULL, + NULL, NULL, NULL); + xfree (line); + } + } } if (err) diff --git a/g10/keyserver.c b/g10/keyserver.c index 674eb81..abe4bde 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -92,11 +92,11 @@ static struct parse_options keyserver_opts[]= /* some of these options are not real - just for the help message */ {"max-cert-size",0,NULL,NULL}, /* MUST be the first in this array! */ + {"http-proxy", KEYSERVER_HTTP_PROXY, NULL, /* MUST be the second! */ + N_("override proxy options set for dirmngr")}, {"include-revoked",0,NULL,N_("include revoked keys in search results")}, {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")}, - {"http-proxy", KEYSERVER_HTTP_PROXY, NULL, - N_("override proxy options set for dirmngr")}, {"timeout", KEYSERVER_TIMEOUT, NULL, N_("override timeout options set for dirmngr")}, {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL, @@ -124,8 +124,9 @@ static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs, static size_t max_cert_size=DEFAULT_MAX_CERT_SIZE; + static void -warn_kshelper_option(char *option) +warn_kshelper_option(char *option, int noisy) { char *p; @@ -139,9 +140,12 @@ warn_kshelper_option(char *option) else if (!strcmp (option, "check-cert") || !strcmp (option, "broken-http-proxy")) log_info ("keyserver option '%s' is obsolete\n", option); + else if (noisy || opt.verbose) + log_info ("keyserver option '%s' is unknown\n", option); } +/* Called from main to parse the args for --keyserver-options. */ int parse_keyserver_options(char *options) { @@ -150,6 +154,7 @@ parse_keyserver_options(char *options) char *max_cert=NULL; keyserver_opts[0].value=&max_cert; + keyserver_opts[1].value=&opt.keyserver_options.http_proxy; while((tok=optsep(&options))) { @@ -166,7 +171,7 @@ parse_keyserver_options(char *options) { /* All of the standard options have failed, so the option was destined for a keyserver plugin as used by GnuPG < 2.1 */ - warn_kshelper_option (tok); + warn_kshelper_option (tok, 1); } } @@ -259,7 +264,7 @@ parse_keyserver_uri (const char *string,int require_scheme) options++; while((tok=optsep(&options))) - warn_kshelper_option (tok); + warn_kshelper_option (tok, 0); } /* Get the scheme */ diff --git a/g10/options.h b/g10/options.h index 75032a5..465c5b2 100644 --- a/g10/options.h +++ b/g10/options.h @@ -148,6 +148,7 @@ struct unsigned int options; unsigned int import_options; unsigned int export_options; + char *http_proxy; } keyserver_options; int exec_disable; int exec_path_set; commit 54e55149f2af96eff08bfd6f70ef13d007fb58c7 Author: Werner Koch Date: Tue Apr 21 19:27:22 2015 +0200 common: Make proper use of http proxy parameter. * common/http.c (is_hostname_port): New. (send_request): Fix proxy name parsing. -- Signed-off-by: Werner Koch diff --git a/common/http.c b/common/http.c index 118e3b0..c2cac16 100644 --- a/common/http.c +++ b/common/http.c @@ -2,7 +2,7 @@ * Copyright (C) 1999, 2001, 2002, 2003, 2004, 2006, 2009, 2010, * 2011 Free Software Foundation, Inc. * Copyright (C) 2014 Werner Koch - * Copyright (C) 2015 g10 Code GmbH + * Copyright (C) 2015 g10 Code GmbH * * This file is part of GnuPG. * @@ -1394,6 +1394,33 @@ parse_tuple (char *string) } +/* Return true if STRING is likely "hostname:port" or only "hostname". */ +static int +is_hostname_port (const char *string) +{ + int colons = 0; + + if (!string || !*string) + return 0; + for (; *string; string++) + { + if (*string == ':') + { + if (colons) + return 0; + if (!string[1]) + return 0; + colons++; + } + else if (!colons && strchr (" \t\f\n\v_@[]/", *string)) + return 0; /* Invalid characters in hostname. */ + else if (colons && !digitp (string)) + return 0; /* Not a digit in the port. */ + } + return 1; +} + + /* * Send a HTTP request to the server * Returns 0 if the request was successful @@ -1474,8 +1501,26 @@ send_request (http_t hd, const char *httphost, const char *auth, if (proxy) http_proxy = proxy; - err = parse_uri (&uri, http_proxy, 0, - !!(hd->flags & HTTP_FLAG_FORCE_TLS)); + err = parse_uri (&uri, http_proxy, 1, 0); + if (gpg_err_code (err) == GPG_ERR_INV_URI + && is_hostname_port (http_proxy)) + { + /* Retry assuming a "hostname:port" string. */ + char *tmpname = strconcat ("http://", http_proxy, NULL); + if (tmpname && !parse_uri (&uri, tmpname, 0, 0)) + err = 0; + xfree (tmpname); + } + + if (err) + ; + else if (!strcmp (uri->scheme, "http") || !strcmp (uri->scheme, "socks4")) + ; + else if (!strcmp (uri->scheme, "socks5h")) + err = gpg_err_make (default_errsource, GPG_ERR_NOT_IMPLEMENTED); + else + err = gpg_err_make (default_errsource, GPG_ERR_INV_URI); + if (err) { log_error ("invalid HTTP proxy (%s): %s\n", commit a0dead5edce07838cf5ff3ec7205a3bff2a6ef70 Author: Werner Koch Date: Tue Apr 21 17:14:53 2015 +0200 dirmngr: Add http proxy support for keyservers. * dirmngr/dirmngr.h (server_control_s): Add field http_proxy. * dirmngr/dirmngr.c (dirmngr_init_default_ctrl): Copy http_proxy value from OPT. (dirmngr_deinit_default_ctrl): New. (main): Call dirmngr_deinit_default_ctrl. * dirmngr/server.c (start_command_handler): Ditto. (option_handler): Add option "http-proxy". * dirmngr/crlfetch.c (crl_fetch): Take http_proxy from CTRL. * dirmngr/ocsp.c (do_ocsp_request): Ditto. * dirmngr/ks-engine-hkp.c (send_request): Add proxy support. * dirmngr/ks-engine-http.c (ks_http_fetch): Ditto. Signed-off-by: Werner Koch diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c index 2c4a247..3b3916a 100644 --- a/dirmngr/crlfetch.c +++ b/dirmngr/crlfetch.c @@ -157,10 +157,6 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader) char *free_this = NULL; int redirects_left = 2; /* We allow for 2 redirect levels. */ -#ifndef USE_LDAP - (void)ctrl; -#endif - *reader = NULL; if (!url) @@ -202,7 +198,7 @@ crl_fetch (ctrl_t ctrl, const char *url, ksba_reader_t *reader) err = http_open_document (&hd, url, NULL, (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0) |(DBG_LOOKUP? HTTP_FLAG_LOG_RESP:0), - opt.http_proxy, NULL, NULL, NULL); + ctrl->http_proxy, NULL, NULL, NULL); switch ( err? 99999 : http_get_status_code (hd) ) { diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 4c17c8c..437c6eb 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -1277,6 +1277,7 @@ main (int argc, char **argv) for (; !rc && argc; argc--, argv++) rc = crl_cache_load (&ctrlbuf, *argv); } + dirmngr_deinit_default_ctrl (&ctrlbuf); } else if (cmd == aFetchCRL) { @@ -1306,6 +1307,7 @@ main (int argc, char **argv) argv[0], gpg_strerror (rc)); crl_close_reader (reader); } + dirmngr_deinit_default_ctrl (&ctrlbuf); } else if (cmd == aFlush) { @@ -1465,9 +1467,18 @@ dirmngr_exit (int rc) void dirmngr_init_default_ctrl (ctrl_t ctrl) { - (void)ctrl; + if (opt.http_proxy) + ctrl->http_proxy = xstrdup (opt.http_proxy); +} + - /* Nothing for now. */ +void +dirmngr_deinit_default_ctrl (ctrl_t ctrl) +{ + if (!ctrl) + return; + xfree (ctrl->http_proxy); + ctrl->http_proxy = NULL; } diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h index 56abc86..4f037e7 100644 --- a/dirmngr/dirmngr.h +++ b/dirmngr/dirmngr.h @@ -99,7 +99,7 @@ struct int disable_http; /* Do not use HTTP at all. */ int disable_ldap; /* Do not use LDAP at all. */ int honor_http_proxy; /* Honor the http_proxy env variable. */ - const char *http_proxy; /* Use given HTTP proxy. */ + const char *http_proxy; /* The default HTTP proxy. */ const char *ldap_proxy; /* Use given LDAP proxy. */ int only_ldap_proxy; /* Only use the LDAP proxy; no fallback. */ int ignore_http_dp; /* Ignore HTTP CRL distribution points. */ @@ -174,12 +174,14 @@ struct server_control_s response. */ int audit_events; /* Send audit events to client. */ + char *http_proxy; /* The used http_proxy or NULL. */ }; /*-- dirmngr.c --*/ void dirmngr_exit( int ); /* Wrapper for exit() */ void dirmngr_init_default_ctrl (ctrl_t ctrl); +void dirmngr_deinit_default_ctrl (ctrl_t ctrl); void dirmngr_sighup_action (void); diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index fcdd71e..a010411 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -965,8 +965,8 @@ send_request (ctrl_t ctrl, const char *request, const char *hostportstr, request, httphost, /* fixme: AUTH */ NULL, - httpflags, - /* fixme: proxy*/ NULL, + (httpflags | (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)), + ctrl->http_proxy, session, NULL, /*FIXME curl->srvtag*/NULL); diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c index e4c2b78..13e51c6 100644 --- a/dirmngr/ks-engine-http.c +++ b/dirmngr/ks-engine-http.c @@ -77,8 +77,8 @@ ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp) url, /* httphost */ NULL, /* fixme: AUTH */ NULL, - 0, - /* fixme: proxy*/ NULL, + (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0), + ctrl->http_proxy, session, NULL, /*FIXME curl->srvtag*/NULL); diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index f8c437d..8971b9f 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -166,7 +166,7 @@ do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, once_more: err = http_open (&http, HTTP_REQ_POST, url, NULL, NULL, (opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0), - opt.http_proxy, NULL, NULL, NULL); + ctrl->http_proxy, NULL, NULL, NULL); if (err) { log_error (_("error connecting to '%s': %s\n"), url, gpg_strerror (err)); diff --git a/dirmngr/server.c b/dirmngr/server.c index 3e6d99d..c0f63ac 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -582,6 +582,7 @@ static gpg_error_t option_handler (assuan_context_t ctx, const char *key, const char *value) { ctrl_t ctrl = assuan_get_pointer (ctx); + gpg_error_t err = 0; if (!strcmp (key, "force-crl-refresh")) { @@ -593,12 +594,21 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) int i = *value? atoi (value) : 0; ctrl->audit_events = i; } + else if (!strcmp (key, "http-proxy")) + { + xfree (ctrl->http_proxy); + if (!*value || !strcmp (value, "none")) + ctrl->http_proxy = NULL; + else if (!(ctrl->http_proxy = xtrystrdup (value))) + err = gpg_error_from_syserror (); + } else - return gpg_error (GPG_ERR_UNKNOWN_OPTION); + err = gpg_error (GPG_ERR_UNKNOWN_OPTION); - return 0; + return err; } + static const char hlp_ldapserver[] = "LDAPSERVER \n" "\n" @@ -1633,7 +1643,7 @@ static const char hlp_ks_get[] = "\n" "Get the keys matching PATTERN from the configured OpenPGP keyservers\n" "(see command KEYSERVER). Each pattern should be a keyid, a fingerprint,\n" - "or an exact name indicastes by the '=' prefix."; + "or an exact name indicated by the '=' prefix."; static gpg_error_t cmd_ks_get (assuan_context_t ctx, char *line) { @@ -2096,6 +2106,7 @@ start_command_handler (assuan_fd_t fd) { release_ctrl_ocsp_certs (ctrl); xfree (ctrl->server_local); + dirmngr_deinit_default_ctrl (ctrl); xfree (ctrl); } } commit 727fe4f8d7d5fc3eac0b0aa6fafa4a314686d7dc Author: Werner Koch Date: Tue Apr 21 15:46:13 2015 +0200 gpg: Do not use honor-keyserver-url sub-option by default. diff --git a/doc/gpg.texi b/doc/gpg.texi index 899c6b8..2e72309 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1586,12 +1586,14 @@ are available for all keyserver types, some common options are: keyserver URL, then use that preferred keyserver to refresh the key from. In addition, if auto-key-retrieve is set, and the signature being verified has a preferred keyserver URL, then use that preferred - keyserver to fetch the key from. Defaults to yes. + keyserver to fetch the key from. Note that this option introduces a + "web bug": The creator of the key can see when the keys is + refreshed. Thus this option is not enabled by default. @item honor-pka-record If auto-key-retrieve is set, and the signature being verified has a PKA record, then use the PKA information to fetch the key. Defaults - to yes. + to "yes". @item include-subkeys When receiving a key, include subkeys as potential targets. Note that diff --git a/g10/gpg.c b/g10/gpg.c index aec6e80..13d6884 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2128,8 +2128,7 @@ main (int argc, char **argv) opt.export_options = EXPORT_ATTRIBUTES; opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG; opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; - opt.keyserver_options.options = (KEYSERVER_HONOR_KEYSERVER_URL - | KEYSERVER_HONOR_PKA_RECORD ); + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; opt.verify_options = (LIST_SHOW_UID_VALIDITY | VERIFY_SHOW_POLICY_URLS | VERIFY_SHOW_STD_NOTATIONS commit ae0d65f86413a82a40cf68e08aaeca405eee8c78 Author: Werner Koch Date: Tue Apr 21 15:36:30 2015 +0200 gpg: Make preferred keyservers work. * g10/call-dirmngr.c (dirmngr_local_s): Add field set_keyservers_done. (create_context): Move keyserver setting to ... (open_context): here. (clear_context_flags): New. (gpg_dirmngr_ks_get): Add arg override_keyserver. * g10/keyserver.c (keyserver_refresh): Improve diagnostics. (keyserver_get_chunk): Ditto. Pass OVERRIDE_KEYSERVER to ks_get. -- It used to ignore the given server but showed a diagnostics that it will be used. diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index ef4ca76..26955ab 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -94,6 +94,9 @@ struct dirmngr_local_s /* The active Assuan context. */ assuan_context_t ctx; + /* Flag set when the keyserver names have been send. */ + int set_keyservers_done; + /* Flag set to true while an operation is running on CTX. */ int is_active; }; @@ -145,32 +148,9 @@ create_context (ctrl_t ctrl, assuan_context_t *r_ctx) } else if (!err) { - keyserver_spec_t ksi; - /* Tell the dirmngr that we want to collect audit event. */ /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */ /* NULL, NULL, NULL, NULL, NULL, NULL); */ - - /* Set all configured keyservers. We clear existing keyservers - so that any keyserver configured in GPG overrides keyservers - possibly still configured in Dirmngr for the session (Note - that the keyserver list of a session in Dirmngr survives a - RESET. */ - for (ksi = opt.keyserver; !err && ksi; ksi = ksi->next) - { - char *line; - - line = xtryasprintf ("KEYSERVER%s %s", - ksi == opt.keyserver? " --clear":"", ksi->uri); - if (!line) - err = gpg_error_from_syserror (); - else - { - err = assuan_transact (ctx, line, - NULL, NULL, NULL, NULL, NULL, NULL); - xfree (line); - } - } } if (err) @@ -205,7 +185,42 @@ open_context (ctrl_t ctrl, assuan_context_t *r_ctx) { /* Found an inactive local session - return that. */ assert (!dml->is_active); + + /* But first do the per session init if not yet done. */ + if (!dml->set_keyservers_done) + { + keyserver_spec_t ksi; + + /* Set all configured keyservers. We clear existing + keyservers so that any keyserver configured in GPG + overrides keyservers possibly still configured in Dirmngr + for the session (Note that the keyserver list of a + session in Dirmngr survives a RESET. */ + for (ksi = opt.keyserver; ksi; ksi = ksi->next) + { + char *line; + + line = xtryasprintf + ("KEYSERVER%s %s", + ksi == opt.keyserver? " --clear":"", ksi->uri); + if (!line) + err = gpg_error_from_syserror (); + else + { + err = assuan_transact (dml->ctx, line, NULL, NULL, NULL, + NULL, NULL, NULL); + xfree (line); + } + + if (err) + return err; + } + + dml->set_keyservers_done = 1; + } + dml->is_active = 1; + *r_ctx = dml->ctx; return 0; } @@ -219,6 +234,7 @@ open_context (ctrl_t ctrl, assuan_context_t *r_ctx) xfree (dml); return err; } + /* To be on the nPth thread safe site we need to add it to a list; this is far easier than to have a lock for this function. It should not happen anyway but the code is free @@ -253,6 +269,29 @@ close_context (ctrl_t ctrl, assuan_context_t ctx) } +/* Clear the set_keyservers_done flag on context CTX. */ +static void +clear_context_flags (ctrl_t ctrl, assuan_context_t ctx) +{ + dirmngr_local_t dml; + + if (!ctx) + return; + + for (dml = ctrl->dirmngr_local; dml; dml = dml->next) + { + if (dml->ctx == ctx) + { + if (!dml->is_active) + log_fatal ("clear_context_flags on inactive dirmngr ctx %p\n", ctx); + dml->set_keyservers_done = 0; + return; + } + } + log_fatal ("clear_context_flags on unknown dirmngr ctx %p\n", ctx); +} + + /* Status callback for ks_get and ks_search. */ static gpg_error_t @@ -453,6 +492,7 @@ ks_get_data_cb (void *opaque, const void *data, size_t datalen) are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */ gpg_error_t gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern, + keyserver_spec_t override_keyserver, estream_t *r_fp, char **r_source) { gpg_error_t err; @@ -475,6 +515,27 @@ gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern, if (err) return err; + /* If we have an override keyserver we first indicate that the next + user of the context needs to again setup the global keyservers and + them we send the override keyserver. */ + if (override_keyserver) + { + clear_context_flags (ctrl, ctx); + line = xtryasprintf ("KEYSERVER --clear %s", override_keyserver->uri); + if (!line) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = assuan_transact (ctx, line, NULL, NULL, NULL, + NULL, NULL, NULL); + if (err) + goto leave; + + xfree (line); + line = NULL; + } + /* Lump all patterns into one string. */ init_membuf (&mb, 1024); put_membuf_str (&mb, "KS_GET --"); diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h index 481b948..bae1123 100644 --- a/g10/call-dirmngr.h +++ b/g10/call-dirmngr.h @@ -25,6 +25,7 @@ gpg_error_t gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr, gpg_error_t (*cb)(void*, int, char *), void *cb_value); gpg_error_t gpg_dirmngr_ks_get (ctrl_t ctrl, char *pattern[], + keyserver_spec_t override_keyserver, estream_t *r_fp, char **r_source); gpg_error_t gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp); diff --git a/g10/keyserver.c b/g10/keyserver.c index 3aed54b..674eb81 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -112,7 +112,7 @@ static struct parse_options keyserver_opts[]= static gpg_error_t keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, - struct keyserver_spec *keyserver, + struct keyserver_spec *override_keyserver, unsigned char **r_fpr, size_t *r_fprlen); static gpg_error_t keyserver_put (ctrl_t ctrl, strlist_t keyspecs, struct keyserver_spec *keyserver); @@ -1394,6 +1394,9 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users) { struct keyserver_spec *keyserver=desc[i].skipfncvalue; + if (!opt.quiet) + log_info (_("refreshing 1 key from %s\n"), keyserver->uri); + /* We use the keyserver structure we parsed out before. Note that a preferred keyserver without a scheme:// will be interpreted as hkp:// */ @@ -1418,7 +1421,7 @@ keyserver_refresh (ctrl_t ctrl, strlist_t users) if(count>0) { - if(opt.keyserver) + if(opt.keyserver && !opt.quiet) { if(count==1) log_info(_("refreshing 1 key from %s\n"),opt.keyserver->uri); @@ -1556,7 +1559,7 @@ static gpg_error_t keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, int *r_ndesc_used, void *stats_handle, - struct keyserver_spec *keyserver, + struct keyserver_spec *override_keyserver, unsigned char **r_fpr, size_t *r_fprlen) { @@ -1672,15 +1675,15 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, return err; } - if (!quiet && keyserver) + if (!quiet && override_keyserver) { - if (keyserver->host) + if (override_keyserver->host) log_info (_("requesting key %s from %s server %s\n"), keystr_from_desc (&desc[idx]), - keyserver->scheme, keyserver->host); + override_keyserver->scheme, override_keyserver->host); else log_info (_("requesting key %s from %s\n"), - keystr_from_desc (&desc[idx]), keyserver->uri); + keystr_from_desc (&desc[idx]), override_keyserver->uri); } } @@ -1688,7 +1691,8 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, this is different from NPAT. */ *r_ndesc_used = idx; - err = gpg_dirmngr_ks_get (ctrl, pattern, &datastream, &source); + err = gpg_dirmngr_ks_get (ctrl, pattern, override_keyserver, + &datastream, &source); for (idx=0; idx < npat; idx++) xfree (pattern[idx]); xfree (pattern); @@ -1728,12 +1732,12 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, /* Retrieve a key from a keyserver. The search pattern are in (DESC,NDESC). Allowed search modes are keyid, fingerprint, and - exact searches. KEYSERVER gives an optional override keyserver. If - (R_FPR,R_FPRLEN) are not NULL, they may return the fingerprint of a - single imported key. */ + exact searches. OVERRIDE_KEYSERVER gives an optional override + keyserver. If (R_FPR,R_FPRLEN) are not NULL, they may return the + fingerprint of a single imported key. */ static gpg_error_t keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, - struct keyserver_spec *keyserver, + struct keyserver_spec *override_keyserver, unsigned char **r_fpr, size_t *r_fprlen) { gpg_error_t err; @@ -1746,7 +1750,7 @@ keyserver_get (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc, for (;;) { err = keyserver_get_chunk (ctrl, desc, ndesc, &ndesc_used, stats_handle, - keyserver, r_fpr, r_fprlen); + override_keyserver, r_fpr, r_fprlen); if (!err) any_good = 1; if (err || ndesc_used >= ndesc) commit da1990bac71f6447d8ebd169c3b3b186e9f287d9 Author: Werner Koch Date: Tue Apr 21 10:15:04 2015 +0200 gpg: Update sub-options of --keyserver-options * g10/options.h (KEYSERVER_HTTP_PROXY): New. (KEYSERVER_USE_TEMP_FILES, KEYSERVER_KEEP_TEMP_FILES): Remove. (KEYSERVER_TIMEOUT): New. * common/keyserver.h (KEYSERVER_TIMEOUT): Remove. * g10/keyserver.c (keyserver_opts): Remove obsolete "use-temp-files" and "keep-temp-files". Add "http-proxy" and "timeout". (parse_keyserver_options): Remove 1.2 compatibility option "honor-http_proxy". Remove "use-temp-files" and "keep-temp-files" code. -- Note that many of these options where implicitly used by passing any unknown option down to the former keyserver helpers. The don't exist anymore thus we need to make them explicit. Another patch will convey them to dirmngr. Temp files are not anymore used thus they can be removed and will be ignored when used. Signed-off-by: Werner Koch diff --git a/common/keyserver.h b/common/keyserver.h index d286f7d..d56b4f4 100644 --- a/common/keyserver.h +++ b/common/keyserver.h @@ -34,7 +34,6 @@ #define KEYSERVER_KEY_EXISTS 7 /* key already exists */ #define KEYSERVER_KEY_INCOMPLETE 8 /* key incomplete (EOF) */ #define KEYSERVER_UNREACHABLE 9 /* unable to contact keyserver */ -#define KEYSERVER_TIMEOUT 10 /* timeout while accessing keyserver */ /* Must be 127 due to shell internal magic. */ #define KEYSERVER_SCHEME_NOT_FOUND 127 diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 6c413de..cf35c47 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -269,7 +269,7 @@ value to access HTTP servers. @item --http-proxy @var{host}[:@var{port}] @opindex http-proxy Use @var{host} and @var{port} to access HTTP servers. The use of this -options overrides the environment variable @env{http_proxy} regardless +option overrides the environment variable @env{http_proxy} regardless whether @option{--honor-http-proxy} has been set. diff --git a/doc/gpg.texi b/doc/gpg.texi index 393cf24..899c6b8 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1545,7 +1545,7 @@ need to send keys to more than one server. The keyserver @code{hkp://keys.gnupg.net} uses round robin DNS to give a different keyserver each time you use it. - at item --keyserver-options @code{name=value1 } + at item --keyserver-options @code{name=value} @opindex keyserver-options This is a space or comma delimited string that gives options for the keyserver. Options can be prefixed with a `no-' to give the opposite @@ -1598,20 +1598,20 @@ are available for all keyserver types, some common options are: this option is not used with HKP keyservers, as they do not support retrieving keys by subkey id. + at ifclear gpgtwoone @item use-temp-files On most Unix-like platforms, GnuPG communicates with the keyserver helper program via pipes, which is the most efficient method. This option forces GnuPG to use temporary files to communicate. On some platforms (such as Win32 and RISC OS), this option is always enabled. + at end ifclear + at ifclear gpgtwoone @item keep-temp-files If using `use-temp-files', do not delete the temp files after using them. This option is useful to learn the keyserver communication protocol by reading the temporary files. - - @item verbose - Tell the keyserver helper program to be more verbose. This option can - be repeated multiple times to increase the verbosity level. + at end ifclear @item timeout Tell the keyserver helper program how long (in seconds) to try and @@ -1622,9 +1622,13 @@ are available for all keyserver types, some common options are: @option{--recv-keys} command as a whole. Defaults to 30 seconds. @item http-proxy=@code{value} - Set the proxy to use for HTTP and HKP keyservers. This overrides the - "http_proxy" environment variable, if any. - + Set the proxy to use for HTTP and HKP keyservers. + at ifset gpgtwoone +This overrides any proxy defined in @file{dirmngr.conf}. + at end ifset + at ifclear gpgtwoone +This overrides the "http_proxy" environment variable, if any. + at end ifclear @ifclear gpgtwoone @item max-cert-size @@ -1632,26 +1636,42 @@ are available for all keyserver types, some common options are: Defaults to 16384 bytes. @end ifclear + @item verbose + at ifset gpgtwoone +This option has no more function since GnuPG 2.1. Use the + at code{dirmngr} configuration options instead. + at end ifset + at ifclear gpgtwoone +Tell the keyserver helper program to be more verbose. This option can +be repeated multiple times to increase the verbosity level. + at end ifclear + @item debug - Turn on debug output in the keyserver helper program. Note that the - details of debug output depends on which keyserver helper program is - being used, and in turn, on any libraries that the keyserver helper - program uses internally (libcurl, openldap, etc). + at ifset gpgtwoone +This option has no more function since GnuPG 2.1. Use the + at code{dirmngr} configuration options instead. + at end ifset + at ifclear gpgtwoone +Turn on debug output in the keyserver helper program. Note that the +details of debug output depends on which keyserver helper program is +being used, and in turn, on any libraries that the keyserver helper +program uses internally (libcurl, openldap, etc). + at end ifclear @item check-cert @ifset gpgtwoone - This option has no more function since GnuPG 2.1. Use the - @code{dirmngr} configuration options instead. +This option has no more function since GnuPG 2.1. Use the + at code{dirmngr} configuration options instead. @end ifset @ifclear gpgtwoone - Enable certificate checking if the keyserver presents one (for hkps or - ldaps). Defaults to on. +Enable certificate checking if the keyserver presents one (for hkps or +ldaps). Defaults to on. @end ifclear @item ca-cert-file @ifset gpgtwoone - This option has no more function since GnuPG 2.1. Use the - @code{dirmngr} configuration options instead. +This option has no more function since GnuPG 2.1. Use the + at code{dirmngr} configuration options instead. @end ifset @ifclear gpgtwoone Provide a certificate store to override the system default. Only diff --git a/g10/keyserver.c b/g10/keyserver.c index 7cac55e..3aed54b 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -91,13 +91,14 @@ static struct parse_options keyserver_opts[]= { /* some of these options are not real - just for the help message */ - {"max-cert-size",0,NULL,NULL}, + {"max-cert-size",0,NULL,NULL}, /* MUST be the first in this array! */ + {"include-revoked",0,NULL,N_("include revoked keys in search results")}, {"include-subkeys",0,NULL,N_("include subkeys when searching by key ID")}, - {"use-temp-files",0,NULL, - N_("use temporary files to pass data to keyserver helpers")}, - {"keep-temp-files",KEYSERVER_KEEP_TEMP_FILES,NULL, - N_("do not delete temporary files after using them")}, + {"http-proxy", KEYSERVER_HTTP_PROXY, NULL, + N_("override proxy options set for dirmngr")}, + {"timeout", KEYSERVER_TIMEOUT, NULL, + N_("override timeout options set for dirmngr")}, {"refresh-add-fake-v3-keyids",KEYSERVER_ADD_FAKE_V3,NULL, NULL}, {"auto-key-retrieve",KEYSERVER_AUTO_KEY_RETRIEVE,NULL, @@ -155,37 +156,13 @@ parse_keyserver_options(char *options) if(tok[0]=='\0') continue; - /* For backwards compatibility. 1.2.x used honor-http-proxy and - there are a good number of documents published that recommend - it. */ - if(ascii_strcasecmp(tok,"honor-http-proxy")==0) - tok="http-proxy"; - else if(ascii_strcasecmp(tok,"no-honor-http-proxy")==0) - tok="no-http-proxy"; - /* We accept quite a few possible options here - some options to handle specially, the keyserver_options list, and import and - export options that pertain to keyserver operations. Note - that you must use strncasecmp here as there might be an - =argument attached which will foil the use of strcasecmp. */ - -#ifdef EXEC_TEMPFILE_ONLY - if(ascii_strncasecmp(tok,"use-temp-files",14)==0 || - ascii_strncasecmp(tok,"no-use-temp-files",17)==0) - log_info(_("WARNING: keyserver option '%s' is not used" - " on this platform\n"),tok); -#else - if(ascii_strncasecmp(tok,"use-temp-files",14)==0) - opt.keyserver_options.options|=KEYSERVER_USE_TEMP_FILES; - else if(ascii_strncasecmp(tok,"no-use-temp-files",17)==0) - opt.keyserver_options.options&=~KEYSERVER_USE_TEMP_FILES; -#endif - else if(!parse_options(tok,&opt.keyserver_options.options, - keyserver_opts,0) - && !parse_import_options(tok, - &opt.keyserver_options.import_options,0) - && !parse_export_options(tok, - &opt.keyserver_options.export_options,0)) + export options that pertain to keyserver operations. */ + + if (!parse_options (tok,&opt.keyserver_options.options, keyserver_opts,0) + && !parse_import_options(tok,&opt.keyserver_options.import_options,0) + && !parse_export_options(tok,&opt.keyserver_options.export_options,0)) { /* All of the standard options have failed, so the option was destined for a keyserver plugin as used by GnuPG < 2.1 */ @@ -204,6 +181,7 @@ parse_keyserver_options(char *options) return ret; } + void free_keyserver_spec(struct keyserver_spec *keyserver) { diff --git a/g10/options.h b/g10/options.h index 6c96d18..75032a5 100644 --- a/g10/options.h +++ b/g10/options.h @@ -361,8 +361,8 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; #define VERIFY_PKA_TRUST_INCREASE (1<<8) #define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9) -#define KEYSERVER_USE_TEMP_FILES (1<<0) -#define KEYSERVER_KEEP_TEMP_FILES (1<<1) +#define KEYSERVER_HTTP_PROXY (1<<0) +#define KEYSERVER_TIMEOUT (1<<1) #define KEYSERVER_ADD_FAKE_V3 (1<<2) #define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3) #define KEYSERVER_HONOR_KEYSERVER_URL (1<<4) ----------------------------------------------------------------------- Summary of changes: common/http.c | 51 +++++++++++++++++++++-- common/keyserver.h | 1 - dirmngr/crlfetch.c | 6 +-- dirmngr/dirmngr.c | 15 ++++++- dirmngr/dirmngr.h | 4 +- dirmngr/ks-engine-hkp.c | 4 +- dirmngr/ks-engine-http.c | 4 +- dirmngr/ocsp.c | 2 +- dirmngr/server.c | 17 ++++++-- doc/dirmngr.texi | 2 +- doc/gpg.texi | 62 +++++++++++++++++++--------- g10/call-dirmngr.c | 104 ++++++++++++++++++++++++++++++++++++++++------- g10/call-dirmngr.h | 1 + g10/gpg.c | 3 +- g10/keyserver.c | 87 +++++++++++++++++---------------------- g10/options.h | 5 ++- 16 files changed, 259 insertions(+), 109 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 23 03:58:26 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 23 Apr 2015 03:58:26 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-15-ga7264e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a7264e3a6a83189a9e43edf5e99f5ac7ee42a2ab (commit) from c4d98734c5df39f57a71f0ec1c0c80e82ff08508 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a7264e3a6a83189a9e43edf5e99f5ac7ee42a2ab Author: NIIBE Yutaka Date: Thu Apr 23 10:51:33 2015 +0900 common: removal of t-support.c from t_jnlib_src. * common/Makefile.am (t_jnlib_src): Remove t-support.c. -- Since test programs are linked to libgcrypt and libgpg-error, there is no need to include t-support.c. GnuPG-bug-id: 1862, 1915 diff --git a/common/Makefile.am b/common/Makefile.am index 51923e8..4493ae7 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -171,7 +171,7 @@ endif # # Module tests # -t_jnlib_src = t-support.c t-support.h +t_jnlib_src = t-support.h jnlib_tests = t-stringhelp t-timestuff if HAVE_W32_SYSTEM jnlib_tests += t-w32-reg ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 23 16:06:34 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Apr 2015 16:06:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-17-g154f3ed Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 154f3ed2bf64de801ae0f9796338a2767ec6357b (commit) via ce11cc39ea7e011040debc9339a2310a714efe7e (commit) from a7264e3a6a83189a9e43edf5e99f5ac7ee42a2ab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 154f3ed2bf64de801ae0f9796338a2767ec6357b Author: Werner Koch Date: Thu Apr 23 15:42:56 2015 +0200 gpg: Move all DNS access to Dirmngr. * common/dns-cert.h: Move to ../dirmngr/. * common/dns-cert.c: Move to ../dirmngr/. Change args to return the key as a buffer. * common/t-dns-cert.c: Move to ../dirmngr/. * common/pka.c, common/pka.h, common/t-pka.c: Remove. * dirmngr/server.c (data_line_cookie_write): Factor code out to data_line_write and make it a wrapper for that. (data_line_write): New. (cmd_dns_cert): New. (register_commands): Register new command. * g10/Makefile.am (LDADD): Remove DNSLIBS. * g10/call-dirmngr.c (dns_cert_parm_s): New. (dns_cert_data_cb, dns_cert_status_cb): New. (gpg_dirmngr_dns_cert): New. (gpg_dirmngr_get_pka): New. * g10/gpgv.c (gpg_dirmngr_get_pka): New dummy function. * g10/keyserver.c (keyserver_import_cert): Replace get_dns_cert by gpg_dirmngr_dns_cert. (keyserver_import_pka): Replace get_pka_info by gpg_dirmngr_get_pka. * g10/mainproc.c: Include call-dirmngr.h. (pka_uri_from_sig): Add CTX arg. Replace get_pka_info by gpg_dirmngr_get_pka. -- With this patch gpg does not do any network access itself but uses dirmngr for that. Note that we need to keep linking to NETLIBS due to the logging code and because we need TCP for our socket emulation under Windows. Probably also required for Solaris etc. Signed-off-by: Werner Koch diff --git a/common/Makefile.am b/common/Makefile.am index 4493ae7..d137df8 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -87,8 +87,6 @@ common_sources = \ signal.c \ audit.c audit.h \ srv.h \ - dns-cert.c dns-cert.h \ - pka.c pka.h \ localename.c \ session-env.c session-env.h \ userids.c userids.h \ @@ -177,8 +175,8 @@ if HAVE_W32_SYSTEM jnlib_tests += t-w32-reg endif module_tests = t-convert t-percent t-gettime t-sysutils t-sexputil \ - t-session-env t-openpgp-oid t-ssh-utils t-dns-cert \ - t-pka t-mapstrings t-zb32 t-mbox-util + t-session-env t-openpgp-oid t-ssh-utils \ + t-mapstrings t-zb32 t-mbox-util if !HAVE_W32CE_SYSTEM module_tests += t-exechelp endif @@ -221,8 +219,6 @@ t_exechelp_LDADD = $(t_common_ldadd) t_session_env_LDADD = $(t_common_ldadd) t_openpgp_oid_LDADD = $(t_common_ldadd) t_ssh_utils_LDADD = $(t_common_ldadd) -t_dns_cert_LDADD = $(t_common_ldadd) $(DNSLIBS) -t_pka_LDADD = $(t_common_ldadd) $(DNSLIBS) t_mapstrings_LDADD = $(t_common_ldadd) t_zb32_LDADD = $(t_common_ldadd) t_mbox_util_LDADD = $(t_common_ldadd) diff --git a/common/pka.c b/common/pka.c deleted file mode 100644 index 1aa5b33..0000000 --- a/common/pka.c +++ /dev/null @@ -1,107 +0,0 @@ -/* pka.c - DNS Public Key Association RR access - * Copyright (C) 2005, 2009 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include - -#include -#include -#include - -#include "util.h" -#include "mbox-util.h" -#include "dns-cert.h" -#include "pka.h" - - -/* For the given email ADDRESS lookup the PKA information in the DNS. - - On success the fingerprint is stored at FPRBUF and the URI will be - returned in an allocated buffer. Note that the URI might be a zero - length string as this information is optional. Caller must xfree - the returned string. FPRBUFLEN gives the size of the expected - fingerprint (usually 20). - - On error NULL is returned and the FPRBUF is not defined. */ -char * -get_pka_info (const char *address, void *fprbuf, size_t fprbuflen) -{ - char *result = NULL; - char *mbox; - char *domain; /* Points to mbox. */ - char hashbuf[20]; - char *hash = NULL; - char *name = NULL; - unsigned char *fpr = NULL; - size_t fpr_len; - char *url = NULL; - - mbox = mailbox_from_userid (address); - if (!mbox) - goto leave; - domain = strchr (mbox, '@'); - if (!domain) - goto leave; - *domain++ = 0; - - gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox)); - hash = zb32_encode (hashbuf, 8*20); - if (!hash) - goto leave; - name = strconcat (hash, "._pka.", domain, NULL); - if (!name) - goto leave; - - if (get_dns_cert (name, DNS_CERTTYPE_IPGP, NULL, &fpr, &fpr_len, &url)) - goto leave; - if (!fpr) - goto leave; - - /* Return the fingerprint. */ - if (fpr_len != fprbuflen) - { - /* fprintf (stderr, "get_dns_cert failed: fprlen (%zu/%zu)\n", */ - /* fpr_len, fprbuflen); */ - goto leave; - } - memcpy (fprbuf, fpr, fpr_len); - - /* We return the URL or an empty string. */ - if (!url) - url = xtrycalloc (1, 1); - result = url; - url = NULL; - - leave: - xfree (fpr); - xfree (url); - xfree (name); - xfree (hash); - xfree (mbox); - return result; -} diff --git a/common/pka.h b/common/pka.h deleted file mode 100644 index 93a4eb3..0000000 --- a/common/pka.h +++ /dev/null @@ -1,35 +0,0 @@ -/* pka.h - DNS Public Key Association RR access definitions - * Copyright (C) 2006 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * This file is free software; you can redistribute it and/or modify - * it under the terms of either - * - * - the GNU Lesser General Public License as published by the Free - * Software Foundation; either version 3 of the License, or (at - * your option) any later version. - * - * or - * - * - the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * or both in parallel, as here. - * - * This file is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ -#ifndef GNUPG_COMMON_PKA_H -#define GNUPG_COMMON_PKA_H - -char *get_pka_info (const char *address, void *fprbuf, size_t fprbuflen); - - -#endif /*GNUPG_COMMON_PKA_H*/ diff --git a/common/t-pka.c b/common/t-pka.c deleted file mode 100644 index 7c4d7c3..0000000 --- a/common/t-pka.c +++ /dev/null @@ -1,72 +0,0 @@ -/* t-pak.c - Module test for pka.c - * Copyright (C) 2015 Werner Koch - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include -#include -#include -#include - -#include "util.h" -#include "pka.h" - - -int -main (int argc, char **argv) -{ - unsigned char fpr[20]; - char *url; - char const *name; - int i; - - if (argc) - { - argc--; - argv++; - } - - if (!argc) - name = "wk at gnupg.org"; - else if (argc == 1) - name = *argv; - else - { - fputs ("usage: t-pka [userid]\n", stderr); - return 1; - } - - printf ("User id ...: %s\n", name); - - url = get_pka_info (name, fpr, sizeof fpr); - printf ("Fingerprint: "); - if (url) - { - for (i = 0; i < sizeof fpr; i++) - printf ("%02X", fpr[i]); - } - else - printf ("[not found]"); - - putchar ('\n'); - - printf ("URL .......: %s\n", (url && *url)? url : "[none]"); - - xfree (url); - - return 0; -} diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 906fe37..cee777a 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -61,6 +61,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \ certcache.c certcache.h \ cdb.h cdblib.c misc.c dirmngr-err.h \ ocsp.c ocsp.h validate.c validate.h \ + dns-cert.c dns-cert.h \ ks-action.c ks-action.h ks-engine.h \ ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c @@ -113,7 +114,7 @@ t_common_ldadd = $(libcommontls) $(libcommon) no-libgcrypt.o \ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) \ $(DNSLIBS) $(LIBINTL) $(LIBICONV) -module_tests = +module_tests = t-dns-cert if USE_LDAP module_tests += t-ldap-parse-uri @@ -124,4 +125,7 @@ t_ldap_parse_uri_SOURCES = \ $(ldap_url) $(t_common_src) t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) +t_dns_cert_SOURCES = t-dns-cert.c dns-cert.c +t_dns_cert_LDADD = $(t_common_ldadd) + $(PROGRAMS) : $(libcommon) $(libcommonpth) $(libcommontls) $(libcommontlsnpth) diff --git a/common/dns-cert.c b/dirmngr/dns-cert.c similarity index 93% rename from common/dns-cert.c rename to dirmngr/dns-cert.c index 405ca29..de523b5 100644 --- a/common/dns-cert.c +++ b/dirmngr/dns-cert.c @@ -62,7 +62,7 @@ /* Returns 0 on success or an error code. If a PGP CERT record was - found, a new estream with that key will be returned at R_KEY and + found, the malloced data is returned at (R_KEY, R_KEYLEN) and the other return parameters are set to NULL/0. If an IPGP CERT record was found the fingerprint is stored as an allocated block at R_FPR and its length at R_FPRLEN; an URL is is allocated as a @@ -70,10 +70,10 @@ returns the first CERT found with a supported type; it is expected that only one CERT record is used. If WANT_CERTTYPE is one of the supported certtypes only records wih this certtype are considered - and the first found is returned. R_KEY is optional. */ + and the first found is returned. (R_KEY,R_KEYLEN) are optional. */ gpg_error_t get_dns_cert (const char *name, int want_certtype, - estream_t *r_key, + void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, char **r_url) { #ifdef USE_DNS_CERT @@ -86,6 +86,8 @@ get_dns_cert (const char *name, int want_certtype, if (r_key) *r_key = NULL; + if (r_keylen) + *r_keylen = 0; *r_fpr = NULL; *r_fprlen = 0; *r_url = NULL; @@ -130,16 +132,20 @@ get_dns_cert (const char *name, int want_certtype, if (want_certtype && want_certtype != ctype) ; /* Not of the requested certtype. */ - else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11 && r_key) + else if (ctype == DNS_CERTTYPE_PGP && datalen >= 11 && r_key && r_keylen) { /* CERT type is PGP. Gpg checks for a minimum length of 11, thus we do the same. */ - *r_key = es_fopenmem_init (0, "rwb", data, datalen); + *r_key = xtrymalloc (datalen); if (!*r_key) err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); else - err = 0; + { + memcpy (*r_key, data, datalen); + *r_keylen = datalen; + err = 0; + } goto leave; } else if (ctype == DNS_CERTTYPE_IPGP && datalen && datalen < 1023 @@ -200,6 +206,8 @@ get_dns_cert (const char *name, int want_certtype, if (r_key) *r_key = NULL; + if (r_keylen) + *r_keylen = 0; *r_fpr = NULL; *r_fprlen = 0; *r_url = NULL; @@ -294,15 +302,19 @@ get_dns_cert (const char *name, int want_certtype, /* 15 bytes takes us to here */ if (want_certtype && want_certtype != ctype) ; /* Not of the requested certtype. */ - else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key) + else if (ctype == DNS_CERTTYPE_PGP && dlen && r_key && r_keylen) { /* PGP type */ - *r_key = es_fopenmem_init (0, "rwb", pt, dlen); + *r_key = xtrymalloc (dlen); if (!*r_key) err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ()); else - err = 0; + { + memcpy (*r_key, pt, dlen); + *r_keylen = dlen; + err = 0; + } goto leave; } else if (ctype == DNS_CERTTYPE_IPGP @@ -359,6 +371,8 @@ get_dns_cert (const char *name, int want_certtype, (void)name; if (r_key) *r_key = NULL; + if (r_keylen) + *r_keylen = NULL; *r_fpr = NULL; *r_fprlen = 0; *r_url = NULL; diff --git a/common/dns-cert.h b/dirmngr/dns-cert.h similarity index 92% rename from common/dns-cert.h rename to dirmngr/dns-cert.h index 4b49efc..5a579ec 100644 --- a/common/dns-cert.h +++ b/dirmngr/dns-cert.h @@ -26,8 +26,8 @@ * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ -#ifndef GNUPG_COMMON_DNS_CERT_H -#define GNUPG_COMMON_DNS_CERT_H +#ifndef GNUPG_DIRMNGR_DNS_CERT_H +#define GNUPG_DIRMNGR_DNS_CERT_H #define DNS_CERTTYPE_ANY 0 /* Internal catch all type. */ @@ -46,10 +46,10 @@ gpg_error_t get_dns_cert (const char *name, int want_certtype, - estream_t *r_key, + void **r_key, size_t *r_keylen, unsigned char **r_fpr, size_t *r_fprlen, char **r_url); -#endif /*GNUPG_COMMON_DNS_CERT_H*/ +#endif /*GNUPG_DIRMNGR_DNS_CERT_H*/ diff --git a/dirmngr/server.c b/dirmngr/server.c index c0f63ac..df6c66f 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -51,6 +51,8 @@ #if USE_LDAP # include "ldap-parse-uri.h" #endif +#include "dns-cert.h" +#include "mbox-util.h" /* To avoid DoS attacks we limit the size of a certificate to something reasonable. */ @@ -150,13 +152,14 @@ leave_cmd (assuan_context_t ctx, gpg_error_t err) return err; } -/* A write handler used by es_fopencookie to write assuan data - lines. */ -static ssize_t -data_line_cookie_write (void *cookie, const void *buffer_arg, size_t size) + +/* This is a wrapper around assuan_send_data which makes debugging the + output in verbose mode easier. */ +static gpg_error_t +data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size) { - assuan_context_t ctx = cookie; const char *buffer = buffer_arg; + gpg_error_t err; if (opt.verbose && buffer && size) { @@ -169,33 +172,49 @@ data_line_cookie_write (void *cookie, const void *buffer_arg, size_t size) { p = memchr (buffer, '\n', nbytes); n = p ? (p - buffer) + 1 : nbytes; - if (assuan_send_data (ctx, buffer, n)) + err = assuan_send_data (ctx, buffer, n); + if (err) { gpg_err_set_errno (EIO); - return -1; + return err; } buffer += n; nbytes -= n; - if (nbytes && assuan_send_data (ctx, NULL, 0)) /* Flush line. */ + if (nbytes && (err=assuan_send_data (ctx, NULL, 0))) /* Flush line. */ { gpg_err_set_errno (EIO); - return -1; + return err; } } while (nbytes); } else { - if (assuan_send_data (ctx, buffer, size)) + err = assuan_send_data (ctx, buffer, size); + if (err) { - gpg_err_set_errno (EIO); - return -1; + gpg_err_set_errno (EIO); /* For use by data_line_cookie_write. */ + return err; } } - return size; + return 0; } + +/* A write handler used by es_fopencookie to write assuan data + lines. */ +static ssize_t +data_line_cookie_write (void *cookie, const void *buffer, size_t size) +{ + assuan_context_t ctx = cookie; + + if (data_line_write (ctx, buffer, size)) + return -1; + return (ssize_t)size; +} + + static int data_line_cookie_close (void *cookie) { @@ -609,6 +628,149 @@ option_handler (assuan_context_t ctx, const char *key, const char *value) } + +static const char hlp_dns_cert[] = + "DNS_CERT \n" + "DNS_CERT --pka \n" + "\n" + "Return the CERT record for . is one of\n" + " * Return the first record of any supported subtype\n" + " PGP Return the first record of subtype PGP (3)\n" + " IPGP Return the first record of subtype IPGP (6)\n" + "If the content of a certifciate is available (PGP) it is returned\n" + "by data lines. Fingerprints and URLs are returned via status lines.\n" + "In --pka mode the fingerprint and if available an URL is returned."; +static gpg_error_t +cmd_dns_cert (assuan_context_t ctx, char *line) +{ + /* ctrl_t ctrl = assuan_get_pointer (ctx); */ + gpg_error_t err = 0; + int pka_mode; + char *mbox = NULL; + char *namebuf = NULL; + char *encodedhash = NULL; + const char *name; + int certtype; + char *p; + void *key = NULL; + size_t keylen; + unsigned char *fpr = NULL; + size_t fprlen; + char *url = NULL; + + pka_mode = has_option (line, "--pka"); + line = skip_options (line); + if (pka_mode) + ; /* No need to parse here - we do this later. */ + else + { + p = strchr (line, ' '); + if (!p) + { + err = PARM_ERROR ("missing arguments"); + goto leave; + } + *p++ = 0; + if (!strcmp (line, "*")) + certtype = DNS_CERTTYPE_ANY; + else if (!strcmp (line, "IPGP")) + certtype = DNS_CERTTYPE_IPGP; + else if (!strcmp (line, "PGP")) + certtype = DNS_CERTTYPE_PGP; + else + { + err = PARM_ERROR ("unknown subtype"); + goto leave; + } + while (spacep (p)) + p++; + line = p; + if (!*line) + { + err = PARM_ERROR ("name missing"); + goto leave; + } + } + + if (pka_mode) + { + char *domain; /* Points to mbox. */ + char hashbuf[20]; + + mbox = mailbox_from_userid (line); + if (!mbox || !(domain = strchr (mbox, '@'))) + { + err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id"); + goto leave; + } + *domain++ = 0; + + gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, mbox, strlen (mbox)); + encodedhash = zb32_encode (hashbuf, 8*20); + if (!encodedhash) + { + err = gpg_error_from_syserror (); + goto leave; + } + namebuf = strconcat (encodedhash, "._pka.", domain, NULL); + if (!namebuf) + { + err = gpg_error_from_syserror (); + goto leave; + } + name = namebuf; + certtype = DNS_CERTTYPE_IPGP; + } + else + name = line; + + err = get_dns_cert (name, certtype, &key, &keylen, &fpr, &fprlen, &url); + if (err) + goto leave; + + if (key) + { + err = data_line_write (ctx, key, keylen); + if (err) + goto leave; + } + + if (fpr) + { + char *tmpstr; + + tmpstr = bin2hex (fpr, fprlen, NULL); + if (!tmpstr) + err = gpg_error_from_syserror (); + else + { + err = assuan_write_status (ctx, "FPR", tmpstr); + xfree (tmpstr); + } + if (err) + goto leave; + } + + if (url) + { + err = assuan_write_status (ctx, "URL", url); + if (err) + goto leave; + } + + + leave: + xfree (key); + xfree (fpr); + xfree (url); + xfree (mbox); + xfree (namebuf); + xfree (encodedhash); + return leave_cmd (ctx, err); +} + + + static const char hlp_ldapserver[] = "LDAPSERVER \n" "\n" @@ -1919,6 +2081,7 @@ register_commands (assuan_context_t ctx) assuan_handler_t handler; const char * const help; } table[] = { + { "DNS_CERT", cmd_dns_cert, hlp_dns_cert }, { "LDAPSERVER", cmd_ldapserver, hlp_ldapserver }, { "ISVALID", cmd_isvalid, hlp_isvalid }, { "CHECKCRL", cmd_checkcrl, hlp_checkcrl }, diff --git a/common/t-dns-cert.c b/dirmngr/t-dns-cert.c similarity index 88% rename from common/t-dns-cert.c rename to dirmngr/t-dns-cert.c index a170ffb..61536c5 100644 --- a/common/t-dns-cert.c +++ b/dirmngr/t-dns-cert.c @@ -33,7 +33,8 @@ main (int argc, char **argv) unsigned char *fpr; size_t fpr_len; char *url; - estream_t key; + void *key; + size_t keylen; char const *name; if (argc) @@ -54,17 +55,14 @@ main (int argc, char **argv) printf ("CERT lookup on '%s'\n", name); - err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &fpr, &fpr_len, &url); + err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen, + &fpr, &fpr_len, &url); if (err) printf ("get_dns_cert failed: %s <%s>\n", gpg_strerror (err), gpg_strsource (err)); else if (key) { - int count = 0; - - while (es_getc (key) != EOF) - count++; - printf ("Key found (%d bytes)\n", count); + printf ("Key found (%u bytes)\n", (unsigned int)keylen); } else { @@ -87,7 +85,7 @@ main (int argc, char **argv) } - es_fclose (key); + xfree (key); xfree (fpr); xfree (url); diff --git a/g10/Makefile.am b/g10/Makefile.am index b66abb8..ca99314 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -141,8 +141,7 @@ gpgv2_SOURCES = gpgv.c \ # here, even that it is not used by gpg. A proper solution would # either to split up libkeybox.a or to use a separate keybox daemon. LDADD = $(needed_libs) ../common/libgpgrl.a \ - $(ZLIBS) $(DNSLIBS) \ - $(LIBINTL) $(CAPLIBS) $(NETLIBS) + $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS) gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(resource_objs) $(extra_sys_libs) diff --git a/g10/call-dirmngr.c b/g10/call-dirmngr.c index bb571b2..e452c97 100644 --- a/g10/call-dirmngr.c +++ b/g10/call-dirmngr.c @@ -78,6 +78,16 @@ struct ks_put_parm_s }; +/* Parameter structure used with the DNS_CERT command. */ +struct dns_cert_parm_s +{ + estream_t memfp; + unsigned char *fpr; + size_t fprlen; + char *url; +}; + + /* Data used to associate an session with dirmngr contexts. We can't use a simple one to one mapping because we sometimes need two connections to the dirmngr; for example while doing a listing and @@ -957,3 +967,228 @@ gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock) close_context (ctrl, ctx); return err; } + + + +/* Data callback for the DNS_CERT command. */ +static gpg_error_t +dns_cert_data_cb (void *opaque, const void *data, size_t datalen) +{ + struct dns_cert_parm_s *parm = opaque; + gpg_error_t err = 0; + size_t nwritten; + + if (!data) + return 0; /* Ignore END commands. */ + if (!parm->memfp) + return 0; /* Data is not required. */ + + if (es_write (parm->memfp, data, datalen, &nwritten)) + err = gpg_error_from_syserror (); + + return err; +} + + +/* Status callback for the DNS_CERT command. */ +static gpg_error_t +dns_cert_status_cb (void *opaque, const char *line) +{ + struct dns_cert_parm_s *parm = opaque; + gpg_error_t err = 0; + const char *s; + size_t nbytes; + + if ((s = has_leading_keyword (line, "FPR"))) + { + char *buf; + + if (!(buf = xtrystrdup (s))) + err = gpg_error_from_syserror (); + else if (parm->fpr) + err = gpg_error (GPG_ERR_DUP_KEY); + else if (!hex2str (buf, buf, strlen (buf)+1, &nbytes)) + err = gpg_error_from_syserror (); + else if (nbytes < 20) + err = gpg_error (GPG_ERR_TOO_SHORT); + else + { + parm->fpr = xtrymalloc (nbytes); + if (!parm->fpr) + err = gpg_error_from_syserror (); + else + memcpy (parm->fpr, buf, (parm->fprlen = nbytes)); + } + xfree (buf); + } + else if ((s = has_leading_keyword (line, "URL")) && *s) + { + if (parm->url) + err = gpg_error (GPG_ERR_DUP_KEY); + else if (!(parm->fpr = xtrymalloc (nbytes))) + err = gpg_error_from_syserror (); + else + memcpy (parm->fpr, line, (parm->fprlen = nbytes)); + } + + return err; +} + +/* Ask the dirmngr for a DNS CERT record. Depending on the found + subtypes different return values are set: + + - For a PGP subtype a new estream with that key will be returned at + R_KEY and the other return parameters are set to NULL/0. + + - For an IPGP subtype the fingerprint is stored as a malloced block + at (R_FPR,R_FPRLEN). If an URL is available it is stored as a + malloced string at R_URL; NULL is stored if there is no URL. + + If CERTTYPE is DNS_CERTTYPE_ANY this function returns the first + CERT record found with a supported type; it is expected that only + one CERT record is used. If CERTTYPE is one of the supported + certtypes, only records with this certtype are considered and the + first one found is returned. All R_* args are optional. */ +gpg_error_t +gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype, + estream_t *r_key, + unsigned char **r_fpr, size_t *r_fprlen, + char **r_url) +{ + gpg_error_t err; + assuan_context_t ctx; + struct dns_cert_parm_s parm; + char *line = NULL; + + memset (&parm, 0, sizeof parm); + if (r_key) + *r_key = NULL; + if (r_fpr) + *r_fpr = NULL; + if (r_fprlen) + *r_fprlen = 0; + if (r_url) + *r_url = NULL; + + err = open_context (ctrl, &ctx); + if (err) + return err; + + line = es_bsprintf ("DNS_CERT %s %s", certtype, name); + if (!line) + { + err = gpg_error_from_syserror (); + goto leave; + } + if (strlen (line) + 2 >= ASSUAN_LINELENGTH) + { + err = gpg_error (GPG_ERR_TOO_LARGE); + goto leave; + } + + parm.memfp = es_fopenmem (0, "rwb"); + if (!parm.memfp) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = assuan_transact (ctx, line, dns_cert_data_cb, &parm, + NULL, NULL, dns_cert_status_cb, &parm); + if (err) + goto leave; + + if (r_key) + { + es_rewind (parm.memfp); + *r_key = parm.memfp; + parm.memfp = NULL; + } + + if (r_fpr && parm.fpr) + { + *r_fpr = parm.fpr; + parm.fpr = NULL; + } + if (r_fprlen) + *r_fprlen = parm.fprlen; + + if (r_url && parm.url) + { + *r_url = parm.url; + parm.url = NULL; + } + + leave: + xfree (parm.fpr); + xfree (parm.url); + es_fclose (parm.memfp); + xfree (line); + close_context (ctrl, ctx); + return err; +} + + +/* Ask the dirmngr for PKA info. On success the retrieved fingerprint + is returned in a malloced buffer at R_FPR and its length is stored + at R_FPRLEN. If an URL is available it is stored as a malloced + string at R_URL. On error all return values are set to NULL/0. */ +gpg_error_t +gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid, + unsigned char **r_fpr, size_t *r_fprlen, + char **r_url) +{ + gpg_error_t err; + assuan_context_t ctx; + struct dns_cert_parm_s parm; + char *line = NULL; + + memset (&parm, 0, sizeof parm); + if (r_fpr) + *r_fpr = NULL; + if (r_fprlen) + *r_fprlen = 0; + if (r_url) + *r_url = NULL; + + err = open_context (ctrl, &ctx); + if (err) + return err; + + line = es_bsprintf ("DNS_CERT --pka -- %s", userid); + if (!line) + { + err = gpg_error_from_syserror (); + goto leave; + } + if (strlen (line) + 2 >= ASSUAN_LINELENGTH) + { + err = gpg_error (GPG_ERR_TOO_LARGE); + goto leave; + } + + err = assuan_transact (ctx, line, dns_cert_data_cb, &parm, + NULL, NULL, dns_cert_status_cb, &parm); + if (err) + goto leave; + + if (r_fpr && parm.fpr) + { + *r_fpr = parm.fpr; + parm.fpr = NULL; + } + if (r_fprlen) + *r_fprlen = parm.fprlen; + + if (r_url && parm.url) + { + *r_url = parm.url; + parm.url = NULL; + } + + leave: + xfree (parm.fpr); + xfree (parm.url); + xfree (line); + close_context (ctrl, ctx); + return err; +} diff --git a/g10/call-dirmngr.h b/g10/call-dirmngr.h index bae1123..b9b8e21 100644 --- a/g10/call-dirmngr.h +++ b/g10/call-dirmngr.h @@ -31,6 +31,14 @@ gpg_error_t gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp); gpg_error_t gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock); +gpg_error_t gpg_dirmngr_dns_cert (ctrl_t ctrl, + const char *name, const char *certtype, + estream_t *r_key, + unsigned char **r_fpr, size_t *r_fprlen, + char **r_url); +gpg_error_t gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid, + unsigned char **r_fpr, size_t *r_fprlen, + char **r_url); #endif /*GNUPG_G10_CALL_DIRMNGR_H*/ diff --git a/g10/gpgv.c b/g10/gpgv.c index 157fdea..479bb95 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -575,3 +575,19 @@ agent_get_keyinfo (ctrl_t ctrl, const char *hexkeygrip, char **r_serialno) *r_serialno = NULL; return gpg_error (GPG_ERR_NO_SECKEY); } + +gpg_error_t +gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid, + unsigned char **r_fpr, size_t *r_fprlen, + char **r_url) +{ + (void)ctrl; + (void)userid; + if (r_fpr) + *r_fpr = NULL; + if (r_fprlen) + *r_fprlen = 0; + if (r_url) + *r_url = NULL; + return gpg_error (GPG_ERR_NOT_FOUND); +} diff --git a/g10/keyserver-internal.h b/g10/keyserver-internal.h index a955fc7..fc1c343 100644 --- a/g10/keyserver-internal.h +++ b/g10/keyserver-internal.h @@ -42,8 +42,8 @@ gpg_error_t keyserver_search (ctrl_t ctrl, strlist_t tokens); int keyserver_fetch (ctrl_t ctrl, strlist_t urilist); int keyserver_import_cert (ctrl_t ctrl, const char *name, unsigned char **fpr,size_t *fpr_len); -int keyserver_import_pka (ctrl_t ctrl, - const char *name,unsigned char **fpr,size_t *fpr_len); +gpg_error_t keyserver_import_pka (ctrl_t ctrl, const char *name, + unsigned char **fpr,size_t *fpr_len); int keyserver_import_name (ctrl_t ctrl, const char *name,unsigned char **fpr,size_t *fpr_len, struct keyserver_spec *keyserver); diff --git a/g10/keyserver.c b/g10/keyserver.c index abe4bde..40ba49a 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -41,8 +41,6 @@ #include "trustdb.h" #include "keyserver-internal.h" #include "util.h" -#include "dns-cert.h" -#include "pka.h" #ifdef USE_DNS_SRV #include "srv.h" #endif @@ -1897,7 +1895,7 @@ keyserver_import_cert (ctrl_t ctrl, if(domain) *domain='.'; - err = get_dns_cert (look, DNS_CERTTYPE_ANY, &key, fpr, fpr_len, &url); + err = gpg_dirmngr_dns_cert (ctrl, look, "*", &key, fpr, fpr_len, &url); if (err) ; else if (key) @@ -1957,37 +1955,35 @@ keyserver_import_cert (ctrl_t ctrl, /* Import key pointed to by a PKA record. Return the requested fingerprint in fpr. */ -int -keyserver_import_pka (ctrl_t ctrl, - const char *name,unsigned char **fpr,size_t *fpr_len) +gpg_error_t +keyserver_import_pka (ctrl_t ctrl, const char *name, + unsigned char **fpr, size_t *fpr_len) { - char *uri; - int rc = GPG_ERR_NO_PUBKEY; - - *fpr = xmalloc (20); - *fpr_len = 20; + gpg_error_t err; + char *url; - uri = get_pka_info (name, *fpr, 20); - if (uri && *uri) + err = gpg_dirmngr_get_pka (ctrl, name, fpr, fpr_len, &url); + if (url && *url && fpr && fpr_len) { - /* An URI is available. Lookup the key. */ + /* An URL is available. Lookup the key. */ struct keyserver_spec *spec; - spec = parse_keyserver_uri (uri, 1); + spec = parse_keyserver_uri (url, 1); if (spec) { - rc = keyserver_import_fprint (ctrl, *fpr, 20, spec); + err = keyserver_import_fprint (ctrl, *fpr, *fpr_len, spec); free_keyserver_spec (spec); } } - xfree (uri); + xfree (url); - if (rc) + if (err) { xfree(*fpr); *fpr = NULL; + *fpr_len = 0; } - return rc; + return err; } diff --git a/g10/mainproc.c b/g10/mainproc.c index 0f6ba2b..e72d076 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -38,9 +38,8 @@ #include "trustdb.h" #include "keyserver-internal.h" #include "photoid.h" -#include "pka.h" #include "mbox-util.h" - +#include "call-dirmngr.h" /* Put an upper limit on nested packets. The 32 is an arbitrary value, a much lower should actually be sufficient. */ @@ -1487,7 +1486,7 @@ get_pka_address (PKT_signature *sig) be retrieved for the signature we merely return it; if not we go out and try to get that DNS record. */ static const char * -pka_uri_from_sig (PKT_signature *sig) +pka_uri_from_sig (CTX c, PKT_signature *sig) { if (!sig->flags.pka_tried) { @@ -1496,17 +1495,28 @@ pka_uri_from_sig (PKT_signature *sig) sig->pka_info = get_pka_address (sig); if (sig->pka_info) { - char *uri; + char *url; + unsigned char *fpr; + size_t fprlen; - uri = get_pka_info (sig->pka_info->email, - sig->pka_info->fpr, sizeof sig->pka_info->fpr); - if (uri) + if (!gpg_dirmngr_get_pka (c->ctrl, sig->pka_info->email, + &fpr, &fprlen, &url)) { - sig->pka_info->valid = 1; - if (!*uri) - xfree (uri); - else - sig->pka_info->uri = uri; + if (fpr && fprlen == sizeof sig->pka_info->fpr) + { + memcpy (sig->pka_info->fpr, fpr, fprlen); + if (url) + { + sig->pka_info->valid = 1; + if (!*url) + xfree (url); + else + sig->pka_info->uri = url; + url = NULL; + } + } + xfree (fpr); + xfree (url); } } } @@ -1734,7 +1744,7 @@ check_sig_and_print (CTX c, kbnode_t node) && (opt.keyserver_options.options & KEYSERVER_AUTO_KEY_RETRIEVE) && (opt.keyserver_options.options & KEYSERVER_HONOR_PKA_RECORD)) { - const char *uri = pka_uri_from_sig (sig); + const char *uri = pka_uri_from_sig (c, sig); if (uri) { @@ -1997,7 +2007,7 @@ check_sig_and_print (CTX c, kbnode_t node) if (!rc) { if ((opt.verify_options & VERIFY_PKA_LOOKUPS)) - pka_uri_from_sig (sig); /* Make sure PKA info is available. */ + pka_uri_from_sig (c, sig); /* Make sure PKA info is available. */ rc = check_signatures_trust (sig); } commit ce11cc39ea7e011040debc9339a2310a714efe7e Author: Werner Koch Date: Thu Apr 23 14:31:04 2015 +0200 common: Minor change of hex2str to allow for embedded nul. * common/convert.c (hex2str): Set ERRNO. Return adjusted COUNT. -- hex2str is only used at one place for in-place converting an hex encoded passphrase. This change does not affect this use. The change is however useful to use the function for in-place conversion of arbitrary hex encoded strings. Take care for in-place conversion of a hex string encoding binary data you need to use it this way: if (hex2str (string, string, strlen (string) + 1, &length) oops ("probably out of memory but see ERRNO"); for (i=0; i < length; i++) foo (string[i)); Note that strlen() + 1. Signed-off-by: Werner Koch diff --git a/common/convert.c b/common/convert.c index e86ccec..6b0ff35 100644 --- a/common/convert.c +++ b/common/convert.c @@ -175,21 +175,26 @@ bin2hexcolon (const void *buffer, size_t length, char *stringbuf) /* Convert HEXSTRING consisting of hex characters into string and store that at BUFFER. HEXSTRING is either delimited by end of string or a white space character. The function makes sure that - the resulting string in BUFFER is terminated by a Nul character. + the resulting string in BUFFER is terminated by a Nul byte. Note + that the retruned string may include embedded Nul bytes; the extra + Nul byte at the end is used to make sure tha the result can always + be used as a C-string. + BUFSIZE is the availabe length of BUFFER; if the converted result - plus a possible required Nul character does not fit into this + plus a possible required extra Nul character does not fit into this buffer, the function returns NULL and won't change the existing - conent of buffer. In-place conversion is possible as long as + content of BUFFER. In-place conversion is possible as long as BUFFER points to HEXSTRING. - If BUFFER is NULL and bufsize is 0 the function scans HEXSTRING but + If BUFFER is NULL and BUFSIZE is 0 the function scans HEXSTRING but does not store anything. This may be used to find the end of - hexstring. + HEXSTRING. On sucess the function returns a pointer to the next character after HEXSTRING (which is either end-of-string or a the next white - space). If BUFLEN is not NULL the strlen of buffer is stored - there; this will even be done if BUFFER has been passed as NULL. */ + space). If BUFLEN is not NULL the number of valid vytes in BUFFER + is stored there (an extra Nul byte is not counted); this will even + be done if BUFFER has been passed as NULL. */ const char * hex2str (const char *hexstring, char *buffer, size_t bufsize, size_t *buflen) { @@ -203,7 +208,10 @@ hex2str (const char *hexstring, char *buffer, size_t bufsize, size_t *buflen) for (s=hexstring, count=0; hexdigitp (s) && hexdigitp (s+1); s += 2, count++) ; if (*s && (!isascii (*s) || !isspace (*s)) ) - return NULL; /* Not followed by Nul or white space. */ + { + gpg_err_set_errno (EINVAL); + return NULL; /* Not followed by Nul or white space. */ + } /* We need to append a nul character. However we don't want that if the hexstring already ends with "00". */ need_nul = ((s == hexstring) || !(s[-2] == '0' && s[-1] == '0')); @@ -213,7 +221,10 @@ hex2str (const char *hexstring, char *buffer, size_t bufsize, size_t *buflen) if (buffer) { if (count > bufsize) - return NULL; /* Too long. */ + { + gpg_err_set_errno (EINVAL); + return NULL; /* Too long. */ + } for (s=hexstring, idx=0; hexdigitp (s) && hexdigitp (s+1); s += 2) ((unsigned char*)buffer)[idx++] = xtoi_2 (s); @@ -222,7 +233,7 @@ hex2str (const char *hexstring, char *buffer, size_t bufsize, size_t *buflen) } if (buflen) - *buflen = count - 1; + *buflen = count - need_nul; return s; } @@ -242,7 +253,6 @@ hex2str_alloc (const char *hexstring, size_t *r_count) { if (r_count) *r_count = 0; - gpg_err_set_errno (EINVAL); return NULL; } if (r_count) diff --git a/common/t-convert.c b/common/t-convert.c index d6056b9..a03c680 100644 --- a/common/t-convert.c +++ b/common/t-convert.c @@ -27,7 +27,7 @@ #define pass() do { ; } while(0) #define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\ __FILE__,__LINE__, (a)); \ - exit (1); \ + /*exit (1)*/; \ } while(0) @@ -282,73 +282,74 @@ test_hex2str (void) static struct { const char *hex; const char *str; + int len; /* Length of STR. This may included embedded nuls. */ int off; int no_alloc_test; } tests[] = { /* Simple tests. */ { "112233445566778899aabbccddeeff1122", "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22", - 34 }, + 17, 34 }, { "112233445566778899aabbccddeeff1122 blah", "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22", - 34 }, + 17, 34 }, { "112233445566778899aabbccddeeff1122\tblah", "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22", - 34 }, + 17, 34 }, { "112233445566778899aabbccddeeff1122\nblah", "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22", - 34 }, + 17, 34 }, /* Valid tests yielding an empty string. */ { "00", "", - 2 }, + 1, 2 }, { "00 x", "", - 2 }, + 1, 2 }, { "", "", - 0 }, + 0, 0 }, { " ", "", - 0 }, + 0, 0 }, /* Test trailing Nul feature. */ - { "112233445566778899aabbccddeeff112200", - "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22", - 36 }, - { "112233445566778899aabbccddeeff112200 ", - "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x22", - 36 }, + { "112233445566778899aabbccddeeff1100", + "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x00", + 17, 34 }, + { "112233445566778899aabbccddeeff1100 ", + "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff\x11\x00", + 17, 34 }, /* Test buffer size. (buffer is of length 20) */ { "6162636465666768696A6b6c6D6e6f70717273", "abcdefghijklmnopqrs", - 38 }, + 19, 38 }, { "6162636465666768696A6b6c6D6e6f7071727300", "abcdefghijklmnopqrs", - 40 }, + 20, 40 }, { "6162636465666768696A6b6c6D6e6f7071727374", NULL, - 0, 1 }, + 0, 0, 1 }, { "6162636465666768696A6b6c6D6e6f707172737400", NULL, - 0, 1 }, + 0, 0, 1 }, { "6162636465666768696A6b6c6D6e6f707172737475", NULL, - 0, 1 }, + 0, 0, 1 }, /* Invalid tests. */ - { "112233445566778899aabbccddeeff1122334", NULL, 0 }, - { "112233445566778899AABBCCDDEEFF1122334", NULL, 0 }, - { "112233445566778899AABBCCDDEEFG11223344", NULL, 0 }, - { "0:0112233445566778899aabbccddeeff11223344", NULL, 0 }, - { "112233445566778899aabbccddeeff11223344:", NULL, 0 }, - { "112233445566778899aabbccddeeff112233445", NULL, 0 }, - { "112233445566778899aabbccddeeff1122334455", NULL, 0, 1 }, - { "112233445566778899aabbccddeeff11223344blah", NULL, 0 }, - { "0", NULL, 0 }, - { "00:", NULL, 0 }, - { "00x", NULL, 0 }, - - { NULL, NULL, 0 } + { "112233445566778899aabbccddeeff1122334", NULL, 0, 0 }, + { "112233445566778899AABBCCDDEEFF1122334", NULL, 0, 0 }, + { "112233445566778899AABBCCDDEEFG11223344", NULL, 0, 0 }, + { "0:0112233445566778899aabbccddeeff11223344", NULL, 0, 0 }, + { "112233445566778899aabbccddeeff11223344:", NULL, 0, 0 }, + { "112233445566778899aabbccddeeff112233445", NULL, 0, 0 }, + { "112233445566778899aabbccddeeff1122334455", NULL, 0, 0, 1 }, + { "112233445566778899aabbccddeeff11223344blah", NULL, 0, 0 }, + { "0", NULL, 0, 0 }, + { "00:", NULL, 0, 0 }, + { "00x", NULL, 0, 0 }, + + { NULL, NULL, 0, 0 } }; int idx; @@ -369,7 +370,7 @@ test_hex2str (void) fail (idx); else if (tail - tests[idx].hex != tests[idx].off) fail (idx); - else if (strlen (buffer) != count) + else if (tests[idx].len != count) fail (idx); } else @@ -400,7 +401,7 @@ test_hex2str (void) fail (idx); else if (tail - tmpbuf != tests[idx].off) fail (idx); - else if (strlen (tmpbuf) != count) + else if (tests[idx].len != count) fail (idx); } else ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 8 +- common/convert.c | 32 ++++-- common/pka.c | 107 ------------------ common/pka.h | 35 ------ common/t-convert.c | 71 ++++++------ common/t-pka.c | 72 ------------ dirmngr/Makefile.am | 6 +- {common => dirmngr}/dns-cert.c | 32 ++++-- {common => dirmngr}/dns-cert.h | 8 +- dirmngr/server.c | 189 ++++++++++++++++++++++++++++--- {common => dirmngr}/t-dns-cert.c | 14 +-- g10/Makefile.am | 3 +- g10/call-dirmngr.c | 235 +++++++++++++++++++++++++++++++++++++++ g10/call-dirmngr.h | 8 ++ g10/gpgv.c | 16 +++ g10/keyserver-internal.h | 4 +- g10/keyserver.c | 34 +++--- g10/mainproc.c | 38 ++++--- 18 files changed, 574 insertions(+), 338 deletions(-) delete mode 100644 common/pka.c delete mode 100644 common/pka.h delete mode 100644 common/t-pka.c rename {common => dirmngr}/dns-cert.c (93%) rename {common => dirmngr}/dns-cert.h (92%) rename {common => dirmngr}/t-dns-cert.c (88%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Apr 26 20:21:18 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 26 Apr 2015 20:21:18 +0200 Subject: [git] gnupg-doc - branch, master, updated. 729b5bb5dd49a1febe314dbeaf79ce71aebb5018 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 729b5bb5dd49a1febe314dbeaf79ce71aebb5018 (commit) from c688116d697686cdcdd5cdee4f10d10965ad7472 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 729b5bb5dd49a1febe314dbeaf79ce71aebb5018 Author: Werner Koch Date: Sun Apr 26 20:09:48 2015 +0200 blog: Add First OpenPGP summit diff --git a/misc/blog.gnupg.org/20150426-openpgp-summit.org b/misc/blog.gnupg.org/20150426-openpgp-summit.org new file mode 100644 index 0000000..b12ccfc --- /dev/null +++ b/misc/blog.gnupg.org/20150426-openpgp-summit.org @@ -0,0 +1,128 @@ +# GnuPG News for January 2015 +#+STARTUP: showall +#+AUTHOR: Werner +#+DATE: April 26th, 2015 + +** Notes from the first OpenPGP Summit + + On April 18/19 a bunch of OpenPGP folks met in Dreieich near + Frankfurt to get to know themselves better and exchange experience + in implementing and deploying OpenPGP based applications. + + During one of the meetings of our local group of regulars at the + [[https://chaosdorf.de][Chaosdorf]], I talked with Nico from Enigmail about the idea to get + the few GnuPG frontend authors together for an informal meeting. + We agreed that this is would be useful and we decided to go + for it in spring. Due to the attention GnuPG received during the + following [[https://31c3.de][31C3]] it turned out that the planned GPG meeting + would grow to an OpenPGP summit with about 30 attendees. We even + had to reject several requests to join the meeting due to limited + space and time constraints to prepare a larger meeting. [[http://www.josuttis.de][Nico]] took + care of the organization and I am really glad that he kept me clear + of this task. Thanks. + + Our host was [[https://www.giepa.de/][Giegerich & Partner]], an IT security company which + does a proprietary Outlook plugin based on GnuPG. Their local + organization was excellent including snacks, beverages, a + great self-made dinner, and shuttle service to the hotel and the + airport. Network access also worked flawlessly after having + signed that usual German [[http://de.wikipedia.org/wiki/St%C3%B6rerhaftung][St?rerhaftung]] disclaimer. Thanks guys. + + After a welcome on Saturday morning from Nico and our host, I + quickly explained the planned release schedule for GnuPG and + explained a less known feature of GPA and Kleoptra, the [[https://gnupg.org/documentation/manuals/gpgme/UI-Server-Protocol.html][UI-Server]]. + We then started the presentations of the projects present: + [[http://gpg4win.org][Gpg4win]], + [[https://enigmail.net][Enigmail]], + Gpg4o, + r2mail2, + [[https://openkeychain.org][OpenKeychain,]] + [[https://gpgtools.org][GPG Tools]], + [[https://pixelated-project.org][Pixelated]], + [[https://whiteout.io][Whiteout]], + [[https://mailvelope.com][Mailvelope,]] + [[https://mailpile.is][Mailpile]], + [[https://github.com/google/end-to-end][End-to-end]], + [[https://caliopen.org][CaliOpen]], and + [[https://debian.org][Debian]]. + + It was really interesting to learn first hand about the rich + environment around the OpenPGP protocol. Although most developers + knew about each other it was the first time they all came together + to present their projects to their peers. About half of the + projects are using GnuPG as their backend engine with the others + using one of the Javascript implementations for their OpenPGP core. + + The presentations answered a lot of questions but raised others + which were discussed during the breaks and the wine and beer track + in the evening. Important topics were identified and put on the + agenda for Sunday. + + One of these topics was the question whether to use PGP/MIME or to + create a new format; with about the half of the group in favor of + PGP/MIME. It seems that some often used MUAs (mailers) have + somewhat limited support even for regular MIME despite that this is + a 22 years old and matured standard. In particular webmail + applications are quite limited in their MIME handling. + They have the easiest way to roll out fixed versions, though. As usual I + got into long debates with Bjarni from Mailpile on this. This + discussion was continued on Sunday in working groups on meta data + encryption and encrypted search. + + Another topic was key distribution. I decided not to join the + respective working group on Sunday because this will be a + too large topic for short working group. During the Saturday + presentations it became clear that the more centralized projects, + like Whiteout and Google?s end-to-end, can more or less sidestep + that problem due to the better control they have on the mail + accounts. The presentation from the End-to-end project was + nevertheless interesting and probably sparked a few idea. + + Mobile clients are a primary, or even the only, target for most + projects and thus discussions revolved around issues like reducing + the amount of data to download from IMAP servers but still be able + to show summaries of the mail content after decryption; or on how + to efficiently and securely search through encrypted mails stored + on a remote site. + + It would be quite useful to publish the results from the Sunday + working groups as well as the group picture. However they have + not yet been collected; see below for updates. + + I appreciated the opportunity to meet the GPG Tools developers, who + are very dedicated to make GnuPG working well on OS X. I stressed + the importance to actively participate on the GnuPG mailing list to + keep information in sync. One example may illustrate this: For + years the adaption of GnuPG-2 on GNOME based systems has been + hampered by the fact that the gnome-keyring-manager (GKR) tries to + emulate gpg-agent and thus inhibits proper working of any advanced + function of GnuPG (e.g. smartcards and gpgsm). With Debian?s + release of Jessie that problem will even be worse due to other + desktop environments now also using GKR. Given that the GKR + developers are not willing to change their defaults, Neal, dkg, and + me came up with a pragmatic solution for this problem on Saturday + morning. Surprisingly we learned in the evening that GPG Tools long + ago came up with a very similar solution on how to integrate GnuPG + into the OS X keychain. + + To comply with crypto geek tradition the meeting ended with a key + signing party using fingerprints collected in a shared file, + comparing its sha1sum ^W sha256sum locally, and publicly + confirming the correctness of ones own key. Some had to rush for + the airport or train station and thus not all keys could be + checked. + + Overall it was a successful meeting and it should be repeated to + extend our discussions on the mailing lists in a conference + setting. I do not want end these notes without remarking that I am + a bit disappointed that many of the participants favored this + closed invitation-only style summit and want the next meeting to + happen the same way. I would actually like to have an open OpenPGP + meeting with a stronger emphasis on Free Software and a clear + anti-surveillance message. + + +** Minutes from the working groups + + /[If you have something to publish, please send it to me for + publication at this place. CC-by-SA please.]/ ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20150426-openpgp-summit.org | 128 ++++++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 misc/blog.gnupg.org/20150426-openpgp-summit.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 29 17:17:26 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 29 Apr 2015 17:17:26 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-187-gf88266c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via f88266c0f868d7bf51a215d5531bb9f2b4dad19e (commit) via 305cc878d395475c46b4ef52f4764bd0c85bf8ac (commit) from fe38d3815b4cd203cd529949e244aca80d32897f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f88266c0f868d7bf51a215d5531bb9f2b4dad19e Author: Jussi Kivilinna Date: Wed Apr 22 20:29:05 2015 +0300 Disallow compiler from generating SSE instructions in mixed C+asm source * cipher/cipher-gcm-intel-pclmul.c [gcc-version >= 4.4]: Add GCC target pragma to disable compiler use of SSE. * cipher/rijndael-aesni.c [gcc-version >= 4.4]: Ditto. * cipher/rijndael-ssse3-amd64.c [gcc-version >= 4.4]: Ditto. -- These implementations assume that compiler does not use XMM registers between assembly blocks. Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-gcm-intel-pclmul.c b/cipher/cipher-gcm-intel-pclmul.c index 0314458..79648ce 100644 --- a/cipher/cipher-gcm-intel-pclmul.c +++ b/cipher/cipher-gcm-intel-pclmul.c @@ -32,6 +32,13 @@ #ifdef GCM_USE_INTEL_PCLMUL + +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + /* Intel PCLMUL ghash based on white paper: "Intel? Carry-Less Multiplication Instruction and its Usage for Computing the diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 9a81602..147679f 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -35,6 +35,12 @@ #ifdef USE_AESNI +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + typedef struct u128_s { u32 a, b, c, d; } u128_t; diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c index d72ec31..3f1b352 100644 --- a/cipher/rijndael-ssse3-amd64.c +++ b/cipher/rijndael-ssse3-amd64.c @@ -50,6 +50,12 @@ #ifdef USE_SSSE3 +#if _GCRY_GCC_VERSION >= 40400 /* 4.4 */ +/* Prevent compiler from issuing SSE instructions between asm blocks. */ +# pragma GCC target("no-sse") +#endif + + /* Two macros to be called prior and after the use of SSSE3 instructions. There should be no external function calls between the use of these macros. There purpose is to make sure that the commit 305cc878d395475c46b4ef52f4764bd0c85bf8ac Author: Jussi Kivilinna Date: Sat Apr 18 17:41:34 2015 +0300 Add OCB bulk crypt/auth functions for AES/AES-NI * cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt and bulk.ocb_auth. (_gcry_cipher_ocb_get_l): New prototype. * cipher/cipher-ocb.c (get_l): Rename to ... (_gcry_cipher_ocb_get_l): ... this. (_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when available. * cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk functions for AES. * cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec) (_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New. * cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt) (_gcry_aes_aesni_ocb_auth): New prototypes. (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New. * src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New prototypes. * tests/basic.c (check_ocb_cipher_largebuf): New. (check_ocb_cipher): Add large buffer encryption/decryption test. -- Patch adds bulk encryption/decryption/authentication code for AES-NI accelerated AES. Benchmark on Intel i5-4570 (3200 Mhz, turbo off): Before: AES | nanosecs/byte mebibytes/sec cycles/byte OCB enc | 2.12 ns/B 449.7 MiB/s 6.79 c/B OCB dec | 2.12 ns/B 449.6 MiB/s 6.79 c/B OCB auth | 2.07 ns/B 459.9 MiB/s 6.64 c/B After: AES | nanosecs/byte mebibytes/sec cycles/byte OCB enc | 0.292 ns/B 3262.5 MiB/s 0.935 c/B OCB dec | 0.297 ns/B 3212.2 MiB/s 0.950 c/B OCB auth | 0.260 ns/B 3666.1 MiB/s 0.832 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index 50b0324..e20ea56 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -128,6 +128,9 @@ struct gcry_cipher_handle void (*ctr_enc)(void *context, unsigned char *iv, void *outbuf_arg, const void *inbuf_arg, size_t nblocks); + void (*ocb_crypt)(gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt); + void (*ocb_auth)(gcry_cipher_hd_t c, const void *abuf_arg, size_t nblocks); } bulk; @@ -440,6 +443,8 @@ gcry_err_code_t _gcry_cipher_ocb_get_tag gcry_err_code_t _gcry_cipher_ocb_check_tag /* */ (gcry_cipher_hd_t c, const unsigned char *intag, size_t taglen); +const unsigned char *_gcry_cipher_ocb_get_l +/* */ (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n); #endif /*G10_CIPHER_INTERNAL_H*/ diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c index 62e79bb..bc6fd87 100644 --- a/cipher/cipher-ocb.c +++ b/cipher/cipher-ocb.c @@ -115,8 +115,8 @@ bit_copy (unsigned char *d, const unsigned char *s, every 65536-th block. L_TMP is a helper buffer of size OCB_BLOCK_LEN which is used to hold the computation if not taken from the table. */ -static const unsigned char * -get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n) +const unsigned char * +_gcry_cipher_ocb_get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 n) { int ntz = _gcry_ctz64 (n); @@ -257,6 +257,15 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, if (!abuflen) return 0; + /* Use a bulk method if available. */ + if (abuflen >= OCB_BLOCK_LEN && c->bulk.ocb_auth) + { + size_t nblks = abuflen / OCB_BLOCK_LEN; + c->bulk.ocb_auth (c, abuf, nblks); + abuf += nblks * OCB_BLOCK_LEN; + abuflen -= nblks * OCB_BLOCK_LEN; + } + /* Hash all full blocks. */ while (abuflen >= OCB_BLOCK_LEN) { @@ -264,7 +273,8 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ buf_xor_1 (c->u_mode.ocb.aad_offset, - get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks), OCB_BLOCK_LEN); + _gcry_cipher_ocb_get_l (c, l_tmp, c->u_mode.ocb.aad_nblocks), + OCB_BLOCK_LEN); /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ buf_xor (l_tmp, c->u_mode.ocb.aad_offset, abuf, OCB_BLOCK_LEN); c->spec->encrypt (&c->context.c, l_tmp, l_tmp); @@ -341,40 +351,56 @@ ocb_crypt (gcry_cipher_hd_t c, int encrypt, else if ((inbuflen % OCB_BLOCK_LEN)) return GPG_ERR_INV_LENGTH; /* We support only full blocks for now. */ - if (encrypt) + /* Use a bulk method if available. */ + if (nblks && c->bulk.ocb_crypt) { - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_checksum (c->u_ctr.ctr, inbuf, nblks); + c->bulk.ocb_crypt (c, outbuf, inbuf, nblks, encrypt); + inbuf += nblks * OCB_BLOCK_LEN; + outbuf += nblks * OCB_BLOCK_LEN; + inbuflen -= nblks * OCB_BLOCK_LEN; + outbuflen -= nblks * OCB_BLOCK_LEN; + nblks = 0; } - /* Encrypt all full blocks. */ - while (inbuflen >= OCB_BLOCK_LEN) + if (nblks) { - c->u_mode.ocb.data_nblocks++; + gcry_cipher_encrypt_t crypt_fn = + encrypt ? c->spec->encrypt : c->spec->decrypt; - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - buf_xor_1 (c->u_iv.iv, - get_l (c, l_tmp, c->u_mode.ocb.data_nblocks), OCB_BLOCK_LEN); - /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - buf_xor (outbuf, c->u_iv.iv, inbuf, OCB_BLOCK_LEN); if (encrypt) - nburn = c->spec->encrypt (&c->context.c, outbuf, outbuf); - else - nburn = c->spec->decrypt (&c->context.c, outbuf, outbuf); - burn = nburn > burn ? nburn : burn; - buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN); + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_checksum (c->u_ctr.ctr, inbuf, nblks); + } - inbuf += OCB_BLOCK_LEN; - inbuflen -= OCB_BLOCK_LEN; - outbuf += OCB_BLOCK_LEN; - outbuflen =- OCB_BLOCK_LEN; - } + /* Encrypt all full blocks. */ + while (inbuflen >= OCB_BLOCK_LEN) + { + c->u_mode.ocb.data_nblocks++; + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, + _gcry_cipher_ocb_get_l (c, l_tmp, + c->u_mode.ocb.data_nblocks), + OCB_BLOCK_LEN); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor (outbuf, c->u_iv.iv, inbuf, OCB_BLOCK_LEN); + nburn = crypt_fn (&c->context.c, outbuf, outbuf); + burn = nburn > burn ? nburn : burn; + buf_xor_1 (outbuf, c->u_iv.iv, OCB_BLOCK_LEN); + + inbuf += OCB_BLOCK_LEN; + inbuflen -= OCB_BLOCK_LEN; + outbuf += OCB_BLOCK_LEN; + outbuflen =- OCB_BLOCK_LEN; + } - if (!encrypt) - { - /* Checksum_i = Checksum_{i-1} xor P_i */ - ocb_checksum (c->u_ctr.ctr, outbuf - nblks * OCB_BLOCK_LEN, nblks); - } + if (!encrypt) + { + /* Checksum_i = Checksum_{i-1} xor P_i */ + ocb_checksum (c->u_ctr.ctr, outbuf - nblks * OCB_BLOCK_LEN, nblks); + } + } /* Encrypt final partial block. Note that we expect INBUFLEN to be shorter than OCB_BLOCK_LEN (see above). */ diff --git a/cipher/cipher.c b/cipher/cipher.c index 0a13fe6..6e1173f 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -510,6 +510,8 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, h->bulk.cbc_enc = _gcry_aes_cbc_enc; h->bulk.cbc_dec = _gcry_aes_cbc_dec; h->bulk.ctr_enc = _gcry_aes_ctr_enc; + h->bulk.ocb_crypt = _gcry_aes_ocb_crypt; + h->bulk.ocb_auth = _gcry_aes_ocb_auth; break; #endif /*USE_AES*/ #ifdef USE_BLOWFISH diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 3c367ce..9a81602 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -29,6 +29,7 @@ #include "bufhelp.h" #include "cipher-selftest.h" #include "rijndael-internal.h" +#include "./cipher-internal.h" #ifdef USE_AESNI @@ -1251,4 +1252,486 @@ _gcry_aes_aesni_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, aesni_cleanup_2_6 (); } + +static inline const unsigned char * +get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 i, unsigned char *iv, + unsigned char *ctr) +{ + const unsigned char *l; + unsigned int ntz; + + if (i & 0xffffffffU) + { + asm ("rep;bsf %k[low], %k[ntz]\n\t" + : [ntz] "=r" (ntz) + : [low] "r" (i & 0xffffffffU) + : "cc"); + } + else + { + if (OCB_L_TABLE_SIZE < 32) + { + ntz = 32; + } + else if (i) + { + asm ("rep;bsf %k[high], %k[ntz]\n\t" + : [ntz] "=r" (ntz) + : [high] "r" (i >> 32) + : "cc"); + ntz += 32; + } + else + { + ntz = 64; + } + } + + if (ntz < OCB_L_TABLE_SIZE) + { + l = c->u_mode.ocb.L[ntz]; + } + else + { + /* Store Offset & Checksum before calling external function */ + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*iv), + [ctr] "=m" (*ctr) + : + : "memory" ); + + l = _gcry_cipher_ocb_get_l (c, l_tmp, i); + + /* Restore Offset & Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*iv), + [ctr] "m" (*ctr) + : "memory" ); + } + + return l; +} + + +static void +aesni_ocb_enc (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + u64 n = c->u_mode.ocb.data_nblocks; + + aesni_prepare (); + + /* Preload Offset and Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_iv.iv), + [ctr] "m" (*c->u_ctr.ctr) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[inbuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm5, %[outbuf0]\n\t" + : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) + : [l0] "m" (*l[0]), + [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[inbuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "movdqu %%xmm5, %[outbuf1]\n\t" + : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) + : [l1] "m" (*l[1]), + [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[inbuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm5, %[outbuf2]\n\t" + : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) + : [l2] "m" (*l[2]), + [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[inbuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_enc_vec4 (ctx); + + asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" + "pxor %%xmm0, %%xmm1\n\t" + "movdqu %%xmm1, %[outbuf0]\n\t" + "movdqu %[outbuf1],%%xmm0\n\t" + "pxor %%xmm0, %%xmm2\n\t" + "movdqu %%xmm2, %[outbuf1]\n\t" + "movdqu %[outbuf2],%%xmm0\n\t" + "pxor %%xmm0, %%xmm3\n\t" + "movdqu %%xmm3, %[outbuf2]\n\t" + "pxor %%xmm5, %%xmm4\n\t" + "movdqu %%xmm4, %[outbuf3]\n\t" + : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), + [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), + [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), + [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) + : + : "memory" ); + + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [inbuf] "m" (*inbuf) + : "memory" ); + + do_aesni_enc (ctx); + + asm volatile ("pxor %%xmm5, %%xmm0\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + + c->u_mode.ocb.data_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_iv.iv), + [ctr] "=m" (*c->u_ctr.ctr) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + +static void +aesni_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + u64 n = c->u_mode.ocb.data_nblocks; + + aesni_prepare (); + + /* Preload Offset and Checksum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_iv.iv), + [ctr] "m" (*c->u_ctr.ctr) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[inbuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm5, %[outbuf0]\n\t" + : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) + : [l0] "m" (*l[0]), + [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[inbuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "movdqu %%xmm5, %[outbuf1]\n\t" + : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) + : [l1] "m" (*l[1]), + [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[inbuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm5, %[outbuf2]\n\t" + : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) + : [l2] "m" (*l[2]), + [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[inbuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_dec_vec4 (ctx); + + asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" + "pxor %%xmm0, %%xmm1\n\t" + "movdqu %%xmm1, %[outbuf0]\n\t" + "movdqu %[outbuf1],%%xmm0\n\t" + "pxor %%xmm0, %%xmm2\n\t" + "movdqu %%xmm2, %[outbuf1]\n\t" + "movdqu %[outbuf2],%%xmm0\n\t" + "pxor %%xmm0, %%xmm3\n\t" + "movdqu %%xmm3, %[outbuf2]\n\t" + "pxor %%xmm5, %%xmm4\n\t" + "movdqu %%xmm4, %[outbuf3]\n\t" + "pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm4, %%xmm6\n\t" + : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), + [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), + [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), + [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) + : + : "memory" ); + + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [inbuf] "m" (*inbuf) + : "memory" ); + + do_aesni_dec (ctx); + + asm volatile ("pxor %%xmm5, %%xmm0\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + + c->u_mode.ocb.data_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_iv.iv), + [ctr] "=m" (*c->u_ctr.ctr) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + +void +_gcry_aes_aesni_ocb_crypt(gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt) +{ + if (encrypt) + aesni_ocb_enc(c, outbuf_arg, inbuf_arg, nblocks); + else + aesni_ocb_dec(c, outbuf_arg, inbuf_arg, nblocks); +} + + +void +_gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks) +{ + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + RIJNDAEL_context *ctx = (void *)&c->context.c; + const unsigned char *abuf = abuf_arg; + u64 n = c->u_mode.ocb.aad_nblocks; + + aesni_prepare (); + + /* Preload Offset and Sum */ + asm volatile ("movdqu %[iv], %%xmm5\n\t" + "movdqu %[ctr], %%xmm6\n\t" + : /* No output */ + : [iv] "m" (*c->u_mode.ocb.aad_offset), + [ctr] "m" (*c->u_mode.ocb.aad_sum) + : "memory" ); + + for ( ;nblocks > 3 ; nblocks -= 4 ) + { + const unsigned char *l[4]; + + /* l_tmp will be used only every 65536-th block. */ + l[0] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[1] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[2] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + l[3] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[abuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm1\n\t" + : + : [l0] "m" (*l[0]), + [abuf0] "m" (*(abuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[abuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm2\n\t" + : + : [l1] "m" (*l[1]), + [abuf1] "m" (*(abuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[abuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm3\n\t" + : + : [l2] "m" (*l[2]), + [abuf2] "m" (*(abuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[abuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l[3]), + [abuf3] "m" (*(abuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_enc_vec4 (ctx); + + asm volatile ("pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm4, %%xmm6\n\t" + : + : + : "memory" ); + + abuf += 4*BLOCKSIZE; + } + for ( ;nblocks; nblocks-- ) + { + const unsigned char *l; + + l = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[abuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [abuf] "m" (*abuf) + : "memory" ); + + do_aesni_enc (ctx); + + asm volatile ("pxor %%xmm0, %%xmm6\n\t" + : + : + : "memory" ); + + abuf += BLOCKSIZE; + } + + c->u_mode.ocb.aad_nblocks = n; + asm volatile ("movdqu %%xmm5, %[iv]\n\t" + "movdqu %%xmm6, %[ctr]\n\t" + : [iv] "=m" (*c->u_mode.ocb.aad_offset), + [ctr] "=m" (*c->u_mode.ocb.aad_sum) + : + : "memory" ); + + aesni_cleanup (); + aesni_cleanup_2_6 (); + + wipememory(&l_tmp, sizeof(l_tmp)); +} + + #endif /* USE_AESNI */ diff --git a/cipher/rijndael.c b/cipher/rijndael.c index a481e6f..ade41c9 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -48,6 +48,7 @@ #include "bufhelp.h" #include "cipher-selftest.h" #include "rijndael-internal.h" +#include "./cipher-internal.h" #ifdef USE_AMD64_ASM @@ -97,6 +98,11 @@ extern void _gcry_aes_aesni_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, const unsigned char *inbuf, unsigned char *iv, size_t nblocks); +extern void _gcry_aes_aesni_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, + int encrypt); +extern void _gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks); #endif #ifdef USE_SSSE3 @@ -1150,6 +1156,161 @@ _gcry_aes_cbc_dec (void *context, unsigned char *iv, +/* Bulk encryption/decryption of complete blocks in OCB mode. */ +void +_gcry_aes_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt) +{ + RIJNDAEL_context *ctx = (void *)&c->context.c; + unsigned char *outbuf = outbuf_arg; + const unsigned char *inbuf = inbuf_arg; + unsigned int burn_depth = 0; + + if (encrypt) + { + if (ctx->prefetch_enc_fn) + ctx->prefetch_enc_fn(); + } + else + { + check_decryption_preparation (ctx); + + if (ctx->prefetch_dec_fn) + ctx->prefetch_dec_fn(); + } + + if (0) + ; +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + _gcry_aes_aesni_ocb_crypt (c, outbuf, inbuf, nblocks, encrypt); + burn_depth = 0; + } +#endif /*USE_AESNI*/ + else if (encrypt) + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.data_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, l, BLOCKSIZE); + buf_cpy (l_tmp.x1, inbuf, BLOCKSIZE); + /* Checksum_i = Checksum_{i-1} xor P_i */ + buf_xor_1 (c->u_ctr.ctr, l_tmp.x1, BLOCKSIZE); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + burn_depth = encrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + buf_cpy (outbuf, l_tmp.x1, BLOCKSIZE); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + } + else + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t decrypt_fn = ctx->decrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.data_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_iv.iv, l, BLOCKSIZE); + buf_cpy (l_tmp.x1, inbuf, BLOCKSIZE); + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + burn_depth = decrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (l_tmp.x1, c->u_iv.iv, BLOCKSIZE); + /* Checksum_i = Checksum_{i-1} xor P_i */ + buf_xor_1 (c->u_ctr.ctr, l_tmp.x1, BLOCKSIZE); + buf_cpy (outbuf, l_tmp.x1, BLOCKSIZE); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + } + + if (burn_depth) + _gcry_burn_stack (burn_depth + 4 * sizeof(void *)); +} + + +/* Bulk authentication of complete blocks in OCB mode. */ +void +_gcry_aes_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, size_t nblocks) +{ + RIJNDAEL_context *ctx = (void *)&c->context.c; + const unsigned char *abuf = abuf_arg; + unsigned int burn_depth = 0; + + if (ctx->prefetch_enc_fn) + ctx->prefetch_enc_fn(); + + if (0) + ; +#ifdef USE_AESNI + else if (ctx->use_aesni) + { + _gcry_aes_aesni_ocb_auth (c, abuf, nblocks); + burn_depth = 0; + } +#endif /*USE_AESNI*/ + else + { + union { unsigned char x1[16] ATTR_ALIGNED_16; u32 x32[4]; } l_tmp; + rijndael_cryptfn_t encrypt_fn = ctx->encrypt_fn; + + for ( ;nblocks; nblocks-- ) + { + u64 i = ++c->u_mode.ocb.aad_nblocks; + unsigned int ntz = _gcry_ctz64 (i); + const unsigned char *l; + + if (ntz < OCB_L_TABLE_SIZE) + l = c->u_mode.ocb.L[ntz]; + else + l = _gcry_cipher_ocb_get_l (c, l_tmp.x1, i); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + buf_xor_1 (c->u_mode.ocb.aad_offset, l, BLOCKSIZE); + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + buf_xor (l_tmp.x1, c->u_mode.ocb.aad_offset, abuf, BLOCKSIZE); + burn_depth = encrypt_fn (ctx, l_tmp.x1, l_tmp.x1); + buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp.x1, BLOCKSIZE); + + abuf += BLOCKSIZE; + } + + wipememory(&l_tmp, sizeof(l_tmp)); + } + + if (burn_depth) + _gcry_burn_stack (burn_depth + 4 * sizeof(void *)); +} + + + /* Run the self-tests for AES 128. Returns NULL on success. */ static const char* selftest_basic_128 (void) diff --git a/src/cipher.h b/src/cipher.h index f4f6cc4..7ad0b2c 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -135,6 +135,10 @@ void _gcry_aes_cbc_dec (void *context, unsigned char *iv, void _gcry_aes_ctr_enc (void *context, unsigned char *ctr, void *outbuf_arg, const void *inbuf_arg, size_t nblocks); +void _gcry_aes_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, + const void *inbuf_arg, size_t nblocks, int encrypt); +void _gcry_aes_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, + size_t nblocks); /*-- blowfish.c --*/ void _gcry_blowfish_cfb_dec (void *context, unsigned char *iv, diff --git a/tests/basic.c b/tests/basic.c index 6ebc056..1175b38 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -3153,6 +3153,172 @@ do_check_ocb_cipher (int inplace) static void +check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect) +{ + static const unsigned char key[32] = + "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F"; + static const unsigned char nonce[12] = + "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x00\x01\x02\x03"; + const size_t buflen = 1024 * 1024 * 2 + 32; + unsigned char *inbuf; + unsigned char *outbuf; + gpg_error_t err = 0; + gcry_cipher_hd_t hde, hdd; + unsigned char tag[16]; + int i; + + inbuf = xmalloc(buflen); + if (!inbuf) + { + fail ("out-of-memory\n"); + return; + } + outbuf = xmalloc(buflen); + if (!outbuf) + { + fail ("out-of-memory\n"); + xfree(inbuf); + return; + } + + for (i = 0; i < buflen; i++) + inbuf[i] = 'a'; + + err = gcry_cipher_open (&hde, algo, GCRY_CIPHER_MODE_OCB, 0); + if (!err) + err = gcry_cipher_open (&hdd, algo, GCRY_CIPHER_MODE_OCB, 0); + if (err) + { + fail ("cipher-ocb, gcry_cipher_open failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + goto out_free; + } + + err = gcry_cipher_setkey (hde, key, keylen); + if (!err) + err = gcry_cipher_setkey (hdd, key, keylen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_setkey failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_setiv (hde, nonce, 12); + if (!err) + err = gcry_cipher_setiv (hdd, nonce, 12); + if (err) + { + fail ("cipher-ocb, gcry_cipher_setiv failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_authenticate (hde, inbuf, buflen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_authenticate failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + err = gcry_cipher_final (hde); + if (!err) + { + err = gcry_cipher_encrypt (hde, outbuf, buflen, inbuf, buflen); + } + if (err) + { + fail ("cipher-ocb, gcry_cipher_encrypt failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* Check that the tag matches. */ + err = gcry_cipher_gettag (hde, tag, 16); + if (err) + { + fail ("cipher_ocb, gcry_cipher_gettag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + if (memcmp (tagexpect, tag, 16)) + { + mismatch (tagexpect, 16, tag, 16); + fail ("cipher-ocb, encrypt tag mismatch (large, algo %d)\n", algo); + } + + err = gcry_cipher_authenticate (hdd, inbuf, buflen); + if (err) + { + fail ("cipher-ocb, gcry_cipher_authenticate failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* Now for the decryption. */ + err = gcry_cipher_final (hdd); + if (!err) + { + err = gcry_cipher_decrypt (hdd, outbuf, buflen, NULL, 0); + } + if (err) + { + fail ("cipher-ocb, gcry_cipher_decrypt (large, algo %d) failed: %s\n", + algo, gpg_strerror (err)); + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + goto out_free; + } + + /* We still have TAG from the encryption. */ + err = gcry_cipher_checktag (hdd, tag, 16); + if (err) + { + fail ("cipher-ocb, gcry_cipher_checktag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + + /* Check that the decrypt output matches the original plaintext. */ + if (memcmp (inbuf, outbuf, buflen)) + { + /*mismatch (inbuf, buflen, outbuf, buflen);*/ + fail ("cipher-ocb, decrypt data mismatch (large, algo %d)\n", algo); + } + + /* Check that gettag also works for decryption. */ + err = gcry_cipher_gettag (hdd, tag, 16); + if (err) + { + fail ("cipher_ocb, decrypt gettag failed (large, algo %d): %s\n", + algo, gpg_strerror (err)); + } + if (memcmp (tagexpect, tag, 16)) + { + mismatch (tagexpect, 16, tag, 16); + fail ("cipher-ocb, decrypt tag mismatch (large, algo %d)\n", algo); + } + + gcry_cipher_close (hde); + gcry_cipher_close (hdd); + +out_free: + xfree(outbuf); + xfree(inbuf); +} + + +static void check_ocb_cipher (void) { /* Check OCB cipher with separate destination and source buffers for @@ -3161,6 +3327,14 @@ check_ocb_cipher (void) /* Check OCB cipher with inplace encrypt/decrypt. */ do_check_ocb_cipher(1); + + /* Check large buffer encryption/decryption. */ + check_ocb_cipher_largebuf(GCRY_CIPHER_AES, 16, + "\xf5\xf3\x12\x7d\x58\x2d\x96\xe8" + "\x33\xfd\x7a\x4f\x42\x60\x5d\x20"); + check_ocb_cipher_largebuf(GCRY_CIPHER_AES256, 32, + "\xfa\x26\xa5\xbf\xf6\x7d\x3a\x8d" + "\xfe\x96\x67\xc9\xc8\x41\x03\x51"); } ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm-intel-pclmul.c | 7 + cipher/cipher-internal.h | 5 + cipher/cipher-ocb.c | 84 ++++--- cipher/cipher.c | 2 + cipher/rijndael-aesni.c | 489 +++++++++++++++++++++++++++++++++++++++ cipher/rijndael-ssse3-amd64.c | 6 + cipher/rijndael.c | 161 +++++++++++++ src/cipher.h | 4 + tests/basic.c | 174 ++++++++++++++ 9 files changed, 903 insertions(+), 29 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Apr 29 18:28:05 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 29 Apr 2015 18:28:05 +0200 Subject: [git] gnupg-doc - branch, master, updated. ed98b989b2ce9a261fc0b773e6e1a1f1fdf4fa90 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via ed98b989b2ce9a261fc0b773e6e1a1f1fdf4fa90 (commit) from 729b5bb5dd49a1febe314dbeaf79ce71aebb5018 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ed98b989b2ce9a261fc0b773e6e1a1f1fdf4fa90 Author: Werner Koch Date: Wed Apr 29 18:18:19 2015 +0200 blog: Updated the g10 Code numbers for 2014. diff --git a/misc/blog.gnupg.org/20141214-gnupg-and-g10.org b/misc/blog.gnupg.org/20141214-gnupg-and-g10.org index 6d2d838..0a325c0 100644 --- a/misc/blog.gnupg.org/20141214-gnupg-and-g10.org +++ b/misc/blog.gnupg.org/20141214-gnupg-and-g10.org @@ -43,7 +43,7 @@ most of the revenues but they are not easy to acquire. In the last years we had problems to get new GnuPG related development contracts which turned the company into a one-person show by fall 2012. I actually planned to shut it down in 2013 and to take a straight coder -job somewhere. However, as a side effect of Edward Snowden?s brave +job somewhere. However, as a side effect of Edward Snowden?s brave actions, there was more public demand for privacy tools and thus I concluded that it is worth to keep on working on GnuPG. @@ -74,3 +74,8 @@ crowdfunding campaign last year proved that there are many people who like to see GnuPG alive and maintained. Despite the huge [[file:20140512-rewards-sent.org][costs]] of the campaign it allowed me to keep working on GnuPG and I am confident that there will be ways to continue work in 2015. + +** Update 2015-04-29 + +Due to the successful funding campaign the above listed estimated +profit for 2014 was overtopped and reached 34000 Euro. ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20141214-gnupg-and-g10.org | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 30 07:31:45 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 30 Apr 2015 07:31:45 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-22-g01a2a61 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 01a2a61bc4b34817c4216888265f65d59a33dad3 (commit) from 172b6193488f433a206fd88f85d8c4a5d1eb7fdf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 01a2a61bc4b34817c4216888265f65d59a33dad3 Author: NIIBE Yutaka Date: Thu Apr 30 12:36:38 2015 +0900 scd: PC/SC reader selection by partial string match. * scd/apdu.c (open_pcsc_reader_direct): Partial string match. -- The card reader name by PC/SC service might include USB bus, which varies (on some platform like GNU/Linux). Thus, it's better to match partial string. Original patch was submitted by anstein. I changed it to fallback to the first reader if no match found. Note that we need to change pcsc-wrapper.c in 2.0 backport. GnuPG-bug-id: 1618, 1930 diff --git a/scd/apdu.c b/scd/apdu.c index f6cca8c..189fd4a 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1911,6 +1911,7 @@ open_pcsc_reader_direct (const char *portstr) long err; int slot; char *list = NULL; + char *rdrname = NULL; pcsc_dword_t nreader; char *p; @@ -1963,18 +1964,22 @@ open_pcsc_reader_direct (const char *portstr) { if (!*p && !p[1]) break; - if (*p) - log_info ("detected reader '%s'\n", p); + log_info ("detected reader '%s'\n", p); if (nreader < (strlen (p)+1)) { log_error ("invalid response from pcsc_list_readers\n"); break; } + if (!rdrname && portstr && !strncmp (p, portstr, strlen (portstr))) + rdrname = p; nreader -= strlen (p)+1; p += strlen (p) + 1; } - reader_table[slot].rdrname = xtrymalloc (strlen (portstr? portstr : list)+1); + if (!rdrname) + rdrname = list; + + reader_table[slot].rdrname = xtrystrdup (rdrname); if (!reader_table[slot].rdrname) { log_error ("error allocating memory for reader name\n"); @@ -1983,7 +1988,6 @@ open_pcsc_reader_direct (const char *portstr) unlock_slot (slot); return -1; } - strcpy (reader_table[slot].rdrname, portstr? portstr : list); xfree (list); list = NULL; ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 30 10:24:17 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 30 Apr 2015 10:24:17 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-16-g43429c7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 43429c7869152f301157e4b24790b3801dce0f0a (commit) from c8c88bdd98e56d08b1965c620173731d3c6ffd03 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 43429c7869152f301157e4b24790b3801dce0f0a Author: NIIBE Yutaka Date: Thu Apr 30 17:02:42 2015 +0900 g10: fix cmp_public_key and cmp_secret_keys. * g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque data at the first entry of the array when it's unknown algo. * configure.ac (NEED_LIBGCRYPT_VERSION): Require 1.5.0. -- GnuPG-bug-id: 1962 diff --git a/NEWS b/NEWS index fe58b12..7b87ca9 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ Noteworthy changes in version 2.0.28 (unreleased) ------------------------------------------------- + * Libgcrypt 1.5 is now required. + Noteworthy changes in version 2.0.27 (2015-02-18) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index abd9518..c93e762 100644 --- a/configure.ac +++ b/configure.ac @@ -47,7 +47,7 @@ AC_INIT([gnupg],[mym4_full_version], [http://bugs.gnupg.org]) NEED_GPG_ERROR_VERSION=1.11 NEED_LIBGCRYPT_API=1 -NEED_LIBGCRYPT_VERSION=1.4.0 +NEED_LIBGCRYPT_VERSION=1.5.0 NEED_LIBASSUAN_API=2 NEED_LIBASSUAN_VERSION=2.0.0 diff --git a/g10/free-packet.c b/g10/free-packet.c index 85f23ce..9b42cfd 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -452,11 +452,14 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b ) return -1; n = pubkey_get_npkey( b->pubkey_algo ); - if( !n ) - return -1; /* can't compare due to unknown algorithm */ - for(i=0; i < n; i++ ) { - if( mpi_cmp( a->pkey[i], b->pkey[i] ) ) - return -1; + if( !n ) { /* unknown algorithm, rest is in opaque MPI */ + if( mpi_cmp( a->pkey[0], b->pkey[0] ) ) + return -1; /* can't compare due to unknown algorithm */ + } else { + for(i=0; i < n; i++ ) { + if( mpi_cmp( a->pkey[i], b->pkey[i] ) ) + return -1; + } } return 0; @@ -479,11 +482,14 @@ cmp_secret_keys( PKT_secret_key *a, PKT_secret_key *b ) return -1; n = pubkey_get_npkey( b->pubkey_algo ); - if( !n ) - return -1; /* can't compare due to unknown algorithm */ - for(i=0; i < n; i++ ) { - if( mpi_cmp( a->skey[i], b->skey[i] ) ) + if( !n ) { /* unknown algorithm, rest is in opaque MPI */ + if( mpi_cmp( a->skey[0], b->skey[0] ) ) return -1; + } else { + for(i=0; i < n; i++ ) { + if( mpi_cmp( a->skey[i], b->skey[i] ) ) + return -1; + } } return 0; ----------------------------------------------------------------------- Summary of changes: NEWS | 2 ++ configure.ac | 2 +- g10/free-packet.c | 24 +++++++++++++++--------- 3 files changed, 18 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Apr 30 10:24:39 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 30 Apr 2015 10:24:39 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.19-4-g04667ca Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 04667cabef2d6aaa214b288482bb902c891893a5 (commit) from 506eb6fec67f170827777f2f44ced6f50745a0ad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 04667cabef2d6aaa214b288482bb902c891893a5 Author: NIIBE Yutaka Date: Thu Apr 30 17:20:08 2015 +0900 g10: fix cmp_public_key and cmp_secret_keys. * g10/free-packet.c (cmp_public_keys, cmp_secret_keys): Compare opaque data at the first entry of the array when it's unknown algo. * mpi/mpi-cmp.c (mpi_cmp): Backport libgcrypt 1.5.0's semantics. -- (backported from 2.0 commit 43429c7869152f301157e4b24790b3801dce0f0a) GnuPG-bug-id: 1962 diff --git a/g10/free-packet.c b/g10/free-packet.c index 0f8e0e8..e772c08 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -452,11 +452,14 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b ) return -1; n = pubkey_get_npkey( b->pubkey_algo ); - if( !n ) - return -1; /* can't compare due to unknown algorithm */ - for(i=0; i < n; i++ ) { - if( mpi_cmp( a->pkey[i], b->pkey[i] ) ) + if( !n ) { /* unknown algorithm, rest is in opaque MPI */ + if( mpi_cmp( a->pkey[0], b->pkey[0] ) ) return -1; + } else { + for(i=0; i < n; i++ ) { + if( mpi_cmp( a->pkey[i], b->pkey[i] ) ) + return -1; + } } return 0; @@ -479,11 +482,14 @@ cmp_secret_keys( PKT_secret_key *a, PKT_secret_key *b ) return -1; n = pubkey_get_npkey( b->pubkey_algo ); - if( !n ) - return -1; /* can't compare due to unknown algorithm */ - for(i=0; i < n; i++ ) { - if( mpi_cmp( a->skey[i], b->skey[i] ) ) + if( !n ) { /* unknown algorithm, rest is in opaque MPI */ + if( mpi_cmp( a->skey[0], b->skey[0] ) ) return -1; + } else { + for(i=0; i < n; i++ ) { + if( mpi_cmp( a->skey[i], b->skey[i] ) ) + return -1; + } } return 0; diff --git a/mpi/mpi-cmp.c b/mpi/mpi-cmp.c index e119fad..3c1322a 100644 --- a/mpi/mpi-cmp.c +++ b/mpi/mpi-cmp.c @@ -20,6 +20,7 @@ #include #include #include +#include #include "mpi-internal.h" int @@ -49,6 +50,21 @@ mpi_cmp( MPI u, MPI v ) mpi_size_t usize, vsize; int cmp; + if (mpi_is_opaque (u) || mpi_is_opaque (v)) + { + if (mpi_is_opaque (u) && !mpi_is_opaque (v)) + return -1; + if (!mpi_is_opaque (u) && mpi_is_opaque (v)) + return 1; + if (!u->nbits && !v->nbits) + return 0; /* Empty buffers are identical. */ + if (u->nbits < v->nbits) + return -1; + if (u->nbits > v->nbits) + return 1; + return memcmp (u->d, v->d, u->nbits); + } + mpi_normalize( u ); mpi_normalize( v ); usize = u->nlimbs; ----------------------------------------------------------------------- Summary of changes: g10/free-packet.c | 22 ++++++++++++++-------- mpi/mpi-cmp.c | 16 ++++++++++++++++ 2 files changed, 30 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org