From cvs at cvs.gnupg.org Wed Jul 1 11:57:27 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Jul 2015 11:57:27 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.5-43-ga65447f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a65447f0d64d0c53ddbdcfc988f26ecc9a8a6f08 (commit) from 816824953c91959c23a57c047bdba6a902ffdde6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a65447f0d64d0c53ddbdcfc988f26ecc9a8a6f08 Author: Werner Koch Date: Wed Jul 1 11:49:37 2015 +0200 common: Implement i18n_localegettext. * common/i18n.c (msg_cache_s, msg_cache_head_s): New. (msgcache): New. (i18n_localegettext): Implement locale dependent lookup. -- This is the second and final part of the change to use the gpg provided locale for Pinentry strings. It does not yet work on Windows, though. This commit should resolve Debian-bug-id: 788983 Signed-off-by: Werner Koch diff --git a/common/i18n.c b/common/i18n.c index e6d3f5e..d1f157c 100644 --- a/common/i18n.c +++ b/common/i18n.c @@ -1,5 +1,6 @@ /* i18n.c - gettext initialization - * Copyright (C) 2007, 2010 Free Software Foundation, Inc. + * Copyright (C) 2007, 2010 Free Software Foundation, Inc. + * Copyright (C) 2015 g10 Code GmbH * * This file is free software; you can redistribute it and/or modify * it under the terms of either @@ -37,6 +38,37 @@ #include "i18n.h" +/* An object to store pointers to static strings and there static + translation. A linked list is not optimal but given that we only + have a few dozen messages it should be acceptable. */ +struct msg_cache_s +{ + struct msg_cache_s *next; + const char *key; + const char *value; +}; + +/* A object to store an lc_messages string and a link to the cache + object. */ +struct msg_cache_heads_s +{ + struct msg_cache_heads_s *next; + struct msg_cache_s *cache; + char lc_messages[1]; +}; + +/* Out static cache of translated messages. We need this because + there is no gettext API to return a translation depending on the + locale. Switching the locale for each access to a translatable + string seems to be too expensive. Note that this is used only for + strings in gpg-agent which are passed to Pinentry. All other + strings are using the regular gettext interface. Note that we can + never release this memory because consumers take the result as + static strings. */ +static struct msg_cache_heads_s *msgcache; + + + void i18n_init (void) { @@ -117,11 +149,79 @@ i18n_utf8 (const char *string) /* A variant of gettext which allows to specify the local to use for translating the message. The function assumes that utf-8 is used - for the encoding. FIXME: The locale back and forth switching is - likely very expensive, thus we should consider to implement our own - cache here. */ + for the encoding. */ const char * i18n_localegettext (const char *lc_messages, const char *string) { +#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) \ + && !defined(USE_SIMPLE_GETTEXT) && defined(ENABLE_NLS) + const char *result = NULL; + char *saved = NULL; + struct msg_cache_heads_s *mh; + struct msg_cache_s *mc; + + if (!lc_messages) + goto leave; + + /* Lookup in the cache. */ + for (mh = msgcache; mh; mh = mh->next) + if (!strcmp (mh->lc_messages, lc_messages)) + break; + if (mh) + { + /* A cache entry for this local exists - find the string. + Because the system is designed for static strings it is + sufficient to compare the pointers. */ + for (mc = mh->cache; mc; mc = mc->next) + if (mc->key == string) + { + /* Cache hit. */ + result = mc->value; + goto leave; + } + } + + /* Cached miss. Change the locale, translate, reset locale. */ + saved = setlocale (LC_MESSAGES, NULL); + if (!saved) + goto leave; + saved = xtrystrdup (saved); + if (!saved) + goto leave; + if (!setlocale (LC_MESSAGES, lc_messages)) + goto leave; + + bindtextdomain (PACKAGE_GT, LOCALEDIR); + result = gettext (string); + setlocale (LC_MESSAGES, saved); + bindtextdomain (PACKAGE_GT, LOCALEDIR); + + /* Cache the result. */ + if (!mh) + { + /* First use of this locale - create an entry. */ + mh = xtrymalloc (sizeof *mh + strlen (lc_messages)); + if (!mh) + goto leave; + strcpy (mh->lc_messages, lc_messages); + mh->cache = NULL; + mh->next = msgcache; + msgcache = mh; + } + mc = xtrymalloc (sizeof *mc); + if (!mc) + goto leave; + mc->key = string; + mc->value = result; + mc->next = mh->cache; + mh->cache = mc; + + leave: + xfree (saved); + return result? result : _(string); + +#else /*!(HAVE_SETLOCALE && LC_MESSAGES ...)*/ + (void)lc_messages; return _(string); +#endif /*!(HAVE_SETLOCALE && LC_MESSAGES ...)*/ } ----------------------------------------------------------------------- Summary of changes: common/i18n.c | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 104 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 1 15:10:19 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Jul 2015 15:10:19 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-1-g279381b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 279381b59e35e530ffa0f2b7b3a88e6c9216f5ec (commit) via a499eeb6a6545d87ac9f1b64e32017bfdb4f67e6 (commit) via f1490a3a0ecf4a5a03373c9563f7709630232ee3 (commit) from 30a6720a99a89c60e1a8d7c2ce042b840c51f439 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 279381b59e35e530ffa0f2b7b3a88e6c9216f5ec Author: Werner Koch Date: Wed Jul 1 15:07:47 2015 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 37d8728..6932b92 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.1.7 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 2.1.6 (2015-07-01) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index cf49647..b38aa06 100644 --- a/configure.ac +++ b/configure.ac @@ -28,7 +28,7 @@ min_automake_version="1.14" m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [1]) -m4_define([mym4_micro], [6]) +m4_define([mym4_micro], [7]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit a499eeb6a6545d87ac9f1b64e32017bfdb4f67e6 Author: Werner Koch Date: Wed Jul 1 14:16:40 2015 +0200 Release 2.1.6 diff --git a/NEWS b/NEWS index a3d1e56..37d8728 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,32 @@ -Noteworthy changes in version 2.1.6 (unreleased) +Noteworthy changes in version 2.1.6 (2015-07-01) ------------------------------------------------ + * agent: New option --verify for the PASSWD command. + + * gpgsm: Add command option "offline" as an alternative to + --disable-dirmngr. + + * gpg: Do not prompt multiple times for a password in pinentry + loopback mode. + + * Allow the use of debug category names with --debug. + + * Using gpg-agent and gpg/gpgsm with different locales will now show + the correct translations in Pinentry. + + * gpg: Improve speed of --list-sigs and --check-sigs. + + * gpg: Make --list-options show-sig-subpackets work again. + + * gpg: Fix an export problem for old keyrings with PGP-2 keys. + + * scd: Support PIN-pads on more readers. + + * dirmngr: Properly cleanup zombie LDAP helper processes and avoid + hangs on dirmngr shutdown. + + * Various other bug fixes. + Noteworthy changes in version 2.1.5 (2015-06-11) ------------------------------------------------ commit f1490a3a0ecf4a5a03373c9563f7709630232ee3 Author: Daiki Ueno Date: Wed Jul 1 10:39:40 2015 +0900 agent: Unset INSIDE_EMACS on gpg-agent startup * agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar. -- The variable is set only temporarily when gpg is called from Emacs, keeping it during the session makes no sense. Signed-off-by: Daiki Ueno diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index c3ab175..84f8be0 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1183,6 +1183,11 @@ main (int argc, char **argv ) gnupg_unsetenv ("DISPLAY"); #endif + /* Remove the INSIDE_EMACS variable so that a pinentry does not + always try to interact with Emacs. The variable is set when + a client requested this using an OPTION command. */ + gnupg_unsetenv ("INSIDE_EMACS"); + /* Create the sockets. */ socket_name = create_socket_name (GPG_AGENT_SOCK_NAME, 1); fd = create_server_socket (socket_name, 1, 0, ----------------------------------------------------------------------- Summary of changes: NEWS | 32 +++++++++++++++++++++++++++++++- agent/gpg-agent.c | 5 +++++ configure.ac | 2 +- 3 files changed, 37 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 1 17:16:23 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Jul 2015 17:16:23 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-1-gbb80b99 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via bb80b991dfc885acc634e0105f79d7317dcf24d4 (commit) via 404943e465beeb34d71039f64f2b7e214d2d9368 (commit) via 380757782373c2069c182550d9093f995bea2f13 (commit) via 11cd8aff6e1720d4a37c92fb6d4cf2613eb17a10 (commit) from f0db3192463cccf4541820de36d985629c4df6ee (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bb80b991dfc885acc634e0105f79d7317dcf24d4 Author: Werner Koch Date: Wed Jul 1 17:14:01 2015 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 58df33b..68a1231 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 0.9.6 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 0.9.5 (2015-07-01) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index b71cb17..3389141 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.14" # (git tag -s pinentry-n.m.k) and run "./autogen.sh --force". Please # bump the version number immediately after the release, do another # commit, and a push so that the git magic is able to work. -m4_define(mym4_version, [0.9.5]) +m4_define(mym4_version, [0.9.6]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 404943e465beeb34d71039f64f2b7e214d2d9368 Author: Werner Koch Date: Wed Jul 1 17:09:25 2015 +0200 Release 0.9.5 diff --git a/NEWS b/NEWS index 0d40cc2..58df33b 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,17 @@ -Noteworthy changes in version 0.9.5 (unreleased) +Noteworthy changes in version 0.9.5 (2015-07-01) ------------------------------------------------ + * Replaced the internal Assuan and gpg-error code by the standard + libassuan and libgpg-error libraries. + + * Add a new Emacs pinentry and use as fallback for GUI programs. + + * gnome3: The use-password-manager checkbox does now work. + + * Gtk: Improved fallback to curses feature. + + * curses: Recognize DEL as backspace. + Noteworthy changes in version 0.9.4 (2015-06-05) ------------------------------------------------ commit 380757782373c2069c182550d9093f995bea2f13 Author: Werner Koch Date: Wed Jul 1 17:00:41 2015 +0200 w32: Adjust for use of standard libassuan. * autogen.rc: Add gpg-error and libassuan prefix options. * w32/Makefile.am (AM_CPPFLAGS): Use COMMON_FLAGS. (pinentry_w32_LDADD): Use COMMON_LIBS. diff --git a/autogen.rc b/autogen.rc index 1af4d83..bed429b 100644 --- a/autogen.rc +++ b/autogen.rc @@ -14,6 +14,8 @@ esac case "$myhost" in w32) configure_opts=" + --with-gpg-error-prefix=@SYSROOT@ + --with-libassuan-prefix=@SYSROOT@ --with-libiconv-prefix=@SYSROOT@ PKG_CONFIG_LIBDIR=@SYSROOT@/lib/pkgconfig " diff --git a/w32/Makefile.am b/w32/Makefile.am index 677dd6a..160d375 100644 --- a/w32/Makefile.am +++ b/w32/Makefile.am @@ -25,7 +25,7 @@ EXTRA_DIST = $(logos) bin_PROGRAMS = pinentry-w32 -AM_CPPFLAGS = -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem \ +AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/secmem \ -I$(top_srcdir)/pinentry @@ -34,8 +34,8 @@ pinentry_w32_SOURCES = main.c pinentry-w32.rc resource.h # Note: For testing you should add -mconsole to LDFLAGS. pinentry_w32_LDFLAGS = -mwindows pinentry_w32_LDADD = pinentry-w32.o \ - ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a - + ../pinentry/libpinentry.a ../secmem/libsecmem.a \ + $(COMMON_LIBS) pinentry-w32.o: pinentry-w32.rc resource.h $(logos) $(WINDRES) -I.. -v -o $@ $< commit 11cd8aff6e1720d4a37c92fb6d4cf2613eb17a10 Author: Werner Koch Date: Wed Jul 1 16:45:27 2015 +0200 Distribute files in m4/ diff --git a/.gitignore b/.gitignore index 925762d..92a9c2b 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,5 @@ tty/Makefile /qt4/pinentryconfirm.moc /qt4/pinentrydialog.moc /qt4/qsecurelineedit.moc +/m4/Makefile.in +/emacs/Makefile.in diff --git a/Makefile.am b/Makefile.am index 999f82d..22640df 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,7 +70,7 @@ else pinentry_w32 = endif -SUBDIRS = secmem pinentry ${pinentry_curses} ${pinentry_tty} \ +SUBDIRS = m4 secmem pinentry ${pinentry_curses} ${pinentry_tty} \ ${pinentry_emacs} ${pinentry_gtk_2} ${pinentry_gnome_3} \ ${pinentry_qt4} ${pinentry_w32} doc diff --git a/configure.ac b/configure.ac index 48316bf..b71cb17 100644 --- a/configure.ac +++ b/configure.ac @@ -709,6 +709,7 @@ AH_BOTTOM([ AC_CONFIG_FILES([ +m4/Makefile secmem/Makefile pinentry/Makefile curses/Makefile diff --git a/m4/Makefile.am b/m4/Makefile.am new file mode 100644 index 0000000..a5d43de --- /dev/null +++ b/m4/Makefile.am @@ -0,0 +1,2 @@ +EXTRA_DIST = curses.m4 glib.m4 gpg-error.m4 gtk.m4 iconv.m4 \ + libassuan.m4 pkg.m4 qt.m4 diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4 new file mode 100644 index 0000000..1661204 --- /dev/null +++ b/m4/gpg-error.m4 @@ -0,0 +1,121 @@ +# gpg-error.m4 - autoconf macro to detect libgpg-error. +# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH +# +# This file is free software; as a special exception the author gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Last-changed: 2014-10-02 + + +dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION, +dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl +dnl Test for libgpg-error and define GPG_ERROR_CFLAGS, GPG_ERROR_LIBS, +dnl GPG_ERROR_MT_CFLAGS, and GPG_ERROR_MT_LIBS. The _MT_ variants are +dnl used for programs requireing real multi thread support. +dnl +dnl If a prefix option is not used, the config script is first +dnl searched in $SYSROOT/bin and then along $PATH. If the used +dnl config script does not match the host specification the script +dnl is added to the gpg_config_script_warn variable. +dnl +AC_DEFUN([AM_PATH_GPG_ERROR], +[ AC_REQUIRE([AC_CANONICAL_HOST]) + gpg_error_config_prefix="" + dnl --with-libgpg-error-prefix=PFX is the preferred name for this option, + dnl since that is consistent with how our three siblings use the directory/ + dnl package name in --with-$dir_name-prefix=PFX. + AC_ARG_WITH(libgpg-error-prefix, + AC_HELP_STRING([--with-libgpg-error-prefix=PFX], + [prefix where GPG Error is installed (optional)]), + [gpg_error_config_prefix="$withval"]) + + dnl Accept --with-gpg-error-prefix and make it work the same as + dnl --with-libgpg-error-prefix above, for backwards compatibility, + dnl but do not document this old, inconsistently-named option. + AC_ARG_WITH(gpg-error-prefix,, + [gpg_error_config_prefix="$withval"]) + + if test x"${GPG_ERROR_CONFIG}" = x ; then + if test x"${gpg_error_config_prefix}" != x ; then + GPG_ERROR_CONFIG="${gpg_error_config_prefix}/bin/gpg-error-config" + else + case "${SYSROOT}" in + /*) + if test -x "${SYSROOT}/bin/gpg-error-config" ; then + GPG_ERROR_CONFIG="${SYSROOT}/bin/gpg-error-config" + fi + ;; + '') + ;; + *) + AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.]) + ;; + esac + fi + fi + + AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no) + min_gpg_error_version=ifelse([$1], ,0.0,$1) + AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version) + ok=no + if test "$GPG_ERROR_CONFIG" != "no" \ + && test -f "$GPG_ERROR_CONFIG" ; then + req_major=`echo $min_gpg_error_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$/\1/'` + req_minor=`echo $min_gpg_error_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$/\2/'` + gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args --version` + major=`echo $gpg_error_config_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$.*/\1/'` + minor=`echo $gpg_error_config_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$.*/\2/'` + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -ge "$req_minor"; then + ok=yes + fi + fi + fi + fi + if test $ok = yes; then + GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags` + GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs` + GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null` + GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null` + AC_MSG_RESULT([yes ($gpg_error_config_version)]) + ifelse([$2], , :, [$2]) + gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none` + if test x"$gpg_error_config_host" != xnone ; then + if test x"$gpg_error_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $GPG_ERROR_CONFIG was +*** built for $gpg_error_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-gpg-error-prefix +*** to specify a matching config script or use \$SYSROOT. +***]]) + gpg_config_script_warn="$gpg_config_script_warn libgpg-error" + fi + fi + else + GPG_ERROR_CFLAGS="" + GPG_ERROR_LIBS="" + GPG_ERROR_MT_CFLAGS="" + GPG_ERROR_MT_LIBS="" + AC_MSG_RESULT(no) + ifelse([$3], , :, [$3]) + fi + AC_SUBST(GPG_ERROR_CFLAGS) + AC_SUBST(GPG_ERROR_LIBS) + AC_SUBST(GPG_ERROR_MT_CFLAGS) + AC_SUBST(GPG_ERROR_MT_LIBS) +]) diff --git a/m4/libassuan.m4 b/m4/libassuan.m4 new file mode 100644 index 0000000..d3d8f2e --- /dev/null +++ b/m4/libassuan.m4 @@ -0,0 +1,150 @@ +dnl Autoconf macros for libassuan +dnl Copyright (C) 2002, 2003, 2011 Free Software Foundation, Inc. +dnl +dnl This file is free software; as a special exception the author gives +dnl unlimited permission to copy and/or distribute it, with or without +dnl modifications, as long as this notice is preserved. +dnl +dnl This file is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +dnl +dnl Common code used for libassuan detection [internal] +dnl Returns ok set to yes or no. +dnl +AC_DEFUN([_AM_PATH_LIBASSUAN_COMMON], +[ AC_REQUIRE([AC_CANONICAL_HOST]) + AC_ARG_WITH(libassuan-prefix, + AC_HELP_STRING([--with-libassuan-prefix=PFX], + [prefix where LIBASSUAN is installed (optional)]), + libassuan_config_prefix="$withval", libassuan_config_prefix="") + if test x$libassuan_config_prefix != x ; then + libassuan_config_args="$libassuan_config_args --prefix=$libassuan_config_prefix" + if test x${LIBASSUAN_CONFIG+set} != xset ; then + LIBASSUAN_CONFIG=$libassuan_config_prefix/bin/libassuan-config + fi + fi + + AC_PATH_TOOL(LIBASSUAN_CONFIG, libassuan-config, no) + + tmp=ifelse([$1], ,1:0.9.2,$1) + if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then + req_libassuan_api=`echo "$tmp" | sed 's/$.*$:$.*$/\1/'` + min_libassuan_version=`echo "$tmp" | sed 's/$.*$:$.*$/\2/'` + else + req_libassuan_api=0 + min_libassuan_version="$tmp" + fi + + AC_MSG_CHECKING(for LIBASSUAN - version >= $min_libassuan_version) + ok=no + if test "$LIBASSUAN_CONFIG" != "no" \ + && test -f "$LIBASSUAN_CONFIG" ; then + req_major=`echo $min_libassuan_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$/\1/'` + req_minor=`echo $min_libassuan_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$/\2/'` + req_micro=`echo $min_libassuan_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$/\3/'` + + libassuan_config_version=`$LIBASSUAN_CONFIG --version` + major=`echo $libassuan_config_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\1/'` + minor=`echo $libassuan_config_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\2/'` + micro=`echo $libassuan_config_version | \ + sed 's/$[[0-9]]*$\.$[[0-9]]*$\.$[[0-9]]*$.*/\3/'` + + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -gt "$req_minor"; then + ok=yes + else + if test "$minor" -eq "$req_minor"; then + if test "$micro" -ge "$req_micro"; then + ok=yes + fi + fi + fi + fi + fi + fi + + if test $ok = yes; then + AC_MSG_RESULT([yes ($libassuan_config_version)]) + else + AC_MSG_RESULT(no) + fi + + if test $ok = yes; then + if test "$req_libassuan_api" -gt 0 ; then + tmp=`$LIBASSUAN_CONFIG --api-version 2>/dev/null || echo 0` + if test "$tmp" -gt 0 ; then + AC_MSG_CHECKING([LIBASSUAN API version]) + if test "$req_libassuan_api" -eq "$tmp" ; then + AC_MSG_RESULT(okay) + else + ok=no + AC_MSG_RESULT([does not match. want=$req_libassuan_api got=$tmp.]) + fi + fi + fi + fi + + if test $ok = yes; then + if test x"$host" != x ; then + libassuan_config_host=`$LIBASSUAN_CONFIG --host 2>/dev/null || echo none` + if test x"$libassuan_config_host" != xnone ; then + if test x"$libassuan_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $LIBASSUAN_CONFIG was +*** built for $libassuan_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libassuan-prefix +*** to specify a matching config script. +***]]) + fi + fi + fi + fi +]) + +dnl AM_CHECK_LIBASSUAN([MINIMUM-VERSION, +dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test whether libassuan has at least MINIMUM-VERSION. This is +dnl used to test for features only available in newer versions. +dnl +AC_DEFUN([AM_CHECK_LIBASSUAN], +[ _AM_PATH_LIBASSUAN_COMMON($1) + if test $ok = yes; then + ifelse([$2], , :, [$2]) + else + ifelse([$3], , :, [$3]) + fi +]) + + + + +dnl AM_PATH_LIBASSUAN([MINIMUM-VERSION, +dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for libassuan and define LIBASSUAN_CFLAGS and LIBASSUAN_LIBS +dnl +AC_DEFUN([AM_PATH_LIBASSUAN], +[ _AM_PATH_LIBASSUAN_COMMON($1) + if test $ok = yes; then + LIBASSUAN_CFLAGS=`$LIBASSUAN_CONFIG $libassuan_config_args --cflags` + LIBASSUAN_LIBS=`$LIBASSUAN_CONFIG $libassuan_config_args --libs` + ifelse([$2], , :, [$2]) + else + LIBASSUAN_CFLAGS="" + LIBASSUAN_LIBS="" + ifelse([$3], , :, [$3]) + fi + AC_SUBST(LIBASSUAN_CFLAGS) + AC_SUBST(LIBASSUAN_LIBS) +]) ----------------------------------------------------------------------- Summary of changes: .gitignore | 2 + Makefile.am | 2 +- NEWS | 17 ++++++- autogen.rc | 2 + configure.ac | 3 +- m4/Makefile.am | 2 + m4/gpg-error.m4 | 121 +++++++++++++++++++++++++++++++++++++++++++++ m4/libassuan.m4 | 150 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ w32/Makefile.am | 6 +-- 9 files changed, 299 insertions(+), 6 deletions(-) create mode 100644 m4/Makefile.am create mode 100644 m4/gpg-error.m4 create mode 100644 m4/libassuan.m4 hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 1 17:18:59 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 01 Jul 2015 17:18:59 +0200 Subject: [git] gnupg-doc - branch, master, updated. c99978e0854e90a0af43f662280eb82e3b4580ed Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via c99978e0854e90a0af43f662280eb82e3b4580ed (commit) via 4200b3ee401a82e0ec68cbd6e8ea5c1c77cd92b8 (commit) from 88434826fdc718a2849833eb011707def7e6191f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c99978e0854e90a0af43f662280eb82e3b4580ed Author: Werner Koch Date: Wed Jul 1 17:16:39 2015 +0200 swdb: Pinentry 0.9.5 release diff --git a/web/swdb.mac b/web/swdb.mac index 8a06d65..3e6bd57 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -53,9 +53,9 @@ # # PINENTRY # -#+macro: pinentry_ver 0.9.4 -#+macro: pinentry_size 498k -#+macro: pinentry_sha1 0c47f0ddea4631bcba01ebbeca8bffe0bf43e440 +#+macro: pinentry_ver 0.9.5 +#+macro: pinentry_size 503k +#+macro: pinentry_sha1 11979a6826ef5de73b52fd8c5b84f8321a133e53 # commit 4200b3ee401a82e0ec68cbd6e8ea5c1c77cd92b8 Author: Werner Koch Date: Wed Jul 1 15:22:36 2015 +0200 web: gnupg 2.1.6 release diff --git a/web/index.org b/web/index.org index bf7bceb..fb7cd8e 100644 --- a/web/index.org +++ b/web/index.org @@ -64,6 +64,11 @@ The latest release news:\\ # GnuPG's latest news are available as [[http://feedvalidator.org/check.cgi?url%3Dhttps://www.gnupg.org/news.en.rss][RSS 2.0 compliant]] feed. Just # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.1.6 released (2015-07-01) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000370.html][anouncement mail]] for details. + ** GnuPG 2.1.5 released (2015-06-11) A new version of the /modern/ branch of GnuPG has been released. diff --git a/web/swdb.mac b/web/swdb.mac index 3f28686..8a06d65 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -17,14 +17,14 @@ # # GnuPG-2.1 # -#+macro: gnupg21_ver 2.1.5 +#+macro: gnupg21_ver 2.1.6 #+macro: gnupg21_branch master -#+macro: gnupg21_size 4791k -#+macro: gnupg21_sha1 02bbe32e1ef3b06b3ae3c60c955fb767a1aa0f2f +#+macro: gnupg21_size 4802k +#+macro: gnupg21_sha1 9e8157b3386da04760657ce3117fc4dc570c57c5 # -#+macro: gnupg21_w32_ver 2.1.5_20150611 -#+macro: gnupg21_w32_size 2567k -#+macro: gnupg21_w32_sha1 f705fb6ae7612428b33cc51e23e006cdbf958e5d +#+macro: gnupg21_w32_ver 2.1.6_20150701 +#+macro: gnupg21_w32_size 2577k +#+macro: gnupg21_w32_sha1 a8cd2e7ab48abb94c126051df902e3380faf117e # ----------------------------------------------------------------------- Summary of changes: web/index.org | 5 +++++ web/swdb.mac | 18 +++++++++--------- 2 files changed, 14 insertions(+), 9 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 2 05:15:53 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 02 Jul 2015 05:15:53 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-2-g45c49a0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 45c49a0030c7a01ec011ce810ddb3aaef734e9bf (commit) from 279381b59e35e530ffa0f2b7b3a88e6c9216f5ec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 45c49a0030c7a01ec011ce810ddb3aaef734e9bf Author: NIIBE Yutaka Date: Thu Jul 2 12:14:40 2015 +0900 scd: Support AES decryption for OpenPGPcard v3.0. * scd/app-openpgp.c (do_decipher): Support AES decryption. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 467389d..f5911f3 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -4101,7 +4101,10 @@ do_decipher (app_t app, const char *keyidstr, if (rc) return rc; - if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA) + if (indatalen == 16 + 1 || indatalen == 32 + 1) + /* PSO:DECIPHER with symmetric key. */ + padind = -1; + else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA) { /* We might encounter a couple of leading zeroes in the cryptogram. Due to internal use of MPIs these leading zeroes ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 2 05:22:46 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 02 Jul 2015 05:22:46 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-3-g3502b3c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3502b3cc0f5ff92ab89a0da8b1e344a8ad615737 (commit) from 45c49a0030c7a01ec011ce810ddb3aaef734e9bf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3502b3cc0f5ff92ab89a0da8b1e344a8ad615737 Author: NIIBE Yutaka Date: Thu Jul 2 12:22:37 2015 +0900 po: Update Japanese translation. diff --git a/po/ja.po b/po/ja.po index 581b1b3..3bdac1b 100644 --- a/po/ja.po +++ b/po/ja.po @@ -8,9 +8,9 @@ # msgid "" msgstr "" -"Project-Id-Version: gnupg 2.1.5\n" +"Project-Id-Version: gnupg 2.1.6\n" "Report-Msgid-Bugs-To: translations at gnupg.org\n" -"PO-Revision-Date: 2015-06-16 12:46+0900\n" +"PO-Revision-Date: 2015-07-02 12:21+0900\n" "Last-Translator: NIIBE Yutaka \n" "Language-Team: none\n" "Language: ja\n" @@ -85,7 +85,7 @@ msgstr "" "?????????)" msgid "PIN:" -msgstr "" +msgstr "PIN:" msgid "Passphrase:" msgstr "??????:" @@ -275,8 +275,7 @@ msgid_plural "" "A passphrase should contain at least %u digits or%%0Aspecial characters." msgstr[0] "???????????%u??????????????????" -#, fuzzy, c-format -#| msgid "A passphrase may not be a known term or match%%0Acertain pattern." +#, c-format msgid "A passphrase may not be a known term or match%%0Acertain pattern." msgstr "" "????????????????????????????????????%%0A" @@ -645,12 +644,13 @@ msgstr "???????????" msgid "I'll change it later" msgstr "??????" -#, fuzzy, c-format -#| msgid "Do you really want to delete the selected keys? (y/N) " +#, c-format msgid "" "Do you really want to delete the key identified by keygrip%%0A %s%%0A %%C" "%%0A?" -msgstr "???????????????? (y/N) " +msgstr "" +"??????: keygrip%%0A %s%%0A %%C" +"%%0A????????" msgid "Delete key" msgstr "??????" @@ -803,7 +803,7 @@ msgstr "" #, c-format msgid "unknown debug flag '%s' ignored\n" -msgstr "" +msgstr "???debug???'%s'????????\n" #, c-format msgid "no running gpg-agent - starting '%s'\n" @@ -3930,15 +3930,12 @@ msgstr "???????????: " msgid "Signature notation: " msgstr "????: " -#, fuzzy -#| msgid "1 bad signature\n" msgid "1 good signature\n" -msgstr "?????1?\n" +msgstr "?????1?\n" -#, fuzzy, c-format -#| msgid "%d bad signatures\n" +#, c-format msgid "%d good signatures\n" -msgstr "?????%d?\n" +msgstr "?????%d?\n" #, c-format msgid "Warning: %lu key(s) skipped due to their large size\n" ----------------------------------------------------------------------- Summary of changes: po/ja.po | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 3 22:22:06 2015 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Fri, 03 Jul 2015 22:22:06 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-4-g1be2ceb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1be2cebf7ff5837c8b548b4f4afbf1b8b28211bc (commit) from 3502b3cc0f5ff92ab89a0da8b1e344a8ad615737 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1be2cebf7ff5837c8b548b4f4afbf1b8b28211bc Author: Daniel Kahn Gillmor Date: Thu Jul 2 15:10:49 2015 -0400 drop long-deprecated gpgsm-gencert.sh * tools/gpgsm-gencert.sh: remove deprecated script entirely. It is fully replaced by gpgsm --gen-key * doc/tools.texi: remove gpgsm-gencert.sh documentation * .gitignore: no longer ignore gpgsm-gencert.sh manpage * doc/Makefile.am: quit making the manpage * tools/Makefile.am: quit distributing the script * doc/howto-create-a-server-cert.texi: overhaul documentation to use gpgsm --gen-key and tweak explanations -- The commit deprecating gpgsm-gencert.sh (81972ca7d53ff1996e0086702a09d4405bdc2a7e) dates back exactly 6 years. https://codesearch.debian.net/results/gpgsm-gencert.sh suggests that in all of debian it is only referenced in documentation (for poldi and scute) and example files (libept), and isn't actually used directly anywhere. Furthermore, trying to use gpgsm-gencert.sh to make a simple webserver certificate-signing request failed for me, following the examples in doc/howto-create-a-server-cert.texi exactly. It's time we ripped off this band-aid :) Signed-off-by: Daniel Kahn Gillmor diff --git a/.gitignore b/.gitignore index a525f14..dd3d031 100644 --- a/.gitignore +++ b/.gitignore @@ -67,7 +67,6 @@ doc/gpg-zip.1 doc/gpg2.1 doc/gpgconf.1 doc/gpgparsemail.1 -doc/gpgsm-gencert.sh.1 doc/gpgsm.1 doc/gpgv2.1 doc/scdaemon.1 diff --git a/NEWS b/NEWS index 6932b92..476f42c 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,7 @@ Noteworthy changes in version 2.1.7 (unreleased) ------------------------------------------------ + * dropped deprecated gpgsm-gencert.sh Noteworthy changes in version 2.1.6 (2015-07-01) ------------------------------------------------ diff --git a/doc/Makefile.am b/doc/Makefile.am index 3ea19ad..3ed3057 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -71,7 +71,7 @@ myman_sources = gnupg7.texi gpg.texi gpgsm.texi gpg-agent.texi \ myman_pages = gpg2.1 gpgsm.1 gpg-agent.1 dirmngr.8 scdaemon.1 gpgv2.1 \ watchgnupg.1 gpgconf.1 addgnupghome.8 gpg-preset-passphrase.1 \ gpg-connect-agent.1 gpgparsemail.1 symcryptrun.1 \ - gpgsm-gencert.sh.1 applygnupgdefaults.8 gpg-zip.1 \ + applygnupgdefaults.8 gpg-zip.1 \ dirmngr-client.1 man_MANS = $(myman_pages) gnupg.7 diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi index ce6dd2f..496c9ee 100644 --- a/doc/howto-create-a-server-cert.texi +++ b/doc/howto-create-a-server-cert.texi @@ -7,18 +7,17 @@ actually been done this way to get a certificate from CAcert to be used on a real server. It has only been tested with this CA, but there shouldn't be any problem to run this against any other CA. -Before you start, make sure that gpg-agent is running. As there is no -need for a configuration file, you may simply enter: +We start by generating an X.509 certificate signing request. As there +is no need for a configuration file, you may simply enter: @cartouche @example - $ gpgsm-gencert.sh >a.p10 - Key type - [1] RSA - [2] Existing key - [3] Direct from card - Your selection: 1 - You selected: RSA + $ gpgsm --gen-key >example.com.cert-req.pem + Please select what kind of key you want: + (1) RSA + (2) Existing key + (3) Existing key from card + Your selection? 1 @end example @end cartouche @@ -32,39 +31,36 @@ Let's continue: @cartouche @example - Key length - [1] 1024 - [2] 2048 - Your selection: 1 - You selected: 1024 + What keysize do you want? (2048) + Requested keysize is 2048 bits @end example @end cartouche -The script offers two common key sizes. With the current setup of -CAcert, it does not make much sense to use a 2k key; their policies need -to be revised anyway (a CA root key valid for 30 years is not really -serious). +Hitting enter chooses the default RSA key size of 2048 bits. Smaller +keys are too weak on the modern Internet. If you choose a larger +(stronger) key, your server will need to do more work. @cartouche @example - Key usage - [1] sign, encrypt - [2] sign - [3] encrypt - Your selection: 1 - You selected: sign, encrypt + Possible actions for a RSA key: + (1) sign, encrypt + (2) sign + (3) encrypt + Your selection? 1 @end example @end cartouche -We want to sign and encrypt using this key. This is just a suggestion -and the CA may actually assign other key capabilities. +Selecting ``sign'' enables use of the key for Diffie-Hellman key +exchange mechanisms (DHE and ECDHE) in TLS, which are preferred +because they offer forward secrecy. Selecting ``encrypt'' enables RSA +key exchange mechanisms, which are still common in some places. +Selecting both enables both key exchange mechanisms. Now for some real data: @cartouche @example - Name (DN) - > CN=kerckhoffs.g10code.com + Enter the X.509 subject name: CN=example.com @end example @end cartouche @@ -74,13 +70,13 @@ server names later. @cartouche @example - E-Mail addresses (end with an empty line) + E-Mail addresses (end with an empty line): > @end example @end cartouche -We don't need email addresses in a server certificate and CAcert would -anyway ignore such a request. Thus just hit enter. +We don't need email addresses in a TLS server certificate and CAcert +would anyway ignore such a request. Thus just hit enter. If you want to create a client certificate for email encryption, this would be the place to enter your mail address @@ -89,22 +85,21 @@ however the CA may not accept them all or reject the entire request. @cartouche @example - DNS Names (optional; end with an empty line) - > www.g10code.com - DNS Names (optional; end with an empty line) - > ftp.g10code.com - DNS Names (optional; end with an empty line) + Enter DNS names (optional; end with an empty line): + > example.com + > www.example.com > @end example @end cartouche -Here I entered the names of the servers which actually run on the -machine given in the DN above. The browser will accept a certificate for -any of these names. As usual the CA must approve all of these names. +Here I entered the names of the services which the machine actually +provides. You almost always want to include the canonical name here +too. The browser will accept a certificate for any of these names. As +usual the CA must approve all of these names. @cartouche @example - URIs (optional; end with an empty line) + URIs (optional; end with an empty line): > @end example @end cartouche @@ -112,25 +107,30 @@ any of these names. As usual the CA must approve all of these names. It is possible to insert arbitrary URIs into a certificate; for a server certificate this does not make sense. + at cartouche + at example + Create self-signed certificate? (y/N) + at end example + at end cartouche + +Since we are creating a certificate signing request, and not a full +certificate, we answer no here, or just hit enter for the default. + We have now entered all required information and @command{gpgsm} will display what it has gathered and ask whether to create the certificate request: @cartouche @example - Parameters for certificate request to create: - 1 Key-Type: RSA - 2 Key-Length: 1024 - 3 Key-Usage: sign, encrypt - 4 Name-DN: CN=kerckhoffs.g10code.com - 5 Name-DNS: www.g10code.com - 6 Name-DNS: ftp.g10code.com - - Really create such a CSR? - [1] yes - [2] no - Your selection: 1 - You selected: yes + These parameters are used: + Key-Type: RSA + Key-Length: 2048 + Key-Usage: sign, encrypt + Name-DN: CN=example.com + Name-DNS: example.com + Name-DNS: www.example.com + + Proceed with creation? (y/N) y @end example @end cartouche @@ -146,6 +146,7 @@ When it is ready, you should see the final notice: @cartouche @example gpgsm: certificate request created + Ready. You should now send this request to your CA. @end example @end cartouche @@ -153,17 +154,22 @@ Now, you may look at the created request: @cartouche @example - $ cat a.p10 + $ cat example.com.cert-req.pem -----BEGIN CERTIFICATE REQUEST----- - MIIBnzCCAQgCAQAwITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCB - nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVyg - HtB7kr+YISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlS - wFTALLX78GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkm - Bj5cNy+YMbGVldECAwEAAaA+MDwGCSqGSIb3DQEJDjEvMC0wKwYDVR0RBCQwIoIP - d3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5jb20wDQYJKoZIhvcNAQEFBQAD - gYEAzBRIi8KTfKyebOlMtDN6oDYBOv+r9A4w3u/Z1ikjffaiN1Bmd2o9Ez9KXKHA - IezLeSEA/rGUPN5Ur5qIJnRNQ8xrS+iLftr8msWQSZppVnA/vnqMrtqBUpitqAr0 - eYBmt1Uem2Y3UFABrKPglv2xzgGkrKX6AqmFoOnJWQ0QcTw= + MIIClTCCAX0CAQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3 + DQEBAQUAA4IBDwAwggEKAoIBAQDP1QEcbTvOLLCX4gAoOzH9AW7jNOMj7OSOL0uW + h2bCdkK5YVpnX212Z6COTC3ZG0pJiCeGt1TbbDJUlTa4syQ6JXavjK66N8ASZsyC + Rwcl0m6hbXp541t1dbgt2VgeGk25okWw3j+brw6zxLD2TnthJxOatID0lDIG47HW + GqzZmA6WHbIBIONmGnReIHTpPAPCDm92vUkpKG1xLPszuRmsQbwEl870W/FHrsvm + DPvVUUSdIvTV9NuRt7/WY6G4nPp9QlIuTf1ESPzIuIE91gKPdrRCAx0yuT708S1n + xCv3ETQ/bKPoAQ67eE3mPBqkcVwv9SE/2/36Lz06kAizRgs5AgMBAAGgOjA4Bgkq + hkiG9w0BCQ4xKzApMCcGA1UdEQQgMB6CC2V4YW1wbGUuY29tgg93d3cuZXhhbXBs + ZS5jb20wDQYJKoZIhvcNAQELBQADggEBAEWD0Qqz4OENLYp6yyO/KqF0ig9FDsLN + b5/R+qhms5qlhdB5+Dh+j693Sj0UgbcNKc6JT86IuBqEBZmRCJuXRoKoo5aMS1cJ + hXga7N9IA3qb4VBUzBWvlL92U2Iptr/cEbikFlYZF2Zv3PBv8RfopVlI3OLbKV9D + bJJTt/6kuoydXKo/Vx4G0DFzIKNdFdJk86o/Ziz8NOs9JjZxw9H9VY5sHKFM5LKk + VcLwnnLRlNjBGB+9VK/Tze575eG0cJomTp7UGIB+1xzIQVAhUZOizRDv9tHDeaK3 + k+tUhV0kuJcYHucpJycDSrP/uAY5zuVJ0rs2QSjdnav62YrRgEsxJrU= -----END CERTIFICATE REQUEST----- $ @end example @@ -189,26 +195,7 @@ followed by a Ctrl-D @example -----BEGIN CERTIFICATE----- MIIEIjCCAgqgAwIBAgIBTDANBgkqhkiG9w0BAQQFADBUMRQwEgYDVQQKEwtDQWNl - cnQgSW5jLjEeMBwGA1UECxMVaHR0cDovL3d3dy5DQWNlcnQub3JnMRwwGgYDVQQD - ExNDQWNlcnQgQ2xhc3MgMyBSb290MB4XDTA1MTAyODE2MjA1MVoXDTA3MTAyODE2 - MjA1MVowITEfMB0GA1UEAxMWa2VyY2tob2Zmcy5nMTBjb2RlLmNvbTCBnzANBgkq - hkiG9w0BAQEFAAOBjQAwgYkCgYEA5h+uKRenpvbe+BnMY6siPO50LVygHtB7kr+Y - ISlPJ5JAFO12yQFz9Y0sBLHbjR+V+TOawwP1dZhGjlgnEBkMdWKuEBlSwFTALLX7 - 8GAyvAYAmPqSPDEYXkMECyUXVX/bbGI1bY8Y2OGy4w4D+v7e+xD2NBkmBj5cNy+Y - MbGVldECAwEAAaOBtTCBsjAMBgNVHRMBAf8EAjAAMDQGA1UdJQQtMCsGCCsGAQUF - BwMCBggrBgEFBQcDAQYJYIZIAYb4QgQBBgorBgEEAYI3CgMDMAsGA1UdDwQEAwIF - oDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy - dC5vcmcwKwYDVR0RBCQwIoIPd3d3LmcxMGNvZGUuY29tgg9mdHAuZzEwY29kZS5j - b20wDQYJKoZIhvcNAQEEBQADggIBAAj5XAHCtzQR8PV6PkQBgZqUCbcfxGO/ZIp9 - aIT6J2z0Jo1OZI6KmConbqnZG9WyDlV5P7msQXW/Z9nBfoj4KSmNR8G/wtb8ClJn - W8s75+K3ZLq1UgEyxBDrS7GjtbVaj7gsfZsuiQzxmk9lbl1gbkpJ3VEMjwVCTMlM - fpjp8etyPhUZqOZaoKVaq//KTOsjhPMwz7TcfOkHvXketPrWTcefJQU7NKLH16D3 - mZAwnBxp3P51H6E6VG8AoJO8xCBuVwsbXKEf/FW+tmKG9pog6CaZQ9WibROTtnKj - NJjSBsrUk5C+JowO/EyZRGm6R1tlok8iFXj+2aimyeBqDcxozNmFgh9F3S5u0wK0 - 6cfYgkPVMHxgwV3f3Qh+tJkgLExN7KfO9hvpZqAh+CLQtxVmvpxEVEXKR6nwBI5U - BaseulvVy3wUfg2daPkG17kDDBzQlsWC0BRF8anH+FWSrvseC3nS0a9g3sXF1Ic3 - gIqeAMhkant1Ac3RR6YCWtJKr2rcQNdDAxXK35/gUSQNCi9dclEzoOgjziuA1Mha - 94jYcvGKcwThn0iITVS5hOsCfaySBLxTzfIruLbPxXlpWuCW/6I/7YyivppKgEZU + [...] rUTFlNElRXCwIl0YcJkIaYYqWf7+A/aqYJCi8+51usZwMy3Jsq3hJ6MA3h1BgwZs Rtct3tIX -----END CERTIFICATE----- @@ -229,19 +216,19 @@ To see the content of your certificate, you may now enter: @cartouche @example - $ gpgsm -K kerckhoffs.g10code.com + $ gpgsm -K example.com /home/foo/.gnupg/pubring.kbx --------------------------- Serial number: 4C Issuer: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.[...] - Subject: /CN=kerckhoffs.g10code.com - aka: (dns-name www.g10code.com) - aka: (dns-name ftp.g10code.com) - validity: 2005-10-28 16:20:51 through 2007-10-28 16:20:51 - key type: 1024 bit RSA + Subject: /CN=example.com + aka: (dns-name example.com) + aka: (dns-name www.example.com) + validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51 + key type: 2048 bit RSA key usage: digitalSignature keyEncipherment ext key usage: clientAuth (suggested), serverAuth (suggested), [...] - fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:19:D8:E9:65:B9:BD:4F:B1:98:CC:57 + fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57 @end example @end cartouche @@ -256,7 +243,7 @@ certificate. To create such a file, run: @cartouche @example - $ gpgsm --export-secret-key-p12 -a >kerckhoffs-cert.pem + $ gpgsm --export-secret-key-p12 -a >example.com-cert.pem @end example @end cartouche @@ -266,12 +253,12 @@ certificate as well as the private key: @cartouche @example - $ cat kerckhoffs-cert.pem + $ cat example-cert.pem Issuer ...: /CN=CAcert Class 3 Root/OU=http:\x2f\x2fwww.CA[...] Serial ...: 4C - Subject ..: /CN=kerckhoffs.g10code.com - aka ..: (dns-name www.g10code.com) - aka ..: (dns-name ftp.g10code.com) + Subject ..: /CN=example.com + aka ..: (dns-name example.com) + aka ..: (dns-name www.example.com) -----BEGIN PKCS12----- MIIHlwIBAzCCB5AGCSqGSIb37QdHAaCCB4EEggd9MIIHeTk1BJ8GCSqGSIb3DQEu diff --git a/doc/tools.texi b/doc/tools.texi index a067eb6..1dd1b35 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -15,7 +15,6 @@ GnuPG comes with a couple of smaller tools: * addgnupghome:: Create .gnupg home directories. * gpgconf:: Modify .gnupg home directories. * applygnupgdefaults:: Run gpgconf for all users. -* gpgsm-gencert.sh:: Generate an X.509 certificate request. * gpg-preset-passphrase:: Put a passphrase into the cache. * gpg-connect-agent:: Communicate with a running agent. * dirmngr-client:: How to use the Dirmngr client tool. @@ -1001,42 +1000,6 @@ applygnupgdefaults @c - at c GPGSM-GENCERT.SH - at c - at node gpgsm-gencert.sh - at section Generate an X.509 certificate request - at manpage gpgsm-gencert.sh.1 - at ifset manverb -.B gpgsm-gencert.sh -\- Generate an X.509 certificate request - at end ifset - - at mansect synopsis - at ifset manverb -.B gpgsm-gencert.sh - at end ifset - - at mansect description -This is a simple tool to interactively generate a certificate request -which will be printed to stdout. - - at manpause - at noindent - at command{gpgsm-gencert.sh} is invoked as: - - at samp{gpgsm-cencert.sh} - - at mansect see also - at ifset isman - at command{gpgsm}(1), - at command{gpg-agent}(1), - at command{scdaemon}(1) - at end ifset - at include see-also-note.texi - - - - at c @c GPG-PRESET-PASSPHRASE @c @node gpg-preset-passphrase diff --git a/tools/Makefile.am b/tools/Makefile.am index 5c28954..496b1a6 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -18,7 +18,7 @@ EXTRA_DIST = \ Manifest watchgnupg.c \ - addgnupghome applygnupgdefaults gpgsm-gencert.sh \ + addgnupghome applygnupgdefaults \ lspgpot mail-signed-keys convert-from-106 sockprox.c \ ccidmon.c ChangeLog-2011 gpg-connect-agent-w32info.rc @@ -34,7 +34,6 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS) $(LIBASSUAN_CFLAGS) sbin_SCRIPTS = addgnupghome applygnupgdefaults -bin_SCRIPTS = gpgsm-gencert.sh if HAVE_USTAR # bin_SCRIPTS += gpg-zip noinst_SCRIPTS = gpg-zip diff --git a/tools/gpgsm-gencert.sh b/tools/gpgsm-gencert.sh deleted file mode 100755 index b209c8e..0000000 --- a/tools/gpgsm-gencert.sh +++ /dev/null @@ -1,203 +0,0 @@ -#!/bin/sh -# -*- sh -*- -# gpgsm-gencert.c - Generate X.509 certificates through GPGSM. -# Copyright (C) 2004, 2005 Free Software Foundation, Inc. -# -# This file is part of GnuPG. -# -# GnuPG is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# GnuPG is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . - -set -e - -ASSUAN_FP_IN=4 -ASSUAN_FP_OUT=5 - -ASSUAN_COMMANDS="\ -INPUT FD=$ASSUAN_FP_IN\n\ -OUTPUT FD=$ASSUAN_FP_OUT --armor\n\ -GENKEY\n\ -BYE\n" - -ANSWER="" - -query_user() -{ - message=$1; shift - - echo "$message" >&2 - echo -n "> " >&2 - read answer - - ANSWER=$answer; -} - -query_user_menu() -{ - message=$1; shift - i=0 - - echo "$message" >&2 - for choice in "$@"; do - i=$(expr $i + 1) - echo " [$i] $choice" >&2 - done - - while true; do - j=1 - echo -n "Your selection: " >&2 - read idx - - while [ $j -lt $i -o $j -eq $i ]; do - if [ "$idx" = $j ]; then - break - fi - j=$(expr $j + 1) - done - if [ $j -lt $i -o $j -eq $i ]; then - break - fi - done - - i=0 - for choice in "$@"; do - i=$(expr $i + 1) - if [ $i -eq $idx ]; then - ANSWER=$1 - break; - fi - shift - done - - echo "You selected: $ANSWER" >&2 -} - - -echo "WARNING: This script is deprecated; please use" >&2 -echo " gpgsm --gen-key" >&2 -echo " instead." >&2 -KEY_TYPE="" -while [ -z "$KEY_TYPE" ]; do - query_user_menu "Key type" "RSA" "Existing key" "Direct from card" - case "$ANSWER" in - RSA) - KEY_TYPE=$ANSWER - query_user_menu "Key length" "1024" "2048" - KEY_LENGTH=$ANSWER - KEY_GRIP= - ;; - Existing*) - # User requested to use an existing key; need to set some dummy defaults - query_user "Keygrip " - if [ -n "$ANSWER" ]; then - KEY_TYPE=RSA - KEY_LENGTH=1024 - KEY_GRIP=$ANSWER - fi - ;; - Direct*) - tmp=$(echo 'SCD SERIALNO' | gpg-connect-agent | \ - awk '$2 == "SERIALNO" {print $3}') - if [ -z "$tmp" ]; then - echo "No card found" >&2 - else - echo "Card with S/N $tmp found" >&2 - tmp=$(echo 'SCD LEARN --force' | gpg-connect-agent | \ - awk '$2 == "KEYPAIRINFO" {printf " %s", $4}') - sshid=$(echo 'SCD GETATTR $AUTHKEYID' | gpg-connect-agent | \ - awk '$2 == "$AUTHKEYID" {print $3}') - [ -n "$sshid" ] && echo "gpg-agent uses $sshid as ssh key" >&2 - query_user_menu "Select key " $tmp "back" - if [ "$ANSWER" != "back" ]; then - KEY_TYPE="card:$ANSWER" - KEY_LENGTH= - KEY_GRIP= - fi - fi - ;; - *) - exit 1 - ;; - esac -done - -query_user_menu "Key usage" "sign, encrypt" "sign" "encrypt" -KEY_USAGE=$ANSWER - -query_user "Name (DN)" -NAME=$ANSWER - -EMAIL_ADDRESSES= -LF= -while : ; do - query_user "E-Mail addresses (end with an empty line)" - [ -z "$ANSWER" ] && break - EMAIL_ADDRESSES="${EMAIL_ADDRESSES}${LF}Name-Email: $ANSWER" - LF=' -' -done - -DNS_ADDRESSES= -LF= -while : ; do - query_user "DNS Names (optional; end with an empty line)" - [ -z "$ANSWER" ] && break - DNS_ADDRESSES="${DNS_ADDRESSES}${LF}Name-DNS: $ANSWER" - LF=' -' -done - -URI_ADDRESSES= -LF= -while : ; do - query_user "URIs (optional; end with an empty line)" - [ -z "$ANSWER" ] && break - URI_ADDRESSES="${URI_ADDRESSES}${LF}Name-URI: $ANSWER" - LF=' -' -done - -file_parameter=$(mktemp "/tmp/gpgsm.XXXXXX") -outfile=$(mktemp "/tmp/gpgsm.XXXXXX") - - -( -cat < "$file_parameter" - - -echo 'Parameters for certificate request to create:' >&2 -cat -n "$file_parameter" >&2 -echo >&2 - -query_user_menu "Really create such a CSR?" "yes" "no" -[ "$ANSWER" != "yes" ] && exit 1 - - -printf "$ASSUAN_COMMANDS" | \ - gpgsm --no-log-file --debug-level none --debug-none \ - --server 4< "$file_parameter" 5>"$outfile" >/dev/null - -cat "$outfile" - -rm "$file_parameter" "$outfile" -exit 0 ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 - NEWS | 1 + doc/Makefile.am | 2 +- doc/howto-create-a-server-cert.texi | 177 +++++++++++++++---------------- doc/tools.texi | 37 ------- tools/Makefile.am | 3 +- tools/gpgsm-gencert.sh | 203 ------------------------------------ 7 files changed, 85 insertions(+), 339 deletions(-) delete mode 100755 tools/gpgsm-gencert.sh hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 7 04:09:54 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 07 Jul 2015 04:09:54 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-231-g0a7547e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0a7547e487a8bc4e7ac9599c55579eb2e4a13f06 (commit) from a36ee7501f68ad7ebcfe31f9659430b9d2c3ddd1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0a7547e487a8bc4e7ac9599c55579eb2e4a13f06 Author: NIIBE Yutaka Date: Mon Jul 6 12:01:00 2015 +0900 ecc: fix memory leaks. cipher/ecc.c (ecc_generate): Fix memory leak on error of _gcry_pk_util_parse_flaglist and _gcry_ecc_eddsa_encodepoint. (ecc_check_secret_key): Fix memory leak on error of _gcry_ecc_update_curve_param. (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Remove unnecessary sexp_release and fix memory leak on error of _gcry_ecc_fill_in_curve. (ecc_decrypt_raw): Fix double free of the point kG and memory leak on error of _gcry_ecc_os2ec. diff --git a/cipher/ecc.c b/cipher/ecc.c index 5ffe84b..f5bc50a 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -551,7 +551,6 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) return GPG_ERR_NO_OBJ; /* No NBITS parameter. */ rc = _gcry_ecc_fill_in_curve (nbits, curve_name, &E, &nbits); - xfree (curve_name); curve_name = NULL; if (rc) goto leave; @@ -595,10 +594,9 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) !!(flags & PUBKEY_FLAG_COMP), &encpk, &encpklen); if (rc) - return rc; + goto leave; public = mpi_new (0); mpi_set_opaque (public, encpk, encpklen*8); - encpk = NULL; } else { @@ -691,6 +689,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) mpi_free (Qx); mpi_free (Qy); _gcry_mpi_ec_free (ctx); + xfree (curve_name); sexp_release (curve_flags); sexp_release (curve_info); return rc; @@ -744,7 +743,7 @@ ecc_check_secret_key (gcry_sexp_t keyparms) &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n, &sk.E.h); if (rc) - return rc; + goto leave; } } if (mpi_g) @@ -877,7 +876,6 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ - sexp_release (l1); l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { @@ -886,7 +884,7 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) { rc = _gcry_ecc_fill_in_curve (0, curvename, &sk.E, NULL); if (rc) - return rc; + goto leave; } } /* Guess required fields if a curve parameter has not been given. @@ -1043,7 +1041,6 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ - sexp_release (l1); l1 = sexp_find_token (s_keyparms, "curve", 5); if (l1) { @@ -1052,7 +1049,7 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) { rc = _gcry_ecc_fill_in_curve (0, curvename, &pk.E, NULL); if (rc) - return rc; + goto leave; } } /* Guess required fields if a curve parameter has not been given. @@ -1252,7 +1249,6 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ - sexp_release (l1); l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { @@ -1261,7 +1257,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms) { rc = _gcry_ecc_fill_in_curve (0, curvename, &pk.E, NULL); if (rc) - return rc; + goto leave; } } /* Guess required fields if a curve parameter has not been given. */ @@ -1421,7 +1417,6 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ - sexp_release (l1); l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { @@ -1430,7 +1425,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) { rc = _gcry_ecc_fill_in_curve (0, curvename, &sk.E, NULL); if (rc) - return rc; + goto leave; } } /* Guess required fields if a curve parameter has not been given. */ @@ -1467,10 +1462,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) */ rc = _gcry_ecc_os2ec (&kG, data_e); if (rc) - { - point_free (&kG); - return rc; - } + goto leave; ec = _gcry_mpi_ec_p_internal_new (sk.E.model, sk.E.dialect, 0, sk.E.p, sk.E.a, sk.E.b); ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 8 09:15:59 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 08 Jul 2015 09:15:59 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-5-g5b46726 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5b46726931049e060d8fbfa879db7907078a9aed (commit) from 1be2cebf7ff5837c8b548b4f4afbf1b8b28211bc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5b46726931049e060d8fbfa879db7907078a9aed Author: NIIBE Yutaka Date: Wed Jul 8 15:05:06 2015 +0900 g10: Use canonical name for curve. * g10/import.c (transfer_secret_keys): Use canonical name. * common/openpgp-oid.c (openpgp_curve_to_oid): Return NULL on error. * g10/keyid.c (pubkey_string): Follow change of openpgp_curve_to_oid. * g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto. * g10/parse-packet.c (parse_key): Ditto. diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index 7a75801..676079c 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -332,7 +332,7 @@ openpgp_curve_to_oid (const char *name, unsigned int *r_nbits) } -/* Map an OpenPGP OID to the Libgcrypt curve NAME. Returns "?" for +/* Map an OpenPGP OID to the Libgcrypt curve NAME. Returns NULL for unknown curve names. We prefer an alias name here which is more suitable for printing. */ const char * @@ -341,13 +341,13 @@ openpgp_oid_to_curve (const char *oidstr) int i; if (!oidstr) - return ""; + return NULL; for (i=0; oidtable[i].name; i++) if (!strcmp (oidtable[i].oidstr, oidstr)) return oidtable[i].alias? oidtable[i].alias : oidtable[i].name; - return "?"; + return NULL; } diff --git a/g10/import.c b/g10/import.c index de22520..0a2ebcd 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1414,7 +1414,9 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, err = gpg_error_from_syserror (); else { - err = gcry_sexp_build (&curve, NULL, "(curve %s)", curvestr); + const char *curvename = openpgp_oid_to_curve (curvestr); + err = gcry_sexp_build (&curve, NULL, "(curve %s)", + curvename?curvename:curvestr); xfree (curvestr); if (!err) { diff --git a/g10/keyid.c b/g10/keyid.c index 90d982e..6b6f670 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -121,7 +121,7 @@ pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize) char *curve = openpgp_oid_to_str (pk->pkey[0]); const char *name = openpgp_oid_to_curve (curve); - if (*name && *name != '?') + if (name) snprintf (buffer, bufsize, "%s", name); else if (curve) snprintf (buffer, bufsize, "E_%s", curve); diff --git a/g10/keylist.c b/g10/keylist.c index d4e572e..d81e7dd 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1092,7 +1092,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr, { char *curve = openpgp_oid_to_str (pk2->pkey[0]); const char *name = openpgp_oid_to_curve (curve); - if (!*name || *name == '?') + if (!name) name = curve; es_fprintf (es_stdout, " %s", name); xfree (curve); @@ -1359,7 +1359,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr) { char *curve = openpgp_oid_to_str (pk->pkey[0]); const char *name = openpgp_oid_to_curve (curve); - if (!*name || *name == '?') + if (!name) name = curve; es_fputs (name, es_stdout); xfree (curve); @@ -1488,7 +1488,7 @@ list_keyblock_colon (KBNODE keyblock, int secret, int has_secret, int fpr) { char *curve = openpgp_oid_to_str (pk->pkey[0]); const char *name = openpgp_oid_to_curve (curve); - if (!*name || *name == '?') + if (!name) name = curve; es_fputs (name, es_stdout); xfree (curve); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 5116404..6131d32 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2086,8 +2086,8 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen, || algorithm == PUBKEY_ALGO_ECDH) && i==0) { char *curve = openpgp_oid_to_str (pk->pkey[0]); - es_fprintf (listfp, " %s (%s)", - openpgp_oid_to_curve (curve), curve); + const char *name = openpgp_oid_to_curve (curve); + es_fprintf (listfp, " %s (%s)", name?name:"", curve); xfree (curve); } es_putc ('\n', listfp); ----------------------------------------------------------------------- Summary of changes: common/openpgp-oid.c | 6 +++--- g10/import.c | 4 +++- g10/keyid.c | 2 +- g10/keylist.c | 6 +++--- g10/parse-packet.c | 4 ++-- 5 files changed, 12 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 9 08:45:42 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 09 Jul 2015 08:45:42 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-6-g67b2dc7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 67b2dc7636e47baefd5aafe0eb45b4730f974481 (commit) from 5b46726931049e060d8fbfa879db7907078a9aed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 67b2dc7636e47baefd5aafe0eb45b4730f974481 Author: NIIBE Yutaka Date: Thu Jul 9 12:44:11 2015 +0900 scd: Remove unused files. * scd/Makefile.am (sc_copykeys_*): Remove. * scd/sc-copykeys.c: Remove. * scd/pcsc-wrapper.c: Remove. * scd/{card-common.h,card-dinsig.c,card-p15.c,card.c}: Remove. -- sc-copykeys doesn't work any more because it's based on old API. pcsc-wrapper has gone because of nPth which is compatible to pthreads. The card* files are old files, now we have app*. diff --git a/scd/Makefile.am b/scd/Makefile.am index 6212e61..80e4c0f 100644 --- a/scd/Makefile.am +++ b/scd/Makefile.am @@ -49,22 +49,3 @@ scdaemon_LDADD = $(libcommonpth) \ $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \ $(LIBUSB_LIBS) $(GPG_ERROR_LIBS) \ $(LIBINTL) $(DL_LIBS) $(NETLIBS) $(LIBICONV) $(resource_objs) - -# Removed for now: We need to decide whether it makes sense to -# continue it at all, given that gpg has now all required -# functionality. -#sc_copykeys_SOURCES = \ -# sc-copykeys.c scdaemon.h \ -# apdu.c apdu.h \ -# ccid-driver.c ccid-driver.h \ -# iso7816.c iso7816.h \ -# atr.c atr.h \ -# app.c app-common.h app-help.c $(card_apps) -# -#sc_copykeys_LDADD = \ -# ../common/libcommon.a \ -# ../common/libsimple-pwquery.a \ -# $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \ -# $(LIBUSB_LIBS) \ -# -lgpg-error @LIBINTL@ @DL_LIBS@ -# diff --git a/scd/card-common.h b/scd/card-common.h deleted file mode 100644 index 640cec7..0000000 --- a/scd/card-common.h +++ /dev/null @@ -1,72 +0,0 @@ -/* card-common.h - Common declarations for all card types - * Copyright (C) 2001, 2002 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#ifndef CARD_COMMON_H -#define CARD_COMMON_H - -/* Declaration of private data structure used by card-p15.c */ -struct p15private_s; - - -struct card_ctx_s { - int reader; /* used reader */ - struct sc_context *ctx; - struct sc_card *scard; - struct sc_pkcs15_card *p15card; /* only if there is a pkcs15 application */ - struct p15private_s *p15priv; /* private data used by card-p15.c */ - - struct { - int initialized; /* the card has been initialied and the function - pointers may be used. However for - unsupported operations the particular - function pointer is set to NULL */ - - int (*enum_keypairs) (CARD card, int idx, - unsigned char *keygrip, char **keyid); - int (*enum_certs) (CARD card, int idx, char **certid, int *certtype); - int (*read_cert) (CARD card, const char *certidstr, - unsigned char **cert, size_t *ncert); - int (*sign) (CARD card, - const char *keyidstr, int hashalgo, - int (pincb)(void*, const char *, char **), - void *pincb_arg, - const void *indata, size_t indatalen, - unsigned char **outdata, size_t *outdatalen ); - int (*decipher) (CARD card, const char *keyidstr, - int (pincb)(void*, const char *, char **), - void *pincb_arg, - const void *indata, size_t indatalen, - unsigned char **outdata, size_t *outdatalen); - } fnc; - -}; - -/*-- card.c --*/ -gpg_error_t map_sc_err (int rc); -int card_help_get_keygrip (ksba_cert_t cert, unsigned char *array); - -/*-- card-15.c --*/ -void p15_release_private_data (CARD card); - -/* constructors */ -void card_p15_bind (CARD card); -void card_dinsig_bind (CARD card); - - -#endif /*CARD_COMMON_H*/ diff --git a/scd/card-dinsig.c b/scd/card-dinsig.c deleted file mode 100644 index 5be0061..0000000 --- a/scd/card-dinsig.c +++ /dev/null @@ -1,257 +0,0 @@ -/* card-dinsig.c - German signature law (DINSIG) functions - * Copyright (C) 2002 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -/* The German signature law and its bylaw (SigG and SigV) is currently - used with an interface specification described in DIN V 66291-1. - The AID to be used is: 'D27600006601'. - - The file IDs for certificates utilize the generic format: - Cxyz - C being the hex digit 'C' (12). - x being the service indicator: - '0' := SigG conform digital signature. - '1' := entity authentication. - '2' := key encipherment. - '3' := data encipherment. - '4' := key agreement. - other values are reserved for future use. - y being the security environment number using '0' for cards - not supporting a SE number. - z being the certificate type: - '0' := C.CH (base certificate of ard holder) or C.ICC. - '1' .. '7' := C.CH (business or professional certificate - of card holder. - '8' .. 'D' := C.CA (certificate of a CA issue by the Root-CA). - 'E' := C.RCA (self certified certificate of the Root-CA). - 'F' := reserved. - - The file IDs used by default are: - '1F00' EF.SSD (security service descriptor). [o,o] - '2F02' EF.GDO (global data objects) [m,m] - 'A000' EF.PROT (signature log). Cyclic file with 20 records of 53 byte. - Read and update after user authentication. [o,o] - 'B000' EF.PK.RCA.DS (public keys of Root-CA). Size is 512b or size - of keys. [m (unless a 'C00E' is present),m] - 'B001' EF.PK.CA.DS (public keys of CAs). Size is 512b or size - of keys. [o,o] - 'C00n' EF.C.CH.DS (digital signature certificate of card holder) - with n := 0 .. 7. Size is 2k or size of cert. Read and - update allowed after user authentication. [m,m] - 'C00m' EF.C.CA.DS (digital signature certificate of CA) - with m := 8 .. E. Size is 1k or size of cert. Read always - allowed, update after uder authentication. [o,o] - 'C100' EF.C.ICC.AUT (AUT certificate of ICC) [o,m] - 'C108' EF.C.CA.AUT (AUT certificate of CA) [o,m] - 'D000' EF.DM (display message) [-,m] - - The letters in brackets indicate optional or mandatory files: The - first for card terminals under full control and the second for - "business" card terminals. - - FIXME: Needs a lot more explanation. - -*/ - - -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_OPENSC -#include -#include "scdaemon.h" -#include - -#include "card-common.h" - -static int dinsig_read_cert (CARD card, const char *certidstr, - unsigned char **cert, size_t *ncert); - - - -/* See card.c for interface description. Frankly we don't do any real - enumeration but just check whether the well know files are - available. */ -static int -dinsig_enum_keypairs (CARD card, int idx, - unsigned char *keygrip, char **keyid) -{ - int rc; - unsigned char *buf; - size_t buflen; - ksba_cert_t cert; - - /* fixme: We should locate the application via the EF(DIR) and not - assume a Netkey card */ - if (!idx) - rc = dinsig_read_cert (card, "DINSIG-DF01.C000", &buf, &buflen); - else if (idx == 1) - rc = dinsig_read_cert (card, "DINSIG-DF01.C200", &buf, &buflen); - else - rc = -1; - if (rc) - return rc; - - rc = ksba_cert_new (&cert); - if (rc) - { - xfree (buf); - return rc; - } - - rc = ksba_cert_init_from_mem (cert, buf, buflen); - xfree (buf); - if (rc) - { - log_error ("failed to parse the certificate at idx %d: %s\n", - idx, gpg_strerror (rc)); - ksba_cert_release (cert); - return rc; - } - if (card_help_get_keygrip (cert, keygrip)) - { - log_error ("failed to calculate the keygrip at index %d\n", idx); - ksba_cert_release (cert); - return gpg_error (GPG_ERR_CARD); - } - ksba_cert_release (cert); - - /* return the iD */ - if (keyid) - { - *keyid = xtrymalloc (17); - if (!*keyid) - return gpg_error (gpg_err_code_from_errno (errno)); - if (!idx) - strcpy (*keyid, "DINSIG-DF01.C000"); - else - strcpy (*keyid, "DINSIG-DF01.C200"); - } - - return 0; -} - - - -/* See card.c for interface description */ -static int -dinsig_read_cert (CARD card, const char *certidstr, - unsigned char **cert, size_t *ncert) -{ - int rc; - struct sc_path path; - struct sc_file *file; - unsigned char *buf; - int buflen; - - if (!strcmp (certidstr, "DINSIG-DF01.C000")) - sc_format_path ("3F00DF01C000", &path); - else if (!strcmp (certidstr, "DINSIG-DF01.C200")) - sc_format_path ("3F00DF01C200", &path); - else - return gpg_error (GPG_ERR_INV_ID); - - rc = sc_select_file (card->scard, &path, &file); - if (rc) - { - log_error ("sc_select_file failed: %s\n", sc_strerror (rc)); - return map_sc_err (rc); - } - if (file->type != SC_FILE_TYPE_WORKING_EF - || file->ef_structure != SC_FILE_EF_TRANSPARENT) - { - log_error ("wrong type or structure of certificate EF\n"); - sc_file_free (file); - return gpg_error (GPG_ERR_CARD); - } - if (file->size < 20) /* check against a somewhat arbitrary length */ - { - log_error ("certificate EF too short\n"); - sc_file_free (file); - return gpg_error (GPG_ERR_CARD); - } - buf = xtrymalloc (file->size); - if (!buf) - { - gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno)); - sc_file_free (file); - return tmperr; - } - - rc = sc_read_binary (card->scard, 0, buf, file->size, 0); - if (rc >= 0 && rc != file->size) - { - log_error ("short read on certificate EF\n"); - sc_file_free (file); - xfree (buf); - return gpg_error (GPG_ERR_CARD); - } - sc_file_free (file); - if (rc < 0) - { - log_error ("error reading certificate EF: %s\n", sc_strerror (rc)); - xfree (buf); - return map_sc_err (rc); - } - buflen = rc; - - /* The object is not a plain certificate but wrapped into id-at - userCertificate - fixme: we should check the specs and decided - whether libksba should support it */ - if (buflen > 9 && buf[0] == 0x30 && buf[4] == 6 && buf[5] == 3 - && buf[6] == 0x55 && buf[7] == 4 && buf[8] == 0x24) - { - /* We have to strip the padding. Although this is a good idea - anyway, we have to do it due to a KSBA problem; KSBA does not - work correct when the buffer is larger than the ASN.1 - structure and the certificates here are padded with FF. So - as a workaround we look at the outer structure to get the - size of the entire thing and adjust the buflen. We can only - do this when there is a 2 byte length field */ - size_t seqlen; - if (buf[1] == 0x82) - { - seqlen = ((buf[2] << 8) | buf[3]) + 4; - if (seqlen < buflen) - buflen = seqlen; - } - memmove (buf, buf+9, buflen-9); - buflen -= 9; - } - - *cert = buf; - *ncert = buflen; - return 0; -} - - - - -/* Bind our operations to the card */ -void -card_dinsig_bind (CARD card) -{ - card->fnc.enum_keypairs = dinsig_enum_keypairs; - card->fnc.read_cert = dinsig_read_cert; - -} -#endif /*HAVE_OPENSC*/ diff --git a/scd/card-p15.c b/scd/card-p15.c deleted file mode 100644 index 4af4472..0000000 --- a/scd/card-p15.c +++ /dev/null @@ -1,494 +0,0 @@ -/* card-p15.c - PKCS-15 based card access - * Copyright (C) 2002 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_OPENSC -#include - -#include "scdaemon.h" -#include -#include "card-common.h" - - -struct p15private_s { - int n_prkey_rsa_objs; - struct sc_pkcs15_object *prkey_rsa_objs[32]; - int n_cert_objs; - struct sc_pkcs15_object *cert_objs[32]; -}; - - -/* Allocate private data. */ -static int -init_private_data (CARD card) -{ - struct p15private_s *priv; - int rc; - - if (card->p15priv) - return 0; /* already done. */ - - priv = xtrycalloc (1, sizeof *priv); - if (!priv) - return gpg_error (gpg_err_code_from_errno (errno)); - - /* OpenSC (0.7.0) is a bit strange in that the get_objects functions - tries to be a bit too clever and implicitly does an enumeration - which eventually leads to the fact that every call to this - fucntion returns one more macthing object. The old code in - p15_enum_keypairs assume that it would alwyas return the same - numer of objects and used this to figure out what the last object - enumerated is. We now do an enum_objects just once and keep it - in the private data. */ - rc = sc_pkcs15_get_objects (card->p15card, SC_PKCS15_TYPE_PRKEY_RSA, - priv->prkey_rsa_objs, - DIM (priv->prkey_rsa_objs)); - if (rc < 0) - { - log_error ("private keys enumeration failed: %s\n", sc_strerror (rc)); - xfree (priv); - return gpg_error (GPG_ERR_CARD); - } - priv->n_prkey_rsa_objs = rc; - - /* Read all certificate objects. */ - rc = sc_pkcs15_get_objects (card->p15card, SC_PKCS15_TYPE_CERT_X509, - priv->cert_objs, - DIM (priv->cert_objs)); - if (rc < 0) - { - log_error ("private keys enumeration failed: %s\n", sc_strerror (rc)); - xfree (priv); - return gpg_error (GPG_ERR_CARD); - } - priv->n_cert_objs = rc; - - card->p15priv = priv; - return 0; -} - - -/* Release private data used in this module. */ -void -p15_release_private_data (CARD card) -{ - if (!card->p15priv) - return; - xfree (card->p15priv); - card->p15priv = NULL; -} - - - -/* See card.c for interface description */ -static int -p15_enum_keypairs (CARD card, int idx, - unsigned char *keygrip, char **keyid) -{ - int rc; - struct p15private_s *priv; - struct sc_pkcs15_object *tmpobj; - int nobjs; - struct sc_pkcs15_prkey_info *pinfo; - struct sc_pkcs15_cert_info *certinfo; - struct sc_pkcs15_cert *certder; - ksba_cert_t cert; - - rc = init_private_data (card); - if (rc) - return rc; - priv = card->p15priv; - nobjs = priv->n_prkey_rsa_objs; - rc = 0; - if (idx >= nobjs) - return -1; - pinfo = priv->prkey_rsa_objs[idx]->data; - - /* now we need to read the certificate so that we can calculate the - keygrip */ - rc = sc_pkcs15_find_cert_by_id (card->p15card, &pinfo->id, &tmpobj); - if (rc) - { - log_info ("certificate for private key %d not found: %s\n", - idx, sc_strerror (rc)); - /* note, that we return the ID anyway */ - rc = gpg_error (GPG_ERR_MISSING_CERT); - goto return_keyid; - } - certinfo = tmpobj->data; - rc = sc_pkcs15_read_certificate (card->p15card, certinfo, &certder); - if (rc) - { - log_info ("failed to read certificate for private key %d: %s\n", - idx, sc_strerror (rc)); - return gpg_error (GPG_ERR_CARD); - } - - rc = ksba_cert_new (&cert); - if (rc) - { - sc_pkcs15_free_certificate (certder); - return rc; - } - rc = ksba_cert_init_from_mem (cert, certder->data, certder->data_len); - sc_pkcs15_free_certificate (certder); - if (rc) - { - log_error ("failed to parse the certificate for private key %d: %s\n", - idx, gpg_strerror (rc)); - ksba_cert_release (cert); - return rc; - } - if (card_help_get_keygrip (cert, keygrip)) - { - log_error ("failed to calculate the keygrip of private key %d\n", idx); - ksba_cert_release (cert); - return gpg_error (GPG_ERR_CARD); - } - ksba_cert_release (cert); - - rc = 0; - return_keyid: - if (keyid) - { - char *p; - - *keyid = p = xtrymalloc (9+pinfo->id.len*2+1); - if (!*keyid) - return gpg_error (gpg_err_code_from_errno (errno)); - p = stpcpy (p, "P15-5015."); - bin2hex (pinfo->id.value, pinfo->id.len, p); - } - - return rc; -} - -/* See card.c for interface description */ -static int -p15_enum_certs (CARD card, int idx, char **certid, int *type) -{ - int rc; - struct p15private_s *priv; - struct sc_pkcs15_object *obj; - struct sc_pkcs15_cert_info *cinfo; - int nobjs; - - rc = init_private_data (card); - if (rc) - return rc; - priv = card->p15priv; - nobjs = priv->n_cert_objs; - rc = 0; - if (idx >= nobjs) - return -1; - obj = priv->cert_objs[idx]; - cinfo = obj->data; - - if (certid) - { - char *p; - int i; - - *certid = p = xtrymalloc (9+cinfo->id.len*2+1); - if (!*certid) - return gpg_error (gpg_err_code_from_errno (errno)); - p = stpcpy (p, "P15-5015."); - bin2hex (cinfo->id.value, cinfo->id.len, p); - } - if (type) - { - if (!obj->df) - *type = 0; /* unknown */ - else if (obj->df->type == SC_PKCS15_CDF) - *type = 100; - else if (obj->df->type == SC_PKCS15_CDF_TRUSTED) - *type = 101; - else if (obj->df->type == SC_PKCS15_CDF_USEFUL) - *type = 102; - else - *type = 0; /* error -> unknown */ - } - - return rc; -} - - - -static int -idstr_to_id (const char *idstr, struct sc_pkcs15_id *id) -{ - const char *s; - int n; - - /* For now we only support the standard DF */ - if (strncmp (idstr, "P15-5015.", 9) ) - return gpg_error (GPG_ERR_INV_ID); - for (s=idstr+9, n=0; hexdigitp (s); s++, n++) - ; - if (*s || (n&1)) - return gpg_error (GPG_ERR_INV_ID); /*invalid or odd number of digits*/ - n /= 2; - if (!n || n > SC_PKCS15_MAX_ID_SIZE) - return gpg_error (GPG_ERR_INV_ID); /* empty or too large */ - for (s=idstr+9, n=0; *s; s += 2, n++) - id->value[n] = xtoi_2 (s); - id->len = n; - return 0; -} - - -/* See card.c for interface description */ -static int -p15_read_cert (CARD card, const char *certidstr, - unsigned char **cert, size_t *ncert) -{ - struct sc_pkcs15_object *tmpobj; - struct sc_pkcs15_id certid; - struct sc_pkcs15_cert_info *certinfo; - struct sc_pkcs15_cert *certder; - int rc; - - if (!card || !certidstr || !cert || !ncert) - return gpg_error (GPG_ERR_INV_VALUE); - if (!card->p15card) - return gpg_error (GPG_ERR_NO_PKCS15_APP); - - rc = idstr_to_id (certidstr, &certid); - if (rc) - return rc; - - rc = sc_pkcs15_find_cert_by_id (card->p15card, &certid, &tmpobj); - if (rc) - { - log_info ("certificate '%s' not found: %s\n", - certidstr, sc_strerror (rc)); - return -1; - } - certinfo = tmpobj->data; - rc = sc_pkcs15_read_certificate (card->p15card, certinfo, &certder); - if (rc) - { - log_info ("failed to read certificate '%s': %s\n", - certidstr, sc_strerror (rc)); - return gpg_error (GPG_ERR_CARD); - } - - *cert = xtrymalloc (certder->data_len); - if (!*cert) - { - gpg_error_t tmperr = gpg_error (gpg_err_code_from_errno (errno)); - sc_pkcs15_free_certificate (certder); - return tmperr; - } - memcpy (*cert, certder->data, certder->data_len); - *ncert = certder->data_len; - sc_pkcs15_free_certificate (certder); - return 0; -} - - - - - -static int -p15_prepare_key (CARD card, const char *keyidstr, - int (pincb)(void*, const char *, char **), - void *pincb_arg, struct sc_pkcs15_object **r_keyobj) -{ - struct sc_pkcs15_id keyid; - struct sc_pkcs15_pin_info *pin; - struct sc_pkcs15_object *keyobj, *pinobj; - char *pinvalue; - int rc; - - rc = idstr_to_id (keyidstr, &keyid); - if (rc) - return rc; - - rc = sc_pkcs15_find_prkey_by_id (card->p15card, &keyid, &keyobj); - if (rc < 0) - { - log_error ("private key not found: %s\n", sc_strerror(rc)); - return gpg_error (GPG_ERR_NO_SECKEY); - } - - rc = sc_pkcs15_find_pin_by_auth_id (card->p15card, - &keyobj->auth_id, &pinobj); - if (rc) - { - log_error ("failed to find PIN by auth ID: %s\n", sc_strerror (rc)); - return gpg_error (GPG_ERR_BAD_PIN_METHOD); - } - pin = pinobj->data; - - /* Fixme: pack this into a verification loop */ - /* Fixme: we might want to pass pin->min_length and - pin->stored_length */ - rc = pincb (pincb_arg, pinobj->label, &pinvalue); - if (rc) - { - log_info ("PIN callback returned error: %s\n", gpg_strerror (rc)); - return rc; - } - - rc = sc_pkcs15_verify_pin (card->p15card, pin, - pinvalue, strlen (pinvalue)); - xfree (pinvalue); - if (rc) - { - log_info ("PIN verification failed: %s\n", sc_strerror (rc)); - return gpg_error (GPG_ERR_BAD_PIN); - } - - /* fixme: check wheter we need to release KEYOBJ in case of an error */ - *r_keyobj = keyobj; - return 0; -} - - -/* See card.c for interface description */ -static int -p15_sign (CARD card, const char *keyidstr, int hashalgo, - int (pincb)(void*, const char *, char **), - void *pincb_arg, - const void *indata, size_t indatalen, - unsigned char **outdata, size_t *outdatalen ) -{ - unsigned int cryptflags; - struct sc_pkcs15_object *keyobj; - int rc; - unsigned char *outbuf = NULL; - size_t outbuflen; - - if (hashalgo != GCRY_MD_SHA1) - return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM); - - rc = p15_prepare_key (card, keyidstr, pincb, pincb_arg, &keyobj); - if (rc) - return rc; - - cryptflags = SC_ALGORITHM_RSA_PAD_PKCS1; - - outbuflen = 1024; - outbuf = xtrymalloc (outbuflen); - if (!outbuf) - return gpg_error (gpg_err_code_from_errno (errno)); - - rc = sc_pkcs15_compute_signature (card->p15card, keyobj, - cryptflags, - indata, indatalen, - outbuf, outbuflen ); - if (rc < 0) - { - log_error ("failed to create signature: %s\n", sc_strerror (rc)); - rc = gpg_error (GPG_ERR_CARD); - } - else - { - *outdatalen = rc; - *outdata = outbuf; - outbuf = NULL; - rc = 0; - } - - xfree (outbuf); - return rc; -} - - -/* See card.c for description */ -static int -p15_decipher (CARD card, const char *keyidstr, - int (pincb)(void*, const char *, char **), - void *pincb_arg, - const void *indata, size_t indatalen, - unsigned char **outdata, size_t *outdatalen ) -{ - struct sc_pkcs15_object *keyobj; - int rc; - unsigned char *outbuf = NULL; - size_t outbuflen; - - rc = p15_prepare_key (card, keyidstr, pincb, pincb_arg, &keyobj); - if (rc) - return rc; - - if (card && card->scard && card->scard->driver - && !strcasecmp (card->scard->driver->short_name, "tcos")) - { - /* very ugly hack to force the use of a local key. We need this - until we have fixed the initialization code for TCOS cards */ - struct sc_pkcs15_prkey_info *prkey = keyobj->data; - if ( !(prkey->key_reference & 0x80)) - { - prkey->key_reference |= 0x80; - log_debug ("using TCOS hack to force the use of local keys\n"); - } - if (*keyidstr && keyidstr[strlen(keyidstr)-1] == '6') - { - prkey->key_reference |= 1; - log_debug ("warning: using even more TCOS hacks\n"); - } - } - - outbuflen = indatalen < 256? 256 : indatalen; - outbuf = xtrymalloc (outbuflen); - if (!outbuf) - return gpg_error (gpg_err_code_from_errno (errno)); - - rc = sc_pkcs15_decipher (card->p15card, keyobj, - 0, - indata, indatalen, - outbuf, outbuflen); - if (rc < 0) - { - log_error ("failed to decipher the data: %s\n", sc_strerror (rc)); - rc = gpg_error (GPG_ERR_CARD); - } - else - { - *outdatalen = rc; - *outdata = outbuf; - outbuf = NULL; - rc = 0; - } - - xfree (outbuf); - return rc; -} - - - -/* Bind our operations to the card */ -void -card_p15_bind (CARD card) -{ - card->fnc.enum_keypairs = p15_enum_keypairs; - card->fnc.enum_certs = p15_enum_certs; - card->fnc.read_cert = p15_read_cert; - card->fnc.sign = p15_sign; - card->fnc.decipher = p15_decipher; -} -#endif /*HAVE_OPENSC*/ diff --git a/scd/card.c b/scd/card.c deleted file mode 100644 index a582c50..0000000 --- a/scd/card.c +++ /dev/null @@ -1,568 +0,0 @@ -/* card.c - SCdaemon card functions - * Copyright (C) 2002 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_OPENSC -#include -#endif - -#include "scdaemon.h" -#include - -#include "card-common.h" - -/* Map the SC error codes to the GNUPG ones */ -gpg_error_t -map_sc_err (int rc) -{ - gpg_err_code_t e; - - switch (rc) - { - case 0: e = 0; break; -#ifdef HAVE_OPENSC - case SC_ERROR_NOT_SUPPORTED: e = GPG_ERR_NOT_SUPPORTED; break; - case SC_ERROR_PKCS15_APP_NOT_FOUND: e = GPG_ERR_NO_PKCS15_APP; break; - case SC_ERROR_OUT_OF_MEMORY: e = GPG_ERR_ENOMEM; break; - case SC_ERROR_CARD_NOT_PRESENT: e = GPG_ERR_CARD_NOT_PRESENT; break; - case SC_ERROR_CARD_REMOVED: e = GPG_ERR_CARD_REMOVED; break; - case SC_ERROR_INVALID_CARD: e = GPG_ERR_INV_CARD; break; -#endif - default: e = GPG_ERR_CARD; break; - } - /* It does not make much sense to further distingusih the error - source between OpenSC and SCD. Thus we use SCD as source - here. */ - return gpg_err_make (GPG_ERR_SOURCE_SCD, e); -} - -/* Get the keygrip from CERT, return 0 on success */ -int -card_help_get_keygrip (ksba_cert_t cert, unsigned char *array) -{ - gcry_sexp_t s_pkey; - int rc; - ksba_sexp_t p; - size_t n; - - p = ksba_cert_get_public_key (cert); - if (!p) - return -1; /* oops */ - n = gcry_sexp_canon_len (p, 0, NULL, NULL); - if (!n) - return -1; /* libksba did not return a proper S-expression */ - rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n); - xfree (p); - if (rc) - return -1; /* can't parse that S-expression */ - array = gcry_pk_get_keygrip (s_pkey, array); - gcry_sexp_release (s_pkey); - if (!array) - return -1; /* failed to calculate the keygrip */ - return 0; -} - - - - - - - -/* Create a new context for the card and figures out some basic - information of the card. Detects whether a PKCS_15 application is - stored. - - Common errors: GPG_ERR_CARD_NOT_PRESENT */ -int -card_open (CARD *rcard) -{ -#ifdef HAVE_OPENSC - CARD card; - int rc; - - if (opt.disable_opensc) - return gpg_error (GPG_ERR_NOT_SUPPORTED); - - card = xtrycalloc (1, sizeof *card); - if (!card) - return gpg_error (gpg_err_code_from_errno (errno)); - card->reader = 0; - - rc = sc_establish_context (&card->ctx, "scdaemon"); - if (rc) - { - log_error ("failed to establish SC context: %s\n", sc_strerror (rc)); - rc = map_sc_err (rc); - goto leave; - } - if (card->reader >= card->ctx->reader_count) - { - log_error ("no card reader available\n"); - rc = gpg_error (GPG_ERR_CARD); - goto leave; - } - card->ctx->error_file = log_get_stream (); - card->ctx->debug = opt.debug_sc; - card->ctx->debug_file = log_get_stream (); - - if (sc_detect_card_presence (card->ctx->reader[card->reader], 0) != 1) - { - rc = gpg_error (GPG_ERR_CARD_NOT_PRESENT); - goto leave; - } - - rc = sc_connect_card (card->ctx->reader[card->reader], 0, &card->scard); - if (rc) - { - log_error ("failed to connect card in reader %d: %s\n", - card->reader, sc_strerror (rc)); - rc = map_sc_err (rc); - goto leave; - } - if (opt.verbose) - log_info ("connected to card in reader %d using driver '%s'\n", - card->reader, card->scard->driver->name); - - rc = sc_lock (card->scard); - if (rc) - { - log_error ("can't lock card in reader %d: %s\n", - card->reader, sc_strerror (rc)); - rc = map_sc_err (rc); - goto leave; - } - - - leave: - if (rc) - card_close (card); - else - *rcard = card; - - return rc; -#else - return gpg_error (GPG_ERR_NOT_SUPPORTED); -#endif -} - - -/* Close a card and release all resources */ -void -card_close (CARD card) -{ - if (card) - { -#ifdef HAVE_OPENSC - if (card->p15card) - { - sc_pkcs15_unbind (card->p15card); - card->p15card = NULL; - } - if (card->p15priv) - p15_release_private_data (card); - if (card->scard) - { - sc_unlock (card->scard); - sc_disconnect_card (card->scard, 0); - card->scard = NULL; - } - if (card->ctx) - { - sc_release_context (card->ctx); - card->ctx = NULL; - } -#endif - xfree (card); - } -} - -/* Locate a simple TLV encoded data object in BUFFER of LENGTH and - return a pointer to value as well as its length in NBYTES. Return - NULL if it was not found. Note, that the function does not check - whether the value fits into the provided buffer. */ -#ifdef HAVE_OPENSC -static const char * -find_simple_tlv (const unsigned char *buffer, size_t length, - int tag, size_t *nbytes) -{ - const char *s = buffer; - size_t n = length; - size_t len; - - for (;;) - { - buffer = s; - if (n < 2) - return NULL; /* buffer too short for tag and length. */ - len = s[1]; - s += 2; n -= 2; - if (len == 255) - { - if (n < 2) - return NULL; /* we expected 2 more bytes with the length. */ - len = (s[0] << 8) | s[1]; - s += 2; n -= 2; - } - if (*buffer == tag) - { - *nbytes = len; - return s; - } - if (len > n) - return NULL; /* buffer too short to skip to the next tag. */ - s += len; n -= len; - } -} -#endif /*HAVE_OPENSC*/ - -/* Find the ICC Serial Number within the provided BUFFER of LENGTH - (which should contain the GDO file) and return it as a hex encoded - string and allocated string in SERIAL. Return an error code when - the ICCSN was not found. */ -#ifdef HAVE_OPENSC -static int -find_iccsn (const unsigned char *buffer, size_t length, char **serial) -{ - size_t n; - const unsigned char *s; - char *p; - - s = find_simple_tlv (buffer, length, 0x5A, &n); - if (!s) - return gpg_error (GPG_ERR_CARD); - length -= s - buffer; - if (n > length) - { - /* Oops, it does not fit into the buffer. This is an invalid - encoding (or the buffer is too short. However, I have some - test cards with such an invalid encoding and therefore I use - this ugly workaround to return something I can further - experiment with. */ - if (n == 0x0D && length+1 == n) - { - log_debug ("enabling BMI testcard workaround\n"); - n--; - } - else - return gpg_error (GPG_ERR_CARD); /* Bad encoding; does - not fit into buffer. */ - } - if (!n) - return gpg_error (GPG_ERR_CARD); /* Well, that is too short. */ - - *serial = p = xtrymalloc (2*n+1); - if (!*serial) - return gpg_error (gpg_err_code_from_errno (errno)); - for (; n; n--, p += 2, s++) - sprintf (p, "%02X", *s); - *p = 0; - return 0; -} -#endif /*HAVE_OPENSC*/ - -/* Retrieve the serial number and the time of the last update of the - card. The serial number is returned as a malloced string (hex - encoded) in SERIAL and the time of update is returned in STAMP. - If no update time is available the returned value is 0. The serial - is mandatory for a PKCS_15 application and an error will be - returned if this value is not availbale. For non-PKCS-15 cards a - serial number is constructed by other means. Caller must free - SERIAL unless the function returns an error. */ -int -card_get_serial_and_stamp (CARD card, char **serial, time_t *stamp) -{ -#ifdef HAVE_OPENSC - int rc; - struct sc_path path; - struct sc_file *file; - unsigned char buf[256]; - int buflen; -#endif - - if (!card || !serial || !stamp) - return gpg_error (GPG_ERR_INV_VALUE); - - *serial = NULL; - *stamp = 0; /* not available */ - -#ifdef HAVE_OPENSC - if (!card->fnc.initialized) - { - card->fnc.initialized = 1; - /* The first use of this card tries to figure out the type of the card - and sets up the function pointers. */ - rc = sc_pkcs15_bind (card->scard, &card->p15card); - if (rc) - { - if (rc != SC_ERROR_PKCS15_APP_NOT_FOUND) - log_error ("binding of existing PKCS-15 failed in reader %d: %s\n", - card->reader, sc_strerror (rc)); - card->p15card = NULL; - rc = 0; - } - if (card->p15card) - card_p15_bind (card); - card->fnc.initialized = 1; - } - - - /* We should lookup the iso 7812-1 and 8583-3 - argh ISO - practice is suppressing innovation - IETF rules! So we - always get the serialnumber from the 2F02 GDO file. */ - /* FIXME: in case we can't parse the 2F02 EF and we have a P15 card, - we should get the serial number from the respective P15 file */ - sc_format_path ("3F002F02", &path); - rc = sc_select_file (card->scard, &path, &file); - if (rc) - { - log_error ("sc_select_file failed: %s\n", sc_strerror (rc)); - return gpg_error (GPG_ERR_CARD); - } - if (file->type != SC_FILE_TYPE_WORKING_EF - || file->ef_structure != SC_FILE_EF_TRANSPARENT) - { - log_error ("wrong type or structure of GDO file\n"); - sc_file_free (file); - return gpg_error (GPG_ERR_CARD); - } - - if (!file->size || file->size >= DIM(buf) ) - { /* FIXME: Use a real parser */ - log_error ("unsupported size of GDO file (%d)\n", file->size); - sc_file_free (file); - return gpg_error (GPG_ERR_CARD); - } - buflen = file->size; - - rc = sc_read_binary (card->scard, 0, buf, buflen, 0); - sc_file_free (file); - if (rc < 0) - { - log_error ("error reading GDO file: %s\n", sc_strerror (rc)); - return gpg_error (GPG_ERR_CARD); - } - if (rc != buflen) - { - log_error ("short read on GDO file\n"); - return gpg_error (GPG_ERR_CARD); - } - - rc = find_iccsn (buf, buflen, serial); - if (gpg_err_code (rc) == GPG_ERR_CARD) - log_error ("invalid structure of GDO file\n"); - if (!rc && card->p15card && !strcmp (*serial, "D27600000000000000000000")) - { /* This is a German card with a silly serial number. Try to get - the serial number from the EF(TokenInfo). We indicate such a - serial number by the using the prefix: "FF0100". */ - const char *efser = card->p15card->serial_number; - char *p; - - if (!efser) - efser = ""; - - xfree (*serial); - *serial = NULL; - p = xtrymalloc (strlen (efser) + 7); - if (!p) - rc = gpg_error (gpg_err_code_from_errno (errno)); - else - { - strcpy (p, "FF0100"); - strcpy (p+6, efser); - *serial = p; - } - } - else if (!rc && **serial == 'F' && (*serial)[1] == 'F') - { /* The serial number starts with our special prefix. This - requires that we put our default prefix "FF0000" in front. */ - char *p = xtrymalloc (strlen (*serial) + 7); - if (!p) - { - xfree (*serial); - *serial = NULL; - rc = gpg_error (gpg_err_code_from_errno (errno)); - } - else - { - strcpy (p, "FF0000"); - strcpy (p+6, *serial); - xfree (*serial); - *serial = p; - } - } - return rc; -#else - return gpg_error (GPG_ERR_NOT_SUPPORTED); -#endif -} - - -/* Enumerate all keypairs on the card and return the Keygrip as well - as the internal identification of the key. KEYGRIP must be a - caller provided buffer with a size of 20 bytes which will receive - the KEYGRIP of the keypair. If KEYID is not NULL, it returns the - ID field of the key in allocated memory; this is a string without - spaces. The function returns -1 when all keys have been - enumerated. Note that the error GPG_ERR_MISSING_CERTIFICATE may be - returned if there is just the private key but no public key (ie.e a - certificate) available. Applications might want to continue - enumerating after this error.*/ -int -card_enum_keypairs (CARD card, int idx, - unsigned char *keygrip, - char **keyid) -{ - int rc; - - if (keyid) - *keyid = NULL; - - if (!card || !keygrip) - return gpg_error (GPG_ERR_INV_VALUE); - if (idx < 0) - return gpg_error (GPG_ERR_INV_INDEX); - if (!card->fnc.initialized) - return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!card->fnc.enum_keypairs) - return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - rc = card->fnc.enum_keypairs (card, idx, keygrip, keyid); - if (opt.verbose) - log_info ("card operation enum_keypairs result: %s\n", - gpg_strerror (rc)); - return rc; -} - - -/* Enumerate all trusted certificates available on the card, return - their ID in CERT and the type in CERTTYPE. Types of certificates - are: - 0 := Unknown - 100 := Regular X.509 cert - 101 := Trusted X.509 cert - 102 := Useful X.509 cert - 110 := Root CA cert (DINSIG) - */ -int -card_enum_certs (CARD card, int idx, char **certid, int *certtype) -{ - int rc; - - if (certid) - *certid = NULL; - - if (!card) - return gpg_error (GPG_ERR_INV_VALUE); - if (idx < 0) - return gpg_error (GPG_ERR_INV_INDEX); - if (!card->fnc.initialized) - return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!card->fnc.enum_certs) - return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - rc = card->fnc.enum_certs (card, idx, certid, certtype); - if (opt.verbose) - log_info ("card operation enum_certs result: %s\n", - gpg_strerror (rc)); - return rc; -} - - - -/* Read the certificate identified by CERTIDSTR which is the - hexadecimal encoded ID of the certificate, prefixed with the string - "3F005015.". The certificate is return in DER encoded form in CERT - and NCERT. */ -int -card_read_cert (CARD card, const char *certidstr, - unsigned char **cert, size_t *ncert) -{ - int rc; - - if (!card || !certidstr || !cert || !ncert) - return gpg_error (GPG_ERR_INV_VALUE); - if (!card->fnc.initialized) - return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!card->fnc.read_cert) - return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - rc = card->fnc.read_cert (card, certidstr, cert, ncert); - if (opt.verbose) - log_info ("card operation read_cert result: %s\n", gpg_strerror (rc)); - return rc; -} - - -/* Create the signature and return the allocated result in OUTDATA. - If a PIN is required the PINCB will be used to ask for the PIN; it - should return the PIN in an allocated buffer and put it into PIN. */ -int -card_sign (CARD card, const char *keyidstr, int hashalgo, - int (pincb)(void*, const char *, char **), - void *pincb_arg, - const void *indata, size_t indatalen, - unsigned char **outdata, size_t *outdatalen ) -{ - int rc; - - if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb) - return gpg_error (GPG_ERR_INV_VALUE); - if (!card->fnc.initialized) - return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!card->fnc.sign) - return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - rc = card->fnc.sign (card, keyidstr, hashalgo, - pincb, pincb_arg, - indata, indatalen, - outdata, outdatalen); - if (opt.verbose) - log_info ("card operation sign result: %s\n", gpg_strerror (rc)); - return rc; -} - - -/* Create the signature and return the allocated result in OUTDATA. - If a PIN is required the PINCB will be used to ask for the PIN; it - should return the PIN in an allocated buffer and put it into PIN. */ -int -card_decipher (CARD card, const char *keyidstr, - int (pincb)(void*, const char *, char **), - void *pincb_arg, - const void *indata, size_t indatalen, - unsigned char **outdata, size_t *outdatalen ) -{ - int rc; - - if (!card || !indata || !indatalen || !outdata || !outdatalen || !pincb) - return gpg_error (GPG_ERR_INV_VALUE); - if (!card->fnc.initialized) - return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); - if (!card->fnc.decipher) - return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - rc = card->fnc.decipher (card, keyidstr, - pincb, pincb_arg, - indata, indatalen, - outdata, outdatalen); - if (opt.verbose) - log_info ("card operation decipher result: %s\n", gpg_strerror (rc)); - return rc; -} diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c deleted file mode 100644 index 843603a..0000000 --- a/scd/pcsc-wrapper.c +++ /dev/null @@ -1,911 +0,0 @@ -/* pcsc-wrapper.c - Wrapper for accessing the PC/SC service - * Copyright (C) 2003, 2004 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -/* - This wrapper is required to handle problems with the libpscslite - library. That library assumes that pthreads are used and fails - badly if one tries to use it with a process using Pth. Note that - the wrapper is not required if nPth is used. - - The operation model is pretty simple: It reads requests from stdin - and returns the answer on stdout. There is no direct mapping to the - pcsc interface but to a higher level one which resembles the code - used in scdaemon (apdu.c) when not using Pth or while running under - Windows. - - The interface is binary consisting of a command tag and the length - of the parameter list. The calling process needs to pass the - version number of the interface on the command line to make sure - that both agree on the same interface. For each port a separate - instance of this process needs to be started. - -*/ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#include - - -#define PGM "pcsc-wrapper" - -/* Allow for a standalone build. */ -#ifdef VERSION -#define MYVERSION_LINE PGM " ("GNUPG_NAME") " VERSION -#define BUGREPORT_LINE "\nReport bugs to .\n" -#else -#define MYVERSION_LINE PGM -#define BUGREPORT_LINE "" -#endif - -#define DEFAULT_PCSC_DRIVER "libpcsclite.so" - - -static int verbose; - -#if defined(__APPLE__) || defined(_WIN32) || defined(__CYGWIN__) -typedef unsigned int pcsc_dword_t; -#else -typedef unsigned long pcsc_dword_t; -#endif - - -/* PC/SC constants and function pointer. */ -#define PCSC_SCOPE_USER 0 -#define PCSC_SCOPE_TERMINAL 1 -#define PCSC_SCOPE_SYSTEM 2 -#define PCSC_SCOPE_GLOBAL 3 - -#define PCSC_PROTOCOL_T0 1 -#define PCSC_PROTOCOL_T1 2 -#define PCSC_PROTOCOL_RAW 4 - -#define PCSC_SHARE_EXCLUSIVE 1 -#define PCSC_SHARE_SHARED 2 -#define PCSC_SHARE_DIRECT 3 - -#define PCSC_LEAVE_CARD 0 -#define PCSC_RESET_CARD 1 -#define PCSC_UNPOWER_CARD 2 -#define PCSC_EJECT_CARD 3 - -#define PCSC_UNKNOWN 0x0001 -#define PCSC_ABSENT 0x0002 /* Card is absent. */ -#define PCSC_PRESENT 0x0004 /* Card is present. */ -#define PCSC_SWALLOWED 0x0008 /* Card is present and electrical connected. */ -#define PCSC_POWERED 0x0010 /* Card is powered. */ -#define PCSC_NEGOTIABLE 0x0020 /* Card is awaiting PTS. */ -#define PCSC_SPECIFIC 0x0040 /* Card is ready for use. */ - -#define PCSC_STATE_UNAWARE 0x0000 /* Want status. */ -#define PCSC_STATE_IGNORE 0x0001 /* Ignore this reader. */ -#define PCSC_STATE_CHANGED 0x0002 /* State has changed. */ -#define PCSC_STATE_UNKNOWN 0x0004 /* Reader unknown. */ -#define PCSC_STATE_UNAVAILABLE 0x0008 /* Status unavailable. */ -#define PCSC_STATE_EMPTY 0x0010 /* Card removed. */ -#define PCSC_STATE_PRESENT 0x0020 /* Card inserted. */ -#define PCSC_STATE_ATRMATCH 0x0040 /* ATR matches card. */ -#define PCSC_STATE_EXCLUSIVE 0x0080 /* Exclusive Mode. */ -#define PCSC_STATE_INUSE 0x0100 /* Shared mode. */ -#define PCSC_STATE_MUTE 0x0200 /* Unresponsive card. */ - -struct pcsc_io_request_s { - unsigned long protocol; - unsigned long pci_len; -}; - -typedef struct pcsc_io_request_s *pcsc_io_request_t; - -#ifdef __APPLE__ -#pragma pack(1) -#endif - -struct pcsc_readerstate_s -{ - const char *reader; - void *user_data; - pcsc_dword_t current_state; - pcsc_dword_t event_state; - pcsc_dword_t atrlen; - unsigned char atr[33]; -}; - -#ifdef __APPLE__ -#pragma pack() -#endif - -typedef struct pcsc_readerstate_s *pcsc_readerstate_t; - - -static int driver_is_open; /* True if the PC/SC driver has been - initialzied and is ready for - operations. The following variables - are then valid. */ -static long pcsc_context; /* The current PC/CS context. */ -static char *current_rdrname; -static long pcsc_card; -static pcsc_dword_t pcsc_protocol; -static unsigned char current_atr[33]; -static size_t current_atrlen; - -long (* pcsc_establish_context) (pcsc_dword_t scope, - const void *reserved1, - const void *reserved2, - long *r_context); -long (* pcsc_release_context) (long context); -long (* pcsc_list_readers) (long context, - const char *groups, - char *readers, pcsc_dword_t *readerslen); -long (* pcsc_get_status_change) (long context, - pcsc_dword_t timeout, - pcsc_readerstate_t readerstates, - pcsc_dword_t nreaderstates); -long (* pcsc_connect) (long context, - const char *reader, - pcsc_dword_t share_mode, - pcsc_dword_t preferred_protocols, - long *r_card, - pcsc_dword_t *r_active_protocol); -long (* pcsc_reconnect) (long card, - pcsc_dword_t share_mode, - pcsc_dword_t preferred_protocols, - pcsc_dword_t initialization, - pcsc_dword_t *r_active_protocol); -long (* pcsc_disconnect) (long card, - pcsc_dword_t disposition); -long (* pcsc_status) (long card, - char *reader, pcsc_dword_t *readerlen, - pcsc_dword_t *r_state, - pcsc_dword_t *r_protocol, - unsigned char *atr, pcsc_dword_t *atrlen); -long (* pcsc_begin_transaction) (long card); -long (* pcsc_end_transaction) (long card, - pcsc_dword_t disposition); -long (* pcsc_transmit) (long card, - const pcsc_io_request_t send_pci, - const unsigned char *send_buffer, - pcsc_dword_t send_len, - pcsc_io_request_t recv_pci, - unsigned char *recv_buffer, - pcsc_dword_t *recv_len); -long (* pcsc_set_timeout) (long context, - pcsc_dword_t timeout); -long (* pcsc_control) (long card, - pcsc_dword_t control_code, - const void *send_buffer, - pcsc_dword_t send_len, - void *recv_buffer, - pcsc_dword_t recv_len, - pcsc_dword_t *bytes_returned); - - - -static void -bad_request (const char *type) -{ - fprintf (stderr, PGM ": bad '%s' request\n", type); - exit (1); -} - -static void -request_failed (int err) -{ - if (!err) - err = -1; - - putchar (0x81); /* Simple error/success response. */ - - putchar (0); - putchar (0); - putchar (0); - putchar (4); - - putchar ((err >> 24) & 0xff); - putchar ((err >> 16) & 0xff); - putchar ((err >> 8) & 0xff); - putchar ((err ) & 0xff); - - fflush (stdout); -} - - -static void -request_succeeded (const void *buffer, size_t buflen) -{ - size_t len; - - putchar (0x81); /* Simple error/success response. */ - - len = 4 + buflen; - putchar ((len >> 24) & 0xff); - putchar ((len >> 16) & 0xff); - putchar ((len >> 8) & 0xff); - putchar ((len ) & 0xff); - - /* Error code. */ - putchar (0); - putchar (0); - putchar (0); - putchar (0); - - /* Optional reponse string. */ - if (buffer) - fwrite (buffer, buflen, 1, stdout); - - fflush (stdout); -} - - - -static unsigned long -read_32 (FILE *fp) -{ - int c1, c2, c3, c4; - - c1 = getc (fp); - c2 = getc (fp); - c3 = getc (fp); - c4 = getc (fp); - if (c1 == EOF || c2 == EOF || c3 == EOF || c4 == EOF) - { - fprintf (stderr, PGM ": premature EOF while parsing request\n"); - exit (1); - } - return (c1 << 24) | (c2 << 16) | (c3 << 8) | c4; -} - - - -static const char * -pcsc_error_string (long err) -{ - const char *s; - - if (!err) - return "okay"; - if ((err & 0x80100000) != 0x80100000) - return "invalid PC/SC error code"; - err &= 0xffff; - switch (err) - { - case 0x0002: s = "cancelled"; break; - case 0x000e: s = "can't dispose"; break; - case 0x0008: s = "insufficient buffer"; break; - case 0x0015: s = "invalid ATR"; break; - case 0x0003: s = "invalid handle"; break; - case 0x0004: s = "invalid parameter"; break; - case 0x0005: s = "invalid target"; break; - case 0x0011: s = "invalid value"; break; - case 0x0006: s = "no memory"; break; - case 0x0013: s = "comm error"; break; - case 0x0001: s = "internal error"; break; - case 0x0014: s = "unknown error"; break; - case 0x0007: s = "waited too long"; break; - case 0x0009: s = "unknown reader"; break; - case 0x000a: s = "timeout"; break; - case 0x000b: s = "sharing violation"; break; - case 0x000c: s = "no smartcard"; break; - case 0x000d: s = "unknown card"; break; - case 0x000f: s = "proto mismatch"; break; - case 0x0010: s = "not ready"; break; - case 0x0012: s = "system cancelled"; break; - case 0x0016: s = "not transacted"; break; - case 0x0017: s = "reader unavailable"; break; - case 0x0065: s = "unsupported card"; break; - case 0x0066: s = "unresponsive card"; break; - case 0x0067: s = "unpowered card"; break; - case 0x0068: s = "reset card"; break; - case 0x0069: s = "removed card"; break; - case 0x006a: s = "inserted card"; break; - case 0x001f: s = "unsupported feature"; break; - case 0x0019: s = "PCI too small"; break; - case 0x001a: s = "reader unsupported"; break; - case 0x001b: s = "duplicate reader"; break; - case 0x001c: s = "card unsupported"; break; - case 0x001d: s = "no service"; break; - case 0x001e: s = "service stopped"; break; - default: s = "unknown PC/SC error code"; break; - } - return s; -} - -static void -load_pcsc_driver (const char *libname) -{ - void *handle; - - handle = dlopen (libname, RTLD_LAZY); - if (!handle) - { - fprintf (stderr, PGM ": failed to open driver '%s': %s", - libname, dlerror ()); - exit (1); - } - - pcsc_establish_context = dlsym (handle, "SCardEstablishContext"); - pcsc_release_context = dlsym (handle, "SCardReleaseContext"); - pcsc_list_readers = dlsym (handle, "SCardListReaders"); - pcsc_get_status_change = dlsym (handle, "SCardGetStatusChange"); - pcsc_connect = dlsym (handle, "SCardConnect"); - pcsc_reconnect = dlsym (handle, "SCardReconnect"); - pcsc_disconnect = dlsym (handle, "SCardDisconnect"); - pcsc_status = dlsym (handle, "SCardStatus"); - pcsc_begin_transaction = dlsym (handle, "SCardBeginTransaction"); - pcsc_end_transaction = dlsym (handle, "SCardEndTransaction"); - pcsc_transmit = dlsym (handle, "SCardTransmit"); - pcsc_set_timeout = dlsym (handle, "SCardSetTimeout"); - pcsc_control = dlsym (handle, "SCardControl"); - - if (!pcsc_establish_context - || !pcsc_release_context - || !pcsc_list_readers - || !pcsc_get_status_change - || !pcsc_connect - || !pcsc_reconnect - || !pcsc_disconnect - || !pcsc_status - || !pcsc_begin_transaction - || !pcsc_end_transaction - || !pcsc_transmit - || !pcsc_control - /* || !pcsc_set_timeout */) - { - /* Note that set_timeout is currently not used and also not - available under Windows. */ - fprintf (stderr, - "apdu_open_reader: invalid PC/SC driver " - "(%d%d%d%d%d%d%d%d%d%d%d%d%d)\n", - !!pcsc_establish_context, - !!pcsc_release_context, - !!pcsc_list_readers, - !!pcsc_get_status_change, - !!pcsc_connect, - !!pcsc_reconnect, - !!pcsc_disconnect, - !!pcsc_status, - !!pcsc_begin_transaction, - !!pcsc_end_transaction, - !!pcsc_transmit, - !!pcsc_set_timeout, - !!pcsc_control ); - dlclose (handle); - exit (1); - } -} - - - - -/* Handle a open request. The argument is expected to be a string - with the port identification. ARGBUF is always guaranteed to be - terminted by a 0 which is not counted in ARGLEN. We may modifiy - ARGBUF. */ -static void -handle_open (unsigned char *argbuf, size_t arglen) -{ - long err; - const char * portstr; - char *list = NULL; - pcsc_dword_t nreader, atrlen; - char *p; - pcsc_dword_t card_state, card_protocol; - unsigned char atr[33]; - - /* Make sure there is only the port string */ - if (arglen != strlen ((char*)argbuf)) - bad_request ("OPEN"); - portstr = (char*)argbuf; - - if (driver_is_open) - { - fprintf (stderr, PGM ": PC/SC has already been opened\n"); - request_failed (-1); - return; - } - - err = pcsc_establish_context (PCSC_SCOPE_SYSTEM, NULL, NULL, &pcsc_context); - if (err) - { - fprintf (stderr, PGM": pcsc_establish_context failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - request_failed (err); - return; - } - - err = pcsc_list_readers (pcsc_context, NULL, NULL, &nreader); - if (!err) - { - list = malloc (nreader+1); /* Better add 1 for safety reasons. */ - if (!list) - { - fprintf (stderr, PGM": error allocating memory for reader list\n"); - exit (1); - } - err = pcsc_list_readers (pcsc_context, NULL, list, &nreader); - } - if (err) - { - fprintf (stderr, PGM": pcsc_list_readers failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - pcsc_release_context (pcsc_context); - free (list); - request_failed (err); - return; - } - - p = list; - while (nreader) - { - if (!*p && !p[1]) - break; - fprintf (stderr, PGM": detected reader '%s'\n", p); - if (nreader < (strlen (p)+1)) - { - fprintf (stderr, PGM": invalid response from pcsc_list_readers\n"); - break; - } - nreader -= strlen (p)+1; - p += strlen (p) + 1; - } - - current_rdrname = malloc (strlen (portstr && *portstr? portstr:list)+1); - if (!current_rdrname) - { - fprintf (stderr, PGM": error allocating memory for reader name\n"); - exit (1); - } - strcpy (current_rdrname, portstr && *portstr? portstr:list); - free (list); - - err = pcsc_connect (pcsc_context, - current_rdrname, - PCSC_SHARE_EXCLUSIVE, - PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, - &pcsc_card, - &pcsc_protocol); - if (err == 0x8010000c) /* No smartcard. */ - { - pcsc_card = 0; - } - else if (err) - { - fprintf (stderr, PGM": pcsc_connect failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - pcsc_release_context (pcsc_context); - free (current_rdrname); - current_rdrname = NULL; - pcsc_card = 0; - pcsc_protocol = 0; - request_failed (err); - return; - } - - current_atrlen = 0; - if (!err) - { - char reader[250]; - pcsc_dword_t readerlen; - - atrlen = 33; - readerlen = sizeof reader -1; - err = pcsc_status (pcsc_card, - reader, &readerlen, - &card_state, &card_protocol, - atr, &atrlen); - if (err) - fprintf (stderr, PGM": pcsc_status failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - else - { - if (atrlen >= sizeof atr || atrlen >= sizeof current_atr) - { - fprintf (stderr, PGM": ATR returned by pcsc_status" - " is too large\n"); - exit (4); - } - memcpy (current_atr, atr, atrlen); - current_atrlen = atrlen; - } - } - - driver_is_open = 1; - request_succeeded (current_atr, current_atrlen); -} - - - -/* Handle a close request. We expect no arguments. We may modifiy - ARGBUF. */ -static void -handle_close (unsigned char *argbuf, size_t arglen) -{ - (void)argbuf; - (void)arglen; - - if (!driver_is_open) - { - fprintf (stderr, PGM ": PC/SC has not yet been opened\n"); - request_failed (-1); - return; - } - - free (current_rdrname); - current_rdrname = NULL; - pcsc_release_context (pcsc_context); - pcsc_card = 0; - pcsc_protocol = 0; - - request_succeeded (NULL, 0); -} - - - -/* Handle a status request. We expect no arguments. We may modifiy - ARGBUF. */ -static void -handle_status (unsigned char *argbuf, size_t arglen) -{ - long err; - struct pcsc_readerstate_s rdrstates[1]; - int status; - unsigned char buf[20]; - - (void)argbuf; - (void)arglen; - - if (!driver_is_open) - { - fprintf (stderr, PGM ": PC/SC has not yet been opened\n"); - request_failed (-1); - return; - } - - memset (rdrstates, 0, sizeof *rdrstates); - rdrstates[0].reader = current_rdrname; - rdrstates[0].current_state = PCSC_STATE_UNAWARE; - err = pcsc_get_status_change (pcsc_context, - 0, - rdrstates, 1); - if (err == 0x8010000a) /* Timeout. */ - err = 0; - if (err) - { - fprintf (stderr, PGM": pcsc_get_status_change failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - request_failed (err); - return; - } - - status = 0; - if ( !(rdrstates[0].event_state & PCSC_STATE_UNKNOWN) ) - { - if ( (rdrstates[0].event_state & PCSC_STATE_PRESENT) ) - { - status |= 2; - if ( !(rdrstates[0].event_state & PCSC_STATE_MUTE) ) - status |= 4; - } - /* We indicate a useful card if it is not in use by another - application. This is because we only use exclusive access - mode. */ - if ( (status & 6) == 6 - && !(rdrstates[0].event_state & PCSC_STATE_INUSE) ) - status |= 1; - } - - /* First word is identical to the one used by apdu.c. */ - buf[0] = 0; - buf[1] = 0; - buf[2] = 0; - buf[3] = status; - /* The second word is the native PCSC state. */ - buf[4] = (rdrstates[0].event_state >> 24); - buf[5] = (rdrstates[0].event_state >> 16); - buf[6] = (rdrstates[0].event_state >> 8); - buf[7] = (rdrstates[0].event_state >> 0); - /* The third word is the protocol. */ - buf[8] = (pcsc_protocol >> 24); - buf[9] = (pcsc_protocol >> 16); - buf[10] = (pcsc_protocol >> 8); - buf[11] = (pcsc_protocol); - - request_succeeded (buf, 8); -} - - -/* Handle a reset request. We expect no arguments. We may modifiy - ARGBUF. */ -static void -handle_reset (unsigned char *argbuf, size_t arglen) -{ - long err; - char reader[250]; - pcsc_dword_t nreader, atrlen; - pcsc_dword_t card_state, card_protocol; - - (void)argbuf; - (void)arglen; - - if (!driver_is_open) - { - fprintf (stderr, PGM ": PC/SC has not yet been opened\n"); - request_failed (-1); - return; - } - - if (pcsc_card) - { - err = pcsc_disconnect (pcsc_card, PCSC_LEAVE_CARD); - if (err == 0x80100003) /* Invalid handle. (already disconnected) */ - err = 0; - if (err) - { - fprintf (stderr, PGM": pcsc_disconnect failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - request_failed (err); - return; - } - pcsc_card = 0; - } - - err = pcsc_connect (pcsc_context, - current_rdrname, - PCSC_SHARE_EXCLUSIVE, - PCSC_PROTOCOL_T0|PCSC_PROTOCOL_T1, - &pcsc_card, - &pcsc_protocol); - if (err) - { - fprintf (stderr, PGM": pcsc_connect failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - pcsc_card = 0; - request_failed (err); - return; - } - - - atrlen = 33; - nreader = sizeof reader - 1; - err = pcsc_status (pcsc_card, - reader, &nreader, - &card_state, &card_protocol, - current_atr, &atrlen); - if (err) - { - fprintf (stderr, PGM": pcsc_status failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - current_atrlen = 0; - request_failed (err); - return; - } - - request_succeeded (current_atr, current_atrlen); -} - - - -/* Handle a transmit request. The argument is expected to be a buffer - with the APDU. We may modifiy ARGBUF. */ -static void -handle_transmit (unsigned char *argbuf, size_t arglen) -{ - long err; - struct pcsc_io_request_s send_pci; - pcsc_dword_t recv_len; - unsigned char buffer[4096]; - - /* The apdu should at least be one byte. */ - if (!arglen) - bad_request ("TRANSMIT"); - - if (!driver_is_open) - { - fprintf (stderr, PGM ": PC/SC has not yet been opened\n"); - request_failed (-1); - return; - } - if ((pcsc_protocol & PCSC_PROTOCOL_T1)) - send_pci.protocol = PCSC_PROTOCOL_T1; - else - send_pci.protocol = PCSC_PROTOCOL_T0; - send_pci.pci_len = sizeof send_pci; - recv_len = sizeof (buffer); - err = pcsc_transmit (pcsc_card, &send_pci, argbuf, arglen, - NULL, buffer, &recv_len); - if (err) - { - if (verbose) - fprintf (stderr, PGM": pcsc_transmit failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - request_failed (err); - return; - } - request_succeeded (buffer, recv_len); -} - - -/* Handle a control request. The argument is expected to be a buffer - which contains CONTROL_CODE (4-byte) and INPUT_BYTES. - */ -static void -handle_control (unsigned char *argbuf, size_t arglen) -{ - long err; - pcsc_dword_t ioctl_code; - pcsc_dword_t recv_len = 1024; - unsigned char buffer[1024]; - - if (arglen < 4) - bad_request ("CONTROL"); - - ioctl_code = (argbuf[0] << 24) | (argbuf[1] << 16) | (argbuf[2] << 8) | argbuf[3]; - argbuf += 4; - arglen -= 4; - - recv_len = sizeof (buffer); - err = pcsc_control (pcsc_card, ioctl_code, argbuf, arglen, - buffer, recv_len, &recv_len); - if (err) - { - if (verbose) - fprintf (stderr, PGM": pcsc_control failed: %s (0x%lx)\n", - pcsc_error_string (err), err); - request_failed (err); - return; - } - request_succeeded (buffer, recv_len); -} - - -static void -print_version (int with_help) -{ - fputs (MYVERSION_LINE "\n" - "Copyright (C) 2004 Free Software Foundation, Inc.\n" - "This program comes with ABSOLUTELY NO WARRANTY.\n" - "This is free software, and you are welcome to redistribute it\n" - "under certain conditions. See the file COPYING for details.\n", - stdout); - - if (with_help) - fputs ("\n" - "Usage: " PGM " [OPTIONS] API-NUMBER [LIBNAME]\n" - "Helper to connect scdaemon to the PC/SC library\n" - "\n" - " --verbose enable extra informational output\n" - " --version print version of the program and exit\n" - " --help display this help and exit\n" - BUGREPORT_LINE, stdout ); - - exit (0); -} - - -int -main (int argc, char **argv) -{ - int last_argc = -1; - int api_number = 0; - int c; - - if (argc) - { - argc--; argv++; - } - while (argc && last_argc != argc ) - { - last_argc = argc; - if (!strcmp (*argv, "--")) - { - argc--; argv++; - break; - } - else if (!strcmp (*argv, "--version")) - print_version (0); - else if (!strcmp (*argv, "--help")) - print_version (1); - else if (!strcmp (*argv, "--verbose")) - { - verbose = 1; - argc--; argv++; - } - } - if (argc != 1 && argc != 2) - { - fprintf (stderr, "usage: " PGM " API-NUMBER [LIBNAME]\n"); - exit (1); - } - - api_number = atoi (*argv); - argv++; argc--; - if (api_number != 1) - { - fprintf (stderr, PGM ": api-number %d is not valid\n", api_number); - exit (1); - } - - load_pcsc_driver (argc? *argv : DEFAULT_PCSC_DRIVER); - - while ((c = getc (stdin)) != EOF) - { - size_t arglen; - unsigned char argbuffer[2048]; - - arglen = read_32 (stdin); - if (arglen >= sizeof argbuffer - 1) - { - fprintf (stderr, PGM ": request too long\n"); - exit (1); - } - if (arglen && fread (argbuffer, arglen, 1, stdin) != 1) - { - fprintf (stderr, PGM ": error reading request: %s\n", - strerror (errno)); - exit (1); - } - argbuffer[arglen] = 0; - switch (c) - { - case 1: - handle_open (argbuffer, arglen); - break; - - case 2: - handle_close (argbuffer, arglen); - exit (0); - break; - - case 3: - handle_transmit (argbuffer, arglen); - break; - - case 4: - handle_status (argbuffer, arglen); - break; - - case 5: - handle_reset (argbuffer, arglen); - break; - - case 6: - handle_control (argbuffer, arglen); - break; - - default: - fprintf (stderr, PGM ": invalid request 0x%02X\n", c); - exit (1); - } - } - return 0; -} - - - -/* -Local Variables: -compile-command: "gcc -Wall -g -o pcsc-wrapper pcsc-wrapper.c -ldl" -End: -*/ diff --git a/scd/sc-copykeys.c b/scd/sc-copykeys.c deleted file mode 100644 index eb246c4..0000000 --- a/scd/sc-copykeys.c +++ /dev/null @@ -1,715 +0,0 @@ -/* sc-copykeys.c - A tool to store keys on a smartcard. - * Copyright (C) 2003 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "scdaemon.h" -#include - -#include "../common/ttyio.h" -#include "../common/simple-pwquery.h" -#include "iso7816.h" -#include "apdu.h" /* for open_reader */ -#include "atr.h" -#include "app-common.h" - -#define _(a) (a) - - -enum cmd_and_opt_values -{ oVerbose = 'v', - oReaderPort = 500, - octapiDriver, - oDebug, - oDebugAll, - -aTest }; - - -static ARGPARSE_OPTS opts[] = { - - { 301, NULL, 0, "@Options:\n " }, - - { oVerbose, "verbose", 0, "verbose" }, - { oReaderPort, "reader-port", 2, "|N|connect to reader at port N"}, - { octapiDriver, "ctapi-driver", 2, "NAME|use NAME as ctAPI driver"}, - { oDebug, "debug" ,4|16, "set debugging flags"}, - { oDebugAll, "debug-all" ,0, "enable full debugging"}, - {0} -}; - - -static void copykeys (APP app, const char *fname); - - -static const char * -my_strusage (int level) -{ - const char *p; - switch (level) - { - case 11: p = "sc-copykeys (GnuPG)"; - break; - case 13: p = VERSION; break; - case 17: p = PRINTABLE_OS_NAME; break; - case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break; - - case 1: - case 40: p = _("Usage: sc-copykeys [options] (-h for help)\n"); - break; - case 41: p = _("Syntax: sc-copykeys [options] " - "file-with-key\n" - "Copy keys to a smartcards\n"); - break; - - default: p = NULL; - } - return p; -} - - -int -main (int argc, char **argv ) -{ - ARGPARSE_ARGS pargs; - int slot, rc; - const char *reader_port = NULL; - struct app_ctx_s appbuf; - - memset (&appbuf, 0, sizeof appbuf); - - set_strusage (my_strusage); - gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); - log_set_prefix ("sc-copykeys", 1); - - /* check that the libraries are suitable. Do it here because - the option parsing may need services of the library */ - if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) - { - log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", - NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); - } - - setup_libgcrypt_logging (); - gcry_control (GCRYCTL_DISABLE_SECMEM, 0); /* FIXME - we want to use it */ - /* FIXME? gcry_control (GCRYCTL_USE_SECURE_RNDPOOL);*/ - - pargs.argc = &argc; - pargs.argv = &argv; - pargs.flags= 1; /* do not remove the args */ - while (arg_parse (&pargs, opts) ) - { - switch (pargs.r_opt) - { - case oVerbose: opt.verbose++; break; - case oDebug: opt.debug |= pargs.r.ret_ulong; break; - case oDebugAll: opt.debug = ~0; break; - case oReaderPort: reader_port = pargs.r.ret_str; break; - case octapiDriver: opt.ctapi_driver = pargs.r.ret_str; break; - default : pargs.err = 2; break; - } - } - if (log_get_errorcount(0)) - exit(2); - - if (argc != 1) - usage (1); - - slot = apdu_open_reader (reader_port); - if (slot == -1) - exit (1); - if (apdu_connect (slot)) - exit (1); - - /* FIXME: Use select_application. */ - appbuf.slot = slot; - rc = app_select_openpgp (&appbuf); - if (rc) - { - log_error ("selecting openpgp failed: %s\n", gpg_strerror (rc)); - exit (1); - } - appbuf.initialized = 1; - log_info ("openpgp application selected\n"); - - copykeys (&appbuf, *argv); - - - return 0; -} - - - -void -send_status_info (CTRL ctrl, const char *keyword, ...) -{ - /* DUMMY */ -} - - - -static char * -read_file (const char *fname, size_t *r_length) -{ - FILE *fp; - struct stat st; - char *buf; - size_t buflen; - - fp = fname? fopen (fname, "rb") : stdin; - if (!fp) - { - log_error ("can't open '%s': %s\n", - fname? fname: "[stdin]", strerror (errno)); - return NULL; - } - - if (fstat (fileno(fp), &st)) - { - log_error ("can't stat '%s': %s\n", - fname? fname: "[stdin]", strerror (errno)); - if (fname) - fclose (fp); - return NULL; - } - - buflen = st.st_size; - buf = xmalloc (buflen+1); - if (fread (buf, buflen, 1, fp) != 1) - { - log_error ("error reading '%s': %s\n", - fname? fname: "[stdin]", strerror (errno)); - if (fname) - fclose (fp); - xfree (buf); - return NULL; - } - if (fname) - fclose (fp); - - *r_length = buflen; - return buf; -} - - -static gcry_sexp_t -read_key (const char *fname) -{ - char *buf; - size_t buflen; - gcry_sexp_t private; - int rc; - - buf = read_file (fname, &buflen); - if (!buf) - return NULL; - - rc = gcry_sexp_new (&private, buf, buflen, 1); - if (rc) - { - log_error ("gcry_sexp_new failed: %s\n", gpg_strerror (rc)); - return NULL; - } - xfree (buf); - - return private; -} - - - -static gcry_mpi_t * -sexp_to_kparms (gcry_sexp_t sexp, unsigned long *created) -{ - gcry_sexp_t list, l2; - const char *name; - const char *s; - size_t n; - int i, idx; - const char *elems; - gcry_mpi_t *array; - - *created = 0; - list = gcry_sexp_find_token (sexp, "private-key", 0 ); - if(!list) - return NULL; - - /* quick hack to get the creation time. */ - l2 = gcry_sexp_find_token (list, "created", 0); - if (l2 && (name = gcry_sexp_nth_data (l2, 1, &n))) - { - char *tmp = xmalloc (n+1); - memcpy (tmp, name, n); - tmp[n] = 0; - *created = strtoul (tmp, NULL, 10); - xfree (tmp); - } - gcry_sexp_release (l2); - l2 = gcry_sexp_cadr (list); - gcry_sexp_release (list); - list = l2; - name = gcry_sexp_nth_data (list, 0, &n); - if(!name || n != 3 || memcmp (name, "rsa", 3)) - { - gcry_sexp_release (list); - return NULL; - } - - /* Parameter names used with RSA. */ - elems = "nedpqu"; - array = xcalloc (strlen(elems) + 1, sizeof *array); - for (idx=0, s=elems; *s; s++, idx++ ) - { - l2 = gcry_sexp_find_token (list, s, 1); - if (!l2) - { - for (i=0; i 32) - { - log_error ("public exponent too large (more than 32 bits)\n"); - goto failure; - } - nbits = gcry_mpi_get_nbits (rsa_p); - if (nbits != 512) - { - log_error ("length of first RSA prime is not 512\n"); - goto failure; - } - nbits = gcry_mpi_get_nbits (rsa_q); - if (nbits != 512) - { - log_error ("length of second RSA prime is not 512\n"); - goto failure; - } - - nbits = gcry_mpi_get_nbits (rsa_n); - if (nbits != 1024) - { - log_error ("length of RSA modulus is not 1024\n"); - goto failure; - } - - keyno = query_card (app); - if (!keyno) - goto failure; - - /* Build the private key template as described in section 4.3.3.6 of - the specs. - 0xC0 public exponent - 0xC1 prime p - 0xC2 prime q */ - template = tp = xmalloc (1+2 + 1+1+4 + 1+1+64 + 1+1+64); - *tp++ = 0xC0; - *tp++ = 4; - rc = gcry_mpi_print (GCRYMPI_FMT_USG, tp, 4, &n, rsa_e); - if (rc) - { - log_error ("mpi_print failed: %s\n", gpg_strerror (rc)); - goto failure; - } - assert (n <= 4); - memcpy (e, tp, n); - elen = n; - if (n != 4) - { - memmove (tp+4-n, tp, 4-n); - memset (tp, 0, 4-n); - } - tp += 4; - - *tp++ = 0xC1; - *tp++ = 64; - rc = gcry_mpi_print (GCRYMPI_FMT_USG, tp, 64, &n, rsa_p); - if (rc) - { - log_error ("mpi_print failed: %s\n", gpg_strerror (rc)); - goto failure; - } - assert (n == 64); - tp += 64; - - *tp++ = 0xC2; - *tp++ = 64; - rc = gcry_mpi_print (GCRYMPI_FMT_USG, tp, 64, &n, rsa_q); - if (rc) - { - log_error ("mpi_print failed: %s\n", gpg_strerror (rc)); - goto failure; - } - assert (n == 64); - tp += 64; - assert (tp - template == 138); - - /* (we need the modulus to calculate the fingerprint) */ - rc = gcry_mpi_print (GCRYMPI_FMT_USG, m, 128, &n, rsa_n); - if (rc) - { - log_error ("mpi_print failed: %s\n", gpg_strerror (rc)); - goto failure; - } - assert (n == 128); - mlen = 128; - - - rc = app_openpgp_storekey (app, keyno, - template, tp - template, - created_at, - m, mlen, - e, elen, - pincb, NULL); - - if (rc) - { - log_error ("error storing key: %s\n", gpg_strerror (rc)); - goto failure; - } - log_info ("key successfully stored\n"); - { - unsigned char *mm, *ee; - size_t mmlen, eelen; - int i; - - rc = app_openpgp_readkey (app, keyno, &mm, &mmlen, &ee, &eelen); - if (rc) - { - log_error ("error reading key back: %s\n", gpg_strerror (rc)); - goto failure; - } - - /* Strip leading zeroes. */ - for (i=0; i < mmlen && !mm[i]; i++) - ; - mmlen -= i; - memmove (mm, mm+i, mmlen); - for (i=0; i < eelen && !ee[i]; i++) - ; - eelen -= i; - memmove (ee, ee+i, eelen); - - if (eelen != elen || mmlen != mlen) - { - log_error ("key parameter length mismatch (n=%u/%u, e=%u/%u)\n", - (unsigned int)mlen, (unsigned int)mmlen, - (unsigned int)elen, (unsigned int)eelen); - xfree (mm); - xfree (ee); - goto failure; - } - - if (memcmp (m, mm, mlen)) - { - log_error ("key parameter n mismatch\n"); - log_printhex ("original n: ", m, mlen); - log_printhex (" copied n: ", mm, mlen); - xfree (mm); - xfree (ee); - goto failure; - } - if (memcmp (e, ee, elen)) - { - log_error ("key parameter e mismatch\n"); - log_printhex ("original e: ", e, elen); - log_printhex (" copied e: ", ee, elen); - xfree (mm); - xfree (ee); - goto failure; - } - xfree (mm); - xfree (ee); - } - - - gcry_mpi_release (rsa_e); - gcry_mpi_release (rsa_p); - gcry_mpi_release (rsa_q); - gcry_mpi_release (rsa_n); - return; - - failure: - gcry_mpi_release (rsa_e); - gcry_mpi_release (rsa_p); - gcry_mpi_release (rsa_q); - gcry_mpi_release (rsa_n); - exit (1); -} ----------------------------------------------------------------------- Summary of changes: scd/Makefile.am | 19 -- scd/card-common.h | 72 ----- scd/card-dinsig.c | 257 --------------- scd/card-p15.c | 494 ----------------------------- scd/card.c | 568 --------------------------------- scd/pcsc-wrapper.c | 911 ----------------------------------------------------- scd/sc-copykeys.c | 715 ----------------------------------------- 7 files changed, 3036 deletions(-) delete mode 100644 scd/card-common.h delete mode 100644 scd/card-dinsig.c delete mode 100644 scd/card-p15.c delete mode 100644 scd/card.c delete mode 100644 scd/pcsc-wrapper.c delete mode 100644 scd/sc-copykeys.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 10 02:31:04 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 10 Jul 2015 02:31:04 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-7-gb3286af Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b3286af36d452fc801be573a057b0838d53a2edd (commit) from 67b2dc7636e47baefd5aafe0eb45b4730f974481 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b3286af36d452fc801be573a057b0838d53a2edd Author: NIIBE Yutaka Date: Fri Jul 10 09:21:32 2015 +0900 agent: Support non-NLS build. * agent/agent.h: Use ENABLE_NLS and define L_() macro. -- GnuPG-bug-id: 2032 This is a fix for e76d4c05b24211f3981ab69cddb3fccc17d21e0e. diff --git a/agent/agent.h b/agent/agent.h index 2948bff..5a09254 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -300,6 +300,7 @@ typedef int (*lookup_ttl_t)(const char *hexgrip); and uses that to translate a string according to the locale set for the connection. The macro LunderscoreIMPL is used by i18n to actually define the inline function when needed. */ +#ifdef ENABLE_NLS #define L_(a) agent_Lunderscore (ctrl, (a)) #define LunderscorePROTO \ static inline const char *agent_Lunderscore (ctrl_t ctrl, \ @@ -312,6 +313,9 @@ typedef int (*lookup_ttl_t)(const char *hexgrip); return ctrl? i18n_localegettext (ctrl->lc_messages, string) \ /* */: gettext (string); \ } +#else +#define L_(a) (a) +#endif /*-- gpg-agent.c --*/ ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 10 03:30:37 2015 From: cvs at cvs.gnupg.org (by Peter Wu) Date: Fri, 10 Jul 2015 03:30:37 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-232-g2a7aa3e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2a7aa3ea4d03a9c808d5888f5509c08cd27aa27c (commit) from 0a7547e487a8bc4e7ac9599c55579eb2e4a13f06 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2a7aa3ea4d03a9c808d5888f5509c08cd27aa27c Author: Peter Wu Date: Fri Jul 10 10:15:26 2015 +0900 ecc: fix memory leak. * cipher/ecc.c (ecc_verify): Release memory which was allocated before by _gcry_pk_util_preparse_sigval. (ecc_decrypt_raw): Likewise. -- Caught by LeakSanitizer (LSan). Now the test suite (make check) passes with no memleaks. Signed-off-by: Peter Wu The last commit (0a7547e487a8bc4e7ac9599c55579eb2e4a13f06) includes wrong fixes for sexp_release. ecc_decrypt_raw fix added by gniibe. diff --git a/cipher/ecc.c b/cipher/ecc.c index f5bc50a..e33f999 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1041,6 +1041,7 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ + sexp_release (l1); l1 = sexp_find_token (s_keyparms, "curve", 5); if (l1) { @@ -1417,6 +1418,7 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t keyparms) goto leave; } /* Add missing parameters using the optional curve parameter. */ + sexp_release (l1); l1 = sexp_find_token (keyparms, "curve", 5); if (l1) { ----------------------------------------------------------------------- Summary of changes: cipher/ecc.c | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 14 02:55:43 2015 From: cvs at cvs.gnupg.org (by Peter Wu) Date: Tue, 14 Jul 2015 02:55:43 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-233-g0f9532b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0f9532b186c1e0b54d7e7a6d76bce82b6226122b (commit) from 2a7aa3ea4d03a9c808d5888f5509c08cd27aa27c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0f9532b186c1e0b54d7e7a6d76bce82b6226122b Author: Peter Wu Date: Tue Jul 14 09:53:38 2015 +0900 sexp: Fix invalid deallocation in error path. * src/sexp.c: Fix wrong condition. -- Signed-off-by: Peter Wu diff --git a/src/sexp.c b/src/sexp.c index 9bc13ca..1c014e0 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -2405,7 +2405,7 @@ _gcry_sexp_vextract_param (gcry_sexp_t sexp, const char *path, _gcry_mpi_release (*array[idx]); *array[idx] = NULL; } - else if (!arrayisdesc[idx] == 1) + else if (arrayisdesc[idx] == 1) { /* Caller provided buffer. */ gcry_buffer_t *spec = (gcry_buffer_t*)array[idx]; ----------------------------------------------------------------------- Summary of changes: src/sexp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 16 07:12:00 2015 From: cvs at cvs.gnupg.org (by Peter Wu) Date: Thu, 16 Jul 2015 07:12:00 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-234-g9cd55e8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9cd55e8e948f0049cb23495f536decf797d072f7 (commit) from 0f9532b186c1e0b54d7e7a6d76bce82b6226122b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9cd55e8e948f0049cb23495f536decf797d072f7 Author: Peter Wu Date: Thu Jul 16 13:59:44 2015 +0900 rsa: Fix error in comments. * cipher/rsa.c: Fix. -- Signed-off-by: Peter Wu diff --git a/cipher/rsa.c b/cipher/rsa.c index 9a8d235..e4f73d5 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -738,7 +738,7 @@ secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey ) if ( mpi_has_sign ( h ) ) mpi_add ( h, h, skey->q ); mpi_mulm( h, skey->u, h, skey->q ); - /* m = m2 + h * p */ + /* m = m1 + h * p */ mpi_mul ( h, h, skey->p ); mpi_add ( output, m1, h ); ----------------------------------------------------------------------- Summary of changes: cipher/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 16 09:58:33 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 16 Jul 2015 09:58:33 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-8-gf2ee673 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f2ee673c99825d5189631031ddec2dbf54dbd482 (commit) from b3286af36d452fc801be573a057b0838d53a2edd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f2ee673c99825d5189631031ddec2dbf54dbd482 Author: Neal H. Walfield Date: Thu Jul 16 09:57:27 2015 +0200 Don't segfault if the first 'auto-key-locate' option is 'clear'. * g10/getkey.c (free_akl): If AKL is NULL, just return. -- Signed-off-by: Neal H. Walfield . Reported-by: Sami Farin. GnuPG-bug-id: 2045 diff --git a/g10/getkey.c b/g10/getkey.c index e450c56..5f118ea 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2923,6 +2923,9 @@ get_ctx_handle (GETKEY_CTX ctx) static void free_akl (struct akl *akl) { + if (! akl) + return; + if (akl->spec) free_keyserver_spec (akl->spec); ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 16 11:39:08 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 16 Jul 2015 11:39:08 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.28-12-g376417a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 376417ab63ebb0fd2432ddc0ee1db722ffa1d3d2 (commit) from 022719695e3900005d78564dfe4b2154fe0537a5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 376417ab63ebb0fd2432ddc0ee1db722ffa1d3d2 Author: Neal H. Walfield Date: Thu Jul 16 09:57:27 2015 +0200 Don't segfault if the first 'auto-key-locate' option is 'clear'. * g10/getkey.c (free_akl): If AKL is NULL, just return. -- Backported from f2ee673c99825d5189631031ddec2dbf54dbd482. Note: unlike in 2.1, in 2.0 this bug is not (currently) triggered since parse_auto_key_locate doesn't recognize "clear". Signed-off-by: Neal H. Walfield . Reported-by: Sami Farin. GnuPG-bug-id: 2045 diff --git a/g10/getkey.c b/g10/getkey.c index a27c8e2..6c14683 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -3098,6 +3098,9 @@ get_ctx_handle(GETKEY_CTX ctx) static void free_akl(struct akl *akl) { + if (! akl) + return; + if(akl->spec) free_keyserver_spec(akl->spec); ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 17 02:35:08 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 17 Jul 2015 02:35:08 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-9-gf5d356f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f5d356fb5bbbd0e05a753612455253e4bc335266 (commit) from f2ee673c99825d5189631031ddec2dbf54dbd482 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f5d356fb5bbbd0e05a753612455253e4bc335266 Author: NIIBE Yutaka Date: Fri Jul 17 09:34:47 2015 +0900 scd: Use openpgpdefs.h for constants. * scd/app-openpgp.c: Include openpgpdefs.h. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index f5911f3..1c6d6ec 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -68,6 +68,7 @@ #include "app-common.h" #include "tlv.h" #include "host2net.h" +#include "openpgpdefs.h" /* A table describing the DOs of the card. */ @@ -748,13 +749,13 @@ static unsigned char get_algo_byte (int keynumber, key_type_t key_type) { if (key_type == KEY_TYPE_ECC && keynumber != 1) - return 19; + return PUBKEY_ALGO_ECDSA; else if (key_type == KEY_TYPE_ECC && keynumber == 1) - return 18; + return PUBKEY_ALGO_ECDH; else if (key_type == KEY_TYPE_EDDSA) - return 22; + return PUBKEY_ALGO_EDDSA; else - return 1; /* RSA */ + return PUBKEY_ALGO_RSA; } #define MAX_ARGS_STORE_FPR 3 @@ -977,7 +978,9 @@ send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int number) get_ecc_key_parameters (app->app_local->keyattr[number].ecc.curve, &n_bits, &curve_oid); snprintf (buffer, sizeof buffer, "%d %d %u %s", - number+1, number==1? 18: 19, n_bits, curve_oid); + number+1, + number==1? PUBKEY_ALGO_ECDH: PUBKEY_ALGO_ECDSA, + n_bits, curve_oid); } else if (app->app_local->keyattr[number].key_type == KEY_TYPE_EDDSA) { @@ -1071,8 +1074,9 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name) app->app_local->extcap.max_certlen_3, app->app_local->extcap.algo_attr_change, (app->app_local->extcap.sm_supported - ? (app->app_local->extcap.sm_algo == 0? 2 : - (app->app_local->extcap.sm_algo == 1? 7 : 9)) + ? (app->app_local->extcap.sm_algo == 0? CIPHER_ALGO_3DES : + (app->app_local->extcap.sm_algo == 1? + CIPHER_ALGO_AES : CIPHER_ALGO_AES256)) : 0), app->app_local->status_indicator, app->app_local->extcap.has_decrypt, @@ -2832,7 +2836,7 @@ change_keyattr (app_t app, int keyno, unsigned int nbits, relptr = get_one_do (app, 0xC1+keyno, &buffer, &buflen, NULL); if (!relptr) return gpg_error (GPG_ERR_CARD); - if (buflen < 6 || buffer[0] != 1) + if (buflen < 6 || buffer[0] != PUBKEY_ALGO_RSA) { /* Attriutes too short or not an RSA key. */ xfree (relptr); @@ -2899,8 +2903,8 @@ change_keyattr_from_string (app_t app, err = gpg_error (GPG_ERR_INV_DATA); else if (keyno < 1 || keyno > 3) err = gpg_error (GPG_ERR_INV_ID); - else if (algo != 1) - err = gpg_error (GPG_ERR_PUBKEY_ALGO); /* Not RSA. */ + else if (algo != PUBKEY_ALGO_RSA) + err = gpg_error (GPG_ERR_PUBKEY_ALGO); else if (nbits < 1024) err = gpg_error (GPG_ERR_TOO_SHORT); else @@ -4433,7 +4437,7 @@ parse_algorithm_attribute (app_t app, int keyno) if (opt.verbose) log_info ("Key-Attr-%s ..: ", desc[keyno]); - if (*buffer == 1 && (buflen == 5 || buflen == 6)) + if (*buffer == PUBKEY_ALGO_RSA && (buflen == 5 || buflen == 6)) { app->app_local->keyattr[keyno].rsa.n_bits = (buffer[1]<<8 | buffer[2]); app->app_local->keyattr[keyno].rsa.e_bits = (buffer[3]<<8 | buffer[4]); @@ -4457,7 +4461,7 @@ parse_algorithm_attribute (app_t app, int keyno) app->app_local->keyattr[keyno].rsa.format == RSA_CRT? "crt" : app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N?"crt+n":"?"); } - else if (*buffer == 18 || *buffer == 19) /* ECDH or ECDSA */ + else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA) { app->app_local->keyattr[keyno].key_type = KEY_TYPE_ECC; app->app_local->keyattr[keyno].ecc.curve @@ -4467,7 +4471,7 @@ parse_algorithm_attribute (app_t app, int keyno) ("ECC, curve=%s\n", get_curve_name (app->app_local->keyattr[keyno].ecc.curve)); } - else if (*buffer == 22) /* EdDSA */ + else if (*buffer == PUBKEY_ALGO_EDDSA) { app->app_local->keyattr[keyno].key_type = KEY_TYPE_EDDSA; app->app_local->keyattr[keyno].eddsa.curve ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 17 03:16:40 2015 From: cvs at cvs.gnupg.org (by Ben Kibbey) Date: Fri, 17 Jul 2015 03:16:40 +0200 Subject: [git] GPGME - branch, bjk/custom-engine-options, created. gpgme-1.5.5-2-g259b61f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, bjk/custom-engine-options has been created at 259b61f73cb40fd3cb7da21cba4b1a69bfa2da78 (commit) - Log ----------------------------------------------------------------- commit 259b61f73cb40fd3cb7da21cba4b1a69bfa2da78 Author: Ben Kibbey Date: Wed Jul 15 21:41:15 2015 -0400 Add per-ctx custom engine options. * src/gpgme.h.in (gpgme_ctx_set_engine_options): New prototype. (gpgme_ctx_get_engine_options): Ditto. * src/engine-backend.h (engine_ops): Add set_options and get_options. * src/engine.c (gpgme_ctx_set_engine_options): New. (gpgme_ctx_get_engine_options): Ditto. * src/engine-gpg.c (gpg_set_options): New. (gpg_get_options): Ditto. * src/op-support.c (_gpgme_op_reset): Keep custom options. * src/engine-gpg.c (_gpgme_engine_ops_gpg): Adjust for new members. * src/engine-assuan.c (_gpgme_engine_ops_assuan): Ditto. * src/engine-g13.c (_gpgme_engine_ops_g13): Ditto. * src/engine-gpgconf.c (_gpgme_engine_ops_gpgconf): Ditto. * src/engine-gpgsm.c (_gpgme_engine_ops_gpgsm): Ditto. * src/engine-spawn.c (_gpgme_engine_ops_spawn): Ditto. * src/engine-uiserver.c (_gpgme_engine_ops_uiserver): Ditto. * src/gpgme.def: Export new symbols. * src/libgpgme.vers: Ditto. * doc/gpgme.texi: Document these new functions. -- Not all of gpg2's features are exposed to libgpgme and adding these functions makes it possible to do things like specify an --s2k-count, etc. diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 45c359d..b3aa369 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -187,6 +187,7 @@ Context Attributes * Protocol Selection:: Selecting the protocol used by a context. * Crypto Engine:: Configuring the crypto engine. +* Custom Engine Options:: Adding command line options to an engine. * ASCII Armor:: Requesting @acronym{ASCII} armored output. * Text Mode:: Choosing canonical text mode. * Included Certificates:: Including a number of certificates. @@ -2283,6 +2284,7 @@ started. In fact, these references are accessed through the @menu * Protocol Selection:: Selecting the protocol used by a context. * Crypto Engine:: Configuring the crypto engine. +* Custom Engine Options:: Adding command line options to an engine. * ASCII Armor:: Requesting @acronym{ASCII} armored output. * Text Mode:: Choosing canonical text mode. * Included Certificates:: Including a number of certificates. @@ -2362,6 +2364,29 @@ successful, or an eror code on failure. @end deftypefun + at node Custom Engine Options + at subsection Custom Engine Options + at cindex context, configuring engine + at cindex engine, configuration per context + +Since not all features of all engines may be exposed by @acronym{GPGME}, +additional command line arguments may be needed to allow the wanted +functionality. + + at deftypefun gpgme_error_t gpgme_ctx_set_engine_options (@w{gpgme_ctx_t @var{ctx}}, @w{const char *@var{options}}) +The function @code{gpgme_ctx_set_engine_options} sets command line options for +the configured engine in context @var{ctx} to @var{options}. The options are +passed upon each op call and may be reset by setting @var{options} to + at code{NULL}. This function returns @code{0} on success or an error on failure. + at end deftypefun + + at deftypefun gpgme_error_t gpgme_ctx_get_engine_options (@w{gpgme_ctx_t @var{ctx}}, @w{char ** @var{result}}) +The function @code{gpgme_ctx_get_engine_options} returns the previously set +engine options in @var{result}. This function returns @code{0} on success or +an error on failure. + at end deftypefun + + @c FIXME: Unfortunately, using @acronym here breaks texi2dvi. @node ASCII Armor @subsection @acronym{ASCII} Armor diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 663b2ea..99cd9a6 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -759,6 +759,8 @@ struct engine_ops _gpgme_engine_ops_assuan = NULL, /* set_colon_line_handler */ llass_set_locale, NULL, /* set_protocol */ + NULL, /* set_options */ + NULL, /* get_options */ NULL, /* decrypt */ NULL, /* decrypt_verify */ NULL, /* delete */ diff --git a/src/engine-backend.h b/src/engine-backend.h index b3cc412..1079f5f 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -59,6 +59,8 @@ struct engine_ops void *fnc_value); gpgme_error_t (*set_locale) (void *engine, int category, const char *value); gpgme_error_t (*set_protocol) (void *engine, gpgme_protocol_t protocol); + gpgme_error_t (*set_options) (void *engine, const char *options); + const char *(*get_options) (void *engine); gpgme_error_t (*decrypt) (void *engine, gpgme_data_t ciph, gpgme_data_t plain); gpgme_error_t (*decrypt_verify) (void *engine, gpgme_data_t ciph, diff --git a/src/engine-g13.c b/src/engine-g13.c index a9717ee..6cc9100 100644 --- a/src/engine-g13.c +++ b/src/engine-g13.c @@ -775,6 +775,8 @@ struct engine_ops _gpgme_engine_ops_g13 = NULL, /* set_colon_line_handler */ g13_set_locale, NULL, /* set_protocol */ + NULL, /* set_options */ + NULL, /* get_options */ NULL, /* decrypt */ NULL, /* decrypt_verify */ NULL, /* delete */ diff --git a/src/engine-gpg.c b/src/engine-gpg.c index e14fd8d..0be970a 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -115,6 +115,7 @@ struct engine_gpg char **argv; struct fd_data_map_s *fd_data_map; + char *options; /* gpgme_ctx_set_engine_options() */ /* stuff needed for interactive (command) mode */ struct @@ -404,6 +405,7 @@ gpg_release (void *engine) free (gpg->status.buffer); if (gpg->colon.buffer) free (gpg->colon.buffer); + free (gpg->options); if (gpg->argv) free_argv (gpg->argv); if (gpg->cmd.keyword) @@ -716,6 +718,43 @@ gpg_set_command_handler (void *engine, engine_command_handler_t fnc, } +/* Custom command line options set with gpgme_ctx_set_engine_options() */ +static gpgme_error_t +build_custom_argv (engine_gpg_t gpg, size_t *argc, char ***result) +{ + char *s, *options = gpg->options; + char **argv = NULL; + int total = 0; + + if (!options) + return 0; + + while ((s = strsep (&options, " "))) + { + char **tmp = realloc (argv, (total+2) * sizeof (char *)); + + if (!tmp) + { + free_argv (argv); + return GPG_ERR_ENOMEM; + } + + argv = tmp; + argv[total] = strdup (s); + if (!argv[total++]) + { + free_argv (argv); + return GPG_ERR_ENOMEM; + } + + argv[total] = NULL; + (*argc)++; + } + + *result = argv; + return 0; +} + static gpgme_error_t build_argv (engine_gpg_t gpg, const char *pgmname) { @@ -723,7 +762,7 @@ build_argv (engine_gpg_t gpg, const char *pgmname) struct arg_and_data_s *a; struct fd_data_map_s *fd_data_map; size_t datac=0, argc=0; - char **argv; + char **argv, **custom_argv = NULL, **pp; int need_special = 0; int use_agent = 0; char *p; @@ -780,6 +819,10 @@ build_argv (engine_gpg_t gpg, const char *pgmname) argc++; /* --batch */ argc += 1; /* --no-sk-comments */ + err = build_custom_argv (gpg, &argc, &custom_argv); + if (err) + return err; + argv = calloc (argc + 1, sizeof *argv); if (!argv) return gpg_error_from_syserror (); @@ -801,6 +844,14 @@ build_argv (engine_gpg_t gpg, const char *pgmname) return saved_err; } argc++; + + if (custom_argv) + { + for (pp = custom_argv; pp && *pp; pp++) + argv[argc++] = *pp; + free (custom_argv); + } + if (need_special) { argv[argc] = strdup ("--enable-special-filenames"); @@ -2449,6 +2500,30 @@ gpg_set_pinentry_mode (void *engine, gpgme_pinentry_mode_t mode) return 0; } +static gpgme_error_t +gpg_set_options (void *engine, const char *options) +{ + engine_gpg_t gpg = engine; + + free (gpg->options); + gpg->options = NULL; + if (options) + { + gpg->options = strdup (options); + if (!gpg->options) + return GPG_ERR_ENOMEM; + } + + return 0; +} + +static const char * +gpg_get_options (void *engine) +{ + engine_gpg_t gpg = engine; + + return gpg->options; +} struct engine_ops _gpgme_engine_ops_gpg = @@ -2468,6 +2543,8 @@ struct engine_ops _gpgme_engine_ops_gpg = gpg_set_colon_line_handler, gpg_set_locale, NULL, /* set_protocol */ + gpg_set_options, + gpg_get_options, gpg_decrypt, gpg_decrypt, /* decrypt_verify */ gpg_delete, diff --git a/src/engine-gpgconf.c b/src/engine-gpgconf.c index a2407ac..1033adb 100644 --- a/src/engine-gpgconf.c +++ b/src/engine-gpgconf.c @@ -939,6 +939,8 @@ struct engine_ops _gpgme_engine_ops_gpgconf = NULL, /* set_colon_line_handler */ NULL, /* set_locale */ NULL, /* set_protocol */ + NULL, /* set_options */ + NULL, /* get_options */ NULL, /* decrypt */ NULL, /* decrypt_verify */ NULL, /* delete */ diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index ac6c5fc..1c27898 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1988,6 +1988,8 @@ struct engine_ops _gpgme_engine_ops_gpgsm = gpgsm_set_colon_line_handler, gpgsm_set_locale, NULL, /* set_protocol */ + NULL, /* set_options */ + NULL, /* get_options */ gpgsm_decrypt, gpgsm_decrypt, gpgsm_delete, /* decrypt_verify */ diff --git a/src/engine-spawn.c b/src/engine-spawn.c index eb4e038..9385021 100644 --- a/src/engine-spawn.c +++ b/src/engine-spawn.c @@ -445,6 +445,8 @@ struct engine_ops _gpgme_engine_ops_spawn = NULL, /* set_colon_line_handler */ NULL, /* set_locale */ NULL, /* set_protocol */ + NULL, /* set_options */ + NULL, /* get_options */ NULL, /* decrypt */ NULL, /* decrypt_verify */ NULL, /* delete */ diff --git a/src/engine-uiserver.c b/src/engine-uiserver.c index a7184b7..4bfb885 100644 --- a/src/engine-uiserver.c +++ b/src/engine-uiserver.c @@ -1316,6 +1316,8 @@ struct engine_ops _gpgme_engine_ops_uiserver = uiserver_set_colon_line_handler, uiserver_set_locale, uiserver_set_protocol, + NULL, /* set_options */ + NULL, /* get_options */ uiserver_decrypt, uiserver_decrypt_verify, NULL, /* delete */ diff --git a/src/engine.c b/src/engine.c index ff015c0..cbd3457 100644 --- a/src/engine.c +++ b/src/engine.c @@ -445,6 +445,37 @@ gpgme_set_engine_info (gpgme_protocol_t proto, return err; } +/* Set custom command line options for the engine associated with a + context. */ +gpgme_error_t +gpgme_ctx_set_engine_options (gpgme_ctx_t ctx, const char *options) +{ + if (!ctx || !ctx->engine) + return gpg_error (GPG_ERR_INV_VALUE); + + if (!ctx->engine->ops->set_options) + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + + return (*ctx->engine->ops->set_options) (ctx->engine->engine, options); +} + +/* Return previously set custom engine command line options. */ +gpgme_error_t +gpgme_ctx_get_engine_options (gpgme_ctx_t ctx, const char **result) +{ + if (!ctx || !ctx->engine) + return gpg_error (GPG_ERR_INV_VALUE); + + if (!result) + return gpg_error (GPG_ERR_INV_ARG); + + if (!ctx->engine->ops->get_options) + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + + *result = (*ctx->engine->ops->get_options) (ctx->engine->engine); + return 0; +} + gpgme_error_t _gpgme_engine_new (gpgme_engine_info_t info, engine_t *r_engine) diff --git a/src/gpgme.def b/src/gpgme.def index dc18948..754cb57 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -217,5 +217,7 @@ EXPORTS gpgme_op_spawn_start @163 gpgme_op_spawn @164 + gpgme_ctx_set_engine_options @165 + gpgme_ctx_get_engine_options @166 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 15ed803..ffa58c5 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -947,6 +947,15 @@ gpgme_error_t gpgme_ctx_set_engine_info (gpgme_ctx_t ctx, const char *file_name, const char *home_dir); +/* Set custom command line options for the engine associated with a + context. */ +gpgme_error_t gpgme_ctx_set_engine_options (gpgme_ctx_t ctx, + const char *options); + +/* Return previously set custom engine command line options. */ +gpgme_error_t gpgme_ctx_get_engine_options (gpgme_ctx_t ctx, + const char **result); + /* Return a statically allocated string with the name of the public key algorithm ALGO, or NULL if that name is not known. */ diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 39663c1..d7c97c8 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -92,6 +92,9 @@ GPGME_1.1 { gpgme_op_spawn_start; gpgme_op_spawn; + + gpgme_ctx_set_engine_options; + gpgme_ctx_get_engine_options; }; diff --git a/src/op-support.c b/src/op-support.c index 2bcb3a3..87a9b8d 100644 --- a/src/op-support.c +++ b/src/op-support.c @@ -83,9 +83,19 @@ _gpgme_op_reset (gpgme_ctx_t ctx, int type) struct gpgme_io_cbs io_cbs; int no_reset = (type & 256); int reuse_engine = 0; + char *options = NULL; + const char *tmp = NULL; type &= 255; + err = gpgme_ctx_get_engine_options (ctx, &tmp); + if (tmp) + { + options = strdup (tmp); + if (!options) + return GPG_ERR_ENOMEM; + } + _gpgme_release_result (ctx); LOCK (ctx->lock); ctx->canceled = 0; @@ -119,8 +129,22 @@ _gpgme_op_reset (gpgme_ctx_t ctx, int type) err = _gpgme_engine_new (info, &ctx->engine); if (err) return err; + + if (options) + { + err = gpgme_ctx_set_engine_options (ctx, options); + if (err && gpg_err_code (err) != GPG_ERR_NOT_IMPLEMENTED) + { + free (options); + _gpgme_engine_release (ctx->engine); + ctx->engine = NULL; + return err; + } + } } + free (options); + if (!reuse_engine) { err = 0; ----------------------------------------------------------------------- hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 21 07:30:12 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 21 Jul 2015 07:30:12 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-10-g9901be3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 9901be395684dd1b35d83685a719291347684ab1 (commit) from f5d356fb5bbbd0e05a753612455253e4bc335266 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9901be395684dd1b35d83685a719291347684ab1 Author: NIIBE Yutaka Date: Tue Jul 21 14:27:02 2015 +0900 scd: change_keyattr_from_string for ECC. * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string): Support ECC. (rsa_writekey): Don't change key attribute. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 1c6d6ec..5ca526c 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -57,12 +57,12 @@ #include "options.h" #include "errors.h" #include "memory.h" -#include "util.h" #include "cardglue.h" #else /* GNUPG_MAJOR_VERSION != 1 */ #include "scdaemon.h" #endif /* GNUPG_MAJOR_VERSION != 1 */ +#include "util.h" #include "i18n.h" #include "iso7816.h" #include "app-common.h" @@ -2818,54 +2818,25 @@ build_ecc_privkey_template (app_t app, int keyno, /* Helper for do_writekley to change the size of a key. Not ethat this deletes the entire key without asking. */ static gpg_error_t -change_keyattr (app_t app, int keyno, unsigned int nbits, +change_keyattr (app_t app, int keyno, const unsigned char *buf, size_t buflen, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg) { gpg_error_t err; - unsigned char *buffer; - size_t buflen; - void *relptr; assert (keyno >=0 && keyno <= 2); - if (nbits > 4096) - return gpg_error (GPG_ERR_TOO_LARGE); - - /* Read the current attributes into a buffer. */ - relptr = get_one_do (app, 0xC1+keyno, &buffer, &buflen, NULL); - if (!relptr) - return gpg_error (GPG_ERR_CARD); - if (buflen < 6 || buffer[0] != PUBKEY_ALGO_RSA) - { - /* Attriutes too short or not an RSA key. */ - xfree (relptr); - return gpg_error (GPG_ERR_CARD); - } - - /* We only change n_bits and don't touch anything else. Before we - do so, we round up NBITS to a sensible way in the same way as - gpg's key generation does it. This may help to sort out problems - with a few bits too short keys. */ - nbits = ((nbits + 31) / 32) * 32; - buffer[1] = (nbits >> 8); - buffer[2] = nbits; - /* Prepare for storing the key. */ err = verify_chv3 (app, pincb, pincb_arg); if (err) - { - xfree (relptr); - return err; - } + return err; /* Change the attribute. */ - err = iso7816_put_data (app->slot, 0, 0xC1+keyno, buffer, buflen); - xfree (relptr); + err = iso7816_put_data (app->slot, 0, 0xC1+keyno, buf, buflen); if (err) - log_error ("error changing size of key %d to %u bits\n", keyno+1, nbits); + log_error ("error changing key attribute (key=%d)\n", keyno+1); else - log_info ("size of key %d changed to %u bits\n", keyno+1, nbits); + log_info ("key attribute changed (key=%d)\n", keyno+1); flush_cache (app); parse_algorithm_attribute (app, keyno); app->did_chv1 = 0; @@ -2875,18 +2846,21 @@ change_keyattr (app_t app, int keyno, unsigned int nbits, } -/* Helper to process an setattr command for name KEY-ATTR. It expects - a string "--force " in (VALUE,VALUELEN). */ +/* Helper to process an setattr command for name KEY-ATTR. + In (VALUE,VALUELEN), it expects following string: + RSA: "--force " + ECC: "--force " + */ static gpg_error_t change_keyattr_from_string (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), void *pincb_arg, const void *value, size_t valuelen) { - gpg_error_t err; + gpg_error_t err = 0; char *string; int keyno, algo; - unsigned int nbits; + int n = 0; /* VALUE is expected to be a string but not guaranteed to be terminated. Thus copy it to an allocated buffer first. */ @@ -2899,17 +2873,91 @@ change_keyattr_from_string (app_t app, /* Because this function deletes the key we require the string "--force" in the data to make clear that something serious might happen. */ - if (sscanf (string, " --force %d %d %u", &keyno, &algo, &nbits) != 3) - err = gpg_error (GPG_ERR_INV_DATA); - else if (keyno < 1 || keyno > 3) + sscanf (string, " --force %d %d %n", &keyno, &algo, &n); + if (n < 13) + { + err = gpg_error (GPG_ERR_INV_DATA); + goto leave; + } + + if (keyno < 1 || keyno > 3) err = gpg_error (GPG_ERR_INV_ID); - else if (algo != PUBKEY_ALGO_RSA) - err = gpg_error (GPG_ERR_PUBKEY_ALGO); - else if (nbits < 1024) - err = gpg_error (GPG_ERR_TOO_SHORT); + else if (algo == PUBKEY_ALGO_RSA) + { + unsigned int nbits; + + errno = 0; + nbits = strtoul (string+n, NULL, 10); + if (errno) + err = gpg_error (GPG_ERR_INV_DATA); + else if (nbits < 1024) + err = gpg_error (GPG_ERR_TOO_SHORT); + else if (nbits > 4096) + err = gpg_error (GPG_ERR_TOO_LARGE); + else + { + unsigned char *buf; + size_t buflen; + void *relptr; + + /* Read the current attributes into a buffer. */ + relptr = get_one_do (app, 0xC1+keyno, &buf, &buflen, NULL); + if (!relptr) + { + err = gpg_error (GPG_ERR_CARD); + goto leave; + } + if (buflen < 6 || buf[0] != PUBKEY_ALGO_RSA) + { + /* Attriutes too short or not an RSA key. */ + xfree (relptr); + err = gpg_error (GPG_ERR_CARD); + goto leave; + } + + /* We only change n_bits and don't touch anything else. Before we + do so, we round up NBITS to a sensible way in the same way as + gpg's key generation does it. This may help to sort out problems + with a few bits too short keys. */ + nbits = ((nbits + 31) / 32) * 32; + buf[1] = (nbits >> 8); + buf[2] = nbits; + err = change_keyattr (app, keyno-1, buf, buflen, pincb, pincb_arg); + xfree (relptr); + } + } + else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA) + { + const char *oidstr; + + oidstr = openpgp_curve_to_oid (string+n, NULL); + if (!oidstr) + err = gpg_error (GPG_ERR_INV_DATA); + else + { + gcry_mpi_t m; + + err = openpgp_oid_from_str (oidstr, &m); + if (!err) + { + unsigned int len; + const unsigned char *buf = gcry_mpi_get_opaque (m, &len); + + /* We have enough room at STRING. */ + len = buf[0]; + string[0] = algo; + memcpy (string+1, buf+1, len++); + err = change_keyattr (app, keyno-1, string, len, + pincb, pincb_arg); + gcry_mpi_release (m); + } + } + } else - err = change_keyattr (app, keyno-1, nbits, pincb, pincb_arg); + err = gpg_error (GPG_ERR_PUBKEY_ALGO); + leave: xfree (string); return err; } @@ -3032,14 +3080,6 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), if (opt.verbose) log_info ("RSA modulus size is %u bits (%u bytes)\n", nbits, (unsigned int)rsa_n_len); - if (nbits && nbits != maxbits - && app->app_local->extcap.algo_attr_change) - { - /* Try to switch the key to a new length. */ - err = change_keyattr (app, keyno, nbits, pincb, pincb_arg); - if (!err) - maxbits = app->app_local->keyattr[keyno].rsa.n_bits; - } if (nbits != maxbits) { log_error (_("RSA modulus missing or not of size %d bits\n"), ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 150 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 95 insertions(+), 55 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 22 11:08:49 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Jul 2015 11:08:49 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-11-g69d2c9b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 69d2c9b09bd9d0b86b9f2feb585037a2c11795b0 (commit) from 9901be395684dd1b35d83685a719291347684ab1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 69d2c9b09bd9d0b86b9f2feb585037a2c11795b0 Author: Werner Koch Date: Wed Jul 22 11:05:32 2015 +0200 Avoid a leading double slash in make_filename. * common/stringhelp.c (do_make_filename): Special case leading '/'. diff --git a/common/stringhelp.c b/common/stringhelp.c index 6714eb8..576c2ea 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -493,7 +493,13 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) xfree (home_buffer); for (argc=0; argv[argc]; argc++) - p = stpcpy (stpcpy (p, "/"), argv[argc]); + { + /* Avoid a leading double slash if the first part was "/". */ + if (!argc && name[0] == '/' && !name[1]) + p = stpcpy (p, argv[argc]); + else + p = stpcpy (stpcpy (p, "/"), argv[argc]); + } if (want_abs) { @@ -543,7 +549,13 @@ do_make_filename (int xmode, const char *first_part, va_list arg_ptr) memcpy (home_buffer, p, p - name + 1); p = home_buffer + (p - name + 1); } - strcpy (stpcpy (stpcpy (p, home), "/"), name); + + /* Avoid a leading double slash if the cwd is "/". */ + if (home[0] == '/' && !home[1]) + strcpy (stpcpy (p, "/"), name); + else + strcpy (stpcpy (stpcpy (p, home), "/"), name); + xfree (name); name = home_buffer; /* Let's do a simple compression to catch the most common ----------------------------------------------------------------------- Summary of changes: common/stringhelp.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 22 13:02:18 2015 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Wed, 22 Jul 2015 13:02:18 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-13-g194c25d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 194c25d59fb42ef653d3bc94c97966926dc84800 (commit) via 90f029e869103420a89559d2108d4369147db940 (commit) from 69d2c9b09bd9d0b86b9f2feb585037a2c11795b0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 194c25d59fb42ef653d3bc94c97966926dc84800 Author: Daniel Kahn Gillmor Date: Tue Jul 7 12:00:16 2015 -0400 doc: Improve documentation about VALIDSIG -- The claim that VALIDSIG is the same as GOODSIG is simply wrong. Attempt to clarify it. Also, the paragraph about primary-key-fpr and sig-version was weirdly re-ordered during the org-mode conversion in 65eb98966a569a91c97d0c23ba5582a9a7558de0; repair it. Signed-off-by: Daniel Kahn Gillmor diff --git a/doc/DETAILS b/doc/DETAILS index d1f7394..23a5420 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -408,12 +408,15 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - - [ ] - This status indicates that the signature is good. This is the same - as GOODSIG but has the fingerprint as the argument. Both status - lines are emitted for a good signature. All arguments here are on - one long line. sig-timestamp is the signature creation time in - seconds after the epoch. expire-timestamp is the signature - expiration time in seconds after the epoch (zero means "does not + This status indicates that the signature is cryptographically + valid. This similar to GOODSIG or EXPSIG or EXPKEYSIG or REVSIG + (depending on the date and the state of the signature and signing + key) but has the fingerprint as the argument. Multiple status + lines (VALIDSIG and the other appropriate *SIG status) are emitted + for a valid signature. All arguments here are on one long line. + sig-timestamp is the signature creation time in seconds after the + epoch. expire-timestamp is the signature expiration time in + seconds after the epoch (zero means "does not expire"). sig-version, pubkey-algo, hash-algo, and sig-class (a 2-byte hex value) are all straight from the signature packet. PRIMARY-KEY-FPR is the fingerprint of the primary key or identical @@ -421,8 +424,8 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: key without running gpg again for this purpose. The primary-key-fpr parameter is used for OpenPGP and not - class is not defined for CMS and currently set to 0 and 00. available for CMS signatures. The sig-version as well as the sig + class is not defined for CMS and currently set to 0 and 00. Note, that *-TIMESTAMP may either be a number of seconds since Epoch or an ISO 8601 string which can be detected by the presence commit 90f029e869103420a89559d2108d4369147db940 Author: Daniel Kahn Gillmor Date: Tue Jul 7 09:16:41 2015 -0400 doc: Clarify constraints on who modifies files in ~/.gnupg -- diff --git a/doc/gpg.texi b/doc/gpg.texi index 6c5cc5d..c0632b3 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2943,7 +2943,7 @@ helper script is provided to create these files (@pxref{addgnupghome}). For internal purposes @command{@gpgname} creates and maintains a few other files; They all live in in the current home directory (@pxref{option ---homedir}). Only the @command{@gpgname} may modify these files. +--homedir}). Only the @command{@gpgname} program may modify these files. @table @file ----------------------------------------------------------------------- Summary of changes: doc/DETAILS | 17 ++++++++++------- doc/gpg.texi | 2 +- 2 files changed, 11 insertions(+), 8 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 22 16:43:38 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 22 Jul 2015 16:43:38 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-14-gcb315d0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cb315d08e49b4f8181e47d0bf204a202fb226320 (commit) from 194c25d59fb42ef653d3bc94c97966926dc84800 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cb315d08e49b4f8181e47d0bf204a202fb226320 Author: Werner Koch Date: Wed Jul 22 16:41:22 2015 +0200 doc: Add a comment to --set-filename. -- diff --git a/doc/gpg.texi b/doc/gpg.texi index c0632b3..73a80a8 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2468,7 +2468,8 @@ The same %-expandos used for notation data are available here as well. @opindex set-filename Use @code{string} as the filename which is stored inside messages. This overrides the default, which is to use the actual filename of the -file being encrypted. +file being encrypted. Using the empty string for @var{string} +effectively removes the filename from the output. @item --for-your-eyes-only @itemx --no-for-your-eyes-only ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 23 08:52:02 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 23 Jul 2015 08:52:02 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-15-gdbf4534 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via dbf4534f49a1fe3823bd6d6d7bb4d9df863b4789 (commit) from cb315d08e49b4f8181e47d0bf204a202fb226320 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dbf4534f49a1fe3823bd6d6d7bb4d9df863b4789 Author: NIIBE Yutaka Date: Thu Jul 23 14:10:03 2015 +0900 scd: Format change to specify "rsa2048" for KEY-ATTR. * g10/card-util.c (do_change_keysize): Put "rsa". * scd/app-openpgp.c (change_keyattr, change_keyattr_from_string): Change the command format. (rsa_writekey): Check key type. (do_writekey): Remove "ecdh" and "ecdsa" support which was available in experimental libgcrypt before 1.6.0. diff --git a/g10/card-util.c b/g10/card-util.c index dbd530e..890bf2d 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1332,7 +1332,7 @@ do_change_keysize (int keyno, unsigned int nbits) gpg_error_t err; char args[100]; - snprintf (args, sizeof args, "--force %d 1 %u", keyno+1, nbits); + snprintf (args, sizeof args, "--force %d 1 rsa%u", keyno+1, nbits); err = agent_scd_setattr ("KEY-ATTR", args, strlen (args), NULL); if (err) log_error (_("error changing size of key %d to %u bits: %s\n"), diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 5ca526c..81b4923 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -2848,7 +2848,7 @@ change_keyattr (app_t app, int keyno, const unsigned char *buf, size_t buflen, /* Helper to process an setattr command for name KEY-ATTR. In (VALUE,VALUELEN), it expects following string: - RSA: "--force " + RSA: "--force rsa" ECC: "--force " */ static gpg_error_t @@ -2887,7 +2887,7 @@ change_keyattr_from_string (app_t app, unsigned int nbits; errno = 0; - nbits = strtoul (string+n, NULL, 10); + nbits = strtoul (string+n+3, NULL, 10); if (errno) err = gpg_error (GPG_ERR_INV_DATA); else if (nbits < 1024) @@ -2985,6 +2985,13 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), unsigned char fprbuf[20]; u32 created_at = 0; + if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_RSA) + { + log_error (_("unsupported algorithm: %s"), "RSA"); + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } + last_depth1 = depth; while (!(err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen)) && depth && depth >= last_depth1) @@ -3519,10 +3526,7 @@ do_writekey (app_t app, ctrl_t ctrl, goto leave; if (tok && toklen == 3 && memcmp ("rsa", tok, toklen) == 0) err = rsa_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth); - else if (tok - && ((toklen == 3 && memcmp ("ecc", tok, toklen) == 0) - || (toklen == 4 && memcmp ("ecdh", tok, toklen) == 0) - || (toklen == 5 && memcmp ("ecdsa", tok, toklen) == 0))) + else if (tok && toklen == 3 && memcmp ("ecc", tok, toklen) == 0) err = ecc_writekey (app, pincb, pincb_arg, keyno, buf, buflen, depth); else { ----------------------------------------------------------------------- Summary of changes: g10/card-util.c | 2 +- scd/app-openpgp.c | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 23 11:43:17 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Jul 2015 11:43:17 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-2-gc23f889 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via c23f8897105ce2bb6e62d9c44ca0779fcc08a919 (commit) from a5d9e018b8826e97c9fcc548c8e9e797bbc8d6db (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c23f8897105ce2bb6e62d9c44ca0779fcc08a919 Author: Werner Koch Date: Thu Jul 23 11:40:09 2015 +0200 Add option --lib-version to gpgme-tool. * src/gpgme-tool.c (options, parse_options): Add --lib-version (CMD_LIBVERSION): New. (main): Implement. diff --git a/src/gpgme-tool.c b/src/gpgme-tool.c index d42179b..94d1124 100644 --- a/src/gpgme-tool.c +++ b/src/gpgme-tool.c @@ -3728,6 +3728,7 @@ static char args_doc[] = "COMMAND [OPTIONS...]"; static struct argp_option options[] = { { "server", 's', 0, 0, "Server mode" }, { "gpg-binary", 501, "FILE", 0, "Use FILE for the GPG backend" }, + { "lib-version", 502, 0, 0, "Show library version" }, { 0 } }; @@ -3736,7 +3737,7 @@ static struct argp argp = { options, parse_options, args_doc, doc }; struct args { - enum { CMD_DEFAULT, CMD_SERVER } cmd; + enum { CMD_DEFAULT, CMD_SERVER, CMD_LIBVERSION } cmd; const char *gpg_binary; }; @@ -3762,6 +3763,11 @@ parse_options (int key, char *arg, struct argp_state *state) case 501: args->gpg_binary = arg; break; + + case 502: + args->cmd = CMD_LIBVERSION; + break; + #if 0 case ARGP_KEY_ARG: if (state->arg_num >= 2) @@ -3787,6 +3793,7 @@ main (int argc, char *argv[]) struct args args; struct gpgme_tool gt; gpg_error_t err; + int needgt = 1; #ifdef HAVE_SETLOCALE setlocale (LC_ALL, ""); @@ -3804,7 +3811,10 @@ main (int argc, char *argv[]) argp_parse (&argp, argc, argv, 0, 0, &args); log_init (); - if (args.gpg_binary) + if (args.cmd == CMD_LIBVERSION) + needgt = 0; + + if (needgt && args.gpg_binary) { if (access (args.gpg_binary, X_OK)) err = gpg_error_from_syserror (); @@ -3816,7 +3826,8 @@ main (int argc, char *argv[]) args.gpg_binary); } - gt_init (>); + if (needgt) + gt_init (>); switch (args.cmd) { @@ -3824,9 +3835,17 @@ main (int argc, char *argv[]) case CMD_SERVER: gpgme_server (>); break; + + case CMD_LIBVERSION: + printf ("Version from header: %s (0x%06x)\n", + GPGME_VERSION, GPGME_VERSION_NUMBER); + printf ("Version from binary: %s\n", gpgme_check_version (NULL)); + printf ("Copyright blurb ...:%s\n", gpgme_check_version ("\x01\x01")); + break; } - gpgme_release (gt.ctx); + if (needgt) + gpgme_release (gt.ctx); #ifdef HAVE_W32CE_SYSTEM /* Give the buggy ssh server time to flush the output buffers. */ ----------------------------------------------------------------------- Summary of changes: src/gpgme-tool.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 23 14:47:34 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Jul 2015 14:47:34 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-235-gda500a0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via da500a030481a3c534e933b642e6f051aa064b97 (commit) from 9cd55e8e948f0049cb23495f536decf797d072f7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit da500a030481a3c534e933b642e6f051aa064b97 Author: Werner Koch Date: Thu Jul 23 14:38:49 2015 +0200 Register DCO for Peter Wu. -- diff --git a/AUTHORS b/AUTHORS index 1e34aed..42d5ee6 100644 --- a/AUTHORS +++ b/AUTHORS @@ -165,6 +165,9 @@ Markus Teich Milan Broz 2014-01-13:52D44CC6.4050707 at gmail.com: +Peter Wu +2015-07-22:20150722191325.GA8113 at al: + Rafa?l Carr? 2012-04-20:4F91988B.1080502 at videolan.org: ----------------------------------------------------------------------- Summary of changes: AUTHORS | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 23 14:51:15 2015 From: cvs at cvs.gnupg.org (by Peter Wu) Date: Thu, 23 Jul 2015 14:51:15 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-236-gada0a7d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via ada0a7d302cca97b327faaacac7a5d0b8043df88 (commit) from da500a030481a3c534e933b642e6f051aa064b97 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ada0a7d302cca97b327faaacac7a5d0b8043df88 Author: Peter Wu Date: Thu Jul 9 17:11:33 2015 +0200 build: ignore scissor line for the commit-msg hook * build-aux/git-hooks/commit-msg: Stop processing more lines when the scissor line is encountered. -- This allows the command `git commit -v` to work even if the code is longer than 72 characters. Note that comments are already ignored by the previous line. Signed-off-by: Peter Wu diff --git a/build-aux/git-hooks/commit-msg b/build-aux/git-hooks/commit-msg index 5a697c7..3ca918b 100755 --- a/build-aux/git-hooks/commit-msg +++ b/build-aux/git-hooks/commit-msg @@ -86,11 +86,17 @@ sub check_msg($$) 2 <= @line && length $line[1] and return 'second line must be empty'; + # See git-commit(1), this is the --cleanup=scissors option. Everything + # after and including this line gets ignored. + my $marker = '# ------------------------ >8 ------------------------'; + # Limit line length to allow for the ChangeLog's leading TAB. foreach my $line (@line) { 72 < length $line && $line =~ /^[^#]/ and return 'line longer than 72 characters'; + + last if $line eq $marker; } return ''; ----------------------------------------------------------------------- Summary of changes: build-aux/git-hooks/commit-msg | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 23 15:06:07 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 23 Jul 2015 15:06:07 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-17-g4ee4b99 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 4ee4b998378edf224dbd955145604740cbfbb427 (commit) via d24165bce2823c2f5dcb39b7b84c9aa00802a8ee (commit) from dbf4534f49a1fe3823bd6d6d7bb4d9df863b4789 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4ee4b998378edf224dbd955145604740cbfbb427 Author: Werner Koch Date: Thu Jul 23 15:01:40 2015 +0200 doc: Document scissor line for commit logs -- diff --git a/doc/HACKING b/doc/HACKING index f60f15d..fe33d99 100644 --- a/doc/HACKING +++ b/doc/HACKING @@ -44,6 +44,17 @@ Fix type in a comment The marker line here is important; without it the first line would appear in the ChangeLog. +If you exceptionally need to have longer lines in a commit log you may +do this after this scissor line: +#+begin_example +# ------------------------ >8 ------------------------ +#+end_example +(hash, blank, 24 dashes, blank, scissor, blank, 24 dashes). +Note that such a comment will be removed if the git commit option +=--cleanup=scissor= is used. + + + ** License policy GnuPG is licensed under the GPLv3+ with some files under a mixed commit d24165bce2823c2f5dcb39b7b84c9aa00802a8ee Author: Peter Wu Date: Thu Jul 9 17:11:33 2015 +0200 build: ignore scissor line for the commit-msg hook * build-aux/git-hooks/commit-msg: Stop processing more lines when the scissor line is encountered. -- This allows the command `git commit -v` to work even if the code is longer than 72 characters. Note that comments are already ignored by the previous line. Signed-off-by: Peter Wu diff --git a/build-aux/git-hooks/commit-msg b/build-aux/git-hooks/commit-msg index 5a697c7..3ca918b 100755 --- a/build-aux/git-hooks/commit-msg +++ b/build-aux/git-hooks/commit-msg @@ -86,11 +86,17 @@ sub check_msg($$) 2 <= @line && length $line[1] and return 'second line must be empty'; + # See git-commit(1), this is the --cleanup=scissors option. Everything + # after and including this line gets ignored. + my $marker = '# ------------------------ >8 ------------------------'; + # Limit line length to allow for the ChangeLog's leading TAB. foreach my $line (@line) { 72 < length $line && $line =~ /^[^#]/ and return 'line longer than 72 characters'; + + last if $line eq $marker; } return ''; ----------------------------------------------------------------------- Summary of changes: build-aux/git-hooks/commit-msg | 6 ++++++ doc/HACKING | 11 +++++++++++ 2 files changed, 17 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Jul 23 15:08:45 2015 From: cvs at cvs.gnupg.org (by Peter Wu) Date: Thu, 23 Jul 2015 15:08:45 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-3-g157c8be Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 157c8be183153ff588f98874a3205aa483d0fd23 (commit) from c23f8897105ce2bb6e62d9c44ca0779fcc08a919 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 157c8be183153ff588f98874a3205aa483d0fd23 Author: Peter Wu Date: Thu Jul 9 17:11:33 2015 +0200 build: ignore scissor line for the commit-msg hook * build-aux/git-hooks/commit-msg: Stop processing more lines when the scissor line is encountered. -- This allows the command `git commit -v` to work even if the code is longer than 72 characters. Note that comments are already ignored by the previous line. Signed-off-by: Peter Wu diff --git a/build-aux/git-hooks/commit-msg b/build-aux/git-hooks/commit-msg index 5a697c7..3ca918b 100755 --- a/build-aux/git-hooks/commit-msg +++ b/build-aux/git-hooks/commit-msg @@ -86,11 +86,17 @@ sub check_msg($$) 2 <= @line && length $line[1] and return 'second line must be empty'; + # See git-commit(1), this is the --cleanup=scissors option. Everything + # after and including this line gets ignored. + my $marker = '# ------------------------ >8 ------------------------'; + # Limit line length to allow for the ChangeLog's leading TAB. foreach my $line (@line) { 72 < length $line && $line =~ /^[^#]/ and return 'line longer than 72 characters'; + + last if $line eq $marker; } return ''; ----------------------------------------------------------------------- Summary of changes: build-aux/git-hooks/commit-msg | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 24 20:20:19 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 24 Jul 2015 20:20:19 +0200 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.19-4-g4e79061 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via 4e790613f66efcfc62d73722d5f1730a37cb8324 (commit) from 13918d05a333255d22aa6718dd467fcb8eaf80c8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4e790613f66efcfc62d73722d5f1730a37cb8324 Author: Werner Koch Date: Fri Jul 24 20:13:41 2015 +0200 Add new public macros for GCC attributes. * src/gpg-error.h.in (GPGRT_GCC_VERSION): New. (GPGRT_ATTR_NORETURN, GPGRT_ATTR_PRINTF, GPGRT_ATTR_NR_PRINTF): New. (GPGRT_ATTR_FORMAT_ARG, GPGRT_ATTR_SENTINEL): New. (GPGRT_ATTR_USED, GPGRT_ATTR_UNUSED, GPGRT_ATTR_DEPRECATED): New. (GPGRT_ATTR_PURE, GPGRT_ATTR_MALLOC): New. (GPGRT_HAVE_MACRO_FUNCTION, GPGRT_HAVE_PRAGMA_GCC_PUSH): New. (_GPGRT_GCC_A_PRINTF): Replace GPGRT_ATTR_PRINTF. diff --git a/NEWS b/NEWS index ce29ff4..f24fd06 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,22 @@ Noteworthy changes in version 1.20 (unreleased) [C__/A__/R_] ----------------------------------------------- + * Interface changes relative to the 1.19 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + GPGRT_GCC_VERSION NEW macro. + GPGRT_ATTR_NORETURN NEW macro. + GPGRT_ATTR_PRINTF NEW macro. + GPGRT_ATTR_NR_PRINTF NEW macro. + GPGRT_ATTR_FORMAT_ARG NEW macro. + GPGRT_ATTR_SENTINEL NEW macro. + GPGRT_ATTR_USED NEW macro. + GPGRT_ATTR_UNUSED NEW macro. + GPGRT_ATTR_DEPRECATED NEW macro. + GPGRT_ATTR_PURE NEW macro. + GPGRT_ATTR_MALLOC NEW macro. + GPGRT_HAVE_MACRO_FUNCTION NEW macro. + GPGRT_HAVE_PRAGMA_GCC_PUSH NEW macro. + Noteworthy changes in version 1.19 (2015-04-10) [C15/A15/R0] ----------------------------------------------- diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in index ff1162e..e85fbe5 100644 --- a/src/gpg-error.h.in +++ b/src/gpg-error.h.in @@ -147,19 +147,97 @@ typedef unsigned int gpg_error_t; # define _GPG_ERR_CONSTRUCTOR #endif +#define GPGRT_GCC_VERSION _GCC_ERR_GCC_VERSION + +#if _GPG_ERR_GCC_VERSION >= 29200 +# define _GPGRT__RESTRICT __restrict__ +#else +# define _GPGRT__RESTRICT +#endif + +/* The noreturn attribute. */ +#if _GPG_ERR_GCC_VERSION >= 20500 +# define GPGRT_ATTR_NORETURN __attribute__ ((noreturn)) +#else +# define GPGRT_ATTR_NORETURN +#endif + +/* The printf attributes. */ #if _GPG_ERR_GCC_VERSION >= 40400 -# define _GPGRT_GCC_A_PRINTF(f, a) __attribute__ ((format(__gnu_printf__,f,a))) +# define GPGRT_ATTR_PRINTF(f, a) \ + __attribute__ ((format(__gnu_printf__,f,a))) +# define GPGRT_ATTR_NR_PRINTF(f, a) \ + __attribute__ ((noreturn, format(__gnu_printf__,f,a))) #elif _GPG_ERR_GCC_VERSION >= 20500 -# define _GPGRT_GCC_A_PRINTF(f, a) __attribute__ ((format(printf,f,a))) +# define GPGRT_ATTR_PRINTF(f, a) \ + __attribute__ ((format(printf,f,a))) +# define GPGRT_ATTR_NR_PRINTF(f, a) \ + __attribute__ ((noreturn, format(printf,f,a))) +#else +# define GPGRT_ATTR_PRINTF(f, a) +# define GPGRT_ATTR_NR_PRINTF(f, a) +#endif +#if _GPG_ERR_GCC_VERSION >= 20800 +# define GPGRT_ATTR_FORMAT_ARG(a) __attribute__ ((__format_arg__ (a))) #else -# define _GPGRT_GCC_A_PRINTF(f, a) +# define GPGRT_ATTR_FORMAT_ARG(a) #endif -#if _GPG_ERR_GCC_VERSION >= 29200 -# define _GPGRT__RESTRICT __restrict__ +/* The sentinel attribute. */ +#if _GPG_ERR_GCC_VERSION >= 40000 +# define GPGRT_ATTR_SENTINEL(a) __attribute__ ((sentinel(a))) #else -# define _GPGRT__RESTRICT +# define GPGRT_ATTR_SENTINEL(a) +#endif + +/* The used and unused attributes. + I am not sure since when the unused attribute is really supported. + In any case it it only needed for gcc versions which print a + warning. Thus let us require gcc >= 3.5. */ +#if _GPG_ERR_GCC_VERSION >= 40000 +# define GPGRT_ATTR_USED __attribute__ ((used)) +#else +# define GPGRT_ATTR_USED #endif +#if _GPG_ERR_GCC_VERSION >= 30500 +# define GPGRT_ATTR_UNUSED __attribute__ ((unused)) +#else +# define GPGRT_ATTR_UNUSED +#endif + +/* The deprecated attribute. */ +#if _GPG_ERR_GCC_VERSION >= 30100 +# define GPGRT_ATTR_DEPRECATED __attribute__ ((__deprecated__)) +#else +# define GPGRT_ATTR_DEPRECATED +#endif + +/* The pure attribute. */ +#if _GPG_ERR_GCC_VERSION >= 29600 +# define GPGRT_ATTR_PURE __attribute__ ((__pure__)) +#else +# define GPGRT_ATTR_PURE +#endif + +/* The malloc attribute. */ +#if _GPG_ERR_GCC_VERSION >= 30200 +# define GPGRT_ATTR_MALLOC __attribute__ ((__malloc__)) +#else +# define GPGRT_ATTR_MALLOC +#endif + +/* A macro defined if a GCC style __FUNCTION__ macro is available. */ +#undef GPGRT_HAVE_MACRO_FUNCTION +#if _GPG_ERR_GCC_VERSION >= 20500 +# define GPGRT_HAVE_MACRO_FUNCTION 1 +#endif + +/* A macro defined if the pragma GCC push_options is available. */ +#undef GPGRT_HAVE_PRAGMA_GCC_PUSH +#if _GPG_ERR_GCC_VERSION >= 40400 +# define GPGRT_HAVE_PRAGMA_GCC_PUSH 1 +#endif + @@ -577,22 +655,22 @@ void gpgrt_free (void *a); int gpgrt_fprintf (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(2,3); + GPGRT_ATTR_PRINTF(2,3); int gpgrt_fprintf_unlocked (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(2,3); + GPGRT_ATTR_PRINTF(2,3); int gpgrt_printf (const char *_GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(1,2); + GPGRT_ATTR_PRINTF(1,2); int gpgrt_printf_unlocked (const char *_GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(1,2); + GPGRT_ATTR_PRINTF(1,2); int gpgrt_vfprintf (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, va_list ap) - _GPGRT_GCC_A_PRINTF(2,0); + GPGRT_ATTR_PRINTF(2,0); int gpgrt_vfprintf_unlocked (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, va_list ap) - _GPGRT_GCC_A_PRINTF(2,0); + GPGRT_ATTR_PRINTF(2,0); int gpgrt_setvbuf (gpgrt_stream_t _GPGRT__RESTRICT stream, char *_GPGRT__RESTRICT buf, int mode, size_t size); @@ -611,20 +689,20 @@ void gpgrt_fname_set (gpgrt_stream_t stream, const char *fname); const char *gpgrt_fname_get (gpgrt_stream_t stream); int gpgrt_asprintf (char **r_buf, const char * _GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(2,3); + GPGRT_ATTR_PRINTF(2,3); int gpgrt_vasprintf (char **r_buf, const char * _GPGRT__RESTRICT format, va_list ap) - _GPGRT_GCC_A_PRINTF(2,0); + GPGRT_ATTR_PRINTF(2,0); char *gpgrt_bsprintf (const char * _GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(1,2); + GPGRT_ATTR_PRINTF(1,2); char *gpgrt_vbsprintf (const char * _GPGRT__RESTRICT format, va_list ap) - _GPGRT_GCC_A_PRINTF(1,0); + GPGRT_ATTR_PRINTF(1,0); int gpgrt_snprintf (char *buf, size_t bufsize, const char * _GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(3,4); + GPGRT_ATTR_PRINTF(3,4); int gpgrt_vsnprintf (char *buf,size_t bufsize, const char * _GPGRT__RESTRICT format, va_list arg_ptr) - _GPGRT_GCC_A_PRINTF(3,0); + GPGRT_ATTR_PRINTF(3,0); #ifdef GPGRT_ENABLE_ES_MACROS diff --git a/src/gpgrt-int.h b/src/gpgrt-int.h index bc2db8b..34e5d72 100644 --- a/src/gpgrt-int.h +++ b/src/gpgrt-int.h @@ -173,17 +173,17 @@ gpgrt_ssize_t _gpgrt_read_line (gpgrt_stream_t stream, int _gpgrt_fprintf (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(2,3); + GPGRT_ATTR_PRINTF(2,3); int _gpgrt_fprintf_unlocked (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, ...) - _GPGRT_GCC_A_PRINTF(2,3); + GPGRT_ATTR_PRINTF(2,3); int _gpgrt_vfprintf (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, va_list ap) - _GPGRT_GCC_A_PRINTF(2,0); + GPGRT_ATTR_PRINTF(2,0); int _gpgrt_vfprintf_unlocked (gpgrt_stream_t _GPGRT__RESTRICT stream, const char *_GPGRT__RESTRICT format, va_list ap) - _GPGRT_GCC_A_PRINTF(2,0); + GPGRT_ATTR_PRINTF(2,0); int _gpgrt_setvbuf (gpgrt_stream_t _GPGRT__RESTRICT stream, char *_GPGRT__RESTRICT buf, int mode, size_t size); ----------------------------------------------------------------------- Summary of changes: NEWS | 16 ++++++++ src/gpg-error.h.in | 114 ++++++++++++++++++++++++++++++++++++++++++++--------- src/gpgrt-int.h | 8 ++-- 3 files changed, 116 insertions(+), 22 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Sat Jul 25 05:21:19 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Sat, 25 Jul 2015 05:21:19 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-18-gef080d5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ef080d5c7fb7f3b75c3c57c011f78a312b8e13a9 (commit) from 4ee4b998378edf224dbd955145604740cbfbb427 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef080d5c7fb7f3b75c3c57c011f78a312b8e13a9 Author: NIIBE Yutaka Date: Sat Jul 25 12:09:23 2015 +0900 scd: support any curves defined by libgcrypt. * g10/call-agent.h (struct agent_card_info_s): Add curve field. * g10/call-agent.c (learn_status_cb): Use curve name. * g10/card-util.c (card_status): Show pubkey name. * scd/app-openpgp.c (struct app_local_s): Record OID and flags. (store_fpr): Use ALGO instead of key type. (send_key_attr): Use curve name instead of OID. (get_public_key): Clean up by OID to curve name. (ecc_writekey): Support any curves in libgcrypt. (do_genkey, do_auth, ): Follow the change. (ecc_oid): New. (parse_algorithm_attribute): Show OID here. diff --git a/g10/call-agent.c b/g10/call-agent.c index edee66e..0df572a 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -645,14 +645,32 @@ learn_status_cb (void *opaque, const char *line) } else if (keywordlen == 8 && !memcmp (keyword, "KEY-ATTR", keywordlen)) { - int keyno, algo, nbits; + int keyno = 0; + int algo = PUBKEY_ALGO_RSA; + int n = 0; - sscanf (line, "%d %d %d", &keyno, &algo, &nbits); + sscanf (line, "%d %d %n", &keyno, &algo, &n); keyno--; - if (keyno >= 0 && keyno < DIM (parm->key_attr)) + if (keyno < 0 || keyno >= DIM (parm->key_attr)) + return 0; + + parm->key_attr[keyno].algo = algo; + if (algo == PUBKEY_ALGO_RSA) + parm->key_attr[keyno].nbits = strtoul (line+n+3, NULL, 10); + else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA) { - parm->key_attr[keyno].algo = algo; - parm->key_attr[keyno].nbits = nbits; + const char *curve; + + i = 0; + do + { + curve = openpgp_enum_curves (&i); + if (!strcmp (curve, line+n)) + break; + } + while (curve != NULL); + parm->key_attr[keyno].curve = curve; } } else if (keywordlen == 12 && !memcmp (keyword, "PRIVATE-DO-", 11) diff --git a/g10/call-agent.h b/g10/call-agent.h index df570a4..70421db 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -55,7 +55,10 @@ struct agent_card_info_s int chvretry[3]; /* Allowed retries for the CHV; 0 = blocked. */ struct { /* Array with key attributes. */ int algo; /* Algorithm identifier. */ - unsigned int nbits; /* Supported keysize. */ + union { + unsigned int nbits; /* Supported keysize. */ + const char *curve; /* Name of curve. */ + }; } key_attr[3]; struct { unsigned int ki:1; /* Key import available. */ diff --git a/g10/card-util.c b/g10/card-util.c index 890bf2d..ed69058 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -471,9 +471,14 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) es_fprintf (fp, "forcepin:%d:::\n", !info.chv1_cached); for (i=0; i < DIM (info.key_attr); i++) - if (info.key_attr[0].algo) + if (info.key_attr[0].algo == PUBKEY_ALGO_RSA) es_fprintf (fp, "keyattr:%d:%d:%u:\n", i+1, info.key_attr[i].algo, info.key_attr[i].nbits); + else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH + || info.key_attr[i].algo == PUBKEY_ALGO_ECDSA + || info.key_attr[i].algo == PUBKEY_ALGO_EDDSA) + es_fprintf (fp, "keyattr:%d:%d:%s:\n", i+1, + info.key_attr[i].algo, info.key_attr[i].curve); es_fprintf (fp, "maxpinlen:%d:%d:%d:\n", info.chvmaxlen[0], info.chvmaxlen[1], info.chvmaxlen[2]); es_fprintf (fp, "pinretry:%d:%d:%d:\n", @@ -553,12 +558,12 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) { tty_fprintf (fp, "Key attributes ...:"); for (i=0; i < DIM (info.key_attr); i++) - tty_fprintf (fp, " %u%c", - info.key_attr[i].nbits, - info.key_attr[i].algo == 1? 'R': - info.key_attr[i].algo == 17? 'D': - info.key_attr[i].algo == 18? 'e': - info.key_attr[i].algo == 19? 'E': '?'); + if (info.key_attr[i].algo == PUBKEY_ALGO_RSA) + tty_fprintf (fp, " rsa%u", info.key_attr[i].nbits); + else if (info.key_attr[i].algo == PUBKEY_ALGO_ECDH + || info.key_attr[i].algo == PUBKEY_ALGO_ECDSA + || info.key_attr[i].algo == PUBKEY_ALGO_EDDSA) + tty_fprintf (fp, " %s", info.key_attr[i].curve); tty_fprintf (fp, "\n"); } tty_fprintf (fp, "Max. PIN lengths .: %d %d %d\n", diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 81b4923..72f7640 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -126,7 +126,6 @@ static struct { typedef enum { KEY_TYPE_ECC, - KEY_TYPE_EDDSA, KEY_TYPE_RSA, } key_type_t; @@ -144,18 +143,6 @@ typedef enum rsa_key_format_t; -/* Elliptic Curves. */ -enum - { - CURVE_NIST_P256, - CURVE_NIST_P384, - CURVE_NIST_P521, - CURVE_SEC_P256K1, - CURVE_ED25519, - CURVE_UNKNOWN, - }; - - /* One cache item for DOs. */ struct cache_s { struct cache_s *next; @@ -241,15 +228,14 @@ struct app_local_s { rsa_key_format_t format; } rsa; struct { - int curve; + const char *oid; + int flags; } ecc; - struct { - int curve; - } eddsa; }; } keyattr[3]; }; +#define ECC_FLAG_EDDSA (1 << 0) /***** Local prototypes *****/ @@ -745,25 +731,12 @@ parse_login_data (app_t app) } -static unsigned char -get_algo_byte (int keynumber, key_type_t key_type) -{ - if (key_type == KEY_TYPE_ECC && keynumber != 1) - return PUBKEY_ALGO_ECDSA; - else if (key_type == KEY_TYPE_ECC && keynumber == 1) - return PUBKEY_ALGO_ECDH; - else if (key_type == KEY_TYPE_EDDSA) - return PUBKEY_ALGO_EDDSA; - else - return PUBKEY_ALGO_RSA; -} - #define MAX_ARGS_STORE_FPR 3 /* Note, that FPR must be at least 20 bytes. */ static gpg_error_t store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr, - key_type_t key_type, ...) + int algo, ...) { unsigned int n, nbits; unsigned char *buffer, *p; @@ -776,21 +749,17 @@ store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr, int i; n = 6; /* key packet version, 4-byte timestamps, and algorithm */ - if (keynumber == 1 && key_type == KEY_TYPE_ECC) + if (algo == PUBKEY_ALGO_ECDH) argc = 3; else argc = 2; - va_start (ap, key_type); + va_start (ap, algo); for (i = 0; i < argc; i++) { m[i] = va_arg (ap, const unsigned char *); mlen[i] = va_arg (ap, size_t); - if (key_type != KEY_TYPE_EDDSA) - /* strip off leading zeroes */ - for (; mlen[i] && !*m[i]; mlen[i]--, m[i]++) - ; - if (key_type == KEY_TYPE_RSA || i == 1) + if (algo == PUBKEY_ALGO_RSA || i == 1) n += 2; n += mlen[i]; } @@ -808,11 +777,11 @@ store_fpr (app_t app, int keynumber, u32 timestamp, unsigned char *fpr, *p++ = timestamp >> 16; *p++ = timestamp >> 8; *p++ = timestamp; - *p++ = get_algo_byte (keynumber, key_type); + *p++ = algo; for (i = 0; i < argc; i++) { - if (key_type == KEY_TYPE_RSA || i == 1) + if (algo == PUBKEY_ALGO_RSA || i == 1) { nbits = count_bits (m[i], mlen[i]); *p++ = nbits >> 8; @@ -924,70 +893,25 @@ send_key_data (ctrl_t ctrl, const char *name, static void -get_ecc_key_parameters (int curve, int *r_n_bits, const char **r_curve_oid) -{ - if (curve == CURVE_NIST_P256) - { - *r_n_bits = 256; - *r_curve_oid = "1.2.840.10045.3.1.7"; - } - else if (curve == CURVE_NIST_P384) - { - *r_n_bits = 384; - *r_curve_oid = "1.3.132.0.34"; - } - else if (curve == CURVE_NIST_P521) - { - *r_n_bits = 521; - *r_curve_oid = "1.3.132.0.35"; - } - else if (curve == CURVE_SEC_P256K1) - { - *r_n_bits = 256; - *r_curve_oid = "1.3.132.0.10"; - } - else if (curve == CURVE_ED25519) - { - *r_n_bits = 255; - *r_curve_oid = "1.3.6.1.4.1.11591.15.1"; - } - else - { - *r_n_bits = 0; - *r_curve_oid = "1.3.6.1.4.1.11591.2.12242973"; /* gnu.gnupg.badoid */ - } -} - -static void -send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int number) +send_key_attr (ctrl_t ctrl, app_t app, const char *keyword, int keyno) { char buffer[200]; - int n_bits; - const char *curve_oid; - assert (number >=0 && number < DIM(app->app_local->keyattr)); + assert (keyno >=0 && keyno < DIM(app->app_local->keyattr)); - if (app->app_local->keyattr[number].key_type == KEY_TYPE_RSA) - snprintf (buffer, sizeof buffer, "%d 1 %u %u %d", - number+1, - app->app_local->keyattr[number].rsa.n_bits, - app->app_local->keyattr[number].rsa.e_bits, - app->app_local->keyattr[number].rsa.format); - else if (app->app_local->keyattr[number].key_type == KEY_TYPE_ECC) - { - get_ecc_key_parameters (app->app_local->keyattr[number].ecc.curve, - &n_bits, &curve_oid); - snprintf (buffer, sizeof buffer, "%d %d %u %s", - number+1, - number==1? PUBKEY_ALGO_ECDH: PUBKEY_ALGO_ECDSA, - n_bits, curve_oid); - } - else if (app->app_local->keyattr[number].key_type == KEY_TYPE_EDDSA) + if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA) + snprintf (buffer, sizeof buffer, "%d 1 rsa%u %u %d", + keyno+1, + app->app_local->keyattr[keyno].rsa.n_bits, + app->app_local->keyattr[keyno].rsa.e_bits, + app->app_local->keyattr[keyno].rsa.format); + else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC) { - get_ecc_key_parameters (app->app_local->keyattr[number].eddsa.curve, - &n_bits, &curve_oid); - snprintf (buffer, sizeof buffer, "%d 22 %u %s", - number+1, n_bits, curve_oid); + snprintf (buffer, sizeof buffer, "%d %d %s", + keyno+1, + app->app_local->keyattr[keyno].ecc.flags? PUBKEY_ALGO_EDDSA: + (keyno==1? PUBKEY_ALGO_ECDH: PUBKEY_ALGO_ECDSA), + openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid)); } else snprintf (buffer, sizeof buffer, "0 0 UNKNOWN"); @@ -1295,24 +1219,6 @@ retrieve_key_material (FILE *fp, const char *hexkeyid, #endif /*GNUPG_MAJOR_VERSION > 1*/ -static const char * -get_curve_name (int curve) -{ - if (curve == CURVE_NIST_P256) - return "NIST P-256"; - else if (curve == CURVE_NIST_P384) - return "NIST P-384"; - else if (curve == CURVE_NIST_P521) - return "NIST P-521"; - else if (curve == CURVE_SEC_P256K1) - return "secp256k1"; - else if (curve == CURVE_ED25519) - return "Ed25519"; - else - return "unknown"; -} - - /* Get the public key for KEYNO and store it as an S-expresion with the APP handle. On error that field gets cleared. If we already know about the public key we will just return. Note that this does @@ -1480,7 +1386,9 @@ get_public_key (app_t app, int keyno) goto leave; } /* Prepend numbers with a 0 if needed. */ - if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_EDDSA + if ((app->app_local->keyattr[keyno].key_type == KEY_TYPE_RSA + || (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC + && !app->app_local->keyattr[keyno].ecc.flags)) && mlen && (*m & 0x80)) { *mbuf = 0; @@ -1526,35 +1434,12 @@ get_public_key (app_t app, int keyno) } else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_ECC) { - const char *curve_name - = get_curve_name (app->app_local->keyattr[keyno].ecc.curve); - - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecc(curve%s)(q%b)))", - curve_name, (int)mlen, mbuf); - if (err) - goto leave; - - len = gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, NULL, 0); - - keybuf = xtrymalloc (len); - if (!keybuf) - { - gcry_sexp_release (s_pkey); - err = gpg_error_from_syserror (); - goto leave; - } - gcry_sexp_sprint (s_pkey, GCRYSEXP_FMT_CANON, keybuf, len); - gcry_sexp_release (s_pkey); - } - else if (app->app_local->keyattr[keyno].key_type == KEY_TYPE_EDDSA) - { - const char *curve_name - = get_curve_name (app->app_local->keyattr[keyno].eddsa.curve); - err = gcry_sexp_build (&s_pkey, NULL, - "(public-key(ecc(curve%s)(flags eddsa)(q%b)))", - curve_name, (int)mlen, mbuf); + "(public-key(ecc(curve%s)%s(q%b)))", + openpgp_oid_to_curve (app->app_local->keyattr[keyno].ecc.oid), + app->app_local->keyattr[keyno].ecc.flags? + "(flags eddsa)" : "", + (int)mlen, mbuf); if (err) goto leave; @@ -3256,7 +3141,7 @@ rsa_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), goto leave; } - err = store_fpr (app, keyno, created_at, fprbuf, KEY_TYPE_RSA, + err = store_fpr (app, keyno, created_at, fprbuf, PUBKEY_ALGO_RSA, rsa_n, rsa_n_len, rsa_e, rsa_e_len); if (err) goto leave; @@ -3280,11 +3165,10 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), const unsigned char *ecc_q = NULL; const unsigned char *ecc_d = NULL; size_t ecc_q_len, ecc_d_len; - unsigned char *template = NULL; - size_t template_len; - unsigned char fprbuf[20]; u32 created_at = 0; - int curve = CURVE_UNKNOWN; + const char *oidstr = NULL; + int flag_eddsa = 0; + int algo; /* (private-key(ecc(curve%s)(q%m)(d%m))(created-at%d)): curve = "NIST P-256" */ @@ -3306,21 +3190,30 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), if (tok && toklen == 5 && !memcmp (tok, "curve", 5)) { + unsigned char *curve; + if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; - if (tok && toklen == 10 && !memcmp (tok, "NIST P-256", 10)) - curve = CURVE_NIST_P256; - else if (tok && toklen == 9 && !memcmp (tok, "secp256k1", 9)) - curve = CURVE_SEC_P256K1; - else if (tok && toklen == 7 && !memcmp (tok, "Ed25519", 7)) - curve = CURVE_ED25519; - else + curve = xtrymalloc (toklen+1); + if (!curve) { - log_error (_("unsupported curve\n")); - err = gpg_error (GPG_ERR_INV_VALUE); + err = gpg_error_from_syserror (); goto leave; } + + memcpy (curve, tok, toklen); + curve[toklen] = 0; + oidstr = openpgp_curve_to_oid (curve, NULL); + xfree (curve); + } + else if (tok && toklen == 5 && !memcmp (tok, "flags", 5)) + { + if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) + goto leave; + + if (tok && toklen == 5 && !memcmp (tok, "eddsa", 5)) + flag_eddsa = 1; } else if (tok && toklen == 1) { @@ -3340,7 +3233,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), } if ((err = parse_sexp (&buf, &buflen, &depth, &tok, &toklen))) goto leave; - if (tok && buf2 && curve != CURVE_ED25519) + if (tok && buf2 && !flag_eddsa) /* It's MPI. Strip off leading zero bytes and save. */ for (;toklen && !*tok; toklen--, tok++) ; @@ -3391,12 +3284,33 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), /* Check that we have all parameters and that they match the card description. */ + if (!oidstr) + { + log_error (_("unsupported curve\n")); + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } if (!created_at) { log_error (_("creation timestamp missing\n")); err = gpg_error (GPG_ERR_INV_VALUE); goto leave; } + if (flag_eddsa && keyno != 1) + algo = PUBKEY_ALGO_EDDSA; + else if (keyno == 1) + algo = PUBKEY_ALGO_ECDH; + else + algo = PUBKEY_ALGO_ECDSA; + + if (app->app_local->keyattr[keyno].key_type != KEY_TYPE_ECC + || app->app_local->keyattr[keyno].ecc.oid != oidstr + || app->app_local->keyattr[keyno].ecc.flags != flag_eddsa) + { + log_error ("key attribute on card doesn't match\n"); + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } if (opt.verbose) log_info ("ECC private key size is %u bytes\n", (unsigned int)ecc_d_len); @@ -3411,6 +3325,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), { /* Build the private key template as described in section 4.3.3.7 of the OpenPGP card specs version 2.0. */ + unsigned char *template; + size_t template_len; int exmode; err = build_ecc_privkey_template (app, keyno, @@ -3422,7 +3338,10 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), /* Prepare for storing the key. */ err = verify_chv3 (app, pincb, pincb_arg); if (err) - goto leave; + { + xfree (template); + goto leave; + } /* Store the key. */ if (app->app_local->cardcap.ext_lc_le && template_len > 254) @@ -3433,32 +3352,41 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), exmode = 0; err = iso7816_put_data_odd (app->slot, exmode, 0x3fff, template, template_len); + xfree (template); } else - return gpg_error (GPG_ERR_NOT_SUPPORTED); + err = gpg_error (GPG_ERR_NOT_SUPPORTED); if (err) { log_error (_("failed to store the key: %s\n"), gpg_strerror (err)); goto leave; } + else + { + gcry_mpi_t oid; + const unsigned char *oidbuf; + size_t oid_len; + unsigned char fprbuf[20]; - err = store_fpr (app, keyno, created_at, fprbuf, - curve == CURVE_ED25519 ? KEY_TYPE_EDDSA : KEY_TYPE_ECC, - curve == CURVE_ED25519 ? - "\x09\x2b\x06\x01\x04\x01\xda\x47\x0f\x01" - : curve == CURVE_NIST_P256 ? - "\x08\x2a\x86\x48\xce\x3d\x03\x01\x07" - : "\x05\x2b\x81\x04\x00\x0a", - (size_t)(curve == CURVE_ED25519 ? 10 - : curve == CURVE_NIST_P256? 9 : 6), - ecc_q, ecc_q_len, "\x03\x01\x08\x07", (size_t)4); - if (err) - goto leave; + err = openpgp_oid_from_str (oidstr, &oid); + if (err) + goto leave; + oidbuf = gcry_mpi_get_opaque (oid, &oid_len); + if (!oidbuf) + { + err = gpg_error_from_syserror (); + gcry_mpi_release (oid); + goto leave; + } + err = store_fpr (app, keyno, created_at, fprbuf, algo, + oidbuf, oid_len, ecc_q, ecc_q_len, + "\x03\x01\x08\x07", (size_t)4); + gcry_mpi_release (oid); + } leave: - xfree (template); return err; } @@ -3661,7 +3589,7 @@ do_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags, send_status_info (ctrl, "KEY-CREATED-AT", numbuf, (size_t)strlen(numbuf), NULL, 0); - rc = store_fpr (app, keyno, (u32)created_at, fprbuf, KEY_TYPE_RSA, + rc = store_fpr (app, keyno, (u32)created_at, fprbuf, PUBKEY_ALGO_RSA, m, mlen, e, elen); if (rc) goto leave; @@ -4014,18 +3942,21 @@ do_auth (app_t app, const char *keyidstr, && indatalen > 101) /* For a 2048 bit key. */ return gpg_error (GPG_ERR_INV_VALUE); - if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC - && (indatalen == 51 || indatalen == 67 || indatalen == 83)) - { - const char *p = (const char *)indata + 19; - indata = p; - indatalen -= 19; - } - else if (app->app_local->keyattr[2].key_type == KEY_TYPE_EDDSA) + if (app->app_local->keyattr[2].key_type == KEY_TYPE_ECC) { - const char *p = (const char *)indata + 15; - indata = p; - indatalen -= 15; + if (!app->app_local->keyattr[2].ecc.flags + && (indatalen == 51 || indatalen == 67 || indatalen == 83)) + { + const char *p = (const char *)indata + 19; + indata = p; + indatalen -= 19; + } + else + { + const char *p = (const char *)indata + 15; + indata = p; + indatalen -= 15; + } } /* Check whether an OpenPGP card of any version has been requested. */ @@ -4429,25 +4360,25 @@ parse_historical (struct app_local_s *apploc, } -static int -parse_ecc_curve (const unsigned char *buffer, size_t buflen) +static const char * +ecc_oid (unsigned char *buf, size_t buflen) { - int curve; - - if (buflen == 5 && buffer[5] == 0x22) - curve = CURVE_NIST_P384; - else if (buflen == 5 && buffer[5] == 0x23) - curve = CURVE_NIST_P521; - else if (buflen == 8) - curve = CURVE_NIST_P256; - else if (buflen == 5 && buffer[5] == 0x0a) - curve = CURVE_SEC_P256K1; - else if (buflen == 9) - curve = CURVE_ED25519; - else - curve = CURVE_UNKNOWN; - - return curve; + gcry_mpi_t oid; + char *oidstr; + const char *result; + + oid = gcry_mpi_set_opaque (NULL, buf, buflen * 8); + if (!oid) + return NULL; + + oidstr = openpgp_oid_to_str (oid); + gcry_mpi_release (oid); + if (!oidstr) + return NULL; + + result = openpgp_curve_to_oid (oidstr, NULL); + xfree (oidstr); + return result; } @@ -4505,25 +4436,16 @@ parse_algorithm_attribute (app_t app, int keyno) app->app_local->keyattr[keyno].rsa.format == RSA_CRT? "crt" : app->app_local->keyattr[keyno].rsa.format == RSA_CRT_N?"crt+n":"?"); } - else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA) + else if (*buffer == PUBKEY_ALGO_ECDH || *buffer == PUBKEY_ALGO_ECDSA + || *buffer == PUBKEY_ALGO_EDDSA) { app->app_local->keyattr[keyno].key_type = KEY_TYPE_ECC; - app->app_local->keyattr[keyno].ecc.curve - = parse_ecc_curve (buffer + 1, buflen - 1); - if (opt.verbose) - log_printf - ("ECC, curve=%s\n", - get_curve_name (app->app_local->keyattr[keyno].ecc.curve)); - } - else if (*buffer == PUBKEY_ALGO_EDDSA) - { - app->app_local->keyattr[keyno].key_type = KEY_TYPE_EDDSA; - app->app_local->keyattr[keyno].eddsa.curve - = parse_ecc_curve (buffer + 1, buflen - 1); + app->app_local->keyattr[keyno].ecc.oid = ecc_oid (buffer + 1, buflen - 1); + app->app_local->keyattr[keyno].ecc.flags = (*buffer == PUBKEY_ALGO_EDDSA); if (opt.verbose) log_printf - ("EdDSA, curve=%s\n", - get_curve_name (app->app_local->keyattr[keyno].eddsa.curve)); + ("ECC, curve=%s%s\n", app->app_local->keyattr[keyno].ecc.oid, + app->app_local->keyattr[keyno].ecc.flags ? " (eddsa)": ""); } else if (opt.verbose) log_printhex ("", buffer, buflen); ----------------------------------------------------------------------- Summary of changes: g10/call-agent.c | 28 ++++- g10/call-agent.h | 5 +- g10/card-util.c | 19 +-- scd/app-openpgp.c | 364 +++++++++++++++++++++--------------------------------- 4 files changed, 182 insertions(+), 234 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 26 12:58:15 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sun, 26 Jul 2015 12:58:15 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-20-g55e64f4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 55e64f47a52d76e097a01eb4044a88a4e10d6a87 (commit) via d382242fb6789973ce8d246ec154a4a1468c24c0 (commit) from ef080d5c7fb7f3b75c3c57c011f78a312b8e13a9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 55e64f47a52d76e097a01eb4044a88a4e10d6a87 Author: Werner Koch Date: Sun Jul 26 12:55:53 2015 +0200 scd: Fix size_t/unsigned int mismatch. * scd/app-openpgp.c (ecc_writekey): Use extra var n. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 72f7640..87208f4 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -3366,6 +3366,7 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), { gcry_mpi_t oid; const unsigned char *oidbuf; + unsigned int n; size_t oid_len; unsigned char fprbuf[20]; @@ -3373,7 +3374,8 @@ ecc_writekey (app_t app, gpg_error_t (*pincb)(void*, const char *, char **), if (err) goto leave; - oidbuf = gcry_mpi_get_opaque (oid, &oid_len); + oidbuf = gcry_mpi_get_opaque (oid, &n); + oid_len = n; if (!oidbuf) { err = gpg_error_from_syserror (); commit d382242fb6789973ce8d246ec154a4a1468c24c0 Author: Werner Koch Date: Sun Jul 26 12:50:16 2015 +0200 Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros. * common/util.h: Provide replacement for GPGRT_ATTR_ macros when using libgpg-error < 1.20. * common/mischelp.h: Ditto. * common/types.h: Ditto. -- Given that libgpg-error is a dependency of all GnuPG related libraries it is better to define such macros at only one place instead of having similar macros at a lot of places. For now we need repalcement macros, though. diff --git a/agent/agent.h b/agent/agent.h index 5a09254..164ddea 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -319,7 +319,8 @@ typedef int (*lookup_ttl_t)(const char *hexgrip); /*-- gpg-agent.c --*/ -void agent_exit (int rc) GPGRT_GCC_A_NR; /* Also implemented in other tools */ +void agent_exit (int rc) + GPGRT_ATTR_NORETURN; /* Also implemented in other tools */ gpg_error_t agent_copy_startup_env (ctrl_t ctrl); const char *get_agent_socket_name (void); const char *get_agent_ssh_socket_name (void); @@ -332,10 +333,10 @@ int map_pk_openpgp_to_gcry (int openpgp_algo); /*-- command.c --*/ gpg_error_t agent_inq_pinentry_launched (ctrl_t ctrl, unsigned long pid); gpg_error_t agent_write_status (ctrl_t ctrl, const char *keyword, ...) - GNUPG_GCC_A_SENTINEL(0); + GPGRT_ATTR_SENTINEL(0); gpg_error_t agent_print_status (ctrl_t ctrl, const char *keyword, const char *format, ...) - GPGRT_GCC_A_PRINTF(3,4); + GPGRT_ATTR_PRINTF(3,4); void bump_key_eventcounter (void); void bump_card_eventcounter (void); void start_command_handler (ctrl_t, gnupg_fd_t, gnupg_fd_t); diff --git a/common/asshelp.h b/common/asshelp.h index c685564..6a52172 100644 --- a/common/asshelp.h +++ b/common/asshelp.h @@ -81,11 +81,11 @@ start_new_dirmngr (assuan_context_t *r_ctx, gpg_error_t print_assuan_status (assuan_context_t ctx, const char *keyword, const char *format, - ...) GPGRT_GCC_A_PRINTF(3,4); + ...) GPGRT_ATTR_PRINTF(3,4); gpg_error_t vprint_assuan_status (assuan_context_t ctx, const char *keyword, const char *format, - va_list arg_ptr) GPGRT_GCC_A_PRINTF(3,0); + va_list arg_ptr) GPGRT_ATTR_PRINTF(3,0); #endif /*GNUPG_COMMON_ASSHELP_H*/ diff --git a/common/audit.c b/common/audit.c index 9ed5708..198b8e6 100644 --- a/common/audit.c +++ b/common/audit.c @@ -72,11 +72,11 @@ struct audit_ctx_s static void writeout_para (audit_ctx_t ctx, - const char *format, ...) GPGRT_GCC_A_PRINTF(2,3); + const char *format, ...) GPGRT_ATTR_PRINTF(2,3); static void writeout_li (audit_ctx_t ctx, const char *oktext, - const char *format, ...) GPGRT_GCC_A_PRINTF(3,4); + const char *format, ...) GPGRT_ATTR_PRINTF(3,4); static void writeout_rem (audit_ctx_t ctx, - const char *format, ...) GPGRT_GCC_A_PRINTF(2,3); + const char *format, ...) GPGRT_ATTR_PRINTF(2,3); /* Add NAME to the list of help tags. NAME needs to be a const string diff --git a/common/logging.h b/common/logging.h index 0bd1a6c..dbfc8ba 100644 --- a/common/logging.h +++ b/common/logging.h @@ -48,8 +48,9 @@ int log_test_fd (int fd); int log_get_fd(void); estream_t log_get_stream (void); -#ifdef GPGRT_GCC_M_FUNCTION - void bug_at( const char *file, int line, const char *func ) GPGRT_GCC_A_NR; +#ifdef GPGRT_HAVE_MACRO_FUNCTION + void bug_at (const char *file, int line, const char *func) + GPGRT_ATTR_NORETURN; # define BUG() bug_at( __FILE__ , __LINE__, __FUNCTION__ ) #else void bug_at( const char *file, int line ); @@ -74,17 +75,17 @@ enum jnlib_log_levels { GPGRT_LOG_BUG, GPGRT_LOG_DEBUG }; -void log_log (int level, const char *fmt, ...) GPGRT_GCC_A_PRINTF(2,3); +void log_log (int level, const char *fmt, ...) GPGRT_ATTR_PRINTF(2,3); void log_logv (int level, const char *fmt, va_list arg_ptr); void log_string (int level, const char *string); -void log_bug( const char *fmt, ... ) GPGRT_GCC_A_NR_PRINTF(1,2); -void log_fatal( const char *fmt, ... ) GPGRT_GCC_A_NR_PRINTF(1,2); -void log_error( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2); -void log_info( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2); -void log_debug( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2); -void log_printf( const char *fmt, ... ) GPGRT_GCC_A_PRINTF(1,2); +void log_bug (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2); +void log_fatal (const char *fmt, ...) GPGRT_ATTR_NR_PRINTF(1,2); +void log_error (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); +void log_info (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); +void log_debug (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); +void log_printf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); void log_flush (void); /* Print a hexdump of BUFFER. With TEXT passes as NULL print just the diff --git a/common/membuf.h b/common/membuf.h index 32d4f90..eb7d565 100644 --- a/common/membuf.h +++ b/common/membuf.h @@ -55,7 +55,7 @@ void clear_membuf (membuf_t *mb, size_t amount); void put_membuf (membuf_t *mb, const void *buf, size_t len); void put_membuf_str (membuf_t *mb, const char *string); void put_membuf_printf (membuf_t *mb, const char *format, - ...) GPGRT_GCC_A_PRINTF(2,3); + ...) GPGRT_ATTR_PRINTF(2,3); void *get_membuf (membuf_t *mb, size_t *len); void *get_membuf_shrink (membuf_t *mb, size_t *len); const void *peek_membuf (membuf_t *mb, size_t *len); diff --git a/common/mischelp.h b/common/mischelp.h index ecbf38b..cd72a4a 100644 --- a/common/mischelp.h +++ b/common/mischelp.h @@ -48,27 +48,32 @@ time_t timegm (struct tm *tm); #define DIMof(type,member) DIM(((type *)0)->member) -#undef GPGRT_GCC_HAVE_PUSH_PRAGMA -#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) -# define GPGRT_GCC_M_FUNCTION 1 /* __FUNCTION__ macro is available. */ -# define GPGRT_GCC_A_NR __attribute__ ((noreturn)) -# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4 ) -# define GPGRT_GCC_HAVE_PUSH_PRAGMA 1 -# define GPGRT_GCC_A_PRINTF( f, a ) \ - __attribute__ ((format (__gnu_printf__,f,a))) -# define GPGRT_GCC_A_NR_PRINTF( f, a ) \ - __attribute__ ((noreturn, format (__gnu_printf__,f,a))) +/* Replacements for macros not available with libgpg-error < 1.20. */ +#ifndef GPGRT_GCC_VERSION + +# undef GPGRT_HAVE_PRAGMA_GCC_PUSH +# if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 ) +# define GPGRT_HAVE_MACRO_FUNCTION 1 /* __FUNCTION__ macro is available. */ +# define GPGRT_ATTR_NORETURN __attribute__ ((noreturn)) +# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4 ) +# define GPGRT_HAVE_PRAGMA_GCC_PUSH 1 +# define GPGRT_ATTR_PRINTF(f,a) \ + __attribute__ ((format (__gnu_printf__,f,a))) +# define GPGRT_ATTR_NR_PRINTF(f,a) \ + __attribute__ ((noreturn, format (__gnu_printf__,f,a))) +# else +# define GPGRT_ATTR_PRINTF(f, a) \ + __attribute__ ((format (printf,f,a))) +# define GPGRT_ATTR_NR_PRINTF(f, a) \ + __attribute__ ((noreturn, format (printf,f,a))) +# endif # else -# define GPGRT_GCC_A_PRINTF( f, a ) __attribute__ ((format (printf,f,a))) -# define GPGRT_GCC_A_NR_PRINTF( f, a ) \ - __attribute__ ((noreturn, format (printf,f,a))) +# define GPGRT_ATTR_NORETURN +# define GPGRT_ATTR_PRINTF( f, a ) +# define GPGRT_ATTR_NR_PRINTF( f, a ) # endif -#else -# define GPGRT_GCC_A_NR -# define GPGRT_GCC_A_PRINTF( f, a ) -# define GPGRT_GCC_A_NR_PRINTF( f, a ) -#endif +#endif /*Older libgpg-error. */ /* To avoid that a compiler optimizes certain memset calls away, these macros may be used instead. */ diff --git a/common/stringhelp.h b/common/stringhelp.h index ab16d16..a84c81b 100644 --- a/common/stringhelp.h +++ b/common/stringhelp.h @@ -52,11 +52,11 @@ size_t length_sans_trailing_ws (const unsigned char *line, size_t len); char *make_basename(const char *filepath, const char *inputpath); char *make_dirname(const char *filepath); -char *make_filename( const char *first_part, ... ) GNUPG_GCC_A_SENTINEL(0); -char *make_filename_try (const char *first_part, ... ) GNUPG_GCC_A_SENTINEL(0); -char *make_absfilename (const char *first_part, ...) GNUPG_GCC_A_SENTINEL(0); +char *make_filename( const char *first_part, ... ) GPGRT_ATTR_SENTINEL(0); +char *make_filename_try (const char *first_part, ... ) GPGRT_ATTR_SENTINEL(0); +char *make_absfilename (const char *first_part, ...) GPGRT_ATTR_SENTINEL(0); char *make_absfilename_try (const char *first_part, - ...) GNUPG_GCC_A_SENTINEL(0); + ...) GPGRT_ATTR_SENTINEL(0); int compare_filenames( const char *a, const char *b ); int hextobyte (const char *s); @@ -139,9 +139,9 @@ char *try_percent_escape (const char *str, const char *extra); /* Concatenate the string S1 with all the following strings up to a NULL. Returns a malloced buffer with the new string or NULL on a malloc error or if too many arguments are given. */ -char *strconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0); +char *strconcat (const char *s1, ...) GPGRT_ATTR_SENTINEL(0); /* Ditto, but die on error. */ -char *xstrconcat (const char *s1, ...) GNUPG_GCC_A_SENTINEL(0); +char *xstrconcat (const char *s1, ...) GPGRT_ATTR_SENTINEL(0); char **strsplit (char *string, char delim, char replacement, int *count); diff --git a/common/types.h b/common/types.h index 8d7730b..2bb817f 100644 --- a/common/types.h +++ b/common/types.h @@ -114,13 +114,13 @@ #endif -/* Some GCC attributes. Note that we use also define some in - mischelp.h, but this header and types.h are not always included. - Should eventually be put into one file (e.g. nlib-common.h). */ -#if __GNUC__ >= 4 -# define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a))) -#else -# define GNUPG_GCC_A_SENTINEL(a) +/* Some GCC attributes. These are replacements for libgpg-error < 1.20. */ +#ifndef GPGRT_GCC_VERSION +# if __GNUC__ >= 4 +# define GPGRT_ATTR_SENTINEL(a) __attribute__ ((sentinel(a))) +# else +# define GPGRT_ATTR_SENTINEL(a) +# endif #endif #endif /*GNUPG_COMMON_TYPES_H*/ diff --git a/common/util.h b/common/util.h index b92d78c..90acefa 100644 --- a/common/util.h +++ b/common/util.h @@ -152,26 +152,30 @@ #define snprintf gpgrt_snprintf -/* GCC attributes. */ -#ifndef GNUPG_GCC_ATTR_FORMAT_ARG -#if __GNUC__ >= 3 /* Actually 2.8 but testing the major is easier. */ -# define GNUPG_GCC_ATTR_FORMAT_ARG(a) __attribute__ ((__format_arg__ (a))) -#else -# define GNUPG_GCC_ATTR_FORMAT_ARG(a) -#endif -#endif +/* Replacements for macros not available with libgpg-error < 1.20. */ +#ifndef GPGRT_GCC_VERSION -#if __GNUC__ >= 4 -# define GNUPG_GCC_A_SENTINEL(a) __attribute__ ((sentinel(a))) -#else -# define GNUPG_GCC_A_SENTINEL(a) -#endif +# ifndef GPGRT_ATTR_FORMAT_ARG +# if __GNUC__ >= 3 /* Actually 2.8 but testing the major is easier. */ +# define GPGRT_ATTR_FORMAT_ARG(a) __attribute__ ((__format_arg__ (a))) +# else +# define GPGRT_ATTR_FORMAT_ARG(a) +# endif +# endif -#if __GNUC__ >= 4 -# define GNUPG_GCC_A_USED __attribute__ ((used)) -#else -# define GNUPG_GCC_A_USED -#endif +# if __GNUC__ >= 4 +# define GPGRT_ATTR_SENTINEL(a) __attribute__ ((sentinel(a))) +# else +# define GPGRT_ATTR_SENTINEL(a) +# endif + +# if __GNUC__ >= 4 +# define GPGRT_ATTR_USED __attribute__ ((used)) +# else +# define GPGRT_ATTR_USED +# endif + +#endif /*libgpg-error < 1.20 */ /* We need this type even if we are not using libreadline and or we @@ -371,9 +375,9 @@ const char *gnupg_messages_locale_name (void); void setup_libgcrypt_logging (void); /* Same as estream_asprintf but die on memory failure. */ -char *xasprintf (const char *fmt, ...) GPGRT_GCC_A_PRINTF(1,2); +char *xasprintf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); /* This is now an alias to estream_asprintf. */ -char *xtryasprintf (const char *fmt, ...) GPGRT_GCC_A_PRINTF(1,2); +char *xtryasprintf (const char *fmt, ...) GPGRT_ATTR_PRINTF(1,2); /* Replacement for gcry_cipher_algo_name. */ const char *gnupg_cipher_algo_name (int algo); diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 4288119..1b8ef03 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -1404,7 +1404,7 @@ modlist_lookup (LDAPMod **modlist, const char *attr) /* Dump a modlist to a file. This is useful for debugging. */ static estream_t modlist_dump (LDAPMod **modlist, estream_t output) - GNUPG_GCC_A_USED; + GPGRT_ATTR_USED; static estream_t modlist_dump (LDAPMod **modlist, estream_t output) diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h index 985167a..aff6cf4 100644 --- a/dirmngr/ks-engine.h +++ b/dirmngr/ks-engine.h @@ -26,7 +26,7 @@ /*-- ks-action.c --*/ gpg_error_t ks_print_help (ctrl_t ctrl, const char *text); gpg_error_t ks_printf_help (ctrl_t ctrl, const char *format, - ...) GPGRT_GCC_A_PRINTF(2,3); + ...) GPGRT_ATTR_PRINTF(2,3); /*-- ks-engine-hkp.c --*/ gpg_error_t ks_hkp_resolve (ctrl_t ctrl, parsed_uri_t uri); diff --git a/g10/main.h b/g10/main.h index f4bf17f..06c497d 100644 --- a/g10/main.h +++ b/g10/main.h @@ -182,7 +182,7 @@ void write_status_error (const char *where, gpg_error_t err); void write_status_errcode (const char *where, int errcode); void write_status_text ( int no, const char *text ); void write_status_strings (int no, const char *text, - ...) GNUPG_GCC_A_SENTINEL(0); + ...) GPGRT_ATTR_SENTINEL(0); void write_status_buffer ( int no, const char *buffer, size_t len, int wrap ); void write_status_text_and_buffer ( int no, const char *text, diff --git a/g13/g13.h b/g13/g13.h index 371833d..c766813 100644 --- a/g13/g13.h +++ b/g13/g13.h @@ -106,7 +106,7 @@ void g13_exit (int rc); void g13_init_default_ctrl (struct server_control_s *ctrl); /*-- server.c (commonly used, thus declared here) --*/ -gpg_error_t g13_status (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0); +gpg_error_t g13_status (ctrl_t ctrl, int no, ...) GPGRT_ATTR_SENTINEL(0); #endif /*G13_H*/ diff --git a/scd/scdaemon.h b/scd/scdaemon.h index 35ada43..1a95ba7 100644 --- a/scd/scdaemon.h +++ b/scd/scdaemon.h @@ -124,7 +124,7 @@ const char *scd_get_socket_name (void); void initialize_module_command (void); int scd_command_handler (ctrl_t, int); void send_status_info (ctrl_t ctrl, const char *keyword, ...) - GNUPG_GCC_A_SENTINEL(1); + GPGRT_ATTR_SENTINEL(1); void send_status_direct (ctrl_t ctrl, const char *keyword, const char *args); void scd_update_reader_status_file (void); diff --git a/sm/gpgsm.h b/sm/gpgsm.h index 9fc74c3..30e4fb3 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -241,7 +241,7 @@ int gpgsm_parse_validation_model (const char *model); /*-- server.c --*/ void gpgsm_server (certlist_t default_recplist); gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text); -gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0); +gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GPGRT_ATTR_SENTINEL(0); gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text, gpg_err_code_t ec); gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl, ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 7 ++++--- common/asshelp.h | 4 ++-- common/audit.c | 6 +++--- common/logging.h | 19 ++++++++++--------- common/membuf.h | 2 +- common/mischelp.h | 41 +++++++++++++++++++++++------------------ common/stringhelp.h | 12 ++++++------ common/types.h | 14 +++++++------- common/util.h | 44 ++++++++++++++++++++++++-------------------- dirmngr/ks-engine-ldap.c | 2 +- dirmngr/ks-engine.h | 2 +- g10/main.h | 2 +- g13/g13.h | 2 +- scd/app-openpgp.c | 4 +++- scd/scdaemon.h | 2 +- sm/gpgsm.h | 2 +- 16 files changed, 89 insertions(+), 76 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 26 16:00:42 2015 From: cvs at cvs.gnupg.org (by Peter Wu) Date: Sun, 26 Jul 2015 16:00:42 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-237-g46c0726 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 46c072669eb81ed610cc5b3c0dc0c75a143afbb4 (commit) from ada0a7d302cca97b327faaacac7a5d0b8043df88 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 46c072669eb81ed610cc5b3c0dc0c75a143afbb4 Author: Peter Wu Date: Sun Jul 26 16:50:33 2015 +0300 Fix undefined behavior wrt memcpy * cipher/cipher-gcm.c: Do not copy zero bytes from an empty buffer. Let the function continue to add padding as needed though. * cipher/mac-poly1305.c: If the caller requested to finish the hash function without a copy of the result, return immediately. -- Caught by UndefinedBehaviorSanitizer. Signed-off-by: Peter Wu diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c index 6b13fc5..3711a1d 100644 --- a/cipher/cipher-gcm.c +++ b/cipher/cipher-gcm.c @@ -474,7 +474,7 @@ do_ghash_buf(gcry_cipher_hd_t c, byte *hash, const byte *buf, do { - if (buflen + unused < blocksize || unused > 0) + if (buflen > 0 && (buflen + unused < blocksize || unused > 0)) { n = blocksize - unused; n = n < buflen ? n : buflen; diff --git a/cipher/mac-poly1305.c b/cipher/mac-poly1305.c index 76b369a..b80f87d 100644 --- a/cipher/mac-poly1305.c +++ b/cipher/mac-poly1305.c @@ -260,6 +260,9 @@ poly1305mac_read (gcry_mac_hd_t h, unsigned char *outbuf, size_t *outlen) mac_ctx->marks.tag = 1; } + if (*outlen == 0) + return 0; + if (*outlen <= POLY1305_TAGLEN) buf_cpy (outbuf, mac_ctx->tag, *outlen); else ----------------------------------------------------------------------- Summary of changes: cipher/cipher-gcm.c | 2 +- cipher/mac-poly1305.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 26 19:45:49 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sun, 26 Jul 2015 19:45:49 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-6-g676b1ac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 676b1ac38d0c1db754492b6817bbc6195dcef300 (commit) from f9db93786cbdbc0f5f6edf0ae996ec405931decf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 676b1ac38d0c1db754492b6817bbc6195dcef300 Author: Neal H. Walfield Date: Sun Jul 26 19:45:45 2015 +0200 Don't build the emacs pinentry program by default. diff --git a/configure.ac b/configure.ac index 3389141..cf4d525 100644 --- a/configure.ac +++ b/configure.ac @@ -369,7 +369,7 @@ dnl Check for emacs pinentry program. dnl AC_ARG_ENABLE(pinentry-emacs, AC_HELP_STRING([--enable-pinentry-emacs], [build emacs pinentry]), - pinentry_emacs=$enableval, pinentry_emacs=maybe) + pinentry_emacs=$enableval, pinentry_emacs=no) AC_ARG_ENABLE(inside-emacs, AC_HELP_STRING([--enable-inside-emacs], [include emacs hack]), inside_emacs=$enableval, inside_emacs=maybe) ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sun Jul 26 20:07:49 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sun, 26 Jul 2015 20:07:49 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-8-gd70a106 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via d70a106d71dbcaf90e2246ed8e72c14d9c2cf266 (commit) via c9c3576b5e2e3139fd9f6af3426b5f5e727deadd (commit) from 676b1ac38d0c1db754492b6817bbc6195dcef300 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d70a106d71dbcaf90e2246ed8e72c14d9c2cf266 Author: Neal H. Walfield Date: Sun Jul 26 20:04:47 2015 +0200 gtk2: Use gtk_widget_get_window instead of accessing the struct. * gtk+-2/pinentry-gtk-2.c (make_transient): Don't directly access the window field of WIN. Use gtk_widget_get_window instead. (grab_keyboard): Likewise. (ungrab_keyboard): Likewise. Patch-by: Dimitri John Ledkov . diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 21fabc8..fdfdeaf 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -139,7 +139,7 @@ make_transient (GtkWidget *win, GdkEvent *event, gpointer data) /* Make window transient for the root window. */ screen = gdk_screen_get_default (); root = gdk_screen_get_root_window (screen); - gdk_window_set_transient_for (win->window, root); + gdk_window_set_transient_for (gtk_widget_get_window (win), root); } @@ -152,7 +152,8 @@ grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data) if (! pinentry->grab) return FALSE; - if (gdk_keyboard_grab (win->window, FALSE, gdk_event_get_time (event))) + if (gdk_keyboard_grab (gtk_widget_get_window (win), + FALSE, gdk_event_get_time (event))) { g_critical ("could not grab keyboard"); grab_failed = 1; @@ -173,7 +174,7 @@ ungrab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data) /* gdk_window_set_transient_for cannot be used with parent = NULL to unset transient hint (unlike gtk_ version which can). Replacement code is taken from gtk_window_transient_parent_unrealized. */ - gdk_property_delete (win->window, + gdk_property_delete (gtk_widget_get_window (win), gdk_atom_intern_static_string ("WM_TRANSIENT_FOR")); return FALSE; } commit c9c3576b5e2e3139fd9f6af3426b5f5e727deadd Author: Neal H. Walfield Date: Sun Jul 26 20:03:14 2015 +0200 gtk2: Use newer tooltips functions, if available. * gtk+-2/pinentry-gtk-2.c (tooltips): Don't declare for Gtk+ >=2.12.0. (create_window): Gtk+ >=2.12.0, use gtk_widget_set_tooltip_text instead of gtk_tooltips_set_tip. Patch-by: Dimitri John Ledkov . diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index bfc94af..21fabc8 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -68,7 +68,9 @@ static GtkWidget *entry; static GtkWidget *repeat_entry; static GtkWidget *error_label; static GtkWidget *qualitybar; +#if !GTK_CHECK_VERSION (2, 12, 0) static GtkTooltips *tooltips; +#endif static gboolean got_input; static guint timeout_source; static int confirm_mode; @@ -377,7 +379,9 @@ create_window (pinentry_t ctx) repeat_entry = NULL; +#if !GTK_CHECK_VERSION (2, 12, 0) tooltips = gtk_tooltips_new (); +#endif /* FIXME: check the grabbing code against the one we used with the old gpg-agent */ @@ -514,8 +518,15 @@ create_window (pinentry_t ctx) QUALITYBAR_EMPTY_TEXT); gtk_progress_bar_set_fraction (GTK_PROGRESS_BAR (qualitybar), 0.0); if (pinentry->quality_bar_tt) - gtk_tooltips_set_tip (GTK_TOOLTIPS (tooltips), qualitybar, - pinentry->quality_bar_tt, ""); + { +#if !GTK_CHECK_VERSION (2, 12, 0) + gtk_tooltips_set_tip (GTK_TOOLTIPS (tooltips), qualitybar, + pinentry->quality_bar_tt, ""); +#else + gtk_widget_set_tooltip_text (qualitybar, + pinentry->quality_bar_tt); +#endif + } gtk_table_attach (GTK_TABLE (table), qualitybar, 1, 2, nrow, nrow+1, GTK_EXPAND|GTK_FILL, GTK_EXPAND|GTK_FILL, 0, 0); nrow++; ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Mon Jul 27 11:40:03 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 27 Jul 2015 11:40:03 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.28-13-g35d3ced Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 35d3ced4fda90a5410a579850ca92ea6a356b402 (commit) from 376417ab63ebb0fd2432ddc0ee1db722ffa1d3d2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 35d3ced4fda90a5410a579850ca92ea6a356b402 Author: Werner Koch Date: Mon Jul 27 11:28:31 2015 +0200 sm: Revert to use SHA-1 for CSR generation. * sm/certreqgen.c (create_request): Revert to use SHA-1 but change to set it only at one place. -- Regression-due-to: bdf439035d123e4751e133ad42982673b0c86b75 Signed-off-by: Werner Koch diff --git a/sm/certreqgen.c b/sm/certreqgen.c index ab8fbc8..a1e9bf8 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -587,7 +587,13 @@ proc_parameters (ctrl_t ctrl, /* Parameters are checked, the key pair has been created. Now - generate the request and write it out */ + generate the request and write it out. + + Note: We use SHA-1 here because Libksba hash a shortcut to use + assume that if SIG_VAL uses as algo the string "rsa". To fix that + we would need to replace that string by an appropriate OID. We + leave this change for 2.1. + */ static int create_request (ctrl_t ctrl, struct para_data_s *para, @@ -597,6 +603,7 @@ create_request (ctrl_t ctrl, { ksba_certreq_t cr; gpg_error_t err; + int hashalgo = GCRY_MD_SHA1; gcry_md_hd_t md; ksba_stop_reason_t stopreason; int rc = 0; @@ -611,7 +618,7 @@ create_request (ctrl_t ctrl, if (err) return err; - rc = gcry_md_open (&md, GCRY_MD_SHA256, 0); + rc = gcry_md_open (&md, hashalgo, 0); if (rc) { log_error ("md_open failed: %s\n", gpg_strerror (rc)); @@ -792,10 +799,10 @@ create_request (ctrl_t ctrl, if (carddirect) rc = gpgsm_scd_pksign (ctrl, carddirect, NULL, - gcry_md_read(md, GCRY_MD_SHA1), - gcry_md_get_algo_dlen (GCRY_MD_SHA1), - GCRY_MD_SHA1, - &sigval, &siglen); + gcry_md_read (md, hashalgo), + gcry_md_get_algo_dlen (hashalgo), + hashalgo, + &sigval, &siglen); else { char *orig_codeset; @@ -808,9 +815,9 @@ create_request (ctrl_t ctrl, " more.\n")); i18n_switchback (orig_codeset); rc = gpgsm_agent_pksign (ctrl, hexgrip, desc, - gcry_md_read(md, GCRY_MD_SHA1), - gcry_md_get_algo_dlen (GCRY_MD_SHA1), - GCRY_MD_SHA1, + gcry_md_read(md, hashalgo), + gcry_md_get_algo_dlen (hashalgo), + hashalgo, &sigval, &siglen); xfree (desc); } ----------------------------------------------------------------------- Summary of changes: sm/certreqgen.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 28 13:48:50 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 28 Jul 2015 13:48:50 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-10-g43f975b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 43f975bf0348663dc8b01737dee5b15244ef7ee8 (commit) from a4694dcda0fe27852be20db3017f9313adf361a3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 43f975bf0348663dc8b01737dee5b15244ef7ee8 Author: Neal H. Walfield Date: Tue Jul 28 11:53:25 2015 +0200 doc: Describe the frontends and their security implications. * doc/pinentry.texi: Describe the frontends and their security implications. GnuPG-bug-id: 2034 diff --git a/doc/pinentry.texi b/doc/pinentry.texi index 90902bd..fd1d624 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -115,6 +115,7 @@ set. @menu * Using pinentry:: How to use the beast. +* Front ends:: Description and comparison of the front ends Developer information @@ -209,6 +210,72 @@ the locale and terminal to use. It is also possible to pass these options using Assuan protocol options. @end table + at node Front ends + at chapter Front Ends + +There are several different flavors of @pinentry{}. Concretely, there +are Gtk+2, Qt at tie{}4, Gnome at tie{}3, Emacs, curses and tty variants. +These different implementations provide higher levels of integration +with a specific environment. For instance, the Gnome at tie{}3 + at pinentry{} uses Gnome at tie{}3 widgets to display the prompts. For +Gnome at tie{}3 users, this higher level of integration provides a more +consistent aesthetic. However, this comes at a cost. Because this + at pinentry{} uses so many components, there is a larger chance of a +failure. In particular, there is a larger chance that the passphrase +is saved in memory and that memory is exposed to an attacker (consider +the OpenSSL Heartbeat vulnerability). + +To understand how many components touch the passphrase, consider again +the Gnome at tie{}3 implementation. When a user presses a button on the +keyboard, the key is passed from the kernel to the X at tie{}server to +the toolkit (Gtk+) and to the actual text entry widget. Along the +way, the key is saved in memory and processed. In fact, the key +presses are probably read using standard C library functions, which +buffer the input. None of this code is careful to make sure the +contents of the memory are not leaked by keeping the data in unpagable +memory and wiping it when the buffer is freed. However, even if they +did, there is still the problem that when a computer hibernates, the +system writes unpagable memory to disk anyway. Further, many +installations are virtualized (e.g., running on Xen) and have little +control over their actual environment. + +The curses variant uses a significant smaller software stack and the +tty variant uses an even smaller one. However, if they are run in an +X at tie{}terminal, then a similar number of components are handling the +passphrase as in the Gnome at tie{}3 case! Thus, to be most secure, you +need to direct GPG at tie{}Agent to use a fixed virtual console. Since +you need to remain logged in for GPG at tie{}Agent to use that console, +you should run there and have @code{screen} or @code{tmux} lock the +tty. + +The Emacs pinentry implementation interacts with a running Emacs +session and directs the Emacs instance to display the passphrase +prompt. Since this doesn't work very well if there is no Emacs +running, the generic @pinentry{} backend checks if a + at pinentry{}-enabled Emacs should be used. Specifically, it looks to +see if the @code{INSIDE_EMACS} variable is set and then attempts to +establish a connection to the specified address. If this is the case, +then instead of, e.g., @code{pinentry-gtk2} displaying a Gtk+2 +pinentry, it interacts with the Emacs session. This functionality can +be explicitly disabled by passing @code{--disable-inside-emacs} to + at code{configure} when building @pinentry{}. + +Having Emacs get the passphrase is convenient, however, it is a +significant security risk. Emacs keeps all key presses buffered. +(You can see the recent key presses by typing @code{C-h l} +(@code{view-lossage}) in emacs.) Further, Emacs is a huge program, +which doesn't provide any process isolation to speak of. As such, +having it handle the passphrase adds a huge chunk of code to the +user's trusted computing base. Because of this concern, Emacs doesn't +enable this by default (the user has to run @code{(pinentry-start)}, +e.g., from his or her @code{.emacs} file, explicitly). + +Similar to the inside-emacs check, the @pinentry{} frontends check +whether the @code{DISPLAY} variable is set and a working X server is +available. If this is not the case, then they fallback to the curses +front end. This can also be disabled by passing + at code{--disable-fallback-curses} to @code{configure} at build time. + @c @c Assuan Protocol @c ----------------------------------------------------------------------- Summary of changes: doc/pinentry.texi | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue Jul 28 15:19:15 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Tue, 28 Jul 2015 15:19:15 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.5-11-gabb59f5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via abb59f50abf698ff1e56490fb39bcc98c26ab44b (commit) from 43f975bf0348663dc8b01737dee5b15244ef7ee8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit abb59f50abf698ff1e56490fb39bcc98c26ab44b Author: Andre Heinecke Date: Tue Jul 28 14:45:45 2015 +0200 Qt4: Rename to pinentry-qt and add Qt5 Support * qt4: Moved to qt. * Makefile.am: Change qt4 suffix to qt. * m4/qt.m4: Remove old qt lookup functions. (FIND_QT): New. Use pkg-config to find either Qt5 or Qt4 * configure.ac: Change qt4 suffix to qt. Use new FIND_QT function. * qt/Makefile.am: Change qt4 suffix to qt. Use new FLAGS / LIBS. * qt/pinentrydialog.cpp, qt/qrc_pinentry.cpp: Fix whitespace. * .gitignore: Change qt4 paths to qt. * README: Update accordingly. * autogen.rc: Change qt4 to qt. * qt/main.cpp (qt_cmd_handler, main): Change qt4 to qt. -- Now if Qt5 is found with pkg-config Qt5 is used. Qt4 is still supported as a fallback in case Qt5 is not found. GnuPG-bug-id: 1806 diff --git a/.gitignore b/.gitignore index 92a9c2b..e9d3966 100644 --- a/.gitignore +++ b/.gitignore @@ -26,16 +26,16 @@ gnome3/Makefile.in gnome3/Makefile pinentry/Makefile.in pinentry/Makefile -qt4/Makefile.in -qt4/Makefile +qt/Makefile.in +qt/Makefile secmem/Makefile.in secmem/Makefile w32/Makefile.in w32/Makefile tty/Makefile.in tty/Makefile -/qt4/pinentryconfirm.moc -/qt4/pinentrydialog.moc -/qt4/qsecurelineedit.moc +/qt/pinentryconfirm.moc +/qt/pinentrydialog.moc +/qt/qsecurelineedit.moc /m4/Makefile.in /emacs/Makefile.in diff --git a/Makefile.am b/Makefile.am index 22640df..7dcc0ae 100644 --- a/Makefile.am +++ b/Makefile.am @@ -20,7 +20,7 @@ ## Process this file with automake to produce Makefile.in ACLOCAL_AMFLAGS = -I m4 -DISTCHECK_CONFIGURE_FLAGS = --disable-pinentry-qt4 +DISTCHECK_CONFIGURE_FLAGS = --disable-pinentry-qt GITLOG_TO_CHANGELOG=gitlog-to-changelog @@ -58,10 +58,10 @@ else pinentry_gnome_3 = endif -if BUILD_PINENTRY_QT4 -pinentry_qt4 = qt4 +if BUILD_PINENTRY_QT +pinentry_qt = qt else -pinentry_qt4 = +pinentry_qt = endif if BUILD_PINENTRY_W32 @@ -72,7 +72,7 @@ endif SUBDIRS = m4 secmem pinentry ${pinentry_curses} ${pinentry_tty} \ ${pinentry_emacs} ${pinentry_gtk_2} ${pinentry_gnome_3} \ - ${pinentry_qt4} ${pinentry_w32} doc + ${pinentry_qt} ${pinentry_w32} doc install-exec-local: diff --git a/README b/README index d66d2d2..b80d466 100644 --- a/README +++ b/README @@ -13,7 +13,7 @@ GUI OPTION DEPENDENCIES Curses --enable-pinentry-curses Curses library, for example ncurses GTK+ V2.0 --enable-pinentry-gtk2 Gimp Toolkit Library, Version 2.0 eg. libgtk-x11-2.0 and libglib-2.0 -Qt4 --enable-pinentry-qt4 Qt4 +Qt --enable-pinentry-qt Qt (> 4.4.0) TTY --enable-pinentry-tty Simple TTY version, no dependencies The GTK+ and Qt pinentries can fall back to curses mode. The @@ -26,11 +26,11 @@ pass --disable-fallback-curses to the configure script as well. Examples: * To only build the GTK+ pinentry with curses support: ./configure --enable-pinentry-gtk2 --enable-fallback-curses \ - --disable-pinentry-curses --disable-pinentry-qt4 + --disable-pinentry-curses --disable-pinentry-qt * To build the Qt pinentry, and the other pinentries if they are supported: -./configure --enable-pinentry-qt4 +./configure --enable-pinentry-qt * To build everything that is supported (complete auto-detection): ./configure diff --git a/autogen.rc b/autogen.rc index bed429b..9be5e62 100644 --- a/autogen.rc +++ b/autogen.rc @@ -4,7 +4,7 @@ case "$myhost:$myhostsub" in w32:ce) - extraoptions="--disable-pinentry-gtk2 --disable-pinentry-qt4" + extraoptions="--disable-pinentry-gtk2 --disable-pinentry-qt" ;; w32:) extraoptions="" diff --git a/configure.ac b/configure.ac index f640a68..2ffea2d 100644 --- a/configure.ac +++ b/configure.ac @@ -503,11 +503,19 @@ AC_ARG_ENABLE(libsecret, libsecret=$enableval, libsecret=maybe) dnl check for pkg-config -if test "$libsecret" != "no"; then +if test "$libsecret" != "no" -o "$pinentry-qt" != "no"; then AC_PATH_PROG(PKG_CONFIG, pkg-config, no) - if test x"${PKG_CONFIG}" = xno ; then - libsecret=no - fi + if test x"${PKG_CONFIG}" = xno ; then + if test "$pinentry_qt" = "yes"; then + AC_MSG_ERROR([[ + *** + *** pkg-config is required to find the Qt libraries for pinentry-qt + ***]]) + else + pinentry_qt=no + fi + libsecret=no + fi fi dnl check if the module libsecret exists @@ -535,68 +543,49 @@ if test "$libsecret" = "yes"; then fi dnl -dnl Check for Qt4 pinentry program. +dnl Check for Qt pinentry program. dnl -AC_ARG_ENABLE(pinentry-qt4, - AC_HELP_STRING([--enable-pinentry-qt4], [build Qt4 pinentry]), - pinentry_qt4=$enableval, pinentry_qt4=maybe) +AC_ARG_ENABLE(pinentry-qt, + AC_HELP_STRING([--enable-pinentry-qt], [build qt pinentry]), + pinentry_qt=$enableval, pinentry_qt=maybe) dnl -dnl Checks for Qt4 libraries. Deal correctly with $pinentry_qt4 = maybe. +dnl Checks for qt libraries. Deal correctly with $pinentry_qt = maybe. +dnl Tries to find Qt5, falls back on Qt4 dnl -if test "$pinentry_qt4" != "no"; then -PKG_CHECK_MODULES(QT4_CORE, QtCore,, -if test "$pinentry_qt4" = "yes"; then - AC_MSG_ERROR([[ -*** -*** Qt4 Core is required. -***]]) -else - pinentry_qt4=no -fi) -fi - -if test "$pinentry_qt4" != "no"; then - -QT_PATH_MOC -if test "$have_moc" != "yes"; then - if test "$pinentry_qt4" = "yes"; then +if test "$pinentry_qt" != "no"; then + FIND_QT + if test "$have_qt4_libs" != "yes" -a "$have_qt5_libs" != "yes"; then + if test "$pinentry_qt" = "yes"; then AC_MSG_ERROR([[ *** - *** Qt moc is required. + *** Qt4 (QtCore, QtGui) or Qt5 (Qt5Core, Qt5Gui, Qt5Widgets) is required. ***]]) else - pinentry_qt4=no + pinentry_qt=no fi + fi fi -PKG_CHECK_MODULES(QT4_GUI, QtGui,, -if test "$pinentry_qt4" = "yes"; then - AC_MSG_ERROR([[ -*** -*** Qt4 Gui is required. -***]]) -else - pinentry_qt4=no -fi) -fi +AC_SUBST(PINENTRY_QT_CFLAGS) +AC_SUBST(PINENTRY_QT_LIBS) +AC_SUBST(MOC) -dnl If we have come so far, Qt4 pinentry can be build. -if test "$pinentry_qt4" != "no"; then - pinentry_qt4=yes +dnl If we have come so far, qt pinentry can be build. +if test "$pinentry_qt" != "no"; then + pinentry_qt=yes fi -AM_CONDITIONAL(BUILD_PINENTRY_QT4, test "$pinentry_qt4" = "yes") -if test "$pinentry_qt4" = "yes"; then - AC_DEFINE(PINENTRY_QT4, 1, [The Qt4 version of Pinentry is to be build]) +AM_CONDITIONAL(BUILD_PINENTRY_QT, test "$pinentry_qt" = "yes") +if test "$pinentry_qt" = "yes"; then + AC_DEFINE(PINENTRY_QT, 1, [The qt version of Pinentry is to be build]) + if test "$have_qt4_libs" = "yes"; then + pinentry_qt_lib_version="(Qt4)" + else + pinentry_qt_lib_version="(Qt5)" + fi fi -dnl if test "$pinentry_qt4" = "yes"; then -dnl Additional checks for Qt4 pinentry. -dnl End of additional checks for Qt4 pinentry. -dnl fi - - # # Check whether we should build the W32 pinentry. This is actually # the simplest check as we do this only for that platform. @@ -613,8 +602,8 @@ AM_CONDITIONAL(BUILD_PINENTRY_W32, test "$pinentry_w32" = "yes") if test "$pinentry_gtk_2" = "yes"; then PINENTRY_DEFAULT=pinentry-gtk-2 else - if test "$pinentry_qt4" = "yes"; then - PINENTRY_DEFAULT=pinentry-qt4 + if test "$pinentry_qt" = "yes"; then + PINENTRY_DEFAULT=pinentry-qt else if test "$pinentry_gnome_3" = "yes"; then PINENTRY_DEFAULT=pinentry-gnome3 @@ -705,7 +694,7 @@ tty/Makefile emacs/Makefile gtk+-2/Makefile gnome3/Makefile -qt4/Makefile +qt/Makefile w32/Makefile doc/Makefile Makefile @@ -725,7 +714,7 @@ AC_MSG_NOTICE([ Emacs Pinentry ...: $pinentry_emacs GTK+-2 Pinentry ..: $pinentry_gtk_2 GNOME 3 Pinentry .: $pinentry_gnome_3 - Qt4 Pinentry .....: $pinentry_qt4 + Qt Pinentry ......: $pinentry_qt $pinentry_qt_lib_version W32 Pinentry .....: $pinentry_w32 Fallback to Curses: $fallback_curses diff --git a/m4/qt.m4 b/m4/qt.m4 index a6b849b..0a7ea99 100644 --- a/m4/qt.m4 +++ b/m4/qt.m4 @@ -1,706 +1,93 @@ -## -*- autoconf -*- - - -dnl This file is part of the KDE libraries/packages -dnl Copyright (C) 1997 Janos Farkas (chexum at shadow.banki.hu) -dnl (C) 1997,98,99 Stephan Kulow (coolo at kde.org) -dnl (C) 2002 g10 Code GmbH -dnl Modified for PINENTRY by Marcus Brinkmann. +dnl qt.m4 +dnl Copyright (C) 2015 Intevation GmbH dnl -dnl This file is free software; you can redistribute it and/or -dnl modify it under the terms of the GNU Library General Public -dnl License as published by the Free Software Foundation; either -dnl version 2 of the License, or (at your option) any later version. - -dnl This library is distributed in the hope that it will be useful, -dnl but WITHOUT ANY WARRANTY; without even the implied warranty of -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -dnl Library General Public License for more details. - -dnl You should have received a copy of the GNU Library General Public License -dnl along with this library; see the file COPYING.LIB. If not, write to -dnl the Free Software Foundation, Inc., 59 Temple Place - Suite 330, -dnl Boston, MA 02111-1307, USA. - -dnl ------------------------------------------------------------------------ -dnl Find a file (or one of more files in a list of dirs) -dnl ------------------------------------------------------------------------ +dnl This file is part of PINENTRY. dnl -AC_DEFUN([QT_FIND_FILE], -[ -$3=NO -for i in $2; -do - for j in $1; - do - echo "configure: __oline__: $i/$j" >&AS_MESSAGE_LOG_FD - if test -r "$i/$j"; then - echo "taking that" >&AS_MESSAGE_LOG_FD - $3=$i - break 2 - fi - done -done -]) - -dnl ------------------------------------------------------------------------ -dnl Find the meta object compiler in the PATH, -dnl in $QTDIR/bin, and some more usual places -dnl ------------------------------------------------------------------------ +dnl PINENTRY is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or +dnl (at your option) any later version. dnl -AC_DEFUN([QT_PATH_MOC], -[ - qt_bindirs="" - for dir in $qt_dirs; do - qt_bindirs="$qt_bindirs:$dir/bin:$dir/src/moc" - done - qt_bindirs="$qt_bindirs:/usr/bin:/usr/X11R6/bin:/usr/local/qt/bin" - if test ! "$ac_qt_bindir" = "NO"; then - qt_bindirs="$ac_qt_bindir:$qt_bindirs" - fi - - AC_PATH_PROGS(MOC, [moc-qt4 moc], no, [$qt_bindirs]) - if test "$MOC" = no; then - #AC_MSG_ERROR([No Qt meta object compiler (moc) found! - #Please check whether you installed Qt correctly. - #You need to have a running moc binary. - #configure tried to run $ac_cv_path_moc and the test didn't - #succeed. If configure shouldn't have tried this one, set - #the environment variable MOC to the right one before running - #configure. - #]) - have_moc="no" - else - have_moc="yes" - AC_SUBST(MOC) - fi -]) - - -dnl ------------------------------------------------------------------------ -dnl Find the header files and libraries for the X Window System. -dnl Extended the macro AC_PATH_XTRA. -dnl ------------------------------------------------------------------------ +dnl PINENTRY is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +dnl GNU General Public License for more details. dnl -AC_DEFUN([QT_PATH_X], -[ -AC_ARG_ENABLE( - embedded, - [ --enable-embedded link to Qt-embedded, don't use X], - qt_use_emb=$enableval, - qt_use_emb=no -) - -AC_ARG_ENABLE( - palmtop, - [ --enable-palmtop link to Qt-embedded, don't use X, link to the Qt Palmtop Environment], - qt_use_emb_palm=$enableval, - qt_use_emb_palm=no -) +dnl You should have received a copy of the GNU General Public License +dnl along with this program; if not, write to the Free Software +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA -if test "$qt_use_emb" = "no"; then - AC_PATH_X - AC_PATH_XTRA - if test "$no_x" = yes; then - AC_MSG_ERROR([Can't find X. Please check your installation and add the correct paths!]) - fi - QT_CXXFLAGS="$X_CFLAGS" - QT_LDFLAGS="$X_LIBS" - QT_LIBS="$X_PRE_LIBS -lXext -lX11 $X_EXTRA_LIBS" - QTE_NORTTI="" -else - dnl We're using QT Embedded - QT_CXXFLAGS="-fno-rtti -DQWS" - QT_LDFLAGS="-DQWS" - QT_LIBS="" - QTE_NORTTI="-fno-rtti -DQWS" -fi -AC_SUBST(QT_CXXFLAGS) -AC_SUBST(QT_LDFLAGS) -AC_SUBST(QT_LIBS) -AC_SUBST(QTE_NORTTI) -]) - -AC_DEFUN([QT_PRINT_PROGRAM], -[ -AC_REQUIRE([QT_CHECK_VERSION]) -cat > conftest.$ac_ext < -#include -EOF -if test "$qt_ver" = "2"; then -cat >> conftest.$ac_ext < -#include -#include -EOF - -if test $qt_subver -gt 0; then -cat >> conftest.$ac_ext < -EOF -fi -fi - -if test "$qt_ver" = "3"; then -cat >> conftest.$ac_ext < -#include -#include -EOF -fi - -echo "#if ! ($qt_verstring)" >> conftest.$ac_ext -cat >> conftest.$ac_ext <> conftest.$ac_ext <> conftest.$ac_ext <> conftest.$ac_ext <> conftest.$ac_ext < /dev/null`"; then qt_libdir=$dir; break; else echo "tried $dir" >&AS_MESSAGE_LOG_FD; fi - done -fi - -ac_qt_libraries="$qt_libdir" - -AC_LANG_PUSH(C++) - -ac_cxxflags_safe="$CXXFLAGS" -ac_ldflags_safe="$LDFLAGS" -ac_libs_safe="$LIBS" - -CXXFLAGS="$CXXFLAGS -I$qt_incdir $QT_CXXFLAGS" -LDFLAGS="$LDFLAGS -L$qt_libdir $QT_LDFLAGS" -LIBS="$LIBS $QT_LIBS" - -QT_PRINT_PROGRAM - -if AC_TRY_EVAL(ac_link) && test -s conftest; then - rm -f conftest* -else - echo "configure: failed program was:" >&AS_MESSAGE_LOG_FD - cat conftest.$ac_ext >&AS_MESSAGE_LOG_FD - ac_qt_libraries="NO" -fi -rm -f conftest* -CXXFLAGS="$ac_cxxflags_safe" -LDFLAGS="$ac_ldflags_safe" -LIBS="$ac_libs_safe" - -AC_LANG_POP(C++) -if test "$ac_qt_includes" = NO || test "$ac_qt_libraries" = NO; then - ac_cv_have_qt="have_qt=no" - ac_qt_notfound="" - missing_qt_mt="" - if test "$ac_qt_includes" = NO; then - if test "$ac_qt_libraries" = NO; then - ac_qt_notfound="(headers and libraries)"; - else - ac_qt_notfound="(headers)"; - fi - else - if test "x$qt_use_mt" = "xyes"; then - missing_qt_mt=" -Make sure that you have compiled Qt with thread support!" - ac_qt_notfound="(library $qtlib-mt)"; - else - ac_qt_notfound="(library $qtlib)"; - fi - fi - - #AC_MSG_ERROR([Qt ($qt_minversion) $ac_qt_notfound not found. Please check your installation! - #For more details about this problem, look at the end of config.log.$missing_qt_mt]) - have_qt="no" -else - have_qt="yes" -fi -]) - -eval "$ac_cv_have_qt" - -if test "$have_qt" != yes; then - AC_MSG_RESULT([$have_qt]); -else - ac_cv_have_qt="have_qt=yes \ - ac_qt_includes=$ac_qt_includes ac_qt_libraries=$ac_qt_libraries" - AC_MSG_RESULT([libraries $ac_qt_libraries, headers $ac_qt_includes $USING_QT_MT]) - - qt_libraries="$ac_qt_libraries" - qt_includes="$ac_qt_includes" -fi - -AC_SUBST(qt_libraries) -AC_SUBST(qt_includes) - -if test "$qt_includes" = "$x_includes" || test -z "$qt_includes"; then - QT_INCLUDES="" -else - QT_INCLUDES="-I$qt_includes" -fi - -if test "$qt_libraries" != "$x_libraries" && test -n "$qt_libraries"; then - QT_LDFLAGS="$QT_LDFLAGS -L$qt_libraries" -fi -test -z "$QT_MT_LDFLAGS" || QT_LDFLAGS="$QT_LDFLAGS $QT_MT_LDFLAGS" - -AC_SUBST(QT_INCLUDES) -QT_PATH_MOC - - -AC_SUBST(LIB_QPE) -]) - -AC_DEFUN([QT_PATH], -[ -QT_PATH_1_3 -QT_CHECK_RPATH -]) - - -AC_DEFUN([QT_CHECK_COMPILER_FLAG], -[ -AC_MSG_CHECKING(whether $CXX supports -$1) -kde_cache=`echo $1 | sed 'y% .=/+-%____p_%'` -AC_CACHE_VAL(kde_cv_prog_cxx_$kde_cache, -[ - AC_LANG_PUSH(C++) - save_CXXFLAGS="$CXXFLAGS" - CXXFLAGS="$CXXFLAGS -$1" - AC_TRY_LINK([],[ return 0; ], [eval "kde_cv_prog_cxx_$kde_cache=yes"], []) - CXXFLAGS="$save_CXXFLAGS" - AC_LANG_POP(C++) -]) -if eval "test \"`echo '$kde_cv_prog_cxx_'$kde_cache`\" = yes"; then - AC_MSG_RESULT(yes) - : - $2 -else - AC_MSG_RESULT(no) - : - $3 -fi -]) - -dnl QT_REMOVE_FORBIDDEN removes forbidden arguments from variables -dnl use: QT_REMOVE_FORBIDDEN(CC, [-forbid -bad-option whatever]) -dnl it's all white-space separated -AC_DEFUN([QT_REMOVE_FORBIDDEN], -[ __val=$$1 - __forbid=" $2 " - if test -n "$__val"; then - __new="" - ac_save_IFS=$IFS - IFS=" " - for i in $__val; do - case "$__forbid" in - *" $i "*) AC_MSG_WARN([found forbidden $i in $1, removing it]) ;; - *) # Careful to not add spaces, where there were none, because otherwise - # libtool gets confused, if we change e.g. CXX - if test -z "$__new" ; then __new=$i ; else __new="$__new $i" ; fi ;; - esac - done - IFS=$ac_save_IFS - $1=$__new - fi -]) - -dnl QT_VALIDIFY_CXXFLAGS checks for forbidden flags the user may have given -AC_DEFUN([QT_VALIDIFY_CXXFLAGS], -[dnl -if test "x$qt_use_emb" != "xyes"; then - QT_REMOVE_FORBIDDEN(CXX, [-fno-rtti -rpath]) - QT_REMOVE_FORBIDDEN(CXXFLAGS, [-fno-rtti -rpath]) -else - QT_REMOVE_FORBIDDEN(CXX, [-rpath]) - QT_REMOVE_FORBIDDEN(CXXFLAGS, [-rpath]) -fi -]) +dnl sets PINENTRY_QT_LIBS and PINENTRY_QT_CFLAGS +dnl +dnl if QT5 was found have_qt5_libs is set to yes +dnl if QT4 was found have_qt4_libs is set to yes +dnl +dnl The moc lookup code is based on libpoppler (rev. d821207) -AC_DEFUN([QT_CHECK_COMPILERS], +AC_DEFUN([FIND_QT], [ - AC_PROG_CXX - - QT_CHECK_COMPILER_FLAG(fexceptions,[QT_CXXFLAGS="$QT_CXXFLAGS -fexceptions"]) - - case "$host" in - *-*-irix*) test "$GXX" = yes && QT_CXXFLAGS="-D_LANGUAGE_C_PLUS_PLUS -D__LANGUAGE_C_PLUS_PLUS $QT_CXXFLAGS" ;; - *-*-sysv4.2uw*) QT_CXXFLAGS="-D_UNIXWARE $QT_CXXFLAGS";; - *-*-sysv5uw7*) QT_CXXFLAGS="-D_UNIXWARE7 $QT_CXXFLAGS";; - *-*-solaris*) - if test "$GXX" = yes; then - libstdcpp=`$CXX -print-file-name=libstdc++.so` - if test ! -f $libstdcpp; then - AC_MSG_ERROR([You've compiled gcc without --enable-shared. This doesn't work with the Qt pinentry. Please recompile gcc with --enable-shared to receive a libstdc++.so]) - fi + PKG_CHECK_MODULES(PINENTRY_QT, + Qt5Core >= 5.0.0 Qt5Gui >= 5.0.0 Qt5Widgets >= 5.0.0, + [have_qt5_libs="yes"], + [have_qt5_libs="no"]) + + if "$PKG_CONFIG" --variable qt_config Qt5Core | grep -q "reduce_relocations"; then + PINENTRY_QT_CFLAGS="$PINENTRY_QT_CFLAGS -fpic" + fi + + if test "$have_qt5_libs" = "yes"; then + AC_CHECK_TOOL(MOC, moc) + AC_MSG_CHECKING([moc version]) + mocversion=`$MOC -v 2>&1` + mocversiongrep=`echo $mocversion | grep "Qt 5\|moc 5"` + if test x"$mocversiongrep" != x"$mocversion"; then + AC_MSG_RESULT([no]) + # moc was not the qt5 one, try with moc-qt5 + AC_CHECK_TOOL(MOC2, moc-qt5) + mocversion=`$MOC2 -v 2>&1` + mocversiongrep=`echo $mocversion | grep "Qt 5\|moc-qt5 5\|moc 5"` + if test x"$mocversiongrep" != x"$mocversion"; then + AC_CHECK_TOOL(QTCHOOSER, qtchooser) + qt5tooldir=`QT_SELECT=qt5 qtchooser -print-env | grep QTTOOLDIR | cut -d '=' -f 2 | cut -d \" -f 2` + mocversion=`$qt5tooldir/moc -v 2>&1` + mocversiongrep=`echo $mocversion | grep "Qt 5\|moc 5"` + if test x"$mocversiongrep" != x"$mocversion"; then + # no valid moc found + have_qt5_libs="no"; + else + MOC=$qt5tooldir/moc fi - ;; - esac - - QT_VALIDIFY_CXXFLAGS - - AC_PROG_CXXCPP -]) - -AC_DEFUN([QT_CHECK_RPATH], -[ -AC_MSG_CHECKING(for rpath) -AC_ARG_ENABLE(rpath, - [ --disable-rpath do not use the rpath feature of ld], - USE_RPATH=$enableval, USE_RPATH=yes) - -if test -z "$QT_RPATH" && test "$USE_RPATH" = "yes"; then - - QT_RPATH="" - if test -n "$qt_libraries"; then - QT_RPATH="$QT_RPATH -Wl,--rpath -Wl,\$(qt_libraries)" - fi - dnl $x_libraries is set to /usr/lib in case - if test -n "$X_LIBS"; then - QT_RPATH="$QT_RPATH -Wl,--rpath -Wl,\$(x_libraries)" - fi -fi -AC_SUBST(x_libraries) -AC_SUBST(QT_RPATH) -AC_MSG_RESULT($USE_RPATH) -]) - - -AC_DEFUN([QT_CHECK_LIBPTHREAD], -[ -AC_CHECK_LIB(pthread, pthread_create, [LIBPTHREAD="-lpthread"] ) -AC_SUBST(LIBPTHREAD) -]) - -AC_DEFUN([QT_CHECK_PTHREAD_OPTION], -[ - AC_ARG_ENABLE(kernel-threads, [ --enable-kernel-threads Enable the use of the LinuxThreads port on FreeBSD/i386 only.], - kde_use_kernthreads=$enableval, kde_use_kernthreads=no) - - if test "$kde_use_kernthreads" = "yes"; then - ac_save_CXXFLAGS="$CXXFLAGS" - ac_save_CFLAGS="$CXXFLAGS" - CXXFLAGS="-I/usr/local/include/pthread/linuxthreads $CXXFLAGS" - CFLAGS="-I/usr/local/include/pthread/linuxthreads $CFLAGS" - AC_CHECK_HEADERS(pthread/linuxthreads/pthread.h) - CXXFLAGS="$ac_save_CXXFLAGS" - CFLAGS="$ac_save_CFLAGS" - if test "$ac_cv_header_pthread_linuxthreads_pthread_h" = "no"; then - kde_use_kernthreads=no else - dnl Add proper -I and -l statements - AC_CHECK_LIB(lthread, pthread_join, [LIBPTHREAD="-llthread -llgcc_r"]) dnl for FreeBSD - if test "x$LIBPTHREAD" = "x"; then - kde_use_kernthreads=no + MOC=$MOC2 + fi + fi + fi + if test "$have_qt5_libs" != "yes"; then + PKG_CHECK_MODULES(PINENTRY_QT, + QtCore >= 4.4.0 QtGui >= 4.4.0, + [have_qt4_libs="yes"], + [have_qt4_libs="no"]) + if test "$have_qt4_libs" = "yes"; then + AC_CHECK_TOOL(MOC, moc) + AC_MSG_CHECKING([moc version]) + mocversion=`$MOC -v 2>&1` + mocversiongrep=`echo $mocversion | grep "Qt 4"` + if test x"$mocversiongrep" != x"$mocversion"; then + AC_MSG_RESULT([no]) + # moc was not the qt4 one, try with moc-qt4 + AC_CHECK_TOOL(MOC2, moc-qt4) + mocversion=`$MOC2 -v 2>&1` + mocversiongrep=`echo $mocversion | grep "Qt 4"` + if test x"$mocversiongrep" != x"$mocversion"; then + # no valid moc found + have_qt4_libs="no"; + MOC="not found" else - USE_THREADS="-D_THREAD_SAFE -I/usr/local/include/pthread/linuxthreads" + MOC=$MOC2 fi fi - else - USE_THREADS="" - if test -z "$LIBPTHREAD"; then - QT_CHECK_COMPILER_FLAG(pthread, [USE_THREADS="-pthread"] ) - fi - fi - - case $host_os in - solaris*) - QT_CHECK_COMPILER_FLAG(mt, [USE_THREADS="-mt"]) - QT_CXXFLAGS="$QT_CXXFLAGS -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DUSE_SOLARIS -DSVR4" - ;; - freebsd*) - QT_CXXFLAGS="$QT_CXXFLAGS -D_THREAD_SAFE" - ;; - aix*) - QT_CXXFLAGS="$QT_CXXFLAGS -D_THREAD_SAFE" - LIBPTHREAD="$LIBPTHREAD -lc_r" - ;; - linux*) QT_CXXFLAGS="$QT_CXXFLAGS -D_REENTRANT" - if test "$CXX" = "KCC"; then - QT_CXXFLAGS="$QT_CXXFLAGS --thread_safe" - fi - ;; - *) - ;; - esac - AC_SUBST(USE_THREADS) - AC_SUBST(LIBPTHREAD) -]) - -AC_DEFUN([QT_CHECK_THREADING], -[ - AC_REQUIRE([QT_CHECK_LIBPTHREAD]) - AC_REQUIRE([QT_CHECK_PTHREAD_OPTION]) - dnl default is yes if libpthread is found and no if no libpthread is available - if test -z "$LIBPTHREAD"; then - if test -z "$USE_THREADS"; then - kde_check_threading_default=no - else - kde_check_threading_default=yes fi - else - kde_check_threading_default=yes - fi - AC_ARG_ENABLE(threading, [ --disable-threading disables threading even if libpthread found ], - qt_use_threading=$enableval, qt_use_threading=$kde_check_threading_default) - if test "x$qt_use_threading" = "xyes"; then - AC_DEFINE(HAVE_LIBPTHREAD, 1, [Define if you have a working libpthread (will enable threaded code)]) fi ]) diff --git a/qt4/Makefile.am b/qt/Makefile.am similarity index 85% rename from qt4/Makefile.am rename to qt/Makefile.am index 8462d4f..96d0880 100644 --- a/qt4/Makefile.am +++ b/qt/Makefile.am @@ -20,7 +20,7 @@ ## Process this file with automake to produce Makefile.in -bin_PROGRAMS = pinentry-qt4 +bin_PROGRAMS = pinentry-qt EXTRA_DIST = document-encrypt.png pinentry.qrc @@ -37,10 +37,10 @@ endif AM_CPPFLAGS = $(COMMON_CFLAGS) \ -I$(top_srcdir) -I$(top_srcdir)/secmem \ $(ncurses_include) -I$(top_srcdir)/pinentry -AM_CXXFLAGS = $(QT4_CORE_CFLAGS) $(QT4_GUI_CFLAGS) -pinentry_qt4_LDADD = \ +AM_CXXFLAGS = $(PINENTRY_QT_CFLAGS) +pinentry_qt_LDADD = \ ../pinentry/libpinentry.a $(top_builddir)/secmem/libsecmem.a \ - $(COMMON_LIBS) $(QT4_CORE_LIBS) $(QT4_GUI_LIBS) $(libcurses) $(LIBCAP) + $(COMMON_LIBS) $(PINENTRY_QT_LIBS) $(libcurses) $(LIBCAP) BUILT_SOURCES = \ pinentryconfirm.moc pinentrydialog.moc @@ -48,10 +48,10 @@ BUILT_SOURCES = \ CLEANFILES = \ pinentryconfirm.moc pinentrydialog.moc -pinentry_qt4_SOURCES = pinentrydialog.h pinentrydialog.cpp \ +pinentry_qt_SOURCES = pinentrydialog.h pinentrydialog.cpp \ main.cpp qrc_pinentry.cpp pinentryconfirm.cpp pinentryconfirm.h -nodist_pinentry_qt4_SOURCES = \ +nodist_pinentry_qt_SOURCES = \ pinentryconfirm.moc pinentrydialog.moc .h.moc: diff --git a/qt4/document-encrypt.png b/qt/document-encrypt.png similarity index 100% rename from qt4/document-encrypt.png rename to qt/document-encrypt.png diff --git a/qt4/main.cpp b/qt/main.cpp similarity index 97% rename from qt4/main.cpp rename to qt/main.cpp index 5bc6193..0500b7a 100644 --- a/qt4/main.cpp +++ b/qt/main.cpp @@ -1,5 +1,5 @@ /* - main.cpp - A (not yet) secure Qt 4 dialog for PIN entry. + main.cpp - A Qt dialog for PIN entry. Copyright (C) 2002, 2008 Klar?lvdalens Datakonsult AB (KDAB) Copyright (C) 2003 g10 Code GmbH @@ -148,7 +148,7 @@ qt_cmd_handler (pinentry_t pe) /* else */ QLatin1String( "&Cancel" ) ; const QString title = pe->title ? from_utf8( pe->title ) : - /* else */ QLatin1String( "pinentry-qt4" ) ; + /* else */ QLatin1String( "pinentry-qt" ) ; if (want_pass) @@ -258,7 +258,7 @@ pinentry_cmd_handler_t pinentry_cmd_handler = qt_cmd_handler_ex; int main (int argc, char *argv[]) { - pinentry_init ("pinentry-qt4"); + pinentry_init ("pinentry-qt"); std::auto_ptr app; @@ -283,7 +283,7 @@ main (int argc, char *argv[]) *new_argv = (char*)malloc (n); if (!new_argv || !*new_argv) { - fprintf (stderr, "pinentry-qt4: can't fixup argument list: %s\n", + fprintf (stderr, "pinentry-qt: can't fixup argument list: %s\n", strerror (errno)); exit (EXIT_FAILURE); diff --git a/qt4/pinentry.qrc b/qt/pinentry.qrc similarity index 100% rename from qt4/pinentry.qrc rename to qt/pinentry.qrc diff --git a/qt4/pinentryconfirm.cpp b/qt/pinentryconfirm.cpp similarity index 100% rename from qt4/pinentryconfirm.cpp rename to qt/pinentryconfirm.cpp diff --git a/qt4/pinentryconfirm.h b/qt/pinentryconfirm.h similarity index 100% rename from qt4/pinentryconfirm.h rename to qt/pinentryconfirm.h diff --git a/qt4/pinentrydialog.cpp b/qt/pinentrydialog.cpp similarity index 99% rename from qt4/pinentrydialog.cpp rename to qt/pinentrydialog.cpp index bfbb71d..c7885d3 100644 --- a/qt4/pinentrydialog.cpp +++ b/qt/pinentrydialog.cpp @@ -92,7 +92,7 @@ void raiseWindow( QWidget* w ) QPixmap icon( QStyle::StandardPixmap which ) { QPixmap pm = qApp->windowIcon().pixmap( 48, 48 ); - + if ( which != QStyle::SP_CustomBase ) { const QIcon ic = qApp->style()->standardIcon( which ); QPainter painter( &pm ); diff --git a/qt4/pinentrydialog.h b/qt/pinentrydialog.h similarity index 100% rename from qt4/pinentrydialog.h rename to qt/pinentrydialog.h diff --git a/qt4/qrc_pinentry.cpp b/qt/qrc_pinentry.cpp similarity index 99% rename from qt4/qrc_pinentry.cpp rename to qt/qrc_pinentry.cpp index d15f01b..6ab2129 100644 --- a/qt4/qrc_pinentry.cpp +++ b/qt/qrc_pinentry.cpp @@ -128,7 +128,6 @@ static const unsigned char qt_resource_data[] = { 0x31,0xb0,0x89,0xe2,0xa,0xa9,0xb3,0xb4,0x87,0x7f,0xe,0xeb,0x3d,0x50,0xef,0x1d, 0xc2,0xfd,0x4b,0xe1,0x7f,0x0,0xd8,0x6e,0xc6,0xdd,0x5d,0xd6,0xb,0x18,0x0,0x0, 0x0,0x0,0x49,0x45,0x4e,0x44,0xae,0x42,0x60,0x82, - }; static const unsigned char qt_resource_name[] = { @@ -138,7 +137,6 @@ static const unsigned char qt_resource_name[] = { 0x0,0x64, 0x0,0x6f,0x0,0x63,0x0,0x75,0x0,0x6d,0x0,0x65,0x0,0x6e,0x0,0x74,0x0,0x2d,0x0,0x65,0x0,0x6e,0x0,0x63,0x0,0x72,0x0,0x79,0x0,0x70,0x0,0x74,0x0,0x2e, 0x0,0x70,0x0,0x6e,0x0,0x67, - }; static const unsigned char qt_resource_struct[] = { @@ -177,4 +175,3 @@ int QT_MANGLE_NAMESPACE(qCleanupResources_pinentry)() } Q_DESTRUCTOR_FUNCTION(QT_MANGLE_NAMESPACE(qCleanupResources_pinentry)) - ----------------------------------------------------------------------- Summary of changes: .gitignore | 10 +- Makefile.am | 10 +- README | 6 +- autogen.rc | 2 +- configure.ac | 97 +++-- m4/qt.m4 | 767 ++++----------------------------------- {qt4 => qt}/Makefile.am | 12 +- {qt4 => qt}/document-encrypt.png | Bin {qt4 => qt}/main.cpp | 8 +- {qt4 => qt}/pinentry.qrc | 0 {qt4 => qt}/pinentryconfirm.cpp | 0 {qt4 => qt}/pinentryconfirm.h | 0 {qt4 => qt}/pinentrydialog.cpp | 2 +- {qt4 => qt}/pinentrydialog.h | 0 {qt4 => qt}/qrc_pinentry.cpp | 3 - 15 files changed, 145 insertions(+), 772 deletions(-) rename {qt4 => qt}/Makefile.am (85%) rename {qt4 => qt}/document-encrypt.png (100%) rename {qt4 => qt}/main.cpp (97%) rename {qt4 => qt}/pinentry.qrc (100%) rename {qt4 => qt}/pinentryconfirm.cpp (100%) rename {qt4 => qt}/pinentryconfirm.h (100%) rename {qt4 => qt}/pinentrydialog.cpp (99%) rename {qt4 => qt}/pinentrydialog.h (100%) rename {qt4 => qt}/qrc_pinentry.cpp (99%) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 29 09:52:51 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 29 Jul 2015 09:52:51 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-24-g8b2b988 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8b2b988309cbc5af339beb0a55ff71d7464eb646 (commit) via 7ef09afd1a6a37c7f22e7c3d898f0c917b08f940 (commit) via 4bc75337f31374b7424d7bdebf839dd91ec80c0a (commit) via 18f1e627c697d75175b79fe095305fa775f20841 (commit) from 55e64f47a52d76e097a01eb4044a88a4e10d6a87 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8b2b988309cbc5af339beb0a55ff71d7464eb646 Author: Werner Koch Date: Tue Jul 28 18:21:47 2015 +0200 gpg: Indicate secret keys and cards in a key-edit listing. * g10/keyedit.c (sign_uids): Add arg "ctrl". (show_key_with_all_names_colon): Ditto. (show_key_with_all_names): Ditto. * g10/keyedit.c (show_key_with_all_names): Print key record indicators by checking with gpg-agent. (show_key_with_all_names): Ditto. May now also print sec/sbb. -- This also fixes a problem in the --with-colons mode. Before this patch the --with-colons output of --edit-key always showed pub/sub regardless of the old toogle state. Now it also prints sec/sbb. Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index 106aef0..6238b30 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -51,7 +51,7 @@ static void show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose); static void show_names (estream_t fp, KBNODE keyblock, PKT_public_key * pk, unsigned int flag, int with_prefs); -static void show_key_with_all_names (estream_t fp, +static void show_key_with_all_names (ctrl_t ctrl, estream_t fp, KBNODE keyblock, int only_marked, int with_revoker, int with_fpr, int with_subkeys, int with_prefs, @@ -508,7 +508,7 @@ trustsig_prompt (byte * trust_value, byte * trust_depth, char **regexp) * function won't ask the user and use sensible defaults. */ static int -sign_uids (estream_t fp, +sign_uids (ctrl_t ctrl, estream_t fp, kbnode_t keyblock, strlist_t locusr, int *ret_modified, int local, int nonrevocable, int trust, int interactive, int quick) @@ -804,7 +804,7 @@ sign_uids (estream_t fp, /* Ask whether we really should sign these user id(s). */ tty_fprintf (fp, "\n"); - show_key_with_all_names (fp, keyblock, 1, 0, 1, 0, 0, 0); + show_key_with_all_names (ctrl, fp, keyblock, 1, 0, 1, 0, 0, 0); tty_fprintf (fp, "\n"); if (primary_pk->expiredate && !selfsig) @@ -1526,7 +1526,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, if (redisplay && !quiet) { /* Show using flags: with_revoker, with_subkeys. */ - show_key_with_all_names (NULL, keyblock, 0, 1, 0, 1, 0, 0); + show_key_with_all_names (ctrl, NULL, keyblock, 0, 1, 0, 1, 0, 0); tty_printf ("\n"); redisplay = 0; } @@ -1719,7 +1719,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, break; } - sign_uids (NULL, keyblock, locusr, &modified, + sign_uids (ctrl, NULL, keyblock, locusr, &modified, localsig, nonrevokesig, trustsig, interactive, 0); } break; @@ -2065,7 +2065,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, break; } - show_key_with_all_names (NULL, keyblock, 0, 0, 0, 1, 0, 0); + show_key_with_all_names (ctrl, NULL, keyblock, 0, 0, 0, 1, 0, 0); tty_printf ("\n"); if (edit_ownertrust (find_kbnode (keyblock, PKT_PUBLIC_KEY)->pkt->pkt. @@ -2441,7 +2441,7 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, /* Give some info in verbose. */ if (opt.verbose) { - show_key_with_all_names (es_stdout, keyblock, 0, + show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 1/*with_revoker*/, 1/*with_fingerprint*/, 0, 0, 1); es_fflush (es_stdout); @@ -2451,7 +2451,7 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, if (pk->flags.revoked) { if (!opt.verbose) - show_key_with_all_names (es_stdout, keyblock, 0, 0, 0, 0, 0, 1); + show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1); log_error ("%s%s", _("Key is revoked."), _(" Unable to sign.\n")); goto leave; } @@ -2482,14 +2482,14 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, if (uids && !any) { if (!opt.verbose) - show_key_with_all_names (es_stdout, keyblock, 0, 0, 0, 0, 0, 1); + show_key_with_all_names (ctrl, es_stdout, keyblock, 0, 0, 0, 0, 0, 1); es_fflush (es_stdout); log_error ("%s %s", _("No matching user IDs."), _("Nothing to sign.\n")); goto leave; } /* Sign. */ - sign_uids (es_stdout, keyblock, locusr, &modified, local, 0, 0, 0, 1); + sign_uids (ctrl, es_stdout, keyblock, locusr, &modified, local, 0, 0, 0, 1); es_fflush (es_stdout); if (modified) @@ -2715,12 +2715,13 @@ show_prefs (PKT_user_id * uid, PKT_signature * selfsig, int verbose) opt.with_colons is used. It prints all available data in a easy to parse format and does not translate utf8 */ static void -show_key_with_all_names_colon (estream_t fp, kbnode_t keyblock) +show_key_with_all_names_colon (ctrl_t ctrl, estream_t fp, kbnode_t keyblock) { KBNODE node; int i, j, ulti_hack = 0; byte pk_version = 0; PKT_public_key *primary = NULL; + int have_seckey; if (!fp) fp = es_stdout; @@ -2741,9 +2742,13 @@ show_key_with_all_names_colon (estream_t fp, kbnode_t keyblock) } keyid_from_pk (pk, keyid); + have_seckey = !agent_probe_secret_key (ctrl, pk); + + if (node->pkt->pkttype == PKT_PUBLIC_KEY) + es_fputs (have_seckey? "sec:" : "pub:", fp); + else + es_fputs (have_seckey? "ssb:" : "sub:", fp); - es_fputs (node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub:" : "sub:", - fp); if (!pk->flags.valid) es_putc ('i', fp); else if (pk->flags.revoked) @@ -2934,20 +2939,23 @@ show_names (estream_t fp, * tty (ignored in with-colons mode). */ static void -show_key_with_all_names (estream_t fp, +show_key_with_all_names (ctrl_t ctrl, estream_t fp, KBNODE keyblock, int only_marked, int with_revoker, int with_fpr, int with_subkeys, int with_prefs, int nowarn) { - KBNODE node; + gpg_error_t err; + kbnode_t node; int i; int do_warn = 0; + int have_seckey = 0; + char *serialno = NULL; PKT_public_key *primary = NULL; char pkstrbuf[PUBKEY_STRING_SIZE]; if (opt.with_colons) { - show_key_with_all_names_colon (fp, keyblock); + show_key_with_all_names_colon (ctrl, fp, keyblock); return; } @@ -3025,13 +3033,33 @@ show_key_with_all_names (estream_t fp, } keyid_from_pk (pk, NULL); - tty_fprintf (fp, "%s%c %s/%s", - node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" : - node->pkt->pkttype == PKT_PUBLIC_SUBKEY ? "sub" : - node->pkt->pkttype == PKT_SECRET_KEY ? "sec" : "ssb", - (node->flag & NODFLG_SELKEY) ? '*' : ' ', - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr (pk->keyid)); + + xfree (serialno); + serialno = NULL; + { + char *hexgrip; + + err = hexkeygrip_from_pk (pk, &hexgrip); + if (err) + { + log_error ("error computing a keygrip: %s\n", + gpg_strerror (err)); + have_seckey = 0; + } + else + have_seckey = !agent_get_keyinfo (ctrl, hexgrip, &serialno); + xfree (hexgrip); + } + + tty_fprintf + (fp, "%s%c %s/%s", + node->pkt->pkttype == PKT_PUBLIC_KEY && have_seckey? "sec" : + node->pkt->pkttype == PKT_PUBLIC_KEY ? "pub" : + have_seckey ? "ssb" : + "sub", + (node->flag & NODFLG_SELKEY) ? '*' : ' ', + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr (pk->keyid)); if (opt.legacy_list_mode) tty_fprintf (fp, " "); @@ -3050,10 +3078,30 @@ show_key_with_all_names (estream_t fp, tty_fprintf (fp, _("usage: %s"), usagestr_from_pk (pk, 1)); tty_fprintf (fp, "\n"); - if (pk->seckey_info + if (serialno) + { + /* The agent told us that a secret key is available and + that it has been stored on a card. */ + tty_fprintf (fp, "%*s%s", opt.legacy_list_mode? 21:5, "", + _("card-no: ")); + if (strlen (serialno) == 32 + && !strncmp (serialno, "D27600012401", 12)) + { + /* This is an OpenPGP card. Print the relevant part. */ + /* Example: D2760001240101010001000003470000 */ + /* xxxxyyyyyyyy */ + tty_fprintf (fp, "%.*s %.*s\n", + 4, serialno+16, 8, serialno+20); + } + else + tty_fprintf (fp, "%s\n", serialno); + + } + else if (pk->seckey_info && pk->seckey_info->is_protected && pk->seckey_info->s2k.mode == 1002) { + /* FIXME: Check wether this code path is still used. */ tty_fprintf (fp, "%*s%s", opt.legacy_list_mode? 21:5, "", _("card-no: ")); if (pk->seckey_info->ivlen == 16 @@ -3125,13 +3173,17 @@ show_key_with_all_names (estream_t fp, tty_fprintf (fp, _("Please note that the shown key validity" " is not necessarily correct\n" "unless you restart the program.\n")); + + xfree (serialno); } /* Display basic key information. This function is suitable to show information on the key without any dependencies on the trustdb or any other internal GnuPG stuff. KEYBLOCK may either be a public or - a secret key.*/ + a secret key. This function may be called with KEYBLOCK containing + secret keys and thus the printing of "pub" vs. "sec" does only + depend on the packet type and not by checking with gpg-agent. */ void show_basic_key_info (KBNODE keyblock) { commit 7ef09afd1a6a37c7f22e7c3d898f0c917b08f940 Author: Werner Koch Date: Tue Jul 28 17:43:29 2015 +0200 gpg: Remove the edit-key toggle command. * g10/keyedit.c (cmds): Remove helptext from "toggle". (keyedit_menu): Remove "toggle" var and remove the sub/pub check against toggle. -- Because it is now easily possible to have only secret keys for some of the main/subkeys the current check on whether any secret is available is not really useful. A finer grained check should eventually be implemented. Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index be15b09..106aef0 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1366,8 +1366,7 @@ static struct N_("change the expiration date for the key or selected subkeys")}, { "primary", cmdPRIMARY, KEYEDIT_NOT_SK | KEYEDIT_NEED_SK, N_("flag the selected user ID as primary")}, - { "toggle", cmdTOGGLE, KEYEDIT_NEED_SK, - N_("toggle between the secret and public key listings")}, + { "toggle", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, /* Dummy command. */ { "t", cmdTOGGLE, KEYEDIT_NEED_SK, NULL}, { "pref", cmdPREF, KEYEDIT_NOT_SK, N_("list preferences (expert)")}, { "showpref", cmdSHOWPREF, KEYEDIT_NOT_SK, N_("list preferences (verbose)")}, @@ -1472,7 +1471,6 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, int modified = 0; int sec_shadowing = 0; int run_subkey_warnings = 0; - int toggle; int have_commands = !!commands; if (opt.command_fd != -1) @@ -1515,8 +1513,6 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, tty_printf (_("Secret key is available.\n")); } - toggle = 0; - /* Main command loop. */ for (;;) { @@ -1529,6 +1525,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, if (redisplay && !quiet) { + /* Show using flags: with_revoker, with_subkeys. */ show_key_with_all_names (NULL, keyblock, 0, 1, 0, 1, 0, 0); tty_printf ("\n"); redisplay = 0; @@ -1616,13 +1613,6 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, tty_printf (_("Need the secret key to do this.\n")); cmd = cmdNOP; } - else if (((cmds[i].flags & KEYEDIT_NOT_SK) && have_seckey && toggle) - || ((cmds[i].flags & KEYEDIT_ONLY_SK) && have_seckey - && !toggle)) - { - tty_printf (_("Please use the command \"toggle\" first.\n")); - cmd = cmdNOP; - } else cmd = cmds[i].id; } @@ -1743,7 +1733,6 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, where we worked with a secret and a public keyring. It is not necessary anymore but we keep this command for the sake of scripts using it. */ - toggle = !toggle; redisplay = 1; break; commit 4bc75337f31374b7424d7bdebf839dd91ec80c0a Author: Werner Koch Date: Tue Jul 28 17:38:44 2015 +0200 common,w32: Avoid unused var warning about msgcache. * common/i18n.c (USE_MSGCACHE): New. (msgcache) [!USE_MSGCACHE]: Do not define. (i18n_localegettext): Repalce #if conditions by USE_MSGCACHE. Signed-off-by: Werner Koch diff --git a/common/i18n.c b/common/i18n.c index d1f157c..39e3d8f 100644 --- a/common/i18n.c +++ b/common/i18n.c @@ -38,8 +38,16 @@ #include "i18n.h" -/* An object to store pointers to static strings and there static - translation. A linked list is not optimal but given that we only +#undef USE_MSGCACHE +#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) \ + && !defined(USE_SIMPLE_GETTEXT) && defined(ENABLE_NLS) +# define USE_MSGCACHE 1 +#endif + + +#ifdef USE_MSGCACHE +/* An object to store pointers to static strings and their static + translations. A linked list is not optimal but given that we only have a few dozen messages it should be acceptable. */ struct msg_cache_s { @@ -67,6 +75,7 @@ struct msg_cache_heads_s static strings. */ static struct msg_cache_heads_s *msgcache; +#endif /*USE_MSGCACHE*/ void @@ -153,8 +162,7 @@ i18n_utf8 (const char *string) const char * i18n_localegettext (const char *lc_messages, const char *string) { -#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES) \ - && !defined(USE_SIMPLE_GETTEXT) && defined(ENABLE_NLS) +#if USE_MSGCACHE const char *result = NULL; char *saved = NULL; struct msg_cache_heads_s *mh; @@ -220,8 +228,10 @@ i18n_localegettext (const char *lc_messages, const char *string) xfree (saved); return result? result : _(string); -#else /*!(HAVE_SETLOCALE && LC_MESSAGES ...)*/ +#else /*!USE_MSGCACHE*/ + (void)lc_messages; return _(string); -#endif /*!(HAVE_SETLOCALE && LC_MESSAGES ...)*/ + +#endif /*!USE_MSGCACHE*/ } commit 18f1e627c697d75175b79fe095305fa775f20841 Author: Werner Koch Date: Tue Jul 28 12:52:26 2015 +0200 w32: Try more places to find an installed Pinentry. * common/homedir.c (get_default_pinentry_name): Re-implement to support several choices for Windows. Signed-off-by: Werner Koch diff --git a/common/homedir.c b/common/homedir.c index 8c73e99..3918693 100644 --- a/common/homedir.c +++ b/common/homedir.c @@ -613,6 +613,26 @@ dirmngr_user_socket_name (void) static const char * get_default_pinentry_name (int reset) { + static struct { + const char *(*rfnc)(void); + const char *name; + } names[] = { + /* The first entry is what we return in case we found no + other pinentry. */ + { gnupg_bindir, DIRSEP_S "pinentry" EXEEXT_S }, +#ifdef HAVE_W32_SYSTEM + /* Try Gpg4win directory (with bin and without.) */ + { w32_rootdir, "\\..\\Gpg4win\\bin\\pinentry.exe" }, + { w32_rootdir, "\\..\\Gpg4win\\pinentry.exe" }, + /* Try old Gpgwin directory. */ + { w32_rootdir, "\\..\\GNU\\GnuPG\\pinentry.exe" }, + /* Try a Pinentry from the common GNU dir. */ + { w32_rootdir, "\\..\\GNU\\bin\\pinentry.exe" }, +#endif + /* Last chance is a pinentry-basic (which comes with the + GnuPG 2.1 Windows installer). */ + { gnupg_bindir, DIRSEP_S "pinentry-basic" EXEEXT_S } + }; static char *name; if (reset) @@ -623,22 +643,27 @@ get_default_pinentry_name (int reset) if (!name) { - name = xstrconcat (gnupg_bindir (), - DIRSEP_S "pinentry" EXEEXT_S, NULL); - if (access (name, F_OK) && errno == ENOENT) + int i; + + for (i=0; i < DIM(names); i++) { char *name2; - name2 = xstrconcat (gnupg_bindir (), - DIRSEP_S "pinentry-basic" EXEEXT_S, NULL); - if (access (name2, F_OK)) - xfree (name2); /* Does not exist. */ - else /* Switch to pinentry-basic. */ + + name2 = xstrconcat (names[i].rfnc (), names[i].name, NULL); + if (!access (name2, F_OK)) { + /* Use that pinentry. */ xfree (name); name = name2; + break; } + if (!i) /* Store the first as fallback return. */ + name = name2; + else + xfree (name2); } } + return name; } diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 4c47072..62d23bb 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -403,6 +403,17 @@ installation dependent. With the default configuration the name of the default pinentry is @file{pinentry}; if that file does not exist but a @file{pinentry-basic} exist the latter is used. +On a Windows platform the default is to use the first existing program +from this list: + at file{bin\pinentry.exe}, + at file{..\Gpg4win\bin\pinentry.exe}, + at file{..\Gpg4win\pinentry.exe}, + at file{..\GNU\GnuPG\pinentry.exe}, + at file{..\GNU\bin\pinentry.exe}, + at file{bin\pinentry-basic.exe} +where the file names are relative to the GnuPG installation directory. + + @item --pinentry-touch-file @var{filename} @opindex pinentry-touch-file By default the filename of the socket gpg-agent is listening for ----------------------------------------------------------------------- Summary of changes: common/homedir.c | 41 +++++++++++++++---- common/i18n.c | 22 +++++++--- doc/gpg-agent.texi | 11 +++++ g10/keyedit.c | 117 ++++++++++++++++++++++++++++++++++++----------------- 4 files changed, 139 insertions(+), 52 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Jul 29 16:15:55 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 29 Jul 2015 16:15:55 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-26-g23d8609 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 23d8609f4b5ec3432323a676fd7ef225c0ef71a1 (commit) via 9502d7f50a0897ba23cf15ab13ac498ac6ba4d5b (commit) from 8b2b988309cbc5af339beb0a55ff71d7464eb646 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 23d8609f4b5ec3432323a676fd7ef225c0ef71a1 Author: Werner Koch Date: Wed Jul 29 16:10:54 2015 +0200 gpg: Do not return "Legacy Key" from lookup if a key is expired. * g10/getkey.c (lookup): Map GPG_ERR_LEGACY_KEY. -- If an expired key is directly followed by a legacy key in the keyring, the lookup function incorrectly returned "legacy key" instead of "unusable key". We fix it by handling not found identical to a legacy key if the last finish lookup failed. Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 5f118ea..14b912a 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2633,7 +2633,8 @@ found: *ret_keyblock = ctx->keyblock; /* Return the keyblock. */ ctx->keyblock = NULL; } - else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND && no_suitable_key) + else if ((gpg_err_code (rc) == GPG_ERR_NOT_FOUND + || gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) && no_suitable_key) rc = want_secret? GPG_ERR_UNUSABLE_SECKEY : GPG_ERR_UNUSABLE_PUBKEY; else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) rc = want_secret? GPG_ERR_NO_SECKEY : GPG_ERR_NO_PUBKEY; commit 9502d7f50a0897ba23cf15ab13ac498ac6ba4d5b Author: Werner Koch Date: Wed Jul 29 15:46:40 2015 +0200 doc: Document that gpg --edit-key's toggle is a nop. -- diff --git a/doc/gpg.texi b/doc/gpg.texi index 73a80a8..86726b3 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -818,7 +818,7 @@ create a signature of any type desired. @item toggle @opindex keyedit:toggle - Toggle between public and secret key listing. + This is dummy command which exists only for backward compatibility. @item clean @opindex keyedit:clean ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 2 +- g10/getkey.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 31 12:04:48 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 31 Jul 2015 12:04:48 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.6-27-g328a6b6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 328a6b6459a5ce4a70b374262f221ada20c40878 (commit) from 23d8609f4b5ec3432323a676fd7ef225c0ef71a1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 328a6b6459a5ce4a70b374262f221ada20c40878 Author: Werner Koch Date: Fri Jul 31 12:02:08 2015 +0200 gpg: Fix endless loop for expired keys given by fpr. * g10/getkey.c (lookup): Disable keydb caching when continuing a search. -- Caches are Fierce Creatures. Reported-by: Patrick Brunschwig diff --git a/g10/getkey.c b/g10/getkey.c index 14b912a..f02e8c2 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2621,6 +2621,11 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, int want_secret) /* Release resources and continue search. */ release_kbnode (ctx->keyblock); ctx->keyblock = NULL; + /* We need to disable the caching so that for an exact key search we + won't get the result back from the cache and thus end up in an + endless loop. Disabling this here is sufficient because although + the result may have been cached, if won't be used then. */ + keydb_disable_caching (ctx->kr_handle); } found: ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 5 +++++ 1 file changed, 5 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Jul 31 15:23:54 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 31 Jul 2015 15:23:54 +0200 Subject: [git] GPGME - branch, master, updated. gpgme-1.5.5-4-g08086dd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, master has been updated via 08086dd6901740e155e4361212b4e9cff8a47296 (commit) from 157c8be183153ff588f98874a3205aa483d0fd23 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 08086dd6901740e155e4361212b4e9cff8a47296 Author: Andre Heinecke Date: Thu Jul 2 10:19:04 2015 +0200 Add offline mode support for CMS keylisting * doc/gpgme.texi: Document offline mode. * src/context.h (gpgme_context): Add offline. * src/engine-backend.h (keylist, keylist_ext): Add engine_flags. * src/engine.c, src/engine.h (_gpgme_engine_op_keylist): Ditto. (_gpgme_engine_op_keylist_ext): Ditto. * src/engine.h (GPGME_ENGINE_FLAG_OFFLINE): New. * src/engine-gpg.c (gpg_keylist, gpg_keylist_ext): Ditto. * src/engine-gpgsm.c (gpgsm_keylist): Handle engine_flags. (gpgsm_keylist_ext): Ditto. * src/gpgme.c (gpgme_set_offline, gpgme_get_offline): New. * src/gpgme.def (gpgme_set_offline, gpgme_get_offline): New. * src/gpgme.h.in (gpgme_set_offline, gpgme_get_offline): New. * src/libgpgme.vers (gpgme_set_offline, gpgme_get_offline): New. * src/keylist.c (gpgme_op_keylist_start): Set offline flag. (gpgme_op_keylist_ext_start): Ditto. * tests/run-keylist.c (show_usage, main): Add offline argument. -- The offline engine option was introduced with gpgsm 2.1.6 it is mainly useful for a full keylisting that includes the certificate validation but does not depend on external information that could take an indefinite amount of time to collect. Signed-off-by: Andre Heinecke diff --git a/doc/gpgme.texi b/doc/gpgme.texi index 45c359d..ef4936d 100644 --- a/doc/gpgme.texi +++ b/doc/gpgme.texi @@ -189,6 +189,7 @@ Context Attributes * Crypto Engine:: Configuring the crypto engine. * ASCII Armor:: Requesting @acronym{ASCII} armored output. * Text Mode:: Choosing canonical text mode. +* Offline Mode:: Choosing offline mode. * Included Certificates:: Including a number of certificates. * Key Listing Mode:: Selecting key listing mode. * Passphrase Callback:: Getting the passphrase from the user. @@ -2285,6 +2286,7 @@ started. In fact, these references are accessed through the * Crypto Engine:: Configuring the crypto engine. * ASCII Armor:: Requesting @acronym{ASCII} armored output. * Text Mode:: Choosing canonical text mode. +* Offline Mode:: Choosing offline mode. * Included Certificates:: Including a number of certificates. * Key Listing Mode:: Selecting key listing mode. * Passphrase Callback:: Getting the passphrase from the user. @@ -2413,6 +2415,37 @@ valid pointer. @end deftypefun + at node Offline Mode + at subsection Offline Mode + at cindex context, offline mode + at cindex offline mode + + at deftypefun void gpgme_set_offline (@w{gpgme_ctx_t @var{ctx}}, @w{int @var{yes}}) +The function @code{gpgme_set_offline} specifies if offline mode +should be used. By default, offline mode is not used. + +The offline mode specifies if dirmngr should be used to do additional +validation that might require connections to external services. +(e.g. CRL / OCSP checks). + +Offline mode only affects the keylist mode @code{GPGME_KEYLIST_MODE_VALIDATE} +and is only relevant to the CMS crypto engine. Offline mode +is ignored otherwise. + +This option may be extended in the future to completely disable +the use of dirmngr for any engine. + +Offline mode is disabled if @var{yes} is zero, and enabled +otherwise. + at end deftypefun + + at deftypefun int gpgme_get_offline (@w{gpgme_ctx_t @var{ctx}}) +The function @code{gpgme_get_offline} returns 1 if offline +mode is enabled, and @code{0} if it is not, or if @var{ctx} is not a +valid pointer. + at end deftypefun + + @node Included Certificates @subsection Included Certificates @cindex certificates, included diff --git a/src/context.h b/src/context.h index 745ffa8..8cd86e9 100644 --- a/src/context.h +++ b/src/context.h @@ -98,6 +98,9 @@ struct gpgme_context /* True if text mode should be used. */ unsigned int use_textmode : 1; + /* True if offline mode should be used. */ + unsigned int offline : 1; + /* Flags for keylist mode. */ gpgme_keylist_mode_t keylist_mode; diff --git a/src/engine-backend.h b/src/engine-backend.h index b3cc412..4f4519c 100644 --- a/src/engine-backend.h +++ b/src/engine-backend.h @@ -85,10 +85,12 @@ struct engine_ops gpgme_error_t (*import) (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray); gpgme_error_t (*keylist) (void *engine, const char *pattern, - int secret_only, gpgme_keylist_mode_t mode); + int secret_only, gpgme_keylist_mode_t mode, + int engine_flags); gpgme_error_t (*keylist_ext) (void *engine, const char *pattern[], int secret_only, int reserved, - gpgme_keylist_mode_t mode); + gpgme_keylist_mode_t mode, + int engine_flags); gpgme_error_t (*sign) (void *engine, gpgme_data_t in, gpgme_data_t out, gpgme_sig_mode_t mode, int use_armor, int use_textmode, int include_certs, diff --git a/src/engine-gpg.c b/src/engine-gpg.c index e14fd8d..510dfd9 100644 --- a/src/engine-gpg.c +++ b/src/engine-gpg.c @@ -2279,7 +2279,7 @@ gpg_keylist_build_options (engine_gpg_t gpg, int secret_only, static gpgme_error_t gpg_keylist (void *engine, const char *pattern, int secret_only, - gpgme_keylist_mode_t mode) + gpgme_keylist_mode_t mode, int engine_flags) { engine_gpg_t gpg = engine; gpgme_error_t err; @@ -2298,7 +2298,7 @@ gpg_keylist (void *engine, const char *pattern, int secret_only, static gpgme_error_t gpg_keylist_ext (void *engine, const char *pattern[], int secret_only, - int reserved, gpgme_keylist_mode_t mode) + int reserved, gpgme_keylist_mode_t mode, int engine_flags) { engine_gpg_t gpg = engine; gpgme_error_t err; diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c index ac6c5fc..3771157 100644 --- a/src/engine-gpgsm.c +++ b/src/engine-gpgsm.c @@ -1542,7 +1542,7 @@ gpgsm_import (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray) static gpgme_error_t gpgsm_keylist (void *engine, const char *pattern, int secret_only, - gpgme_keylist_mode_t mode) + gpgme_keylist_mode_t mode, int engine_flags) { engine_gpgsm_t gpgsm = engine; char *line; @@ -1599,6 +1599,11 @@ gpgsm_keylist (void *engine, const char *pattern, int secret_only, "OPTION with-secret=1": "OPTION with-secret=0" , NULL, NULL); + gpgsm_assuan_simple_command (gpgsm->assuan_ctx, + (engine_flags & GPGME_ENGINE_FLAG_OFFLINE)? + "OPTION offline=1": + "OPTION offline=0" , + NULL, NULL); /* Length is "LISTSECRETKEYS " + p + '\0'. */ @@ -1629,7 +1634,7 @@ gpgsm_keylist (void *engine, const char *pattern, int secret_only, static gpgme_error_t gpgsm_keylist_ext (void *engine, const char *pattern[], int secret_only, - int reserved, gpgme_keylist_mode_t mode) + int reserved, gpgme_keylist_mode_t mode, int engine_flags) { engine_gpgsm_t gpgsm = engine; char *line; @@ -1669,7 +1674,11 @@ gpgsm_keylist_ext (void *engine, const char *pattern[], int secret_only, "OPTION with-secret=1": "OPTION with-secret=0" , NULL, NULL); - + gpgsm_assuan_simple_command (gpgsm->assuan_ctx, + (engine_flags & GPGME_ENGINE_FLAG_OFFLINE)? + "OPTION offline=1": + "OPTION offline=0" , + NULL, NULL); if (pattern && *pattern) { diff --git a/src/engine.c b/src/engine.c index ff015c0..8e84da9 100644 --- a/src/engine.c +++ b/src/engine.c @@ -726,7 +726,8 @@ _gpgme_engine_op_import (engine_t engine, gpgme_data_t keydata, gpgme_error_t _gpgme_engine_op_keylist (engine_t engine, const char *pattern, - int secret_only, gpgme_keylist_mode_t mode) + int secret_only, gpgme_keylist_mode_t mode, + int engine_flags) { if (!engine) return gpg_error (GPG_ERR_INV_VALUE); @@ -734,14 +735,15 @@ _gpgme_engine_op_keylist (engine_t engine, const char *pattern, if (!engine->ops->keylist) return gpg_error (GPG_ERR_NOT_IMPLEMENTED); - return (*engine->ops->keylist) (engine->engine, pattern, secret_only, mode); + return (*engine->ops->keylist) (engine->engine, pattern, secret_only, mode, + engine_flags); } gpgme_error_t _gpgme_engine_op_keylist_ext (engine_t engine, const char *pattern[], int secret_only, int reserved, - gpgme_keylist_mode_t mode) + gpgme_keylist_mode_t mode, int engine_flags) { if (!engine) return gpg_error (GPG_ERR_INV_VALUE); @@ -750,7 +752,7 @@ _gpgme_engine_op_keylist_ext (engine_t engine, const char *pattern[], return gpg_error (GPG_ERR_NOT_IMPLEMENTED); return (*engine->ops->keylist_ext) (engine->engine, pattern, secret_only, - reserved, mode); + reserved, mode, engine_flags); } diff --git a/src/engine.h b/src/engine.h index bbf009d..56fcc42 100644 --- a/src/engine.h +++ b/src/engine.h @@ -113,12 +113,14 @@ gpgme_error_t _gpgme_engine_op_import (engine_t engine, gpgme_error_t _gpgme_engine_op_keylist (engine_t engine, const char *pattern, int secret_only, - gpgme_keylist_mode_t mode); + gpgme_keylist_mode_t mode, + int engine_flags); gpgme_error_t _gpgme_engine_op_keylist_ext (engine_t engine, const char *pattern[], int secret_only, int reserved, - gpgme_keylist_mode_t mode); + gpgme_keylist_mode_t mode, + int engine_flags); gpgme_error_t _gpgme_engine_op_sign (engine_t engine, gpgme_data_t in, gpgme_data_t out, gpgme_sig_mode_t mode, int use_armor, int use_textmode, @@ -170,5 +172,8 @@ gpgme_error_t _gpgme_engine_op_spawn (engine_t engine, gpgme_data_t dataerr, unsigned int flags); +/* The available engine option flags. */ +#define GPGME_ENGINE_FLAG_OFFLINE 1 + #endif /* ENGINE_H */ diff --git a/src/gpgme.c b/src/gpgme.c index 628cdae..c24b620 100644 --- a/src/gpgme.c +++ b/src/gpgme.c @@ -472,6 +472,30 @@ gpgme_get_textmode (gpgme_ctx_t ctx) } +/* Enable offline mode for this context. In offline mode dirmngr + will be disabled. */ +void +gpgme_set_offline (gpgme_ctx_t ctx, int offline) +{ + TRACE2 (DEBUG_CTX, "gpgme_set_offline", ctx, "offline=%i (%s)", + offline, offline ? "yes" : "no"); + + if (!ctx) + return; + + ctx->offline = offline; +} + +/* Return the state of the offline flag. */ +int +gpgme_get_offline (gpgme_ctx_t ctx) +{ + TRACE2 (DEBUG_CTX, "gpgme_get_offline", ctx, "ctx->offline=%i (%s)", + ctx->offline, ctx->offline ? "yes" : "no"); + return ctx->offline; +} + + /* Set the number of certifications to include in an S/MIME message. The default is GPGME_INCLUDE_CERTS_DEFAULT. -1 means all certs, and -2 means all certs except the root cert. */ diff --git a/src/gpgme.def b/src/gpgme.def index dc18948..cf167b4 100644 --- a/src/gpgme.def +++ b/src/gpgme.def @@ -217,5 +217,8 @@ EXPORTS gpgme_op_spawn_start @163 gpgme_op_spawn @164 + + gpgme_set_offline @165 + gpgme_get_offline @166 ; END diff --git a/src/gpgme.h.in b/src/gpgme.h.in index 15ed803..099cc8a 100644 --- a/src/gpgme.h.in +++ b/src/gpgme.h.in @@ -887,6 +887,12 @@ void gpgme_set_textmode (gpgme_ctx_t ctx, int yes); /* Return non-zero if text mode is set in CTX. */ int gpgme_get_textmode (gpgme_ctx_t ctx); +/* If YES is non-zero, enable offline mode in CTX, disable it otherwise. */ +void gpgme_set_offline (gpgme_ctx_t ctx, int yes); + +/* Return non-zero if offline mode is set in CTX. */ +int gpgme_get_offline (gpgme_ctx_t ctx); + /* Use whatever the default of the backend crypto engine is. */ #define GPGME_INCLUDE_CERTS_DEFAULT -256 diff --git a/src/keylist.c b/src/keylist.c index 36ee3ea..fcf574f 100644 --- a/src/keylist.c +++ b/src/keylist.c @@ -889,6 +889,7 @@ gpgme_op_keylist_start (gpgme_ctx_t ctx, const char *pattern, int secret_only) gpgme_error_t err; void *hook; op_data_t opd; + int flags = 0; TRACE_BEG2 (DEBUG_CTX, "gpgme_op_keylist_start", ctx, "pattern=%s, secret_only=%i", pattern, secret_only); @@ -913,8 +914,11 @@ gpgme_op_keylist_start (gpgme_ctx_t ctx, const char *pattern, int secret_only) if (err) return TRACE_ERR (err); + if (ctx->offline) + flags |= GPGME_ENGINE_FLAG_OFFLINE; + err = _gpgme_engine_op_keylist (ctx->engine, pattern, secret_only, - ctx->keylist_mode); + ctx->keylist_mode, flags); return TRACE_ERR (err); } @@ -929,6 +933,7 @@ gpgme_op_keylist_ext_start (gpgme_ctx_t ctx, const char *pattern[], gpgme_error_t err; void *hook; op_data_t opd; + int flags = 0; TRACE_BEG2 (DEBUG_CTX, "gpgme_op_keylist_ext_start", ctx, "secret_only=%i, reserved=0x%x", secret_only, reserved); @@ -952,8 +957,12 @@ gpgme_op_keylist_ext_start (gpgme_ctx_t ctx, const char *pattern[], if (err) return TRACE_ERR (err); + if (ctx->offline) + flags |= GPGME_ENGINE_FLAG_OFFLINE; + err = _gpgme_engine_op_keylist_ext (ctx->engine, pattern, secret_only, - reserved, ctx->keylist_mode); + reserved, ctx->keylist_mode, + flags); return TRACE_ERR (err); } diff --git a/src/libgpgme.vers b/src/libgpgme.vers index 39663c1..fc2920f 100644 --- a/src/libgpgme.vers +++ b/src/libgpgme.vers @@ -92,6 +92,9 @@ GPGME_1.1 { gpgme_op_spawn_start; gpgme_op_spawn; + + gpgme_set_offline; + gpgme_get_offline; }; diff --git a/tests/run-keylist.c b/tests/run-keylist.c index 07c6fa1..8abdf43 100644 --- a/tests/run-keylist.c +++ b/tests/run-keylist.c @@ -53,6 +53,7 @@ show_usage (int ex) " --ephemeral use GPGME_KEYLIST_MODE_EPHEMERAL\n" " --validate use GPGME_KEYLIST_MODE_VALIDATE\n" " --import import all keys\n" + " --offline use offline mode\n" , stderr); exit (ex); } @@ -72,6 +73,7 @@ main (int argc, char **argv) int keyidx = 0; gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP; int only_secret = 0; + int offline = 0; if (argc) { argc--; argv++; } @@ -141,6 +143,11 @@ main (int argc, char **argv) import = 1; argc--; argv++; } + else if (!strcmp (*argv, "--offline")) + { + offline = 1; + argc--; argv++; + } else if (!strncmp (*argv, "--", 2)) show_usage (1); @@ -157,6 +164,8 @@ main (int argc, char **argv) gpgme_set_keylist_mode (ctx, mode); + gpgme_set_offline (ctx, offline); + err = gpgme_op_keylist_start (ctx, argc? argv[0]:NULL, only_secret); fail_if_err (err); ----------------------------------------------------------------------- Summary of changes: doc/gpgme.texi | 33 +++++++++++++++++++++++++++++++++ src/context.h | 3 +++ src/engine-backend.h | 6 ++++-- src/engine-gpg.c | 4 ++-- src/engine-gpgsm.c | 15 ++++++++++++--- src/engine.c | 10 ++++++---- src/engine.h | 9 +++++++-- src/gpgme.c | 24 ++++++++++++++++++++++++ src/gpgme.def | 3 +++ src/gpgme.h.in | 6 ++++++ src/keylist.c | 13 +++++++++++-- src/libgpgme.vers | 3 +++ tests/run-keylist.c | 9 +++++++++ 13 files changed, 123 insertions(+), 15 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org