EdDSA and Ed25519

From cvs at cvs.gnupg.org Mon Aug 3 13:01:49 2015 From: cvs at cvs.gnupg.org (by Hugo Roy) Date: Mon, 03 Aug 2015 13:01:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-28-gd22be79 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d22be79d9b5f40a81d1e1198f7839c38570cd543 (commit) from 328a6b6459a5ce4a70b374262f221ada20c40878 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d22be79d9b5f40a81d1e1198f7839c38570cd543 Author: Hugo Roy Date: Mon Aug 3 12:34:15 2015 +0200 doc: Two typo fixes. -- diff --git a/doc/HACKING b/doc/HACKING index fe33d99..c1cd348 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -71,8 +71,8 @@ Note that such a comment will be removed if the git commit option file "DCO". (Except for a slight wording change, this DCO is identical to the one used by the Linux kernel.) - If your want to contribute code or documentation to GnuPG and you - didn't signed a copyright assignment with the FSF in the past, you + If you want to contribute code or documentation to GnuPG and you + didn't sign a copyright assignment with the FSF in the past, you need to take these simple steps: - Decide which mail address you want to use. Please have your real ----------------------------------------------------------------------- Summary of changes: doc/HACKING | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 3 19:22:08 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 03 Aug 2015 19:22:08 +0200 Subject: [git] gnupg-doc - branch, master, updated. f7f4f59a66a514a3554946e08ee16ebd2b219372 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via f7f4f59a66a514a3554946e08ee16ebd2b219372 (commit) via 21d50f340e9928ac79ac9bd3eb872cedef8b116f (commit) from c99978e0854e90a0af43f662280eb82e3b4580ed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f7f4f59a66a514a3554946e08ee16ebd2b219372 Author: Werner Koch Date: Mon Aug 3 19:11:43 2015 +0200 web: Change download links to https. diff --git a/web/download/index.org b/web/download/index.org index cc6268e..d629182 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -40,24 +40,24 @@ The table lists the different GnuPG packages, followed by required libraries, required tools, and optional software. - | Name | Version | Size | Tarball | Signature | - |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| - | | | | | | - | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG classic | {{{gnupg1_ver}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | - |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| - | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | - |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| - | Pinentry | {{{pinentry_ver}}} | {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | - |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| - | [[../related_software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | - |---------------+------------------------+-------------------------+----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | Name | Version | Size | Tarball | Signature | + |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | | | | | | + | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG classic | {{{gnupg1_ver}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | Pinentry | {{{pinentry_ver}}} | {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| + | [[../related_software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | + |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| {{{check_sig_note}}} diff --git a/web/swdb.mac b/web/swdb.mac index 3e6bd57..b1bc123 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -5,6 +5,7 @@ # Primary FTP server base directory # #+macro: ftp_base ftp://ftp.gnupg.org/gcrypt +#+macro: ftp_http_base https://gnupg.org/ftp/gcrypt # # GnuPG commit 21d50f340e9928ac79ac9bd3eb872cedef8b116f Author: Werner Koch Date: Tue Jul 28 13:13:21 2015 +0200 web: Add entries for Neal and Kai. diff --git a/web/people/index.org b/web/people/index.org index af24b66..6aa03fb 100644 --- a/web/people/index.org +++ b/web/people/index.org @@ -29,6 +29,7 @@ systems. Werner is a long time free software supporter and co-founder of the [[http://fsfe.org][FSFE]]. With the support of his brother he founded [[https://g10code.com][g10^code]] GmbH in 2001 to make GnuPG development his profession. + Werner is full time employed by g10^code. #+HTML:

@@ -76,6 +77,7 @@ Niibe is a long time free software hacker who joined the GnuPG project in 2011 and soon took over the development of the smartcard related code. He is also the person behind the [[https://fsij.org/gnuk][gnuk token]]. + Niibe?s work on GnuPG is financially supported by g10^code. #+HTML:

@@ -91,3 +93,31 @@ assembler optimized code for cryptographic algorithms in Libgcrypt. #+HTML:

+ +** Neal Walfied + + #+HTML:

+ #+HTML:

Neal Walfield

+ #+HTML:

+ + /Core components hacker/ + + Neal started to work on GnuPG in 2015 to support maintenance and + development in all areas. He is full time employed by g10^code. + + #+HTML:

+ +** Kai Michaelis + + #+HTML:

+ #+HTML:

Kai Michaelis

+ #+HTML:

+ + /Enigmail hacker/ + + Kai is working on the [[https://enigmail.net][Enigmail]] project since 2015. He is part time + employed by g10^code. + + #+HTML:

+ +# eof diff --git a/web/people/kai.png b/web/people/kai.png new file mode 100644 index 0000000..f75a213 Binary files /dev/null and b/web/people/kai.png differ diff --git a/web/people/neal.png b/web/people/neal.png new file mode 100644 index 0000000..f75a213 Binary files /dev/null and b/web/people/neal.png differ ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 36 ++++++++++++++++++------------------ web/people/index.org | 30 ++++++++++++++++++++++++++++++ web/people/{david.png => kai.png} | Bin web/people/{david.png => neal.png} | Bin web/swdb.mac | 1 + 5 files changed, 49 insertions(+), 18 deletions(-) copy web/people/{david.png => kai.png} (100%) copy web/people/{david.png => neal.png} (100%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 4 12:30:57 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 04 Aug 2015 12:30:57 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-29-gf05a63b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f05a63b10428df2878b1bb6fde57a2fc2aa99105 (commit) from d22be79d9b5f40a81d1e1198f7839c38570cd543 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f05a63b10428df2878b1bb6fde57a2fc2aa99105 Author: Werner Koch Date: Tue Aug 4 12:28:17 2015 +0200 gpg: Properly handle legacy keys while looking for a secret key. * g10/getkey.c (have_secret_key_with_kid): Skip legacy keys. -- This fixes GnuPG-bug-id: 2031 Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index f02e8c2..3a60161 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3058,8 +3058,14 @@ have_secret_key_with_kid (u32 *keyid) desc.mode = KEYDB_SEARCH_MODE_LONG_KID; desc.u.kid[0] = keyid[0]; desc.u.kid[1] = keyid[1]; - while (!result && !(err = keydb_search (kdbhd, &desc, 1, NULL))) + while (!result) { + err = keydb_search (kdbhd, &desc, 1, NULL); + if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY) + continue; + if (err) + break; + err = keydb_get_keyblock (kdbhd, &keyblock); if (err) { @@ -3085,6 +3091,7 @@ have_secret_key_with_kid (u32 *keyid) } release_kbnode (keyblock); } + keydb_release (kdbhd); return result; } ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 4 17:35:26 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 04 Aug 2015 17:35:26 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-30-g4a326d7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4a326d7c9a3b09efcccf4de00d6c003829ad89e8 (commit) from f05a63b10428df2878b1bb6fde57a2fc2aa99105 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4a326d7c9a3b09efcccf4de00d6c003829ad89e8 Author: Werner Koch Date: Tue Aug 4 17:32:08 2015 +0200 gpg: Fix duplicate key import due to legacy key in keyring. * g10/keydb.c (keydb_search_fpr): Skip legacy keys. -- A test case for this problem can be found at GnuPG-bug-id: 2031 Signed-off-by: Werner Koch diff --git a/g10/keydb.c b/g10/keydb.c index 68cf832..3dc9ec7 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1753,10 +1753,17 @@ keydb_search_kid (KEYDB_HANDLE hd, u32 *kid) gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr) { + gpg_error_t err; KEYDB_SEARCH_DESC desc; memset (&desc, 0, sizeof desc); desc.mode = KEYDB_SEARCH_MODE_FPR; memcpy (desc.u.fpr, fpr, MAX_FINGERPRINT_LEN); - return keydb_search (hd, &desc, 1, NULL); + do + { + err = keydb_search (hd, &desc, 1, NULL); + } + while (gpg_err_code (err) == GPG_ERR_LEGACY_KEY); + + return err; } ----------------------------------------------------------------------- Summary of changes: g10/keydb.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 5 01:04:58 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 05 Aug 2015 01:04:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-31-g0751571 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0751571cac0f5aef2862c34a184f7f09ad9cb203 (commit) from 4a326d7c9a3b09efcccf4de00d6c003829ad89e8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0751571cac0f5aef2862c34a184f7f09ad9cb203 Author: NIIBE Yutaka Date: Wed Aug 5 07:59:50 2015 +0900 scd: Fix ECC support. * scd/app-openpgp.c (send_key_attr): Send KEYNO. (get_public_key): Fix SEXP composing. (ecc_writekey): Fix OID length calculation. (ecc_oid): Prepend the length before query. (parse_algorithm_attribute): Handle the case the curve is not available. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 87208f4..83465f4 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -914,7 +914,7 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno) openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid)); } else - snprintf (buffer, sizeof buffer, "0 0 UNKNOWN"); + snprintf (buffer, sizeof buffer, "%d 0 0 UNKNOWN", keyno+1); send_status_direct (ctrl, keyword, buffer); } @@ -1434,11 +1434,15 @@ get_public_key (app_t app, int keyno) } else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC) { - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecc(curve%s)%s(q%b)))", - openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid), - app->app_local->keyattr[keyno].ecc.flags? - "(flags eddsa)" : "", + char *format; + + if (!app->app_local->keyattr[keyno].ecc.flags) + format = "(public-key(ecc(curve%s)(q%b)))"; + else + format = "(public-key(ecc(curve%s)(flags eddsa)(q%b)))"; + + err = gcry_sexp_build (&s_pkey, NULL, format, + openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid), (int)mlen, mbuf); if (err) goto leave; @@ -3375,7 +3379,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), goto leave; oidbuf = gcry_mpi_get_opaque (oid, &n); - oid_len = n; + oid_len = (n+7)/8; if (!oidbuf) { err = gpg_error_from_syserror (); @@ -3383,8 +3387,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), goto leave; } err = store_fpr (app, keyno, created_at, fprbuf, algo, - oidbuf, oid_len, ecc_q, ecc_q_len, - "\x03\x01\x08\x07", (size_t)4); + oidbuf, oid_len, ecc_q, ecc_q_len, + "\x03\x01\x08\x07", (size_t)4); gcry_mpi_release (oid); } @@ -4362,16 +4366,32 @@ parse_historical (struct app_local_s *apploc, } +/* + * Check if the OID in an DER encoding is available by GnuPG/libgcrypt, + * and return the constant string in dotted decimal form. + * Return NULL if not available. + * The constant string is not allocated dynamically, never free it. + */ static const char * ecc_oid (unsigned char *buf, size_t buflen) { gcry_mpi_t oid; char *oidstr; const char *result; + unsigned char *oidbuf; + oidbuf = xtrymalloc (buflen + 1); + if (!oidbuf) + return NULL; + + memcpy (oidbuf+1, buf, buflen); + oidbuf[0] = buflen; oid = gcry_mpi_set_opaque (NULL, buf, buflen * 8); if (!oid) - return NULL; + { + xfree (oidbuf); + return NULL; + } oidstr = openpgp_oid_to_str (oid); gcry_mpi_release (oid); @@ -4441,13 +4461,20 @@ parse_algorithm_attribute (app_t app, int keyno) else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA || *buffer == PUBKEY_ALGO_EDDSA) { - app->app_local->keyattr[keyno].key_type = KEY_TYPE_ECC; - app->app_local->keyattr[keyno].ecc.oid = ecc_oid (buffer + 1, buflen - 1); - app->app_local->keyattr[keyno].ecc.flags = (*buffer == PUBKEY_ALGO_EDDSA); - if (opt.verbose) - log_printf - ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.oid, - app->app_local->keyattr[keyno].ecc.flags ? " (eddsa)": ""); + const char *oid = ecc_oid (buffer + 1, buflen - 1); + + if (!oid) + log_printhex ("Curve with OID not supported: ", buffer+1, buflen-1); + else + { + app->app_local->keyattr[keyno].key_type = KEY_TYPE_ECC; + app->app_local->keyattr[keyno].ecc.oid = oid; + app->app_local->keyattr[keyno].ecc.flags = (*buffer == PUBKEY_ALGO_EDDSA); + if (opt.verbose) + log_printf + ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.oid, + app->app_local->keyattr[keyno].ecc.flags ? " (eddsa)": ""); + } } else if (opt.verbose) log_printhex ("", buffer, buflen); ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 61 +++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 5 01:18:52 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 05 Aug 2015 01:18:52 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-32-gd088d2c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d088d2c81690a89051349ddc8a82fe222625f4e0 (commit) from 0751571cac0f5aef2862c34a184f7f09ad9cb203 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d088d2c81690a89051349ddc8a82fe222625f4e0 Author: NIIBE Yutaka Date: Wed Aug 5 08:17:46 2015 +0900 scd: Fix ecc_oid. * scd/app-openpgp.c (ecc_oid): Call with OIDBUF. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 83465f4..cc95773 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -4386,7 +4386,7 @@ ecc_oid (unsigned char *buf, size_t buflen) memcpy (oidbuf+1, buf, buflen); oidbuf[0] = buflen; - oid = gcry_mpi_set_opaque (NULL, buf, buflen * 8); + oid = gcry_mpi_set_opaque (NULL, oidbuf, (buflen+1) * 8); if (!oid) { xfree (oidbuf); ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 6 09:51:48 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 06 Aug 2015 09:51:48 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-33-ga6e4053 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a6e40530898622fbc5d76557a7da5e69368ecaa4 (commit) from d088d2c81690a89051349ddc8a82fe222625f4e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a6e40530898622fbc5d76557a7da5e69368ecaa4 Author: NIIBE Yutaka Date: Thu Aug 6 16:44:03 2015 +0900 common: extend API of openpgp_oid_to_curve for canonical name. * common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument. * common/util.h: Update. * g10/import.c (transfer_secret_keys): Follow the change. * g10/keyid.c (pubkey_string): Likewise. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise. * parse-packet.c (parse_key): Likewise. * scd/app-openpgp.c (send_key_attr, get_public_key): Likewise. -- Change the function so that caller can select canonical name of curve or name for printing. Suggested by wk. diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index 676079c..af91bb1 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -333,10 +333,10 @@ openpgp_curve_to_oid (const char *name, unsigned int *r_nbits) /* Map an OpenPGP OID to the Libgcrypt curve NAME. Returns NULL for - unknown curve names. We prefer an alias name here which is more - suitable for printing. */ + unknown curve names. Unless CANON is set we prefer an alias name + here which is more suitable for printing. */ const char * -openpgp_oid_to_curve (const char *oidstr) +openpgp_oid_to_curve (const char *oidstr, int canon) { int i; @@ -345,7 +345,7 @@ openpgp_oid_to_curve (const char *oidstr) for (i=0; oidtable[i].name; i++) if (!strcmp (oidtable[i].oidstr, oidstr)) - return oidtable[i].alias? oidtable[i].alias : oidtable[i].name; + return !canon && oidtable[i].alias? oidtable[i].alias : oidtable[i].name; return NULL; } diff --git a/common/util.h b/common/util.h index 90acefa..df0f392 100644 --- a/common/util.h +++ b/common/util.h @@ -323,7 +323,7 @@ gpg_error_t openpgp_oid_from_str (const char *string, gcry_mpi_t *r_mpi); char *openpgp_oid_to_str (gcry_mpi_t a); int openpgp_oid_is_ed25519 (gcry_mpi_t a); const char *openpgp_curve_to_oid (const char *name, unsigned int *r_nbits); -const char *openpgp_oid_to_curve (const char *oid); +const char *openpgp_oid_to_curve (const char *oid, int canon); const char *openpgp_enum_curves (int *idxp); diff --git a/g10/import.c b/g10/import.c index 0a2ebcd..e92769d 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1414,7 +1414,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, err = gpg_error_from_syserror (); else { - const char *curvename = openpgp_oid_to_curve (curvestr); + const char *curvename = openpgp_oid_to_curve (curvestr, 1); err = gcry_sexp_build (&curve, NULL, "(curve %s)", curvename?curvename:curvestr); xfree (curvestr); diff --git a/g10/keyid.c b/g10/keyid.c index 6b6f670..68990c8 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -119,7 +119,7 @@ pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize) else if (prefix) { char *curve = openpgp_oid_to_str (pk->pkey[0]); - const char *name = openpgp_oid_to_curve (curve); + const char *name = openpgp_oid_to_curve (curve, 0); if (name) snprintf (buffer, bufsize, "%s", name); diff --git a/g10/keylist.c b/g10/keylist.c index d81e7dd..b43165f 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1091,7 +1091,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, || pk2->pubkey_algo == PUBKEY_ALGO_ECDH) { char *curve = openpgp_oid_to_str (pk2->pkey[0]); - const char *name = openpgp_oid_to_curve (curve); + const char *name = openpgp_oid_to_curve (curve, 0); if (!name) name = curve; es_fprintf (es_stdout, " %s", name); @@ -1358,7 +1358,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr) || pk->pubkey_algo == PUBKEY_ALGO_ECDH) { char *curve = openpgp_oid_to_str (pk->pkey[0]); - const char *name = openpgp_oid_to_curve (curve); + const char *name = openpgp_oid_to_curve (curve, 0); if (!name) name = curve; es_fputs (name, es_stdout); @@ -1487,7 +1487,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr) || pk->pubkey_algo == PUBKEY_ALGO_ECDH) { char *curve = openpgp_oid_to_str (pk->pkey[0]); - const char *name = openpgp_oid_to_curve (curve); + const char *name = openpgp_oid_to_curve (curve, 0); if (!name) name = curve; es_fputs (name, es_stdout); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 6131d32..478612a 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2086,7 +2086,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, || algorithm == PUBKEY_ALGO_ECDH) && i==0) { char *curve = openpgp_oid_to_str (pk->pkey[0]); - const char *name = openpgp_oid_to_curve (curve); + const char *name = openpgp_oid_to_curve (curve, 0); es_fprintf (listfp, " %s (%s)", name?name:"", curve); xfree (curve); } diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index cc95773..637f6b1 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -911,7 +911,7 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno) keyno+1, app->app_local->keyattr[keyno].ecc.flags? PUBKEY_ALGO_EDDSA: (keyno==1? PUBKEY_ALGO_ECDH: PUBKEY_ALGO_ECDSA), - openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid)); + openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 0)); } else snprintf (buffer, sizeof buffer, "%d 0 0 UNKNOWN", keyno+1); @@ -1442,7 +1442,7 @@ get_public_key (app_t app, int keyno) format = "(public-key(ecc(curve%s)(flags eddsa)(q%b)))"; err = gcry_sexp_build (&s_pkey, NULL, format, - openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid), + openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 1), (int)mlen, mbuf); if (err) goto leave; ----------------------------------------------------------------------- Summary of changes: common/openpgp-oid.c | 8 ++++---- common/util.h | 2 +- g10/import.c | 2 +- g10/keyid.c | 2 +- g10/keylist.c | 6 +++--- g10/parse-packet.c | 2 +- scd/app-openpgp.c | 4 ++-- 7 files changed, 13 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 6 10:27:58 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 06 Aug 2015 10:27:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-34-ge5891a8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e5891a82c39997b65ce9ff90eb6120db7bedd399 (commit) from a6e40530898622fbc5d76557a7da5e69368ecaa4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e5891a82c39997b65ce9ff90eb6120db7bedd399 Author: NIIBE Yutaka Date: Thu Aug 6 17:00:41 2015 +0900 Curve25519 support. * agent/cvt-openpgp.c (get_keygrip): Handle Curve25519. (convert_secret_key, convert_transfer_key): Ditto. * common/openpgp-oid.c (oidtable): Add Curve25519. (oid_crv25519, openpgp_oid_is_crv25519): New. * common/util.h (openpgp_oid_is_crv25519): New. * g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case with Montgomery curve which uses x-only coordinate. * g10/keygen.c (gen_ecc): Handle Curve25519. (ask_curve): Change the API and second arg is to return subkey algo. (generate_keypair, generate_subkeypair): Follow chage of ask_curve. * g10/keyid.c (keygrip_from_pk): Handle Curve25519. * g10/pkglue.c (pk_encrypt): Handle Curve25519. * g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve. * scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New. (send_key_attr): Work with general ECC, Ed25519, and Curve25519. (get_public_key): Likewise. (ecc_writekey): Handle flag_djb_tweak. -- When libgcrypt has Curve25519, GnuPG now supports Curve25519. diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 562179b..39ccba2 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -83,14 +83,25 @@ get_keygrip (int pubkey_algo, const char *curve, gcry_mpi_t *pkey, case GCRY_PK_ECC: if (!curve) err = gpg_error (GPG_ERR_BAD_SECKEY); - else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecc(curve %s)(flags eddsa)(q%m)))", - "Ed25519", pkey[0]); else - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecc(curve %s)(q%m)))", - curve, pkey[0]); + { + const char *format; + + if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) + { + format = "(public-key(ecc(curve %s)(flags eddsa)(q%m)))"; + curve = "Ed25519"; + } + else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL))) + { + format = "(public-key(ecc(curve %s)(flags djb-tweak)(q%m)))"; + curve = "Curve25519"; + } + else + format = "(public-key(ecc(curve %s)(q%m)))"; + + err = gcry_sexp_build (&s_pkey, NULL, format, curve, pkey[0]); + } break; default: @@ -146,19 +157,27 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, case GCRY_PK_ECC: if (!curve) err = gpg_error (GPG_ERR_BAD_SECKEY); - else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) + else { - /* Do not store the OID as name but the real name and the - EdDSA flag. */ - err = gcry_sexp_build (&s_skey, NULL, - "(private-key(ecc(curve%s)(flags eddsa)" - "(q%m)(d%m)))", - "Ed25519", skey[0], skey[1]); + const char *format; + + if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) + { + /* Do not store the OID as name but the real name and the + EdDSA flag. */ + format = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))"; + curve = "Ed25519"; + } + else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL))) + { + format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))"; + curve = "Curve25519"; + } + else + format = "(private-key(ecc(curve %s)(q%m)(d%m)))"; + + err = gcry_sexp_build (&s_skey, NULL, format, curve, skey[0], skey[1]); } - else - err = gcry_sexp_build (&s_skey, NULL, - "(private-key(ecc(curve%s)(q%m)(d%m)))", - curve, skey[0], skey[1]); break; default: @@ -216,22 +235,30 @@ convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, case GCRY_PK_ECC: if (!curve) err = gpg_error (GPG_ERR_BAD_SECKEY); - else if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) + else { - /* Do not store the OID as name but the real name and the - EdDSA flag. */ - err = gcry_sexp_build - (&s_skey, NULL, - "(protected-private-key(ecc(curve%s)(flags eddsa)(q%m)" - "(protected openpgp-native%S)))", - "Ed25519", skey[0], transfer_key); + const char *format; + + if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) + { + /* Do not store the OID as name but the real name and the + EdDSA flag. */ + format = "(protected-private-key(ecc(curve %s)(flags eddsa)(q%m)" + "(protected openpgp-native%S)))"; + curve = "Ed25519"; + } + else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL))) + { + format = "(protected-private-key(ecc(curve %s)(flags djb-tweak)(q%m)" + "(protected openpgp-native%S)))"; + curve = "Curve25519"; + } + else + format = "(protected-private-key(ecc(curve %s)(q%m)" + "(protected openpgp-native%S)))"; + + err = gcry_sexp_build (&s_skey, NULL, format, curve, skey[0], transfer_key); } - else - err = gcry_sexp_build - (&s_skey, NULL, - "(protected-private-key(ecc(curve%s)(q%m)" - "(protected openpgp-native%S)))", - curve, skey[0], transfer_key); break; default: diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index af91bb1..afda376 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -45,6 +45,7 @@ static struct { const char *alias; /* NULL or alternative name of the curve. */ } oidtable[] = { + { "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "crv25519" }, { "Ed25519", "1.3.6.1.4.1.11591.15.1", 255, "ed25519" }, { "NIST P-256", "1.2.840.10045.3.1.7", 256, "nistp256" }, @@ -65,6 +66,10 @@ static struct { static const char oid_ed25519[] = { 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01 }; +/* The OID for Curve25519 in OpenPGP format. */ +static const char oid_crv25519[] = + { 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01 }; + /* Helper for openpgp_oid_from_str. */ static size_t @@ -291,6 +296,22 @@ openpgp_oid_is_ed25519 (gcry_mpi_t a) } +int +openpgp_oid_is_crv25519 (gcry_mpi_t a) +{ + const unsigned char *buf; + unsigned int nbits; + size_t n; + + if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)) + return 0; + + buf = gcry_mpi_get_opaque (a, &nbits); + n = (nbits+7)/8; + return (n == DIM (oid_crv25519) + && !memcmp (buf, oid_crv25519, DIM (oid_crv25519))); +} + /* Map the Libgcrypt ECC curve NAME to an OID. If R_NBITS is not NULL store the bit size of the curve there. Returns NULL for unknown diff --git a/common/util.h b/common/util.h index df0f392..66749ea 100644 --- a/common/util.h +++ b/common/util.h @@ -322,6 +322,7 @@ size_t percent_unescape_inplace (char *string, int nulrepl); gpg_error_t openpgp_oid_from_str (const char *string, gcry_mpi_t *r_mpi); char *openpgp_oid_to_str (gcry_mpi_t a); int openpgp_oid_is_ed25519 (gcry_mpi_t a); +int openpgp_oid_is_crv25519 (gcry_mpi_t a); const char *openpgp_curve_to_oid (const char *name, unsigned int *r_nbits); const char *openpgp_oid_to_curve (const char *oid, int canon); const char *openpgp_enum_curves (int *idxp); diff --git a/g10/ecdh.c b/g10/ecdh.c index 9576a1c..a1b7ecf 100644 --- a/g10/ecdh.c +++ b/g10/ecdh.c @@ -134,9 +134,12 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi, } secret_x_size = (nbits+7)/8; - assert (nbytes > secret_x_size); - memmove (secret_x, secret_x+1, secret_x_size); - memset (secret_x+secret_x_size, 0, nbytes-secret_x_size); + assert (nbytes >= secret_x_size); + if ((nbytes & 1)) + /* Remove the "04" prefix of non-compressed format. */ + memmove (secret_x, secret_x+1, secret_x_size); + if (nbytes - secret_x_size) + memset (secret_x+secret_x_size, 0, nbytes-secret_x_size); if (DBG_CRYPTO) log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size ); diff --git a/g10/keygen.c b/g10/keygen.c index 796d18f..f03c148 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1520,6 +1520,13 @@ gen_ecc (int algo, const char *curve, kbnode_t pub_root, (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? " transient-key" : "")); + else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "Curve25519")) + keyparms = xtryasprintf + ("(genkey(ecc(curve %zu:%s)(flags djb-tweak comp%s)))", + strlen (curve), curve, + (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + " transient-key" : "")); else keyparms = xtryasprintf ("(genkey(ecc(curve %zu:%s)(flags nocomp%s)))", @@ -2125,7 +2132,7 @@ ask_keysize (int algo, unsigned int primary_keysize) function may adjust. Returns a malloced string with the name of the curve. BOTH tells that gpg creates a primary and subkey. */ static char * -ask_curve (int *algo, int both) +ask_curve (int *algo, int *subkey_algo) { struct { const char *name; @@ -2176,7 +2183,7 @@ ask_curve (int *algo, int both) continue; if (!gcry_pk_get_curve (keyparms, 0, NULL)) continue; - if (both && curves[idx].fix_curve) + if (subkey_algo && curves[idx].fix_curve) { /* Both Curve 25519 keys are to be created. Check that Libgcrypt also supports the real Curve25519. */ @@ -2241,6 +2248,11 @@ ask_curve (int *algo, int both) if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) && curves[idx].fix_curve) { + if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) + { + *subkey_algo = PUBKEY_ALGO_EDDSA; + result = xstrdup ("Ed25519"); + } *algo = PUBKEY_ALGO_EDDSA; result = xstrdup ("Ed25519"); } @@ -3672,7 +3684,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname, || algo == PUBKEY_ALGO_EDDSA || algo == PUBKEY_ALGO_ECDH) { - curve = ask_curve (&algo, both); + curve = ask_curve (&algo, &subkey_algo); r = xmalloc_clear( sizeof *r + 20 ); r->key = pKEYTYPE; sprintf( r->u.value, "%d", algo); @@ -3743,7 +3755,7 @@ generate_keypair (ctrl_t ctrl, int full, const char *fname, || algo == PUBKEY_ALGO_EDDSA || algo == PUBKEY_ALGO_ECDH) { - curve = ask_curve (&algo, 0); + curve = ask_curve (&algo, NULL); nbits = 0; r = xmalloc_clear (sizeof *r + strlen (curve)); r->key = pKEYCURVE; @@ -4292,7 +4304,7 @@ generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock) else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA || algo == PUBKEY_ALGO_ECDH) - curve = ask_curve (&algo, 0); + curve = ask_curve (&algo, NULL); else nbits = ask_keysize (algo, 0); diff --git a/g10/keyid.c b/g10/keyid.c index 68990c8..42a5f9f 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -766,9 +766,12 @@ keygrip_from_pk (PKT_public_key *pk, unsigned char *array) else { err = gcry_sexp_build (&s_pkey, NULL, - pk->pubkey_algo == PUBKEY_ALGO_EDDSA ? - "(public-key(ecc(curve%s)(flags eddsa)(q%m)))" - : "(public-key(ecc(curve%s)(q%m)))", + pk->pubkey_algo == PUBKEY_ALGO_EDDSA? + "(public-key(ecc(curve%s)(flags eddsa)(q%m)))": + (pk->pubkey_algo == PUBKEY_ALGO_ECDH + && openpgp_oid_is_crv25519 (pk->pkey[0]))? + "(public-key(ecc(curve%s)(flags djb-tweak)(q%m)))": + "(public-key(ecc(curve%s)(q%m)))", curve, pk->pkey[1]); xfree (curve); } diff --git a/g10/pkglue.c b/g10/pkglue.c index d72275b..a834621 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -228,9 +228,13 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data, rc = gpg_error_from_syserror (); else { + int with_djb_tweak_flag = openpgp_oid_is_crv25519 (pkey[0]); + /* Now use the ephemeral secret to compute the shared point. */ rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecdh(curve%s)(q%m)))", + with_djb_tweak_flag ? + "(public-key(ecdh(curve%s)(flags djb-tweak)(q%m)))" + : "(public-key(ecdh(curve%s)(q%m)))", curve, pkey[1]); xfree (curve); /* Put K into a simplified S-expression. */ diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index cb834af..fd7f812 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -250,8 +250,8 @@ get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid) if(err) goto leave; - /* Reuse NFRAME, which size is sufficient to include the session key. */ - err = gcry_mpi_print (GCRYMPI_FMT_USG, frame, nframe, &nframe, decoded); + xfree (frame); + err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &frame, &nframe, decoded); mpi_release (decoded); if (err) goto leave; diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 637f6b1..461c710 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -235,7 +235,7 @@ struct app_local_s { } keyattr[3]; }; -#define ECC_FLAG_EDDSA (1 << 0) +#define ECC_FLAG_DJB_TWEAK (1 << 0) /***** Local prototypes *****/ @@ -909,8 +909,9 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno) { snprintf (buffer, sizeof buffer, "%d %d %s", keyno+1, - app->app_local->keyattr[keyno].ecc.flags? PUBKEY_ALGO_EDDSA: - (keyno==1? PUBKEY_ALGO_ECDH: PUBKEY_ALGO_ECDSA), + keyno==1? PUBKEY_ALGO_ECDH : + app->app_local->keyattr[keyno].ecc.flags? + PUBKEY_ALGO_EDDSA : PUBKEY_ALGO_ECDSA, openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 0)); } else @@ -1378,59 +1379,52 @@ get_public_key (app_t app, int keyno) } } - - mbuf = xtrymalloc ( mlen + 1); + mbuf = xtrymalloc (mlen + 1); if (!mbuf) { err = gpg_error_from_syserror (); goto leave; } - /* Prepend numbers with a 0 if needed. */ + if ((app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA || (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC && !app->app_local->keyattr[keyno].ecc.flags)) && mlen && (*m & 0x80)) - { + { /* Prepend numbers with a 0 if needed for MPI. */ *mbuf = 0; memcpy (mbuf+1, m, mlen); mlen++; } - else - memcpy (mbuf, m, mlen); - - ebuf = xtrymalloc ( elen + 1); - if (!ebuf) - { - err = gpg_error_from_syserror (); - goto leave; - } - /* Prepend numbers with a 0 if needed. */ - if (elen && (*e & 0x80)) - { - *ebuf = 0; - memcpy (ebuf+1, e, elen); - elen++; + else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC + && app->app_local->keyattr[keyno].ecc.flags) + { /* Prepend 0x40 prefix. */ + *mbuf = 0x40; + memcpy (mbuf+1, m, mlen); + mlen++; } else - memcpy (ebuf, e, elen); + memcpy (mbuf, m, mlen); if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA) { - err = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%b)(e%b)))", - (int)mlen, mbuf, (int)elen, ebuf); - if (err) - goto leave; - - len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); - keybuf = xtrymalloc (len); - if (!keybuf) + ebuf = xtrymalloc (elen + 1); + if (!ebuf) { - gcry_sexp_release (s_pkey); err = gpg_error_from_syserror (); goto leave; } - gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len); - gcry_sexp_release (s_pkey); + /* Prepend numbers with a 0 if needed. */ + if (elen && (*e & 0x80)) + { + *ebuf = 0; + memcpy (ebuf+1, e, elen); + elen++; + } + else + memcpy (ebuf, e, elen); + + err = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%b)(e%b)))", + (int)mlen, mbuf, (int)elen, ebuf); } else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC) { @@ -1438,32 +1432,32 @@ get_public_key (app_t app, int keyno) if (!app->app_local->keyattr[keyno].ecc.flags) format = "(public-key(ecc(curve%s)(q%b)))"; + else if (keyno == 1) + format = "(public-key(ecc(curve%s)(flags djb-tweak)(q%b)))"; else format = "(public-key(ecc(curve%s)(flags eddsa)(q%b)))"; err = gcry_sexp_build (&s_pkey, NULL, format, openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid, 1), (int)mlen, mbuf); - if (err) - goto leave; - - len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); - - keybuf = xtrymalloc (len); - if (!keybuf) - { - gcry_sexp_release (s_pkey); - err = gpg_error_from_syserror (); - goto leave; - } - gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len); - gcry_sexp_release (s_pkey); } else + err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + + if (err) + goto leave; + + len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); + + keybuf = xtrymalloc (len); + if (!keybuf) { - err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); + gcry_sexp_release (s_pkey); + err = gpg_error_from_syserror (); goto leave; } + gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len); + gcry_sexp_release (s_pkey); app->app_local->pk[keyno].key = (unsigned char*)keybuf; app->app_local->pk[keyno].keylen = len - 1; /* Decrement for trailing '\0' */ @@ -3171,7 +3165,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), size_t ecc_q_len, ecc_d_len; u32 created_at = 0; const char *oidstr = NULL; - int flag_eddsa = 0; + int flag_djb_tweak = 0; int algo; /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)): @@ -3216,8 +3210,12 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; - if (tok && toklen == 5 && !memcmp (tok, "eddsa", 5)) - flag_eddsa = 1; + if (tok) + { + if ((toklen == 5 && !memcmp (tok, "eddsa", 5)) + || (toklen == 9 && !memcmp (tok, "djb-tweak", 9))) + flag_djb_tweak = 1; + } } else if (tok && toklen == 1) { @@ -3237,7 +3235,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; - if (tok && buf2 && !flag_eddsa) + if (tok && buf2 && !flag_djb_tweak) /* It's MPI. Strip off leading zero bytes and save. */ for (;toklen && !*tok; toklen--, tok++) ; @@ -3300,7 +3298,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } - if (flag_eddsa && keyno != 1) + if (flag_djb_tweak && keyno != 1) algo = PUBKEY_ALGO_EDDSA; else if (keyno == 1) algo = PUBKEY_ALGO_ECDH; @@ -3309,7 +3307,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_ECC || app->app_local->keyattr[keyno].ecc.oid != oidstr - || app->app_local->keyattr[keyno].ecc.flags != flag_eddsa) + || app->app_local->keyattr[keyno].ecc.flags != flag_djb_tweak) { log_error ("key attribute on card doesn't match\n"); err = gpg_error (GPG_ERR_INV_VALUE); @@ -4469,11 +4467,18 @@ parse_algorithm_attribute (app_t app, int keyno) { app->app_local->keyattr[keyno].key_type = KEY_TYPE_ECC; app->app_local->keyattr[keyno].ecc.oid = oid; - app->app_local->keyattr[keyno].ecc.flags = (*buffer == PUBKEY_ALGO_EDDSA); + if (*buffer == PUBKEY_ALGO_EDDSA + || (*buffer == PUBKEY_ALGO_ECDH + && !strcmp (app->app_local->keyattr[keyno].ecc.oid, + "1.3.6.1.4.1.3029.1.5.1"))) + app->app_local->keyattr[keyno].ecc.flags = ECC_FLAG_DJB_TWEAK; + else + app->app_local->keyattr[keyno].ecc.flags = 0; if (opt.verbose) log_printf ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.oid, - app->app_local->keyattr[keyno].ecc.flags ? " (eddsa)": ""); + !app->app_local->keyattr[keyno].ecc.flags ? "": + keyno==1? " (djb-tweak)": " (eddsa)"); } } else if (opt.verbose) ----------------------------------------------------------------------- Summary of changes: agent/cvt-openpgp.c | 91 +++++++++++++++++++++++++-------------- common/openpgp-oid.c | 21 +++++++++ common/util.h | 1 + g10/ecdh.c | 9 ++-- g10/keygen.c | 22 +++++++--- g10/keyid.c | 9 ++-- g10/pkglue.c | 6 ++- g10/pubkey-enc.c | 4 +- scd/app-openpgp.c | 119 +++++++++++++++++++++++++++------------------------ 9 files changed, 179 insertions(+), 103 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 6 13:46:11 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 06 Aug 2015 13:46:11 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-244-ge93f4c2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e93f4c21c59756604440ad8cbf27e67d29c99ffd (commit) from b4b1d872ba651bc44761b35d245b1a519a33f515 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e93f4c21c59756604440ad8cbf27e67d29c99ffd Author: NIIBE Yutaka Date: Thu Aug 6 17:31:41 2015 +0900 Add Curve25519 support. * cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519. * tests/curves.c (N_CURVES): It's 22 now. * src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New. * cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New. * cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New. * cipher/ecc.c (nist_generate_key): Handle the case of PUBKEY_FLAG_DJB_TWEAK and Montgomery curve. (test_ecdh_only_keys, check_secret_key): Likewise. (ecc_generate): Support Curve25519 which is Montgomery curve with flag PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP. (ecc_encrypt_raw): Get flags from KEYPARMS and handle PUBKEY_FLAG_DJB_TWEAK and Montgomery curve. (ecc_decrypt_raw): Likewise. (compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK. Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK. -- With PUBKEY_FLAG_DJB_TWEAK, secret key has msb set and it should be always multiple by cofactor. diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h index f0d97ea..4e528af 100644 --- a/cipher/ecc-common.h +++ b/cipher/ecc-common.h @@ -94,6 +94,9 @@ gcry_err_code_t _gcry_ecc_os2ec (mpi_point_t result, gcry_mpi_t value); mpi_point_t _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, mpi_point_t G, gcry_mpi_t d); +gpg_err_code_t _gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, + mpi_point_t result); + /*-- ecc.c --*/ /*-- ecc-ecdsa.c --*/ diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index 9975bb4..51d9e39 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -40,7 +40,7 @@ static const struct const char *other; /* Other name. */ } curve_aliases[] = { - /*{ "Curve25519", "1.3.6.1.4.1.3029.1.5.1" },*/ + { "Curve25519", "1.3.6.1.4.1.3029.1.5.1" }, { "Ed25519", "1.3.6.1.4.1.11591.15.1" }, { "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */ @@ -107,7 +107,8 @@ typedef struct const char *p; /* The prime defining the field. */ const char *a, *b; /* The coefficients. For Twisted Edwards - Curves b is used for d. */ + Curves b is used for d. For Montgomery + Curves a has (A-2)/4. */ const char *n; /* The order of the base point. */ const char *g_x, *g_y; /* Base point. */ const char *h; /* Cofactor. */ @@ -129,6 +130,18 @@ static const ecc_domain_parms_t domain_parms[] = "0x6666666666666666666666666666666666666666666666666666666666666658", "0x08" }, + { + /* (y^2 = x^3 + 486662*x^2 + x) */ + "Curve25519", 256, 0, + MPI_EC_MONTGOMERY, ECC_DIALECT_STANDARD, + "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED", + "0x01DB41", + "0x01", + "0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED", + "0x0000000000000000000000000000000000000000000000000000000000000009", + "0x20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9", + "0x08" + }, #if 0 /* No real specs yet found. */ { /* x^2 + y^2 = 1 + 3617x^2y^2 mod 2^414 - 17 */ diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c index 88266b5..2f2e593 100644 --- a/cipher/ecc-misc.c +++ b/cipher/ecc-misc.c @@ -287,3 +287,51 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec, return Q; } + + +gpg_err_code_t +_gcry_ecc_mont_decodepoint (gcry_mpi_t pk, mpi_ec_t ctx, mpi_point_t result) +{ + unsigned char *rawmpi; + unsigned int rawmpilen; + + if (mpi_is_opaque (pk)) + { + const unsigned char *buf; + unsigned char *p; + + buf = mpi_get_opaque (pk, &rawmpilen); + if (!buf) + return GPG_ERR_INV_OBJ; + rawmpilen = (rawmpilen + 7)/8; + + if (rawmpilen > 1 && (rawmpilen%2) && buf[0] == 0x40) + { + rawmpilen--; + buf++; + } + + rawmpi = xtrymalloc (rawmpilen? rawmpilen:1); + if (!rawmpi) + return gpg_err_code_from_syserror (); + + p = rawmpi + rawmpilen; + while (p > rawmpi) + *--p = *buf++; + } + else + { + /* Note: Without using an opaque MPI it is not reliable possible + to find out whether the public key has been given in + uncompressed format. Thus we expect native EdDSA format. */ + rawmpi = _gcry_mpi_get_buffer (pk, ctx->nbits/8, &rawmpilen, NULL); + if (!rawmpi) + return gpg_err_code_from_syserror (); + } + + _gcry_mpi_set_buffer (result->x, rawmpi, rawmpilen, 0); + xfree (rawmpi); + mpi_set_ui (result->z, 1); + + return 0; +} diff --git a/cipher/ecc.c b/cipher/ecc.c index e33f999..cc617f8 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -81,7 +81,7 @@ static void *progress_cb_data; /* Local prototypes. */ static void test_keys (ECC_secret_key * sk, unsigned int nbits); -static void test_ecdh_only_keys (ECC_secret_key * sk, unsigned int nbits); +static void test_ecdh_only_keys (ECC_secret_key * sk, unsigned int nbits, int flags); static unsigned int ecc_get_nbits (gcry_sexp_t parms); @@ -142,7 +142,7 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, random_level = GCRY_VERY_STRONG_RANDOM; /* Generate a secret. */ - if (ctx->dialect == ECC_DIALECT_ED25519) + if (ctx->dialect == ECC_DIALECT_ED25519 || (flags & PUBKEY_FLAG_DJB_TWEAK)) { char *rndbuf; @@ -174,7 +174,10 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, point_init (&sk->Q); x = mpi_new (pbits); - y = mpi_new (pbits); + if (r_y == NULL) + y = NULL; + else + y = mpi_new (pbits); if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx)) log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); @@ -187,7 +190,7 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, * possibilities without any loss of security. Note that we don't * do that for Ed25519 so that we do not violate the special * construction of the secret key. */ - if (E->dialect == ECC_DIALECT_ED25519) + if (r_y == NULL || E->dialect == ECC_DIALECT_ED25519) point_set (&sk->Q, &Q); else { @@ -231,7 +234,8 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, } *r_x = x; - *r_y = y; + if (r_y) + *r_y = y; point_free (&Q); /* Now we can test our keys (this should never fail!). */ @@ -240,7 +244,7 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, else if (sk->E.model != MPI_EC_MONTGOMERY) test_keys (sk, nbits - 64); else - test_ecdh_only_keys (sk, nbits - 64); + test_ecdh_only_keys (sk, nbits - 64, flags); return 0; } @@ -298,7 +302,7 @@ test_keys (ECC_secret_key *sk, unsigned int nbits) static void -test_ecdh_only_keys (ECC_secret_key *sk, unsigned int nbits) +test_ecdh_only_keys (ECC_secret_key *sk, unsigned int nbits, int flags) { ECC_public_key pk; gcry_mpi_t test; @@ -307,7 +311,7 @@ test_ecdh_only_keys (ECC_secret_key *sk, unsigned int nbits) mpi_ec_t ec; if (DBG_CIPHER) - log_debug ("Testing key.\n"); + log_debug ("Testing ECDH only key.\n"); point_init (&R_); @@ -315,7 +319,7 @@ test_ecdh_only_keys (ECC_secret_key *sk, unsigned int nbits) point_init (&pk.Q); point_set (&pk.Q, &sk->Q); - if (sk->E.dialect == ECC_DIALECT_ED25519) + if ((flags & PUBKEY_FLAG_DJB_TWEAK)) { char *rndbuf; @@ -340,7 +344,7 @@ test_ecdh_only_keys (ECC_secret_key *sk, unsigned int nbits) /* R_ = hkQ <=> R_ = hkdG */ _gcry_mpi_ec_mul_point (&R_, test, &pk.Q, ec); - if (sk->E.dialect != ECC_DIALECT_ED25519) + if (!(flags & PUBKEY_FLAG_DJB_TWEAK)) _gcry_mpi_ec_mul_point (&R_, ec->h, &R_, ec); if (_gcry_mpi_ec_get_affine (x0, NULL, &R_, ec)) log_fatal ("ecdh: Failed to get affine coordinates for hkQ\n"); @@ -348,7 +352,7 @@ test_ecdh_only_keys (ECC_secret_key *sk, unsigned int nbits) _gcry_mpi_ec_mul_point (&R_, test, &pk.E.G, ec); _gcry_mpi_ec_mul_point (&R_, sk->d, &R_, ec); /* R_ = hdkG */ - if (sk->E.dialect != ECC_DIALECT_ED25519) + if (!(flags & PUBKEY_FLAG_DJB_TWEAK)) _gcry_mpi_ec_mul_point (&R_, ec->h, &R_, ec); if (_gcry_mpi_ec_get_affine (x1, NULL, &R_, ec)) @@ -408,7 +412,7 @@ check_secret_key (ECC_secret_key *sk, mpi_ec_t ec, int flags) } /* Check order of curve. */ - if (sk->E.dialect != ECC_DIALECT_ED25519) + if (sk->E.dialect != ECC_DIALECT_ED25519 && !(flags & PUBKEY_FLAG_DJB_TWEAK)) { _gcry_mpi_ec_mul_point (&Q, sk->E.n, &sk->E.G, ec); if (mpi_cmp_ui (Q.z, 0)) @@ -571,7 +575,9 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, 0, E.p, E.a, E.b); - if ((flags & PUBKEY_FLAG_EDDSA)) + if (E.model == MPI_EC_MONTGOMERY) + rc = nist_generate_key (&sk, &E, ctx, flags, nbits, &Qx, NULL); + else if ((flags & PUBKEY_FLAG_EDDSA)) rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, flags); else rc = nist_generate_key (&sk, &E, ctx, flags, nbits, &Qx, &Qy); @@ -581,18 +587,38 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) /* Copy data to the result. */ Gx = mpi_new (0); Gy = mpi_new (0); - if (_gcry_mpi_ec_get_affine (Gx, Gy, &sk.E.G, ctx)) - log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G"); - base = _gcry_ecc_ec2os (Gx, Gy, sk.E.p); - if (sk.E.dialect == ECC_DIALECT_ED25519 && !(flags & PUBKEY_FLAG_NOCOMP)) + if (E.model != MPI_EC_MONTGOMERY) + { + if (_gcry_mpi_ec_get_affine (Gx, Gy, &sk.E.G, ctx)) + log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G"); + base = _gcry_ecc_ec2os (Gx, Gy, sk.E.p); + } + if ((sk.E.dialect == ECC_DIALECT_ED25519 || E.model == MPI_EC_MONTGOMERY) + && !(flags & PUBKEY_FLAG_NOCOMP)) { unsigned char *encpk; unsigned int encpklen; - /* (Gx and Gy are used as scratch variables) */ - rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, Gx, Gy, - !!(flags & PUBKEY_FLAG_COMP), - &encpk, &encpklen); + if (E.model != MPI_EC_MONTGOMERY) + /* (Gx and Gy are used as scratch variables) */ + rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, Gx, Gy, + !!(flags & PUBKEY_FLAG_COMP), + &encpk, &encpklen); + else + { + int off = !!(flags & PUBKEY_FLAG_COMP); + + encpk = _gcry_mpi_get_buffer_extra (Qx, ctx->nbits/8, off?-1:0, + &encpklen, NULL); + if (encpk == NULL) + rc = gpg_err_code_from_syserror (); + else + { + if (off) + encpk[0] = 0x40; + encpklen += off; + } + } if (rc) goto leave; public = mpi_new (0); @@ -619,15 +645,18 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) goto leave; } - if ((flags & PUBKEY_FLAG_PARAM) || (flags & PUBKEY_FLAG_EDDSA)) + if ((flags & PUBKEY_FLAG_PARAM) || (flags & PUBKEY_FLAG_EDDSA) + || (flags & PUBKEY_FLAG_DJB_TWEAK)) { rc = sexp_build (&curve_flags, NULL, ((flags & PUBKEY_FLAG_PARAM) && (flags & PUBKEY_FLAG_EDDSA))? "(flags param eddsa)" : + ((flags & PUBKEY_FLAG_PARAM) && (flags & PUBKEY_FLAG_EDDSA))? + "(flags param djb-tweak)" : ((flags & PUBKEY_FLAG_PARAM))? - "(flags param)" : - "(flags eddsa)"); + "(flags param)" : ((flags & PUBKEY_FLAG_EDDSA))? + "(flags eddsa)" : "(flags djb-tweak)" ); if (rc) goto leave; } @@ -1214,11 +1243,23 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) gcry_mpi_t data = NULL; ECC_public_key pk; mpi_ec_t ec = NULL; + int flags; memset (&pk, 0, sizeof pk); _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, ecc_get_nbits (keyparms)); + /* Look for flags. */ + l1 = sexp_find_token (keyparms, "flags", 0); + if (l1) + { + rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); + if (rc) + goto leave; + } + sexp_release (l1); + l1 = NULL; + /* * Extract the data. */ @@ -1237,7 +1278,9 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) /* * Extract the key. */ - rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?h?+q", + rc = sexp_extract_param (keyparms, NULL, + (flags & PUBKEY_FLAG_DJB_TWEAK)? + "-p?a?b?g?n?h?/q" : "-p?a?b?g?n?h?+q", &pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n, &pk.E.h, &mpi_q, NULL); if (rc) @@ -1289,26 +1332,34 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; } + /* Compute the encrypted value. */ + ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect, 0, + pk.E.p, pk.E.a, pk.E.b); + /* Convert the public key. */ if (mpi_q) { point_init (&pk.Q); - rc = _gcry_ecc_os2ec (&pk.Q, mpi_q); + if (ec->model == MPI_EC_MONTGOMERY) + rc = _gcry_ecc_mont_decodepoint (mpi_q, ec, &pk.Q); + else + rc = _gcry_ecc_os2ec (&pk.Q, mpi_q); if (rc) goto leave; } - /* Compute the encrypted value. */ - ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect, 0, - pk.E.p, pk.E.a, pk.E.b); - /* The following is false: assert( mpi_cmp_ui( R.x, 1 )==0 );, so */ { mpi_point_struct R; /* Result that we return. */ gcry_mpi_t x, y; + unsigned char *rawmpi; + unsigned int rawmpilen; x = mpi_new (0); - y = mpi_new (0); + if (ec->model == MPI_EC_MONTGOMERY) + y = NULL; + else + y = mpi_new (0); point_init (&R); @@ -1317,14 +1368,39 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) if (_gcry_mpi_ec_get_affine (x, y, &R, ec)) log_fatal ("ecdh: Failed to get affine coordinates for kdG\n"); - mpi_s = _gcry_ecc_ec2os (x, y, pk.E.p); + if (y) + mpi_s = _gcry_ecc_ec2os (x, y, pk.E.p); + else + { + rawmpi = _gcry_mpi_get_buffer (x, ec->nbits/8, &rawmpilen, NULL); + if (!rawmpi) + rc = gpg_err_code_from_syserror (); + else + { + mpi_s = mpi_new (0); + mpi_set_opaque (mpi_s, rawmpi, rawmpilen*8); + } + } /* R = kG */ _gcry_mpi_ec_mul_point (&R, data, &pk.E.G, ec); if (_gcry_mpi_ec_get_affine (x, y, &R, ec)) log_fatal ("ecdh: Failed to get affine coordinates for kG\n"); - mpi_e = _gcry_ecc_ec2os (x, y, pk.E.p); + if (y) + mpi_e = _gcry_ecc_ec2os (x, y, pk.E.p); + else + { + rawmpi = _gcry_mpi_get_buffer (x, ec->nbits/8, &rawmpilen, NULL); + if (!rawmpi) + rc = gpg_err_code_from_syserror (); + else + { + mpi_e = mpi_new (0); + mpi_set_opaque (mpi_e, rawmpi, rawmpilen*8); + } + } + mpi_free (x); mpi_free (y); @@ -1332,7 +1408,8 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) point_free (&R); } - rc = sexp_build (r_ciph, NULL, "(enc-val(ecdh(s%m)(e%m)))", mpi_s, mpi_e); + if (!rc) + rc = sexp_build (r_ciph, NULL, "(enc-val(ecdh(s%m)(e%m)))", mpi_s, mpi_e); leave: _gcry_mpi_release (pk.E.p); @@ -1348,6 +1425,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) _gcry_mpi_release (mpi_s); _gcry_mpi_release (mpi_e); xfree (curvename); + sexp_release (l1); _gcry_mpi_ec_free (ec); _gcry_pk_util_free_encoding_ctx (&ctx); if (DBG_CIPHER) @@ -1377,6 +1455,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) mpi_point_struct kG; mpi_point_struct R; gcry_mpi_t r = NULL; + int flags = 0; memset (&sk, 0, sizeof sk); point_init (&kG); @@ -1385,6 +1464,17 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT, ecc_get_nbits (keyparms)); + /* Look for flags. */ + l1 = sexp_find_token (keyparms, "flags", 0); + if (l1) + { + rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL); + if (rc) + goto leave; + } + sexp_release (l1); + l1 = NULL; + /* * Extract the data. */ @@ -1459,16 +1549,19 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) } + ec = _gcry_mpi_ec_p_internal_new (sk.E.model, sk.E.dialect, 0, + sk.E.p, sk.E.a, sk.E.b); + /* * Compute the plaintext. */ - rc = _gcry_ecc_os2ec (&kG, data_e); + if (ec->model == MPI_EC_MONTGOMERY) + rc = _gcry_ecc_mont_decodepoint (data_e, ec, &kG); + else + rc = _gcry_ecc_os2ec (&kG, data_e); if (rc) goto leave; - ec = _gcry_mpi_ec_p_internal_new (sk.E.model, sk.E.dialect, 0, - sk.E.p, sk.E.a, sk.E.b); - /* R = dkG */ _gcry_mpi_ec_mul_point (&R, sk.d, &kG, ec); @@ -1477,12 +1570,30 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) gcry_mpi_t x, y; x = mpi_new (0); - y = mpi_new (0); + if (ec->model == MPI_EC_MONTGOMERY) + y = NULL; + else + y = mpi_new (0); if (_gcry_mpi_ec_get_affine (x, y, &R, ec)) log_fatal ("ecdh: Failed to get affine coordinates\n"); - r = _gcry_ecc_ec2os (x, y, sk.E.p); + if (y) + r = _gcry_ecc_ec2os (x, y, sk.E.p); + else + { + unsigned char *rawmpi; + unsigned int rawmpilen; + + rawmpi = _gcry_mpi_get_buffer (x, ec->nbits/8, &rawmpilen, NULL); + if (!rawmpi) + rc = gpg_err_code_from_syserror (); + else + { + r = mpi_new (0); + mpi_set_opaque (r, rawmpi, rawmpilen*8); + } + } if (!r) rc = gpg_err_code_from_syserror (); else @@ -1604,7 +1715,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) /* Extract the parameters. */ if ((flags & PUBKEY_FLAG_PARAM)) { - if ((flags & PUBKEY_FLAG_EDDSA)) + if ((flags & PUBKEY_FLAG_DJB_TWEAK)) rc = sexp_extract_param (keyparms, NULL, "p?a?b?g?n?h?/q", &values[0], &values[1], &values[2], &values[3], &values[4], &values[5], @@ -1617,7 +1728,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) } else { - if ((flags & PUBKEY_FLAG_EDDSA)) + if ((flags & PUBKEY_FLAG_DJB_TWEAK)) rc = sexp_extract_param (keyparms, NULL, "/q", &values[6], NULL); else @@ -1674,12 +1785,9 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms) the compressed version. Because we don't support any non-eddsa compression, the only thing we need to do is to compress EdDSA. */ - if ((flags & PUBKEY_FLAG_EDDSA)) + if ((flags & PUBKEY_FLAG_DJB_TWEAK)) { - if (dialect == ECC_DIALECT_ED25519) - rc = _gcry_ecc_eddsa_ensure_compact (values[6], 256); - else - rc = GPG_ERR_NOT_IMPLEMENTED; + rc = _gcry_ecc_eddsa_ensure_compact (values[6], 256); if (rc) goto leave; } diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index afa3454..b958e7d 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -107,6 +107,7 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list, { encoding = PUBKEY_ENC_RAW; flags |= PUBKEY_FLAG_EDDSA; + flags |= PUBKEY_FLAG_DJB_TWEAK; } else if (!memcmp (s, "pkcs1", 5) && encoding == PUBKEY_ENC_UNKNOWN) { @@ -142,12 +143,17 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list, rc = GPG_ERR_INV_FLAG; break; - case 9: + case 9: if (!memcmp (s, "pkcs1-raw", 9) && encoding == PUBKEY_ENC_UNKNOWN) { encoding = PUBKEY_ENC_PKCS1_RAW; flags |= PUBKEY_FLAG_FIXEDLEN; } + else if (!memcmp (s, "djb-tweak", 9)) + { + encoding = PUBKEY_ENC_RAW; + flags |= PUBKEY_FLAG_DJB_TWEAK; + } else if (!igninvflag) rc = GPG_ERR_INV_FLAG; break; diff --git a/src/cipher.h b/src/cipher.h index 52f2695..89ae2e2 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -41,6 +41,7 @@ #define PUBKEY_FLAG_EDDSA (1 << 12) #define PUBKEY_FLAG_GOST (1 << 13) #define PUBKEY_FLAG_NO_KEYTEST (1 << 14) +#define PUBKEY_FLAG_DJB_TWEAK (1 << 15) enum pk_operation diff --git a/tests/curves.c b/tests/curves.c index 178a192..bec48e9 100644 --- a/tests/curves.c +++ b/tests/curves.c @@ -29,7 +29,7 @@ #include "../src/gcrypt-int.h" /* Number of curves defined in ../cipger/ecc.c */ -#define N_CURVES 21 +#define N_CURVES 22 /* A real world sample public key. */ static char const sample_key_1[] = ----------------------------------------------------------------------- Summary of changes: cipher/ecc-common.h | 3 + cipher/ecc-curves.c | 17 ++++- cipher/ecc-misc.c | 48 ++++++++++++ cipher/ecc.c | 202 +++++++++++++++++++++++++++++++++++++++------------ cipher/pubkey-util.c | 8 +- src/cipher.h | 1 + tests/curves.c | 2 +- 7 files changed, 230 insertions(+), 51 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 6 15:42:29 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Aug 2015 15:42:29 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-246-g10789e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 10789e3cdda7b944acb4b59624c34a2ccfaea6e5 (commit) via 1d896371fbc94c605fce35eabcde01e24dd22892 (commit) from e93f4c21c59756604440ad8cbf27e67d29c99ffd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 10789e3cdda7b944acb4b59624c34a2ccfaea6e5 Author: Werner Koch Date: Thu Aug 6 14:57:44 2015 +0200 tools: Fix memory leak for functions "I" and "G". * src/mpicalc.c (do_inv, do_gcd): Init A after stack check. -- Reported-by: Ismo Puustinen Signed-off-by: Werner Koch diff --git a/src/mpicalc.c b/src/mpicalc.c index f1fbbef..ebd1bbb 100644 --- a/src/mpicalc.c +++ b/src/mpicalc.c @@ -200,12 +200,14 @@ do_powm (void) static void do_inv (void) { - gcry_mpi_t a = mpi_new (0); + gcry_mpi_t a; + if (stackidx < 2) { fputs ("stack underflow\n", stderr); return; } + a = mpi_new (0); mpi_invm (a, stack[stackidx - 2], stack[stackidx - 1]); mpi_set (stack[stackidx - 2], a); mpi_release (a); @@ -215,12 +217,14 @@ do_inv (void) static void do_gcd (void) { - gcry_mpi_t a = mpi_new (0); + gcry_mpi_t a; + if (stackidx < 2) { fputs ("stack underflow\n", stderr); return; } + a = mpi_new (0); mpi_gcd (a, stack[stackidx - 2], stack[stackidx - 1]); mpi_set (stack[stackidx - 2], a); mpi_release (a); commit 1d896371fbc94c605fce35eabcde01e24dd22892 Author: Ismo Puustinen Date: Wed Aug 5 15:27:43 2015 +0300 ecc: Free memory also when in error branch. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_sign): Init DISGEST and goto leave on error. -- Fixing an issue found by static analysis. Signed-off-by: Ismo Puustinen Added DIGEST init and wrote Changelog. Signed-off-by: Werner Koch diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 4323d8e..1e95489 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -580,7 +580,7 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, mpi_ec_t ctx = NULL; int b; unsigned int tmp; - unsigned char *digest; + unsigned char *digest = NULL; gcry_buffer_t hvec[3]; const void *mbuf; size_t mlen; @@ -607,8 +607,10 @@ _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *skey, ctx = _gcry_mpi_ec_p_internal_new (skey->E.model, skey->E.dialect, 0, skey->E.p, skey->E.a, skey->E.b); b = (ctx->nbits+7)/8; - if (b != 256/8) - return GPG_ERR_INTERNAL; /* We only support 256 bit. */ + if (b != 256/8) { + rc = GPG_ERR_INTERNAL; /* We only support 256 bit. */ + goto leave; + } rc = _gcry_ecc_eddsa_compute_h_d (&digest, skey->d, ctx); if (rc) ----------------------------------------------------------------------- Summary of changes: cipher/ecc-eddsa.c | 8 +++++--- src/mpicalc.c | 8 ++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 6 17:12:20 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Aug 2015 17:12:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-35-g969542c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 969542c8c2f48a60c1d68b7bf70b0c00374bacba (commit) from e5891a82c39997b65ce9ff90eb6120db7bedd399 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 969542c8c2f48a60c1d68b7bf70b0c00374bacba Author: Werner Koch Date: Thu Aug 6 17:09:27 2015 +0200 gpg: Adjust UID line indentation for common key algos. * g10/keylist.c (list_keyblock_print): Change UID line indentation * g10/mainproc.c (list_node): Ditto. -- Due to the new keyalgo/size format the UID was not anymore printed properly aligned to the creation date. Although we can't do that in any case, this change does it for common algos like "rsa2048", "dsa2048", and "ed25519". Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index b43165f..0f4c85a 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1031,7 +1031,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, validity = uid_trust_string_fixed (pk, uid); indent = - (keystrlen () + 9) - + (keystrlen () + (opt.legacy_list_mode? 9:11)) - atoi (uid_trust_string_fixed (NULL, NULL)); if (indent < 0 || indent > 40) @@ -1040,7 +1040,8 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity); } else - es_fprintf (es_stdout, "uid%*s", (int) keystrlen () + 10, ""); + es_fprintf (es_stdout, "uid%*s", + (int) keystrlen () + (opt.legacy_list_mode? 10:12), ""); print_utf8_buffer (es_stdout, uid->name, uid->len); es_putc ('\n', es_stdout); diff --git a/g10/mainproc.c b/g10/mainproc.c index c90b9e3..f7b7c6b 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1031,7 +1031,9 @@ list_node (CTX c, kbnode_t node) es_printf ("%s:::::::::", node->pkt->pkt.user_id->attrib_data?"uat":"uid"); else - es_printf ("uid%*s", 28, "" ); + es_printf ("uid%*s", + (int)keystrlen ()+(opt.legacy_list_mode? 9:11), + "" ); print_userid (node->pkt); if (opt.with_colons) es_putc (':', es_stdout); ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 5 +++-- g10/mainproc.c | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 6 18:02:46 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Aug 2015 18:02:46 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-36-gfbb6c25 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fbb6c25ab5dbb5f2b1f1eb342ca7caa3f955d8c9 (commit) from 969542c8c2f48a60c1d68b7bf70b0c00374bacba (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fbb6c25ab5dbb5f2b1f1eb342ca7caa3f955d8c9 Author: Werner Koch Date: Thu Aug 6 18:00:12 2015 +0200 gpg: Add commands "fpr *" and "grip" to --edit-key. * g10/keyedit.c (cmdGRIP): New. (cmds): Add command "grip". (keyedit_menu) : Print subkeys with argument "*". (keyedit_menu) : Print keygrip. (show_key_and_fingerprint): Add arg "with_subkeys". (show_key_and_grip): New. * g10/keylist.c (print_fingerprint): Add mode 4. -- Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index 6238b30..d8dba2d 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -56,7 +56,8 @@ static void show_key_with_all_names (ctrl_t ctrl, estream_t fp, int with_revoker, int with_fpr, int with_subkeys, int with_prefs, int nowarn); -static void show_key_and_fingerprint (KBNODE keyblock); +static void show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys); +static void show_key_and_grip (kbnode_t keyblock); static void subkey_expire_warning (kbnode_t keyblock); static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name, const char *uidstr); @@ -1305,7 +1306,7 @@ enum cmdids cmdSHOWPREF, cmdSETPREF, cmdPREFKS, cmdNOTATION, cmdINVCMD, cmdSHOWPHOTO, cmdUPDTRUST, cmdCHKTRUST, cmdADDCARDKEY, cmdKEYTOCARD, cmdBKUPTOCARD, cmdCHECKBKUPKEY, - cmdCLEAN, cmdMINIMIZE, cmdNOP + cmdCLEAN, cmdMINIMIZE, cmdGRIP, cmdNOP }; static struct @@ -1322,6 +1323,7 @@ static struct { "help", cmdHELP, 0, N_("show this help")}, { "?", cmdHELP, 0, NULL}, { "fpr", cmdFPR, 0, N_("show key fingerprint")}, + { "grip", cmdGRIP, 0, N_("show the keygrip")}, { "list", cmdLIST, 0, N_("list key and user IDs")}, { "l", cmdLIST, 0, NULL}, { "uid", cmdSELUID, 0, N_("select user ID N")}, @@ -1644,7 +1646,13 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, break; case cmdFPR: - show_key_and_fingerprint (keyblock); + show_key_and_fingerprint + (keyblock, (*arg_string == '*' + && (!arg_string[1] || spacep (arg_string + 1)))); + break; + + case cmdGRIP: + show_key_and_grip (keyblock); break; case cmdSELUID: @@ -3235,10 +3243,11 @@ show_basic_key_info (KBNODE keyblock) } } + static void -show_key_and_fingerprint (KBNODE keyblock) +show_key_and_fingerprint (kbnode_t keyblock, int with_subkeys) { - KBNODE node; + kbnode_t node; PKT_public_key *pk = NULL; char pkstrbuf[PUBKEY_STRING_SIZE]; @@ -3262,6 +3271,56 @@ show_key_and_fingerprint (KBNODE keyblock) tty_printf ("\n"); if (pk) print_fingerprint (NULL, pk, 2); + if (with_subkeys) + { + for (node = keyblock; node; node = node->next) + { + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + pk = node->pkt->pkt.public_key; + tty_printf ("sub %s/%s %s [%s]\n", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk(pk), + datestr_from_pk (pk), + usagestr_from_pk (pk, 0)); + + print_fingerprint (NULL, pk, 4); + } + } + } +} + + +/* Show a listing of the primary and its subkeys along with their + keygrips. */ +static void +show_key_and_grip (kbnode_t keyblock) +{ + kbnode_t node; + PKT_public_key *pk = NULL; + char pkstrbuf[PUBKEY_STRING_SIZE]; + char *hexgrip; + + for (node = keyblock; node; node = node->next) + { + if (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + pk = node->pkt->pkt.public_key; + tty_printf ("%s %s/%s %s [%s]\n", + node->pkt->pkttype == PKT_PUBLIC_KEY? "pub":"sub", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk(pk), + datestr_from_pk (pk), + usagestr_from_pk (pk, 0)); + + if (!hexkeygrip_from_pk (pk, &hexgrip)) + { + tty_printf (" Keygrip: %s\n", hexgrip); + xfree (hexgrip); + } + } + } } diff --git a/g10/keylist.c b/g10/keylist.c index 0f4c85a..4ea4bf5 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1726,6 +1726,7 @@ print_icao_hexdigit (estream_t fp, int c) * 1: print using log_info () * 2: direct use of tty * 3: direct use of tty but only primary key. + * 4: direct use of tty but only subkey. * 10: Same as 0 but with_colons etc is ignored. * * Modes 1 and 2 will try and print both subkey and primary key @@ -1784,7 +1785,7 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) { fp = override_fp; /* Use tty or given stream. */ if (primary) - /* TRANSLATORS: this should fit into 24 bytes to that the + /* TRANSLATORS: this should fit into 24 bytes so that the * fingerprint data is properly aligned with the user ID */ text = _(" Primary key fingerprint:"); else @@ -1795,6 +1796,11 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) fp = override_fp; /* Use tty or given stream. */ text = _(" Key fingerprint ="); } + else if (mode == 4) + { + fp = override_fp; /* Use tty or given stream. */ + text = _(" Subkey fingerprint:"); + } else { fp = override_fp? override_fp : es_stdout; ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----- g10/keylist.c | 8 ++++++- 2 files changed, 71 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 6 18:15:05 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 06 Aug 2015 18:15:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-37-gfb754dc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fb754dc6170d12edf3d35c48340b8d7b1ded20f7 (commit) from fbb6c25ab5dbb5f2b1f1eb342ca7caa3f955d8c9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb754dc6170d12edf3d35c48340b8d7b1ded20f7 Author: Werner Koch Date: Thu Aug 6 18:12:31 2015 +0200 gpg: Remove duplicated printing of the curve name in "sub" lines. * g10/keylist.c (list_keyblock_print): Do not print extra curve name. -- This was cruft from the time before we changed to the new algo/size string. Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index 4ea4bf5..0383931 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1087,18 +1087,6 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, pubkey_string (pk2, pkstrbuf, sizeof pkstrbuf), keystr_from_pk (pk2), datestr_from_pk (pk2)); - if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA - || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA - || pk2->pubkey_algo == PUBKEY_ALGO_ECDH) - { - char *curve = openpgp_oid_to_str (pk2->pkey[0]); - const char *name = openpgp_oid_to_curve (curve, 0); - if (!name) - name = curve; - es_fprintf (es_stdout, " %s", name); - xfree (curve); - } - if ((opt.list_options & LIST_SHOW_USAGE)) { es_fprintf (es_stdout, " [%s]", usagestr_from_pk (pk2, 0)); ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 12 ------------ 1 file changed, 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 7 09:40:43 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 07 Aug 2015 09:40:43 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-38-g9f31ab3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9f31ab3d216ed74d6f392a62e3f95e0591174119 (commit) from fb754dc6170d12edf3d35c48340b8d7b1ded20f7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9f31ab3d216ed74d6f392a62e3f95e0591174119 Author: Werner Koch Date: Fri Aug 7 09:37:49 2015 +0200 common: Change alias for Curve25519 to "cv25519". * common/openpgp-oid.c (oidtable): Change alias. -- This is a cosmetic change so that common and expected common algorithms line up nicely in a keylisting. For example: pub ed25519/C68CE6D1ED0319C8 2015-08-06 uid [ultimate] Curve25519 Test 150806.1 sub cv25519/49238B9F0712C9BF 2015-08-06 sub rsa2048/8AEAF74014699D2C 2015-08-06 sub cv25519/8EC3776830B08736 2015-08-06 Signed-off-by: Werner Koch diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index afda376..8a964a4 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -45,7 +45,7 @@ static struct { const char *alias; /* NULL or alternative name of the curve. */ } oidtable[] = { - { "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "crv25519" }, + { "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "cv25519" }, { "Ed25519", "1.3.6.1.4.1.11591.15.1", 255, "ed25519" }, { "NIST P-256", "1.2.840.10045.3.1.7", 256, "nistp256" }, ----------------------------------------------------------------------- Summary of changes: common/openpgp-oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 7 12:22:33 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 07 Aug 2015 12:22:33 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.2.1-6-gb5cbf11 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via b5cbf11ccece653819a782a3e8adbb785fe36d7d (commit) from 87def94c86d5272c23daf2b5ea446c5553aa1d90 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b5cbf11ccece653819a782a3e8adbb785fe36d7d Author: Werner Koch Date: Fri Aug 7 11:26:00 2015 +0200 Wipe the context before releasing as an extra safeguard. * src/assuan-defs.h (wipememory2, wipememory): New. Taken from GnuPG. * src/assuan.c (assuan_release): Wipe the context. -- The assuan context has buffers which may carry senitive information. These buffers could be wiped out with each flush but that is too expensive. Thus we only wipe them when freeing the context. Signed-off-by: Werner Koch diff --git a/src/assuan-defs.h b/src/assuan-defs.h index 68cd810..cf0015e 100644 --- a/src/assuan-defs.h +++ b/src/assuan-defs.h @@ -404,6 +404,16 @@ int _assuan_asprintf (char **buf, const char *fmt, ...); #define DIM(v) (sizeof(v)/sizeof((v)[0])) +/* To avoid that a compiler optimizes memset calls away, these macros + can be used. */ +#define wipememory2(_ptr,_set,_len) do { \ + volatile char *_vptr=(volatile char *)(_ptr); \ + size_t _vlen=(_len); \ + while(_vlen) { *_vptr=(_set); _vptr++; _vlen--; } \ + } while(0) +#define wipememory(_ptr,_len) wipememory2(_ptr,0,_len) + + #if HAVE_W64_SYSTEM # define SOCKET2HANDLE(s) ((void *)(s)) # define HANDLE2SOCKET(h) ((uintptr_t)(h)) diff --git a/src/assuan.c b/src/assuan.c index 5cbb86c..d4c4b56 100644 --- a/src/assuan.c +++ b/src/assuan.c @@ -189,7 +189,11 @@ assuan_release (assuan_context_t ctx) _assuan_reset (ctx); /* None of the members that are our responsibility requires - deallocation. */ + deallocation. To avoid sensitive data in the line buffers we + wipe them out, though. Note that we can't wipe the entire + context because it also has a pointer to the actual free(). */ + wipememory (&ctx->inbound, sizeof ctx->inbound); + wipememory (&ctx->outbound, sizeof ctx->outbound); _assuan_free (ctx, ctx); } ----------------------------------------------------------------------- Summary of changes: src/assuan-defs.h | 10 ++++++++++ src/assuan.c | 6 +++++- 2 files changed, 15 insertions(+), 1 deletion(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 7 12:58:07 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 07 Aug 2015 12:58:07 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-39-ga68c5c5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a68c5c5c7fe4ec8665e252e5062292f6c7b94fdd (commit) from 9f31ab3d216ed74d6f392a62e3f95e0591174119 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a68c5c5c7fe4ec8665e252e5062292f6c7b94fdd Author: Werner Koch Date: Fri Aug 7 12:55:29 2015 +0200 agent: Add option --force to the DELETE_KEY command. * agent/findkey.c (agent_delete_key): Add arg "force". * agent/command.c (cmd_delete_key): Add option --force. Signed-off-by: Werner Koch diff --git a/agent/agent.h b/agent/agent.h index 164ddea..958e3be 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -386,7 +386,7 @@ gpg_error_t agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, int *r_keytype, unsigned char **r_shadow_info); gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip); + const unsigned char *grip, int force); /*-- call-pinentry.c --*/ void initialize_module_call_pinentry (void); diff --git a/agent/command.c b/agent/command.c index a69abc5..62a4628 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2388,27 +2388,29 @@ cmd_export_key (assuan_context_t ctx, char *line) static const char hlp_delete_key[] = - "DELETE_KEY \n" + "DELETE_KEY [--force] \n" "\n" "Delete a secret key from the key store.\n" - "As safeguard the agent asks the user for confirmation.\n"; + "Unless --force is used the agent asks the user for confirmation.\n"; static gpg_error_t cmd_delete_key (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); gpg_error_t err; + int force; unsigned char grip[20]; if (ctrl->restricted) return leave_cmd (ctx, gpg_error (GPG_ERR_FORBIDDEN)); + force = has_option (line, "--force"); line = skip_options (line); err = parse_keygrip (ctx, line, grip); if (err) goto leave; - err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip); + err = agent_delete_key (ctrl, ctrl->server_local->keydesc, grip, force ); if (err) goto leave; diff --git a/agent/findkey.c b/agent/findkey.c index 1ca7f04..e7cd79e 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1219,14 +1219,18 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, /* Delete the key with GRIP from the disk after having asked for - confirmation using DESC_TEXT. Common error codes are: + confirmation using DESC_TEXT. If FORCE is set the fucntion won't + require a confirmation via Pinentry or warns if the key is also + used by ssh. + + Common error codes are: GPG_ERR_NO_SECKEY GPG_ERR_KEY_ON_CARD GPG_ERR_NOT_CONFIRMED */ gpg_error_t agent_delete_key (ctrl_t ctrl, const char *desc_text, - const unsigned char *grip) + const unsigned char *grip, int force) { gpg_error_t err; gcry_sexp_t s_skey = NULL; @@ -1253,57 +1257,57 @@ agent_delete_key (ctrl_t ctrl, const char *desc_text, case PRIVATE_KEY_CLEAR: case PRIVATE_KEY_OPENPGP_NONE: case PRIVATE_KEY_PROTECTED: - { - bin2hex (grip, 20, hexgrip); - if (!desc_text) - { - default_desc = xtryasprintf - (L_("Do you really want to delete the key identified by keygrip%%0A" - " %s%%0A %%C%%0A?"), hexgrip); - desc_text = default_desc; - } - - /* Note, that we will take the comment as a C string for - display purposes; i.e. all stuff beyond a Nul character is - ignored. */ + bin2hex (grip, 20, hexgrip); + if (!force) { - gcry_sexp_t comment_sexp; - - comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0); - if (comment_sexp) - comment = gcry_sexp_nth_string (comment_sexp, 1); - gcry_sexp_release (comment_sexp); - } + if (!desc_text) + { + default_desc = xtryasprintf + (L_("Do you really want to delete the key identified by keygrip%%0A" + " %s%%0A %%C%%0A?"), hexgrip); + desc_text = default_desc; + } - if (desc_text) - err = modify_description (desc_text, comment? comment:"", s_skey, - &desc_text_final); - if (err) - goto leave; - - err = agent_get_confirmation (ctrl, desc_text_final, - L_("Delete key"), L_("No"), 0); - if (err) - goto leave; - - cf = ssh_open_control_file (); - if (cf) + /* Note, that we will take the comment as a C string for + display purposes; i.e. all stuff beyond a Nul character is + ignored. */ { - if (!ssh_search_control_file (cf, hexgrip, NULL, NULL, NULL)) - { - err = agent_get_confirmation - (ctrl, - L_("Warning: This key is also listed for use with SSH!\n" - "Deleting the key might remove your ability to " - "access remote machines."), - L_("Delete key"), L_("No"), 0); - if (err) - goto leave; - } + gcry_sexp_t comment_sexp; + + comment_sexp = gcry_sexp_find_token (s_skey, "comment", 0); + if (comment_sexp) + comment = gcry_sexp_nth_string (comment_sexp, 1); + gcry_sexp_release (comment_sexp); } - err = remove_key_file (grip); - } + if (desc_text) + err = modify_description (desc_text, comment? comment:"", s_skey, + &desc_text_final); + if (err) + goto leave; + + err = agent_get_confirmation (ctrl, desc_text_final, + L_("Delete key"), L_("No"), 0); + if (err) + goto leave; + + cf = ssh_open_control_file (); + if (cf) + { + if (!ssh_search_control_file (cf, hexgrip, NULL, NULL, NULL)) + { + err = agent_get_confirmation + (ctrl, + L_("Warning: This key is also listed for use with SSH!\n" + "Deleting the key might remove your ability to " + "access remote machines."), + L_("Delete key"), L_("No"), 0); + if (err) + goto leave; + } + } + } + err = remove_key_file (grip); break; case PRIVATE_KEY_SHADOWED: ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 2 +- agent/command.c | 8 +++-- agent/findkey.c | 100 +++++++++++++++++++++++++++++--------------------------- 3 files changed, 58 insertions(+), 52 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 7 15:56:47 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 07 Aug 2015 15:56:47 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-40-g5b7a80b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5b7a80b1ab91d2f199065e5dd14e85f42918975d (commit) from a68c5c5c7fe4ec8665e252e5062292f6c7b94fdd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5b7a80b1ab91d2f199065e5dd14e85f42918975d Author: Werner Koch Date: Fri Aug 7 15:53:56 2015 +0200 gpg: Allow gpgv to work with a trustedkeys.kbx file. * g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New. * g10/keydb.c (keydb_add_resource): Take care of new flag. * g10/gpgv.c (main): Use new flag. -- GnuPG-bug-id: 2025 Signed-off-by: Werner Koch diff --git a/doc/gpgv.texi b/doc/gpgv.texi index 8d7164a..6bcbc0a 100644 --- a/doc/gpgv.texi +++ b/doc/gpgv.texi @@ -67,7 +67,8 @@ no configuration files and only a few options are implemented. That does also mean that it does not check for expired or revoked keys. -By default a keyring named @file{trustedkeys.gpg} is used. This +By default a keyring named @file{trustedkeys.kbx} is used; if that +does not exist a keyring named @file{trustedkeys.gpg} is used. The default keyring is assumed to be in the home directory of GnuPG, either the default home directory or the one set by an option or an environment variable. The option @code{--keyring} may be used to diff --git a/g10/gpgv.c b/g10/gpgv.c index 479bb95..412f4be 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -205,8 +205,9 @@ main( int argc, char **argv ) /* Note: We open all keyrings in read-only mode. */ if (!nrings) /* No keyring given: use default one. */ - keydb_add_resource ("trustedkeys" EXTSEP_S GPGEXT_GPG, - KEYDB_RESOURCE_FLAG_READONLY); + keydb_add_resource ("trustedkeys" EXTSEP_S "kbx", + (KEYDB_RESOURCE_FLAG_READONLY + |KEYDB_RESOURCE_FLAG_GPGVDEF)); for (sl = nrings; sl; sl = sl->next) keydb_add_resource (sl->d, KEYDB_RESOURCE_FLAG_READONLY); diff --git a/g10/keydb.c b/g10/keydb.c index 3dc9ec7..b31c6a6 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -434,6 +434,7 @@ keydb_add_resource (const char *url, unsigned int flags) int create; int read_only = !!(flags&KEYDB_RESOURCE_FLAG_READONLY); int is_default = !!(flags&KEYDB_RESOURCE_FLAG_DEFAULT); + int is_gpgvdef = !!(flags&KEYDB_RESOURCE_FLAG_GPGVDEF); int rc = 0; KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE; void *token; @@ -516,6 +517,23 @@ keydb_add_resource (const char *url, unsigned int flags) strcpy (filename+filenamelen-4, ".gpg"); } } + else if (!pass && is_gpgvdef + && filenamelen > 4 && !strcmp (filename+filenamelen-4, ".kbx")) + { + /* Not found but gpgv's default "trustedkeys.kbx" file has + been requested. We did not found it so now check whether + a "trustedkeys.gpg" file exists and use that instead. */ + KeydbResourceType rttmp; + + strcpy (filename+filenamelen-4, ".gpg"); + rttmp = rt_from_file (filename, &found, &openpgp_flag); + if (found + && ((rttmp == KEYDB_RESOURCE_TYPE_KEYBOX && openpgp_flag) + || (rttmp == KEYDB_RESOURCE_TYPE_KEYRING))) + rt = rttmp; + else /* Restore filename */ + strcpy (filename+filenamelen-4, ".kbx"); + } else if (!pass && is_default && create && filenamelen > 4 && !strcmp (filename+filenamelen-4, ".gpg")) diff --git a/g10/keydb.h b/g10/keydb.h index 1aa4e0e..b64438c 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -130,6 +130,7 @@ union pref_hint #define KEYDB_RESOURCE_FLAG_PRIMARY 2 /* The primary resource. */ #define KEYDB_RESOURCE_FLAG_DEFAULT 4 /* The default one. */ #define KEYDB_RESOURCE_FLAG_READONLY 8 /* Open in read only mode. */ +#define KEYDB_RESOURCE_FLAG_GPGVDEF 16 /* Default file for gpgv. */ gpg_error_t keydb_add_resource (const char *url, unsigned int flags); void keydb_dump_stats (void); ----------------------------------------------------------------------- Summary of changes: doc/gpgv.texi | 3 ++- g10/gpgv.c | 5 +++-- g10/keydb.c | 18 ++++++++++++++++++ g10/keydb.h | 1 + 4 files changed, 24 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat Aug 8 10:52:04 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 08 Aug 2015 10:52:04 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-247-g0e17f7a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0e17f7a05bba309a87811992aa47a77af9935b99 (commit) from 10789e3cdda7b944acb4b59624c34a2ccfaea6e5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0e17f7a05bba309a87811992aa47a77af9935b99 Author: Werner Koch Date: Sat Aug 8 10:47:55 2015 +0200 Add framework to eventually support SHA3. * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256) (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): New. (GCRY_MAC_HMAC_SHA3_224, GCRY_MAC_HMAC_SHA3_256) (GCRY_MAC_HMAC_SHA3_384, GCRY_MAC_HMAC_SHA3_512): New. * cipher/keccak.c: New with stub functions. * cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add keccak.c. * configure.ac (available_digests): Add sha3. (USE_SHA3): New. * src/fips.c (run_hmac_selftests): Add SHA3 to the required selftests. * cipher/md.c (digest_list) [USE_SHA3]: Add standard SHA3 algos. (md_open): Ditto for hmac processing. * cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping. * cipher/hmac-tests.c (run_selftests): Prepare for tests. * cipher/pubkey-util.c (get_hash_algo): Add "sha3-xxx". -- Note that the algo GCRY_MD_SHA3_xxx are prelimanry. We should try to sync them with OpenPGP. Signed-off-by: Werner Koch diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 33a68ff..b08c9a9 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -90,6 +90,7 @@ sha1.c sha1-ssse3-amd64.S sha1-avx-amd64.S sha1-avx-bmi2-amd64.S \ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \ sha512-armv7-neon.S \ +keccak.c \ stribog.c \ tiger.c \ whirlpool.c whirlpool-sse2-amd64.S \ diff --git a/cipher/hmac-tests.c b/cipher/hmac-tests.c index 7c27342..46e1b22 100644 --- a/cipher/hmac-tests.c +++ b/cipher/hmac-tests.c @@ -701,6 +701,17 @@ run_selftests (int algo, int extended, selftest_report_func_t report) case GCRY_MD_SHA512: ec = selftests_sha512 (extended, report); break; + + case GCRY_MD_SHA3_224: + case GCRY_MD_SHA3_256: + case GCRY_MD_SHA3_384: + case GCRY_MD_SHA3_512: + ec = 0; /* FIXME: Add selftests. */ +#ifdef __GNUC__ +# warning Please add the self text functions +#endif + break; + default: ec = GPG_ERR_DIGEST_ALGO; break; diff --git a/cipher/keccak.c b/cipher/keccak.c new file mode 100644 index 0000000..625c5c7 --- /dev/null +++ b/cipher/keccak.c @@ -0,0 +1,264 @@ +/* keccak.c - SHA3 hash functions + * Copyright (C) 2015 g10 Code GmbH + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser general Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + + +#include +#include +#include "g10lib.h" +#include "bithelp.h" +#include "bufhelp.h" +#include "cipher.h" +#include "hash-common.h" + + + +typedef struct +{ + u64 h0; +} KECCAK_STATE; + + +typedef struct +{ + gcry_md_block_ctx_t bctx; + KECCAK_STATE state; +} KECCAK_CONTEXT; + + + +static void +keccak_init (int algo, void *context, unsigned int flags) +{ + KECCAK_CONTEXT *ctx = context; + KECCAK_STATE *hd = &ctx->state; + unsigned int features = _gcry_get_hw_features (); + + (void)flags; + + memset (hd, 0, sizeof *hd); + + ctx->bctx.nblocks = 0; + ctx->bctx.nblocks_high = 0; + ctx->bctx.count = 0; + ctx->bctx.blocksize = 128; + ctx->bctx.bwrite = NULL; + + (void)features; +} + +static void +sha3_224_init (void *context, unsigned int flags) +{ + keccak_init (GCRY_MD_SHA3_224, context, flags); +} + +static void +sha3_256_init (void *context, unsigned int flags) +{ + keccak_init (GCRY_MD_SHA3_256, context, flags); +} + +static void +sha3_384_init (void *context, unsigned int flags) +{ + keccak_init (GCRY_MD_SHA3_384, context, flags); +} + +static void +sha3_512_init (void *context, unsigned int flags) +{ + keccak_init (GCRY_MD_SHA3_512, context, flags); +} + + +/* The routine final terminates the computation and + * returns the digest. + * The handle is prepared for a new cycle, but adding bytes to the + * handle will the destroy the returned buffer. + * Returns: 64 bytes representing the digest. When used for sha384, + * we take the leftmost 48 of those bytes. + */ +static void +keccak_final (void *context) +{ + KECCAK_CONTEXT *hd = context; + unsigned int stack_burn_depth; + + _gcry_md_block_write (context, NULL, 0); /* flush */ ; +} + + +static byte * +keccak_read (void *context) +{ + KECCAK_CONTEXT *hd = (KECCAK_CONTEXT *) context; + return hd->bctx.buf; +} + + + +/* + Self-test section. + */ + + +static gpg_err_code_t +selftests_keccak (int algo, int extended, selftest_report_func_t report) +{ + return 0; +#if 0 + const char *what; + const char *errtxt; + + /* FIXME: Add a switch(algo) or use several functions. */ + what = "short string"; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SHA3_384, 0, + "abc", 3, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 48); + if (errtxt) + goto failed; + + if (extended) + { + what = "long string"; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SHA3_384, 0, + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn" + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", 112, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",48); + if (errtxt) + goto failed; + + what = "one million \"a\""; + errtxt = _gcry_hash_selftest_check_one + (GCRY_MD_SHA3_384, 1, + NULL, 0, + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",48); + if (errtxt) + goto failed; + } + + return 0; /* Succeeded. */ + + failed: + if (report) + report ("digest", algo, what, errtxt); + return GPG_ERR_SELFTEST_FAILED; +#endif +} + + +/* Run a full self-test for ALGO and return 0 on success. */ +static gpg_err_code_t +run_selftests (int algo, int extended, selftest_report_func_t report) +{ + gpg_err_code_t ec; + + switch (algo) + { + case GCRY_MD_SHA3_224: + case GCRY_MD_SHA3_256: + case GCRY_MD_SHA3_384: + case GCRY_MD_SHA3_512: + ec = selftests_keccak (algo, extended, report); + break; + default: + ec = GPG_ERR_DIGEST_ALGO; + break; + + } + return ec; +} + + + + +static byte sha3_224_asn[] = { 0x30 }; +static gcry_md_oid_spec_t oid_spec_sha3_224[] = + { + { "?" }, + /* PKCS#1 sha3_224WithRSAEncryption */ + { "?" }, + { NULL } + }; +static byte sha3_256_asn[] = { 0x30 }; +static gcry_md_oid_spec_t oid_spec_sha3_256[] = + { + { "?" }, + /* PKCS#1 sha3_256WithRSAEncryption */ + { "?" }, + { NULL } + }; +static byte sha3_384_asn[] = { 0x30 }; +static gcry_md_oid_spec_t oid_spec_sha3_384[] = + { + { "?" }, + /* PKCS#1 sha3_384WithRSAEncryption */ + { "?" }, + { NULL } + }; +static byte sha3_512_asn[] = { 0x30 }; +static gcry_md_oid_spec_t oid_spec_sha3_512[] = + { + { "?" }, + /* PKCS#1 sha3_512WithRSAEncryption */ + { "?" }, + { NULL } + }; + + +gcry_md_spec_t _gcry_digest_spec_sha3_224 = + { + GCRY_MD_SHA3_224, {0, 1}, + "SHA3-224", sha3_224_asn, DIM (sha3_224_asn), oid_spec_sha3_224, 64, + sha3_224_init, _gcry_md_block_write, keccak_final, keccak_read, + sizeof (KECCAK_CONTEXT), + run_selftests + }; +gcry_md_spec_t _gcry_digest_spec_sha3_256 = + { + GCRY_MD_SHA3_256, {0, 1}, + "SHA3-256", sha3_256_asn, DIM (sha3_256_asn), oid_spec_sha3_256, 64, + sha3_256_init, _gcry_md_block_write, keccak_final, keccak_read, + sizeof (KECCAK_CONTEXT), + run_selftests + }; +gcry_md_spec_t _gcry_digest_spec_sha3_384 = + { + GCRY_MD_SHA3_384, {0, 1}, + "SHA3-384", sha3_384_asn, DIM (sha3_384_asn), oid_spec_sha3_384, 64, + sha3_384_init, _gcry_md_block_write, keccak_final, keccak_read, + sizeof (KECCAK_CONTEXT), + run_selftests + }; +gcry_md_spec_t _gcry_digest_spec_sha3_512 = + { + GCRY_MD_SHA3_512, {0, 1}, + "SHA3-512", sha3_512_asn, DIM (sha3_512_asn), oid_spec_sha3_512, 64, + sha3_512_init, _gcry_md_block_write, keccak_final, keccak_read, + sizeof (KECCAK_CONTEXT), + run_selftests + }; diff --git a/cipher/mac-hmac.c b/cipher/mac-hmac.c index 2c660e9..eeab130 100644 --- a/cipher/mac-hmac.c +++ b/cipher/mac-hmac.c @@ -51,6 +51,14 @@ map_mac_algo_to_md (int mac_algo) return GCRY_MD_SHA384; case GCRY_MAC_HMAC_SHA512: return GCRY_MD_SHA512; + case GCRY_MAC_HMAC_SHA3_224: + return GCRY_MD_SHA3_224; + case GCRY_MAC_HMAC_SHA3_256: + return GCRY_MD_SHA3_256; + case GCRY_MAC_HMAC_SHA3_384: + return GCRY_MD_SHA3_384; + case GCRY_MAC_HMAC_SHA3_512: + return GCRY_MD_SHA512; case GCRY_MAC_HMAC_RMD160: return GCRY_MD_RMD160; case GCRY_MAC_HMAC_TIGER1: diff --git a/cipher/md.c b/cipher/md.c index 3ab46ef..0c669ca 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -51,6 +51,12 @@ static gcry_md_spec_t *digest_list[] = &_gcry_digest_spec_sha512, &_gcry_digest_spec_sha384, #endif +#if USE_SHA3 + &_gcry_digest_spec_sha3_224, + &_gcry_digest_spec_sha3_256, + &_gcry_digest_spec_sha3_384, + &_gcry_digest_spec_sha3_512, +#endif #ifdef USE_GOST_R_3411_94 &_gcry_digest_spec_gost3411_94, &_gcry_digest_spec_gost3411_cp, @@ -333,6 +339,8 @@ md_open (gcry_md_hd_t *h, int algo, unsigned int flags) { case GCRY_MD_SHA384: case GCRY_MD_SHA512: + case GCRY_MD_SHA3_384: + case GCRY_MD_SHA3_512: ctx->macpads_Bsize = 128; break; case GCRY_MD_GOSTR3411_94: diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index b958e7d..d0d6003 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -217,6 +217,10 @@ get_hash_algo (const char *s, size_t n) { "md4", GCRY_MD_MD4 }, { "tiger", GCRY_MD_TIGER }, { "haval", GCRY_MD_HAVAL }, + { "sha3-224", GCRY_MD_SHA3_224 }, + { "sha3-256", GCRY_MD_SHA3_256 }, + { "sha3-384", GCRY_MD_SHA3_384 }, + { "sha3-512", GCRY_MD_SHA3_512 }, { NULL, 0 } }; int algo; diff --git a/configure.ac b/configure.ac index 0f16175..48e2179 100644 --- a/configure.ac +++ b/configure.ac @@ -198,7 +198,7 @@ enabled_pubkey_ciphers="" # Definitions for message digests. available_digests="crc gostr3411-94 md2 md4 md5 rmd160 sha1 sha256" -available_digests_64="sha512 tiger whirlpool stribog" +available_digests_64="sha512 sha3 tiger whirlpool stribog" enabled_digests="" # Definitions for kdfs (optional ones) @@ -2094,6 +2094,24 @@ if test "$found" = "1" ; then fi fi +LIST_MEMBER(sha3, $enabled_digests) +if test "$found" = "1" ; then + GCRYPT_DIGESTS="$GCRYPT_DIGESTS keccak.lo" + AC_DEFINE(USE_SHA3, 1, [Defined if this module should be included]) + + case "${host}" in + x86_64-*-*) + # Build with the assembly implementation + : + ;; + esac + + if test x"$neonsupport" = xyes ; then + # Build with the NEON implementation + : + fi +fi + LIST_MEMBER(tiger, $enabled_digests) if test "$found" = "1" ; then GCRYPT_DIGESTS="$GCRYPT_DIGESTS tiger.lo" diff --git a/src/cipher.h b/src/cipher.h index 89ae2e2..d96fdb9 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -289,8 +289,12 @@ extern gcry_md_spec_t _gcry_digest_spec_rmd160; extern gcry_md_spec_t _gcry_digest_spec_sha1; extern gcry_md_spec_t _gcry_digest_spec_sha224; extern gcry_md_spec_t _gcry_digest_spec_sha256; -extern gcry_md_spec_t _gcry_digest_spec_sha512; extern gcry_md_spec_t _gcry_digest_spec_sha384; +extern gcry_md_spec_t _gcry_digest_spec_sha512; +extern gcry_md_spec_t _gcry_digest_spec_sha3_224; +extern gcry_md_spec_t _gcry_digest_spec_sha3_256; +extern gcry_md_spec_t _gcry_digest_spec_sha3_512; +extern gcry_md_spec_t _gcry_digest_spec_sha3_384; extern gcry_md_spec_t _gcry_digest_spec_tiger; extern gcry_md_spec_t _gcry_digest_spec_tiger1; extern gcry_md_spec_t _gcry_digest_spec_tiger2; diff --git a/src/fips.c b/src/fips.c index c90e4b6..7939abd 100644 --- a/src/fips.c +++ b/src/fips.c @@ -518,6 +518,10 @@ run_hmac_selftests (int extended) GCRY_MD_SHA256, GCRY_MD_SHA384, GCRY_MD_SHA512, + GCRY_MD_SHA3_224, + GCRY_MD_SHA3_256, + GCRY_MD_SHA3_384, + GCRY_MD_SHA3_512, 0 }; int idx; diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 0984d11..4b4646b 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1158,7 +1158,12 @@ enum gcry_md_algos GCRY_MD_SHA384 = 9, GCRY_MD_SHA512 = 10, GCRY_MD_SHA224 = 11, - GCRY_MD_MD4 = 301, + GCRY_MD_SHA3_224= 12, + GCRY_MD_SHA3_256= 13, + GCRY_MD_SHA3_384= 14, + GCRY_MD_SHA3_512= 15, + + GCRY_MD_MD4 = 301, GCRY_MD_CRC32 = 302, GCRY_MD_CRC32_RFC1510 = 303, GCRY_MD_CRC24_RFC2440 = 304, @@ -1345,6 +1350,10 @@ enum gcry_mac_algos GCRY_MAC_HMAC_STRIBOG256 = 112, GCRY_MAC_HMAC_STRIBOG512 = 113, GCRY_MAC_HMAC_MD2 = 114, + GCRY_MAC_HMAC_SHA3_224 = 115, + GCRY_MAC_HMAC_SHA3_256 = 116, + GCRY_MAC_HMAC_SHA3_384 = 117, + GCRY_MAC_HMAC_SHA3_512 = 118, GCRY_MAC_CMAC_AES = 201, GCRY_MAC_CMAC_3DES = 202, ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 1 + cipher/hmac-tests.c | 11 +++ cipher/keccak.c | 264 +++++++++++++++++++++++++++++++++++++++++++++++++++ cipher/mac-hmac.c | 8 ++ cipher/md.c | 8 ++ cipher/pubkey-util.c | 4 + configure.ac | 20 +++- src/cipher.h | 6 +- src/fips.c | 4 + src/gcrypt.h.in | 11 ++- 10 files changed, 334 insertions(+), 3 deletions(-) create mode 100644 cipher/keccak.c hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Aug 8 13:09:20 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sat, 08 Aug 2015 13:09:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-41-gc80643c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c80643c5ecbee89f343ef087313870cee1334fe4 (commit) from 5b7a80b1ab91d2f199065e5dd14e85f42918975d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c80643c5ecbee89f343ef087313870cee1334fe4 Author: Neal H. Walfield Date: Sat Aug 8 13:09:00 2015 +0200 common/iobuf.c: Replace use of literals with symbolic constants. * common/iobuf.c (BLOCK_FILTER_INPUT): Define. Where appropriate, use this instead of a literal. (BLOCK_FILTER_OUTPUT): Likewise. (BLOCK_FILTER_TEMP): Likewise. -- Signed-off-by: Neal H. Walfield . diff --git a/common/iobuf.c b/common/iobuf.c index ca74bd7..284408b 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -138,6 +138,13 @@ typedef struct #define OP_MIN_PARTIAL_CHUNK 512 #define OP_MIN_PARTIAL_CHUNK_2POW 9 +enum + { + BLOCK_FILTER_INPUT=1, + BLOCK_FILTER_OUTPUT=2, + BLOCK_FILTER_TEMP=3 + }; + /* The context we use for the block filter (used to handle OpenPGP length information header). */ typedef struct @@ -994,7 +1001,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, log_debug ("init block_filter %p\n", a); if (a->partial) a->count = 0; - else if (a->use == 1) + else if (a->use == BLOCK_FILTER_INPUT) a->count = a->size = 0; else a->count = a->size; /* force first length bytes */ @@ -1008,7 +1015,7 @@ block_filter (void *opaque, int control, iobuf_t chain, byte * buffer, } else if (control == IOBUFCTRL_FREE) { - if (a->use == 2) + if (a->use == BLOCK_FILTER_OUTPUT) { /* write the end markers */ if (a->partial) { @@ -1096,10 +1103,13 @@ iobuf_print_chain (iobuf_t a) return 0; } -/**************** - * Allocate a new io buffer, with no function assigned. - * Use is the desired usage: 1 for input, 2 for output, 3 for temp buffer - * BUFSIZE is a suggested buffer size. +/* Allocate a new io buffer, with no function assigned. + + USE is the desired usage: BLOCK_FILTER_INPUT for input, + BLOCK_FILTER_OUTPUT for output, or BLOCK_FILTER_TEMP for a temp + buffer. + + BUFSIZE is a suggested buffer size. */ iobuf_t iobuf_alloc (int use, size_t bufsize) @@ -1107,6 +1117,10 @@ iobuf_alloc (int use, size_t bufsize) iobuf_t a; static int number = 0; + assert (use == BLOCK_FILTER_INPUT + || use == BLOCK_FILTER_OUTPUT + || use == BLOCK_FILTER_TEMP); + a = xcalloc (1, sizeof *a); a->use = use; a->d.buf = xmalloc (bufsize); @@ -1137,7 +1151,7 @@ iobuf_close (iobuf_t a) for (; a && !rc; a = a2) { a2 = a->chain; - if (a->use == 2 && (rc = iobuf_flush (a))) + if (a->use == BLOCK_FILTER_OUTPUT && (rc = iobuf_flush (a))) log_error ("iobuf_flush failed on close: %s\n", gpg_strerror (rc)); if (DBG_IOBUF) @@ -1167,7 +1181,7 @@ iobuf_cancel (iobuf_t a) char *remove_name = NULL; #endif - if (a && a->use == 2) + if (a && a->use == BLOCK_FILTER_OUTPUT) { s = iobuf_get_real_fname (a); if (s && *s) @@ -1610,7 +1624,7 @@ iobuf_push_filter2 (iobuf_t a, if (a->directfp) BUG (); - if (a->use == 2 && (rc = iobuf_flush (a))) + if (a->use == BLOCK_FILTER_OUTPUT && (rc = iobuf_flush (a))) return rc; if (a->subno >= MAX_NESTING_FILTER) @@ -1635,10 +1649,11 @@ iobuf_push_filter2 (iobuf_t a, a->filter_ov = NULL; a->filter_ov_owner = 0; a->filter_eof = 0; - if (a->use == 3) - a->use = 2; /* make a write stream from a temp stream */ + if (a->use == BLOCK_FILTER_TEMP) + /* make a write stream from a temp stream */ + a->use = BLOCK_FILTER_OUTPUT; - if (a->use == 2) + if (a->use == BLOCK_FILTER_OUTPUT) { /* allocate a fresh buffer for the original stream */ b->d.buf = xmalloc (a->d.size); @@ -1717,7 +1732,7 @@ pop_filter (iobuf_t a, int (*f) (void *opaque, int control, log_bug ("pop_filter(): filter function not found\n"); /* flush this stream if it is an output stream */ - if (a->use == 2 && (rc = iobuf_flush (b))) + if (a->use == BLOCK_FILTER_OUTPUT && (rc = iobuf_flush (b))) { log_error ("iobuf_flush failed in pop_filter: %s\n", gpg_strerror (rc)); return rc; @@ -1776,7 +1791,7 @@ underflow (iobuf_t a) int rc; assert (a->d.start == a->d.len); - if (a->use == 3) + if (a->use == BLOCK_FILTER_TEMP) return -1; /* EOF because a temp buffer can't do an underflow */ if (a->filter_eof) @@ -1838,7 +1853,7 @@ underflow (iobuf_t a) /* if( a->no == 1 ) */ /* log_hexdump (" data:", a->d.buf, len); */ } - if (a->use == 1 && rc == -1) + if (a->use == BLOCK_FILTER_INPUT && rc == -1) { /* EOF: we can remove the filter */ size_t dummy_len = 0; @@ -1900,7 +1915,7 @@ iobuf_flush (iobuf_t a) if (a->directfp) return 0; - if (a->use == 3) + if (a->use == BLOCK_FILTER_TEMP) { /* increase the temp buffer */ unsigned char *newbuf; size_t newsize = a->d.size + IOBUF_BUFFER_SIZE; @@ -1915,7 +1930,7 @@ iobuf_flush (iobuf_t a) a->d.size = newsize; return 0; } - else if (a->use != 2) + else if (a->use != BLOCK_FILTER_OUTPUT) log_bug ("flush on non-output iobuf\n"); else if (!a->filter) log_bug ("iobuf_flush: no filter\n"); @@ -2331,7 +2346,7 @@ iobuf_seek (iobuf_t a, off_t newpos) } clearerr (fp); } - else if (a->use != 3) /* Not a temp stream. */ + else if (a->use != BLOCK_FILTER_TEMP) { for (; a; a = a->chain) { @@ -2358,8 +2373,9 @@ iobuf_seek (iobuf_t a, off_t newpos) } #endif } - if (a->use != 3) - a->d.len = 0; /* Discard the buffer unless it is a temp stream. */ + /* Discard the buffer unless it is a temp stream. */ + if (a->use != BLOCK_FILTER_TEMP) + a->d.len = 0; a->d.start = 0; a->nbytes = 0; a->nlimit = 0; @@ -2438,11 +2454,11 @@ iobuf_set_partial_block_mode (iobuf_t a, size_t len) { block_filter_ctx_t *ctx = xcalloc (1, sizeof *ctx); - assert (a->use == 1 || a->use == 2); + assert (a->use == BLOCK_FILTER_INPUT || a->use == BLOCK_FILTER_OUTPUT); ctx->use = a->use; if (!len) { - if (a->use == 1) + if (a->use == BLOCK_FILTER_INPUT) log_debug ("pop_filter called in set_partial_block_mode" " - please report\n"); pop_filter (a, block_filter, NULL); ----------------------------------------------------------------------- Summary of changes: common/iobuf.c | 60 +++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 22 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 10 12:11:16 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 10 Aug 2015 12:11:16 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-248-gce74693 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ce746936b6c210e602d106cfbf45cf60b408d871 (commit) from 0e17f7a05bba309a87811992aa47a77af9935b99 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ce746936b6c210e602d106cfbf45cf60b408d871 Author: NIIBE Yutaka Date: Mon Aug 10 19:09:16 2015 +0900 ecc: fix Montgomery curve bugs. * cipher/ecc.c (check_secret_key): Y1 should not be NULL when check. (ecc_check_secret_key): Support Montgomery curve. * mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition. diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index 51d9e39..a74501d 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -108,7 +108,7 @@ typedef struct const char *p; /* The prime defining the field. */ const char *a, *b; /* The coefficients. For Twisted Edwards Curves b is used for d. For Montgomery - Curves a has (A-2)/4. */ + Curves (a,b) has ((A-2)/4,B^-1). */ const char *n; /* The order of the base point. */ const char *g_x, *g_y; /* Base point. */ const char *h; /* Cofactor. */ diff --git a/cipher/ecc.c b/cipher/ecc.c index cc617f8..4958fbb 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -450,7 +450,7 @@ check_secret_key (ECC_secret_key *sk, mpi_ec_t ec, int flags) else if (!mpi_cmp_ui (sk->Q.z, 1)) { /* Fast path if Q is already in affine coordinates. */ - if (mpi_cmp (x1, sk->Q.x) || (!y1 && mpi_cmp (y1, sk->Q.y))) + if (mpi_cmp (x1, sk->Q.x) || (y1 && mpi_cmp (y1, sk->Q.y))) { if (DBG_CIPHER) log_debug @@ -825,6 +825,8 @@ ecc_check_secret_key (gcry_sexp_t keyparms) point_init (&sk.Q); if (ec->dialect == ECC_DIALECT_ED25519) rc = _gcry_ecc_eddsa_decodepoint (mpi_q, ec, &sk.Q, NULL, NULL); + else if (ec->model == MPI_EC_MONTGOMERY) + rc = _gcry_ecc_mont_decodepoint (mpi_q, ec, &sk.Q); else rc = _gcry_ecc_os2ec (&sk.Q, mpi_q); if (rc) diff --git a/mpi/ec.c b/mpi/ec.c index 0b7c7a7..7266f2a 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1470,7 +1470,7 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx) mpi_rshift (p_minus1, p_minus1, 1); ec_powm (w, w, p_minus1, ctx); - res = mpi_cmp_ui (w, 1); + res = !mpi_cmp_ui (w, 1); #undef p_minus1 } break; ----------------------------------------------------------------------- Summary of changes: cipher/ecc-curves.c | 2 +- cipher/ecc.c | 4 +++- mpi/ec.c | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 10 12:15:06 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 10 Aug 2015 12:15:06 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-42-g8704c70 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8704c70108218a60f8fb2ee0e558ca8ed125600d (commit) from c80643c5ecbee89f343ef087313870cee1334fe4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8704c70108218a60f8fb2ee0e558ca8ed125600d Author: NIIBE Yutaka Date: Mon Aug 10 19:13:13 2015 +0900 agent: fix ECC key handling. * agent/cvt-openpgp.c (get_keygrip, convert_secret_key) (convert_transfer_key): CURVE is the name of curve. diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 39ccba2..8bf5873 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -87,16 +87,10 @@ get_keygrip (int pubkey_algo, const char *curve, gcry_mpi_t *pkey, { const char *format; - if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) - { - format = "(public-key(ecc(curve %s)(flags eddsa)(q%m)))"; - curve = "Ed25519"; - } - else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL))) - { - format = "(public-key(ecc(curve %s)(flags djb-tweak)(q%m)))"; - curve = "Curve25519"; - } + if (!strcmp (curve, "Ed25519")) + format = "(public-key(ecc(curve %s)(flags eddsa)(q%m)))"; + else if (!strcmp (curve, "Curve25519")) + format = "(public-key(ecc(curve %s)(flags djb-tweak)(q%m)))"; else format = "(public-key(ecc(curve %s)(q%m)))"; @@ -161,18 +155,12 @@ convert_secret_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, { const char *format; - if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) - { - /* Do not store the OID as name but the real name and the - EdDSA flag. */ - format = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))"; - curve = "Ed25519"; - } - else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL))) - { - format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))"; - curve = "Curve25519"; - } + if (!strcmp (curve, "Ed25519")) + /* Do not store the OID as name but the real name and the + EdDSA flag. */ + format = "(private-key(ecc(curve %s)(flags eddsa)(q%m)(d%m)))"; + else if (!strcmp (curve, "Curve25519")) + format = "(private-key(ecc(curve %s)(flags djb-tweak)(q%m)(d%m)))"; else format = "(private-key(ecc(curve %s)(q%m)(d%m)))"; @@ -239,23 +227,17 @@ convert_transfer_key (gcry_sexp_t *r_key, int pubkey_algo, gcry_mpi_t *skey, { const char *format; - if (!strcmp (curve, openpgp_curve_to_oid ("Ed25519", NULL))) - { - /* Do not store the OID as name but the real name and the - EdDSA flag. */ - format = "(protected-private-key(ecc(curve %s)(flags eddsa)(q%m)" - "(protected openpgp-native%S)))"; - curve = "Ed25519"; - } - else if (!strcmp (curve, openpgp_curve_to_oid ("Curve25519", NULL))) - { - format = "(protected-private-key(ecc(curve %s)(flags djb-tweak)(q%m)" - "(protected openpgp-native%S)))"; - curve = "Curve25519"; - } + if (!strcmp (curve, "Ed25519")) + /* Do not store the OID as name but the real name and the + EdDSA flag. */ + format = "(protected-private-key(ecc(curve %s)(flags eddsa)(q%m)" + "(protected openpgp-native%S)))"; + else if (!strcmp (curve, "Curve25519")) + format = "(protected-private-key(ecc(curve %s)(flags djb-tweak)(q%m)" + "(protected openpgp-native%S)))"; else - format = "(protected-private-key(ecc(curve %s)(q%m)" - "(protected openpgp-native%S)))"; + format = "(protected-private-key(ecc(curve %s)(q%m)" + "(protected openpgp-native%S)))"; err = gcry_sexp_build (&s_skey, NULL, format, curve, skey[0], transfer_key); } ----------------------------------------------------------------------- Summary of changes: agent/cvt-openpgp.c | 58 ++++++++++++++++++----------------------------------- 1 file changed, 20 insertions(+), 38 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 11 14:29:50 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 11 Aug 2015 14:29:50 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-13-g1532bf3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 1532bf3fa57f624c80ea1e9f958d88fedc377e68 (commit) via ffd37b673b3cbe05fac037ac02c1424a76772b3f (commit) from abb59f50abf698ff1e56490fb39bcc98c26ab44b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1532bf3fa57f624c80ea1e9f958d88fedc377e68 Author: Neal H. Walfield Date: Tue Aug 11 14:26:26 2015 +0200 tty: Correctly implement the repeat passphrase functionality. * tty/pinentry-tty.c (password): If the user repeated the passphrase and they matched, then set PINENTRY->REPEAT_OKAY. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 4315430..edec16f 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -377,7 +377,10 @@ password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) } if (strcmp (passphrase, passphrase2) == 0) - done = 1; + { + pinentry->repeat_okay = 1; + done = 1; + } else fprintf (ttyfo, "*** %s%s%s ***\n", ALERT_START, commit ffd37b673b3cbe05fac037ac02c1424a76772b3f Author: Neal H. Walfield Date: Tue Aug 11 14:25:05 2015 +0200 tty: Fix buffer resizing bug. * tty/pinentry-tty.c (read_password): Fix buffer resizing bug. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 22713eb..4315430 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -246,6 +246,8 @@ read_password (FILE *ttyfi, FILE *ttyfo) int count = 0; char *buffer; + (void) ttyfo; + if (cbreak (fileno (ttyfi)) == -1) { int err = errno; @@ -267,13 +269,15 @@ read_password (FILE *ttyfi, FILE *ttyfo) 1 and not len so that we always have space for the NUL character. */ { - char *tmp = secmem_realloc (buffer, 2 * len); + int new_len = 2 * len; + char *tmp = secmem_realloc (buffer, new_len); if (! tmp) { secmem_free (tmp); return NULL; } buffer = tmp; + len = new_len; } c = fgetc (ttyfi); ----------------------------------------------------------------------- Summary of changes: tty/pinentry-tty.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 11 16:17:10 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 11 Aug 2015 16:17:10 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-1-g0675a3b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0675a3bd45b309f9a1fc27b86538f22afde7b3fc (commit) via b5e081973b56b21214fc0c65ba9015dd026328b4 (commit) via f89ecb45d40d78bd1f39cda1e1f4dc7f39325478 (commit) via ee290b58700f003e05c5405cbb8a7bce5c1123c0 (commit) via 79b90039a86014a03caddd2887a378f6ef1802db (commit) from 8704c70108218a60f8fb2ee0e558ca8ed125600d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0675a3bd45b309f9a1fc27b86538f22afde7b3fc Author: Werner Koch Date: Tue Aug 11 16:13:39 2015 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index 8a2db79..6a00c0e 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.8 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.1.7 (2015-08-11) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index b38aa06..1d0ae65 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [7]) +m4_define([mym4_micro], [8]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit b5e081973b56b21214fc0c65ba9015dd026328b4 Author: Werner Koch Date: Tue Aug 11 13:54:29 2015 +0200 Release 2.1.7 diff --git a/NEWS b/NEWS index 476f42c..8a2db79 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,27 @@ -Noteworthy changes in version 2.1.7 (unreleased) +Noteworthy changes in version 2.1.7 (2015-08-11) ------------------------------------------------ - * dropped deprecated gpgsm-gencert.sh + * gpg: Support encryption with Curve25519 if Libgcrypt 1.7 is used. + + * gpg: In the --edit-key menu: Removed the need for "toggle", changed + how secret keys are indicated, new commands "fpr *" and "grip". + + * gpg: More fixes related to legacy keys in a keyring. + + * gpgv: Does now also work with a "trustedkeys.kbx" file. + + * scd: Support some feature from the OpenPGP card 3.0 specs. + + * scd: Improved ECC support + + * agent: New option --force for the DELETE_KEY command. + + * w32: Look for the Pinentry at more places. + + * Dropped deprecated gpgsm-gencert.sh + + * Various other bug fixes. + Noteworthy changes in version 2.1.6 (2015-07-01) ------------------------------------------------ commit f89ecb45d40d78bd1f39cda1e1f4dc7f39325478 Author: Werner Koch Date: Tue Aug 11 13:54:00 2015 +0200 po: Auto update. -- diff --git a/po/ca.po b/po/ca.po index e6b7a4d..1d0417a 100644 --- a/po/ca.po +++ b/po/ca.po @@ -3217,6 +3217,10 @@ msgstr "desa i ix" msgid "show key fingerprint" msgstr "mostra empremta" +#, fuzzy +msgid "show the keygrip" +msgstr "Notaci?? de signatura: " + msgid "list key and user IDs" msgstr "llista claus i ID" @@ -3296,10 +3300,6 @@ msgstr "No podeu canviar la data de caducitat de les claus v3\n" msgid "flag the selected user ID as primary" msgstr "marca l'ID d'usuari com a primari" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "canvia entre el llistat de claus secretes i p??bliques" - msgid "list preferences (expert)" msgstr "llista les prefer??ncies (expert)" @@ -3364,9 +3364,6 @@ msgstr "La clau secreta est?? disponible.\n" msgid "Need the secret key to do this.\n" msgstr "Cal la clau secreta per a fer a????.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Useu l'ordre ??toggle?? abans.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4390,7 +4387,7 @@ msgstr "Empremtes digital de la clau prim??ria:" msgid " Subkey fingerprint:" msgstr " Empremta digital de la subclau:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Empremta digital de la clau prim??ria:" @@ -8533,6 +8530,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "canvia entre el llistat de claus secretes i p??bliques" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Useu l'ordre ??toggle?? abans.\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "la contrasenya ??s err??nia" diff --git a/po/cs.po b/po/cs.po index 00a8c34..ff197ba 100644 --- a/po/cs.po +++ b/po/cs.po @@ -2991,6 +2991,11 @@ msgstr "ulo??it a ukon??it" msgid "show key fingerprint" msgstr "vypsat otisk kl????e" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "Vlo??te keygrip: " + msgid "list key and user IDs" msgstr "vypsat seznam kl?????? a id u??ivatel??" @@ -3051,9 +3056,6 @@ msgstr "zm??nit datum expirace pro kl???? nebo vybran?? podkl????e" msgid "flag the selected user ID as primary" msgstr "ozna??it vybran?? u??ivatelsk?? ID jako prim??rn??" -msgid "toggle between the secret and public key listings" -msgstr "p??epnout mezi v??pisem seznamu tajn??ch a ve??ejn??ch kl??????" - msgid "list preferences (expert)" msgstr "vypsat seznam p??edvoleb (pro experty)" @@ -3106,9 +3108,6 @@ msgstr "Tajn?? kl???? je dostupn??.\n" msgid "Need the secret key to do this.\n" msgstr "Pro proveden?? t??to operace je pot??eba tajn?? kl????.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Pros??m, nejd????ve pou??ijte p????kaz ???toggle??? (p??epnout).\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4057,7 +4056,7 @@ msgstr "Otisk prim??rn??ho kl????e:" msgid " Subkey fingerprint:" msgstr " Otisk podkl????e:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Otisk prim??rn??ho kl????e:" @@ -7967,6 +7966,12 @@ msgstr "" "Syntaxe: gpg-check-pattern [volby] soubor_se_vzorem\n" "Prov?????? heslo zadan?? na vstupu proti souboru se vzory\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "p??epnout mezi v??pisem seznamu tajn??ch a ve??ejn??ch kl??????" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Pros??m, nejd????ve pou??ijte p????kaz ???toggle??? (p??epnout).\n" + #~ msgid "Passphrase" #~ msgstr "Heslo" diff --git a/po/da.po b/po/da.po index e9b5f90..01700f0 100644 --- a/po/da.po +++ b/po/da.po @@ -3133,6 +3133,14 @@ msgstr "gem og afslut" msgid "show key fingerprint" msgstr "vis n??glefingeraftryk" +# key grip +# chiefly ( US ) See also grip the person in charge of moving and setting up camera +# tracks and scenery in a film or television studio +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "Indtst n??glegrebet: " + msgid "list key and user IDs" msgstr "vis n??gle og bruger-id'er" @@ -3194,9 +3202,6 @@ msgstr "??ndr udl??bsdatoen for n??glen eller valgte undern??gler" msgid "flag the selected user ID as primary" msgstr "marker den valgte bruger-id som prim??r" -msgid "toggle between the secret and public key listings" -msgstr "skift mellem hemmelig og offentlig n??glevisning" - msgid "list preferences (expert)" msgstr "vis pr??ferencer (ekspert)" @@ -3250,9 +3255,6 @@ msgstr "Hemmelig n??gle er tilg??ngelig.\n" msgid "Need the secret key to do this.\n" msgstr "Har brug for den hemmelige n??gle for dette.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Brug venligst kommandoen ??toggle?? f??rst.\n" - #, fuzzy #| msgid "" #| "* The `sign' command may be prefixed with an `l' for local signatures " @@ -4252,7 +4254,7 @@ msgstr "Prim??r n??glefingeraftryk:" msgid " Subkey fingerprint:" msgstr " Undern??glefingeraftryk:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "Prim??r n??glefingeraftryk:" @@ -8510,6 +8512,12 @@ msgstr "" "Syntaks: gpg-check-pattern [tilvalg] m??nsterfil\n" "Kontroller en adgangsfrase angivet p?? stdin mod m??nsterfilen\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "skift mellem hemmelig og offentlig n??glevisning" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Brug venligst kommandoen ??toggle?? f??rst.\n" + #~ msgid "Passphrase" #~ msgstr "Adgangsfrase" diff --git a/po/el.po b/po/el.po index 18bb364..9cbcf5f 100644 --- a/po/el.po +++ b/po/el.po @@ -3135,6 +3135,10 @@ msgstr " msgid "show key fingerprint" msgstr "?????????? ??? fingerprint" +#, fuzzy +msgid "show the keygrip" +msgstr "???????? ?????????: " + msgid "list key and user IDs" msgstr "?????????? ??? ???????? ??? ??? user ID" @@ -3206,10 +3210,6 @@ msgstr " msgid "flag the selected user ID as primary" msgstr "???????? ??? user ID ??? ????????" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "?????? ?????? ??? ??????????? ???????? ??? ???????? ????????" - msgid "list preferences (expert)" msgstr "?????????? ??????????? (???????)" @@ -3272,9 +3272,6 @@ msgstr " msgid "Need the secret key to do this.\n" msgstr "?????????? ?? ??????? ?????? ??? ?? ????? ????.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "???????? ??????????????? ??? ?????? \"toggle\" ?????.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4287,7 +4284,7 @@ msgstr " msgid " Subkey fingerprint:" msgstr " ????????? ???????????:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " ????????? ???????? ????????:" @@ -8354,6 +8351,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "?????? ?????? ??? ??????????? ???????? ??? ???????? ????????" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "???????? ??????????????? ??? ?????? \"toggle\" ?????.\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "???? ????? ??????" diff --git a/po/eo.po b/po/eo.po index 7181f63..062b2f0 100644 --- a/po/eo.po +++ b/po/eo.po @@ -3128,6 +3128,10 @@ msgstr "skribi kaj fini" msgid "show key fingerprint" msgstr "montri fingrospuron" +#, fuzzy +msgid "show the keygrip" +msgstr "Subskribo-notacio: " + msgid "list key and user IDs" msgstr "listigi ?losilojn kaj uzantidentigilojn" @@ -3199,10 +3203,6 @@ msgstr "Vi ne povas msgid "flag the selected user ID as primary" msgstr "marku uzantidentigilon kiel ?efan" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "de sekreta a? publika listo iri al la alia" - msgid "list preferences (expert)" msgstr "listigi preferojn (spertula)" @@ -3263,9 +3263,6 @@ msgstr "Sekreta msgid "Need the secret key to do this.\n" msgstr "Bezonas la sekretan ?losilon por fari tion.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Bonvolu uzi la komandon \"toggle\" unue.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4268,7 +4265,7 @@ msgstr "listigi msgid " Subkey fingerprint:" msgstr " ?losilo-fingrospuro =" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID #, fuzzy msgid " Primary key fingerprint:" @@ -8307,6 +8304,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "de sekreta a? publika listo iri al la alia" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Bonvolu uzi la komandon \"toggle\" unue.\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "malbona pasfrazo" diff --git a/po/es.po b/po/es.po index 8cd141b..40ebb72 100644 --- a/po/es.po +++ b/po/es.po @@ -3153,6 +3153,11 @@ msgstr "graba y sale" msgid "show key fingerprint" msgstr "muestra huella dactilar de la clave" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "Introduzca keygrip: " + msgid "list key and user IDs" msgstr "lista clave e identificadores de usuario" @@ -3213,9 +3218,6 @@ msgstr "cambiar la fecha de caducidad para la clave o subclaves seleccionadas" msgid "flag the selected user ID as primary" msgstr "marcar ID de usuario seleccionado como primario" -msgid "toggle between the secret and public key listings" -msgstr "cambiar entre lista de claves secretas y p?blicas" - msgid "list preferences (expert)" msgstr "mostrar preferencias (experto)" @@ -3267,9 +3269,6 @@ msgstr "Clave secreta disponible.\n" msgid "Need the secret key to do this.\n" msgstr "Se necesita la clave secreta para hacer esto.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Por favor use la orden \"cambia\" primero.\n" - #, fuzzy #| msgid "" #| "* The `sign' command may be prefixed with an `l' for local signatures " @@ -4259,7 +4258,7 @@ msgstr "Huellas dactilares de la clave primaria:" msgid " Subkey fingerprint:" msgstr " Huella de subclave:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Huella clave primaria:" @@ -8557,6 +8556,12 @@ msgstr "" "Compara frase contrase?a dada en entrada est?ndar con un fichero de " "patrones\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "cambiar entre lista de claves secretas y p?blicas" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Por favor use la orden \"cambia\" primero.\n" + # ?Por qu? no frase de paso? # Porque todo el mundo sabe lo que es una contrase?a # y una "frase de paso" no. Soy consciente de que se diff --git a/po/et.po b/po/et.po index 4066f58..5ec88c9 100644 --- a/po/et.po +++ b/po/et.po @@ -3112,6 +3112,10 @@ msgstr "salvesta ja v msgid "show key fingerprint" msgstr "n?ita s?rmej?lge" +#, fuzzy +msgid "show the keygrip" +msgstr "Allkirja noteerimine: " + msgid "list key and user IDs" msgstr "n?ita v?tit ja kasutaja IDd" @@ -3182,10 +3186,6 @@ msgstr "v3 v msgid "flag the selected user ID as primary" msgstr "m?rgi kasutaja ID primaarseks" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "l?lita salajaste v?i avalike v?tmete loendi vahel" - msgid "list preferences (expert)" msgstr "n?ita eelistusi (ekspert)" @@ -3246,9 +3246,6 @@ msgstr "Salajane v msgid "Need the secret key to do this.\n" msgstr "Selle tegamiseks on vaja salajast v?tit.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Palun kasutage k?igepealt k?sku \"toggle\".\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4241,7 +4238,7 @@ msgstr "Primaarse v msgid " Subkey fingerprint:" msgstr " Alamv?tme s?rmej?lg:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Primaarse v?tme s?rmej?lg:" @@ -8278,6 +8275,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "l?lita salajaste v?i avalike v?tmete loendi vahel" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Palun kasutage k?igepealt k?sku \"toggle\".\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "halb parool" diff --git a/po/fi.po b/po/fi.po index 98624e2..14f4f16 100644 --- a/po/fi.po +++ b/po/fi.po @@ -3133,6 +3133,10 @@ msgstr "tallenna ja lopeta" msgid "show key fingerprint" msgstr "n??yt?? sormenj??lki" +#, fuzzy +msgid "show the keygrip" +msgstr "Allekirjoitusnotaatio: " + msgid "list key and user IDs" msgstr "n??yt?? avaimet ja k??ytt??j??tunnukset" @@ -3203,10 +3207,6 @@ msgstr "Et voi muuttaa v3-avainten vanhentumisp??iv????\n" msgid "flag the selected user ID as primary" msgstr "merkitse k??ytt??j??tunnus ensisijaiseksi" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "vaihda salaisten ja julkisten avainten luettelon v??lill??" - msgid "list preferences (expert)" msgstr "n??yt?? valinnat (asiantuntija)" @@ -3267,9 +3267,6 @@ msgstr "Salainen avain on saatavilla.\n" msgid "Need the secret key to do this.\n" msgstr "T??h??n tarvitaan salainen avain.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "K??yt?? ensin komentoa \"toggle\".\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4272,7 +4269,7 @@ msgstr "Ensisijaisen avaimen sormenj??lki:" msgid " Subkey fingerprint:" msgstr " Aliavaimen sormenj??lki:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Ensisijaisen avaimen sormenj??lki:" @@ -8337,6 +8334,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "vaihda salaisten ja julkisten avainten luettelon v??lill??" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "K??yt?? ensin komentoa \"toggle\".\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "v????r?? salasana" diff --git a/po/fr.po b/po/fr.po index 6ba3bd0..aed3bb7 100644 --- a/po/fr.po +++ b/po/fr.po @@ -3016,6 +3016,11 @@ msgstr "enregistrer et quitter" msgid "show key fingerprint" msgstr "afficher l'empreinte de la clef" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "Entrez le keygrip??: " + msgid "list key and user IDs" msgstr "afficher la clef et les identit??s" @@ -3079,10 +3084,6 @@ msgstr "" msgid "flag the selected user ID as primary" msgstr "marquer l'identit?? s??lectionn??e comme principale" -msgid "toggle between the secret and public key listings" -msgstr "" -"passer de la liste de clefs secr??tes ?? celle de clefs priv??es ou vice versa" - msgid "list preferences (expert)" msgstr "afficher les pr??f??rences (expert)" @@ -3138,9 +3139,6 @@ msgstr "La clef secr??te est disponible.\n" msgid "Need the secret key to do this.\n" msgstr "La clef secr??te est n??cessaire pour faire cela.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Veuillez d'abord utiliser la commande ????toggle????.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4118,7 +4116,7 @@ msgstr "Empreinte de clef principale??:" msgid " Subkey fingerprint:" msgstr " Empreinte de la sous-clef??:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "Empreinte clef princip.??:" @@ -8201,6 +8199,14 @@ msgstr "" "V??rifier une phrase secr??te donn??e sur l'entr??e standard par rapport ?? " "ficmotif\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "" +#~ "passer de la liste de clefs secr??tes ?? celle de clefs priv??es ou vice " +#~ "versa" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Veuillez d'abord utiliser la commande ????toggle????.\n" + #~ msgid "Passphrase" #~ msgstr "Phrase secr??te" diff --git a/po/gl.po b/po/gl.po index 67a1cd6..ee50059 100644 --- a/po/gl.po +++ b/po/gl.po @@ -3130,6 +3130,10 @@ msgstr "gardar e sa msgid "show key fingerprint" msgstr "amosar fingerprint" +#, fuzzy +msgid "show the keygrip" +msgstr "Notaci?n de sinaturas: " + msgid "list key and user IDs" msgstr "listar chave e IDs de usuario" @@ -3202,10 +3206,6 @@ msgstr "Non pode cambia-la data de expiraci msgid "flag the selected user ID as primary" msgstr "marcar un ID de usuario coma primario" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "cambiar entre o listado de chaves p?blicas e secretas" - msgid "list preferences (expert)" msgstr "lista-las preferencias (expertos)" @@ -3270,9 +3270,6 @@ msgstr "A chave secreta est msgid "Need the secret key to do this.\n" msgstr "C?mpre a chave secreta para facer isto.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Por favor, empregue o comando \"toggle\" antes.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4286,7 +4283,7 @@ msgstr "Pegada dactilar da chave primaria:" msgid " Subkey fingerprint:" msgstr " Pegada dactilar da sub-chave:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "Pegada dactilar da chave primaria:" @@ -8362,6 +8359,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "cambiar entre o listado de chaves p?blicas e secretas" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Por favor, empregue o comando \"toggle\" antes.\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "contrasinal err?neo" diff --git a/po/hu.po b/po/hu.po index d9ca173..df78cee 100644 --- a/po/hu.po +++ b/po/hu.po @@ -3111,6 +3111,10 @@ msgstr "ment msgid "show key fingerprint" msgstr "megmutatja az ujjlenyomatot" +#, fuzzy +msgid "show the keygrip" +msgstr "Al??r?s-jel?l?s: " + msgid "list key and user IDs" msgstr "kilist?zza a kulcs- ?s felhaszn?l?azonos?t?kat" @@ -3181,10 +3185,6 @@ msgstr "Nem v msgid "flag the selected user ID as primary" msgstr "felhaszn?l?azonos?t? megjel?l?se els?dlegesk?nt" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "v?lt?s a titkos ?s a nyilv?nos kulcs list?z?sa k?z?tt" - msgid "list preferences (expert)" msgstr "preferenci?k list?z?sa (szak?rt?)" @@ -3245,9 +3245,6 @@ msgstr "Titkos kulcs rendelkez msgid "Need the secret key to do this.\n" msgstr "Ehhez sz?ks?g van a titkos kulcsra.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "K?rem, haszn?lja el?bb a \"toggle\" parancsot!\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4252,7 +4249,7 @@ msgstr "Els msgid " Subkey fingerprint:" msgstr " Alkulcsujjlenyomat:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "Els?dlegeskulcs-ujjlenyomat:" @@ -8310,6 +8307,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "v?lt?s a titkos ?s a nyilv?nos kulcs list?z?sa k?z?tt" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "K?rem, haszn?lja el?bb a \"toggle\" parancsot!\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "rossz jelsz?" diff --git a/po/id.po b/po/id.po index 0777e4e..8cffa15 100644 --- a/po/id.po +++ b/po/id.po @@ -3116,6 +3116,10 @@ msgstr "simpan dan berhenti" msgid "show key fingerprint" msgstr "tampilkan fingerprint" +#, fuzzy +msgid "show the keygrip" +msgstr "Notasi signature: " + msgid "list key and user IDs" msgstr "tampilkan kunci dan ID user" @@ -3186,10 +3190,6 @@ msgstr "Anda tidak dapat merubah batas waktu kunci v3\n" msgid "flag the selected user ID as primary" msgstr "tandai ID user sebagai primer" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "ubah tampilan kunci rahasia dan publik" - msgid "list preferences (expert)" msgstr "tampilkan preferensi (ahli)" @@ -3250,9 +3250,6 @@ msgstr "Kunci rahasia tersedia.\n" msgid "Need the secret key to do this.\n" msgstr "Perlu kunci rahasia untuk melakukan hal ini.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Silakan gunakan dulu perintah \"toogle\".\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4256,7 +4253,7 @@ msgstr "Fingerprint kunci primer:" msgid " Subkey fingerprint:" msgstr " Fingerprint subkunci =" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Fingerprint kunci primer =" @@ -8299,6 +8296,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "ubah tampilan kunci rahasia dan publik" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Silakan gunakan dulu perintah \"toogle\".\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "passphrase yang buruk" diff --git a/po/it.po b/po/it.po index 31d4295..0486c6c 100644 --- a/po/it.po +++ b/po/it.po @@ -3123,6 +3123,10 @@ msgstr "salva ed esci" msgid "show key fingerprint" msgstr "mostra le impronte digitali" +#, fuzzy +msgid "show the keygrip" +msgstr "Annotazione della firma: " + msgid "list key and user IDs" msgstr "elenca le chiavi e gli user ID" @@ -3193,10 +3197,6 @@ msgstr "Non msgid "flag the selected user ID as primary" msgstr "imposta l'user ID come primario" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "cambia tra visualizzare la chiave segreta e la chiave pubblica" - msgid "list preferences (expert)" msgstr "elenca le preferenze (per esperti)" @@ -3257,9 +3257,6 @@ msgstr " msgid "Need the secret key to do this.\n" msgstr "Per fare questo serve la chiave segreta.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Per favore usa prima il comando \"toggle\".\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4272,7 +4269,7 @@ msgstr "Impronta digitale della chiave primaria:" msgid " Subkey fingerprint:" msgstr " Impronta digitale della subchiave:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Impronta digitale della chiave primaria:" @@ -8340,6 +8337,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "cambia tra visualizzare la chiave segreta e la chiave pubblica" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Per favore usa prima il comando \"toggle\".\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "passphrase errata" diff --git a/po/ja.po b/po/ja.po index 3bdac1b..51a9d74 100644 --- a/po/ja.po +++ b/po/ja.po @@ -648,9 +648,7 @@ msgstr "??????????????????" msgid "" "Do you really want to delete the key identified by keygrip%%0A %s%%0A %%C" "%%0A?" -msgstr "" -"??????????????????: keygrip%%0A %s%%0A %%C" -"%%0A??????????????????????" +msgstr "??????????????????: keygrip%%0A %s%%0A %%C%%0A??????????????????????" msgid "Delete key" msgstr "??????????????????" @@ -2896,6 +2894,11 @@ msgstr "??????????????????" msgid "show key fingerprint" msgstr "??????????????????????????????????????????" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "keygrip?????????: " + msgid "list key and user IDs" msgstr "???????????????ID?????????" @@ -2956,9 +2959,6 @@ msgstr "????????????????????????????????????????????????????????????" msgid "flag the selected user ID as primary" msgstr "?????????????????????ID???????????????" -msgid "toggle between the secret and public key listings" -msgstr "???????????????????????????????????????" - msgid "list preferences (expert)" msgstr "????????????????????? (??????????????????)" @@ -3010,9 +3010,6 @@ msgstr "?????????????????????????????????\n" msgid "Need the secret key to do this.\n" msgstr "?????????????????????????????????????????????\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "??????\"toggle\"???????????????????????????????????????\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -3950,7 +3947,7 @@ msgstr "????????????????????????????????????:" msgid " Subkey fingerprint:" msgstr "????????????????????????????????????:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "????????????????????????????????????:" @@ -7812,6 +7809,12 @@ msgstr "" "??????: gpg-check-pattern [???????????????] ????????????????????????\n" "????????????????????????????????????????????????????????????????????????????????????\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "???????????????????????????????????????" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "??????\"toggle\"???????????????????????????????????????\n" + #~ msgid "Passphrase" #~ msgstr "??????????????????" diff --git a/po/nb.po b/po/nb.po index d85db65..c50c8d3 100644 --- a/po/nb.po +++ b/po/nb.po @@ -3065,6 +3065,11 @@ msgstr "lagre og avslutte" msgid "show key fingerprint" msgstr "vise n?kkelens fingeravtrykk" +#, fuzzy +#| msgid "show this help" +msgid "show the keygrip" +msgstr "vise denne hjelpen" + msgid "list key and user IDs" msgstr "liste n?kler og brukerider" @@ -3125,9 +3130,6 @@ msgstr "" msgid "flag the selected user ID as primary" msgstr "markere den valgte brukeriden som den prim?re" -msgid "toggle between the secret and public key listings" -msgstr "veksle mellom hemmelig og offentlig n?kkellisting" - msgid "list preferences (expert)" msgstr "liste preferanser (ekspert)" @@ -3179,9 +3181,6 @@ msgstr "Hemmelig n msgid "Need the secret key to do this.\n" msgstr "Trenger den hemmelige n?kkelen for ? gj?re dette.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Vennligst bruk kommandoen ?toggle? f?rst.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4147,7 +4146,7 @@ msgstr "Fingeravtrykk for prim msgid " Subkey fingerprint:" msgstr " Fingeravtrykk for undern?kkel:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Fingeravtrykk for prim?rn?kkel:" @@ -8160,6 +8159,12 @@ msgid "" "Check a passphrase given on stdin against the patternfile\n" msgstr "" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "veksle mellom hemmelig og offentlig n?kkellisting" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Vennligst bruk kommandoen ?toggle? f?rst.\n" + #, fuzzy #~ msgid "Passphrase" #~ msgstr "ugyldig passfrase" diff --git a/po/pl.po b/po/pl.po index 9d70c8d..4f5d4a8 100644 --- a/po/pl.po +++ b/po/pl.po @@ -3138,6 +3138,11 @@ msgstr "zapis zmian i wyj msgid "show key fingerprint" msgstr "okazanie odcisku klucza" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "Uchwyt klucza: " + msgid "list key and user IDs" msgstr "lista kluczy i identyfikator?w u?ytkownika" @@ -3204,9 +3209,6 @@ msgstr "zmiana daty wyga msgid "flag the selected user ID as primary" msgstr "oznaczenie wybranego identyfikatora u?ytkownika jako g??wnego" -msgid "toggle between the secret and public key listings" -msgstr "prze??czenie pomi?dzy listami kluczy tajnych i publicznych" - msgid "list preferences (expert)" msgstr "ustawienia (zaawansowane)" @@ -3264,9 +3266,6 @@ msgstr "Dost msgid "Need the secret key to do this.\n" msgstr "Do wykonania tej operacji potrzebny jest klucz tajny.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Najpierw trzeba u?y? polecenia \"prze?\".\n" - #, fuzzy #| msgid "" #| "* The `sign' command may be prefixed with an `l' for local signatures " @@ -4274,7 +4273,7 @@ msgstr "Odcisk klucza g msgid " Subkey fingerprint:" msgstr " Odcisk podklucza:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Odcisk klucza g??wnego:" @@ -8540,6 +8539,12 @@ msgstr "" "Sk?adnia: gpg-check-pattern [opcje] plik-wzorc?w\n" "Sprawdzanie has?a ze standardowego wej?cia wzgl?dem pliku wzorc?w\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "prze??czenie pomi?dzy listami kluczy tajnych i publicznych" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Najpierw trzeba u?y? polecenia \"prze?\".\n" + #~ msgid "Passphrase" #~ msgstr "Has?o" diff --git a/po/pt.po b/po/pt.po index ef8fd0e..b9c0753 100644 --- a/po/pt.po +++ b/po/pt.po @@ -3121,6 +3121,10 @@ msgstr "gravar e sair" msgid "show key fingerprint" msgstr "mostra impress?o digital" +#, fuzzy +msgid "show the keygrip" +msgstr "Nota??o de assinatura: " + msgid "list key and user IDs" msgstr "lista chave e identificadores de utilizadores" @@ -3192,10 +3196,6 @@ msgstr "Voc msgid "flag the selected user ID as primary" msgstr "seleccionar o identificador do utilizador como prim?rio" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "alterna entre listagem de chave secreta e p?blica" - msgid "list preferences (expert)" msgstr "lista prefer?ncias (perito)" @@ -3258,9 +3258,6 @@ msgstr "Chave secreta dispon msgid "Need the secret key to do this.\n" msgstr "A chave secreta ? necess?ria para fazer isto.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Por favor utilize o comando \"toggle\" primeiro.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4264,7 +4261,7 @@ msgstr "Impress msgid " Subkey fingerprint:" msgstr " Impress?o da subchave:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "Impress?o da chave prim?ria:" @@ -8316,6 +8313,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "alterna entre listagem de chave secreta e p?blica" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Por favor utilize o comando \"toggle\" primeiro.\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "frase secreta incorrecta" diff --git a/po/ro.po b/po/ro.po index 753e4de..3cd7f33 100644 --- a/po/ro.po +++ b/po/ro.po @@ -3126,6 +3126,10 @@ msgstr "salveaz msgid "show key fingerprint" msgstr "afi?eaz? amprenta cheii" +#, fuzzy +msgid "show the keygrip" +msgstr "Notare semn?tur?: " + msgid "list key and user IDs" msgstr "enumer? chei ?i ID-uri utilizator" @@ -3188,9 +3192,6 @@ msgstr "schimb msgid "flag the selected user ID as primary" msgstr "marcheaz? ID-ul utilizator selectat ca primar" -msgid "toggle between the secret and public key listings" -msgstr "comut? ?ntre listele de chei secrete ?i publice" - msgid "list preferences (expert)" msgstr "enumer? preferin?ele (expert)" @@ -3246,9 +3247,6 @@ msgstr "Cheia secret msgid "Need the secret key to do this.\n" msgstr "Ave?i nevoie de cheia secret? pentru a face aceasta.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "V? rug?m folosi?i mai ?nt?i comanda \"toggle\".\n" - #, fuzzy #| msgid "" #| "* The `sign' command may be prefixed with an `l' for local signatures " @@ -4245,7 +4243,7 @@ msgstr "Amprent msgid " Subkey fingerprint:" msgstr " Amprent? subcheie:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Amprent? cheie primar?:" @@ -8339,6 +8337,12 @@ msgid "" "Check a passphrase given on stdin against the patternfile\n" msgstr "" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "comut? ?ntre listele de chei secrete ?i publice" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "V? rug?m folosi?i mai ?nt?i comanda \"toggle\".\n" + #, fuzzy #~ msgid "Passphrase" #~ msgstr "fraz?-parol? incorect?" diff --git a/po/ru.po b/po/ru.po index 7633954..661299a 100644 --- a/po/ru.po +++ b/po/ru.po @@ -2932,6 +2932,11 @@ msgstr "?????????????????? ?? ??????????" msgid "show key fingerprint" msgstr "???????????????? ?????????????????? ??????????" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "?????????????? ?????? ??????????:" + msgid "list key and user IDs" msgstr "?????????????? ???????????? ???????????? ?? ID ????????????????????????" @@ -2992,9 +2997,6 @@ msgstr "?????????????? ???????? ???????????????? ?????????? ?????? ???????????? msgid "flag the selected user ID as primary" msgstr "???????????????? ?????????????????? ID ???????????????????????? ?????? ??????????????????" -msgid "toggle between the secret and public key listings" -msgstr "???????????????????????? ?????????? ???????????????????? ???????????????? ?? ???????????????? ????????????" - msgid "list preferences (expert)" msgstr "???????????? ???????????????????????? (??????????????????)" @@ -3048,9 +3050,6 @@ msgstr "???????????????? ???????? ????????????????.\n" msgid "Need the secret key to do this.\n" msgstr "?????? ?????????????? ???????????????? ?????????? ???????????????? ????????.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "?????????????? ???????????????????????????? ???????????????? \"toggle\".\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4001,7 +4000,7 @@ msgstr "?????????????????? ???????????????? ??????????:" msgid " Subkey fingerprint:" msgstr " ?????????????????? ????????????????:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " ?????????????????? ???????????????? ??????????:" @@ -7924,6 +7923,12 @@ msgstr "" "??????????????????: gpg-check-pattern [??????????????????] ????????_????????????????\n" "?????????????????? ??????????-????????????, ?????????????????????? ???? stdin, ???? ?????????? ????????????????\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "???????????????????????? ?????????? ???????????????????? ???????????????? ?? ???????????????? ????????????" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "?????????????? ???????????????????????????? ???????????????? \"toggle\".\n" + #~ msgid "Passphrase" #~ msgstr "??????????-????????????" diff --git a/po/sk.po b/po/sk.po index 9c1375d..562aeb7 100644 --- a/po/sk.po +++ b/po/sk.po @@ -3136,6 +3136,10 @@ msgstr "ulo msgid "show key fingerprint" msgstr "vyp?sa? fingerprint" +#, fuzzy +msgid "show the keygrip" +msgstr "Podpisov? not?cia: " + msgid "list key and user IDs" msgstr "vyp?sa? zoznam k???ov a id u??vate?ov" @@ -3206,10 +3210,6 @@ msgstr "Nem msgid "flag the selected user ID as primary" msgstr "ozna?i? u??vate?sk? ID ako prim?rne" -#, fuzzy -msgid "toggle between the secret and public key listings" -msgstr "prepn?? medzi vyp?san?m zoznamu tajn?ch a verejn?ch k???ov" - msgid "list preferences (expert)" msgstr "vyp?sa? zoznam predvolieb (pre expertov)" @@ -3270,9 +3270,6 @@ msgstr "Tajn msgid "Need the secret key to do this.\n" msgstr "Na vykonanie tejto oper?cie je potrebn? tajn? k???.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Pros?m, najsk?r pou?ite pr?kaz \"toggle\" (prepn??).\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4269,7 +4266,7 @@ msgstr "Prim msgid " Subkey fingerprint:" msgstr " Fingerprint podk???a:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Prim?rny fingerprint k???a:" @@ -8328,6 +8325,13 @@ msgid "" msgstr "" #, fuzzy +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "prepn?? medzi vyp?san?m zoznamu tajn?ch a verejn?ch k???ov" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Pros?m, najsk?r pou?ite pr?kaz \"toggle\" (prepn??).\n" + +#, fuzzy #~ msgid "Passphrase" #~ msgstr "nespr?vne heslo" diff --git a/po/sv.po b/po/sv.po index 8f9d654..fb4ca7e 100644 --- a/po/sv.po +++ b/po/sv.po @@ -3189,6 +3189,11 @@ msgstr "spara och avsluta" msgid "show key fingerprint" msgstr "visa nyckelns fingeravtryck" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "Ange nyckelhashen: " + msgid "list key and user IDs" msgstr "lista nycklar och anv??ndaridentiteter" @@ -3250,9 +3255,6 @@ msgstr "??ndra utg??ngsdatumet f??r nyckeln eller valda undernycklar" msgid "flag the selected user ID as primary" msgstr "flagga vald anv??ndaridentitet som prim??r" -msgid "toggle between the secret and public key listings" -msgstr "v??xla mellan att lista hemliga och publika nycklar" - msgid "list preferences (expert)" msgstr "lista inst??llningar (expertl??ge)" @@ -3310,9 +3312,6 @@ msgstr "Den hemliga nyckeln finns tillg??nglig.\n" msgid "Need the secret key to do this.\n" msgstr "Den hemliga nyckeln beh??vs f??r att g??ra detta.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Anv??nd kommandot \"toggle\" f??rst.\n" - #, fuzzy #| msgid "" #| "* The `sign' command may be prefixed with an `l' for local signatures " @@ -4327,7 +4326,7 @@ msgstr "Prim??ra nyckelns fingeravtryck:" msgid " Subkey fingerprint:" msgstr " Undernyckelns fingeravtryck:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "Prim??ra nyckelns fingeravtryck:" @@ -8645,6 +8644,12 @@ msgstr "" "Syntax: gpg-check-pattern [flaggor] m??nsterfil\n" "Kontrollera en l??senfras angiven p?? standard in mot m??nsterfilen\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "v??xla mellan att lista hemliga och publika nycklar" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Anv??nd kommandot \"toggle\" f??rst.\n" + #~ msgid "Passphrase" #~ msgstr "L??senfras" diff --git a/po/tr.po b/po/tr.po index 9ce59ce..3ab774a 100644 --- a/po/tr.po +++ b/po/tr.po @@ -3126,6 +3126,10 @@ msgstr "kaydet ve ????k" msgid "show key fingerprint" msgstr "parmakizini g??sterir" +#, fuzzy +msgid "show the keygrip" +msgstr "Simgelemi giriniz: " + msgid "list key and user IDs" msgstr "anahtar?? ve kullan??c?? kimli??ini g??sterir" @@ -3190,9 +3194,6 @@ msgstr "" msgid "flag the selected user ID as primary" msgstr "se??ili kullan??c?? kimli??ini as??l olarak imler" -msgid "toggle between the secret and public key listings" -msgstr "genel ve gizli anahtar listeleri aras??nda yer de??i??tirir" - msgid "list preferences (expert)" msgstr "tercihleri listeler (uzman)" @@ -3250,9 +3251,6 @@ msgstr "Gizli anahtar mevcut.\n" msgid "Need the secret key to do this.\n" msgstr "Bunu yapmak i??in gizli anahtar gerekli.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "l??tfen ??nce \"se??mece\" komutunu kullan??n.\n" - #, fuzzy #| msgid "" #| "* The `sign' command may be prefixed with an `l' for local signatures " @@ -4282,7 +4280,7 @@ msgstr "Birincil anahtar parmak izi:" msgid " Subkey fingerprint:" msgstr "Yard??mc?? anahtar parmak izi:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "Birincil anahtar parmak izi:" @@ -8570,6 +8568,12 @@ msgstr "" "Standart girdiden verilen anahtar parolas??n?? ??r??nt?? dosyas??yla " "kar????la??t??r??r\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "genel ve gizli anahtar listeleri aras??nda yer de??i??tirir" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "l??tfen ??nce \"se??mece\" komutunu kullan??n.\n" + #~ msgid "Passphrase" #~ msgstr "Anahtar Parolas??" diff --git a/po/uk.po b/po/uk.po index 865a292..b523414 100644 --- a/po/uk.po +++ b/po/uk.po @@ -2993,6 +2993,11 @@ msgstr "???????????????? ?? ??????????" msgid "show key fingerprint" msgstr "???????????????? ???????????????? ??????????" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "?????????????? keygrip: " + msgid "list key and user IDs" msgstr "???????????????? ???????????? ???????????? ???? ?????????????????????????????? ??????????????????????" @@ -3057,9 +3062,6 @@ msgstr "?????????????? ???????? ???????????????????? ???????????? ?????? ?????? msgid "flag the selected user ID as primary" msgstr "?????????????????? ???????????????? ?????????????????????????? ?????????????????????? ???? ????????????????" -msgid "toggle between the secret and public key listings" -msgstr "???????????????????????? ?????? ???????????????? ???????????????? ?? ?????????????????? ????????????" - msgid "list preferences (expert)" msgstr "???????????? ?????????????? (????????????????????)" @@ -3117,9 +3119,6 @@ msgstr "?????????????????? ???????????????? ????????.\n" msgid "Need the secret key to do this.\n" msgstr "?????? ?????????? ???????????????? ???????????????? ????????.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "?????????????????????????? ???????????????? ???????????????? ??toggle??.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4083,7 +4082,7 @@ msgstr "???????????????? ???????????????? ??????????:" msgid " Subkey fingerprint:" msgstr " ???????????????? ????????????????:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr "???????????????? ?????????????????? ??????????:" @@ -8039,6 +8038,12 @@ msgstr "" "??????????????????: gpg-check-pattern [??????????????????] ????????_????????????????\n" "???????????????????? ????????????, ???????????????? ?? stdin, ???? ?????????????????? ??????????_????????????????\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "???????????????????????? ?????? ???????????????? ???????????????? ?? ?????????????????? ????????????" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "?????????????????????????? ???????????????? ???????????????? ??toggle??.\n" + #~ msgid "Passphrase" #~ msgstr "????????????" diff --git a/po/zh_CN.po b/po/zh_CN.po index caa9568..ed873ba 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -3063,6 +3063,10 @@ msgstr "???????????????" msgid "show key fingerprint" msgstr "??????????????????" +#, fuzzy +msgid "show the keygrip" +msgstr "???????????????" + msgid "list key and user IDs" msgstr "???????????????????????????" @@ -3123,9 +3127,6 @@ msgstr "??????????????????????????????????????????" msgid "flag the selected user ID as primary" msgstr "????????????????????????????????????????????????" -msgid "toggle between the secret and public key listings" -msgstr "?????????????????????????????????" - msgid "list preferences (expert)" msgstr "???????????????(????????????)" @@ -3177,9 +3178,6 @@ msgstr "???????????????\n" msgid "Need the secret key to do this.\n" msgstr "??????????????????????????????\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "???????????????toggle????????????\n" - #, fuzzy #| msgid "" #| "* The `sign' command may be prefixed with an `l' for local signatures " @@ -4152,7 +4150,7 @@ msgstr "???????????????" msgid " Subkey fingerprint:" msgstr "???????????????" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " ???????????????" @@ -8178,6 +8176,12 @@ msgid "" "Check a passphrase given on stdin against the patternfile\n" msgstr "" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "?????????????????????????????????" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "???????????????toggle????????????\n" + #, fuzzy #~ msgid "Passphrase" #~ msgstr "???????????????" diff --git a/po/zh_TW.po b/po/zh_TW.po index 18d8b09..ac86d58 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -2897,6 +2897,11 @@ msgstr "???????????????" msgid "show key fingerprint" msgstr "??????????????????" +#, fuzzy +#| msgid "Enter the keygrip: " +msgid "show the keygrip" +msgstr "?????????????????????: " + msgid "list key and user IDs" msgstr "???????????????????????? ID" @@ -2957,9 +2962,6 @@ msgstr "??????????????????????????????????????????" msgid "flag the selected user ID as primary" msgstr "????????????????????? ID ????????????" -msgid "toggle between the secret and public key listings" -msgstr "???????????????????????????????????????" - msgid "list preferences (expert)" msgstr "???????????? (????????????)" @@ -3011,9 +3013,6 @@ msgstr "????????????.\n" msgid "Need the secret key to do this.\n" msgstr "???????????????????????????.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "???????????? \"toggle\" ??????.\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -3949,7 +3948,7 @@ msgstr " ????????????:" msgid " Subkey fingerprint:" msgstr " ????????????:" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " ????????????:" @@ -7775,6 +7774,12 @@ msgstr "" "??????: gpg-check-pattern [??????] ????????????\n" "??????????????????????????????????????????????????????\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "???????????????????????????????????????" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "???????????? \"toggle\" ??????.\n" + #~ msgid "Passphrase" #~ msgstr "??????" commit ee290b58700f003e05c5405cbb8a7bce5c1123c0 Author: Werner Koch Date: Tue Aug 11 13:53:00 2015 +0200 po: Update German translation -- diff --git a/po/de.po b/po/de.po index 96dfa65..368fce9 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.1.0\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2015-07-01 13:04+0200\n" +"PO-Revision-Date: 2015-08-11 13:52+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "Language: de\n" @@ -2994,6 +2994,9 @@ msgstr "speichern und Men?? verlassen" msgid "show key fingerprint" msgstr "Fingerabdruck des Schl??ssels anzeigen" +msgid "show the keygrip" +msgstr "\"Keygrip\" des Schl??ssels anzeigen" + msgid "list key and user IDs" msgstr "Schl??ssel und User-IDs auflisten" @@ -3055,9 +3058,6 @@ msgstr "" msgid "flag the selected user ID as primary" msgstr "User-ID als Haupt-User-ID kennzeichnen" -msgid "toggle between the secret and public key listings" -msgstr "Umschalten zwischen dem Auflisten geheimer und ??ffentlicher Schl??ssel" - msgid "list preferences (expert)" msgstr "Liste der Voreinstellungen (f??r Experten)" @@ -3114,9 +3114,6 @@ msgstr "Geheimer Schl??ssel ist vorhanden.\n" msgid "Need the secret key to do this.\n" msgstr "Hierzu wird der geheime Schl??ssel ben??tigt.\n" -msgid "Please use the command \"toggle\" first.\n" -msgstr "Bitte verwenden sie zun??chst den Befehl \"toggle\"\n" - msgid "" "* The 'sign' command may be prefixed with an 'l' for local signatures " "(lsign),\n" @@ -4077,7 +4074,7 @@ msgstr "Haupt-Fingerabdruck =" msgid " Subkey fingerprint:" msgstr "Unter-Fingerabdruck =" -#. TRANSLATORS: this should fit into 24 bytes to that the +#. TRANSLATORS: this should fit into 24 bytes so that the #. * fingerprint data is properly aligned with the user ID msgid " Primary key fingerprint:" msgstr " Haupt-Fingerabdruck =" @@ -8090,6 +8087,13 @@ msgstr "" "Syntax: gpg-check-pattern [optionen] Musterdatei\n" "Die von stdin gelesene Passphrase gegen die Musterdatei pr??fen\n" +#~ msgid "toggle between the secret and public key listings" +#~ msgstr "" +#~ "Umschalten zwischen dem Auflisten geheimer und ??ffentlicher Schl??ssel" + +#~ msgid "Please use the command \"toggle\" first.\n" +#~ msgstr "Bitte verwenden sie zun??chst den Befehl \"toggle\"\n" + #~ msgid "Passphrase" #~ msgstr "Passphrase" commit 79b90039a86014a03caddd2887a378f6ef1802db Author: Daniel Kahn Gillmor Date: Tue Aug 11 00:01:26 2015 -0400 doc: Improve documentation of VALIDSIG -- diff --git a/doc/DETAILS b/doc/DETAILS index 23a5420..eb889c9 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -409,7 +409,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - [ ] This status indicates that the signature is cryptographically - valid. This similar to GOODSIG or EXPSIG or EXPKEYSIG or REVSIG + valid. This is similar to GOODSIG, EXPSIG, EXPKEYSIG, or REVKEYSIG (depending on the date and the state of the signature and signing key) but has the fingerprint as the argument. Multiple status lines (VALIDSIG and the other appropriate *SIG status) are emitted ----------------------------------------------------------------------- Summary of changes: NEWS | 28 ++++++++++++++++++++++++++-- configure.ac | 2 +- doc/DETAILS | 2 +- po/ca.po | 20 ++++++++++++-------- po/cs.po | 19 ++++++++++++------- po/da.po | 22 +++++++++++++++------- po/de.po | 20 ++++++++++++-------- po/el.po | 20 ++++++++++++-------- po/eo.po | 20 ++++++++++++-------- po/es.po | 19 ++++++++++++------- po/et.po | 20 ++++++++++++-------- po/fi.po | 20 ++++++++++++-------- po/fr.po | 22 ++++++++++++++-------- po/gl.po | 20 ++++++++++++-------- po/hu.po | 20 ++++++++++++-------- po/id.po | 20 ++++++++++++-------- po/it.po | 20 ++++++++++++-------- po/ja.po | 23 +++++++++++++---------- po/nb.po | 19 ++++++++++++------- po/pl.po | 19 ++++++++++++------- po/pt.po | 20 ++++++++++++-------- po/ro.po | 18 +++++++++++------- po/ru.po | 19 ++++++++++++------- po/sk.po | 20 ++++++++++++-------- po/sv.po | 19 ++++++++++++------- po/tr.po | 18 +++++++++++------- po/uk.po | 19 ++++++++++++------- po/zh_CN.po | 18 +++++++++++------- po/zh_TW.po | 19 ++++++++++++------- 29 files changed, 343 insertions(+), 202 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 11 18:34:42 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 11 Aug 2015 18:34:42 +0200 Subject: [git] gnupg-doc - branch, master, updated. d4b19d308acb0038a35471661e193e475c2552cf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d4b19d308acb0038a35471661e193e475c2552cf (commit) from f7f4f59a66a514a3554946e08ee16ebd2b219372 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4b19d308acb0038a35471661e193e475c2552cf Author: Werner Koch Date: Tue Aug 11 18:08:47 2015 +0200 swdb: Release of GnuPG 2.1.7 diff --git a/web/download/index.org b/web/download/index.org index d629182..3cb17c6 100644 --- a/web/download/index.org +++ b/web/download/index.org @@ -43,20 +43,20 @@ | Name | Version | Size | Tarball | Signature | |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| | | | | | | - | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | GnuPG classic | {{{gnupg1_ver}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG stable | {{{gnupg_ver}}} | {{{gnupg_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG modern | {{{gnupg21_ver}}} | {{{gnupg21_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg21_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | GnuPG classic | {{{gnupg1_ver}}} | {{{gnupg1_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gnupg/gnupg-{{{gnupg1_ver}}}.tar.bz2.sig{{{ftpclose}}} | |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| - | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libgpg-error/index.org][Libgpg-error]] | {{{libgpg_error_ver}}} | {{{libgpg_error_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgpg-error/libgpg-error-{{{libgpg_error_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libraries.en.html#lib-libgcrypt][Libgcrypt]] | {{{libgcrypt_ver}}} | {{{libgcrypt_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libgcrypt/libgcrypt-{{{libgcrypt_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libksba/index.org][Libksba]] | {{{libksba_ver}}} | {{{libksba_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libksba/libksba-{{{libksba_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/libassuan/index.org][Libassuan]] | {{{libassuan_ver}}} | {{{libassuan_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/libassuan/libassuan-{{{libassuan_ver}}}.tar.bz2.sig{{{ftpclose}}} | |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| - | Pinentry | {{{pinentry_ver}}} | {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Pinentry | {{{pinentry_ver}}} | {{{pinentry_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/pinentry/pinentry-{{{pinentry_ver}}}.tar.bz2.sig{{{ftpclose}}} | |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| - | [[../related_software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | [[../related_software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | - | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_http_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/gpgme/index.org][GPGME]] | {{{gpgme_ver}}} | {{{gpgme_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpgme/gpgme-{{{gpgme_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | [[../related_software/gpa/index.org][GPA]] | {{{gpa_ver}}} | {{{gpa_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/gpa/gpa-{{{gpa_ver}}}.tar.bz2.sig{{{ftpclose}}} | + | Dirmngr | {{{dirmngr_ver}}} | {{{dirmngr_size}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2{{{ftpclose}}} | {{{ftpopen}}}{{{ftp_loc_base}}}/dirmngr/dirmngr-{{{dirmngr_ver}}}.tar.bz2.sig{{{ftpclose}}} | |---------------+------------------------+-------------------------+---------------------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------| {{{check_sig_note}}} @@ -101,8 +101,8 @@ |---------+--------------------+---------------------------------------------| | | <18> | | | Windows | [[http://gpg4win.org/download.html][Gpg4win]] | Installers for /GnuPG stable/ | - | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG modern/ | - | | {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG classic/ | + | | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32-{{{gnupg21_w32_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG modern/ | + | | {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe{{{ftpclose}}} {{{ftpopen}}}{{{ftp_loc_base}}}/binary/gnupg-w32cli-{{{gnupg1_w32cli_ver}}}.exe.sig{{{ftpcloseS}}} | Simple installer for /GnuPG classic/ | | OS X | [[http://gpgtools.org][Mac GPG]] | Installer from the gpgtools project | | | [[https://sourceforge.net/p/gpgosx/docu/Download/][GnuPG for OS X]] | Installer for /GnuPG modern/ | | Debian | [[https://www.debian.org][Debian site]] | GnuPG stable and classic are part of Debian | diff --git a/web/index.org b/web/index.org index fb7cd8e..3d64108 100644 --- a/web/index.org +++ b/web/index.org @@ -64,6 +64,11 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.1.7 released (2015-08-11) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000371.html][anouncement mail]] for details. + ** GnuPG 2.1.6 released (2015-07-01) A new version of the /modern/ branch of GnuPG has been released. diff --git a/web/people/index.org b/web/people/index.org index 6aa03fb..85ea1ee 100644 --- a/web/people/index.org +++ b/web/people/index.org @@ -120,4 +120,6 @@ #+HTML:

+* COMMENT + # eof diff --git a/web/swdb.mac b/web/swdb.mac index b1bc123..89b34d0 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -5,7 +5,7 @@ # Primary FTP server base directory # #+macro: ftp_base ftp://ftp.gnupg.org/gcrypt -#+macro: ftp_http_base https://gnupg.org/ftp/gcrypt +#+macro: ftp_loc_base /ftp/gcrypt # # GnuPG @@ -18,14 +18,14 @@ # # GnuPG-2.1 # -#+macro: gnupg21_ver 2.1.6 +#+macro: gnupg21_ver 2.1.7 #+macro: gnupg21_branch master -#+macro: gnupg21_size 4802k -#+macro: gnupg21_sha1 9e8157b3386da04760657ce3117fc4dc570c57c5 +#+macro: gnupg21_size 4803k +#+macro: gnupg21_sha1 1a345804f34a2acd05c1555e40ddfa297f38438b # -#+macro: gnupg21_w32_ver 2.1.6_20150701 -#+macro: gnupg21_w32_size 2577k -#+macro: gnupg21_w32_sha1 a8cd2e7ab48abb94c126051df902e3380faf117e +#+macro: gnupg21_w32_ver 2.1.7_20150811 +#+macro: gnupg21_w32_size 2578k +#+macro: gnupg21_w32_sha1 dfea3fa2499f64cac223c9329c9f017bc3da11a5 # ----------------------------------------------------------------------- Summary of changes: web/download/index.org | 26 +++++++++++++------------- web/index.org | 5 +++++ web/people/index.org | 2 ++ web/swdb.mac | 14 +++++++------- 4 files changed, 27 insertions(+), 20 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 11 23:57:05 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Tue, 11 Aug 2015 23:57:05 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-5-g8f28e3c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8f28e3caf95d7bc99e9271bfc2b44080166af31f (commit) from 08086dd6901740e155e4361212b4e9cff8a47296 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8f28e3caf95d7bc99e9271bfc2b44080166af31f Author: Ben Kibbey Date: Mon Aug 10 21:23:02 2015 -0400 Check the return value when starting gpg. * src/engine-gpg.c (gpg_decrypt, gpg_delete, gpg_passwd): Check return value of start(). diff --git a/src/engine-gpg.c b/src/engine-gpg.c index 510dfd9..c3e36ae 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1456,7 +1456,7 @@ gpg_decrypt (void *engine, gpgme_data_t ciph, gpgme_data_t plain) err = add_data (gpg, ciph, -1, 0); if (!err) - start (gpg); + err = start (gpg); return err; } @@ -1479,7 +1479,7 @@ gpg_delete (void *engine, gpgme_key_t key, int allow_secret) } if (!err) - start (gpg); + err = start (gpg); return err; } @@ -1497,7 +1497,7 @@ gpg_passwd (void *engine, gpgme_key_t key, unsigned int flags) if (!err) err = add_arg (gpg, key->subkeys->fpr); if (!err) - start (gpg); + err = start (gpg); return err; } ----------------------------------------------------------------------- Summary of changes: src/engine-gpg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 12 03:27:24 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 12 Aug 2015 03:27:24 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.28-14-g80521c3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 80521c3ff900a09a1b382869783187c463144c77 (commit) from 35d3ced4fda90a5410a579850ca92ea6a356b402 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 80521c3ff900a09a1b382869783187c463144c77 Author: NIIBE Yutaka Date: Wed Aug 12 10:23:40 2015 +0900 g10: fix --card-status creating stub. * g10/getkey.c (get_seckeyblock_byfprint): Require exact match. diff --git a/g10/getkey.c b/g10/getkey.c index 6c14683..476445f 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1414,6 +1414,7 @@ get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint, return G10ERR_GENERAL; /* Oops */ memset (&ctx, 0, sizeof ctx); + ctx.exact = 1 ; ctx.not_allocated = 1; ctx.kr_handle = keydb_new (1); ctx.nitems = 1; ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 12 12:47:46 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Wed, 12 Aug 2015 12:47:46 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-6-ge07d38f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via e07d38f5f9f3b94e403f1265ff7fd3d7009dd557 (commit) from 8f28e3caf95d7bc99e9271bfc2b44080166af31f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e07d38f5f9f3b94e403f1265ff7fd3d7009dd557 Author: Ben Kibbey Date: Wed Aug 12 06:46:43 2015 -0400 Also check the return code in gpg_sign(). * src/engine-gpg.c (gpg_sign): Check return value from start(). diff --git a/src/engine-gpg.c b/src/engine-gpg.c index c3e36ae..d138592 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2364,7 +2364,7 @@ gpg_sign (void *engine, gpgme_data_t in, gpgme_data_t out, err = add_data (gpg, out, 1, 1); if (!err) - start (gpg); + err = start (gpg); return err; } ----------------------------------------------------------------------- Summary of changes: src/engine-gpg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 12 17:19:26 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 12 Aug 2015 17:19:26 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-253-g24ebf53 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 24ebf53f1e8a8afa27dcd768339bda70a740bb03 (commit) via e11895da1f4af9782d89e92ba2e6b1a63235b54b (commit) from 80321eb3a63a20f86734d6eebb3f419c0ec895aa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24ebf53f1e8a8afa27dcd768339bda70a740bb03 Author: Jussi Kivilinna Date: Tue Aug 11 07:22:16 2015 +0300 Simplify OCB offset calculation for parallel implementations * cipher/camellia-glue.c (_gcry_camellia_ocb_crypt) (_gcry_camellia_ocb_auth): Precalculate Ls array always, instead of just if 'blkn % == 0'. * cipher/serpent.c (_gcry_serpent_ocb_crypt) (_gcry_serpent_ocb_auth): Ditto. * cipher/rijndael-aesni.c (get_l): Remove low-bit checks. (aes_ocb_enc, aes_ocb_dec, _gcry_aes_aesni_ocb_auth): Handle leading blocks until block counter is multiple of 4, so that parallel block processing loop can use 'c->u_mode.ocb.L' array directly. * tests/basic.c (check_ocb_cipher_largebuf): Rename to... (check_ocb_cipher_largebuf_split): ...this and add option to process large buffer as two split buffers. (check_ocb_cipher_largebuf): New. -- Patch simplifies source and reduce object size. Signed-off-by: Jussi Kivilinna diff --git a/cipher/camellia-glue.c b/cipher/camellia-glue.c index 2d5dd20..dee0169 100644 --- a/cipher/camellia-glue.c +++ b/cipher/camellia-glue.c @@ -631,58 +631,47 @@ _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, { int did_use_aesni_avx2 = 0; const void *Ls[32]; + unsigned int n = 32 - (blkn % 32); + const void **l; int i; - if (blkn % 32 == 0) + if (nblocks >= 32) { for (i = 0; i < 32; i += 8) { - Ls[i + 0] = c->u_mode.ocb.L[0]; - Ls[i + 1] = c->u_mode.ocb.L[1]; - Ls[i + 2] = c->u_mode.ocb.L[0]; - Ls[i + 3] = c->u_mode.ocb.L[2]; - Ls[i + 4] = c->u_mode.ocb.L[0]; - Ls[i + 5] = c->u_mode.ocb.L[1]; - Ls[i + 6] = c->u_mode.ocb.L[0]; + Ls[(i + 0 + n) % 32] = c->u_mode.ocb.L[0]; + Ls[(i + 1 + n) % 32] = c->u_mode.ocb.L[1]; + Ls[(i + 2 + n) % 32] = c->u_mode.ocb.L[0]; + Ls[(i + 3 + n) % 32] = c->u_mode.ocb.L[2]; + Ls[(i + 4 + n) % 32] = c->u_mode.ocb.L[0]; + Ls[(i + 5 + n) % 32] = c->u_mode.ocb.L[1]; + Ls[(i + 6 + n) % 32] = c->u_mode.ocb.L[0]; } - Ls[7] = c->u_mode.ocb.L[3]; - Ls[15] = c->u_mode.ocb.L[4]; - Ls[23] = c->u_mode.ocb.L[3]; - } + Ls[(7 + n) % 32] = c->u_mode.ocb.L[3]; + Ls[(15 + n) % 32] = c->u_mode.ocb.L[4]; + Ls[(23 + n) % 32] = c->u_mode.ocb.L[3]; + l = &Ls[(31 + n) % 32]; - /* Process data in 32 block chunks. */ - while (nblocks >= 32) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 32 == 0) + /* Process data in 32 block chunks. */ + while (nblocks >= 32) { + /* l_tmp will be used only every 65536-th block. */ blkn += 32; - Ls[31] = ocb_get_l(c, l_tmp, blkn); + *l = ocb_get_l(c, l_tmp, blkn - blkn % 32); + + if (encrypt) + _gcry_camellia_aesni_avx2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + else + _gcry_camellia_aesni_avx2_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + + nblocks -= 32; + outbuf += 32 * CAMELLIA_BLOCK_SIZE; + inbuf += 32 * CAMELLIA_BLOCK_SIZE; + did_use_aesni_avx2 = 1; } - else - { - for (i = 0; i < 32; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } - } - - if (encrypt) - _gcry_camellia_aesni_avx2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - else - _gcry_camellia_aesni_avx2_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - - nblocks -= 32; - outbuf += 32 * CAMELLIA_BLOCK_SIZE; - inbuf += 32 * CAMELLIA_BLOCK_SIZE; - did_use_aesni_avx2 = 1; } if (did_use_aesni_avx2) @@ -703,56 +692,45 @@ _gcry_camellia_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, { int did_use_aesni_avx = 0; const void *Ls[16]; + unsigned int n = 16 - (blkn % 16); + const void **l; int i; - if (blkn % 16 == 0) + if (nblocks >= 16) { for (i = 0; i < 16; i += 8) { - Ls[i + 0] = c->u_mode.ocb.L[0]; - Ls[i + 1] = c->u_mode.ocb.L[1]; - Ls[i + 2] = c->u_mode.ocb.L[0]; - Ls[i + 3] = c->u_mode.ocb.L[2]; - Ls[i + 4] = c->u_mode.ocb.L[0]; - Ls[i + 5] = c->u_mode.ocb.L[1]; - Ls[i + 6] = c->u_mode.ocb.L[0]; + Ls[(i + 0 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 1 + n) % 16] = c->u_mode.ocb.L[1]; + Ls[(i + 2 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 3 + n) % 16] = c->u_mode.ocb.L[2]; + Ls[(i + 4 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 5 + n) % 16] = c->u_mode.ocb.L[1]; + Ls[(i + 6 + n) % 16] = c->u_mode.ocb.L[0]; } - Ls[7] = c->u_mode.ocb.L[3]; - } + Ls[(7 + n) % 16] = c->u_mode.ocb.L[3]; + l = &Ls[(15 + n) % 16]; - /* Process data in 16 block chunks. */ - while (nblocks >= 16) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 16 == 0) + /* Process data in 16 block chunks. */ + while (nblocks >= 16) { + /* l_tmp will be used only every 65536-th block. */ blkn += 16; - Ls[15] = ocb_get_l(c, l_tmp, blkn); + *l = ocb_get_l(c, l_tmp, blkn - blkn % 16); + + if (encrypt) + _gcry_camellia_aesni_avx_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + else + _gcry_camellia_aesni_avx_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + + nblocks -= 16; + outbuf += 16 * CAMELLIA_BLOCK_SIZE; + inbuf += 16 * CAMELLIA_BLOCK_SIZE; + did_use_aesni_avx = 1; } - else - { - for (i = 0; i < 16; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } - } - - if (encrypt) - _gcry_camellia_aesni_avx_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - else - _gcry_camellia_aesni_avx_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - - nblocks -= 16; - outbuf += 16 * CAMELLIA_BLOCK_SIZE; - inbuf += 16 * CAMELLIA_BLOCK_SIZE; - did_use_aesni_avx = 1; } if (did_use_aesni_avx) @@ -803,53 +781,43 @@ _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, { int did_use_aesni_avx2 = 0; const void *Ls[32]; + unsigned int n = 32 - (blkn % 32); + const void **l; int i; - if (blkn % 32 == 0) + if (nblocks >= 32) { for (i = 0; i < 32; i += 8) { - Ls[i + 0] = c->u_mode.ocb.L[0]; - Ls[i + 1] = c->u_mode.ocb.L[1]; - Ls[i + 2] = c->u_mode.ocb.L[0]; - Ls[i + 3] = c->u_mode.ocb.L[2]; - Ls[i + 4] = c->u_mode.ocb.L[0]; - Ls[i + 5] = c->u_mode.ocb.L[1]; - Ls[i + 6] = c->u_mode.ocb.L[0]; + Ls[(i + 0 + n) % 32] = c->u_mode.ocb.L[0]; + Ls[(i + 1 + n) % 32] = c->u_mode.ocb.L[1]; + Ls[(i + 2 + n) % 32] = c->u_mode.ocb.L[0]; + Ls[(i + 3 + n) % 32] = c->u_mode.ocb.L[2]; + Ls[(i + 4 + n) % 32] = c->u_mode.ocb.L[0]; + Ls[(i + 5 + n) % 32] = c->u_mode.ocb.L[1]; + Ls[(i + 6 + n) % 32] = c->u_mode.ocb.L[0]; } - Ls[7] = c->u_mode.ocb.L[3]; - Ls[15] = c->u_mode.ocb.L[4]; - Ls[23] = c->u_mode.ocb.L[3]; - } + Ls[(7 + n) % 32] = c->u_mode.ocb.L[3]; + Ls[(15 + n) % 32] = c->u_mode.ocb.L[4]; + Ls[(23 + n) % 32] = c->u_mode.ocb.L[3]; + l = &Ls[(31 + n) % 32]; - /* Process data in 32 block chunks. */ - while (nblocks >= 32) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 32 == 0) + /* Process data in 32 block chunks. */ + while (nblocks >= 32) { + /* l_tmp will be used only every 65536-th block. */ blkn += 32; - Ls[31] = ocb_get_l(c, l_tmp, blkn); - } - else - { - for (i = 0; i < 32; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } - } + *l = ocb_get_l(c, l_tmp, blkn - blkn % 32); - _gcry_camellia_aesni_avx2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum, Ls); + _gcry_camellia_aesni_avx2_ocb_auth(ctx, abuf, + c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum, Ls); - nblocks -= 32; - abuf += 32 * CAMELLIA_BLOCK_SIZE; - did_use_aesni_avx2 = 1; + nblocks -= 32; + abuf += 32 * CAMELLIA_BLOCK_SIZE; + did_use_aesni_avx2 = 1; + } } if (did_use_aesni_avx2) @@ -870,51 +838,41 @@ _gcry_camellia_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, { int did_use_aesni_avx = 0; const void *Ls[16]; + unsigned int n = 16 - (blkn % 16); + const void **l; int i; - if (blkn % 16 == 0) + if (nblocks >= 16) { for (i = 0; i < 16; i += 8) { - Ls[i + 0] = c->u_mode.ocb.L[0]; - Ls[i + 1] = c->u_mode.ocb.L[1]; - Ls[i + 2] = c->u_mode.ocb.L[0]; - Ls[i + 3] = c->u_mode.ocb.L[2]; - Ls[i + 4] = c->u_mode.ocb.L[0]; - Ls[i + 5] = c->u_mode.ocb.L[1]; - Ls[i + 6] = c->u_mode.ocb.L[0]; + Ls[(i + 0 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 1 + n) % 16] = c->u_mode.ocb.L[1]; + Ls[(i + 2 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 3 + n) % 16] = c->u_mode.ocb.L[2]; + Ls[(i + 4 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 5 + n) % 16] = c->u_mode.ocb.L[1]; + Ls[(i + 6 + n) % 16] = c->u_mode.ocb.L[0]; } - Ls[7] = c->u_mode.ocb.L[3]; - } + Ls[(7 + n) % 16] = c->u_mode.ocb.L[3]; + l = &Ls[(15 + n) % 16]; - /* Process data in 16 block chunks. */ - while (nblocks >= 16) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 16 == 0) + /* Process data in 16 block chunks. */ + while (nblocks >= 16) { + /* l_tmp will be used only every 65536-th block. */ blkn += 16; - Ls[15] = ocb_get_l(c, l_tmp, blkn); - } - else - { - for (i = 0; i < 16; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } - } + *l = ocb_get_l(c, l_tmp, blkn - blkn % 16); - _gcry_camellia_aesni_avx_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum, Ls); + _gcry_camellia_aesni_avx_ocb_auth(ctx, abuf, + c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum, Ls); - nblocks -= 16; - abuf += 16 * CAMELLIA_BLOCK_SIZE; - did_use_aesni_avx = 1; + nblocks -= 16; + abuf += 16 * CAMELLIA_BLOCK_SIZE; + did_use_aesni_avx = 1; + } } if (did_use_aesni_avx) diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 6678785..5c85903 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -1338,11 +1338,7 @@ get_l (gcry_cipher_hd_t c, unsigned char *l_tmp, u64 i, unsigned char *iv, const unsigned char *l; unsigned int ntz; - if (i & 1) - return c->u_mode.ocb.L[0]; - else if (i & 2) - return c->u_mode.ocb.L[1]; - else if (i & 0xffffffffU) + if (i & 0xffffffffU) { asm ("rep;bsf %k[low], %k[ntz]\n\t" : [ntz] "=r" (ntz) @@ -1407,7 +1403,7 @@ aesni_ocb_enc (gcry_cipher_hd_t c, void *outbuf_arg, unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; u64 n = c->u_mode.ocb.data_nblocks; - const unsigned char *l[4] = {}; + const unsigned char *l; aesni_prepare_2_6_variable; aesni_prepare (); @@ -1421,103 +1417,112 @@ aesni_ocb_enc (gcry_cipher_hd_t c, void *outbuf_arg, [ctr] "m" (*c->u_ctr.ctr) : "memory" ); - if (nblocks > 3) + + for ( ;nblocks && n % 4; nblocks-- ) + { + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [inbuf] "m" (*inbuf) + : "memory" ); + + do_aesni_enc (ctx); + + asm volatile ("pxor %%xmm5, %%xmm0\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + + for ( ;nblocks > 3 ; nblocks -= 4 ) { - if (n % 4 == 0) - { - l[0] = c->u_mode.ocb.L[0]; - l[1] = c->u_mode.ocb.L[1]; - l[2] = c->u_mode.ocb.L[0]; - } - - for ( ;nblocks > 3 ; nblocks -= 4 ) - { - /* l_tmp will be used only every 65536-th block. */ - if (n % 4 == 0) - { - n += 4; - l[3] = get_l(c, l_tmp.x1, n, c->u_iv.iv, c->u_ctr.ctr); - } - else - { - l[0] = get_l(c, l_tmp.x1, n + 1, c->u_iv.iv, c->u_ctr.ctr); - l[1] = get_l(c, l_tmp.x1, n + 2, c->u_iv.iv, c->u_ctr.ctr); - l[2] = get_l(c, l_tmp.x1, n + 3, c->u_iv.iv, c->u_ctr.ctr); - l[3] = get_l(c, l_tmp.x1, n + 4, c->u_iv.iv, c->u_ctr.ctr); - n += 4; - } - - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - /* Checksum_i = Checksum_{i-1} xor P_i */ - /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ - asm volatile ("movdqu %[l0], %%xmm0\n\t" - "movdqu %[inbuf0], %%xmm1\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm1, %%xmm6\n\t" - "pxor %%xmm5, %%xmm1\n\t" - "movdqu %%xmm5, %[outbuf0]\n\t" - : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) - : [l0] "m" (*l[0]), - [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l1], %%xmm0\n\t" - "movdqu %[inbuf1], %%xmm2\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm2, %%xmm6\n\t" - "pxor %%xmm5, %%xmm2\n\t" - "movdqu %%xmm5, %[outbuf1]\n\t" - : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) - : [l1] "m" (*l[1]), - [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l2], %%xmm0\n\t" - "movdqu %[inbuf2], %%xmm3\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm3, %%xmm6\n\t" - "pxor %%xmm5, %%xmm3\n\t" - "movdqu %%xmm5, %[outbuf2]\n\t" - : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) - : [l2] "m" (*l[2]), - [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l3], %%xmm0\n\t" - "movdqu %[inbuf3], %%xmm4\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm4, %%xmm6\n\t" - "pxor %%xmm5, %%xmm4\n\t" - : - : [l3] "m" (*l[3]), - [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) - : "memory" ); - - do_aesni_enc_vec4 (ctx); - - asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" - "pxor %%xmm0, %%xmm1\n\t" - "movdqu %%xmm1, %[outbuf0]\n\t" - "movdqu %[outbuf1],%%xmm0\n\t" - "pxor %%xmm0, %%xmm2\n\t" - "movdqu %%xmm2, %[outbuf1]\n\t" - "movdqu %[outbuf2],%%xmm0\n\t" - "pxor %%xmm0, %%xmm3\n\t" - "movdqu %%xmm3, %[outbuf2]\n\t" - "pxor %%xmm5, %%xmm4\n\t" - "movdqu %%xmm4, %[outbuf3]\n\t" - : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), - [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), - [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), - [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) - : - : "memory" ); - - outbuf += 4*BLOCKSIZE; - inbuf += 4*BLOCKSIZE; - } + /* l_tmp will be used only every 65536-th block. */ + n += 4; + l = get_l(c, l_tmp.x1, n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[inbuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm5, %[outbuf0]\n\t" + : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) + : [l0] "m" (*c->u_mode.ocb.L[0]), + [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[inbuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "movdqu %%xmm5, %[outbuf1]\n\t" + : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) + : [l1] "m" (*c->u_mode.ocb.L[1]), + [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[inbuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm5, %[outbuf2]\n\t" + : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) + : [l2] "m" (*c->u_mode.ocb.L[0]), + [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[inbuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm4, %%xmm6\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l), + [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_enc_vec4 (ctx); + + asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" + "pxor %%xmm0, %%xmm1\n\t" + "movdqu %%xmm1, %[outbuf0]\n\t" + "movdqu %[outbuf1],%%xmm0\n\t" + "pxor %%xmm0, %%xmm2\n\t" + "movdqu %%xmm2, %[outbuf1]\n\t" + "movdqu %[outbuf2],%%xmm0\n\t" + "pxor %%xmm0, %%xmm3\n\t" + "movdqu %%xmm3, %[outbuf2]\n\t" + "pxor %%xmm5, %%xmm4\n\t" + "movdqu %%xmm4, %[outbuf3]\n\t" + : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), + [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), + [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), + [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) + : + : "memory" ); + + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; } for ( ;nblocks; nblocks-- ) { - l[0] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ /* Checksum_i = Checksum_{i-1} xor P_i */ @@ -1528,7 +1533,7 @@ aesni_ocb_enc (gcry_cipher_hd_t c, void *outbuf_arg, "pxor %%xmm0, %%xmm6\n\t" "pxor %%xmm5, %%xmm0\n\t" : - : [l] "m" (*l[0]), + : [l] "m" (*l), [inbuf] "m" (*inbuf) : "memory" ); @@ -1568,7 +1573,7 @@ aesni_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; u64 n = c->u_mode.ocb.data_nblocks; - const unsigned char *l[4] = {}; + const unsigned char *l; aesni_prepare_2_6_variable; aesni_prepare (); @@ -1582,103 +1587,111 @@ aesni_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, [ctr] "m" (*c->u_ctr.ctr) : "memory" ); - if (nblocks > 3) + for ( ;nblocks && n % 4; nblocks-- ) + { + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[inbuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [inbuf] "m" (*inbuf) + : "memory" ); + + do_aesni_dec (ctx); + + asm volatile ("pxor %%xmm5, %%xmm0\n\t" + "pxor %%xmm0, %%xmm6\n\t" + "movdqu %%xmm0, %[outbuf]\n\t" + : [outbuf] "=m" (*outbuf) + : + : "memory" ); + + inbuf += BLOCKSIZE; + outbuf += BLOCKSIZE; + } + + for ( ;nblocks > 3 ; nblocks -= 4 ) { - if (n % 4 == 0) - { - l[0] = c->u_mode.ocb.L[0]; - l[1] = c->u_mode.ocb.L[1]; - l[2] = c->u_mode.ocb.L[0]; - } - - for ( ;nblocks > 3 ; nblocks -= 4 ) - { - /* l_tmp will be used only every 65536-th block. */ - if (n % 4 == 0) - { - n += 4; - l[3] = get_l(c, l_tmp.x1, n, c->u_iv.iv, c->u_ctr.ctr); - } - else - { - l[0] = get_l(c, l_tmp.x1, n + 1, c->u_iv.iv, c->u_ctr.ctr); - l[1] = get_l(c, l_tmp.x1, n + 2, c->u_iv.iv, c->u_ctr.ctr); - l[2] = get_l(c, l_tmp.x1, n + 3, c->u_iv.iv, c->u_ctr.ctr); - l[3] = get_l(c, l_tmp.x1, n + 4, c->u_iv.iv, c->u_ctr.ctr); - n += 4; - } - - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ - /* Checksum_i = Checksum_{i-1} xor P_i */ - asm volatile ("movdqu %[l0], %%xmm0\n\t" - "movdqu %[inbuf0], %%xmm1\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm5, %%xmm1\n\t" - "movdqu %%xmm5, %[outbuf0]\n\t" - : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) - : [l0] "m" (*l[0]), - [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l1], %%xmm0\n\t" - "movdqu %[inbuf1], %%xmm2\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm5, %%xmm2\n\t" - "movdqu %%xmm5, %[outbuf1]\n\t" - : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) - : [l1] "m" (*l[1]), - [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l2], %%xmm0\n\t" - "movdqu %[inbuf2], %%xmm3\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm5, %%xmm3\n\t" - "movdqu %%xmm5, %[outbuf2]\n\t" - : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) - : [l2] "m" (*l[2]), - [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l3], %%xmm0\n\t" - "movdqu %[inbuf3], %%xmm4\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm5, %%xmm4\n\t" - : - : [l3] "m" (*l[3]), - [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) - : "memory" ); - - do_aesni_dec_vec4 (ctx); - - asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" - "pxor %%xmm0, %%xmm1\n\t" - "movdqu %%xmm1, %[outbuf0]\n\t" - "movdqu %[outbuf1],%%xmm0\n\t" - "pxor %%xmm0, %%xmm2\n\t" - "movdqu %%xmm2, %[outbuf1]\n\t" - "movdqu %[outbuf2],%%xmm0\n\t" - "pxor %%xmm0, %%xmm3\n\t" - "movdqu %%xmm3, %[outbuf2]\n\t" - "pxor %%xmm5, %%xmm4\n\t" - "movdqu %%xmm4, %[outbuf3]\n\t" - "pxor %%xmm1, %%xmm6\n\t" - "pxor %%xmm2, %%xmm6\n\t" - "pxor %%xmm3, %%xmm6\n\t" - "pxor %%xmm4, %%xmm6\n\t" - : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), - [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), - [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), - [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) - : - : "memory" ); - - outbuf += 4*BLOCKSIZE; - inbuf += 4*BLOCKSIZE; - } + /* l_tmp will be used only every 65536-th block. */ + n += 4; + l = get_l(c, l_tmp.x1, n, c->u_iv.iv, c->u_ctr.ctr); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ + /* Checksum_i = Checksum_{i-1} xor P_i */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[inbuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm5, %[outbuf0]\n\t" + : [outbuf0] "=m" (*(outbuf + 0 * BLOCKSIZE)) + : [l0] "m" (*c->u_mode.ocb.L[0]), + [inbuf0] "m" (*(inbuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[inbuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm2\n\t" + "movdqu %%xmm5, %[outbuf1]\n\t" + : [outbuf1] "=m" (*(outbuf + 1 * BLOCKSIZE)) + : [l1] "m" (*c->u_mode.ocb.L[1]), + [inbuf1] "m" (*(inbuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[inbuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm5, %[outbuf2]\n\t" + : [outbuf2] "=m" (*(outbuf + 2 * BLOCKSIZE)) + : [l2] "m" (*c->u_mode.ocb.L[0]), + [inbuf2] "m" (*(inbuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[inbuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l), + [inbuf3] "m" (*(inbuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_dec_vec4 (ctx); + + asm volatile ("movdqu %[outbuf0],%%xmm0\n\t" + "pxor %%xmm0, %%xmm1\n\t" + "movdqu %%xmm1, %[outbuf0]\n\t" + "movdqu %[outbuf1],%%xmm0\n\t" + "pxor %%xmm0, %%xmm2\n\t" + "movdqu %%xmm2, %[outbuf1]\n\t" + "movdqu %[outbuf2],%%xmm0\n\t" + "pxor %%xmm0, %%xmm3\n\t" + "movdqu %%xmm3, %[outbuf2]\n\t" + "pxor %%xmm5, %%xmm4\n\t" + "movdqu %%xmm4, %[outbuf3]\n\t" + "pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm4, %%xmm6\n\t" + : [outbuf0] "+m" (*(outbuf + 0 * BLOCKSIZE)), + [outbuf1] "+m" (*(outbuf + 1 * BLOCKSIZE)), + [outbuf2] "+m" (*(outbuf + 2 * BLOCKSIZE)), + [outbuf3] "=m" (*(outbuf + 3 * BLOCKSIZE)) + : + : "memory" ); + + outbuf += 4*BLOCKSIZE; + inbuf += 4*BLOCKSIZE; } for ( ;nblocks; nblocks-- ) { - l[0] = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); + l = get_l(c, l_tmp.x1, ++n, c->u_iv.iv, c->u_ctr.ctr); /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ @@ -1688,7 +1701,7 @@ aesni_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, "pxor %%xmm1, %%xmm5\n\t" "pxor %%xmm5, %%xmm0\n\t" : - : [l] "m" (*l[0]), + : [l] "m" (*l), [inbuf] "m" (*inbuf) : "memory" ); @@ -1739,7 +1752,7 @@ _gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, RIJNDAEL_context *ctx = (void *)&c->context.c; const unsigned char *abuf = abuf_arg; u64 n = c->u_mode.ocb.aad_nblocks; - const unsigned char *l[4] = {}; + const unsigned char *l; aesni_prepare_2_6_variable; aesni_prepare (); @@ -1753,90 +1766,91 @@ _gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, [ctr] "m" (*c->u_mode.ocb.aad_sum) : "memory" ); - if (nblocks > 3) + for ( ;nblocks && n % 4; nblocks-- ) + { + l = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + asm volatile ("movdqu %[l], %%xmm1\n\t" + "movdqu %[abuf], %%xmm0\n\t" + "pxor %%xmm1, %%xmm5\n\t" + "pxor %%xmm5, %%xmm0\n\t" + : + : [l] "m" (*l), + [abuf] "m" (*abuf) + : "memory" ); + + do_aesni_enc (ctx); + + asm volatile ("pxor %%xmm0, %%xmm6\n\t" + : + : + : "memory" ); + + abuf += BLOCKSIZE; + } + + for ( ;nblocks > 3 ; nblocks -= 4 ) { - if (n % 4 == 0) - { - l[0] = c->u_mode.ocb.L[0]; - l[1] = c->u_mode.ocb.L[1]; - l[2] = c->u_mode.ocb.L[0]; - } - - for ( ;nblocks > 3 ; nblocks -= 4 ) - { - /* l_tmp will be used only every 65536-th block. */ - if (n % 4 == 0) - { - n += 4; - l[3] = get_l(c, l_tmp.x1, n, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum); - } - else - { - l[0] = get_l(c, l_tmp.x1, n + 1, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum); - l[1] = get_l(c, l_tmp.x1, n + 2, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum); - l[2] = get_l(c, l_tmp.x1, n + 3, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum); - l[3] = get_l(c, l_tmp.x1, n + 4, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum); - n += 4; - } - - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ - asm volatile ("movdqu %[l0], %%xmm0\n\t" - "movdqu %[abuf0], %%xmm1\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm5, %%xmm1\n\t" - : - : [l0] "m" (*l[0]), - [abuf0] "m" (*(abuf + 0 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l1], %%xmm0\n\t" - "movdqu %[abuf1], %%xmm2\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm5, %%xmm2\n\t" - : - : [l1] "m" (*l[1]), - [abuf1] "m" (*(abuf + 1 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l2], %%xmm0\n\t" - "movdqu %[abuf2], %%xmm3\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm5, %%xmm3\n\t" - : - : [l2] "m" (*l[2]), - [abuf2] "m" (*(abuf + 2 * BLOCKSIZE)) - : "memory" ); - asm volatile ("movdqu %[l3], %%xmm0\n\t" - "movdqu %[abuf3], %%xmm4\n\t" - "pxor %%xmm0, %%xmm5\n\t" - "pxor %%xmm5, %%xmm4\n\t" - : - : [l3] "m" (*l[3]), - [abuf3] "m" (*(abuf + 3 * BLOCKSIZE)) - : "memory" ); - - do_aesni_enc_vec4 (ctx); - - asm volatile ("pxor %%xmm1, %%xmm6\n\t" - "pxor %%xmm2, %%xmm6\n\t" - "pxor %%xmm3, %%xmm6\n\t" - "pxor %%xmm4, %%xmm6\n\t" - : - : - : "memory" ); - - abuf += 4*BLOCKSIZE; - } + /* l_tmp will be used only every 65536-th block. */ + n += 4; + l = get_l(c, l_tmp.x1, n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); + + /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ + /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ + asm volatile ("movdqu %[l0], %%xmm0\n\t" + "movdqu %[abuf0], %%xmm1\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm1\n\t" + : + : [l0] "m" (*c->u_mode.ocb.L[0]), + [abuf0] "m" (*(abuf + 0 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l1], %%xmm0\n\t" + "movdqu %[abuf1], %%xmm2\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm2\n\t" + : + : [l1] "m" (*c->u_mode.ocb.L[1]), + [abuf1] "m" (*(abuf + 1 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l2], %%xmm0\n\t" + "movdqu %[abuf2], %%xmm3\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm3\n\t" + : + : [l2] "m" (*c->u_mode.ocb.L[0]), + [abuf2] "m" (*(abuf + 2 * BLOCKSIZE)) + : "memory" ); + asm volatile ("movdqu %[l3], %%xmm0\n\t" + "movdqu %[abuf3], %%xmm4\n\t" + "pxor %%xmm0, %%xmm5\n\t" + "pxor %%xmm5, %%xmm4\n\t" + : + : [l3] "m" (*l), + [abuf3] "m" (*(abuf + 3 * BLOCKSIZE)) + : "memory" ); + + do_aesni_enc_vec4 (ctx); + + asm volatile ("pxor %%xmm1, %%xmm6\n\t" + "pxor %%xmm2, %%xmm6\n\t" + "pxor %%xmm3, %%xmm6\n\t" + "pxor %%xmm4, %%xmm6\n\t" + : + : + : "memory" ); + + abuf += 4*BLOCKSIZE; } for ( ;nblocks; nblocks-- ) { - l[0] = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum); + l = get_l(c, l_tmp.x1, ++n, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum); /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ @@ -1845,7 +1859,7 @@ _gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, "pxor %%xmm1, %%xmm5\n\t" "pxor %%xmm5, %%xmm0\n\t" : - : [l] "m" (*l[0]), + : [l] "m" (*l), [abuf] "m" (*abuf) : "memory" ); diff --git a/cipher/serpent.c b/cipher/serpent.c index a47a1b7..fc3afa6 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -1250,56 +1250,45 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, { int did_use_avx2 = 0; const void *Ls[16]; + unsigned int n = 16 - (blkn % 16); + const void **l; int i; - if (blkn % 16 == 0) + if (nblocks >= 16) { for (i = 0; i < 16; i += 8) { - Ls[i + 0] = c->u_mode.ocb.L[0]; - Ls[i + 1] = c->u_mode.ocb.L[1]; - Ls[i + 2] = c->u_mode.ocb.L[0]; - Ls[i + 3] = c->u_mode.ocb.L[2]; - Ls[i + 4] = c->u_mode.ocb.L[0]; - Ls[i + 5] = c->u_mode.ocb.L[1]; - Ls[i + 6] = c->u_mode.ocb.L[0]; + Ls[(i + 0 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 1 + n) % 16] = c->u_mode.ocb.L[1]; + Ls[(i + 2 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 3 + n) % 16] = c->u_mode.ocb.L[2]; + Ls[(i + 4 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 5 + n) % 16] = c->u_mode.ocb.L[1]; + Ls[(i + 6 + n) % 16] = c->u_mode.ocb.L[0]; } - Ls[7] = c->u_mode.ocb.L[3]; - } + Ls[(7 + n) % 16] = c->u_mode.ocb.L[3]; + l = &Ls[(15 + n) % 16]; - /* Process data in 16 block chunks. */ - while (nblocks >= 16) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 16 == 0) + /* Process data in 16 block chunks. */ + while (nblocks >= 16) { + /* l_tmp will be used only every 65536-th block. */ blkn += 16; - Ls[15] = ocb_get_l(c, l_tmp, blkn); + *l = ocb_get_l(c, l_tmp, blkn - blkn % 16); + + if (encrypt) + _gcry_serpent_avx2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + else + _gcry_serpent_avx2_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + + nblocks -= 16; + outbuf += 16 * sizeof(serpent_block_t); + inbuf += 16 * sizeof(serpent_block_t); + did_use_avx2 = 1; } - else - { - for (i = 0; i < 16; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } - } - - if (encrypt) - _gcry_serpent_avx2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - else - _gcry_serpent_avx2_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - - nblocks -= 16; - outbuf += 16 * sizeof(serpent_block_t); - inbuf += 16 * sizeof(serpent_block_t); - did_use_avx2 = 1; } if (did_use_avx2) @@ -1317,51 +1306,39 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, { int did_use_sse2 = 0; const void *Ls[8]; - int i; + unsigned int n = 8 - (blkn % 8); + const void **l; - if (blkn % 8 == 0) + if (nblocks >= 8) { - Ls[0] = c->u_mode.ocb.L[0]; - Ls[1] = c->u_mode.ocb.L[1]; - Ls[2] = c->u_mode.ocb.L[0]; - Ls[3] = c->u_mode.ocb.L[2]; - Ls[4] = c->u_mode.ocb.L[0]; - Ls[5] = c->u_mode.ocb.L[1]; - Ls[6] = c->u_mode.ocb.L[0]; - } - - /* Process data in 8 block chunks. */ - while (nblocks >= 8) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 8 == 0) + Ls[(0 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(1 + n) % 8] = c->u_mode.ocb.L[1]; + Ls[(2 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(3 + n) % 8] = c->u_mode.ocb.L[2]; + Ls[(4 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(5 + n) % 8] = c->u_mode.ocb.L[1]; + Ls[(6 + n) % 8] = c->u_mode.ocb.L[0]; + l = &Ls[(7 + n) % 8]; + + /* Process data in 8 block chunks. */ + while (nblocks >= 8) { + /* l_tmp will be used only every 65536-th block. */ blkn += 8; - Ls[7] = ocb_get_l(c, l_tmp, blkn); - } - else - { - for (i = 0; i < 8; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } + *l = ocb_get_l(c, l_tmp, blkn - blkn % 8); + + if (encrypt) + _gcry_serpent_sse2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + else + _gcry_serpent_sse2_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + + nblocks -= 8; + outbuf += 8 * sizeof(serpent_block_t); + inbuf += 8 * sizeof(serpent_block_t); + did_use_sse2 = 1; } - - if (encrypt) - _gcry_serpent_sse2_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - else - _gcry_serpent_sse2_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - - nblocks -= 8; - outbuf += 8 * sizeof(serpent_block_t); - inbuf += 8 * sizeof(serpent_block_t); - did_use_sse2 = 1; } if (did_use_sse2) @@ -1380,51 +1357,39 @@ _gcry_serpent_ocb_crypt (gcry_cipher_hd_t c, void *outbuf_arg, { int did_use_neon = 0; const void *Ls[8]; - int i; + unsigned int n = 8 - (blkn % 8); + const void **l; - if (blkn % 8 == 0) + if (nblocks >= 8) { - Ls[0] = c->u_mode.ocb.L[0]; - Ls[1] = c->u_mode.ocb.L[1]; - Ls[2] = c->u_mode.ocb.L[0]; - Ls[3] = c->u_mode.ocb.L[2]; - Ls[4] = c->u_mode.ocb.L[0]; - Ls[5] = c->u_mode.ocb.L[1]; - Ls[6] = c->u_mode.ocb.L[0]; - } - - /* Process data in 8 block chunks. */ - while (nblocks >= 8) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 8 == 0) + Ls[(0 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(1 + n) % 8] = c->u_mode.ocb.L[1]; + Ls[(2 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(3 + n) % 8] = c->u_mode.ocb.L[2]; + Ls[(4 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(5 + n) % 8] = c->u_mode.ocb.L[1]; + Ls[(6 + n) % 8] = c->u_mode.ocb.L[0]; + l = &Ls[(7 + n) % 8]; + + /* Process data in 8 block chunks. */ + while (nblocks >= 8) { + /* l_tmp will be used only every 65536-th block. */ blkn += 8; - Ls[7] = ocb_get_l(c, l_tmp, blkn); - } - else - { - for (i = 0; i < 8; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } + *l = ocb_get_l(c, l_tmp, blkn - blkn % 8); + + if (encrypt) + _gcry_serpent_neon_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + else + _gcry_serpent_neon_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, + c->u_ctr.ctr, Ls); + + nblocks -= 8; + outbuf += 8 * sizeof(serpent_block_t); + inbuf += 8 * sizeof(serpent_block_t); + did_use_neon = 1; } - - if (encrypt) - _gcry_serpent_neon_ocb_enc(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - else - _gcry_serpent_neon_ocb_dec(ctx, outbuf, inbuf, c->u_iv.iv, - c->u_ctr.ctr, Ls); - - nblocks -= 8; - outbuf += 8 * sizeof(serpent_block_t); - inbuf += 8 * sizeof(serpent_block_t); - did_use_neon = 1; } if (did_use_neon) @@ -1471,51 +1436,40 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, { int did_use_avx2 = 0; const void *Ls[16]; + unsigned int n = 16 - (blkn % 16); + const void **l; int i; - if (blkn % 16 == 0) + if (nblocks >= 16) { for (i = 0; i < 16; i += 8) { - Ls[i + 0] = c->u_mode.ocb.L[0]; - Ls[i + 1] = c->u_mode.ocb.L[1]; - Ls[i + 2] = c->u_mode.ocb.L[0]; - Ls[i + 3] = c->u_mode.ocb.L[2]; - Ls[i + 4] = c->u_mode.ocb.L[0]; - Ls[i + 5] = c->u_mode.ocb.L[1]; - Ls[i + 6] = c->u_mode.ocb.L[0]; + Ls[(i + 0 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 1 + n) % 16] = c->u_mode.ocb.L[1]; + Ls[(i + 2 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 3 + n) % 16] = c->u_mode.ocb.L[2]; + Ls[(i + 4 + n) % 16] = c->u_mode.ocb.L[0]; + Ls[(i + 5 + n) % 16] = c->u_mode.ocb.L[1]; + Ls[(i + 6 + n) % 16] = c->u_mode.ocb.L[0]; } - Ls[7] = c->u_mode.ocb.L[3]; - } + Ls[(7 + n) % 16] = c->u_mode.ocb.L[3]; + l = &Ls[(15 + n) % 16]; - /* Process data in 16 block chunks. */ - while (nblocks >= 16) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 16 == 0) + /* Process data in 16 block chunks. */ + while (nblocks >= 16) { + /* l_tmp will be used only every 65536-th block. */ blkn += 16; - Ls[15] = ocb_get_l(c, l_tmp, blkn); - } - else - { - for (i = 0; i < 16; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } - } + *l = ocb_get_l(c, l_tmp, blkn - blkn % 16); - _gcry_serpent_avx2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum, Ls); + _gcry_serpent_avx2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum, Ls); - nblocks -= 16; - abuf += 16 * sizeof(serpent_block_t); - did_use_avx2 = 1; + nblocks -= 16; + abuf += 16 * sizeof(serpent_block_t); + did_use_avx2 = 1; + } } if (did_use_avx2) @@ -1533,46 +1487,34 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, { int did_use_sse2 = 0; const void *Ls[8]; - int i; + unsigned int n = 8 - (blkn % 8); + const void **l; - if (blkn % 8 == 0) + if (nblocks >= 8) { - Ls[0] = c->u_mode.ocb.L[0]; - Ls[1] = c->u_mode.ocb.L[1]; - Ls[2] = c->u_mode.ocb.L[0]; - Ls[3] = c->u_mode.ocb.L[2]; - Ls[4] = c->u_mode.ocb.L[0]; - Ls[5] = c->u_mode.ocb.L[1]; - Ls[6] = c->u_mode.ocb.L[0]; - } - - /* Process data in 8 block chunks. */ - while (nblocks >= 8) - { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 8 == 0) + Ls[(0 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(1 + n) % 8] = c->u_mode.ocb.L[1]; + Ls[(2 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(3 + n) % 8] = c->u_mode.ocb.L[2]; + Ls[(4 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(5 + n) % 8] = c->u_mode.ocb.L[1]; + Ls[(6 + n) % 8] = c->u_mode.ocb.L[0]; + l = &Ls[(7 + n) % 8]; + + /* Process data in 8 block chunks. */ + while (nblocks >= 8) { + /* l_tmp will be used only every 65536-th block. */ blkn += 8; - Ls[7] = ocb_get_l(c, l_tmp, blkn); - } - else - { - for (i = 0; i < 8; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } - } + *l = ocb_get_l(c, l_tmp, blkn - blkn % 8); - _gcry_serpent_sse2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum, Ls); + _gcry_serpent_sse2_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum, Ls); - nblocks -= 8; - abuf += 8 * sizeof(serpent_block_t); - did_use_sse2 = 1; + nblocks -= 8; + abuf += 8 * sizeof(serpent_block_t); + did_use_sse2 = 1; + } } if (did_use_sse2) @@ -1591,46 +1533,34 @@ _gcry_serpent_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, { int did_use_neon = 0; const void *Ls[8]; - int i; - - if (blkn % 8 == 0) - { - Ls[0] = c->u_mode.ocb.L[0]; - Ls[1] = c->u_mode.ocb.L[1]; - Ls[2] = c->u_mode.ocb.L[0]; - Ls[3] = c->u_mode.ocb.L[2]; - Ls[4] = c->u_mode.ocb.L[0]; - Ls[5] = c->u_mode.ocb.L[1]; - Ls[6] = c->u_mode.ocb.L[0]; - } + unsigned int n = 8 - (blkn % 8); + const void **l; - /* Process data in 8 block chunks. */ - while (nblocks >= 8) + if (nblocks >= 8) { - /* l_tmp will be used only every 65536-th block. */ - if (blkn % 8 == 0) + Ls[(0 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(1 + n) % 8] = c->u_mode.ocb.L[1]; + Ls[(2 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(3 + n) % 8] = c->u_mode.ocb.L[2]; + Ls[(4 + n) % 8] = c->u_mode.ocb.L[0]; + Ls[(5 + n) % 8] = c->u_mode.ocb.L[1]; + Ls[(6 + n) % 8] = c->u_mode.ocb.L[0]; + l = &Ls[(7 + n) % 8]; + + /* Process data in 8 block chunks. */ + while (nblocks >= 8) { + /* l_tmp will be used only every 65536-th block. */ blkn += 8; - Ls[7] = ocb_get_l(c, l_tmp, blkn); - } - else - { - for (i = 0; i < 8; i += 4) - { - Ls[i + 0] = ocb_get_l(c, l_tmp, blkn + 1); - Ls[i + 1] = ocb_get_l(c, l_tmp, blkn + 2); - Ls[i + 2] = ocb_get_l(c, l_tmp, blkn + 3); - Ls[i + 3] = ocb_get_l(c, l_tmp, blkn + 4); - blkn += 4; - } - } + *l = ocb_get_l(c, l_tmp, blkn - blkn % 8); - _gcry_serpent_neon_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, - c->u_mode.ocb.aad_sum, Ls); + _gcry_serpent_neon_ocb_auth(ctx, abuf, c->u_mode.ocb.aad_offset, + c->u_mode.ocb.aad_sum, Ls); - nblocks -= 8; - abuf += 8 * sizeof(serpent_block_t); - did_use_neon = 1; + nblocks -= 8; + abuf += 8 * sizeof(serpent_block_t); + did_use_neon = 1; + } } if (did_use_neon) diff --git a/tests/basic.c b/tests/basic.c index c1aa76a..4ea91a9 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -3153,7 +3153,8 @@ do_check_ocb_cipher (int inplace) static void -check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect) +check_ocb_cipher_largebuf_split (int algo, int keylen, const char *tagexpect, + unsigned int splitpos) { static const unsigned char key[32] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F" @@ -3219,7 +3220,14 @@ check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect) goto out_free; } - err = gcry_cipher_authenticate (hde, inbuf, buflen); + if (splitpos) + { + err = gcry_cipher_authenticate (hde, inbuf, splitpos); + } + if (!err) + { + err = gcry_cipher_authenticate (hde, inbuf + splitpos, buflen - splitpos); + } if (err) { fail ("cipher-ocb, gcry_cipher_authenticate failed (large, algo %d): %s\n", @@ -3229,10 +3237,18 @@ check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect) goto out_free; } - err = gcry_cipher_final (hde); + if (splitpos) + { + err = gcry_cipher_encrypt (hde, outbuf, splitpos, inbuf, splitpos); + } if (!err) { - err = gcry_cipher_encrypt (hde, outbuf, buflen, inbuf, buflen); + err = gcry_cipher_final (hde); + if (!err) + { + err = gcry_cipher_encrypt (hde, outbuf + splitpos, buflen - splitpos, + inbuf + splitpos, buflen - splitpos); + } } if (err) { @@ -3267,10 +3283,18 @@ check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect) } /* Now for the decryption. */ - err = gcry_cipher_final (hdd); + if (splitpos) + { + err = gcry_cipher_decrypt (hdd, outbuf, splitpos, NULL, 0); + } if (!err) { - err = gcry_cipher_decrypt (hdd, outbuf, buflen, NULL, 0); + err = gcry_cipher_final (hdd); + if (!err) + { + err = gcry_cipher_decrypt (hdd, outbuf + splitpos, buflen - splitpos, + NULL, 0); + } } if (err) { @@ -3319,6 +3343,18 @@ out_free: static void +check_ocb_cipher_largebuf (int algo, int keylen, const char *tagexpect) +{ + unsigned int split; + + for (split = 0; split < 32 * 16; split = split * 2 + 16) + { + check_ocb_cipher_largebuf_split(algo, keylen, tagexpect, split); + } +} + + +static void check_ocb_cipher (void) { /* Check OCB cipher with separate destination and source buffers for commit e11895da1f4af9782d89e92ba2e6b1a63235b54b Author: Jussi Kivilinna Date: Mon Aug 10 20:48:02 2015 +0300 Add carryless 8-bit addition fast-path for AES-NI CTR mode * cipher/rijndael-aesni.c (do_aesni_ctr_4): Do addition using CTR in big-endian form, if least-significant byte does not overflow. -- Patch improves AES-NI CTR speed by 20%. Benchmark on Intel Haswell (3.2 Ghz): Before: AES | nanosecs/byte mebibytes/sec cycles/byte CTR enc | 0.273 ns/B 3489.8 MiB/s 0.875 c/B CTR dec | 0.273 ns/B 3491.0 MiB/s 0.874 c/B After: CTR enc | 0.228 ns/B 4190.0 MiB/s 0.729 c/B CTR dec | 0.228 ns/B 4190.2 MiB/s 0.729 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 882cc79..6678785 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -787,6 +787,13 @@ static void do_aesni_ctr_4 (const RIJNDAEL_context *ctx, unsigned char *ctr, unsigned char *b, const unsigned char *a) { + static const byte bige_addb_const[4][16] __attribute__ ((aligned (16))) = + { + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }, + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2 }, + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3 }, + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4 } + }; #define aesenc_xmm1_xmm0 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xc1\n\t" #define aesenc_xmm1_xmm2 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xd1\n\t" #define aesenc_xmm1_xmm3 ".byte 0x66, 0x0f, 0x38, 0xdc, 0xd9\n\t" @@ -807,7 +814,25 @@ do_aesni_ctr_4 (const RIJNDAEL_context *ctx, xmm6 endian swapping mask */ - asm volatile ("movdqa %%xmm5, %%xmm0\n\t" /* xmm0, xmm2 := CTR (xmm5) */ + asm volatile (/* detect if 8-bit carry handling is needed */ + "cmpb $0xfb, 15(%[ctr])\n\t" + "ja .Ladd32bit%=\n\t" + + "movdqa %%xmm5, %%xmm0\n\t" /* xmm0 := CTR (xmm5) */ + "movdqa %[addb_1], %%xmm2\n\t" /* xmm2 := be(1) */ + "movdqa %[addb_2], %%xmm3\n\t" /* xmm3 := be(2) */ + "movdqa %[addb_3], %%xmm4\n\t" /* xmm4 := be(3) */ + "movdqa %[addb_4], %%xmm5\n\t" /* xmm5 := be(4) */ + "paddb %%xmm0, %%xmm2\n\t" /* xmm2 := be(1) + CTR (xmm0) */ + "paddb %%xmm0, %%xmm3\n\t" /* xmm3 := be(2) + CTR (xmm0) */ + "paddb %%xmm0, %%xmm4\n\t" /* xmm4 := be(3) + CTR (xmm0) */ + "paddb %%xmm0, %%xmm5\n\t" /* xmm5 := be(4) + CTR (xmm0) */ + "movdqa (%[key]), %%xmm1\n\t" /* xmm1 := key[0] */ + "movl %[rounds], %%esi\n\t" + "jmp .Lstore_ctr%=\n\t" + + ".Ladd32bit%=:\n\t" + "movdqa %%xmm5, %%xmm0\n\t" /* xmm0, xmm2 := CTR (xmm5) */ "movdqa %%xmm0, %%xmm2\n\t" "pcmpeqd %%xmm1, %%xmm1\n\t" "psrldq $8, %%xmm1\n\t" /* xmm1 = -1 */ @@ -852,6 +877,8 @@ do_aesni_ctr_4 (const RIJNDAEL_context *ctx, "pshufb %%xmm6, %%xmm3\n\t" /* xmm3 := be(xmm3) */ "pshufb %%xmm6, %%xmm4\n\t" /* xmm4 := be(xmm4) */ "pshufb %%xmm6, %%xmm5\n\t" /* xmm5 := be(xmm5) */ + + ".Lstore_ctr%=:\n\t" "movdqa %%xmm5, (%[ctr])\n\t" /* Update CTR (mem). */ "pxor %%xmm1, %%xmm0\n\t" /* xmm0 ^= key[0] */ @@ -956,7 +983,11 @@ do_aesni_ctr_4 (const RIJNDAEL_context *ctx, [src] "r" (a), [dst] "r" (b), [key] "r" (ctx->keyschenc), - [rounds] "g" (ctx->rounds) + [rounds] "g" (ctx->rounds), + [addb_1] "m" (bige_addb_const[0][0]), + [addb_2] "m" (bige_addb_const[1][0]), + [addb_3] "m" (bige_addb_const[2][0]), + [addb_4] "m" (bige_addb_const[3][0]) : "%esi", "cc", "memory"); #undef aesenc_xmm1_xmm0 #undef aesenc_xmm1_xmm2 ----------------------------------------------------------------------- Summary of changes: cipher/camellia-glue.c | 254 +++++++++----------- cipher/rijndael-aesni.c | 597 ++++++++++++++++++++++++++---------------------- cipher/serpent.c | 370 ++++++++++++------------------ tests/basic.c | 48 +++- 4 files changed, 619 insertions(+), 650 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 12 17:33:05 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 12 Aug 2015 17:33:05 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-254-g48822ae Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 48822ae0b436bcea0fe92dbf0d88475ba3179320 (commit) from 24ebf53f1e8a8afa27dcd768339bda70a740bb03 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 48822ae0b436bcea0fe92dbf0d88475ba3179320 Author: Jussi Kivilinna Date: Wed Aug 12 18:17:01 2015 +0300 Keccak: Fix array indexes in ? step * cipher/keccak.c (keccak_f1600_state_permute): Fix indexes for D[5]. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/keccak.c b/cipher/keccak.c index 4ca8dbd..4a9c1f2 100644 --- a/cipher/keccak.c +++ b/cipher/keccak.c @@ -100,8 +100,8 @@ static unsigned int keccak_f1600_state_permute(KECCAK_STATE *hd) D[0] = C[4] ^ rol64(C[1], 1); D[1] = C[0] ^ rol64(C[2], 1); D[2] = C[1] ^ rol64(C[3], 1); - D[4] = C[2] ^ rol64(C[4], 1); - D[5] = C[3] ^ rol64(C[0], 1); + D[3] = C[2] ^ rol64(C[4], 1); + D[4] = C[3] ^ rol64(C[0], 1); /* Add the ? effect to the whole column */ hd->state[0][0] ^= D[0]; @@ -125,18 +125,18 @@ static unsigned int keccak_f1600_state_permute(KECCAK_STATE *hd) hd->state[4][2] ^= D[2]; /* Add the ? effect to the whole column */ - hd->state[0][3] ^= D[4]; - hd->state[1][3] ^= D[4]; - hd->state[2][3] ^= D[4]; - hd->state[3][3] ^= D[4]; - hd->state[4][3] ^= D[4]; + hd->state[0][3] ^= D[3]; + hd->state[1][3] ^= D[3]; + hd->state[2][3] ^= D[3]; + hd->state[3][3] ^= D[3]; + hd->state[4][3] ^= D[3]; /* Add the ? effect to the whole column */ - hd->state[0][4] ^= D[5]; - hd->state[1][4] ^= D[5]; - hd->state[2][4] ^= D[5]; - hd->state[3][4] ^= D[5]; - hd->state[4][4] ^= D[5]; + hd->state[0][4] ^= D[4]; + hd->state[1][4] ^= D[4]; + hd->state[2][4] ^= D[4]; + hd->state[3][4] ^= D[4]; + hd->state[4][4] ^= D[4]; } { ----------------------------------------------------------------------- Summary of changes: cipher/keccak.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sat Aug 15 03:25:30 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sat, 15 Aug 2015 03:25:30 +0200 Subject: [git] GPGME - branch, passphrase-inquire, created. gpgme-1.5.5-10-gaa89252 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, passphrase-inquire has been created at aa89252256fc87d637d3793a1fabdbee207967a4 (commit) - Log ----------------------------------------------------------------- commit aa89252256fc87d637d3793a1fabdbee207967a4 Merge: 2fe9ffe e07d38f Author: Ben Kibbey Date: Fri Aug 14 20:56:14 2015 -0400 Merge branch 'master' into passphrase-inquire diff --cc src/gpgme.def index ab1f643,cf167b4..a3f5fb4 --- a/src/gpgme.def +++ b/src/gpgme.def @@@ -218,7 -218,7 +218,10 @@@ EXPORT gpgme_op_spawn_start @163 gpgme_op_spawn @164 - gpgme_set_status_cb @165 - gpgme_get_status_cb @166 + gpgme_set_offline @165 + gpgme_get_offline @166 ++ ++ gpgme_set_status_cb @167 ++ gpgme_get_status_cb @168 ; END diff --cc src/libgpgme.vers index decfc8a,fc2920f..6687571 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@@ -93,8 -93,8 +93,11 @@@ GPGME_1.1 gpgme_op_spawn_start; gpgme_op_spawn; + gpgme_set_offline; + gpgme_get_offline; ++ + gpgme_set_status_cb; + gpgme_get_status_cb; }; ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sat Aug 15 03:26:39 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sat, 15 Aug 2015 03:26:39 +0200 Subject: [git] GPGME - branch, bjk/passphrase-inquire, updated. gpgme-1.5.5-10-gaa89252 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, bjk/passphrase-inquire has been updated via aa89252256fc87d637d3793a1fabdbee207967a4 (commit) via e07d38f5f9f3b94e403f1265ff7fd3d7009dd557 (commit) via 8f28e3caf95d7bc99e9271bfc2b44080166af31f (commit) via 08086dd6901740e155e4361212b4e9cff8a47296 (commit) via 157c8be183153ff588f98874a3205aa483d0fd23 (commit) via c23f8897105ce2bb6e62d9c44ca0779fcc08a919 (commit) via a5d9e018b8826e97c9fcc548c8e9e797bbc8d6db (commit) via 052a9e3c5671d1ab69551f7b0abd0bbf859d4aba (commit) via ddbd54ef881bd2c3481d62b89bef7241667b64ee (commit) via 7addffc0826e7f36afcc7f66268e9ee2a37e2042 (commit) via 8b9f84828cd04a7dab37e219123edc1905da8e6b (commit) via a5b040cc57c65b3d105666b90c7eb59ee6ff3882 (commit) via 87d713ff41454bd08a345c63605f6fc7ac854dd4 (commit) via 0d28a696163677d6b34a802b6beddecd805d0fc7 (commit) from 2fe9ffe0205ef44ad7318bd92474051c6176bcc4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 +- NEWS | 12 +++++++- build-aux/git-hooks/commit-msg | 6 ++++ configure.ac | 2 +- doc/gpgme.texi | 33 +++++++++++++++++++++ src/context.h | 3 ++ src/debug.c | 19 +++++++++--- src/debug.h | 63 +++++++++++++++++++--------------------- src/engine-backend.h | 6 ++-- src/engine-gpg.c | 13 +++++---- src/engine-gpgsm.c | 61 ++++++++++++++++++++++++++------------ src/engine.c | 10 ++++--- src/engine.h | 9 ++++-- src/gpgme-tool.c | 27 ++++++++++++++--- src/gpgme.c | 24 +++++++++++++++ src/gpgme.def | 7 +++-- src/gpgme.h.in | 6 ++++ src/keylist.c | 13 +++++++-- src/libgpgme.vers | 3 ++ src/verify.c | 7 +++++ tests/Makefile.am | 2 +- tests/gpg/Makefile.am | 23 ++++++++++----- tests/gpg/final.test | 2 +- tests/gpg/initial.test | 2 +- tests/gpgsm/Makefile.am | 20 +++++++++---- tests/gpgsm/final.test | 5 ++++ tests/gpgsm/initial.test | 4 +++ tests/run-keylist.c | 18 +++++++++++- tests/{gpg => }/start-stop-agent | 0 29 files changed, 304 insertions(+), 98 deletions(-) create mode 100755 tests/gpgsm/final.test create mode 100755 tests/gpgsm/initial.test rename tests/{gpg => }/start-stop-agent (100%) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 16 00:25:24 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sun, 16 Aug 2015 00:25:24 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-3-gf126ca6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f126ca61565922b3b938c3486614b9bd7e6e454c (commit) via 233b5fedabd80a34452e748132e65b5944310428 (commit) from 0675a3bd45b309f9a1fc27b86538f22afde7b3fc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f126ca61565922b3b938c3486614b9bd7e6e454c Author: Ben Kibbey Date: Thu Apr 16 21:00:30 2015 -0400 Inform a user about inquire length limit. * common/status.h (INQUIRE_MAXLEN): New. * g10/call-agent.c (default_inquire_cb): Send STATUS_INQUIRE_MAXLEN. client when inquiring a passphrase over pinentry-loopback. -- This is to inform a user about the maximum length of a passphrase. The limit is the same that gpg-agent uses. diff --git a/common/status.h b/common/status.h index 9219bf4..3c78eda 100644 --- a/common/status.h +++ b/common/status.h @@ -125,7 +125,9 @@ enum STATUS_PINENTRY_LAUNCHED, STATUS_ERROR, - STATUS_SUCCESS + STATUS_SUCCESS, + + STATUS_INQUIRE_MAXLEN, }; diff --git a/g10/call-agent.c b/g10/call-agent.c index 0df572a..326eb82 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -177,11 +177,15 @@ default_inq_cb (void *opaque, const char *line) else { char *pw; + char buf[32]; if (parm->keyinfo.keyid) emit_status_need_passphrase (parm->keyinfo.keyid, parm->keyinfo.mainkeyid, parm->keyinfo.pubkey_algo); + + snprintf (buf, sizeof (buf), "%u", 100); + write_status_text (STATUS_INQUIRE_MAXLEN, buf); pw = cpr_get_hidden ("passphrase.enter", _("Enter passphrase: ")); cpr_kill_prompt (); if (*pw == CONTROL_D && !pw[1]) commit 233b5fedabd80a34452e748132e65b5944310428 Author: Ben Kibbey Date: Tue Apr 14 18:48:57 2015 -0400 Allow --gen-key to inquire a passphrase. * g10/gpg.c (main): test for --command-fd during --gen-key parse. When --command-fd is set then imply --batch to let gpg inquire a passphrase rather than requiring a pinentry. diff --git a/g10/gpg.c b/g10/gpg.c index 10d8c20..0b3e924 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3930,9 +3930,18 @@ main (int argc, char **argv) generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0); } else { - if( argc ) - wrong_args("--gen-key"); - generate_keypair (ctrl, 0, NULL, NULL, 0); + if (opt.command_fd != -1 && argc) + { + if( argc > 1 ) + wrong_args("--gen-key [parameterfile]"); + + opt.batch = 1; + generate_keypair (ctrl, 0, argc? *argv : NULL, NULL, 0); + } + else if (argc) + wrong_args ("--gen-key"); + else + generate_keypair (ctrl, 0, NULL, NULL, 0); } break; ----------------------------------------------------------------------- Summary of changes: common/status.h | 4 +++- g10/call-agent.c | 4 ++++ g10/gpg.c | 15 ++++++++++++--- 3 files changed, 19 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 16 00:25:48 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sun, 16 Aug 2015 00:25:48 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-10-g70b3e59 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 70b3e5964ea0592bd09d1877d720b2c63f501970 (commit) via 6dd24c3c6133ec54f75abd056191a8027fe01de0 (commit) via 4fadcf06ec8b0ebfb05c7622dbc3b73fd3c1bad9 (commit) via 2b6ae3dadf4432f7a72fd119144b835f7b1adcc4 (commit) from e07d38f5f9f3b94e403f1265ff7fd3d7009dd557 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 70b3e5964ea0592bd09d1877d720b2c63f501970 Author: Ben Kibbey Date: Sat Aug 15 16:58:04 2015 -0400 Fix gpgme_{get,set}_status_cb to match documentation. * doc/gpgme.texi: Minor fixes. * src/gpgme.c (gpgme_get_status_cb): Set return variables to NULL and check for a valid ctx pointer. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index bce6aef..010b914 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -2690,8 +2690,6 @@ a status message callback function. The argument @var{keyword} is the name of the status message while the @var{args} argument contains any arguments for the status message. -The status message may have come from gpg or libgpgme. - If an error occurs, return the corresponding @code{gpgme_error_t} value. Otherwise, return @code{0}. @end deftp @@ -2699,9 +2697,9 @@ value. Otherwise, return @code{0}. @deftypefun void gpgme_set_status_cb (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_status_cb_t @var{statusfunc}}, @w{void *@var{hook_value}}) The function @code{gpgme_set_status_cb} sets the function that is used when a status message is received from gpg to @var{statusfunc}. The function - at var{statusfunc} needs to implemented by the user, and whenever it is called, -it is called with its first argument being @var{hook_value}. By default, no -status message callback function is set. + at var{statusfunc} needs to be implemented by the user, and whenever it is +called, it is called with its first argument being @var{hook_value}. By +default, no status message callback function is set. The user can disable the use of a status message callback function by calling @code{gpgme_set_status_cb} with @var{statusfunc} being @code{NULL}. @@ -2713,9 +2711,6 @@ process status messages from gpg in @var{*statusfunc}, and the first argument for this function in @var{*hook_value}. If no status message callback is set, or @var{ctx} is not a valid pointer, @code{NULL} is returned in both variables. - - at var{statusfunc} or @var{hook_value} can be @code{NULL}. In this case, -the corresponding value will not be returned. @end deftypefun diff --git a/src/gpgme.c b/src/gpgme.c index 9c09827..0cf999a 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -679,7 +679,17 @@ gpgme_get_status_cb (gpgme_ctx_t ctx, gpgme_status_cb_t *r_cb, void **r_cb_value) { TRACE2 (DEBUG_CTX, "gpgme_get_status_cb", ctx, "ctx->status_cb=%p/%p", - ctx->status_cb, ctx->status_cb_value); + ctx ? ctx->status_cb : NULL, ctx ? ctx->status_cb_value : NULL); + + if (r_cb) + *r_cb = NULL; + + if (r_cb_value) + *r_cb_value = NULL; + + if (!ctx || !ctx->status_cb) + return; + if (r_cb) *r_cb = ctx->status_cb; if (r_cb_value) commit 6dd24c3c6133ec54f75abd056191a8027fe01de0 Author: Ben Kibbey Date: Thu Apr 16 21:05:01 2015 -0400 Parse the INQUIRE_MAXLEN status message. * src/gpgme.h.in: (gpgme_status_code_t): Add INQUIRE_MAXLEN. * src/status-table.c (status_table_s): Ditto. * src/genkey.c (genkey_status_handler): Parse INQUIRE_MAXLEN. * src/decrypt.c (_gpgme_decrypt_status_handler): Ditto. * src/sign.c (_gpgme_sign_status_handler): Ditto. This status message informs the client of the maximum length of an inquired line. It is sent from gpg and forwarded to the client via gpgme_status_cb_t. diff --git a/src/decrypt.c b/src/decrypt.c index 4742060..4fd92c6 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -291,6 +291,16 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, err = _gpgme_parse_plaintext (args, &opd->result.file_name); if (err) return err; + break; + + case GPGME_STATUS_INQUIRE_MAXLEN: + if (ctx->status_cb) + { + err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args); + if (err) + return err; + } + break; default: break; diff --git a/src/genkey.c b/src/genkey.c index 17009bd..18765dd 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -124,6 +124,15 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) return gpg_error (GPG_ERR_GENERAL); break; + case GPGME_STATUS_INQUIRE_MAXLEN: + if (ctx->status_cb) + { + err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args); + if (err) + return err; + } + break; + default: break; } diff --git a/src/gpgme.h.in b/src/gpgme.h.in index ffcc7ba..8255e63 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -544,7 +544,8 @@ typedef enum GPGME_STATUS_PINENTRY_LAUNCHED = 88, GPGME_STATUS_ATTRIBUTE = 89, GPGME_STATUS_BEGIN_SIGNING = 90, - GPGME_STATUS_KEY_NOT_CREATED = 91 + GPGME_STATUS_KEY_NOT_CREATED = 91, + GPGME_STATUS_INQUIRE_MAXLEN = 92 } gpgme_status_code_t; diff --git a/src/sign.c b/src/sign.c index ffbde56..9e22fdb 100644 --- a/src/sign.c +++ b/src/sign.c @@ -338,6 +338,11 @@ _gpgme_sign_status_handler (void *priv, gpgme_status_code_t code, char *args) err = gpg_error (GPG_ERR_GENERAL); break; + case GPGME_STATUS_INQUIRE_MAXLEN: + if (ctx->status_cb) + err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", args); + break; + default: break; } diff --git a/src/status-table.c b/src/status-table.c index b936997..c85fa95 100644 --- a/src/status-table.c +++ b/src/status-table.c @@ -80,6 +80,7 @@ static struct status_table_s status_table[] = { "IMPORT_PROBLEM", GPGME_STATUS_IMPORT_PROBLEM }, { "IMPORT_RES", GPGME_STATUS_IMPORT_RES }, { "IMPORTED", GPGME_STATUS_IMPORTED }, + { "INQUIRE_MAXLEN", GPGME_STATUS_INQUIRE_MAXLEN }, { "INV_RECP", GPGME_STATUS_INV_RECP }, { "INV_SGNR", GPGME_STATUS_INV_SGNR }, { "KEY_CREATED", GPGME_STATUS_KEY_CREATED }, commit 4fadcf06ec8b0ebfb05c7622dbc3b73fd3c1bad9 Author: Ben Kibbey Date: Thu Apr 16 20:23:38 2015 -0400 Add gpgme_set/get_status_cb(). * src/gpgme.h.in (gpgme_set_status_cb): New. (gpgme_get_status_cb): New. (gpgme_status_cb_t): New. * src/gpgme.c (gpgme_set_status_cb): New. (gpgme_get_status_cb): New. * src/context.h (status_cb): New. (status_cb_value): New. * src/gpgme.def: Export new symbols. * src/libgpgme.vers: Ditto. * doc/gpgme.texi: Document these new functions. -- This callback function is used to forward status messages from gpg back to the client. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index ef4936d..bce6aef 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -194,6 +194,7 @@ Context Attributes * Key Listing Mode:: Selecting key listing mode. * Passphrase Callback:: Getting the passphrase from the user. * Progress Meter Callback:: Being informed about the progress. +* Status Message Callback:: Status messages received from gpg. * Locale:: Setting the locale of a context. Key Management @@ -2291,6 +2292,7 @@ started. In fact, these references are accessed through the * Key Listing Mode:: Selecting key listing mode. * Passphrase Callback:: Getting the passphrase from the user. * Progress Meter Callback:: Being informed about the progress. +* Status Message Callback:: Status messages received from gpg. * Locale:: Setting the locale of a context. @end menu @@ -2675,6 +2677,48 @@ the corresponding value will not be returned. @end deftypefun + at node Status Message Callback + at subsection Status Message Callback + at cindex callback, status message + at cindex status message callback + + at deftp {Data type} {gpgme_error_t (*gpgme_status_cb_t)(void *@var{hook}, const char *@var{keyword}, const char *@var{args})} + at tindex gpgme_status_cb_t +The @code{gpgme_status_cb_t} type is the type of function usable as +a status message callback function. + +The argument @var{keyword} is the name of the status message while the + at var{args} argument contains any arguments for the status message. + +The status message may have come from gpg or libgpgme. + +If an error occurs, return the corresponding @code{gpgme_error_t} +value. Otherwise, return @code{0}. + at end deftp + + at deftypefun void gpgme_set_status_cb (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_status_cb_t @var{statusfunc}}, @w{void *@var{hook_value}}) +The function @code{gpgme_set_status_cb} sets the function that is used when a +status message is received from gpg to @var{statusfunc}. The function + at var{statusfunc} needs to implemented by the user, and whenever it is called, +it is called with its first argument being @var{hook_value}. By default, no +status message callback function is set. + +The user can disable the use of a status message callback function by calling + at code{gpgme_set_status_cb} with @var{statusfunc} being @code{NULL}. + at end deftypefun + + at deftypefun void gpgme_get_status_cb (@w{gpgme_ctx_t @var{ctx}}, @w{gpgme_status_cb_t *@var{statusfunc}}, @w{void **@var{hook_value}}) +The function @code{gpgme_get_status_cb} returns the function that is used to +process status messages from gpg in @var{*statusfunc}, and the first argument +for this function in @var{*hook_value}. If no status message callback is set, +or @var{ctx} is not a valid pointer, @code{NULL} is returned in both +variables. + + at var{statusfunc} or @var{hook_value} can be @code{NULL}. In this case, +the corresponding value will not be returned. + at end deftypefun + + @node Locale @subsection Locale @cindex locale, default diff --git a/src/context.h b/src/context.h index 8cd86e9..757d9b4 100644 --- a/src/context.h +++ b/src/context.h @@ -135,6 +135,10 @@ struct gpgme_context gpgme_progress_cb_t progress_cb; void *progress_cb_value; + /* The user provided status callback and its hook value. */ + gpgme_status_cb_t status_cb; + void *status_cb_value; + /* A list of file descriptors in active use by the current operation. */ struct fd_table fdt; diff --git a/src/gpgme.c b/src/gpgme.c index c24b620..9c09827 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -656,6 +656,37 @@ gpgme_get_progress_cb (gpgme_ctx_t ctx, gpgme_progress_cb_t *r_cb, } +/* This function sets a callback function to be used as a status + message forwarder. */ +void +gpgme_set_status_cb (gpgme_ctx_t ctx, gpgme_status_cb_t cb, void *cb_value) +{ + TRACE2 (DEBUG_CTX, "gpgme_set_status_cb", ctx, "status_cb=%p/%p", + cb, cb_value); + + if (!ctx) + return; + + ctx->status_cb = cb; + ctx->status_cb_value = cb_value; +} + + +/* This function returns the callback function to be used as a + status message forwarder. */ +void +gpgme_get_status_cb (gpgme_ctx_t ctx, gpgme_status_cb_t *r_cb, + void **r_cb_value) +{ + TRACE2 (DEBUG_CTX, "gpgme_get_status_cb", ctx, "ctx->status_cb=%p/%p", + ctx->status_cb, ctx->status_cb_value); + if (r_cb) + *r_cb = ctx->status_cb; + if (r_cb_value) + *r_cb_value = ctx->status_cb_value; +} + + /* Set the I/O callback functions for CTX to IO_CBS. */ void gpgme_set_io_cbs (gpgme_ctx_t ctx, gpgme_io_cbs_t io_cbs) diff --git a/src/gpgme.def b/src/gpgme.def index cf167b4..a3f5fb4 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -220,5 +220,8 @@ EXPORTS gpgme_set_offline @165 gpgme_get_offline @166 + + gpgme_set_status_cb @167 + gpgme_get_status_cb @168 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 099cc8a..ffcc7ba 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -839,6 +839,11 @@ typedef gpgme_error_t (*gpgme_passphrase_cb_t) (void *hook, typedef void (*gpgme_progress_cb_t) (void *opaque, const char *what, int type, int current, int total); +/* Status messages from gpg. */ +typedef gpgme_error_t (*gpgme_status_cb_t) (void *opaque, const char *keyword, + const char *args); + + /* Interact with the user about an edit operation. */ typedef gpgme_error_t (*gpgme_edit_cb_t) (void *opaque, gpgme_status_code_t status, @@ -936,6 +941,16 @@ void gpgme_set_progress_cb (gpgme_ctx_t c, gpgme_progress_cb_t cb, void gpgme_get_progress_cb (gpgme_ctx_t ctx, gpgme_progress_cb_t *cb, void **hook_value); +/* Set the status callback function in CTX to CB. HOOK_VALUE is + passed as first argument to thes status callback function. */ +void gpgme_set_status_cb (gpgme_ctx_t c, gpgme_status_cb_t cb, + void *hook_value); + +/* Get the current status callback function in *CB and the current + hook value in *HOOK_VALUE. */ +void gpgme_get_status_cb (gpgme_ctx_t ctx, gpgme_status_cb_t *cb, + void **hook_value); + /* This function sets the locale for the context CTX, or the default locale if CTX is a null pointer. */ gpgme_error_t gpgme_set_locale (gpgme_ctx_t ctx, int category, diff --git a/src/libgpgme.vers b/src/libgpgme.vers index fc2920f..6687571 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -95,6 +95,9 @@ GPGME_1.1 { gpgme_set_offline; gpgme_get_offline; + + gpgme_set_status_cb; + gpgme_get_status_cb; }; commit 2b6ae3dadf4432f7a72fd119144b835f7b1adcc4 Author: Ben Kibbey Date: Tue Apr 14 18:39:26 2015 -0400 Make use of user passphrase handler during genkey. * src/genkey.c (genkey_start): set engine passphrase command handler. -- This allows for inquiring a new passphrase during key generation rather than requiring a pinentry. Needs a patch to gnupg to make use of --command-fd with --gen-key. diff --git a/src/genkey.c b/src/genkey.c index fd6685e..17009bd 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -186,6 +186,14 @@ genkey_start (gpgme_ctx_t ctx, int synchronous, const char *parms, _gpgme_engine_set_status_handler (ctx->engine, genkey_status_handler, ctx); + if (ctx->passphrase_cb) + { + err = _gpgme_engine_set_command_handler + (ctx->engine, _gpgme_passphrase_command_handler, ctx, NULL); + if (err) + return err; + } + return _gpgme_engine_op_genkey (ctx->engine, opd->key_parameter, ctx->use_armor, pubkey, seckey); } ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 39 +++++++++++++++++++++++++++++++++++++++ src/context.h | 4 ++++ src/decrypt.c | 10 ++++++++++ src/genkey.c | 17 +++++++++++++++++ src/gpgme.c | 41 +++++++++++++++++++++++++++++++++++++++++ src/gpgme.def | 3 +++ src/gpgme.h.in | 18 +++++++++++++++++- src/libgpgme.vers | 3 +++ src/sign.c | 5 +++++ src/status-table.c | 1 + 10 files changed, 140 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 16 22:14:58 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sun, 16 Aug 2015 22:14:58 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-11-gccbaccb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ccbaccbf2e0ba582d181b9ee4d8543d7c1248b2c (commit) from 70b3e5964ea0592bd09d1877d720b2c63f501970 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ccbaccbf2e0ba582d181b9ee4d8543d7c1248b2c Author: Ben Kibbey Date: Sun Aug 16 12:29:41 2015 -0400 Parse INQUIRE_MAXLEN in the passphrase callback. * src/passphrase.c (_gpgme_passphrase_status_handler): Parse GPGME_STATUS_INQUIRE_MAXLEN. * src/passphrase.c (_gpgme_passphrase_command_handler): Send the INQUIRE_MAXLEN status message. -- Fixes passing this status message along when decrypting symmetric data from gpg. diff --git a/src/passphrase.c b/src/passphrase.c index 00e9d99..63ab31e 100644 --- a/src/passphrase.c +++ b/src/passphrase.c @@ -41,6 +41,7 @@ typedef struct char *uid_hint; char *passphrase_info; int bad_passphrase; + char *maxlen; } *op_data_t; @@ -53,6 +54,7 @@ release_op_data (void *hook) free (opd->passphrase_info); if (opd->uid_hint) free (opd->uid_hint); + free (opd->maxlen); } @@ -73,6 +75,11 @@ _gpgme_passphrase_status_handler (void *priv, gpgme_status_code_t code, switch (code) { + case GPGME_STATUS_INQUIRE_MAXLEN: + free (opd->maxlen); + if (!(opd->maxlen = strdup (args))) + return gpg_error_from_syserror (); + break; case GPGME_STATUS_USERID_HINT: if (opd->uid_hint) free (opd->uid_hint); @@ -141,9 +148,14 @@ _gpgme_passphrase_command_handler (void *priv, gpgme_status_code_t code, if (processed) *processed = 1; - err = ctx->passphrase_cb (ctx->passphrase_cb_value, - opd->uid_hint, opd->passphrase_info, - opd->bad_passphrase, fd); + if (ctx->status_cb && opd->maxlen) + err = ctx->status_cb (ctx->status_cb_value, "INQUIRE_MAXLEN", + opd->maxlen); + + if (!err) + err = ctx->passphrase_cb (ctx->passphrase_cb_value, + opd->uid_hint, opd->passphrase_info, + opd->bad_passphrase, fd); /* Reset bad passphrase flag, in case it is correct now. */ opd->bad_passphrase = 0; ----------------------------------------------------------------------- Summary of changes: src/passphrase.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 16 22:14:56 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Sun, 16 Aug 2015 22:14:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-5-gbba74cd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via bba74cdd95ea98b5a7c3a12823b229341e91504e (commit) via 93f5295df512269dd8fecbd649b11cbacf78e864 (commit) from f126ca61565922b3b938c3486614b9bd7e6e454c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bba74cdd95ea98b5a7c3a12823b229341e91504e Author: Ben Kibbey Date: Sun Aug 16 13:46:59 2015 -0400 Fix pinentry loopback and passphrase contraints. * agent/command.c (cmd_get_passphrase): Don't repeat passphrase for pinentry loopback mode. * agent/genkey.c (check_passphrase_constraints): Immediately return when pinentry mode is loopback. -- Fixes endless loop when inquiring a passphrase with pinentry-mode=loopback that may not satisfy passphrase contraints. diff --git a/agent/command.c b/agent/command.c index 62a4628..f09a2ff 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1541,6 +1541,9 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) { char *response2; + if (ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK) + break; + rc = agent_get_passphrase (ctrl, &response2, desc2, prompt, errtext, 0, cacheid, CACHE_MODE_USER); diff --git a/agent/genkey.c b/agent/genkey.c index df17880..af53c60 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -189,6 +189,9 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, char *msg2 = NULL; char *msg3 = NULL; + if (ctrl && ctrl->pinentry_mode == PINENTRY_MODE_LOOPBACK) + return 0; + if (!pw) pw = ""; commit 93f5295df512269dd8fecbd649b11cbacf78e864 Author: Ben Kibbey Date: Sun Aug 16 12:23:21 2015 -0400 Fix sending INQUIRE_MAXLEN for symmetric data. * g10/passphrase.c (passphrase_to_dek_ext): Write the status message. diff --git a/g10/passphrase.c b/g10/passphrase.c index 08984ef..5eb2562 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -533,6 +533,14 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo, s2k_cacheid = s2k_cacheidbuf; } + if (opt.pinentry_mode == PINENTRY_MODE_LOOPBACK) + { + char buf[32]; + + snprintf (buf, sizeof (buf), "%u", 100); + write_status_text (STATUS_INQUIRE_MAXLEN, buf); + } + /* Divert to the gpg-agent. */ pw = passphrase_get (keyid, mode == 2, s2k_cacheid, (mode == 2 || mode == 4)? opt.passphrase_repeat : 0, ----------------------------------------------------------------------- Summary of changes: agent/command.c | 3 +++ agent/genkey.c | 3 +++ g10/passphrase.c | 8 ++++++++ 3 files changed, 14 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 17 16:20:37 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 17 Aug 2015 16:20:37 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-6-g91357b7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 91357b7722f2bf0d3765ec72855bdc96732df9d6 (commit) from bba74cdd95ea98b5a7c3a12823b229341e91504e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 91357b7722f2bf0d3765ec72855bdc96732df9d6 Author: Werner Koch Date: Mon Aug 17 16:13:25 2015 +0200 gpg: Avoid linking to Libksba * kbx/keybox.h (KEYBOX_WITH_X509): Do not define. * sm/Makefile.am (AM_CPPFLAGS): Define it here. (common_libs): Change to libkeybox509.a * g10/Makefile.am (AM_CFLAGS): remove KSBA_CFLAGS. (gpg2_LDADD, gpgv2_LDADD): Remove KSBA_LIBS * kbx/Makefile.am (noinst_LIBRARIES): Add libkeybox509.a. (libkeybox509_a_SOURCES): New. (libkeybox_a_CFLAGS): New. (libkeybox509_a_CFLAGS): New. (kbxutil_CFLAGS): New. * kbx/keybox-search.c (has_keygrip) [!KEYBOX_WITH_X509]: Declare args as unused. -- There is no real need to link to Libksba in gpg. Signed-off-by: Werner Koch diff --git a/g10/Makefile.am b/g10/Makefile.am index ea4afc8..0c53eab 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -25,9 +25,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am -# We need KSBA_CFLAGS because that is included by keybox.h. See also -# comments below for libksba. -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) \ +AM_CFLAGS = $(LIBGCRYPT_CFLAGS) \ $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) needed_libs = ../kbx/libkeybox.a $(libcommon) @@ -140,17 +138,14 @@ gpgv2_SOURCES = gpgv.c \ # ks-db.h \ # $(common_source) -# FIXME: Libkeybox.a links to libksba thus we need to add libksba -# here, even that it is not used by gpg. A proper solution would -# either to split up libkeybox.a or to use a separate keybox daemon. LDADD = $(needed_libs) ../common/libgpgrl.a \ $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS) gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ - $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ + $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(resource_objs) $(extra_sys_libs) gpg2_LDFLAGS = $(extra_bin_ldflags) gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ - $(KSBA_LIBS) $(GPG_ERROR_LIBS) \ + $(GPG_ERROR_LIBS) \ $(LIBICONV) $(resource_objs) $(extra_sys_libs) gpgv2_LDFLAGS = $(extra_bin_ldflags) diff --git a/kbx/Makefile.am b/kbx/Makefile.am index 5df2bba..95138e0 100644 --- a/kbx/Makefile.am +++ b/kbx/Makefile.am @@ -26,7 +26,7 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) -noinst_LIBRARIES = libkeybox.a +noinst_LIBRARIES = libkeybox.a libkeybox509.a bin_PROGRAMS = kbxutil if HAVE_W32CE_SYSTEM @@ -48,11 +48,17 @@ common_sources = \ libkeybox_a_SOURCES = $(common_sources) +libkeybox509_a_SOURCES = $(common_sources) + +libkeybox_a_CFLAGS = $(AM_CFLAGS) +libkeybox509_a_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1 + # We need W32SOCKLIBS because the init subsystem code in libcommon # requires it - although we don't actually need it. It is easier # to do it this way. kbxutil_SOURCES = kbxutil.c $(common_sources) +kbxutil_CFLAGS = $(AM_CFLAGS) -DKEYBOX_WITH_X509=1 kbxutil_LDADD = ../common/libcommon.a \ $(KSBA_LIBS) $(LIBGCRYPT_LIBS) $(extra_libs) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index 1433591..05b6859 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -611,6 +611,9 @@ has_keygrip (KEYBOXBLOB blob, const unsigned char *grip) #ifdef KEYBOX_WITH_X509 if (blob_get_type (blob) == KEYBOX_BLOBTYPE_X509) return blob_x509_has_grip (blob, grip); +#else + (void)blob; + (void)grip; #endif return 0; } diff --git a/kbx/keybox.h b/kbx/keybox.h index 386fff1..8c31141 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -29,9 +29,6 @@ extern "C" { #include "../common/iobuf.h" #include "keybox-search-desc.h" -#define KEYBOX_WITH_X509 1 - - #ifdef KEYBOX_WITH_X509 # include #endif diff --git a/sm/Makefile.am b/sm/Makefile.am index dda3eb8..43e3598 100644 --- a/sm/Makefile.am +++ b/sm/Makefile.am @@ -23,7 +23,7 @@ bin_PROGRAMS = gpgsm AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) $(LIBASSUAN_CFLAGS) -AM_CPPFLAGS = -I$(top_srcdir)/common +AM_CPPFLAGS = -I$(top_srcdir)/common -DKEYBOX_WITH_X509=1 include $(top_srcdir)/am/cmacros.am if HAVE_W32_SYSTEM @@ -57,7 +57,7 @@ gpgsm_SOURCES = \ qualified.c -common_libs = ../kbx/libkeybox.a $(libcommon) +common_libs = ../kbx/libkeybox509.a $(libcommon) gpgsm_LDADD = $(common_libs) ../common/libgpgrl.a \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) \ ----------------------------------------------------------------------- Summary of changes: g10/Makefile.am | 11 +++-------- kbx/Makefile.am | 8 +++++++- kbx/keybox-search.c | 3 +++ kbx/keybox.h | 3 --- sm/Makefile.am | 4 ++-- 5 files changed, 15 insertions(+), 14 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 18 19:46:50 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 18 Aug 2015 19:46:50 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-14-g78afb80 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 78afb80e5742f8542f21537307c6f39c05c1a7f3 (commit) from 1532bf3fa57f624c80ea1e9f958d88fedc377e68 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 78afb80e5742f8542f21537307c6f39c05c1a7f3 Author: Andre Heinecke Date: Tue Aug 18 19:24:25 2015 +0200 Fix pinentry for Windows * pinentry/pinentry.c (pinentry_loop2): Use assuan_fdopen for pipe fds. * pinentry/pinentry.h (pinentry_loop2): Mention this in the comment. -- For Windows calling assuan_fdopen is neccessary as this does some internal platform specific stuff (get_osfilehandle). This issue was introduced by using the real libassuan instead of the built in variant. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index e682de7..21f8f79 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1436,7 +1436,7 @@ int pinentry_loop2 (int infd, int outfd) { gpg_error_t rc; - int filedes[2]; + assuan_fd_t filedes[2]; assuan_context_t ctx; /* Extra check to make sure we have dropped privs. */ @@ -1456,8 +1456,8 @@ pinentry_loop2 (int infd, int outfd) /* For now we use a simple pipe based server so that we can work from scripts. We will later add options to run as a daemon and wait for requests on a Unix domain socket. */ - filedes[0] = infd; - filedes[1] = outfd; + filedes[0] = assuan_fdopen (infd); + filedes[1] = assuan_fdopen (outfd); rc = assuan_init_pipe_server (ctx, filedes); if (rc) { diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index abcc3a5..98db4bc 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -211,7 +211,9 @@ typedef int (*pinentry_cmd_handler_t) (pinentry_t pin); error. Otherwise, 0 is returned. */ int pinentry_loop (void); -/* The same as above but allows to specify the i/o descriptors. */ +/* The same as above but allows to specify the i/o descriptors. + * assuan_fdopen will be called on infd and outfd. + */ int pinentry_loop2 (int infd, int outfd); ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry.c | 6 +++--- pinentry/pinentry.h | 4 +++- 2 files changed, 6 insertions(+), 4 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 18 20:19:21 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 18 Aug 2015 20:19:21 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-17-g13e0980 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 13e09800a997845906bfb10ac3379bad00e6e63d (commit) via 11886c530de3b0a7c4dcd932c5c23762f3ccc4b0 (commit) via 8d73d2a55a0043202c08beaed9972343b1021327 (commit) from 78afb80e5742f8542f21537307c6f39c05c1a7f3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 13e09800a997845906bfb10ac3379bad00e6e63d Author: Andre Heinecke Date: Tue Aug 18 20:15:08 2015 +0200 Clarify comment about fds in pinentry_loop2 * pinentry/pinentry.h (pinetry_loop2): Clarify comment. diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index 98db4bc..e154ac5 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -212,7 +212,8 @@ typedef int (*pinentry_cmd_handler_t) (pinentry_t pin); int pinentry_loop (void); /* The same as above but allows to specify the i/o descriptors. - * assuan_fdopen will be called on infd and outfd. + * infd and outfd will be duplicated in this function so the caller + * still has to close them if necessary. */ int pinentry_loop2 (int infd, int outfd); commit 11886c530de3b0a7c4dcd932c5c23762f3ccc4b0 Author: Andre Heinecke Date: Tue Aug 18 19:54:04 2015 +0200 Qt: Make it possible to build qt5 variant static * qt/main.cpp: Import static platform plugins when necessary. -- As pkg-config does not expose all libraries needed to link qt5 statically with this patch it is possible to get a static build by setting the LIBS variable correctly. diff --git a/qt/main.cpp b/qt/main.cpp index 0500b7a..70e08de 100644 --- a/qt/main.cpp +++ b/qt/main.cpp @@ -50,6 +50,19 @@ #include #endif +#if QT_VERSION >= 0x050000 && defined(QT_STATIC) + #include + #ifdef Q_OS_WIN + #include + #include + Q_IMPORT_PLUGIN(QWindowsIntegrationPlugin) + #elif defined(Q_OS_MAC) + Q_IMPORT_PLUGIN(QCocoaIntegrationPlugin) + #else + Q_IMPORT_PLUGIN(QXcbIntegrationPlugin) + #endif +#endif + static QString escape_accel( const QString & s ) { QString result; commit 8d73d2a55a0043202c08beaed9972343b1021327 Author: Andre Heinecke Date: Tue Aug 18 19:47:42 2015 +0200 Respect SYSROOT variable when looking for assuan * m4/libassuan.m4: Respect SYSROOT Variable. -- This change makes the libassuan lookup work similar to the libgpg-error lookup simplifying cross-compiling a bit. diff --git a/m4/libassuan.m4 b/m4/libassuan.m4 index d3d8f2e..c953843 100644 --- a/m4/libassuan.m4 +++ b/m4/libassuan.m4 @@ -24,6 +24,19 @@ AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], if test x${LIBASSUAN_CONFIG+set} != xset ; then LIBASSUAN_CONFIG=$libassuan_config_prefix/bin/libassuan-config fi + else + case "${SYSROOT}" in + /*) + if test -x "${SYSROOT}/bin/libassuan-config" ; then + LIBASSUAN_CONFIG="${SYSROOT}/bin/libassuan-config" + fi + ;; + '') + ;; + *) + AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) + ;; + esac fi AC_PATH_TOOL(LIBASSUAN_CONFIG, libassuan-config, no) @@ -105,7 +118,7 @@ AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], *** built for $libassuan_config_host and thus may not match the *** used host $host. *** You may want to use the configure option --with-libassuan-prefix -*** to specify a matching config script. +*** to specify a matching config script or use \$SYSROOT. ***]]) fi fi ----------------------------------------------------------------------- Summary of changes: m4/libassuan.m4 | 15 ++++++++++++++- pinentry/pinentry.h | 3 ++- qt/main.cpp | 13 +++++++++++++ 3 files changed, 29 insertions(+), 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 19 12:46:16 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 19 Aug 2015 12:46:16 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-255-g65639ec Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 65639ecaaeba642e40487446c40d045482001285 (commit) from 48822ae0b436bcea0fe92dbf0d88475ba3179320 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 65639ecaaeba642e40487446c40d045482001285 Author: Werner Koch Date: Wed Aug 19 12:43:43 2015 +0200 Change SHA-3 algorithm ids * src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256) (GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): Change values. -- By using algorithm ids outside of the RFC-4880 range we make debugging of GnuPG easier. Signed-off-by: Werner Koch diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 4b4646b..884034c 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1144,7 +1144,7 @@ gcry_error_t gcry_pubkey_get_sexp (gcry_sexp_t *r_sexp, ************************************/ /* Algorithm IDs for the hash functions we know about. Not all of them - are implemnted. */ + are implemented. */ enum gcry_md_algos { GCRY_MD_NONE = 0, @@ -1158,10 +1158,6 @@ enum gcry_md_algos GCRY_MD_SHA384 = 9, GCRY_MD_SHA512 = 10, GCRY_MD_SHA224 = 11, - GCRY_MD_SHA3_224= 12, - GCRY_MD_SHA3_256= 13, - GCRY_MD_SHA3_384= 14, - GCRY_MD_SHA3_512= 15, GCRY_MD_MD4 = 301, GCRY_MD_CRC32 = 302, @@ -1173,7 +1169,11 @@ enum gcry_md_algos GCRY_MD_GOSTR3411_94 = 308, /* GOST R 34.11-94. */ GCRY_MD_STRIBOG256 = 309, /* GOST R 34.11-2012, 256 bit. */ GCRY_MD_STRIBOG512 = 310, /* GOST R 34.11-2012, 512 bit. */ - GCRY_MD_GOSTR3411_CP = 311 /* GOST R 34.11-94 with CryptoPro-A S-Box. */ + GCRY_MD_GOSTR3411_CP = 311, /* GOST R 34.11-94 with CryptoPro-A S-Box. */ + GCRY_MD_SHA3_224 = 312, + GCRY_MD_SHA3_256 = 313, + GCRY_MD_SHA3_384 = 314, + GCRY_MD_SHA3_512 = 315 }; /* Flags used with the open function. */ ----------------------------------------------------------------------- Summary of changes: src/gcrypt.h.in | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 20 17:45:49 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 20 Aug 2015 17:45:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-36-gb8adfc4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b8adfc4186fa209dce3e7ca763cec8576b8ee291 (commit) via 0d5a4138f27187e7828ef8216758edc9b48b2c64 (commit) from 0add91ae1ca3718e8140af09294c595f47c958d3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b8adfc4186fa209dce3e7ca763cec8576b8ee291 Author: Werner Koch Date: Thu Aug 20 17:42:55 2015 +0200 doc: Remove C++ style comments and update HACKING. -- diff --git a/common/t-iobuf.c b/common/t-iobuf.c index 01c94a3..ae72fde 100644 --- a/common/t-iobuf.c +++ b/common/t-iobuf.c @@ -27,7 +27,7 @@ every_other_filter (void *opaque, int control, else c2 = iobuf_readbyte (chain); - // printf ("Discarding %d (%c); return %d (%c)\n", c, c, c2, c2); + /* printf ("Discarding %d (%c); return %d (%c)\n", c, c, c2, c2); */ if (c2 == -1) { @@ -149,12 +149,12 @@ main (int argc, char *argv[]) n = 0; while ((c = iobuf_readbyte (iobuf)) != -1) { - // printf ("%d: %c\n", n + 1, (char) c); + /* printf ("%d: %c\n", n + 1, (char) c); */ assert (content[2 * n + 1] == c); n ++; } - // printf ("Got EOF after reading %d bytes (content: %d)\n", - // n, strlen (content)); + /* printf ("Got EOF after reading %d bytes (content: %d)\n", */ + /* n, strlen (content)); */ assert (n == strlen (content) / 2); iobuf_close (iobuf); @@ -185,7 +185,7 @@ main (int argc, char *argv[]) while ((c = iobuf_readbyte (iobuf)) != -1) { - // printf ("%d: %c\n", n + 1, (char) c); + /* printf ("%d: %c\n", n + 1, (char) c); */ assert (content[2 * (n - 5) + 1] == c); n ++; } @@ -293,7 +293,7 @@ main (int argc, char *argv[]) c = iobuf_readbyte (iobuf); if (c == -1 && lastc == -1) { - // printf("Two EOFs in a row. Done.\n"); + /* printf("Two EOFs in a row. Done.\n"); */ assert (n == 44); break; } @@ -302,13 +302,13 @@ main (int argc, char *argv[]) if (c == -1) { - // printf("After %d bytes, got EOF.\n", n); + /* printf("After %d bytes, got EOF.\n", n); */ assert (n == 27 || n == 44); } else { n ++; - // printf ("%d: '%c' (%d)\n", n, c, c); + /* printf ("%d: '%c' (%d)\n", n, c, c); */ } } } @@ -366,7 +366,7 @@ main (int argc, char *argv[]) for (n = 0; (c = iobuf_get (iobuf)) != -1; n ++) { - // printf ("%d: `%c'\n", n, c); + /* printf ("%d: `%c'\n", n, c); */ buffer[n] = c; } diff --git a/doc/HACKING b/doc/HACKING index c1cd348..5d72017 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -32,11 +32,31 @@ TAB, will not exceed 80 columns. If you want to add text which shall not be copied to the ChangeLog, separate it by a line consisting of two dashes at the begin of a line. -Typo fixes and documentation updates don't need a ChangeLog Entry, +The one-line summary usually starts with a keyword to identify the +mainly affected subsystem. If more than one keyword is required the +are delimited by a comma (e.g. =scd,w32:=). Commonly found keywords +are + + - agent :: The gpg-agent component + - ssh :: The ssh-agent part of the agent + - common :: Code in common + - iobuf :: The IOBUF system in common + - gpg :: The gpg or gpgv components + - gpgsm :: The gpgsm component + - scd :: The scdaemon component + - ccid :: The CCID driver in scdaemon + - dirmngr :: The dirmngr component + - w32 :: Windows related code + - po :: Translations + - build :: Changes to the build system + - speedo :: Speedo build system specific changes + - doc :: Documentation changes + +Typo fixes and documentation updates don't need a ChangeLog entry; thus you would use a commit message like #+begin_example -Fix type in a comment +Fix typo in a comment -- #+end_example @@ -54,7 +74,6 @@ Note that such a comment will be removed if the git commit option =--cleanup=scissor= is used. - ** License policy GnuPG is licensed under the GPLv3+ with some files under a mixed @@ -104,6 +123,12 @@ Note that such a comment will be removed if the git commit option need. If you really need to do it, use a separate commit for such a change. + - C99 syntax should not be used; stick to C90. + - Please do not use C++ =//= style comments. + - Try to fit lines into 80 columns. + - Ignore signed/unsigned pointer mismatches + - No arithmetic on void pointers; cast to char* first. + ** Commit log keywords - GnuPG-bug-id :: Values are comma or space delimited bug numbers @@ -156,7 +181,6 @@ Note that such a comment will be removed if the git commit option the git repositories. In case of problems, don't hesitate to ask on the gnupg-devel mailing for help. - * Debug hints See the manual for some hints. commit 0d5a4138f27187e7828ef8216758edc9b48b2c64 Author: Werner Koch Date: Thu Aug 20 16:37:45 2015 +0200 po: Add lost translation of validity strings. * po/POTFILES.in (trust.c): Add missing file. * po/de.po: Changed German validity strings. * doc/help.de.txt: Ditto. -- Note that I replaced "uneingeschr?nkt" in de.po to "ultimativ" to make the output better readable. diff --git a/doc/help.de.txt b/doc/help.de.txt index ea2a4e4..7b2fffe 100644 --- a/doc/help.de.txt +++ b/doc/help.de.txt @@ -7,12 +7,12 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. -# +# # GnuPG is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, see . @@ -41,9 +41,9 @@ um das "Netz des Vertrauens" aufzubauen. Dieses hat nichts mit dem .gpg.edit_ownertrust.set_ultimate.okay Um das Web-of-Trust aufzubauen mu? GnuPG wissen, welchen Schl?sseln -uneingeschr?nkt vertraut wird. Das sind ?blicherweise die Schl?ssel +ultimativ vertraut wird. Das sind ?blicherweise die Schl?ssel auf deren geheimen Schl?ssel Sie Zugruff haben. -Antworten Sie mit "yes" um diesen Schl?ssel uneingeschr?nkt zu vertrauen +Antworten Sie mit "yes" um diesen Schl?ssel ultimativ zu vertrauen . @@ -74,7 +74,7 @@ unterschrieben werden kann. .gpg.keygen.algo.rsa_se Normalerweise ist es nicht gut, denselben Schl?ssel zum unterschreiben und verschl?sseln zu nutzen. Dieses Verfahren sollte in speziellen -Anwendungsgebiten benutzt werden. Bitte lassen Sie sich zuerst von +Anwendungsgebiten benutzt werden. Bitte lassen Sie sich zuerst von einem Sicherheistexperten beraten. . @@ -138,7 +138,7 @@ sicherstellen, da? der Schl?ssel demjenigen geh?rt, der in der User-ID genann ist. F?r Dritte ist es hilfreich zu wissen, wie gut diese Zuordnung ?berpr?ft wurde. -"0" zeigt, da? Sie keine bestimmte Aussage ?ber die Sorgfalt der +"0" zeigt, da? Sie keine bestimmte Aussage ?ber die Sorgfalt der Schl?sselzuordnung machen. "1" Sie glauben, da? der Schl?ssel der benannten Person geh?rt, @@ -224,7 +224,7 @@ Eigenbeglaubigungen werden um eine Sekunde vorgestellt. . .gpg.passphrase.enter -Bitte geben Sie die Passphrase ein. Dies ist ein geheimer Satz +Bitte geben Sie die Passphrase ein. Dies ist ein geheimer Satz . diff --git a/po/POTFILES.in b/po/POTFILES.in index 6050b1b..09c6ec4 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -72,6 +72,7 @@ g10/tdbdump.c g10/tdbio.c g10/textfilter.c g10/trustdb.c +g10/trust.c g10/verify.c kbx/kbxutil.c diff --git a/po/de.po b/po/de.po index 368fce9..a2bba9e 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: gnupg-2.1.0\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2015-08-11 13:52+0200\n" +"PO-Revision-Date: 2015-08-20 16:27+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: German \n" "Language: de\n" @@ -4704,7 +4704,7 @@ msgid "Your decision? " msgstr "Ihre Auswahl? " msgid "Do you really want to set this key to ultimate trust? (y/N) " -msgstr "Wollen Sie diesem Schl?ssel wirklich uneingeschr?nkt vertrauen? (j/N) " +msgstr "Wollen Sie diesem Schl?ssel wirklich ultimativ vertrauen? (j/N) " msgid "Certificates leading to an ultimately trusted key:\n" msgstr "Zertifikate f?hren zu einem letztlich vertrauensw?rdigen Schl?ssel:\n" @@ -5331,7 +5331,7 @@ msgstr "" #, c-format msgid "key %s marked as ultimately trusted\n" -msgstr "Schl?ssel %s ist als uneingeschr?nkt vertrauensw?rdig gekennzeichnet\n" +msgstr "Schl?ssel %s ist als ultimativ vertrauensw?rdig gekennzeichnet\n" #, c-format msgid "trust record %lu, req type %d: read failed: %s\n" @@ -5390,12 +5390,11 @@ msgid "%d keys processed (%d validity counts cleared)\n" msgstr "%d Schl?ssel verarbeitet (%d Validity Z?hler gel?scht)\n" msgid "no ultimately trusted keys found\n" -msgstr "keine uneingeschr?nkt vertrauensw?rdigen Schl?ssel gefunden\n" +msgstr "keine ultimativ vertrauensw?rdigen Schl?ssel gefunden\n" #, c-format msgid "public key of ultimately trusted key %s not found\n" -msgstr "" -"?ff. Schl?ssel des uneingeschr?nkt vertrautem Schl?ssel %s nicht gefunden\n" +msgstr "?ff. Schl?ssel des ultimativ vertrautem Schl?ssel %s nicht gefunden\n" #, c-format msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n" @@ -5414,6 +5413,53 @@ msgstr "" "\"Trust-DB\"-Versions-Satz kann nicht ge?ndert werden: Schreiben " "fehlgeschlagen: %s\n" +msgid "undefined" +msgstr "unbestimmt" + +msgid "never" +msgstr "niemals" + +msgid "marginal" +msgstr "marginal" + +msgid "full" +msgstr "vollst?ndig" + +msgid "ultimate" +msgstr "ultimativ" + +#. TRANSLATORS: these strings are similar to those in +#. trust_value_to_string(), but are a fixed length. This is needed to +#. make attractive information listings where columns line up +#. properly. The value "10" should be the length of the strings you +#. choose to translate to. This is the length in printable columns. +#. It gets passed to atoi() so everything after the number is +#. essentially a comment and need not be translated. Either key and +#. uid are both NULL, or neither are NULL. +msgid "10 translator see trust.c:uid_trust_string_fixed" +msgstr "13" + +msgid "[ revoked]" +msgstr "[ widerrufen]" + +msgid "[ expired]" +msgstr "[ verfallen]" + +msgid "[ unknown]" +msgstr "[ unbekannt]" + +msgid "[ undef ]" +msgstr "[undefiniert]" + +msgid "[marginal]" +msgstr "[ marginal]" + +msgid "[ full ]" +msgstr "[vollst?ndig]" + +msgid "[ultimate]" +msgstr "[ ultimativ]" + msgid "" "the signature could not be verified.\n" "Please remember that the signature file (.sig or .asc)\n" @@ -8222,45 +8268,6 @@ msgstr "" #~ msgid "deleting secret key not implemented\n" #~ msgstr "L?schen des geheimen Schl?ssel ist nicht implementiert\n" -#~ msgid "10 translator see trustdb.c:uid_trust_string_fixed" -#~ msgstr "10" - -#~ msgid "[ revoked]" -#~ msgstr "[widerrufen]" - -#~ msgid "[ expired]" -#~ msgstr "[verfall.]" - -#~ msgid "[ unknown]" -#~ msgstr "[ unbek.]" - -#~ msgid "[ undef ]" -#~ msgstr "[ undef.]" - -#~ msgid "[marginal]" -#~ msgstr "[marginal]" - -#~ msgid "[ full ]" -#~ msgstr "[ vollst.]" - -#~ msgid "[ultimate]" -#~ msgstr "[ uneing.]" - -#~ msgid "undefined" -#~ msgstr "unbestimmt" - -#~ msgid "never" -#~ msgstr "niemals" - -#~ msgid "marginal" -#~ msgstr "marginal" - -#~ msgid "full" -#~ msgstr "vollst?ndig" - -#~ msgid "ultimate" -#~ msgstr "uneingeschr?nkt" - #~ msgid "usage: gpgconf [options] " #~ msgstr "Aufruf: gpgconf [Optionen] " @@ -8645,10 +8652,9 @@ msgstr "" #~ "ultimately trusted\n" #~ msgstr "" #~ "Um das Web-of-Trust aufzubauen mu? GnuPG wissen, welchen Schl?sseln\n" -#~ "uneingeschr?nkt vertraut wird. Das sind ?blicherweise die Schl?ssel\n" +#~ "ultimativ vertraut wird. Das sind ?blicherweise die Schl?ssel\n" #~ "auf deren geheimen Schl?ssel Sie Zugruff haben.\n" -#~ "Antworten Sie mit \"yes\" um diesen Schl?ssel uneingeschr?nkt zu " -#~ "vertrauen\n" +#~ "Antworten Sie mit \"yes\" um diesen Schl?ssel ultimativ zu vertrauen\n" #~ msgid "If you want to use this untrusted key anyway, answer \"yes\"." #~ msgstr "" ----------------------------------------------------------------------- Summary of changes: common/t-iobuf.c | 18 +++++----- doc/HACKING | 32 ++++++++++++++--- doc/help.de.txt | 14 ++++---- po/POTFILES.in | 1 + po/de.po | 102 +++++++++++++++++++++++++++++-------------------------- 5 files changed, 99 insertions(+), 68 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 21 14:21:23 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 21 Aug 2015 14:21:23 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-42-g09f2a7b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 09f2a7bca624d0492e1d7ab29ce19542249c13ff (commit) via 4f37820334fadd8c5036ea6c42f3dc242665c4a9 (commit) via b3226cadf9bbef4a367072396e5b0abf37afff2d (commit) via 0143d5c1ca4d12ac252c14f01931f48131591065 (commit) via 48e792cc951a9d00fad0691ef7411c9e22cf675a (commit) via 73af66a0aada8f30d8f400fdc4f69e233fb53089 (commit) from b8adfc4186fa209dce3e7ca763cec8576b8ee291 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 09f2a7bca624d0492e1d7ab29ce19542249c13ff Author: Neal H. Walfield Date: Fri Aug 21 11:55:15 2015 +0200 common: Don't incorrectly reject 4 GB - 1 sized packets. * g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets. Add the constraint that the type must be 63. * kbx/keybox-openpgp.c (next_packet): Likewise. * tests/openpgp/4gb-packet.asc: New file. * tests/openpgp/4gb-packet.test: New file. * tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test. (TEST_FILES): Add 4gb-packet.asc. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/parse-packet.c b/g10/parse-packet.c index bc99653..edebbe7 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -643,7 +643,14 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, } } - if (pktlen == (unsigned long) (-1)) + /* Sometimes the decompressing layer enters an error state in which + it simply outputs 0xff for every byte read. If we have a stream + of 0xff bytes, then it will be detected as a new format packet + with type 63 and a 4-byte encoded length that is 4G-1. Since + packets with type 63 are private and we use them as a control + packet, which won't be 4 GB, we reject such packets as + invalid. */ + if (pkttype == 63 && pktlen == 0xFFFFFFFF) { /* With some probability this is caused by a problem in the * the uncompressing layer - in some error cases it just loops diff --git a/kbx/keybox-openpgp.c b/kbx/keybox-openpgp.c index 2cac242..a5f602b 100644 --- a/kbx/keybox-openpgp.c +++ b/kbx/keybox-openpgp.c @@ -139,7 +139,14 @@ next_packet (unsigned char const **bufptr, size_t *buflen, return gpg_error (GPG_ERR_UNEXPECTED); } - if (pktlen == (unsigned long)(-1)) + if (pkttype == 63 && pktlen == 0xFFFFFFFF) + /* Sometimes the decompressing layer enters an error state in + which it simply outputs 0xff for every byte read. If we have a + stream of 0xff bytes, then it will be detected as a new format + packet with type 63 and a 4-byte encoded length that is 4G-1. + Since packets with type 63 are private and we use them as a + control packet, which won't be 4 GB, we reject such packets as + invalid. */ return gpg_error (GPG_ERR_INV_PACKET); if (pktlen > len) diff --git a/tests/openpgp/4gb-packet.asc b/tests/openpgp/4gb-packet.asc new file mode 100644 index 0000000..7e5d6f3 Binary files /dev/null and b/tests/openpgp/4gb-packet.asc differ diff --git a/tests/openpgp/4gb-packet.test b/tests/openpgp/4gb-packet.test new file mode 100755 index 0000000..f8e43c8 --- /dev/null +++ b/tests/openpgp/4gb-packet.test @@ -0,0 +1,16 @@ +#!/bin/sh + +. $srcdir/defs.inc || exit 3 + +# GnuPG through 2.1.7 would incorrect mark packets whose size is +# 2^32-1 as invalid and exit with status code 2. +i=$srcdir/4gb-packet.asc + +if ! $GPG --list-packets $i +then + echo Failed to parse 4GB packet. + exit 1 +else + echo Can parse 4GB packets. + exit 0 +fi diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index dae8c11..4fdb0a6 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -38,7 +38,7 @@ TESTS = version.test mds.test \ armdetachm.test detachm.test genkey1024.test \ conventional.test conventional-mdc.test \ multisig.test verify.test armor.test \ - import.test ecc.test finish.test + import.test ecc.test 4gb-packet.test finish.test TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ @@ -46,7 +46,7 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ pubring.pkr.asc secring.skr.asc secdemo.asc pubdemo.asc \ gpg.conf.tmpl gpg-agent.conf.tmpl \ bug537-test.data.asc bug894-test.asc \ - bug1223-good.asc bug1223-bogus.asc + bug1223-good.asc bug1223-bogus.asc 4gb-packet.asc data_files = data-500 data-9000 data-32000 data-80000 plain-large commit 4f37820334fadd8c5036ea6c42f3dc242665c4a9 Author: Neal H. Walfield Date: Fri Aug 21 10:38:41 2015 +0200 common: Don't assume on-disk layout matches in-memory layout. * g10/packet.h (PKT_signature): Change revkey's type from a struct revocation_key ** to a struct revocation_key *. Update users. -- revkey was a pointer into the raw data. But, C doesn't guarantee that there is no padding. Thus, we copy the data. Signed-off-by: Neal H. Walfield . diff --git a/g10/export.c b/g10/export.c index 5050128..62802d3 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1011,7 +1011,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, int i; for (i=0;ipkt->pkt.signature->numrevkeys;i++) - if ( (node->pkt->pkt.signature->revkey[i]->class & 0x40)) + if ( (node->pkt->pkt.signature->revkey[i].class & 0x40)) break; if (i < node->pkt->pkt.signature->numrevkeys) diff --git a/g10/getkey.c b/g10/getkey.c index 3a60161..6e85834 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -720,7 +720,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk, ANYLOCALFIRST is set if the search order has the local method before any other or if "local" is used first by default. This - makes sure that if a RETCTX is used it gets only set if a local + makes sure that if a RETCTX is used it is only set if a local search has precedence over the other search methods and only then a followup call to get_pubkey_next shall succeed. */ if (!no_akl) @@ -1606,7 +1606,7 @@ merge_selfsigs_main (KBNODE keyblock, int *r_revoked, for (i = 0; i < sig->numrevkeys; i++) memcpy (&pk->revkey[pk->numrevkeys++], - sig->revkey[i], + &sig->revkey[i], sizeof (struct revocation_key)); } diff --git a/g10/import.c b/g10/import.c index e92769d..60a037b 100644 --- a/g10/import.c +++ b/g10/import.c @@ -2397,7 +2397,7 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) { u32 keyid[2]; - keyid_from_fingerprint(sig->revkey[idx]->fpr, + keyid_from_fingerprint(sig->revkey[idx].fpr, MAX_FINGERPRINT_LEN,keyid); for(inode=keyblock->next;inode;inode=inode->next) @@ -2416,7 +2416,7 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) itself? */ int rc; - rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx]->fpr, + rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx].fpr, MAX_FINGERPRINT_LEN); if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY) @@ -2432,13 +2432,13 @@ revocation_present (ctrl_t ctrl, kbnode_t keyblock) " fetching revocation key %s\n"), tempkeystr,keystr(keyid)); keyserver_import_fprint (ctrl, - sig->revkey[idx]->fpr, + sig->revkey[idx].fpr, MAX_FINGERPRINT_LEN, opt.keyserver); /* Do we have it now? */ rc=get_pubkey_byfprint_fast (NULL, - sig->revkey[idx]->fpr, + sig->revkey[idx].fpr, MAX_FINGERPRINT_LEN); } diff --git a/g10/packet.h b/g10/packet.h index 8bd5fc4..826963e 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -167,7 +167,7 @@ typedef struct byte trust_depth; byte trust_value; const byte *trust_regexp; - struct revocation_key **revkey; + struct revocation_key *revkey; int numrevkeys; pka_info_t *pka_info; /* Malloced PKA data or NULL if not available. See also flags.pka_tried. */ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 1467dc3..bc99653 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1711,25 +1711,31 @@ parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype) void parse_revkeys (PKT_signature * sig) { - struct revocation_key *revkey; + const byte *revkey; int seq = 0; size_t len; if (sig->sig_class != 0x1F) return; - while ((revkey = - (struct revocation_key *) enum_sig_subpkt (sig->hashed, - SIGSUBPKT_REV_KEY, - &len, &seq, NULL))) + while ((revkey = enum_sig_subpkt (sig->hashed, SIGSUBPKT_REV_KEY, + &len, &seq, NULL))) { - if (len == sizeof (struct revocation_key) - && (revkey->class & 0x80)) /* 0x80 bit must be set. */ + if (/* The only valid length is 22 bytes. See RFC 4880 + 5.2.3.15. */ + len == 22 + /* 0x80 bit must be set on the class. */ + && (revkey[0] & 0x80)) { sig->revkey = xrealloc (sig->revkey, - sizeof (struct revocation_key *) * + sizeof (struct revocation_key) * (sig->numrevkeys + 1)); - sig->revkey[sig->numrevkeys] = revkey; + + /* Copy the individual fields. */ + sig->revkey[sig->numrevkeys].class = revkey[0]; + sig->revkey[sig->numrevkeys].algid = revkey[1]; + memcpy (sig->revkey[sig->numrevkeys].fpr, &revkey[2], 20); + sig->numrevkeys++; } } diff --git a/g10/revoke.c b/g10/revoke.c index 6e82187..eb3a989 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -383,11 +383,11 @@ gen_desig_revoke( const char *uname, strlist_t locusr ) for(j=0;jpkt->pkt.signature->numrevkeys;j++) { if(pk->revkey[i].class== - signode->pkt->pkt.signature->revkey[j]->class && + signode->pkt->pkt.signature->revkey[j].class && pk->revkey[i].algid== - signode->pkt->pkt.signature->revkey[j]->algid && + signode->pkt->pkt.signature->revkey[j].algid && memcmp(pk->revkey[i].fpr, - signode->pkt->pkt.signature->revkey[j]->fpr, + signode->pkt->pkt.signature->revkey[j].fpr, MAX_FINGERPRINT_LEN)==0) { revkey=signode->pkt->pkt.signature; commit b3226cadf9bbef4a367072396e5b0abf37afff2d Author: Neal H. Walfield Date: Fri Aug 21 09:47:57 2015 +0200 common: Don't incorrectly copy packets with partial lengths. * g10/parse-packet.c (parse): We don't handle copying packets with a partial body length to an output stream. If this occurs, log an error and abort. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 6f44efa..1467dc3 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -654,6 +654,17 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, if (out && pkttype) { + /* This type of copying won't work if the packet uses a partial + body length. (In other words, this only works if HDR is + actually the length.) Currently, no callers require this + functionality so we just log this as an error. */ + if (partial) + { + log_error ("parse: Can't copy partial packet. Aborting.\n"); + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } + rc = iobuf_write (out, hdr, hdrlen); if (!rc) rc = copy_packet (inp, out, pkttype, pktlen, partial); commit 0143d5c1ca4d12ac252c14f01931f48131591065 Author: Neal H. Walfield Date: Fri Aug 21 09:35:09 2015 +0200 common: Check parameters more rigorously. * g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not NULL. (copy_all_packets): Likewise. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 4ba9419..6f44efa 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -336,6 +336,10 @@ dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l) { PACKET pkt; int skip, rc = 0; + + if (! out) + log_bug ("copy_all_packets: OUT may not be NULL.\n"); + do { init_packet (&pkt); @@ -351,6 +355,10 @@ copy_all_packets (IOBUF inp, IOBUF out) { PACKET pkt; int skip, rc = 0; + + if (! out) + log_bug ("copy_all_packets: OUT may not be NULL.\n"); + do { init_packet (&pkt); commit 48e792cc951a9d00fad0691ef7411c9e22cf675a Author: Neal H. Walfield Date: Fri Aug 21 09:32:58 2015 +0200 common: Don't continuing processing on error. * g10/parse-packet.c (dbg_parse_packet): Also return if parse returns an error. (parse_packet): Likewise. (dbg_search_packet): Likewise. (search_packet): Likewise. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 2afba54..4ba9419 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -272,7 +272,7 @@ dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l) { rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l); } - while (skip); + while (skip && ! rc); return rc; } #else /*!DEBUG_PARSE_PACKET*/ @@ -285,7 +285,7 @@ parse_packet (IOBUF inp, PACKET * pkt) { rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0); } - while (skip); + while (skip && ! rc); return rc; } #endif /*!DEBUG_PARSE_PACKET*/ @@ -308,7 +308,7 @@ dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid, parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search", dbg_f, dbg_l); } - while (skip); + while (skip && ! rc); return rc; } #else /*!DEBUG_PARSE_PACKET*/ @@ -321,7 +321,7 @@ search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid) { rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0); } - while (skip); + while (skip && ! rc); return rc; } #endif /*!DEBUG_PARSE_PACKET*/ commit 73af66a0aada8f30d8f400fdc4f69e233fb53089 Author: Neal H. Walfield Date: Fri Aug 21 09:28:49 2015 +0200 common: Better respect the packet's length when reading it. * g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't underflow. Be more careful that a read doesn't read more data than PKTLEN says is available. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/parse-packet.c b/g10/parse-packet.c index cd202da..2afba54 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1750,13 +1750,19 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, if (!is_v4) { + if (pktlen == 0) + goto underflow; md5_len = iobuf_get_noeof (inp); pktlen--; } + if (pktlen == 0) + goto underflow; sig->sig_class = iobuf_get_noeof (inp); pktlen--; if (!is_v4) { + if (pktlen < 12) + goto underflow; sig->timestamp = read_32 (inp); pktlen -= 4; sig->keyid[0] = read_32 (inp); @@ -1764,6 +1770,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, sig->keyid[1] = read_32 (inp); pktlen -= 4; } + if (pktlen < 2) + goto underflow; sig->pubkey_algo = iobuf_get_noeof (inp); pktlen--; sig->digest_algo = iobuf_get_noeof (inp); @@ -1772,8 +1780,12 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, sig->flags.revocable = 1; if (is_v4) /* Read subpackets. */ { + if (pktlen < 2) + goto underflow; n = read_16 (inp); pktlen -= 2; /* Length of hashed data. */ + if (pktlen < n) + goto underflow; if (n > 10000) { log_error ("signature packet: hashed data too long\n"); @@ -1798,8 +1810,12 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, } pktlen -= n; } + if (pktlen < 2) + goto underflow; n = read_16 (inp); pktlen -= 2; /* Length of unhashed data. */ + if (pktlen < n) + goto underflow; if (n > 10000) { log_error ("signature packet: unhashed data too long\n"); @@ -1826,15 +1842,8 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, } } - if (pktlen < 5) /* Sanity check. */ - { - log_error ("packet(%d) too short\n", pkttype); - if (list_mode) - es_fputs (":signature packet: [too short]\n", listfp); - rc = GPG_ERR_INV_PACKET; - goto leave; - } - + if (pktlen < 2) + goto underflow; sig->digest_start[0] = iobuf_get_noeof (inp); pktlen--; sig->digest_start[1] = iobuf_get_noeof (inp); @@ -1981,6 +1990,15 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen, leave: iobuf_skip_rest (inp, pktlen, 0); return rc; + + underflow: + log_error ("packet(%d) too short\n", pkttype); + if (list_mode) + es_fputs (":signature packet: [too short]\n", listfp); + + iobuf_skip_rest (inp, pktlen, 0); + + return GPG_ERR_INV_PACKET; } ----------------------------------------------------------------------- Summary of changes: g10/export.c | 2 +- g10/getkey.c | 4 +- g10/import.c | 8 ++-- g10/packet.h | 2 +- g10/parse-packet.c | 96 ++++++++++++++++++++++++++++++++---------- g10/revoke.c | 6 +-- kbx/keybox-openpgp.c | 9 +++- tests/openpgp/4gb-packet.asc | Bin 0 -> 4983 bytes tests/openpgp/4gb-packet.test | 16 +++++++ tests/openpgp/Makefile.am | 4 +- 10 files changed, 110 insertions(+), 37 deletions(-) create mode 100644 tests/openpgp/4gb-packet.asc create mode 100755 tests/openpgp/4gb-packet.test hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 23 12:23:35 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 23 Aug 2015 12:23:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-44-g88317ae Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 88317ae8c829bfeb1689415efbd32b7a232d7bd0 (commit) via 00def10d365a88ce2d034ea9a5d6be4b03285fa4 (commit) from 09f2a7bca624d0492e1d7ab29ce19542249c13ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 88317ae8c829bfeb1689415efbd32b7a232d7bd0 Author: Werner Koch Date: Sun Aug 23 12:17:43 2015 +0200 gpg: Fix regression in packet parser from Aug 19. * g10/parse-packet.c (parse): Use an int to compare to -1. Use buf32_to_ulong. -- Regression-due-to: 0add91ae1ca3718e8140af09294c595f47c958d3 Signed-off-by: Werner Koch diff --git a/g10/parse-packet.c b/g10/parse-packet.c index edebbe7..4e236cb 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -558,27 +558,20 @@ parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos, else if (c == 255) { int i; - int eof = 0; char value[4]; for (i = 0; i < 4; i ++) - if ((value[i] = hdr[hdrlen++] = iobuf_get (inp)) == -1) - { - eof = 1; - break; - } - - if (eof) { - log_error ("%s: 4 byte length invalid\n", iobuf_where (inp)); - rc = gpg_error (GPG_ERR_INV_PACKET); - goto leave; + if ((c = iobuf_get (inp)) == -1) + { + log_error ("%s: 4 byte length invalid\n", iobuf_where (inp)); + rc = gpg_error (GPG_ERR_INV_PACKET); + goto leave; + } + value[i] = hdr[hdrlen++] = c; } - pktlen = (((unsigned long) value[0] << 24) - | ((unsigned long) value[1] << 16) - | ((unsigned long) value[2] << 8) - | ((unsigned long) value[3])); + pktlen = buf32_to_ulong (value); } else /* Partial body length. */ { commit 00def10d365a88ce2d034ea9a5d6be4b03285fa4 Author: Werner Koch Date: Sun Aug 23 11:56:17 2015 +0200 gpg: Show not found keys with --locate-key --verbose. * g10/keylist.c (locate_one): Print a diagnostic for a not-found key. Signed-off-by: Werner Koch diff --git a/g10/keylist.c b/g10/keylist.c index 0383931..cc92d1a 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -626,6 +626,9 @@ locate_one (ctrl_t ctrl, strlist_t names) { if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY) log_error ("error reading key: %s\n", gpg_strerror (rc)); + else if (opt.verbose) + log_info (_("key \"%s\" not found: %s\n"), + sl->d, gpg_strerror (rc)); } else { ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 3 +++ g10/parse-packet.c | 23 ++++++++--------------- 2 files changed, 11 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 23 17:22:58 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 23 Aug 2015 17:22:58 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-256-gfb3cb47 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via fb3cb47b0a29d3e73150297aa4495c20915e4a75 (commit) from 65639ecaaeba642e40487446c40d045482001285 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb3cb47b0a29d3e73150297aa4495c20915e4a75 Author: Werner Koch Date: Sun Aug 23 17:20:18 2015 +0200 tests: Add missing files for the make distcheck target. * tests/Makefile.am (EXTRA_DIST): Add sha3-x test vector files. Signed-off-by: Werner Koch diff --git a/tests/Makefile.am b/tests/Makefile.am index 9f8839a..a5c10dd 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -57,7 +57,8 @@ noinst_HEADERS = t-common.h EXTRA_DIST = README rsa-16k.key cavs_tests.sh cavs_driver.pl \ pkcs1v2-oaep.h pkcs1v2-pss.h pkcs1v2-v15c.h pkcs1v2-v15s.h \ - t-ed25519.inp stopwatch.h hashtest-256g.in + t-ed25519.inp stopwatch.h hashtest-256g.in \ + sha3-224.h sha3-256.h sha3-384.h sha3-512.h LDADD = $(standard_ldadd) $(GPG_ERROR_LIBS) t_lock_LDADD = $(standard_ldadd) $(GPG_ERROR_MT_LIBS) ----------------------------------------------------------------------- Summary of changes: tests/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 23 21:19:22 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 23 Aug 2015 21:19:22 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-45-g84f4c88 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 84f4c8811fc5bdd78693c4dc289389a8337cc257 (commit) from 88317ae8c829bfeb1689415efbd32b7a232d7bd0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 84f4c8811fc5bdd78693c4dc289389a8337cc257 Author: Werner Koch Date: Sun Aug 23 21:16:39 2015 +0200 dirmngr: Allow sending of Zack's key. * dirmngr/server.c (MAX_KEYBLOCK_LENGTH): Increase to 1 MiB. Signed-off-by: Werner Koch diff --git a/dirmngr/server.c b/dirmngr/server.c index 1b7e9e9..5c142e8 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -59,8 +59,9 @@ /* The same goes for OpenPGP keyblocks, but here we need to allow for much longer blocks; a 200k keyblock is not too unusual for keys - with a lot of signatures (e.g. 0x5b0358a2). */ -#define MAX_KEYBLOCK_LENGTH (512*1024) + with a lot of signatures (e.g. 0x5b0358a2). 9C31503C6D866396 even + has 770 KiB as of 2015-08-23. */ +#define MAX_KEYBLOCK_LENGTH (1024*1024) #define PARM_ERROR(t) assuan_set_error (ctx, \ ----------------------------------------------------------------------- Summary of changes: dirmngr/server.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 24 10:43:38 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 24 Aug 2015 10:43:38 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-19-gbfd4cf3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via bfd4cf3bee8c9e4a3af825c95694b8af098b1cb2 (commit) via 7e91e5f71c86c3899c7f256d7ae9d872e692dd28 (commit) from 13e09800a997845906bfb10ac3379bad00e6e63d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bfd4cf3bee8c9e4a3af825c95694b8af098b1cb2 Author: Neal H. Walfield Date: Mon Aug 24 10:43:33 2015 +0200 tty: When reading the password, print any supplied error message. * tty/pinentry-tty.c (password): Print any supplied error message. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index b122949..49571ba 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -362,6 +362,8 @@ password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) if (! msg) msg = "Enter your passphrase."; + dump_error_text (ttyfo, pinentry->error); + fprintf (ttyfo, "%s\n ", msg); while (! done) commit 7e91e5f71c86c3899c7f256d7ae9d872e692dd28 Author: Neal H. Walfield Date: Mon Aug 24 10:42:40 2015 +0200 tty: Refactor the code for printing error messages. * tty/pinentry-tty.c (dump_error_text): New function to display error messages. (confirm): Use it. (password): Likewise. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index edec16f..b122949 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -124,6 +124,41 @@ button (char *text, char *default_text, FILE *ttyfo) return *highlight; } +static void +dump_error_text (FILE *ttyfo, const char *text) +{ + int lines = 0; + + if (! text || ! *text) + return; + + for (;;) + { + const char *eol = strchr (text, '\n'); + if (! eol) + eol = text + strlen (text); + + lines ++; + + fwrite ("\n *** ", 6, 1, ttyfo); + fputs (ALERT_START, ttyfo); + fwrite (text, (size_t) (eol - text), 1, ttyfo); + fputs (NORMAL_RESTORE, ttyfo); + + if (! *eol) + break; + + text = eol + 1; + } + + if (lines > 1) + fputc ('\n', ttyfo); + else + fwrite (" ***\n", 5, 1, ttyfo); + + fputc ('\n', ttyfo); +} + static int confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) { @@ -135,9 +170,7 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) int ret; - if (pinentry->error) - fprintf (ttyfo, "*** %s%s%s ***\n", - ALERT_START, pinentry->error, NORMAL_RESTORE); + dump_error_text (ttyfo, pinentry->error); msg = pinentry->description; if (! msg) @@ -382,11 +415,9 @@ password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) done = 1; } else - fprintf (ttyfo, "*** %s%s%s ***\n", - ALERT_START, - pinentry->repeat_error_string - ?: "Passphrases don't match.", - NORMAL_RESTORE); + dump_error_text (ttyfo, + pinentry->repeat_error_string + ?: "Passphrases don't match."); secmem_free (passphrase2); } ----------------------------------------------------------------------- Summary of changes: tty/pinentry-tty.c | 49 +++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 8 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 24 12:44:32 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Aug 2015 12:44:32 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-12-g2b632bb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 2b632bbb78eee2b94c122f66d171a7c80e9c4fb0 (commit) from ccbaccbf2e0ba582d181b9ee4d8543d7c1248b2c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2b632bbb78eee2b94c122f66d171a7c80e9c4fb0 Author: Werner Koch Date: Mon Aug 24 12:41:24 2015 +0200 Add an export secret key feature. * src/gpgme.h.in (GPGME_EXPORT_MODE_SECRET): New. (GPGME_EXPORT_MODE_RAW): New. (GPGME_EXPORT_MODE_PKCS12): New. * src/export.c (export_start, export_ext_start): Allow new flags. * src/engine-gpg.c (export_common): Support secret key export. * src/engine-gpgsm.c (gpgsm_export, gpgsm_export_ext): Ditto. * src/gpgme-tool.c (cmd_export): Add options --secret, --raw, and --pkcs12. * tests/run-export.c (main): Likewise. -- Note that exporting secret X.509 keys requires GnuPG 2.1.8. Signed-off-by: Werner Koch diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 010b914..20e1912 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -3700,6 +3700,21 @@ keys it removes all signatures except for the latest self-signatures. For X.509 keys it has no effect. + at item GPGME_EXPORT_MODE_SECRET +Instead of exporting the public key, the secret key is exported. This +may not be combined with @code{GPGME_EXPORT_MODE_EXTERN}. For X.509 +the export format is PKCS#8. + + at item GPGME_EXPORT_MODE_RAW +If this flag is used with @code{GPGME_EXPORT_MODE_SECRET} for an X.509 +key the export format will be changed to PKCS#1. This flag may not be +used with OpenPGP. + + at item GPGME_EXPORT_MODE_PKCS12 +If this flag is used with @code{GPGME_EXPORT_MODE_SECRET} for an X.509 +key the export format will be changed to PKCS#12 which also includes +the certificate. This flag may not be used with OpenPGP. + @end table diff --git a/src/engine-gpg.c b/src/engine-gpg.c index d138592..ffae2fe 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -1793,7 +1793,8 @@ export_common (engine_gpg_t gpg, gpgme_export_mode_t mode, gpgme_error_t err = 0; if ((mode & ~(GPGME_EXPORT_MODE_EXTERN - |GPGME_EXPORT_MODE_MINIMAL))) + |GPGME_EXPORT_MODE_MINIMAL + |GPGME_EXPORT_MODE_SECRET))) return gpg_error (GPG_ERR_NOT_SUPPORTED); if ((mode & GPGME_EXPORT_MODE_MINIMAL)) @@ -1807,7 +1808,10 @@ export_common (engine_gpg_t gpg, gpgme_export_mode_t mode, } else { - err = add_arg (gpg, "--export"); + if ((mode & GPGME_EXPORT_MODE_SECRET)) + err = add_arg (gpg, "--export-secret-keys"); + else + err = add_arg (gpg, "--export"); if (!err && use_armor) err = add_arg (gpg, "--armor"); if (!err) diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 3771157..24d3b2a 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1289,17 +1289,23 @@ gpgsm_export (void *engine, const char *pattern, gpgme_export_mode_t mode, if (!gpgsm) return gpg_error (GPG_ERR_INV_VALUE); - if (mode) - return gpg_error (GPG_ERR_NOT_SUPPORTED); - if (!pattern) pattern = ""; - cmd = malloc (7 + strlen (pattern) + 1); + cmd = malloc (7 + 9 + 9 + strlen (pattern) + 1); if (!cmd) return gpg_error_from_syserror (); + strcpy (cmd, "EXPORT "); - strcpy (&cmd[7], pattern); + if ((mode & GPGME_EXPORT_MODE_SECRET)) + { + strcat (cmd, "--secret "); + if ((mode & GPGME_EXPORT_MODE_RAW)) + strcat (cmd, "--raw "); + else if ((mode & GPGME_EXPORT_MODE_PKCS12)) + strcat (cmd, "--pkcs12 "); + } + strcat (cmd, pattern); gpgsm->output_cb.data = keydata; err = gpgsm_set_fd (gpgsm, OUTPUT_FD, use_armor ? "--armor" @@ -1323,16 +1329,13 @@ gpgsm_export_ext (void *engine, const char *pattern[], gpgme_export_mode_t mode, engine_gpgsm_t gpgsm = engine; gpgme_error_t err = 0; char *line; - /* Length is "EXPORT " + p + '\0'. */ - int length = 7 + 1; + /* Length is "EXPORT " + "--secret " + "--pkcs12 " + p + '\0'. */ + int length = 7 + 9 + 9 + 1; char *linep; if (!gpgsm) return gpg_error (GPG_ERR_INV_VALUE); - if (mode) - return gpg_error (GPG_ERR_NOT_SUPPORTED); - if (pattern && *pattern) { const char **pat = pattern; @@ -1357,7 +1360,15 @@ gpgsm_export_ext (void *engine, const char *pattern[], gpgme_export_mode_t mode, return gpg_error_from_syserror (); strcpy (line, "EXPORT "); - linep = &line[7]; + if ((mode & GPGME_EXPORT_MODE_SECRET)) + { + strcat (line, "--secret "); + if ((mode & GPGME_EXPORT_MODE_RAW)) + strcat (line, "--raw "); + else if ((mode & GPGME_EXPORT_MODE_PKCS12)) + strcat (line, "--pkcs12 "); + } + linep = &line[strlen (line)]; if (pattern && *pattern) { diff --git a/src/export.c b/src/export.c index 8930aa6..a29fbde 100644 --- a/src/export.c +++ b/src/export.c @@ -120,9 +120,24 @@ export_start (gpgme_ctx_t ctx, int synchronous, const char *pattern, op_data_t opd; if ((mode & ~(GPGME_EXPORT_MODE_EXTERN - |GPGME_EXPORT_MODE_MINIMAL))) + |GPGME_EXPORT_MODE_MINIMAL + |GPGME_EXPORT_MODE_SECRET + |GPGME_EXPORT_MODE_RAW + |GPGME_EXPORT_MODE_PKCS12))) return gpg_error (GPG_ERR_INV_VALUE); /* Invalid flags in MODE. */ + if ((mode & GPGME_EXPORT_MODE_SECRET)) + { + if ((mode & GPGME_EXPORT_MODE_EXTERN)) + return gpg_error (GPG_ERR_INV_FLAG); /* Combination not allowed. */ + if ((mode & GPGME_EXPORT_MODE_RAW) + && (mode & GPGME_EXPORT_MODE_PKCS12)) + return gpg_error (GPG_ERR_INV_FLAG); /* Combination not allowed. */ + + if (ctx->protocol != GPGME_PROTOCOL_CMS + && (mode & (GPGME_EXPORT_MODE_RAW|GPGME_EXPORT_MODE_PKCS12))) + return gpg_error (GPG_ERR_INV_FLAG); /* Only supported for X.509. */ + } if ((mode & GPGME_EXPORT_MODE_EXTERN)) { @@ -199,9 +214,25 @@ export_ext_start (gpgme_ctx_t ctx, int synchronous, const char *pattern[], op_data_t opd; if ((mode & ~(GPGME_EXPORT_MODE_EXTERN - |GPGME_EXPORT_MODE_MINIMAL))) + |GPGME_EXPORT_MODE_MINIMAL + |GPGME_EXPORT_MODE_SECRET + |GPGME_EXPORT_MODE_RAW + |GPGME_EXPORT_MODE_PKCS12))) return gpg_error (GPG_ERR_INV_VALUE); /* Invalid flags in MODE. */ + if ((mode & GPGME_EXPORT_MODE_SECRET)) + { + if ((mode & GPGME_EXPORT_MODE_EXTERN)) + return gpg_error (GPG_ERR_INV_FLAG); /* Combination not allowed. */ + if ((mode & GPGME_EXPORT_MODE_RAW) + && (mode & GPGME_EXPORT_MODE_PKCS12)) + return gpg_error (GPG_ERR_INV_FLAG); /* Combination not allowed. */ + + if (ctx->protocol != GPGME_PROTOCOL_CMS + && (mode & (GPGME_EXPORT_MODE_RAW|GPGME_EXPORT_MODE_PKCS12))) + return gpg_error (GPG_ERR_INV_FLAG); /* Only supported for X.509. */ + } + if ((mode & GPGME_EXPORT_MODE_EXTERN)) { if (keydata) diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index 94d1124..e5e5707 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -3054,7 +3054,7 @@ cmd_import (assuan_context_t ctx, char *line) static const char hlp_export[] = - "EXPORT [--extern] [--minimal] []\n" + "EXPORT [--extern] [--minimal] [--secret [--pkcs12] [--raw]] []\n" "\n" "Export the keys described by PATTERN. Write the\n" "the output to the object set by the last OUTPUT command."; @@ -3082,6 +3082,12 @@ cmd_export (assuan_context_t ctx, char *line) mode |= GPGME_EXPORT_MODE_EXTERN; if (has_option (line, "--minimal")) mode |= GPGME_EXPORT_MODE_MINIMAL; + if (has_option (line, "--secret")) + mode |= GPGME_EXPORT_MODE_SECRET; + if (has_option (line, "--raw")) + mode |= GPGME_EXPORT_MODE_RAW; + if (has_option (line, "--pkcs12")) + mode |= GPGME_EXPORT_MODE_PKCS12; line = skip_options (line); diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 8255e63..7605570 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -392,6 +392,9 @@ gpgme_pinentry_mode_t; /* The available export mode flags. */ #define GPGME_EXPORT_MODE_EXTERN 2 #define GPGME_EXPORT_MODE_MINIMAL 4 +#define GPGME_EXPORT_MODE_SECRET 16 +#define GPGME_EXPORT_MODE_RAW 32 +#define GPGME_EXPORT_MODE_PKCS12 64 typedef unsigned int gpgme_export_mode_t; diff --git a/tests/run-export.c b/tests/run-export.c index 4333208..b133f13 100644 --- a/tests/run-export.c +++ b/tests/run-export.c @@ -43,7 +43,12 @@ show_usage (int ex) fputs ("usage: " PGM " [options] USERIDS\n\n" "Options:\n" " --verbose run in verbose mode\n" + " --openpgp use OpenPGP protocol (default)\n" + " --cms use X.509 protocol\n" " --extern send keys to the keyserver (TAKE CARE!)\n" + " --secret export secret keys instead of public keys\n" + " --raw use PKCS#1 as secret key format\n" + " --pkcs12 use PKCS#12 as secret key format\n" , stderr); exit (ex); } @@ -59,6 +64,7 @@ main (int argc, char **argv) gpgme_key_t keyarray[100]; int keyidx = 0; gpgme_data_t out; + gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; gpgme_export_mode_t mode = 0; if (argc) @@ -79,9 +85,34 @@ main (int argc, char **argv) verbose = 1; argc--; argv++; } + else if (!strcmp (*argv, "--openpgp")) + { + protocol = GPGME_PROTOCOL_OpenPGP; + argc--; argv++; + } + else if (!strcmp (*argv, "--cms")) + { + protocol = GPGME_PROTOCOL_CMS; + argc--; argv++; + } else if (!strcmp (*argv, "--extern")) { - mode |= GPGME_KEYLIST_MODE_EXTERN; + mode |= GPGME_EXPORT_MODE_EXTERN; + argc--; argv++; + } + else if (!strcmp (*argv, "--secret")) + { + mode |= GPGME_EXPORT_MODE_SECRET; + argc--; argv++; + } + else if (!strcmp (*argv, "--raw")) + { + mode |= GPGME_EXPORT_MODE_RAW; + argc--; argv++; + } + else if (!strcmp (*argv, "--pkcs12")) + { + mode |= GPGME_EXPORT_MODE_PKCS12; argc--; argv++; } else if (!strncmp (*argv, "--", 2)) @@ -92,11 +123,11 @@ main (int argc, char **argv) if (!argc) show_usage (1); - init_gpgme (GPGME_PROTOCOL_OpenPGP); + init_gpgme (protocol); err = gpgme_new (&ctx); fail_if_err (err); - gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP); + gpgme_set_protocol (ctx, protocol); /* Lookup the keys. */ err = gpgme_op_keylist_ext_start (ctx, (const char**)argv, 0, 0); @@ -131,8 +162,10 @@ main (int argc, char **argv) } /* Now for the actual export. */ - if ((mode & GPGME_KEYLIST_MODE_EXTERN)) + if ((mode & GPGME_EXPORT_MODE_EXTERN)) printf ("sending keys to keyserver\n"); + if ((mode & GPGME_EXPORT_MODE_SECRET)) + printf ("exporting secret keys!\n"); err = gpgme_data_new (&out); fail_if_err (err); ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 15 +++++++++++++++ src/engine-gpg.c | 8 ++++++-- src/engine-gpgsm.c | 33 ++++++++++++++++++++++----------- src/export.c | 35 +++++++++++++++++++++++++++++++++-- src/gpgme-tool.c | 8 +++++++- src/gpgme.h.in | 3 +++ tests/run-export.c | 41 +++++++++++++++++++++++++++++++++++++---- 7 files changed, 123 insertions(+), 20 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 24 12:48:06 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Aug 2015 12:48:06 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-47-g3cf0219 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3cf02192a890d04f8f558cb72d46f9bd7a378322 (commit) via 76ef1f0f14dca86e62bde514018346a24c1a37ff (commit) from 84f4c8811fc5bdd78693c4dc289389a8337cc257 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3cf02192a890d04f8f558cb72d46f9bd7a378322 Author: Werner Koch Date: Mon Aug 24 12:43:00 2015 +0200 sm: Support secret key export via the Assuan interface. * sm/server.c (cmd_export): Add options --secret, --raw, and --pkcs12. Signed-off-by: Werner Koch diff --git a/sm/server.c b/sm/server.c index 571b079..cdf4a6e 100644 --- a/sm/server.c +++ b/sm/server.c @@ -681,13 +681,15 @@ cmd_import (assuan_context_t ctx, char *line) static const char hlp_export[] = - "EXPORT [--data [--armor|--base64]] [--] \n" + "EXPORT [--data [--armor|--base64]] [--secret [--(raw|pkcs12)] [--] \n" "\n" "Export the certificates selected by PATTERN. With --data the output\n" "is returned using Assuan D lines; the default is to use the sink given\n" "by the last \"OUTPUT\" command. The options --armor or --base64 encode \n" "the output using the PEM respective a plain base-64 format; the default\n" - "is a binary format which is only suitable for a single certificate."; + "is a binary format which is only suitable for a single certificate.\n" + "With --secret the secret key is exported using the PKCS#8 format,\n" + "with --raw using PKCS#1, and with --pkcs12 as full PKCS#12 container."; static gpg_error_t cmd_export (assuan_context_t ctx, char *line) { @@ -695,15 +697,23 @@ cmd_export (assuan_context_t ctx, char *line) char *p; strlist_t list, sl; int use_data; + int opt_secret; + int opt_raw = 0; + int opt_pkcs12 = 0; use_data = has_option (line, "--data"); - if (use_data) { /* We need to override any possible setting done by an OUTPUT command. */ ctrl->create_pem = has_option (line, "--armor"); ctrl->create_base64 = has_option (line, "--base64"); } + opt_secret = has_option (line, "--secret"); + if (opt_secret) + { + opt_raw = has_option (line, "--raw"); + opt_pkcs12 = has_option (line, "--pkcs12"); + } line = skip_options (line); @@ -730,6 +740,14 @@ cmd_export (assuan_context_t ctx, char *line) } } + if (opt_secret) + { + if (!list || !*list->d) + return set_error (GPG_ERR_NO_DATA, "No key given"); + if (list->next) + return set_error (GPG_ERR_TOO_MANY, "Only one key allowed"); + } + if (use_data) { estream_t stream; @@ -741,7 +759,11 @@ cmd_export (assuan_context_t ctx, char *line) return set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream"); } - gpgsm_export (ctrl, list, stream); + if (opt_secret) + gpgsm_p12_export (ctrl, list->d, stream, + opt_raw? 2 : opt_pkcs12 ? 0 : 1); + else + gpgsm_export (ctrl, list, stream); es_fclose (stream); } else @@ -761,7 +783,11 @@ cmd_export (assuan_context_t ctx, char *line) return set_error (gpg_err_code_from_syserror (), "fdopen() failed"); } - gpgsm_export (ctrl, list, out_fp); + if (opt_secret) + gpgsm_p12_export (ctrl, list->d, out_fp, + opt_raw? 2 : opt_pkcs12 ? 0 : 1); + else + gpgsm_export (ctrl, list, out_fp); es_fclose (out_fp); } commit 76ef1f0f14dca86e62bde514018346a24c1a37ff Author: Werner Koch Date: Mon Aug 24 09:31:24 2015 +0200 po: Grammar fix for the German translation. -- Reported-by: Thomas Bellmann diff --git a/po/de.po b/po/de.po index a2bba9e..db82908 100644 --- a/po/de.po +++ b/po/de.po @@ -5394,7 +5394,7 @@ msgstr "keine ultimativ vertrauensw?rdigen Schl?ssel gefunden\n" #, c-format msgid "public key of ultimately trusted key %s not found\n" -msgstr "?ff. Schl?ssel des ultimativ vertrautem Schl?ssel %s nicht gefunden\n" +msgstr "?ff. Schl?ssel des ultimativ vertrauten Schl?ssel %s nicht gefunden\n" #, c-format msgid "%d marginal(s) needed, %d complete(s) needed, %s trust model\n" ----------------------------------------------------------------------- Summary of changes: po/de.po | 2 +- sm/server.c | 36 +++++++++++++++++++++++++++++++----- 2 files changed, 32 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 24 16:18:21 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 24 Aug 2015 16:18:21 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-48-g348a6eb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 348a6ebb63523305ce9f47d0f3e8a9086c338fed (commit) from 3cf02192a890d04f8f558cb72d46f9bd7a378322 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 348a6ebb63523305ce9f47d0f3e8a9086c338fed Author: Neal H. Walfield Date: Mon Aug 24 16:14:09 2015 +0200 agent: Raise the maximum password length. Don't hard code it. * agent/agent.h (MAX_PASSPHRASE_LEN): Define. * agent/command-ssh.c (ssh_identity_register): Use it instead of a hard-coded literal. * agent/cvt-openpgp.c (convert_from_openpgp_main): Likewise. * agent/findkey.c (unprotect): Likewise. * agent/genkey.c (agent_ask_new_passphrase): Likewise. -- Signed-off-by: Neal H. Walfield . GnuPG-bug-id: 2038 diff --git a/agent/agent.h b/agent/agent.h index 958e3be..a1b3794 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -47,6 +47,11 @@ /* Maximum length of a digest. */ #define MAX_DIGEST_LEN 64 +/* The maximum length of a passphrase (in bytes). Note: this is + further contrained by the Assuan line length (and any other text on + the same line). However, the Assuan line length is 1k bytes so + this shouldn't be a problem in practice. */ +#define MAX_PASSPHRASE_LEN 255 /* A large struct name "opt" to keep global flags */ diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 2a3037c..3d29f97 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -3094,17 +3094,17 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec, goto out; } - pi = gcry_calloc_secure (2, sizeof (*pi) + 100 + 1); + pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1); if (!pi) { err = gpg_error_from_syserror (); goto out; } - pi2 = pi + (sizeof *pi + 100 + 1); - pi->max_length = 100; + pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1); + pi->max_length = MAX_PASSPHRASE_LEN + 1; pi->max_tries = 1; pi->with_repeat = 1; - pi2->max_length = 100; + pi2->max_length = MAX_PASSPHRASE_LEN + 1; pi2->max_tries = 1; pi2->check_cb = reenter_compare_cb; pi2->check_cb_arg = pi->pin; diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c index 8bf5873..6d22210 100644 --- a/agent/cvt-openpgp.c +++ b/agent/cvt-openpgp.c @@ -918,10 +918,10 @@ convert_from_openpgp_main (ctrl_t ctrl, gcry_sexp_t s_pgp, struct pin_entry_info_s *pi; struct try_do_unprotect_arg_s pi_arg; - pi = xtrycalloc_secure (1, sizeof (*pi) + 100); + pi = xtrycalloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1); if (!pi) return gpg_error_from_syserror (); - pi->max_length = 100; + pi->max_length = MAX_PASSPHRASE_LEN + 1; pi->min_digits = 0; /* We want a real passphrase. */ pi->max_digits = 16; pi->max_tries = 3; diff --git a/agent/findkey.c b/agent/findkey.c index e7cd79e..c49c37a 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -450,10 +450,10 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, } } - pi = gcry_calloc_secure (1, sizeof (*pi) + 100); + pi = gcry_calloc_secure (1, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1); if (!pi) return gpg_error_from_syserror (); - pi->max_length = 100; + pi->max_length = MAX_PASSPHRASE_LEN + 1; pi->min_digits = 0; /* we want a real passphrase */ pi->max_digits = 16; pi->max_tries = 3; diff --git a/agent/genkey.c b/agent/genkey.c index af53c60..13858ca 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -374,13 +374,13 @@ agent_ask_new_passphrase (ctrl_t ctrl, const char *prompt, return err; } - pi = gcry_calloc_secure (2, sizeof (*pi) + 100); - pi2 = pi + (sizeof *pi + 100); - pi->max_length = 100; + pi = gcry_calloc_secure (2, sizeof (*pi) + MAX_PASSPHRASE_LEN + 1); + pi2 = pi + (sizeof *pi + MAX_PASSPHRASE_LEN + 1); + pi->max_length = MAX_PASSPHRASE_LEN + 1; pi->max_tries = 3; pi->with_qualitybar = 1; pi->with_repeat = 1; - pi2->max_length = 100; + pi2->max_length = MAX_PASSPHRASE_LEN + 1; pi2->max_tries = 3; pi2->check_cb = reenter_compare_cb; pi2->check_cb_arg = pi->pin; ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 5 +++++ agent/command-ssh.c | 8 ++++---- agent/cvt-openpgp.c | 4 ++-- agent/findkey.c | 4 ++-- agent/genkey.c | 8 ++++---- 5 files changed, 17 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 24 20:02:51 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 24 Aug 2015 20:02:51 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-15-ga7dbab2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via a7dbab23ea4976d106d649aa515ffb2968a085ed (commit) via 06d6fd8ca01354c8f7cfc847c4ac1b868268cbaa (commit) via df098d6a437109c57516db75addf3764a6dfda81 (commit) from 2b632bbb78eee2b94c122f66d171a7c80e9c4fb0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a7dbab23ea4976d106d649aa515ffb2968a085ed Author: Werner Koch Date: Mon Aug 24 19:59:43 2015 +0200 w32: Look for gpgconf in the new GnuPG 2.1 install dir. * src/w32-util.c (_gpgme_get_gpgconf_path): Try another location of gpgconf.exe. Signed-off-by: Werner Koch diff --git a/src/w32-util.c b/src/w32-util.c index fa6dcdd..9aba26f 100644 --- a/src/w32-util.c +++ b/src/w32-util.c @@ -522,7 +522,16 @@ _gpgme_get_gpgconf_path (void) gpgconf = find_program_in_dir (inst_dir, name); } - /* 2. Try to find gpgconf.exe using that ancient registry key. */ + /* 2. Try to find gpgconf.exe from GnuPG >= 2.1 below CSIDL_PROGRAM_FILES. */ + if (!gpgconf) + { + const char *name2 = (default_gpgconf_name ? default_gpgconf_name + /**/ : "GnuPG\\bin\\gpgconf.exe"); + gpgconf = find_program_at_standard_place (name2); + } + + /* 3. Try to find gpgconf.exe using that ancient registry key. This + should eventually be removed. */ if (!gpgconf) { char *dir; @@ -537,15 +546,13 @@ _gpgme_get_gpgconf_path (void) } } - /* 3. Try to find gpgconf.exe below CSIDL_PROGRAM_FILES. */ + /* 4. Try to find gpgconf.exe from Gpg4win below CSIDL_PROGRAM_FILES. */ if (!gpgconf) { - name = (default_gpgconf_name ? default_gpgconf_name - /**/ : "GNU\\GnuPG\\gpgconf.exe"); - gpgconf = find_program_at_standard_place (name); + gpgconf = find_program_at_standard_place ("GNU\\GnuPG\\gpgconf.exe"); } - /* 4. Print a debug message if not found. */ + /* 5. Print a debug message if not found. */ if (!gpgconf) _gpgme_debug (DEBUG_ENGINE, "_gpgme_get_gpgconf_path: '%s' not found",name); commit 06d6fd8ca01354c8f7cfc847c4ac1b868268cbaa Author: Werner Koch Date: Mon Aug 24 16:34:29 2015 +0200 w32: Expect gpgme-w32spawn.exe only in the gpgme installation dir. * src/w32-util.c (find_program_at_standard_place): Remove. (_gpgme_get_gpg_path): Make the search order more explicit. (_gpgme_get_gpgconf_path): Ditto. (_gpgme_get_w32spawn_path): Search only in the inst_dir. -- This tries to avoid possible unclear bug reports by removing the fallback to the current gpg4win installation directory for the gpgme helper. It is expected that users of gpgme installing their own gpgme version also install the matching helper. Signed-off-by: Werner Koch diff --git a/src/w32-util.c b/src/w32-util.c index daf3bd2..fa6dcdd 100644 --- a/src/w32-util.c +++ b/src/w32-util.c @@ -398,40 +398,6 @@ find_program_in_dir (const char *dir, const char *name) static char * -find_program_in_inst_dir (const char *inst_dir, const char *name) -{ - char *result; - char *dir; - - /* If an installation directory has been passed, this overrides a - location given by the registry. The idea here is that we prefer - a program installed alongside with gpgme. We don't want the - registry to override this to have a better isolation of an gpgme - aware applications for other effects. Note that the "Install - Directory" registry item has been used for ages in Gpg4win and - earlier GnuPG windows installers. It is technically not anymore - required. */ - if (inst_dir) - { - result = find_program_in_dir (inst_dir, name); - if (result) - return result; - } - - dir = read_w32_registry_string ("HKEY_LOCAL_MACHINE", - "Software\\GNU\\GnuPG", - "Install Directory"); - if (dir) - { - result = find_program_in_dir (dir, name); - free (dir); - return result; - } - return NULL; -} - - -static char * find_program_at_standard_place (const char *name) { char path[MAX_PATH]; @@ -491,29 +457,50 @@ _gpgme_set_default_gpgconf_name (const char *name) /* Return the full file name of the GPG binary. This function is used - if gpgconf was not found and thus it can be assumed that gpg2 is + iff gpgconf was not found and thus it can be assumed that gpg2 is not installed. This function is only called by get_gpgconf_item and may not be called concurrently. */ char * _gpgme_get_gpg_path (void) { - char *gpg; - const char *inst_dir, *name; + char *gpg = NULL; + const char *name, *inst_dir; + name = default_gpg_name? get_basename (default_gpg_name) : "gpg.exe"; + + /* 1. Try to find gpg.exe in the installation directory of gpgme. */ inst_dir = _gpgme_get_inst_dir (); - gpg = find_program_in_inst_dir - (inst_dir, - default_gpg_name? get_basename (default_gpg_name) : "gpg.exe"); + if (inst_dir) + { + gpg = find_program_in_dir (inst_dir, name); + } + + /* 2. Try to find gpg.exe using that ancient registry key. */ if (!gpg) { - name = (default_gpg_name? default_gpg_name - /* */ : "GNU\\GnuPG\\gpg.exe"); + char *dir; + + dir = read_w32_registry_string ("HKEY_LOCAL_MACHINE", + "Software\\GNU\\GnuPG", + "Install Directory"); + if (dir) + { + gpg = find_program_in_dir (dir, name); + free (dir); + } + } + + /* 3. Try to find gpg.exe below CSIDL_PROGRAM_FILES. */ + if (!gpg) + { + name = default_gpg_name? default_gpg_name : "GNU\\GnuPG\\gpg.exe"; gpg = find_program_at_standard_place (name); - if (!gpg) - _gpgme_debug (DEBUG_ENGINE, "_gpgme_get_gpg_path: '%s' not found", - name); } + /* 4. Print a debug message if not found. */ + if (!gpg) + _gpgme_debug (DEBUG_ENGINE, "_gpgme_get_gpg_path: '%s' not found", name); + return gpg; } @@ -523,22 +510,45 @@ _gpgme_get_gpg_path (void) char * _gpgme_get_gpgconf_path (void) { - char *gpgconf; + char *gpgconf = NULL; const char *inst_dir, *name; + name = default_gpgconf_name? get_basename(default_gpgconf_name):"gpgconf.exe"; + + /* 1. Try to find gpgconf.exe in the installation directory of gpgme. */ inst_dir = _gpgme_get_inst_dir (); - gpgconf = find_program_in_inst_dir - (inst_dir, - default_gpgconf_name? get_basename (default_gpgconf_name) : "gpgconf.exe"); + if (inst_dir) + { + gpgconf = find_program_in_dir (inst_dir, name); + } + + /* 2. Try to find gpgconf.exe using that ancient registry key. */ if (!gpgconf) { - name = (default_gpgconf_name? default_gpgconf_name - /* */ : "GNU\\GnuPG\\gpgconf.exe"); + char *dir; + + dir = read_w32_registry_string ("HKEY_LOCAL_MACHINE", + "Software\\GNU\\GnuPG", + "Install Directory"); + if (dir) + { + gpgconf = find_program_in_dir (dir, name); + free (dir); + } + } + + /* 3. Try to find gpgconf.exe below CSIDL_PROGRAM_FILES. */ + if (!gpgconf) + { + name = (default_gpgconf_name ? default_gpgconf_name + /**/ : "GNU\\GnuPG\\gpgconf.exe"); gpgconf = find_program_at_standard_place (name); - if (!gpgconf) - _gpgme_debug (DEBUG_ENGINE, "_gpgme_get_gpgconf_path: '%s' not found", - name); } + + /* 4. Print a debug message if not found. */ + if (!gpgconf) + _gpgme_debug (DEBUG_ENGINE, "_gpgme_get_gpgconf_path: '%s' not found",name); + return gpgconf; } @@ -552,10 +562,7 @@ _gpgme_get_w32spawn_path (void) inst_dir = _gpgme_get_inst_dir (); LOCK (get_path_lock); if (!w32spawn_program) - w32spawn_program = find_program_in_inst_dir (inst_dir,"gpgme-w32spawn.exe"); - if (!w32spawn_program) - w32spawn_program - = find_program_at_standard_place ("GNU\\GnuPG\\gpgme-w32spawn.exe"); + w32spawn_program = find_program_in_dir (inst_dir, "gpgme-w32spawn.exe"); UNLOCK (get_path_lock); return w32spawn_program; } commit df098d6a437109c57516db75addf3764a6dfda81 Author: Werner Koch Date: Mon Aug 24 15:03:20 2015 +0200 w32: Print the installation directory in debug mode. * src/debug.c (debug_init) [W32]: Show libgpgme installation dir. -- I expect that gpgme will be distributed by applications and thus it will be helpful to see in the debug log which gpgme is actually used. Signed-off-by: Werner Koch diff --git a/src/debug.c b/src/debug.c index 292db55..1dd3723 100644 --- a/src/debug.c +++ b/src/debug.c @@ -46,6 +46,7 @@ #include "util.h" #include "ath.h" #include "sema.h" +#include "sys-util.h" #include "debug.h" @@ -207,7 +208,16 @@ debug_init (void) UNLOCK (debug_lock); if (debug_level > 0) - _gpgme_debug (DEBUG_INIT, "gpgme_debug: level=%d\n", debug_level); + { + _gpgme_debug (DEBUG_INIT, "gpgme_debug: level=%d\n", debug_level); +#ifdef HAVE_W32_SYSTEM + { + const char *name = _gpgme_get_inst_dir (); + _gpgme_debug (DEBUG_INIT, "gpgme_debug: gpgme='%s'\n", + name? name: "?"); + } +#endif + } } diff --git a/src/sys-util.h b/src/sys-util.h index 7180fca..589634b 100644 --- a/src/sys-util.h +++ b/src/sys-util.h @@ -27,4 +27,8 @@ int _gpgme_set_default_gpgconf_name (const char *name); char *_gpgme_get_gpg_path (void); char *_gpgme_get_gpgconf_path (void); +#ifdef HAVE_W32_SYSTEM +const char *_gpgme_get_inst_dir (void); +#endif + #endif /* SYS_UTIL_H */ ----------------------------------------------------------------------- Summary of changes: src/debug.c | 12 +++++- src/sys-util.h | 4 ++ src/w32-util.c | 132 +++++++++++++++++++++++++++++++-------------------------- 3 files changed, 88 insertions(+), 60 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 15:31:05 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 15:31:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-50-g51b9b8f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 51b9b8fba4ee326013c2cc911c70cde4c5f81fc7 (commit) via 9cdff09743c473a12359bfdb914578ede0e4e3e2 (commit) from 348a6ebb63523305ce9f47d0f3e8a9086c338fed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 51b9b8fba4ee326013c2cc911c70cde4c5f81fc7 Author: Werner Koch Date: Tue Aug 25 15:06:40 2015 +0200 gpg: Emit ERROR status for key signing failures. * g10/keyedit.c (sign_uids): Write an ERROR status for a signing failure. (menu_adduid, menu_addrevoker, menu_revsig): Ditto. (menu_revuid, menu_revkey, menu_revsubkey): Ditto. -- This change helps GPA to show better error messages. Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index d8dba2d..0fc8c36 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1041,6 +1041,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, NULL); if (rc) { + write_status_error ("keysig", rc); log_error (_("signing failed: %s\n"), gpg_strerror (rc)); goto leave; } @@ -3497,6 +3498,7 @@ menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name, keygen_add_std_prefs, pk, NULL); if (err) { + write_status_error ("keysig", err); log_error ("signing failed: %s\n", gpg_strerror (err)); free_user_id (uid); return 0; @@ -3881,6 +3883,7 @@ menu_addrevoker (ctrl_t ctrl, kbnode_t pub_keyblock, int sensitive) keygen_add_revkey, &revkey, NULL); if (rc) { + write_status_error ("keysig", rc); log_error ("signing failed: %s\n", gpg_strerror (rc)); goto fail; } @@ -5172,6 +5175,7 @@ reloop: /* (must use this, because we are modifing the list) */ free_public_key (signerkey); if (rc) { + write_status_error ("keysig", rc); log_error (_("signing failed: %s\n"), gpg_strerror (rc)); release_revocation_reason_info (reason); return changed; @@ -5263,6 +5267,7 @@ menu_revuid (KBNODE pub_keyblock) sign_mk_attrib, &attrib, NULL); if (rc) { + write_status_error ("keysig", rc); log_error (_("signing failed: %s\n"), gpg_strerror (rc)); goto leave; } @@ -5327,6 +5332,7 @@ menu_revkey (KBNODE pub_keyblock) revocation_reason_build_cb, reason, NULL); if (rc) { + write_status_error ("keysig", rc); log_error (_("signing failed: %s\n"), gpg_strerror (rc)); goto scram; } @@ -5388,6 +5394,7 @@ menu_revsubkey (KBNODE pub_keyblock) NULL); if (rc) { + write_status_error ("keysig", rc); log_error (_("signing failed: %s\n"), gpg_strerror (rc)); release_revocation_reason_info (reason); return changed; commit 9cdff09743c473a12359bfdb914578ede0e4e3e2 Author: Werner Koch Date: Tue Aug 25 09:03:31 2015 +0200 gpg: Print a new FAILURE status after most commands. * common/status.h (STATUS_FAILURE): New. * g10/cpr.c (write_status_failure): New. * g10/gpg.c (main): Call write_status_failure for all commands which print an error message here. * g10/call-agent.c (start_agent): Print an STATUS_ERROR if we can't set the pinentry mode. -- This status line can be used similar to the error code returned by commands send over the Assuan interface in gpgsm. We don't emit them in gpgsm because there we already have that Assuan interface to return proper error code. This change helps GPGME to return better error codes. Signed-off-by: Werner Koch diff --git a/common/status.h b/common/status.h index 3c78eda..f1af587 100644 --- a/common/status.h +++ b/common/status.h @@ -126,9 +126,10 @@ enum STATUS_ERROR, STATUS_SUCCESS, + STATUS_FAILURE, - STATUS_INQUIRE_MAXLEN, -}; + STATUS_INQUIRE_MAXLEN + }; const char *get_status_string (int code); diff --git a/doc/DETAILS b/doc/DETAILS index eb889c9..811b105 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -823,9 +823,17 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: numerical error code and an underscore; e.g.: "151011327_EOF". *** SUCCESS [] - Postive confirimation that an operation succeeded. is - optional but if given should not contain spaces. Used only with a - few commands. + Postive confirmation that an operation succeeded. It is used + similar to ISO-C's EXIT_SUCCESS. is optional but if + given should not contain spaces. Used only with a few commands. + +*** FAILURE + This is the counterpart to SUCCESS and used to indicate a program + failure. It is used similar to ISO-C's EXIT_FAILURE but allows to + convey more information, in particular an gpg-error error code. + That numerical error code may optionally have a suffix made of an + underscore and a string with an error symbol like "151011327_EOF". + A dash may be used instead of . *** BADARMOR The ASCII armor is corrupted. No arguments yet. diff --git a/g10/call-agent.c b/g10/call-agent.c index 326eb82..6345784 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -318,9 +318,12 @@ start_agent (ctrl_t ctrl, int for_card) NULL, NULL, NULL, NULL, NULL, NULL); xfree (tmp); if (rc) - log_error ("setting pinentry mode '%s' failed: %s\n", - str_pinentry_mode (opt.pinentry_mode), - gpg_strerror (rc)); + { + log_error ("setting pinentry mode '%s' failed: %s\n", + str_pinentry_mode (opt.pinentry_mode), + gpg_strerror (rc)); + write_status_error ("set_pinentry_mode", rc); + } } check_hijacking (agent_ctx); diff --git a/g10/cpr.c b/g10/cpr.c index 9fc9e09..9d8fec9 100644 --- a/g10/cpr.c +++ b/g10/cpr.c @@ -183,7 +183,7 @@ write_status_text (int no, const char *text) write_status_strings (no, text, NULL); } -/* Wrte an ERROR status line using a full gpg-error error value. */ +/* Write an ERROR status line using a full gpg-error error value. */ void write_status_error (const char *where, gpg_error_t err) { @@ -211,6 +211,20 @@ write_status_errcode (const char *where, int errcode) } +/* Write a FAILURE status line. */ +void +write_status_failure (const char *where, gpg_error_t err) +{ + if (!statusfp || !status_currently_allowed (STATUS_FAILURE)) + return; /* Not enabled or allowed. */ + + es_fprintf (statusfp, "[GNUPG:] %s %s %u\n", + get_status_string (STATUS_FAILURE), where, err); + if (es_fflush (statusfp) && opt.exit_on_status_write_error) + g10_exit (0); +} + + /* * Write a status line with a buffer using %XX escapes. If WRAP is > * 0 wrap the line after this length. If STRING is not NULL it will diff --git a/g10/gpg.c b/g10/gpg.c index 0b3e924..e6fb42e 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3661,15 +3661,21 @@ main (int argc, char **argv) if( argc > 1 ) wrong_args(_("--store [filename]")); if( (rc = encrypt_store(fname)) ) + { + write_status_failure ("store", rc); log_error ("storing '%s' failed: %s\n", print_fname_stdin(fname),gpg_strerror (rc) ); + } break; case aSym: /* encrypt the given file only with the symmetric cipher */ if( argc > 1 ) wrong_args(_("--symmetric [filename]")); if( (rc = encrypt_symmetric(fname)) ) + { + write_status_failure ("symencrypt", rc); log_error (_("symmetric encryption of '%s' failed: %s\n"), print_fname_stdin(fname),gpg_strerror (rc) ); + } break; case aEncr: /* encrypt the given file */ @@ -3680,8 +3686,11 @@ main (int argc, char **argv) if( argc > 1 ) wrong_args(_("--encrypt [filename]")); if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 0, NULL, -1)) ) - log_error("%s: encryption failed: %s\n", - print_fname_stdin(fname), gpg_strerror (rc) ); + { + write_status_failure ("encrypt", rc); + log_error("%s: encryption failed: %s\n", + print_fname_stdin(fname), gpg_strerror (rc) ); + } } break; @@ -3701,8 +3710,11 @@ main (int argc, char **argv) else { if( (rc = encrypt_crypt (ctrl, -1, fname, remusr, 1, NULL, -1)) ) - log_error("%s: encryption failed: %s\n", - print_fname_stdin(fname), gpg_strerror (rc) ); + { + write_status_failure ("encrypt", rc); + log_error ("%s: encryption failed: %s\n", + print_fname_stdin(fname), gpg_strerror (rc) ); + } } break; @@ -3720,8 +3732,11 @@ main (int argc, char **argv) strcpy(sl->d, fname); } } - if( (rc = sign_file (ctrl, sl, detached_sig, locusr, 0, NULL, NULL)) ) - log_error("signing failed: %s\n", gpg_strerror (rc) ); + if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 0, NULL, NULL))) + { + write_status_failure ("sign", rc); + log_error ("signing failed: %s\n", gpg_strerror (rc) ); + } free_strlist(sl); break; @@ -3735,8 +3750,11 @@ main (int argc, char **argv) else sl = NULL; if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 1, remusr, NULL))) + { + write_status_failure ("sign-encrypt", rc); log_error("%s: sign+encrypt failed: %s\n", print_fname_stdin(fname), gpg_strerror (rc) ); + } free_strlist(sl); break; @@ -3760,8 +3778,11 @@ main (int argc, char **argv) sl = NULL; if ((rc = sign_file (ctrl, sl, detached_sig, locusr, 2, remusr, NULL))) - log_error("%s: symmetric+sign+encrypt failed: %s\n", - print_fname_stdin(fname), gpg_strerror (rc) ); + { + write_status_failure ("sign-encrypt", rc); + log_error("%s: symmetric+sign+encrypt failed: %s\n", + print_fname_stdin(fname), gpg_strerror (rc) ); + } free_strlist(sl); } break; @@ -3771,19 +3792,26 @@ main (int argc, char **argv) wrong_args(_("--sign --symmetric [filename]")); rc = sign_symencrypt_file (fname, locusr); if (rc) + { + write_status_failure ("sign-symencrypt", rc); log_error("%s: sign+symmetric failed: %s\n", print_fname_stdin(fname), gpg_strerror (rc) ); + } break; case aClearsign: /* make a clearsig */ if( argc > 1 ) wrong_args(_("--clearsign [filename]")); if( (rc = clearsign_file(fname, locusr, NULL)) ) + { + write_status_failure ("sign", rc); log_error("%s: clearsign failed: %s\n", print_fname_stdin(fname), gpg_strerror (rc) ); + } break; case aVerify: + rc = 0; if (multifile) { if ((rc = verify_files (ctrl, argc, argv))) @@ -3794,6 +3822,8 @@ main (int argc, char **argv) if ((rc = verify_signatures (ctrl, argc, argv))) log_error("verify signatures failed: %s\n", gpg_strerror (rc) ); } + if (rc) + write_status_failure ("verify", rc); break; case aDecrypt: @@ -3804,7 +3834,10 @@ main (int argc, char **argv) if( argc > 1 ) wrong_args(_("--decrypt [filename]")); if( (rc = decrypt_message (ctrl, fname) )) - log_error("decrypt_message failed: %s\n", gpg_strerror (rc) ); + { + write_status_failure ("decrypt", rc); + log_error("decrypt_message failed: %s\n", gpg_strerror (rc) ); + } } break; @@ -3998,11 +4031,21 @@ main (int argc, char **argv) if(rc) { if(cmd==aSendKeys) - log_error(_("keyserver send failed: %s\n"),gpg_strerror (rc)); + { + write_status_failure ("send-keys", rc); + log_error(_("keyserver send failed: %s\n"),gpg_strerror (rc)); + } else if(cmd==aRecvKeys) - log_error(_("keyserver receive failed: %s\n"),gpg_strerror (rc)); + { + write_status_failure ("recv-keys", rc); + log_error (_("keyserver receive failed: %s\n"), + gpg_strerror (rc)); + } else - log_error(_("key export failed: %s\n"),gpg_strerror (rc)); + { + write_status_failure ("export", rc); + log_error (_("key export failed: %s\n"), gpg_strerror (rc)); + } } free_strlist(sl); break; @@ -4013,7 +4056,10 @@ main (int argc, char **argv) append_to_strlist2 (&sl, *argv, utf8_strings); rc = keyserver_search (ctrl, sl); if (rc) - log_error (_("keyserver search failed: %s\n"), gpg_strerror (rc)); + { + write_status_failure ("search-keys", rc); + log_error (_("keyserver search failed: %s\n"), gpg_strerror (rc)); + } free_strlist (sl); break; @@ -4023,7 +4069,10 @@ main (int argc, char **argv) append_to_strlist2( &sl, *argv, utf8_strings ); rc = keyserver_refresh (ctrl, sl); if(rc) - log_error(_("keyserver refresh failed: %s\n"),gpg_strerror (rc)); + { + write_status_failure ("refresh-keys", rc); + log_error (_("keyserver refresh failed: %s\n"),gpg_strerror (rc)); + } free_strlist(sl); break; @@ -4033,7 +4082,10 @@ main (int argc, char **argv) append_to_strlist2( &sl, *argv, utf8_strings ); rc = keyserver_fetch (ctrl, sl); if(rc) - log_error("key fetch failed: %s\n",gpg_strerror (rc)); + { + write_status_failure ("fetch-keys", rc); + log_error ("key fetch failed: %s\n",gpg_strerror (rc)); + } free_strlist(sl); break; @@ -4074,7 +4126,10 @@ main (int argc, char **argv) wrong_args("--dearmor [file]"); rc = dearmor_file( argc? *argv: NULL ); if( rc ) - log_error(_("dearmoring failed: %s\n"), gpg_strerror (rc)); + { + write_status_failure ("dearmor", rc); + log_error (_("dearmoring failed: %s\n"), gpg_strerror (rc)); + } break; case aEnArmor: @@ -4082,7 +4137,10 @@ main (int argc, char **argv) wrong_args("--enarmor [file]"); rc = enarmor_file( argc? *argv: NULL ); if( rc ) - log_error(_("enarmoring failed: %s\n"), gpg_strerror (rc)); + { + write_status_failure ("enarmor", rc); + log_error (_("enarmoring failed: %s\n"), gpg_strerror (rc)); + } break; @@ -4274,7 +4332,7 @@ main (int argc, char **argv) else if (argc == 1) change_pin (atoi (*argv),1); else - wrong_args ("--change-pin [no]"); + wrong_args ("--change-pin [no]"); break; #endif /* ENABLE_CARD_SUPPORT*/ @@ -4328,7 +4386,11 @@ main (int argc, char **argv) } rc = proc_packets (ctrl, NULL, a ); if( rc ) - log_error("processing message failed: %s\n", gpg_strerror (rc)); + { + write_status_failure ("-", rc); + log_error ("processing message failed: %s\n", + gpg_strerror (rc)); + } iobuf_close(a); } break; diff --git a/g10/main.h b/g10/main.h index 06c497d..42d5ce1 100644 --- a/g10/main.h +++ b/g10/main.h @@ -180,6 +180,7 @@ int is_status_enabled ( void ); void write_status ( int no ); void write_status_error (const char *where, gpg_error_t err); void write_status_errcode (const char *where, int errcode); +void write_status_failure (const char *where, gpg_error_t err); void write_status_text ( int no, const char *text ); void write_status_strings (int no, const char *text, ...) GPGRT_ATTR_SENTINEL(0); ----------------------------------------------------------------------- Summary of changes: common/status.h | 5 +-- doc/DETAILS | 14 ++++++-- g10/call-agent.c | 9 +++-- g10/cpr.c | 16 ++++++++- g10/gpg.c | 100 ++++++++++++++++++++++++++++++++++++++++++++----------- g10/keyedit.c | 7 ++++ g10/main.h | 1 + 7 files changed, 124 insertions(+), 28 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 15:31:59 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 15:31:59 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-19-g8ddc580 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 8ddc5801ade02297924447df5745c8877a96e5e3 (commit) via 208f0297466ce68abfc432f4944f81eb8bf47cf8 (commit) via 491fcd91b84564232d5d061942baa50b99e166c0 (commit) via ad46f4f655e653580343c15f1b0b365b7d307d1b (commit) from a7dbab23ea4976d106d649aa515ffb2968a085ed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8ddc5801ade02297924447df5745c8877a96e5e3 Author: Werner Koch Date: Tue Aug 25 13:22:43 2015 +0200 Improve error return by checking the FAILURE status. * src/gpgme.h.in (GPGME_STATUS_FAILURE): New. * src/status-table.c (FAILURE): New. * src/op-support.c (_gpgme_parse_failure): New. * src/passphrase.c (_gpgme_passphrase_status_handler): Forward FAILURE status line to the status callback. * src/decrypt.c (op_data_t): Add field failure_code. (_gpgme_decrypt_status_handler): Parse that code and act upon it on EOF. * src/encrypt.c (op_data_t): Add field failure_code. (_gpgme_encrypt_status_handler): Parse that code and act upon it on EOF. * src/genkey.c (op_data_t): Add field failure_code. (genkey_status_handler): Parse that code and act upon it on EOF. * src/passwd.c (op_data_t): Add field failure_code. (passwd_status_handler): Parse that code and act upon it on EOF. * src/sign.c (op_data_t): Add field failure_code. (_gpgme_sign_status_handler): Parse that code and act upon it on EOF. * src/verify.c (op_data_t): Add field failure_code. (_gpgme_verify_status_handler): Parse that code and act upon it on EOF. -- This requires GnuPG 2.1.8 to actually make a difference. Signed-off-by: Werner Koch diff --git a/src/decrypt.c b/src/decrypt.c index 4fd92c6..4db68a1 100644 --- a/src/decrypt.c +++ b/src/decrypt.c @@ -38,6 +38,9 @@ typedef struct { struct _gpgme_op_decrypt_result result; + /* The error code from a FAILURE status line or 0. */ + gpg_error_t failure_code; + int okay; int failed; @@ -192,6 +195,10 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, switch (code) { + case GPGME_STATUS_FAILURE: + opd->failure_code = _gpgme_parse_failure (args); + break; + case GPGME_STATUS_EOF: /* FIXME: These error values should probably be attributed to the underlying crypto engine (as error source). */ @@ -199,6 +206,8 @@ _gpgme_decrypt_status_handler (void *priv, gpgme_status_code_t code, return gpg_error (GPG_ERR_DECRYPT_FAILED); else if (!opd->okay) return gpg_error (GPG_ERR_NO_DATA); + else if (opd->failure_code) + return opd->failure_code; break; case GPGME_STATUS_DECRYPTION_INFO: diff --git a/src/encrypt.c b/src/encrypt.c index 792c25c..9f5134d 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -36,6 +36,9 @@ typedef struct { struct _gpgme_op_encrypt_result result; + /* The error code from a FAILURE status line or 0. */ + gpg_error_t failure_code; + /* A pointer to the next pointer of the last invalid recipient in the list. This makes appending new invalid recipients painless while preserving the order. */ @@ -114,9 +117,15 @@ _gpgme_encrypt_status_handler (void *priv, gpgme_status_code_t code, switch (code) { + case GPGME_STATUS_FAILURE: + opd->failure_code = _gpgme_parse_failure (args); + break; + case GPGME_STATUS_EOF: if (opd->result.invalid_recipients) return gpg_error (GPG_ERR_UNUSABLE_PUBKEY); + if (opd->failure_code) + return opd->failure_code; break; case GPGME_STATUS_INV_RECP: diff --git a/src/genkey.c b/src/genkey.c index 18765dd..3afd3b4 100644 --- a/src/genkey.c +++ b/src/genkey.c @@ -37,6 +37,9 @@ typedef struct { struct _gpgme_op_genkey_result result; + /* The error code from a FAILURE status line or 0. */ + gpg_error_t failure_code; + /* The key parameters passed to the crypto engine. */ gpgme_data_t key_parameter; } *op_data_t; @@ -118,10 +121,16 @@ genkey_status_handler (void *priv, gpgme_status_code_t code, char *args) } break; + case GPGME_STATUS_FAILURE: + opd->failure_code = _gpgme_parse_failure (args); + break; + case GPGME_STATUS_EOF: /* FIXME: Should return some more useful error value. */ if (!opd->result.primary && !opd->result.sub) return gpg_error (GPG_ERR_GENERAL); + else if (opd->failure_code) + return opd->failure_code; break; case GPGME_STATUS_INQUIRE_MAXLEN: diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 7605570..432d18a 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -548,7 +548,8 @@ typedef enum GPGME_STATUS_ATTRIBUTE = 89, GPGME_STATUS_BEGIN_SIGNING = 90, GPGME_STATUS_KEY_NOT_CREATED = 91, - GPGME_STATUS_INQUIRE_MAXLEN = 92 + GPGME_STATUS_INQUIRE_MAXLEN = 92, + GPGME_STATUS_FAILURE = 93 } gpgme_status_code_t; diff --git a/src/op-support.c b/src/op-support.c index 2bcb3a3..02940ef 100644 --- a/src/op-support.c +++ b/src/op-support.c @@ -337,3 +337,27 @@ _gpgme_parse_plaintext (char *args, char **filenamep) } return 0; } + + +/* Parse a FAILURE status line and return the error code. ARGS is + modified to contain the location part. */ +gpgme_error_t +_gpgme_parse_failure (char *args) +{ + char *where, *which; + + where = strchr (args, ' '); + if (!where) + return trace_gpg_error (GPG_ERR_INV_ENGINE); + + *where = '\0'; + which = where + 1; + + where = strchr (which, ' '); + if (where) + *where = '\0'; + + where = args; + + return atoi (which); +} diff --git a/src/ops.h b/src/ops.h index 782265e..3662d57 100644 --- a/src/ops.h +++ b/src/ops.h @@ -65,6 +65,10 @@ gpgme_error_t _gpgme_parse_inv_recp (char *args, gpgme_invalid_key_t *key); FILENAMEP. */ gpgme_error_t _gpgme_parse_plaintext (char *args, char **filenamep); +/* Parse a FAILURE status line and return the error code. ARGS is + modified to contain the location part. */ +gpgme_error_t _gpgme_parse_failure (char *args); + /* From verify.c. */ diff --git a/src/passphrase.c b/src/passphrase.c index 5d656b1..c88e57d 100644 --- a/src/passphrase.c +++ b/src/passphrase.c @@ -128,6 +128,19 @@ _gpgme_passphrase_status_handler (void *priv, gpgme_status_code_t code, } break; + case GPGME_STATUS_FAILURE: + /* We abuse this status handler to forward FAILURE status codes + to the caller. This should better be done in a generic + handler, but for now this is sufficient. */ + if (ctx->status_cb) + { + err = ctx->status_cb (ctx->status_cb_value, "FAILURE", args); + if (err) + return err; + } + break; + + default: /* Ignore all other codes. */ break; diff --git a/src/passwd.c b/src/passwd.c index e832026..ff30df0 100644 --- a/src/passwd.c +++ b/src/passwd.c @@ -30,6 +30,9 @@ typedef struct { + /* The error code from a FAILURE status line or 0. */ + gpg_error_t failure_code; + int success_seen; int error_seen; } *op_data_t; @@ -92,6 +95,10 @@ passwd_status_handler (void *priv, gpgme_status_code_t code, char *args) opd->success_seen = 1; break; + case GPGME_STATUS_FAILURE: + opd->failure_code = _gpgme_parse_failure (args); + break; + case GPGME_STATUS_EOF: /* In case the OpenPGP engine does not properly implement the passwd command we won't get a success status back and thus we @@ -102,6 +109,8 @@ passwd_status_handler (void *priv, gpgme_status_code_t code, char *args) if (ctx->protocol == GPGME_PROTOCOL_OpenPGP && !opd->error_seen && !opd->success_seen) err = gpg_error (GPG_ERR_NOT_SUPPORTED); + else if (opd->failure_code) + err = opd->failure_code; break; default: diff --git a/src/sign.c b/src/sign.c index 9e22fdb..6c9fc03 100644 --- a/src/sign.c +++ b/src/sign.c @@ -39,6 +39,9 @@ typedef struct { struct _gpgme_op_sign_result result; + /* The error code from a FAILURE status line or 0. */ + gpg_error_t failure_code; + /* A pointer to the next pointer of the last invalid signer in the list. This makes appending new invalid signers painless while preserving the order. */ @@ -327,6 +330,10 @@ _gpgme_sign_status_handler (void *priv, gpgme_status_code_t code, char *args) opd->last_signer_p = &(*opd->last_signer_p)->next; break; + case GPGME_STATUS_FAILURE: + opd->failure_code = _gpgme_parse_failure (args); + break; + case GPGME_STATUS_EOF: /* The UI server does not send information about the created signature. This is irrelevant for this protocol and thus we @@ -335,7 +342,7 @@ _gpgme_sign_status_handler (void *priv, gpgme_status_code_t code, char *args) err = gpg_error (GPG_ERR_UNUSABLE_SECKEY); else if (!opd->sig_created_seen && ctx->protocol != GPGME_PROTOCOL_UISERVER) - err = gpg_error (GPG_ERR_GENERAL); + err = opd->failure_code? opd->failure_code:gpg_error (GPG_ERR_GENERAL); break; case GPGME_STATUS_INQUIRE_MAXLEN: @@ -374,6 +381,7 @@ sign_init_result (gpgme_ctx_t ctx, int ignore_inv_recp) opd = hook; if (err) return err; + opd->failure_code = 0; opd->last_signer_p = &opd->result.invalid_signers; opd->last_sig_p = &opd->result.signatures; opd->ignore_inv_recp = !!ignore_inv_recp; diff --git a/src/status-table.c b/src/status-table.c index c85fa95..6d428d7 100644 --- a/src/status-table.c +++ b/src/status-table.c @@ -66,6 +66,7 @@ static struct status_table_s status_table[] = { "ERRSIG", GPGME_STATUS_ERRSIG }, { "EXPKEYSIG", GPGME_STATUS_EXPKEYSIG }, { "EXPSIG", GPGME_STATUS_EXPSIG }, + { "FAILURE", GPGME_STATUS_FAILURE }, { "FILE_DONE", GPGME_STATUS_FILE_DONE }, { "FILE_ERROR", GPGME_STATUS_FILE_ERROR }, { "FILE_START", GPGME_STATUS_FILE_START }, diff --git a/src/verify.c b/src/verify.c index 84487ee..75914e2 100644 --- a/src/verify.c +++ b/src/verify.c @@ -38,6 +38,9 @@ typedef struct { struct _gpgme_op_verify_result result; + /* The error code from a FAILURE status line or 0. */ + gpg_error_t failure_code; + gpgme_signature_t current_sig; int did_prepare_new_sig; int only_newsig_seen; @@ -769,6 +772,10 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args) error code if we are not ready to process this status. */ return parse_error (sig, args, !!sig ); + case GPGME_STATUS_FAILURE: + opd->failure_code = _gpgme_parse_failure (args); + break; + case GPGME_STATUS_EOF: if (sig && !opd->did_prepare_new_sig) calc_sig_summary (sig); @@ -795,6 +802,8 @@ _gpgme_verify_status_handler (void *priv, gpgme_status_code_t code, char *args) opd->current_sig = NULL; } opd->only_newsig_seen = 0; + if (opd->failure_code) + return opd->failure_code; break; case GPGME_STATUS_PLAINTEXT: commit 208f0297466ce68abfc432f4944f81eb8bf47cf8 Author: Werner Koch Date: Tue Aug 25 10:37:02 2015 +0200 tests: Build test programs in tests/ without wrappers. -- diff --git a/tests/Makefile.am b/tests/Makefile.am index 94eddac..89e52e8 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -26,6 +26,7 @@ TESTS = t-version t-data t-engine-info EXTRA_DIST = start-stop-agent t-data-1.txt t-data-2.txt ChangeLog-2011 AM_CPPFLAGS = -I$(top_builddir)/src @GPG_ERROR_CFLAGS@ +AM_LDFLAGS = -no-install LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@ noinst_HEADERS = run-support.h commit 491fcd91b84564232d5d061942baa50b99e166c0 Author: Werner Koch Date: Tue Aug 25 09:05:27 2015 +0200 tests: Allow using run-sign to test loopback pinentry problems. * tests/run-sign.c: Add options --status and --loopback. diff --git a/tests/run-sign.c b/tests/run-sign.c index e1498ea..c59c356 100644 --- a/tests/run-sign.c +++ b/tests/run-sign.c @@ -36,6 +36,14 @@ static int verbose; +static gpg_error_t +status_cb (void *opaque, const char *keyword, const char *value) +{ + (void)opaque; + printf ("status_cb: %s %s\n", keyword, value); + return 0; +} + static void print_result (gpgme_sign_result_t result, gpgme_sig_mode_t type) @@ -67,9 +75,11 @@ show_usage (int ex) fputs ("usage: " PGM " [options] FILE\n\n" "Options:\n" " --verbose run in verbose mode\n" + " --status print status lines from the backend\n" " --openpgp use the OpenPGP protocol (default)\n" " --cms use the CMS protocol\n" " --uiserver use the UI server\n" + " --loopback use a loopback pinentry\n" " --key NAME use key NAME for signing\n" , stderr); exit (ex); @@ -87,6 +97,8 @@ main (int argc, char **argv) gpgme_sig_mode_t sigmode = GPGME_SIG_MODE_NORMAL; gpgme_data_t in, out; gpgme_sign_result_t result; + int print_status = 0; + int use_loopback = 0; if (argc) { argc--; argv++; } @@ -106,6 +118,11 @@ main (int argc, char **argv) verbose = 1; argc--; argv++; } + else if (!strcmp (*argv, "--status")) + { + print_status = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--openpgp")) { protocol = GPGME_PROTOCOL_OpenPGP; @@ -129,6 +146,11 @@ main (int argc, char **argv) key_string = *argv; argc--; argv++; } + else if (!strcmp (*argv, "--loopback")) + { + use_loopback = 1; + argc--; argv++; + } else if (!strncmp (*argv, "--", 2)) show_usage (1); @@ -149,6 +171,10 @@ main (int argc, char **argv) fail_if_err (err); gpgme_set_protocol (ctx, protocol); gpgme_set_armor (ctx, 1); + if (print_status) + gpgme_set_status_cb (ctx, status_cb, NULL); + if (use_loopback) + gpgme_set_pinentry_mode (ctx, GPGME_PINENTRY_MODE_LOOPBACK); if (key_string) { commit ad46f4f655e653580343c15f1b0b365b7d307d1b Author: Werner Koch Date: Mon Aug 24 21:17:21 2015 +0200 Call status_cb for an ERROR status seen in the passphrase handler. * src/passphrase.c (_gpgme_passphrase_status_handler): Call status_cb. -- Frankly, we should have a more generic way of feeding the status_cb handler than our current ad-hoc method. Signed-off-by: Werner Koch diff --git a/src/passphrase.c b/src/passphrase.c index 63ab31e..5d656b1 100644 --- a/src/passphrase.c +++ b/src/passphrase.c @@ -116,6 +116,18 @@ _gpgme_passphrase_status_handler (void *priv, gpgme_status_code_t code, return gpg_error (GPG_ERR_BAD_PASSPHRASE); break; + case GPGME_STATUS_ERROR: + /* We abuse this status handler to forward ERROR status codes to + the caller. This should better be done in a generic handler, + but for now this is sufficient. */ + if (ctx->status_cb) + { + err = ctx->status_cb (ctx->status_cb_value, "ERROR", args); + if (err) + return err; + } + break; + default: /* Ignore all other codes. */ break; ----------------------------------------------------------------------- Summary of changes: src/decrypt.c | 9 +++++++++ src/encrypt.c | 9 +++++++++ src/genkey.c | 9 +++++++++ src/gpgme.h.in | 3 ++- src/op-support.c | 24 ++++++++++++++++++++++++ src/ops.h | 4 ++++ src/passphrase.c | 25 +++++++++++++++++++++++++ src/passwd.c | 9 +++++++++ src/sign.c | 10 +++++++++- src/status-table.c | 1 + src/verify.c | 9 +++++++++ tests/Makefile.am | 1 + tests/run-sign.c | 26 ++++++++++++++++++++++++++ 13 files changed, 137 insertions(+), 2 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 15:33:11 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 15:33:11 +0200 Subject: [git] GPA - branch, master, updated. gpa-0.9.7-3-g6f44c2b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via 6f44c2b8a755c66a95264c141d066066e41718f8 (commit) from 071ed43fac92c68c46a1a8fb19a435eebb8927e6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6f44c2b8a755c66a95264c141d066066e41718f8 Author: Werner Koch Date: Tue Aug 25 15:04:25 2015 +0200 Improve error handling for the sign key command. * src/gpgmeedit.c (parse_status_error): New. (edit_fnc): Add method to send the default answer. (edit_sign_fnc_transit): Send default answer for unknown prompts. Take care of ERROR status in the SIGN_CONFIRM state. -- This requires GnuPG 2.1.8 to work as desired. Signed-off-by: Werner Koch diff --git a/src/gpgmeedit.c b/src/gpgmeedit.c index 7ff9a05..5f6768f 100644 --- a/src/gpgmeedit.c +++ b/src/gpgmeedit.c @@ -193,6 +193,16 @@ struct edit_parms_s }; +/* Parse the args of an ERROR status line and return its error + code. */ +static gpg_error_t +parse_status_error (const char *args) +{ + size_t n = strcspn (args, " \t"); + return (gpg_error_t)strtoul (args+n, NULL, 10); +} + + /* The edit callback proper */ static gpg_error_t edit_fnc (void *opaque, gpgme_status_code_t status, @@ -279,6 +289,14 @@ edit_fnc (void *opaque, gpgme_status_code_t status, gpgme_io_write (fd, "\n", 1); } } + else if (parms->err == gpg_error (GPG_ERR_EAGAIN)) + { + parms->err = 0; + if (debug_edit_fsm) + g_debug ("edit_fnc: newstate=%d again, default response", parms->state); + /* Send an empty line as default response. */ + gpgme_io_write (fd, "\n", 1); + } else { if (debug_edit_fsm) @@ -647,6 +665,12 @@ edit_sign_fnc_transit (int current_state, gpgme_status_code_t status, next_state = SIGN_ERROR; *err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY); } + else if (status == GPGME_STATUS_GET_LINE + || status == GPGME_STATUS_GET_BOOL) + { + next_state = current_state; + *err = gpg_error (GPG_ERR_EAGAIN); + } else { next_state = SIGN_ERROR; @@ -677,6 +701,12 @@ edit_sign_fnc_transit (int current_state, gpgme_status_code_t status, next_state = SIGN_ERROR; *err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY); } + else if (status == GPGME_STATUS_GET_LINE + || status == GPGME_STATUS_GET_BOOL) + { + next_state = current_state; + *err = gpg_error (GPG_ERR_EAGAIN); + } else { next_state = SIGN_ERROR; @@ -689,6 +719,12 @@ edit_sign_fnc_transit (int current_state, gpgme_status_code_t status, { next_state = SIGN_SET_CHECK_LEVEL; } + else if (status == GPGME_STATUS_GET_LINE + || status == GPGME_STATUS_GET_BOOL) + { + next_state = current_state; + *err = gpg_error (GPG_ERR_EAGAIN); + } else { next_state = SIGN_ERROR; @@ -701,6 +737,12 @@ edit_sign_fnc_transit (int current_state, gpgme_status_code_t status, { next_state = SIGN_CONFIRM; } + else if (status == GPGME_STATUS_GET_LINE + || status == GPGME_STATUS_GET_BOOL) + { + next_state = current_state; + *err = gpg_error (GPG_ERR_EAGAIN); + } else { next_state = SIGN_ERROR; @@ -713,6 +755,17 @@ edit_sign_fnc_transit (int current_state, gpgme_status_code_t status, { next_state = SIGN_QUIT; } + else if (status == GPGME_STATUS_GET_LINE + || status == GPGME_STATUS_GET_BOOL) + { + next_state = current_state; + *err = gpg_error (GPG_ERR_EAGAIN); + } + else if (status == GPGME_STATUS_ERROR) + { + next_state = SIGN_ERROR; + *err = parse_status_error (args); + } else { next_state = SIGN_ERROR; diff --git a/src/server.c b/src/server.c index 0c7209a..5f75202 100644 --- a/src/server.c +++ b/src/server.c @@ -484,7 +484,7 @@ prepare_io_streams (assuan_context_t ctx, #endif if (!ctrl->input_channel) { - g_debug ("error creating input channel"); + /* g_debug ("error creating input channel"); */ err = gpg_error (GPG_ERR_EIO); goto leave; } ----------------------------------------------------------------------- Summary of changes: src/gpgmeedit.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/server.c | 2 +- 2 files changed, 54 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 15:59:44 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 15:59:44 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.19-6-g1e8d002 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 1e8d00260a97e0213559c74f687e478e7479a0ea (commit) via d2e4bb4c77167a1ed10f1017a7d06a822bbd5135 (commit) from 4e790613f66efcfc62d73722d5f1730a37cb8324 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1e8d00260a97e0213559c74f687e478e7479a0ea Author: Werner Koch Date: Tue Aug 25 15:55:57 2015 +0200 w32: Make sure the setmode is called. * src/estream.c (HAVE_DOSISH_SYSTEM): Define if needed. Signed-off-by: Werner Koch diff --git a/src/estream.c b/src/estream.c index 3c7d05f..1175ac8 100644 --- a/src/estream.c +++ b/src/estream.c @@ -92,8 +92,14 @@ #ifndef O_BINARY -#define O_BINARY 0 +# define O_BINARY 0 #endif +#ifndef HAVE_DOSISH_SYSTEM +# ifdef HAVE_W32_SYSTEM +# define HAVE_DOSISH_SYSTEM 1 +# endif +#endif + #ifdef HAVE_W32_SYSTEM # define S_IRGRP S_IRUSR commit d2e4bb4c77167a1ed10f1017a7d06a822bbd5135 Author: Werner Koch Date: Mon Jul 27 13:20:19 2015 +0200 Add option --lib-version to the gpg-error tool. * src/gpg-error.c (main): Add new option. diff --git a/src/gpg-error.c b/src/gpg-error.c index 672efe7..117b367 100644 --- a/src/gpg-error.c +++ b/src/gpg-error.c @@ -398,10 +398,20 @@ main (int argc, char *argv[]) { fputs ("gpg-error (" PACKAGE_NAME ") " PACKAGE_VERSION "\n", stdout); fputs ("Options:\n" - " --version Print version\n" - " --help Print this help\n" - " --list Print all error codes\n" - " --defines Print all error codes as #define lines\n", stdout); + " --version Print version\n" + " --lib-version Print library version\n" + " --help Print this help\n" + " --list Print all error codes\n" + " --defines Print all error codes as #define lines\n" + , stdout); + exit (0); + } + else if (argc == 2 && !strcmp (argv[1], "--lib-version")) + { + printf ("Version from header: %s (0x%06x)\n", + GPG_ERROR_VERSION, GPG_ERROR_VERSION_NUMBER); + printf ("Version from binary: %s\n", gpg_error_check_version (NULL)); + printf ("Copyright blurb ...:%s\n", gpg_error_check_version ("\x01\x01")); exit (0); } else if (argc == 2 && !strcmp (argv[1], "--list")) ----------------------------------------------------------------------- Summary of changes: src/estream.c | 8 +++++++- src/gpg-error.c | 18 ++++++++++++++---- 2 files changed, 21 insertions(+), 5 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 20:45:24 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 20:45:24 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.19-7-gd328c4d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via d328c4d72fa6d224117d7332082509c240a4f2fc (commit) from 1e8d00260a97e0213559c74f687e478e7479a0ea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d328c4d72fa6d224117d7332082509c240a4f2fc Author: Werner Koch Date: Tue Aug 25 20:41:52 2015 +0200 Make configure option --disable-build-timestamp the default. * configure.ac (BUILD_TIMESTAMP): Set to "" by default. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 2f49bd1..762ecae 100644 --- a/configure.ac +++ b/configure.ac @@ -494,15 +494,15 @@ AC_SUBST(BUILD_VERSION) AC_SUBST(BUILD_FILEVERSION) AC_ARG_ENABLE([build-timestamp], - AC_HELP_STRING([--enable-build-timestamp], - [set an explicit build timestamp for reproducibility. - (default is the current time in ISO-8601 format)]), - [if test "$enableval" = "no"; then - BUILD_TIMESTAMP="" - else - BUILD_TIMESTAMP="$enableval" - fi], - [BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date`]) + AC_HELP_STRING([--enable-build-timestamp], + [set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format)]), + [if test "$enableval" = "yes"; then + BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + else + BUILD_TIMESTAMP="$enableval" + fi], + [BUILD_TIMESTAMP=""]) AC_SUBST(BUILD_TIMESTAMP) AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", [The time this package was configured for a build]) ----------------------------------------------------------------------- Summary of changes: configure.ac | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 20:45:49 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 20:45:49 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-22-gff91e69 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via ff91e699f7c14ea6cbc27b487cb40e9f6bd58901 (commit) via 028a0ef3336c5180797fb247448683195376c007 (commit) via 97f1f3e883808743da5ee144abab25de062f34ac (commit) from 8ddc5801ade02297924447df5745c8877a96e5e3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ff91e699f7c14ea6cbc27b487cb40e9f6bd58901 Author: Werner Koch Date: Tue Aug 25 20:40:06 2015 +0200 Add configure option --enable-build-timestamp. * configure.ac (BUILD_TIMESTAMP): Set to "" by default. -- This is based on libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554 but changed to be disbaled by default. Check there for some background. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index be36a42..a1973e7 100644 --- a/configure.ac +++ b/configure.ac @@ -260,11 +260,21 @@ changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec" AC_SUBST(BUILD_FILEVERSION) -BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` +AC_ARG_ENABLE([build-timestamp], + AC_HELP_STRING([--enable-build-timestamp], + [set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format)]), + [if test "$enableval" = "yes"; then + BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + else + BUILD_TIMESTAMP="$enableval" + fi], + [BUILD_TIMESTAMP=""]) AC_SUBST(BUILD_TIMESTAMP) AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", [The time this package was configured for a build]) + # # Options to disable some regression tests # commit 028a0ef3336c5180797fb247448683195376c007 Author: Daiki Ueno Date: Mon Jul 27 16:19:52 2015 +0900 Relax ttyname_r error checks * src/engine-assuan.c (llass_new): Don't treat ttyname_r error as fatal. * src/engine-g13.c (g13_new): Likewise. * src/engine-gpg.c (gpg_new): Likewise. * src/engine-gpgsm.c (gpgsm_new): Likewise. * src/engine-uiserver.c (uiserver_new): Likewise. -- Even though isatty() returns 1, ttyname_r() may fail in many ways, e.g., when /dev/pts is not accessible under chroot. Since all our uses of ttyname_r() require that the function works, we can treat the failure as if isatty() fails. Signed-off-by: Daiki Ueno diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 663b2ea..9902467 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -282,12 +282,10 @@ llass_new (void **engine, const char *file_name, const char *home_dir) char *dft_ttytype = NULL; rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); - if (rc) - { - err = gpg_error_from_errno (rc); - goto leave; - } - else + + /* Even though isatty() returns 1, ttyname_r() may fail in many + ways, e.g., when /dev/pts is not accessible under chroot. */ + if (!rc) { if (asprintf (&optstr, "OPTION ttyname=%s", dft_ttyname) < 0) { diff --git a/src/engine-g13.c b/src/engine-g13.c index a9717ee..4a7b75c 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -286,12 +286,10 @@ g13_new (void **engine, const char *file_name, const char *home_dir) int rc; rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); - if (rc) - { - err = gpg_error_from_errno (rc); - goto leave; - } - else + + /* Even though isatty() returns 1, ttyname_r() may fail in many + ways, e.g., when /dev/pts is not accessible under chroot. */ + if (!rc) { if (asprintf (&optstr, "OPTION ttyname=%s", dft_ttyname) < 0) { diff --git a/src/engine-gpg.c b/src/engine-gpg.c index ffae2fe..9efced2 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -513,6 +513,8 @@ gpg_new (void **engine, const char *file_name, const char *home_dir) rc = add_arg (gpg, dft_display); free (dft_display); + if (rc) + goto leave; } if (isatty (1)) @@ -520,9 +522,10 @@ gpg_new (void **engine, const char *file_name, const char *home_dir) int err; err = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); - if (err) - rc = gpg_error_from_errno (err); - else + + /* Even though isatty() returns 1, ttyname_r() may fail in many + ways, e.g., when /dev/pts is not accessible under chroot. */ + if (!err) { if (*dft_ttyname) { @@ -547,9 +550,9 @@ gpg_new (void **engine, const char *file_name, const char *home_dir) free (dft_ttytype); } + if (rc) + goto leave; } - if (rc) - goto leave; } leave: diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index 24d3b2a..476e9ef 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -408,12 +408,10 @@ gpgsm_new (void **engine, const char *file_name, const char *home_dir) int rc; rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); - if (rc) - { - err = gpg_error_from_errno (rc); - goto leave; - } - else + + /* Even though isatty() returns 1, ttyname_r() may fail in many + ways, e.g., when /dev/pts is not accessible under chroot. */ + if (!rc) { if (asprintf (&optstr, "OPTION ttyname=%s", dft_ttyname) < 0) { diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index a7184b7..e4fd47c 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -326,12 +326,10 @@ uiserver_new (void **engine, const char *file_name, const char *home_dir) int rc; rc = ttyname_r (1, dft_ttyname, sizeof (dft_ttyname)); - if (rc) - { - err = gpg_error_from_errno (rc); - goto leave; - } - else + + /* Even though isatty() returns 1, ttyname_r() may fail in many + ways, e.g., when /dev/pts is not accessible under chroot. */ + if (!rc) { if (asprintf (&optstr, "OPTION ttyname=%s", dft_ttyname) < 0) { commit 97f1f3e883808743da5ee144abab25de062f34ac Author: Werner Koch Date: Tue Aug 25 18:06:24 2015 +0200 Cleanup layout of gpgme.h * src/gpgme.h.in: Reorder prototypes. Chnage some comments. Signed-off-by: Werner Koch diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 432d18a..8876646 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -1,24 +1,24 @@ /* gpgme.h - Public interface to GnuPG Made Easy. -*- c -*- - Copyright (C) 2000 Werner Koch (dd9jn) - Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2009 - 2010, 2011, 2012, 2013, 2014 g10 Code GmbH - - This file is part of GPGME. - - GPGME is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - GPGME is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this program; if not, see . - - Generated from gpgme.h.in for @GPGME_CONFIG_HOST at . */ + * Copyright (C) 2000 Werner Koch (dd9jn) + * Copyright (C) 2001-2015 g10 Code GmbH + * + * This file is part of GPGME. + * + * GPGME is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * GPGME is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + * Generated from gpgme.h.in for @GPGME_CONFIG_HOST at . + */ #ifndef GPGME_H #define GPGME_H @@ -46,7 +46,10 @@ extern "C" { @INSERT__TYPEDEFS_FOR_GPGME_H@ -/* Check for compiler features. */ +/* + * Check for compiler features. + */ + #if __GNUC__ #define _GPGME_GCC_VERSION (__GNUC__ * 10000 \ + __GNUC_MINOR__ * 100 \ @@ -69,7 +72,7 @@ extern "C" { #define _GPGME_DEPRECATED_OUTSIDE_GPGME _GPGME_DEPRECATED #endif - + /* The version of this header should match the one of the library. Do not use this symbol in your application, use gpgme_check_version instead. The purpose of this macro is to let autoconf (using the @@ -94,7 +97,9 @@ extern "C" { -/* Some opaque data types used by GPGME. */ +/* + * Some opaque data types used by GPGME. + */ /* The context holds some global state and configuration options, as well as the results of a crypto operation. */ @@ -105,8 +110,11 @@ typedef struct gpgme_context *gpgme_ctx_t; struct gpgme_data; typedef struct gpgme_data *gpgme_data_t; + -/* Wrappers for the libgpg-error library. */ +/* + * Wrappers for the libgpg-error library. + */ typedef gpg_error_t gpgme_error_t; typedef gpg_err_code_t gpgme_err_code_t; @@ -196,7 +204,12 @@ gpgme_error_from_syserror (void) return gpgme_error (gpgme_err_code_from_syserror ()); } + +/* + * Various constants and types + */ + /* The possible encoding mode of gpgme_data_t objects. */ typedef enum { @@ -210,6 +223,7 @@ typedef enum } gpgme_data_encoding_t; + /* Known data types. */ typedef enum { @@ -226,7 +240,7 @@ typedef enum } gpgme_data_type_t; - + /* Public key algorithms. */ typedef enum { @@ -264,7 +278,7 @@ typedef enum } gpgme_hash_algo_t; - + /* The possible signature stati. Deprecated, use error value in sig status. */ typedef enum @@ -292,7 +306,7 @@ typedef enum } gpgme_sig_mode_t; - + /* The available key and signature attributes. Deprecated, use the individual result structures instead. */ typedef enum @@ -333,7 +347,7 @@ typedef enum _gpgme_attr_t; typedef _gpgme_attr_t gpgme_attr_t _GPGME_DEPRECATED; - + /* The available validities for a trust item or key. */ typedef enum { @@ -346,7 +360,7 @@ typedef enum } gpgme_validity_t; - + /* The available protocols. */ typedef enum { @@ -364,7 +378,7 @@ gpgme_protocol_t; /* Convenience macro for the surprisingly mixed spelling. */ #define GPGME_PROTOCOL_OPENPGP GPGME_PROTOCOL_OpenPGP - + /* The available keylist mode flags. */ #define GPGME_KEYLIST_MODE_LOCAL 1 #define GPGME_KEYLIST_MODE_EXTERN 2 @@ -376,7 +390,7 @@ gpgme_protocol_t; typedef unsigned int gpgme_keylist_mode_t; - + /* The pinentry modes. */ typedef enum { @@ -388,7 +402,7 @@ typedef enum } gpgme_pinentry_mode_t; - + /* The available export mode flags. */ #define GPGME_EXPORT_MODE_EXTERN 2 #define GPGME_EXPORT_MODE_MINIMAL 4 @@ -398,52 +412,11 @@ gpgme_pinentry_mode_t; typedef unsigned int gpgme_export_mode_t; - + /* Flags for the audit log functions. */ #define GPGME_AUDITLOG_HTML 1 #define GPGME_AUDITLOG_WITH_HELP 128 - -/* Signature notations. */ - -/* The available signature notation flags. */ -#define GPGME_SIG_NOTATION_HUMAN_READABLE 1 -#define GPGME_SIG_NOTATION_CRITICAL 2 - -typedef unsigned int gpgme_sig_notation_flags_t; - -struct _gpgme_sig_notation -{ - struct _gpgme_sig_notation *next; - - /* If NAME is a null pointer, then VALUE contains a policy URL - rather than a notation. */ - char *name; - - /* The value of the notation data. */ - char *value; - - /* The length of the name of the notation data. */ - int name_len; - - /* The length of the value of the notation data. */ - int value_len; - - /* The accumulated flags. */ - gpgme_sig_notation_flags_t flags; - - /* Notation data is human-readable. */ - unsigned int human_readable : 1; - - /* Notation data is critical. */ - unsigned int critical : 1; - - /* Internal to GPGME, do not use. */ - int _unused : 30; -}; -typedef struct _gpgme_sig_notation *gpgme_sig_notation_t; - - /* The possible stati for the edit operation. */ typedef enum { @@ -553,7 +526,50 @@ typedef enum } gpgme_status_code_t; + +/* The available signature notation flags. */ +#define GPGME_SIG_NOTATION_HUMAN_READABLE 1 +#define GPGME_SIG_NOTATION_CRITICAL 2 + +typedef unsigned int gpgme_sig_notation_flags_t; + +struct _gpgme_sig_notation +{ + struct _gpgme_sig_notation *next; + + /* If NAME is a null pointer, then VALUE contains a policy URL + rather than a notation. */ + char *name; + + /* The value of the notation data. */ + char *value; + + /* The length of the name of the notation data. */ + int name_len; + + /* The length of the value of the notation data. */ + int value_len; + + /* The accumulated flags. */ + gpgme_sig_notation_flags_t flags; + + /* Notation data is human-readable. */ + unsigned int human_readable : 1; + + /* Notation data is critical. */ + unsigned int critical : 1; + + /* Internal to GPGME, do not use. */ + int _unused : 30; +}; +typedef struct _gpgme_sig_notation *gpgme_sig_notation_t; + + +/* + * Public structures. + */ + /* The engine information structure. */ struct _gpgme_engine_info { @@ -576,7 +592,7 @@ struct _gpgme_engine_info }; typedef struct _gpgme_engine_info *gpgme_engine_info_t; - + /* A subkey from a key. */ struct _gpgme_subkey { @@ -831,8 +847,20 @@ struct _gpgme_key typedef struct _gpgme_key *gpgme_key_t; +/* An invalid key object. */ +struct _gpgme_invalid_key +{ + struct _gpgme_invalid_key *next; + char *fpr; + gpgme_error_t reason; +}; +typedef struct _gpgme_invalid_key *gpgme_invalid_key_t; + + -/* Types for callback functions. */ +/* + * Types for callback functions. + */ /* Request a passphrase from the user. */ typedef gpgme_error_t (*gpgme_passphrase_cb_t) (void *hook, @@ -857,7 +885,9 @@ typedef gpgme_error_t (*gpgme_edit_cb_t) (void *opaque, -/* Context management functions. */ +/* + * Context management functions. + */ /* Create a new context and return it in CTX. */ gpgme_error_t gpgme_new (gpgme_ctx_t *ctx); @@ -973,16 +1003,6 @@ gpgme_error_t gpgme_ctx_set_engine_info (gpgme_ctx_t ctx, const char *file_name, const char *home_dir); - -/* Return a statically allocated string with the name of the public - key algorithm ALGO, or NULL if that name is not known. */ -const char *gpgme_pubkey_algo_name (gpgme_pubkey_algo_t algo); - -/* Return a statically allocated string with the name of the hash - algorithm ALGO, or NULL if that name is not known. */ -const char *gpgme_hash_algo_name (gpgme_hash_algo_t algo); - - /* Delete all signers from CTX. */ void gpgme_signers_clear (gpgme_ctx_t ctx); @@ -1021,7 +1041,7 @@ const char *gpgme_get_sig_string_attr (gpgme_ctx_t c, int idx, gpgme_error_t gpgme_get_sig_key (gpgme_ctx_t ctx, int idx, gpgme_key_t *r_key) _GPGME_DEPRECATED; - + /* Clear all notation data from the context. */ void gpgme_sig_notation_clear (gpgme_ctx_t ctx); @@ -1037,8 +1057,11 @@ gpgme_error_t gpgme_sig_notation_add (gpgme_ctx_t ctx, const char *name, /* Get the sig notations for this context. */ gpgme_sig_notation_t gpgme_sig_notation_get (gpgme_ctx_t ctx); + -/* Run control. */ +/* + * Run control. + */ /* The type of an I/O callback function. */ typedef gpgme_error_t (*gpgme_io_cb_t) (void *data, int fd); @@ -1111,8 +1134,17 @@ gpgme_ctx_t gpgme_wait (gpgme_ctx_t ctx, gpgme_error_t *status, int hang); gpgme_ctx_t gpgme_wait_ext (gpgme_ctx_t ctx, gpgme_error_t *status, gpgme_error_t *op_err, int hang); +/* Cancel a pending asynchronous operation. */ +gpgme_error_t gpgme_cancel (gpgme_ctx_t ctx); + +/* Cancel a pending operation asynchronously. */ +gpgme_error_t gpgme_cancel_async (gpgme_ctx_t ctx); + + -/* Functions to handle data objects. */ +/* + * Functions to handle data objects. + */ /* Read up to SIZE bytes into buffer BUFFER from the data object with the handle HANDLE. Return the number of characters read, 0 on EOF @@ -1235,14 +1267,20 @@ gpgme_error_t gpgme_data_new_from_filepart (gpgme_data_t *r_dh, gpgme_data_seek instead. */ gpgme_error_t gpgme_data_rewind (gpgme_data_t dh) _GPGME_DEPRECATED; + -/* Key and trust functions. */ +/* + * Key and trust functions. + */ /* Get the key with the fingerprint FPR from the crypto backend. If SECRET is true, get the secret key. */ gpgme_error_t gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key, int secret); +/* Create a dummy key to specify an email address. */ +gpgme_error_t gpgme_key_from_uid (gpgme_key_t *key, const char *name); + /* Acquire a reference to KEY. */ void gpgme_key_ref (gpgme_key_t key); @@ -1285,26 +1323,12 @@ unsigned long gpgme_key_sig_get_ulong_attr (gpgme_key_t key, int uid_idx, const void *reserved, int idx) _GPGME_DEPRECATED; - -/* Crypto Operations. */ - -/* Cancel a pending asynchronous operation. */ -gpgme_error_t gpgme_cancel (gpgme_ctx_t ctx); - -/* Cancel a pending operation asynchronously. */ -gpgme_error_t gpgme_cancel_async (gpgme_ctx_t ctx); -struct _gpgme_invalid_key -{ - struct _gpgme_invalid_key *next; - char *fpr; - gpgme_error_t reason; -}; -typedef struct _gpgme_invalid_key *gpgme_invalid_key_t; +/* + * Encryption. + */ - -/* Encryption. */ struct _gpgme_op_encrypt_result { /* The list of invalid recipients. */ @@ -1348,7 +1372,9 @@ gpgme_error_t gpgme_op_encrypt_sign (gpgme_ctx_t ctx, gpgme_key_t recp[], gpgme_data_t plain, gpgme_data_t cipher); -/* Decryption. */ +/* + * Decryption. + */ struct _gpgme_recipient { @@ -1405,7 +1431,10 @@ gpgme_error_t gpgme_op_decrypt_verify (gpgme_ctx_t ctx, gpgme_data_t cipher, gpgme_data_t plain); -/* Signing. */ +/* + * Signing. + */ + struct _gpgme_new_signature { struct _gpgme_new_signature *next; @@ -1461,7 +1490,9 @@ gpgme_error_t gpgme_op_sign (gpgme_ctx_t ctx, gpgme_sig_mode_t mode); -/* Verify. */ +/* + * Verify. + */ /* Flags used for the SUMMARY field in a gpgme_signature_t. */ typedef enum @@ -1550,22 +1581,15 @@ gpgme_error_t gpgme_op_verify (gpgme_ctx_t ctx, gpgme_data_t sig, gpgme_data_t plaintext); -/* Import. */ - -/* The key was new. */ -#define GPGME_IMPORT_NEW 1 - -/* The key contained new user IDs. */ -#define GPGME_IMPORT_UID 2 - -/* The key contained new signatures. */ -#define GPGME_IMPORT_SIG 4 - -/* The key contained new sub keys. */ -#define GPGME_IMPORT_SUBKEY 8 +/* + * Import/Export + */ -/* The key contained a secret key. */ -#define GPGME_IMPORT_SECRET 16 +#define GPGME_IMPORT_NEW 1 /* The key was new. */ +#define GPGME_IMPORT_UID 2 /* The key contained new user IDs. */ +#define GPGME_IMPORT_SIG 4 /* The key contained new signatures. */ +#define GPGME_IMPORT_SUBKEY 8 /* The key contained new sub keys. */ +#define GPGME_IMPORT_SECRET 16 /* The key contained a secret key. */ struct _gpgme_import_status @@ -1586,7 +1610,7 @@ struct _gpgme_import_status }; typedef struct _gpgme_import_status *gpgme_import_status_t; -/* Import. */ +/* Import result object. */ struct _gpgme_op_import_result { /* Number of considered keys. */ @@ -1650,7 +1674,6 @@ gpgme_error_t gpgme_op_import_keys_start (gpgme_ctx_t ctx, gpgme_key_t keys[]); gpgme_error_t gpgme_op_import_keys (gpgme_ctx_t ctx, gpgme_key_t keys[]); - /* Export the keys found by PATTERN into KEYDATA. */ gpgme_error_t gpgme_op_export_start (gpgme_ctx_t ctx, const char *pattern, gpgme_export_mode_t mode, @@ -1679,7 +1702,10 @@ gpgme_error_t gpgme_op_export_keys (gpgme_ctx_t ctx, -/* Key generation. */ +/* + * Key generation. + */ + struct _gpgme_op_genkey_result { /* A primary key was generated. */ @@ -1707,7 +1733,7 @@ gpgme_error_t gpgme_op_genkey (gpgme_ctx_t ctx, const char *parms, /* Retrieve a pointer to the result of the genkey operation. */ gpgme_genkey_result_t gpgme_op_genkey_result (gpgme_ctx_t ctx); - + /* Delete KEY from the keyring. If ALLOW_SECRET is non-zero, secret keys are also deleted. */ gpgme_error_t gpgme_op_delete_start (gpgme_ctx_t ctx, const gpgme_key_t key, @@ -1715,7 +1741,12 @@ gpgme_error_t gpgme_op_delete_start (gpgme_ctx_t ctx, const gpgme_key_t key, gpgme_error_t gpgme_op_delete (gpgme_ctx_t ctx, const gpgme_key_t key, int allow_secret); + +/* + * Key Edit interface + */ + /* Edit the key KEY. Send status and command requests to FNC and output of edit commands to OUT. */ gpgme_error_t gpgme_op_edit_start (gpgme_ctx_t ctx, gpgme_key_t key, @@ -1735,27 +1766,11 @@ gpgme_error_t gpgme_op_card_edit (gpgme_ctx_t ctx, gpgme_key_t key, gpgme_data_t out); -/* Flags for the spawn operations. */ -#define GPGME_SPAWN_DETACHED 1 -#define GPGME_SPAWN_ALLOW_SET_FG 2 - - -/* Run the command FILE with the arguments in ARGV. Connect stdin to - DATAIN, stdout to DATAOUT, and STDERR to DATAERR. If one the data - streams is NULL, connect to /dev/null instead. */ -gpgme_error_t gpgme_op_spawn_start (gpgme_ctx_t ctx, - const char *file, const char *argv[], - gpgme_data_t datain, - gpgme_data_t dataout, gpgme_data_t dataerr, - unsigned int flags); -gpgme_error_t gpgme_op_spawn (gpgme_ctx_t ctx, - const char *file, const char *argv[], - gpgme_data_t datain, - gpgme_data_t dataout, gpgme_data_t dataerr, - unsigned int flags); - -/* Key management functions. */ +/* + * Key listing + */ + struct _gpgme_op_keylist_result { unsigned int truncated : 1; @@ -1792,7 +1807,9 @@ gpgme_error_t gpgme_op_passwd (gpgme_ctx_t ctx, gpgme_key_t key, -/* Trust items and operations. */ +/* + * Trust items and operations. + */ struct _gpgme_trust_item { @@ -1867,7 +1884,12 @@ int gpgme_trust_item_get_int_attr (gpgme_trust_item_t item, _gpgme_attr_t what, const void *reserved, int idx) _GPGME_DEPRECATED; + +/* + * Audit log + */ + /* Return the auditlog for the current session. This may be called after a successful or failed operation. If no audit log is available GPG_ERR_NO_DATA is returned. */ @@ -1878,7 +1900,33 @@ gpgme_error_t gpgme_op_getauditlog (gpgme_ctx_t ctx, gpgme_data_t output, -/* Low-level Assuan protocol access. */ +/* + * Spawn interface + */ + +/* Flags for the spawn operations. */ +#define GPGME_SPAWN_DETACHED 1 +#define GPGME_SPAWN_ALLOW_SET_FG 2 + + +/* Run the command FILE with the arguments in ARGV. Connect stdin to + DATAIN, stdout to DATAOUT, and STDERR to DATAERR. If one the data + streams is NULL, connect to /dev/null instead. */ +gpgme_error_t gpgme_op_spawn_start (gpgme_ctx_t ctx, + const char *file, const char *argv[], + gpgme_data_t datain, + gpgme_data_t dataout, gpgme_data_t dataerr, + unsigned int flags); +gpgme_error_t gpgme_op_spawn (gpgme_ctx_t ctx, + const char *file, const char *argv[], + gpgme_data_t datain, + gpgme_data_t dataout, gpgme_data_t dataerr, + unsigned int flags); + + +/* + * Low-level Assuan protocol access. + */ typedef gpgme_error_t (*gpgme_assuan_data_cb_t) (void *opaque, const void *data, size_t datalen); @@ -1937,7 +1985,10 @@ gpgme_op_assuan_transact (gpgme_ctx_t ctx, void *status_cb_value) _GPGME_DEPRECATED; -/* Crypto container support. */ +/* + * Crypto container support. + */ + struct _gpgme_op_vfs_mount_result { char *mount_dir; @@ -1958,7 +2009,9 @@ gpgme_error_t gpgme_op_vfs_create (gpgme_ctx_t ctx, gpgme_key_t recp[], unsigned int flags, gpgme_error_t *op_err); -/* Interface to gpgconf(1). */ +/* + * Interface to gpgconf(1). + */ /* The expert level at which a configuration option or group of options should be displayed. See the gpgconf(1) documentation for @@ -2122,15 +2175,11 @@ gpgme_error_t gpgme_op_conf_load (gpgme_ctx_t ctx, gpgme_conf_comp_t *conf_p); follow chained components! */ gpgme_error_t gpgme_op_conf_save (gpgme_ctx_t ctx, gpgme_conf_comp_t comp); - -/* UIServer support. */ - -/* Create a dummy key to specify an email address. */ -gpgme_error_t gpgme_key_from_uid (gpgme_key_t *key, const char *name); - -/* Various functions. */ +/* + * Various functions. + */ /* Set special global flags; consult the manual before use. */ int gpgme_set_global_flag (const char *name, const char *value); @@ -2165,19 +2214,28 @@ gpgme_error_t gpgme_set_engine_info (gpgme_protocol_t proto, const char *file_name, const char *home_dir); - -/* Engine support functions. */ - /* Verify that the engine implementing PROTO is installed and available. */ gpgme_error_t gpgme_engine_check_version (gpgme_protocol_t proto); - + +/* Reference counting for result objects. */ void gpgme_result_ref (void *result); void gpgme_result_unref (void *result); +/* Return a statically allocated string with the name of the public + key algorithm ALGO, or NULL if that name is not known. */ +const char *gpgme_pubkey_algo_name (gpgme_pubkey_algo_t algo); + +/* Return a statically allocated string with the name of the hash + algorithm ALGO, or NULL if that name is not known. */ +const char *gpgme_hash_algo_name (gpgme_hash_algo_t algo); + + -/* Deprecated types. */ +/* + * Deprecated types. + */ typedef gpgme_ctx_t GpgmeCtx _GPGME_DEPRECATED; typedef gpgme_data_t GpgmeData _GPGME_DEPRECATED; typedef gpgme_error_t GpgmeError _GPGME_DEPRECATED; diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index a4ab0af..7f19b30 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "GPGME - GnuPG Made Easy\0" VALUE "FileVersion", "@LIBGPGME_LT_CURRENT at .@LIBGPGME_LT_AGE at .@LIBGPGME_LT_REVISION at .@BUILD_REVISION@\0" VALUE "InternalName", "gpgme\0" - VALUE "LegalCopyright", "Copyright ? 2001-2013 g10 Code GmbH\0" + VALUE "LegalCopyright", "Copyright ? 2001-2015 g10 Code GmbH\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "gpgme.dll\0" VALUE "PrivateBuild", "\0" ----------------------------------------------------------------------- Summary of changes: configure.ac | 12 +- src/engine-assuan.c | 10 +- src/engine-g13.c | 10 +- src/engine-gpg.c | 13 +- src/engine-gpgsm.c | 10 +- src/engine-uiserver.c | 10 +- src/gpgme.h.in | 390 +++++++++++++++++++++++++++++--------------------- src/versioninfo.rc.in | 2 +- 8 files changed, 260 insertions(+), 197 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 21:06:57 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 21:06:57 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-23-g3f53d3d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 3f53d3d5d9e73a053b1e89073ef8f7cf01bfc8e6 (commit) from ff91e699f7c14ea6cbc27b487cb40e9f6bd58901 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f53d3d5d9e73a053b1e89073ef8f7cf01bfc8e6 Author: Werner Koch Date: Tue Aug 25 21:04:15 2015 +0200 Avoid -Wundef warnings if gpgme.h is used by g++. * src/gpgme.h.in (_GPGME_INLINE): Move definition into the extern-C-scope. Signed-off-by: Werner Koch diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 8876646..a0d9d31 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -23,14 +23,6 @@ #ifndef GPGME_H #define GPGME_H -#ifdef __GNUC__ -#define _GPGME_INLINE __inline__ -#elif __STDC_VERSION__ >= 199901L -#define _GPGME_INLINE inline -#else -#define _GPGME_INLINE -#endif - /* Include stdio.h for the FILE type definition. */ #include #include @@ -38,17 +30,40 @@ #ifdef __cplusplus extern "C" { -#if 0 /* just to make Emacs auto-indent happy */ +#if 0 /*(Make Emacsen's auto-indent happy.)*/ } #endif #endif /* __cplusplus */ + +/* The version of this header should match the one of the library. Do + not use this symbol in your application, use gpgme_check_version + instead. The purpose of this macro is to let autoconf (using the + AM_PATH_GPGME macro) check that this header matches the installed + library. */ +#define GPGME_VERSION "@PACKAGE_VERSION@" + +/* The version number of this header. It may be used to handle minor + API incompatibilities. */ +#define GPGME_VERSION_NUMBER @VERSION_NUMBER@ + + +/* System specific typedefs. */ @INSERT__TYPEDEFS_FOR_GPGME_H@ + /* * Check for compiler features. */ +#ifdef __GNUC__ +# define _GPGME_INLINE __inline__ +#elif __STDC_VERSION__ >= 199901L +# define _GPGME_INLINE inline +#else +# define _GPGME_INLINE +#endif + #if __GNUC__ #define _GPGME_GCC_VERSION (__GNUC__ * 10000 \ @@ -73,17 +88,6 @@ extern "C" { #endif -/* The version of this header should match the one of the library. Do - not use this symbol in your application, use gpgme_check_version - instead. The purpose of this macro is to let autoconf (using the - AM_PATH_GPGME macro) check that this header matches the installed - library. */ -#define GPGME_VERSION "@PACKAGE_VERSION@" - -/* The version number of this header. It may be used to handle minor - API incompatibilities. */ -#define GPGME_VERSION_NUMBER @VERSION_NUMBER@ - /* Check for a matching _FILE_OFFSET_BITS definition. */ #if @NEED__FILE_OFFSET_BITS@ #ifndef _FILE_OFFSET_BITS ----------------------------------------------------------------------- Summary of changes: src/gpgme.h.in | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 21:14:32 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 21:14:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-51-g9d07f69 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9d07f6930aaa40dce92104e8c99241713d92eed2 (commit) from 51b9b8fba4ee326013c2cc911c70cde4c5f81fc7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9d07f6930aaa40dce92104e8c99241713d92eed2 Author: Werner Koch Date: Tue Aug 25 21:08:27 2015 +0200 Add configure option --enable-build-timestamp. * configure.ac (BUILD_TIMESTAMP): Set to "" by default. -- This is based on libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554 but changed to be disabled by default. Check there for some background. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 1d0ae65..680d0b7 100644 --- a/configure.ac +++ b/configure.ac @@ -1636,7 +1636,16 @@ BUILD_FILEVERSION=`echo "${BUILD_VERSION}" | tr . ,` AC_SUBST(BUILD_VERSION) AC_SUBST(BUILD_FILEVERSION) -BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` +AC_ARG_ENABLE([build-timestamp], + AC_HELP_STRING([--enable-build-timestamp], + [set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format)]), + [if test "$enableval" = "yes"; then + BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + else + BUILD_TIMESTAMP="$enableval" + fi], + [BUILD_TIMESTAMP=""]) AC_SUBST(BUILD_TIMESTAMP) AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", [The time this package was configured for a build]) ----------------------------------------------------------------------- Summary of changes: configure.ac | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 21:15:16 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 21:15:16 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-257-ga785cc3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via a785cc3db0c4e8eb8ebbf784b833a40d2c42ec3e (commit) from fb3cb47b0a29d3e73150297aa4495c20915e4a75 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a785cc3db0c4e8eb8ebbf784b833a40d2c42ec3e Author: Werner Koch Date: Tue Aug 25 21:11:05 2015 +0200 Add configure option --enable-build-timestamp. * configure.ac (BUILD_TIMESTAMP): Set to "" by default. -- This is based on libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554 but changed to be disabled by default. Check there for some background. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 48e2179..2acfa36 100644 --- a/configure.ac +++ b/configure.ac @@ -2272,7 +2272,16 @@ changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec" AC_SUBST(BUILD_FILEVERSION) -BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` +AC_ARG_ENABLE([build-timestamp], + AC_HELP_STRING([--enable-build-timestamp], + [set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format)]), + [if test "$enableval" = "yes"; then + BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + else + BUILD_TIMESTAMP="$enableval" + fi], + [BUILD_TIMESTAMP=""]) AC_SUBST(BUILD_TIMESTAMP) AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", [The time this package was configured for a build]) ----------------------------------------------------------------------- Summary of changes: configure.ac | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 21:21:01 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 21:21:01 +0200 Subject: [git] KSBA - branch, master, updated. libksba-1.3.3-2-g5381888 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "KSBA is a library to access X.509 certificates and CMS data.". The branch, master has been updated via 538188812ace9594aad92a9b0f73b75e5ffc4526 (commit) from 766280caf19ed78a7efe8a0e1fd2725447185992 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 538188812ace9594aad92a9b0f73b75e5ffc4526 Author: Werner Koch Date: Tue Aug 25 21:16:38 2015 +0200 Add configure option --enable-build-timestamp. * configure.ac (BUILD_TIMESTAMP): Set to "" by default. Add ac_define_unquoted. -- This is based on libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554 but changed to be disabled by default. Check there for some background. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index fcf021c..0ea5225 100644 --- a/configure.ac +++ b/configure.ac @@ -380,20 +380,32 @@ AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling != xno) # Generate extended version information for W32. if test "$have_w32_system" = yes; then - BUILD_TIMESTAMP=`date --iso-8601=minutes` changequote(,)dnl BUILD_FILEVERSION=`echo "$VERSION" | sed 's/$[0-9.]*$.*/\1./;s/\./,/g'` changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec" fi AC_SUBST(BUILD_REVISION) -AC_SUBST(BUILD_TIMESTAMP) AC_SUBST(BUILD_FILEVERSION) BUILD_REVISION="mym4_revision" AC_SUBST(BUILD_REVISION) AC_DEFINE_UNQUOTED(BUILD_REVISION, "$BUILD_REVISION", [GIT commit id revision used to build this package]) +AC_ARG_ENABLE([build-timestamp], + AC_HELP_STRING([--enable-build-timestamp], + [set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format)]), + [if test "$enableval" = "yes"; then + BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + else + BUILD_TIMESTAMP="$enableval" + fi], + [BUILD_TIMESTAMP=""]) +AC_SUBST(BUILD_TIMESTAMP) +AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", + [The time this package was configured for a build]) + AC_CONFIG_FILES([ Makefile ----------------------------------------------------------------------- Summary of changes: configure.ac | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) hooks/post-receive -- KSBA is a library to access X.509 certificates and CMS data. http://git.gnupg.org From cvs at cvs.gnupg.org Tue Aug 25 21:23:14 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 25 Aug 2015 21:23:14 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.2.1-7-gd4bef26 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via d4bef26a49879761867ad6d57113341915db6acf (commit) from b5cbf11ccece653819a782a3e8adbb785fe36d7d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4bef26a49879761867ad6d57113341915db6acf Author: Werner Koch Date: Tue Aug 25 21:19:35 2015 +0200 Add configure option --enable-build-timestamp. * configure.ac (BUILD_TIMESTAMP): Set to "" by default. -- This is based on libgpg-error commit d620005fd1a655d591fccb44639e22ea445e4554 but changed to be disabled by default. Check there for some background. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 78c25ea..68f6ea7 100644 --- a/configure.ac +++ b/configure.ac @@ -254,7 +254,16 @@ changequote([,])dnl BUILD_FILEVERSION="${BUILD_FILEVERSION}mym4_revision_dec" AC_SUBST(BUILD_FILEVERSION) -BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` +AC_ARG_ENABLE([build-timestamp], + AC_HELP_STRING([--enable-build-timestamp], + [set an explicit build timestamp for reproducibility. + (default is the current time in ISO-8601 format)]), + [if test "$enableval" = "yes"; then + BUILD_TIMESTAMP=`date -u +%Y-%m-%dT%H:%M+0000 2>/dev/null || date` + else + BUILD_TIMESTAMP="$enableval" + fi], + [BUILD_TIMESTAMP=""]) AC_SUBST(BUILD_TIMESTAMP) AC_DEFINE_UNQUOTED(BUILD_TIMESTAMP, "$BUILD_TIMESTAMP", [The time this package was configured for a build]) ----------------------------------------------------------------------- Summary of changes: configure.ac | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 26 09:08:29 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 26 Aug 2015 09:08:29 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.19-13-g17f8cd7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 17f8cd76419eec7f1b73c4036e82061cf48b67b2 (commit) via 44caed05ec146654f1ce40bba4b25def83c369db (commit) via 030ee30c4ae85f2f41ca77651e4a7d7c9993e284 (commit) via 9cd3f002addf2acae4a7b0f52f8941e517e83d73 (commit) via 17e4f727d9bd8e406bf977af445ef57201d23249 (commit) via 72101fae17b335b9763444862b957068440307c4 (commit) from d328c4d72fa6d224117d7332082509c240a4f2fc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 17f8cd76419eec7f1b73c4036e82061cf48b67b2 Author: Werner Koch Date: Wed Aug 26 09:02:27 2015 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 3b8a1ae..ad19b1b 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.21 (unreleased) [C16/A16/R_] +----------------------------------------------- + + Noteworthy changes in version 1.20 (2015-08-26) [C16/A16/R0] ----------------------------------------------- diff --git a/configure.ac b/configure.ac index ec8d112..8946ffa 100644 --- a/configure.ac +++ b/configure.ac @@ -27,7 +27,7 @@ min_automake_version="1.14" # another commit, and a push so that the git magic is able to work. # See below for the LT versions. m4_define([mym4_version_major], [1]) -m4_define([mym4_version_minor], [20]) +m4_define([mym4_version_minor], [21]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit 44caed05ec146654f1ce40bba4b25def83c369db Author: Werner Koch Date: Wed Aug 26 08:51:15 2015 +0200 Release 1.20. * configure.ac: Set LT version to C16/A16/R0. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index f24fd06..3b8a1ae 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,19 @@ -Noteworthy changes in version 1.20 (unreleased) [C__/A__/R_] +Noteworthy changes in version 1.20 (2015-08-26) [C16/A16/R0] ----------------------------------------------- + * New macros for GCC attributes. + + * Make es_set_binary actually work for Windows. + + * Allow building without thread support. + + * Build without a build timestamp by default. + * Interface changes relative to the 1.19 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPGRT_VERSION NEW macro. + GPGRT_VERSION_NUMBER NEW macro. + GPGRT_INLINE NEW macro. GPGRT_GCC_VERSION NEW macro. GPGRT_ATTR_NORETURN NEW macro. GPGRT_ATTR_PRINTF NEW macro. diff --git a/configure.ac b/configure.ac index 762ecae..ec8d112 100644 --- a/configure.ac +++ b/configure.ac @@ -51,8 +51,8 @@ AC_INIT([libgpg-error],[mym4_full_version],[http://bugs.gnupg.org]) # (Interfaces added: AGE++) # (Interfaces removed: AGE=0) # Note that added error codes don't constitute an interface change. -LIBGPG_ERROR_LT_CURRENT=15 -LIBGPG_ERROR_LT_AGE=15 +LIBGPG_ERROR_LT_CURRENT=16 +LIBGPG_ERROR_LT_AGE=16 LIBGPG_ERROR_LT_REVISION=0 ################################################ diff --git a/doc/errorref.txt b/doc/errorref.txt index 2ee1aa4..f9dbf59 100644 --- a/doc/errorref.txt +++ b/doc/errorref.txt @@ -267,6 +267,10 @@ GPG_ERR_CONFLICT Conflicting use 71 GPG_ERR_INV_CIPHER_MODE Invalid cipher mode 72 GPG_ERR_INV_FLAG Invalid flag + + GPGME: Used to indicate an invalid combination of flags. + + 73 GPG_ERR_INV_HANDLE Invalid handle 74 GPG_ERR_TRUNCATED Result truncated 75 GPG_ERR_INCOMPLETE_LINE Incomplete line @@ -515,6 +519,7 @@ GPG_ERR_TOO_MANY Too many objects GPG: - Dirmngr KS_GET called with too many pattern so that the maximum Assuan line length would overflow. + - gpgsm's command export --secret called with too man keys. GPGME: - To many patterns in gpgme-tools's KEYLIST command. GPG_ERR_LIMIT_REACHED Limit reached @@ -552,7 +557,8 @@ GPG_ERR_UNKNOWN_CURVE Unknown elliptic curve GPG_ERR_DUP_KEY Duplicated key A duplicated key was detected. For example a unique key in a - database occurred more than once. + database occurred more than once. Also used if in a protocol + an expected key was returned more than once. GPG_ERR_AMBIGUOUS Ambiguous search @@ -744,8 +750,8 @@ GPG_ERR_BOGUS_STRING Bogus string GPG_ERR_FORBIDDEN Forbidden - The use of a features is not allowed to to insuffcient rights. - Use by gpg-agent as aerror codes for restricted commands. + The use of a features is not allowed due to insuffcient rights. + Use by gpg-agent as an error codes for restricted commands. GPG_ERR_KEY_DISABLED Key disabled diff --git a/po/uk.po b/po/uk.po index 1f37874..6f83786 100644 --- a/po/uk.po +++ b/po/uk.po @@ -731,11 +731,9 @@ msgstr "?????????? ?????????? ?????? ? S-?????? msgid "Legacy key" msgstr "?????????? ????" -#| msgid "Buffer too short" msgid "Request too short" msgstr "??????? ???????? ?????" -#| msgid "Line too long" msgid "Request too long" msgstr "????? ?????? ?????" @@ -910,65 +908,51 @@ msgstr "??????? ? ????????? IPC" msgid "Unknown IPC inquire" msgstr "????????? ????? IPC" -#| msgid "General IPC error" msgid "General LDAP error" msgstr "???????? ??????? LDAP" -#| msgid "General error" msgid "General LDAP attribute error" msgstr "???????? ??????? ???????? LDAP" -#| msgid "General error" msgid "General LDAP name error" msgstr "???????? ??????? ????? LDAP" -#| msgid "General Assuan error" msgid "General LDAP security error" msgstr "???????? ??????? ??????? LDAP" -#| msgid "General error" msgid "General LDAP service error" msgstr "???????? ??????? ?????? LDAP" -#| msgid "General Assuan error" msgid "General LDAP update error" msgstr "???????? ??????? ????????? LDAP" msgid "Experimental LDAP error code" msgstr "????????????????? ??? ??????? LDAP" -#| msgid "IPC write error" msgid "Private LDAP error code" msgstr "??? ?????????????? ??????? LDAP" -#| msgid "General IPC error" msgid "Other general LDAP error" msgstr "???? ???????? ??????? LDAP" -#| msgid "IPC connect call failed" msgid "LDAP connecting failed (X)" msgstr "?? ??????? ?????????? ?? LDAP (X)" -#| msgid "General error" msgid "LDAP referral limit exceeded" msgstr "??????????? ???????? ???? ????????????? ? LDAP" msgid "LDAP client loop" msgstr "????????? ?????? LDAP" -#| msgid "Card reset required" msgid "No LDAP results returned" msgstr "?? ????????? ??????????? LDAP" -#| msgid "Element not found" msgid "LDAP control not found" msgstr "?? ???????? ????????? LDAP" -#| msgid "Not supported" msgid "Not supported by LDAP" msgstr "?? ????????????? LDAP" -#| msgid "Unexpected error" msgid "LDAP connect error" msgstr "??????? ????????? LDAP" @@ -978,47 +962,36 @@ msgstr "?? ???????? ??????? ? LDAP" msgid "Bad parameter to an LDAP routine" msgstr "?????????? ???????? ??????????? LDAP" -#| msgid "Unsupported operation" msgid "User cancelled LDAP operation" msgstr "??? LDAP ????????? ????????????" -#| msgid "Bad certificate" msgid "Bad LDAP search filter" msgstr "?????????? ?????? ?????? LDAP" -#| msgid "Unknown extension" msgid "Unknown LDAP authentication method" msgstr "????????? ?????? ????????????? LDAP" -#| msgid "Timeout" msgid "Timeout in LDAP" msgstr "??????????? ???? ?????????? ? LDAP" -#| msgid "dirmngr error" msgid "LDAP decoding error" msgstr "??????? ??????????? LDAP" -#| msgid "dirmngr error" msgid "LDAP encoding error" msgstr "??????? ????????? LDAP" -#| msgid "IPC read error" msgid "LDAP local error" msgstr "???????? ??????? LDAP" -#| msgid "Not an IPC server" msgid "Cannot contact LDAP server" msgstr "?? ??????? ?????????? ??????? ?? ???????? LDAP" -#| msgid "Success" msgid "LDAP success" msgstr "????? LDAP" -#| msgid "Configuration error" msgid "LDAP operations error" msgstr "??????? ??? LDAP" -#| msgid "Protocol violation" msgid "LDAP protocol error" msgstr "??????? ????????? LDAP" @@ -1034,18 +1007,15 @@ msgstr "?????????? LDAP: ?? ??????????" msgid "LDAP compare true" msgstr "?????????? LDAP: ??????????" -#| msgid "Unknown extension" msgid "LDAP authentication method not supported" msgstr "????????? ?????? ????????????? LDAP ?? ???????????" msgid "Strong(er) LDAP authentication required" msgstr "???????? ?????????? ?????? ????????????? LDAP" -#| msgid "Fatal alert message received" msgid "Partial LDAP results+referral received" msgstr "???????? ???????? ?????????? ? ??????????? LDAP" -#| msgid "General error" msgid "LDAP referral" msgstr "??????????? LDAP" @@ -1055,7 +1025,6 @@ msgstr "?????????? ??????????????? ????????? L msgid "Critical LDAP extension is unavailable" msgstr "?????????? ???????? ?????????? LDAP" -#| msgid "Card reset required" msgid "Confidentiality required by LDAP" msgstr "????????????? ???????? LDAP" @@ -1065,52 +1034,42 @@ msgstr "????????? ????????????? SASL LDAP" msgid "No such LDAP attribute" msgstr "????? ?????? ???????? LDAP" -#| msgid "Invalid attribute" msgid "Undefined LDAP attribute type" msgstr "??????????? ??? ???????? LDAP" -#| msgid "Unsupported protection" msgid "Inappropriate matching in LDAP" msgstr "??????????? ????????????? ? LDAP" -#| msgid "Protocol violation" msgid "Constraint violation in LDAP" msgstr "????????? ???????? ? LDAP" msgid "LDAP type or value exists" msgstr "??? ??? ???????? LDAP ?????" -#| msgid "Invalid state" msgid "Invalid syntax in LDAP" msgstr "??????????? ????????? ? LDAP" -#| msgid "No CMS object" msgid "No such LDAP object" msgstr "????? ?????? ??????? LDAP" -#| msgid "Hardware problem" msgid "LDAP alias problem" msgstr "???????? ?????????? LDAP" -#| msgid "Invalid state" msgid "Invalid DN syntax in LDAP" msgstr "??????????? ????????? DN ? LDAP" msgid "LDAP entry is a leaf" msgstr "????? LDAP ? ???????" -#| msgid "Encoding problem" msgid "LDAP alias dereferencing problem" msgstr "???????? ? ?????????? ????????? ?????????? LDAP" msgid "LDAP proxy authorization failure (X)" msgstr "??????? ????????????? ?????? LDAP (X)" -#| msgid "Unsupported protection" msgid "Inappropriate LDAP authentication" msgstr "??????????? ????????????? LDAP" -#| msgid "Invalid card" msgid "Invalid LDAP credentials" msgstr "?????????? ???????????? ???? LDAP" @@ -1120,7 +1079,6 @@ msgstr "?????????? ????? ??????? ?? LDAP" msgid "LDAP server is busy" msgstr "?????? LDAP ??????? ?????????? ????????" -#| msgid "No keyserver available" msgid "LDAP server is unavailable" msgstr "?????? LDAP ???????????" @@ -1130,19 +1088,15 @@ msgstr "?????? LDAP ?? ????? ?????????" msgid "Loop detected by LDAP" msgstr "LDAP ???????? ????" -#| msgid "Missing action" msgid "LDAP naming violation" msgstr "????????? ?????????? LDAP" -#| msgid "Protocol violation" msgid "LDAP object class violation" msgstr "????????? ????? ???????? LDAP" -#| msgid "Operation not yet finished" msgid "LDAP operation not allowed on non-leaf" msgstr "??? LDAP ?? ????????? ??? ????????, ??? ?? ? ????????" -#| msgid "Operation cancelled" msgid "LDAP operation not allowed on RDN" msgstr "??? LDAP ?? ????????? ??? RDN" @@ -1152,58 +1106,45 @@ msgstr "??? ????? (LDAP)" msgid "Cannot modify LDAP object class" msgstr "?? ??????? ??????? ???? ??????? LDAP" -#| msgid "Line too long" msgid "LDAP results too large" msgstr "?????????? LDAP ? ????? ????????" -#| msgid "Operation cancelled" msgid "LDAP operation affects multiple DSAs" msgstr "??? LDAP ?????????? ????????? DSA" msgid "Virtual LDAP list view error" msgstr "??????? ????????? ?????? ??????????? LDAP" -#| msgid "General IPC error" msgid "Other LDAP error" msgstr "???? ??????? LDAP" -#| msgid "Resources exhausted" msgid "Resources exhausted in LCUP" msgstr "????????? ??????? ? LCUP" -#| msgid "Protocol violation" msgid "Security violation in LCUP" msgstr "????????? ??????? ? LCUP" -#| msgid "Invalid state" msgid "Invalid data in LCUP" msgstr "?????????? ???? ? LCUP" -#| msgid "Unsupported certificate" msgid "Unsupported scheme in LCUP" msgstr "?????????????? ????? ? LCUP" -#| msgid "Card reset required" msgid "Reload required in LCUP" msgstr "???????? ???????????????? ? LCUP" -#| msgid "Success" msgid "LDAP cancelled" msgstr "LDAP ?????????" -#| msgid "Not operational" msgid "No LDAP operation to cancel" msgstr "????? ??? LDAP ??? ????????????" -#| msgid "Not operational" msgid "Too late to cancel LDAP" msgstr "??????? ??? ???????????? LDAP" -#| msgid "Not an IPC server" msgid "Cannot cancel LDAP" msgstr "?? ??????? ????????? LDAP" -#| msgid "Decryption failed" msgid "LDAP assertion failed" msgstr "??????? ?????? LDAP" commit 030ee30c4ae85f2f41ca77651e4a7d7c9993e284 Author: Werner Koch Date: Wed Aug 26 08:46:17 2015 +0200 Add new version macros. * src/gpg-error.h.in (GPGRT_VERSION): New. (GPGRT_VERSION_NUMBER): New. (GPG_ERROR_VERSION, GPG_ERROR_VERSION_NUMBER): Move to top of file. -- Eventually we will have a gpgrt.h file instead of gpg-error. To make things easier we already provide suitable named version macros. Miving them to the top makes it easier to find the version. Signed-off-by: Werner Koch diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in index 0bdb567..ad5d470 100644 --- a/src/gpg-error.h.in +++ b/src/gpg-error.h.in @@ -26,6 +26,15 @@ #include #include +/* The version string of this header. */ +#define GPG_ERROR_VERSION @version@ +#define GPGRT_VERSION @version@ + +/* The version number of this header. */ +#define GPG_ERROR_VERSION_NUMBER @version-number@ +#define GPGRT_VERSION_NUMBER @version-number@ + + #ifdef __GNUC__ # define GPG_ERR_INLINE __inline__ #elif defined(_MSC_VER) && _MSC_VER >= 1300 @@ -359,12 +368,6 @@ void gpg_err_set_errno (int err); const char *gpgrt_check_version (const char *req_version); const char *gpg_error_check_version (const char *req_version); -/* The version string of this header. */ -#define GPG_ERROR_VERSION @version@ - -/* The version number of this header. */ -#define GPG_ERROR_VERSION_NUMBER @version-number@ - /* System specific type definitions. */ @define:gpgrt_ssize_t@ @define:gpgrt_off_t@ commit 9cd3f002addf2acae4a7b0f52f8941e517e83d73 Author: Werner Koch Date: Wed Aug 26 08:41:47 2015 +0200 Add macro GPGRT_INLINE and avoid -Wundef warnings * src/gpg-error.h.in (GPG_ERR_INLINE): Use #if defined for possible undefined macros to avoid warnign with GCC's -Wundef option. (GPGRT_INLINE): New. -- I still consider using -Wundef for regular building a bad behaviour because undefined macros have a well defined value in a cpp conditional. That warning is useful for debugging build problems but should not be used as standard warning option. Anyway, here is a fix. diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in index e85fbe5..0bdb567 100644 --- a/src/gpg-error.h.in +++ b/src/gpg-error.h.in @@ -1,25 +1,24 @@ /* gpg-error.h - Public interface to libgpg-error. -*- c -*- - Copyright (C) 2003, 2004, 2010, 2013, 2014, 2015 g10 Code GmbH - - This file is part of libgpg-error. - - libgpg-error is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public License - as published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - libgpg-error is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this program; if not, see . - - @configure_input@ + * Copyright (C) 2003, 2004, 2010, 2013, 2014, 2015 g10 Code GmbH + * + * This file is part of libgpg-error. + * + * libgpg-error is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * libgpg-error is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + * + * @configure_input@ */ - #ifndef GPG_ERROR_H #define GPG_ERROR_H 1 @@ -28,15 +27,15 @@ #include #ifdef __GNUC__ -#define GPG_ERR_INLINE __inline__ -#elif _MSC_VER >= 1300 -#define GPG_ERR_INLINE __inline -#elif __STDC_VERSION__ >= 199901L -#define GPG_ERR_INLINE inline +# define GPG_ERR_INLINE __inline__ +#elif defined(_MSC_VER) && _MSC_VER >= 1300 +# define GPG_ERR_INLINE __inline +#elif defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L +# define GPG_ERR_INLINE inline #else -#ifndef GPG_ERR_INLINE -#define GPG_ERR_INLINE -#endif +# ifndef GPG_ERR_INLINE +# define GPG_ERR_INLINE +# endif #endif #ifdef __cplusplus @@ -239,6 +238,8 @@ typedef unsigned int gpg_error_t; #endif +/* The new name for the inline macro. */ +#define GPGRT_INLINE GPG_ERR_INLINE /* Initialization function. */ commit 17e4f727d9bd8e406bf977af445ef57201d23249 Author: Yuri Chornoivan Date: Sun Jul 12 16:26:18 2015 +0300 Update Ukrainian translation diff --git a/po/uk.po b/po/uk.po index 5c3f7e9..1f37874 100644 --- a/po/uk.po +++ b/po/uk.po @@ -2,12 +2,12 @@ # Copyright (C) 2012 Free Software Foundation, Inc. # This file is distributed under the same license as the libgpg-error package. # -# Yuri Chornoivan , 2012, 2014. +# Yuri Chornoivan , 2012, 2014, 2015. msgid "" msgstr "" "Project-Id-Version: libgpg-error 1.7\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2014-11-15 19:40+0200\n" +"PO-Revision-Date: 2015-07-12 16:21+0300\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" "Language: uk\n" @@ -729,20 +729,18 @@ msgid "Bad octal character in S-expression" msgstr "?????????? ?????????? ?????? ? S-??????" msgid "Legacy key" -msgstr "" +msgstr "?????????? ????" -#, fuzzy #| msgid "Buffer too short" msgid "Request too short" -msgstr "??????? ???????? ?????" +msgstr "??????? ???????? ?????" -#, fuzzy #| msgid "Line too long" msgid "Request too long" -msgstr "????? ????? ??????" +msgstr "????? ?????? ?????" msgid "Object is in termination state" -msgstr "" +msgstr "?????? ????????? ? ????? ???????????" msgid "No certificate chain" msgstr "????? ???????? ????????????" @@ -829,7 +827,7 @@ msgid "Bogus string" msgstr "????????? ?????" msgid "Forbidden" -msgstr "" +msgstr "??????????" msgid "Key disabled" msgstr "???? ????????" @@ -912,362 +910,305 @@ msgstr "??????? ? ????????? IPC" msgid "Unknown IPC inquire" msgstr "????????? ????? IPC" -#, fuzzy #| msgid "General IPC error" msgid "General LDAP error" -msgstr "???????? ??????? IPC" +msgstr "???????? ??????? LDAP" -#, fuzzy #| msgid "General error" msgid "General LDAP attribute error" -msgstr "???????? ???????" +msgstr "???????? ??????? ???????? LDAP" -#, fuzzy #| msgid "General error" msgid "General LDAP name error" -msgstr "???????? ???????" +msgstr "???????? ??????? ????? LDAP" -#, fuzzy #| msgid "General Assuan error" msgid "General LDAP security error" -msgstr "???????? ??????? ?????????? Assuan" +msgstr "???????? ??????? ??????? LDAP" -#, fuzzy #| msgid "General error" msgid "General LDAP service error" -msgstr "???????? ???????" +msgstr "???????? ??????? ?????? LDAP" -#, fuzzy #| msgid "General Assuan error" msgid "General LDAP update error" -msgstr "???????? ??????? ?????????? Assuan" +msgstr "???????? ??????? ????????? LDAP" msgid "Experimental LDAP error code" -msgstr "" +msgstr "????????????????? ??? ??????? LDAP" -#, fuzzy #| msgid "IPC write error" msgid "Private LDAP error code" -msgstr "??????? ?????? IPC" +msgstr "??? ?????????????? ??????? LDAP" -#, fuzzy #| msgid "General IPC error" msgid "Other general LDAP error" -msgstr "???????? ??????? IPC" +msgstr "???? ???????? ??????? LDAP" -#, fuzzy #| msgid "IPC connect call failed" msgid "LDAP connecting failed (X)" -msgstr "??????? ?????????????? ??????? IPC" +msgstr "?? ??????? ?????????? ?? LDAP (X)" -#, fuzzy #| msgid "General error" msgid "LDAP referral limit exceeded" -msgstr "???????? ???????" +msgstr "??????????? ???????? ???? ????????????? ? LDAP" msgid "LDAP client loop" -msgstr "" +msgstr "????????? ?????? LDAP" -#, fuzzy #| msgid "Card reset required" msgid "No LDAP results returned" -msgstr "????????? ????? ?? ???????? ??????" +msgstr "?? ????????? ??????????? LDAP" -#, fuzzy #| msgid "Element not found" msgid "LDAP control not found" -msgstr "???????? ?? ????????" +msgstr "?? ???????? ????????? LDAP" -#, fuzzy #| msgid "Not supported" msgid "Not supported by LDAP" -msgstr "?? ?????????????" +msgstr "?? ????????????? LDAP" -#, fuzzy #| msgid "Unexpected error" msgid "LDAP connect error" -msgstr "??????????? ???????" +msgstr "??????? ????????? LDAP" msgid "Out of memory in LDAP" -msgstr "" +msgstr "?? ???????? ??????? ? LDAP" msgid "Bad parameter to an LDAP routine" -msgstr "" +msgstr "?????????? ???????? ??????????? LDAP" -#, fuzzy #| msgid "Unsupported operation" msgid "User cancelled LDAP operation" -msgstr "?????????????? ???" +msgstr "??? LDAP ????????? ????????????" -#, fuzzy #| msgid "Bad certificate" msgid "Bad LDAP search filter" -msgstr "?????????? ??????????" +msgstr "?????????? ?????? ?????? LDAP" -#, fuzzy #| msgid "Unknown extension" msgid "Unknown LDAP authentication method" -msgstr "???????? ??????????" +msgstr "????????? ?????? ????????????? LDAP" -#, fuzzy #| msgid "Timeout" msgid "Timeout in LDAP" -msgstr "??? ??????????" +msgstr "??????????? ???? ?????????? ? LDAP" -#, fuzzy #| msgid "dirmngr error" msgid "LDAP decoding error" -msgstr "??????? dirmngr" +msgstr "??????? ??????????? LDAP" -#, fuzzy #| msgid "dirmngr error" msgid "LDAP encoding error" -msgstr "??????? dirmngr" +msgstr "??????? ????????? LDAP" -#, fuzzy #| msgid "IPC read error" msgid "LDAP local error" -msgstr "??????? ??????? IPC" +msgstr "???????? ??????? LDAP" -#, fuzzy #| msgid "Not an IPC server" msgid "Cannot contact LDAP server" -msgstr "?? ? ???????? IPC" +msgstr "?? ??????? ?????????? ??????? ?? ???????? LDAP" -#, fuzzy #| msgid "Success" msgid "LDAP success" -msgstr "????????" +msgstr "????? LDAP" -#, fuzzy #| msgid "Configuration error" msgid "LDAP operations error" -msgstr "??????? ????????????" +msgstr "??????? ??? LDAP" -#, fuzzy #| msgid "Protocol violation" msgid "LDAP protocol error" -msgstr "????????? ?????????" +msgstr "??????? ????????? LDAP" msgid "Time limit exceeded in LDAP" -msgstr "" +msgstr "?????????? ??? ?????????? ? LDAP" msgid "Size limit exceeded in LDAP" -msgstr "" +msgstr "?????????? ????????? ?? ?????? ? LDAP" msgid "LDAP compare false" -msgstr "" +msgstr "?????????? LDAP: ?? ??????????" msgid "LDAP compare true" -msgstr "" +msgstr "?????????? LDAP: ??????????" -#, fuzzy #| msgid "Unknown extension" msgid "LDAP authentication method not supported" -msgstr "???????? ??????????" +msgstr "????????? ?????? ????????????? LDAP ?? ???????????" msgid "Strong(er) LDAP authentication required" -msgstr "" +msgstr "???????? ?????????? ?????? ????????????? LDAP" -#, fuzzy #| msgid "Fatal alert message received" msgid "Partial LDAP results+referral received" -msgstr "???????? ???????? ??????????????? ????????????" +msgstr "???????? ???????? ?????????? ? ??????????? LDAP" -#, fuzzy #| msgid "General error" msgid "LDAP referral" -msgstr "???????? ???????" +msgstr "??????????? LDAP" msgid "Administrative LDAP limit exceeded" -msgstr "" +msgstr "?????????? ??????????????? ????????? LDAP" msgid "Critical LDAP extension is unavailable" -msgstr "" +msgstr "?????????? ???????? ?????????? LDAP" -#, fuzzy #| msgid "Card reset required" msgid "Confidentiality required by LDAP" -msgstr "????????? ????? ?? ???????? ??????" +msgstr "????????????? ???????? LDAP" msgid "LDAP SASL bind in progress" -msgstr "" +msgstr "????????? ????????????? SASL LDAP" msgid "No such LDAP attribute" -msgstr "" +msgstr "????? ?????? ???????? LDAP" -#, fuzzy #| msgid "Invalid attribute" msgid "Undefined LDAP attribute type" -msgstr "??????????? ???????" +msgstr "??????????? ??? ???????? LDAP" -#, fuzzy #| msgid "Unsupported protection" msgid "Inappropriate matching in LDAP" -msgstr "??????????????? ??????" +msgstr "??????????? ????????????? ? LDAP" -#, fuzzy #| msgid "Protocol violation" msgid "Constraint violation in LDAP" -msgstr "????????? ?????????" +msgstr "????????? ???????? ? LDAP" msgid "LDAP type or value exists" -msgstr "" +msgstr "??? ??? ???????? LDAP ?????" -#, fuzzy #| msgid "Invalid state" msgid "Invalid syntax in LDAP" -msgstr "??????????? ????" +msgstr "??????????? ????????? ? LDAP" -#, fuzzy #| msgid "No CMS object" msgid "No such LDAP object" -msgstr "????? ??????? CMS" +msgstr "????? ?????? ??????? LDAP" -#, fuzzy #| msgid "Hardware problem" msgid "LDAP alias problem" -msgstr "???????? ????????" +msgstr "???????? ?????????? LDAP" -#, fuzzy #| msgid "Invalid state" msgid "Invalid DN syntax in LDAP" -msgstr "??????????? ????" +msgstr "??????????? ????????? DN ? LDAP" msgid "LDAP entry is a leaf" -msgstr "" +msgstr "????? LDAP ? ???????" -#, fuzzy #| msgid "Encoding problem" msgid "LDAP alias dereferencing problem" -msgstr "???????? ? ??????????" +msgstr "???????? ? ?????????? ????????? ?????????? LDAP" msgid "LDAP proxy authorization failure (X)" -msgstr "" +msgstr "??????? ????????????? ?????? LDAP (X)" -#, fuzzy #| msgid "Unsupported protection" msgid "Inappropriate LDAP authentication" -msgstr "??????????????? ??????" +msgstr "??????????? ????????????? LDAP" -#, fuzzy #| msgid "Invalid card" msgid "Invalid LDAP credentials" -msgstr "?????????? ??????" +msgstr "?????????? ???????????? ???? LDAP" msgid "Insufficient access for LDAP" -msgstr "" +msgstr "?????????? ????? ??????? ?? LDAP" msgid "LDAP server is busy" -msgstr "" +msgstr "?????? LDAP ??????? ?????????? ????????" -#, fuzzy #| msgid "No keyserver available" msgid "LDAP server is unavailable" -msgstr "????? ????????? ???????? ??????" +msgstr "?????? LDAP ???????????" msgid "LDAP server is unwilling to perform" -msgstr "" +msgstr "?????? LDAP ?? ????? ?????????" msgid "Loop detected by LDAP" -msgstr "" +msgstr "LDAP ???????? ????" -#, fuzzy #| msgid "Missing action" msgid "LDAP naming violation" -msgstr "?? ???????? ???" +msgstr "????????? ?????????? LDAP" -#, fuzzy #| msgid "Protocol violation" msgid "LDAP object class violation" -msgstr "????????? ?????????" +msgstr "????????? ????? ???????? LDAP" -#, fuzzy #| msgid "Operation not yet finished" msgid "LDAP operation not allowed on non-leaf" -msgstr "????????? ??? ?? ?? ?????????" +msgstr "??? LDAP ?? ????????? ??? ????????, ??? ?? ? ????????" -#, fuzzy #| msgid "Operation cancelled" msgid "LDAP operation not allowed on RDN" -msgstr "??? ?????????" +msgstr "??? LDAP ?? ????????? ??? RDN" msgid "Already exists (LDAP)" -msgstr "" +msgstr "??? ????? (LDAP)" msgid "Cannot modify LDAP object class" -msgstr "" +msgstr "?? ??????? ??????? ???? ??????? LDAP" -#, fuzzy #| msgid "Line too long" msgid "LDAP results too large" -msgstr "????? ????? ??????" +msgstr "?????????? LDAP ? ????? ????????" -#, fuzzy #| msgid "Operation cancelled" msgid "LDAP operation affects multiple DSAs" -msgstr "??? ?????????" +msgstr "??? LDAP ?????????? ????????? DSA" msgid "Virtual LDAP list view error" -msgstr "" +msgstr "??????? ????????? ?????? ??????????? LDAP" -#, fuzzy #| msgid "General IPC error" msgid "Other LDAP error" -msgstr "???????? ??????? IPC" +msgstr "???? ??????? LDAP" -#, fuzzy #| msgid "Resources exhausted" msgid "Resources exhausted in LCUP" -msgstr "????????? ???????" +msgstr "????????? ??????? ? LCUP" -#, fuzzy #| msgid "Protocol violation" msgid "Security violation in LCUP" -msgstr "????????? ?????????" +msgstr "????????? ??????? ? LCUP" -#, fuzzy #| msgid "Invalid state" msgid "Invalid data in LCUP" -msgstr "??????????? ????" +msgstr "?????????? ???? ? LCUP" -#, fuzzy #| msgid "Unsupported certificate" msgid "Unsupported scheme in LCUP" -msgstr "??????????????? ??????????" +msgstr "?????????????? ????? ? LCUP" -#, fuzzy #| msgid "Card reset required" msgid "Reload required in LCUP" -msgstr "????????? ????? ?? ???????? ??????" +msgstr "???????? ???????????????? ? LCUP" -#, fuzzy #| msgid "Success" msgid "LDAP cancelled" -msgstr "????????" +msgstr "LDAP ?????????" -#, fuzzy #| msgid "Not operational" msgid "No LDAP operation to cancel" -msgstr "???????????? ?????????" +msgstr "????? ??? LDAP ??? ????????????" -#, fuzzy #| msgid "Not operational" msgid "Too late to cancel LDAP" -msgstr "???????????? ?????????" +msgstr "??????? ??? ???????????? LDAP" -#, fuzzy #| msgid "Not an IPC server" msgid "Cannot cancel LDAP" -msgstr "?? ? ???????? IPC" +msgstr "?? ??????? ????????? LDAP" -#, fuzzy #| msgid "Decryption failed" msgid "LDAP assertion failed" -msgstr "?????? ????????????? ??????? ???????" +msgstr "??????? ?????? LDAP" msgid "Proxied authorization denied by LDAP" -msgstr "" +msgstr "????????????? ?? ????????? ?????? ?????????? LDAP" msgid "User defined error code 1" msgstr "?????????? ???????????? ??? ??????? 1" commit 72101fae17b335b9763444862b957068440307c4 Author: Werner Koch Date: Wed Aug 26 08:14:21 2015 +0200 Update config.* et al scripts -- diff --git a/build-aux/config.guess b/build-aux/config.guess index 9afd676..dbfb978 100755 --- a/build-aux/config.guess +++ b/build-aux/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2013-11-29' +timestamp='2015-01-01' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -24,12 +24,12 @@ timestamp='2013-11-29' # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # -# Please send patches with a ChangeLog entry to config-patches at gnu.org. +# Please send patches to . me=`echo "$0" | sed -e 's,.*/,,'` @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +149,7 @@ Linux|GNU|GNU/*) LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac @@ -579,8 +579,9 @@ EOF else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -826,7 +827,7 @@ EOF *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -969,10 +970,10 @@ EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) @@ -1371,154 +1372,6 @@ EOF exit ;; esac -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach $[0-9]*$.*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 <. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -68,7 +68,7 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -260,7 +260,7 @@ case $basic_machine in | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ | epiphany \ - | fido | fr30 | frv \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ @@ -283,8 +283,10 @@ case $basic_machine in | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ @@ -296,11 +298,11 @@ case $basic_machine in | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ @@ -311,6 +313,7 @@ case $basic_machine in | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -325,6 +328,9 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none @@ -402,8 +408,10 @@ case $basic_machine in | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ @@ -415,6 +423,7 @@ case $basic_machine in | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ @@ -432,6 +441,7 @@ case $basic_machine in | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -769,6 +779,9 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -824,6 +837,10 @@ case $basic_machine in basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -1369,14 +1386,14 @@ case $os in | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1594,9 +1611,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; diff --git a/build-aux/depcomp b/build-aux/depcomp index 91d4bf8..4ebd5b3 100755 --- a/build-aux/depcomp +++ b/build-aux/depcomp @@ -1,7 +1,7 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2012-10-18.11; # UTC +scriptversion=2013-05-30.07; # UTC # Copyright (C) 1999-2013 Free Software Foundation, Inc. @@ -251,6 +251,41 @@ hp) exit 1 ;; +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like '#:fec' to the end of the + # dependency line. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" + # The second pass generates a dummy entry for each header file. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" + ;; + xlc) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, @@ -517,6 +552,7 @@ $ { G p }' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash rm -f "$tmpdepfile" ;; diff --git a/build-aux/mdate-sh b/build-aux/mdate-sh index cd916c0..b3719cf 100755 --- a/build-aux/mdate-sh +++ b/build-aux/mdate-sh @@ -1,10 +1,9 @@ #!/bin/sh # Get modification time of a file or directory and pretty-print it. -scriptversion=2005-06-29.22 +scriptversion=2010-08-21.06; # UTC -# Copyright (C) 1995, 1996, 1997, 2003, 2004, 2005 Free Software -# Foundation, Inc. +# Copyright (C) 1995-2013 Free Software Foundation, Inc. # written by Ulrich Drepper , June 1995 # # This program is free software; you can redistribute it and/or modify @@ -18,8 +17,7 @@ scriptversion=2005-06-29.22 # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software Foundation, -# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -30,16 +28,26 @@ scriptversion=2005-06-29.22 # bugs to or send patches to # . +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +fi + case $1 in '') - echo "$0: No file. Try \`$0 --help' for more information." 1>&2 + echo "$0: No file. Try '$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: mdate-sh [--help] [--version] FILE -Pretty-print the modification time of FILE. +Pretty-print the modification day of FILE, in the format: +1 January 1970 Report bugs to . EOF @@ -51,6 +59,13 @@ EOF ;; esac +error () +{ + echo "$0: $1" >&2 + exit 1 +} + + # Prevent date giving response in another language. LANG=C export LANG @@ -60,7 +75,7 @@ LC_TIME=C export LC_TIME # GNU ls changes its time format in response to the TIME_STYLE -# variable. Since we cannot assume `unset' works, revert this +# variable. Since we cannot assume 'unset' works, revert this # variable to its documented default. if test "${TIME_STYLE+set}" = set; then TIME_STYLE=posix-long-iso @@ -75,27 +90,32 @@ if ls -L /dev/null 1>/dev/null 2>&1; then else ls_command='ls -l -d' fi +# Avoid user/group names that might have spaces, when possible. +if ls -n /dev/null 1>/dev/null 2>&1; then + ls_command="$ls_command -n" +fi -# A `ls -l' line looks as follows on OS/2. +# A 'ls -l' line looks as follows on OS/2. # drwxrwx--- 0 Aug 11 2001 foo # This differs from Unix, which adds ownership information. # drwxrwx--- 2 root root 4096 Aug 11 2001 foo # # To find the date, we split the line on spaces and iterate on words # until we find a month. This cannot work with files whose owner is a -# user named `Jan', or `Feb', etc. However, it's unlikely that `/' +# user named "Jan", or "Feb", etc. However, it's unlikely that '/' # will be owned by a user whose name is a month. So we first look at # the extended ls output of the root directory to decide how many # words should be skipped to get the date. # On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below. -set x`ls -l -d /` +set x`$ls_command /` # Find which argument is the month. month= command= until test $month do + test $# -gt 0 || error "failed parsing '$ls_command /' output" shift # Add another shift to the command. command="$command shift;" @@ -115,8 +135,10 @@ do esac done +test -n "$month" || error "failed parsing '$ls_command /' output" + # Get the extended ls output of the file or directory. -set dummy x`eval "$ls_command \"\$save_arg1\""` +set dummy x`eval "$ls_command \"\\\$save_arg1\""` # Remove all preceding arguments eval $command @@ -197,5 +219,6 @@ echo $day $month $year # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: diff --git a/build-aux/missing b/build-aux/missing index 894e786..db98974 100755 --- a/build-aux/missing +++ b/build-aux/missing @@ -1,11 +1,10 @@ #! /bin/sh -# Common stub for a few missing GNU programs while installing. +# Common wrapper for a few potentially missing GNU programs. -scriptversion=2005-06-08.21 +scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005 -# Free Software Foundation, Inc. -# Originally by Fran,cois Pinard , 1996. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,9 +17,7 @@ scriptversion=2005-06-08.21 # GNU General Public License for more details. # You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301, USA. +# along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -28,63 +25,40 @@ scriptversion=2005-06-08.21 # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "Try '$0 --help' for more information" exit 1 fi -run=: +case $1 in -# In the cases where this matters, `missing' is being run in the -# srcdir already. -if test -f configure.ac; then - configure_ac=configure.ac -else - configure_ac=configure.in -fi - -msg="missing on your system" + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; -case "$1" in ---run) - # Try to run requested program, and just exit if it succeeds. - run= - shift - "$@" && exit 0 - # Exit code 63 means version mismatch. This often happens - # when the user try to use an ancient version of a tool on - # a file that requires a minimum version. In this case we - # we should proceed has if the program had been absent, or - # if --run hadn't been passed. - if test $? = 63; then - run=: - msg="probably too old" - fi - ;; + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... -Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an -error status if there is no known handling for PROGRAM. +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. Options: -h, --help display this help and exit -v, --version output version information and exit - --run try to run the given command, and emulate it if it fails Supported PROGRAM values: - aclocal touch file \`aclocal.m4' - autoconf touch file \`configure' - autoheader touch file \`config.h.in' - automake touch all \`Makefile.in' files - bison create \`y.tab.[ch]', if possible, from existing .[ch] - flex create \`lex.yy.c', if possible, from existing .c - help2man touch the output file - lex create \`lex.yy.c', if possible, from existing .c - makeinfo touch the output file - tar try tar, gnutar, gtar, then tar without non-portable flags - yacc create \`y.tab.[ch]', if possible, from existing .[ch] + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man + +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. Send bug reports to ." exit $? @@ -96,265 +70,146 @@ Send bug reports to ." ;; -*) - echo 1>&2 "$0: Unknown \`$1' option" - echo 1>&2 "Try \`$0 --help' for more information" + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" exit 1 ;; esac -# Now exit if we have it, but it failed. Also exit now if we -# don't have it and --version was passed (most likely to detect -# the program). -case "$1" in - lex|yacc) - # Not GNU programs, they don't have --version. - ;; - - tar) - if test -n "$run"; then - echo 1>&2 "ERROR: \`tar' requires --run" - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - exit 1 - fi - ;; - - *) - if test -z "$run" && ($1 --version) > /dev/null 2>&1; then - # We have it, but it failed. - exit 1 - elif test "x$2" = "x--version" || test "x$2" = "x--help"; then - # Could not run --version or --help. This is probably someone - # running `$TOOL --version' or `$TOOL --help' to check whether - # $TOOL exists and not knowing $TOOL uses missing. - exit 1 - fi - ;; -esac - -# If it does not exist, or fails to run (possibly an outdated version), -# try to emulate it. -case "$1" in - aclocal*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acinclude.m4' or \`${configure_ac}'. You might want - to install the \`Automake' and \`Perl' packages. Grab them from - any GNU archive site." - touch aclocal.m4 - ;; - - autoconf) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`${configure_ac}'. You might want to install the - \`Autoconf' and \`GNU m4' packages. Grab them from any GNU - archive site." - touch configure - ;; - - autoheader) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`acconfig.h' or \`${configure_ac}'. You might want - to install the \`Autoconf' and \`GNU m4' packages. Grab them - from any GNU archive site." - files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER($[^)]*$).*/\1/p' ${configure_ac}` - test -z "$files" && files="config.h" - touch_files= - for f in $files; do - case "$f" in - *:*) touch_files="$touch_files "`echo "$f" | - sed -e 's/^[^:]*://' -e 's/:.*//'`;; - *) touch_files="$touch_files $f.in";; - esac - done - touch $touch_files - ;; - - automake*) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. - You might want to install the \`Automake' and \`Perl' packages. - Grab them from any GNU archive site." - find . -type f -name Makefile.am -print | - sed 's/\.am$/.in/' | - while read f; do touch "$f"; done - ;; - - autom4te) - echo 1>&2 "\ -WARNING: \`$1' is needed, but is $msg. - You might have modified some files without having the - proper tools for further handling them. - You can get \`$1' as part of \`Autoconf' from any GNU - archive site." - - file=`echo "$*" | sed -n 's/.*--output[ =]*$[^ ]*$.*/\1/p'` - test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*$[^ ]*$.*/\1/p'` - if test -f "$file"; then - touch $file - else - test -z "$file" || exec >$file - echo "#! /bin/sh" - echo "# Created by GNU Automake missing as a replacement of" - echo "# $ $@" - echo "exit 0" - chmod +x $file - exit 1 - fi - ;; - - bison|yacc) - echo 1>&2 "\ -WARNING: \`$1' $msg. You should only need it if - you modified a \`.y' file. You may need the \`Bison' package - in order for those modifications to take effect. You can get - \`Bison' from any GNU archive site." - rm -f y.tab.c y.tab.h - if [ $# -ne 1 ]; then - eval LASTARG="\${$#}" - case "$LASTARG" in - *.y) - SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" y.tab.c - fi - SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" y.tab.h - fi - ;; - esac - fi - if [ ! -f y.tab.h ]; then - echo >y.tab.h - fi - if [ ! -f y.tab.c ]; then - echo 'main() { return 0; }' >y.tab.c - fi - ;; - - lex|flex) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.l' file. You may need the \`Flex' package - in order for those modifications to take effect. You can get - \`Flex' from any GNU archive site." - rm -f lex.yy.c - if [ $# -ne 1 ]; then - eval LASTARG="\${$#}" - case "$LASTARG" in - *.l) - SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` - if [ -f "$SRCFILE" ]; then - cp "$SRCFILE" lex.yy.c - fi - ;; - esac - fi - if [ ! -f lex.yy.c ]; then - echo 'main() { return 0; }' >lex.yy.c - fi - ;; - - help2man) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a dependency of a manual page. You may need the - \`Help2man' package in order for those modifications to take - effect. You can get \`Help2man' from any GNU archive site." - - file=`echo "$*" | sed -n 's/.*-o $[^ ]*$.*/\1/p'` - if test -z "$file"; then - file=`echo "$*" | sed -n 's/.*--output=$[^ ]*$.*/\1/p'` - fi - if [ -f "$file" ]; then - touch $file - else - test -z "$file" || exec >$file - echo ".ab help2man is required to generate this page" - exit 1 - fi - ;; - - makeinfo) - echo 1>&2 "\ -WARNING: \`$1' is $msg. You should only need it if - you modified a \`.texi' or \`.texinfo' file, or any other file - indirectly affecting the aspect of the manual. The spurious - call might also be the consequence of using a buggy \`make' (AIX, - DU, IRIX). You might want to install the \`Texinfo' package or - the \`GNU make' package. Grab either from any GNU archive site." - # The file to touch is that specified with -o ... - file=`echo "$*" | sed -n 's/.*-o $[^ ]*$.*/\1/p'` - if test -z "$file"; then - # ... or it is the one specified with @setfilename ... - infile=`echo "$*" | sed 's/.* $[^ ]*$ *$/\1/'` - file=`sed -n '/^@setfilename/ { s/.* $[^ ]*$ *$/\1/; p; q; }' $infile` - # ... or it is derived from the source name (dir/f.texi becomes f.info) - test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info - fi - # If the file does not exist, the user really needs makeinfo; - # let's fail without touching anything. - test -f $file || exit 1 - touch $file - ;; - - tar) - shift - - # We have already tried tar in the generic part. - # Look for gnutar/gtar before invocation to avoid ugly error - # messages. - if (gnutar --version > /dev/null 2>&1); then - gnutar "$@" && exit 0 - fi - if (gtar --version > /dev/null 2>&1); then - gtar "$@" && exit 0 - fi - firstarg="$1" - if shift; then - case "$firstarg" in - *o*) - firstarg=`echo "$firstarg" | sed s/o//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - case "$firstarg" in - *h*) - firstarg=`echo "$firstarg" | sed s/h//` - tar "$firstarg" "$@" && exit 0 - ;; - esac - fi - - echo 1>&2 "\ -WARNING: I can't seem to be able to run \`tar' with the given arguments. - You may want to install GNU tar or Free paxutils, or check the - command line arguments." - exit 1 - ;; - - *) - echo 1>&2 "\ -WARNING: \`$1' is needed, and is $msg. - You might have modified some files without having the - proper tools for further handling them. Check the \`README' file, - it often tells you about the needed prerequisites for installing - this package. You may also peek at any GNU archive site, in case - some other package would contain this missing \`$1' program." - exit 1 - ;; -esac +# Run the given program, remember its exit status. +"$@"; st=$? + +# If it succeeded, we are done. +test $st -eq 0 && exit 0 + +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi -exit 0 +perl_URL=http://www.perl.org/ +flex_URL=http://flex.sourceforge.net/ +gnu_software_URL=http://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" -# time-stamp-end: "$" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" # End: ----------------------------------------------------------------------- Summary of changes: NEWS | 17 +- build-aux/config.guess | 173 ++----------------- build-aux/config.sub | 38 +++-- build-aux/depcomp | 38 ++++- build-aux/mdate-sh | 49 ++++-- build-aux/missing | 453 +++++++++++++++++-------------------------------- configure.ac | 6 +- doc/errorref.txt | 12 +- po/uk.po | 294 ++++++++++---------------------- src/gpg-error.h.in | 70 ++++---- 10 files changed, 419 insertions(+), 731 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 26 10:19:48 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 26 Aug 2015 10:19:48 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-26-gc8e7870 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c8e7870281950ae3b943c819147d4329198c0520 (commit) via 107bff70edb611309f627058dd4777a5da084b1a (commit) via c4f4b5c0a6fc172f7ceedc1a0021169e7f31b941 (commit) from 3f53d3d5d9e73a053b1e89073ef8f7cf01bfc8e6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c8e7870281950ae3b943c819147d4329198c0520 Author: Werner Koch Date: Wed Aug 26 10:16:39 2015 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 8518dae..7bf140b 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.6.1 (unreleased) [C25/A14/R_] +------------------------------------------------ + + Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 015ed46..55c388e 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.14" # for the LT versions. m4_define(mym4_version_major, [1]) m4_define(mym4_version_minor, [6]) -m4_define(mym4_version_micro, [0]) +m4_define(mym4_version_micro, [1]) # Below is m4 magic to extract and compute the revision number, the # decimalized short revision number, a beta version string, and a flag commit 107bff70edb611309f627058dd4777a5da084b1a Author: Werner Koch Date: Wed Aug 26 09:28:32 2015 +0200 Release 1.6.0 * configure.ac: Set LT version to C25/A14/R0. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 0e1e500..8518dae 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,35 @@ -Noteworthy changes in version 1.6.0 (unreleased) [C24/A13/R_] +Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] ------------------------------------------------ + * Added gpgme_set_offline to do a key listinging w/o requiring CRL. + + * Added gpgme_set_status_cb to allow a user to see some status + messages. + + * Added an export mode for secret keys. + + * More precise error codes are returned if GnuPG >= 2.1.8 is used. + + * The passphrase handler for the loopback mode has been improved and may + also be used with genkey. + + * [w32] The standard GnuPG 2.1 install directory is now seached for + gpgconf.exe before a registry specified directory and the Gpg4win + install directory. + + * [w32] gpgme-w32spawn.exe will now only be searched in the gpgme DLL + directory. + + * Interface changes relative to the 1.5.1 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gpgme_set_offline NEW. + gpgme_get_offline NEW. + gpgme_set_status_cb NEW. + gpgme_get_status_cb NEW. + GPGME_EXPORT_MODE_SECRET NEW + GPGME_EXPORT_MODE_RAW NEW. + GPGME_EXPORT_MODE_PKCS12 NEW. + Noteworthy changes in version 1.5.5 (2015-06-08) [C24/A13/R4] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index a1973e7..015ed46 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ # configure.ac for GPGME # Copyright (C) 2000 Werner Koch (dd9jn) # Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, -# 2009, 2010, 2011, 2012, 2013 g10 Code GmbH +# 2009, 2010, 2011, 2012, 2013, 2014, 2015 g10 Code GmbH # # This file is part of GPGME. # @@ -55,11 +55,11 @@ AC_INIT([gpgme],[mym4_full_version],[http://bugs.gnupg.org]) # (Interfaces added: AGE++) # (Interfaces removed/changed: AGE=0) # -LIBGPGME_LT_CURRENT=24 +LIBGPGME_LT_CURRENT=25 # Subtract 2 from this value if you want to make the LFS transition an # ABI break. [Note to self: Remove this comment with the next regular break.] -LIBGPGME_LT_AGE=13 -LIBGPGME_LT_REVISION=4 +LIBGPGME_LT_AGE=14 +LIBGPGME_LT_REVISION=0 # If the API is changed in an incompatible way: increment the next counter. GPGME_CONFIG_API_VERSION=1 diff --git a/doc/HACKING b/doc/HACKING index aedcf09..83c0f51 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -23,11 +23,34 @@ the big picture. Omit the leading TABs that you're used to seeing in a "real" ChangeLog file, but keep the maximum line length at 72 or smaller, so that the generated ChangeLog lines, each with its - leading TAB, will not exceed 80 columns. + leading TAB, will not exceed 80 columns. If you want to add text + which shall not be copied to the ChangeLog, separate it by a line + consisting of two dashes at the begin of a line. Note that ./autogen.sh installs a git hook to do some basic syntax checking on the commit log message. + Typo fixes and documentation updates don't need a ChangeLog entry; + thus you would use a commit message like + + #+begin_example + Fix typo in a comment + + -- + #+end_example + + The marker line here is important; without it the first line would + appear in the ChangeLog. + + If you exceptionally need to have longer lines in a commit log you may + do this after this scissor line: + #+begin_example + # ------------------------ >8 ------------------------ + #+end_example + (hash, blank, 24 dashes, blank, scissor, blank, 24 dashes). + Note that such a comment will be removed if the git commit option + =--cleanup-scissor= is used. + ** License policy GPGME is currently licensed under the LGPLv2.1+ with tools and the @@ -73,6 +96,29 @@ need. If you really need to do it, use a separate commit for such a change. + - C99 syntax should not be used; stick to C90. + - Please do not use C++ =//= style comments. + - Try to fit lines into 80 columns. + - Ignore signed/unsigned pointer mismatches + - No arithmetic on void pointers; cast to char* first. + +** Commit log keywords + + - GnuPG-bug-id :: Values are comma or space delimited bug numbers + from bug.gnupg.org pertaining to this commit. + - Debian-bug-id :: Same as above but from the Debian bug tracker. + - CVE-id :: CVE id number pertaining to this commit. + - Regression-due-to :: Commit id of the regression fixed by this commit. + - Fixes-commit :: Commit id this commit fixes. + - Reported-by :: Value is a name or mail address of a bug reporte. + - Suggested-by :: Value is a name or mail address of someone how + suggested this change. + - Co-authored-by :: Name or mail address of a co-author + - Some-comments-by :: Name or mail address of the author of + additional comments (commit log or code). + - Proofread-by :: Sometimes used by translation commits. + - Signed-off-by :: Name or mail address of the developer + * Debug hints - Use gpgme-tool for manual tests. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 20e1912..c02a30f 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -6203,15 +6203,15 @@ you run your tests only with play data. @include gpl.texi - at node Function and Data Index - at unnumbered Function and Data Index - - at printindex fn - @node Concept Index @unnumbered Concept Index @printindex cp + at node Function and Data Index + at unnumbered Function and Data Index + + at printindex fn + @bye diff --git a/doc/lesser.texi b/doc/lesser.texi index f23f0fd..bbd18a0 100644 --- a/doc/lesser.texi +++ b/doc/lesser.texi @@ -1,7 +1,7 @@ @node Library Copying @unnumbered GNU Lesser General Public License - at cindex LGPL, Lesser General Public License + at cindex LGPL, GNU Lesser General Public License @center Version 2.1, February 1999 @display @@ -16,7 +16,7 @@ as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] @end display - at section Preamble + at heading Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public @@ -119,7 +119,7 @@ former contains code derived from the library, whereas the latter must be combined with the library in order to run. @iftex - at section TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + at heading TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION @end iftex @ifinfo @center GNU LESSER GENERAL PUBLIC LICENSE @@ -476,12 +476,7 @@ decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. - at iftex - at heading NO WARRANTY - at end iftex - at ifinfo @center NO WARRANTY - at end ifinfo @item BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO @@ -515,7 +510,7 @@ DAMAGES. @end ifinfo @page - at section How to Apply These Terms to Your New Libraries + at heading How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that commit c4f4b5c0a6fc172f7ceedc1a0021169e7f31b941 Author: Werner Koch Date: Wed Aug 26 09:16:36 2015 +0200 Make use of GPGRT macros is available. * src/gpgme.h.in (_GPGME_INLINE): Define using GPGRT_INLINE if possible. Fix problem with -Wundef by adding an extra "defined()". (_GPGME_GCC_VERSION): Define using GPGRT_ macro if possible. diff --git a/src/gpgme.h.in b/src/gpgme.h.in index a0d9d31..6cea2c7 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -56,28 +56,33 @@ extern "C" { /* * Check for compiler features. */ -#ifdef __GNUC__ +#ifdef GPGRT_INLINE +# define _GPGME_INLINE GPGRT_INLINE +#elif defined(__GNUC__) # define _GPGME_INLINE __inline__ -#elif __STDC_VERSION__ >= 199901L +#elif defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L # define _GPGME_INLINE inline #else # define _GPGME_INLINE #endif -#if __GNUC__ -#define _GPGME_GCC_VERSION (__GNUC__ * 10000 \ - + __GNUC_MINOR__ * 100 \ - + __GNUC_PATCHLEVEL__) +#ifdef GPGRT_ATTR_DEPRECATED +# define _GPGME_DEPRECATED GPGRT_ATTR_DEPRECATED +#elif defined(__GNUC__) +# define _GPGME_GCC_VERSION (__GNUC__ * 10000 \ + + __GNUC_MINOR__ * 100 \ + + __GNUC_PATCHLEVEL__) -#if _GPGME_GCC_VERSION > 30100 -#define _GPGME_DEPRECATED __attribute__ ((__deprecated__)) -#endif +# if _GPGME_GCC_VERSION > 30100 +# define _GPGME_DEPRECATED __attribute__ ((__deprecated__)) +# else +# define _GPGME_DEPRECATED +# endif +#else +# define _GPGME_DEPRECATED #endif -#ifndef _GPGME_DEPRECATED -#define _GPGME_DEPRECATED -#endif /* The macro _GPGME_DEPRECATED_OUTSIDE_GPGME suppresses warnings for fields we must access in GPGME for ABI compatibility. */ ----------------------------------------------------------------------- Summary of changes: NEWS | 35 ++++++++++++++++++++++++++++++++++- configure.ac | 10 +++++----- doc/HACKING | 48 +++++++++++++++++++++++++++++++++++++++++++++++- doc/gpgme.texi | 10 +++++----- doc/lesser.texi | 13 ++++--------- src/gpgme.h.in | 29 +++++++++++++++++------------ 6 files changed, 112 insertions(+), 33 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 26 12:05:23 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 26 Aug 2015 12:05:23 +0200 Subject: [git] gnupg-doc - branch, master, updated. 053fe7bb40f3d9c4a857fc3172ebd504067a9d51 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 053fe7bb40f3d9c4a857fc3172ebd504067a9d51 (commit) from d4b19d308acb0038a35471661e193e475c2552cf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 053fe7bb40f3d9c4a857fc3172ebd504067a9d51 Author: Werner Koch Date: Wed Aug 26 11:13:21 2015 +0200 web: Release info for gpgme and Libgpg-error. diff --git a/web/index.org b/web/index.org index 3d64108..87a5903 100644 --- a/web/index.org +++ b/web/index.org @@ -64,6 +64,14 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GPGME 1.6.0 and Libgpg-error 1.20 released (2015-08-26) + +GPGME 1.6.0 is now available. This release introduce a mode to export +sceret keys, improves the error return codes, and is prepared to make +use of the GnuPG 2.1 Windows installer. See this full [[http://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000372.html][announcement]]. +An update of Libgpg-error to fix a problem in Windows has also been +released; see this [[http://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000373.html][announcement]]. + ** GnuPG 2.1.7 released (2015-08-11) A new version of the /modern/ branch of GnuPG has been released. diff --git a/web/swdb.mac b/web/swdb.mac index 89b34d0..fc6789f 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -62,10 +62,10 @@ # # GPGME # -#+macro: gpgme_ver 1.5.5 +#+macro: gpgme_ver 1.6.0 #+macro: gpgme_branch master -#+macro: gpgme_size 953k -#+macro: gpgme_sha1 88476d72cb099e179de4040760502886f7a54926 +#+macro: gpgme_size 961k +#+macro: gpgme_sha1 21510323495f6220f8f67610c3c27a23d761d43d # @@ -95,9 +95,9 @@ # # LIBGPG-ERROR -#+macro: libgpg_error_ver 1.19 -#+macro: libgpg_error_size 744k -#+macro: libgpg_error_sha1 4997951ab058788de48b989013668eb3df1e6939 +#+macro: libgpg_error_ver 1.20 +#+macro: libgpg_error_size 752k +#+macro: libgpg_error_sha1 89c961f63469739fe816a56dcdd86c2e1897cace # ----------------------------------------------------------------------- Summary of changes: web/index.org | 8 ++++++++ web/swdb.mac | 12 ++++++------ 2 files changed, 14 insertions(+), 6 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Aug 26 12:29:15 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 26 Aug 2015 12:29:15 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-52-gfad9107 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fad91071cadff43d77ce2e524dfb03999ba6678e (commit) from 9d07f6930aaa40dce92104e8c99241713d92eed2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fad91071cadff43d77ce2e524dfb03999ba6678e Author: Neal H. Walfield Date: Wed Aug 26 12:22:24 2015 +0200 g10: Simplify cache. Only include data that is actually used. * g10/keydb.c (struct kid_list_s): Rename from this... (struct kid_not_found_cache_bucket): ... to this. Update users. Remove field state. (kid_list_t): Remove type. (KID_NOT_FOUND_CACHE_BUCKETS): Define. Use this instead of a literal. (kid_found_table): Rename from this... (kid_not_found_cache_bucket): ... to this. Update users. (kid_found_table_count): Rename from this... (kid_not_found_cache_count): ... to this. Update users. (kid_not_found_p): Only return whether a key with the specified key id is definitely not in the database. (kid_not_found_insert): Remove parameter found. Update callers. (keydb_search): Only insert a key id in the not found cache if it is not found. Rename local variable once_found to already_in_cache. -- Signed-off-by: Neal H. Walfield . Commit e0873a33 started tracking whether key ids where definitely in the database. This information is, however, never used and thus just unnecessarily inflates the cache. This patch effectively reverts that change (however, e0873a33 contains two separate changes and this only reverts that change). diff --git a/g10/keydb.c b/g10/keydb.c index b31c6a6..1446c07 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -74,23 +74,32 @@ struct keydb_handle struct resource_item active[MAX_KEYDB_RESOURCES]; }; +/* Looking up keys is expensive. To hide the cost, we cache whether + keys exist in the key database. Then, if we know a key does not + exist, we don't have to spend time looking it up. This + particularly helps the --list-sigs and --check-sigs commands. -/* This object is used to keep a list of keyids in a linked list. */ -typedef struct kid_list_s + The cache stores the results in a hash using separate chaining. + Concretely: we use the LSB of the keyid to index the hash table and + each bucket consists of a linked list of entries. An entry + consists of the 64-bit key id. If a key id is not in the cache, + then we don't know whether it is in the DB or not. + + To simplify the cache consistency protocol, we simply flush the + whole cache whenever a key is inserted or updated. */ + +#define KID_NOT_FOUND_CACHE_BUCKETS 256 +static struct kid_not_found_cache_bucket * + kid_not_found_cache[KID_NOT_FOUND_CACHE_BUCKETS]; + +/* The total number of entries in the hash table. */ +static unsigned int kid_not_found_cache_count; + +struct kid_not_found_cache_bucket { - struct kid_list_s *next; + struct kid_not_found_cache_bucket *next; u32 kid[2]; - int state; /* True if found. */ -} *kid_list_t; - -/* To avoid looking up a key by keyid where we know that it does not - yet exist, we keep a table of keyids with search results. This - improves the --list-sigs and --check-sigs commands substantively. - To avoid extra complexity we clear the entire table on any insert - or update operation. The array is indexed by the LSB of the keyid. - KID_FOUND_TABLE_COUNT gives the number of keys in the table. */ -static kid_list_t kid_found_table[256]; -static unsigned int kid_found_table_count; +}; /* This is a simple cache used to return the last result of a @@ -118,81 +127,84 @@ static int lock_all (KEYDB_HANDLE hd); static void unlock_all (KEYDB_HANDLE hd); -/* Checkwhether the keyid KID is in the table of found or not found - keyids. +/* Check whether the keyid KID is in key id is definately not in the + database. Returns: - 0 - Keyid not in table - 1 - Keyid in table because not found in a previous search - 2 - Keyid in table because found in a previous search - */ + + 0 - Indeterminate: the key id is not in the cache; we don't know + whether the key is in the database or not. If you want a + definitive answer, you'll need to perform a lookup. + + 1 - There is definitely no key with this key id in the database. + We searched for a key with this key id previously, but we + didn't find it in the database. */ static int kid_not_found_p (u32 *kid) { - kid_list_t k; + struct kid_not_found_cache_bucket *k; - for (k = kid_found_table[kid[0] % 256]; k; k = k->next) + for (k = kid_not_found_cache[kid[0] % KID_NOT_FOUND_CACHE_BUCKETS]; k; k = k->next) if (k->kid[0] == kid[0] && k->kid[1] == kid[1]) { if (DBG_CACHE) - log_debug ("keydb: kid_not_found_p (%08lx%08lx) => %s\n", - (ulong)kid[0], (ulong)kid[1], - k->state? "false (found)": "true"); - return k->state? 2 : 1; + log_debug ("keydb: kid_not_found_p (%08lx%08lx) => not in DB\n", + (ulong)kid[0], (ulong)kid[1]); + return 1; } if (DBG_CACHE) - log_debug ("keydb: kid_not_found_p (%08lx%08lx) => false\n", + log_debug ("keydb: kid_not_found_p (%08lx%08lx) => indeterminate\n", (ulong)kid[0], (ulong)kid[1]); return 0; } -/* Put the keyid KID into the table of keyids with their find states of - previous searches. Note that there is no check whether the keyid - is already in the table, thus kid_not_found_p() should be used prior. */ +/* Insert the keyid KID into the kid_not_found_cache. FOUND is whether + the key is in the key database or not. + + Note this function does not check whether the key id is already in + the cache. As such, kid_not_found_p() should be called first. */ static void -kid_not_found_insert (u32 *kid, int found) +kid_not_found_insert (u32 *kid) { - kid_list_t k; + struct kid_not_found_cache_bucket *k; if (DBG_CACHE) - log_debug ("keydb: kid_not_found_insert (%08lx%08lx, %d)\n", - (ulong)kid[0], (ulong)kid[1], found); + log_debug ("keydb: kid_not_found_insert (%08lx%08lx)\n", + (ulong)kid[0], (ulong)kid[1]); k = xmalloc (sizeof *k); k->kid[0] = kid[0]; k->kid[1] = kid[1]; - k->state = found; - k->next = kid_found_table[kid[0]%256]; - kid_found_table[kid[0]%256] = k; - kid_found_table_count++; + k->next = kid_not_found_cache[kid[0] % KID_NOT_FOUND_CACHE_BUCKETS]; + kid_not_found_cache[kid[0] % KID_NOT_FOUND_CACHE_BUCKETS] = k; + kid_not_found_cache_count++; } -/* Flush the entire table of keyids whche were not found in previous - searches. */ +/* Flush kid found cache. */ static void kid_not_found_flush (void) { - kid_list_t k, knext; + struct kid_not_found_cache_bucket *k, *knext; int i; if (DBG_CACHE) log_debug ("keydb: kid_not_found_flush\n"); - if (!kid_found_table_count) + if (!kid_not_found_cache_count) return; - for (i=0; i < DIM(kid_found_table); i++) + for (i=0; i < DIM(kid_not_found_cache); i++) { - for (k = kid_found_table[i]; k; k = knext) + for (k = kid_not_found_cache[i]; k; k = knext) { knext = k->next; xfree (k); } - kid_found_table[i] = NULL; + kid_not_found_cache[i] = NULL; } - kid_found_table_count = 0; + kid_not_found_cache_count = 0; } @@ -210,9 +222,9 @@ keyblock_cache_clear (void) /* Handle the creation of a keyring or a keybox if it does not yet exist. Take into account that other processes might have the keyring/keybox already locked. This lock check does not work if - the directory itself is not yet available. If is IS_BOX is true - the filename is expected to be a keybox. If FORCE_CREATE is true - the keyring or keybox shall be created. */ + the directory itself is not yet available. If IS_BOX is true the + filename is expected to refer to a keybox. If FORCE_CREATE is true + the keyring or keybox will be created. */ static int maybe_create_keyring_or_box (char *filename, int is_box, int force_create) { @@ -646,8 +658,9 @@ keydb_add_resource (const char *url, unsigned int flags) void keydb_dump_stats (void) { - if (kid_found_table_count) - log_info ("keydb: kid_not_found_table: total: %u\n", kid_found_table_count); + if (kid_not_found_cache_count) + log_info ("keydb: kid_not_found_cache: total: %u\n", + kid_not_found_cache_count); } @@ -1619,7 +1632,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc, size_t *descindex) { gpg_error_t rc; - int once_found = 0; + int already_in_cache = 0; if (descindex) *descindex = 0; /* Make sure it is always set on return. */ @@ -1634,14 +1647,8 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, dump_search_desc (hd, "keydb_search", desc, ndesc); - /* Note that we track the found state in the table to cope with the - case that a initial search found the key and the next search - (without a reset) did not found the key. Without keeping the - found state we would falsely claim that the key has not been - found. Actually this is quite common because we need to check - for ambgious keyids. */ if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID - && (once_found = kid_not_found_p (desc[0].u.kid)) == 1 ) + && (already_in_cache = kid_not_found_p (desc[0].u.kid)) == 1 ) { if (DBG_CLOCK) log_clock ("keydb_search leave (not found, cached)"); @@ -1706,12 +1713,10 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, memcpy (keyblock_cache.fpr, desc[0].u.fpr, 20); } - if ((!rc || gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND && ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID - && !once_found) - { - kid_not_found_insert (desc[0].u.kid, !rc); - } + && !already_in_cache) + kid_not_found_insert (desc[0].u.kid); if (DBG_CLOCK) log_clock (rc? "keydb_search leave (not found)" diff --git a/g10/keydb.h b/g10/keydb.h index b64438c..727c96f 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -235,6 +235,10 @@ int get_pubkey_byfprint_fast (PKT_public_key *pk, int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint, size_t fprint_len ); +/* Return whether a secret key is available for the public key with + key id KEYID. Note: this is just a fast check and does not tell us + whether the secret key is valid; this check merely indicates + whether there is some secret key with the specified key id. */ int have_secret_key_with_kid (u32 *keyid); gpg_error_t get_seckey_byname (PKT_public_key *pk, const char *name); ----------------------------------------------------------------------- Summary of changes: g10/keydb.c | 133 +++++++++++++++++++++++++++++++----------------------------- g10/keydb.h | 4 ++ 2 files changed, 73 insertions(+), 64 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 27 19:35:57 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Thu, 27 Aug 2015 19:35:57 +0200 Subject: [git] gnupg-doc - branch, master, updated. 5497a0beafeaf37aba4d6911973d961c52ec51f6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 5497a0beafeaf37aba4d6911973d961c52ec51f6 (commit) from 053fe7bb40f3d9c4a857fc3172ebd504067a9d51 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5497a0beafeaf37aba4d6911973d961c52ec51f6 Author: Robert J. Hansen Date: Thu Aug 27 13:35:44 2015 -0400 Clarified license. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index db0c7fa..4b1792c 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -44,14 +44,12 @@ purposes. :CUSTOM_ID: documentation_license :END: -This document is ? 2012, Robert J. Hansen <[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]> and +This document is ? 2012-2015, Robert J. Hansen <[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]> and A.M. Kuchling <[[mailto:amk at amk.ca?subject=The%20GnuPG%20FAQ][amk at amk.ca]]>. You are free to make use of this document in accordance with the [[http://creativecommons.org/licenses/by-sa/3.0/][Creative Commons Attribution-ShareAlike 3.0 -license]], with the exception of Randall Munroe?s XKCD comic, which is -released under terms of the [[http://creativecommons.org/licenses/by-nc/2.5/][Creative Commons Attribution-NonCommercial -2.5]] license; alternately, you may make use of it under terms of the +license]]; alternately, you may make use of it under terms of the GNU General Public License (version 3 or, at your discretion, any -later version), again excepting Mr. Munroe?s works. +later version). #+HTML: ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 27 20:08:05 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Thu, 27 Aug 2015 20:08:05 +0200 Subject: [git] gnupg-doc - branch, master, updated. 0c7cafdc4ba4db94e3893d3f0cea16e484c0a0e5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 0c7cafdc4ba4db94e3893d3f0cea16e484c0a0e5 (commit) from 5497a0beafeaf37aba4d6911973d961c52ec51f6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0c7cafdc4ba4db94e3893d3f0cea16e484c0a0e5 Author: Robert J. Hansen Date: Thu Aug 27 14:08:00 2015 -0400 Updated installation instructions. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 4b1792c..1640f22 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -70,32 +70,20 @@ for any errors. :CUSTOM_ID: welcome :END: -Welcome to the official GnuPG FAQ. This FAQ has been written from -scratch and makes the old FAQ obsolete. Nevertheless this text is -still incomplete but we believe it to be more accurate than the long -outdated former FAQ. +Welcome to the official GnuPG FAQ. Like all FAQs, this is a work in +progress. If you have questions that you think should be on it but +aren't, please feel free to email the FAQ maintainer (Rob Hansen, +[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]) +or bring your suggestion up on GnuPG-Users. -** What conventions are used in this FAQ? - :PROPERTIES: - :CUSTOM_ID: conventions - :END: - -As is par for the course with everything involving computers, there -are an awful lot of acronyms in this FAQ. For most of them, holding -the mouse pointer over the acronym will reveal a tooltip containing -the full expansion of the acronym. Hovering over the letters FAQ, for -instance, will reveal the words ?Frequently Asked Questions.? These -acronyms are presented in a small-caps font in order to make them -easier to recognize when reading. - ** Who maintains this FAQ? :PROPERTIES: :CUSTOM_ID: maintainer :END: -[[mailto:rjh at sixdemonbag.org?subject%3DThe%20GnuPG%20FAQ][Robert J. Hansen]]. Please feel free to contact me should there be an +[[mailto:rjh at sixdemonbag.org?subject%3DThe%20GnuPG%20FAQ][Rob Hansen]]. Please feel free to contact me should there be an error in this FAQ, whether typographical, grammatical, or factual. When writing, the editorial ?we? refers to the general consensus of @@ -108,8 +96,6 @@ italicized, and initialed by their author. The different editors are: - wk: Werner Koch <[[mailto:wk at gnupg.org?subject%3DThe%20GnuPG%20FAQ][wk at gnupg.org]]> - rjh: Robert J. Hansen <[[mailto:rjh at sixdemonbag.org?subject=The%20GnuPG%20FAQ][rjh at sixdemonbag.org]]> -/[Do we have any other editors we need to add? ? rjh]/ - ** Is this the official GnuPG FAQ? :PROPERTIES: @@ -124,7 +110,7 @@ Yes. :CUSTOM_ID: last_checked :END: -October 2012. +August 2015. * General questions @@ -132,12 +118,6 @@ October 2012. :CUSTOM_ID: general :END: -Since no company controls GnuPG, there?s really no single vendor for -GnuPG. Instead, there?s a robust community surrounding GnuPG which -has produced versions of it for several different operating systems. -But first, let?s cover the basics. - - ** What?s GnuPG? :PROPERTIES: :CUSTOM_ID: whats_gnupg @@ -228,6 +208,9 @@ A convenient Windows installer is available from [[http://www.gpg4win.org][GPG4W :END: The [[http://www.gpgtools.org][GPGtools project]] has everything needed to get started. +However, GPGTools only offers GnuPG 2.0; if you want the latest-and-greatest 2.1, look +at Patrick Brunschwig?s [[http://sourceforge.net/projects/gpgosx/][GnuPG for OS X] project +on SourceForge. *** ? for Linux? @@ -240,14 +223,12 @@ Linux systems. The good news is that it?s usually installed by default, so nothing needs to be downloaded! -**** ? for Debian GNU/Linux? +**** ? for Debian GNU/Linux or Ubuntu? :PROPERTIES: :CUSTOM_ID: get_gnupg_debian :END: -GnuPG is installed by default with Debian GNU/Linux. If for some -reason it is not, use the APT package manager to install the package -?gnupg2?. +At a terminal window type =sudo apt-get install gnupg2=. **** ? for OpenSUSE? @@ -255,36 +236,19 @@ reason it is not, use the APT package manager to install the package :CUSTOM_ID: get_gnupg_opensuse :END: -A recent version of GnuPG is part of the default OpenSUSE +At a terminal window type =sudo zypper install gnupg2=. + installation. -**** ? for Fedora? +**** ? for Fedora, CentOS, or RHEL? :PROPERTIES: :CUSTOM_ID: get_gnupg_fedora :END: -See the [[#get_gnupg_centos][instructions for CentOS]]. Typically, though, Fedora ships with -a much more recent version of GnuPG, and as such you shouldn?t need to -install anything. - - -**** ? for CentOS or RHEL? - :PROPERTIES: - :CUSTOM_ID: get_gnupg_centos - :END: - -An older (but still secure!) version of GnuPG is part of every CentOS -installation. To get the latest version, use the YUM package manager -to install the package ?gnupg2?. - - -**** ? for Ubuntu? - :PROPERTIES: - :CUSTOM_ID: get_gnupg_ubuntu - :END: +For Fedora 22 and later: at a terminal window type =sudo dnf install gnupg2=. -See the instructions for [[#get_gnupg_debian][Debian GNU/Linux]]. +For Fedora 21 and earlier, CentOS, or RHEL: at a terminal window type =sudo yum install gnupg2=. **** ? for Slackware? ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 70 +++++++++++++-------------------------------------- 1 file changed, 17 insertions(+), 53 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Aug 27 20:13:49 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Thu, 27 Aug 2015 20:13:49 +0200 Subject: [git] gnupg-doc - branch, master, updated. 46201840bfc4927ff93316aa0d5db939659f8427 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 46201840bfc4927ff93316aa0d5db939659f8427 (commit) from 0c7cafdc4ba4db94e3893d3f0cea16e484c0a0e5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 46201840bfc4927ff93316aa0d5db939659f8427 Author: Robert J. Hansen Date: Thu Aug 27 14:13:45 2015 -0400 Overhauling some of the mailing list information. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 1640f22..caedd57 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -355,8 +355,8 @@ conspiracy theories, and half-informed speculations all masquerading as informed commentary. The following mailing lists and web pages are generally known for -having a strong signal-to-noise ratio. Despite this, we strongly urge -skepticism. +having a strong signal-to-noise ratio. Nevertheless, we strongly urge +you to keep a skeptical mind at all times. ** How can I spot the charlatans? @@ -399,7 +399,9 @@ to take challenges as personal affronts. :CUSTOM_ID: mailing_lists :END: -The good news is, there are many! +There are many excellent mailing lists out there. The following is +a list of just some of them that we?ve found to be high-quality. +There are undoubtedly many more that we?ve missed. *** The GnuPG-Users mailing list @@ -411,7 +413,7 @@ The good news is, there are many! - Subscribing :: visit the [[http://lists.gnupg.org/mailman/listinfo/gnupg-users][GnuPG-Users webpage]] - Unsubscribing :: see above - List moderator :: <[[mailto:gnupg-users-owner at gnupg.org?subject%3DThe%20GnuPG-Users%20list][gnupg-users-owner at gnupg.org]]> -- Supports PGP/MIME? :: No +- Supports PGP/MIME? :: Yes - Languages supported :: English GnuPG-Users is home to the largest community of GnuPG users on the @@ -435,7 +437,7 @@ but on the whole it?s a wonderful resource. - Olav Seyfarth <[[mailto:olav at enigmail.net?subject=The%20Enigmail%20list][olav at enigmail.net]]> - Patrick Brunschwig <[[mailto:patrick at enigmail.net?subject=The%20Enigmail%20list][patrick at enigmail.net]]> - Ludwig H?gelsch?fer <[[mailto:ludwig at enigmail.net?subject=The%20Enigmail%20list][ludwig at enigmail.net]]> - - Daniele Raffo <[[mailto:daniele at enigmail.net?subject=The%20Enigmail%20list][daniele at enigmail.net]]> + - Daniele Raffo <[[mailto:daniele at enigmail.net?subject=The%20Enigmail%20list][dan at enigmail.net]]> - Robert J. Hansen <[[mailto:rob at enigmail.net?subject=The%20Enigmail%20list][rob at enigmail.net]]> - Supports PGP/MIME :: Yes - Languages supported :: English, Deutsch, Schwyzerd?tsch, Espa?ol ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 28 08:51:34 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Aug 2015 08:51:34 +0200 Subject: [git] gnupg-doc - branch, master, updated. c9898afbcc069b4ccdb90ab1c12082a4d37cd724 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c9898afbcc069b4ccdb90ab1c12082a4d37cd724 (commit) from 46201840bfc4927ff93316aa0d5db939659f8427 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c9898afbcc069b4ccdb90ab1c12082a4d37cd724 Author: Werner Koch Date: Fri Aug 28 08:47:25 2015 +0200 id: Update eddsa-for-openpgp diff --git a/misc/id/common/README b/misc/id/common/README new file mode 100644 index 0000000..5afef41 --- /dev/null +++ b/misc/id/common/README @@ -0,0 +1,2 @@ +Online references can be found at: + http://xml.resource.org/public/rfc/bibxml3/ diff --git a/misc/id/common/reference.I-D.josefsson-eddsa-ed25519.xml b/misc/id/common/reference.I-D.josefsson-eddsa-ed25519.xml new file mode 100644 index 0000000..431a8d7 --- /dev/null +++ b/misc/id/common/reference.I-D.josefsson-eddsa-ed25519.xml @@ -0,0 +1,24 @@ + + + + +EdDSA and Ed25519 + + + + + + + + + + + +The elliptic curve signature scheme EdDSA and one instance of it called Ed25519 is described. An example implementation and test vectors are provided. + + + + + + diff --git a/misc/id/eddsa-for-openpgp/back.mkd b/misc/id/eddsa-for-openpgp/back.mkd index 988b8f6..505b727 100644 --- a/misc/id/eddsa-for-openpgp/back.mkd +++ b/misc/id/eddsa-for-openpgp/back.mkd @@ -1,7 +1,7 @@ # Test vectors For help implementing this specification a non-normative example is -given. This example assumes that the algorithm id for EdDSA will +given. This example assumes that the algorithm id for EdDSA (TBD1) will be 22. @@ -76,3 +76,4 @@ other values might also be interesting for other ECC specifications: - Fixed decription in the test vectors regarding an extra 0x00 byte. - Small gramar fixes. + - Reference Josefsson's EdDSA I-D instead of the original paper. diff --git a/misc/id/eddsa-for-openpgp/draft-koch-eddsa-for-openpgp-03.txt b/misc/id/eddsa-for-openpgp/draft-koch-eddsa-for-openpgp-03.txt new file mode 100644 index 0000000..cd083d1 --- /dev/null +++ b/misc/id/eddsa-for-openpgp/draft-koch-eddsa-for-openpgp-03.txt @@ -0,0 +1,448 @@ + + + + +Network Working Group W. Koch +Internet-Draft g10 Code +Updates: 4880 (if approved) August 28, 2015 +Intended status: Informational +Expires: February 29, 2016 + + + EdDSA for OpenPGP + draft-koch-eddsa-for-openpgp-03 + +Abstract + + This specification extends OpenPGP with the EdDSA public key + algorithm and describes the use of curve Ed25519. + +Status of This Memo + + This Internet-Draft is submitted in full conformance with the + provisions of BCP 78 and BCP 79. + + Internet-Drafts are working documents of the Internet Engineering + Task Force (IETF). Note that other groups may also distribute + working documents as Internet-Drafts. The list of current Internet- + Drafts is at http://datatracker.ietf.org/drafts/current/. + + Internet-Drafts are draft documents valid for a maximum of six months + and may be updated, replaced, or obsoleted by other documents at any + time. It is inappropriate to use Internet-Drafts as reference + material or to cite them other than as "work in progress." + + This Internet-Draft will expire on February 29, 2016. + +Copyright Notice + + Copyright (c) 2015 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. Code Components extracted from this document must + include Simplified BSD License text as described in Section 4.e of + the Trust Legal Provisions and are provided without warranty as + described in the Simplified BSD License. + + + + + +Koch Expires February 29, 2016 [Page 1] + +Internet-Draft EdDSA for OpenPGP August 2015 + + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 2. Supported Curves . . . . . . . . . . . . . . . . . . . . . . 2 + 3. Point Format . . . . . . . . . . . . . . . . . . . . . . . . 3 + 4. Encoding of Public and Private Keys . . . . . . . . . . . . . 3 + 5. Message Encoding . . . . . . . . . . . . . . . . . . . . . . 4 + 6. Curve OID . . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 + 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 + 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 5 + 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 + 10.1. Normative References . . . . . . . . . . . . . . . . . . 5 + 10.2. Informative References . . . . . . . . . . . . . . . . . 6 + Appendix A. Test vectors . . . . . . . . . . . . . . . . . . . . 6 + A.1. Sample key . . . . . . . . . . . . . . . . . . . . . . . 6 + A.2. Sample signature . . . . . . . . . . . . . . . . . . . . 7 + Appendix B. Point compression flag bytes . . . . . . . . . . . . 7 + Appendix C. Changes since -02 . . . . . . . . . . . . . . . . . 7 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 8 + +1. Introduction + + The OpenPGP specification in [RFC4880] defines the RSA, Elgamal, and + DSA public key algorithms. [RFC6637] adds support for Elliptic Curve + Cryptography and specifies the ECDSA and ECDH algorithms. Due to + patent reasons no point compression was defined. + + This document specifies how to use the EdDSA public key signature + algorithm [I-D.josefsson-eddsa-ed25519] with the OpenPGP standard. + It defines a new signature algorithm named EdDSA and specifies how to + use the Ed25519 curve with EdDSA. This algorithm uses a custom point + compression method. There are three main advantages of the EdDSA + algorithm: It does not require the use of a unique random number for + each signature, there are no padding or truncation issues as with + ECDSA, and it is more resilient to side-channel attacks. + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in [RFC2119]. + +2. Supported Curves + + This document references the Curve "Ed25519" which is the Edwards + form of "Curve25519" and specified in the same paper as the "EdDSA" + algorithm ([ED25519]). For the full specification see + [I-D.josefsson-eddsa-ed25519]. + + + + +Koch Expires February 29, 2016 [Page 2] + +Internet-Draft EdDSA for OpenPGP August 2015 + + + Other curves may be used by using a specific OID for the curve and + its EdDSA parameters. + + The following public key algorithm IDs are added to expand section + 9.1 of [RFC4880], "Public-Key Algorithms": + + +-------+-----------------------------+ + | ID | Description of Algorithm | + +-------+-----------------------------+ + | TBD1 | EdDSA public key algorithm | + +-------+-----------------------------+ + + Compliant applications MUST support EdDSA with the curve Ed25519. + Applications MAY support other curves as long as a dedicated OID for + using that curve with EdDSA is used. + +3. Point Format + + The EdDSA algorithm defines a specific point compression format. To + indicate the use of this compression format and to make sure that the + key can be represented in the Multiprecision Integer (MPI) format of + [RFC4880] the octet string specifying the point is prefixed with the + octet 0x40. This encoding is an extension of the encoding given in + [RFC6637] which uses 0x04 to indicate an uncompressed point. + + For example, the length of a public key for the curve Ed25519 is 263 + bit: 7 bit to represent the 0x40 prefix octet and 32 octets for the + native value of the public key. + +4. Encoding of Public and Private Keys + + The following algorithm specific packets are added to Section 5.5.2 + of [RFC4880], "Public-Key Packet Formats", to support EdDSA. + + Algorithm-Specific Fields for EdDSA keys: + + o a variable length field containing a curve OID, formatted as + follows: + + * a one-octet size of the following field; values 0 and 0xFF are + reserved for future extensions, + + * octets representing a curve OID, defined in Section 6. + + o MPI of an EC point representing a public key Q as described under + Point Format above. + + + + + +Koch Expires February 29, 2016 [Page 3] + +Internet-Draft EdDSA for OpenPGP August 2015 + + + The following algorithm specific packets are added to Section 5.5.3 + of [RFC4880], "Secret-Key Packet Formats", to support EdDSA. + + Algorithm-Specific Fields for EdDSA keys: + + o an MPI of an integer representing the secret key, which is a + scalar of the public EC point. + + The version 4 packet format MUST be used. + +5. Message Encoding + + Section 5.2.3 of [RFC4880], "Version 4 Signature Packet Format" + specifies formats. To support EdDSA no change is required, the MPIs + representing the R and S value are encoded as MPIs in the same way as + done for the DSA and ECDSA algorithms; in particular the Algorithm- + Specific Fields for an EdDSA signature are: + + - MPI of EdDSA value r. + + - MPI of EdDSA value s. + + Note that the compressed version of R and S as specified for EdDSA + ([I-D.josefsson-eddsa-ed25519]) is used. + + The version 3 signature format MUST NOT be used with EdDSA. + + Although that algorithm allows arbitrary data as input, its use with + OpenPGP requires that a digest of the message is used as input. See + section 5.2.4 of [RFC4880], "Computing Signatures" for details. + Truncation of the resulting digest is never applied; the resulting + digest value is used verbatim as input to the EdDSA algorithm. + +6. Curve OID + + The EdDSA key parameter curve OID is an array of octets that defines + a named curve. The table below specifies the exact sequence of bytes + for each named curve referenced in this document: + + +------------------------+------+------------------------+----------+ + | OID | Len | Encoding in hex format | Name | + +------------------------+------+------------------------+----------+ + | 1.3.6.1.4.1.11591.15.1 | 9 | 2B 06 01 04 01 DA 47 | Ed25519 | + | | | 0F 01 | | + +------------------------+------+------------------------+----------+ + + See [RFC6637] for a description of the OID encoding given in the + second and third columns. + + + +Koch Expires February 29, 2016 [Page 4] + +Internet-Draft EdDSA for OpenPGP August 2015 + + +7. Security Considerations + + The security considerations of [RFC4880] apply accordingly. + + Although technically possible the use of EdDSA with digest algorithms + weaker than SHA-256 (e.g. SHA-1) is not suggested. + +8. IANA Considerations + + IANA is requested to assign an algorithm number from the OpenPGP + Public-Key Algorithms range, or the "namespace" in the terminology of + [RFC5226], that was created by [RFC4880]. See section 2. + + +-------+-----------------------------+------------+ + | ID | Algorithm | Reference | + +-------+-----------------------------+------------+ + | TBD1 | EdDSA public key algorithm | This doc | + +-------+-----------------------------+------------+ + + [Notes to RFC-Editor: Please remove the table above on publication. + It is desirable not to reuse old or reserved algorithms because some + existing tools might print a wrong description. A higher number is + also an indication for a newer algorithm. As of now 22 is the next + free number.] + +9. Acknowledgments + + The author would like to acknowledge the help of the individuals who + kindly voiced their opinions on the IETF OpenPGP and GnuPG mailing + lists, in particular, the help of Andrey Jivsov, Jon Callas, and + NIIBE Yutaka. + +10. References + +10.1. Normative References + + [I-D.josefsson-eddsa-ed25519] + Josefsson, S. and N. Moller, "EdDSA and Ed25519", draft- + josefsson-eddsa-ed25519-03 (work in progress), May 2015. + + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. + Thayer, "OpenPGP Message Format", RFC 4880, November 2007. + + + + + + +Koch Expires February 29, 2016 [Page 5] + +Internet-Draft EdDSA for OpenPGP August 2015 + + + [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an + IANA Considerations Section in RFCs", BCP 26, RFC 5226, + May 2008. + + [RFC6637] Jivsov, A., "Elliptic Curve Cryptography (ECC) in + OpenPGP", RFC 6637, June 2012. + +10.2. Informative References + + [ED25519] Bernstein, D., Duif, N., Lange, T., Schwabe, P., and B. + Yang, "High-speed high-security signatures", Journal of + Cryptographic Engineering Volume 2, Issue 2, pp. 77-89, + September 2011, + . + +Appendix A. Test vectors + + For help implementing this specification a non-normative example is + given. This example assumes that the algorithm id for EdDSA (TBD1) + will be 22. + +A.1. Sample key + + The secret key used for this example is: + + D: 1a8b1ff05ded48e18bf50166c664ab023ea70003d78d9e41f5758a91d850f8d2 + + Note that this is the raw secret key used as input to the EdDSA + signing operation. The key was created on 2014-08-19 14:28:27 and + thus the fingerprint of the OpenPGP key is: + + C959 BDBA FA32 A2F8 9A15 3B67 8CFD E121 9796 5A9A + + The algorithm specific input parameters without the MPI length + headers are: + + oid: 2b06010401da470f01 + + q: 403f098994bdd916ed4053197934e4a87c80733a1280d62f8010992e43ee3b2406 + + The entire public key packet is thus: + + 98 33 04 53 f3 5f 0b 16 09 2b 06 01 04 01 da 47 + 0f 01 01 07 40 3f 09 89 94 bd d9 16 ed 40 53 19 + 79 34 e4 a8 7c 80 73 3a 12 80 d6 2f 80 10 99 2e + 43 ee 3b 24 06 + + + + + +Koch Expires February 29, 2016 [Page 6] + +Internet-Draft EdDSA for OpenPGP August 2015 + + +A.2. Sample signature + + The signature is created using the sample key over the input data + "OpenPGP" on 2015-09-16 12:24:53 and thus the input to the hash + function is: + + m: 4f70656e504750040016080006050255f95f9504ff0000000c + + Using the SHA-256 hash algorithm yields the digest: + + d: f6220a3f757814f4c2176ffbb68b00249cd4ccdc059c4b34ad871f30b1740280 + + Which is fed into the EdDSA signature function and yields this + signature: + + r: 56f90cca98e2102637bd983fdb16c131dfd27ed82bf4dde5606e0d756aed3366 + + s: d09c4fa11527f038e0f57f2201d82f2ea2c9033265fa6ceb489e854bae61b404 + + The entire signature packet is thus: + + 88 5e 04 00 16 08 00 06 05 02 55 f9 5f 95 00 0a + 09 10 8c fd e1 21 97 96 5a 9a f6 22 01 00 56 f9 + 0c ca 98 e2 10 26 37 bd 98 3f db 16 c1 31 df d2 + 7e d8 2b f4 dd e5 60 6e 0d 75 6a ed 33 66 01 00 + d0 9c 4f a1 15 27 f0 38 e0 f5 7f 22 01 d8 2f 2e + a2 c9 03 32 65 fa 6c eb 48 9e 85 4b ae 61 b4 04 + +Appendix B. Point compression flag bytes + + This specification introduces the new flag byte 0x40 to indicate the + point compression format. The value has been chosen so that the high + bit is not cleared and thus to avoid accidental sign extension. Two + other values might also be interesting for other ECC specifications: + + Flag Description + ---- ----------- + 0x04 Standard flag for uncompression format + 0x40 Native point format of the curve follows + 0x41 Only X coordinate follows. + 0x42 Only Y coordinate follows. + +Appendix C. Changes since -02 + + o Fixed decription in the test vectors regarding an extra 0x00 byte. + + o Small gramar fixes. + + + + +Koch Expires February 29, 2016 [Page 7] + +Internet-Draft EdDSA for OpenPGP August 2015 + + + o Reference Josefsson's EdDSA I-D instead of the original paper. + +Author's Address + + Werner Koch + g10 Code + + Email: wk at gnupg.org + URI: https://g10code.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Koch Expires February 29, 2016 [Page 8] diff --git a/misc/id/eddsa-for-openpgp/middle.mkd b/misc/id/eddsa-for-openpgp/middle.mkd index 9e2de3f..2dfeb92 100644 --- a/misc/id/eddsa-for-openpgp/middle.mkd +++ b/misc/id/eddsa-for-openpgp/middle.mkd @@ -6,13 +6,13 @@ Elliptic Curve Cryptography and specifies the ECDSA and ECDH algorithms. Due to patent reasons no point compression was defined. This document specifies how to use the EdDSA public key signature -algorithm [](#ED25519) with the OpenPGP standard. It defines a new -signature algorithm named EdDSA and specifies how to use the Ed25519 -curve with EdDSA. This algorithm uses a custom point compression -method. There are three main advantages of the EdDSA algorithm: It -does not require the use of a unique random number for each signature, -there are no padding or truncation issues as with ECDSA, and it is -more resilient to side-channel attacks. +algorithm [](#I-D.josefsson-eddsa-ed25519) with the OpenPGP standard. +It defines a new signature algorithm named EdDSA and specifies how to +use the Ed25519 curve with EdDSA. This algorithm uses a custom point +compression method. There are three main advantages of the EdDSA +algorithm: It does not require the use of a unique random number for +each signature, there are no padding or truncation issues as with +ECDSA, and it is more resilient to side-channel attacks. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this @@ -23,7 +23,8 @@ document are to be interpreted as described in [](#RFC2119). This document references the Curve "Ed25519" which is the Edwards form of "Curve25519" and specified in the same paper as the "EdDSA" -algorithm ([](#ED25519)). +algorithm ([](#ED25519)). For the full specification see +[](#I-D.josefsson-eddsa-ed25519). Other curves may be used by using a specific OID for the curve and its EdDSA parameters. @@ -94,7 +95,7 @@ Algorithm-Specific Fields for an EdDSA signature are: - MPI of EdDSA value s. Note that the compressed version of R and S as specified for EdDSA -([](#ED25519)) is used. +([](#I-D.josefsson-eddsa-ed25519)) is used. The version 3 signature format MUST NOT be used with EdDSA. diff --git a/misc/id/eddsa-for-openpgp/template.xml b/misc/id/eddsa-for-openpgp/template.xml index 85bb532..e37c399 100644 --- a/misc/id/eddsa-for-openpgp/template.xml +++ b/misc/id/eddsa-for-openpgp/template.xml @@ -9,7 +9,11 @@ + + ]> + @@ -32,7 +36,7 @@ - + Security @@ -46,12 +50,15 @@ - &ed25519; + &eddsaed25519; &rfc.4880; &rfc.6637; &rfc.5226; &rfc.2119; + + &ed25519; + &pandocBack; ----------------------------------------------------------------------- Summary of changes: misc/id/common/README | 2 + .../reference.I-D.josefsson-eddsa-ed25519.xml | 24 +++ misc/id/eddsa-for-openpgp/back.mkd | 3 +- ...-00.txt => draft-koch-eddsa-for-openpgp-03.txt} | 208 +++++++++++++-------- misc/id/eddsa-for-openpgp/middle.mkd | 19 +- misc/id/eddsa-for-openpgp/template.xml | 11 +- 6 files changed, 179 insertions(+), 88 deletions(-) create mode 100644 misc/id/common/README create mode 100644 misc/id/common/reference.I-D.josefsson-eddsa-ed25519.xml copy misc/id/eddsa-for-openpgp/{draft-koch-eddsa-for-openpgp-00.txt => draft-koch-eddsa-for-openpgp-03.txt} (75%) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 28 10:26:49 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Aug 2015 10:26:49 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.2.1-8-g5a52404 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 5a52404c704d0e99629a2db79dda17e3b95c9680 (commit) from d4bef26a49879761867ad6d57113341915db6acf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5a52404c704d0e99629a2db79dda17e3b95c9680 Author: Werner Koch Date: Fri Aug 28 10:22:39 2015 +0200 Read up remaining lines in assuan_inquire after reaching MAXLEN * src/assuan-inquire.c (assuan_inquire): Clear return args on error. Read up remaining lines after MAXLEN has been hit. -- If we would stop immediately at MAXLEN, as we did, the client would continue to send data which the server may consider as new Assuan commands. Signed-off-by: Werner Koch diff --git a/doc/assuan.texi b/doc/assuan.texi index 1c3c2ca..14f2cf0 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -1763,8 +1763,8 @@ the required data (@var{keyword}). All other parameters may be On success the result is stored in a newly allocated buffer stored at @var{r_buffer}. The length of the data is stored at @var{r_length}. -If @var{maxlen} has not been given as @code{0}, it describes an upper -size limited of the expected data. If the client returns too much +If @var{maxlen} has not been given as @code{0}, it specifies an upper +size limit of the expected data. If the client returns too much data the function fails and an error with the error code @code{GPG_ERR_ASS_TOO_MUCH_DATA} will be returned. @end deftypefun diff --git a/src/assuan-inquire.c b/src/assuan-inquire.c index a4cfc20..f863935 100644 --- a/src/assuan-inquire.c +++ b/src/assuan-inquire.c @@ -136,7 +136,7 @@ free_membuf (assuan_context_t ctx, struct membuf *mb) * A server may use this to send an inquire. r_buffer, r_length and * maxlen may all be NULL/0 to indicate that no real data is expected. * The returned buffer is guaranteed to have an extra 0-byte after the - * length. Thus it can be used as a string if embedded o bytes are + * length. Thus it can be used as a string if embedded 0 bytes are * not an issue. * * Return value: 0 on success or an ASSUAN error code @@ -152,6 +152,11 @@ assuan_inquire (assuan_context_t ctx, const char *keyword, int linelen; int nodataexpected; + if (r_buffer) + *r_buffer = NULL; + if (r_length) + *r_length = 0; + if (!ctx || !keyword || (10 + strlen (keyword) >= sizeof (cmdbuf))) return _assuan_error (ctx, GPG_ERR_ASS_INV_VALUE); nodataexpected = !r_buffer && !r_length && !maxlen; @@ -212,6 +217,9 @@ assuan_inquire (assuan_context_t ctx, const char *keyword, line += 2; linelen -= 2; + if (mb.too_large) + continue; /* Need to read up the remaining data. */ + p = line; while (linelen) { @@ -229,18 +237,18 @@ assuan_inquire (assuan_context_t ctx, const char *keyword, } line = p; } - if (mb.too_large) - { - rc = _assuan_error (ctx, GPG_ERR_ASS_TOO_MUCH_DATA); - goto out; - } } if (!nodataexpected) { - *r_buffer = get_membuf (ctx, &mb, r_length); - if (!*r_buffer) - rc = _assuan_error (ctx, gpg_err_code_from_syserror ()); + if (mb.too_large) + rc = _assuan_error (ctx, GPG_ERR_ASS_TOO_MUCH_DATA); + else + { + *r_buffer = get_membuf (ctx, &mb, r_length); + if (!*r_buffer) + rc = _assuan_error (ctx, gpg_err_code_from_syserror ()); + } } out: ----------------------------------------------------------------------- Summary of changes: doc/assuan.texi | 4 ++-- src/assuan-inquire.c | 26 +++++++++++++++++--------- 2 files changed, 19 insertions(+), 11 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 28 14:59:06 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Aug 2015 14:59:06 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.2.1-11-g3aec198 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 3aec1981cfd0a7b29750965c065a45ad928e66dc (commit) via cdb1e6484d6f094f8e795bfec5b314ec524a90f8 (commit) via 6d4a8ee2a6c749eec70bd3ae804f21456e375727 (commit) from 5a52404c704d0e99629a2db79dda17e3b95c9680 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3aec1981cfd0a7b29750965c065a45ad928e66dc Author: Werner Koch Date: Fri Aug 28 14:56:27 2015 +0200 Post release updates diff --git a/NEWS b/NEWS index 5488a4e..934feda 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.3.1 (unreleased) [C6/A6/R_] +------------------------------------------------ + + Noteworthy changes in version 2.3.0 (2015-08-28) [C6/A6/R0] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 08a022a..040ce7f 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libassuan]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [0]) +m4_define([mym4_micro], [1]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit cdb1e6484d6f094f8e795bfec5b314ec524a90f8 Author: Werner Koch Date: Fri Aug 28 14:46:16 2015 +0200 Release 2.3.0 * configure.ac: Set LT version to C6/A6/R0. Signed-off-by: Werner Koch diff --git a/AUTHORS b/AUTHORS index 2219f35..ccad0cb 100644 --- a/AUTHORS +++ b/AUTHORS @@ -55,7 +55,7 @@ List of Copyright holders Copyright (C) 1992-2013 Free Software Foundation, Inc. Copyright (C) 1994 X Consortium Copyright (C) 2000 Werner Koch (dd9jn) - Copyright (C) 2001-2014 g10 Code GmbH + Copyright (C) 2001-2015 g10 Code GmbH Copyright (C) 2004 Simon Josefsson diff --git a/NEWS b/NEWS index a851b6a..5488a4e 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,19 @@ -Noteworthy changes in version 2.3.0 (unreleased) [C5/A5/R_] +Noteworthy changes in version 2.3.0 (2015-08-28) [C6/A6/R0] ------------------------------------------------ - * Support Cygwin's local sockets. + * Now wipes out the memory of the context structure before freeing. + The context may have stored sensitive data in its line buffers. + + * Fixed a problem with the data length limit in assuan_inquire. + + * Returns GPG_ERR_SOURCE_ASSUAN with errors from functions w/o a + context. + + * Two new functions to tweak the behaviour of the socket wrappers. + + * Experimental code to support Cygwin's local sockets. + + * By default build without a build timestamp. * Interface changes relative to the 2.2.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/README b/README index defb427..6867dc3 100644 --- a/README +++ b/README @@ -2,7 +2,7 @@ =========== Copyright (C) 2001-2013 Free Software Foundation, Inc. - Copyright (C) 2001-2014 g10 Code GmbH + Copyright (C) 2001-2015 g10 Code GmbH This is a general purpose IPC library which is for example used diff --git a/configure.ac b/configure.ac index 68f6ea7..08a022a 100644 --- a/configure.ac +++ b/configure.ac @@ -59,9 +59,9 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # (Interfaces added: AGE++) # (Interfaces removed/changed: AGE=0) # -LIBASSUAN_LT_CURRENT=5 -LIBASSUAN_LT_AGE=5 -LIBASSUAN_LT_REVISION=1 +LIBASSUAN_LT_CURRENT=6 +LIBASSUAN_LT_AGE=6 +LIBASSUAN_LT_REVISION=0 # If the API is changed in an incompatible way: increment the next counter. LIBASSUAN_CONFIG_API_VERSION=2 diff --git a/doc/assuan.texi b/doc/assuan.texi index 0a49d71..c822190 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -3,7 +3,8 @@ @setfilename assuan.info @macro copyrightnotice -Copyright @copyright{} 2002, 2003, 2006, 2007, 2011 Free Software Foundation, Inc. +Copyright @copyright{} 2001--2013 Free Software Foundation, Inc. @* +Copyright @copyright{} 2001--2015 g10 Code GmbH @end macro @macro permissionnotice Permission is granted to copy, distribute and/or modify this document diff --git a/src/assuan.h.in b/src/assuan.h.in index 14255ea..b26fa3b 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -1,6 +1,6 @@ /* assuan.h - Definitions for the Assuan IPC library -*- c -*- Copyright (C) 2001-2013 Free Software Foundation, Inc. - Copyright (C) 2001-2014 g10 Code GmbH + Copyright (C) 2001-2015 g10 Code GmbH This file is part of Assuan. diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in index 5c0960c..23db15e 100644 --- a/src/versioninfo.rc.in +++ b/src/versioninfo.rc.in @@ -39,7 +39,7 @@ BEGIN VALUE "FileDescription", "Assuan - GnuPG IPC\0" VALUE "FileVersion", "@LIBASSUAN_LT_CURRENT at .@LIBASSUAN_LT_AGE at .@LIBASSUAN_LT_REVISION at .@BUILD_REVISION@\0" VALUE "InternalName", "libassuan\0" - VALUE "LegalCopyright", "Copyright ? 2001-2014 g10 Code GmbH\0" + VALUE "LegalCopyright", "Copyright ? 2001-2015 g10 Code GmbH\0" VALUE "LegalTrademarks", "\0" VALUE "OriginalFilename", "libassuan.dll\0" VALUE "PrivateBuild", "\0" commit 6d4a8ee2a6c749eec70bd3ae804f21456e375727 Author: Werner Koch Date: Tue Jun 30 16:24:52 2015 +0200 Support Cygwin local sockets. * src/assuan-socket.c (cygwin_fdtable, cygwin_fdtable_cs): New. (is_cygwin_fd, insert_cygwin_fd, delete_cygwin_fd): New. (assuan_sock_init) [W32]: Init the CS. (assuan_sock_deinit) [W32]: Deinit the CS. (read_port_and_nonce): Add arg cygwin and detect Cygwin socket files. (_assuan_sock_set_flag): Add "cygwin" flag. (_assuan_sock_get_flag): Ditto. (do_readn, do_writen): New. (_assuan_sock_bind): Create a Cygwin socket file depending on a socket flag. (_assuan_sock_connect): Handle the cygwin socket protocol. (_assuan_sock_check_nonce): Ditto. -- This code has not been tested. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 8007b29..a851b6a 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,8 @@ Noteworthy changes in version 2.3.0 (unreleased) [C5/A5/R_] ------------------------------------------------ + * Support Cygwin's local sockets. + * Interface changes relative to the 2.2.1 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ assuan_sock_set_flag NEW. diff --git a/doc/assuan.texi b/doc/assuan.texi index 14f2cf0..0a49d71 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -2069,7 +2069,19 @@ Store the current value of the flag @var{name} for socket @var{fd} at success; on failure sets ERRNO and returns -1. @end deftypefun -No flags are defined. +The supported flags are: + + at table @code + at item cygwin +This flag has an effect only on Windows. If the value is 1, the +socket is set into Cygwin mode so that Cygwin clients can connect to +such a socket. This flag needs to be set before a bind and should not +be changed during the lifetime of the socket. There is no need to set +this flag for connecting to a Cygwin style socket because no state is +required at the client. On non-Windows platforms setting this flag is +ignored, reading the flag always returns a value of 0. + + at end table @c --------------------------------------------------------------------- diff --git a/src/assuan-socket.c b/src/assuan-socket.c index 7bca0ae..ae90802 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -88,6 +88,87 @@ static assuan_context_t sock_ctx; #ifdef HAVE_W32_SYSTEM +/* A table of active Cygwin connections. This is only used for + listening socket which should be only a few. We do not enter + sockets after a connect into this table. */ +static assuan_fd_t cygwin_fdtable[16]; +/* A critical section to guard access to the table of Cygwin + connections. */ +static CRITICAL_SECTION cygwin_fdtable_cs; + + +/* Return true if SOCKFD is listed as Cygwin socket. */ +static int +is_cygwin_fd (assuan_fd_t sockfd) +{ + int ret = 0; + int i; + + EnterCriticalSection (&cygwin_fdtable_cs); + for (i=0; i < DIM(cygwin_fdtable); i++) + { + if (cygwin_fdtable[i] == sockfd) + { + ret = 1; + break; + } + } + LeaveCriticalSection (&cygwin_fdtable_cs); + return ret; +} + + +/* Insert SOCKFD into the table of Cygwin sockets. Return 0 on + success or -1 on error. */ +static int +insert_cygwin_fd (assuan_fd_t sockfd) +{ + int ret = 0; + int mark = -1; + int i; + + EnterCriticalSection (&cygwin_fdtable_cs); + + for (i=0; i < DIM(cygwin_fdtable); i++) + { + if (cygwin_fdtable[i] == sockfd) + goto leave; /* Already in table. */ + else if (cygwin_fdtable[i] == ASSUAN_INVALID_FD) + mark = i; + } + if (mark == -1) + { + gpg_err_set_errno (EMFILE); + ret = -1; + } + else + cygwin_fdtable[mark] = sockfd; + + leave: + LeaveCriticalSection (&cygwin_fdtable_cs); + return ret; +} + + +/* Delete SOCKFD from the table of Cygwin sockets. */ +static void +delete_cygwin_fd (assuan_fd_t sockfd) +{ + int i; + + EnterCriticalSection (&cygwin_fdtable_cs); + for (i=0; i < DIM(cygwin_fdtable); i++) + { + if (cygwin_fdtable[i] == sockfd) + { + cygwin_fdtable[i] = ASSUAN_INVALID_FD; + break; + } + } + LeaveCriticalSection (&cygwin_fdtable_cs); + return; +} + #ifdef HAVE_W32CE_SYSTEM static wchar_t * @@ -210,16 +291,19 @@ get_nonce (char *buffer, size_t nbytes) } -/* W32: The buffer for NONCE needs to be at least 16 bytes. Returns 0 on - success and sets errno on failure. */ +/* W32: The buffer for NONCE needs to be at least 16 bytes. Returns 0 + on success and sets errno on failure. If FNAME has a Cygwin socket + descriptor True is stored at CYGWIN. */ static int -read_port_and_nonce (const char *fname, unsigned short *port, char *nonce) +read_port_and_nonce (const char *fname, unsigned short *port, char *nonce, + int *cygwin) { FILE *fp; char buffer[50], *p; size_t nread; int aval; + *cygwin = 0; fp = fopen (fname, "rb"); if (!fp) return -1; @@ -231,22 +315,52 @@ read_port_and_nonce (const char *fname, unsigned short *port, char *nonce) return -1; } buffer[nread] = 0; - aval = atoi (buffer); - if (aval < 1 || aval > 65535) + if (!strncmp (buffer, "!", 10)) { - gpg_err_set_errno (EINVAL); - return -1; + /* This is the Cygwin compatible socket emulation. The format + * of the file is: + * + * "!%u %c %08x-%08x-%08x-%08x\x00" + * + * %d for port number, %c for kind of socket (s for STREAM), and + * we have 16-byte random bytes for nonce. We only support + * stream mode. + */ + unsigned int u0; + int narr[4]; + + if (sscanf (buffer+10, "%u s %08x-%08x-%08x-%08x", + &u0, narr+0, narr+1, narr+2, narr+3) != 5 + || u0 < 1 || u0 > 65535) + { + gpg_err_set_errno (EINVAL); + return -1; + } + *port = u0; + memcpy (nonce, narr, 16); + *cygwin = 1; } - *port = (unsigned int)aval; - for (p=buffer; nread && *p != '\n'; p++, nread--) - ; - if (*p != '\n' || nread != 17) + else { - gpg_err_set_errno (EINVAL); - return -1; + /* This is our own socket emulation. */ + aval = atoi (buffer); + if (aval < 1 || aval > 65535) + { + gpg_err_set_errno (EINVAL); + return -1; + } + *port = (unsigned int)aval; + for (p=buffer; nread && *p != '\n'; p++, nread--) + ; + if (*p != '\n' || nread != 17) + { + gpg_err_set_errno (EINVAL); + return -1; + } + p++; nread--; + memcpy (nonce, p, 16); } - p++; nread--; - memcpy (nonce, p, 16); + return 0; } #endif /*HAVE_W32_SYSTEM*/ @@ -386,8 +500,16 @@ int _assuan_sock_set_flag (assuan_context_t ctx, assuan_fd_t sockfd, const char *name, int value) { - if (0) + if (!strcmp (name, "cygwin")) { +#ifdef HAVE_W32_SYSTEM + if (!value) + delete_cygwin_fd (sockfd); + else if (insert_cygwin_fd (sockfd)) + return -1; +#else + /* Setting the Cygwin flag on non-Windows is ignored. */ +#endif } else { @@ -405,8 +527,13 @@ _assuan_sock_get_flag (assuan_context_t ctx, assuan_fd_t sockfd, { (void)ctx; - if (0) + if (!strcmp (name, "cygwin")) { +#ifdef HAVE_W32_SYSTEM + *r_value = is_cygwin_fd (sockfd); +#else + *r_value = 0; +#endif } else { @@ -418,6 +545,62 @@ _assuan_sock_get_flag (assuan_context_t ctx, assuan_fd_t sockfd, } +/* Read NBYTES from SOCKFD into BUFFER. Return 0 on success. Handle + EAGAIN and EINTR. */ +#ifdef HAVE_W32_SYSTEM +static int +do_readn (assuan_context_t ctx, assuan_fd_t sockfd, + void *buffer, size_t nbytes) +{ + char *p = buffer; + size_t n; + + while (nbytes) + { + n = _assuan_read (ctx, sockfd, p, nbytes); + if (n < 0 && errno == EINTR) + ; + else if (n < 0 && errno == EAGAIN) + Sleep (100); + else if (n < 0) + return -1; + else if (!n) + { + gpg_err_set_errno (EIO); + return -1; + } + else + { + p += n; + nbytes -= n; + } + } + return 0; +} + + +/* Write NBYTES from BUFFER to SOCKFD. Return 0 on success; on error + return -1 and set ERRNO. */ +static int +do_writen (assuan_context_t ctx, assuan_fd_t sockfd, + const void *buffer, size_t nbytes) +{ + int ret; + + ret = _assuan_write (ctx, sockfd, buffer, nbytes); + if (ret >= 0 && ret != nbytes) + { + gpg_err_set_errno (EIO); + ret = -1; + } + else if (ret >= 0) + ret = 0; + + return ret; +} +#endif /*HAVE_W32_SYSTEM*/ + + int _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, struct sockaddr *addr, int addrlen) @@ -429,10 +612,11 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, struct sockaddr_un *unaddr; unsigned short port; char nonce[16]; + int cygwin; int ret; unaddr = (struct sockaddr_un *)addr; - if (read_port_and_nonce (unaddr->sun_path, &port, nonce)) + if (read_port_and_nonce (unaddr->sun_path, &port, nonce, &cygwin)) return -1; myaddr.sin_family = AF_INET; @@ -449,20 +633,36 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, if (!ret) { /* Send the nonce. */ - ret = _assuan_write (ctx, sockfd, nonce, 16); - if (ret >= 0 && ret != 16) + ret = do_writen (ctx, sockfd, nonce, 16); + if (!ret && cygwin) { - gpg_err_set_errno (EIO); - ret = -1; + char buffer[16]; + + /* The client sends the nonce back - not useful. We do + a dummy read. */ + ret = do_readn (ctx, sockfd, buffer, 16); + if (!ret) + { + /* Send our credentials. */ + int n = getpid (); + memcpy (buffer, &n, 4); + memset (buffer+4, 0, 4); /* uid = gid = 0 */ + ret = do_writen (ctx, sockfd, buffer, 8); + if (!ret) + { + /* Receive credentials. We don't need them. */ + ret = do_readn (ctx, sockfd, buffer, 8); + } + } } } return ret; } else { - int res; - res = _assuan_connect (ctx, HANDLE2SOCKET (sockfd), addr, addrlen); - return res; + int ret; + ret = _assuan_connect (ctx, HANDLE2SOCKET (sockfd), addr, addrlen); + return ret; } #else # if HAVE_STAT @@ -514,11 +714,14 @@ _assuan_sock_bind (assuan_context_t ctx, assuan_fd_t sockfd, HANDLE filehd; int len = sizeof myaddr; int rc; - char nonce[16]; - char tmpbuf[33+16]; + union { + char data[16]; + int aint[4]; + } nonce; + char tmpbuf[50+16]; DWORD nwritten; - if (get_nonce (nonce, 16)) + if (get_nonce (nonce.data, 16)) return -1; unaddr = (struct sockaddr_un *)addr; @@ -553,10 +756,22 @@ _assuan_sock_bind (assuan_context_t ctx, assuan_fd_t sockfd, gpg_err_set_errno (save_e); return rc; } - snprintf (tmpbuf, sizeof tmpbuf, "%d\n", ntohs (myaddr.sin_port)); - len = strlen (tmpbuf); - memcpy (tmpbuf+len, nonce,16); - len += 16; + + if (is_cygwin_fd (sockfd)) + { + snprintf (tmpbuf, sizeof tmpbuf, + "!%d s %08x-%08x-%08x-%08x", + ntohs (myaddr.sin_port), + nonce.aint[0], nonce.aint[1], nonce.aint[2], nonce.aint[3]); + len = strlen (tmpbuf) + 1; + } + else + { + snprintf (tmpbuf, sizeof tmpbuf-16, "%d\n", ntohs (myaddr.sin_port)); + len = strlen (tmpbuf); + memcpy (tmpbuf+len, nonce.data,16); + len += 16; + } if (!WriteFile (filehd, tmpbuf, len, &nwritten, NULL)) { @@ -653,6 +868,7 @@ _assuan_sock_get_nonce (assuan_context_t ctx, struct sockaddr *addr, { struct sockaddr_un *unaddr; unsigned short port; + int dummy; if (sizeof nonce->nonce != 16) { @@ -661,7 +877,7 @@ _assuan_sock_get_nonce (assuan_context_t ctx, struct sockaddr *addr, } nonce->length = 16; unaddr = (struct sockaddr_un *)addr; - if (read_port_and_nonce (unaddr->sun_path, &port, nonce->nonce)) + if (read_port_and_nonce (unaddr->sun_path, &port, nonce->nonce, &dummy)) return -1; } else @@ -683,8 +899,7 @@ _assuan_sock_check_nonce (assuan_context_t ctx, assuan_fd_t fd, assuan_sock_nonce_t *nonce) { #ifdef HAVE_W32_SYSTEM - char buffer[16], *p; - size_t nleft; + char buffer[16]; int n; if (sizeof nonce->nonce != 16) @@ -702,33 +917,33 @@ _assuan_sock_check_nonce (assuan_context_t ctx, assuan_fd_t fd, return -1; } - p = buffer; - nleft = 16; - while (nleft) - { - n = _assuan_read (ctx, SOCKET2HANDLE(fd), p, nleft); - if (n < 0 && errno == EINTR) - ; - else if (n < 0 && errno == EAGAIN) - Sleep (100); - else if (n < 0) - return -1; - else if (!n) - { - gpg_err_set_errno (EIO); - return -1; - } - else - { - p += n; - nleft -= n; - } - } + if (do_readn (ctx, fd, buffer, 16)) + return -1; if (memcmp (buffer, nonce->nonce, 16)) { gpg_err_set_errno (EACCES); return -1; } + if (is_cygwin_fd (fd)) + { + /* Send the nonce back to the client. */ + if (do_writen (ctx, fd, buffer, 16)) + return -1; + /* Read the credentials. Cygwin uses the + struct ucred { pid_t pid; uid_t uid; gid_t gid; }; + with pid_t being an int (4 bytes) and uid_t and gid_t being + shorts (2 bytes). Thus we need to read 8 bytes. However we + we ignore the values because they are not kernel controlled. */ + if (do_readn (ctx, fd, buffer, 8)) + return -1; + /* Send our credentials: We use the uid and gid we received but + our own pid. */ + n = getpid (); + memcpy (buffer, &n, 4); + if (do_writen (ctx, fd, buffer, 8)) + return -1; + } + #else (void)fd; (void)nonce; @@ -750,6 +965,10 @@ assuan_sock_init () if (sock_ctx != NULL) return 0; +#ifdef HAVE_W32_SYSTEM + InitializeCriticalSection (&cygwin_fdtable_cs); +#endif + err = assuan_new (&sock_ctx); #ifdef HAVE_W32_SYSTEM @@ -773,12 +992,20 @@ assuan_sock_deinit () assuan_release (sock_ctx); sock_ctx = NULL; + +#ifdef HAVE_W32_SYSTEM + DeleteCriticalSection (&cygwin_fdtable_cs); +#endif } int assuan_sock_close (assuan_fd_t fd) { +#ifdef HAVE_W32_SYSTEM + if (fd != ASSUAN_INVALID_FD) + delete_cygwin_fd (fd); +#endif return _assuan_close (sock_ctx, fd); } ----------------------------------------------------------------------- Summary of changes: AUTHORS | 2 +- NEWS | 20 ++- README | 2 +- configure.ac | 8 +- doc/assuan.texi | 17 ++- src/assuan-socket.c | 341 +++++++++++++++++++++++++++++++++++++++++--------- src/assuan.h.in | 2 +- src/versioninfo.rc.in | 2 +- 8 files changed, 326 insertions(+), 68 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Aug 28 15:30:02 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 28 Aug 2015 15:30:02 +0200 Subject: [git] gnupg-doc - branch, master, updated. 7967e145e5231a5266409b57e3f4ab121b4845a6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 7967e145e5231a5266409b57e3f4ab121b4845a6 (commit) from c9898afbcc069b4ccdb90ab1c12082a4d37cd724 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7967e145e5231a5266409b57e3f4ab121b4845a6 Author: Werner Koch Date: Fri Aug 28 15:22:10 2015 +0200 web: Release libassuan 2.3.0. diff --git a/misc/id/eddsa-for-openpgp/back.mkd b/misc/id/eddsa-for-openpgp/back.mkd index 505b727..77a16ca 100644 --- a/misc/id/eddsa-for-openpgp/back.mkd +++ b/misc/id/eddsa-for-openpgp/back.mkd @@ -67,13 +67,11 @@ other values might also be interesting for other ECC specifications: Flag Description ---- ----------- - 0x04 Standard flag for uncompression format + 0x04 Standard flag for uncompressed format 0x40 Native point format of the curve follows 0x41 Only X coordinate follows. 0x42 Only Y coordinate follows. -# Changes since -02 +# Changes since -03 - - Fixed decription in the test vectors regarding an extra 0x00 byte. - - Small gramar fixes. - - Reference Josefsson's EdDSA I-D instead of the original paper. + - xxxx diff --git a/misc/id/eddsa-for-openpgp/template.xml b/misc/id/eddsa-for-openpgp/template.xml index e37c399..d27accc 100644 --- a/misc/id/eddsa-for-openpgp/template.xml +++ b/misc/id/eddsa-for-openpgp/template.xml @@ -15,7 +15,7 @@ ]> + docName="draft-koch-eddsa-for-openpgp-04"> @@ -36,7 +36,7 @@ - + Security diff --git a/web/index.org b/web/index.org index 87a5903..f21adb2 100644 --- a/web/index.org +++ b/web/index.org @@ -64,6 +64,12 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** Libassuan 2.3.0 released (2015-08-28) + +[[file:related_software/libassuan/index.org][Libassuan]] is a generic [[https://en.wikipedia.org/wiki/Inter-process_communication][IPC]] library used by GnuPG, GPGME, and a few +other packages. This release fixes two bugs and introduces new +support functions for the socket wrappers. See [[http://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000374.html][here]] for details. + ** GPGME 1.6.0 and Libgpg-error 1.20 released (2015-08-26) GPGME 1.6.0 is now available. This release introduce a mode to export diff --git a/web/swdb.mac b/web/swdb.mac index fc6789f..81ef4eb 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -103,9 +103,9 @@ # # LIBASSUAN # -#+macro: libassuan_ver 2.2.1 -#+macro: libassuan_size 530k -#+macro: libassuan_sha1 c21b86482f6a3624c2b46b91e20f8415f244233a +#+macro: libassuan_ver 2.3.0 +#+macro: libassuan_size 531k +#+macro: libassuan_sha1 23f7ea010983b869f765c36d169dec51c8296cff # ----------------------------------------------------------------------- Summary of changes: misc/id/eddsa-for-openpgp/back.mkd | 8 +++----- misc/id/eddsa-for-openpgp/template.xml | 4 ++-- web/index.org | 6 ++++++ web/swdb.mac | 6 +++--- 4 files changed, 14 insertions(+), 10 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 01:40:08 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 01:40:08 +0200 Subject: [git] gnupg-doc - branch, master, updated. 7cdc195f779439833f02ca7d827f407a5005b5d9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 7cdc195f779439833f02ca7d827f407a5005b5d9 (commit) from 7967e145e5231a5266409b57e3f4ab121b4845a6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7cdc195f779439833f02ca7d827f407a5005b5d9 Author: Robert J. Hansen Date: Sat Aug 29 19:40:00 2015 -0400 Updated the product matrix. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index caedd57..04c9398 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -614,11 +614,11 @@ os actively developed. :CUSTOM_ID: email_clients_win32 :END: -| Name | Plugins | GnuPG | PGP/MIME | Active | see | -|-------------+----------------+----------+----------+--------+-----| -| Thunderbird | yes (Enigmail) | 1.4, 2.0 | yes | yes | (1) | -| Kontact | native | 1.4, 2.0 | yes | yes | (2) | -| Claws-Mail | yes (internal) | 1.4, 2.0 | yes | yes | (3) | +| Name | Plugins | see | +|-------------+----------------+-----| +| Thunderbird | yes (Enigmail) | (1) | +| Kontact | native | (2) | +| Claws-Mail | yes (internal) | (3) | (1) With the Enigmail plugin, Thunderbird becomes one of the most popular GnuPG-aware email clients. it?s under active development @@ -637,12 +637,12 @@ os actively developed. :CUSTOM_ID: email_clients_osx :END: -| Name | Plugins | GnuPG | PGP/MIME | Active | see | -|-------------+----------------+----------+----------+--------+-----| -| Thunderbird | yes (Enigmail) | 1.4, 2.0 | yes | yes | (1) | -| Gnus | yes ([[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | 1.4, 2.0 | yes | yes | (2) | -| Mutt | native | 1.4, 2.0 | yes | yes | (3) | -| Apple Mail | yes ([[http://www.gpgtools.org][GPGtools]]) | 2.0 | no | yes | (4) | +| Name | Plugins | see | +|-------------+----------------+-----| +| Thunderbird | yes (Enigmail) | (1) | +| Gnus | yes ([[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | (2) | +| Mutt | native | (3) | +| Apple Mail | yes ([[http://www.gpgtools.org][GPGtools]]) | (4) | (1) With the Enigmail plugin, Thunderbird becomes one of the most popular GnuPG-aware email clients. it?s under active development @@ -655,8 +655,8 @@ os actively developed. (3) For best experience make sure to put ~set crypt_use_gpgme~ in your =~/.muttrc= file. -(4) PGP/MIME support in Apple Mail+GPGtools is not absent, just - temporarily broken. +(4) As of this writing, Apple Mail is incompatible with PGP/MIME. This + is a known bug and people are working on it. ** ? Linux or FreeBSD? @@ -664,14 +664,14 @@ os actively developed. :CUSTOM_ID: email_clients_linux :END: -| Name | Plugins | GnuPG | PGP/MIME | Active | see | -|-------------+----------------+----------+----------+--------+-----| -| Thunderbird | yes (Enigmail) | 1.4, 2.0 | yes | yes | (1) | -| Gnus | yes ([[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | 1.4, 2.0 | yes | yes | (2) | -| Mutt | native | 1.4, 2.0 | yes | yes | (3) | -| Kontact | native | 1.4, 2.0 | yes | yes | (4) | -| Evolution | native | 1.4, 2.0 | yes | yes | | -| Claws-Mail | yes (internal) | 1.4, 2.0 | yes | yes | | +| Name | Plugins | see | +|-------------+----------------+-----| +| Thunderbird | yes (Enigmail) | (1) | +| Gnus | yes ([[http://www.emacswiki.org/emacs/EasyPG][EasyPG]]) | (2) | +| Mutt | native | (3) | +| Kontact | native | (4) | +| Evolution | native | | +| Claws-Mail | yes (internal) | | (1) With the Enigmail plugin, Thunderbird becomes one of the most popular GnuPG-aware email clients. it?s under active development @@ -693,8 +693,15 @@ os actively developed. :CUSTOM_ID: portable_app :END: -For Windows users, check [[http://portableapps.com/apps/internet/thunderbird_portable][PortableApps.com]]. To build you own portable -application you may use the /mkportable/ tool which comes with [[http://www.gpg4win.org][Gpg4win]]. +Yes, but we don't recommend it. Sharing a USB token between lots of +random computers is a great way to get infested with malware, and that's +not something you want to happen to the token you're using for secure +email. If you're going to do this, please show caution with respect to +which computers you use the portable app on. + +That said, Windows users should check [[http://portableapps.com/apps/internet/thunderbird_portable][PortableApps]]. +Or, to build your own, use the /mkportable/ tool which comes with +[[http://www.gpg4win.org][Gpg4win]]. * What do all these strange words mean? ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 53 +++++++++++++++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 23 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 01:40:48 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 01:40:48 +0200 Subject: [git] gnupg-doc - branch, master, updated. f8d0f1debc1037c235e80ae0c94ac122c81dd4c3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via f8d0f1debc1037c235e80ae0c94ac122c81dd4c3 (commit) from 7cdc195f779439833f02ca7d827f407a5005b5d9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f8d0f1debc1037c235e80ae0c94ac122c81dd4c3 Author: Robert J. Hansen Date: Sat Aug 29 19:40:44 2015 -0400 Corrected Daniele Raffo's email address. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 04c9398..ca298d6 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -437,7 +437,7 @@ but on the whole it?s a wonderful resource. - Olav Seyfarth <[[mailto:olav at enigmail.net?subject=The%20Enigmail%20list][olav at enigmail.net]]> - Patrick Brunschwig <[[mailto:patrick at enigmail.net?subject=The%20Enigmail%20list][patrick at enigmail.net]]> - Ludwig H?gelsch?fer <[[mailto:ludwig at enigmail.net?subject=The%20Enigmail%20list][ludwig at enigmail.net]]> - - Daniele Raffo <[[mailto:daniele at enigmail.net?subject=The%20Enigmail%20list][dan at enigmail.net]]> + - Daniele Raffo <[[mailto:dan at enigmail.net?subject=The%20Enigmail%20list][dan at enigmail.net]]> - Robert J. Hansen <[[mailto:rob at enigmail.net?subject=The%20Enigmail%20list][rob at enigmail.net]]> - Supports PGP/MIME :: Yes - Languages supported :: English, Deutsch, Schwyzerd?tsch, Espa?ol ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 01:45:04 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 01:45:04 +0200 Subject: [git] gnupg-doc - branch, master, updated. 0511f5af8a735cb59c1f66439f634a79e9849bd6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 0511f5af8a735cb59c1f66439f634a79e9849bd6 (commit) from f8d0f1debc1037c235e80ae0c94ac122c81dd4c3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0511f5af8a735cb59c1f66439f634a79e9849bd6 Author: Robert J. Hansen Date: Sat Aug 29 19:44:59 2015 -0400 Removed reference to PGP 2.6 compatibility. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index ca298d6..a99a2a5 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -162,7 +162,7 @@ clients, such as Psi. :END: Largely, yes. It can be made to interoperate with anything from PGP -2.6 and onwards, and has excellent interoperability with the most +5 and onwards, and has excellent interoperability with the most recent releases. ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 01:46:00 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 01:46:00 +0200 Subject: [git] gnupg-doc - branch, master, updated. a426459c7196ef803ceb18450f7000074a418150 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via a426459c7196ef803ceb18450f7000074a418150 (commit) from 0511f5af8a735cb59c1f66439f634a79e9849bd6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a426459c7196ef803ceb18450f7000074a418150 Author: Robert J. Hansen Date: Sat Aug 29 19:45:55 2015 -0400 Corrected a stale URL. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index a99a2a5..7ec122f 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -570,7 +570,7 @@ Cryptography/]]. :CUSTOM_ID: pages_about_cryptographic_mathematics :END: -The maintainer of this list also keeps a gentle(-ish) [[http://keyservers.org/~rjh/cryptofaq.xhtml][introduction to +The maintainer of this list also keeps a gentle(-ish) [[http://sixdemonbag.org/~rjh/cryptofaq.xhtml][introduction to the mathematics and computer science of cryptography]]. ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 01:49:42 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 01:49:42 +0200 Subject: [git] gnupg-doc - branch, master, updated. adec09e94940869c14b26a3e086e87e91951065f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via adec09e94940869c14b26a3e086e87e91951065f (commit) from a426459c7196ef803ceb18450f7000074a418150 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit adec09e94940869c14b26a3e086e87e91951065f Author: Robert J. Hansen Date: Sat Aug 29 19:49:35 2015 -0400 Cleaned up some discussion about hashes. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 7ec122f..d855609 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -976,23 +976,15 @@ to an astonishing amount of peer review. the way of changes. It still generates 160-bit outputs. SHA-1 has not aged well. Although it is still believed to be safe, it would be advisable to use another, different hash function if possible. -- *SHA-224*: This is a massively-overhauled SHA-1 which generates - 224-bit outputs. It is believed to be safe, with no warnings about - its usage. -- *SHA-256*: This is a massively-overhauled SHA-1 which generates - 256-bit outputs. It is believed to be safe, with no warnings about - its usage. -- *SHA-384*: This is a massively-overhauled SHA-1 which generates - 384-bit outputs. It is believed to be safe, with no warnings about - its usage. -- *SHA-512*: This is a massively-overhauled SHA-1 which generates - 512-bit outputs. It is believed to be safe, with no warnings about - its usage. +- *SHA-224, 256, 384, or 512*: This is a massively-overhauled SHA-1 which + generates larger hashes (224, 256, 384, or 512 bits). Right now, + these are the strongest hashes in GnuPG. - *SHA-3*: SHA-3 is a completely new hash algorithm that makes a clean break with the previous SHAs. It is believed to be safe, with no - warnings about its usage. At present, GnuPG does not support SHA-3. - Support for SHA-3 is forthcoming: expect it soon. - + warnings about its usage. It hasn't yet been officially introduced + into the OpenPGP standard, and for that reason GnuPG doesn't support + it. However, SHA-3 will probably be incorporated into the spec, and + GnuPG will support it as soon as it does. ** What?s MD5? ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 01:52:46 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 01:52:46 +0200 Subject: [git] gnupg-doc - branch, master, updated. 5265ee7a1e79cc0cc936688ba6a2e5e7e78de0a5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 5265ee7a1e79cc0cc936688ba6a2e5e7e78de0a5 (commit) from adec09e94940869c14b26a3e086e87e91951065f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5265ee7a1e79cc0cc936688ba6a2e5e7e78de0a5 Author: Robert J. Hansen Date: Sat Aug 29 19:52:41 2015 -0400 Moved CAST discussion to join the other ciphers. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index d855609..6a3f448 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -938,6 +938,24 @@ as a rock, and very few GnuPG users will ever notice a problem with it. Provided you?re not encrypting more than 4Gb of data you may use 3DES with confidence. +** What are CAST, CAST5, and CAST5-128? + :PROPERTIES: + :CUSTOM_ID: define_cast + :END: + + +Carlisle Adams and Stafford Tavares (the ?CA? and the ?ST? in ?CAST?) +developed the CAST algorithm in 1996. It was later approved for +Canadian government use. + +CAST has many names: CAST, CAST5, CAST5-128 and CAST-128 all refer to +the same algorithm. + +Internally, CAST is distinctly similar to Blowfish, another +well-respected algorithm. Like 3DES, its 64-bit block size means it +should not be used to encrypt files larger than 4Gb in size. With +that said, though, CAST is a modern cipher and may be used with +confidence. ** What?s Camellia? @@ -995,35 +1013,8 @@ to an astonishing amount of peer review. MD5 is a 128-bit cryptographic hash function invented by Ron Rivest (the ?R? of ?RSA?) in the early 1990s. For many years it was one of -the standard algorithms of the field, but it has not aged well and is -widely considered to be completely obsolete. - -You don?t need to worry about MD5, though: although GnuPG can read -MD5-based signatures, it will only generate MD5-based signatures if -you jump through a lot of hoops. This is for your own safety, to -prevent people from accidentally generating MD5-based signatures. - - - -** What are CAST, CAST5, and CAST5-128? - :PROPERTIES: - :CUSTOM_ID: define_cast - :END: - - -Carlisle Adams and Stafford Tavares (the ?CA? and the ?ST? in ?CAST?) -developed the CAST algorithm in 1996. It was later approved for -Canadian government use. - -CAST has many names: CAST, CAST5, CAST5-128 and CAST-128 all refer to -the same algorithm. - -Internally, CAST is distinctly similar to Blowfish, another -well-respected algorithm. Like 3DES, its 64-bit block size means it -should not be used to encrypt files larger than 4Gb in size. With -that said, though, CAST is a modern cipher and may be used with -confidence. - +the standard algorithms of the field, but is now completely obsolete. +For that reason, MD5 is not supported by GnuPG. ** What are ZLIB, ZIP and BZIP? ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 49 ++++++++++++++++++++----------------------------- 1 file changed, 20 insertions(+), 29 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 01:55:08 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 01:55:08 +0200 Subject: [git] gnupg-doc - branch, master, updated. bcd8f46326e72f2d854c80fcd50bd19a022ebc4f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via bcd8f46326e72f2d854c80fcd50bd19a022ebc4f (commit) from 5265ee7a1e79cc0cc936688ba6a2e5e7e78de0a5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bcd8f46326e72f2d854c80fcd50bd19a022ebc4f Author: Robert J. Hansen Date: Sat Aug 29 19:55:03 2015 -0400 Cleaned up language about revocation certificates. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 6a3f448..2765d49 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -1040,12 +1040,10 @@ A revocation certificate is a [[#define_key][certificate]] that possesses the information necessary to mark another certificate as unusable. This is called ?revoking? the certificate. -Recommended procedure is to generate a revocation certificate -immediately after generating a new GnuPG key. If the key is lost -(say, if you have no backups of the key and you lose the smart card or -laptop containing the key), you'll no longer be able to generate a -revocation certificate. Consult [[#generate_revocation_certificate][the FAQ instructions]] on how to do -this. +We recommended you create a revocation certificate immediately after +generating a new GnuPG certificate. Store it somewhere safe. +Consult [[#generate_revocation_certificate][the FAQ instructions]] on +how to do this. ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 01:58:02 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 01:58:02 +0200 Subject: [git] gnupg-doc - branch, master, updated. 53453ba4ed50644f65f35fc7b45c590197edab13 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 53453ba4ed50644f65f35fc7b45c590197edab13 (commit) from bcd8f46326e72f2d854c80fcd50bd19a022ebc4f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 53453ba4ed50644f65f35fc7b45c590197edab13 Author: Robert J. Hansen Date: Sat Aug 29 19:57:56 2015 -0400 Cleaned up some language about ownertrust. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index 2765d49..f5f98d8 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -1106,12 +1106,11 @@ owning that certificate to do proper validation of certificates, you can tell GnuPG ?I am willing to trust this person?s validations as if they were my own.? -/[For instance, I have fully validated John Hawley?s certificate. I -further believe, based on my knowing John, that he will be as careful -about validating a certificate as I would be. So if John validates -your certificate, then if I pull your certificate down from the -keyserver it will show up as a fully validated certificate. ? rjh]/ - +For instance: Alice has fully validated Bob?s certificate. She further +believes, based on her knowledge of Bob, that he will be as careful as +she is about the certificates he validates. Alice declares she has +ownertrust in Bob. Now, any certificates that Bob validates will appear +to Alice as valid, too. * How do I start using GnuPG? ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 02:25:10 2015 From: cvs at cvs.gnupg.org (by Robert J. Hansen) Date: Sun, 30 Aug 2015 02:25:10 +0200 Subject: [git] gnupg-doc - branch, master, updated. 727bb8e879cee3c372e49e4ea5b07ae652479d42 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 727bb8e879cee3c372e49e4ea5b07ae652479d42 (commit) from 53453ba4ed50644f65f35fc7b45c590197edab13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 727bb8e879cee3c372e49e4ea5b07ae652479d42 Author: Robert J. Hansen Date: Sat Aug 29 20:25:05 2015 -0400 Updated PGP/MIME guidance. diff --git a/web/faq/gnupg-faq.org b/web/faq/gnupg-faq.org index f5f98d8..c52141b 100644 --- a/web/faq/gnupg-faq.org +++ b/web/faq/gnupg-faq.org @@ -1230,13 +1230,7 @@ everyone wants to publish their key publicly. GnuPG looks at a file called =gpg.conf= to determine various runtime parameters. On UNIX systems this file can be found in =~/.gnupg=. On -Windows systems it?s a bit more difficult to predict, but try: - -- Windows XP :: FIXME -- Windows Vista :: FIXME -- Windows 7 :: FIXME -- Windows 8 :: FIXME - +Windows systems open Explorer and go to =%APPDATA%\Roaming\GnuPG=. ** What options should I put in my configuration file? :PROPERTIES: @@ -1244,55 +1238,55 @@ Windows systems it?s a bit more difficult to predict, but try: :END: The good news is, you really shouldn?t need to. That said, the -following is Rob Hansen?s =gpg.conf= file. The italicized text -describes what each piece does: the monospaced text is the actual -content of the file. - -/Ensure that all parameters are set for strict OpenPGP conformance. -Later entries will override this, but setting ?openpgp? provides a -really good baseline to start from./ - -=openpgp= - -/Make GnuPG a little quieter: don?t warn about insecure memory, don?t -print a greeting message, don?t put comments in GnuPG?s output./ +following is Rob Hansen?s =gpg.conf= file. -=no-greeting=\\ -=no-secmem-warning=\\ -=no-emit-version=\\ -=no-comments= - -/Since keyservers.org sits in my closet, I want GnuPG to always check it instead of going out on the network to ask another keyserver halfway around the globe. Most users don?t have a keyserver in their closet, and will want to substitute pool.sks-keyservers.net here./ - -=keyserver keyservers.org= +#+begin_example -/Whenever I sign a document, use certificate 0xD6B98E10/ +# Tell GnuPG that I want maximum OpenPGP conformance. +openpgp -=local-user 0xD6B98E10= +# Disable a few messages from GnuPG that I know I don't need. +no-greeting +no-secmem-warning -/Whenever I encrypt a document, also include certificate 0xD6B98E10 as -a recipient. This allows me to decrypt the messages I send./ +# Don't include a version number or a comment in my output. +no-emit-version +no-comments -=encrypt-to 0xD6B98E10= +# Use full 16-character key IDs, not short 8-character key IDs. +keyid-format long -/In email, a line beginning with the word ?From? can be misinterpreted -by the computer as the start of a new email message. Thus, whenever -GnuPG sees a line starting with ?From?, it will slightly mangle the -line to prevent this bug from occurring./ +# Use the global keyserver network for certificate lookups. +# Further, whenever I send or receive something to/from the +# keyserver network, clean up what I get or send. +keyserver pool.sks-keyservers.net +keyserver-options import-clean-sigs import-clean-uids export-clean-sigs export-clean-uids -=escape-from-lines= +# If I don't explicitly state which certificate to use, use this one. +default-key 23806BE5D6B98E10 -/Use SHA256 instead of SHA-1 for certificate signatures./ +# Always include signatures from these two certificates. +local-user 23806BE5D6B98E10 +local-user 1DCBDC01B44427C7 -=cert-digest-algo SHA256= +# Always add these two certificates to my recipients list. +encrypt-to 23806BE5D6B98E10 +encrypt-to 1DCBDC01B44427C7 -/Prefer these digest algorithms, in this order/ +# Turn "From" into "> From", in order to play nice with UNIX mailboxes. +escape-from-lines -=personal-digest-preferences SHA256 SHA512 SHA384 SHA224 RIPEMD160= +# Prefer strong hashes whenever possible. +personal-digest-preferences SHA256 SHA384 SHA512 SHA224 RIPEMD160 -/Prefer these ciphers, in this order/ +# Prefer more modern ciphers over older ones. +personal-cipher-preferences CAMELLIA256 AES256 TWOFISH CAMELLIA192 AES192 CAMELLIA128 AES BLOWFISH CAST5 3DES -=personal-cipher-preferences TWOFISH CAMELLIA256 AES 3DES= +# Turn up the compression level and prefer BZIP2 over ZIP and ZLIB. +bzip2-compress-level 9 +compress-level 9 +personal-compress-preferences BZIP2 ZIP ZLIB +#+end_example @@ -1982,56 +1976,21 @@ against all threats. :CUSTOM_ID: use_pgpmime :END: -This is controversial, thus there are two commonly given answers. - -*** 1. Probably not. +Almost certainly. In the past this was a controversial question, but +recently there's come to be a consensus: use PGP/MIME whenever possible. +The reason for this is that it's possible to armor email headers and +metadata with PGP/MIME, but sending messages inline leaves this data +exposed. As recent years have taught us, the metadata is often as +sensitive as the contents of the message. PGP/MIME can protect metadata; +inline can't. -PGP/MIME is the official, standardized way of using GnuPG with -electronic mail. PGP/MIME packages the data up as encrypted -attachments. This is the problem with it: attachments often get -mangled, stripped, or otherwise tampered with. For instance, sending -PGP/MIME traffic to the [[#pgp-basics_list][PGP-Basics mailing list]] will result in your -email being completely blank. PGP-Basics is set up to drop all -attachments from messages posted to the list, and that means your -PGP/MIME attachments get dropped. +However, please be aware that not all mail servers handle PGP/MIME +properly. Some mailing lists are incompatible with it (PGP-Basics, for +instance). Some mailing list software mangles PGP/MIME (old versions of +Mailman, for instance). -For many years GNU Mailman would repackage attachments in ways that -would break the PGP/MIME standard and result in unreadable traffic. -These GNU Mailman installations still exist in the wild. For a long -time both [[#gnupg-users_list][GnuPG-Users]] and [[#enigmail_list][Enigmail]] ran these buggy versions of GNU -Mailman. - -Since PGP/MIME can't reliably be sent to the three largest GnuPG -mailing lists, it?s hard to claim that PGP/MIME is ready for -widespread usage. For now, it?s best to use inline traffic unless you -can be certain that PGP/MIME messages will not be mangled in transit. - -*** 2. Yes, it is the safer solution. - -The problems with the mailing list software are annoying but harmless. - -In most other cases PGP/MIME works very well and avoids a lot of -semantic problems when sending signed mails. For example it is much -easier for mail readers to indicate what parts of the mail are covered -by the signature. Many mail readers have bugs pertaining to inline -signatures which can be used to trick the user into assuming that some -parts of a mail are covered by the signatures while in reality they -are not. - -For encrypted and signed mails there are no problems with signature -verification because almost all software uses the combined -signature+encryption approach of PGP/MIME and thus GnuPG takes care of -it in exactly the same way as it does with inline traffic. - -Non-ASCII character encoding is problematic with inline data. -Although OpenPGP provides a way to specify the encoding, that feature -is not widely supported. In good Unix tradition GnuPG does not try to -interpret the data it signs or encrypts but relies on the peers to -agree on a common encoding. PGP/MIME provides a well established and -matured way of doing exactly that. - -Some plugins for Outlook do not support PGP/MIME but after all the -OpenPGP support in Outlook is anyway quite limited. +If you have any problems with PGP/MIME, consider carefully whether you +need metadata protection. If you don't, then fall back to inline. ** What are the best algorithms in GnuPG? @@ -2041,18 +2000,14 @@ OpenPGP support in Outlook is anyway quite limited. MD5 and SHA-1 should be avoided if possible. Beyond that, there is no -?best algorithm? or ?best algorithms? in GnuPG. It?s sort of like +?best algorithm? in GnuPG. It?s sort of like asking whether Godzilla or King Kong is better at terrorizing urban cities: there is no clear-cut winner. This is not to say you shouldn?t have preferences, though. It is only to say that GnuPG?s algorithms are so well-designed for what they do that there is no single ?best?. There?s just a lot of personal, -subjective choice. For instance: - -- /[I studied Twofish pretty intensively in graduate school, so I tend - to prefer it. ? rjh]/ - +subjective choice. ** Why is my DSA key limited to 3072 bits? ----------------------------------------------------------------------- Summary of changes: web/faq/gnupg-faq.org | 149 ++++++++++++++++++-------------------------------- 1 file changed, 52 insertions(+), 97 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 19:08:09 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 30 Aug 2015 19:08:09 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.6.0-2-gc4b6b35 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c4b6b35bfa98e478f1d13f4ce3e664771f2604c2 (commit) from c8e7870281950ae3b943c819147d4329198c0520 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c4b6b35bfa98e478f1d13f4ce3e664771f2604c2 Author: Werner Koch Date: Sun Aug 30 19:04:44 2015 +0200 Add gpgme_pubkey_algo_string * src/gpgme.h.in (GPGME_PK_EDDSA): New. (gpgme_pubkey_algo_string): New. * src/conversion.c (_gpgme_map_pk_algo): Add new algo. * src/gpgme.c (gpgme_pubkey_algo_string): New. (gpgme_pubkey_algo_name): Reformat. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 7bf140b..85c084f 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,13 @@ Noteworthy changes in version 1.6.1 (unreleased) [C25/A14/R_] ------------------------------------------------ + * New function to format a GnuPG style public key algorithm string. + + * Interface changes relative to the 1.6.0 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + gpgme_pubkey_algo_string NEW. + GPGME_PK_EDDSA NEW. + Noteworthy changes in version 1.6.0 (2015-08-26) [C25/A14/R0] ------------------------------------------------ diff --git a/doc/gpgme.texi b/doc/gpgme.texi index c02a30f..a764ce4 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -1161,6 +1161,9 @@ Algorithm as defined by FIPS 186-2 and RFC-6637. This value indicates ECDH, the Eliptic Curve Diffie-Hellmann encryption algorithm as defined by RFC-6637. + at item GPGME_PK_EDDSA +This value indicates the EdDSA algorithm. + @end table @end deftp @@ -1174,6 +1177,14 @@ If @var{algo} is not a valid public key algorithm, @code{NULL} is returned. @end deftypefun + at deftypefun {char *} gpgme_pubkey_algo_string (@w{gpgme_subkey_t @var{key}}) +The function @code{gpgme_pubkey_algo_string} is a convenience function +to build and return an algorithm string in the same way GnuPG does +(e.g. ``rsa2048'' or ``ed25519''). The caller must free the result +using @code{gpgme_free}. On error (e.g. invalid argument or memory +exhausted), the function returns NULL and sets @code{ERRNO}. + at end deftypefun + @node Hash Algorithms @section Hash Algorithms @@ -1954,9 +1965,11 @@ case, the data object @var{dh} is destroyed. @deftypefun void gpgme_free (@w{void *@var{buffer}}) The function @code{gpgme_free} releases the memory returned by - at code{gpgme_data_release_and_get_mem}. It should be used instead of -the system libraries @code{free} function in case different allocators -are used in a single program. + at code{gpgme_data_release_and_get_mem} and + at code{gpgme_pubkey_algo_string}. It should be used instead of the +system libraries @code{free} function in case different allocators are +used by a program. This is often the case if gpgme is used under +Windows as a DLL. @end deftypefun @@ -2838,7 +2851,7 @@ True if the secret key is stored on a smart card. The serial number of a smart card holding this key or @code{NULL}. @item char *curve -For ECC algoritms the name of the curve. +For ECC algorithms the name of the curve. @end table @end deftp diff --git a/src/conversion.c b/src/conversion.c index d04a6be..0992225 100644 --- a/src/conversion.c +++ b/src/conversion.c @@ -427,6 +427,7 @@ _gpgme_map_pk_algo (int algo, gpgme_protocol_t protocol) case 18: algo = GPGME_PK_ECDH; break; case 19: algo = GPGME_PK_ECDSA; break; case 20: break; + case 22: algo = GPGME_PK_EDDSA; break; default: algo = 0; break; /* Unknown. */ } } diff --git a/src/data-mem.c b/src/data-mem.c index e06a920..a498b82 100644 --- a/src/data-mem.c +++ b/src/data-mem.c @@ -271,7 +271,8 @@ gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len) } -/* Release the memory returned by gpgme_data_release_and_get_mem(). */ +/* Release the memory returned by gpgme_data_release_and_get_mem() and + some other functions. */ void gpgme_free (void *buffer) { diff --git a/src/gpgme.c b/src/gpgme.c index 0cf999a..343e775 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -1,7 +1,7 @@ /* gpgme.c - GnuPG Made Easy. Copyright (C) 2000 Werner Koch (dd9jn) Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2012, - 2014 g10 Code GmbH + 2014, 2015 g10 Code GmbH This file is part of GPGME. @@ -994,41 +994,70 @@ gpgme_sig_notation_get (gpgme_ctx_t ctx) return ctx->sig_notations; } + -const char * -gpgme_pubkey_algo_name (gpgme_pubkey_algo_t algo) +/* Return a public key algorithm string made of the algorithm and size + or the curve name. May return NULL on error. Caller must free the + result using gpgme_free. */ +char * +gpgme_pubkey_algo_string (gpgme_subkey_t subkey) { - switch (algo) + const char *prefix = NULL; + char *result; + + if (!subkey) { - case GPGME_PK_RSA: - return "RSA"; + gpg_err_set_errno (EINVAL); + return NULL; + } + switch (subkey->pubkey_algo) + { + case GPGME_PK_RSA: case GPGME_PK_RSA_E: - return "RSA-E"; - - case GPGME_PK_RSA_S: - return "RSA-S"; - - case GPGME_PK_ELG_E: - return "ELG-E"; - - case GPGME_PK_DSA: - return "DSA"; - + case GPGME_PK_RSA_S: prefix = "rsa"; break; + case GPGME_PK_ELG_E: prefix = "elg"; break; + case GPGME_PK_DSA: prefix = "dsa"; break; + case GPGME_PK_ELG: prefix = "xxx"; break; case GPGME_PK_ECC: - return "ECC"; + case GPGME_PK_ECDH: + case GPGME_PK_ECDSA: + case GPGME_PK_EDDSA: prefix = ""; break; + } - case GPGME_PK_ELG: - return "ELG"; + if (prefix && *prefix) + { + char buffer[40]; + snprintf (buffer, sizeof buffer, "%s%u", prefix, subkey->length); + result = strdup (buffer); + } + else if (prefix && subkey->curve && *subkey->curve) + result = strdup (subkey->curve); + else if (prefix) + result = strdup ("E_error"); + else + result = strdup ("unknown"); - case GPGME_PK_ECDSA: - return "ECDSA"; + return result; +} - case GPGME_PK_ECDH: - return "ECDH"; - default: - return NULL; +const char * +gpgme_pubkey_algo_name (gpgme_pubkey_algo_t algo) +{ + switch (algo) + { + case GPGME_PK_RSA: return "RSA"; + case GPGME_PK_RSA_E: return "RSA-E"; + case GPGME_PK_RSA_S: return "RSA-S"; + case GPGME_PK_ELG_E: return "ELG-E"; + case GPGME_PK_DSA: return "DSA"; + case GPGME_PK_ECC: return "ECC"; + case GPGME_PK_ELG: return "ELG"; + case GPGME_PK_ECDSA: return "ECDSA"; + case GPGME_PK_ECDH: return "ECDH"; + case GPGME_PK_EDDSA: return "EdDSA"; + default: return NULL; } } diff --git a/src/gpgme.def b/src/gpgme.def index a3f5fb4..3b56aaa 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -223,5 +223,7 @@ EXPORTS gpgme_set_status_cb @167 gpgme_get_status_cb @168 + + gpgme_pubkey_algo_string @169 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 6cea2c7..e7216cb 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -261,7 +261,8 @@ typedef enum GPGME_PK_ECC = 18, GPGME_PK_ELG = 20, GPGME_PK_ECDSA = 301, - GPGME_PK_ECDH = 302 + GPGME_PK_ECDH = 302, + GPGME_PK_EDDSA = 303 } gpgme_pubkey_algo_t; @@ -1218,7 +1219,8 @@ gpgme_error_t gpgme_data_new_from_mem (gpgme_data_t *r_dh, size is returned in R_LEN. */ char *gpgme_data_release_and_get_mem (gpgme_data_t dh, size_t *r_len); -/* Release the memory returned by gpgme_data_release_and_get_mem(). */ +/* Release the memory returned by gpgme_data_release_and_get_mem() and + some other functions. */ void gpgme_free (void *buffer); gpgme_error_t gpgme_data_new_from_cbs (gpgme_data_t *dh, @@ -2232,6 +2234,10 @@ gpgme_error_t gpgme_engine_check_version (gpgme_protocol_t proto); void gpgme_result_ref (void *result); void gpgme_result_unref (void *result); +/* Return a public key algorithm string (e.g. "rsa2048"). Caller must + free using gpgme_free. */ +char *gpgme_pubkey_algo_string (gpgme_subkey_t subkey); + /* Return a statically allocated string with the name of the public key algorithm ALGO, or NULL if that name is not known. */ const char *gpgme_pubkey_algo_name (gpgme_pubkey_algo_t algo); diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 6687571..c677190 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -98,6 +98,8 @@ GPGME_1.1 { gpgme_set_status_cb; gpgme_get_status_cb; + + gpgme_pubkey_algo_string; }; ----------------------------------------------------------------------- Summary of changes: NEWS | 7 +++++ doc/gpgme.texi | 21 ++++++++++++--- src/conversion.c | 1 + src/data-mem.c | 3 ++- src/gpgme.c | 81 +++++++++++++++++++++++++++++++++++++------------------ src/gpgme.def | 2 ++ src/gpgme.h.in | 10 +++++-- src/libgpgme.vers | 2 ++ 8 files changed, 94 insertions(+), 33 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sun Aug 30 19:10:19 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 30 Aug 2015 19:10:19 +0200 Subject: [git] GPA - branch, master, updated. gpa-0.9.7-6-g9599359 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via 9599359bb8cdb24af704be03f0532b69523152df (commit) via 7060e840aff0a30a493f7f89646ff5641d6a7901 (commit) via 068b6da19025d1e18ce40af343c9b45e0a5e625b (commit) from 6f44c2b8a755c66a95264c141d066066e41718f8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9599359bb8cdb24af704be03f0532b69523152df Author: Werner Koch Date: Sun Aug 30 19:07:33 2015 +0200 Print the GnuPP 2.1 style pubkey algo string in key details. * src/gpa-key-details.c (details_page_fill_key): Use new gpgme function if available to print that string. Signed-off-by: Werner Koch diff --git a/src/gpa-key-details.c b/src/gpa-key-details.c index 38d5d3c..abb3b1a 100644 --- a/src/gpa-key-details.c +++ b/src/gpa-key-details.c @@ -38,7 +38,7 @@ #include "certchain.h" #include "gpasubkeylist.h" #include "gpa-key-details.h" - +#include "gtktools.h" /* Object's class definition. */ @@ -173,9 +173,17 @@ details_page_fill_key (GpaKeyDetails *kdt, gpgme_key_t key) gtk_label_set_text (GTK_LABEL (kdt->detail_key_trust), gpa_key_validity_string (key)); +#if GPGME_VERSION_NUMBER >= 0x010601 /* GPGME >= 1.6.1 */ + text = gpgme_pubkey_algo_string (key->subkeys); + gtk_label_set_text (GTK_LABEL (kdt->detail_key_type), text? text : "?"); + gpgme_free (text); +#endif /* GPGME >= 1.6.1 */ + text = g_strdup_printf (_("%s %u bits"), - gpgme_pubkey_algo_name (key->subkeys->pubkey_algo), - key->subkeys->length); + gpgme_pubkey_algo_name (key->subkeys->pubkey_algo)? + gpgme_pubkey_algo_name (key->subkeys->pubkey_algo): + (key->subkeys->curve? "ECC" : "?"), + key->subkeys->length); if (key->subkeys->curve) { char *text2; @@ -183,9 +191,14 @@ details_page_fill_key (GpaKeyDetails *kdt, gpgme_key_t key) g_free (text); text = text2; } +#if GPGME_VERSION_NUMBER >= 0x010601 /* GPGME >= 1.6.1 */ + gpa_add_tooltip (kdt->detail_key_type, text); +#else gtk_label_set_text (GTK_LABEL (kdt->detail_key_type), text); +#endif g_free (text); + gtk_label_set_text (GTK_LABEL (kdt->detail_owner_trust), gpa_key_ownertrust_string (key)); commit 7060e840aff0a30a493f7f89646ff5641d6a7901 Author: Werner Koch Date: Sun Aug 30 15:45:19 2015 +0200 Truncate user ids in some dialogs. * src/gpa.h (GPA_MAX_UID_WIDTH): New. * src/gpawidgets.c (gpa_key_info_new): Truncate user ids and put the full user id into a tooltip. Add a fingerprint line. * src/keysigndlg.c (gpa_key_sign_run_dialog): Ditto. -- This helps to keep the window size at bay. Without a trunctaion it could happen that a dialog window gets larger then the screen and thus hides the buttons. Signed-off-by: Werner Koch diff --git a/src/gpa.h b/src/gpa.h index 56583fa..deebed1 100644 --- a/src/gpa.h +++ b/src/gpa.h @@ -46,6 +46,13 @@ #include "options.h" /* ditto */ +/* Global constants. */ +#define GPA_MAX_UID_WIDTH 50 /* # of chars after wich a user id is + truncated in dialog boxes. */ + + + +/* Some variable declarations. */ extern GtkWidget *global_windowMain; extern GtkWidget *global_windowTip; extern GList *global_defaultRecipients; diff --git a/src/gpawidgets.c b/src/gpawidgets.c index 131970d..20deb8c 100644 --- a/src/gpawidgets.c +++ b/src/gpawidgets.c @@ -32,7 +32,7 @@ #include "convert.h" /* A table showing some basic information about the key, such as the - key id and the user name. */ + key id and the user name. */ GtkWidget * gpa_key_info_new (gpgme_key_t key) { @@ -41,7 +41,7 @@ gpa_key_info_new (gpgme_key_t key) gchar *string; gpgme_user_id_t uid; - table = gtk_table_new (2, 2, FALSE); + table = gtk_table_new (3, 2, FALSE); gtk_table_set_col_spacing (GTK_TABLE (table), 0, 10); gtk_table_set_row_spacing (GTK_TABLE (table), 0, 0); @@ -61,7 +61,11 @@ gpa_key_info_new (gpgme_key_t key) uid = uid->next; } label = gtk_label_new (string); + gpa_add_tooltip (label, string); g_free (string); + gtk_label_set_max_width_chars (GTK_LABEL (label), GPA_MAX_UID_WIDTH); + gtk_label_set_ellipsize (GTK_LABEL (label), PANGO_ELLIPSIZE_END); + gtk_table_attach (GTK_TABLE (table), label, 1, 2, 0, 1, GTK_FILL, 0, 0, 0); gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.0); @@ -69,7 +73,7 @@ gpa_key_info_new (gpgme_key_t key) /* User Name */ label = gtk_label_new (key->uids->next == NULL ? _("User Name:") : _("User Names:") ); - gtk_table_attach (GTK_TABLE (table), label, 0, 1, 0, 1, GTK_FILL, GTK_FILL, + gtk_table_attach (GTK_TABLE (table), label, 0, 1, 0, 1, GTK_FILL, GTK_FILL, 0, 0); gtk_misc_set_alignment (GTK_MISC (label), 1.0, 0.0); @@ -83,8 +87,19 @@ gpa_key_info_new (gpgme_key_t key) GTK_FILL|GTK_EXPAND, 0, 0, 0); gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); + /* Fingerprint */ + label = gtk_label_new (_("Fingerprint:")); + gtk_table_attach (GTK_TABLE (table), label, 0, 1, 2, 3, GTK_FILL, 0, 0, 0); + gtk_misc_set_alignment (GTK_MISC (label), 1.0, 0.5); + + string = gpa_gpgme_key_format_fingerprint (key->subkeys->fpr); + label = gtk_label_new (string); + g_free (string); + gtk_table_attach (GTK_TABLE (table), label, 1, 2, 2, 3, GTK_FILL, 0, 0, 0); + gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); + return table; -} +} /* A Frame to select an expiry date. */ @@ -132,7 +147,7 @@ gpa_expiry_frame_after (GtkToggleButton * radioAfter, gpointer param) gtk_widget_set_sensitive (frame->entryAfter, TRUE); gtk_widget_set_sensitive (frame->comboAfter, TRUE); - gtk_widget_grab_focus (frame->entryAfter); + gtk_widget_grab_focus (frame->entryAfter); } @@ -152,7 +167,7 @@ static void expire_date_toggled_cb (GtkToggleButton *togglebutton, gpointer user_data) { GtkWidget *calendar = user_data; - + gtk_widget_set_sensitive (calendar, gtk_toggle_button_get_active (togglebutton)); } @@ -203,7 +218,7 @@ gpa_expiry_frame_new (GDate * expiryDate) comboAfter = gtk_combo_box_new_text (); frame->comboAfter = comboAfter; for (i = 3; i >= 0; i--) - gtk_combo_box_prepend_text (GTK_COMBO_BOX (comboAfter), + gtk_combo_box_prepend_text (GTK_COMBO_BOX (comboAfter), gpa_unit_expiry_time_string (i)); gtk_combo_box_set_active (GTK_COMBO_BOX (comboAfter), 0); gtk_box_pack_start (GTK_BOX (hboxAfter), comboAfter, FALSE, FALSE, 0); @@ -282,7 +297,7 @@ gpa_expiry_frame_get_expiration(GtkWidget * expiry_frame, GDate ** date, &year, &month, &day); *date = g_date_new_dmy (day, month+1, year); result = TRUE; - } + } else { /* this should never happen */ @@ -322,7 +337,7 @@ gpa_expiry_frame_validate(GtkWidget * expiry_frame) { /* This case is always correct. */ result = NULL; - } + } return result; } - + diff --git a/src/keysigndlg.c b/src/keysigndlg.c index 04f1bc2..868e282 100644 --- a/src/keysigndlg.c +++ b/src/keysigndlg.c @@ -89,7 +89,10 @@ gpa_key_sign_run_dialog (GtkWidget * parent, gpgme_key_t key, /* One user ID on each line. */ string = gpa_gpgme_key_get_userid (uid); label = gtk_label_new (string); + gpa_add_tooltip (label, string); g_free (string); + gtk_label_set_max_width_chars (GTK_LABEL (label), GPA_MAX_UID_WIDTH); + gtk_label_set_ellipsize (GTK_LABEL (label), PANGO_ELLIPSIZE_END); gtk_box_pack_start_defaults (GTK_BOX(uid_box), label); gtk_misc_set_alignment (GTK_MISC (label), 0.0, 0.5); } @@ -106,7 +109,7 @@ gpa_key_sign_run_dialog (GtkWidget * parent, gpgme_key_t key, label = gtk_label_new (_("Fingerprint:")); gtk_table_attach (GTK_TABLE (table), label, 0, 1, 1, 2, GTK_FILL, 0, 0, 0); gtk_misc_set_alignment (GTK_MISC (label), 1.0, 0.5); - + string = gpa_gpgme_key_format_fingerprint (key->subkeys->fpr); label = gtk_label_new (string); g_free (string); @@ -143,7 +146,7 @@ gpa_key_sign_run_dialog (GtkWidget * parent, gpgme_key_t key, response = gtk_dialog_run (GTK_DIALOG (window)); if (response == GTK_RESPONSE_YES) { - *sign_locally = check && + *sign_locally = check && gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (check)); gtk_widget_destroy (window); return TRUE; commit 068b6da19025d1e18ce40af343c9b45e0a5e625b Author: Werner Koch Date: Sun Aug 30 13:50:34 2015 +0200 Start off with the clipboard instead of the file manager. * src/gpa.c (main): Move default action setting after options reading. Set default action to clipboard unless we are in simple mode and no key has yet been created. * src/options.c (gpa_options_have_default_key): New. * src/keymanager.c (key_manager_maybe_firsttime): New. (key_manager_mapped): Use gpa_options_have_default_key. -- Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index afd8f17..78441de 100644 --- a/configure.ac +++ b/configure.ac @@ -44,7 +44,7 @@ m4_define([mym4_betastring], m4_define([mym4_isgit],m4_if(mym4_betastring,[],[no],[yes])) m4_define([mym4_full_version],[mym4_version[]mym4_betastring]) -AC_INIT([gpa],[mym4_full_version], [http://bugs.gnupg.org]) +AC_INIT([gpa],[mym4_full_version], [https://bugs.gnupg.org]) NEED_GPG_ERROR_VERSION=1.12 NEED_LIBASSUAN_API=2 diff --git a/doc/gpa.1 b/doc/gpa.1 index 454fe29..0245a19 100644 --- a/doc/gpa.1 +++ b/doc/gpa.1 @@ -18,7 +18,8 @@ signatures and to manage the private and public keys. .SH "OPTIONS" .TP .B \-c, \-\-clipboard -Open the clipboard. +Open the clipboard. This is the \fIdefault\fP action if no arguments are +given and a key has already been created. .TP .B \-C, \-\-card Start with the card-manager open. @@ -47,7 +48,8 @@ Start with the file-manager open. This is the \fIdefault\fP if one or more \fIFILE(S)\fP are added to the command arguments. .TP .B \-k, \-\-keyring -Start with the keyring editor. This is the \fIdefault\fP. +Start with the keyring editor. This is the \fIdefault\fP for a new +installation. .TP .B \-o, \-\-options=\fIFILE\fP Read options from the specified file instead of \fI~/.gnupg/gpa.conf\fP. diff --git a/src/gpa.c b/src/gpa.c index d9db079..80f4016 100644 --- a/src/gpa.c +++ b/src/gpa.c @@ -524,24 +524,10 @@ main (int argc, char *argv[]) that the agent has been startet. */ gpa_start_agent (); - /* Handle command line options. */ - cms_hack = !args.disable_x509; - - /* Start the key manger by default. */ - if (!args.start_key_manager - && !args.start_file_manager - && !args.start_clipboard - && !args.start_settings - && !args.start_card_manager - ) - args.start_key_manager = TRUE; - - /* Note: We can not use GPGME's engine info, as that returns NULL - (default) for home_dir. Consider improving GPGME to get it from - there, or using gpgconf (via GPGME). */ gnupg_homedir = default_homedir (); - /* FIXME: GnuPG can not create a key if its home directory is - missing. We help it out here. Should be fixed in GnuPG. */ + + /* GnuPG can not create a key if its home directory is missing. We + help it out here. Should be fixed in GnuPG. */ if (! g_file_test (gnupg_homedir, G_FILE_TEST_IS_DIR)) g_mkdir (gnupg_homedir, 0700); @@ -562,6 +548,26 @@ main (int argc, char *argv[]) return 0; } + /* Handle command line options. */ + cms_hack = !args.disable_x509; + + /* Start the default component. */ + if (!args.start_key_manager + && !args.start_file_manager + && !args.start_clipboard + && !args.start_settings + && !args.start_card_manager + ) + { + /* The default action is to start the clipboard. However, if we + have not yet created a key we remind the user by starting + with the key manager dialog. */ + if (key_manager_maybe_firsttime ()) + args.start_key_manager = TRUE; + else + args.start_clipboard = TRUE; + } + /* Check whether we need to start a server or to simply open a window in an already running server. */ diff --git a/src/keymanager.c b/src/keymanager.c index d78eb94..2cef4ab 100644 --- a/src/keymanager.c +++ b/src/keymanager.c @@ -762,7 +762,7 @@ key_manager_mapped (gpointer param) /* FIXME: We assume that the only reason a user might not have a default key is because he has no private keys. */ if (! asked_about_key_generation - && ! gpa_options_get_default_key (gpa_options_get_instance())) + && ! gpa_options_have_default_key (gpa_options_get_instance())) { GtkWidget *dialog; GtkResponseType response; @@ -787,7 +787,7 @@ key_manager_mapped (gpointer param) else if (!asked_about_key_backup && !gpa_options_get_backup_generated (gpa_options_get_instance ()) - && !gpa_options_get_default_key (gpa_options_get_instance())) + && !gpa_options_have_default_key (gpa_options_get_instance())) { GtkWidget *dialog; GtkResponseType response; @@ -1570,3 +1570,25 @@ gpa_key_manager_is_open (void) { return !!this_instance; } + + +/* Return true if we should ask for a first time key generation. + * + * This function basically duplicates the conditions from + * key_manager_mapped. However that function mus be used from a + * key_manager context and can't easily be used from other GPA + * components. */ +gboolean +key_manager_maybe_firsttime (void) +{ + if (!gpa_options_get_simplified_ui (gpa_options_get_instance ())) + return FALSE; + + if (!gpa_options_have_default_key (gpa_options_get_instance())) + return TRUE; + + if (!gpa_options_get_backup_generated (gpa_options_get_instance ())) + return TRUE; + + return FALSE; +} diff --git a/src/keymanager.h b/src/keymanager.h index 26ed0b5..c9d6197 100644 --- a/src/keymanager.h +++ b/src/keymanager.h @@ -14,7 +14,7 @@ * License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, see . + * along with this program; if not, see . */ #ifndef KEYMANAGER_H @@ -52,5 +52,7 @@ GtkWidget *gpa_key_manager_get_instance (gboolean *r_created); gboolean gpa_key_manager_is_open (void); +gboolean key_manager_maybe_firsttime (void); + #endif /*KEYMANAGER_H*/ diff --git a/src/options.c b/src/options.c index fc67c46..35ab58d 100644 --- a/src/options.c +++ b/src/options.c @@ -270,6 +270,17 @@ gpa_options_get_default_key (GpaOptions *options) } +/* Return whether a default key is somehow known. This is either the + default key's fingerprint from gpa.conf or the default key from the + options dialog. */ +gboolean +gpa_options_have_default_key (GpaOptions *options) +{ + return ((options->default_key_fpr && *options->default_key_fpr) + || options->default_key); +} + + /* Return the default key gpg would use, or at least a first * approximation. Currently this means the first secret key in the keyring. * If there's no secret key at all, return NULL diff --git a/src/options.h b/src/options.h index 41ffdd4..6a8ee55 100644 --- a/src/options.h +++ b/src/options.h @@ -93,6 +93,9 @@ gpgme_key_t gpa_options_get_default_key (GpaOptions *options); /* Try to find a reasonable value for the default key if there wasn't one */ void gpa_options_update_default_key (GpaOptions *options); +/* Return whether a default key is known. */ +gboolean gpa_options_have_default_key (GpaOptions *options); + /* Specify the default keyserver */ void gpa_options_set_default_keyserver (GpaOptions *options, const gchar *keyserver); ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- doc/gpa.1 | 6 ++++-- src/gpa-key-details.c | 19 ++++++++++++++++--- src/gpa.c | 40 +++++++++++++++++++++++----------------- src/gpa.h | 7 +++++++ src/gpawidgets.c | 35 +++++++++++++++++++++++++---------- src/keymanager.c | 26 ++++++++++++++++++++++++-- src/keymanager.h | 4 +++- src/keysigndlg.c | 7 +++++-- src/options.c | 11 +++++++++++ src/options.h | 3 +++ 11 files changed, 122 insertions(+), 38 deletions(-) hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 31 03:40:33 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 31 Aug 2015 03:40:33 +0200 Subject: [git] gnupg-doc - branch, master, updated. 18bc4dfa1e5a6b7dff10cf99422a5369053060d5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 18bc4dfa1e5a6b7dff10cf99422a5369053060d5 (commit) from 727bb8e879cee3c372e49e4ea5b07ae652479d42 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 18bc4dfa1e5a6b7dff10cf99422a5369053060d5 Author: NIIBE Yutaka Date: Mon Aug 31 10:38:12 2015 +0900 Fix guides and people. * web/documentation/guides.org: Add a link to Email Self-Defense. Fix the link to Japanese doc. * web/people/index.org: Fix the link to Gnuk and add a link to MEP. diff --git a/web/documentation/guides.org b/web/documentation/guides.org index e6ad3b3..e25aff7 100644 --- a/web/documentation/guides.org +++ b/web/documentation/guides.org @@ -79,8 +79,10 @@ ** Other documents + The [[https://emailselfdefense.fsf.org/][Email Self-Defense]] site is an introduction with infographic. + At [[http://kldp.org/~yong/misc/gnupg/][kldp.org]] you can find some Korean language information on GnuPG. - [[http://hp.vector.co.jp/authors/VA019487/][Japanese language documentation]] is also available. + [[http://gnupg.hclippr.com/][Japanese language documentation]] is also available. Julien Francoz, alias CoCoZ, wrote a guide for French users entitled [[http://francoz.net/doc/gpg/gpg.html][Utilisation de GnuPG]] , which covers the basic usage of diff --git a/web/people/index.org b/web/people/index.org index 85ea1ee..45c8d80 100644 --- a/web/people/index.org +++ b/web/people/index.org @@ -76,7 +76,7 @@ Niibe is a long time free software hacker who joined the GnuPG project in 2011 and soon took over the development of the smartcard - related code. He is also the person behind the [[https://fsij.org/gnuk][gnuk token]]. + related code. He is also the person behind the [[http://www.fsij.org/gnuk/][Gnuk Token]] and the [[http://www.gniibe.org/memo/development/gnuk/rng/please-more-and-more-mep.html][MEP game]]. Niibe?s work on GnuPG is financially supported by g10^code. #+HTML:

----------------------------------------------------------------------- Summary of changes: web/documentation/guides.org | 4 +++- web/people/index.org | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 31 08:16:50 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 31 Aug 2015 08:16:50 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-53-g135b1e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 135b1e32f01beaceba8a4ecc774e23b56aca1d24 (commit) from fad91071cadff43d77ce2e524dfb03999ba6678e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 135b1e32f01beaceba8a4ecc774e23b56aca1d24 Author: NIIBE Yutaka Date: Mon Aug 31 15:15:03 2015 +0900 agent: Fix SSH public key for EdDSA. * agent/command-ssh.c (ssh_key_to_blob): Remove the prefix 0x40. diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 3d29f97..689241f 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -1964,6 +1964,11 @@ ssh_key_to_blob (gcry_sexp_t sexp, int with_secret, err = gpg_error (GPG_ERR_INV_SEXP); goto out; } + if (*p_elems == 'q') + { /* Remove the prefix 0x40. */ + data++; + datalen--; + } err = stream_write_string (stream, data, datalen); if (err) goto out; ----------------------------------------------------------------------- Summary of changes: agent/command-ssh.c | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Aug 31 11:33:16 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 31 Aug 2015 11:33:16 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.7-58-g04a6b90 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 04a6b903d0354be2c69c7f2c98987de17d68416e (commit) via 360b699e9b4b8f99bd790b3cd158cd6f0fd7c131 (commit) via efd1ead9e779eb3bd37384258e08ad921a934612 (commit) via 11d8ffc939a4d20cfb0082b2d966b1e1a7d61f8d (commit) via 0377db4b3581561b1ffc5bb7c3b4d698e8993b3a (commit) from 135b1e32f01beaceba8a4ecc774e23b56aca1d24 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 04a6b903d0354be2c69c7f2c98987de17d68416e Author: Neal H. Walfield Date: Mon Aug 31 11:22:14 2015 +0200 g10: Don't leak memory if we fail to initialize a new database handle. * g10/keydb.c (keydb_new): If we fail to open a keyring or keybox correctly release all resources. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/keydb.c b/g10/keydb.c index 423205d..b4877d4 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -692,6 +692,7 @@ keydb_new (void) { KEYDB_HANDLE hd; int i, j; + int die = 0; if (DBG_CLOCK) log_clock ("keydb_new"); @@ -702,7 +703,7 @@ keydb_new (void) hd->is_reset = 1; assert (used_resources <= MAX_KEYDB_RESOURCES); - for (i=j=0; i < used_resources; i++) + for (i=j=0; ! die && i < used_resources; i++) { switch (all_resources[i].type) { @@ -712,10 +713,8 @@ keydb_new (void) hd->active[j].type = all_resources[i].type; hd->active[j].token = all_resources[i].token; hd->active[j].u.kr = keyring_new (all_resources[i].token); - if (!hd->active[j].u.kr) { - xfree (hd); - return NULL; /* fixme: release all previously allocated handles*/ - } + if (!hd->active[j].u.kr) + die = 1; j++; break; case KEYDB_RESOURCE_TYPE_KEYBOX: @@ -723,10 +722,7 @@ keydb_new (void) hd->active[j].token = all_resources[i].token; hd->active[j].u.kb = keybox_new_openpgp (all_resources[i].token, 0); if (!hd->active[j].u.kb) - { - xfree (hd); - return NULL; /* fixme: release all previously allocated handles*/ - } + die = 1; j++; break; } @@ -734,6 +730,13 @@ keydb_new (void) hd->used = j; active_handles++; + + if (die) + { + keydb_release (hd); + hd = NULL; + } + return hd; } commit 360b699e9b4b8f99bd790b3cd158cd6f0fd7c131 Author: Neal H. Walfield Date: Mon Aug 31 11:14:21 2015 +0200 g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/keydb.c b/g10/keydb.c index eeefd2a..423205d 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -64,18 +64,37 @@ static void *primary_keyring=NULL; struct keydb_handle { + /* When we locked all of the resources in ACTIVE (using keyring_lock + / keybox_lock, as appropriate). */ int locked; + + /* The index into ACTIVE of the resources in which the last search + result was found. Initially -1. */ int found; + + /* Initially -1 (invalid). This is used to save a search result and + later restore it as the selected result. */ int saved_found; + + /* The number of skipped long blobs since the last search + (keydb_search_reset). */ unsigned long skipped_long_blobs; + + /* If set, this disables the use of the keyblock cache. */ int no_caching; /* Whether the next search will be from the beginning of the database (and thus consider all records). */ int is_reset; + /* The "file position." In our case, this is index of the current + resource in ACTIVE. */ int current; - int used; /* Number of items in ACTIVE. */ + + /* The number of resources in ACTIVE. */ + int used; + + /* Copy of ALL_RESOURCES when keydb_new is called. */ struct resource_item active[MAX_KEYDB_RESOURCES]; }; @@ -187,7 +206,7 @@ kid_not_found_insert (u32 *kid) } -/* Flush kid found cache. */ +/* Flush the kid not found cache. */ static void kid_not_found_flush (void) { @@ -229,7 +248,9 @@ keyblock_cache_clear (void) keyring/keybox already locked. This lock check does not work if the directory itself is not yet available. If IS_BOX is true the filename is expected to refer to a keybox. If FORCE_CREATE is true - the keyring or keybox will be created. */ + the keyring or keybox will be created. + + Return 0 if it is okay to access the specified file. */ static int maybe_create_keyring_or_box (char *filename, int is_box, int force_create) { @@ -392,10 +413,15 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) } -/* Helper for keydb_add_resource. Opens FILENAME to figures out the - resource type. Returns the resource type and a flag at R_NOTFOUND - indicating whether FILENAME could be opened at all. If the openpgp - flag is set in a keybox header, R_OPENPGP will be set to true. */ +/* Helper for keydb_add_resource. Opens FILENAME to figure out the + resource type. + + Returns the specified file's likely type. If the file does not + exist, returns KEYDB_RESOURCE_TYPE_NONE and sets *R_FOUND to 0. + Otherwise, tries to figure out the file's type. This is either + KEYDB_RESOURCE_TYPE_KEYBOX, KEYDB_RESOURCE_TYPE_KEYRING or + KEYDB_RESOURCE_TYPE_KEYNONE. If the file is a keybox and it has + the OpenPGP flag set, then R_OPENPGP is also set. */ static KeydbResourceType rt_from_file (const char *filename, int *r_found, int *r_openpgp) { @@ -436,17 +462,14 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp) } -/* - * Register a resource (keyring or aeybox). The first keyring or - * keybox which is added by this function is created if it does not - * exist. FLAGS are a combination of the KEYDB_RESOURCE_FLAG_ - * constants as defined in keydb.h. - */ gpg_error_t keydb_add_resource (const char *url, unsigned int flags) { + /* Whether we have successfully registered a resource. */ static int any_registered; + /* The file named by the URL (i.e., without the prototype). */ const char *resname = url; + char *filename = NULL; int create; int read_only = !!(flags&KEYDB_RESOURCE_FLAG_READONLY); @@ -459,11 +482,6 @@ keydb_add_resource (const char *url, unsigned int flags) /* Create the resource if it is the first registered one. */ create = (!read_only && !any_registered); - /* Do we have an URL? - * gnupg-ring:filename := this is a plain keyring. - * gnupg-kbx:filename := this is a keybox file. - * filename := See what is is, but create as plain keyring. - */ if (strlen (resname) > 11 && !strncmp( resname, "gnupg-ring:", 11) ) { rt = KEYDB_RESOURCE_TYPE_KEYRING; @@ -750,9 +768,6 @@ keydb_release (KEYDB_HANDLE hd) } -/* Set a flag on handle to not use cached results. This is required - for updating a keyring and for key listins. Fixme: Using a new - parameter for keydb_new might be a better solution. */ void keydb_disable_caching (KEYDB_HANDLE hd) { @@ -761,14 +776,6 @@ keydb_disable_caching (KEYDB_HANDLE hd) } -/* - * Return the name of the current resource. This is function first - * looks for the last found found, then for the current search - * position, and last returns the first available resource. The - * returned string is only valid as long as the handle exists. This - * function does only return NULL if no handle is specified, in all - * other error cases an empty string is returned. - */ const char * keydb_get_resource_name (KEYDB_HANDLE hd) { @@ -882,7 +889,6 @@ unlock_all (KEYDB_HANDLE hd) -/* Push the last found state if any. */ void keydb_push_found_state (KEYDB_HANDLE hd) { @@ -912,7 +918,6 @@ keydb_push_found_state (KEYDB_HANDLE hd) } -/* Pop the last found state. */ void keydb_pop_found_state (KEYDB_HANDLE hd) { @@ -1103,12 +1108,6 @@ parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, } -/* - * Return the last found keyring. Caller must free it. - * The returned keyblock has the kbode flag bit 0 set for the node with - * the public key used to locate the keyblock or flag bit 1 set for - * the user ID node. - */ gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) { @@ -1279,9 +1278,6 @@ build_keyblock_image (kbnode_t keyblock, iobuf_t *r_iobuf, u32 **r_sigstatus) } -/* - * Update the current keyblock with the keyblock KB - */ gpg_error_t keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb) { @@ -1332,9 +1328,6 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb) } -/* - * Insert a new KB into one of the resources. - */ gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb) { @@ -1396,9 +1389,6 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb) } -/* - * Delete the current keyblock. - */ gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd) { @@ -1439,11 +1429,6 @@ keydb_delete_keyblock (KEYDB_HANDLE hd) -/* - * Locate the default writable key resource, so that the next - * operation (which is only relevant for inserts) will be done on this - * resource. - */ gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd) { @@ -1496,9 +1481,6 @@ keydb_locate_writable (KEYDB_HANDLE hd) return gpg_error (GPG_ERR_NOT_FOUND); } -/* - * Rebuild the caches of all key resources. - */ void keydb_rebuild_caches (int noisy) { @@ -1528,7 +1510,6 @@ keydb_rebuild_caches (int noisy) } -/* Return the number of skipped blocks since the last search reset. */ unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd) { @@ -1536,9 +1517,6 @@ keydb_get_skipped_counter (KEYDB_HANDLE hd) } -/* - * Start the next search on this handle right at the beginning - */ gpg_error_t keydb_search_reset (KEYDB_HANDLE hd) { @@ -1626,18 +1604,13 @@ dump_search_desc (KEYDB_HANDLE hd, const char *text, } -/* - * Search through all keydb resources, starting at the current - * position, for a keyblock which contains one of the keys described - * in the DESC array. Returns GPG_ERR_NOT_FOUND if no matching - * keyring was found. - */ gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc, size_t *descindex) { gpg_error_t rc; int was_reset = hd->is_reset; + /* If an entry is already in the cache, then don't add it again. */ int already_in_cache = 0; if (descindex) @@ -1732,8 +1705,6 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, } -/* Note that in contrast to using keydb_search in search first mode, - this function skips legacy keys. */ gpg_error_t keydb_search_first (KEYDB_HANDLE hd) { @@ -1753,8 +1724,6 @@ keydb_search_first (KEYDB_HANDLE hd) } -/* Note that in contrast to using keydb_search in search next mode, - this fucntion skips legacy keys. */ gpg_error_t keydb_search_next (KEYDB_HANDLE hd) { diff --git a/g10/keydb.h b/g10/keydb.h index 1086450..a943ded 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -1,6 +1,7 @@ /* keydb.h - Key database * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, * 2006, 2010 Free Software Foundation, Inc. + * Copyright (C) 2015 g10 Code GmbH * * This file is part of GnuPG. * @@ -132,28 +133,212 @@ union pref_hint #define KEYDB_RESOURCE_FLAG_READONLY 8 /* Open in read only mode. */ #define KEYDB_RESOURCE_FLAG_GPGVDEF 16 /* Default file for gpgv. */ +/* Register a resource (keyring or keybox). The first keyring or + keybox that is added using this function is created if it does not + already exist and the KEYDB_RESOURCE_FLAG_READONLY is not set. + + FLAGS are a combination of the KEYDB_RESOURCE_FLAG_* constants. + + URL must have the following form: + + gnupg-ring:filename = plain keyring + gnupg-kbx:filename = keybox file + filename = check file's type (create as a plain keyring) + + Note: on systems with drive letters (Windows) invalid URLs (i.e., + those with an unrecognized part before the ':' such as "c:\...") + will silently be treated as bare filenames. On other systems, such + URLs will cause this function to return GPG_ERR_GENERAL. + + If KEYDB_RESOURCE_FLAG_DEFAULT is set, the resource is a keyring + and the file ends in ".gpg", then this function also checks if a + file with the same name, but the extension ".kbx" exists, is a + keybox and the OpenPGP flag is set. If so, this function opens + that resource instead. + + If the file is not found, KEYDB_RESOURCE_FLAG_GPGVDEF is set and + the URL ends in ".kbx", then this function will try opening the + same URL, but with the extension ".gpg". If that file is a keybox + with the OpenPGP flag set or it is a keyring, then we use that + instead. + + If the file is not found, KEYDB_RESOURCE_FLAG_DEFAULT is set, the + file should be created and the file's extension is ".gpg" then we + replace the extension with ".kbx". + + + If the KEYDB_RESOURCE_FLAG_PRIMARY is set and the resource is a + keyring (not a keybox), then this resource is considered the + primary resource. This is used by keydb_locate_writable(). If + another primary keyring is set, then that keyring is considered the + primary. + + If KEYDB_RESOURCE_FLAG_READONLY is set and the resource is a + keyring (not a keybox), then the keyring is marked as read only and + operations just as keyring_insert_keyblock will return + GPG_ERR_ACCESS. */ gpg_error_t keydb_add_resource (const char *url, unsigned int flags); -void keydb_dump_stats (void); +/* Dump some statistics to the log. */ +void keydb_dump_stats (void); + +/* Create a new database handle. A database handle is similar to a + file handle: it contains a local file position. This is used when + searching: subsequent searches resume where the previous search + left off. To rewind the position, use keydb_search_reset(). */ KEYDB_HANDLE keydb_new (void); + +/* Free all resources owned by the database handle. */ void keydb_release (KEYDB_HANDLE hd); + +/* Set a flag on the handle to suppress use of cached results. This + is required for updating a keyring and for key listings. Fixme: + Using a new parameter for keydb_new might be a better solution. */ void keydb_disable_caching (KEYDB_HANDLE hd); + +/* Save the last found state and invalidate the current selection + (i.e., the entry selected by keydb_search() is invalidated and + something like keydb_get_keyblock() will return an error). This + does not change the file position. This makes it possible to do + something like: + + keydb_search (hd, ...); // Result 1. + keydb_push_found_state (hd); + keydb_search_reset (hd); + keydb_search (hd, ...); // Result 2. + keydb_pop_found_state (hd); + keydb_get_keyblock (hd, ...); // -> Result 1. + + Note: it is only possible to save a single save state at a time. + In other words, the the save stack only has room for a single + instance of the state. */ void keydb_push_found_state (KEYDB_HANDLE hd); + +/* Restore the previous save state. If the saved state is invalid, + this is equivalent to */ void keydb_pop_found_state (KEYDB_HANDLE hd); + +/* Return the file name of the resource in which the current search + result was found or, if there is no search result, the filename of + the current resource (i.e., the resource that the file position + points to). Note: the filename is not necessarily the URL used to + open it! + + This function only returns NULL if no handle is specified, in all + other error cases an empty string is returned. */ const char *keydb_get_resource_name (KEYDB_HANDLE hd); + +/* Return the keyblock last found by keydb_search() in *RET_KB. + + On success, the function returns 0 and the caller must free *RET_KB + using release_kbnode(). Otherwise, the function returns an error + code. + + The returned keyblock has the kbnode flag bit 0 set for the node + with the public key used to locate the keyblock or flag bit 1 set + for the user ID node. */ gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb); + +/* Replace the currently selected keyblock (i.e., the last result + returned by keydb_search) with the key block in KB. + + This doesn't do anything if --dry-run was specified. + + Returns 0 on success. Otherwise, it returns an error code. */ gpg_error_t keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb); + +/* Insert a keyblock into one of the underlying keyrings or keyboxes. + + Be default, the keyring / keybox from which the last search result + came is used. If there was no previous search result (or + keydb_search_reset was called), then the keyring / keybox where the + next search would start is used (i.e., the current file position). + + Note: this doesn't do anything if --dry-run was specified. + + Returns 0 on success. Otherwise, it returns an error code. */ gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb); + +/* Delete the currently selected keyblock. If you haven't done a + search yet on this database handle (or called keydb_search_reset), + then this will return an error. + + Returns 0 on success or an error code, if an error occurs. */ gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd); + +/* A database may consists of multiple keyrings / key boxes. This + sets the "file position" to the start of the first keyring / key + box that is writable (i.e., doesn't have the read-only flag set). + + This first tries the primary keyring (the last keyring (not + keybox!) added using keydb_add_resource() and with + KEYDB_RESOURCE_FLAG_PRIMARY set). If that is not writable, then it + tries the keyrings / keyboxes in the order in which they were + added. */ gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd); + +/* Rebuild the on-disk caches of all key resources. */ void keydb_rebuild_caches (int noisy); + +/* Return the number of skipped blocks (because they were to large to + read from a keybox) since the last search reset. */ unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd); + +/* Clears the current search result and resets the handle's position + so that the next search starts at the beginning of the database + (the start of the first resource). + + Returns 0 on success and an error code if an error occured. + (Currently, this function always returns 0 if HD is valid.) */ gpg_error_t keydb_search_reset (KEYDB_HANDLE hd); + +/* Search the database for keys matching the search description. + + DESC is an array of search terms with NDESC entries. The search + terms are or'd together. That is, the next entry in the DB that + matches any of the descriptions will be returned. + + Note: this function resumes searching where the last search left + off (i.e., at the current file position). If you want to search + from the start of the database, then you need to first call + keydb_search_reset(). + + If no key matches the search description, returns + GPG_ERR_NOT_FOUND. If there was a match, returns 0. If an error + occured, returns an error code. + + The returned key is considered to be selected and the raw data can, + for instance, be returned by calling keydb_get_keyblock(). */ gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc, size_t *descindex); + +/* Return the first non-legacy key in the database. + + If you want the very first key in the database, you can directly + call keydb_search with the search description + KEYDB_SEARCH_MODE_FIRST. */ gpg_error_t keydb_search_first (KEYDB_HANDLE hd); + +/* Return the next key (not the next matching key!). + + Unlike calling keydb_search with KEYDB_SEARCH_MODE_NEXT, this + function silently skips legacy keys. */ gpg_error_t keydb_search_next (KEYDB_HANDLE hd); + +/* This is a convenience function for searching for keys with a long + key id. + + Note: this function resumes searching where the last search left + off. If you want to search the whole database, then you need to + first call keydb_search_reset(). */ gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid); + +/* This is a convenience function for searching for keys with a long + (20 byte) fingerprint. This function ignores legacy keys. + + Note: this function resumes searching where the last search left + off. If you want to search the whole database, then you need to + first call keydb_search_reset(). */ gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr); commit efd1ead9e779eb3bd37384258e08ad921a934612 Author: Neal H. Walfield Date: Mon Aug 31 09:47:58 2015 +0200 g10: Don't cache search results if the search didn't scan the whole DB. * g10/keydb.c (struct keydb_handle): Add new field is_reset. (keydb_new): Initialize hd->is_reset to 1. (keydb_locate_writable): Set hd->is_reset to 1. (keydb_search): Set hd->is_reset to 0. Don't cache a key not found if the search started from the beginning of the database. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/keydb.c b/g10/keydb.c index ea3280f..eeefd2a 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -69,6 +69,11 @@ struct keydb_handle int saved_found; unsigned long skipped_long_blobs; int no_caching; + + /* Whether the next search will be from the beginning of the + database (and thus consider all records). */ + int is_reset; + int current; int used; /* Number of items in ACTIVE. */ struct resource_item active[MAX_KEYDB_RESOURCES]; @@ -676,6 +681,7 @@ keydb_new (void) hd = xmalloc_clear (sizeof *hd); hd->found = -1; hd->saved_found = -1; + hd->is_reset = 1; assert (used_resources <= MAX_KEYDB_RESOURCES); for (i=j=0; i < used_resources; i++) @@ -1568,6 +1574,7 @@ keydb_search_reset (KEYDB_HANDLE hd) break; } } + hd->is_reset = 1; return rc; } @@ -1630,6 +1637,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc, size_t *descindex) { gpg_error_t rc; + int was_reset = hd->is_reset; int already_in_cache = 0; if (descindex) @@ -1696,6 +1704,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, else if (!rc) hd->found = hd->current; } + hd->is_reset = 0; rc = ((rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) ? gpg_error (GPG_ERR_NOT_FOUND) @@ -1712,7 +1721,7 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, } if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND - && ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID + && ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID && was_reset && !already_in_cache) kid_not_found_insert (desc[0].u.kid); commit 11d8ffc939a4d20cfb0082b2d966b1e1a7d61f8d Author: Neal H. Walfield Date: Mon Aug 31 09:22:23 2015 +0200 g10: Have keydb_search_first call keydb_search_reset before searching. * g10/keydb.c (keydb_search_first): Reset the handle before starting the search. -- Signed-off-by: Neal H. Walfield . This bug hasn't shown up yet in practice, because keydb_search_first is always called immediately after a keydb_new. This changes cleans up the semantics and will hopefully prevent future bugs. diff --git a/g10/keydb.c b/g10/keydb.c index c976871..ea3280f 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1731,6 +1731,10 @@ keydb_search_first (KEYDB_HANDLE hd) gpg_error_t err; KEYDB_SEARCH_DESC desc; + err = keydb_search_reset (hd); + if (err) + return err; + memset (&desc, 0, sizeof desc); desc.mode = KEYDB_SEARCH_MODE_FIRST; err = keydb_search (hd, &desc, 1, NULL); commit 0377db4b3581561b1ffc5bb7c3b4d698e8993b3a Author: Neal H. Walfield Date: Fri Aug 28 16:22:59 2015 +0200 g10: Remove unused parameter. * g10/keydb.h (keydb_locate_writable): Remove unused parameter reserved. Update users. -- Signed-off-by: Neal H. Walfield . diff --git a/g10/import.c b/g10/import.c index 60a037b..048b136 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1073,7 +1073,7 @@ import_one (ctrl_t ctrl, { KEYDB_HANDLE hd = keydb_new (); - rc = keydb_locate_writable (hd, NULL); + rc = keydb_locate_writable (hd); if (rc) { log_error (_("no writable keyring found: %s\n"), gpg_strerror (rc)); diff --git a/g10/keydb.c b/g10/keydb.c index 1446c07..c976871 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1439,12 +1439,10 @@ keydb_delete_keyblock (KEYDB_HANDLE hd) * resource. */ gpg_error_t -keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved) +keydb_locate_writable (KEYDB_HANDLE hd) { gpg_error_t rc; - (void)reserved; - if (!hd) return GPG_ERR_INV_ARG; diff --git a/g10/keydb.h b/g10/keydb.h index 727c96f..1086450 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -145,7 +145,7 @@ gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb); gpg_error_t keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb); gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb); gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd); -gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved); +gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd); void keydb_rebuild_caches (int noisy); unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd); gpg_error_t keydb_search_reset (KEYDB_HANDLE hd); diff --git a/g10/keygen.c b/g10/keygen.c index f03c148..dd37559 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -4146,7 +4146,7 @@ do_generate_keypair (struct para_data_s *para, { KEYDB_HANDLE pub_hd = keydb_new (); - err = keydb_locate_writable (pub_hd, NULL); + err = keydb_locate_writable (pub_hd); if (err) log_error (_("no writable public keyring found: %s\n"), gpg_strerror (err)); ----------------------------------------------------------------------- Summary of changes: g10/import.c | 2 +- g10/keydb.c | 145 ++++++++++++++++++++------------------------- g10/keydb.h | 189 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- g10/keygen.c | 2 +- 4 files changed, 253 insertions(+), 85 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org