From cvs at cvs.gnupg.org Fri May 1 07:05:35 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 01 May 2015 07:05:35 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-23-gf77fd57 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f77fd572db658959fa40aa8c181be919e688b707 (commit) from 01a2a61bc4b34817c4216888265f65d59a33dad3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f77fd572db658959fa40aa8c181be919e688b707 Author: NIIBE Yutaka Date: Thu Apr 30 17:02:42 2015 +0900 g10: fix cmp_public_key. * g10/free-packet.c (cmp_public_keys): Compare opaque data at the first entry of the array when it's unknown algo. -- (forwardported from 2.0 commit 43429c7869152f301157e4b24790b3801dce0f0a) GnuPG-bug-id: 1962 diff --git a/g10/free-packet.c b/g10/free-packet.c index 49d54f4..670f256 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -434,11 +434,14 @@ cmp_public_keys( PKT_public_key *a, PKT_public_key *b ) return -1; n = pubkey_get_npkey( b->pubkey_algo ); - if( !n ) - return -1; /* can't compare due to unknown algorithm */ - for(i=0; i < n; i++ ) { - if( mpi_cmp( a->pkey[i], b->pkey[i] ) ) - return -1; + if( !n ) { /* unknown algorithm, rest is in opaque MPI */ + if( mpi_cmp( a->pkey[0], b->pkey[0] ) ) + return -1; /* can't compare due to unknown algorithm */ + } else { + for(i=0; i < n; i++ ) { + if( mpi_cmp( a->pkey[i], b->pkey[i] ) ) + return -1; + } } return 0; ----------------------------------------------------------------------- Summary of changes: g10/free-packet.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 1 07:35:50 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 01 May 2015 07:35:50 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-17-g3f9f33b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 3f9f33bbcb40146c6f09277a28d499188ed34ef2 (commit) from 43429c7869152f301157e4b24790b3801dce0f0a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3f9f33bbcb40146c6f09277a28d499188ed34ef2 Author: NIIBE Yutaka Date: Thu Apr 30 12:36:38 2015 +0900 scd: PC/SC reader selection by partial string match. * scd/apdu.c (open_pcsc_reader_direct): Partial string match. * scd/pcsc-wrapper.c (handle_open): Likewise. -- (backport from 2.1 commit 01a2a61bc4b34817c4216888265f65d59a33dad3) The card reader name by PC/SC service might include USB bus, which varies (on some platform like GNU/Linux). Thus, it's better to match partial string. Original patch was submitted by anstein. I changed it to fallback to the first reader if no match found. GnuPG-bug-id: 1618, 1930 diff --git a/scd/apdu.c b/scd/apdu.c index 6fc1148..72b291e 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -1870,7 +1870,8 @@ open_pcsc_reader_direct (const char *portstr) long err; int slot; char *list = NULL; - pcsc_dword_t nreader, listlen; + char *rdrname = NULL; + pcsc_dword_t nreader; char *p; slot = new_reader_slot (); @@ -1917,24 +1918,27 @@ open_pcsc_reader_direct (const char *portstr) return -1; } - listlen = nreader; p = list; while (nreader) { if (!*p && !p[1]) break; - if (*p) - log_info ("detected reader `%s'\n", p); + log_info ("detected reader `%s'\n", p); if (nreader < (strlen (p)+1)) { log_error ("invalid response from pcsc_list_readers\n"); break; } + if (!rdrname && portstr && !strncmp (p, portstr, strlen (portstr))) + rdrname = p; nreader -= strlen (p)+1; p += strlen (p) + 1; } - reader_table[slot].rdrname = xtrymalloc (strlen (portstr? portstr : list)+1); + if (!rdrname) + rdrname = list; + + reader_table[slot].rdrname = xtrystrdup (rdrname); if (!reader_table[slot].rdrname) { log_error ("error allocating memory for reader name\n"); @@ -1943,7 +1947,6 @@ open_pcsc_reader_direct (const char *portstr) unlock_slot (slot); return -1; } - strcpy (reader_table[slot].rdrname, portstr? portstr : list); xfree (list); list = NULL; diff --git a/scd/pcsc-wrapper.c b/scd/pcsc-wrapper.c index 4dc44ee..b83e218 100644 --- a/scd/pcsc-wrapper.c +++ b/scd/pcsc-wrapper.c @@ -406,8 +406,9 @@ static void handle_open (unsigned char *argbuf, size_t arglen) { long err; - const char * portstr; + const char *portstr; char *list = NULL; + char *rdrname = NULL; pcsc_dword_t nreader, atrlen; char *p; pcsc_dword_t card_state, card_protocol; @@ -416,7 +417,10 @@ handle_open (unsigned char *argbuf, size_t arglen) /* Make sure there is only the port string */ if (arglen != strlen ((char*)argbuf)) bad_request ("OPEN"); - portstr = (char*)argbuf; + if (arglen == 0) + portstr = NULL; + else + portstr = (char*)argbuf; if (driver_is_open) { @@ -466,17 +470,21 @@ handle_open (unsigned char *argbuf, size_t arglen) fprintf (stderr, PGM": invalid response from pcsc_list_readers\n"); break; } + if (!rdrname && portstr && !strncmp (p, portstr, strlen (portstr))) + rdrname = p; nreader -= strlen (p)+1; p += strlen (p) + 1; } - current_rdrname = malloc (strlen (portstr && *portstr? portstr:list)+1); + if (!rdrname) + rdrname = list; + + current_rdrname = strdup (rdrname); if (!current_rdrname) { fprintf (stderr, PGM": error allocating memory for reader name\n"); exit (1); } - strcpy (current_rdrname, portstr && *portstr? portstr:list); free (list); err = pcsc_connect (pcsc_context, ----------------------------------------------------------------------- Summary of changes: scd/apdu.c | 15 +++++++++------ scd/pcsc-wrapper.c | 16 ++++++++++++---- 2 files changed, 21 insertions(+), 10 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 1 15:03:42 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Fri, 01 May 2015 15:03:42 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-188-g124dfce Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 124dfce7c5a2d9405fa2b2832e91ac1267943830 (commit) from f88266c0f868d7bf51a215d5531bb9f2b4dad19e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 124dfce7c5a2d9405fa2b2832e91ac1267943830 Author: Jussi Kivilinna Date: Thu Apr 30 16:57:57 2015 +0300 Fix buggy RC4 AMD64 assembly and add test to notice similar issues * cipher/arcfour-amd64.S (_gcry_arcfour_amd64): Fix swapped store of 'x' and 'y'. * tests/basic.c (get_algo_mode_blklen): New. (check_one_cipher_core): Add new tests for split buffer input on encryption and decryption. -- Reported-by: Dima Kukulniak Signed-off-by: Jussi Kivilinna diff --git a/cipher/arcfour-amd64.S b/cipher/arcfour-amd64.S index c32cd6f..8b8031a 100644 --- a/cipher/arcfour-amd64.S +++ b/cipher/arcfour-amd64.S @@ -85,8 +85,8 @@ _gcry_arcfour_amd64: .Lfinished: dec %rcx # x-- - movb %dl, (4*256)(%rbp) # key->y = y - movb %cl, (4*256+4)(%rbp) # key->x = x + movb %cl, (4*256)(%rbp) # key->y = y + movb %dl, (4*256+4)(%rbp) # key->x = x pop %rbx pop %rbp ret diff --git a/tests/basic.c b/tests/basic.c index 1175b38..07fd4d0 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -4676,6 +4676,26 @@ check_bulk_cipher_modes (void) } +static unsigned int get_algo_mode_blklen(int algo, int mode) +{ + unsigned int blklen = gcry_cipher_get_algo_blklen(algo); + + /* Some modes override blklen. */ + switch (mode) + { + case GCRY_CIPHER_MODE_STREAM: + case GCRY_CIPHER_MODE_OFB: + case GCRY_CIPHER_MODE_CTR: + case GCRY_CIPHER_MODE_CCM: + case GCRY_CIPHER_MODE_GCM: + case GCRY_CIPHER_MODE_POLY1305: + return 1; + } + + return blklen; +} + + /* The core of the cipher check. In addition to the parameters passed to check_one_cipher it also receives the KEY and the plain data. PASS is printed with error messages. The function returns 0 on @@ -4688,14 +4708,27 @@ check_one_cipher_core (int algo, int mode, int flags, { gcry_cipher_hd_t hd; unsigned char in_buffer[1040+1], out_buffer[1040+1]; + unsigned char enc_result[1040]; unsigned char *in, *out; int keylen; gcry_error_t err = 0; + unsigned int blklen; + unsigned int piecelen; + unsigned int pos; + + blklen = get_algo_mode_blklen(algo, mode); assert (nkey == 32); assert (nplain == 1040); assert (sizeof(in_buffer) == nplain + 1); assert (sizeof(out_buffer) == sizeof(in_buffer)); + assert (blklen > 0); + + if (mode == GCRY_CIPHER_MODE_CBC && (flags & GCRY_CIPHER_CBC_CTS)) + { + /* TODO: examine why CBC with CTS fails. */ + blklen = nplain; + } if (!bufshift) { @@ -4758,6 +4791,8 @@ check_one_cipher_core (int algo, int mode, int flags, return -1; } + memcpy (enc_result, out, nplain); + gcry_cipher_reset (hd); err = gcry_cipher_decrypt (hd, in, nplain, out, nplain); @@ -4787,6 +4822,10 @@ check_one_cipher_core (int algo, int mode, int flags, return -1; } + if (memcmp (enc_result, out, nplain)) + fail ("pass %d, algo %d, mode %d, in-place, encrypt mismatch\n", + pass, algo, mode); + gcry_cipher_reset (hd); err = gcry_cipher_decrypt (hd, out, nplain, NULL, 0); @@ -4803,6 +4842,119 @@ check_one_cipher_core (int algo, int mode, int flags, fail ("pass %d, algo %d, mode %d, in-place, encrypt-decrypt mismatch\n", pass, algo, mode); + /* Again, splitting encryption in multiple operations. */ + gcry_cipher_reset (hd); + + piecelen = blklen; + pos = 0; + while (pos < nplain) + { + if (piecelen > nplain - pos) + piecelen = nplain - pos; + + err = gcry_cipher_encrypt (hd, out + pos, piecelen, plain + pos, + piecelen); + if (err) + { + fail ("pass %d, algo %d, mode %d, split-buffer (pos: %d, " + "piecelen: %d), gcry_cipher_encrypt failed: %s\n", + pass, algo, mode, pos, piecelen, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + + pos += piecelen; + piecelen = piecelen * 2 - ((piecelen != blklen) ? blklen : 0); + } + + if (memcmp (enc_result, out, nplain)) + fail ("pass %d, algo %d, mode %d, split-buffer, encrypt mismatch\n", + pass, algo, mode); + + gcry_cipher_reset (hd); + + piecelen = blklen; + pos = 0; + while (pos < nplain) + { + if (piecelen > nplain - pos) + piecelen = nplain - pos; + + err = gcry_cipher_decrypt (hd, in + pos, piecelen, out + pos, piecelen); + if (err) + { + fail ("pass %d, algo %d, mode %d, split-buffer (pos: %d, " + "piecelen: %d), gcry_cipher_decrypt failed: %s\n", + pass, algo, mode, pos, piecelen, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + + pos += piecelen; + piecelen = piecelen * 2 - ((piecelen != blklen) ? blklen : 0); + } + + if (memcmp (plain, in, nplain)) + fail ("pass %d, algo %d, mode %d, split-buffer, encrypt-decrypt mismatch\n", + pass, algo, mode); + + /* Again, using in-place encryption and splitting encryption in multiple + * operations. */ + gcry_cipher_reset (hd); + + piecelen = blklen; + pos = 0; + while (pos < nplain) + { + if (piecelen > nplain - pos) + piecelen = nplain - pos; + + memcpy (out + pos, plain + pos, piecelen); + err = gcry_cipher_encrypt (hd, out + pos, piecelen, NULL, 0); + if (err) + { + fail ("pass %d, algo %d, mode %d, in-place split-buffer (pos: %d, " + "piecelen: %d), gcry_cipher_encrypt failed: %s\n", + pass, algo, mode, pos, piecelen, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + + pos += piecelen; + piecelen = piecelen * 2 - ((piecelen != blklen) ? blklen : 0); + } + + if (memcmp (enc_result, out, nplain)) + fail ("pass %d, algo %d, mode %d, in-place split-buffer, encrypt mismatch\n", + pass, algo, mode); + + gcry_cipher_reset (hd); + + piecelen = blklen; + pos = 0; + while (pos < nplain) + { + if (piecelen > nplain - pos) + piecelen = nplain - pos; + + err = gcry_cipher_decrypt (hd, out + pos, piecelen, NULL, 0); + if (err) + { + fail ("pass %d, algo %d, mode %d, in-place split-buffer (pos: %d, " + "piecelen: %d), gcry_cipher_decrypt failed: %s\n", + pass, algo, mode, pos, piecelen, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + + pos += piecelen; + piecelen = piecelen * 2 - ((piecelen != blklen) ? blklen : 0); + } + + if (memcmp (plain, out, nplain)) + fail ("pass %d, algo %d, mode %d, in-place split-buffer, encrypt-decrypt" + " mismatch\n", pass, algo, mode); + gcry_cipher_close (hd); ----------------------------------------------------------------------- Summary of changes: cipher/arcfour-amd64.S | 4 +- tests/basic.c | 152 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 154 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 1 19:59:41 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 01 May 2015 19:59:41 +0200 Subject: [git] gnupg-doc - branch, master, updated. 3205fb41339a6d141705c14c647fc4082f81ffe4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 3205fb41339a6d141705c14c647fc4082f81ffe4 (commit) from ed98b989b2ce9a261fc0b773e6e1a1f1fdf4fa90 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3205fb41339a6d141705c14c647fc4082f81ffe4 Author: Werner Koch Date: Fri May 1 19:58:39 2015 +0200 blog: News for March and April diff --git a/misc/blog.gnupg.org/20150501-gnupg-in-april.org b/misc/blog.gnupg.org/20150501-gnupg-in-april.org new file mode 100644 index 0000000..55b7b2b --- /dev/null +++ b/misc/blog.gnupg.org/20150501-gnupg-in-april.org @@ -0,0 +1,81 @@ +# GnuPG News for MArch and April 2015 +#+STARTUP: showall +#+AUTHOR: Werner +#+DATE: May 1st, 2015 +#+Keywords: STACK optimizing static-checker + +** GnuPG News for March and April 2015 + +The last two months were filled with regular GnuPG work. Mainly bug +fixes for the 2.1 (modern) version but also backports for 2.0 and 1.4. +Neal started to explore the GnuPG code base and added LDAP keyserver +support to Dirmngr so that most keyserver access methods are now back +to GnuPG. Gniibe is continuing his work on the smartcard part. Jussi +has taken up the new OCB mode for the forthcoming Libgcrypt 1.7 and +improved the performance to what it should be. It is now about 10 +times faster than my straightforward code from January. + +With the help of the [[http://css.csail.mit.edu/stack/][STACK]] utility a few bugs and several not-yet-bugs +in GnuPG and related libraries were fixed so that over-optimizing +compilers are able to produce the expected result from the source +code. The problem here is that compiler writers started to take the C +specification as their one and only holy reference without considering +common use pattern related to undefined behavior. Thus they are +sacrificing security for a small performance gain. In contrast +protocol implementers know very well that implementing a protocol +verbatim according to an RFC will never do good. Thus they apply a +bit of human sense in the interpretation of the specs. + +It seems that 2.1 is getting more in use and thus more reports of +regressions and bugs roll in. Although it would be good to fix them +all before a release our new strategy is to release code even with +known bugs as long as these are not security related. So we are back +to the release-often method from early Linux days. A monthly schedule +is what we are now aiming for. + +Information on the OpenPGP summit can be found [[file:20150426-openpgp-summit.org][here]]. + + +*** Release status + +The planned LDAP support took a bit longer than expected. Easter +vacation and a lof of bug squashing delayed the release of 2.1.3 to +April 11. This release again comes with an experimental installer for +Windows. + +New versions of Libksba, Libgpg-error, nPth, adns, and gpgme have also +been released. Most of them to fix problems with the Windows +toolchain but also due to bugs found by fuzzing and with the STACK +utility. + +*** Things to come + +This will be in 2.1.4: + +- HTTP proxy support for keyservers will be back. +- Building without LDAP support. +- Gpg-agent now conveys information about the key to Pinentry. +- The preferred keyserver features does work again but is now disabled + by default. +- All DNS access code has been moved to Dirmngr. + +*** Things planned + +We want to do a few more things but they won't be in 2.1.4: + +- A =--use-tor= option to easily direct all network access over TOR. +- Re-directing DNS over TOR +- A simple way to set options into all config file to make it easier + to configure GnuPG for certain requirements. +- SOCKSv5 proxy support (we have SOCKSv4 support). +- An unattended key refresh mechanism. + + + +** About this news posting + +We try to write a news posting each month. However, other work may +have a higher priority (e.g. security fixes) and thus there is no +promise for a fixed publication date. If you have an interesting +topic for a news posting, please send it to us. A regular summary of +the mailing list discussions would make a nice column on this news. ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20150501-gnupg-in-april.org | 81 +++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 misc/blog.gnupg.org/20150501-gnupg-in-april.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 1 20:38:58 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 01 May 2015 20:38:58 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-11-g8b802cf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 8b802cf928d199d9c09080f71a7dd1eb397f414a (commit) via b9d529557b368548d6a55ae6c2df66ece7023e5f (commit) via 189ab07e94dc2d4103c1edf00e15e0156df89297 (commit) via c7099565524010b86891fc14b723fc722509d4bb (commit) via 03e4207f11e228a4c079af991f82507539793bae (commit) via 21d28d114259da9cb555ee612e053e6e68f37fd3 (commit) via 93bd60a3ca91581a1cf8e754c4fb51e54c9e7ce9 (commit) via b4bf75f24f1126a8ba8f8c1c025103c2dcee0710 (commit) from 9d2d8b6bfaf2d5b07e7fb5be7188516e4158ed98 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8b802cf928d199d9c09080f71a7dd1eb397f414a Author: Neal H. Walfield Date: Fri May 1 20:38:22 2015 +0200 Improve documentation. Improve documentation: clean up wording and add some minor improvements to the content. -- diff --git a/README b/README index 47d0a04..d66d2d2 100644 --- a/README +++ b/README @@ -7,7 +7,7 @@ http://www.gnupg.org/aegypten/ for details. There are programs for different toolkits available. For all GUIs it is automatically detected which modules can be built, but it can also -be requested explicitely. +be requested explicitly. GUI OPTION DEPENDENCIES Curses --enable-pinentry-curses Curses library, for example ncurses @@ -16,7 +16,7 @@ GTK+ V2.0 --enable-pinentry-gtk2 Gimp Toolkit Library, Version 2.0 Qt4 --enable-pinentry-qt4 Qt4 TTY --enable-pinentry-tty Simple TTY version, no dependencies -The GTK+ and Qt pinentries can fall back to the curses mode. The +The GTK+ and Qt pinentries can fall back to curses mode. The option to enable this is --enable-fallback-curses, but this is also detected automatically in the same way --enable-pinentry-curses is. The fallback to curses also works if --disable-pinentry-curses is diff --git a/doc/pinentry.texi b/doc/pinentry.texi index a65298d..fb4017e 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -56,7 +56,7 @@ section entitled ``Copying''. @ifnottex @dircategory GNU Utilities @direntry -* pinentry: (pinentry). Ask securely for a passphrase or PIN. +* pinentry: (pinentry). Securely ask for a passphrase or PIN. @end direntry This file documents the use and the internals of the @pinentry{}. @@ -102,13 +102,15 @@ passphrases. It is usually invoked by @sc{gpg-agent} (@pxref{Invoking GPG-AGENT, ,Invoking the gpg-agent, gnupg, The `GNU Privacy Guard' Manual}, for details). - at pinentry{} comes in 3 flavors to fit the look and feel of the used -GUI toolkit: A @sc{GTK+} based one named @code{pinentry-gtk}, a - at sc{Qt} based one named @code{pinentry-qt} and a non-graphical one based -on curses and named @code{pinentry-curses}. Not all of them might be -available on your installation. If curses is supported on your system, -the GUI based flavors fall back to curses when the @code{DISPLAY} -variable is not set. + at pinentry{} comes in several flavors to fit the look and feel of the +used GUI toolkit: A @sc{GTK+} based one named @code{pinentry-gtk}; a + at sc{Qt} based one named @code{pinentry-qt}; and, two non-graphical +ones @code{pinentry-curses}, which uses curses and + at code{pinentry-tty}, which doesn't require anything more than a simple +terminal. Not all of them are necessarily available on your +installation. If curses is supported on your system, the GUI-based +flavors fall back to curses when the @code{DISPLAY} variable is not +set. @menu @@ -143,7 +145,7 @@ commands according to the Assuan protocol via stdin/stdout. @c man begin OPTIONS -Here is a list of options supported by all 3 flavors of pinentry +Here is a list of options supported by all flavors of pinentry: @table @gnupgtabopt @item --version @@ -186,8 +188,8 @@ Note, that this is not fully supported by all flavors of @pinentry{}. @opindex timeout Give up waiting for input from the user after the specified number of seconds and return an error. The error returned is the same as if the -Cancel button was selected. To disable the timeout and wait indefinately -then set to 0, the default. +Cancel button was selected. To disable the timeout and wait +indefinitely, set this to 0, which is the default. @item --display @var{string} @itemx --ttyname @var{string} @@ -201,9 +203,9 @@ then set to 0, the default. @opindex lc-messa These options are used to pass localization information to @pinentry{}. They are required because @pinentry{} is usually called -by some background process which does not have any information on the -locale and terminal to use. Assuan protocol options are an -alternative way to pass these information. +by some background process which does not have any information about +the locale and terminal to use. It is also possible to pass these +options using Assuan protocol options. @end table @c @@ -212,28 +214,28 @@ alternative way to pass these information. @node Protocol @chapter pinentry's Assuan Protocol -The PIN-Entry should never service more than one connection at once. +The @pinentry{} should never service more than one connection at once. It is reasonable to exec the PIN-Entry prior to a request. -The PIN-Entry does not need to stay in memory because the +The @pinentry{} does not need to stay in memory because the @sc{gpg-agent} has the ability to cache passphrases. The usual way to -run the PIN-Entry is by setting up a pipe (and not a socket) and then -fork/exec the PIN-Entry. The communication is then done by means of +run the @pinentry{} is by setting up a pipe (not a socket) and then +fork/exec the @pinentry{}. The communication is then done by means of the protocol described here until the client is satisfied with the result. -Although it is called a PIN-Entry, it does allow to enter reasonably -long strings (at least 2048 characters are supported by every -pinentry). The client using the PIN-Entry has to check for +Although it is called a @pinentry{}, it allow entering reasonably long +strings (strings that are up to 2048 characters long are supported by +every pinentry). The client using the PIN-Entry has to check for correctness. Note that all strings are expected to be encoded as UTF-8; @pinentry{} takes care of converting it to the locally used codeset. To include linefeeds or other special characters, you may percent-escape them -(i.e. a line feed is encoded as @code{%0A}, the percent sign itself -is encoded as @code{%25}). +(e.g., a line feed is encoded as @code{%0A}, the percent sign itself +is encoded as @code{%25}, etc.). -Here is the list of supported commands: +The following is a list of supported commands: @table @gnupgtabopt @@ -243,13 +245,13 @@ Here is the list of supported commands: S: OK @end example - at item Set the descriptive text to be displayed + at item Set the descriptive text to display @example C: SETDESC Enter PIN for Richard Nixon S: OK @end example - at item Set the prompt to be shown + at item Set the prompt to show When asking for a PIN, set the text just before the widget for passphrase entry. @example @@ -257,11 +259,11 @@ passphrase entry. S: OK @end example -You should use an underscore in the text only if you known that a modern -version of pinentry is used. Modern versions underline the next -character after the underscore and use the first such underlined -character as a keyboard accelerator. Use a double underscore to escape -an underscore. +You should use an underscore in the text only if you know that a +modern version of pinentry is used. Modern versions underline the +next character after the underscore and use the first such underlined +character as a keyboard accelerator. Use a double underscore to +escape an underscore. @item Set the window title This command may be used to change the default window title. When @@ -292,10 +294,11 @@ To set the text for the button signaling cancellation or disagreement @end example -In case tree buttons are required, use the follwing command to set the -text (UTF-8) for the non-affirmative response button. The affirmative button -text is still set using SETOK and the CANCEL button text with SETCANCEL. -See SETPROMPT on how to use an keyboard accelerator. +In case three buttons are required, use the following command to set +the text (UTF-8) for the non-affirmative response button. The +affirmative button text is still set using SETOK and the CANCEL button +text with SETCANCEL. See SETPROMPT on how to use an keyboard +accelerator. @example C: SETNOTOK Do not do this S: OK @@ -305,7 +308,7 @@ See SETPROMPT on how to use an keyboard accelerator. @item Set the Error text This is used by the client to display an error message. In contrast -to the other commands this error message is automatically reset with +to the other commands, the error message is automatically reset with a GETPIN or CONFIRM, and is only displayed when asking for a PIN. @example C: SETERROR Invalid PIN entered - please try again @@ -325,9 +328,9 @@ displayed in red. @end example If a custom label for the quality bar is required, just add that label -as an argument as percent escaped string. You will need this feature to -translate the label because pinentry has no internal gettext except for -stock strings from the toolkit library. +as an argument as a percent-escaped string. You will need this +feature to translate the label because @pinentry{} has no internal +gettext except for stock strings from the toolkit library. If you want to show a tooltip for the quality bar, you may use @example @@ -367,7 +370,7 @@ To show a message, you can use this command: C: MESSAGE S: OK @end example -alternativly you may add an option to confirm: +alternatively you may add an option to confirm: @example C: CONFIRM --one-button S: OK @@ -396,8 +399,8 @@ appropriate for this tty and @code{lc-ctype} to the locale which defines the character set to use for this terminal. @item Set the default strings -To avoid having transaltions in Pinentry proper, the caller may set -certain translated strings which are used by Pinentry as default +To avoid having translations in Pinentry proper, the caller may set +certain translated strings which are used by @pinentry{} as default strings. @example commit b9d529557b368548d6a55ae6c2df66ece7023e5f Author: Neal H. Walfield Date: Fri May 1 20:37:00 2015 +0200 Improve comment. * tty/pinentry-tty.c (tty_cmd_handler): Add comment. -- diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index bfd5e26..548c51d 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -218,6 +218,11 @@ tty_cmd_handler(pinentry_t pinentry) fprintf (ttyfo, "%s\n", pinentry->description? pinentry->description:""); fflush (ttyfo); + + /* If pinentry->one_button is set, then + pinentry->description contains an informative message, + which the user needs to dismiss. Since we are showing + this in a terminal, there is no window to dismiss. */ if (! pinentry->one_button) rc = confirm (pinentry, ttyfi, ttyfo); } commit 189ab07e94dc2d4103c1edf00e15e0156df89297 Author: Neal H. Walfield Date: Fri May 1 20:35:59 2015 +0200 When reading the pin, correctly handle backspace. * tty/pinentry-tty.c (read_password): Handle backspace. -- diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index a6ca7ff..bfd5e26 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -82,6 +82,7 @@ static int read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) { int count; + int done; char *prompt = NULL; if (cbreak (fileno (ttyfi)) == -1) @@ -106,16 +107,29 @@ read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) memset (pinentry->pin, 0, pinentry->pin_len); - count = 0; - while (count+1 < pinentry->pin_len) + done = count = 0; + while (!done && count < pinentry->pin_len - 1) { char c = fgetc (ttyfi); - if (c == '\n') - break; - fflush (ttyfo); - pinentry->pin[count++] = c; + switch (c) + { + case '\n': + done = 1; + break; + + case 0x7f: + /* Backspace. */ + if (count > 0) + count --; + break; + + default: + pinentry->pin[count ++] = c; + break; + } } + pinentry->pin[count] = '\0'; fputc('\n', stdout); tcsetattr (fileno(ttyfi), TCSANOW, &o_term); commit c7099565524010b86891fc14b723fc722509d4bb Author: Neal H. Walfield Date: Fri May 1 20:33:55 2015 +0200 Improve prompt for pin. * tty/pinentry-tty.c (read_password): Improve prompt for pin. -- diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 1e14710..a6ca7ff 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -1,6 +1,7 @@ /* pinentry-curses.c - A secure curses dialog for PIN entry, library version Copyright (C) 2014 Serge Voilokov Copyright (C) 2015 Daniel Kahn Gillmor + * Copyright (C) 2015 g10 Code GmbH This file is part of PINENTRY. @@ -81,6 +82,7 @@ static int read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) { int count; + char *prompt = NULL; if (cbreak (fileno (ttyfi)) == -1) { @@ -90,9 +92,16 @@ read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) return -1; } - fprintf (ttyfo, "%s\n%s:\n", + prompt = pinentry->prompt; + if (! prompt) + prompt = "PIN"; + + fprintf (ttyfo, "%s\n%s%s ", pinentry->description? pinentry->description:"", - pinentry->prompt? pinentry->prompt:"PIN? "); + prompt, + /* Make sure the prompt ends in a : or a question mark. */ + (prompt[strlen(prompt) - 1] == ':' + || prompt[strlen(prompt) - 1] == '?') ? "" : ":"); fflush (ttyfo); memset (pinentry->pin, 0, pinentry->pin_len); @@ -107,6 +116,7 @@ read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) fflush (ttyfo); pinentry->pin[count++] = c; } + fputc('\n', stdout); tcsetattr (fileno(ttyfi), TCSANOW, &o_term); return strlen (pinentry->pin); commit 03e4207f11e228a4c079af991f82507539793bae Author: Daniel Kahn Gillmor Date: Tue Apr 28 13:01:16 2015 -0400 fix small memory leak in pinentry-curses * pinentry/pinentry-curses.c: free internally allocated local string. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 4b7080e..043f8a9 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -199,6 +199,8 @@ utf8_to_local (char *lc_ctype, char *string) memset (&ps, 0, sizeof(mbstate_t)); mbsrtowcs (wcs, &p, len, &ps); + free (local); + leave: if (old_ctype) { commit 21d28d114259da9cb555ee612e053e6e68f37fd3 Author: Daniel Kahn Gillmor Date: Tue Apr 28 13:01:15 2015 -0400 pinentry-tty: make confirm actions work * tty/pinentry-tty.c: treat the situation where no PIN is requested and one_button is not set as a confirmation prompt. -- When user confirmation is requested on a dumb terminal, we use the value of the "OK" button followed with [y/N]? as the confirmation prompt. User typing is echoed as normal, since a confirmation prompt is not a password entry. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 358681b..1e14710 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -60,6 +60,24 @@ cbreak (int fd) } static int +confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) +{ + char buf[32], *ret; + pinentry->canceled = 1; + fprintf (ttyfo, "%s [y/N]? ", pinentry->ok ? pinentry->ok : "OK"); + fflush (ttyfo); + buf[0] = '\0'; + ret = fgets (buf, sizeof(buf), ttyfi); + if (ret && (buf[0] == 'y' || buf[0] == 'Y')) + { + pinentry->canceled = 0; + return 1; + } + return 0; +} + + +static int read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) { int count; @@ -176,6 +194,8 @@ tty_cmd_handler(pinentry_t pinentry) fprintf (ttyfo, "%s\n", pinentry->description? pinentry->description:""); fflush (ttyfo); + if (! pinentry->one_button) + rc = confirm (pinentry, ttyfi, ttyfo); } do_touch_file (pinentry); } commit 93bd60a3ca91581a1cf8e754c4fb51e54c9e7ce9 Author: Daniel Kahn Gillmor Date: Tue Apr 28 13:01:14 2015 -0400 pinentry-tty: fix segfault on MESSAGE or CONFIRM * tty/pinentry-tty.c: avoid prompting for a PIN when one was not asked for. -- Before this, pinentry-tty would segfault when asked for MESSAGE or CONFIRM: 0 dkg at alice:~$ pinentry-tty OK Your orders please SETDESC testing testing OK MESSAGE testing testing PIN? : Segmentation fault 139 dkg at alice:~$ diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 5351529..358681b 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -169,7 +169,14 @@ tty_cmd_handler(pinentry_t pinentry) if (rc == 0) { - rc = read_password (pinentry, ttyfi, ttyfo); + if (pinentry->pin) + rc = read_password (pinentry, ttyfi, ttyfo); + else + { + fprintf (ttyfo, "%s\n", + pinentry->description? pinentry->description:""); + fflush (ttyfo); + } do_touch_file (pinentry); } commit b4bf75f24f1126a8ba8f8c1c025103c2dcee0710 Author: Daniel Kahn Gillmor Date: Tue Apr 28 13:01:13 2015 -0400 pinentry-tty: handle designated tty outside of read_password * tty/pinentry-tty.c: reorganize, wrapping read_password in tty open/close. -- This patch sets the stage to simplify the subsequent fixes. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 8f680fd..5351529 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -1,5 +1,6 @@ /* pinentry-curses.c - A secure curses dialog for PIN entry, library version Copyright (C) 2014 Serge Voilokov + Copyright (C) 2015 Daniel Kahn Gillmor This file is part of PINENTRY. @@ -59,36 +60,13 @@ cbreak (int fd) } static int -read_password (pinentry_t pinentry, const char *tty_name, const char *tty_type) +read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) { - FILE *ttyfi = stdin; - FILE *ttyfo = stdout; int count; - if (tty_name) - { - ttyfi = fopen (tty_name, "r"); - if (!ttyfi) - return -1; - - ttyfo = fopen (tty_name, "w"); - if (!ttyfo) - { - int err = errno; - fclose (ttyfi); - errno = err; - return -1; - } - } - if (cbreak (fileno (ttyfi)) == -1) { int err = errno; - if (tty_name) - { - fclose (ttyfi); - fclose (ttyfo); - } fprintf (stderr, "cbreak failure, exiting\n"); errno = err; return -1; @@ -113,11 +91,6 @@ read_password (pinentry_t pinentry, const char *tty_name, const char *tty_type) } tcsetattr (fileno(ttyfi), TCSANOW, &o_term); - if (tty_name) - { - fclose (ttyfi); - fclose (ttyfo); - } return strlen (pinentry->pin); } @@ -158,7 +131,9 @@ catchsig(int sig) int tty_cmd_handler(pinentry_t pinentry) { - int rc; + int rc = 0; + FILE *ttyfi = stdin; + FILE *ttyfo = stdout; #ifndef HAVE_DOSISH_SYSTEM timed_out = 0; @@ -174,8 +149,36 @@ tty_cmd_handler(pinentry_t pinentry) } #endif - rc = read_password (pinentry, pinentry->ttyname, pinentry->ttytype); - do_touch_file (pinentry); + if (pinentry->ttyname) + { + ttyfi = fopen (pinentry->ttyname, "r"); + if (!ttyfi) + rc = -1; + else + { + ttyfo = fopen (pinentry->ttyname, "w"); + if (!ttyfo) + { + int err = errno; + fclose (ttyfi); + errno = err; + rc = -1; + } + } + } + + if (rc == 0) + { + rc = read_password (pinentry, ttyfi, ttyfo); + do_touch_file (pinentry); + } + + if (pinentry->ttyname) + { + fclose (ttyfi); + fclose (ttyfo); + } + return rc; } ----------------------------------------------------------------------- Summary of changes: README | 4 +- doc/pinentry.texi | 87 ++++++++++++++-------------- pinentry/pinentry-curses.c | 2 + tty/pinentry-tty.c | 137 ++++++++++++++++++++++++++++++++------------- 4 files changed, 147 insertions(+), 83 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sun May 3 09:51:52 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 03 May 2015 09:51:52 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-194-ge886e4f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via e886e4f5e73fe6a9f9191f5155852ce5d8bb88fe (commit) via c2dba93e639639bdac139b3a3a456d10ddc61f79 (commit) via 839a3bbe2bb045139223b32753d656cc6c3d4669 (commit) via 9f086ffa43f2507b9d17522a0a2e394cb273baf8 (commit) via e40eff94f9f8654c3d29e03bbb7e5ee6a43c1435 (commit) via 88842cbc68beb4f73c87fdbcb74182cba818f789 (commit) from 124dfce7c5a2d9405fa2b2832e91ac1267943830 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e886e4f5e73fe6a9f9191f5155852ce5d8bb88fe Author: Jussi Kivilinna Date: Fri May 1 19:07:07 2015 +0300 Fix packed attribute check for Windows targets * configure.ac (gcry_cv_gcc_attribute_packed): Move 'long b' to its own packed structure. -- Change packed attribute test so that it works with both MS ABI and SYSV ABI. Signed-off-by: Jussi Kivilinna diff --git a/configure.ac b/configure.ac index 16f6a21..555ad1e 100644 --- a/configure.ac +++ b/configure.ac @@ -964,7 +964,9 @@ AC_CACHE_CHECK([whether the GCC style packed attribute is supported], [gcry_cv_gcc_attribute_packed], [gcry_cv_gcc_attribute_packed=no AC_COMPILE_IFELSE([AC_LANG_SOURCE( - [[struct foo_s { char a; long b; } __attribute__ ((packed)); + [[struct foolong_s { long b; } __attribute__ ((packed)); + struct foo_s { char a; struct foolong_s b; } + __attribute__ ((packed)); enum bar { FOO = 1 / (sizeof(struct foo_s) == (sizeof(char) + sizeof(long))), };]])], commit c2dba93e639639bdac139b3a3a456d10ddc61f79 Author: Jussi Kivilinna Date: Fri May 1 18:50:34 2015 +0300 Fix tail handling in buf_xor_1 * cipher/bufhelp.h (buf_xor_1): Increment source pointer at tail handling. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/bufhelp.h b/cipher/bufhelp.h index fb87939..c1aa52e 100644 --- a/cipher/bufhelp.h +++ b/cipher/bufhelp.h @@ -162,7 +162,7 @@ do_bytes: #endif /* Handle tail. */ for (; len; len--) - *dst++ ^= *src; + *dst++ ^= *src++; } commit 839a3bbe2bb045139223b32753d656cc6c3d4669 Author: Jussi Kivilinna Date: Fri May 1 15:03:38 2015 +0300 Add --disable-hwf for basic tests * tests/basic.c (main): Add handling for '--disable-hwf'. -- Signed-off-by: Jussi Kivilinna diff --git a/tests/basic.c b/tests/basic.c index 8400f9e..2cf8dd0 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -8028,6 +8028,21 @@ main (int argc, char **argv) argc--; argv++; } } + else if (!strcmp (*argv, "--disable-hwf")) + { + argc--; + argv++; + if (argc) + { + if (gcry_control (GCRYCTL_DISABLE_HWF, *argv, NULL)) + fprintf (stderr, + PGM + ": unknown hardware feature `%s' - option ignored\n", + *argv); + argc--; + argv++; + } + } } gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose); commit 9f086ffa43f2507b9d17522a0a2e394cb273baf8 Author: Jussi Kivilinna Date: Fri May 1 14:55:58 2015 +0300 Use more odd chuck sizes for check_one_md * tests/basic.c (check_one_md): Make chuck size vary oddly, instead of using fixed length of 1000 bytes. -- Signed-off-by: Jussi Kivilinna diff --git a/tests/basic.c b/tests/basic.c index f3105de..8400f9e 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -5231,11 +5231,29 @@ check_one_md (int algo, const char *data, int len, const char *expect) if (*data == '!' && !data[1]) { /* hash one million times a "a" */ char aaa[1000]; + size_t left = 1000 * 1000; + size_t startlen = 1; + size_t piecelen = startlen; - /* Write in odd size chunks so that we test the buffering. */ memset (aaa, 'a', 1000); - for (i = 0; i < 1000; i++) - gcry_md_write (hd, aaa, 1000); + + /* Write in odd size chunks so that we test the buffering. */ + while (left > 0) + { + if (piecelen > sizeof(aaa)) + piecelen = sizeof(aaa); + if (piecelen > left) + piecelen = left; + + gcry_md_write (hd, aaa, piecelen); + + left -= piecelen; + + if (piecelen == sizeof(aaa)) + piecelen = ++startlen; + else + piecelen = piecelen * 2 - ((piecelen != startlen) ? startlen : 0); + } } else gcry_md_write (hd, data, len); commit e40eff94f9f8654c3d29e03bbb7e5ee6a43c1435 Author: Jussi Kivilinna Date: Fri May 1 14:33:29 2015 +0300 Enable more modes in basic ciphers test * src/gcrypt.h.in (GCRY_OCB_BLOCK_LEN): New. * tests/basic.c (check_one_cipher_core_reset): New. (check_one_cipher_core): Use check_one_cipher_core_reset inplace of gcry_cipher_reset. (check_ciphers): Add CCM and OCB modes for block cipher tests. -- Signed-off-by: Jussi Kivilinna diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index cac2b49..0984d11 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -931,6 +931,9 @@ enum gcry_cipher_flags /* CCM works only with blocks of 128 bits. */ #define GCRY_CCM_BLOCK_LEN (128 / 8) +/* OCB works only with blocks of 128 bits. */ +#define GCRY_OCB_BLOCK_LEN (128 / 8) + /* Create a handle for algorithm ALGO to be used in MODE. FLAGS may be given as an bitwise OR of the gcry_cipher_flags values. */ gcry_error_t gcry_cipher_open (gcry_cipher_hd_t *handle, diff --git a/tests/basic.c b/tests/basic.c index 07fd4d0..f3105de 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -4676,7 +4676,8 @@ check_bulk_cipher_modes (void) } -static unsigned int get_algo_mode_blklen(int algo, int mode) +static unsigned int +get_algo_mode_blklen (int algo, int mode) { unsigned int blklen = gcry_cipher_get_algo_blklen(algo); @@ -4696,6 +4697,48 @@ static unsigned int get_algo_mode_blklen(int algo, int mode) } +static int +check_one_cipher_core_reset (gcry_cipher_hd_t hd, int algo, int mode, int pass, + int nplain) +{ + static const unsigned char iv[8] = { 0, 1, 2, 3, 4, 5, 6, 7 }; + u64 ctl_params[3]; + int err; + + gcry_cipher_reset (hd); + + if (mode == GCRY_CIPHER_MODE_OCB || mode == GCRY_CIPHER_MODE_CCM) + { + err = gcry_cipher_setiv (hd, iv, sizeof(iv)); + if (err) + { + fail ("pass %d, algo %d, mode %d, gcry_cipher_setiv failed: %s\n", + pass, algo, mode, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + } + + if (mode == GCRY_CIPHER_MODE_CCM) + { + ctl_params[0] = nplain; /* encryptedlen */ + ctl_params[1] = 0; /* aadlen */ + ctl_params[2] = 16; /* authtaglen */ + err = gcry_cipher_ctl (hd, GCRYCTL_SET_CCM_LENGTHS, ctl_params, + sizeof(ctl_params)); + if (err) + { + fail ("pass %d, algo %d, mode %d, gcry_cipher_ctl " + "GCRYCTL_SET_CCM_LENGTHS failed: %s\n", + pass, algo, mode, gpg_strerror (err)); + gcry_cipher_close (hd); + return -1; + } + } + + return 0; +} + /* The core of the cipher check. In addition to the parameters passed to check_one_cipher it also receives the KEY and the plain data. PASS is printed with error messages. The function returns 0 on @@ -4782,6 +4825,9 @@ check_one_cipher_core (int algo, int mode, int flags, return -1; } + if (check_one_cipher_core_reset (hd, algo, mode, pass, nplain) < 0) + return -1; + err = gcry_cipher_encrypt (hd, out, nplain, plain, nplain); if (err) { @@ -4793,7 +4839,8 @@ check_one_cipher_core (int algo, int mode, int flags, memcpy (enc_result, out, nplain); - gcry_cipher_reset (hd); + if (check_one_cipher_core_reset (hd, algo, mode, pass, nplain) < 0) + return -1; err = gcry_cipher_decrypt (hd, in, nplain, out, nplain); if (err) @@ -4809,7 +4856,8 @@ check_one_cipher_core (int algo, int mode, int flags, pass, algo, mode); /* Again, using in-place encryption. */ - gcry_cipher_reset (hd); + if (check_one_cipher_core_reset (hd, algo, mode, pass, nplain) < 0) + return -1; memcpy (out, plain, nplain); err = gcry_cipher_encrypt (hd, out, nplain, NULL, 0); @@ -4826,7 +4874,8 @@ check_one_cipher_core (int algo, int mode, int flags, fail ("pass %d, algo %d, mode %d, in-place, encrypt mismatch\n", pass, algo, mode); - gcry_cipher_reset (hd); + if (check_one_cipher_core_reset (hd, algo, mode, pass, nplain) < 0) + return -1; err = gcry_cipher_decrypt (hd, out, nplain, NULL, 0); if (err) @@ -4843,7 +4892,8 @@ check_one_cipher_core (int algo, int mode, int flags, pass, algo, mode); /* Again, splitting encryption in multiple operations. */ - gcry_cipher_reset (hd); + if (check_one_cipher_core_reset (hd, algo, mode, pass, nplain) < 0) + return -1; piecelen = blklen; pos = 0; @@ -4871,7 +4921,8 @@ check_one_cipher_core (int algo, int mode, int flags, fail ("pass %d, algo %d, mode %d, split-buffer, encrypt mismatch\n", pass, algo, mode); - gcry_cipher_reset (hd); + if (check_one_cipher_core_reset (hd, algo, mode, pass, nplain) < 0) + return -1; piecelen = blklen; pos = 0; @@ -4900,7 +4951,8 @@ check_one_cipher_core (int algo, int mode, int flags, /* Again, using in-place encryption and splitting encryption in multiple * operations. */ - gcry_cipher_reset (hd); + if (check_one_cipher_core_reset (hd, algo, mode, pass, nplain) < 0) + return -1; piecelen = blklen; pos = 0; @@ -4928,7 +4980,8 @@ check_one_cipher_core (int algo, int mode, int flags, fail ("pass %d, algo %d, mode %d, in-place split-buffer, encrypt mismatch\n", pass, algo, mode); - gcry_cipher_reset (hd); + if (check_one_cipher_core_reset (hd, algo, mode, pass, nplain) < 0) + return -1; piecelen = blklen; pos = 0; @@ -5096,8 +5149,12 @@ check_ciphers (void) check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, 0); check_one_cipher (algos[i], GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_CBC_CTS); check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0); + if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN) + check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0); if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN) check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0); + if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN) + check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0); } for (i = 0; algos2[i]; i++) commit 88842cbc68beb4f73c87fdbcb74182cba818f789 Author: Jussi Kivilinna Date: Fri May 1 14:32:36 2015 +0300 Fix reseting cipher in OCB mode * cipher/cipher.c (cipher_reset): Setup default taglen for OCB after clearing state. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher.c b/cipher/cipher.c index 6e1173f..d1550c0 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -744,6 +744,8 @@ cipher_reset (gcry_cipher_hd_t c) case GCRY_CIPHER_MODE_OCB: memset (&c->u_mode.ocb, 0, sizeof c->u_mode.ocb); + /* Setup default taglen. */ + c->u_mode.ocb.taglen = 16; break; default: ----------------------------------------------------------------------- Summary of changes: cipher/bufhelp.h | 2 +- cipher/cipher.c | 2 + configure.ac | 4 +- src/gcrypt.h.in | 3 ++ tests/basic.c | 112 +++++++++++++++++++++++++++++++++++++++++++++++++------ 5 files changed, 110 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sun May 3 10:41:00 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 03 May 2015 10:41:00 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-207-g66129b3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 66129b3334a5aa54ff8a97981507e4704f759571 (commit) via 8422d5d699265b960bd1ca837044ee052fc5b614 (commit) via 1089a13073c26a9a456e43ec38d937e6ee7f4077 (commit) via 022959099644f64df5f2a83ade21159864f64837 (commit) via e433676a899fa0d274d40547166b03c7c8bd8e78 (commit) via 4e09aaa36d151c3312019724a77fc09aa345b82f (commit) via 460355f23e770637d29e3af7b998a957a2b5bc88 (commit) via 6c21cf5fed1ad430fa41445eac2350802bc8aaed (commit) via 9cf224322007d90193d4910f0da6e0e29ce01d70 (commit) via d5a7e00b6b222566a5650639ef29684b047c1909 (commit) via 0cdd24456b33defc7f8176fa82ab694fbc284385 (commit) via f701954555340a503f6e52cc18d58b0c515427b7 (commit) via e78560a4b717f7154f910a8ce4128de152f586da (commit) from e886e4f5e73fe6a9f9191f5155852ce5d8bb88fe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 66129b3334a5aa54ff8a97981507e4704f759571 Author: Jussi Kivilinna Date: Sat May 2 13:27:06 2015 +0300 Enable AMD64 AES implementation for WIN64 * cipher/rijndael-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/rijndael-internal.h (USE_AMD64_ASM): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (do_encrypt, do_decrypt) [USE_AMD64_ASM && !HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Use assembly block to call AMD64 assembly encrypt/decrypt function. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael-amd64.S b/cipher/rijndael-amd64.S index 24c555a..b149e94 100644 --- a/cipher/rijndael-amd64.S +++ b/cipher/rijndael-amd64.S @@ -20,7 +20,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && defined(USE_AES) +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_AES) #ifdef __PIC__ # define RIP (%rip) @@ -28,6 +29,12 @@ # define RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .text /* table macros */ @@ -205,7 +212,7 @@ .align 8 .globl _gcry_aes_amd64_encrypt_block -.type _gcry_aes_amd64_encrypt_block, at function; +ELF(.type _gcry_aes_amd64_encrypt_block, at function;) _gcry_aes_amd64_encrypt_block: /* input: @@ -279,7 +286,7 @@ _gcry_aes_amd64_encrypt_block: lastencround(11); jmp .Lenc_done; -.size _gcry_aes_amd64_encrypt_block,.-_gcry_aes_amd64_encrypt_block; +ELF(.size _gcry_aes_amd64_encrypt_block,.-_gcry_aes_amd64_encrypt_block;) #define do_decround(next_r) \ do16bit_shr(16, mov, RA, Dsize, D0, RNA, D0, RNB, RT0, RT1); \ @@ -365,7 +372,7 @@ _gcry_aes_amd64_encrypt_block: .align 8 .globl _gcry_aes_amd64_decrypt_block -.type _gcry_aes_amd64_decrypt_block, at function; +ELF(.type _gcry_aes_amd64_decrypt_block, at function;) _gcry_aes_amd64_decrypt_block: /* input: @@ -440,7 +447,7 @@ _gcry_aes_amd64_decrypt_block: decround(9); jmp .Ldec_tail; -.size _gcry_aes_amd64_decrypt_block,.-_gcry_aes_amd64_decrypt_block; +ELF(.size _gcry_aes_amd64_decrypt_block,.-_gcry_aes_amd64_decrypt_block;) #endif /*USE_AES*/ #endif /*__x86_64*/ diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h index 33ca53f..6641728 100644 --- a/cipher/rijndael-internal.h +++ b/cipher/rijndael-internal.h @@ -39,7 +39,8 @@ /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ #undef USE_AMD64_ASM -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AMD64_ASM 1 #endif diff --git a/cipher/rijndael.c b/cipher/rijndael.c index ade41c9..7ebf329 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -665,8 +665,25 @@ do_encrypt (const RIJNDAEL_context *ctx, unsigned char *bx, const unsigned char *ax) { #ifdef USE_AMD64_ASM +# ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS return _gcry_aes_amd64_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT); +# else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ + uintptr_t ret; + asm ("movq %[encT], %%r8\n\t" + "callq *%[ret]\n\t" + : [ret] "=a" (ret) + : "0" (_gcry_aes_amd64_encrypt_block), + "D" (ctx->keyschenc), + "S" (bx), + "d" (ax), + "c" (ctx->rounds), + [encT] "r" (encT) + : "cc", "memory", "r8", "r9", "r10", "r11"); + return ret; +# endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ #elif defined(USE_ARM_ASM) return _gcry_aes_arm_encrypt_block(ctx->keyschenc, bx, ax, ctx->rounds, encT); #else @@ -1008,8 +1025,25 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, const unsigned char *ax) { #ifdef USE_AMD64_ASM +# ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS return _gcry_aes_amd64_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, &dec_tables); +# else + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ + uintptr_t ret; + asm ("movq %[dectabs], %%r8\n\t" + "callq *%[ret]\n\t" + : [ret] "=a" (ret) + : "0" (_gcry_aes_amd64_decrypt_block), + "D" (ctx->keyschdec), + "S" (bx), + "d" (ax), + "c" (ctx->rounds), + [dectabs] "r" (&dec_tables) + : "cc", "memory", "r8", "r9", "r10", "r11"); + return ret; +# endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ #elif defined(USE_ARM_ASM) return _gcry_aes_arm_decrypt_block(ctx->keyschdec, bx, ax, ctx->rounds, &dec_tables); commit 8422d5d699265b960bd1ca837044ee052fc5b614 Author: Jussi Kivilinna Date: Sat May 2 13:26:46 2015 +0300 Enable AMD64 Whirlpool implementation for WIN64 * cipher/whirlpool-sse2-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/whirlpool.c (USE_AMD64_ASM): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [USE_AMD64_ASM] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. [USE_AMD64_ASM] (_gcry_whirlpool_transform_amd64): Add ASM_FUNC_ABI to prototype. [USE_AMD64_ASM] (whirlpool_transform): Add ASM_EXTRA_STACK to stack burn value. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/whirlpool-sse2-amd64.S b/cipher/whirlpool-sse2-amd64.S index d0bcf2d..e98b831 100644 --- a/cipher/whirlpool-sse2-amd64.S +++ b/cipher/whirlpool-sse2-amd64.S @@ -20,7 +20,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && defined(USE_WHIRLPOOL) +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_WHIRLPOOL) #ifdef __PIC__ # define RIP %rip @@ -28,6 +29,12 @@ # define RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .text /* look-up table offsets on RTAB */ @@ -157,7 +164,7 @@ .align 8 .globl _gcry_whirlpool_transform_amd64 -.type _gcry_whirlpool_transform_amd64, at function; +ELF(.type _gcry_whirlpool_transform_amd64, at function;) _gcry_whirlpool_transform_amd64: /* input: @@ -329,7 +336,7 @@ _gcry_whirlpool_transform_amd64: .Lskip: movl $(STACK_MAX + 8), %eax; ret; -.size _gcry_whirlpool_transform_amd64,.-_gcry_whirlpool_transform_amd64; +ELF(.size _gcry_whirlpool_transform_amd64,.-_gcry_whirlpool_transform_amd64;) #endif #endif diff --git a/cipher/whirlpool.c b/cipher/whirlpool.c index 2732f63..5f224a1 100644 --- a/cipher/whirlpool.c +++ b/cipher/whirlpool.c @@ -42,7 +42,8 @@ /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ #undef USE_AMD64_ASM -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AMD64_ASM 1 #endif @@ -1192,9 +1193,17 @@ whirlpool_init (void *ctx, unsigned int flags) #ifdef USE_AMD64_ASM +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# define ASM_EXTRA_STACK (10 * 16) +#else +# define ASM_FUNC_ABI +# define ASM_EXTRA_STACK 0 +#endif + extern unsigned int _gcry_whirlpool_transform_amd64(u64 *state, const unsigned char *data, - size_t nblks, const struct whirlpool_tables_s *tables); + size_t nblks, const struct whirlpool_tables_s *tables) ASM_FUNC_ABI; static unsigned int whirlpool_transform (void *ctx, const unsigned char *data, size_t nblks) @@ -1202,7 +1211,7 @@ whirlpool_transform (void *ctx, const unsigned char *data, size_t nblks) whirlpool_context_t *context = ctx; return _gcry_whirlpool_transform_amd64( - context->hash_state, data, nblks, &tab); + context->hash_state, data, nblks, &tab) + ASM_EXTRA_STACK; } #else /* USE_AMD64_ASM */ commit 1089a13073c26a9a456e43ec38d937e6ee7f4077 Author: Jussi Kivilinna Date: Sat May 2 13:05:12 2015 +0300 Enable AMD64 SHA512 implementations for WIN64 * cipher/sha512-avx-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/sha512-avx-bmi2-amd64.S: Ditto. * cipher/sha512-ssse3-amd64.S: Ditto. * cipher/sha512.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [USE_SSSE3 ||?USE_AVX ||?USE_AVX2] (ASM_FUNC_ABI) (ASM_EXTRA_STACK): New. (_gcry_sha512_transform_amd64_ssse3, _gcry_sha512_transform_amd64_avx) (_gcry_sha512_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to prototypes. (transform): Add ASM_EXTRA_STACK to stack burn value. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/sha512-avx-amd64.S b/cipher/sha512-avx-amd64.S index 3449b87..699c271 100644 --- a/cipher/sha512-avx-amd64.S +++ b/cipher/sha512-avx-amd64.S @@ -41,7 +41,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA512) @@ -51,6 +52,12 @@ # define ADD_RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .intel_syntax noprefix .text @@ -259,7 +266,7 @@ frame_size = ((frame_GPRSAVE) + (frame_GPRSAVE_size)) ; L is the message length in SHA512 blocks */ .globl _gcry_sha512_transform_amd64_avx -.type _gcry_sha512_transform_amd64_avx, at function; +ELF(.type _gcry_sha512_transform_amd64_avx, at function;) .align 16 _gcry_sha512_transform_amd64_avx: xor eax, eax diff --git a/cipher/sha512-avx2-bmi2-amd64.S b/cipher/sha512-avx2-bmi2-amd64.S index d6301f3..02f95af 100644 --- a/cipher/sha512-avx2-bmi2-amd64.S +++ b/cipher/sha512-avx2-bmi2-amd64.S @@ -43,7 +43,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \ defined(USE_SHA512) @@ -54,6 +55,12 @@ # define ADD_RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .intel_syntax noprefix .text @@ -596,7 +603,7 @@ rotate_Ys ; L is the message length in SHA512 blocks */ .globl _gcry_sha512_transform_amd64_avx2 -.type _gcry_sha512_transform_amd64_avx2, at function; +ELF(.type _gcry_sha512_transform_amd64_avx2, at function;) .align 16 _gcry_sha512_transform_amd64_avx2: xor eax, eax diff --git a/cipher/sha512-ssse3-amd64.S b/cipher/sha512-ssse3-amd64.S index 4c80baa..c721bcf 100644 --- a/cipher/sha512-ssse3-amd64.S +++ b/cipher/sha512-ssse3-amd64.S @@ -44,7 +44,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA512) @@ -54,6 +55,12 @@ # define ADD_RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .intel_syntax noprefix .text @@ -261,7 +268,7 @@ frame_size = ((frame_GPRSAVE) + (frame_GPRSAVE_size)) ; L is the message length in SHA512 blocks. */ .globl _gcry_sha512_transform_amd64_ssse3 -.type _gcry_sha512_transform_amd64_ssse3, at function; +ELF(.type _gcry_sha512_transform_amd64_ssse3, at function;) .align 16 _gcry_sha512_transform_amd64_ssse3: xor eax, eax diff --git a/cipher/sha512.c b/cipher/sha512.c index 5a6af80..029f8f0 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -68,27 +68,31 @@ /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ #undef USE_SSSE3 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_SSSE3 1 #endif /* USE_AVX indicates whether to compile with Intel AVX code. */ #undef USE_AVX -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_AVX) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AVX 1 #endif /* USE_AVX2 indicates whether to compile with Intel AVX2/rorx code. */ #undef USE_AVX2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX2) && \ + defined(HAVE_GCC_INLINE_ASM_BMI2) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AVX2 1 #endif @@ -543,6 +547,21 @@ transform_blk (SHA512_STATE *hd, const unsigned char *data) } +/* AMD64 assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#undef ASM_FUNC_ABI +#undef ASM_EXTRA_STACK +#if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_AVX2) +# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# define ASM_EXTRA_STACK (10 * 16) +# else +# define ASM_FUNC_ABI +# define ASM_EXTRA_STACK 0 +# endif +#endif + + #ifdef USE_ARM_NEON_ASM void _gcry_sha512_transform_armv7_neon (SHA512_STATE *hd, const unsigned char *data, @@ -551,17 +570,20 @@ void _gcry_sha512_transform_armv7_neon (SHA512_STATE *hd, #ifdef USE_SSSE3 unsigned int _gcry_sha512_transform_amd64_ssse3(const void *input_data, - void *state, size_t num_blks); + void *state, + size_t num_blks) ASM_FUNC_ABI; #endif #ifdef USE_AVX unsigned int _gcry_sha512_transform_amd64_avx(const void *input_data, - void *state, size_t num_blks); + void *state, + size_t num_blks) ASM_FUNC_ABI; #endif #ifdef USE_AVX2 unsigned int _gcry_sha512_transform_amd64_avx2(const void *input_data, - void *state, size_t num_blks); + void *state, + size_t num_blks) ASM_FUNC_ABI; #endif @@ -574,19 +596,19 @@ transform (void *context, const unsigned char *data, size_t nblks) #ifdef USE_AVX2 if (ctx->use_avx2) return _gcry_sha512_transform_amd64_avx2 (data, &ctx->state, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif #ifdef USE_AVX if (ctx->use_avx) return _gcry_sha512_transform_amd64_avx (data, &ctx->state, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif #ifdef USE_SSSE3 if (ctx->use_ssse3) return _gcry_sha512_transform_amd64_ssse3 (data, &ctx->state, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif #ifdef USE_ARM_NEON_ASM @@ -607,6 +629,14 @@ transform (void *context, const unsigned char *data, size_t nblks) } while (--nblks); +#ifdef ASM_EXTRA_STACK + /* 'transform_blk' is typically inlined and XMM6-XMM15 are stored at + * the prologue of this function. Therefore need to add ASM_EXTRA_STACK to + * here too. + */ + burn += ASM_EXTRA_STACK; +#endif + return burn; } commit 022959099644f64df5f2a83ade21159864f64837 Author: Jussi Kivilinna Date: Sat May 2 13:05:02 2015 +0300 Enable AMD64 SHA256 implementations for WIN64 * cipher/sha256-avx-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/sha256-avx2-bmi2-amd64.S: Ditto. * cipher/sha256-ssse3-amd64.S: Ditto. * cipher/sha256.c (USE_SSSE3, USE_AVX, USE_AVX2): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [USE_SSSE3 ||?USE_AVX ||?USE_AVX2] (ASM_FUNC_ABI) (ASM_EXTRA_STACK): New. (_gcry_sha256_transform_amd64_ssse3, _gcry_sha256_transform_amd64_avx) (_gcry_sha256_transform_amd64_avx2): Add ASM_FUNC_ABI to prototypes. (transform): Add ASM_EXTRA_STACK to stack burn value. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/sha256-avx-amd64.S b/cipher/sha256-avx-amd64.S index 3912db7..8bf26bd 100644 --- a/cipher/sha256-avx-amd64.S +++ b/cipher/sha256-avx-amd64.S @@ -54,7 +54,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA256) @@ -64,6 +65,12 @@ # define ADD_RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .intel_syntax noprefix #define VMOVDQ vmovdqu /* assume buffers not aligned */ @@ -370,7 +377,7 @@ rotate_Xs */ .text .globl _gcry_sha256_transform_amd64_avx -.type _gcry_sha256_transform_amd64_avx, at function; +ELF(.type _gcry_sha256_transform_amd64_avx, at function;) .align 16 _gcry_sha256_transform_amd64_avx: vzeroupper diff --git a/cipher/sha256-avx2-bmi2-amd64.S b/cipher/sha256-avx2-bmi2-amd64.S index 09df711..74b6063 100644 --- a/cipher/sha256-avx2-bmi2-amd64.S +++ b/cipher/sha256-avx2-bmi2-amd64.S @@ -54,7 +54,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \ defined(USE_SHA256) @@ -65,6 +66,12 @@ # define ADD_RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .intel_syntax noprefix #define VMOVDQ vmovdqu /* ; assume buffers not aligned */ @@ -555,7 +562,7 @@ rotate_Xs */ .text .globl _gcry_sha256_transform_amd64_avx2 -.type _gcry_sha256_transform_amd64_avx2, at function +ELF(.type _gcry_sha256_transform_amd64_avx2, at function) .align 32 _gcry_sha256_transform_amd64_avx2: push rbx diff --git a/cipher/sha256-ssse3-amd64.S b/cipher/sha256-ssse3-amd64.S index 80b1cec..9ec87e4 100644 --- a/cipher/sha256-ssse3-amd64.S +++ b/cipher/sha256-ssse3-amd64.S @@ -55,7 +55,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA256) @@ -65,6 +66,12 @@ # define ADD_RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .intel_syntax noprefix #define MOVDQ movdqu /* assume buffers not aligned */ @@ -376,7 +383,7 @@ rotate_Xs */ .text .globl _gcry_sha256_transform_amd64_ssse3 -.type _gcry_sha256_transform_amd64_ssse3, at function; +ELF(.type _gcry_sha256_transform_amd64_ssse3, at function;) .align 16 _gcry_sha256_transform_amd64_ssse3: push rbx diff --git a/cipher/sha256.c b/cipher/sha256.c index d3af172..59ffa43 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -49,25 +49,29 @@ /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ #undef USE_SSSE3 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_SSSE3 1 #endif /* USE_AVX indicates whether to compile with Intel AVX code. */ #undef USE_AVX -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_AVX) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AVX 1 #endif /* USE_AVX2 indicates whether to compile with Intel AVX2/BMI2 code. */ #undef USE_AVX2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(HAVE_GCC_INLINE_ASM_BMI2) && \ - defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX2) && \ + defined(HAVE_GCC_INLINE_ASM_BMI2) && \ + defined(HAVE_INTEL_SYNTAX_PLATFORM_AS) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AVX2 1 #endif @@ -322,19 +326,37 @@ transform_blk (void *ctx, const unsigned char *data) #undef R +/* Assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#undef ASM_FUNC_ABI +#undef ASM_EXTRA_STACK +#if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_AVX2) +# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# define ASM_EXTRA_STACK (10 * 16) +# else +# define ASM_FUNC_ABI +# define ASM_EXTRA_STACK 0 +# endif +#endif + + #ifdef USE_SSSE3 unsigned int _gcry_sha256_transform_amd64_ssse3(const void *input_data, - u32 state[8], size_t num_blks); + u32 state[8], + size_t num_blks) ASM_FUNC_ABI; #endif #ifdef USE_AVX unsigned int _gcry_sha256_transform_amd64_avx(const void *input_data, - u32 state[8], size_t num_blks); + u32 state[8], + size_t num_blks) ASM_FUNC_ABI; #endif #ifdef USE_AVX2 unsigned int _gcry_sha256_transform_amd64_avx2(const void *input_data, - u32 state[8], size_t num_blks); + u32 state[8], + size_t num_blks) ASM_FUNC_ABI; #endif @@ -347,19 +369,19 @@ transform (void *ctx, const unsigned char *data, size_t nblks) #ifdef USE_AVX2 if (hd->use_avx2) return _gcry_sha256_transform_amd64_avx2 (data, &hd->h0, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif #ifdef USE_AVX if (hd->use_avx) return _gcry_sha256_transform_amd64_avx (data, &hd->h0, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif #ifdef USE_SSSE3 if (hd->use_ssse3) return _gcry_sha256_transform_amd64_ssse3 (data, &hd->h0, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif do @@ -369,6 +391,14 @@ transform (void *ctx, const unsigned char *data, size_t nblks) } while (--nblks); +#ifdef ASM_EXTRA_STACK + /* 'transform_blk' is typically inlined and XMM6-XMM15 are stored at + * the prologue of this function. Therefore need to add ASM_EXTRA_STACK to + * here too. + */ + burn += ASM_EXTRA_STACK; +#endif + return burn; } commit e433676a899fa0d274d40547166b03c7c8bd8e78 Author: Jussi Kivilinna Date: Sat May 2 12:57:07 2015 +0300 Enable AMD64 SHA1 implementations for WIN64 * cipher/sha1-avx-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/sha1-avx-bmi2-amd64.S: Ditto. * cipher/sha1-ssse3-amd64.S: Ditto. * cipher/sha1.c (USE_SSSE3, USE_AVX, USE_BMI2): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [USE_SSSE3 ||?USE_AVX ||?USE_BMI2] (ASM_FUNC_ABI) (ASM_EXTRA_STACK): New. (_gcry_sha1_transform_amd64_ssse3, _gcry_sha1_transform_amd64_avx) (_gcry_sha1_transform_amd64_avx_bmi2): Add ASM_FUNC_ABI to prototypes. (transform): Add ASM_EXTRA_STACK to stack burn value. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/sha1-avx-amd64.S b/cipher/sha1-avx-amd64.S index 6bec389..062a45b 100644 --- a/cipher/sha1-avx-amd64.S +++ b/cipher/sha1-avx-amd64.S @@ -29,7 +29,8 @@ #ifdef __x86_64__ #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_GCC_INLINE_ASM_BMI2) && \ defined(HAVE_GCC_INLINE_ASM_AVX2) && defined(USE_SHA1) @@ -40,6 +41,13 @@ #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + + /* Context structure */ #define state_h0 0 @@ -209,7 +217,7 @@ */ .text .globl _gcry_sha1_transform_amd64_avx -.type _gcry_sha1_transform_amd64_avx, at function +ELF(.type _gcry_sha1_transform_amd64_avx, at function) .align 16 _gcry_sha1_transform_amd64_avx: /* input: diff --git a/cipher/sha1-avx-bmi2-amd64.S b/cipher/sha1-avx-bmi2-amd64.S index cd5af5b..22bcbb3 100644 --- a/cipher/sha1-avx-bmi2-amd64.S +++ b/cipher/sha1-avx-bmi2-amd64.S @@ -29,7 +29,8 @@ #ifdef __x86_64__ #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_GCC_INLINE_ASM_BMI2) && \ defined(HAVE_GCC_INLINE_ASM_AVX) && defined(USE_SHA1) @@ -40,6 +41,13 @@ #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + + /* Context structure */ #define state_h0 0 @@ -206,7 +214,7 @@ */ .text .globl _gcry_sha1_transform_amd64_avx_bmi2 -.type _gcry_sha1_transform_amd64_avx_bmi2, at function +ELF(.type _gcry_sha1_transform_amd64_avx_bmi2, at function) .align 16 _gcry_sha1_transform_amd64_avx_bmi2: /* input: diff --git a/cipher/sha1-ssse3-amd64.S b/cipher/sha1-ssse3-amd64.S index 226988d..98a19e6 100644 --- a/cipher/sha1-ssse3-amd64.S +++ b/cipher/sha1-ssse3-amd64.S @@ -29,7 +29,8 @@ #ifdef __x86_64__ #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_GCC_INLINE_ASM_SSSE3) && defined(USE_SHA1) #ifdef __PIC__ @@ -39,6 +40,13 @@ #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + + /* Context structure */ #define state_h0 0 @@ -220,7 +228,7 @@ */ .text .globl _gcry_sha1_transform_amd64_ssse3 -.type _gcry_sha1_transform_amd64_ssse3, at function +ELF(.type _gcry_sha1_transform_amd64_ssse3, at function) .align 16 _gcry_sha1_transform_amd64_ssse3: /* input: diff --git a/cipher/sha1.c b/cipher/sha1.c index 6ccf0e8..eb42883 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -45,22 +45,26 @@ /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ #undef USE_SSSE3 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_SSSE3) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_SSSE3 1 #endif /* USE_AVX indicates whether to compile with Intel AVX code. */ #undef USE_AVX -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_AVX) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AVX 1 #endif /* USE_BMI2 indicates whether to compile with Intel AVX/BMI2 code. */ #undef USE_BMI2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_AVX) && defined(HAVE_GCC_INLINE_ASM_BMI2) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_AVX) && \ + defined(HAVE_GCC_INLINE_ASM_BMI2) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_BMI2 1 #endif @@ -287,22 +291,37 @@ transform_blk (void *ctx, const unsigned char *data) } +/* Assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#undef ASM_FUNC_ABI +#undef ASM_EXTRA_STACK +#if defined(USE_SSSE3) || defined(USE_AVX) || defined(USE_BMI2) +# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# define ASM_EXTRA_STACK (10 * 16) +# else +# define ASM_FUNC_ABI +# define ASM_EXTRA_STACK 0 +# endif +#endif + + #ifdef USE_SSSE3 unsigned int _gcry_sha1_transform_amd64_ssse3 (void *state, const unsigned char *data, - size_t nblks); + size_t nblks) ASM_FUNC_ABI; #endif #ifdef USE_AVX unsigned int _gcry_sha1_transform_amd64_avx (void *state, const unsigned char *data, - size_t nblks); + size_t nblks) ASM_FUNC_ABI; #endif #ifdef USE_BMI2 unsigned int _gcry_sha1_transform_amd64_avx_bmi2 (void *state, const unsigned char *data, - size_t nblks); + size_t nblks) ASM_FUNC_ABI; #endif @@ -315,17 +334,17 @@ transform (void *ctx, const unsigned char *data, size_t nblks) #ifdef USE_BMI2 if (hd->use_bmi2) return _gcry_sha1_transform_amd64_avx_bmi2 (&hd->h0, data, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif #ifdef USE_AVX if (hd->use_avx) return _gcry_sha1_transform_amd64_avx (&hd->h0, data, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif #ifdef USE_SSSE3 if (hd->use_ssse3) return _gcry_sha1_transform_amd64_ssse3 (&hd->h0, data, nblks) - + 4 * sizeof(void*); + + 4 * sizeof(void*) + ASM_EXTRA_STACK; #endif #ifdef USE_NEON if (hd->use_neon) @@ -340,6 +359,14 @@ transform (void *ctx, const unsigned char *data, size_t nblks) } while (--nblks); +#ifdef ASM_EXTRA_STACK + /* 'transform_blk' is typically inlined and XMM6-XMM15 are stored at + * the prologue of this function. Therefore need to add ASM_EXTRA_STACK to + * here too. + */ + burn += ASM_EXTRA_STACK; +#endif + return burn; } commit 4e09aaa36d151c3312019724a77fc09aa345b82f Author: Jussi Kivilinna Date: Wed Apr 29 18:18:07 2015 +0300 Enable AES/AES-NI, AES/SSSE3 and GCM/PCLMUL implementations on WIN64 * cipher/cipher-gcm-intel-pclmul.c (_gcry_ghash_intel_pclmul) ( _gcry_ghash_intel_pclmul) [__WIN64__]: Store non-volatile vector registers before use and restore after. * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Remove dependency on !defined(__WIN64__). * cipher/rijndael-aesni.c [__WIN64__] (aesni_prepare_2_6_variable, aesni_prepare, aesni_prepare_2_6, aesni_cleanup) ( aesni_cleanup_2_6): New. [!__WIN64__] (aesni_prepare_2_6_variable, aesni_prepare_2_6): New. (_gcry_aes_aesni_do_setkey, _gcry_aes_aesni_cbc_enc) (_gcry_aesni_ctr_enc, _gcry_aesni_cfb_dec, _gcry_aesni_cbc_dec) (_gcry_aesni_ocb_crypt, _gcry_aesni_ocb_auth): Use 'aesni_prepare_2_6'. * cipher/rijndael-internal.h (USE_SSSE3): Enable if HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS or HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS. (USE_AESNI): Remove dependency on !defined(__WIN64__) * cipher/rijndael-ssse3-amd64.c [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare, vpaes_ssse3_cleanup): New. [!HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (vpaes_ssse3_prepare): New. (vpaes_ssse3_prepare_enc, vpaes_ssse3_prepare_dec): Use 'vpaes_ssse3_prepare'. (_gcry_aes_ssse3_do_setkey, _gcry_aes_ssse3_prepare_decryption): Use 'vpaes_ssse3_prepare' and 'vpaes_ssse3_cleanup'. [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (X): Add masking macro to exclude '.type' and '.size' markers from assembly code, as they are not support on WIN64/COFF objects. * configure.ac (gcry_cv_gcc_attribute_ms_abi) (gcry_cv_gcc_attribute_sysv_abi, gcry_cv_gcc_default_abi_is_ms_abi) (gcry_cv_gcc_default_abi_is_sysv_abi) (gcry_cv_gcc_win64_platform_as_ok): New checks. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-gcm-intel-pclmul.c b/cipher/cipher-gcm-intel-pclmul.c index 79648ce..a327249 100644 --- a/cipher/cipher-gcm-intel-pclmul.c +++ b/cipher/cipher-gcm-intel-pclmul.c @@ -249,6 +249,17 @@ void _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c) { u64 tmp[2]; +#if defined(__x86_64__) && defined(__WIN64__) + char win64tmp[3 * 16]; + + /* XMM6-XMM8 need to be restored after use. */ + asm volatile ("movdqu %%xmm6, 0*16(%0)\n\t" + "movdqu %%xmm7, 1*16(%0)\n\t" + "movdqu %%xmm8, 2*16(%0)\n\t" + : + : "r" (win64tmp) + : "memory"); +#endif /* Swap endianness of hsub. */ tmp[0] = buf_get_be64(c->u_mode.gcm.u_ghash_key.key + 8); @@ -285,6 +296,21 @@ _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c) : [h_234] "r" (c->u_mode.gcm.gcm_table) : "memory"); +#ifdef __WIN64__ + /* Clear/restore used registers. */ + asm volatile( "pxor %%xmm0, %%xmm0\n\t" + "pxor %%xmm1, %%xmm1\n\t" + "pxor %%xmm2, %%xmm2\n\t" + "pxor %%xmm3, %%xmm3\n\t" + "pxor %%xmm4, %%xmm4\n\t" + "pxor %%xmm5, %%xmm5\n\t" + "movdqu 0*16(%0), %%xmm6\n\t" + "movdqu 1*16(%0), %%xmm7\n\t" + "movdqu 2*16(%0), %%xmm8\n\t" + : + : "r" (win64tmp) + : "memory"); +#else /* Clear used registers. */ asm volatile( "pxor %%xmm0, %%xmm0\n\t" "pxor %%xmm1, %%xmm1\n\t" @@ -297,6 +323,7 @@ _gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c) "pxor %%xmm8, %%xmm8\n\t" ::: "cc" ); #endif +#endif wipememory (tmp, sizeof(tmp)); } @@ -309,10 +336,30 @@ _gcry_ghash_intel_pclmul (gcry_cipher_hd_t c, byte *result, const byte *buf, static const unsigned char be_mask[16] __attribute__ ((aligned (16))) = { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; const unsigned int blocksize = GCRY_GCM_BLOCK_LEN; +#ifdef __WIN64__ + char win64tmp[10 * 16]; +#endif if (nblocks == 0) return 0; +#ifdef __WIN64__ + /* XMM8-XMM15 need to be restored after use. */ + asm volatile ("movdqu %%xmm6, 0*16(%0)\n\t" + "movdqu %%xmm7, 1*16(%0)\n\t" + "movdqu %%xmm8, 2*16(%0)\n\t" + "movdqu %%xmm9, 3*16(%0)\n\t" + "movdqu %%xmm10, 4*16(%0)\n\t" + "movdqu %%xmm11, 5*16(%0)\n\t" + "movdqu %%xmm12, 6*16(%0)\n\t" + "movdqu %%xmm13, 7*16(%0)\n\t" + "movdqu %%xmm14, 8*16(%0)\n\t" + "movdqu %%xmm15, 9*16(%0)\n\t" + : + : "r" (win64tmp) + : "memory" ); +#endif + /* Preload hash and H1. */ asm volatile ("movdqu %[hash], %%xmm1\n\t" "movdqa %[hsub], %%xmm0\n\t" @@ -353,6 +400,7 @@ _gcry_ghash_intel_pclmul (gcry_cipher_hd_t c, byte *result, const byte *buf, } while (nblocks >= 4); +#ifndef __WIN64__ /* Clear used x86-64/XMM registers. */ asm volatile( "pxor %%xmm8, %%xmm8\n\t" "pxor %%xmm9, %%xmm9\n\t" @@ -363,6 +411,7 @@ _gcry_ghash_intel_pclmul (gcry_cipher_hd_t c, byte *result, const byte *buf, "pxor %%xmm14, %%xmm14\n\t" "pxor %%xmm15, %%xmm15\n\t" ::: "cc" ); +#endif } #endif @@ -385,6 +434,28 @@ _gcry_ghash_intel_pclmul (gcry_cipher_hd_t c, byte *result, const byte *buf, : [hash] "=m" (*result) : [be_mask] "m" (*be_mask)); +#ifdef __WIN64__ + /* Clear/restore used registers. */ + asm volatile( "pxor %%xmm0, %%xmm0\n\t" + "pxor %%xmm1, %%xmm1\n\t" + "pxor %%xmm2, %%xmm2\n\t" + "pxor %%xmm3, %%xmm3\n\t" + "pxor %%xmm4, %%xmm4\n\t" + "pxor %%xmm5, %%xmm5\n\t" + "movdqu 0*16(%0), %%xmm6\n\t" + "movdqu 1*16(%0), %%xmm7\n\t" + "movdqu 2*16(%0), %%xmm8\n\t" + "movdqu 3*16(%0), %%xmm9\n\t" + "movdqu 4*16(%0), %%xmm10\n\t" + "movdqu 5*16(%0), %%xmm11\n\t" + "movdqu 6*16(%0), %%xmm12\n\t" + "movdqu 7*16(%0), %%xmm13\n\t" + "movdqu 8*16(%0), %%xmm14\n\t" + "movdqu 9*16(%0), %%xmm15\n\t" + : + : "r" (win64tmp) + : "memory" ); +#else /* Clear used registers. */ asm volatile( "pxor %%xmm0, %%xmm0\n\t" "pxor %%xmm1, %%xmm1\n\t" @@ -395,6 +466,7 @@ _gcry_ghash_intel_pclmul (gcry_cipher_hd_t c, byte *result, const byte *buf, "pxor %%xmm6, %%xmm6\n\t" "pxor %%xmm7, %%xmm7\n\t" ::: "cc" ); +#endif return 0; } diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index 693f218..e20ea56 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -67,9 +67,7 @@ #if defined(ENABLE_PCLMUL_SUPPORT) && defined(GCM_USE_TABLES) # if ((defined(__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)) # if __GNUC__ >= 4 -# ifndef __WIN64__ -# define GCM_USE_INTEL_PCLMUL 1 -# endif +# define GCM_USE_INTEL_PCLMUL 1 # endif # endif #endif /* GCM_USE_INTEL_PCLMUL */ diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c index 147679f..910bc68 100644 --- a/cipher/rijndael-aesni.c +++ b/cipher/rijndael-aesni.c @@ -49,24 +49,54 @@ typedef struct u128_s { u32 a, b, c, d; } u128_t; the use of these macros. There purpose is to make sure that the SSE regsiters are cleared and won't reveal any information about the key or the data. */ -#define aesni_prepare() do { } while (0) -#define aesni_cleanup() \ - do { asm volatile ("pxor %%xmm0, %%xmm0\n\t" \ - "pxor %%xmm1, %%xmm1\n" :: ); \ - } while (0) -#define aesni_cleanup_2_6() \ - do { asm volatile ("pxor %%xmm2, %%xmm2\n\t" \ - "pxor %%xmm3, %%xmm3\n" \ - "pxor %%xmm4, %%xmm4\n" \ - "pxor %%xmm5, %%xmm5\n" \ - "pxor %%xmm6, %%xmm6\n":: ); \ - } while (0) - +#ifdef __WIN64__ +/* XMM6-XMM15 are callee-saved registers on WIN64. */ +# define aesni_prepare_2_6_variable char win64tmp[16] +# define aesni_prepare() do { } while (0) +# define aesni_prepare_2_6() \ + do { asm volatile ("movdqu %%xmm6, %0\n\t" \ + : "=m" (*win64tmp) \ + : \ + : "memory"); \ + } while (0) +# define aesni_cleanup() \ + do { asm volatile ("pxor %%xmm0, %%xmm0\n\t" \ + "pxor %%xmm1, %%xmm1\n" :: ); \ + } while (0) +# define aesni_cleanup_2_6() \ + do { asm volatile ("movdqu %0, %%xmm6\n\t" \ + "pxor %%xmm2, %%xmm2\n" \ + "pxor %%xmm3, %%xmm3\n" \ + "pxor %%xmm4, %%xmm4\n" \ + "pxor %%xmm5, %%xmm5\n" \ + : \ + : "m" (*win64tmp) \ + : "memory"); \ + } while (0) +#else +# define aesni_prepare_2_6_variable +# define aesni_prepare() do { } while (0) +# define aesni_prepare_2_6() do { } while (0) +# define aesni_cleanup() \ + do { asm volatile ("pxor %%xmm0, %%xmm0\n\t" \ + "pxor %%xmm1, %%xmm1\n" :: ); \ + } while (0) +# define aesni_cleanup_2_6() \ + do { asm volatile ("pxor %%xmm2, %%xmm2\n\t" \ + "pxor %%xmm3, %%xmm3\n" \ + "pxor %%xmm4, %%xmm4\n" \ + "pxor %%xmm5, %%xmm5\n" \ + "pxor %%xmm6, %%xmm6\n":: ); \ + } while (0) +#endif void _gcry_aes_aesni_do_setkey (RIJNDAEL_context *ctx, const byte *key) { + aesni_prepare_2_6_variable; + aesni_prepare(); + aesni_prepare_2_6(); if (ctx->rounds < 12) { @@ -999,7 +1029,10 @@ _gcry_aes_aesni_cbc_enc (RIJNDAEL_context *ctx, unsigned char *outbuf, const unsigned char *inbuf, unsigned char *iv, size_t nblocks, int cbc_mac) { + aesni_prepare_2_6_variable; + aesni_prepare (); + aesni_prepare_2_6(); asm volatile ("movdqu %[iv], %%xmm5\n\t" : /* No output */ @@ -1044,8 +1077,10 @@ _gcry_aes_aesni_ctr_enc (RIJNDAEL_context *ctx, unsigned char *outbuf, { static const unsigned char be_mask[16] __attribute__ ((aligned (16))) = { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + aesni_prepare_2_6_variable; aesni_prepare (); + aesni_prepare_2_6(); asm volatile ("movdqa %[mask], %%xmm6\n\t" /* Preload mask */ "movdqa %[ctr], %%xmm5\n\t" /* Preload CTR */ @@ -1095,7 +1130,10 @@ _gcry_aes_aesni_cfb_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, const unsigned char *inbuf, unsigned char *iv, size_t nblocks) { + aesni_prepare_2_6_variable; + aesni_prepare (); + aesni_prepare_2_6(); asm volatile ("movdqu %[iv], %%xmm6\n\t" : /* No output */ @@ -1177,7 +1215,10 @@ _gcry_aes_aesni_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, const unsigned char *inbuf, unsigned char *iv, size_t nblocks) { + aesni_prepare_2_6_variable; + aesni_prepare (); + aesni_prepare_2_6(); asm volatile ("movdqu %[iv], %%xmm5\n\t" /* use xmm5 as fast IV storage */ @@ -1331,8 +1372,10 @@ aesni_ocb_enc (gcry_cipher_hd_t c, void *outbuf_arg, unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; u64 n = c->u_mode.ocb.data_nblocks; + aesni_prepare_2_6_variable; aesni_prepare (); + aesni_prepare_2_6 (); /* Preload Offset and Checksum */ asm volatile ("movdqu %[iv], %%xmm5\n\t" @@ -1473,8 +1516,10 @@ aesni_ocb_dec (gcry_cipher_hd_t c, void *outbuf_arg, unsigned char *outbuf = outbuf_arg; const unsigned char *inbuf = inbuf_arg; u64 n = c->u_mode.ocb.data_nblocks; + aesni_prepare_2_6_variable; aesni_prepare (); + aesni_prepare_2_6 (); /* Preload Offset and Checksum */ asm volatile ("movdqu %[iv], %%xmm5\n\t" @@ -1625,8 +1670,10 @@ _gcry_aes_aesni_ocb_auth (gcry_cipher_hd_t c, const void *abuf_arg, RIJNDAEL_context *ctx = (void *)&c->context.c; const unsigned char *abuf = abuf_arg; u64 n = c->u_mode.ocb.aad_nblocks; + aesni_prepare_2_6_variable; aesni_prepare (); + aesni_prepare_2_6 (); /* Preload Offset and Sum */ asm volatile ("movdqu %[iv], %%xmm5\n\t" diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h index bd247a9..33ca53f 100644 --- a/cipher/rijndael-internal.h +++ b/cipher/rijndael-internal.h @@ -44,8 +44,9 @@ #endif /* USE_SSSE3 indicates whether to use SSSE3 code. */ -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ - defined(HAVE_GCC_INLINE_ASM_SSSE3) +#if defined(__x86_64__) && defined(HAVE_GCC_INLINE_ASM_SSSE3) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_SSSE3 1 #endif @@ -75,9 +76,7 @@ #ifdef ENABLE_AESNI_SUPPORT # if ((defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)) # if __GNUC__ >= 4 -# ifndef __WIN64__ -# define USE_AESNI 1 -# endif +# define USE_AESNI 1 # endif # endif #endif /* ENABLE_AESNI_SUPPORT */ diff --git a/cipher/rijndael-ssse3-amd64.c b/cipher/rijndael-ssse3-amd64.c index 3f1b352..21438dc 100644 --- a/cipher/rijndael-ssse3-amd64.c +++ b/cipher/rijndael-ssse3-amd64.c @@ -61,7 +61,60 @@ the use of these macros. There purpose is to make sure that the SSE registers are cleared and won't reveal any information about the key or the data. */ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +/* XMM6-XMM15 are callee-saved registers on WIN64. */ +# define vpaes_ssse3_prepare() \ + char win64tmp[16 * 10]; \ + asm volatile ("movdqu %%xmm6, 0*16(%0)\n\t" \ + "movdqu %%xmm7, 1*16(%0)\n\t" \ + "movdqu %%xmm8, 2*16(%0)\n\t" \ + "movdqu %%xmm9, 3*16(%0)\n\t" \ + "movdqu %%xmm10, 4*16(%0)\n\t" \ + "movdqu %%xmm11, 5*16(%0)\n\t" \ + "movdqu %%xmm12, 6*16(%0)\n\t" \ + "movdqu %%xmm13, 7*16(%0)\n\t" \ + "movdqu %%xmm14, 8*16(%0)\n\t" \ + "movdqu %%xmm15, 9*16(%0)\n\t" \ + : \ + : "r" (win64tmp) \ + : "memory" ) +# define vpaes_ssse3_cleanup() \ + asm volatile ("pxor %%xmm0, %%xmm0 \n\t" \ + "pxor %%xmm1, %%xmm1 \n\t" \ + "pxor %%xmm2, %%xmm2 \n\t" \ + "pxor %%xmm3, %%xmm3 \n\t" \ + "pxor %%xmm4, %%xmm4 \n\t" \ + "pxor %%xmm5, %%xmm5 \n\t" \ + "movdqu 0*16(%0), %%xmm6 \n\t" \ + "movdqu 1*16(%0), %%xmm7 \n\t" \ + "movdqu 2*16(%0), %%xmm8 \n\t" \ + "movdqu 3*16(%0), %%xmm9 \n\t" \ + "movdqu 4*16(%0), %%xmm10 \n\t" \ + "movdqu 5*16(%0), %%xmm11 \n\t" \ + "movdqu 6*16(%0), %%xmm12 \n\t" \ + "movdqu 7*16(%0), %%xmm13 \n\t" \ + "movdqu 8*16(%0), %%xmm14 \n\t" \ + "movdqu 9*16(%0), %%xmm15 \n\t" \ + : \ + : "r" (win64tmp) \ + : "memory" ) +#else +# define vpaes_ssse3_prepare() /*_*/ +# define vpaes_ssse3_cleanup() \ + asm volatile ("pxor %%xmm0, %%xmm0 \n\t" \ + "pxor %%xmm1, %%xmm1 \n\t" \ + "pxor %%xmm2, %%xmm2 \n\t" \ + "pxor %%xmm3, %%xmm3 \n\t" \ + "pxor %%xmm4, %%xmm4 \n\t" \ + "pxor %%xmm5, %%xmm5 \n\t" \ + "pxor %%xmm6, %%xmm6 \n\t" \ + "pxor %%xmm7, %%xmm7 \n\t" \ + "pxor %%xmm8, %%xmm8 \n\t" \ + ::: "memory" ) +#endif + #define vpaes_ssse3_prepare_enc(const_ptr) \ + vpaes_ssse3_prepare(); \ asm volatile ("lea .Laes_consts(%%rip), %q0 \n\t" \ "movdqa (%q0), %%xmm9 # 0F \n\t" \ "movdqa .Lk_inv (%q0), %%xmm10 # inv \n\t" \ @@ -75,6 +128,7 @@ : "memory" ) #define vpaes_ssse3_prepare_dec(const_ptr) \ + vpaes_ssse3_prepare(); \ asm volatile ("lea .Laes_consts(%%rip), %q0 \n\t" \ "movdqa (%q0), %%xmm9 # 0F \n\t" \ "movdqa .Lk_inv (%q0), %%xmm10 # inv \n\t" \ @@ -88,17 +142,6 @@ : \ : "memory" ) -#define vpaes_ssse3_cleanup() \ - asm volatile ("pxor %%xmm0, %%xmm0 \n\t" \ - "pxor %%xmm1, %%xmm1 \n\t" \ - "pxor %%xmm2, %%xmm2 \n\t" \ - "pxor %%xmm3, %%xmm3 \n\t" \ - "pxor %%xmm4, %%xmm4 \n\t" \ - "pxor %%xmm5, %%xmm5 \n\t" \ - "pxor %%xmm6, %%xmm6 \n\t" \ - "pxor %%xmm7, %%xmm7 \n\t" \ - "pxor %%xmm8, %%xmm8 \n\t" \ - ::: "memory" ) void @@ -106,6 +149,8 @@ _gcry_aes_ssse3_do_setkey (RIJNDAEL_context *ctx, const byte *key) { unsigned int keybits = (ctx->rounds - 10) * 32 + 128; + vpaes_ssse3_prepare(); + asm volatile ("leaq %q[key], %%rdi" "\n\t" "movl %[bits], %%esi" "\n\t" "leaq %[buf], %%rdx" "\n\t" @@ -121,6 +166,8 @@ _gcry_aes_ssse3_do_setkey (RIJNDAEL_context *ctx, const byte *key) : "r8", "r9", "r10", "r11", "rax", "rcx", "rdx", "rdi", "rsi", "cc", "memory"); + vpaes_ssse3_cleanup(); + /* Save key for setting up decryption. */ memcpy(&ctx->keyschdec32[0][0], key, keybits / 8); } @@ -132,6 +179,8 @@ _gcry_aes_ssse3_prepare_decryption (RIJNDAEL_context *ctx) { unsigned int keybits = (ctx->rounds - 10) * 32 + 128; + vpaes_ssse3_prepare(); + asm volatile ("leaq %q[key], %%rdi" "\n\t" "movl %[bits], %%esi" "\n\t" "leaq %[buf], %%rdx" "\n\t" @@ -146,6 +195,8 @@ _gcry_aes_ssse3_prepare_decryption (RIJNDAEL_context *ctx) [rotoffs] "g" ((keybits == 192) ? 0 : 32) : "r8", "r9", "r10", "r11", "rax", "rcx", "rdx", "rdi", "rsi", "cc", "memory"); + + vpaes_ssse3_cleanup(); } @@ -465,6 +516,11 @@ _gcry_aes_ssse3_cbc_dec (RIJNDAEL_context *ctx, unsigned char *outbuf, } +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +# define X(...) +#else +# define X(...) __VA_ARGS__ +#endif asm ( "\n\t" "##" @@ -494,7 +550,7 @@ asm ( "\n\t" "##" "\n\t" "##" "\n\t" ".align 16" - "\n\t" ".type _aes_encrypt_core, at function" +X("\n\t" ".type _aes_encrypt_core, at function") "\n\t" "_aes_encrypt_core:" "\n\t" " leaq .Lk_mc_backward(%rcx), %rdi" "\n\t" " mov $16, %rsi" @@ -570,7 +626,7 @@ asm ( "\n\t" " pxor %xmm4, %xmm0 # 0 = A" "\n\t" " pshufb .Lk_sr(%rsi,%rcx), %xmm0" "\n\t" " ret" - "\n\t" ".size _aes_encrypt_core,.-_aes_encrypt_core" +X("\n\t" ".size _aes_encrypt_core,.-_aes_encrypt_core") "\n\t" "##" "\n\t" "## Decryption core" @@ -578,7 +634,7 @@ asm ( "\n\t" "## Same API as encryption core." "\n\t" "##" "\n\t" ".align 16" - "\n\t" ".type _aes_decrypt_core, at function" +X("\n\t" ".type _aes_decrypt_core, at function") "\n\t" "_aes_decrypt_core:" "\n\t" " movl %eax, %esi" "\n\t" " shll $4, %esi" @@ -670,7 +726,7 @@ asm ( "\n\t" " pxor %xmm4, %xmm0 # 0 = A" "\n\t" " pshufb .Lk_sr(%rsi,%rcx), %xmm0" "\n\t" " ret" - "\n\t" ".size _aes_decrypt_core,.-_aes_decrypt_core" +X("\n\t" ".size _aes_decrypt_core,.-_aes_decrypt_core") "\n\t" "########################################################" "\n\t" "## ##" @@ -679,7 +735,7 @@ asm ( "\n\t" "########################################################" "\n\t" ".align 16" - "\n\t" ".type _aes_schedule_core, at function" +X("\n\t" ".type _aes_schedule_core, at function") "\n\t" "_aes_schedule_core:" "\n\t" " # rdi = key" "\n\t" " # rsi = size in bits" @@ -1039,7 +1095,7 @@ asm ( "\n\t" " pxor %xmm7, %xmm7" "\n\t" " pxor %xmm8, %xmm8" "\n\t" " ret" - "\n\t" ".size _aes_schedule_core,.-_aes_schedule_core" +X("\n\t" ".size _aes_schedule_core,.-_aes_schedule_core") "\n\t" "########################################################" "\n\t" "## ##" @@ -1048,7 +1104,7 @@ asm ( "\n\t" "########################################################" "\n\t" ".align 16" - "\n\t" ".type _aes_consts, at object" +X("\n\t" ".type _aes_consts, at object") "\n\t" ".Laes_consts:" "\n\t" "_aes_consts:" "\n\t" " # s0F" @@ -1226,7 +1282,7 @@ asm ( "\n\t" " .quad 0xC7AA6DB9D4943E2D" "\n\t" " .quad 0x12D7560F93441D00" "\n\t" " .quad 0xCA4B8159D8C58E9C" - "\n\t" ".size _aes_consts,.-_aes_consts" +X("\n\t" ".size _aes_consts,.-_aes_consts") ); #endif /* USE_SSSE3 */ diff --git a/configure.ac b/configure.ac index 594209f..0f16175 100644 --- a/configure.ac +++ b/configure.ac @@ -1127,6 +1127,93 @@ fi #### #### ############################################# + +# Following tests depend on warnings to cause compile to fail, so set -Werror +# temporarily. +_gcc_cflags_save=$CFLAGS +CFLAGS="$CFLAGS -Werror" + + +# +# Check whether compiler supports 'ms_abi' function attribute. +# +AC_CACHE_CHECK([whether compiler supports 'ms_abi' function attribute], + [gcry_cv_gcc_attribute_ms_abi], + [gcry_cv_gcc_attribute_ms_abi=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[int __attribute__ ((ms_abi)) proto(int);]])], + [gcry_cv_gcc_attribute_ms_abi=yes])]) +if test "$gcry_cv_gcc_attribute_ms_abi" = "yes" ; then + AC_DEFINE(HAVE_GCC_ATTRIBUTE_MS_ABI,1, + [Defined if compiler supports "__attribute__ ((ms_abi))" function attribute]) +fi + + +# +# Check whether compiler supports 'sysv_abi' function attribute. +# +AC_CACHE_CHECK([whether compiler supports 'sysv_abi' function attribute], + [gcry_cv_gcc_attribute_sysv_abi], + [gcry_cv_gcc_attribute_sysv_abi=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[int __attribute__ ((sysv_abi)) proto(int);]])], + [gcry_cv_gcc_attribute_sysv_abi=yes])]) +if test "$gcry_cv_gcc_attribute_sysv_abi" = "yes" ; then + AC_DEFINE(HAVE_GCC_ATTRIBUTE_SYSV_ABI,1, + [Defined if compiler supports "__attribute__ ((sysv_abi))" function attribute]) +fi + + +# +# Check whether default calling convention is 'ms_abi'. +# +if test "$gcry_cv_gcc_attribute_ms_abi" = "yes" ; then + AC_CACHE_CHECK([whether default calling convention is 'ms_abi'], + [gcry_cv_gcc_default_abi_is_ms_abi], + [gcry_cv_gcc_default_abi_is_ms_abi=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[void *test(void) { + void *(*def_func)(void) = test; + void *__attribute__((ms_abi))(*msabi_func)(void); + /* warning on SysV abi targets, passes on Windows based targets */ + msabi_func = def_func; + return msabi_func; + }]])], + [gcry_cv_gcc_default_abi_is_ms_abi=yes])]) + if test "$gcry_cv_gcc_default_abi_is_ms_abi" = "yes" ; then + AC_DEFINE(HAVE_GCC_DEFAULT_ABI_IS_MS_ABI,1, + [Defined if default calling convention is 'ms_abi']) + fi +fi + + +# +# Check whether default calling convention is 'sysv_abi'. +# +if test "$gcry_cv_gcc_attribute_sysv_abi" = "yes" ; then + AC_CACHE_CHECK([whether default calling convention is 'sysv_abi'], + [gcry_cv_gcc_default_abi_is_sysv_abi], + [gcry_cv_gcc_default_abi_is_sysv_abi=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[void *test(void) { + void *(*def_func)(void) = test; + void *__attribute__((sysv_abi))(*sysvabi_func)(void); + /* warning on MS ABI targets, passes on SysV ABI targets */ + sysvabi_func = def_func; + return sysvabi_func; + }]])], + [gcry_cv_gcc_default_abi_is_sysv_abi=yes])]) + if test "$gcry_cv_gcc_default_abi_is_sysv_abi" = "yes" ; then + AC_DEFINE(HAVE_GCC_DEFAULT_ABI_IS_SYSV_ABI,1, + [Defined if default calling convention is 'sysv_abi']) + fi +fi + + +# Restore flags. +CFLAGS=$_gcc_cflags_save; + + # # Check whether GCC inline assembler supports SSSE3 instructions # This is required for the AES-NI instructions. @@ -1281,9 +1368,6 @@ if test $amd64_as_feature_detection = yes; then [[__asm__( /* Test if '.type' and '.size' are supported. */ /* These work only on ELF targets. */ - /* TODO: add COFF (mingw64, cygwin64) support to assembly - * implementations. Mingw64/cygwin64 also require additional - * work because they use different calling convention. */ "asmfunc:\n\t" ".size asmfunc,.-asmfunc;\n\t" ".type asmfunc, at function;\n\t" @@ -1299,6 +1383,24 @@ if test $amd64_as_feature_detection = yes; then AC_DEFINE(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS,1, [Defined if underlying assembler is compatible with amd64 assembly implementations]) fi + if test "$gcry_cv_gcc_amd64_platform_as_ok" = "no" && + test "$gcry_cv_gcc_attribute_sysv_abi" = "yes" && + test "$gcry_cv_gcc_default_abi_is_ms_abi" = "yes"; then + AC_CACHE_CHECK([whether GCC assembler is compatible for WIN64 assembly implementations], + [gcry_cv_gcc_win64_platform_as_ok], + [gcry_cv_gcc_win64_platform_as_ok=no + AC_COMPILE_IFELSE([AC_LANG_SOURCE( + [[__asm__( + ".globl asmfunc\n\t" + "asmfunc:\n\t" + "xorq \$(1234), %rbp;\n\t" + );]])], + [gcry_cv_gcc_win64_platform_as_ok=yes])]) + if test "$gcry_cv_gcc_win64_platform_as_ok" = "yes" ; then + AC_DEFINE(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS,1, + [Defined if underlying assembler is compatible with WIN64 assembly implementations]) + fi + fi fi commit 460355f23e770637d29e3af7b998a957a2b5bc88 Author: Jussi Kivilinna Date: Wed Apr 29 18:18:07 2015 +0300 Add W64 support for mpi amd64 assembly acinclude.m4 (GNUPG_SYS_SYMBOL_UNDERSCORE): Set 'ac_cv_sys_symbol_underscore=no' on MingW-W64. mpi/amd64/func_abi.h: New. mpi/amd64/mpih-add1.S (_gcry_mpih_add_n): Add FUNC_ENTRY and FUNC_EXIT. mpi/amd64/mpih-lshift.S (_gcry_mpih_lshift): Ditto. mpi/amd64/mpih-mul1.S (_gcry_mpih_mul_1): Ditto. mpi/amd64/mpih-mul2.S (_gcry_mpih_addmul_1): Ditto. mpi/amd64/mpih-mul3.S (_gcry_mpih_submul_1): Ditto. mpi/amd64/mpih-rshift.S (_gcry_mpih_rshift): Ditto. mpi/amd64/mpih-sub1.S (_gcry_mpih_sub_n): Ditto. mpi/config.links [host=x86_64-*mingw*]: Enable assembly modules. [host=x86_64-*-*]: Append mpi/amd64/func_abi.h to mpi/asm-syntax.h. -- Signed-off-by: Jussi Kivilinna diff --git a/acinclude.m4 b/acinclude.m4 index 0791b84..764efd4 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -101,9 +101,12 @@ AC_DEFUN([GNUPG_CHECK_GNUMAKE], AC_DEFUN([GNUPG_SYS_SYMBOL_UNDERSCORE], [tmp_do_check="no" case "${host}" in - *-mingw32*) + i?86-*-mingw32*) ac_cv_sys_symbol_underscore=yes ;; + x86_64-*-mingw32*) + ac_cv_sys_symbol_underscore=no + ;; i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp) ac_cv_sys_symbol_underscore=yes ;; diff --git a/mpi/amd64/func_abi.h b/mpi/amd64/func_abi.h new file mode 100644 index 0000000..ce44674 --- /dev/null +++ b/mpi/amd64/func_abi.h @@ -0,0 +1,19 @@ +#ifdef USE_MS_ABI + /* Store registers and move four first input arguments from MS ABI to + * SYSV ABI. */ + #define FUNC_ENTRY() \ + pushq %rsi; \ + pushq %rdi; \ + movq %rdx, %rsi; \ + movq %rcx, %rdi; \ + movq %r8, %rdx; \ + movq %r9, %rcx; + + /* Restore registers. */ + #define FUNC_EXIT() \ + popq %rdi; \ + popq %rsi; +#else + #define FUNC_ENTRY() /**/ + #define FUNC_EXIT() /**/ +#endif diff --git a/mpi/amd64/mpih-add1.S b/mpi/amd64/mpih-add1.S index f0ec89c..6a90262 100644 --- a/mpi/amd64/mpih-add1.S +++ b/mpi/amd64/mpih-add1.S @@ -43,6 +43,7 @@ .text .globl C_SYMBOL_NAME(_gcry_mpih_add_n) C_SYMBOL_NAME(_gcry_mpih_add_n:) + FUNC_ENTRY() leaq (%rsi,%rcx,8), %rsi leaq (%rdi,%rcx,8), %rdi leaq (%rdx,%rcx,8), %rdx @@ -59,5 +60,6 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:) movq %rcx, %rax /* zero %rax */ adcq %rax, %rax + FUNC_EXIT() ret \ No newline at end of file diff --git a/mpi/amd64/mpih-lshift.S b/mpi/amd64/mpih-lshift.S index e87dd1a..9e8979b 100644 --- a/mpi/amd64/mpih-lshift.S +++ b/mpi/amd64/mpih-lshift.S @@ -42,6 +42,7 @@ .text .globl C_SYMBOL_NAME(_gcry_mpih_lshift) C_SYMBOL_NAME(_gcry_mpih_lshift:) + FUNC_ENTRY() movq -8(%rsi,%rdx,8), %mm7 movd %ecx, %mm1 movl $64, %eax @@ -74,4 +75,5 @@ C_SYMBOL_NAME(_gcry_mpih_lshift:) .Lende: psllq %mm1, %mm2 movq %mm2, (%rdi) emms + FUNC_EXIT() ret diff --git a/mpi/amd64/mpih-mul1.S b/mpi/amd64/mpih-mul1.S index 54b0ab4..67ab47e 100644 --- a/mpi/amd64/mpih-mul1.S +++ b/mpi/amd64/mpih-mul1.S @@ -46,6 +46,7 @@ GLOBL C_SYMBOL_NAME(_gcry_mpih_mul_1) C_SYMBOL_NAME(_gcry_mpih_mul_1:) + FUNC_ENTRY() movq %rdx, %r11 leaq (%rsi,%rdx,8), %rsi leaq (%rdi,%rdx,8), %rdi @@ -62,4 +63,5 @@ C_SYMBOL_NAME(_gcry_mpih_mul_1:) jne .Loop movq %r8, %rax + FUNC_EXIT() ret diff --git a/mpi/amd64/mpih-mul2.S b/mpi/amd64/mpih-mul2.S index a332a1d..1aa4fa0 100644 --- a/mpi/amd64/mpih-mul2.S +++ b/mpi/amd64/mpih-mul2.S @@ -41,6 +41,7 @@ TEXT GLOBL C_SYMBOL_NAME(_gcry_mpih_addmul_1) C_SYMBOL_NAME(_gcry_mpih_addmul_1:) + FUNC_ENTRY() movq %rdx, %r11 leaq (%rsi,%rdx,8), %rsi leaq (%rdi,%rdx,8), %rdi @@ -61,4 +62,5 @@ C_SYMBOL_NAME(_gcry_mpih_addmul_1:) jne .Loop movq %r8, %rax + FUNC_EXIT() ret diff --git a/mpi/amd64/mpih-mul3.S b/mpi/amd64/mpih-mul3.S index 4d458a7..bc41c4e 100644 --- a/mpi/amd64/mpih-mul3.S +++ b/mpi/amd64/mpih-mul3.S @@ -42,7 +42,7 @@ TEXT GLOBL C_SYMBOL_NAME(_gcry_mpih_submul_1) C_SYMBOL_NAME(_gcry_mpih_submul_1:) - + FUNC_ENTRY() movq %rdx, %r11 leaq (%rsi,%r11,8), %rsi leaq (%rdi,%r11,8), %rdi @@ -63,4 +63,5 @@ C_SYMBOL_NAME(_gcry_mpih_submul_1:) jne .Loop movq %r8, %rax + FUNC_EXIT() ret diff --git a/mpi/amd64/mpih-rshift.S b/mpi/amd64/mpih-rshift.S index 4cfc8f6..311b85b 100644 --- a/mpi/amd64/mpih-rshift.S +++ b/mpi/amd64/mpih-rshift.S @@ -42,6 +42,7 @@ .text .globl C_SYMBOL_NAME(_gcry_mpih_rshift) C_SYMBOL_NAME(_gcry_mpih_rshift:) + FUNC_ENTRY() movq (%rsi), %mm7 movd %ecx, %mm1 movl $64, %eax @@ -77,4 +78,5 @@ C_SYMBOL_NAME(_gcry_mpih_rshift:) .Lende: psrlq %mm1, %mm2 movq %mm2, -8(%rdi) emms + FUNC_EXIT() ret diff --git a/mpi/amd64/mpih-sub1.S b/mpi/amd64/mpih-sub1.S index b3609b0..ccf6496 100644 --- a/mpi/amd64/mpih-sub1.S +++ b/mpi/amd64/mpih-sub1.S @@ -42,6 +42,7 @@ .text .globl C_SYMBOL_NAME(_gcry_mpih_sub_n) C_SYMBOL_NAME(_gcry_mpih_sub_n:) + FUNC_ENTRY() leaq (%rsi,%rcx,8), %rsi leaq (%rdi,%rcx,8), %rdi leaq (%rdx,%rcx,8), %rdx @@ -58,4 +59,5 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:) movq %rcx, %rax /* zero %rax */ adcq %rax, %rax + FUNC_EXIT() ret diff --git a/mpi/config.links b/mpi/config.links index d71918a..2fb5e8a 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -129,17 +129,22 @@ case "${host}" in x86_64-apple-darwin*) echo '#define BSD_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + cat $srcdir/mpi/amd64/func_abi.h >>./mpi/asm-syntax.h path="amd64" mpi_cpu_arch="x86" ;; x86_64-*mingw32*) - echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h - path="" - mpi_cpu_arch="x86" + echo '#define USE_MS_ABI' >>./mpi/asm-syntax.h + echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h + cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + cat $srcdir/mpi/amd64/func_abi.h >>./mpi/asm-syntax.h + path="amd64" + mpi_cpu_arch="x86" ;; x86_64-*-*) echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h + cat $srcdir/mpi/amd64/func_abi.h >>./mpi/asm-syntax.h path="amd64" mpi_cpu_arch="x86" ;; @@ -314,7 +319,7 @@ case "${host}" in echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/powerpc32/syntax.h >>./mpi/asm-syntax.h path="powerpc32" - mpi_cpu_arch="ppc" + mpi_cpu_arch="ppc" ;; rs6000-*-aix[456789]* | \ commit 6c21cf5fed1ad430fa41445eac2350802bc8aaed Author: Jussi Kivilinna Date: Fri May 1 19:15:34 2015 +0300 DES: Silence compiler warnings on Windows * cipher/des.c (working_memcmp): Make pointer arguments 'const void *'. -- Following warning seen on Windows target build: des.c: In function 'is_weak_key': des.c:1019:40: warning: pointer targets in passing argument 1 of 'working_memcmp' differ in signedness [-Wpointer-sign] if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) ) ^ des.c:149:1: note: expected 'const char *' but argument is of type 'unsigned char *' working_memcmp( const char *a, const char *b, size_t n ) ^ des.c:1019:46: warning: pointer targets in passing argument 2 of 'working_memcmp' differ in signedness [-Wpointer-sign] if ( !(cmp_result=working_memcmp(work, weak_keys[middle], 8)) ) ^ des.c:149:1: note: expected 'const char *' but argument is of type 'unsigned char *' working_memcmp( const char *a, const char *b, size_t n ) ^ Signed-off-by: Jussi Kivilinna diff --git a/cipher/des.c b/cipher/des.c index bc2a474..d4863d1 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -146,8 +146,10 @@ * depending on whether characters are signed or not. */ static int -working_memcmp( const char *a, const char *b, size_t n ) +working_memcmp( const void *_a, const void *_b, size_t n ) { + const char *a = _a; + const char *b = _b; for( ; n; n--, a++, b++ ) if( *a != *b ) return (int)(*(byte*)a) - (int)(*(byte*)b); commit 9cf224322007d90193d4910f0da6e0e29ce01d70 Author: Jussi Kivilinna Date: Wed Apr 29 18:18:07 2015 +0300 Cast pointers to integers using uintptr_t instead of long diff --git a/cipher/cipher.c b/cipher/cipher.c index d1550c0..7a29824 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -481,11 +481,11 @@ _gcry_cipher_open_internal (gcry_cipher_hd_t *handle, size_t off = 0; #ifdef NEED_16BYTE_ALIGNED_CONTEXT - if ( ((unsigned long)h & 0x0f) ) + if ( ((uintptr_t)h & 0x0f) ) { /* The malloced block is not aligned on a 16 byte boundary. Correct for this. */ - off = 16 - ((unsigned long)h & 0x0f); + off = 16 - ((uintptr_t)h & 0x0f); h = (void*)((char*)h + off); } #endif /*NEED_16BYTE_ALIGNED_CONTEXT*/ diff --git a/cipher/md.c b/cipher/md.c index 9fef555..3ab46ef 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -1148,7 +1148,7 @@ md_stop_debug( gcry_md_hd_t md ) #ifdef HAVE_U64_TYPEDEF { /* a kludge to pull in the __muldi3 for Solaris */ - volatile u32 a = (u32)(ulong)md; + volatile u32 a = (u32)(uintptr_t)md; volatile u64 b = 42; volatile u64 c; c = a * b; commit d5a7e00b6b222566a5650639ef29684b047c1909 Author: Jussi Kivilinna Date: Wed Apr 29 18:18:07 2015 +0300 Fix rndhw for 64-bit Windows build * configure.ac: Add sizeof check for 'void *'. * random/rndhw.c (poll_padlock): Check for SIZEOF_VOID_P == 8 instead of defined(__LP64__). (RDRAND_LONG): Check for SIZEOF_UNSIGNED_LONG == 8 instead of defined(__LP64__). -- __LP64__ is not predefined for 64-bit mingw64-gcc, which caused wrong assembly code selections. Do selection based on type sizes instead, to support x86_64, x32 and win64 properly. Signed-off-by: Jussi Kivilinna diff --git a/configure.ac b/configure.ac index 555ad1e..594209f 100644 --- a/configure.ac +++ b/configure.ac @@ -344,6 +344,7 @@ AC_CHECK_SIZEOF(unsigned short, 2) AC_CHECK_SIZEOF(unsigned int, 4) AC_CHECK_SIZEOF(unsigned long, 4) AC_CHECK_SIZEOF(unsigned long long, 0) +AC_CHECK_SIZEOF(void *, 0) AC_TYPE_UINTPTR_T diff --git a/random/rndhw.c b/random/rndhw.c index e625512..8e50751 100644 --- a/random/rndhw.c +++ b/random/rndhw.c @@ -69,7 +69,7 @@ poll_padlock (void (*add)(const void*, size_t, enum random_origins), nbytes = 0; while (nbytes < 64) { -#if defined(__x86_64__) && defined(__LP64__) +#if defined(__x86_64__) && SIZEOF_VOID_P == 8 asm volatile ("movq %1, %%rdi\n\t" /* Set buffer. */ "xorq %%rdx, %%rdx\n\t" /* Request up to 8 bytes. */ @@ -123,7 +123,7 @@ poll_padlock (void (*add)(const void*, size_t, enum random_origins), #ifdef USE_DRNG # define RDRAND_RETRY_LOOPS 10 # define RDRAND_INT ".byte 0x0f,0xc7,0xf0" -# if defined(__x86_64__) && defined(__LP64__) +# if defined(__x86_64__) && SIZEOF_UNSIGNED_LONG == 8 # define RDRAND_LONG ".byte 0x48,0x0f,0xc7,0xf0" # else # define RDRAND_LONG RDRAND_INT commit 0cdd24456b33defc7f8176fa82ab694fbc284385 Author: Jussi Kivilinna Date: Wed Apr 29 18:18:07 2015 +0300 Prepare random/win32.c fast poll for 64-bit Windows * random/win32.c (_gcry_rndw32_gather_random_fast) [ADD]: Rename to ADDINT. (_gcry_rndw32_gather_random_fast): Add ADDPTR. (_gcry_rndw32_gather_random_fast): Disable entropy gathering from GetQueueStatus(QS_ALLEVENTS). (_gcry_rndw32_gather_random_fast): Change minimumWorkingSetSize and maximumWorkingSetSize to SIZE_T from DWORD. (_gcry_rndw32_gather_random_fast): Only add lower 32-bits of minimumWorkingSetSize and maximumWorkingSetSize to random poll. (_gcry_rndw32_gather_random_fast) [__WIN64__]: Read TSC directly using intrinsic. -- Introduce entropy gatherer changes related to 64-bit Windows platform as done in cryptlib fast poll: - Change ADD macro to ADDPTR/ADDINT to handle pointer values. ADDPTR discards high 32-bits of 64-bit pointer values. - minimum/maximumWorkingSetSize changed to SIZE_T type to avoid stack corruption on 64-bit; only low 32-bits are used for entropy. - Use __rdtsc() intrinsic on 64-bit (as TSC is always available). Signed-off-by: Jussi Kivilinna diff --git a/random/rndw32.c b/random/rndw32.c index c495131..4ab1bca 100644 --- a/random/rndw32.c +++ b/random/rndw32.c @@ -826,39 +826,47 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, cursor position for last message, 1 ms time for last message, handle of window with clipboard open, handle of process heap, handle of procs window station, types of events in input queue, - and milliseconds since Windows was started. */ + and milliseconds since Windows was started. On 64-bit platform + some of these return values are pointers and thus 64-bit wide. + We discard the upper 32-bit of those values. */ { byte buffer[20*sizeof(ulong)], *bufptr; bufptr = buffer; -#define ADD(f) do { ulong along = (ulong)(f); \ - memcpy (bufptr, &along, sizeof (along) ); \ - bufptr += sizeof (along); \ - } while (0) - - ADD ( GetActiveWindow ()); - ADD ( GetCapture ()); - ADD ( GetClipboardOwner ()); - ADD ( GetClipboardViewer ()); - ADD ( GetCurrentProcess ()); - ADD ( GetCurrentProcessId ()); - ADD ( GetCurrentThread ()); - ADD ( GetCurrentThreadId ()); - ADD ( GetDesktopWindow ()); - ADD ( GetFocus ()); - ADD ( GetInputState ()); - ADD ( GetMessagePos ()); - ADD ( GetMessageTime ()); - ADD ( GetOpenClipboardWindow ()); - ADD ( GetProcessHeap ()); - ADD ( GetProcessWindowStation ()); - ADD ( GetQueueStatus (QS_ALLEVENTS)); - ADD ( GetTickCount ()); +#define ADDINT(f) do { ulong along = (ulong)(f); \ + memcpy (bufptr, &along, sizeof (along) ); \ + bufptr += sizeof (along); \ + } while (0) +#define ADDPTR(f) do { void *aptr = (f); \ + ADDINT((SIZE_T)aptr); \ + } while (0) + + ADDPTR ( GetActiveWindow ()); + ADDPTR ( GetCapture ()); + ADDPTR ( GetClipboardOwner ()); + ADDPTR ( GetClipboardViewer ()); + ADDPTR ( GetCurrentProcess ()); + ADDINT ( GetCurrentProcessId ()); + ADDPTR ( GetCurrentThread ()); + ADDINT ( GetCurrentThreadId ()); + ADDPTR ( GetDesktopWindow ()); + ADDPTR ( GetFocus ()); + ADDINT ( GetInputState ()); + ADDINT ( GetMessagePos ()); + ADDINT ( GetMessageTime ()); + ADDPTR ( GetOpenClipboardWindow ()); + ADDPTR ( GetProcessHeap ()); + ADDPTR ( GetProcessWindowStation ()); + /* Following function in some cases stops returning events, and cannot + be used as an entropy source. */ + /*ADDINT ( GetQueueStatus (QS_ALLEVENTS));*/ + ADDINT ( GetTickCount ()); gcry_assert ( bufptr-buffer < sizeof (buffer) ); (*add) ( buffer, bufptr-buffer, origin ); -#undef ADD +#undef ADDINT +#undef ADDPTR } /* Get multiword system information: Current caret position, current @@ -888,7 +896,7 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, { HANDLE handle; FILETIME creationTime, exitTime, kernelTime, userTime; - DWORD minimumWorkingSetSize, maximumWorkingSetSize; + SIZE_T minimumWorkingSetSize, maximumWorkingSetSize; handle = GetCurrentThread (); GetThreadTimes (handle, &creationTime, &exitTime, @@ -910,10 +918,9 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, process. */ GetProcessWorkingSetSize (handle, &minimumWorkingSetSize, &maximumWorkingSetSize); - (*add) ( &minimumWorkingSetSize, - sizeof (minimumWorkingSetSize), origin ); - (*add) ( &maximumWorkingSetSize, - sizeof (maximumWorkingSetSize), origin ); + /* On 64-bit system, discard the high 32-bits. */ + (*add) ( &minimumWorkingSetSize, sizeof (int), origin ); + (*add) ( &maximumWorkingSetSize, sizeof (int), origin ); } @@ -961,7 +968,20 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, To make things unambiguous, we detect a CPU new enough to call RDTSC directly by checking for CPUID capabilities, and fall back to QPC if - this isn't present. */ + this isn't present. + + On AMD64, TSC is always available and intrinsic is provided for accessing + it. */ +#ifdef __WIN64__ + { + unsigned __int64 aint64; + + /* Note: cryptlib does not discard upper 32 bits of TSC on WIN64, but does + * on WIN32. Is this correct? */ + aint64 = __rdtsc(); + (*add) (&aint64, sizeof(aint64), origin); + } +#else #ifdef __GNUC__ /* FIXME: We would need to implement the CPU feature tests first. */ /* if (cpu_has_feature_rdtsc) */ @@ -990,6 +1010,7 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, (*add) (&aword, sizeof (aword), origin ); } } +#endif /*__WIN64__*/ } commit f701954555340a503f6e52cc18d58b0c515427b7 Author: Jussi Kivilinna Date: Wed Apr 29 18:18:07 2015 +0300 Disable GCM and AES-NI assembly implementations for WIN64 * cipher/cipher-internal.h (GCM_USE_INTEL_PCLMUL): Do not enable when __WIN64__ defined. * cipher/rijndael-internal.h (USE_AESNI): Ditto. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-internal.h b/cipher/cipher-internal.h index e20ea56..693f218 100644 --- a/cipher/cipher-internal.h +++ b/cipher/cipher-internal.h @@ -67,7 +67,9 @@ #if defined(ENABLE_PCLMUL_SUPPORT) && defined(GCM_USE_TABLES) # if ((defined(__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)) # if __GNUC__ >= 4 -# define GCM_USE_INTEL_PCLMUL 1 +# ifndef __WIN64__ +# define GCM_USE_INTEL_PCLMUL 1 +# endif # endif # endif #endif /* GCM_USE_INTEL_PCLMUL */ diff --git a/cipher/rijndael-internal.h b/cipher/rijndael-internal.h index 854980b..bd247a9 100644 --- a/cipher/rijndael-internal.h +++ b/cipher/rijndael-internal.h @@ -75,7 +75,9 @@ #ifdef ENABLE_AESNI_SUPPORT # if ((defined (__i386__) && SIZEOF_UNSIGNED_LONG == 4) || defined(__x86_64__)) # if __GNUC__ >= 4 -# define USE_AESNI 1 +# ifndef __WIN64__ +# define USE_AESNI 1 +# endif # endif # endif #endif /* ENABLE_AESNI_SUPPORT */ commit e78560a4b717f7154f910a8ce4128de152f586da Author: Jussi Kivilinna Date: Wed Apr 29 18:18:07 2015 +0300 Disable building mpi assembly routines on WIN64 * mpi/config.links: Disable assembly for host 'x86_64-*mingw32*'. -- Signed-off-by: Jussi Kivilinna diff --git a/mpi/config.links b/mpi/config.links index f44299d..d71918a 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -132,6 +132,11 @@ case "${host}" in path="amd64" mpi_cpu_arch="x86" ;; + x86_64-*mingw32*) + echo '/* No working assembler modules available */' >>./mpi/asm-syntax.h + path="" + mpi_cpu_arch="x86" + ;; x86_64-*-*) echo '#define ELF_SYNTAX' >>./mpi/asm-syntax.h cat $srcdir/mpi/i386/syntax.h >>./mpi/asm-syntax.h ----------------------------------------------------------------------- Summary of changes: acinclude.m4 | 5 +- cipher/cipher-gcm-intel-pclmul.c | 72 ++++++++++++++++++++++++++ cipher/cipher.c | 4 +- cipher/des.c | 4 +- cipher/md.c | 2 +- cipher/rijndael-aesni.c | 73 +++++++++++++++++++++----- cipher/rijndael-amd64.S | 17 ++++-- cipher/rijndael-internal.h | 8 +-- cipher/rijndael-ssse3-amd64.c | 94 ++++++++++++++++++++++++++------- cipher/rijndael.c | 34 ++++++++++++ cipher/sha1-avx-amd64.S | 12 ++++- cipher/sha1-avx-bmi2-amd64.S | 12 ++++- cipher/sha1-ssse3-amd64.S | 12 ++++- cipher/sha1.c | 51 +++++++++++++----- cipher/sha256-avx-amd64.S | 11 +++- cipher/sha256-avx2-bmi2-amd64.S | 11 +++- cipher/sha256-ssse3-amd64.S | 11 +++- cipher/sha256.c | 60 +++++++++++++++------ cipher/sha512-avx-amd64.S | 11 +++- cipher/sha512-avx2-bmi2-amd64.S | 11 +++- cipher/sha512-ssse3-amd64.S | 11 +++- cipher/sha512.c | 60 +++++++++++++++------ cipher/whirlpool-sse2-amd64.S | 13 +++-- cipher/whirlpool.c | 15 ++++-- configure.ac | 109 +++++++++++++++++++++++++++++++++++++-- mpi/amd64/func_abi.h | 19 +++++++ mpi/amd64/mpih-add1.S | 2 + mpi/amd64/mpih-lshift.S | 2 + mpi/amd64/mpih-mul1.S | 2 + mpi/amd64/mpih-mul2.S | 2 + mpi/amd64/mpih-mul3.S | 3 +- mpi/amd64/mpih-rshift.S | 2 + mpi/amd64/mpih-sub1.S | 2 + mpi/config.links | 12 ++++- random/rndhw.c | 4 +- random/rndw32.c | 83 ++++++++++++++++++----------- 36 files changed, 707 insertions(+), 149 deletions(-) create mode 100644 mpi/amd64/func_abi.h hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Sun May 3 20:54:16 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 03 May 2015 20:54:16 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-210-g24a769a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 24a769a7c7601dbb85332e550f6fbd121b56df5f (commit) via 2f4fefdbc62857b6e2da26ce111ee140a068c471 (commit) via 06e122baa3321483a47bbf82fd2a4540becfa0c9 (commit) from 66129b3334a5aa54ff8a97981507e4704f759571 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24a769a7c7601dbb85332e550f6fbd121b56df5f Author: Jussi Kivilinna Date: Sun May 3 17:16:08 2015 +0300 Fix WIN64 assembly glue for AES * cipher/rinjdael.c (do_encrypt, do_decrypt) [!HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS]: Change input operands to input+output to mark volatile nature of the used registers. -- Function arguments cannot be passed to assembly block as input operands as target function modifies those input registers. Signed-off-by: Jussi Kivilinna diff --git a/cipher/rijndael.c b/cipher/rijndael.c index 7ebf329..4f063c4 100644 --- a/cipher/rijndael.c +++ b/cipher/rijndael.c @@ -671,17 +671,19 @@ do_encrypt (const RIJNDAEL_context *ctx, # else /* Call SystemV ABI function without storing non-volatile XMM registers, * as target function does not use vector instruction sets. */ + const void *key = ctx->keyschenc; + uintptr_t rounds = ctx->rounds; uintptr_t ret; - asm ("movq %[encT], %%r8\n\t" - "callq *%[ret]\n\t" - : [ret] "=a" (ret) - : "0" (_gcry_aes_amd64_encrypt_block), - "D" (ctx->keyschenc), - "S" (bx), - "d" (ax), - "c" (ctx->rounds), - [encT] "r" (encT) - : "cc", "memory", "r8", "r9", "r10", "r11"); + asm volatile ("movq %[encT], %%r8\n\t" + "callq *%[ret]\n\t" + : [ret] "=a" (ret), + "+D" (key), + "+S" (bx), + "+d" (ax), + "+c" (rounds) + : "0" (_gcry_aes_amd64_encrypt_block), + [encT] "g" (encT) + : "cc", "memory", "r8", "r9", "r10", "r11"); return ret; # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ #elif defined(USE_ARM_ASM) @@ -1031,17 +1033,19 @@ do_decrypt (const RIJNDAEL_context *ctx, unsigned char *bx, # else /* Call SystemV ABI function without storing non-volatile XMM registers, * as target function does not use vector instruction sets. */ + const void *key = ctx->keyschdec; + uintptr_t rounds = ctx->rounds; uintptr_t ret; - asm ("movq %[dectabs], %%r8\n\t" - "callq *%[ret]\n\t" - : [ret] "=a" (ret) - : "0" (_gcry_aes_amd64_decrypt_block), - "D" (ctx->keyschdec), - "S" (bx), - "d" (ax), - "c" (ctx->rounds), - [dectabs] "r" (&dec_tables) - : "cc", "memory", "r8", "r9", "r10", "r11"); + asm volatile ("movq %[dectabs], %%r8\n\t" + "callq *%[ret]\n\t" + : [ret] "=a" (ret), + "+D" (key), + "+S" (bx), + "+d" (ax), + "+c" (rounds) + : "0" (_gcry_aes_amd64_decrypt_block), + [dectabs] "g" (&dec_tables) + : "cc", "memory", "r8", "r9", "r10", "r11"); return ret; # endif /* HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS */ #elif defined(USE_ARM_ASM) commit 2f4fefdbc62857b6e2da26ce111ee140a068c471 Author: Jussi Kivilinna Date: Sun May 3 01:24:50 2015 +0300 Add '1 million a characters' test vectors * tests/basic.c (check_digests): Add "!" test vectors for MD5, SHA-384, SHA-512, RIPEMD160 and CRC32. -- Signed-off-by: Jussi Kivilinna diff --git a/tests/basic.c b/tests/basic.c index bb07394..2c664c0 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -5391,6 +5391,8 @@ check_digests (void) "TY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser Gene" "ral Public License for more details.", "\xc4\x1a\x5c\x0b\x44\x5f\xba\x1a\xda\xbc\xc0\x38\x0e\x0c\x9e\x33" }, + { GCRY_MD_MD5, "!", + "\x77\x07\xd6\xae\x4e\x02\x7c\x70\xee\xa2\xa9\x35\xc2\x29\x6f\x21" }, { GCRY_MD_SHA1, "abc", "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E" "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D" }, @@ -5471,6 +5473,10 @@ check_digests (void) "\xe4\x6d\xb4\x28\x33\x77\x99\x49\x94\x0f\xcf\x87\xc2\x2f\x30\xd6" "\x06\x24\x82\x9d\x80\x64\x8a\x07\xa1\x20\x8f\x5f\xf3\x85\xb3\xaa" "\x39\xb8\x61\x00\xfc\x7f\x18\xc6\x82\x23\x4b\x45\xfa\xf1\xbc\x69" }, + { GCRY_MD_SHA384, "!", + "\x9d\x0e\x18\x09\x71\x64\x74\xcb\x08\x6e\x83\x4e\x31\x0a\x4a\x1c" + "\xed\x14\x9e\x9c\x00\xf2\x48\x52\x79\x72\xce\xc5\x70\x4c\x2a\x5b" + "\x07\xb8\xb3\xdc\x38\xec\xc4\xeb\xae\x97\xdd\xd8\x7f\x3d\x89\x85" }, { GCRY_MD_SHA512, "abc", "\xDD\xAF\x35\xA1\x93\x61\x7A\xBA\xCC\x41\x73\x49\xAE\x20\x41\x31" "\x12\xE6\xFA\x4E\x89\xA9\x7E\xA2\x0A\x9E\xEE\xE6\x4B\x55\xD3\x9A" @@ -5489,6 +5495,11 @@ check_digests (void) "\xdd\xec\x62\x0f\xf7\x1a\x1e\x10\x32\x05\x02\xa6\xb0\x1f\x70\x37" "\xbc\xd7\x15\xed\x71\x6c\x78\x20\xc8\x54\x87\xd0\x66\x6a\x17\x83" "\x05\x61\x92\xbe\xcc\x8f\x3b\xbf\x11\x72\x22\x69\x23\x5b\x48\x5c" }, + { GCRY_MD_SHA512, "!", + "\xe7\x18\x48\x3d\x0c\xe7\x69\x64\x4e\x2e\x42\xc7\xbc\x15\xb4\x63" + "\x8e\x1f\x98\xb1\x3b\x20\x44\x28\x56\x32\xa8\x03\xaf\xa9\x73\xeb" + "\xde\x0f\xf2\x44\x87\x7e\xa6\x0a\x4c\xb0\x43\x2c\xe5\x77\xc3\x1b" + "\xeb\x00\x9c\x5c\x2c\x49\xaa\x2e\x4e\xad\xb2\x17\xad\x8c\xc0\x9b" }, { GCRY_MD_RMD160, "", "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28" "\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31" }, @@ -5512,6 +5523,9 @@ check_digests (void) "ral Public License for more details.", "\x06\x6d\x3c\x4e\xc9\xba\x89\x75\x16\x90\x96\x4e\xfd\x43\x07\xde" "\x04\xca\x69\x6b" }, + { GCRY_MD_RMD160, "!", + "\x52\x78\x32\x43\xc1\x69\x7b\xdb\xe1\x6d\x37\xf9\x7f\x68\xf0\x83" + "\x25\xdc\x15\x28" }, { GCRY_MD_CRC32, "", "\x00\x00\x00\x00" }, { GCRY_MD_CRC32, "foo", "\x8c\x73\x65\x21" }, { GCRY_MD_CRC32, @@ -5525,6 +5539,7 @@ check_digests (void) "ral Public License for more details.", "\x4A\x53\x7D\x67" }, { GCRY_MD_CRC32, "123456789", "\xcb\xf4\x39\x26" }, + { GCRY_MD_CRC32, "!", "\xdc\x25\xbf\xbc" }, { GCRY_MD_CRC32_RFC1510, "", "\x00\x00\x00\x00" }, { GCRY_MD_CRC32_RFC1510, "foo", "\x73\x32\xbc\x33" }, { GCRY_MD_CRC32_RFC1510, "test0123456789", "\xb8\x3e\x88\xd6" }, commit 06e122baa3321483a47bbf82fd2a4540becfa0c9 Author: Jussi Kivilinna Date: Sun May 3 00:34:34 2015 +0300 More optimized CRC implementations * cipher/crc.c (crc32_table, crc24_table): Replace with new table contents. (update_crc32, CRC24_INIT, CRC24_POLY): Remove. (crc32_next, crc32_next4, crc24_init, crc24_next, crc24_next4) (crc24_final): New. (crc24rfc2440_init): Use crc24_init. (crc32_write): Rewrite to use crc32_next & crc32_next4. (crc24_write): Rewrite to use crc24_next & crc24_next4. (crc32_final, crc32rfc1510_final): Use buf_put_be32. (crc24rfc2440_final): Use crc24_final & buf_put_le32. * tests/basic.c (check_digests): Add CRC "123456789" tests. -- Patch adds more optimized CRC implementations generated with universal_crc tool by Danjel McGougan: http://www.mcgougan.se/universal_crc/ Benchmark on Intel Haswell (no-turbo, 3200 Mhz): Before: CRC32 | 2.52 ns/B 378.3 MiB/s 8.07 c/B CRC32RFC1510 | 2.52 ns/B 378.1 MiB/s 8.07 c/B CRC24RFC2440 | 46.62 ns/B 20.46 MiB/s 149.2 c/B After: CRC32 | 0.918 ns/B 1039.3 MiB/s 2.94 c/B CRC32RFC1510 | 0.918 ns/B 1039.0 MiB/s 2.94 c/B CRC24RFC2440 | 0.918 ns/B 1039.4 MiB/s 2.94 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/crc.c b/cipher/crc.c index 1322f0d..9105dfe 100644 --- a/cipher/crc.c +++ b/cipher/crc.c @@ -28,125 +28,311 @@ #include "cipher.h" #include "bithelp.h" +#include "bufhelp.h" + + +typedef struct +{ + u32 CRC; + byte buf[4]; +} +CRC_CONTEXT; -/* Table of CRCs of all 8-bit messages. Generated by running code - from RFC 1952 modified to print out the table. */ -static u32 crc32_table[256] = { - 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, - 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, - 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, - 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, - 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, - 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, - 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, - 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, - 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, - 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, - 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, - 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, - 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, - 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, - 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, - 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, - 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, - 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, - 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, - 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, - 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, - 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, - 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, - 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, - 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, - 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, - 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, - 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, - 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, - 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, - 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, - 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, - 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, - 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, - 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, - 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, - 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, - 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, - 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, - 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, - 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, - 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, - 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d -}; /* - * The following function was extracted from RFC 1952 by Simon - * Josefsson, for the Shishi project, and modified to be compatible - * with the modified CRC-32 used by RFC 1510, and subsequently - * modified for GNU Libgcrypt to allow it to be used for calculating - * both unmodified CRC-32 and modified CRC-32 values. Original - * copyright and notice from the document follows: + * Code generated by universal_crc by Danjel McGougan * - * Copyright (c) 1996 L. Peter Deutsch - * - * Permission is granted to copy and distribute this document for - * any purpose and without charge, including translations into - * other languages and incorporation into compilations, provided - * that the copyright notice and this notice are preserved, and - * that any substantive changes or deletions from the original are - * clearly marked. - * - * The copyright on RFCs, and consequently the function below, are - * supposedly also retroactively claimed by the Internet Society - * (according to rfc-editor at rfc-editor.org), with the following - * copyright notice: - * - * Copyright (C) The Internet Society. All Rights Reserved. - * - * This document and translations of it may be copied and furnished - * to others, and derivative works that comment on or otherwise - * explain it or assist in its implementation may be prepared, - * copied, published and distributed, in whole or in part, without - * restriction of any kind, provided that the above copyright - * notice and this paragraph are included on all such copies and - * derivative works. However, this document itself may not be - * modified in any way, such as by removing the copyright notice or - * references to the Internet Society or other Internet - * organizations, except as needed for the purpose of developing - * Internet standards in which case the procedures for copyrights - * defined in the Internet Standards process must be followed, or - * as required to translate it into languages other than English. - * - * The limited permissions granted above are perpetual and will not be - * revoked by the Internet Society or its successors or assigns. - * - * This document and the information contained herein is provided - * on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET - * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE - * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY - * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A - * PARTICULAR PURPOSE. + * CRC parameters used: + * bits: 32 + * poly: 0x04c11db7 + * init: 0xffffffff + * xor: 0xffffffff + * reverse: true + * non-direct: false * + * CRC of the string "123456789" is 0xcbf43926 */ -static u32 -update_crc32 (u32 crc, const void *buf_arg, size_t len) -{ - const char *buf = buf_arg; - size_t n; - for (n = 0; n < len; n++) - crc = crc32_table[(crc ^ buf[n]) & 0xff] ^ (crc >> 8); +static const u32 crc32_table[1024] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, + 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3, + 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, + 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de, + 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, + 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5, + 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, + 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, + 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, + 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f, + 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, + 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a, + 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, + 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01, + 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, + 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c, + 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, + 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, + 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, + 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086, + 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, + 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, + 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, + 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8, + 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, + 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7, + 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, + 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, + 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, + 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79, + 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, + 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, + 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, + 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713, + 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, + 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e, + 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, + 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, + 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, + 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0, + 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, + 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf, + 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d, + 0x00000000, 0x191b3141, 0x32366282, 0x2b2d53c3, + 0x646cc504, 0x7d77f445, 0x565aa786, 0x4f4196c7, + 0xc8d98a08, 0xd1c2bb49, 0xfaefe88a, 0xe3f4d9cb, + 0xacb54f0c, 0xb5ae7e4d, 0x9e832d8e, 0x87981ccf, + 0x4ac21251, 0x53d92310, 0x78f470d3, 0x61ef4192, + 0x2eaed755, 0x37b5e614, 0x1c98b5d7, 0x05838496, + 0x821b9859, 0x9b00a918, 0xb02dfadb, 0xa936cb9a, + 0xe6775d5d, 0xff6c6c1c, 0xd4413fdf, 0xcd5a0e9e, + 0x958424a2, 0x8c9f15e3, 0xa7b24620, 0xbea97761, + 0xf1e8e1a6, 0xe8f3d0e7, 0xc3de8324, 0xdac5b265, + 0x5d5daeaa, 0x44469feb, 0x6f6bcc28, 0x7670fd69, + 0x39316bae, 0x202a5aef, 0x0b07092c, 0x121c386d, + 0xdf4636f3, 0xc65d07b2, 0xed705471, 0xf46b6530, + 0xbb2af3f7, 0xa231c2b6, 0x891c9175, 0x9007a034, + 0x179fbcfb, 0x0e848dba, 0x25a9de79, 0x3cb2ef38, + 0x73f379ff, 0x6ae848be, 0x41c51b7d, 0x58de2a3c, + 0xf0794f05, 0xe9627e44, 0xc24f2d87, 0xdb541cc6, + 0x94158a01, 0x8d0ebb40, 0xa623e883, 0xbf38d9c2, + 0x38a0c50d, 0x21bbf44c, 0x0a96a78f, 0x138d96ce, + 0x5ccc0009, 0x45d73148, 0x6efa628b, 0x77e153ca, + 0xbabb5d54, 0xa3a06c15, 0x888d3fd6, 0x91960e97, + 0xded79850, 0xc7cca911, 0xece1fad2, 0xf5facb93, + 0x7262d75c, 0x6b79e61d, 0x4054b5de, 0x594f849f, + 0x160e1258, 0x0f152319, 0x243870da, 0x3d23419b, + 0x65fd6ba7, 0x7ce65ae6, 0x57cb0925, 0x4ed03864, + 0x0191aea3, 0x188a9fe2, 0x33a7cc21, 0x2abcfd60, + 0xad24e1af, 0xb43fd0ee, 0x9f12832d, 0x8609b26c, + 0xc94824ab, 0xd05315ea, 0xfb7e4629, 0xe2657768, + 0x2f3f79f6, 0x362448b7, 0x1d091b74, 0x04122a35, + 0x4b53bcf2, 0x52488db3, 0x7965de70, 0x607eef31, + 0xe7e6f3fe, 0xfefdc2bf, 0xd5d0917c, 0xcccba03d, + 0x838a36fa, 0x9a9107bb, 0xb1bc5478, 0xa8a76539, + 0x3b83984b, 0x2298a90a, 0x09b5fac9, 0x10aecb88, + 0x5fef5d4f, 0x46f46c0e, 0x6dd93fcd, 0x74c20e8c, + 0xf35a1243, 0xea412302, 0xc16c70c1, 0xd8774180, + 0x9736d747, 0x8e2de606, 0xa500b5c5, 0xbc1b8484, + 0x71418a1a, 0x685abb5b, 0x4377e898, 0x5a6cd9d9, + 0x152d4f1e, 0x0c367e5f, 0x271b2d9c, 0x3e001cdd, + 0xb9980012, 0xa0833153, 0x8bae6290, 0x92b553d1, + 0xddf4c516, 0xc4eff457, 0xefc2a794, 0xf6d996d5, + 0xae07bce9, 0xb71c8da8, 0x9c31de6b, 0x852aef2a, + 0xca6b79ed, 0xd37048ac, 0xf85d1b6f, 0xe1462a2e, + 0x66de36e1, 0x7fc507a0, 0x54e85463, 0x4df36522, + 0x02b2f3e5, 0x1ba9c2a4, 0x30849167, 0x299fa026, + 0xe4c5aeb8, 0xfdde9ff9, 0xd6f3cc3a, 0xcfe8fd7b, + 0x80a96bbc, 0x99b25afd, 0xb29f093e, 0xab84387f, + 0x2c1c24b0, 0x350715f1, 0x1e2a4632, 0x07317773, + 0x4870e1b4, 0x516bd0f5, 0x7a468336, 0x635db277, + 0xcbfad74e, 0xd2e1e60f, 0xf9ccb5cc, 0xe0d7848d, + 0xaf96124a, 0xb68d230b, 0x9da070c8, 0x84bb4189, + 0x03235d46, 0x1a386c07, 0x31153fc4, 0x280e0e85, + 0x674f9842, 0x7e54a903, 0x5579fac0, 0x4c62cb81, + 0x8138c51f, 0x9823f45e, 0xb30ea79d, 0xaa1596dc, + 0xe554001b, 0xfc4f315a, 0xd7626299, 0xce7953d8, + 0x49e14f17, 0x50fa7e56, 0x7bd72d95, 0x62cc1cd4, + 0x2d8d8a13, 0x3496bb52, 0x1fbbe891, 0x06a0d9d0, + 0x5e7ef3ec, 0x4765c2ad, 0x6c48916e, 0x7553a02f, + 0x3a1236e8, 0x230907a9, 0x0824546a, 0x113f652b, + 0x96a779e4, 0x8fbc48a5, 0xa4911b66, 0xbd8a2a27, + 0xf2cbbce0, 0xebd08da1, 0xc0fdde62, 0xd9e6ef23, + 0x14bce1bd, 0x0da7d0fc, 0x268a833f, 0x3f91b27e, + 0x70d024b9, 0x69cb15f8, 0x42e6463b, 0x5bfd777a, + 0xdc656bb5, 0xc57e5af4, 0xee530937, 0xf7483876, + 0xb809aeb1, 0xa1129ff0, 0x8a3fcc33, 0x9324fd72, + 0x00000000, 0x01c26a37, 0x0384d46e, 0x0246be59, + 0x0709a8dc, 0x06cbc2eb, 0x048d7cb2, 0x054f1685, + 0x0e1351b8, 0x0fd13b8f, 0x0d9785d6, 0x0c55efe1, + 0x091af964, 0x08d89353, 0x0a9e2d0a, 0x0b5c473d, + 0x1c26a370, 0x1de4c947, 0x1fa2771e, 0x1e601d29, + 0x1b2f0bac, 0x1aed619b, 0x18abdfc2, 0x1969b5f5, + 0x1235f2c8, 0x13f798ff, 0x11b126a6, 0x10734c91, + 0x153c5a14, 0x14fe3023, 0x16b88e7a, 0x177ae44d, + 0x384d46e0, 0x398f2cd7, 0x3bc9928e, 0x3a0bf8b9, + 0x3f44ee3c, 0x3e86840b, 0x3cc03a52, 0x3d025065, + 0x365e1758, 0x379c7d6f, 0x35dac336, 0x3418a901, + 0x3157bf84, 0x3095d5b3, 0x32d36bea, 0x331101dd, + 0x246be590, 0x25a98fa7, 0x27ef31fe, 0x262d5bc9, + 0x23624d4c, 0x22a0277b, 0x20e69922, 0x2124f315, + 0x2a78b428, 0x2bbade1f, 0x29fc6046, 0x283e0a71, + 0x2d711cf4, 0x2cb376c3, 0x2ef5c89a, 0x2f37a2ad, + 0x709a8dc0, 0x7158e7f7, 0x731e59ae, 0x72dc3399, + 0x7793251c, 0x76514f2b, 0x7417f172, 0x75d59b45, + 0x7e89dc78, 0x7f4bb64f, 0x7d0d0816, 0x7ccf6221, + 0x798074a4, 0x78421e93, 0x7a04a0ca, 0x7bc6cafd, + 0x6cbc2eb0, 0x6d7e4487, 0x6f38fade, 0x6efa90e9, + 0x6bb5866c, 0x6a77ec5b, 0x68315202, 0x69f33835, + 0x62af7f08, 0x636d153f, 0x612bab66, 0x60e9c151, + 0x65a6d7d4, 0x6464bde3, 0x662203ba, 0x67e0698d, + 0x48d7cb20, 0x4915a117, 0x4b531f4e, 0x4a917579, + 0x4fde63fc, 0x4e1c09cb, 0x4c5ab792, 0x4d98dda5, + 0x46c49a98, 0x4706f0af, 0x45404ef6, 0x448224c1, + 0x41cd3244, 0x400f5873, 0x4249e62a, 0x438b8c1d, + 0x54f16850, 0x55330267, 0x5775bc3e, 0x56b7d609, + 0x53f8c08c, 0x523aaabb, 0x507c14e2, 0x51be7ed5, + 0x5ae239e8, 0x5b2053df, 0x5966ed86, 0x58a487b1, + 0x5deb9134, 0x5c29fb03, 0x5e6f455a, 0x5fad2f6d, + 0xe1351b80, 0xe0f771b7, 0xe2b1cfee, 0xe373a5d9, + 0xe63cb35c, 0xe7fed96b, 0xe5b86732, 0xe47a0d05, + 0xef264a38, 0xeee4200f, 0xeca29e56, 0xed60f461, + 0xe82fe2e4, 0xe9ed88d3, 0xebab368a, 0xea695cbd, + 0xfd13b8f0, 0xfcd1d2c7, 0xfe976c9e, 0xff5506a9, + 0xfa1a102c, 0xfbd87a1b, 0xf99ec442, 0xf85cae75, + 0xf300e948, 0xf2c2837f, 0xf0843d26, 0xf1465711, + 0xf4094194, 0xf5cb2ba3, 0xf78d95fa, 0xf64fffcd, + 0xd9785d60, 0xd8ba3757, 0xdafc890e, 0xdb3ee339, + 0xde71f5bc, 0xdfb39f8b, 0xddf521d2, 0xdc374be5, + 0xd76b0cd8, 0xd6a966ef, 0xd4efd8b6, 0xd52db281, + 0xd062a404, 0xd1a0ce33, 0xd3e6706a, 0xd2241a5d, + 0xc55efe10, 0xc49c9427, 0xc6da2a7e, 0xc7184049, + 0xc25756cc, 0xc3953cfb, 0xc1d382a2, 0xc011e895, + 0xcb4dafa8, 0xca8fc59f, 0xc8c97bc6, 0xc90b11f1, + 0xcc440774, 0xcd866d43, 0xcfc0d31a, 0xce02b92d, + 0x91af9640, 0x906dfc77, 0x922b422e, 0x93e92819, + 0x96a63e9c, 0x976454ab, 0x9522eaf2, 0x94e080c5, + 0x9fbcc7f8, 0x9e7eadcf, 0x9c381396, 0x9dfa79a1, + 0x98b56f24, 0x99770513, 0x9b31bb4a, 0x9af3d17d, + 0x8d893530, 0x8c4b5f07, 0x8e0de15e, 0x8fcf8b69, + 0x8a809dec, 0x8b42f7db, 0x89044982, 0x88c623b5, + 0x839a6488, 0x82580ebf, 0x801eb0e6, 0x81dcdad1, + 0x8493cc54, 0x8551a663, 0x8717183a, 0x86d5720d, + 0xa9e2d0a0, 0xa820ba97, 0xaa6604ce, 0xaba46ef9, + 0xaeeb787c, 0xaf29124b, 0xad6fac12, 0xacadc625, + 0xa7f18118, 0xa633eb2f, 0xa4755576, 0xa5b73f41, + 0xa0f829c4, 0xa13a43f3, 0xa37cfdaa, 0xa2be979d, + 0xb5c473d0, 0xb40619e7, 0xb640a7be, 0xb782cd89, + 0xb2cddb0c, 0xb30fb13b, 0xb1490f62, 0xb08b6555, + 0xbbd72268, 0xba15485f, 0xb853f606, 0xb9919c31, + 0xbcde8ab4, 0xbd1ce083, 0xbf5a5eda, 0xbe9834ed, + 0x00000000, 0xb8bc6765, 0xaa09c88b, 0x12b5afee, + 0x8f629757, 0x37def032, 0x256b5fdc, 0x9dd738b9, + 0xc5b428ef, 0x7d084f8a, 0x6fbde064, 0xd7018701, + 0x4ad6bfb8, 0xf26ad8dd, 0xe0df7733, 0x58631056, + 0x5019579f, 0xe8a530fa, 0xfa109f14, 0x42acf871, + 0xdf7bc0c8, 0x67c7a7ad, 0x75720843, 0xcdce6f26, + 0x95ad7f70, 0x2d111815, 0x3fa4b7fb, 0x8718d09e, + 0x1acfe827, 0xa2738f42, 0xb0c620ac, 0x087a47c9, + 0xa032af3e, 0x188ec85b, 0x0a3b67b5, 0xb28700d0, + 0x2f503869, 0x97ec5f0c, 0x8559f0e2, 0x3de59787, + 0x658687d1, 0xdd3ae0b4, 0xcf8f4f5a, 0x7733283f, + 0xeae41086, 0x525877e3, 0x40edd80d, 0xf851bf68, + 0xf02bf8a1, 0x48979fc4, 0x5a22302a, 0xe29e574f, + 0x7f496ff6, 0xc7f50893, 0xd540a77d, 0x6dfcc018, + 0x359fd04e, 0x8d23b72b, 0x9f9618c5, 0x272a7fa0, + 0xbafd4719, 0x0241207c, 0x10f48f92, 0xa848e8f7, + 0x9b14583d, 0x23a83f58, 0x311d90b6, 0x89a1f7d3, + 0x1476cf6a, 0xaccaa80f, 0xbe7f07e1, 0x06c36084, + 0x5ea070d2, 0xe61c17b7, 0xf4a9b859, 0x4c15df3c, + 0xd1c2e785, 0x697e80e0, 0x7bcb2f0e, 0xc377486b, + 0xcb0d0fa2, 0x73b168c7, 0x6104c729, 0xd9b8a04c, + 0x446f98f5, 0xfcd3ff90, 0xee66507e, 0x56da371b, + 0x0eb9274d, 0xb6054028, 0xa4b0efc6, 0x1c0c88a3, + 0x81dbb01a, 0x3967d77f, 0x2bd27891, 0x936e1ff4, + 0x3b26f703, 0x839a9066, 0x912f3f88, 0x299358ed, + 0xb4446054, 0x0cf80731, 0x1e4da8df, 0xa6f1cfba, + 0xfe92dfec, 0x462eb889, 0x549b1767, 0xec277002, + 0x71f048bb, 0xc94c2fde, 0xdbf98030, 0x6345e755, + 0x6b3fa09c, 0xd383c7f9, 0xc1366817, 0x798a0f72, + 0xe45d37cb, 0x5ce150ae, 0x4e54ff40, 0xf6e89825, + 0xae8b8873, 0x1637ef16, 0x048240f8, 0xbc3e279d, + 0x21e91f24, 0x99557841, 0x8be0d7af, 0x335cb0ca, + 0xed59b63b, 0x55e5d15e, 0x47507eb0, 0xffec19d5, + 0x623b216c, 0xda874609, 0xc832e9e7, 0x708e8e82, + 0x28ed9ed4, 0x9051f9b1, 0x82e4565f, 0x3a58313a, + 0xa78f0983, 0x1f336ee6, 0x0d86c108, 0xb53aa66d, + 0xbd40e1a4, 0x05fc86c1, 0x1749292f, 0xaff54e4a, + 0x322276f3, 0x8a9e1196, 0x982bbe78, 0x2097d91d, + 0x78f4c94b, 0xc048ae2e, 0xd2fd01c0, 0x6a4166a5, + 0xf7965e1c, 0x4f2a3979, 0x5d9f9697, 0xe523f1f2, + 0x4d6b1905, 0xf5d77e60, 0xe762d18e, 0x5fdeb6eb, + 0xc2098e52, 0x7ab5e937, 0x680046d9, 0xd0bc21bc, + 0x88df31ea, 0x3063568f, 0x22d6f961, 0x9a6a9e04, + 0x07bda6bd, 0xbf01c1d8, 0xadb46e36, 0x15080953, + 0x1d724e9a, 0xa5ce29ff, 0xb77b8611, 0x0fc7e174, + 0x9210d9cd, 0x2aacbea8, 0x38191146, 0x80a57623, + 0xd8c66675, 0x607a0110, 0x72cfaefe, 0xca73c99b, + 0x57a4f122, 0xef189647, 0xfdad39a9, 0x45115ecc, + 0x764dee06, 0xcef18963, 0xdc44268d, 0x64f841e8, + 0xf92f7951, 0x41931e34, 0x5326b1da, 0xeb9ad6bf, + 0xb3f9c6e9, 0x0b45a18c, 0x19f00e62, 0xa14c6907, + 0x3c9b51be, 0x842736db, 0x96929935, 0x2e2efe50, + 0x2654b999, 0x9ee8defc, 0x8c5d7112, 0x34e11677, + 0xa9362ece, 0x118a49ab, 0x033fe645, 0xbb838120, + 0xe3e09176, 0x5b5cf613, 0x49e959fd, 0xf1553e98, + 0x6c820621, 0xd43e6144, 0xc68bceaa, 0x7e37a9cf, + 0xd67f4138, 0x6ec3265d, 0x7c7689b3, 0xc4caeed6, + 0x591dd66f, 0xe1a1b10a, 0xf3141ee4, 0x4ba87981, + 0x13cb69d7, 0xab770eb2, 0xb9c2a15c, 0x017ec639, + 0x9ca9fe80, 0x241599e5, 0x36a0360b, 0x8e1c516e, + 0x866616a7, 0x3eda71c2, 0x2c6fde2c, 0x94d3b949, + 0x090481f0, 0xb1b8e695, 0xa30d497b, 0x1bb12e1e, + 0x43d23e48, 0xfb6e592d, 0xe9dbf6c3, 0x516791a6, + 0xccb0a91f, 0x740cce7a, 0x66b96194, 0xde0506f1 +}; - return crc; -} +/* CRC32 */ -typedef struct +static inline u32 +crc32_next (u32 crc, byte data) { - u32 CRC; - byte buf[4]; + return (crc >> 8) ^ crc32_table[(crc & 0xff) ^ data]; } -CRC_CONTEXT; -/* CRC32 */ +/* + * Process 4 bytes in one go + */ +static inline u32 +crc32_next4 (u32 crc, u32 data) +{ + crc ^= data; + crc = crc32_table[(crc & 0xff) + 0x300] ^ + crc32_table[((crc >> 8) & 0xff) + 0x200] ^ + crc32_table[((crc >> 16) & 0xff) + 0x100] ^ + crc32_table[(crc >> 24) & 0xff]; + return crc; +} static void crc32_init (void *context, unsigned int flags) @@ -159,12 +345,40 @@ crc32_init (void *context, unsigned int flags) } static void -crc32_write (void *context, const void *inbuf, size_t inlen) +crc32_write (void *context, const void *inbuf_arg, size_t inlen) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; - if (!inbuf) + const byte *inbuf = inbuf_arg; + u32 crc; + + if (!inbuf || !inlen) return; - ctx->CRC = update_crc32 (ctx->CRC, inbuf, inlen); + + crc = ctx->CRC; + + while (inlen >= 16) + { + inlen -= 16; + crc = crc32_next4(crc, buf_get_le32(&inbuf[0])); + crc = crc32_next4(crc, buf_get_le32(&inbuf[4])); + crc = crc32_next4(crc, buf_get_le32(&inbuf[8])); + crc = crc32_next4(crc, buf_get_le32(&inbuf[12])); + inbuf += 16; + } + + while (inlen >= 4) + { + inlen -= 4; + crc = crc32_next4(crc, buf_get_le32(inbuf)); + inbuf += 4; + } + + while (inlen--) + { + crc = crc32_next(crc, *inbuf++); + } + + ctx->CRC = crc; } static byte * @@ -179,13 +393,12 @@ crc32_final (void *context) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; ctx->CRC ^= 0xffffffffL; - ctx->buf[0] = (ctx->CRC >> 24) & 0xFF; - ctx->buf[1] = (ctx->CRC >> 16) & 0xFF; - ctx->buf[2] = (ctx->CRC >> 8) & 0xFF; - ctx->buf[3] = (ctx->CRC ) & 0xFF; + buf_put_be32 (ctx->buf, ctx->CRC); } /* CRC32 a'la RFC 1510 */ +/* CRC of the string "123456789" is 0x2dfd2d88 */ + static void crc32rfc1510_init (void *context, unsigned int flags) { @@ -200,47 +413,315 @@ static void crc32rfc1510_final (void *context) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; - ctx->buf[0] = (ctx->CRC >> 24) & 0xFF; - ctx->buf[1] = (ctx->CRC >> 16) & 0xFF; - ctx->buf[2] = (ctx->CRC >> 8) & 0xFF; - ctx->buf[3] = (ctx->CRC ) & 0xFF; + buf_put_be32(ctx->buf, ctx->CRC); } /* CRC24 a'la RFC 2440 */ /* - * The following CRC 24 routines are adapted from RFC 2440, which has - * the following copyright notice: - * - * Copyright (C) The Internet Society (1998). All Rights Reserved. + * Code generated by universal_crc by Danjel McGougan * - * This document and translations of it may be copied and furnished - * to others, and derivative works that comment on or otherwise - * explain it or assist in its implementation may be prepared, - * copied, published and distributed, in whole or in part, without - * restriction of any kind, provided that the above copyright notice - * and this paragraph are included on all such copies and derivative - * works. However, this document itself may not be modified in any - * way, such as by removing the copyright notice or references to - * the Internet Society or other Internet organizations, except as - * needed for the purpose of developing Internet standards in which - * case the procedures for copyrights defined in the Internet - * Standards process must be followed, or as required to translate - * it into languages other than English. + * CRC parameters used: + * bits: 24 + * poly: 0x864cfb + * init: 0xb704ce + * xor: 0x000000 + * reverse: false + * non-direct: false * - * The limited permissions granted above are perpetual and will not be - * revoked by the Internet Society or its successors or assigns. - * - * This document and the information contained herein is provided on - * an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET - * ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE - * OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY - * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR - * PURPOSE. + * CRC of the string "123456789" is 0x21cf02 + */ + +static const u32 crc24_table[1024] = +{ + 0x00000000, 0x00fb4c86, 0x000dd58a, 0x00f6990c, + 0x00e1e693, 0x001aaa15, 0x00ec3319, 0x00177f9f, + 0x003981a1, 0x00c2cd27, 0x0034542b, 0x00cf18ad, + 0x00d86732, 0x00232bb4, 0x00d5b2b8, 0x002efe3e, + 0x00894ec5, 0x00720243, 0x00849b4f, 0x007fd7c9, + 0x0068a856, 0x0093e4d0, 0x00657ddc, 0x009e315a, + 0x00b0cf64, 0x004b83e2, 0x00bd1aee, 0x00465668, + 0x005129f7, 0x00aa6571, 0x005cfc7d, 0x00a7b0fb, + 0x00e9d10c, 0x00129d8a, 0x00e40486, 0x001f4800, + 0x0008379f, 0x00f37b19, 0x0005e215, 0x00feae93, + 0x00d050ad, 0x002b1c2b, 0x00dd8527, 0x0026c9a1, + 0x0031b63e, 0x00cafab8, 0x003c63b4, 0x00c72f32, + 0x00609fc9, 0x009bd34f, 0x006d4a43, 0x009606c5, + 0x0081795a, 0x007a35dc, 0x008cacd0, 0x0077e056, + 0x00591e68, 0x00a252ee, 0x0054cbe2, 0x00af8764, + 0x00b8f8fb, 0x0043b47d, 0x00b52d71, 0x004e61f7, + 0x00d2a319, 0x0029ef9f, 0x00df7693, 0x00243a15, + 0x0033458a, 0x00c8090c, 0x003e9000, 0x00c5dc86, + 0x00eb22b8, 0x00106e3e, 0x00e6f732, 0x001dbbb4, + 0x000ac42b, 0x00f188ad, 0x000711a1, 0x00fc5d27, + 0x005beddc, 0x00a0a15a, 0x00563856, 0x00ad74d0, + 0x00ba0b4f, 0x004147c9, 0x00b7dec5, 0x004c9243, + 0x00626c7d, 0x009920fb, 0x006fb9f7, 0x0094f571, + 0x00838aee, 0x0078c668, 0x008e5f64, 0x007513e2, + 0x003b7215, 0x00c03e93, 0x0036a79f, 0x00cdeb19, + 0x00da9486, 0x0021d800, 0x00d7410c, 0x002c0d8a, + 0x0002f3b4, 0x00f9bf32, 0x000f263e, 0x00f46ab8, + 0x00e31527, 0x001859a1, 0x00eec0ad, 0x00158c2b, + 0x00b23cd0, 0x00497056, 0x00bfe95a, 0x0044a5dc, + 0x0053da43, 0x00a896c5, 0x005e0fc9, 0x00a5434f, + 0x008bbd71, 0x0070f1f7, 0x008668fb, 0x007d247d, + 0x006a5be2, 0x00911764, 0x00678e68, 0x009cc2ee, + 0x00a44733, 0x005f0bb5, 0x00a992b9, 0x0052de3f, + 0x0045a1a0, 0x00beed26, 0x0048742a, 0x00b338ac, + 0x009dc692, 0x00668a14, 0x00901318, 0x006b5f9e, + 0x007c2001, 0x00876c87, 0x0071f58b, 0x008ab90d, + 0x002d09f6, 0x00d64570, 0x0020dc7c, 0x00db90fa, + 0x00ccef65, 0x0037a3e3, 0x00c13aef, 0x003a7669, + 0x00148857, 0x00efc4d1, 0x00195ddd, 0x00e2115b, + 0x00f56ec4, 0x000e2242, 0x00f8bb4e, 0x0003f7c8, + 0x004d963f, 0x00b6dab9, 0x004043b5, 0x00bb0f33, + 0x00ac70ac, 0x00573c2a, 0x00a1a526, 0x005ae9a0, + 0x0074179e, 0x008f5b18, 0x0079c214, 0x00828e92, + 0x0095f10d, 0x006ebd8b, 0x00982487, 0x00636801, + 0x00c4d8fa, 0x003f947c, 0x00c90d70, 0x003241f6, + 0x00253e69, 0x00de72ef, 0x0028ebe3, 0x00d3a765, + 0x00fd595b, 0x000615dd, 0x00f08cd1, 0x000bc057, + 0x001cbfc8, 0x00e7f34e, 0x00116a42, 0x00ea26c4, + 0x0076e42a, 0x008da8ac, 0x007b31a0, 0x00807d26, + 0x009702b9, 0x006c4e3f, 0x009ad733, 0x00619bb5, + 0x004f658b, 0x00b4290d, 0x0042b001, 0x00b9fc87, + 0x00ae8318, 0x0055cf9e, 0x00a35692, 0x00581a14, + 0x00ffaaef, 0x0004e669, 0x00f27f65, 0x000933e3, + 0x001e4c7c, 0x00e500fa, 0x001399f6, 0x00e8d570, + 0x00c62b4e, 0x003d67c8, 0x00cbfec4, 0x0030b242, + 0x0027cddd, 0x00dc815b, 0x002a1857, 0x00d154d1, + 0x009f3526, 0x006479a0, 0x0092e0ac, 0x0069ac2a, + 0x007ed3b5, 0x00859f33, 0x0073063f, 0x00884ab9, + 0x00a6b487, 0x005df801, 0x00ab610d, 0x00502d8b, + 0x00475214, 0x00bc1e92, 0x004a879e, 0x00b1cb18, + 0x00167be3, 0x00ed3765, 0x001bae69, 0x00e0e2ef, + 0x00f79d70, 0x000cd1f6, 0x00fa48fa, 0x0001047c, + 0x002ffa42, 0x00d4b6c4, 0x00222fc8, 0x00d9634e, + 0x00ce1cd1, 0x00355057, 0x00c3c95b, 0x003885dd, + 0x00000000, 0x00488f66, 0x00901ecd, 0x00d891ab, + 0x00db711c, 0x0093fe7a, 0x004b6fd1, 0x0003e0b7, + 0x00b6e338, 0x00fe6c5e, 0x0026fdf5, 0x006e7293, + 0x006d9224, 0x00251d42, 0x00fd8ce9, 0x00b5038f, + 0x006cc771, 0x00244817, 0x00fcd9bc, 0x00b456da, + 0x00b7b66d, 0x00ff390b, 0x0027a8a0, 0x006f27c6, + 0x00da2449, 0x0092ab2f, 0x004a3a84, 0x0002b5e2, + 0x00015555, 0x0049da33, 0x00914b98, 0x00d9c4fe, + 0x00d88ee3, 0x00900185, 0x0048902e, 0x00001f48, + 0x0003ffff, 0x004b7099, 0x0093e132, 0x00db6e54, + 0x006e6ddb, 0x0026e2bd, 0x00fe7316, 0x00b6fc70, + 0x00b51cc7, 0x00fd93a1, 0x0025020a, 0x006d8d6c, + 0x00b44992, 0x00fcc6f4, 0x0024575f, 0x006cd839, + 0x006f388e, 0x0027b7e8, 0x00ff2643, 0x00b7a925, + 0x0002aaaa, 0x004a25cc, 0x0092b467, 0x00da3b01, + 0x00d9dbb6, 0x009154d0, 0x0049c57b, 0x00014a1d, + 0x004b5141, 0x0003de27, 0x00db4f8c, 0x0093c0ea, + 0x0090205d, 0x00d8af3b, 0x00003e90, 0x0048b1f6, + 0x00fdb279, 0x00b53d1f, 0x006dacb4, 0x002523d2, + 0x0026c365, 0x006e4c03, 0x00b6dda8, 0x00fe52ce, + 0x00279630, 0x006f1956, 0x00b788fd, 0x00ff079b, + 0x00fce72c, 0x00b4684a, 0x006cf9e1, 0x00247687, + 0x00917508, 0x00d9fa6e, 0x00016bc5, 0x0049e4a3, + 0x004a0414, 0x00028b72, 0x00da1ad9, 0x009295bf, + 0x0093dfa2, 0x00db50c4, 0x0003c16f, 0x004b4e09, + 0x0048aebe, 0x000021d8, 0x00d8b073, 0x00903f15, + 0x00253c9a, 0x006db3fc, 0x00b52257, 0x00fdad31, + 0x00fe4d86, 0x00b6c2e0, 0x006e534b, 0x0026dc2d, + 0x00ff18d3, 0x00b797b5, 0x006f061e, 0x00278978, + 0x002469cf, 0x006ce6a9, 0x00b47702, 0x00fcf864, + 0x0049fbeb, 0x0001748d, 0x00d9e526, 0x00916a40, + 0x00928af7, 0x00da0591, 0x0002943a, 0x004a1b5c, + 0x0096a282, 0x00de2de4, 0x0006bc4f, 0x004e3329, + 0x004dd39e, 0x00055cf8, 0x00ddcd53, 0x00954235, + 0x002041ba, 0x0068cedc, 0x00b05f77, 0x00f8d011, + 0x00fb30a6, 0x00b3bfc0, 0x006b2e6b, 0x0023a10d, + 0x00fa65f3, 0x00b2ea95, 0x006a7b3e, 0x0022f458, + 0x002114ef, 0x00699b89, 0x00b10a22, 0x00f98544, + 0x004c86cb, 0x000409ad, 0x00dc9806, 0x00941760, + 0x0097f7d7, 0x00df78b1, 0x0007e91a, 0x004f667c, + 0x004e2c61, 0x0006a307, 0x00de32ac, 0x0096bdca, + 0x00955d7d, 0x00ddd21b, 0x000543b0, 0x004dccd6, + 0x00f8cf59, 0x00b0403f, 0x0068d194, 0x00205ef2, + 0x0023be45, 0x006b3123, 0x00b3a088, 0x00fb2fee, + 0x0022eb10, 0x006a6476, 0x00b2f5dd, 0x00fa7abb, + 0x00f99a0c, 0x00b1156a, 0x006984c1, 0x00210ba7, + 0x00940828, 0x00dc874e, 0x000416e5, 0x004c9983, + 0x004f7934, 0x0007f652, 0x00df67f9, 0x0097e89f, + 0x00ddf3c3, 0x00957ca5, 0x004ded0e, 0x00056268, + 0x000682df, 0x004e0db9, 0x00969c12, 0x00de1374, + 0x006b10fb, 0x00239f9d, 0x00fb0e36, 0x00b38150, + 0x00b061e7, 0x00f8ee81, 0x00207f2a, 0x0068f04c, + 0x00b134b2, 0x00f9bbd4, 0x00212a7f, 0x0069a519, + 0x006a45ae, 0x0022cac8, 0x00fa5b63, 0x00b2d405, + 0x0007d78a, 0x004f58ec, 0x0097c947, 0x00df4621, + 0x00dca696, 0x009429f0, 0x004cb85b, 0x0004373d, + 0x00057d20, 0x004df246, 0x009563ed, 0x00ddec8b, + 0x00de0c3c, 0x0096835a, 0x004e12f1, 0x00069d97, + 0x00b39e18, 0x00fb117e, 0x002380d5, 0x006b0fb3, + 0x0068ef04, 0x00206062, 0x00f8f1c9, 0x00b07eaf, + 0x0069ba51, 0x00213537, 0x00f9a49c, 0x00b12bfa, + 0x00b2cb4d, 0x00fa442b, 0x0022d580, 0x006a5ae6, + 0x00df5969, 0x0097d60f, 0x004f47a4, 0x0007c8c2, + 0x00042875, 0x004ca713, 0x009436b8, 0x00dcb9de, + 0x00000000, 0x00d70983, 0x00555f80, 0x00825603, + 0x0051f286, 0x0086fb05, 0x0004ad06, 0x00d3a485, + 0x0059a88b, 0x008ea108, 0x000cf70b, 0x00dbfe88, + 0x00085a0d, 0x00df538e, 0x005d058d, 0x008a0c0e, + 0x00491c91, 0x009e1512, 0x001c4311, 0x00cb4a92, + 0x0018ee17, 0x00cfe794, 0x004db197, 0x009ab814, + 0x0010b41a, 0x00c7bd99, 0x0045eb9a, 0x0092e219, + 0x0041469c, 0x00964f1f, 0x0014191c, 0x00c3109f, + 0x006974a4, 0x00be7d27, 0x003c2b24, 0x00eb22a7, + 0x00388622, 0x00ef8fa1, 0x006dd9a2, 0x00bad021, + 0x0030dc2f, 0x00e7d5ac, 0x006583af, 0x00b28a2c, + 0x00612ea9, 0x00b6272a, 0x00347129, 0x00e378aa, + 0x00206835, 0x00f761b6, 0x007537b5, 0x00a23e36, + 0x00719ab3, 0x00a69330, 0x0024c533, 0x00f3ccb0, + 0x0079c0be, 0x00aec93d, 0x002c9f3e, 0x00fb96bd, + 0x00283238, 0x00ff3bbb, 0x007d6db8, 0x00aa643b, + 0x0029a4ce, 0x00fead4d, 0x007cfb4e, 0x00abf2cd, + 0x00785648, 0x00af5fcb, 0x002d09c8, 0x00fa004b, + 0x00700c45, 0x00a705c6, 0x002553c5, 0x00f25a46, + 0x0021fec3, 0x00f6f740, 0x0074a143, 0x00a3a8c0, + 0x0060b85f, 0x00b7b1dc, 0x0035e7df, 0x00e2ee5c, + 0x00314ad9, 0x00e6435a, 0x00641559, 0x00b31cda, + 0x003910d4, 0x00ee1957, 0x006c4f54, 0x00bb46d7, + 0x0068e252, 0x00bfebd1, 0x003dbdd2, 0x00eab451, + 0x0040d06a, 0x0097d9e9, 0x00158fea, 0x00c28669, + 0x001122ec, 0x00c62b6f, 0x00447d6c, 0x009374ef, + 0x001978e1, 0x00ce7162, 0x004c2761, 0x009b2ee2, + 0x00488a67, 0x009f83e4, 0x001dd5e7, 0x00cadc64, + 0x0009ccfb, 0x00dec578, 0x005c937b, 0x008b9af8, + 0x00583e7d, 0x008f37fe, 0x000d61fd, 0x00da687e, + 0x00506470, 0x00876df3, 0x00053bf0, 0x00d23273, + 0x000196f6, 0x00d69f75, 0x0054c976, 0x0083c0f5, + 0x00a9041b, 0x007e0d98, 0x00fc5b9b, 0x002b5218, + 0x00f8f69d, 0x002fff1e, 0x00ada91d, 0x007aa09e, + 0x00f0ac90, 0x0027a513, 0x00a5f310, 0x0072fa93, + 0x00a15e16, 0x00765795, 0x00f40196, 0x00230815, + 0x00e0188a, 0x00371109, 0x00b5470a, 0x00624e89, + 0x00b1ea0c, 0x0066e38f, 0x00e4b58c, 0x0033bc0f, + 0x00b9b001, 0x006eb982, 0x00ecef81, 0x003be602, + 0x00e84287, 0x003f4b04, 0x00bd1d07, 0x006a1484, + 0x00c070bf, 0x0017793c, 0x00952f3f, 0x004226bc, + 0x00918239, 0x00468bba, 0x00c4ddb9, 0x0013d43a, + 0x0099d834, 0x004ed1b7, 0x00cc87b4, 0x001b8e37, + 0x00c82ab2, 0x001f2331, 0x009d7532, 0x004a7cb1, + 0x00896c2e, 0x005e65ad, 0x00dc33ae, 0x000b3a2d, + 0x00d89ea8, 0x000f972b, 0x008dc128, 0x005ac8ab, + 0x00d0c4a5, 0x0007cd26, 0x00859b25, 0x005292a6, + 0x00813623, 0x00563fa0, 0x00d469a3, 0x00036020, + 0x0080a0d5, 0x0057a956, 0x00d5ff55, 0x0002f6d6, + 0x00d15253, 0x00065bd0, 0x00840dd3, 0x00530450, + 0x00d9085e, 0x000e01dd, 0x008c57de, 0x005b5e5d, + 0x0088fad8, 0x005ff35b, 0x00dda558, 0x000aacdb, + 0x00c9bc44, 0x001eb5c7, 0x009ce3c4, 0x004bea47, + 0x00984ec2, 0x004f4741, 0x00cd1142, 0x001a18c1, + 0x009014cf, 0x00471d4c, 0x00c54b4f, 0x001242cc, + 0x00c1e649, 0x0016efca, 0x0094b9c9, 0x0043b04a, + 0x00e9d471, 0x003eddf2, 0x00bc8bf1, 0x006b8272, + 0x00b826f7, 0x006f2f74, 0x00ed7977, 0x003a70f4, + 0x00b07cfa, 0x00677579, 0x00e5237a, 0x00322af9, + 0x00e18e7c, 0x003687ff, 0x00b4d1fc, 0x0063d87f, + 0x00a0c8e0, 0x0077c163, 0x00f59760, 0x00229ee3, + 0x00f13a66, 0x002633e5, 0x00a465e6, 0x00736c65, + 0x00f9606b, 0x002e69e8, 0x00ac3feb, 0x007b3668, + 0x00a892ed, 0x007f9b6e, 0x00fdcd6d, 0x002ac4ee, + 0x00000000, 0x00520936, 0x00a4126c, 0x00f61b5a, + 0x004825d8, 0x001a2cee, 0x00ec37b4, 0x00be3e82, + 0x006b0636, 0x00390f00, 0x00cf145a, 0x009d1d6c, + 0x002323ee, 0x00712ad8, 0x00873182, 0x00d538b4, + 0x00d60c6c, 0x0084055a, 0x00721e00, 0x00201736, + 0x009e29b4, 0x00cc2082, 0x003a3bd8, 0x006832ee, + 0x00bd0a5a, 0x00ef036c, 0x00191836, 0x004b1100, + 0x00f52f82, 0x00a726b4, 0x00513dee, 0x000334d8, + 0x00ac19d8, 0x00fe10ee, 0x00080bb4, 0x005a0282, + 0x00e43c00, 0x00b63536, 0x00402e6c, 0x0012275a, + 0x00c71fee, 0x009516d8, 0x00630d82, 0x003104b4, + 0x008f3a36, 0x00dd3300, 0x002b285a, 0x0079216c, + 0x007a15b4, 0x00281c82, 0x00de07d8, 0x008c0eee, + 0x0032306c, 0x0060395a, 0x00962200, 0x00c42b36, + 0x00111382, 0x00431ab4, 0x00b501ee, 0x00e708d8, + 0x0059365a, 0x000b3f6c, 0x00fd2436, 0x00af2d00, + 0x00a37f36, 0x00f17600, 0x00076d5a, 0x0055646c, + 0x00eb5aee, 0x00b953d8, 0x004f4882, 0x001d41b4, + 0x00c87900, 0x009a7036, 0x006c6b6c, 0x003e625a, + 0x00805cd8, 0x00d255ee, 0x00244eb4, 0x00764782, + 0x0075735a, 0x00277a6c, 0x00d16136, 0x00836800, + 0x003d5682, 0x006f5fb4, 0x009944ee, 0x00cb4dd8, + 0x001e756c, 0x004c7c5a, 0x00ba6700, 0x00e86e36, + 0x005650b4, 0x00045982, 0x00f242d8, 0x00a04bee, + 0x000f66ee, 0x005d6fd8, 0x00ab7482, 0x00f97db4, + 0x00474336, 0x00154a00, 0x00e3515a, 0x00b1586c, + 0x006460d8, 0x003669ee, 0x00c072b4, 0x00927b82, + 0x002c4500, 0x007e4c36, 0x0088576c, 0x00da5e5a, + 0x00d96a82, 0x008b63b4, 0x007d78ee, 0x002f71d8, + 0x00914f5a, 0x00c3466c, 0x00355d36, 0x00675400, + 0x00b26cb4, 0x00e06582, 0x00167ed8, 0x004477ee, + 0x00fa496c, 0x00a8405a, 0x005e5b00, 0x000c5236, + 0x0046ff6c, 0x0014f65a, 0x00e2ed00, 0x00b0e436, + 0x000edab4, 0x005cd382, 0x00aac8d8, 0x00f8c1ee, + 0x002df95a, 0x007ff06c, 0x0089eb36, 0x00dbe200, + 0x0065dc82, 0x0037d5b4, 0x00c1ceee, 0x0093c7d8, + 0x0090f300, 0x00c2fa36, 0x0034e16c, 0x0066e85a, + 0x00d8d6d8, 0x008adfee, 0x007cc4b4, 0x002ecd82, + 0x00fbf536, 0x00a9fc00, 0x005fe75a, 0x000dee6c, + 0x00b3d0ee, 0x00e1d9d8, 0x0017c282, 0x0045cbb4, + 0x00eae6b4, 0x00b8ef82, 0x004ef4d8, 0x001cfdee, + 0x00a2c36c, 0x00f0ca5a, 0x0006d100, 0x0054d836, + 0x0081e082, 0x00d3e9b4, 0x0025f2ee, 0x0077fbd8, + 0x00c9c55a, 0x009bcc6c, 0x006dd736, 0x003fde00, + 0x003cead8, 0x006ee3ee, 0x0098f8b4, 0x00caf182, + 0x0074cf00, 0x0026c636, 0x00d0dd6c, 0x0082d45a, + 0x0057ecee, 0x0005e5d8, 0x00f3fe82, 0x00a1f7b4, + 0x001fc936, 0x004dc000, 0x00bbdb5a, 0x00e9d26c, + 0x00e5805a, 0x00b7896c, 0x00419236, 0x00139b00, + 0x00ada582, 0x00ffacb4, 0x0009b7ee, 0x005bbed8, + 0x008e866c, 0x00dc8f5a, 0x002a9400, 0x00789d36, + 0x00c6a3b4, 0x0094aa82, 0x0062b1d8, 0x0030b8ee, + 0x00338c36, 0x00618500, 0x00979e5a, 0x00c5976c, + 0x007ba9ee, 0x0029a0d8, 0x00dfbb82, 0x008db2b4, + 0x00588a00, 0x000a8336, 0x00fc986c, 0x00ae915a, + 0x0010afd8, 0x0042a6ee, 0x00b4bdb4, 0x00e6b482, + 0x00499982, 0x001b90b4, 0x00ed8bee, 0x00bf82d8, + 0x0001bc5a, 0x0053b56c, 0x00a5ae36, 0x00f7a700, + 0x00229fb4, 0x00709682, 0x00868dd8, 0x00d484ee, + 0x006aba6c, 0x0038b35a, 0x00cea800, 0x009ca136, + 0x009f95ee, 0x00cd9cd8, 0x003b8782, 0x00698eb4, + 0x00d7b036, 0x0085b900, 0x0073a25a, 0x0021ab6c, + 0x00f493d8, 0x00a69aee, 0x005081b4, 0x00028882, + 0x00bcb600, 0x00eebf36, 0x0018a46c, 0x004aad5a +}; + +static inline +u32 crc24_init (void) +{ + return 0xce04b7; +} + +static inline +u32 crc24_next (u32 crc, byte data) +{ + return (crc >> 8) ^ crc24_table[(crc & 0xff) ^ data]; +} + +/* + * Process 4 bytes in one go */ +static inline +u32 crc24_next4 (u32 crc, u32 data) +{ + crc ^= data; + crc = crc24_table[(crc & 0xff) + 0x300] ^ + crc24_table[((crc >> 8) & 0xff) + 0x200] ^ + crc24_table[((crc >> 16) & 0xff) + 0x100] ^ + crc24_table[(crc >> 24) & 0xff]; + return crc; +} -#define CRC24_INIT 0xb704ceL -#define CRC24_POLY 0x1864cfbL +static inline +u32 crc24_final (u32 crc) +{ + return crc & 0xffffff; +} static void crc24rfc2440_init (void *context, unsigned int flags) @@ -249,36 +730,52 @@ crc24rfc2440_init (void *context, unsigned int flags) (void)flags; - ctx->CRC = CRC24_INIT; + ctx->CRC = crc24_init(); } static void crc24rfc2440_write (void *context, const void *inbuf_arg, size_t inlen) { const unsigned char *inbuf = inbuf_arg; - int i; CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; + u32 crc; - if (!inbuf) + if (!inbuf || !inlen) return; - while (inlen--) { - ctx->CRC ^= (*inbuf++) << 16; - for (i = 0; i < 8; i++) { - ctx->CRC <<= 1; - if (ctx->CRC & 0x1000000) - ctx->CRC ^= CRC24_POLY; + crc = ctx->CRC; + + while (inlen >= 16) + { + inlen -= 16; + crc = crc24_next4(crc, buf_get_le32(&inbuf[0])); + crc = crc24_next4(crc, buf_get_le32(&inbuf[4])); + crc = crc24_next4(crc, buf_get_le32(&inbuf[8])); + crc = crc24_next4(crc, buf_get_le32(&inbuf[12])); + inbuf += 16; + } + + while (inlen >= 4) + { + inlen -= 4; + crc = crc24_next4(crc, buf_get_le32(inbuf)); + inbuf += 4; + } + + while (inlen--) + { + crc = crc24_next(crc, *inbuf++); } - } + + ctx->CRC = crc; } static void crc24rfc2440_final (void *context) { CRC_CONTEXT *ctx = (CRC_CONTEXT *) context; - ctx->buf[0] = (ctx->CRC >> 16) & 0xFF; - ctx->buf[1] = (ctx->CRC >> 8) & 0xFF; - ctx->buf[2] = (ctx->CRC ) & 0xFF; + ctx->CRC = crc24_final(ctx->CRC); + buf_put_le32 (ctx->buf, ctx->CRC); } /* We allow the CRC algorithms even in FIPS mode because they are diff --git a/tests/basic.c b/tests/basic.c index 2cf8dd0..bb07394 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -5524,6 +5524,7 @@ check_digests (void) "TY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser Gene" "ral Public License for more details.", "\x4A\x53\x7D\x67" }, + { GCRY_MD_CRC32, "123456789", "\xcb\xf4\x39\x26" }, { GCRY_MD_CRC32_RFC1510, "", "\x00\x00\x00\x00" }, { GCRY_MD_CRC32_RFC1510, "foo", "\x73\x32\xbc\x33" }, { GCRY_MD_CRC32_RFC1510, "test0123456789", "\xb8\x3e\x88\xd6" }, @@ -5539,8 +5540,10 @@ check_digests (void) { GCRY_MD_CRC32_RFC1510, "\x80\x00\x00\x00", "\xed\x59\xb6\x3b" }, { GCRY_MD_CRC32_RFC1510, "\x00\x00\x00\x01", "\x77\x07\x30\x96" }, #endif + { GCRY_MD_CRC32_RFC1510, "123456789", "\x2d\xfd\x2d\x88" }, { GCRY_MD_CRC24_RFC2440, "", "\xb7\x04\xce" }, { GCRY_MD_CRC24_RFC2440, "foo", "\x4f\xc2\x55" }, + { GCRY_MD_CRC24_RFC2440, "123456789", "\x21\xcf\x02" }, { GCRY_MD_TIGER, "", "\x24\xF0\x13\x0C\x63\xAC\x93\x32\x16\x16\x6E\x76" ----------------------------------------------------------------------- Summary of changes: cipher/crc.c | 817 +++++++++++++++++++++++++++++++++++++++++++----------- cipher/rijndael.c | 44 +-- tests/basic.c | 18 ++ 3 files changed, 699 insertions(+), 180 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 5 09:11:04 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 05 May 2015 09:11:04 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-13-gda9ec71 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via da9ec71960fe1257e67f6c282fef432352491945 (commit) via a616bd9dec00e068185b6b37a35ced4ec12ac5a7 (commit) from 8b802cf928d199d9c09080f71a7dd1eb397f414a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit da9ec71960fe1257e67f6c282fef432352491945 Author: Werner Koch Date: Tue May 5 09:10:10 2015 +0200 Remove the Manifest files -- These files are not in use for more than a decade. Their indented purpose was to sign source files. With GIT we have a way better system to detect tampering of the source. diff --git a/Manifest b/Manifest deleted file mode 100644 index 6037ada..0000000 --- a/Manifest +++ /dev/null @@ -1,4 +0,0 @@ -Makefile.am iQCVAwUAP+gB7zEAnp832S/7AQKBYAP+NkkLjXtfsFDK30uEPHCKlHfYi0Wxj3VuVSatlVtb/O1xBWdAt5ba7spwJPzVXMwgaBWkK6DjQrqR0uLrzWCsSX5ZIJZBoBn557ykyimLXzlb8BrpVsNGloNPIeMyTq9LBOUdgtuJST/rfM03zSjgb8HuY5H1/2/BSwLqt1u02+s==jBz4 -acinclude.m4 iQCVAwUAP+gEuTEAnp832S/7AQLVVgP/XQMjkCJxKmfaPINxF3+OQvi6FIys2FDiwdPa391nbxClEnThSljw8uTcvqr3RXXgL4ORsbv8W+TrXuqlDS5vQ5lxf0oPyvvlGhH1Wt64mDI/gA+zS46Y7lkfcpNIrnh5vYgQJlhlN/v0V4pXkWk/DBFiSNqwMqhSUtxpmlv1LKA==v+vK -configure.ac iQCVAwUAP+gEpDEAnp832S/7AQIWwgP/RGNMxYCN5alOA9zsjPvXcF4s5LzHox1J41auPurSF7OKRSjDDx37fKHymMAb9Mh+RqzqwtSn+WnzsL1u7qsbS6TS7yJgEzeZAbP2d4m00aEnqF6Qe63E1ss7SKCjpFbe6IdLu+NO9CkDis/UwlYTAjgoO8kh1GgPzPPEv17iKaA==s84Z -$names$ iQCVAwUAP+gBajEAnp832S/7AQLnygP7BqZ5gdD9oYWEHd5mp6JQdQPiZ5zetxZrUa1IdyoqIusOJ0FkmoUDn+QGhwJgImAn9FnEtMV5uiaZjtFqImFtIR4b/iPL9h89cCi7wTRHL4yjk1qMwa5lBhTa86ZmdEQ6uwFHGRKWjvKr6KVDST10Cal5DscCrTNg9itsdppw+YE==0+Ck diff --git a/assuan/Manifest b/assuan/Manifest deleted file mode 100644 index 7bbf2e6..0000000 --- a/assuan/Manifest +++ /dev/null @@ -1,17 +0,0 @@ -Makefile.am -assuan-buffer.c -assuan-client.c -assuan-connect.c -assuan-defs.h -assuan-errors.c -assuan-handler.c -assuan-inquire.c -assuan-listen.c -assuan-pipe-connect.c -assuan-pipe-server.c -assuan-socket-connect.c -assuan-socket-server.c -assuan-util.c -assuan.h -mkerrors -$names$ iQCVAwUAP+f/pjEAnp832S/7AQLuJAP+MRNJ5zuXNU3znYhBSSb37pqDr3lIjkVrbN+CK4EkEvzcrFFjnpmCs3Hyg371yHM0P0dCRnQ6JW9XPJAtl/93gfNp7Hc6npJenUs3tn4uzlMWf228YW6KrhBXKj9bWyLDiEwsw/alCkBEPBXXXcS54DuESHK5wkljwJlQ93g9wo8==OuBu diff --git a/curses/Makefile.am b/curses/Makefile.am index f8fe9eb..404a8ed 100644 --- a/curses/Makefile.am +++ b/curses/Makefile.am @@ -7,20 +7,18 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. -# +# # PINENTRY is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA ## Process this file with automake to produce Makefile.in -EXTRA_DIST = Manifest - bin_PROGRAMS = pinentry-curses AM_CPPFLAGS = $(NCURSES_INCLUDE) -I$(top_srcdir)/pinentry diff --git a/curses/Manifest b/curses/Manifest deleted file mode 100644 index c231d84..0000000 --- a/curses/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -Makefile.am iQCVAwUAP+gA3zEAnp832S/7AQIR/gP7B87t7lRazBHqtbIUkiFfULuv/sxsfyuUADIUmQwoNB5u4823Oc9nMP/XhiktJFWlzHxx5V4+Ijlv0qHwdeaBX3xDAug7eqtZ2/ItxMhCeya6wF93ZO+50jWtH4R0uJEQnV8PV3qOXyH6IX58tBy/uF3aq/jPveR6JxdoPMmv+KQ==3oD+ -pinentry-curses.c iQCVAwUAP+gA8DEAnp832S/7AQK/TAP/ey0ja7arONAcYHJjaU3mX9jKBEoKXR1x5OzZBy7AyusZb9IoPRhHYZShBVl4LCaadrsrKLHUQxHhvgrdK6iNNt1dU5EAFjYAnzyzRJ2QSnZvAgn9KC1pnNeYmRtU+vhV6fwnoxzAjj0MxpC2jzVaIpfKm+RUJoTf270f06/rSW8==NPLk -$names$ iQCVAwUAP+gAijEAnp832S/7AQIzQwQA2PkXcATQ5mNpLIJ8g1UXFSgQGhZ+h4KkrfzKuogAxeCaTAccLcFRj5DAX8GygQs2IoyZJTSxFaNTMKW48LlDMpnu0/cekN7Rc6v4xp3Wz77Y6bZ2SdyLQw6y0bu8eE+WuUvXjysU/MAqRTB1imhQjhDp+DSw/6cjhd2MF1nrmqc==bfR8 diff --git a/gtk/Makefile.am b/gtk/Makefile.am index 2f16142..5dc243e 100644 --- a/gtk/Makefile.am +++ b/gtk/Makefile.am @@ -7,20 +7,18 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. -# +# # PINENTRY is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA ## Process this file with automake to produce Makefile.in -EXTRA_DIST = Manifest - bin_PROGRAMS = pinentry-gtk if FALLBACK_CURSES diff --git a/gtk/Manifest b/gtk/Manifest deleted file mode 100644 index d3fc619..0000000 --- a/gtk/Manifest +++ /dev/null @@ -1,5 +0,0 @@ -Makefile.am -gtksecentry.c -gtksecentry.h -pinentry-gtk.c -$names$ iQCVAwUAP+f+sDEAnp832S/7AQJrIQQAttRdNAgDI8z/eQpSs1zDeQTv1mX5f4KjKS6WLlp9y4ZLymb6xgE4+BSeTyDVAwl2FEQNzk2BOoqZ19oTyI4af1p4O1L5qKEIOAKX8tnFKlrSUFbrgLPNMJczw6yZiPD5tnjFpcxtzPqP5+DWAZDs/CVR1xnvI/uD0scLblmrjLk==ohI7 diff --git a/pinentry/Manifest b/pinentry/Manifest deleted file mode 100644 index 931718e..0000000 --- a/pinentry/Manifest +++ /dev/null @@ -1,6 +0,0 @@ -Makefile.am -pinentry-curses.c -pinentry-curses.h -pinentry.c -pinentry.h -$names$ iQCVAwUAP+f+TjEAnp832S/7AQJmVQQAwoiSGV7KETdwozuwgSn3q5COtv23QmjKQ/EEvegsv+D2UO4S2viohm9C5hRH0RQwYAZwGKpJ7k/8NpWVxBpzKTI1fJ6ZRRis2c/ucBMa4c6TcVgGeh17x6hYqzrc/omafTyHoQBSvMeYptt5zEoWiXbz/n58DpDFDTpydAl4Q60==IlRa diff --git a/qt/Makefile.am b/qt/Makefile.am index 6771990..bc344e1 100644 --- a/qt/Makefile.am +++ b/qt/Makefile.am @@ -19,7 +19,7 @@ ## Process this file with automake to produce Makefile.in -EXTRA_DIST = Manifest README.SecQ +EXTRA_DIST = README.SecQ bin_PROGRAMS = pinentry-qt @@ -44,7 +44,7 @@ pinentry_qt_SOURCES = secqstring.h secqstring.cpp \ secqinternal_p.h secqinternal.cpp \ secqlineedit.h secqlineedit.cpp \ pinentrydialog.h pinentrydialog.cpp \ - main.cpp + main.cpp nodist_pinentry_qt_SOURCES = secqlineedit.moc.cpp \ pinentrydialog.moc.cpp diff --git a/qt/Manifest b/qt/Manifest deleted file mode 100644 index 207523a..0000000 --- a/qt/Manifest +++ /dev/null @@ -1,9 +0,0 @@ -Makefile.am -main.cpp -pinentrydialog.cpp -pinentrydialog.h -secqlineedit.cpp -secqlineedit.h -secqstring.cpp -secqstring.h -$names$ iQCVAwUAP+f/ATEAnp832S/7AQI7ogP+NM3/SRwrCt+HcyEuhbuJ0GP5bezLJ5ix4XWjkqtdqqXV+DYNLuXVnrsclKuBgrKB2oPYdfakl8WXrI/Gl1GBM2/MZ0jYNtnZZuzfIqPXN4eKZTdlvry7DbE6hshUU/jTJHfRgOrLoRlO0hn+aikrQi2efJ5HzaOknE/5rjVX63Y==K3Gm diff --git a/secmem/Makefile.am b/secmem/Makefile.am index 3575faa..e5e0711 100644 --- a/secmem/Makefile.am +++ b/secmem/Makefile.am @@ -7,20 +7,18 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. -# +# # PINENTRY is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA ## Process this file with automake to produce Makefile.in -EXTRA_DIST = Manifest - noinst_LIBRARIES = libsecmem.a libsecmem_a_SOURCES = \ diff --git a/secmem/Manifest b/secmem/Manifest deleted file mode 100644 index a37366d..0000000 --- a/secmem/Manifest +++ /dev/null @@ -1,7 +0,0 @@ -Makefile.am -memory.h -secmem-util.h -secmem.c -util.c -util.h -$names$ iQCVAwUAP+f/RDEAnp832S/7AQIbRQQAzR7UvGOTMl8AWyVgHGQjW5A5fGzRlaEABl+5UpGmzoFGFdP9upHv3Tj0MKETHNRkdOAA5k5QzamDypAr5RINz9rdZPkNPIAtg4csN7Yb6ITJZaH7yLDJcBmhM49a8ZNpDpQeImzpE05cM6TuGVO6NSIrlt9OBhaHfbkpzgr1tI0==6Tyw diff --git a/w32/Makefile.am b/w32/Makefile.am index b2e2f8f..f15e66c 100644 --- a/w32/Makefile.am +++ b/w32/Makefile.am @@ -7,20 +7,18 @@ # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. -# +# # PINENTRY is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA ## Process this file with automake to produce Makefile.in -EXTRA_DIST = Manifest - bin_PROGRAMS = pinentry-w32 AM_CPPFLAGS = -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem \ @@ -36,5 +34,5 @@ pinentry_w32_LDADD = pinentry-w32.o \ pinentry-w32.o: pinentry-w32.rc resource.h - $(WINDRES) -I.. -v -o $@ $< + $(WINDRES) -I.. -v -o $@ $< diff --git a/w32/Manifest b/w32/Manifest deleted file mode 100644 index 85ffc67..0000000 --- a/w32/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -Makefile.am -$names$ commit a616bd9dec00e068185b6b37a35ced4ec12ac5a7 Author: Werner Koch Date: Tue May 5 09:03:30 2015 +0200 pinentry-tty: Fix problem with zero length prompt. * tty/pinentry-tty.c (read_password): Use default prompt also for an empty prompt argument. -- strlen(prompt)-1 is used thus we need to make sure that the length is > 0. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 548c51d..5891697 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -76,7 +76,7 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) } return 0; } - + static int read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) @@ -94,7 +94,7 @@ read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) } prompt = pinentry->prompt; - if (! prompt) + if (! prompt || !*prompt) prompt = "PIN"; fprintf (ttyfo, "%s\n%s%s ", @@ -228,7 +228,7 @@ tty_cmd_handler(pinentry_t pinentry) } do_touch_file (pinentry); } - + if (pinentry->ttyname) { fclose (ttyfi); ----------------------------------------------------------------------- Summary of changes: Manifest | 4 ---- assuan/Manifest | 17 ----------------- curses/Makefile.am | 6 ++---- curses/Manifest | 3 --- gtk/Makefile.am | 6 ++---- gtk/Manifest | 5 ----- pinentry/Manifest | 6 ------ qt/Makefile.am | 4 ++-- qt/Manifest | 9 --------- secmem/Makefile.am | 6 ++---- secmem/Manifest | 7 ------- tty/pinentry-tty.c | 6 +++--- w32/Makefile.am | 8 +++----- w32/Manifest | 2 -- 14 files changed, 14 insertions(+), 75 deletions(-) delete mode 100644 Manifest delete mode 100644 assuan/Manifest delete mode 100644 curses/Manifest delete mode 100644 gtk/Manifest delete mode 100644 pinentry/Manifest delete mode 100644 qt/Manifest delete mode 100644 secmem/Manifest delete mode 100644 w32/Manifest hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 5 22:04:02 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 05 May 2015 22:04:02 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-14-gcbecc6d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via cbecc6d38a86f8fa7c052efab7649be07b5df334 (commit) from da9ec71960fe1257e67f6c282fef432352491945 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cbecc6d38a86f8fa7c052efab7649be07b5df334 Author: Werner Koch Date: Tue May 5 22:02:58 2015 +0200 w32: Minor changes to the dialog. * w32/main.c (set_bitmap): New. (dlg_proc): Show error prompt in red. * w32/pinentry-w32.rc: Add icons and chnage dialog. * w32/logo-128.bmp: New. * w32/logo-32.bmp: New. * w32/logo-48.bmp: New. * w32/logo-64.bmp: New. * w32/logo-96.bmp: New. -- The logos need some manual tweaking. Due to the scaling a gradient is used for the circle and Windows shows white ugly white spots. This can be avoided by using a a palette with less colors but I found no easy way to do that in gimp. When using less than 256 index the transparency feature does not work correctly. diff --git a/w32/Makefile.am b/w32/Makefile.am index f15e66c..677dd6a 100644 --- a/w32/Makefile.am +++ b/w32/Makefile.am @@ -19,6 +19,10 @@ ## Process this file with automake to produce Makefile.in +logos = logo-32.bmp logo-48.bmp logo-64.bmp logo-96.bmp logo-128.bmp + +EXTRA_DIST = $(logos) + bin_PROGRAMS = pinentry-w32 AM_CPPFLAGS = -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem \ @@ -33,6 +37,6 @@ pinentry_w32_LDADD = pinentry-w32.o \ ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a -pinentry-w32.o: pinentry-w32.rc resource.h +pinentry-w32.o: pinentry-w32.rc resource.h $(logos) $(WINDRES) -I.. -v -o $@ $< diff --git a/w32/logo-128.bmp b/w32/logo-128.bmp new file mode 100644 index 0000000..883475b Binary files /dev/null and b/w32/logo-128.bmp differ diff --git a/w32/logo-32.bmp b/w32/logo-32.bmp new file mode 100644 index 0000000..38d6018 Binary files /dev/null and b/w32/logo-32.bmp differ diff --git a/w32/logo-48.bmp b/w32/logo-48.bmp new file mode 100644 index 0000000..53c6274 Binary files /dev/null and b/w32/logo-48.bmp differ diff --git a/w32/logo-64.bmp b/w32/logo-64.bmp new file mode 100644 index 0000000..7d4ca29 Binary files /dev/null and b/w32/logo-64.bmp differ diff --git a/w32/logo-96.bmp b/w32/logo-96.bmp new file mode 100644 index 0000000..f0496c8 Binary files /dev/null and b/w32/logo-96.bmp differ diff --git a/w32/main.c b/w32/main.c index fee37c1..8c19cb2 100644 --- a/w32/main.c +++ b/w32/main.c @@ -19,7 +19,9 @@ #include #include #include -#define WINVER 0x0403 /* Required for SendInput. */ +#if WINVER < 0x0403 +# define WINVER 0x0403 /* Required for SendInput. */ +#endif #include #ifdef HAVE_W32CE_SYSTEM # include @@ -370,12 +372,59 @@ set_dlg_item_text (HWND dlg, int item, const char *string) } +/* Load our butmapped icon from the resource and display it. */ +static void +set_bitmap (HWND dlg, int item) +{ + HWND hwnd; + HBITMAP bitmap; + RECT rect; + int resid; + + hwnd = GetDlgItem (dlg, item); + if (!hwnd) + return; + + rect.left = 0; + rect.top = 0; + rect.right = 32; + rect.bottom = 32; + if (!MapDialogRect (dlg, &rect)) + { + fprintf (stderr, "MapDialogRect failed: %s\n", w32_strerror (-1)); + return; + } + /* fprintf (stderr, "MapDialogRect: %d/%d\n", rect.right, rect.bottom); */ + + switch (rect.right) + { + case 32: resid = IDB_ICON_32; break; + case 48: resid = IDB_ICON_48; break; + case 64: resid = IDB_ICON_64; break; + case 96: resid = IDB_ICON_96; break; + default: resid = IDB_ICON_128;break; + } + + bitmap = LoadImage (GetModuleHandle (NULL), + MAKEINTRESOURCE (resid), + IMAGE_BITMAP, + rect.right, rect.bottom, + (LR_SHARED | LR_LOADTRANSPARENT | LR_LOADMAP3DCOLORS)); + if (!bitmap) + { + fprintf (stderr, "LoadImage failed: %s\n", w32_strerror (-1)); + return; + } + SendMessage(hwnd, STM_SETIMAGE, (WPARAM)IMAGE_BITMAP, (LPARAM)bitmap); +} + + /* Dialog processing loop. */ static BOOL CALLBACK dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) { static pinentry_t pe; - static int item; + /* static int item; */ /* { */ @@ -400,6 +449,7 @@ dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) set_dlg_item_text (dlg, IDC_PINENT_PROMPT, pe->prompt); set_dlg_item_text (dlg, IDC_PINENT_DESC, pe->description); set_dlg_item_text (dlg, IDC_PINENT_TEXT, ""); + set_bitmap (dlg, IDC_PINENT_ICON); if (pe->ok) { set_dlg_item_text (dlg, IDOK, pe->ok); @@ -419,10 +469,10 @@ dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) SetWindowPos (GetDlgItem (dlg, IDC_PINENT_TEXT), NULL, 0, 0, 0, 0, (SWP_NOMOVE|SWP_NOSIZE|SWP_NOZORDER|SWP_HIDEWINDOW)); - item = IDOK; + /* item = IDOK; */ } - else - item = IDC_PINENT_TEXT; + /* else */ + /* item = IDC_PINENT_TEXT; */ center_window (dlg, HWND_TOP); @@ -471,6 +521,16 @@ dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) } break; + case WM_CTLCOLORSTATIC: + if ((HWND)lparam == GetDlgItem (dlg, IDC_PINENT_ERR)) + { + /* Display the error prompt in red. */ + SetTextColor ((HDC)wparam, RGB (255, 0, 0)); + SetBkMode ((HDC)wparam, TRANSPARENT); + return (BOOL)GetStockObject (NULL_BRUSH); + } + break; + } return FALSE; } diff --git a/w32/pinentry-w32.rc b/w32/pinentry-w32.rc index efde843..e46ad74 100755 --- a/w32/pinentry-w32.rc +++ b/w32/pinentry-w32.rc @@ -45,19 +45,30 @@ END #else /* Standard Windows. */ -IDD_PINENT DIALOG DISCARDABLE 0, 0, 186, 125 +IDB_ICON_32 BITMAP DISCARDABLE "logo-32.bmp" +IDB_ICON_48 BITMAP DISCARDABLE "logo-48.bmp" +IDB_ICON_64 BITMAP DISCARDABLE "logo-64.bmp" +IDB_ICON_96 BITMAP DISCARDABLE "logo-96.bmp" +IDB_ICON_128 BITMAP DISCARDABLE "logo-128.bmp" + +IDD_PINENT DIALOG DISCARDABLE 0, 0, 186, 116 STYLE DS_MODALFRAME | DS_SYSMODAL | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "Pinentry" -FONT 8, "MS Shell Dlg" +FONT 10, "MS Sans Serif" BEGIN - LTEXT "", IDC_PINENT_DESC, 6, 6, 152, 40 - EDITTEXT IDC_PINENT_TEXT, 71, 56, 107, 12, ES_PASSWORD | ES_AUTOHSCROLL - DEFPUSHBUTTON "O&K", IDOK, 77, 100, 50, 14 - PUSHBUTTON "&Cancel", IDCANCEL, 132, 100, 50, 14 - LTEXT "", IDC_PINENT_PROMPT, 6, 56, 64, 12 - LTEXT "", IDC_PINENT_ERR, 6, 82, 170, 9 + CONTROL "", IDC_PINENT_ICON, + "Static", SS_BITMAP|SS_CENTERIMAGE, + 4, 6, 32, 32 + LTEXT "", IDC_PINENT_DESC, 40, 6, 140, 50 + RTEXT "", IDC_PINENT_PROMPT, 6, 60, 60, 12 + EDITTEXT IDC_PINENT_TEXT, 70, 59, 110, 12, ES_PASSWORD | ES_AUTOHSCROLL + CTEXT "", IDC_PINENT_ERR, 6, 76, 174, 12 + DEFPUSHBUTTON "O&K", IDOK, 74, 96, 50, 14 + PUSHBUTTON "&Cancel", IDCANCEL, 130, 96, 50, 14 END + + #endif /* Standard Windows. */ diff --git a/w32/resource.h b/w32/resource.h index b5b77ae..a8a285e 100644 --- a/w32/resource.h +++ b/w32/resource.h @@ -1,6 +1,6 @@ -/* resource.h +/* resource.h * Copyright 2004 g10 Code GmbH - * + * * This file is free software; as a special exception the author gives * unlimited permission to copy and/or distribute it, with or without * modifications, as long as this notice is preserved. @@ -15,3 +15,10 @@ #define IDC_PINENT_DESC 1000 #define IDC_PINENT_ERR 1001 #define IDC_PINENT_PROMPT 1002 +#define IDC_PINENT_ICON 1003 + +#define IDB_ICON_32 3101 +#define IDB_ICON_48 3102 +#define IDB_ICON_64 3103 +#define IDB_ICON_96 3104 +#define IDB_ICON_128 3105 ----------------------------------------------------------------------- Summary of changes: w32/Makefile.am | 6 ++++- w32/logo-128.bmp | Bin 0 -> 8262 bytes w32/logo-32.bmp | Bin 0 -> 582 bytes w32/logo-48.bmp | Bin 0 -> 1222 bytes w32/logo-64.bmp | Bin 0 -> 4738 bytes w32/logo-96.bmp | Bin 0 -> 4678 bytes w32/main.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++---- w32/pinentry-w32.rc | 27 ++++++++++++++------ w32/resource.h | 11 +++++++-- 9 files changed, 98 insertions(+), 16 deletions(-) create mode 100644 w32/logo-128.bmp create mode 100644 w32/logo-32.bmp create mode 100644 w32/logo-48.bmp create mode 100644 w32/logo-64.bmp create mode 100644 w32/logo-96.bmp hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 6 14:52:04 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 06 May 2015 14:52:04 +0200 Subject: [git] GnuPG - branch, neal/next, created. gnupg-2.1.3-25-ge9f7a8d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, neal/next has been created at e9f7a8d9dfa37c4980fec16527a3ee3db75e8c5c (commit) - Log ----------------------------------------------------------------- commit e9f7a8d9dfa37c4980fec16527a3ee3db75e8c5c Author: Neal H. Walfield Date: Wed May 6 14:50:38 2015 +0200 agent: Or in the value; don't overwrite the variable. * agent/call-pinentry.c (pinentry_status_cb): Or in PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG. -- Signed-off-by: Neal H. Walfield diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index d24a759..9253866 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -727,7 +727,7 @@ pinentry_status_cb (void *opaque, const char *line) if ((args = has_leading_keyword (line, "BUTTON_INFO"))) { if (!strcmp (args, "close")) - *flag = PINENTRY_STATUS_CLOSE_BUTTON; + *flag |= PINENTRY_STATUS_CLOSE_BUTTON; } else if (has_leading_keyword (line, "PIN_REPEATED")) { commit 8a028a02411f85f6c3a2d7f407400150a5e3934d Author: Neal H. Walfield Date: Wed May 6 14:35:22 2015 +0200 agent: Avoid magic numbers. Use more accurate names. * agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant. (PINENTRY_STATUS_PIN_REPEATED): Likewise. (close_button_status_cb): Rename from this... (pinentry_status_cb): ... to this. Use the constants. (agent_askpin): Rename local variable from close_button to pinentry_status. Use symbolic constants rather than magic numbers. -- Signed-off-by: Neal H. Walfield diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index d3a0547..d24a759 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -710,11 +710,16 @@ setup_qualitybar (void) return 0; } +enum + { + PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, + PINENTRY_STATUS_PIN_REPEATED = 1 << 8 + }; /* Check the button_info line for a close action. Also check for the PIN_REPEATED flag. */ static gpg_error_t -close_button_status_cb (void *opaque, const char *line) +pinentry_status_cb (void *opaque, const char *line) { unsigned int *flag = opaque; const char *args; @@ -722,11 +727,11 @@ close_button_status_cb (void *opaque, const char *line) if ((args = has_leading_keyword (line, "BUTTON_INFO"))) { if (!strcmp (args, "close")) - *flag = 1; + *flag = PINENTRY_STATUS_CLOSE_BUTTON; } else if (has_leading_keyword (line, "PIN_REPEATED")) { - *flag |= 256; + *flag |= PINENTRY_STATUS_PIN_REPEATED; } return 0; @@ -752,7 +757,7 @@ agent_askpin (ctrl_t ctrl, const char *errtext = NULL; int is_pin = 0; int saveflag; - unsigned int close_button; + unsigned int pinentry_status; if (opt.batch) return 0; /* fixme: we should return BAD PIN */ @@ -901,10 +906,10 @@ agent_askpin (ctrl_t ctrl, saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); - close_button = 0; + pinentry_status = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, inq_quality, entry_ctx, - close_button_status_cb, &close_button); + pinentry_status_cb, &pinentry_status); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and @@ -916,7 +921,8 @@ agent_askpin (ctrl_t ctrl, /* Change error code in case the window close button was clicked to cancel the operation. */ - if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED) + if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON) + && gpg_err_code (rc) == GPG_ERR_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA) @@ -954,7 +960,8 @@ agent_askpin (ctrl_t ctrl, if (!errtext) { - if (pininfo->with_repeat && (close_button & 256)) + if (pininfo->with_repeat + && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED)) pininfo->repeat_okay = 1; return unlock_pinentry (0); /* okay, got a PIN or passphrase */ } @@ -978,7 +985,7 @@ agent_get_passphrase (ctrl_t ctrl, char line[ASSUAN_LINELENGTH]; struct entry_parm_s parm; int saveflag; - unsigned int close_button; + unsigned int pinentry_status; *retpass = NULL; if (opt.batch) @@ -1055,10 +1062,10 @@ agent_get_passphrase (ctrl_t ctrl, saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); - close_button = 0; + pinentry_status = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, inq_quality, entry_ctx, - close_button_status_cb, &close_button); + pinentry_status_cb, &pinentry_status); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and @@ -1067,7 +1074,8 @@ agent_get_passphrase (ctrl_t ctrl, rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); /* Change error code in case the window close button was clicked to cancel the operation. */ - if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED) + if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON) + && gpg_err_code (rc) == GPG_ERR_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); if (rc) ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 6 15:27:43 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 06 May 2015 15:27:43 +0200 Subject: [git] GnuPG - branch, neal/next, updated. gnupg-2.1.3-27-geac873b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, neal/next has been updated via eac873b88bfb52055a3f684792d6691b2112caa7 (commit) via 8f07d6af9c01e6f34514f07258bcb61cc74f1806 (commit) from e9f7a8d9dfa37c4980fec16527a3ee3db75e8c5c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eac873b88bfb52055a3f684792d6691b2112caa7 Author: Neal H. Walfield Date: Wed May 6 15:27:23 2015 +0200 agent: Improve some comments. -- Signed-off-by: Neal H. Walfield diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 8c6fd08..77b1739 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -47,8 +47,8 @@ /* Because access to the pinentry must be serialized (it is and shall - be a global mutual dialog) we should better timeout further - requests after some time. 2 minutes seem to be a reasonable + be a global mutually exclusive dialog) we better timeout pending + requests after some time. 1 minute seem to be a reasonable time. */ #define LOCK_TIMEOUT (1*60) @@ -279,8 +279,8 @@ start_pinentry (ctrl_t ctrl) log_error ("error flushing pending output: %s\n", strerror (errno)); /* At least Windows XP fails here with EBADF. According to docs and Wine an fflush(NULL) is the same as _flushall. However - the Wime implementaion does not flush stdin,stdout and stderr - - see above. Lets try to ignore the error. */ + the Wine implementaion does not flush stdin,stdout and stderr + - see above. Let's try to ignore the error. */ #ifndef HAVE_W32_SYSTEM return unlock_pinentry (tmperr); #endif @@ -490,7 +490,7 @@ start_pinentry (ctrl_t ctrl) } -/* Returns True is the pinentry is currently active. If WAITSECONDS is +/* Returns True if the pinentry is currently active. If WAITSECONDS is greater than zero the function will wait for this many seconds before returning. */ int @@ -564,7 +564,7 @@ all_digitsp( const char *s) /* Return a new malloced string by unescaping the string S. Escaping is percent escaping and '+'/space mapping. A binary Nul will silently be replaced by a 0xFF. Function returns NULL to indicate - an out of memory status. PArsing stops at the end of the string or + an out of memory status. Parsing stops at the end of the string or a white space character. */ static char * unescape_passphrase_string (const unsigned char *s) @@ -747,7 +747,7 @@ pinentry_status_cb (void *opaque, const char *line) /* Call the Entry and ask for the PIN. We do check for a valid PIN number here and repeat it as long as we have invalid formed - numbers. KEYINFO and CACHEMODE are used to tell pinentry something + numbers. KEYINFO and CACHE_MODE are used to tell pinentry something about the key. */ int agent_askpin (ctrl_t ctrl, commit 8f07d6af9c01e6f34514f07258bcb61cc74f1806 Author: Neal H. Walfield Date: Wed May 6 15:20:32 2015 +0200 agent: Improve support for externally cached passwords. * agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New constant. (pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was provided. (agent_askpin): Pass "OPTION allow-external-password-cache" to the pinentry. Always pass SETKEYINFO to the pinentry. If there is no stable identifier, then use "--clear". If the password is incorrect and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS, then decrement PININFO->FAILED_TRIES. -- Signed-off-by: Neal H. Walfield diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 9253866..8c6fd08 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -713,7 +713,8 @@ setup_qualitybar (void) enum { PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, - PINENTRY_STATUS_PIN_REPEATED = 1 << 8 + PINENTRY_STATUS_PIN_REPEATED = 1 << 8, + PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9 }; /* Check the button_info line for a close action. Also check for the @@ -733,6 +734,10 @@ pinentry_status_cb (void *opaque, const char *line) { *flag |= PINENTRY_STATUS_PIN_REPEATED; } + else if (has_leading_keyword (line, "PASSWORD_FROM_CACHE")) + { + *flag |= PINENTRY_STATUS_PASSWORD_FROM_CACHE; + } return 0; } @@ -809,23 +814,36 @@ agent_askpin (ctrl_t ctrl, if (rc) return rc; - /* If we have a KYEINFO string and are normal, user, or ssh cache + /* Indicate to the pinentry that it may read from an external cache. + + It is essential that the pinentry respect this. If the cached + password is not up to date and retry == 1, then, using a version + of GPG Agent that doesn't support this, won't issue another pin + request and the user won't get a chance to correct the + password. */ + rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) + return unlock_pinentry (rc); + + /* If we have a KEYINFO string and are normal, user, or ssh cache mode, we tell that the Pinentry so it may use it for own caching purposes. Most pinentries won't have this implemented and thus we do not error out in this case. */ if (keyinfo && (cache_mode == CACHE_MODE_NORMAL || cache_mode == CACHE_MODE_USER || cache_mode == CACHE_MODE_SSH)) - { - snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s", - cache_mode == CACHE_MODE_USER? 'u' : - cache_mode == CACHE_MODE_SSH? 's' : 'n', - keyinfo); - rc = assuan_transact (entry_ctx, line, - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); - } + snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s", + cache_mode == CACHE_MODE_USER? 'u' : + cache_mode == CACHE_MODE_SSH? 's' : 'n', + keyinfo); + else + snprintf (line, DIM(line)-1, "SETKEYINFO --clear"); + + rc = assuan_transact (entry_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) + return unlock_pinentry (rc); snprintf (line, DIM(line)-1, "SETDESC %s", desc_text); line[DIM(line)-1] = 0; @@ -965,6 +983,11 @@ agent_askpin (ctrl_t ctrl, pininfo->repeat_okay = 1; return unlock_pinentry (0); /* okay, got a PIN or passphrase */ } + + if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) + /* The password was read from the cache. Don't count this + against the retry count. */ + pininfo->failed_tries --; } return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN ----------------------------------------------------------------------- Summary of changes: agent/call-pinentry.c | 61 +++++++++++++++++++++++++++++++++++---------------- 1 file changed, 42 insertions(+), 19 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 11:32:08 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 07 May 2015 11:32:08 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-15-gaaec7c7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via aaec7c7c50adfb51510962a14c0fa2179a34a01e (commit) from cbecc6d38a86f8fa7c052efab7649be07b5df334 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit aaec7c7c50adfb51510962a14c0fa2179a34a01e Author: Neal H. Walfield Date: Thu May 7 11:31:01 2015 +0200 Align secmem_realloc behavior with realloc's. * secmem/secmem.c (secmem_realloc): If passed a NULL pointer, then call secmem_malloc instead of crashing. diff --git a/secmem/secmem.c b/secmem/secmem.c index fed7e97..c5da0b5 100644 --- a/secmem/secmem.c +++ b/secmem/secmem.c @@ -1,5 +1,6 @@ /* secmem.c - memory allocation from a secure heap * Copyright (C) 1998, 1999, 2003 Free Software Foundation, Inc. + * Copyright (C) 2015 g10 Code GmbH * * This file is part of GnuPG. * @@ -373,6 +374,9 @@ secmem_realloc( void *p, size_t newsize ) size_t size; void *a; + if (! p) + return secmem_malloc(newsize); + mb = (MEMBLOCK*)((char*)p - ((size_t) &((MEMBLOCK*)0)->u.aligned.c)); size = mb->size; if( newsize < size ) ----------------------------------------------------------------------- Summary of changes: secmem/secmem.c | 4 ++++ 1 file changed, 4 insertions(+) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 12:08:00 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 07 May 2015 12:08:00 +0200 Subject: [git] Pinentry - branch, neal/next, created. pinentry-0.9.1-16-g5b7201d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, neal/next has been created at 5b7201d27a29ce8f5bbe8f3e14d8516381d29cab (commit) - Log ----------------------------------------------------------------- commit 5b7201d27a29ce8f5bbe8f3e14d8516381d29cab Author: Neal H. Walfield Date: Thu May 7 12:07:29 2015 +0200 Add support for libsecret. diff --git a/configure.ac b/configure.ac index 646bc32..56fde1a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac # Copyright (C) 1999 Robert Bihlmeyer -# Copyright (C) 2001, 2002, 2003, 2004, 2007 g10 Code GmbH +# Copyright (C) 2001, 2002, 2003, 2004, 2007, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -167,6 +167,12 @@ dnl Checks for library functions. AC_CHECK_FUNCS(seteuid stpcpy mmap) GNUPG_CHECK_MLOCK +# Common libraries and cflags. +COMMON_CFLAGS= +COMMON_LIBS= +AC_SUBST(COMMON_CFLAGS) +AC_SUBST(COMMON_LIBS) + dnl Checks for libassuan. dnl -> None required becuase we use a stripped down version of libassuan. @@ -310,6 +316,47 @@ if test "$pinentry_gtk_2" != "no"; then fi AM_CONDITIONAL(BUILD_PINENTRY_GTK_2, test "$pinentry_gtk_2" = "yes") +dnl +dnl Check for libsecret. +dnl +AC_ARG_ENABLE(libsecret, + AC_HELP_STRING([--enable-libsecret], + [optionally cache passphrases using libsecret]), + libsecret=$enableval, libsecret=maybe) + +dnl check for pkg-config +if test "$libsecret" != "no"; then + AC_PATH_PROG(PKG_CONFIG, pkg-config, no) + if test x"${PKG_CONFIG}" = xno ; then + libsecret=no + fi +fi + +dnl check if the module libsecret exists +if test "$libsecret" != "no"; then + AC_MSG_CHECKING([for libsecret]) + "${PKG_CONFIG}" --exists 'libsecret-1' + if test $? -ne 0 ; then + AC_MSG_RESULT([no]) + AC_MSG_WARN([pkg-config could not find the modules libsecret-1]) + libsecret=no + else + AC_MSG_RESULT([yes]) + LIBSECRET_CFLAGS=`"${PKG_CONFIG}" --cflags 'libsecret-1'` + LIBSECRET_LIBS=`"${PKG_CONFIG}" --libs 'libsecret-1'` + AC_SUBST(LIBSECRET_CFLAGS) + AC_SUBST(LIBSECRET_LIBS) + libsecret=yes + fi +fi +AM_CONDITIONAL(BUILD_WITH_LIBSECRET, test "$libsecret" = "yes") +if test "$libsecret" = "yes"; then + AC_DEFINE(HAVE_LIBSECRET, 1, + [The pinentries should optionally cache the passphrase using libsecret.]) + + COMMON_CFLAGS="$COMMON_CFLAGS $LIBSECRET_CFLAGS" + COMMON_LIBS="$COMMON_LIBS $LIBSECRET_LIBS" +fi dnl dnl Check for Qt4 pinentry program. @@ -453,5 +500,7 @@ AC_MSG_NOTICE([ Fallback to Curses: $fallback_curses + libsecret ........: $libsecret + Default Pinentry .: $PINENTRY_DEFAULT ]) diff --git a/curses/Makefile.am b/curses/Makefile.am index 404a8ed..e8ea031 100644 --- a/curses/Makefile.am +++ b/curses/Makefile.am @@ -1,5 +1,5 @@ # Makefile.am - PIN entry curses frontend. -# Copyright (C) 2002 g10 Code GmbH +# Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -21,8 +21,9 @@ bin_PROGRAMS = pinentry-curses -AM_CPPFLAGS = $(NCURSES_INCLUDE) -I$(top_srcdir)/pinentry -LDADD = ../pinentry/libpinentry.a ../pinentry/libpinentry-curses.a \ +AM_CPPFLAGS = $(COMMON_CFLAGS) $(NCURSES_INCLUDE) -I$(top_srcdir)/pinentry +LDADD = $(COMMON_LIBS) \ + ../pinentry/libpinentry.a ../pinentry/libpinentry-curses.a \ ../assuan/libassuan.a ../secmem/libsecmem.a \ $(LIBCAP) $(LIBCURSES) $(LIBICONV) diff --git a/doc/pinentry.texi b/doc/pinentry.texi index fb4017e..2a8088e 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -414,6 +414,40 @@ strings. The strings are subject to accelerator marking, see SETPROMPT for details. + at item Passphrase caching + +Some environments, such as GNOME, cache passwords and passphrases. +The @pinentry{} should only use an external cache if the + at code{allow-external-password-cache} option was set and a stable key +identifier (using SETKEYINFO) was provided. In this case, if the +passphrase was read from the cache, the @pinentry{} should send the + at code{PASSWORD_FROM_CACHE} status message before returning the +passphrase. This indicates to GPG Agent that it should not increment +the passphrase retry counter. + + at example + C: OPTION allow-external-password-cache + S: OK + C: SETKEYINFO bar + S: OK + C: getpin + S: S PASSWORD_FROM_CACHE + S: D 1234 + C: OK + at end example + +Note: if @code{allow-external-password-cache} is not specified, an +external password cache must not be used: this can lead to subtle +bugs. In particular, if this option is not specified, then GPG Agent +does not recognize the @code{PASSWORD_FROM_CACHE} status message and +will count trying a cached password against the password retry count. +If the password retry count is 1, then the user will never have the +opportunity to correct the cached password. + +Note: it is strongly recommended that a pinentry supporting this +feature provide the user an option to enable it manually. That is, +saving a passphrase in an external password manager should be opt-in. + @end table @c --------------------------------------------------------------------- diff --git a/gtk+-2/Makefile.am b/gtk+-2/Makefile.am index 94346c0..c98139f 100644 --- a/gtk+-2/Makefile.am +++ b/gtk+-2/Makefile.am @@ -1,5 +1,5 @@ # Makefile.am - PIN entry GTK+ frontend. -# Copyright (C) 2002 g10 Code GmbH +# Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -29,9 +29,10 @@ ncurses_include = libcurses = endif -AM_CPPFLAGS = $(GTK2CFLAGS) $(ncurses_include) \ +AM_CPPFLAGS = $(COMMON_CFLAGS) $(GTK2CFLAGS) $(ncurses_include) \ -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry -LDADD = ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ +LDADD = $(COMMON_LIBS) \ + ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ $(LIBCAP) $(GTK2LIBS) $(libcurses) pinentry_gtk_2_SOURCES = pinentry-gtk-2.c \ diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index b3698c0..0180bb1 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -1,6 +1,6 @@ /* pinentry-gtk-2.c Copyright (C) 1999 Robert Bihlmeyer - Copyright (C) 2001, 2002, 2007 g10 Code GmbH + Copyright (C) 2001, 2002, 2007, 2015 g10 Code GmbH Copyright (C) 2004 by Albrecht Dre? pinentry-gtk-2 is a pinentry application for the Gtk+-2 widget set. @@ -328,6 +328,18 @@ changed_text_handler (GtkWidget *widget) } +static void +may_save_passphrase_toggled (GtkWidget *widget, gpointer data) +{ + GtkToggleButton *button = GTK_TOGGLE_BUTTON (widget); + pinentry_t ctx = (pinentry_t) data; + + ctx->may_cache_password = gtk_toggle_button_get_active (button); + + printf("may cache password: %d\n", ctx->may_cache_password); +} + + static gboolean timeout_cb (gpointer data) { @@ -339,7 +351,7 @@ timeout_cb (gpointer data) static GtkWidget * -create_window (int confirm_mode) +create_window (pinentry_t ctx, int confirm_mode) { GtkWidget *w; GtkWidget *win, *box; @@ -552,6 +564,19 @@ create_window (int confirm_mode) gtk_box_set_spacing (GTK_BOX (bbox), 6); gtk_box_pack_start (GTK_BOX (wvbox), bbox, TRUE, FALSE, 0); + if (ctx->allow_external_password_cache && ctx->keyinfo) + /* Only show this if we can cache passwords and we have a stable + key identifier. */ + { + w = gtk_check_button_new_with_label ("Save passphrase using libsecret"); + gtk_box_pack_start (GTK_BOX (box), w, TRUE, FALSE, 0); + gtk_widget_show (w); + + g_signal_connect (G_OBJECT (w), "toggled", + G_CALLBACK (may_save_passphrase_toggled), + (gpointer) ctx); + } + if (!pinentry->one_button) { if (pinentry->cancel) @@ -661,7 +686,7 @@ gtk_cmd_handler (pinentry_t pe) pinentry = pe; confirm_value = CONFIRM_CANCEL; passphrase_ok = 0; - w = create_window (want_pass ? 0 : 1); + w = create_window (pe, want_pass ? 0 : 1); gtk_main (); gtk_widget_destroy (w); while (gtk_events_pending ()) diff --git a/pinentry/Makefile.am b/pinentry/Makefile.am index c3926b2..7fbbab6 100644 --- a/pinentry/Makefile.am +++ b/pinentry/Makefile.am @@ -1,5 +1,5 @@ # Pinentry support library Makefile -# Copyright (C) 2002 g10 Code GmbH +# Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -29,7 +29,9 @@ endif noinst_LIBRARIES = libpinentry.a $(pinentry_curses) -AM_CPPFLAGS = -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem +LDADD = $(COMMON_LIBS) +AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem -libpinentry_a_SOURCES = pinentry.h pinentry.c argparse.c argparse.h +libpinentry_a_SOURCES = pinentry.h pinentry.c argparse.c argparse.h \ + password-cache.h password-cache.c libpinentry_curses_a_SOURCES = pinentry-curses.h pinentry-curses.c diff --git a/pinentry/password-cache.c b/pinentry/password-cache.c new file mode 100644 index 0000000..8dfcd42 --- /dev/null +++ b/pinentry/password-cache.c @@ -0,0 +1,131 @@ +/* password-cache.c - Password cache support. + Copyright (C) 2015 g10 Code GmbH + + This file is part of PINENTRY. + + PINENTRY is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + PINENTRY is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include +#include +#include + +#ifdef HAVE_LIBSECRET +# include +#endif + +#include "password-cache.h" +#include "memory.h" + +#ifdef HAVE_LIBSECRET +static const SecretSchema * +gpg_schema (void) +{ + static const SecretSchema the_schema = { + "org.gnupg.Password", SECRET_SCHEMA_NONE, + { + { "keyid", SECRET_SCHEMA_ATTRIBUTE_STRING }, + { "NULL", 0 }, + } + }; + return &the_schema; +} +#endif + +static char * +keyid_to_label (const char *keyid) +{ + char *label = NULL; + if (asprintf(&label, "GPG: %s", keyid) < 0) + return NULL; + return label; +} + +void +password_cache_save (const char *keyid, const char *password) +{ +#ifdef HAVE_LIBSECRET + char *label; + GError *error = NULL; + + if (! *keyid) + return; + + label = keyid_to_label (keyid); + if (! label) + return; + + if (! secret_password_store_sync (gpg_schema (), + SECRET_COLLECTION_DEFAULT, + label, password, NULL, &error, + "keyid", keyid, NULL)) + { + printf("Failed to cache password for key %s with secret service: %s\n", + keyid, error->message); + + g_error_free (error); + } + + free (label); +#else + return; +#endif +} + +char * +password_cache_lookup (const char *keyid) +{ +#ifdef HAVE_LIBSECRET + GError *error = NULL; + char *password; + char *password2; + + if (! *keyid) + return NULL; + + password = secret_password_lookup_nonpageable_sync + (gpg_schema (), NULL, &error, + "keyid", keyid, NULL); + + if (error != NULL) + { + printf("Failed to lookup password for key %s with secret service: %s\n", + keyid, error->message); + g_error_free (error); + return NULL; + } + if (! password) + /* The password for this key is not cached. Just return NULL. */ + { + return NULL; + } + + /* The password needs to be returned in secmem allocated memory. */ + password2 = secmem_malloc (strlen (password) + 1); + if (password2) + strcpy(password2, password); + else + printf("secmem_malloc failed: can't copy password!\n"); + + secret_password_free (password); + + return password2; +#else + return NULL; +#endif +} diff --git a/pinentry/password-cache.h b/pinentry/password-cache.h new file mode 100644 index 0000000..636e799 --- /dev/null +++ b/pinentry/password-cache.h @@ -0,0 +1,27 @@ +/* password-cache.h - Password cache support interfaces. + Copyright (C) 2015 g10 Code GmbH + + This file is part of PINENTRY. + + PINENTRY is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + PINENTRY is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . + */ + +#ifndef PASSWORD_CACHE_H +#define PASSWORD_CACHE_H + +void password_cache_save (const char *keyid, const char *password); + +char *password_cache_lookup (const char *keyid); + +#endif diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 04de1aa..e97cb9d 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -47,6 +47,7 @@ #include "secmem-util.h" #include "argparse.h" #include "pinentry.h" +#include "password-cache.h" #ifdef HAVE_W32CE_SYSTEM #define getpid() GetCurrentProcessId () @@ -67,6 +68,7 @@ struct pinentry pinentry = NULL, /* Cancel button. */ NULL, /* PIN. */ 2048, /* PIN length. */ + 0, /* pin_from_cache. */ 0, /* Display. */ 0, /* TTY name. */ 0, /* TTY type. */ @@ -98,9 +100,12 @@ struct pinentry pinentry = NULL, /* default_ok */ NULL, /* default_cancel */ NULL, /* default_prompt */ + 0, /* allow_external_password_cache. */ + 0, /* tried_password_cached. */ + NULL, /* keyinfo */ + 0, /* may_cache_password. */ NULL /* Assuan context. */ }; - #if defined FALLBACK_CURSES || defined PINENTRY_CURSES || defined PINENTRY_GTK char * @@ -711,6 +716,11 @@ option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value) if (!pinentry.default_prompt) return ASSUAN_Out_Of_Core; } + else if (!strcmp (key, "allow-external-password-cache") && !*value) + { + pinentry.allow_external_password_cache = 1; + pinentry.tried_password_cache = 0; + } else return ASSUAN_Invalid_Option; return 0; @@ -772,13 +782,20 @@ cmd_setprompt (ASSUAN_CONTEXT ctx, char *line) /* The data provided at LINE may be used by pinentry implementations - to identify a key for caching strategies of its own. As of now - this is here only for documentation purposes. */ + to identify a key for caching strategies of its own. The empty + string and --clear mean that the key does not have a stable + identifier. */ static int cmd_setkeyinfo (ASSUAN_CONTEXT ctx, char *line) { - (void)ctx; - (void)line; + if (pinentry.keyinfo) + free (pinentry.keyinfo); + + if (*line && strcmp(line, "--clear") != 0) + pinentry.keyinfo = strdup (line); + else + pinentry.keyinfo = NULL; + return 0; } @@ -949,16 +966,62 @@ cmd_setqualitybar_tt (ASSUAN_CONTEXT ctx, char *line) return 0; } - static int cmd_getpin (ASSUAN_CONTEXT ctx, char *line) { int result; int set_prompt = 0; + int just_read_password_from_cache = 0; pinentry.pin = secmem_malloc (pinentry.pin_len); if (!pinentry.pin) return ASSUAN_Out_Of_Core; + + /* Try reading from the password cache. */ + if (/* If repeat passphrase is set, then we don't want to read from + the cache. */ + ! pinentry.repeat_passphrase + /* Are we allowed to read from the cache? */ + && pinentry.allow_external_password_cache + && pinentry.keyinfo + /* Only read from the cache if we haven't already tried it. */ + && ! pinentry.tried_password_cache) + { + char *password; + + pinentry.tried_password_cache = 1; + + password = password_cache_lookup (pinentry.keyinfo); + if (password) + /* There is a cached password. Try it. */ + { + int len = strlen(password) + 1; + if (len > pinentry.pin_len) + len = pinentry.pin_len; + + memcpy (pinentry.pin, password, len); + pinentry.pin[len] = '\0'; + + secmem_free (password); + + pinentry.pin_from_cache = 1; + + assuan_write_status (ctx, "PASSWORD_FROM_CACHE", ""); + + /* Result is the length of the password not including the + NUL terminator. */ + result = len - 1; + + just_read_password_from_cache = 1; + + goto out; + } + } + + /* The password was not cached (or we are not allowed to / cannot + use the cache). Prompt the user. */ + pinentry.pin_from_cache = 0; + if (!pinentry.prompt) { pinentry.prompt = pinentry.default_prompt?pinentry.default_prompt:"PIN:"; @@ -999,6 +1062,7 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) return pinentry.locale_err? ASSUAN_Locale_Problem: ASSUAN_Canceled; } + out: if (result) { if (pinentry.repeat_okay) @@ -1006,6 +1070,15 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) result = assuan_send_data (ctx, pinentry.pin, result); if (!result) result = assuan_send_data (ctx, NULL, 0); + + if (/* GPG Agent says it's okay. */ + pinentry.allow_external_password_cache && pinentry.keyinfo + /* We didn't just read it from the cache. */ + && ! just_read_password_from_cache + /* And the user said it's okay. */ + && pinentry.may_cache_password) + /* Cache the password. */ + password_cache_save (pinentry.keyinfo, pinentry.pin); } if (pinentry.pin) diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index 6787130..6c61296 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -1,5 +1,5 @@ /* pinentry.h - The interface for the PIN entry support library. - Copyright (C) 2002, 2003, 2010 g10 Code GmbH + Copyright (C) 2002, 2003, 2010, 2015 g10 Code GmbH This file is part of PINENTRY. @@ -57,6 +57,9 @@ struct pinentry char *pin; /* The length of the buffer. */ int pin_len; + /* Whether the pin was read from an external cache (1) or entered by + the user (0). */ + int pin_from_cache; /* The name of the X display to use if X is available and supported. */ char *display; @@ -111,7 +114,7 @@ struct pinentry dismiss button is required. */ int one_button; - /* If true a second prompt for the passphrase is show and the user + /* If true a second prompt for the passphrase is shown and the user is expected to enter the same passphrase again. Pinentry checks that both match. */ char *repeat_passphrase; @@ -146,10 +149,25 @@ struct pinentry char *default_cancel; char *default_prompt; + /* Whether we are allowed to read the password from an external + cache. */ + int allow_external_password_cache; + + /* We only try the cache once. */ + int tried_password_cache; + + /* A stable identifier for the key. */ + char *keyinfo; + + /* Whether we may cache the password (according to the user). */ + int may_cache_password; + + /* NOTE: If you add any additional fields to this structure, be sure + to update the initializer in pinentry/pinentry.c!!! */ + /* For the quality indicator we need to do an inquiry. Thus we need to save the assuan ctx. */ void *ctx_assuan; - }; typedef struct pinentry *pinentry_t; @@ -158,7 +176,8 @@ typedef struct pinentry *pinentry_t; PIN. If PIN->pin is zero, request a confirmation, otherwise a PIN entry. On confirmation, the function should return TRUE if confirmed, and FALSE otherwise. On PIN entry, the function should - return -1 if cancelled and the length of the secret otherwise. */ + return -1 if an error occured or the user cancelled the operation + and the length of the secret otherwise. */ typedef int (*pinentry_cmd_handler_t) (pinentry_t pin); /* Start the pinentry event loop. The program will start to process diff --git a/tty/Makefile.am b/tty/Makefile.am index d872fcc..798c08f 100644 --- a/tty/Makefile.am +++ b/tty/Makefile.am @@ -1,5 +1,5 @@ # Makefile.am - PIN entry curses frontend. -# Copyright (C) 2002 g10 Code GmbH +# Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -20,8 +20,8 @@ bin_PROGRAMS = pinentry-tty -AM_CPPFLAGS = -I$(top_srcdir)/pinentry -LDADD = ../pinentry/libpinentry.a \ +AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/pinentry +LDADD = $(COMMON_LIBS) ../pinentry/libpinentry.a \ ../assuan/libassuan.a ../secmem/libsecmem.a \ $(LIBCAP) $(LIBICONV) diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 5891697..8c15eac 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -1,7 +1,7 @@ /* pinentry-curses.c - A secure curses dialog for PIN entry, library version Copyright (C) 2014 Serge Voilokov Copyright (C) 2015 Daniel Kahn Gillmor - * Copyright (C) 2015 g10 Code GmbH + Copyright (C) 2015 g10 Code GmbH This file is part of PINENTRY. ----------------------------------------------------------------------- hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 12:15:07 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 07 May 2015 12:15:07 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-26-g874ef16 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 874ef16e70ab750db7b153f17a7e859a0db6a2f1 (commit) via 173b26c8f83a3c623165a96c315bf9ed4b90edcc (commit) via 154abaf3c97dae43ba972e4482680a287f3e5c39 (commit) from f77fd572db658959fa40aa8c181be919e688b707 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 874ef16e70ab750db7b153f17a7e859a0db6a2f1 Author: Werner Koch Date: Thu May 7 12:01:12 2015 +0200 gpg: Improve 'General key info' line of --card-status. * g10/keylist.c (print_pubkey_info): Print either "pub" or "sub". * g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK. * g10/keyid.c (keyid_from_fingerprint): Adjust for change. * g10/revoke.c (gen_desig_revoke): Adjust for change. * g10/card-util.c (card_status): Simplify by using new arg. Align card-no string. * g10/card-util.c (card_status): Remove not used GnuPG-1 code. -- This now prints "sub" if the first used card key is actually a subkey. Signed-off-by: Werner Koch diff --git a/g10/card-util.c b/g10/card-util.c index a291a07..dbd530e 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -366,6 +366,7 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) { struct agent_card_info_s info; PKT_public_key *pk = xcalloc (1, sizeof *pk); + kbnode_t keyblock = NULL; int rc; unsigned int uval; const unsigned char *thefpr; @@ -587,41 +588,17 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) /* If the fingerprint is all 0xff, the key has no asssociated OpenPGP certificate. */ if ( thefpr && !fpr_is_ff (thefpr) - && !get_pubkey_byfprint (pk, thefpr, 20)) + && !get_pubkey_byfprint (pk, &keyblock, thefpr, 20)) { - kbnode_t keyblock = NULL; - print_pubkey_info (fp, pk); - -#if GNUPG_MAJOR_VERSION == 1 - if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) ) + if (keyblock) print_card_key_info (fp, keyblock); - else if ( !get_keyblock_byfprint (&keyblock, thefpr, 20) ) - { - release_kbnode (keyblock); - keyblock = NULL; - - if (!auto_create_card_key_stub (info.serialno, - info.fpr1valid? info.fpr1:NULL, - info.fpr2valid? info.fpr2:NULL, - info.fpr3valid? info.fpr3:NULL)) - { - if ( !get_seckeyblock_byfprint (&keyblock, thefpr, 20) ) - print_card_key_info (fp, keyblock); - } - } - -#else /* GNUPG_MAJOR_VERSION != 1 */ - if (!get_keyblock_byfprint (&keyblock, thefpr, 20)) - print_card_key_info (fp, keyblock); -#endif /* GNUPG_MAJOR_VERSION != 1 */ - - release_kbnode (keyblock); } else tty_fprintf (fp, "[none]\n"); } + release_kbnode (keyblock); free_public_key (pk); agent_release_card_info (&info); } diff --git a/g10/getkey.c b/g10/getkey.c index 20b37d8..e450c56 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -968,17 +968,26 @@ get_pubkey_byfpr (PKT_public_key *pk, const byte *fpr) } -/* Search for a key with the given fingerprint. +/* Search for a key with the given fingerprint. The caller need to + * prove an allocated public key object at PK. If R_KEYBLOCK is not + * NULL the entire keyblock is stored there and the caller needs to + * call release_kbnode() on it. Note that this function does an exact + * search and thus the public key stored at PK may be a copy of a + * subkey. + * * FIXME: * We should replace this with the _byname function. This can be done * by creating a userID conforming to the unified fingerprint style. */ int -get_pubkey_byfprint (PKT_public_key * pk, +get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock, const byte * fprint, size_t fprint_len) { int rc; + if (r_keyblock) + *r_keyblock = NULL; + if (fprint_len == 20 || fprint_len == 16) { struct getkey_ctx_s ctx; @@ -994,7 +1003,14 @@ get_pubkey_byfprint (PKT_public_key * pk, memcpy (ctx.items[0].u.fpr, fprint, fprint_len); rc = lookup (&ctx, &kb, 0); if (!rc && pk) - pk_from_block (&ctx, pk, kb); + { + pk_from_block (&ctx, pk, kb); + if (r_keyblock) + { + *r_keyblock = kb; + kb = NULL; + } + } release_kbnode (kb); get_pubkey_end (&ctx); } diff --git a/g10/keydb.h b/g10/keydb.h index c61e0ae..11a10e9 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -223,8 +223,8 @@ int get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock ); void get_pubkey_end( GETKEY_CTX ctx ); gpg_error_t get_seckey (PKT_public_key *pk, u32 *keyid); gpg_error_t get_pubkey_byfpr (PKT_public_key *pk, const byte *fpr); -int get_pubkey_byfprint( PKT_public_key *pk, const byte *fprint, - size_t fprint_len ); +int get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock, + const byte *fprint, size_t fprint_len); int get_pubkey_byfprint_fast (PKT_public_key *pk, const byte *fprint, size_t fprint_len); int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint, diff --git a/g10/keyid.c b/g10/keyid.c index a0571b0..90d982e 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -463,7 +463,7 @@ keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid ) int rc; memset (&pk, 0, sizeof pk); - rc = get_pubkey_byfprint (&pk, fprint, fprint_len); + rc = get_pubkey_byfprint (&pk, NULL, fprint, fprint_len); if( rc ) { log_error("Oops: keyid_from_fingerprint: no pubkey\n"); diff --git a/g10/keylist.c b/g10/keylist.c index d62bc20..2cd988d 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -170,7 +170,7 @@ print_seckey_info (PKT_public_key *pk) the tty output interface is used, otherwise output is directted to the given stream. */ void -print_pubkey_info (estream_t fp, PKT_public_key * pk) +print_pubkey_info (estream_t fp, PKT_public_key *pk) { u32 keyid[2]; char *p; @@ -187,7 +187,8 @@ print_pubkey_info (estream_t fp, PKT_public_key * pk) if (fp) tty_printf ("\n"); - tty_fprintf (fp, "pub %s/%s %s %s\n", + tty_fprintf (fp, "%s %s/%s %s %s\n", + pk->flags.primary? "pub":"sub", pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), keystr (keyid), datestr_from_pk (pk), p); xfree (p); @@ -205,6 +206,7 @@ print_card_key_info (estream_t fp, kbnode_t keyblock) char *serialno; int s2k_char; char pkstrbuf[PUBKEY_STRING_SIZE]; + int indent; for (node = keyblock; node; node = node->next) { @@ -226,18 +228,18 @@ print_card_key_info (estream_t fp, kbnode_t keyblock) else s2k_char = '#'; /* Key not found. */ - tty_fprintf (fp, "%s%c %s/%s ", + tty_fprintf (fp, "%s%c %s/%s %n", node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb", s2k_char, pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr_from_pk (pk)); + keystr_from_pk (pk), + &indent); tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk)); tty_fprintf (fp, " "); tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk)); if (serialno) { - tty_fprintf (fp, "\n "); - tty_fprintf (fp, _("card-no: ")); + tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: ")); if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12)) { diff --git a/g10/revoke.c b/g10/revoke.c index 15d28b0..6680ac7 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -291,7 +291,7 @@ gen_desig_revoke( const char *uname, strlist_t locusr ) else { pk2 = xmalloc_clear (sizeof *pk2); - rc = get_pubkey_byfprint (pk2, + rc = get_pubkey_byfprint (pk2, NULL, pk->revkey[i].fpr, MAX_FINGERPRINT_LEN); } commit 173b26c8f83a3c623165a96c315bf9ed4b90edcc Author: Werner Koch Date: Thu May 7 11:54:34 2015 +0200 gpg: Fix regression not displaying the card serial number * g10/call-agent.c (keyinfo_status_cb): Detect KEYINFO. -- This regression is due to commit 585d5c62eece23911a768d97d11f159be138b13d from February 2013! Signed-off-by: Werner Koch diff --git a/g10/call-agent.c b/g10/call-agent.c index 017e916..edee66e 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1626,7 +1626,7 @@ keyinfo_status_cb (void *opaque, const char *line) char **serialno = opaque; const char *s, *s2; - if ((s = has_leading_keyword (line, "KEYINFO ")) && !*serialno) + if ((s = has_leading_keyword (line, "KEYINFO")) && !*serialno) { s = strchr (s, ' '); if (s && s[1] == 'T' && s[2] == ' ' && s[3]) commit 154abaf3c97dae43ba972e4482680a287f3e5c39 Author: Werner Koch Date: Wed May 6 11:06:26 2015 +0200 speedo,w32: Install a native pinentry. * build-aux/speedo.mk: Always build pinentry for w32. (speedo_pkg_pinentry_configure): Adjust to modern pinentry. * build-aux/speedo/w32/inst.nsi: Install native pinentry under the name pinentry-basic.exe. Signed-off-by: Werner Koch diff --git a/build-aux/speedo.mk b/build-aux/speedo.mk index a0e29a5..984c9e9 100644 --- a/build-aux/speedo.mk +++ b/build-aux/speedo.mk @@ -187,14 +187,19 @@ speedo_spkgs += \ endif endif +ifeq ($(TARGETOS),w32) +speedo_spkgs += pinentry ifeq ($(WITH_GUI),1) -speedo_spkgs += \ - pinentry gpa -ifeq ($(TARGETOS),w32) -speedo_spkgs += \ - gpgex +speedo_spkgs += gpa gpgex endif + +else + +ifeq ($(WITH_GUI),1) +speedo_spkgs += pinentry gpa +endif + endif @@ -437,14 +442,19 @@ speedo_pkg_gpgme_configure = \ LDFLAGS=-L$(idir)/lib endif -speedo_pkg_pinentry_configure = \ - --disable-pinentry-qt --disable-pinentry-qt4 --disable-pinentry-gtk \ - --enable-pinentry-gtk2 \ - --with-glib-prefix=$(idir) --with-gtk-prefix=$(idir) \ + +ifeq ($(TARGETOS),w32) +speedo_pkg_pinentry_configure = --disable-pinentry-gtk2 +else +speedo_pkg_pinentry_configure = --enable-pinentry-gtk2 +endif +speedo_pkg_pinentry_configure += \ + --disable-pinentry-qt4 \ CPPFLAGS=-I$(idir)/include \ LDFLAGS=-L$(idir)/lib \ CXXFLAGS=-static-libstdc++ + speedo_pkg_gpa_configure = \ --with-libiconv-prefix=$(idir) --with-libintl-prefix=$(idir) \ --with-gpgme-prefix=$(idir) --with-zlib=$(idir) \ diff --git a/build-aux/speedo/w32/inst.nsi b/build-aux/speedo/w32/inst.nsi index e88a91c..19babb9 100644 --- a/build-aux/speedo/w32/inst.nsi +++ b/build-aux/speedo/w32/inst.nsi @@ -816,12 +816,10 @@ Section "-gtk+" SEC_gtk_ SectionEnd !endif -!ifdef WITH_GUI Section "-pinentry" SEC_pinentry SetOutPath "$INSTDIR\bin" - File /oname=pinentry.exe "bin/pinentry-gtk-2.exe" + File /oname=pinentry-basic.exe "bin/pinentry-w32.exe" SectionEnd -!endif !ifdef WITH_GUI Section "gpa" SEC_gpa @@ -933,11 +931,9 @@ Section "-un.gpa" SectionEnd !endif -!ifdef WITH_GUI Section "-un.pinentry" - Delete "$INSTDIR\bin\pinentry.exe" + Delete "$INSTDIR\bin\pinentry-basic.exe" SectionEnd -!endif !ifdef WITH_GUI Section "-un.gtk+" ----------------------------------------------------------------------- Summary of changes: build-aux/speedo.mk | 28 +++++++++++++++++++--------- build-aux/speedo/w32/inst.nsi | 8 ++------ g10/call-agent.c | 2 +- g10/card-util.c | 31 ++++--------------------------- g10/getkey.c | 22 +++++++++++++++++++--- g10/keydb.h | 4 ++-- g10/keyid.c | 2 +- g10/keylist.c | 14 ++++++++------ g10/revoke.c | 2 +- 9 files changed, 57 insertions(+), 56 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 13:30:35 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 07 May 2015 13:30:35 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-16-gaa98f25 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via aa98f25ddcc3c36035f18249443cec15d16e8fa5 (commit) from aaec7c7c50adfb51510962a14c0fa2179a34a01e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit aa98f25ddcc3c36035f18249443cec15d16e8fa5 Author: Werner Koch Date: Thu May 7 13:29:26 2015 +0200 w32: Do not build gtk pinentry by default. * autogen.rc: Remove obsolete options. diff --git a/autogen.rc b/autogen.rc index 59441fe..1af4d83 100644 --- a/autogen.rc +++ b/autogen.rc @@ -7,15 +7,13 @@ case "$myhost:$myhostsub" in extraoptions="--disable-pinentry-gtk2 --disable-pinentry-qt4" ;; w32:) - extraoptions="--enable-pinentry-gtk2" + extraoptions="" ;; esac case "$myhost" in w32) configure_opts=" - --disable-pinentry-gtk - --disable-pinentry-qt --with-libiconv-prefix=@SYSROOT@ PKG_CONFIG_LIBDIR=@SYSROOT@/lib/pkgconfig " diff --git a/configure.ac b/configure.ac index 646bc32..271234f 100644 --- a/configure.ac +++ b/configure.ac @@ -168,7 +168,7 @@ AC_CHECK_FUNCS(seteuid stpcpy mmap) GNUPG_CHECK_MLOCK dnl Checks for libassuan. -dnl -> None required becuase we use a stripped down version of libassuan. +dnl -> None required because we use a stripped down version of libassuan. dnl Checks for libsecmem. ----------------------------------------------------------------------- Summary of changes: autogen.rc | 4 +--- configure.ac | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 14:44:59 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 07 May 2015 14:44:59 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-18-g3a8daef Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 3a8daef81c49dc3c04b6703a0384381cb43eb91b (commit) via c6eaa7bf8300f524de41956a339ca0ed3af4656e (commit) from aa98f25ddcc3c36035f18249443cec15d16e8fa5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3a8daef81c49dc3c04b6703a0384381cb43eb91b Author: Neal H. Walfield Date: Thu May 7 14:44:37 2015 +0200 Minor documentation cleanups. diff --git a/doc/pinentry.texi b/doc/pinentry.texi index c2df479..2c8aae1 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -105,7 +105,7 @@ passphrases. It is usually invoked by @sc{gpg-agent} @pinentry{} comes in several flavors to fit the look and feel of the used GUI toolkit: A @sc{GTK+} based one named @code{pinentry-gtk}; a @sc{Qt} based one named @code{pinentry-qt}; and, two non-graphical -ones @code{pinentry-curses}, which uses curses and +ones @code{pinentry-curses}, which uses curses, and @code{pinentry-tty}, which doesn't require anything more than a simple terminal. Not all of them are necessarily available on your installation. If curses is supported on your system, the GUI-based @@ -212,10 +212,10 @@ options using Assuan protocol options. @c Assuan Protocol @c @node Protocol - at chapter pinentry's Assuan Protocol + at chapter @pinentry{}'s Assuan Protocol The @pinentry{} should never service more than one connection at once. -It is reasonable to exec the PIN-Entry prior to a request. +It is reasonable to exec the @pinentry{} prior to a request. The @pinentry{} does not need to stay in memory because the @sc{gpg-agent} has the ability to cache passphrases. The usual way to @@ -224,10 +224,10 @@ fork/exec the @pinentry{}. The communication is then done by means of the protocol described here until the client is satisfied with the result. -Although it is called a @pinentry{}, it allow entering reasonably long -strings (strings that are up to 2048 characters long are supported by -every pinentry). The client using the PIN-Entry has to check for -correctness. +Although it is called a @pinentry{}, it allows entering reasonably +long strings (strings that are up to 2048 characters long are +supported by every pinentry). The client using the @pinentry{} has to +check for correctness. Note that all strings are expected to be encoded as UTF-8; @pinentry{} takes care of converting it to the locally used codeset. To include commit c6eaa7bf8300f524de41956a339ca0ed3af4656e Author: Neal H. Walfield Date: Thu May 7 14:43:48 2015 +0200 Add support for saving the passphrase with libsecret. * configure.ac (COMMON_CFLAGS): New variable. AC_SUBST it. (COMMON_LIBS): Likewise. AC_SUBST it. (LIBSECRET_CFLAGS): Likewise. (LIBSECRET_LIBS): Likewise. (--enable-libsecret): Add option to enable support for libsecret. If enabled, check for its presense. * pinentry/password-cache.h: New field. * pinentry/password-cache.c: New field. * pinentry/pinentry.h (struct pinentry): Add fields pin_from_cache, allow_external_password_cache, tried_password_cache, keyinfo, and may_cache_password. * pinentry/pinentry.c: Include "password-cache.h". (pinentry): Initialize new fields. (option_handler): Handle the "allow-external-password-cache" option. (cmd_setkeyinfo): Implement it. (cmd_getpin): Read the password from the cache, if appropriate. Save it to the cache, if appropriate. * pinentry/Makefile.am (AM_CPPFLAGS): Add $(COMMON_CFLAGS). (LDADD): Add $(COMMON_LIBS). (libpinentry_a_SOURCES): Add password-cache.h password-cache.c. * gtk+-2/pinentry-gtk-2.c (may_save_passphrase_toggled): New function. (create_window): Take additional parameter, the pinentry's context. Update callers. [HAVE_LIBSECRET]: Show a checkbox asking whether the passphrase should be saved. * gtk+-2/Makefile.am (AM_CPPFLAGS): Add $(COMMON_CFLAGS). (LDADD): Add $(COMMON_LIBS). * curses/Makefile.am (AM_CPPFLAGS): Add $(COMMON_CFLAGS). (LDADD): Add $(COMMON_LIBS). * tty/Makefile.am (AM_CPPFLAGS): Add $(COMMON_CFLAGS). (LDADD): Add $(COMMON_LIBS). * doc/pinentry.texi (Protocol): Update documentation. Describe the protocol and provide some justification. diff --git a/configure.ac b/configure.ac index 271234f..ec7bbfd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # configure.ac # Copyright (C) 1999 Robert Bihlmeyer -# Copyright (C) 2001, 2002, 2003, 2004, 2007 g10 Code GmbH +# Copyright (C) 2001, 2002, 2003, 2004, 2007, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -167,6 +167,12 @@ dnl Checks for library functions. AC_CHECK_FUNCS(seteuid stpcpy mmap) GNUPG_CHECK_MLOCK +# Common libraries and cflags. +COMMON_CFLAGS= +COMMON_LIBS= +AC_SUBST(COMMON_CFLAGS) +AC_SUBST(COMMON_LIBS) + dnl Checks for libassuan. dnl -> None required because we use a stripped down version of libassuan. @@ -310,6 +316,45 @@ if test "$pinentry_gtk_2" != "no"; then fi AM_CONDITIONAL(BUILD_PINENTRY_GTK_2, test "$pinentry_gtk_2" = "yes") +dnl +dnl Check for libsecret. +dnl +AC_ARG_ENABLE(libsecret, + AC_HELP_STRING([--enable-libsecret], + [optionally cache passphrases using libsecret]), + libsecret=$enableval, libsecret=maybe) + +dnl check for pkg-config +if test "$libsecret" != "no"; then + AC_PATH_PROG(PKG_CONFIG, pkg-config, no) + if test x"${PKG_CONFIG}" = xno ; then + libsecret=no + fi +fi + +dnl check if the module libsecret exists +if test "$libsecret" != "no"; then + AC_MSG_CHECKING([for libsecret]) + "${PKG_CONFIG}" --exists 'libsecret-1' + if test $? -ne 0 ; then + AC_MSG_RESULT([no]) + AC_MSG_WARN([pkg-config could not find the modules libsecret-1]) + libsecret=no + else + AC_MSG_RESULT([yes]) + LIBSECRET_CFLAGS=`"${PKG_CONFIG}" --cflags 'libsecret-1'` + LIBSECRET_LIBS=`"${PKG_CONFIG}" --libs 'libsecret-1'` + libsecret=yes + fi +fi +AM_CONDITIONAL(BUILD_WITH_LIBSECRET, test "$libsecret" = "yes") +if test "$libsecret" = "yes"; then + AC_DEFINE(HAVE_LIBSECRET, 1, + [The pinentries should optionally cache the passphrase using libsecret.]) + + COMMON_CFLAGS="$COMMON_CFLAGS $LIBSECRET_CFLAGS" + COMMON_LIBS="$COMMON_LIBS $LIBSECRET_LIBS" +fi dnl dnl Check for Qt4 pinentry program. @@ -453,5 +498,7 @@ AC_MSG_NOTICE([ Fallback to Curses: $fallback_curses + libsecret ........: $libsecret + Default Pinentry .: $PINENTRY_DEFAULT ]) diff --git a/curses/Makefile.am b/curses/Makefile.am index 404a8ed..e8ea031 100644 --- a/curses/Makefile.am +++ b/curses/Makefile.am @@ -1,5 +1,5 @@ # Makefile.am - PIN entry curses frontend. -# Copyright (C) 2002 g10 Code GmbH +# Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -21,8 +21,9 @@ bin_PROGRAMS = pinentry-curses -AM_CPPFLAGS = $(NCURSES_INCLUDE) -I$(top_srcdir)/pinentry -LDADD = ../pinentry/libpinentry.a ../pinentry/libpinentry-curses.a \ +AM_CPPFLAGS = $(COMMON_CFLAGS) $(NCURSES_INCLUDE) -I$(top_srcdir)/pinentry +LDADD = $(COMMON_LIBS) \ + ../pinentry/libpinentry.a ../pinentry/libpinentry-curses.a \ ../assuan/libassuan.a ../secmem/libsecmem.a \ $(LIBCAP) $(LIBCURSES) $(LIBICONV) diff --git a/doc/pinentry.texi b/doc/pinentry.texi index fb4017e..c2df479 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -414,6 +414,51 @@ strings. The strings are subject to accelerator marking, see SETPROMPT for details. + at item Passphrase caching + +Some environments, such as GNOME, cache passwords and passphrases. +The @pinentry{} should only use an external cache if the + at code{allow-external-password-cache} option was set and a stable key +identifier (using SETKEYINFO) was provided. In this case, if the +passphrase was read from the cache, the @pinentry{} should send the + at code{PASSWORD_FROM_CACHE} status message before returning the +passphrase. This indicates to GPG Agent that it should not increment +the passphrase retry counter. + + at example + C: OPTION allow-external-password-cache + S: OK + C: SETKEYINFO key-grip + S: OK + C: getpin + S: S PASSWORD_FROM_CACHE + S: D 1234 + C: OK + at end example + +Note: if @code{allow-external-password-cache} is not specified, an +external password cache must not be used: this can lead to subtle +bugs. In particular, if this option is not specified, then GPG Agent +does not recognize the @code{PASSWORD_FROM_CACHE} status message and +will count trying a cached password against the password retry count. +If the password retry count is 1, then the user will never have the +opportunity to correct the cached password. + +Note: it is strongly recommended that a pinentry supporting this +feature provide the user an option to enable it manually. That is, +saving a passphrase in an external password manager should be opt-in. + +The key identifier provided by SETKEYINFO is the key grip, which is +not the OpenPGP Key ID. To map the key grip to a key, you can use the +following: + + at example + # gpg2 --with-keygrip --list-secret-keys + at end example + + at noindent +and search for the key grip. + @end table @c --------------------------------------------------------------------- diff --git a/gtk+-2/Makefile.am b/gtk+-2/Makefile.am index 94346c0..c98139f 100644 --- a/gtk+-2/Makefile.am +++ b/gtk+-2/Makefile.am @@ -1,5 +1,5 @@ # Makefile.am - PIN entry GTK+ frontend. -# Copyright (C) 2002 g10 Code GmbH +# Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -29,9 +29,10 @@ ncurses_include = libcurses = endif -AM_CPPFLAGS = $(GTK2CFLAGS) $(ncurses_include) \ +AM_CPPFLAGS = $(COMMON_CFLAGS) $(GTK2CFLAGS) $(ncurses_include) \ -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry -LDADD = ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ +LDADD = $(COMMON_LIBS) \ + ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ $(LIBCAP) $(GTK2LIBS) $(libcurses) pinentry_gtk_2_SOURCES = pinentry-gtk-2.c \ diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index b3698c0..b154831 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -1,6 +1,6 @@ /* pinentry-gtk-2.c Copyright (C) 1999 Robert Bihlmeyer - Copyright (C) 2001, 2002, 2007 g10 Code GmbH + Copyright (C) 2001, 2002, 2007, 2015 g10 Code GmbH Copyright (C) 2004 by Albrecht Dre? pinentry-gtk-2 is a pinentry application for the Gtk+-2 widget set. @@ -328,6 +328,18 @@ changed_text_handler (GtkWidget *widget) } +#ifdef HAVE_LIBSECRET +static void +may_save_passphrase_toggled (GtkWidget *widget, gpointer data) +{ + GtkToggleButton *button = GTK_TOGGLE_BUTTON (widget); + pinentry_t ctx = (pinentry_t) data; + + ctx->may_cache_password = gtk_toggle_button_get_active (button); +} +#endif + + static gboolean timeout_cb (gpointer data) { @@ -339,7 +351,7 @@ timeout_cb (gpointer data) static GtkWidget * -create_window (int confirm_mode) +create_window (pinentry_t ctx, int confirm_mode) { GtkWidget *w; GtkWidget *win, *box; @@ -552,6 +564,21 @@ create_window (int confirm_mode) gtk_box_set_spacing (GTK_BOX (bbox), 6); gtk_box_pack_start (GTK_BOX (wvbox), bbox, TRUE, FALSE, 0); +#ifdef HAVE_LIBSECRET + if (ctx->allow_external_password_cache && ctx->keyinfo) + /* Only show this if we can cache passwords and we have a stable + key identifier. */ + { + w = gtk_check_button_new_with_label ("Save passphrase using libsecret"); + gtk_box_pack_start (GTK_BOX (box), w, TRUE, FALSE, 0); + gtk_widget_show (w); + + g_signal_connect (G_OBJECT (w), "toggled", + G_CALLBACK (may_save_passphrase_toggled), + (gpointer) ctx); + } +#endif + if (!pinentry->one_button) { if (pinentry->cancel) @@ -661,7 +688,7 @@ gtk_cmd_handler (pinentry_t pe) pinentry = pe; confirm_value = CONFIRM_CANCEL; passphrase_ok = 0; - w = create_window (want_pass ? 0 : 1); + w = create_window (pe, want_pass ? 0 : 1); gtk_main (); gtk_widget_destroy (w); while (gtk_events_pending ()) diff --git a/pinentry/Makefile.am b/pinentry/Makefile.am index c3926b2..7fbbab6 100644 --- a/pinentry/Makefile.am +++ b/pinentry/Makefile.am @@ -1,5 +1,5 @@ # Pinentry support library Makefile -# Copyright (C) 2002 g10 Code GmbH +# Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -29,7 +29,9 @@ endif noinst_LIBRARIES = libpinentry.a $(pinentry_curses) -AM_CPPFLAGS = -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem +LDADD = $(COMMON_LIBS) +AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem -libpinentry_a_SOURCES = pinentry.h pinentry.c argparse.c argparse.h +libpinentry_a_SOURCES = pinentry.h pinentry.c argparse.c argparse.h \ + password-cache.h password-cache.c libpinentry_curses_a_SOURCES = pinentry-curses.h pinentry-curses.c diff --git a/pinentry/password-cache.c b/pinentry/password-cache.c new file mode 100644 index 0000000..53bb39f --- /dev/null +++ b/pinentry/password-cache.c @@ -0,0 +1,131 @@ +/* password-cache.c - Password cache support. + Copyright (C) 2015 g10 Code GmbH + + This file is part of PINENTRY. + + PINENTRY is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + PINENTRY is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . + */ + +#ifdef HAVE_CONFIG_H +# include +#endif + +#include +#include +#include + +#ifdef HAVE_LIBSECRET +# include +#endif + +#include "password-cache.h" +#include "memory.h" + +#ifdef HAVE_LIBSECRET +static const SecretSchema * +gpg_schema (void) +{ + static const SecretSchema the_schema = { + "org.gnupg.Passphrase", SECRET_SCHEMA_NONE, + { + { "stored-by", SECRET_SCHEMA_ATTRIBUTE_STRING }, + { "key-grip", SECRET_SCHEMA_ATTRIBUTE_STRING }, + { "NULL", 0 }, + } + }; + return &the_schema; +} + +static char * +key_grip_to_label (const char *key_grip) +{ + char *label = NULL; + if (asprintf(&label, "GnuPG: %s", key_grip) < 0) + return NULL; + return label; +} +#endif + +void +password_cache_save (const char *key_grip, const char *password) +{ +#ifdef HAVE_LIBSECRET + char *label; + GError *error = NULL; + + if (! *key_grip) + return; + + label = key_grip_to_label (key_grip); + if (! label) + return; + + if (! secret_password_store_sync (gpg_schema (), + SECRET_COLLECTION_DEFAULT, + label, password, NULL, &error, + "stored-by", "GnuPG Pinentry", + "key-grip", key_grip, NULL)) + { + printf("Failed to cache password for key %s with secret service: %s\n", + key_grip, error->message); + + g_error_free (error); + } + + free (label); +#else + return; +#endif +} + +char * +password_cache_lookup (const char *key_grip) +{ +#ifdef HAVE_LIBSECRET + GError *error = NULL; + char *password; + char *password2; + + if (! *key_grip) + return NULL; + + password = secret_password_lookup_nonpageable_sync + (gpg_schema (), NULL, &error, + "key-grip", key_grip, NULL); + + if (error != NULL) + { + printf("Failed to lookup password for key %s with secret service: %s\n", + key_grip, error->message); + g_error_free (error); + return NULL; + } + if (! password) + /* The password for this key is not cached. Just return NULL. */ + return NULL; + + /* The password needs to be returned in secmem allocated memory. */ + password2 = secmem_malloc (strlen (password) + 1); + if (password2) + strcpy(password2, password); + else + printf("secmem_malloc failed: can't copy password!\n"); + + secret_password_free (password); + + return password2; +#else + return NULL; +#endif +} diff --git a/pinentry/password-cache.h b/pinentry/password-cache.h new file mode 100644 index 0000000..7c6cd5a --- /dev/null +++ b/pinentry/password-cache.h @@ -0,0 +1,27 @@ +/* password-cache.h - Password cache support interfaces. + Copyright (C) 2015 g10 Code GmbH + + This file is part of PINENTRY. + + PINENTRY is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + PINENTRY is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, see . + */ + +#ifndef PASSWORD_CACHE_H +#define PASSWORD_CACHE_H + +void password_cache_save (const char *key_grip, const char *password); + +char *password_cache_lookup (const char *key_grip); + +#endif diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 04de1aa..7b3fde5 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -47,6 +47,7 @@ #include "secmem-util.h" #include "argparse.h" #include "pinentry.h" +#include "password-cache.h" #ifdef HAVE_W32CE_SYSTEM #define getpid() GetCurrentProcessId () @@ -67,6 +68,7 @@ struct pinentry pinentry = NULL, /* Cancel button. */ NULL, /* PIN. */ 2048, /* PIN length. */ + 0, /* pin_from_cache. */ 0, /* Display. */ 0, /* TTY name. */ 0, /* TTY type. */ @@ -98,6 +100,10 @@ struct pinentry pinentry = NULL, /* default_ok */ NULL, /* default_cancel */ NULL, /* default_prompt */ + 0, /* allow_external_password_cache. */ + 0, /* tried_password_cached. */ + NULL, /* keyinfo */ + 0, /* may_cache_password. */ NULL /* Assuan context. */ }; @@ -711,6 +717,11 @@ option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value) if (!pinentry.default_prompt) return ASSUAN_Out_Of_Core; } + else if (!strcmp (key, "allow-external-password-cache") && !*value) + { + pinentry.allow_external_password_cache = 1; + pinentry.tried_password_cache = 0; + } else return ASSUAN_Invalid_Option; return 0; @@ -772,13 +783,20 @@ cmd_setprompt (ASSUAN_CONTEXT ctx, char *line) /* The data provided at LINE may be used by pinentry implementations - to identify a key for caching strategies of its own. As of now - this is here only for documentation purposes. */ + to identify a key for caching strategies of its own. The empty + string and --clear mean that the key does not have a stable + identifier. */ static int cmd_setkeyinfo (ASSUAN_CONTEXT ctx, char *line) { - (void)ctx; - (void)line; + if (pinentry.keyinfo) + free (pinentry.keyinfo); + + if (*line && strcmp(line, "--clear") != 0) + pinentry.keyinfo = strdup (line); + else + pinentry.keyinfo = NULL; + return 0; } @@ -955,10 +973,57 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) { int result; int set_prompt = 0; + int just_read_password_from_cache = 0; pinentry.pin = secmem_malloc (pinentry.pin_len); if (!pinentry.pin) return ASSUAN_Out_Of_Core; + + /* Try reading from the password cache. */ + if (/* If repeat passphrase is set, then we don't want to read from + the cache. */ + ! pinentry.repeat_passphrase + /* Are we allowed to read from the cache? */ + && pinentry.allow_external_password_cache + && pinentry.keyinfo + /* Only read from the cache if we haven't already tried it. */ + && ! pinentry.tried_password_cache) + { + char *password; + + pinentry.tried_password_cache = 1; + + password = password_cache_lookup (pinentry.keyinfo); + if (password) + /* There is a cached password. Try it. */ + { + int len = strlen(password) + 1; + if (len > pinentry.pin_len) + len = pinentry.pin_len; + + memcpy (pinentry.pin, password, len); + pinentry.pin[len] = '\0'; + + secmem_free (password); + + pinentry.pin_from_cache = 1; + + assuan_write_status (ctx, "PASSWORD_FROM_CACHE", ""); + + /* Result is the length of the password not including the + NUL terminator. */ + result = len - 1; + + just_read_password_from_cache = 1; + + goto out; + } + } + + /* The password was not cached (or we are not allowed to / cannot + use the cache). Prompt the user. */ + pinentry.pin_from_cache = 0; + if (!pinentry.prompt) { pinentry.prompt = pinentry.default_prompt?pinentry.default_prompt:"PIN:"; @@ -999,6 +1064,7 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) return pinentry.locale_err? ASSUAN_Locale_Problem: ASSUAN_Canceled; } + out: if (result) { if (pinentry.repeat_okay) @@ -1006,6 +1072,15 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) result = assuan_send_data (ctx, pinentry.pin, result); if (!result) result = assuan_send_data (ctx, NULL, 0); + + if (/* GPG Agent says it's okay. */ + pinentry.allow_external_password_cache && pinentry.keyinfo + /* We didn't just read it from the cache. */ + && ! just_read_password_from_cache + /* And the user said it's okay. */ + && pinentry.may_cache_password) + /* Cache the password. */ + password_cache_save (pinentry.keyinfo, pinentry.pin); } if (pinentry.pin) diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index 6787130..02f76a3 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -1,5 +1,5 @@ /* pinentry.h - The interface for the PIN entry support library. - Copyright (C) 2002, 2003, 2010 g10 Code GmbH + Copyright (C) 2002, 2003, 2010, 2015 g10 Code GmbH This file is part of PINENTRY. @@ -57,6 +57,9 @@ struct pinentry char *pin; /* The length of the buffer. */ int pin_len; + /* Whether the pin was read from an external cache (1) or entered by + the user (0). */ + int pin_from_cache; /* The name of the X display to use if X is available and supported. */ char *display; @@ -111,7 +114,7 @@ struct pinentry dismiss button is required. */ int one_button; - /* If true a second prompt for the passphrase is show and the user + /* If true a second prompt for the passphrase is shown and the user is expected to enter the same passphrase again. Pinentry checks that both match. */ char *repeat_passphrase; @@ -146,6 +149,22 @@ struct pinentry char *default_cancel; char *default_prompt; + /* Whether we are allowed to read the password from an external + cache. */ + int allow_external_password_cache; + + /* We only try the cache once. */ + int tried_password_cache; + + /* A stable identifier for the key. */ + char *keyinfo; + + /* Whether we may cache the password (according to the user). */ + int may_cache_password; + + /* NOTE: If you add any additional fields to this structure, be sure + to update the initializer in pinentry/pinentry.c!!! */ + /* For the quality indicator we need to do an inquiry. Thus we need to save the assuan ctx. */ void *ctx_assuan; @@ -158,7 +177,8 @@ typedef struct pinentry *pinentry_t; PIN. If PIN->pin is zero, request a confirmation, otherwise a PIN entry. On confirmation, the function should return TRUE if confirmed, and FALSE otherwise. On PIN entry, the function should - return -1 if cancelled and the length of the secret otherwise. */ + return -1 if an error occured or the user cancelled the operation + and the length of the secret otherwise. */ typedef int (*pinentry_cmd_handler_t) (pinentry_t pin); /* Start the pinentry event loop. The program will start to process diff --git a/qt4/Makefile.am b/qt4/Makefile.am index e52169c..31274bb 100644 --- a/qt4/Makefile.am +++ b/qt4/Makefile.am @@ -1,6 +1,6 @@ # Makefile.am # Copyright (C) 2002 g10 Code GmbH, Klar?lvdalens Datakonsult AB -# Copyright (C) 2008 g10 Code GmbH +# Copyright (C) 2008, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -34,10 +34,12 @@ libcurses = endif -AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem \ +AM_CPPFLAGS = $(COMMON_CFLAGS) \ + -I$(top_srcdir) -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem \ $(ncurses_include) -I$(top_srcdir)/pinentry AM_CXXFLAGS = $(QT4_CORE_CFLAGS) $(QT4_GUI_CFLAGS) -pinentry_qt4_LDADD = $(QT4_CORE_LIBS) $(QT4_GUI_LIBS) $(libcurses) \ +pinentry_qt4_LDADD = $(COMMON_LIBS) \ + $(QT4_CORE_LIBS) $(QT4_GUI_LIBS) $(libcurses) \ ../pinentry/libpinentry.a $(top_builddir)/assuan/libassuan.a \ $(top_builddir)/secmem/libsecmem.a $(LIBCAP) diff --git a/tty/Makefile.am b/tty/Makefile.am index d872fcc..798c08f 100644 --- a/tty/Makefile.am +++ b/tty/Makefile.am @@ -1,5 +1,5 @@ # Makefile.am - PIN entry curses frontend. -# Copyright (C) 2002 g10 Code GmbH +# Copyright (C) 2002, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -20,8 +20,8 @@ bin_PROGRAMS = pinentry-tty -AM_CPPFLAGS = -I$(top_srcdir)/pinentry -LDADD = ../pinentry/libpinentry.a \ +AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/pinentry +LDADD = $(COMMON_LIBS) ../pinentry/libpinentry.a \ ../assuan/libassuan.a ../secmem/libsecmem.a \ $(LIBCAP) $(LIBICONV) diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 5891697..8c15eac 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -1,7 +1,7 @@ /* pinentry-curses.c - A secure curses dialog for PIN entry, library version Copyright (C) 2014 Serge Voilokov Copyright (C) 2015 Daniel Kahn Gillmor - * Copyright (C) 2015 g10 Code GmbH + Copyright (C) 2015 g10 Code GmbH This file is part of PINENTRY. ----------------------------------------------------------------------- Summary of changes: configure.ac | 49 ++++++++- curses/Makefile.am | 7 +- doc/pinentry.texi | 59 ++++++++-- gtk+-2/Makefile.am | 7 +- gtk+-2/pinentry-gtk-2.c | 33 +++++- pinentry/Makefile.am | 8 +- pinentry/password-cache.c | 131 +++++++++++++++++++++++ pinentry/{pinentry-curses.h => password-cache.h} | 33 +++--- pinentry/pinentry.c | 83 +++++++++++++- pinentry/pinentry.h | 26 ++++- qt4/Makefile.am | 8 +- tty/Makefile.am | 6 +- tty/pinentry-tty.c | 2 +- 13 files changed, 397 insertions(+), 55 deletions(-) create mode 100644 pinentry/password-cache.c copy pinentry/{pinentry-curses.h => password-cache.h} (55%) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 14:56:00 2015 From: cvs at cvs.gnupg.org (by Daniel Kahn Gillmor) Date: Thu, 07 May 2015 14:56:00 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.2.0-11-ge6e51c0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via e6e51c067181a94d92353f5af2340e75a839c4e3 (commit) via ccd1811479e9d30dcd207a5031eda07958459fe2 (commit) from 5cdc9c457f4e549491fa3f0db75119abd078b070 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e6e51c067181a94d92353f5af2340e75a839c4e3 Author: Daniel Kahn Gillmor Date: Thu May 7 00:52:48 2015 -0400 clean up assuan documentation * doc/assuan.texi: fix documentation -- Reading up on assuan to create python bindings uncovered a few bugs in the documentation. diff --git a/doc/assuan.texi b/doc/assuan.texi index 78d3658..7ea7d81 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -848,7 +848,7 @@ flags are usually 1 or 0 but certain flags might need other values. @deftp {Data type} assuan_flag_t The flags are all named and collected in an @code{enum} for better readability. -Currently only one flag is defined: +Available flags are: @table @code @item ASSUAN_NO_WAITPID @@ -1106,12 +1106,12 @@ If the peer is not a simple pipe server but one using full-duplex sockets, the full-fledged variant of the above function should be used: - at deftypefun gpg_error_t assuan_pipe_connect (@w{assuan_context_t *@var{ctx}}, at w{const char *@var{name}}, @w{const char *@var{argv}[]}, @w{assuan_fd_t *@var{fd_child_list}}, @w{void (*@var{atfork}) (void *, int)}, @w{void *@var{atforkvalue}}, @w{unsigned int @var{flags}}) + at deftypefun gpg_error_t assuan_pipe_connect (@w{assuan_context_t @var{ctx}}, at w{const char *@var{name}}, @w{const char *@var{argv}[]}, @w{assuan_fd_t *@var{fd_child_list}}, @w{void (*@var{atfork}) (void *, int)}, @w{void *@var{atforkvalue}}, @w{unsigned int @var{flags}}) A call to this functions forks the current process and executes the program @var{name}, passing the arguments given in the NULL-terminated list @var{argv}. A list of file descriptors not to be closed may be -given using the @code{ASSUAN_INVLID_FD} terminated array @var{fd_child_list}. +given using the @code{ASSUAN_INVALID_FD} terminated array @var{fd_child_list}. If @var{name} is a null pointer, only a fork but no exec is done. Thus the child continues to run. However all file descriptors are closed and @@ -1149,13 +1149,13 @@ server. On W32CE systems this flag is ignored. If you are using a long running server listening either on a TCP or a Unix domain socket, the following function is used to connect to the server: - at deftypefun gpg_error_t assuan_socket_connect (@w{assuan_context_t *@var{ctx}}, @w{const char *@var{name}}, @w{pid_t @var{server_pid}}, @w{unsigned int @var{flags}}) + at deftypefun gpg_error_t assuan_socket_connect (@w{assuan_context_t @var{ctx}}, @w{const char *@var{name}}, @w{pid_t @var{server_pid}}, @w{unsigned int @var{flags}}) -Make a connection to the Unix domain socket @var{name} and return a -new Assuan context at @var{ctx}. @var{server_pid} is currently not -used but may become handy in the future; if you don't know the -server's process ID (PID), pass @code{ASSUAN_INVALID_PID}. With - at var{flags} set to @code{ASSUAN_SOCKET_CONNECT_FDPASSIN}, +Make a connection to the Unix domain socket @var{name} using the +already-initialized Assuan context at @var{ctx}. @var{server_pid} is +currently not used but may become handy in the future; if you don't +know the server's process ID (PID), pass @code{ASSUAN_INVALID_PID}. +With @var{flags} set to @code{ASSUAN_SOCKET_CONNECT_FDPASSING}, @code{sendmsg} and @code{recvmesg} are used for input and output and thereby enable the use of descriptor passing. commit ccd1811479e9d30dcd207a5031eda07958459fe2 Author: Neal H. Walfield Date: Thu May 7 14:51:04 2015 +0200 Documentation cleanups. diff --git a/doc/assuan.texi b/doc/assuan.texi index b932be0..78d3658 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -140,29 +140,34 @@ Indices @node Introduction @chapter Introduction to Assuan -In an ideal world, Assuan would not be necessary. Assuan's primary -use is to allow a client to interact with a non-persistent server. -Using Assuan, this is accomplished by forking a subprocess and -communicating with it via, for example, a pipe or Unix domain socket. -This method is neither elegant nor efficient, especially when there is -a lot of data spread across several transactions: not only is there a -penalty for an increased number of context switches, but also a -significant amount of data is @var{memcpy}ed from the client to a file -descriptor and from the file descriptor to the server. Despite these -and other disadvantages, this type of client/server communication can -be useful: the client is completely separate from the server; they are -in different address spaces. This is especially important in -situations where the server must have a known degree of reliability -and data must be protected: as the Assuan protocol is well defined and -clients cannot corrupt the servers' address space, auditing becomes -much easier. - -Assuan was developed for use by the GNU Privacy Guard, GnuPG, to +Assuan is an extensible inter-process communication (IPC) protocol and +library. It is designed for point-to-point communication and it +doesn't provide a naming system. To contact a server, either the +client must know how to locate the server, e.g., via a well-known Unix +domain socket, or, if the server is transient, how to start it. In +the latter case, Assuan provides functionality to start the server +process. + +In Assuan, communication is typically either via a pipe or a Unix +domain socket. This method is neither elegant nor efficient, +especially when there is a lot of data spread across several +transactions. Not only is there a penalty for an increased number of +context switches, but a significant amount of data is @var{memcpy}ed +from the client to a file descriptor and from the file descriptor to +the server. Despite these and other disadvantages, this type of +client/server communication is useful: the client is separated from +the server: they run in different address spaces. This is especially +important in situations where the server must have a known degree of +reliability and data must be protected: as the Assuan protocol is well +defined and clients cannot corrupt the servers' address space, +auditing becomes much easier. + +Assuan was developed for use by the GNU Privacy Guard (GnuPG) to prevent potentially buggy clients from unwittingly corrupting sensitive transactions or compromising data such as a secret key. -Assuan permits the servers, which do the actual work, e.g. encryption +Assuan permits the servers, which do the actual work, e.g., encryption and decryption of data using a secret key, to be developed -independently of the user interfaces, e.g. mail clients and other +independently of the user interfaces, e.g., mail clients and other encryption front ends. Like a shared library, the interface is well defined and any number of front ends can use it; however, unlike a shared library, the client cannot see or touch the server's data. As @@ -171,15 +176,15 @@ understandable and less error prone. Assuan is not, however, limited to use with GnuPG servers and clients: it was designed to be flexible enough to meet the demands of many -transaction based environments with non-persistent servers. +transaction-based environments. @node Assuan @chapter Description of the Assuan protocol. The architecture of the modular GnuPG system is based on several -highly specialized modules which compose a network of client/server -communication. A common framework for intermodule communication is -therefore needed and should be implemented in a library. +highly specialized modules which form a network of clients and +servers. A common framework for intermodule communication is +therefore needed and implemented as a library. Goals: @@ -214,18 +219,18 @@ Design criteria: The implementation is line based with a maximum line size of 1000 octets. The default IPC mechanism is Unix Domain Sockets. -On a connect request the server responds either with an okay or an -error status. For authentication-check the server may send an Inquiry -response prior to the first Okay, and it may also issue Status -messages. The server must check that the client is allowed to -connect, this is done by requesting the credentials for the peer and -comparing them to those of the server. This avoids attacks based on -wrong socket permissions. +On connect, the server responds either with okay or an error status. +To perform an authentication check, the server may send an Inquiry +response prior to the first Okay. It may also issue Status messages. +The server must check that the client is allowed to connect. This is +done by requesting the credentials for the peer and comparing them +with the server's credentials. This avoids attacks based on wrong +socket permissions. -It may choose to delay the first response in case of an error. The -server never closes the connection - however the lower protocol may do -so after some time of inactivity or when the connection is in an error -state. +The server may choose to delay the first response in case of an error. +The server, however, never closes the connection, however, the lower +protocol may do so after some time of inactivity or when the +connection enters an error state. All textual messages are assumed to be in UTF-8 unless otherwise noted. @@ -249,42 +254,70 @@ Request could not be fulfilled. The possible error codes are defined by @code{libgpg-error}. @item S @var{keyword} -Informational output by the server, still processing the request. A -client may not send such lines to the server while processing an Inquiry -command. @var{keyword} shall start with a letter or an underscore. +Informational output by the server, which is still processing the +request. A client may not send such lines to the server while +processing an Inquiry command. @var{keyword} shall start with a +letter or an underscore. @item # Comment line issued only for debugging purposes. Totally ignored. @item D Raw data returned to client. There must be exactly one space after the -'D'. The values for '%', CR and LF must be percent escaped; this is -encoded as %25, %0D and %0A. Only uppercase letters should be used in -the hexadecimal representation. Other characters may be percent escaped -for easier debugging. All these Data lines are considered one data -stream up to the OK or ERR response. Status and Inquiry Responses -may be mixed with the Data lines. +'D'. The values for '%', CR and LF must be percent escaped; these are +encoded as %25, %0D and %0A, respectively. Only uppercase letters +should be used in the hexadecimal representation. Other characters +may be percent escaped for easier debugging. All Data lines are +considered one data stream up to the OK or ERR response. Status and +Inquiry Responses may be mixed with the Data lines. @item INQUIRE @var{keyword} -Server needs further information from the client. The client should -answer with a command which is allowed after an inquiry. Note that the -server does not confirm that client command but either continues -processing or ends processing with an error status. Not all commands -are allowed. +The server needs further information from the client. The client +should respond with data (using the ``D'' command and terminated by +``END''). Alternatively, the client may cancel the current operation +by responding with ``CAN''. @end table +Consider the following examples (lines prefixed with S indicate text +that the server sends; lines prefixed with C indicate text that the +client sends): + + at example +S: INQUIRE foo +C: D foo bar +C: D bar baz +C: END +[Server continues normal work] + at end example + +This implements a callback to the client: + + at example +S: INQUIRE foo +C: END +[Server continues] + at end example + +and: + + at example +S: INQUIRE foo +C: CAN +[Server terminates the operaion and in most cases returns an ERR to the client.] + at end example + +But, CAN may also mean ``I have no data for you, try to get it from +elsewhere.'' -A client should only check the first letter of each line and then skip -over to the next token (except for data lines where the raw data starts -exactly after 2 bytes). Lines larger than 1000 bytes should be -treated as a communication error. (The rationale for having a line -length limit is to allow for easier multiplexing of several channels). +Note: lines longer than 1000 bytes should be treated as a +communication error. (The rationale for having a line length limit is +to allow for easier multiplexing of several channels.) @node Client requests @section Client requests -The server waits for client requests after he sent an Okay or Error. +The server waits for client requests after sending an Okay or Error. The client should not issue a request in other cases. @example @@ -292,30 +325,31 @@ The client should not issue a request in other cases. @end example @var{command} is a one word string without preceding white space. -Parameters are command specific, CR, LF and the percent signs should be -percent escaped as described above. To send a backslash as the last -character it should also be percent escaped. Percent escaping is +Parameters are command specific, CR, LF and the percent signs should +be percent escaped as described above. To send a backslash as the +last character it should also be percent escaped. Percent escaping is allowed anywhere in the parameters but not in the command. The line -ends with a CR, LF or just a LF. +ends with a CR, LF pair or just a LF. Not yet implemented feature: If there is a need for a parameter list -longer than the line length limit (1000 characters including command and -CR, LF), the last character of the line (right before the CR/LF or LF) -must be a non-escape encoded backslash. The following line is then -expected to be a continuation of the line with the backslash replaced by -a blank and the line ending removed. +longer than the line length limit (1000 characters including command +and CR, LF), the last character of the line (right before the CR/LF or +LF) must be a unescaped (i.e., literal) backslash. The following line +is then expected to be a continuation of the line with the backslash +replaced by a blank and the line ending removed. @example D @end example -Raw data to the server. There must be exactly one space after the 'D'. -The values for '%', CR and LF must be percent escaped; this is encoded -as %25, %0D and %0A. Only uppercase letters should be used in the -hexadecimal representation. Other characters may be percent escaped -for easier debugging. All these Data lines are considered one data -stream up to the @code{OK} or @code{ERR} response. Status and Inquiry -Responses may be mixed with the Data lines. +Sends raw data to the server. There must be exactly one space after +the 'D'. The values for '%', CR and LF must be percent escaped. +These are encoded as %25, %0D and %0A, respectively. Only uppercase +letters should be used in the hexadecimal representation. Other +characters may be percent escaped for easier debugging. All Data +lines are considered one data stream up to the @code{OK} or @code{ERR} +response. Status and Inquiry Responses may be mixed with the Data +lines. @example END @@ -324,12 +358,12 @@ END Lines beginning with a @code{#} or empty lines are ignored. This is useful to comment test scripts. -Although the commands are application specific, some of them are used by -all protocols and partly directly supported by the Assuan library: +Although the commands are application specific, some of them are used +by all protocols and partly supported by the Assuan library: @table @code @item BYE -Close the connection. The server will reply with @code{OK}. +Close the connection. The server will respond with @code{OK}. @item RESET Reset the connection but not any existing authentication. The server @@ -373,7 +407,7 @@ No operation. Returns OK without any action. @section Error codes Libassuan is used with gpg-error style error codes. It is recommended -to set the error source to a different value than the default +to set the error source to a different value from the default @code{GPG_ERR_SOURCE_UNKNOWN} by calling @ref{function assuan_set_gpg_err_source} early. @@ -384,7 +418,7 @@ assuan_set_gpg_err_source} early. @node Preparation @chapter Preparation -To use @sc{Assuan}, you have to perform some changes to your +To use @sc{Assuan}, you have to make some changes to your sources and the build system. The necessary changes are small and explained in the following sections. @@ -408,14 +442,14 @@ file, like this: #include @end example -The name space of @code{libassuan} is @code{assuan_*} for function +The namespace of @code{libassuan} is @code{assuan_*} for function and type names and @code{ASSUAN*} for other symbols. In addition the same name prefixes with one prepended underscore are reserved for internal use and should never be used by an application. Because @code{libassuan} makes use of the GPG Error library, using - at code{libassuan} will also use the @code{GPG_ERR_*} name space -directly, and the @code{gpg_err*} and @code{gpg_str*} name space + at code{libassuan} will also use the @code{GPG_ERR_*} namespace +directly, and the @code{gpg_err*} and @code{gpg_str*} namespaces indirectly. @@ -459,8 +493,8 @@ link @file{foo.o} with the @code{libassuan} library to a program gcc -o foo foo.o $(libassuan-config --libs) @end example -Of course you can also combine both examples to a single command by -specifying both options to @command{libassuan-config}: +You can also combine both examples to a single command by specifying +both options to @command{libassuan-config}: @example gcc -o foo foo.c $(libassuan-config --cflags --libs) @@ -538,8 +572,8 @@ across contexts. @node Data Types @section Data Types used by the library - at sc{Assuan} uses a context to keep the state for a connection. The -following data type is used for that: + at sc{Assuan} uses a so-called context to store a connection's state. +The following data type is used for that: @deftp {Data type} assuan_context_t The @code{assuan_context_t} type is a pointer to an object maintained @@ -1257,7 +1291,7 @@ command_handler (int fd) @end example @noindent -This is the first part of the command handler. We start of by +This is the first part of the command handler. We start off by allocating a new Assuan context with @code{assuan_new}. @xref{function assuan_new}. @@ -1268,30 +1302,30 @@ initialization is thus done using the function: @deftypefun gpg_error_t assuan_init_pipe_server (@w{assuan_context_t @var{ctx}}, @w{assuan_fd_t @var{filedes}[2]}) -The function takes the two file descriptors from @var{filedes} and +This function takes the two file descriptors from @var{filedes} and returns a new Assuan context at @var{r_ctx}. As usual, a return value -of @code{0} indicates success and a failure is indicated by a +of @code{0} indicates success and a failure is indicated by returning an error value. In case of error, @code{NULL} will be stored at @var{r_ctx}. In case the server has been called using a bi-directional pipe (socketpair), @var{filedes} is ignored and the file descriptor is taken from the environment variable @env{_assuan_connection_fd}. You -won't need to know that because @code{assuan_pipe_connect}, used -by the client to connect to such a server, automagically sets this -variable. +generally don't need to know this, because @code{assuan_pipe_connect}, +which is called by the client to connect to such a server, +automagically sets this variable. @end deftypefun @deftypefun gpg_error_t assuan_init_socket_server (@w{assuan_context_t @var{ctx}}, @w{assuan_fd_t @var{fd}}, @w{unsigned int @var{flags}}) -The function takes the file descriptor @var{fd} which is expected to -be associated with a socket and an Assuan context @var{ctx}. The +This function takes the file descriptor @var{fd}, which is expected to +be associated with a socket, and an Assuan context @var{ctx}. The following bits are currently defined for @var{flags}: @table @code @item ASSUAN_SOCKET_SERVER_FDPASSING If set, @code{sendmsg} and @code{recvmesg} are used for input and -output and thus enabling the use of descriptor passing. +output, which enables the use of descriptor passing. @item ASSUAN_SOCKET_SERVER_ACCEPTED If set, @var{fd} refers to an already accepted socket. That is, Libassuan won't call @var{accept} for it. It is suggested to set this @@ -1299,7 +1333,7 @@ bit as it allows better control of the connection state. @end table As usual, a return value of @code{0} indicates success and a failure -is indicated by a returning an error value. +is indicated by returning an error value. @end deftypefun @noindent @@ -1312,8 +1346,8 @@ On the Windows platform the following function needs to be called after Save a copy of @var{nonce} in context @var{ctx}. This should be used to register the server's nonce with a context established by - at code{assuan_init_socket_server}. It is actually only needed for -Windows but it does not harm to use it on other systems as well. + at code{assuan_init_socket_server}. It is technically only needed for +Windows, but it does no harm to use it on other systems. @end deftypefun @@ -1500,18 +1534,18 @@ also allowed to modify that line which makes parsing much easier. @chapter How to use external I/O event loops The above implementations of an Assuan client and server are -synchronous, insofar the main routines block until a request or client -connection is completely processed. In some programs, for example GUI -applications, this is undesirable. Instead, Assuan operations should -be non-blocking, and the caller should be able to poll all involved -file descriptors to determine when the next Assuan function can be -invoked without blocking. +synchronous, insofar as the main routines block until a request or +client connection is completely processed. In some programs, for +example GUI applications, this is undesirable. Instead, Assuan +operations should be non-blocking, and the caller should be able to +poll all involved file descriptors to determine when the next Assuan +function can be invoked without blocking. To make this possible, client and server have to adhere to some rules: @itemize @bullet @item Either partner should always write full lines. If partial lines are -written, the remainder of the line should b sent without delay. +written, the remainder of the line should be sent without delay. @item Either partner should eagerly receive status messages. While receiving and sending bulk data may be delayed, the status ----------------------------------------------------------------------- Summary of changes: doc/assuan.texi | 256 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 145 insertions(+), 111 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 15:05:17 2015 From: cvs at cvs.gnupg.org (by Kristian Fiskerstrand) Date: Thu, 07 May 2015 15:05:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-31-gd0d4984 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d0d4984cfec54dee727b9e9d33d09e33c6f2e182 (commit) via ac77e6254b7e98e69267a2476cd593e36408e975 (commit) via 56b5c9f94f2e55d096be585ed061ccf1c9ec0de6 (commit) via 74944330ba7229ed0cbe23cc0f573962a444bd07 (commit) via d3b5cad2346bd5747789dc62d7804fa5c15f4f3b (commit) from 874ef16e70ab750db7b153f17a7e859a0db6a2f1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d0d4984cfec54dee727b9e9d33d09e33c6f2e182 Author: Kristian Fiskerstrand Date: Sun Apr 12 01:11:07 2015 +0200 dirmngr: Fix segfault in ldap engine (ks-engine-ldap.c) Fix segfault caused by missing check whether uri is initialized diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index aefd12a..4288119 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -306,7 +306,9 @@ ks_ldap_help (ctrl_t ctrl, parsed_uri_t uri) "Supported methods: search, get, put\n"; gpg_error_t err; - if (strcmp (uri->scheme, "ldap") == 0 + if(!uri) + err = ks_print_help (ctrl, " ldap"); + else if (strcmp (uri->scheme, "ldap") == 0 || strcmp (uri->scheme, "ldaps") == 0 || strcmp (uri->scheme, "ldapi") == 0) err = ks_print_help (ctrl, data); commit ac77e6254b7e98e69267a2476cd593e36408e975 Author: Neal H. Walfield Date: Wed May 6 15:27:23 2015 +0200 agent: Improve some comments. -- Signed-off-by: Neal H. Walfield diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 8c6fd08..77b1739 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -47,8 +47,8 @@ /* Because access to the pinentry must be serialized (it is and shall - be a global mutual dialog) we should better timeout further - requests after some time. 2 minutes seem to be a reasonable + be a global mutually exclusive dialog) we better timeout pending + requests after some time. 1 minute seem to be a reasonable time. */ #define LOCK_TIMEOUT (1*60) @@ -279,8 +279,8 @@ start_pinentry (ctrl_t ctrl) log_error ("error flushing pending output: %s\n", strerror (errno)); /* At least Windows XP fails here with EBADF. According to docs and Wine an fflush(NULL) is the same as _flushall. However - the Wime implementaion does not flush stdin,stdout and stderr - - see above. Lets try to ignore the error. */ + the Wine implementaion does not flush stdin,stdout and stderr + - see above. Let's try to ignore the error. */ #ifndef HAVE_W32_SYSTEM return unlock_pinentry (tmperr); #endif @@ -490,7 +490,7 @@ start_pinentry (ctrl_t ctrl) } -/* Returns True is the pinentry is currently active. If WAITSECONDS is +/* Returns True if the pinentry is currently active. If WAITSECONDS is greater than zero the function will wait for this many seconds before returning. */ int @@ -564,7 +564,7 @@ all_digitsp( const char *s) /* Return a new malloced string by unescaping the string S. Escaping is percent escaping and '+'/space mapping. A binary Nul will silently be replaced by a 0xFF. Function returns NULL to indicate - an out of memory status. PArsing stops at the end of the string or + an out of memory status. Parsing stops at the end of the string or a white space character. */ static char * unescape_passphrase_string (const unsigned char *s) @@ -747,7 +747,7 @@ pinentry_status_cb (void *opaque, const char *line) /* Call the Entry and ask for the PIN. We do check for a valid PIN number here and repeat it as long as we have invalid formed - numbers. KEYINFO and CACHEMODE are used to tell pinentry something + numbers. KEYINFO and CACHE_MODE are used to tell pinentry something about the key. */ int agent_askpin (ctrl_t ctrl, commit 56b5c9f94f2e55d096be585ed061ccf1c9ec0de6 Author: Neal H. Walfield Date: Wed May 6 15:20:32 2015 +0200 agent: Improve support for externally cached passwords. * agent/call-pinentry.c (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New constant. (pinentry_status_cb): Add it to *FLAGS if PASSWORD_FROM_CACHE was provided. (agent_askpin): Pass "OPTION allow-external-password-cache" to the pinentry. Always pass SETKEYINFO to the pinentry. If there is no stable identifier, then use "--clear". If the password is incorrect and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set in *PINENTRY_STATUS, then decrement PININFO->FAILED_TRIES. -- Signed-off-by: Neal H. Walfield diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 9253866..8c6fd08 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -713,7 +713,8 @@ setup_qualitybar (void) enum { PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, - PINENTRY_STATUS_PIN_REPEATED = 1 << 8 + PINENTRY_STATUS_PIN_REPEATED = 1 << 8, + PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9 }; /* Check the button_info line for a close action. Also check for the @@ -733,6 +734,10 @@ pinentry_status_cb (void *opaque, const char *line) { *flag |= PINENTRY_STATUS_PIN_REPEATED; } + else if (has_leading_keyword (line, "PASSWORD_FROM_CACHE")) + { + *flag |= PINENTRY_STATUS_PASSWORD_FROM_CACHE; + } return 0; } @@ -809,23 +814,36 @@ agent_askpin (ctrl_t ctrl, if (rc) return rc; - /* If we have a KYEINFO string and are normal, user, or ssh cache + /* Indicate to the pinentry that it may read from an external cache. + + It is essential that the pinentry respect this. If the cached + password is not up to date and retry == 1, then, using a version + of GPG Agent that doesn't support this, won't issue another pin + request and the user won't get a chance to correct the + password. */ + rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) + return unlock_pinentry (rc); + + /* If we have a KEYINFO string and are normal, user, or ssh cache mode, we tell that the Pinentry so it may use it for own caching purposes. Most pinentries won't have this implemented and thus we do not error out in this case. */ if (keyinfo && (cache_mode == CACHE_MODE_NORMAL || cache_mode == CACHE_MODE_USER || cache_mode == CACHE_MODE_SSH)) - { - snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s", - cache_mode == CACHE_MODE_USER? 'u' : - cache_mode == CACHE_MODE_SSH? 's' : 'n', - keyinfo); - rc = assuan_transact (entry_ctx, line, - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); - } + snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s", + cache_mode == CACHE_MODE_USER? 'u' : + cache_mode == CACHE_MODE_SSH? 's' : 'n', + keyinfo); + else + snprintf (line, DIM(line)-1, "SETKEYINFO --clear"); + + rc = assuan_transact (entry_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) + return unlock_pinentry (rc); snprintf (line, DIM(line)-1, "SETDESC %s", desc_text); line[DIM(line)-1] = 0; @@ -965,6 +983,11 @@ agent_askpin (ctrl_t ctrl, pininfo->repeat_okay = 1; return unlock_pinentry (0); /* okay, got a PIN or passphrase */ } + + if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) + /* The password was read from the cache. Don't count this + against the retry count. */ + pininfo->failed_tries --; } return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN commit 74944330ba7229ed0cbe23cc0f573962a444bd07 Author: Neal H. Walfield Date: Wed May 6 14:50:38 2015 +0200 agent: Or in the value; don't overwrite the variable. * agent/call-pinentry.c (pinentry_status_cb): Or in PINENTRY_STATUS_CLOSE_BUTTON; don't overwrite *FLAG. -- Signed-off-by: Neal H. Walfield diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index d24a759..9253866 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -727,7 +727,7 @@ pinentry_status_cb (void *opaque, const char *line) if ((args = has_leading_keyword (line, "BUTTON_INFO"))) { if (!strcmp (args, "close")) - *flag = PINENTRY_STATUS_CLOSE_BUTTON; + *flag |= PINENTRY_STATUS_CLOSE_BUTTON; } else if (has_leading_keyword (line, "PIN_REPEATED")) { commit d3b5cad2346bd5747789dc62d7804fa5c15f4f3b Author: Neal H. Walfield Date: Wed May 6 14:35:22 2015 +0200 agent: Avoid magic numbers. Use more accurate names. * agent/call-pinentry.c (PINENTRY_STATUS_CLOSE_BUTTON): New constant. (PINENTRY_STATUS_PIN_REPEATED): Likewise. (close_button_status_cb): Rename from this... (pinentry_status_cb): ... to this. Use the constants. (agent_askpin): Rename local variable from close_button to pinentry_status. Use symbolic constants rather than magic numbers. -- Signed-off-by: Neal H. Walfield diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index d3a0547..d24a759 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -710,11 +710,16 @@ setup_qualitybar (void) return 0; } +enum + { + PINENTRY_STATUS_CLOSE_BUTTON = 1 << 0, + PINENTRY_STATUS_PIN_REPEATED = 1 << 8 + }; /* Check the button_info line for a close action. Also check for the PIN_REPEATED flag. */ static gpg_error_t -close_button_status_cb (void *opaque, const char *line) +pinentry_status_cb (void *opaque, const char *line) { unsigned int *flag = opaque; const char *args; @@ -722,11 +727,11 @@ close_button_status_cb (void *opaque, const char *line) if ((args = has_leading_keyword (line, "BUTTON_INFO"))) { if (!strcmp (args, "close")) - *flag = 1; + *flag = PINENTRY_STATUS_CLOSE_BUTTON; } else if (has_leading_keyword (line, "PIN_REPEATED")) { - *flag |= 256; + *flag |= PINENTRY_STATUS_PIN_REPEATED; } return 0; @@ -752,7 +757,7 @@ agent_askpin (ctrl_t ctrl, const char *errtext = NULL; int is_pin = 0; int saveflag; - unsigned int close_button; + unsigned int pinentry_status; if (opt.batch) return 0; /* fixme: we should return BAD PIN */ @@ -901,10 +906,10 @@ agent_askpin (ctrl_t ctrl, saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); - close_button = 0; + pinentry_status = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, inq_quality, entry_ctx, - close_button_status_cb, &close_button); + pinentry_status_cb, &pinentry_status); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and @@ -916,7 +921,8 @@ agent_askpin (ctrl_t ctrl, /* Change error code in case the window close button was clicked to cancel the operation. */ - if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED) + if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON) + && gpg_err_code (rc) == GPG_ERR_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); if (gpg_err_code (rc) == GPG_ERR_ASS_TOO_MUCH_DATA) @@ -954,7 +960,8 @@ agent_askpin (ctrl_t ctrl, if (!errtext) { - if (pininfo->with_repeat && (close_button & 256)) + if (pininfo->with_repeat + && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED)) pininfo->repeat_okay = 1; return unlock_pinentry (0); /* okay, got a PIN or passphrase */ } @@ -978,7 +985,7 @@ agent_get_passphrase (ctrl_t ctrl, char line[ASSUAN_LINELENGTH]; struct entry_parm_s parm; int saveflag; - unsigned int close_button; + unsigned int pinentry_status; *retpass = NULL; if (opt.batch) @@ -1055,10 +1062,10 @@ agent_get_passphrase (ctrl_t ctrl, saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); - close_button = 0; + pinentry_status = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, inq_quality, entry_ctx, - close_button_status_cb, &close_button); + pinentry_status_cb, &pinentry_status); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and @@ -1067,7 +1074,8 @@ agent_get_passphrase (ctrl_t ctrl, rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); /* Change error code in case the window close button was clicked to cancel the operation. */ - if ((close_button & 1) && gpg_err_code (rc) == GPG_ERR_CANCELED) + if ((pinentry_status & PINENTRY_STATUS_CLOSE_BUTTON) + && gpg_err_code (rc) == GPG_ERR_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_FULLY_CANCELED); if (rc) ----------------------------------------------------------------------- Summary of changes: agent/call-pinentry.c | 91 ++++++++++++++++++++++++++++++++---------------- dirmngr/ks-engine-ldap.c | 4 ++- 2 files changed, 64 insertions(+), 31 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 15:42:58 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 07 May 2015 15:42:58 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-20-g1a8af55 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 1a8af55b76d8235ce891f44808064e7f846e193c (commit) via 09203147bef487c9a85f55f8cc96d265197b0bf5 (commit) from 3a8daef81c49dc3c04b6703a0384381cb43eb91b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1a8af55b76d8235ce891f44808064e7f846e193c Author: Neal H. Walfield Date: Thu May 7 15:42:50 2015 +0200 Don't use asprintf. * pinentry/password-cache.c (keygrip_to_label): Don't use asprintf. diff --git a/pinentry/password-cache.c b/pinentry/password-cache.c index 53bb39f..3548cdf 100644 --- a/pinentry/password-cache.c +++ b/pinentry/password-cache.c @@ -40,7 +40,7 @@ gpg_schema (void) "org.gnupg.Passphrase", SECRET_SCHEMA_NONE, { { "stored-by", SECRET_SCHEMA_ATTRIBUTE_STRING }, - { "key-grip", SECRET_SCHEMA_ATTRIBUTE_STRING }, + { "keygrip", SECRET_SCHEMA_ATTRIBUTE_STRING }, { "NULL", 0 }, } }; @@ -48,26 +48,32 @@ gpg_schema (void) } static char * -key_grip_to_label (const char *key_grip) +keygrip_to_label (const char *keygrip) { - char *label = NULL; - if (asprintf(&label, "GnuPG: %s", key_grip) < 0) - return NULL; + char const prefix[] = "GnuPG: "; + char *label; + + label = malloc (sizeof (prefix) + strlen (keygrip)); + if (label) + { + memcpy (label, prefix, sizeof (prefix) - 1); + strcpy (&label[sizeof (prefix) - 1], keygrip); + } return label; } #endif void -password_cache_save (const char *key_grip, const char *password) +password_cache_save (const char *keygrip, const char *password) { #ifdef HAVE_LIBSECRET char *label; GError *error = NULL; - if (! *key_grip) + if (! *keygrip) return; - label = key_grip_to_label (key_grip); + label = keygrip_to_label (keygrip); if (! label) return; @@ -75,10 +81,10 @@ password_cache_save (const char *key_grip, const char *password) SECRET_COLLECTION_DEFAULT, label, password, NULL, &error, "stored-by", "GnuPG Pinentry", - "key-grip", key_grip, NULL)) + "keygrip", keygrip, NULL)) { printf("Failed to cache password for key %s with secret service: %s\n", - key_grip, error->message); + keygrip, error->message); g_error_free (error); } @@ -90,24 +96,24 @@ password_cache_save (const char *key_grip, const char *password) } char * -password_cache_lookup (const char *key_grip) +password_cache_lookup (const char *keygrip) { #ifdef HAVE_LIBSECRET GError *error = NULL; char *password; char *password2; - if (! *key_grip) + if (! *keygrip) return NULL; password = secret_password_lookup_nonpageable_sync (gpg_schema (), NULL, &error, - "key-grip", key_grip, NULL); + "keygrip", keygrip, NULL); if (error != NULL) { printf("Failed to lookup password for key %s with secret service: %s\n", - key_grip, error->message); + keygrip, error->message); g_error_free (error); return NULL; } commit 09203147bef487c9a85f55f8cc96d265197b0bf5 Author: Neal H. Walfield Date: Thu May 7 15:42:19 2015 +0200 Improve documentation. * doc/pinentry.texi: Improve description of SETKEYINFO's format. diff --git a/doc/pinentry.texi b/doc/pinentry.texi index 2c8aae1..ec6cc4f 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -448,16 +448,20 @@ Note: it is strongly recommended that a pinentry supporting this feature provide the user an option to enable it manually. That is, saving a passphrase in an external password manager should be opt-in. -The key identifier provided by SETKEYINFO is the key grip, which is -not the OpenPGP Key ID. To map the key grip to a key, you can use the -following: +The key identifier provided SETKEYINFO must be considered opaque and +may change in the future. It currently has the form + at code{X/HEXSTRING} where @code{X} is either @code{n}, @code{s}, or + at code{u}. In the former two cases, the HEXSTRING corresponds to the +key grip. The key grip is not the OpenPGP Key ID, but it can be +mapped to the key using the following: @example # gpg2 --with-keygrip --list-secret-keys @end example @noindent -and search for the key grip. +and searching the output for the key grip. The same command-line +options can also be used with gpgsm. @end table ----------------------------------------------------------------------- Summary of changes: doc/pinentry.texi | 12 ++++++++---- pinentry/password-cache.c | 34 ++++++++++++++++++++-------------- 2 files changed, 28 insertions(+), 18 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 7 15:43:05 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 07 May 2015 15:43:05 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-32-g436f206 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 436f2060721e997479a9dd5be8dfc73627dd49c9 (commit) from d0d4984cfec54dee727b9e9d33d09e33c6f2e182 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 436f2060721e997479a9dd5be8dfc73627dd49c9 Author: Werner Koch Date: Thu May 7 15:42:00 2015 +0200 agent: Minor change for 56b5c9f. * agent/call-pinentry.c (agent_askpin): Move option setting to ... (start_pinentry): here. Fix error code check. Signed-off-by: Werner Koch diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 77b1739..0a0f95b 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -407,6 +407,20 @@ start_pinentry (ctrl_t ctrl) return unlock_pinentry (rc); } + + /* Indicate to the pinentry that it may read from an external cache. + + It is essential that the pinentry respect this. If the cached + password is not up to date and retry == 1, then, using a version + of GPG Agent that doesn't support this, won't issue another pin + request and the user won't get a chance to correct the + password. */ + rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) + return unlock_pinentry (rc); + + { /* Provide a few default strings for use by the pinentries. This may help a pinentry to avoid implementing localization code. */ @@ -814,18 +828,6 @@ agent_askpin (ctrl_t ctrl, if (rc) return rc; - /* Indicate to the pinentry that it may read from an external cache. - - It is essential that the pinentry respect this. If the cached - password is not up to date and retry == 1, then, using a version - of GPG Agent that doesn't support this, won't issue another pin - request and the user won't get a chance to correct the - password. */ - rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); - /* If we have a KEYINFO string and are normal, user, or ssh cache mode, we tell that the Pinentry so it may use it for own caching purposes. Most pinentries won't have this implemented and thus ----------------------------------------------------------------------- Summary of changes: agent/call-pinentry.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 8 16:10:20 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 08 May 2015 16:10:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-36-g64e809b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 64e809b791645f343feb69112baba8e2700e454b (commit) via 3c439c0447f8a7468a61bbdc4c9a101ef2451dcb (commit) via b772e459fa91cdc7facd95227ebc0faba20a7003 (commit) via d95beb85dfa413a9f61c7026607574e9bf608ab0 (commit) from 436f2060721e997479a9dd5be8dfc73627dd49c9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 64e809b791645f343feb69112baba8e2700e454b Author: Werner Koch Date: Fri May 8 16:08:57 2015 +0200 gpg: New command --quick-adduid. * g10/keygen.c (ask_user_id): Factor some code out to ... (uid_already_in_keyblock): new. (generate_user_id): Add arg UIDSTR. Fix leaked P. * g10/keyedit.c (menu_adduid): Add new arg uidstring. Adjust caller. (keyedit_quick_adduid): New. * g10/gpg.c (aQuickAddUid): New. (opts): Add command --quick-adduid. (main): Implement that. -- GnuPG-bug-id: 1956 Signed-off-by: Werner Koch diff --git a/doc/gpg.texi b/doc/gpg.texi index 2e72309..887a624 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -568,7 +568,7 @@ This section explains the main commands for key management @ifset gpgtwoone @item --quick-gen-key @code{user-id} @opindex quick-gen-key -This is simple command to generate a standard key with one user id. +This is a simple command to generate a standard key with one user id. In contrast to @option{--gen-key} the key is generated directly without the need to answer a bunch of prompts. Unless the option @option{--yes} is given, the key creation will be canceled if the @@ -945,6 +945,16 @@ Its intended use is to help unattended key signing by utilizing a list of verified fingerprints. @end ifset + at ifset gpgtwoone + at item --quick-adduid @var{user-id} @var{new-user-id} + at opindex quick-adduid +This command adds a new user id to an existing key. In contrast to +the interactive sub-command @code{adduid} of @option{--edit-key} the + at var{new-user-id} is added verbatim with only leading and trailing +white space removed, it is expected to be UTF-8 encoded, and no checks +on its form are applied. + at end ifset + @item --passwd @var{user_id} @opindex passwd Change the passphrase of the secret key belonging to the certificate diff --git a/g10/gpg.c b/g10/gpg.c index 13d6884..5a8a662 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -116,6 +116,7 @@ enum cmd_and_opt_values aLSignKey, aQuickSignKey, aQuickLSignKey, + aQuickAddUid, aListConfig, aListGcryptConfig, aGPGConfList, @@ -414,6 +415,8 @@ static ARGPARSE_OPTS opts[] = { N_("generate a new key pair")), ARGPARSE_c (aQuickKeygen, "quick-gen-key" , N_("quickly generate a new key pair")), + ARGPARSE_c (aQuickAddUid, "quick-adduid", + N_("quickly add a new user-id")), ARGPARSE_c (aFullKeygen, "full-gen-key" , N_("full featured key pair generation")), ARGPARSE_c (aGenRevoke, "gen-revoke",N_("generate a revocation certificate")), @@ -2327,6 +2330,7 @@ main (int argc, char **argv) case aLSignKey: case aStore: case aQuickKeygen: + case aQuickAddUid: case aExportOwnerTrust: case aImportOwnerTrust: case aRebuildKeydbCaches: @@ -3604,6 +3608,7 @@ main (int argc, char **argv) case aDeleteSecretKeys: case aDeleteSecretAndPublicKeys: case aQuickKeygen: + case aQuickAddUid: case aFullKeygen: case aKeygen: case aImport: @@ -3924,6 +3929,18 @@ main (int argc, char **argv) } break; + case aQuickAddUid: + { + const char *uid, *newuid; + + if (argc != 2) + wrong_args ("--quick-adduid USER-ID NEW-USER-ID"); + uid = *argv++; argc--; + newuid = *argv++; argc--; + keyedit_quick_adduid (ctrl, uid, newuid); + } + break; + case aFastImport: opt.import_options |= IMPORT_FAST; case aImport: diff --git a/g10/keyedit.c b/g10/keyedit.c index 804eff1..be15b09 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1,7 +1,6 @@ -/* keyedit.c - keyedit stuff - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008, 2009, 2010 Free Software Foundation, Inc. - * Copyright (C) 2013, 2014 Werner Koch +/* keyedit.c - Edit properties of a key + * Copyright (C) 1998-2010 Free Software Foundation, Inc. + * Copyright (C) 1998-2015 Werner Koch * * This file is part of GnuPG. * @@ -59,7 +58,8 @@ static void show_key_with_all_names (estream_t fp, int nowarn); static void show_key_and_fingerprint (KBNODE keyblock); static void subkey_expire_warning (kbnode_t keyblock); -static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name); +static int menu_adduid (KBNODE keyblock, int photo, const char *photo_name, + const char *uidstr); static void menu_deluid (KBNODE pub_keyblock); static int menu_delsig (KBNODE pub_keyblock); static int menu_clean (KBNODE keyblock, int self_only); @@ -1757,7 +1757,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, photo = 1; /* fall through */ case cmdADDUID: - if (menu_adduid (keyblock, photo, arg_string)) + if (menu_adduid (keyblock, photo, arg_string, NULL)) { update_trust = 1; redisplay = 1; @@ -2288,6 +2288,93 @@ leave: } +/* Unattended adding of a new keyid. USERNAME specifies the + key. NEWUID is the new user id to add to the key. */ +void +keyedit_quick_adduid (ctrl_t ctrl, const char *username, const char *newuid) +{ + gpg_error_t err; + KEYDB_HANDLE kdbhd = NULL; + KEYDB_SEARCH_DESC desc; + kbnode_t keyblock = NULL; + kbnode_t node; + char *uidstring = NULL; + + uidstring = xstrdup (newuid); + trim_spaces (uidstring); + if (!*uidstring) + { + log_error ("%s\n", gpg_strerror (GPG_ERR_INV_USER_ID)); + goto leave; + } + +#ifdef HAVE_W32_SYSTEM + /* See keyedit_menu for why we need this. */ + check_trustdb_stale (); +#endif + + /* Search the key; we don't want the whole getkey stuff here. */ + kdbhd = keydb_new (); + err = classify_user_id (username, &desc, 1); + if (!err) + err = keydb_search (kdbhd, &desc, 1, NULL); + if (!err) + { + err = keydb_get_keyblock (kdbhd, &keyblock); + if (err) + { + log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); + goto leave; + } + /* Now with the keyblock retrieved, search again to detect an + ambiguous specification. We need to save the found state so + that we can do an update later. */ + keydb_push_found_state (kdbhd); + err = keydb_search (kdbhd, &desc, 1, NULL); + if (!err) + err = gpg_error (GPG_ERR_AMBIGUOUS_NAME); + else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + err = 0; + keydb_pop_found_state (kdbhd); + + if (!err) + { + /* We require the secret primary key to add a UID. */ + node = find_kbnode (keyblock, PKT_PUBLIC_KEY); + if (!node) + BUG (); + err = agent_probe_secret_key (ctrl, node->pkt->pkt.public_key); + } + } + if (err) + { + log_error (_("secret key \"%s\" not found: %s\n"), + username, gpg_strerror (err)); + goto leave; + } + + fix_keyblock (&keyblock); + + if (menu_adduid (keyblock, 0, NULL, uidstring)) + { + err = keydb_update_keyblock (kdbhd, keyblock); + if (err) + { + log_error (_("update failed: %s\n"), gpg_strerror (err)); + goto leave; + } + + if (update_trust) + revalidation_mark (); + } + + leave: + xfree (uidstring); + release_kbnode (keyblock); + keydb_release (kdbhd); +} + + /* Unattended key signing function. If the key specifified by FPR is availabale and FPR is the primary fingerprint all user ids of the user ids of the key are signed using the default signing key. If @@ -3225,11 +3312,15 @@ subkey_expire_warning (kbnode_t keyblock) /* - * Ask for a new user id, add the self-signature and update the keyblock. - * Return true if there is a new user id + * Ask for a new user id, add the self-signature, and update the + * keyblock. If UIDSTRING is not NULL the user ID is generated + * unattended using that string. UIDSTRING is expected to be utf-8 + * encoded and white space trimmed. Returns true if there is a new + * user id. */ static int -menu_adduid (KBNODE pub_keyblock, int photo, const char *photo_name) +menu_adduid (kbnode_t pub_keyblock, int photo, const char *photo_name, + const char *uidstring) { PKT_user_id *uid; PKT_public_key *pk = NULL; @@ -3239,6 +3330,9 @@ menu_adduid (KBNODE pub_keyblock, int photo, const char *photo_name) KBNODE pub_where = NULL; gpg_error_t err; + if (photo && uidstring) + return 0; /* Not allowed. */ + for (node = pub_keyblock; node; pub_where = node, node = node->next) { if (node->pkt->pkttype == PKT_PUBLIC_KEY) @@ -3291,9 +3385,13 @@ menu_adduid (KBNODE pub_keyblock, int photo, const char *photo_name) uid = generate_photo_id (pk, photo_name); } else - uid = generate_user_id (pub_keyblock); + uid = generate_user_id (pub_keyblock, uidstring); if (!uid) - return 0; + { + if (uidstring) + log_error ("%s", _("Such a user ID already exists on this key!\n")); + return 0; + } err = make_keysig_packet (&sig, pk, uid, NULL, pk, 0x13, 0, 0, 0, keygen_add_std_prefs, pk, NULL); diff --git a/g10/keygen.c b/g10/keygen.c index ccd01f9..fa5907d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2446,6 +2446,24 @@ uid_from_string (const char *string) } +/* Return true if the user id UID already exists in the keyblock. */ +static int +uid_already_in_keyblock (kbnode_t keyblock, const char *uid) +{ + PKT_user_id *uidpkt = uid_from_string (uid); + kbnode_t node; + int result = 0; + + for (node=keyblock; node && !result; node=node->next) + if (!is_deleted_kbnode (node) + && node->pkt->pkttype == PKT_USER_ID + && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id)) + result = 1; + free_user_id (uidpkt); + return result; +} + + /* Ask for a user ID. With a MODE of 1 an extra help prompt is printed for use during a new key creation. If KEYBLOCK is not NULL the function prevents the creation of an already existing user @@ -2583,17 +2601,11 @@ ask_user_id (int mode, int full, KBNODE keyblock) if (!fail && keyblock) { - PKT_user_id *uidpkt = uid_from_string (uid); - KBNODE node; - - for (node=keyblock; node && !fail; node=node->next) - if (!is_deleted_kbnode (node) - && node->pkt->pkttype == PKT_USER_ID - && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id)) - fail = 1; - if (fail) - tty_printf (_("Such a user ID already exists on this key!\n")); - free_user_id (uidpkt); + if (uid_already_in_keyblock (keyblock, uid)) + { + tty_printf (_("Such a user ID already exists on this key!\n")); + fail = 1; + } } for(;;) { @@ -2767,16 +2779,32 @@ do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root, /* Generate a new user id packet or return NULL if canceled. If KEYBLOCK is not NULL the function prevents the creation of an - already existing user ID. */ + already existing user ID. If UIDSTR is not NULL the user is not + asked but UIDSTR is used to create the user id packet; if the user + id already exists NULL is returned. UIDSTR is expected to be utf-8 + encoded and should have already been checked for a valid length + etc. */ PKT_user_id * -generate_user_id (KBNODE keyblock) +generate_user_id (KBNODE keyblock, const char *uidstr) { + PKT_user_id *uid; char *p; - p = ask_user_id (1, 1, keyblock); - if (!p) - return NULL; /* Canceled. */ - return uid_from_string (p); + if (uidstr) + { + if (uid_already_in_keyblock (keyblock, uidstr)) + return NULL; /* Already exists. */ + uid = uid_from_string (uidstr); + } + else + { + p = ask_user_id (1, 1, keyblock); + if (!p) + return NULL; /* Canceled. */ + uid = uid_from_string (p); + xfree (p); + } + return uid; } diff --git a/g10/main.h b/g10/main.h index 01eeb7f..a89f711 100644 --- a/g10/main.h +++ b/g10/main.h @@ -247,6 +247,8 @@ gpg_error_t delete_keys (strlist_t names, int secret, int allow_both); void keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, strlist_t commands, int quiet, int seckey_check ); void keyedit_passwd (ctrl_t ctrl, const char *username); +void keyedit_quick_adduid (ctrl_t ctrl, const char *username, + const char *newuid); void keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, strlist_t locusr, int local); void show_basic_key_info (KBNODE keyblock); diff --git a/g10/packet.h b/g10/packet.h index ba43638..523178b 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -544,6 +544,6 @@ int update_keysig_packet( PKT_signature **ret_sig, void *opaque ); /*-- keygen.c --*/ -PKT_user_id *generate_user_id (KBNODE keyblock); +PKT_user_id *generate_user_id (kbnode_t keyblock, const char *uidstr); #endif /*G10_PACKET_H*/ commit 3c439c0447f8a7468a61bbdc4c9a101ef2451dcb Author: Werner Koch Date: Fri May 8 15:51:11 2015 +0200 gpg: Add push/pop found state feature to keydb. * g10/keydb.c (keydb_handle): Add field saved_found. (keydb_new): Init new field. (keydb_push_found_state, keydb_pop_found_state): New. * g10/keyring.c (kyring_handle): Add field saved_found. (keyring_push_found_state, keyring_pop_found_state): New. -- We have the same feature in gpgsm. It is very useful to check for an unambiguous user id with a follow up update of the keyblock. Signed-off-by: Werner Koch diff --git a/g10/keydb.c b/g10/keydb.c index 040ca65..2d1e07c 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1,7 +1,6 @@ /* keydb.c - key database dispatcher - * Copyright (C) 2001, 2002, 2003, 2004, 2005, - * 2008, 2009, 2011, 2013 Free Software Foundation, Inc. - * Coyrright (C) 2013 Werner Koch + * Copyright (C) 2001-2013 Free Software Foundation, Inc. + * Coyrright (C) 2001-2015 Werner Koch * * This file is part of GnuPG. * @@ -67,6 +66,7 @@ struct keydb_handle { int locked; int found; + int saved_found; unsigned long skipped_long_blobs; int no_caching; int current; @@ -542,6 +542,7 @@ keydb_new (void) hd = xmalloc_clear (sizeof *hd); hd->found = -1; + hd->saved_found = -1; assert (used_resources <= MAX_KEYDB_RESOURCES); for (i=j=0; i < used_resources; i++) @@ -741,6 +742,64 @@ unlock_all (KEYDB_HANDLE hd) } + +/* Push the last found state if any. */ +void +keydb_push_found_state (KEYDB_HANDLE hd) +{ + if (!hd) + return; + + if (hd->found < 0 || hd->found >= hd->used) + { + hd->saved_found = -1; + return; + } + + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + keyring_push_found_state (hd->active[hd->found].u.kr); + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_push_found_state (hd->active[hd->found].u.kb); + break; + } + + hd->saved_found = hd->found; + hd->found = -1; +} + + +/* Pop the last found state. */ +void +keydb_pop_found_state (KEYDB_HANDLE hd) +{ + if (!hd) + return; + + hd->found = hd->saved_found; + hd->saved_found = -1; + if (hd->found < 0 || hd->found >= hd->used) + return; + + switch (hd->active[hd->found].type) + { + case KEYDB_RESOURCE_TYPE_NONE: + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + keyring_pop_found_state (hd->active[hd->found].u.kr); + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + keybox_pop_found_state (hd->active[hd->found].u.kb); + break; + } +} + + + static gpg_error_t parse_keyblock_image (iobuf_t iobuf, int pk_no, int uid_no, const u32 *sigstatus, kbnode_t *r_keyblock) diff --git a/g10/keydb.h b/g10/keydb.h index 11a10e9..0e3816f 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -136,6 +136,8 @@ gpg_error_t keydb_add_resource (const char *url, unsigned int flags); KEYDB_HANDLE keydb_new (void); void keydb_release (KEYDB_HANDLE hd); void keydb_disable_caching (KEYDB_HANDLE hd); +void keydb_push_found_state (KEYDB_HANDLE hd); +void keydb_pop_found_state (KEYDB_HANDLE hd); const char *keydb_get_resource_name (KEYDB_HANDLE hd); gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb); gpg_error_t keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb); diff --git a/g10/keyring.c b/g10/keyring.c index ee76e8a..a5178ac 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -1,5 +1,6 @@ /* keyring.c - keyring file handling - * Copyright (C) 2001, 2004, 2009, 2010 Free Software Foundation, Inc. + * Copyright (C) 1998-2010 Free Software Foundation, Inc. + * Copyright (C) 1997-2015 Werner Koch * * This file is part of GnuPG. * @@ -83,7 +84,7 @@ struct keyring_handle size_t pk_no; size_t uid_no; unsigned int n_packets; /*used for delete and update*/ - } found; + } found, saved_found; struct { char *name; char *pattern; @@ -279,6 +280,25 @@ keyring_release (KEYRING_HANDLE hd) } +/* Save the current found state in HD for later retrieval by + keybox_pop_found_state. Only one state may be saved. */ +void +keyring_push_found_state (KEYRING_HANDLE hd) +{ + hd->saved_found = hd->found; + hd->found.kr = NULL; +} + + +/* Restore the saved found state in HD. */ +void +keyring_pop_found_state (KEYRING_HANDLE hd) +{ + hd->found = hd->saved_found; + hd->saved_found.kr = NULL; +} + + const char * keyring_get_resource_name (KEYRING_HANDLE hd) { diff --git a/g10/keyring.h b/g10/keyring.h index f83c2cb..1469b70 100644 --- a/g10/keyring.h +++ b/g10/keyring.h @@ -29,6 +29,8 @@ int keyring_is_writable (void *token); KEYRING_HANDLE keyring_new (void *token); void keyring_release (KEYRING_HANDLE hd); +void keyring_push_found_state (KEYRING_HANDLE hd); +void keyring_pop_found_state (KEYRING_HANDLE hd); const char *keyring_get_resource_name (KEYRING_HANDLE hd); int keyring_lock (KEYRING_HANDLE hd, int yes); int keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb); commit b772e459fa91cdc7facd95227ebc0faba20a7003 Author: Werner Koch Date: Fri May 8 12:05:52 2015 +0200 gpg: Minor code merging in keyedit. * g10/keyedit.c (fix_keyblock): Rename to fix_key_signature_order. (fix_keyblock): New. Call fix_key_signature_order and other fix functions. (keyedit_menu): Factor code out to new fix_keyblock. (keyedit_quick_sign): Ditto. Check for primary fpr before calling fix_keyblock. Signed-off-by: Werner Koch diff --git a/g10/keyedit.c b/g10/keyedit.c index 3577bd3..804eff1 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1181,7 +1181,7 @@ change_passphrase (ctrl_t ctrl, kbnode_t keyblock) * Note: This function does not work if there is more than one user ID. */ static int -fix_keyblock (KBNODE keyblock) +fix_key_signature_order (KBNODE keyblock) { KBNODE node, last, subkey; int fixed = 0; @@ -1221,6 +1221,27 @@ fix_keyblock (KBNODE keyblock) } +/* Fix various problems in the keyblock. Returns true if the keyblock + was changed. Note that a pointer to the keyblock must be given and + the function may change it (i.e. replacing the first node). */ +static int +fix_keyblock (kbnode_t *keyblockp) +{ + int changed = 0; + + if (fix_key_signature_order (*keyblockp)) + changed++; + if (collapse_uids (keyblockp)) + changed++; + reorder_keyblock (*keyblockp); + /* If we modified the keyblock, make sure the flags are right. */ + if (changed) + merge_keys_and_selfsig (*keyblockp); + + return changed; +} + + static int parse_sign_type (const char *str, int *localsig, int *nonrevokesig, int *trustsig) @@ -1482,15 +1503,9 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, log_error (_("key \"%s\" not found: %s\n"), username, gpg_strerror (err)); goto leave; } - if (fix_keyblock (keyblock)) - modified++; - if (collapse_uids (&keyblock)) + + if (fix_keyblock (&keyblock)) modified++; - reorder_keyblock (keyblock); - /* We modified the keyblock, so let's make sure the flags are - right. */ - if (modified) - merge_keys_and_selfsig (keyblock); /* See whether we have a matching secret key. */ if (seckey_check) @@ -2316,11 +2331,6 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, log_error (_("key \"%s\" not found: %s\n"), fpr, gpg_strerror (err)); goto leave; } - if (fix_keyblock (keyblock)) - modified++; - if (collapse_uids (&keyblock)) - modified++; - reorder_keyblock (keyblock); /* Check that the primary fingerprint has been given. */ { @@ -2349,9 +2359,8 @@ keyedit_quick_sign (ctrl_t ctrl, const char *fpr, strlist_t uids, } } - /* If we modified the keyblock, make sure the flags are right. */ - if (modified) - merge_keys_and_selfsig (keyblock); + if (fix_keyblock (&keyblock)) + modified++; /* Give some info in verbose. */ if (opt.verbose) commit d95beb85dfa413a9f61c7026607574e9bf608ab0 Author: Werner Koch Date: Fri May 8 08:55:57 2015 +0200 Typo fixes -- diff --git a/agent/findkey.c b/agent/findkey.c index 80771c5..699291d 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -47,7 +47,7 @@ struct try_unprotect_arg_s const unsigned char *protected_key; unsigned char *unprotected_key; int change_required; /* Set by the callback to indicate that the - user should chnage the passphrase. */ + user should change the passphrase. */ }; @@ -469,6 +469,8 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, assert (arg.unprotected_key); if (arg.change_required) { + /* The callback told as that the user should change their + passphrase. Present the dialog to do. */ size_t canlen, erroff; gcry_sexp_t s_skey; @@ -499,6 +501,7 @@ unprotect (ctrl_t ctrl, const char *cache_nonce, const char *desc_text, } else { + /* Passphrase is fine. */ agent_put_cache (hexgrip, cache_mode, pi->pin, lookup_ttl? lookup_ttl (hexgrip) : 0); agent_store_cache_hit (hexgrip); ----------------------------------------------------------------------- Summary of changes: agent/findkey.c | 5 +- doc/gpg.texi | 12 ++++- g10/gpg.c | 17 ++++++ g10/keydb.c | 65 ++++++++++++++++++++-- g10/keydb.h | 2 + g10/keyedit.c | 163 ++++++++++++++++++++++++++++++++++++++++++++++---------- g10/keygen.c | 62 +++++++++++++++------ g10/keyring.c | 24 ++++++++- g10/keyring.h | 2 + g10/main.h | 2 + g10/packet.h | 2 +- 11 files changed, 303 insertions(+), 53 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 8 16:21:20 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 08 May 2015 16:21:20 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-37-g7039f87 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7039f87375b3c89d6e63837b811ed2be71c8d9db (commit) from 64e809b791645f343feb69112baba8e2700e454b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7039f87375b3c89d6e63837b811ed2be71c8d9db Author: Werner Koch Date: Fri May 8 16:20:26 2015 +0200 gpg: Fix wrong output in list mode. * g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to LISTFP. -- Reported-by: Daniel Kahn Gillmor This was an oversight from the conversion to estream or a separate listing stream. Signed-off-by: Werner Koch diff --git a/g10/parse-packet.c b/g10/parse-packet.c index c80b7df..3cac6f8 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2906,7 +2906,7 @@ parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen, goto skipit; /* Definitely too large. We skip it to avoid an overflow in the malloc. */ if (list_mode) - puts ("- gpg control packet"); + es_fputs ("- gpg control packet", listfp); packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control + pktlen - 1); ----------------------------------------------------------------------- Summary of changes: g10/parse-packet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 8 16:31:07 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 08 May 2015 16:31:07 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-38-gb03a264 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b03a2647299a6c8764a2574590cbaccdff9e497d (commit) from 7039f87375b3c89d6e63837b811ed2be71c8d9db (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b03a2647299a6c8764a2574590cbaccdff9e497d Author: Werner Koch Date: Fri May 8 16:30:04 2015 +0200 gpg: Avoid cluttering stdout with trustdb info in verbose mode. * g10/trustdb.c (validate_keys): Call dump_key_array only in debug mode. -- I guess that is a left-over from an early attempt to output information on the trustdb for use by other tools. Maybe related to the former --list-trust-path command. Sending it to stdout is probably useful so we do this now only in debug mode. Signed-off-by: Werner Koch diff --git a/g10/trustdb.c b/g10/trustdb.c index 6145cf0..fda8674 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1895,7 +1895,7 @@ validate_keys (int interactive) ; /* Store the calculated valididation status somewhere */ - if (opt.verbose > 1) + if (opt.verbose > 1 && DBG_TRUST) dump_key_array (depth, keys); for (kar=keys; kar->keyblock; kar++) ----------------------------------------------------------------------- Summary of changes: g10/trustdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 8 20:55:52 2015 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Fri, 08 May 2015 20:55:52 +0200 Subject: [git] GPGME - branch, pyme, updated. gpgme-1.5.4-3-g9007978 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, pyme has been updated via 90079786c5cde4dd8ceb2e0fcda7605b08ccd021 (commit) from ebd8734ad705afa4edc409787a00d4968d25e018 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 90079786c5cde4dd8ceb2e0fcda7605b08ccd021 Author: Ben McGinnes Date: Sat May 9 04:53:46 2015 +1000 String type * the plain text string must be bytes and not unicode. * Expect most of the example code to have similar issues at present. diff --git a/lang/py3-pyme/examples/simple.py b/lang/py3-pyme/examples/simple.py index ceda3d9..5693d40 100755 --- a/lang/py3-pyme/examples/simple.py +++ b/lang/py3-pyme/examples/simple.py @@ -25,7 +25,7 @@ core.check_version(None) # Set up our input and output buffers. -plain = core.Data('This is my message.') +plain = core.Data(b'This is my message.') cipher = core.Data() # Initialize our context. ----------------------------------------------------------------------- Summary of changes: lang/py3-pyme/examples/simple.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 10:54:04 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 10:54:04 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-22-g319e1a3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 319e1a32e3ab67cb0624c0586d7519c16c76d43b (commit) via 3d02645d757e573e4628a1caf2e36bb92d523e77 (commit) from 1a8af55b76d8235ce891f44808064e7f846e193c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 319e1a32e3ab67cb0624c0586d7519c16c76d43b Author: Werner Koch Date: Mon May 11 10:53:08 2015 +0200 gtk: Use a description string from gpg-agent for libsecret. * pinentry/pinentry.h (struct pinentry): Add field default_pwmngr. * pinentry/pinentry.c (option_handler): Set it. * gtk+-2/pinentry-gtk-2.c (create_window) [HAVE_LIBSECRET]: Use new string. diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 24d3a98..9d29f52 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -576,7 +576,15 @@ create_window (pinentry_t ctx, int confirm_mode) /* Only show this if we can cache passwords and we have a stable key identifier. */ { - w = gtk_check_button_new_with_label ("Save passphrase using libsecret"); + if (pinentry->default_pwmngr) + { + msg = pinentry_utf8_validate (pinentry->default_pwmngr); + w = gtk_check_button_new_with_mnemonic (msg); + g_free (msg); + } + else + w = gtk_check_button_new_with_label ("Save passphrase using libsecret"); + gtk_box_pack_start (GTK_BOX (box), w, TRUE, FALSE, 0); gtk_widget_show (w); diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 7b3fde5..16e634c 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -100,6 +100,7 @@ struct pinentry pinentry = NULL, /* default_ok */ NULL, /* default_cancel */ NULL, /* default_prompt */ + NULL, /* default_pwmngr */ 0, /* allow_external_password_cache. */ 0, /* tried_password_cached. */ NULL, /* keyinfo */ @@ -717,6 +718,12 @@ option_handler (ASSUAN_CONTEXT ctx, const char *key, const char *value) if (!pinentry.default_prompt) return ASSUAN_Out_Of_Core; } + else if (!strcmp (key, "default-pwmngr")) + { + pinentry.default_pwmngr = strdup (value); + if (!pinentry.default_pwmngr) + return ASSUAN_Out_Of_Core; + } else if (!strcmp (key, "allow-external-password-cache") && !*value) { pinentry.allow_external_password_cache = 1; diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index 02f76a3..2b5ad27 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -148,6 +148,7 @@ struct pinentry char *default_ok; char *default_cancel; char *default_prompt; + char *default_pwmngr; /* Whether we are allowed to read the password from an external cache. */ commit 3d02645d757e573e4628a1caf2e36bb92d523e77 Author: Werner Koch Date: Mon May 11 10:51:34 2015 +0200 gtk: Silence compiler warning diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index b154831..24d3a98 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -25,7 +25,14 @@ #include "config.h" #endif #include +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7 ) +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Wstrict-prototypes" +#endif #include +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7 ) +# pragma GCC diagnostic pop +#endif #include #include #include ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 17 ++++++++++++++++- pinentry/pinentry.c | 7 +++++++ pinentry/pinentry.h | 1 + 3 files changed, 24 insertions(+), 1 deletion(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 10:54:56 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 10:54:56 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-40-g02d5e12 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 02d5e1205489aa5027a87a64552eaf15984dc22d (commit) via 14232c3870c5ef5d2fa15e8ed3f302b1ba29d25c (commit) from b03a2647299a6c8764a2574590cbaccdff9e497d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 02d5e1205489aa5027a87a64552eaf15984dc22d Author: Werner Koch Date: Mon May 11 10:25:09 2015 +0200 agent: Add strings for use by future Pinentry versions. * agent/call-pinentry.c (start_pinentry): Add more strings. -- We do this so that translations of these strings will be available at the time a pinentry implements features which require these strings. Signed-off-by: Werner Koch diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 8cbb33e..64c64a9 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -424,7 +424,7 @@ start_pinentry (ctrl_t ctrl) { /* Provide a few default strings for use by the pinentries. This may help a pinentry to avoid implementing localization code. */ - static struct { const char *key, *value; } tbl[] = { + static struct { const char *key, *value; int mode; } tbl[] = { /* TRANSLATORS: These are labels for buttons etc used in Pinentries. An underscore indicates that the next letter should be used as an accelerator. Double the underscore for @@ -432,7 +432,14 @@ start_pinentry (ctrl_t ctrl) the second vertical bar. */ { "ok", N_("|pinentry-label|_OK") }, { "cancel", N_("|pinentry-label|_Cancel") }, + { "yes", N_("|pinentry-label|_Yes") }, + { "no", N_("|pinentry-label|_No") }, { "prompt", N_("|pinentry-label|PIN:") }, + { "pwmngr", N_("|pinentry-label|_Save in password manager") }, + { "cf-visi",N_("Do you really want to make your " + "passphrase visible on the screen?") }, + { "tt-visi",N_("|pinentry-tt|Make passphrase visible") }, + { "tt-hide",N_("|pinentry-tt|Hide passphrase") }, { NULL, NULL} }; char *optstr; commit 14232c3870c5ef5d2fa15e8ed3f302b1ba29d25c Author: Werner Koch Date: Mon May 11 10:23:24 2015 +0200 agent: Add option --debug-pinentry. * agent/gpg-agent.c (oDebugPinentry): New. (opts): Add --debug-pinentry. (parse_rereadable_options): Set that option. * agent/call-pinentry.c (start_pinentry): Pass option to assuan_set_flag. -- This option is quite useful to see the IPC between gpg-agent and Pinentry. Note that "debug 1024" is also required. Signed-off-by: Werner Koch diff --git a/agent/agent.h b/agent/agent.h index b374ee8..4d28eff 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -67,6 +67,9 @@ struct char *startup_lc_ctype; char *startup_lc_messages; + /* Enable pinentry debugging (--debug 1024 should also be used). */ + int debug_pinentry; + /* Filename of the program to start as pinentry. */ const char *pinentry_program; diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 0a0f95b..8cbb33e 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -332,7 +332,7 @@ start_pinentry (ctrl_t ctrl) easier to read. We might want to add a new debug option to enable pinentry logging. */ #ifdef ASSUAN_NO_LOGGING - assuan_set_flag (ctx, ASSUAN_NO_LOGGING, 1); + assuan_set_flag (ctx, ASSUAN_NO_LOGGING, !opt.debug_pinentry); #endif /* Connect to the pinentry and perform initial handshaking. Note diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index c27de89..c846ab4 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -79,6 +79,7 @@ enum cmd_and_opt_values oDebugLevel, oDebugWait, oDebugQuickRandom, + oDebugPinentry, oNoGreeting, oNoOptions, oHomedir, @@ -154,6 +155,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oDebugLevel, "debug-level", "@"), ARGPARSE_s_i (oDebugWait," debug-wait", "@"), ARGPARSE_s_n (oDebugQuickRandom, "debug-quick-random", "@"), + ARGPARSE_s_n (oDebugPinentry, "debug-pinentry", "@"), ARGPARSE_s_n (oNoDetach, "no-detach", N_("do not detach from the console")), ARGPARSE_s_n (oNoGrab, "no-grab", N_("do not grab keyboard and mouse")), @@ -539,6 +541,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.verbose = 0; opt.debug = 0; opt.no_grab = 0; + opt.debug_pinentry = 0; opt.pinentry_program = NULL; opt.pinentry_touch_file = NULL; opt.scdaemon_program = NULL; @@ -567,6 +570,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oDebug: opt.debug |= pargs->r.ret_ulong; break; case oDebugAll: opt.debug = ~0; break; case oDebugLevel: debug_level = pargs->r.ret_str; break; + case oDebugPinentry: opt.debug_pinentry = 1; break; case oLogFile: if (!reread) diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 3e77909..469c762 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -301,6 +301,12 @@ down to standard random quality. It is only used for testing and shall not be used for any production quality keys. This option is only effective when given on the command line. + at item --debug-pinentry + at opindex debug-pinentry +This option enables extra debug information pertaining to the +Pinentry. As of now it is only useful when used along with + at code{--debug 1024}. + @item --no-detach @opindex no-detach Don't detach the process from the console. This is mainly useful for @@ -753,6 +759,7 @@ This signal flushes all cached passphrases and if the program has been started with a configuration file, the configuration file is read again. Only certain options are honored: @code{quiet}, @code{verbose}, @code{debug}, @code{debug-all}, @code{debug-level}, + at code{debug-pinentry}, @code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl}, @code{ignore-cache-for-signing}, @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 3 +++ agent/call-pinentry.c | 11 +++++++++-- agent/gpg-agent.c | 4 ++++ doc/gpg-agent.texi | 7 +++++++ 4 files changed, 23 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 12:24:53 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 12:24:53 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-23-gd7f2081 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via d7f2081fdd605b0d0789bcb6984decfea3777f23 (commit) from 319e1a32e3ab67cb0624c0586d7519c16c76d43b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d7f2081fdd605b0d0789bcb6984decfea3777f23 Author: Werner Koch Date: Mon May 11 12:22:48 2015 +0200 curses: Reset tty state on failed dialog creation. * pinentry/pinentry-curses.c (dialog_run): Cleanup on dialog_create error. -- This may happen due to a too small tty. We need to cleanup in this case to keep the tty in a usable state. GnuPG-bug-id: 1383 diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 043f8a9..8d3f9a5 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -200,7 +200,7 @@ utf8_to_local (char *lc_ctype, char *string) mbsrtowcs (wcs, &p, len, &ps); free (local); - + leave: if (old_ctype) { @@ -796,9 +796,26 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) } refresh (); - /* XXX */ + /* Create the dialog. */ if (dialog_create (pinentry, &diag)) - return -2; + { + endwin (); + if (screen) + delscreen (screen); + +#ifdef HAVE_NCURSESW + if (old_ctype) + { + setlocale (LC_CTYPE, old_ctype); + free (old_ctype); + } +#endif + if (ttyfi) + fclose (ttyfi); + if (ttyfo) + fclose (ttyfo); + return -2; + } dialog_switch_pos (&diag, diag.pin ? DIALOG_POS_PIN : DIALOG_POS_OK); #ifndef HAVE_DOSISH_SYSTEM ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry-curses.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 13:13:26 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 13:13:26 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-25-gbf71ac5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via bf71ac5a685afacb98f6c4c6a86c9d27d5414beb (commit) via 726c00514be4a0c2831dd775e306f7d5243bab8b (commit) from d7f2081fdd605b0d0789bcb6984decfea3777f23 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bf71ac5a685afacb98f6c4c6a86c9d27d5414beb Author: Werner Koch Date: Mon May 11 13:12:17 2015 +0200 gtk: Silence compiler warning at another place. -- This extends commit 3d02645d757e573e4628a1caf2e36bb92d523e77 diff --git a/gtk+-2/gtksecentry.c b/gtk+-2/gtksecentry.c index 824d45a..10f41c3 100644 --- a/gtk+-2/gtksecentry.c +++ b/gtk+-2/gtksecentry.c @@ -37,7 +37,14 @@ #include #include #include +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7 ) +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Wstrict-prototypes" +#endif #include +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7 ) +# pragma GCC diagnostic pop +#endif #include "gtksecentry.h" #include "memory.h" commit 726c00514be4a0c2831dd775e306f7d5243bab8b Author: Werner Koch Date: Mon May 11 13:10:14 2015 +0200 Return better error codes. * assuan/assuan.h (ASSUAN_Too_Short): New (ASSUAN_ENOENT, ASSUAN_ENOTTY): New. * pinentry/pinentry-curses.c: Include assuan.h. (dialog_create, dialog_run): Set specific error codes. * pinentry/pinentry.h (struct pinentry): Add field specific_err. * pinentry/pinentry.c (cmd_getpin): Return specific_err. (cmd_confirm, cmd_message): Ditto. -- GnuPG-bug-id: 1463 diff --git a/assuan/assuan.h b/assuan/assuan.h index ada5d64..7087d7b 100644 --- a/assuan/assuan.h +++ b/assuan/assuan.h @@ -25,7 +25,7 @@ #include #ifdef __cplusplus -extern "C" { +extern "C" { #if 0 } #endif @@ -64,6 +64,9 @@ typedef enum { ASSUAN_Invalid_Option = ASSUAN_ERROR (174), /* GPG_ERR_UNKNOWN_OPTION */ ASSUAN_Locale_Problem = ASSUAN_ERROR (166), ASSUAN_Not_Confirmed = ASSUAN_ERROR (114), + ASSUAN_Too_Short = ASSUAN_ERROR (66), + ASSUAN_ENOENT = ASSUAN_ERROR (81 | (1 << 15)), + ASSUAN_ENOTTY = ASSUAN_ERROR (102 | (1 << 15)), } assuan_error_t; @@ -91,7 +94,7 @@ typedef enum { #define ASSUAN_LINELENGTH 1002 /* 1000 + [CR,]LF */ struct assuan_context_s; -typedef struct assuan_context_s *assuan_context_t; +typedef struct assuan_context_s *assuan_context_t; typedef struct assuan_context_s *ASSUAN_CONTEXT; /* Deprecated. */ /*-- assuan-handler.c --*/ @@ -153,7 +156,7 @@ void assuan_disconnect (ASSUAN_CONTEXT ctx); pid_t assuan_get_pid (ASSUAN_CONTEXT ctx); /*-- assuan-client.c --*/ -AssuanError +AssuanError assuan_transact (ASSUAN_CONTEXT ctx, const char *command, AssuanError (*data_cb)(void *, const void *, size_t), diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 8d3f9a5..60fd9da 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -47,6 +47,7 @@ #endif /*HAVE_WCHAR_H*/ #include "pinentry.h" +#include "assuan.h" /* FIXME: We should allow configuration of these button labels and in any case use the default_ok, default_cancel values if available. @@ -242,6 +243,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) if (!what) \ { \ err = 1; \ + pinentry->specific_err = ASSUAN_Locale_Problem; \ goto out; \ } \ } \ @@ -262,6 +264,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) if (!new) \ { \ err = 1; \ + pinentry->specific_err = ASSUAN_Out_Of_Core; \ goto out; \ } \ new[0] = '<'; \ @@ -274,6 +277,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) if (!dialog->which) \ { \ err = 1; \ + pinentry->specific_err = ASSUAN_Locale_Problem; \ goto out; \ } \ } \ @@ -339,6 +343,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) if (y > size_y) { err = 1; + pinentry->specific_err = ASSUAN_Too_Short; goto out; } @@ -393,6 +398,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) if (x > size_x) { err = 1; + pinentry->specific_err = ASSUAN_Too_Short; goto out; } @@ -738,13 +744,17 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) { ttyfi = fopen (tty_name, "r"); if (!ttyfi) - return -1; + { + pinentry->specific_err = ASSUAN_ENOENT; + return -1; + } ttyfo = fopen (tty_name, "w"); if (!ttyfo) { int err = errno; fclose (ttyfi); errno = err; + pinentry->specific_err = ASSUAN_ENOENT; return -1; } screen = newterm (tty_type, ttyfo, ttyfi); @@ -757,6 +767,7 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) if (!(isatty(fileno(stdin)) && isatty(fileno(stdout)))) { errno = ENOTTY; + pinentry->specific_err = ASSUAN_ENOTTY; return -1; } init_screen = 1; @@ -799,6 +810,7 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) /* Create the dialog. */ if (dialog_create (pinentry, &diag)) { + /* Note: pinentry->specific_err has already been set. */ endwin (); if (screen) delscreen (screen); diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 16e634c..51c873c 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -86,6 +86,7 @@ struct pinentry pinentry = 0, /* Canceled. */ 0, /* Close button flag. */ 0, /* Locale error flag. */ + 0, /* Specific error flag. */ 0, /* One-button flag. */ NULL, /* Repeat passphrase flag. */ NULL, /* Repeat error string. */ @@ -1037,6 +1038,7 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) set_prompt = 1; } pinentry.locale_err = 0; + pinentry.specific_err = 0; pinentry.close_button = 0; pinentry.repeat_okay = 0; pinentry.one_button = 0; @@ -1068,6 +1070,8 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) secmem_free (pinentry.pin); pinentry.pin = NULL; } + if (pinentry.specific_err) + return pinentry.specific_err; return pinentry.locale_err? ASSUAN_Locale_Problem: ASSUAN_Canceled; } @@ -1116,6 +1120,7 @@ cmd_confirm (ASSUAN_CONTEXT ctx, char *line) pinentry.quality_bar = 0; pinentry.close_button = 0; pinentry.locale_err = 0; + pinentry.specific_err = 0; pinentry.canceled = 0; result = (*pinentry_cmd_handler) (&pinentry); if (pinentry.error) @@ -1128,7 +1133,8 @@ cmd_confirm (ASSUAN_CONTEXT ctx, char *line) assuan_write_status (ctx, "BUTTON_INFO", "close"); return result ? 0 - : (pinentry.locale_err? ASSUAN_Locale_Problem + : (pinentry.specific_err? pinentry.specific_err : + pinentry.locale_err? ASSUAN_Locale_Problem : (pinentry.one_button ? 0 : (pinentry.canceled @@ -1146,6 +1152,7 @@ cmd_message (ASSUAN_CONTEXT ctx, char *line) pinentry.quality_bar = 0; pinentry.close_button = 0; pinentry.locale_err = 0; + pinentry.specific_err = 0; result = (*pinentry_cmd_handler) (&pinentry); if (pinentry.error) { @@ -1157,7 +1164,8 @@ cmd_message (ASSUAN_CONTEXT ctx, char *line) assuan_write_status (ctx, "BUTTON_INFO", "close"); return result ? 0 - : (pinentry.locale_err? ASSUAN_Locale_Problem + : (pinentry.specific_err? pinentry.specific_err : + pinentry.locale_err? ASSUAN_Locale_Problem : 0); } diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index 2b5ad27..2fd267e 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -104,6 +104,12 @@ struct pinentry conversion occured. */ int locale_err; + /* The user should set this to an gpg-error so that commands are + abale to return specific error codes. This is an ugly hack due + to the fact that pinentry_cmd_handler_t return the length of the + passphrase or an negative error code. */ + int specific_err; + /* The user should set this to true if the window close button has been used. This flag is used in addition to a regular return value. */ ----------------------------------------------------------------------- Summary of changes: assuan/assuan.h | 9 ++++++--- gtk+-2/gtksecentry.c | 7 +++++++ pinentry/pinentry-curses.c | 14 +++++++++++++- pinentry/pinentry.c | 12 ++++++++++-- pinentry/pinentry.h | 6 ++++++ 5 files changed, 42 insertions(+), 6 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 15:42:53 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 15:42:53 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.1-27-g72939ea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 72939ea63564deec029e8e43743762fdb48cb6e8 (commit) via 8e52ddc874838ad512ed76cdc1c34057da328fba (commit) from bf71ac5a685afacb98f6c4c6a86c9d27d5414beb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 72939ea63564deec029e8e43743762fdb48cb6e8 Author: Werner Koch Date: Mon May 11 15:40:49 2015 +0200 Post release updates. -- diff --git a/NEWS b/NEWS index d1f2199..a7e1613 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 0.9.3 (unreleased) +------------------------------------------------ + + Noteworthy changes in version 0.9.2 (2015-05-11) ------------------------------------------------ diff --git a/configure.ac b/configure.ac index ec7bbfd..c50ce68 100644 --- a/configure.ac +++ b/configure.ac @@ -26,7 +26,7 @@ min_automake_version="1.14" # (git tag -s pinentry-n.m.k) and run "./autogen.sh --force". Please # bump the version number immediately after the release, do another # commit, and a push so that the git magic is able to work. -m4_define(mym4_version, [0.9.2]) +m4_define(mym4_version, [0.9.3]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 8e52ddc874838ad512ed76cdc1c34057da328fba Author: Werner Koch Date: Mon May 11 15:30:24 2015 +0200 Release 0.9.2 diff --git a/AUTHORS b/AUTHORS index 0e44e2a..695d0ba 100644 --- a/AUTHORS +++ b/AUTHORS @@ -8,3 +8,4 @@ Werner Koch, g10 Code GmbH Steffen Hansen, Klar?lvdalens Datakonsult AB Marcus Brinkmann, g10 Code GmbH Timo Schulz, g10 Code GmbH +Neal Walfied, g10 Code GmbH diff --git a/NEWS b/NEWS index 2911b8e..d1f2199 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,15 @@ -Noteworthy changes in version 0.9.2 (unreleased) +Noteworthy changes in version 0.9.2 (2015-05-11) ------------------------------------------------ + * Support for saving the passphrase with libsecret. + + * Escape key works in the Gtk+ pinentry. + + * Improvements for pinentry-tty. + + * Minor cleanups for the native Windows pinentry. + + Noteworthy changes in version 0.9.1 (2015-03-18) ------------------------------------------------ ----------------------------------------------------------------------- Summary of changes: AUTHORS | 1 + NEWS | 15 ++++++++++++++- configure.ac | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 15:45:56 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 15:45:56 +0200 Subject: [git] gnupg-doc - branch, master, updated. 41ff612a6aa29325aab31f2f6f79a68b2a21567c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 41ff612a6aa29325aab31f2f6f79a68b2a21567c (commit) from 3205fb41339a6d141705c14c647fc4082f81ffe4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 41ff612a6aa29325aab31f2f6f79a68b2a21567c Author: Werner Koch Date: Mon May 11 15:45:07 2015 +0200 swdb: Release Pinentry 0.9.2 diff --git a/web/swdb.mac b/web/swdb.mac index acf6e8e..d2c19a3 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -53,9 +53,9 @@ # # PINENTRY # -#+macro: pinentry_ver 0.9.1 -#+macro: pinentry_size 471k -#+macro: pinentry_sha1 01e62c45435496ff0e011255fb0ac1879a3bc177 +#+macro: pinentry_ver 0.9.2 +#+macro: pinentry_size 484k +#+macro: pinentry_sha1 5179807a412056286c7ac98a1ea6727c74ea87d2 # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 18:16:03 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 18:16:03 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-41-gd7293cb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via d7293cb317acc40cc9e5189cef33fe9d8b47e62a (commit) from 02d5e1205489aa5027a87a64552eaf15984dc22d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d7293cb317acc40cc9e5189cef33fe9d8b47e62a Author: Werner Koch Date: Mon May 11 18:08:44 2015 +0200 agent: Add option --no-allow-external-cache. * agent/agent.h (opt): Add field allow_external_cache. * agent/call-pinentry.c (start_pinentry): Act upon new var. * agent/gpg-agent.c (oNoAllowExternalCache): New. (opts): Add option --no-allow-external-cache. (parse_rereadable_options): Set this option. -- Pinentry 0.9.2 may be build with libsecret support and thus an extra checkbox is displayed to allow the user to get passwords out of an libsecret maintained cache. Security aware user may want to avoid this feature and may do this at runtime by enabling this option. Signed-off-by: Werner Koch diff --git a/agent/agent.h b/agent/agent.h index 4d28eff..45f71eb 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -128,6 +128,11 @@ struct pinentry-mode=loopback is allowed. */ int allow_loopback_pinentry; + /* Allow the use of an external password cache. If this option is + enabled (which is the default) we send an option to Pinentry + to allow it to enable such a cache. */ + int allow_external_cache; + int keep_tty; /* Don't switch the TTY (for pinentry) on request */ int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */ diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 64c64a9..5c3743a 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -408,23 +408,26 @@ start_pinentry (ctrl_t ctrl) } - /* Indicate to the pinentry that it may read from an external cache. - - It is essential that the pinentry respect this. If the cached - password is not up to date and retry == 1, then, using a version - of GPG Agent that doesn't support this, won't issue another pin - request and the user won't get a chance to correct the - password. */ - rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", - NULL, NULL, NULL, NULL, NULL, NULL); - if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + if (opt.allow_external_cache) + { + /* Indicate to the pinentry that it may read from an external cache. + + It is essential that the pinentry respect this. If the + cached password is not up to date and retry == 1, then, using + a version of GPG Agent that doesn't support this, won't issue + another pin request and the user won't get a chance to + correct the password. */ + rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) + return unlock_pinentry (rc); + } { /* Provide a few default strings for use by the pinentries. This may help a pinentry to avoid implementing localization code. */ - static struct { const char *key, *value; int mode; } tbl[] = { + static struct { const char *key, *value; int what; } tbl[] = { /* TRANSLATORS: These are labels for buttons etc used in Pinentries. An underscore indicates that the next letter should be used as an accelerator. Double the underscore for @@ -435,7 +438,7 @@ start_pinentry (ctrl_t ctrl) { "yes", N_("|pinentry-label|_Yes") }, { "no", N_("|pinentry-label|_No") }, { "prompt", N_("|pinentry-label|PIN:") }, - { "pwmngr", N_("|pinentry-label|_Save in password manager") }, + { "pwmngr", N_("|pinentry-label|_Save in password manager"), 1 }, { "cf-visi",N_("Do you really want to make your " "passphrase visible on the screen?") }, { "tt-visi",N_("|pinentry-tt|Make passphrase visible") }, @@ -448,6 +451,8 @@ start_pinentry (ctrl_t ctrl) for (idx=0; tbl[idx].key; idx++) { + if (!opt.allow_external_cache && tbl[idx].what == 1) + continue; /* No need for it. */ s = _(tbl[idx].value); if (*s == '|' && (s2=strchr (s+1,'|'))) s = s2+1; diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index c846ab4..659aa2c 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -119,6 +119,7 @@ enum cmd_and_opt_values oNoAllowMarkTrusted, oAllowPresetPassphrase, oAllowLoopbackPinentry, + oNoAllowExternalCache, oKeepTTY, oKeepDISPLAY, oSSHSupport, @@ -168,6 +169,10 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oDisableScdaemon, "disable-scdaemon", /* */ N_("do not use the SCdaemon") ), ARGPARSE_s_n (oDisableCheckOwnSocket, "disable-check-own-socket", "@"), + + ARGPARSE_s_s (oExtraSocket, "extra-socket", + /* */ N_("|NAME|accept some commands via NAME")), + ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), ARGPARSE_s_n (oBatch, "batch", "@"), @@ -200,6 +205,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oIgnoreCacheForSigning, "ignore-cache-for-signing", /* */ N_("do not use the PIN cache when signing")), + ARGPARSE_s_n (oNoAllowExternalCache, "no-allow-external-cache", + /* */ N_("disallow the use of an external password cache")), ARGPARSE_s_n (oNoAllowMarkTrusted, "no-allow-mark-trusted", /* */ N_("disallow clients to mark keys as \"trusted\"")), ARGPARSE_s_n (oAllowMarkTrusted, "allow-mark-trusted", "@"), @@ -207,6 +214,7 @@ static ARGPARSE_OPTS opts[] = { /* */ N_("allow presetting passphrase")), ARGPARSE_s_n (oAllowLoopbackPinentry, "allow-loopback-pinentry", N_("allow caller to override the pinentry")), + ARGPARSE_s_n (oSSHSupport, "enable-ssh-support", N_("enable ssh support")), ARGPARSE_s_n (oPuttySupport, "enable-putty-support", #ifdef HAVE_W32_SYSTEM @@ -215,7 +223,6 @@ static ARGPARSE_OPTS opts[] = { /* */ "@" #endif ), - ARGPARSE_s_s (oExtraSocket, "extra-socket", "@"), /* Dummy options for backward compatibility. */ ARGPARSE_o_s (oWriteEnvFile, "write-env-file", "@"), @@ -557,6 +564,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.enable_passhrase_history = 0; opt.ignore_cache_for_signing = 0; opt.allow_mark_trusted = 1; + opt.allow_external_cache = 1; opt.disable_scdaemon = 0; disable_check_own_socket = 0; return 1; @@ -623,6 +631,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oAllowLoopbackPinentry: opt.allow_loopback_pinentry = 1; break; + case oNoAllowExternalCache: opt.allow_external_cache = 0; + break; + default: return 0; /* not handled */ } @@ -1056,6 +1067,8 @@ main (int argc, char **argv ) GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("ignore-cache-for-signing:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); + es_printf ("no-allow-external-cache:%lu:\n", + GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("no-allow-mark-trusted:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); es_printf ("disable-scdaemon:%lu:\n", diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index 469c762..dea462e 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -377,6 +377,19 @@ Allow clients to use the loopback pinentry features; see the option @option{pinentry-mode} for details. @end ifset + at ifset gpgtwoone + at item --no-allow-external-cache + at opindex no-allow-external-cache +Tell Pinentry not to enable features which use an external cache for +passphrases. + +Some desktop environments prefer to unlock all +credentials with one master password and may have installed a Pinentry +which employs an additional external cache to implement such a policy. +By using this option the Pinentry is advised not to make use of such a +cache and instead always ask the user for the requested passphrase. + at end ifset + @item --ignore-cache-for-signing @opindex ignore-cache-for-signing This option will let @command{gpg-agent} bypass the passphrase cache for all @@ -762,6 +775,7 @@ again. Only certain options are honored: @code{quiet}, @code{debug-pinentry}, @code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl}, @code{ignore-cache-for-signing}, + at code{no-allow-external-cache}, @code{no-allow-mark-trusted}, @code{disable-scdaemon}, and @code{disable-check-own-socket}. @code{scdaemon-program} is also supported but due to the current implementation, which calls the diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index d0d938f..cf2d188 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -538,6 +538,9 @@ static gc_option_t gc_options_gpg_agent[] = { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, + { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME, + GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache", + GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 5 +++++ agent/call-pinentry.c | 31 ++++++++++++++++++------------- agent/gpg-agent.c | 15 ++++++++++++++- doc/gpg-agent.texi | 14 ++++++++++++++ tools/gpgconf-comp.c | 3 +++ 5 files changed, 54 insertions(+), 14 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 19:41:38 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 19:41:38 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-18-gbe13627 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via be136273454532d94a955fbbcfa1544b47cad954 (commit) from 3f9f33bbcb40146c6f09277a28d499188ed34ef2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit be136273454532d94a955fbbcfa1544b47cad954 Author: Werner Koch Date: Mon May 11 19:38:07 2015 +0200 gpg-connect-agent: Fix quoting of internal percent+ function. * tools/gpg-connect-agent.c (get_var_ext) diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index 4acda01..142bd30 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -499,8 +499,8 @@ arithmetic_op (int operator, const char *operands) percent ARGS percent+ ARGS Escape the args using the percent style. Tabs, formfeeds, - linefeeds and carriage returns are also escaped. - "percent+" also maps spaces to plus characters. + linefeeds, carriage return, and the plus sign are also + escaped. "percent+" also maps spaces to plus characters. errcode ARG Assuming ARG is an integer, return the gpg-error code. @@ -592,12 +592,12 @@ get_var_ext (const char *name) else if ( (s - name) == 7 && !strncmp (name, "percent", 7)) { s++; - result = percent_escape (s, "\t\r\n\f\v"); + result = percent_escape (s, "+\t\r\n\f\v"); } else if ( (s - name) == 8 && !strncmp (name, "percent+", 8)) { s++; - result = percent_escape (s, "\t\r\n\f\v"); + result = percent_escape (s, "+\t\r\n\f\v"); for (p=result; *p; p++) if (*p == ' ') *p = '+'; ----------------------------------------------------------------------- Summary of changes: tools/gpg-connect-agent.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 11 20:57:02 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 11 May 2015 20:57:02 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.3-43-g987532b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 987532b038a2d9b9e76c0de425ee036ca2bffa1b (commit) via 26e2eb98d3d8405b335b43c8e86deacf622cd957 (commit) from d7293cb317acc40cc9e5189cef33fe9d8b47e62a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 987532b038a2d9b9e76c0de425ee036ca2bffa1b Author: Werner Koch Date: Mon May 11 20:18:08 2015 +0200 common: Cope with AIX problem on number of open files. * common/exechelp-posix.c: Limit returned value for too hight values. -- GnuPG-bug-id: 1778 Signed-off-by: Werner Koch diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 1a1ff1b..8a2b3b9 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -36,6 +36,9 @@ #include #include +#ifdef HAVE_STDINT_H +# include +#endif #include #include #include @@ -114,6 +117,13 @@ get_max_fds (void) if (max_fds == -1) max_fds = 256; /* Arbitrary limit. */ + /* AIX returns INT32_MAX instead of a proper value. We assume that + this is always an error and use an arbitrary limit. */ +#ifdef INT32_MAX + if (max_fds == INT32_MAX) + max_fds = 256; +#endif + return max_fds; } commit 26e2eb98d3d8405b335b43c8e86deacf622cd957 Author: Werner Koch Date: Mon May 11 19:38:07 2015 +0200 gpg-connect-agent: Fix quoting of internal percent+ function. * tools/gpg-connect-agent.c (get_var_ext) diff --git a/tools/gpg-connect-agent.c b/tools/gpg-connect-agent.c index f1d123f..2e00b8f 100644 --- a/tools/gpg-connect-agent.c +++ b/tools/gpg-connect-agent.c @@ -501,8 +501,8 @@ arithmetic_op (int operator, const char *operands) percent ARGS percent+ ARGS Escape the args using the percent style. Tabs, formfeeds, - linefeeds and carriage returns are also escaped. - "percent+" also maps spaces to plus characters. + linefeeds, carriage return, and the plus sign are also + escaped. "percent+" also maps spaces to plus characters. errcode ARG Assuming ARG is an integer, return the gpg-error code. @@ -594,12 +594,12 @@ get_var_ext (const char *name) else if ( (s - name) == 7 && !strncmp (name, "percent", 7)) { s++; - result = percent_escape (s, "\t\r\n\f\v"); + result = percent_escape (s, "+\t\r\n\f\v"); } else if ( (s - name) == 8 && !strncmp (name, "percent+", 8)) { s++; - result = percent_escape (s, "\t\r\n\f\v"); + result = percent_escape (s, "+\t\r\n\f\v"); for (p=result; *p; p++) if (*p == ' ') *p = '+'; ----------------------------------------------------------------------- Summary of changes: common/exechelp-posix.c | 10 ++++++++++ tools/gpg-connect-agent.c | 8 ++++---- 2 files changed, 14 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 12 13:54:20 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 May 2015 13:54:20 +0200 Subject: [git] Assuan - branch, master, updated. libassuan-2.2.0-13-g28f8b39 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 28f8b3977a3d5ce830feb9bbb9d1a51c3579aedc (commit) via 1f0896c86b0d6b02a71b90f122bf3fa90e75fb9d (commit) from e6e51c067181a94d92353f5af2340e75a839c4e3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 28f8b3977a3d5ce830feb9bbb9d1a51c3579aedc Author: Werner Koch Date: Tue May 12 13:53:30 2015 +0200 Post release updates -- diff --git a/NEWS b/NEWS index 155a3e9..2125894 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.2.2 (unreleased) [C5/A5/R_] +------------------------------------------------ + + Noteworthy changes in version 2.2.1 (2015-05-12) [C5/A5/R1] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index a4c6d0e..9727638 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libassuan]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [2]) -m4_define([mym4_micro], [1]) +m4_define([mym4_micro], [2]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit 1f0896c86b0d6b02a71b90f122bf3fa90e75fb9d Author: Werner Koch Date: Tue May 12 13:45:22 2015 +0200 Release 2.2.1 diff --git a/NEWS b/NEWS index 1f6f992..155a3e9 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ -Noteworthy changes in version 2.2.1 (unreleased) [C5/A5/R_] +Noteworthy changes in version 2.2.1 (2015-05-12) [C5/A5/R1] ------------------------------------------------ + * Documentation updates. + + * Fixed building for Windows with newer versions of Mingw. + Noteworthy changes in version 2.2.0 (2014-12-11) [C5/A5/R0] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 0a1ab88..a4c6d0e 100644 --- a/configure.ac +++ b/configure.ac @@ -61,7 +61,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # LIBASSUAN_LT_CURRENT=5 LIBASSUAN_LT_AGE=5 -LIBASSUAN_LT_REVISION=0 +LIBASSUAN_LT_REVISION=1 # If the API is changed in an incompatible way: increment the next counter. LIBASSUAN_CONFIG_API_VERSION=2 ----------------------------------------------------------------------- Summary of changes: NEWS | 10 +++++++++- configure.ac | 4 ++-- 2 files changed, 11 insertions(+), 3 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 12 15:48:37 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 12 May 2015 15:48:37 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-5-g14b95bd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 14b95bd6d92ba699c3d263ac1f9140973d8c9156 (commit) via 831782b3b625ca81624fae0ee184da0d2fc46d96 (commit) via 29236f84aca64be72c97a9b5513457a4e45afbc6 (commit) via aa04dac66f2ee949e8789a3c91090b01646f2e57 (commit) from 72939ea63564deec029e8e43743762fdb48cb6e8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 14b95bd6d92ba699c3d263ac1f9140973d8c9156 Author: Neal H. Walfield Date: Tue May 12 15:47:27 2015 +0200 Add new chapter to documentation describing implementation details. * doc/pinentry.texi: Add new chapter describing some implementation details. diff --git a/doc/pinentry.texi b/doc/pinentry.texi index ec6cc4f..1c47535 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -5,7 +5,7 @@ @include version.texi @macro copyrightnotice -Copyright @copyright{} 2002, 2005 g10 Code GmbH +Copyright @copyright{} 2002, 2005, 2015 g10 Code GmbH @end macro @macro permissionnotice Permission is granted to copy, distribute and/or modify this document @@ -119,6 +119,7 @@ set. Developer information * Protocol:: The Assuan protocol description. +* Implementation Details:: For those extending or writing a new pinentry. Miscellaneous @@ -465,6 +466,180 @@ options can also be used with gpgsm. @end table + at node Implementation Details + at chapter Implementation Details + +The pinentry source code can be divided into three categories. There +is a backend module, which lives in @code{pinentry/}, there are +utility functions, e.g., in @code{secmem/}, and there are various +frontends. + +All of the low-level logic lives in the backend. This frees the +frontends from having to implement, e.g., the Assuan protocol. When +the backend receives an option, it updates the state in a + at code{pinentry_t} struct. The frontend is called when the client +either calls @code{GETPIN}, @code{CONFIRM} or @code{MESSAGE}. In +these cases, the backend invokes the @code{pinentry_cmd_handler}, +which is passed the @code{pinentry_t} struct. + +When the callback is invoked, the frontend should create a window +based on the state in the @code{pinentry_t} struct. For instance, the +title to use for the dialog's window (if any) is stored in the + at code{title} field. If the is @code{NULL}, the frontend should choose +a reasonable default value. (Default is not always provided, because +different tool kits and environments have different reasonable +defaults.) + +The widget needs to support a number of different interactions with +the user. Each of them is described below. + + at table @gnupgtabopt + at item Passphrase Confirmation + +When creating a new key, the passphrase should be entered twice. The +client (typically GPG Agent) indicates this to the @pinentry{} by +invoking @code{SETREPEAT}. In this case, the backend sets the + at code{repeat_passphrase} field to a copy of the passed string. The +value of this field should be used to label a second text input. + +It is the frontend's responsibility to check that the passwords match. +If they don't match, the frontend should display an error message and +continue to prompt the user. + +If the passwords do match, then, when the user presses the okay +button, the @code{repeat_okay} field should be set to @code{1} (this +causes the backend to emit the @code{S PIN_REPEATED} status message). + + at item Message Box + +Sometimes GPG Agent needs to display a message. In this case, the + at code{pin} variable is @code{NULL}. + +At the Assuan level, this mode is selected by using either the + at code{MESSAGE} or the @code{CONFIRM} command instead of the + at code{GETPIN} command. The @code{MESSAGE} command never shows the +cancel or an other button. The same holds for @code{CONFIRM} if it +was passed the ``--one-button'' argument. If @code{CONFIRM} was not +passed this argument, the dialog for @code{CONFIRM} should show both +the @code{ok} and the @code{cancel} buttons and optionally the + at code{notok} button. The frontend can determine whether the dialog is +a one-button dialog by inspecting the @code{one_button} variable. + + at item Passphrase Entry + +If neither of the above cases holds, then GPG Agent is simply +requesting the passphrase. In this case, the @code{ok} and + at code{cancel} buttons should be displayed. + + at end table + +The layout of the three variants is quite similar. Here are the +relevant elements that describe the layout: + + at table @gnupgtabopt + at item @code{title} +The window's title. + + at item @code{description} +The reason for the dialog. When requesting a passphrase, this +describes the key. When showing a message box, this is the message to +show. + + at item @code{error} +If GPG Agent determines that the passphrase was incorrect, it will +call @code{GETPIN} again (up to a configurable number of times) to +again prompt the user. In this case, this variable contains a +description of the error message. This text should typically be +highlighted in someway. + + at item @code{prompt} +The string to associate with the passphrase entry box. + + at item @code{repeat_passphrase} +The string to associate with the second passphrase entry box. The +second passphrase entry box should only be shown if this is not + at code{NULL}. + + at item @code{ok}, @code{default-ok} +The string to show in the @code{ok} button. + +If there are any @code{_} characters, the following character should +be used as an accelerator. (A double underscore means a plain +underscore should be shown.) If the frontend does not support +accelerators, then the underscores should be removed manually. + +There is a subtle difference between @code{ok} and @code{default-ok}. + at code{default-ok} means that a stylized OK button should be used. For +instance, it could include a check mark. @code{ok} means that the +button's meaning is not consistent with such an icon and, as such, no +icon should be used. Thus, if the @code{ok} button should have the +text ``No password required'' then @code{ok} should be used because a +check mark icon doesn't make sense. + +If this variable is @code{NULL}, the frontend should choose a +reasonable default. + +If both variables are set, the @code{ok} variant takes precedence. + + at item @code{cancel}, @code{default-cancel} +Like the @code{ok} and @code{default-ok} buttons except these strings +are used for the cancel button. + +This button should not be shown if @code{one_button} is set. + + at item @code{notok}, @code{default-notok} +Like the @code{ok} and @code{default-ok} buttons except these strings +are used for the other button. + +This button should only be display when showing a message box. If +these variables are @code{NULL} or @code{one_button} is set, this +button should not be displayed. + + at item @code{quality_bar} +If this is set, a widget should be used to show the password's +quality. The value of this field is a label for the widget. + +Note: to update the password quality, whenever the password changes, +call the @code{pinentry_inq_quality} function and then update the +password quality widget correspondingly. + + at item @code{quality_bar_tt} +A tooltip for the quality bar. + + at item @code{default_pwmngr} +If @code{may_cache_password} and @code{keyinfo} are set and the user +consents, then the @pinentry{} may cache the password with an external +manager. Note: getting the user's consent is essential, because +password managers often provide a different level of security. If the +above condition is true and @code{tried_password_cache} is false, then +a check box with the specified string should be displayed. The check +box must default to off. + + at end table + +When the handler is done, it should store the passphrase in + at code{pin}, if appropriate. This variable is allocated in secure +memory. Use @code{pinentry_setbufferlen} to size the buffer. + +If an error occured, the handler should return @code{-1} and the error +code should be stored in @code{specific_err} or @code{locale_err} +should be set to @code{1} (for locale specific errors). + +If the dialog was canceled, then the handler should return @code{1} +and set the @code{canceled} variable to @code{1}. + +If the user pressed the not ok button, then the handler should return + at code{1}. + +If no error occured and the user pressed the ok button, then the +handler should return @code{0}. + +If the window was closed, then the handler should set the + at code{close_button} variable and otherwise act as if the cancel button +was pressed. + + + @c --------------------------------------------------------------------- @c Legal Blurbs @c --------------------------------------------------------------------- commit 831782b3b625ca81624fae0ee184da0d2fc46d96 Author: Neal H. Walfield Date: Mon May 11 16:35:12 2015 +0200 Simplify code. * pinentry/pinentry.c (cmd_confirm): Don't use nested ternary expressions. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 11a8027..3a44851 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1132,14 +1132,21 @@ cmd_confirm (ASSUAN_CONTEXT ctx, char *line) if (pinentry.close_button) assuan_write_status (ctx, "BUTTON_INFO", "close"); - return result ? 0 - : (pinentry.specific_err? pinentry.specific_err : - pinentry.locale_err? ASSUAN_Locale_Problem - : (pinentry.one_button - ? 0 - : (pinentry.canceled - ? ASSUAN_Canceled - : ASSUAN_Not_Confirmed))); + if (result) + return 0; + + if (pinentry.specific_err) + return pinentry.specific_err; + + if (pinentry.locale_err) + return ASSUAN_Locale_Problem; + + if (pinentry.one_button) + return 0; + + if (pinentry.canceled) + return ASSUAN_Canceled; + return ASSUAN_Not_Confirmed; } commit 29236f84aca64be72c97a9b5513457a4e45afbc6 Author: Neal H. Walfield Date: Mon May 11 16:14:58 2015 +0200 Implement cmd_confirm in terms of cmd_message. * pinentry/pinentry.c (cmd_confirm): Implement cmd_confirm in terms of cmd_message. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index f28c576..11a8027 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1146,27 +1146,7 @@ cmd_confirm (ASSUAN_CONTEXT ctx, char *line) static int cmd_message (ASSUAN_CONTEXT ctx, char *line) { - int result; - - pinentry.one_button = 1; - pinentry.quality_bar = 0; - pinentry.close_button = 0; - pinentry.locale_err = 0; - pinentry.specific_err = 0; - result = (*pinentry_cmd_handler) (&pinentry); - if (pinentry.error) - { - free (pinentry.error); - pinentry.error = NULL; - } - - if (pinentry.close_button) - assuan_write_status (ctx, "BUTTON_INFO", "close"); - - return result ? 0 - : (pinentry.specific_err? pinentry.specific_err : - pinentry.locale_err? ASSUAN_Locale_Problem - : 0); + return cmd_confirm (ctx, "--one-button"); } /* GETINFO commit aa04dac66f2ee949e8789a3c91090b01646f2e57 Author: Neal H. Walfield Date: Mon May 11 16:14:18 2015 +0200 Fix memory allocation in pinentry_setbufferlen. * pinentry/pinentry.c (pinentry_setbufferlen): Set PIN->PIN to a buffer that is LEN bytes large, not 2 * PIN->PIN_LENGTH. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 51c873c..f28c576 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -356,11 +356,11 @@ pinentry_setbufferlen (pinentry_t pin, int len) char *newp; if (len < pinentry.pin_len) return NULL; - newp = secmem_realloc (pin->pin, 2 * pin->pin_len); + newp = secmem_realloc (pin->pin, len); if (newp) { pin->pin = newp; - pin->pin_len *= 2; + pin->pin_len = len; } else { ----------------------------------------------------------------------- Summary of changes: doc/pinentry.texi | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++- pinentry/pinentry.c | 49 ++++++--------- 2 files changed, 194 insertions(+), 32 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 12 15:54:27 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 May 2015 15:54:27 +0200 Subject: [git] gnupg-doc - branch, master, updated. 37522ec7c38e5ea2665b39b8d40d3db8e0fa8001 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 37522ec7c38e5ea2665b39b8d40d3db8e0fa8001 (commit) from 41ff612a6aa29325aab31f2f6f79a68b2a21567c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 37522ec7c38e5ea2665b39b8d40d3db8e0fa8001 Author: Werner Koch Date: Tue May 12 15:52:58 2015 +0200 swdb: Release gnupg 2.1.4 diff --git a/web/swdb.mac b/web/swdb.mac index d2c19a3..b2d2560 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -17,14 +17,14 @@ # # GnuPG-2.1 # -#+macro: gnupg21_ver 2.1.3 +#+macro: gnupg21_ver 2.1.4 #+macro: gnupg21_branch master -#+macro: gnupg21_size 4762k -#+macro: gnupg21_sha1 091e69ec1ce3f0032e6b135e4da561e8d46d20a7 +#+macro: gnupg21_size 4771k +#+macro: gnupg21_sha1 ad68d65c54698e3c781e17864ab5918442df155a # -#+macro: gnupg21_w32_ver 2.1.3_20150413 -#+macro: gnupg21_w32_size 2539k -#+macro: gnupg21_w32_sha1 d5630904b3d68eddc2730a00bfc67d52658cbe7e +#+macro: gnupg21_w32_ver 2.1.4_20150512 +#+macro: gnupg21_w32_size 2566k +#+macro: gnupg21_w32_sha1 d8f4a326c36578d05af5751abea668a15ea0aae1 # @@ -102,9 +102,9 @@ # # LIBASSUAN # -#+macro: libassuan_ver 2.2.0 -#+macro: libassuan_size 505k -#+macro: libassuan_sha1 7cf0545955ce414044bb99b871d324753dd7b2e5 +#+macro: libassuan_ver 2.2.1 +#+macro: libassuan_size 530k +#+macro: libassuan_sha1 c21b86482f6a3624c2b46b91e20f8415f244233a # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 12 17:07:59 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 12 May 2015 17:07:59 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-6-gbe87785 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via be87785005d256b7f3dacc607ba5ea0a14de8593 (commit) from 14b95bd6d92ba699c3d263ac1f9140973d8c9156 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit be87785005d256b7f3dacc607ba5ea0a14de8593 Author: Neal H. Walfield Date: Tue May 12 17:07:49 2015 +0200 Add a GNOME3 pinentry based on gcr. * configure.ac (--enable-pinentry-gnome3): Option to enable the GNOME3 pinentry. (pinentry_gnome_3): Set to yes if enabled and gcr-3 and gcr-base-3 gcr is available. (GNOME3CFLAGS): Define and AC_SUBST. (GNOME3LIBS): Define and AC_SUBST. (GCR_API_SUBJECT_TO_CHANGE): Define. (BUILD_PINENTRY_GNOME_3): Define. * Makefile.am (pinentry_gnome_3): Define. (SUBDIRS): Add ${pinentry_gnome_3}. * gnome3/Makefile.am: New file. * gnome3/pinentry-gnome3.c: New file. diff --git a/Makefile.am b/Makefile.am index f8f7aac..177f37e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ # Makefile.am -# Copyright (C) 2002, 2012 g10 Code GmbH +# Copyright (C) 2002, 2012, 2015 g10 Code GmbH # # This file is part of PINENTRY. # @@ -46,6 +46,12 @@ else pinentry_gtk_2 = endif +if BUILD_PINENTRY_GNOME_3 +pinentry_gnome_3 = gnome3 +else +pinentry_gnome_3 = +endif + if BUILD_PINENTRY_QT4 pinentry_qt4 = qt4 else @@ -59,7 +65,8 @@ pinentry_w32 = endif SUBDIRS = assuan secmem pinentry ${pinentry_curses} ${pinentry_tty} \ - ${pinentry_gtk_2} ${pinentry_qt4} ${pinentry_w32} doc + ${pinentry_gtk_2} ${pinentry_gnome_3} ${pinentry_qt4} \ + ${pinentry_w32} doc install-exec-local: diff --git a/configure.ac b/configure.ac index c50ce68..9948d1f 100644 --- a/configure.ac +++ b/configure.ac @@ -274,28 +274,34 @@ fi dnl -dnl Check for GTK+-2 pinentry program. +dnl Check for GTK+-2 / GNOME3 pinentry programs. dnl AC_ARG_ENABLE(pinentry-gtk2, AC_HELP_STRING([--enable-pinentry-gtk2], [build GTK+-2 pinentry]), pinentry_gtk_2=$enableval, pinentry_gtk_2=maybe) +AC_ARG_ENABLE(pinentry-gnome3, + AC_HELP_STRING([--enable-pinentry-gnome3], [build GNOME 3 pinentry]), + pinentry_gnome_3=$enableval, pinentry_gnome_3=maybe) + dnl check for pkg-config -if test "$pinentry_gtk_2" != "no"; then +if test "$pinentry_gtk_2" != "no" -o "$pinentry_gnome_3" != "no"; then AC_PATH_PROG(PKG_CONFIG, pkg-config, no) if test x"${PKG_CONFIG}" = xno ; then pinentry_gtk_2=no + pinentry_gnome_3=no fi fi dnl check if the module gtk+-2.0 exists -if test "$pinentry_gtk_2" != "no"; then +if test "$pinentry_gtk_2" != "no" -o "$pinentry_gnome_3" != "no"; then AC_MSG_CHECKING([for gtk+-2]) "${PKG_CONFIG}" --exists gtk+-2.0 if test $? -ne 0 ; then AC_MSG_RESULT([no]) AC_MSG_WARN([pkg-config could not find the module gtk+-2.0]) pinentry_gtk_2=no + pinentry_gnome_3=no else AC_MSG_RESULT([yes]) AC_MSG_CHECKING([gtk+-2 version >= 2.4.0]) @@ -305,17 +311,45 @@ if test "$pinentry_gtk_2" != "no"; then if test $? -ne 0 ; then AC_MSG_WARN([building GTK+-2 pinentry disabled]) pinentry_gtk_2=no + pinentry_gnome_3=no else GTK2CFLAGS=`"${PKG_CONFIG}" --cflags gtk+-2.0` GTK2LIBS=`"${PKG_CONFIG}" --libs gtk+-2.0` AC_SUBST(GTK2CFLAGS) AC_SUBST(GTK2LIBS) - pinentry_gtk_2=yes + if test "$pinentry_gtk_2" != "no" + then + pinentry_gtk_2=yes + fi + if test "$pinentry_gnome_3" != "no" + then + pinentry_gnome_3=yes + fi fi fi fi AM_CONDITIONAL(BUILD_PINENTRY_GTK_2, test "$pinentry_gtk_2" = "yes") +if test "$pinentry_gnome_3" != "no"; then + AC_MSG_CHECKING([for gcr]) + "${PKG_CONFIG}" --exists gcr-3,gcr-base-3 + if test $? -ne 0 ; then + AC_MSG_RESULT([no]) + AC_MSG_WARN([pkg-config could not find the module gcr-3,gcr-base-3]) + pinentry_gnome_3=no + else + AC_MSG_RESULT([yes]) + GNOME3CFLAGS=`"${PKG_CONFIG}" --cflags gcr-3,gcr-base-3` + GNOME3LIBS=`"${PKG_CONFIG}" --libs gcr-3,gcr-base-3` + AC_SUBST(GNOME3CFLAGS) + AC_SUBST(GNOME3LIBS) + AC_DEFINE(GCR_API_SUBJECT_TO_CHANGE, 1, [Nod nod]) + pinentry_gnome_3=yes + fi +fi + +AM_CONDITIONAL(BUILD_PINENTRY_GNOME_3, test "$pinentry_gnome_3" = "yes") + dnl dnl Check for libsecret. dnl @@ -450,16 +484,20 @@ else if test "$pinentry_qt4" = "yes"; then PINENTRY_DEFAULT=pinentry-qt4 else - if test "$pinentry_curses" = "yes"; then - PINENTRY_DEFAULT=pinentry-curses + if test "$pinentry_gnome_3" = "yes"; then + PINENTRY_DEFAULT=pinentry-gnome3 else - if test "$pinentry_tty" = "yes"; then - PINENTRY_DEFAULT=pinentry-tty + if test "$pinentry_curses" = "yes"; then + PINENTRY_DEFAULT=pinentry-curses else - if test "$pinentry_w32" = "yes"; then - PINENTRY_DEFAULT=pinentry-w32 + if test "$pinentry_tty" = "yes"; then + PINENTRY_DEFAULT=pinentry-tty else - AC_MSG_ERROR([[No pinentry enabled.]]) + if test "$pinentry_w32" = "yes"; then + PINENTRY_DEFAULT=pinentry-w32 + else + AC_MSG_ERROR([[No pinentry enabled.]]) + fi fi fi fi @@ -475,6 +513,7 @@ pinentry/Makefile curses/Makefile tty/Makefile gtk+-2/Makefile +gnome3/Makefile qt4/Makefile w32/Makefile doc/Makefile @@ -493,6 +532,7 @@ AC_MSG_NOTICE([ Curses Pinentry ..: $pinentry_curses TTY Pinentry .....: $pinentry_tty GTK+-2 Pinentry ..: $pinentry_gtk_2 + GNOME 3 Pinentry .: $pinentry_gnome_3 Qt4 Pinentry .....: $pinentry_qt4 $pinentry_qt4_clip_msg W32 Pinentry .....: $pinentry_w32 diff --git a/gnome3/Makefile.am b/gnome3/Makefile.am new file mode 100644 index 0000000..78df706 --- /dev/null +++ b/gnome3/Makefile.am @@ -0,0 +1,39 @@ +# Makefile.am - PIN entry GTK+ frontend. +# Copyright (C) 2002, 2015 g10 Code GmbH +# +# This file is part of PINENTRY. +# +# PINENTRY is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# PINENTRY is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + +## Process this file with automake to produce Makefile.in + +bin_PROGRAMS = pinentry-gnome3 + +if FALLBACK_CURSES +ncurses_include = $(NCURSES_INCLUDE) +libcurses = ../pinentry/libpinentry-curses.a $(LIBCURSES) $(LIBICONV) +else +ncurses_include = +libcurses = +endif + +AM_CPPFLAGS = $(COMMON_CFLAGS) $(GNOME3CFLAGS) \ + $(ncurses_include) -I$(top_srcdir)/assuan \ + -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry +LDADD = $(COMMON_LIBS) \ + ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ + $(LIBCAP) $(GNOME3LIBS) $(libcurses) + +pinentry_gnome3_SOURCES = pinentry-gnome3.c diff --git a/gnome3/pinentry-gnome3.c b/gnome3/pinentry-gnome3.c new file mode 100644 index 0000000..74ec89c --- /dev/null +++ b/gnome3/pinentry-gnome3.c @@ -0,0 +1,271 @@ +/* pinentry-gnome3.c + Copyright (C) 2015 g10 Code GmbH + + pinentry-gnome-3 is a pinentry application for GNOME 3. It tries + to follow the Gnome Human Interface Guide as close as possible. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include + +#include "assuan.h" + +#include "memory.h" + +#include "pinentry.h" + +#ifdef FALLBACK_CURSES +#include "pinentry-curses.h" +#endif + + +#define PGMNAME "pinentry-gnome3" + +#ifndef VERSION +# define VERSION +#endif + +static gchar * +pinentry_utf8_validate (gchar *text) +{ + gchar *result; + + if (!text) + return NULL; + + if (g_utf8_validate (text, -1, NULL)) + return g_strdup (text); + + /* Failure: Assume that it was encoded in the current locale and + convert it to utf-8. */ + result = g_locale_to_utf8 (text, -1, NULL, NULL, NULL); + if (!result) + { + gchar *p; + + result = p = g_strdup (text); + while (!g_utf8_validate (p, -1, (const gchar **) &p)) + *p = '?'; + } + return result; +} + +static GcrPrompt * +create_prompt (pinentry_t pe, int confirm) +{ + GcrPrompt *prompt; + GError *error = NULL; + char *msg; + + /* Create the prompt. */ + prompt = GCR_PROMPT (gcr_system_prompt_open (-1, NULL, &error)); + if (! prompt) + { + g_warning ("couldn't create prompt for gnupg passphrase: %s", + error->message); + g_error_free (error); + return NULL; + } + + /* Set the messages for the various buttons, etc. */ + if (pe->title) + { + msg = pinentry_utf8_validate (pe->title); + gcr_prompt_set_title (prompt, msg); + g_free (msg); + } + + if (pe->description) + { + msg = pinentry_utf8_validate (pe->description); + gcr_prompt_set_description (prompt, msg); + g_free (msg); + } + + /* An error occured during the last prompt. */ + if (pe->error) + { + msg = pinentry_utf8_validate (pe->error); + gcr_prompt_set_warning (prompt, msg); + g_free (msg); + } + + if (! pe->prompt && confirm) + gcr_prompt_set_message (prompt, "Message"); + else if (! pe->prompt && ! confirm) + gcr_prompt_set_message (prompt, "Enter Passphrase"); + else + { + msg = pinentry_utf8_validate (pe->prompt); + gcr_prompt_set_message (prompt, msg); + g_free (msg); + } + + if (! confirm) + gcr_prompt_set_password_new (prompt, !!pe->repeat_passphrase); + + if (pe->ok || pe->default_ok) + { + msg = pinentry_utf8_validate (pe->ok ?: pe->default_ok); + gcr_prompt_set_continue_label (prompt, msg); + g_free (msg); + } + /* XXX: Disable this button if pe->one_button is set. */ + if (pe->cancel || pe->default_cancel) + { + msg = pinentry_utf8_validate (pe->cancel ?: pe->default_cancel); + gcr_prompt_set_cancel_label (prompt, msg); + g_free (msg); + } + + if (confirm && pe->notok) + { + /* XXX: Add support for the third option. */ + } + + /* XXX: gcr expects a string; we have a int. */ + // gcr_prompt_set_caller_window (prompt, pe->parent_wid); + + if (! confirm && pe->allow_external_password_cache && pe->keyinfo) + { + if (pe->default_pwmngr) + { + msg = pinentry_utf8_validate (pe->default_pwmngr); + gcr_prompt_set_choice_label (prompt, msg); + g_free (msg); + } + else + gcr_prompt_set_choice_label + (prompt, "Automatically unlock this key, whenever I'm logged in"); + } + + return prompt; +} + +static int +gnome3_cmd_handler (pinentry_t pe) +{ + GcrPrompt *prompt = NULL; + GError *error = NULL; + int ret = -1; + + if (pe->pin) + /* Passphrase mode. */ + { + const char *password; + + prompt = create_prompt (pe, 0); + if (! prompt) + /* Something went wrong. */ + { + pe->canceled = 1; + return -1; + } + + /* "The returned password is valid until the next time a method + is called to display another prompt." */ + password = gcr_prompt_password_run (prompt, NULL, &error); + if (error) + /* Error. */ + { + pe->specific_err = ASSUAN_General_Error; + g_error_free (error); + ret = -1; + } + else if (! password && ! error) + /* User cancelled the operation. */ + ret = -1; + else + { + pinentry_setbufferlen (pe, strlen (password) + 1); + if (pe->pin) + strcpy (pe->pin, password); + + if (pe->repeat_passphrase) + pe->repeat_okay = 1; + + ret = 1; + } + } + else + /* Message box mode. */ + { + GcrPromptReply reply; + + prompt = create_prompt (pe, 1); + if (! prompt) + /* Something went wrong. */ + { + pe->canceled = 1; + return -1; + } + + /* XXX: We don't support a third button! */ + + reply = gcr_prompt_confirm_run (prompt, NULL, &error); + if (error) + { + pe->specific_err = ASSUAN_General_Error; + ret = 0; + } + else if (reply == GCR_PROMPT_REPLY_CONTINUE + /* XXX: Hack since gcr doesn't yet support one button + message boxes treat cancel the same as okay. */ + || pe->one_button) + /* Confirmation. */ + ret = 1; + else + /* GCR_PROMPT_REPLY_CANCEL */ + { + pe->canceled = 1; + ret = 0; + } + } + + if (prompt) + g_clear_object (&prompt); + return ret; +} + +pinentry_cmd_handler_t pinentry_cmd_handler = gnome3_cmd_handler; + +int +main (int argc, char *argv[]) +{ + pinentry_init (PGMNAME); + +#ifdef FALLBACK_CURSES + if (pinentry_have_display (argc, argv)) + gtk_init (&argc, &argv); + else + pinentry_cmd_handler = curses_cmd_handler; +#else + gtk_init (&argc, &argv); +#endif + + pinentry_parse_opts (argc, argv); + + if (pinentry_loop ()) + return 1; + + return 0; +} ----------------------------------------------------------------------- Summary of changes: Makefile.am | 11 +- configure.ac | 62 ++++++++-- {gtk+-2 => gnome3}/Makefile.am | 10 +- gnome3/pinentry-gnome3.c | 271 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 336 insertions(+), 18 deletions(-) copy {gtk+-2 => gnome3}/Makefile.am (84%) create mode 100644 gnome3/pinentry-gnome3.c hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 12 17:09:41 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 12 May 2015 17:09:41 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-7-g2582cb9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 2582cb9eb23ca287520caa04a12f83f10c268f71 (commit) from be87785005d256b7f3dacc607ba5ea0a14de8593 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2582cb9eb23ca287520caa04a12f83f10c268f71 Author: Neal H. Walfield Date: Tue May 12 17:09:34 2015 +0200 Fix some documentation details. * doc/pinentry.texi: Fix some details. diff --git a/doc/pinentry.texi b/doc/pinentry.texi index 1c47535..154e61a 100644 --- a/doc/pinentry.texi +++ b/doc/pinentry.texi @@ -587,11 +587,11 @@ are used for the cancel button. This button should not be shown if @code{one_button} is set. - at item @code{notok}, @code{default-notok} -Like the @code{ok} and @code{default-ok} buttons except these strings -are used for the other button. + at code{default-notok} +Like the @code{default-ok} button except this string is used for the +other button. -This button should only be display when showing a message box. If +This button should only be displayed when showing a message box. If these variables are @code{NULL} or @code{one_button} is set, this button should not be displayed. @@ -621,18 +621,20 @@ When the handler is done, it should store the passphrase in @code{pin}, if appropriate. This variable is allocated in secure memory. Use @code{pinentry_setbufferlen} to size the buffer. -If an error occured, the handler should return @code{-1} and the error -code should be stored in @code{specific_err} or @code{locale_err} -should be set to @code{1} (for locale specific errors). - -If the dialog was canceled, then the handler should return @code{1} -and set the @code{canceled} variable to @code{1}. +The actual return code is dependent on whether the dialog is in +message mode or in passphrase mode. -If the user pressed the not ok button, then the handler should return - at code{1}. +If the dialog is in message mode and the user pressed ok, return 1. +Otherwise, return 0. If an error occured, indicate this by setting it +in @code{specific_err} or setting @code{locale_err} to @code{1} (for +locale specific errors). If the dialog was canceled, then the handler +should set the @code{canceled} variable to @code{1}. If the not ok +button was pressed, don't do anything else. -If no error occured and the user pressed the ok button, then the -handler should return @code{0}. +If the dialog is in passphrase mode return @code{1} if the user +entered a password and pressed ok. If an error occured, return + at code{-1} and set @code{specific_err} or @code{locale_err}, as above. +If the user canceled the dialog box, return @code{-1}. If the window was closed, then the handler should set the @code{close_button} variable and otherwise act as if the cancel button ----------------------------------------------------------------------- Summary of changes: doc/pinentry.texi | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 12 18:46:38 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 12 May 2015 18:46:38 +0200 Subject: [git] gnupg-doc - branch, master, updated. 6175b3ddffbd780a1b80206d66a6bca87ea171b2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 6175b3ddffbd780a1b80206d66a6bca87ea171b2 (commit) from 37522ec7c38e5ea2665b39b8d40d3db8e0fa8001 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6175b3ddffbd780a1b80206d66a6bca87ea171b2 Author: Werner Koch Date: Tue May 12 18:39:44 2015 +0200 web: Add 2.1.4 release announcement. diff --git a/web/faq/whats-new-in-2.1.org b/web/faq/whats-new-in-2.1.org index 1056dd0..9290b2f 100644 --- a/web/faq/whats-new-in-2.1.org +++ b/web/faq/whats-new-in-2.1.org @@ -396,6 +396,22 @@ user ids of a key, list those user id verbatim after the fingerprint. To create a non-exportable key signature, use the command =--quick-lsign-key= instead. +Since version 2.1.4 it possible to directly add another user id to an +existing key: + +#+begin_example +$ gpg2 -k 8CFDE12197965A9A +pub ed25519/8CFDE12197965A9A 2014-08-19 +uid [ unknown] EdDSA sample key 1 +$ gpg2 --quick-adduid 8CFDE12197965A9A 'Sample 2 ' +$ gpg2 -k 8CFDE12197965A9A +pub ed25519/8CFDE12197965A9A 2014-08-19 +uid [ unknown] Sample 2 +uid [ unknown] EdDSA sample key 1 +#+end_example + + + ** Improved Pinentry support :PROPERTIES: :CUSTOM_ID: pinentry diff --git a/web/index.org b/web/index.org index 98fda69..cd1f3d7 100644 --- a/web/index.org +++ b/web/index.org @@ -65,6 +65,11 @@ The latest release news:\\ # point or paste the [[news.en.rss][RSS file]] into your aggregator. +** GnuPG 2.1.4 released (2015-05-12) + +A new version of the /modern/ branch of GnuPG has been released. +Read the full [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q2/000366.html][anouncement mail]] for details. + ** GnuPG 2.1.3 released (2015-04-11) This is another release of the /modern/ branch of GnuPG. It fixes ----------------------------------------------------------------------- Summary of changes: web/faq/whats-new-in-2.1.org | 16 ++++++++++++++++ web/index.org | 5 +++++ 2 files changed, 21 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 13 21:47:20 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 13 May 2015 21:47:20 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-11-g496235a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 496235af8dfd373b54e5610f86bf1cada175ac23 (commit) via 3062742b945f95d72001896f8ba5468b9e63aa9b (commit) via bdd81974633f8e31d582b62999ef9b004bc3b95e (commit) via ae7dfae00df81a683adf0292a52b63632491319e (commit) from 2582cb9eb23ca287520caa04a12f83f10c268f71 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 496235af8dfd373b54e5610f86bf1cada175ac23 Author: Neal H. Walfield Date: Wed May 13 21:47:11 2015 +0200 Fix linking order to work when linked with --as-needed. * curses/Makefile.am (LDADD): Add $(COMMON_LIBS) after all of the local objects and object archives. * gnome3/Makefile.am (LDADD): Likewise. * gtk+-2/Makefile.am (LDADD): Likewise. * qt4/Makefile.am (pinentry_qt4_LDADD): Likewise. * tty/Makefile.am (LDADD): Likewise. Reported-by: Daniel Kahn Gillmor diff --git a/curses/Makefile.am b/curses/Makefile.am index e8ea031..4d764c7 100644 --- a/curses/Makefile.am +++ b/curses/Makefile.am @@ -22,9 +22,8 @@ bin_PROGRAMS = pinentry-curses AM_CPPFLAGS = $(COMMON_CFLAGS) $(NCURSES_INCLUDE) -I$(top_srcdir)/pinentry -LDADD = $(COMMON_LIBS) \ - ../pinentry/libpinentry.a ../pinentry/libpinentry-curses.a \ +LDADD = ../pinentry/libpinentry.a ../pinentry/libpinentry-curses.a \ ../assuan/libassuan.a ../secmem/libsecmem.a \ - $(LIBCAP) $(LIBCURSES) $(LIBICONV) + $(COMMON_LIBS) $(LIBCAP) $(LIBCURSES) $(LIBICONV) pinentry_curses_SOURCES = pinentry-curses.c diff --git a/gnome3/Makefile.am b/gnome3/Makefile.am index 78df706..46639de 100644 --- a/gnome3/Makefile.am +++ b/gnome3/Makefile.am @@ -32,8 +32,7 @@ endif AM_CPPFLAGS = $(COMMON_CFLAGS) $(GNOME3CFLAGS) \ $(ncurses_include) -I$(top_srcdir)/assuan \ -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry -LDADD = $(COMMON_LIBS) \ - ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ - $(LIBCAP) $(GNOME3LIBS) $(libcurses) +LDADD = ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ + $(COMMON_LIBS) $(LIBCAP) $(GNOME3LIBS) $(libcurses) pinentry_gnome3_SOURCES = pinentry-gnome3.c diff --git a/gtk+-2/Makefile.am b/gtk+-2/Makefile.am index c98139f..7e37469 100644 --- a/gtk+-2/Makefile.am +++ b/gtk+-2/Makefile.am @@ -31,9 +31,8 @@ endif AM_CPPFLAGS = $(COMMON_CFLAGS) $(GTK2CFLAGS) $(ncurses_include) \ -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry -LDADD = $(COMMON_LIBS) \ - ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ - $(LIBCAP) $(GTK2LIBS) $(libcurses) +LDADD = ../pinentry/libpinentry.a ../assuan/libassuan.a ../secmem/libsecmem.a \ + $(COMMON_LIBS) $(LIBCAP) $(GTK2LIBS) $(libcurses) pinentry_gtk_2_SOURCES = pinentry-gtk-2.c \ gtksecentry.c gtksecentry.h gseal-gtk-compat.h diff --git a/qt4/Makefile.am b/qt4/Makefile.am index 31274bb..816aade 100644 --- a/qt4/Makefile.am +++ b/qt4/Makefile.am @@ -38,10 +38,10 @@ AM_CPPFLAGS = $(COMMON_CFLAGS) \ -I$(top_srcdir) -I$(top_srcdir)/assuan -I$(top_srcdir)/secmem \ $(ncurses_include) -I$(top_srcdir)/pinentry AM_CXXFLAGS = $(QT4_CORE_CFLAGS) $(QT4_GUI_CFLAGS) -pinentry_qt4_LDADD = $(COMMON_LIBS) \ - $(QT4_CORE_LIBS) $(QT4_GUI_LIBS) $(libcurses) \ +pinentry_qt4_LDADD = \ ../pinentry/libpinentry.a $(top_builddir)/assuan/libassuan.a \ - $(top_builddir)/secmem/libsecmem.a $(LIBCAP) + $(top_builddir)/secmem/libsecmem.a \ + $(COMMON_LIBS) $(QT4_CORE_LIBS) $(QT4_GUI_LIBS) $(libcurses) $(LIBCAP) BUILT_SOURCES = \ pinentryconfirm.moc qsecurelineedit.moc pinentrydialog.moc diff --git a/tty/Makefile.am b/tty/Makefile.am index 798c08f..aa805b2 100644 --- a/tty/Makefile.am +++ b/tty/Makefile.am @@ -21,8 +21,8 @@ bin_PROGRAMS = pinentry-tty AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/pinentry -LDADD = $(COMMON_LIBS) ../pinentry/libpinentry.a \ +LDADD = ../pinentry/libpinentry.a \ ../assuan/libassuan.a ../secmem/libsecmem.a \ - $(LIBCAP) $(LIBICONV) + $(COMMON_LIBS) $(LIBCAP) $(LIBICONV) pinentry_tty_SOURCES = pinentry-tty.c commit 3062742b945f95d72001896f8ba5468b9e63aa9b Author: Neal H. Walfield Date: Wed May 13 14:20:23 2015 +0200 Don't interpret the handler's return value as the passphrase's length. * pinentry/pinentry.c (cmd_getpin): Don't interpret the return value as the passphrase length. Use strlen instead. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 53216fc..836ee14 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1109,7 +1109,7 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) { if (pinentry.repeat_okay) assuan_write_status (ctx, "PIN_REPEATED", ""); - result = assuan_send_data (ctx, pinentry.pin, result); + result = assuan_send_data (ctx, pinentry.pin, strlen(pinentry.pin)); if (!result) result = assuan_send_data (ctx, NULL, 0); commit bdd81974633f8e31d582b62999ef9b004bc3b95e Author: Neal H. Walfield Date: Wed May 13 13:52:03 2015 +0200 Make the management of pinentry.pin more explicit. * pinentry/pinentry.c: Include . (pinentry): Set pin_len to 0. (pinentry_setbufferlen): If len is less than 2048, set it to 2048. Add an assertion. (pinentry_setbuffer_clear): New function that releases the pin buffer. (pinentry_setbuffer_init): New function that initializes the pin buffer. (cmd_getpin): Use pinentry_setbuffer_init and pinentry_setbuffer_clear instead of manual memory management. (cmd_confirm): Use pinentry_setbuffer_clear instead of manual memory management. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 3a44851..53216fc 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -27,6 +27,7 @@ #include #include #include +#include #ifndef HAVE_W32CE_SYSTEM # include #endif @@ -67,7 +68,7 @@ struct pinentry pinentry = NULL, /* Not-Ok button. */ NULL, /* Cancel button. */ NULL, /* PIN. */ - 2048, /* PIN length. */ + 0, /* PIN length. */ 0, /* pin_from_cache. */ 0, /* Display. */ 0, /* TTY name. */ @@ -354,8 +355,18 @@ char * pinentry_setbufferlen (pinentry_t pin, int len) { char *newp; - if (len < pinentry.pin_len) + + if (pin->pin_len) + assert (pin->pin); + else + assert (!pin->pin); + + if (len < 2048) + len = 2048; + + if (len <= pin->pin_len) return NULL; + newp = secmem_realloc (pin->pin, len); if (newp) { @@ -371,6 +382,28 @@ pinentry_setbufferlen (pinentry_t pin, int len) return newp; } +static void +pinentry_setbuffer_clear (pinentry_t pin) +{ + if (! pin->pin) + { + assert (pin->pin_len == 0); + return; + } + + assert (pin->pin_len > 0); + + secmem_free (pin->pin); + pin->pin = NULL; + pin->pin_len = 0; +} + +static void +pinentry_setbuffer_init (pinentry_t pin) +{ + pinentry_setbuffer_clear (pin); + pinentry_setbufferlen (pin, 0); +} /* Initialize the secure memory subsystem, drop privileges and return. Must be called early. */ @@ -983,7 +1016,7 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) int set_prompt = 0; int just_read_password_from_cache = 0; - pinentry.pin = secmem_malloc (pinentry.pin_len); + pinentry_setbuffer_init (&pinentry); if (!pinentry.pin) return ASSUAN_Out_Of_Core; @@ -1065,11 +1098,7 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) if (result < 0) { - if (pinentry.pin) - { - secmem_free (pinentry.pin); - pinentry.pin = NULL; - } + pinentry_setbuffer_clear (&pinentry); if (pinentry.specific_err) return pinentry.specific_err; return pinentry.locale_err? ASSUAN_Locale_Problem: ASSUAN_Canceled; @@ -1094,11 +1123,7 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) password_cache_save (pinentry.keyinfo, pinentry.pin); } - if (pinentry.pin) - { - secmem_free (pinentry.pin); - pinentry.pin = NULL; - } + pinentry_setbuffer_clear (&pinentry); return result; } @@ -1122,6 +1147,7 @@ cmd_confirm (ASSUAN_CONTEXT ctx, char *line) pinentry.locale_err = 0; pinentry.specific_err = 0; pinentry.canceled = 0; + pinentry_setbuffer_clear (&pinentry); result = (*pinentry_cmd_handler) (&pinentry); if (pinentry.error) { commit ae7dfae00df81a683adf0292a52b63632491319e Author: Neal H. Walfield Date: Wed May 13 14:21:19 2015 +0200 Better document struct pinentry. * pinentry/pinentry.h (struct pinentry): Better document the various fields. diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index 2fd267e..7112637 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -39,20 +39,28 @@ typedef enum { struct pinentry { - /* The window title, or NULL. */ + /* The window title, or NULL. (Assuan: "SETTITLE TITLE".) */ char *title; - /* The description to display, or NULL. */ + /* The description to display, or NULL. (Assuan: "SETDESC + DESC".) */ char *description; - /* The error message to display, or NULL. */ + /* The error message to display, or NULL. (Assuan: "SETERROR + MESSAGE".) */ char *error; - /* The prompt to display, or NULL. */ + /* The prompt to display, or NULL. (Assuan: "SETPROMPT + prompt".) */ char *prompt; - /* The OK button text to display, or NULL. */ + /* The OK button text to display, or NULL. (Assuan: "SETOK + OK".) */ char *ok; - /* The Not-OK button text to display, or NULL. */ + /* The Not-OK button text to display, or NULL. This is the text for + the alternative option shown by the third button. (Assuan: + "SETNOTOK NOTOK".) */ char *notok; - /* The Cancel button text to display, or NULL. */ + /* The Cancel button text to display, or NULL. (Assuan: "SETCANCEL + CANCEL".) */ char *cancel; + /* The buffer to store the secret into. */ char *pin; /* The length of the buffer. */ @@ -61,15 +69,19 @@ struct pinentry the user (0). */ int pin_from_cache; - /* The name of the X display to use if X is available and supported. */ + /* The name of the X display to use if X is available and supported. + (Assuan: "OPTION display DISPLAY".) */ char *display; - /* The name of the terminal node to open if X not available or supported. */ + /* The name of the terminal node to open if X not available or + supported. (Assuan: "OPTION ttyname TTYNAME".) */ char *ttyname; - /* The type of the terminal. */ + /* The type of the terminal. (Assuan: "OPTION ttytype TTYTYPE".) */ char *ttytype; - /* The LC_CTYPE value for the terminal. */ + /* The LC_CTYPE value for the terminal. (Assuan: "OPTION lc-ctype + LC_CTYPE".) */ char *lc_ctype; - /* The LC_MESSAGES value for the terminal. */ + /* The LC_MESSAGES value for the terminal. (Assuan: "OPTION + lc-messages LC_MESSAGES".) */ char *lc_messages; /* True if debug mode is requested. */ @@ -83,35 +95,38 @@ struct pinentry int enhanced; #endif - /* True if caller should grab the keyboard. */ + /* True if caller should grab the keyboard. (Assuan: "OPTION grab" + or "OPTION no-grab".) */ int grab; /* The window ID of the parent window over which the pinentry window - should be displayed. */ + should be displayed. (Assuan: "OPTION parent-wid WID".) */ int parent_wid; /* The name of an optional file which will be touched after a curses - entry has been displayed. */ + entry has been displayed. (Assuan: "OPTION touch-file + FILENAME".) */ char *touch_file; - /* The user should set this to -1 if the user canceled the request, - and to the length of the PIN stored in pin otherwise. */ + /* The frontend should set this to -1 if the user canceled the + request, and to the length of the PIN stored in pin + otherwise. */ int result; - /* The user should set this if the NOTOK button was pressed. */ + /* The frontend should set this if the NOTOK button was pressed. */ int canceled; - /* The user should set this to true if an error with the local + /* The frontend should set this to true if an error with the local conversion occured. */ int locale_err; - /* The user should set this to an gpg-error so that commands are - abale to return specific error codes. This is an ugly hack due - to the fact that pinentry_cmd_handler_t return the length of the - passphrase or an negative error code. */ + /* The frontend should set this to a gpg-error so that commands are + able to return specific error codes. This is an ugly hack due to + the fact that pinentry_cmd_handler_t returns the length of the + passphrase or a negative error code. */ int specific_err; - /* The user should set this to true if the window close button has - been used. This flag is used in addition to a regular return + /* The frontend should set this to true if the window close button + has been used. This flag is used in addition to a regular return value. */ int close_button; @@ -122,10 +137,11 @@ struct pinentry /* If true a second prompt for the passphrase is shown and the user is expected to enter the same passphrase again. Pinentry checks - that both match. */ + that both match. (Assuan: "SETREPEAT".) */ char *repeat_passphrase; - /* The string to show if a repeated passphrase does not match. */ + /* The string to show if a repeated passphrase does not match. + (Assuan: "SETREPEATERROR ERROR".) */ char *repeat_error_string; /* Set to true if the passphrase has been entered a second time and @@ -135,10 +151,12 @@ struct pinentry /* If this is not NULL, a passphrase quality indicator is shown. There will also be an inquiry back to the caller to get an indication of the quality for the passphrase entered so far. The - string is used as a label for the quality bar. */ + string is used as a label for the quality bar. (Assuan: + "SETQUALITYBAR LABEL".) */ char *quality_bar; - /* The tooltip to be show for the qualitybar. Malloced or NULL. */ + /* The tooltip to be show for the qualitybar. Malloced or NULL. + (Assuan: "SETQUALITYBAR_TT TOOLTIP".) */ char *quality_bar_tt; /* For the curses pinentry, the color of error messages. */ @@ -151,19 +169,25 @@ struct pinentry /* Malloced and i18ned default strings or NULL. These strings may include an underscore character to indicate an accelerator key. A double underscore represents a plain one. */ + /* (Assuan: "OPTION default-ok OK"). */ char *default_ok; + /* (Assuan: "OPTION default-cancel CANCEL"). */ char *default_cancel; + /* (Assuan: "OPTION default-prompt PROMPT"). */ char *default_prompt; + /* (Assuan: "OPTION default-pwmngr + SAVE_PASSWORD_WITH_PASSWORD_MANAGER?"). */ char *default_pwmngr; /* Whether we are allowed to read the password from an external - cache. */ + cache. (Assuan: "OPTION allow-external-password-cache") */ int allow_external_password_cache; /* We only try the cache once. */ int tried_password_cache; - /* A stable identifier for the key. */ + /* A stable identifier for the key. (Assuan: "SETKEYINFO + KEYINFO".) */ char *keyinfo; /* Whether we may cache the password (according to the user). */ ----------------------------------------------------------------------- Summary of changes: curses/Makefile.am | 5 ++-- gnome3/Makefile.am | 5 ++-- gtk+-2/Makefile.am | 5 ++-- pinentry/pinentry.c | 54 ++++++++++++++++++++++++--------- pinentry/pinentry.h | 86 ++++++++++++++++++++++++++++++++++------------------- qt4/Makefile.am | 6 ++-- tty/Makefile.am | 4 +-- 7 files changed, 106 insertions(+), 59 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 13 23:17:25 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 13 May 2015 23:17:25 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-15-g4549998 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 4549998627ee04e74f8d1c94aef55e3ed17f14d9 (commit) via c68a6854aadaf8c271648f369f14b4943e684ecf (commit) via 960317ec86c06bc737e1ff3c1b571dc8f4194763 (commit) via dd0307be51587a9a7866981ce00eed474bee6e14 (commit) from 496235af8dfd373b54e5610f86bf1cada175ac23 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4549998627ee04e74f8d1c94aef55e3ed17f14d9 Author: Neal H. Walfield Date: Wed May 13 23:13:30 2015 +0200 tty: Handle the case where the user needs to repeat the passphrase. * tty/pinentry-tty.c: Include "memory.h". (read_password): Break into two functions: read_password and password. (read_password): Just read the password from the terminal and return it in secure memory (or NULL if the user canceled the entry or there was an error). (password): Improve output. Handle the repeat passphrase case (i.e., when pinentry->repeat_passphrase is set). * tty/Makefile.am (AM_CPPFLAGS): Add "-I$(top_srcdir)/secmem". diff --git a/tty/Makefile.am b/tty/Makefile.am index aa805b2..ca6406f 100644 --- a/tty/Makefile.am +++ b/tty/Makefile.am @@ -20,7 +20,7 @@ bin_PROGRAMS = pinentry-tty -AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/pinentry +AM_CPPFLAGS = $(COMMON_CFLAGS) -I$(top_srcdir)/secmem -I$(top_srcdir)/pinentry LDADD = ../pinentry/libpinentry.a \ ../assuan/libassuan.a ../secmem/libsecmem.a \ $(COMMON_LIBS) $(LIBCAP) $(LIBICONV) diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index c13ed04..82eab87 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -39,6 +39,7 @@ #include #include "pinentry.h" +#include "memory.h" #ifndef HAVE_DOSISH_SYSTEM static int timed_out; @@ -237,43 +238,52 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) return ret; } - -static int -read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) +static char * +read_password (FILE *ttyfi, FILE *ttyfo) { - int count; - int done; - char *prompt = NULL; + int done = 0; + int len = 128; + int count = 0; + char *buffer; if (cbreak (fileno (ttyfi)) == -1) { int err = errno; fprintf (stderr, "cbreak failure, exiting\n"); errno = err; - return -1; + return NULL; } - prompt = pinentry->prompt; - if (! prompt || !*prompt) - prompt = "PIN"; - - fprintf (ttyfo, "%s\n%s%s ", - pinentry->description? pinentry->description:"", - prompt, - /* Make sure the prompt ends in a : or a question mark. */ - (prompt[strlen(prompt) - 1] == ':' - || prompt[strlen(prompt) - 1] == '?') ? "" : ":"); - fflush (ttyfo); - - memset (pinentry->pin, 0, pinentry->pin_len); + buffer = secmem_malloc (len); + if (! buffer) + return NULL; - done = count = 0; - while (!done && count < pinentry->pin_len - 1) + while (!done) { - char c = fgetc (ttyfi); + int c; + if (count == len - 1) + /* Double the buffer's size. Note: we check if count is len - + 1 and not len so that we always have space for the NUL + character. */ + { + char *tmp = secmem_realloc (buffer, 2 * len); + if (! tmp) + { + secmem_free (tmp); + return NULL; + } + buffer = tmp; + } + + c = fgetc (ttyfi); switch (c) { + case 0x4: case EOF: + /* Control-d (i.e., end of file) or a real EOF. */ + done = -1; + break; + case '\n': done = 1; break; @@ -285,15 +295,102 @@ read_password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) break; default: - pinentry->pin[count ++] = c; + buffer[count ++] = c; break; } } - pinentry->pin[count] = '\0'; - fputc('\n', stdout); + buffer[count] = '\0'; tcsetattr (fileno(ttyfi), TCSANOW, &o_term); - return strlen (pinentry->pin); + + if (done == -1) + { + secmem_free (buffer); + return NULL; + } + + return buffer; +} + + +static int +password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) +{ + char *msg; + int done = 0; + + msg = pinentry->description; + if (! msg) + msg = pinentry->title; + if (! msg) + msg = "Enter your passphrase."; + + fprintf (ttyfo, "%s\n ", msg); + + while (! done) + { + char *passphrase; + + char *prompt = pinentry->prompt; + if (! prompt || !*prompt) + prompt = "PIN"; + + fprintf (ttyfo, "%s%s ", + prompt, + /* Make sure the prompt ends in a : or a question mark. */ + (prompt[strlen(prompt) - 1] == ':' + || prompt[strlen(prompt) - 1] == '?') ? "" : ":"); + fflush (ttyfo); + + passphrase = read_password (ttyfi, ttyfo); + fputc ('\n', ttyfo); + if (! passphrase) + { + done = -1; + break; + } + + if (! pinentry->repeat_passphrase) + done = 1; + else + { + char *passphrase2; + + prompt = pinentry->repeat_passphrase; + fprintf (ttyfo, "%s%s ", + prompt, + /* Make sure the prompt ends in a : or a question mark. */ + (prompt[strlen(prompt) - 1] == ':' + || prompt[strlen(prompt) - 1] == '?') ? "" : ":"); + fflush (ttyfo); + + passphrase2 = read_password (ttyfi, ttyfo); + fputc ('\n', ttyfo); + if (! passphrase2) + { + done = -1; + break; + } + + if (strcmp (passphrase, passphrase2) == 0) + done = 1; + else + fprintf (ttyfo, "*** %s%s%s ***\n", + ALERT_START, + pinentry->repeat_error_string + ?: "Passphrases don't match.", + NORMAL_RESTORE); + + secmem_free (passphrase2); + } + + if (done == 1) + pinentry_setbuffer_use (pinentry, passphrase, 0); + else + secmem_free (passphrase); + } + + return done; } @@ -372,7 +469,7 @@ tty_cmd_handler(pinentry_t pinentry) if (! rc) { if (pinentry->pin) - rc = read_password (pinentry, ttyfi, ttyfo); + rc = password (pinentry, ttyfi, ttyfo); else rc = confirm (pinentry, ttyfi, ttyfo); } commit c68a6854aadaf8c271648f369f14b4943e684ecf Author: Neal H. Walfield Date: Wed May 13 23:09:46 2015 +0200 Add a new helper function, pinentry_setbuffer_use. * pinentry/pinentry.c (pinentry_setbuffer_use): New function. * pinentry/pinentry.h (pinentry_setbuffer_use): New declaration. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 836ee14..eb70ae7 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -405,6 +405,28 @@ pinentry_setbuffer_init (pinentry_t pin) pinentry_setbufferlen (pin, 0); } +/* passphrase better be alloced with secmem_alloc. */ +void +pinentry_setbuffer_use (pinentry_t pin, char *passphrase, int len) +{ + if (! passphrase) + { + assert (len == 0); + pinentry_setbuffer_clear (pin); + + return; + } + + if (passphrase && len == 0) + len = strlen (passphrase) + 1; + + if (pin->pin) + secmem_free (pin->pin); + + pin->pin = passphrase; + pin->pin_len = len; +} + /* Initialize the secure memory subsystem, drop privileges and return. Must be called early. */ void diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index 7112637..19fdb55 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -240,6 +240,12 @@ int pinentry_inq_quality (pinentry_t pin, PIN. Returns new buffer on success and 0 on failure. */ char *pinentry_setbufferlen (pinentry_t pin, int len); +/* Use the buffer at BUFFER for PIN->PIN. BUFFER must be NULL or + allocated using secmem_alloc. LEN is the size of the buffer. If + it is unknown, but BUFFER is a NUL terminated string, you pass 0 to + just use strlen(buffer)+1. */ +void pinentry_setbuffer_use (pinentry_t pin, char *buffer, int len); + /* Initialize the secure memory subsystem, drop privileges and return. Must be called early. */ void pinentry_init (const char *pgmname); commit 960317ec86c06bc737e1ff3c1b571dc8f4194763 Author: Neal H. Walfield Date: Wed May 13 22:12:59 2015 +0200 tty: Always call do_touch_file if we (potentially) touched the screen. * tty/pinentry-tty.c (tty_cmd_handler): Always call do_touch_file. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 08dfe61..c13ed04 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -375,10 +375,10 @@ tty_cmd_handler(pinentry_t pinentry) rc = read_password (pinentry, ttyfi, ttyfo); else rc = confirm (pinentry, ttyfi, ttyfo); - - do_touch_file (pinentry); } + do_touch_file (pinentry); + if (pinentry->ttyname) { fclose (ttyfi); commit dd0307be51587a9a7866981ce00eed474bee6e14 Author: Neal H. Walfield Date: Wed May 13 22:09:15 2015 +0200 tty: Improve confirmation mode functionality. * tty/pinentry-tty.c: Include . (UNDERLINE_START): Define. (ALERT_START): Define. (NORMAL_RESTORE): Define. (button): New function. (confirm): Rewrite to include all confirmation mode functionality. (tty_cmd_handler): Don't include any confirmation mode functionality. Just call confirm. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 8c15eac..08dfe61 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -36,6 +36,7 @@ #endif /*HAVE_UTIME_H*/ #include #include +#include #include "pinentry.h" @@ -60,21 +61,180 @@ cbreak (int fd) return 1; } +#define UNDERLINE_START "\033[4m" +/* Bold, red. */ +#define ALERT_START "\033[1;31m" +#define NORMAL_RESTORE "\033[0m" + +static char +button (char *text, char *default_text, FILE *ttyfo) +{ + char *highlight; + + if (! text) + return 0; + + /* Skip any leading white space. */ + while (*text == ' ') + text ++; + + highlight = text; + while ((highlight = strchr (highlight, '_'))) + { + highlight = highlight + 1; + if (*highlight == '_') + /* Escaped underscore. */ + continue; + else + break; + } + + if (! highlight) + /* Not accelerator. Take the first alpha-numeric character. */ + { + highlight = text; + while (*highlight && !isalnum (*highlight)) + highlight ++; + } + + if (! highlight) + /* Hmm, no alpha-num characters. */ + { + if (! default_text) + return 0; + text = highlight = default_text; + } + + fputs (" ", ttyfo); + for (; *text; text ++) + { + /* Skip accelerator prefix. */ + if (*text == '_') + continue; + + if (text == highlight) + fputs (UNDERLINE_START, ttyfo); + fputc (*text, ttyfo); + if (text == highlight) + fputs (NORMAL_RESTORE, ttyfo); + } + fputc ('\n', ttyfo); + + return *highlight; +} + static int confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) { - char buf[32], *ret; - pinentry->canceled = 1; - fprintf (ttyfo, "%s [y/N]? ", pinentry->ok ? pinentry->ok : "OK"); + char *msg; + + char ok = 0; + char notok = 0; + char cancel = 0; + + int ret; + + if (pinentry->error) + fprintf (ttyfo, "*** %s%s%s ***\n", + ALERT_START, pinentry->error, NORMAL_RESTORE); + + msg = pinentry->description; + if (! msg) + /* If there is no description, fallback to the title. */ + msg = pinentry->title; + if (! msg) + msg = "Confirm:"; + + if (msg) + { + fputs (msg, ttyfo); + fputc ('\n', ttyfo); + } + fflush (ttyfo); - buf[0] = '\0'; - ret = fgets (buf, sizeof(buf), ttyfi); - if (ret && (buf[0] == 'y' || buf[0] == 'Y')) + + if (pinentry->default_ok) + ok = button (pinentry->default_ok, "OK", ttyfo); + else if (pinentry->ok) + ok = button (pinentry->ok, "OK", ttyfo); + else + ok = button ("OK", NULL, ttyfo); + + if (! pinentry->one_button) { - pinentry->canceled = 0; - return 1; + if (pinentry->default_cancel) + cancel = button (pinentry->default_cancel, "Cancel", ttyfo); + else if (pinentry->cancel) + cancel = button (pinentry->cancel, "Cancel", ttyfo); + + if (pinentry->notok) + notok = button (pinentry->notok, NULL, ttyfo); } - return 0; + + if (cbreak (fileno (ttyfi)) == -1) + { + int err = errno; + fprintf (stderr, "cbreak failure, exiting\n"); + errno = err; + return -1; + } + + if (pinentry->one_button) + fprintf (ttyfo, "Press any key to continue."); + else + { + fputc ('[', ttyfo); + if (ok) + fputc (tolower (ok), ttyfo); + if (cancel) + fputc (tolower (cancel), ttyfo); + if (notok) + fputc (tolower (notok), ttyfo); + fputs("]? ", ttyfo); + } + + while (1) + { + int input = fgetc (ttyfi); + if (input == EOF || input == 0x4) + /* End of file or control-d (= end of file). */ + { + pinentry->close_button = 1; + + pinentry->canceled = 1; + ret = 0; + break; + } + + if (pinentry->one_button) + { + ret = 1; + break; + } + + if (cancel && (input == toupper (cancel) || input == tolower (cancel))) + { + pinentry->canceled = 1; + ret = 0; + break; + } + else if (notok && (input == toupper (notok) || input == tolower (notok))) + { + ret = 0; + break; + } + else if (ok && (input == toupper (ok) || input == tolower (ok))) + { + ret = 1; + break; + } + } + + fputc('\n', ttyfo); + + tcsetattr (fileno(ttyfi), TCSANOW, &o_term); + + return ret; } @@ -209,23 +369,13 @@ tty_cmd_handler(pinentry_t pinentry) } } - if (rc == 0) + if (! rc) { if (pinentry->pin) - rc = read_password (pinentry, ttyfi, ttyfo); + rc = read_password (pinentry, ttyfi, ttyfo); else - { - fprintf (ttyfo, "%s\n", - pinentry->description? pinentry->description:""); - fflush (ttyfo); - - /* If pinentry->one_button is set, then - pinentry->description contains an informative message, - which the user needs to dismiss. Since we are showing - this in a terminal, there is no window to dismiss. */ - if (! pinentry->one_button) - rc = confirm (pinentry, ttyfi, ttyfo); - } + rc = confirm (pinentry, ttyfi, ttyfo); + do_touch_file (pinentry); } ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry.c | 22 ++++ pinentry/pinentry.h | 6 + tty/Makefile.am | 2 +- tty/pinentry-tty.c | 347 ++++++++++++++++++++++++++++++++++++++++++++-------- 4 files changed, 326 insertions(+), 51 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 14 09:02:32 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Thu, 14 May 2015 09:02:32 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-215-gbac42c6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via bac42c68b069f17abcca810a21439c7233815747 (commit) via e15beb584a5ebdfc363e1ff15f87102508652d71 (commit) from 5a7d55eed3316f40ca61acbee032bfc285e28803 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bac42c68b069f17abcca810a21439c7233815747 Author: Jussi Kivilinna Date: Fri May 8 18:07:51 2015 +0300 hwf-x86: use edi for passing value to ebx for i386 cpuid * src/hwf-x86.c [__i386__] (get_cpuid): Use '=D' for regs[1] instead of '=r'. -- On Win32, %ebx can be assigned for '=r' (regs[1]). This results invalid assembly: pushl %ebx movl %ebx, %ebx cpuid movl %ebx, %ebx popl %ebx So use '=D' (%esi) for regs[1] instead. Signed-off-by: Jussi Kivilinna diff --git a/src/hwf-x86.c b/src/hwf-x86.c index baef2df..399952c 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -81,7 +81,7 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, "cpuid\n\t" "movl %%ebx, %1\n\t" "popl %%ebx\n\t" /* Restore GOT register. */ - : "=a" (regs[0]), "=r" (regs[1]), "=c" (regs[2]), "=d" (regs[3]) + : "=a" (regs[0]), "=D" (regs[1]), "=c" (regs[2]), "=d" (regs[3]) : "0" (in), "1" (0), "2" (0), "3" (0) : "cc" ); commit e15beb584a5ebdfc363e1ff15f87102508652d71 Author: Jussi Kivilinna Date: Mon May 4 20:09:51 2015 +0300 hwf-x86: add EDX as output register for xgetbv asm block * src/hwf-x86.c (get_xgetbv): Add EDX as output. -- XGETBV instruction modifies EAX:EDX register pair, so we need to mark EDX as output to let compiler know that contents in this register are lost. Signed-off-by: Jussi Kivilinna diff --git a/src/hwf-x86.c b/src/hwf-x86.c index 7ee246d..baef2df 100644 --- a/src/hwf-x86.c +++ b/src/hwf-x86.c @@ -100,11 +100,11 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, static unsigned int get_xgetbv(void) { - unsigned int t_eax; + unsigned int t_eax, t_edx; asm volatile ("xgetbv\n\t" - : "=a" (t_eax) + : "=a" (t_eax), "=d" (t_edx) : "c" (0) ); @@ -151,11 +151,11 @@ get_cpuid(unsigned int in, unsigned int *eax, unsigned int *ebx, static unsigned int get_xgetbv(void) { - unsigned int t_eax; + unsigned int t_eax, t_edx; asm volatile ("xgetbv\n\t" - : "=a" (t_eax) + : "=a" (t_eax), "=d" (t_edx) : "c" (0) ); ----------------------------------------------------------------------- Summary of changes: src/hwf-x86.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 15 13:21:58 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 15 May 2015 13:21:58 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.4-2-g43ea8f5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 43ea8f5d884dd108bb27d8e1610fa28802295a06 (commit) from c9180ac62883b81190e41e04d6b6dfc06e0b61f6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 43ea8f5d884dd108bb27d8e1610fa28802295a06 Author: Werner Koch Date: Fri May 15 13:20:52 2015 +0200 build: Make --disable-gpgsm work. * Makefile.am: Always build kbx/ * g10/Makefile.am (AM_CFLAGS): Include KSBA_CFLAGS. -- Note that "make check" still prints a warning. Signed-off-by: Werner Koch diff --git a/Makefile.am b/Makefile.am index 57529b6..0613545 100644 --- a/Makefile.am +++ b/Makefile.am @@ -47,13 +47,6 @@ EXTRA_DIST = build-aux/config.rpath build-aux/potomo autogen.sh autogen.rc \ DISTCLEANFILES = g10defs.h -if BUILD_GPGSM -kbx = kbx -else -kbx = -endif - - if BUILD_GPG gpg = g10 else @@ -101,7 +94,7 @@ else tests = endif -SUBDIRS = m4 common ${kbx} \ +SUBDIRS = m4 common kbx \ ${gpg} ${sm} ${agent} ${scd} ${g13} ${dirmngr} \ ${tools} po ${doc} ${tests} diff --git a/NEWS b/NEWS index 4286792..b59be51 100644 --- a/NEWS +++ b/NEWS @@ -5,13 +5,13 @@ Noteworthy changes in version 2.1.5 (unreleased) Noteworthy changes in version 2.1.4 (2015-05-12) ------------------------------------------------ - * gpg: Add command --quick-adduid to non-interacitivly add a new user + * gpg: Add command --quick-adduid to non-interactively add a new user id to an existing key. * gpg: Do no enable honor-keyserver-url by default. Make it work if enabled. - * gpg: Display the serial number in the --card-staus output again. + * gpg: Display the serial number in the --card-status output again. * agent: Support for external password managers. Add option --no-allow-external-cache. diff --git a/g10/Makefile.am b/g10/Makefile.am index ca99314..ea4afc8 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -25,7 +25,10 @@ AM_CPPFLAGS = -I$(top_srcdir)/common include $(top_srcdir)/am/cmacros.am -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) +# We need KSBA_CFLAGS because that is included by keybox.h. See also +# comments below for libksba. +AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(KSBA_CFLAGS) \ + $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) needed_libs = ../kbx/libkeybox.a $(libcommon) ----------------------------------------------------------------------- Summary of changes: Makefile.am | 9 +-------- NEWS | 4 ++-- g10/Makefile.am | 5 ++++- 3 files changed, 7 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 12:21:10 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 16 May 2015 12:21:10 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.4-3-g5038276 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 5038276fc47ca8406eb41c640d96f8ec7d2f5f88 (commit) from 43ea8f5d884dd108bb27d8e1610fa28802295a06 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5038276fc47ca8406eb41c640d96f8ec7d2f5f88 Author: Werner Koch Date: Sat May 16 12:20:02 2015 +0200 tests: More OpenPGP test keys -- diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index a6eda61..dae8c11 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -59,7 +59,19 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \ privkeys/FD692BD59D6640A84C8422573D469F84F3B98E53.asc \ privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \ privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc \ - privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc + privkeys/0DD40284FF992CD24DC4AAC367037E066FCEE26A.asc \ + privkeys/2BC997C0B8691D41D29A4EC81CCBCF08454E4961.asc \ + privkeys/3C9D5ECA70130C2DBB1FC6AC0076BEEEC197716F.asc \ + privkeys/449E644892C951A37525654730DD32C202079926.asc \ + privkeys/58FFE844087634E62440224908BDE44BEA7EB730.asc \ + privkeys/4DF9172D6FF428C97A0E9AA96F03E8BCE3B2F188.asc \ + privkeys/9D7CD8F53F2F14C3E2177D1E9D1D11F39513A4A4.asc \ + privkeys/6E6B7ED0BD4425018FFC54F3921D5467A3AE00EB.asc \ + privkeys/C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc \ + privkeys/B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc \ + privkeys/CF60965BF51F67CF80DECE853E0D2D343468571D.asc \ + privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc + sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/ecc-sample-2-pub.asc \ @@ -70,7 +82,8 @@ sample_keys = samplekeys/ecc-sample-1-pub.asc \ samplekeys/eddsa-sample-1-pub.asc \ samplekeys/eddsa-sample-1-sec.asc \ samplekeys/dda252ebb8ebe1af-1.asc \ - samplekeys/dda252ebb8ebe1af-2.asc + samplekeys/dda252ebb8ebe1af-2.asc \ + samplekeys/whats-new-in-2.1.asc EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) ChangeLog-2011 \ mkdemodirs signdemokey $(priv_keys) $(sample_keys) diff --git a/tests/openpgp/privkeys/2BC997C0B8691D41D29A4EC81CCBCF08454E4961.asc b/tests/openpgp/privkeys/2BC997C0B8691D41D29A4EC81CCBCF08454E4961.asc new file mode 100644 index 0000000..13dcd1f --- /dev/null +++ b/tests/openpgp/privkeys/2BC997C0B8691D41D29A4EC81CCBCF08454E4961.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4yNTc6ALWn703ukwPA +klb9+e/m8qGu/XewzQ5fnciZy+YA71aO1L0vg5idBqmWWhUZ1H2jMLpSmHGTsWvw +v7OpIgsPcyIqmlJ/hXNFxYI/xS8Y9AzFlASs+DqmMOjBghE5crakHjS6JxtkBNK6 +efB3teA5WlD7oVJwhYMsUtkH8/OJq0Lml3sZaca3vDvm0CnEDlqr0pog6RiDxAmO +gUO04ZcjaGVz9sb+U+coIe/qG1kJZFGdSpuV1BS79nyjMnmMfNt2uB0w9v1hnGrv +MU7q+OaaP/ii8+tI01WOGn+KQsJp89PwgcnA8y57Up3zN6pDl9WF80uJL/J3FIe8 +RuaE4VBv76spKDE6ZTM6AQABKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1z +aGExLWFlcy1jYmMoKDQ6c2hhMTg6fMHJiYfEZhM4OjE5NzM3NjAwKTE2OuNRxs9I +ktHtlDMTy6rWZJgpNzM2OlWwk5Xhn92HLSgS6iqiDLYg3NLreSQrnI4i2ujY97BD +R62o3Li+mu2wO8zFy+zErpMAg1Xn8Cy5III9jQYznUfUCa4UbThAz4XnSTHkP2Ta +/YunBqAnetFmj+HIeSpFcsUEY/MF9bKNuiEtA2Te0J1X6BYUMY163TxfkLZDTG51 +tyuEqn8n2B6fBu/Vjysyq95ohrrkvIkwIs3p1UOa4qgn+wbr4br8Bu6mf0+ClXoj +nPCim1aQMrzZHyWYXgqnFjRnHW36lHpdWGqav7vV3+qbjzlVMldOGx24PH1bAYnS +BD5eeMletc524qYBSxSIyItuReieymNNYAoF6Wf7ayDzDzf2pGrY55wIt6vH2J4D +24M1ydvS99ibu80A8O/K7WuYHTcrzgPPmp6/aA3q8kxGFrHrAZ1r54yHPKbYnNWE +v0BxNe0poaMZJKDQIoJT0mGEmlpS4lr/K58QyECIDN1nOVyKL7ixxsqjJI3G0ZY9 +vpOpXHzFIToA8U+/82e/qNUA7wkQMOhG2lF9AxyT5eEOEhCW8J7QZM+FO6ocplgH +ZxwHa0ymv8Tj4yOVFNSo/ENJym1HGiyvjgnQS2MSZ5kIyVNuGI8AWPsWQJ6B/04p +LE8apX775kVhvIX+DNU4Bnxnb7KtG2HovT9NxQIzIYcANC/rOKdOq2j5vS4XqHsB +O66pV0JLa8TPD5iKDIzS2ONBxyKi2HqRg+xkEIpNBhvrQgGs2FzoRvivbjBOgwjp +hRkX1dkF4axKWEPRuUhvlA7f/TzbHFtjbWyd5fm57j3BgsVj/EcSrGtpl5JQd4k7 +etSIWvtWWySZJPDXz7CW9Wh7W0ZXA76tmniLDeYl8lnMIYa6ylttTnuiW4hh3naH +JFtWytL1ivCeo8iy5wGQ2X3Jp1C+Y4+lgR4pPE8w04y5Rzo8Jo3VSMWbeovn8djM +qfXy6yH7H6qHYCO31IJxFfz89EuCE0EGrYUzDFr5KpUpKDEyOnByb3RlY3RlZC1h +dDE1OjIwMTQxMTAzVDE3Mjk0MikpKQ== +=jzZd +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/3C9D5ECA70130C2DBB1FC6AC0076BEEEC197716F.asc b/tests/openpgp/privkeys/3C9D5ECA70130C2DBB1FC6AC0076BEEEC197716F.asc new file mode 100644 index 0000000..9a6e102 --- /dev/null +++ b/tests/openpgp/privkeys/3C9D5ECA70130C2DBB1FC6AC0076BEEEC197716F.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4yNTc6AK8HhE8MmR/i +QdHw5kcWa8Lm7henF1KdhF3Z5iDNeurFrDQsg/RFHJbaMyVCzCP/Jc4ayub2FzeS +fJdKXrpMPAdaGjlbGLdY08Fc49E+7M79YQXgyGXhTm3kZa8bw+TfYnLJC6snxefG +5YQqEpvV/mfvfQd6XXxDcn/u56YDJ5Lo7xRXmnd4Ifj6T1lF2KDQtDAB1vlpnuxE +QfnAI8C8UpsxOWC1tSuQ5HIoFnwqAEfEiHH+P2YuHG6m4oyUfT7c11rHf8S01R9Q +JQCr11Dn9WMAI/IHe67BsrbIAxG+9yeBhIkEShBBxdNqIt2FnE+sTmQHv+uiY4ya +3ch63dvZ53MpKDE6ZTM6AQABKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1z +aGExLWFlcy1jYmMoKDQ6c2hhMTg6+Nvda1z6F404OjE5NzM3NjAwKTE2Og6NQq99 +p1NyYxcYgwRiATApNzIwOgzqYGEJNhmx149fV84cgLNbmIifZ48o+oywHbwdju0c +oNmaBHv+Xkm/U5PG/CPYINJbFIewrxuNpGbW69VMfOi5nwcvIE2LouuRd4Ih7cYq +ub9fjqIH9tO4AA4kkSA932AfJseLTZMcSqvSmyIE4GU6psDjQHuXur4ywKYX0iPi +11hlhFtiARw4S3ToidPukg+SiEJV6Sec77BmQ2NG55FEB3GiM8m5LOMSPq+ZfxI9 +RmldLuyC5TfGWRgraR+3SU00gYkbAOjwlblHloQzoHquCpumujGvSxYolDsW32HO +Eojy0k5iezdwbnpBmdWJbnI+qAQQ2wjmEFPKVPnOF4y1Nki+sRXrgFXGbgHwHbRN +yMgRgMVeYycHhhEz5N+VwQ5yKE3hvIbD0dznD6Z8QAb4PXem929eJDz3FrR8gasN +2udqDyHkczK3y5oJs4k82Fnmn3Rjfgddyo04SSf/1Gwg31y33Xh7dkdtU+NOt9s9 +wCu+nJhdbh/IH8fXPax2HuWY7q0EPlZQldbeBta4r+RWvNFFDAG8DK5uBHQqtKoV +vV71ffPm30s4ysaSF4mqF3eIYLltPYNenvsYKpT/cn/3WvbLsKqMIOGytz3P8fQb +49ZDGDyzT1rQDuJ2oDk7N+epZu+lna/nRo7UBEo+Tf7CkcTKQ97wY8tqqLUdclJr +KJsIIutg8WgIx09Xvip1gfOAZV4s9V6aMejT32CBLSEmC86t/Tu+3HrstX2E3F8+ +Sc0gB5B62/PMSzCI3lgkjMRp6yCzm0cZkHSDHOSLpoEvSehV0Gv33DFBPNog8XVE +A4H404JRMBHI5mKpYcYKv/o8ZpQgDGORMZYf5W9/LMF06QZGz36kPVyIwL2j8oCr +0T0kp/ik8WZSV+BkwKON2fPkROQ7c7ZM+S/xcrpKEe40/dWtTZUABGhCL7IXwlqm +u2nGS/Cfjmq3TRuRJAZFZykoMTI6cHJvdGVjdGVkLWF0MTU6MjAxNDExMDNUMTcy +OTQxKSkp +=04As +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/449E644892C951A37525654730DD32C202079926.asc b/tests/openpgp/privkeys/449E644892C951A37525654730DD32C202079926.asc new file mode 100644 index 0000000..1a6a0b6 --- /dev/null +++ b/tests/openpgp/privkeys/449E644892C951A37525654730DD32C202079926.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZWNjKDU6Y3VydmUxMDpOSVNUIFAtMjU2KSgxOnE2 +NToEOx/Lj6ZzYdOMdprseVCR/dwZaYPeInquOlapE22Udwppy4tQqj2jXDYH8d0Z +5uRvT/FD5lpcW+Cv+BAoo2auuykoMTpkMzI6Xka+GGkZ6tp+azZo+LPj0inV0GnO +vact0wafLNZvlQQpKSk= +=Rgp0 +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/4DF9172D6FF428C97A0E9AA96F03E8BCE3B2F188.asc b/tests/openpgp/privkeys/4DF9172D6FF428C97A0E9AA96F03E8BCE3B2F188.asc new file mode 100644 index 0000000..0524739 --- /dev/null +++ b/tests/openpgp/privkeys/4DF9172D6FF428C97A0E9AA96F03E8BCE3B2F188.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4yNTc6AMwChvrQ9TUc +PtBbfK0UWOt2GZrzq7I0ZhcjfoxGD4UXxKNBxHcyb2cQYTh5tF4XqIv9d2Sys1c4 +fU2Rr6lnPDc6VpSLKoHZj76jWkcWVf80+MXFNVp/YqErQBMu/AkA/Cwk3hEgjqQI +ZOo9awfBATJqGmW9y3Ct1IV8oM6SUOjYQ8CcIa2jpSNNq9rhXQjzTYUZHK4ayTmj +mPvuqSxWahUsOZClA3GHpLZkFe9k2UJuVIUfhwYD4CyIR1nqlFfj87p/UEPs1264 +/RpBagz4G74BiLhiHQss8NXm1zWiRZ1xPyJIkrDm42JRQ+6gGf1qvk2tyS3Le4W+ +7sg3r08UExMpKDE6ZTM6AQABKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1z +aGExLWFlcy1jYmMoKDQ6c2hhMTg6xlhuUgeZDb84OjE5NzM3NjAwKTE2OilEwfz2 +SNwgLhCK76qARHgpNzIwOqgwKI52Qj5ABmkzDaJ3srvp4C6GnCFvosWjaNBZkLaX +z2cGEh75T8Klm/RR8tXhXxHcl/b+UErb0CDRy6nQvMhU6LX+0hfk6t3M+wE+Wz/Q +/uPoT5cdgWRUKBjCzSgH3DKwjBM8z8L14UCsZt17vEDVwE3jvAIo7DmvCjAKt4tP +jyyBUMl8kn7HBAJkIthCnNZ3Egj1o5NqYVc6Dbh82x01lPh50EkNUOi2MANRxkCG +Ycg8zeB7uaMwM7Hu+wtev+QMve3aoRVRGHIEbwzj6wl/OwmSROWmQxmLebs20dMD +sdhaUkfGV2EFXSzgsK8q3zrWN7mkr/h5zs63kvsQnbsOU3ym+/OPgCOUSBm87Ggu +GyUoIblgyzJHxNHN0x0RoFue3JE4CCZvsj+Cn9auwgniBCTMBHhanLm4+y4jMAdU +CEdHV4m55FOG1i5AyNr9m8U3/SPzlHdPJ+9P/8hEJhcB6tbX7I43K8Wl+5I9yJI4 +p6gI7VQhLCjmpUihsnRdmFGfxneDxNNIlzDwPOoV0thfOoju15ofxNdDHCzWhiin +2WVhQ60iHLT1Pfgk1htGs73wIFDsmHdJphmAscCq+uPDeDu34GPZi+DGQIndIlWw +2Dx0QjvtV5DYYHL4AYKbvCrMhTF+2ECZB1WuwTRV3AaOS27GnaneWK6KURrAE8p+ +LSIvFya6g6tbjScflrLNBm+8n7/Iyq526IiwgxQC8g6t79AxxKBSarjw2RhQRi5Q +PJymKlVvp+smFATNLMC+cjEFSP3zf+8a1gQnmSuaSY+UmhG/yakDlEmZzTRH5K4r +rzgFvQhi4rZMCSBTy2I08IsIzeZhzpsrWmsTCnPIaFZ3VwzzabbLV2pwWda4hW0M +vXf1SZwL02RujWISEiJ5ufPwm6eFwH1dNRvxSTN34cw53/cFyiuuETDx2/XIp7Ec +ODuPCvJvsVjRUBQ6tdxkLSkoMTI6cHJvdGVjdGVkLWF0MTU6MjAxNDExMDRUMDg0 +MzIzKSkp +=opty +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/58FFE844087634E62440224908BDE44BEA7EB730.asc b/tests/openpgp/privkeys/58FFE844087634E62440224908BDE44BEA7EB730.asc new file mode 100644 index 0000000..103d043 --- /dev/null +++ b/tests/openpgp/privkeys/58FFE844087634E62440224908BDE44BEA7EB730.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4yNTc6AKotlDIKDSEy +vIjkWDdGHQCzm1ebRtyb15Ljkl17NV4biDAA+2qOrw3QJQ+6CfVpD8XEygXpBEv0 +16VgFuB5MsINHNE94dKAUc0R1uUwZljeINPQ2F/72t3SFiiBBGwY4AHDNn/zi6Rc +M7JwjJW/pkkqcmvy1kA5kP18XA6wgY8NsyCa+H9ZJm5BK64MSGUEdscWykuHUW3z +g6Dc8bST6OhlokclRWh9KVK0QRbqnlQeVP/E/Kv4LhnbXNB2GE2Yecah4rva/PNq +2YZ9CfyuQHwSJQhb1h1MKLi57AAacgAhV6OcR1hM6We1Vh5JDFEj01DsIMC11S1Z +zHYLXRWAec8pKDE6ZTM6AQABKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1z +aGExLWFlcy1jYmMoKDQ6c2hhMTg6O8dPH/PCXh04OjE5NzM3NjAwKTE2OhEO7X2q +8iasv3iHvYbCdQcpNzIwOjBesXtjq+5LWL6zU5yqEK5GrykQBIHisxNK+2TA3vBM +sb/646D5Za60r6rjAShVxIWa9c5rzmS+rITBVodTzAjOn2uj9k1TQNmqsWf/i3zj +xe6puh6e0IIkAoMcHpRozSOHF1q5YDKfI7wjr8+u+TdROFhEhObQ1CXTnjTCx1aB +oQG5AvybctPjSCdYxVujXmNjrgngZodiTxsE4OBG/bk2msK6GY+oJKgBCp/5m04Y +DGDe2w9MDt7UcW0tlo2kHk5cwKPs/ziSu1gfaFqqOzFBdUc+gR5ikbzDF1vJ53W8 +3DwnzCSkuciBX8MeGiAfkR8f0WQsBStMNZewnCsPYeB20Cl8bTAtzs+X7LKzdSI2 +8gSkIV/GD3VwYw80cqn2eF+5cJKtKIV1nOxPRoXgcuWvNTL2nyLggaJDVusy3MKY +O3yNnadWmA1XT8NMBx+yY1i0pCfmxWK5h/2F2cNbe21MyhlwgkGD8jVZCiW/NeCB +VdpFHcqZz+rYchLTjs+LSoINKFiwoIpK54pMAuRO+E1y32Zo7XoZqyDkU/ip2iAK +OaB5LTjl/GI5ISRBcsxbPXOxbNnUat+0p88T4Dj/V2ZJkubAwRIzgOE9p4TgHqlF +2kkl+4rqqnooDUQ4ViEIUxjq2YIws9wkWAthMMcJVDgRcD8+G6IGAJ3tQlIaW9oA +OVLsHcXdiFbcEE12m30CMI0uUQSavk+aO0qO1ZQRYtu9EipGWnjWs+0ZqcMaz9rj +ACv6rvsts6puie3uvL+yzEuzpWC74e50kElF0MLVQropNY50hvXqrnKzoU5ppaNt +W7q4vrtKZh7QOFt7mcG4oTSIpr0vTwBGl0YbrORviF1KdaW2sPHNfbL7hrTx1HlU +3BnAM8b0kYz+NEJ1qxNUfymta5iZI21LebJNTWJIiiCBS33J73Cxr92UaafU3VRA +jZRpavMXHHoesBZ78uDqAikoMTI6cHJvdGVjdGVkLWF0MTU6MjAxNDExMDRUMDg0 +MjM0KSkp +=zQRC +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/6E6B7ED0BD4425018FFC54F3921D5467A3AE00EB.asc b/tests/openpgp/privkeys/6E6B7ED0BD4425018FFC54F3921D5467A3AE00EB.asc new file mode 100644 index 0000000..ecabe4d --- /dev/null +++ b/tests/openpgp/privkeys/6E6B7ED0BD4425018FFC54F3921D5467A3AE00EB.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4yNTc6APL1FJVAgVOE +iOLqgmqCWcCgIfl3FT/pBaLJYLO8NersRuygQ6ArAdNYar/h8MKnOkYCwlISr3fp +Jtj6cpPrz6IU1K09HYEpVc6n1UbD5r25sDc9Ol8ztg5QPVP+ceA42nzpHAnMAW7E +9dz5gsM/H6TlicF4qOT3rOfpBqDx1EHOaOS6pdnem7SwSQZ6RFetJotkXqEFfSNV +lMTLqqysfk5kUW+jn7B4Jlpd7YWtlaLsPXyY1dFwi24VqpIiztOYRoWFObySrpZk +wuPGkQ5P/Eqi/2+L7VKXNfODRI0NV6GX1FaQ96lIq0Y+z1EWojLwPb9JR2FLGqC+ +4/mm/W7Unf0pKDE6ZTM6AQABKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1z +aGExLWFlcy1jYmMoKDQ6c2hhMTg6vkrGYgB5EO44OjE5NzM3NjAwKTE2OuQHqFdP ++Q1Oz+cCYcb27DIpNzM2OjoNch/oeQ0jhPqg+yQ0z3Qf26SgZEKqsdozUsPbhBfs +n4zjoOj3goT4DTFl/pCWL6lCMy56Tb2Ra7j/SUeKAqBSSwarsG6mrFktOQntpw34 +QWxaOc0dJEmy5/IqY0uz4vK6y8X0MWPTDPt0kxvi5Z74MQ1uVsC3ZnepSenLpr/W +F38jEsq3CHO5rXUDrwMLLTqL0zE9bE4mgQkFIrzZ0UFM8iFi7cI+Yyp/esbZHubJ +MqJD1QVf9TpA8OAVXPj+JEYljsqszvjqWbO5pceTyT3OxS0/t0GXeGkbhgS+42qw +VOlZQe8r8Zs2MfJcGKwTGxS4HW218YZxZAan0eFOsVan+gKthNRGjvJzyy2w9foV +OND0EOzkeBFDohjWN8ROkVI2z/DyG2WDoc2H7tiajWHTr31uhNlMXDLynhp+zoRV +GfWIEsrfQiUcnuPyWP+tTyHoqTlAPOqeosxDsZfosEN/GRxgd3CFT1OBdgjd0YHc +fB5Dfc8JtVvZwXECz6A2eXCOCUJ7ljRpNp4bxtnRoO9VAydWcgpAq8DjwkgiDqLR +xYAvjAe6irEKNBKVocGV/zw03JvkqnYW7ChLr7sNfiJReFuiJXmWq1mYerOHo356 +LIaZsN0n7NW0OmQmAQmv2ezC1ZCMyjuIMKcDssTieln6Yi7NmmmRPCkkiWoK2XtC +PVY6Q0gZ1zUysQ4O/Rcm3Nt+U8JUpeXvry0086f0sk0yEdzB0RbZFyYMWFzwNSW4 +VsYtxqvzPVmYHBO6UihvmPnCuwIpUBVpKjsXN3NiARlPk8uAzR/quOgLxVIX6leq +1hT9DohrFGxP/O1SQhgD1xZfMRwJGo9J7OYA9JWRvZKguM6bJMYZ7Y+PJWZDfifG +TuQLPq8eA7B2KXEzNjHt6tyyDmV/SsbEoUPZBmGqD59/4JJiHtRy5HJdEAJXTYul +FpV6Fx4qVf6IjnH8ax8tmxLenGBomboigTofJFnz51MpKDEyOnByb3RlY3RlZC1h +dDE1OjIwMTQxMTA0VDA4NDg1NikpKQ== +=4K7Q +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/9D7CD8F53F2F14C3E2177D1E9D1D11F39513A4A4.asc b/tests/openpgp/privkeys/9D7CD8F53F2F14C3E2177D1E9D1D11F39513A4A4.asc new file mode 100644 index 0000000..f237e10 --- /dev/null +++ b/tests/openpgp/privkeys/9D7CD8F53F2F14C3E2177D1E9D1D11F39513A4A4.asc @@ -0,0 +1,10 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDExOnByaXZhdGUta2V5KDM6ZWNjKDU6Y3VydmUxMDpOSVNUIFAtMjU2KSgxOnE2 +NToEMIx/SmNEvuSVkX0Xq60JBOTUT4qTr3ywNqUOSaKijgdYKjwkIF+jpD+7TfSW +vMznIU/Ued6WdRrqtQbi4KVzdCkoMTpkMzM6AIbAgwG04OO3x2tqboQ8eGekVM24 +4oEWVVQjQwNeheokKSkp +=RxSg +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc b/tests/openpgp/privkeys/B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc new file mode 100644 index 0000000..e1db456 --- /dev/null +++ b/tests/openpgp/privkeys/B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4yNTc6AM0QnGL35Fvz ++RybOtdBOWPX8XHZ3CvPq0gr50pjtZGZLjlDe5Jf8oX24cGBVdFdILOlOglXNJX6 +Qz5WxNrZtU53vDfkgjA8flQXFqIlkxv2ZkjKP2S+Vgr9LjbrFxxWRlZY+XqMNahE +jbfA9gLr1GG8gM7ABsU7O03/pR2q7iF/aDMKm8asN7+k4/tW11e5yZeQkc+aBz8z +bhBCZ90jdfQr5jHQsJx9EOlrCWvDcnGojDXQBc2AflwuEJQHSHqPsy4E5KnMlpp8 +ZzFw2spfExWzNnEfZ/qQ9dXgnhdeNFmg/JRvgohreRExvO3yJiQMbH28UBTb/NBO +e14F8j1XdfkpKDE6ZTM6AQABKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1z +aGExLWFlcy1jYmMoKDQ6c2hhMTg6kSqZ9Kag78g4OjE5NzM3NjAwKTE2OlKflmHj +kP1iNdN0sAvT1dopNzM2OvOi7aAUszePhXP3b3zH60C9ygixV1MQIKMUTDlZkTFv +uVwdyH8IsB5rwaIZV5kO9xOdTPZAUG+jw3i5vUJzVYb3tORlIQLMZl+cT6InABFm +eZ0jC7n2i5qEGK5nb+7na4SRv7jOCDpvEvmX3UxYsx9OvnVq9ndNg0t95wDc8Yp4 +OuWQM56DoSmlfi8yvX8vdihp5XVqwvoKZNbXP17o0K2VjSBfWMW30mF+1MRVGZjj +rji0TJA0747OQjYEVVi4Jyvd1Qd+Ao3QWkXm4TzeiRAOYKTy1g9+6mTpLr29IQPo +Ljvea48pJK2YJM9FNoZUOA04Pv6n0w/CCSFMSGDJon8KATgTgkXFWlxhCEPqJxJL +emruPGPIb3Qv05etKPjGyvxk7fm+5xBjpxU2Xwk6kUZOfuX9b8KkBWDBlBSSRV/w +teH+vTVFG1ydDFoCbay4TzKIHRHwS93ME0L11GHLViXMD3tOG1BKudPD4JUxrHVa +MFHKtkvfTEz6v4YPCCp84+cjrbOKhSabg6caNcD0rge7iFVN4BArs1B/akEN+E8i +q3MoUv7lN6GC1XEiEvK/8NgDamwUtbRQfPyJizow4tJSWTm0SZdTlBrkdUgCgW2s +2dTElthntFqGOpBj6AvxoUPpnKKUp4o1W97bqV4regz9g8iMSna+BrzfYMrt8AlB +A4eKtYbjFS0aNzhDRJepATVh/DVsy4bm3XN5L5Lne5greOCRcIjmE6n2GOHjh4Y0 +/ba/hj4WKm2n63toXJlxJ1t1Db90qiH8ASn6Bgd6BR0NueIrYI+YJMoeG+NLjB2h +Ag6rd+yyjLEqaxniJkz9lZvj1AmX0JX3hfC6q8I84ZUdQFyBVQIxeN8EsKeWh45c +1bEgyecQx+PNmrEUa90OZpJt6V1mQhb2SCDBgSVpAGoI4N2J5NOJ8gm+plgLsMDT +Q1xhmBNF67kVYmV+ljiOOCB9CluiR/i2STv75ydnuBkpKDEyOnByb3RlY3RlZC1h +dDE1OjIwMTQxMTA0VDA4NDIzNCkpKQ== +=1YfR +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc b/tests/openpgp/privkeys/C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc new file mode 100644 index 0000000..d972814 --- /dev/null +++ b/tests/openpgp/privkeys/C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc @@ -0,0 +1,13 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOmVjYyg1OmN1cnZlNzpFZDI1NTE5 +KSg1OmZsYWdzNTplZGRzYSkoMTpxMzM6QJASwJYtt7iJ0ho9ryWXzi6FYfC5KR+p +uwXT8cWoMCuCKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1zaGExLWFlcy1j +YmMoKDQ6c2hhMTg6vuifz6Hv4GM4OjE5NzM3NjAwKTE2OpcAZjV5+F/YlpOPgp1b +WQUpOTY6qFMSoZCpIVdpOB9iKNKcrowuxl4tpSya+TVyDRedFeYEJgrcUjLFa5qt +Eqi/0/ceDijJBz1HGyZ1mRWwGOzCqhd/8ccVQlQp66GqO8x4Na9uYtfNurj1a7Gv +kdi+aQ+UKSgxMjpwcm90ZWN0ZWQtYXQxNToyMDE0MTEwM1QxODA1MzApKSk= +=FCvp +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/CF60965BF51F67CF80DECE853E0D2D343468571D.asc b/tests/openpgp/privkeys/CF60965BF51F67CF80DECE853E0D2D343468571D.asc new file mode 100644 index 0000000..4f075d8 --- /dev/null +++ b/tests/openpgp/privkeys/CF60965BF51F67CF80DECE853E0D2D343468571D.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4yNTc6AL8OibB/4Jrv +yu3WLmT9knI/wEmxSjU6PXn7xCyDgxXd45szIKV3uURsYVsexrIRr5y+uijOWq2J +FunrhNV4sCGpRAnS3EA1y1zqFx7Ob0/k4bLvNn8UFNtblIlxqSjT2Oz2T5+4GAme +Vo7Z49keWryDyMeo+J1cio0NacBwR5Ee+DL6NfGoSyYYHrrQOn9PCnASR/I7THMP +4l729yHnVNHnsgA1t/plvgXJj2Vf4KTu8NFaXFbd5a2gW14+nv2kUTenQuHs3Nn9 +d9NQeXSZ3tWP7FvthgklO3bp+dmjbynDKacKQGWKFyYlnx/qNKRe9Wnr59vVSeyk +tyA0pbyvYNcpKDE6ZTM6AQABKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1z +aGExLWFlcy1jYmMoKDQ6c2hhMTg6LskYBR0oJSs4OjE5NzM3NjAwKTE2OtX507Od +8u583SoOhgpvTDopNzM2OqQsv6qf5uCTG0KqleH7oUveFKt4ucEElrAyAiHe8x4c +5BIt9r2cz9yVyZjiolXC2zuGZMmt15odX+1vp9zUAaK5cFFFk8z6qEBEeFOP+4Ss +iBeI2r3fHN+/mYMlyomBXV9bZ3ER3lio8iqdsnjkqFo+AfA3otGvrZNhXPa6GaLh +1KRW3D3Lg97gp+GwrsQ5sRQ6EFBlGzg2YFWLFGO1txvQfLECEzQMZaej1S6XNKY0 +87LmmCNhyNvSP7WECb0PMwlXKDUEy7zjEK2VkGRSEg4Y8CmMFeW68Zrlvivcy01E +KXQ2EpI0i9mxI/QnQa/6d4GAkuPywbJG4U/rgEDMwubHhp+QVNpU6JWy2KKnMVVf +7Ln5KMKCOKh3ZcvRYUq1yen8ybEOKJ2nFZ5VQfmSSXvW5yDClQCe8PwwOY1a5nw/ +ODcPM4oeW8PmWncWNuhme/uicECa0wuJ4IGUKTyg/Vs4OLMjiXLwT1gblPEcfuws ++3A3o494JOEqnyyvfM3ZmHE+RYe9+OV6/1JFsIhSn9cWty/H26QpuFvN5D2cXXKU +txuqC8MmovtCRzG/ASja68rc0NC7uACBRvb90v5tlDCFmBZAPJmFnBnB/OGqQOmF +dFXGRJiauaKOwRtEzC0wyMdkB5+j4/oBj4Nt3Ua5Qbk1B5m5M4YfEX4c89G635O0 +cmO+c9ubv/oQSNcXnJmIDnIvwBXDMzS9psQp/LzIpXIpbJUU1tRclUL/LAQChhmS +Isq2qP/s8jg8BNSjiXlRkLqg5xkcKuW757y725fiAOrNjDYYBNVC1XIPaVc1/Fkm +T1Mcn0OuQ9Hwcj7C+lqcq7vSZkx6h5+YjvJ5uDUQvFVJMfoDbKMKsKuJ2qSK7ano +ePtji6v9SylT9cSZnSngaar+j55JD/wocGlAcVOZ+fOkoo81wWAJ1+XNZX4YNQ+/ +naNT4eyAq9k+CqxZjDOSbdg/aoOzFPDkRpDrkQGq1IcpKDEyOnByb3RlY3RlZC1h +dDE1OjIwMTQxMTA0VDA4NDg1NykpKQ== +=MG45 +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc b/tests/openpgp/privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc new file mode 100644 index 0000000..0bf0006 --- /dev/null +++ b/tests/openpgp/privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc @@ -0,0 +1,31 @@ +-----BEGIN PGP ARMORED FILE----- +Version: GnuPG v2 +Comment: Use "gpg --dearmor" for unpacking + +KDIxOnByb3RlY3RlZC1wcml2YXRlLWtleSgzOnJzYSgxOm4yNTc6AK5ASAwdxvm1 +x0sD1PVAjVCEgo2oqT3mg/onopj3t3dVlBuEv23f+5/EoLTEIAE8ulGDCBQRw70X +j4e5B87oc5DxBs2uiMGbCX8L7cEQuXVRRrwQR5kJI62iCle1prehdXTWFgZUBXwQ +60GAGeft/MmznrUN4qy1qt7dp8eqOq9on9xA8uKzigCYEjRsGeScrFedAemg0so6 +AWbCSz6S1BbZKxYPilbG7VMvpA24kgPqQiiaZESlFt7iey04WE9v26vH5CExVqFl ++M+tAGIPw439X0leIpdidTWFdREw7DCkRBjZ8cWbLEIfhErco1mqlSxR1AvlSXnb +yxerHQRO+KspKDE6ZTM6AQABKSg5OnByb3RlY3RlZDI1Om9wZW5wZ3AtczJrMy1z +aGExLWFlcy1jYmMoKDQ6c2hhMTg6tIGQBN/WvYA4OjE5NzM3NjAwKTE2Olq8YLkU +7sO9zkXVYdR0ApwpNzM2OneDiO9TEO0M//ms4Wh2ZDR/oOHF67pj9woAkW+en7vv +r512xqgFV2m2b2aFTJYgeJwWJgVItmgmoM4RsbtL3CVSXrKRi4fi3VbwWEN0p4MI +wOXkbdFFxywvEQjQoNEvvBFHTlLkRIHzugfhUJID4wNzcGq55LnH1zoyXdUorlhi +dpJ7Y1QHjm7j3RBiTRpGXXOIwQkpTf4eNIIsOeaDTQVIhTh62UFzUY26NBftx0mC +cYhFs0lOk7k482OnCkm712BejhvHOcs46Lhi9JwfY6j8QcgrIp4b2MyT8BOg1cIX +vjD39tKJYh9SHWZlB694KZYqSmlr+RfhgLTNV7Oq4Il9JNhPgImG/ouE/O14j8W9 +MyIg7T8NhvYRt+sym9oijvxXb8Z7dD12RomxOZFAajrHMv349JAebUOSIxCBg082 +LNRleJKl7s8Dw5avgyc03kqAUageGOjRWsJvbSKLebKDUoLqEyyNiTNbbTru4oZb +RyfqPftZkPymIQGS7rukohZ7cZHM8jT4Bf79VRvFAXQJ8IVGjHVvrwEbV0mOgin7 +i3n0hYsO8t3YvNtQZ6c2oTkhaeakYgebRKXSgWmLK/FcCtnftYuulPD/ApkcnGFa +jqJcxKT6vNbsrp+YOlder0cZz7S+1qXkKP9iGuVUa6uG818pv4IZrrgWJP85ZUqj +PV5Dy9QYQbd8HHxrDkWQ6xMdFM0049KZeNuKGnbv2gz27RUMf7U7eyj7QBuDCHwL +Q3UHOXr5Db7bDepCOXBdjTxET2BzotOkn/pbNJN1wAa3UZB3ovFWo7vOwQCF1+nY +AWAUxNm8W07SzBVZuCHxPsnMX8z501jz1f8yiKgDgG6JtCCESTIPnOj+7k+86eYV +CXfgf3klgcruOTXCZwaUhQYEf7Rxyln8FoMD/5VoKWAIwUsbpMquhwbZmmq6nada +owEctivvDKqlXNf5vREV76+OTpiFSpRDiX5cwWU/eG4pKDEyOnByb3RlY3RlZC1h +dDE1OjIwMTQxMTA0VDA4NDMyMykpKQ== +=3wKz +-----END PGP ARMORED FILE----- diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README index 6f8f916..d130fa0 100644 --- a/tests/openpgp/samplekeys/README +++ b/tests/openpgp/samplekeys/README @@ -10,3 +10,4 @@ eddsa-sample-1-pub.asc An Ed25519 sample key. eddsa-sample-1-sec.asc Ditto, but as protected secret keyblock. dda252ebb8ebe1af-1.asc rsa4096 key 1 dda252ebb8ebe1af-2.asc rsa4096 key 2 with a long keyid collision. +whats-new-in-2.1.asc Collection of sample keys. diff --git a/tests/openpgp/samplekeys/whats-new-in-2.1.asc b/tests/openpgp/samplekeys/whats-new-in-2.1.asc new file mode 100644 index 0000000..e16db85 --- /dev/null +++ b/tests/openpgp/samplekeys/whats-new-in-2.1.asc @@ -0,0 +1,128 @@ +These are the keys used in the whats-new-in-2.1 document. The private +keys are in ../privkeys and protected with the passphrase "abc". + + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQENBFRXu3wBCACvB4RPDJkf4kHR8OZHFmvC5u4XpxdSnYRd2eYgzXrqxaw0LIP0 +RRyW2jMlQswj/yXOGsrm9hc3knyXSl66TDwHWho5Wxi3WNPBXOPRPuzO/WEF4Mhl +4U5t5GWvG8Pk32JyyQurJ8XnxuWEKhKb1f5n730Hel18Q3J/7uemAyeS6O8UV5p3 +eCH4+k9ZRdig0LQwAdb5aZ7sREH5wCPAvFKbMTlgtbUrkORyKBZ8KgBHxIhx/j9m +LhxupuKMlH0+3Ndax3/EtNUfUCUAq9dQ5/VjACPyB3uuwbK2yAMRvvcngYSJBEoQ +QcXTaiLdhZxPrE5kB7/romOMmt3Iet3b2edzABEBAAG0I0dsZW5uIEdyZWVud2Fs +ZCA8Z2xlbm5AZXhhbXBsZS5vcmc+iQE3BBMBCAAhBQJUV7t8AhsDBQsJCAcCBhUI +CQoLAgQWAgMBAh4BAheAAAoJEGNqG71o/QCIkEwIAKWeyVON5kWxC0gvwAyMBrma +n96E9KACVLUlK5TSzrVilrpr73m0qqYrSL8DCBzUOUAe7HSXpcqwKkYxdq24UhHx +z58JU7AHxYh8pKT0Cz7iUevAvA6v7Qppolvpf7OHjQbigWYY927/J70SnpINeVre +VspDFyn2scYQSwduCTIVizB+dLigbgHpIDJ5dQ/PQ/2ofMs/np6m0E0oeQTL5b6B +0cVJ+7DQIxZ+OU5RfGf/i5fEvADttheYOS3U8CmsvlyWkUUK3obUIDfj6pGz8BRO +Ji1JjVvZ2WpcpSTU8htMxlcZAsnvhtv9F/KwwlvW8k0GMVsvTt21WjPAgc58j1K5 +AQ0EVFe7fAEIALWn703ukwPAklb9+e/m8qGu/XewzQ5fnciZy+YA71aO1L0vg5id +BqmWWhUZ1H2jMLpSmHGTsWvwv7OpIgsPcyIqmlJ/hXNFxYI/xS8Y9AzFlASs+Dqm +MOjBghE5crakHjS6JxtkBNK6efB3teA5WlD7oVJwhYMsUtkH8/OJq0Lml3sZaca3 +vDvm0CnEDlqr0pog6RiDxAmOgUO04ZcjaGVz9sb+U+coIe/qG1kJZFGdSpuV1BS7 +9nyjMnmMfNt2uB0w9v1hnGrvMU7q+OaaP/ii8+tI01WOGn+KQsJp89PwgcnA8y57 +Up3zN6pDl9WF80uJL/J3FIe8RuaE4VBv76sAEQEAAYkBHwQYAQgACQUCVFe7fAIb +DAAKCRBjahu9aP0AiMT4CACJ/LyyvD3Z0g3ylzo57Fl5dKOgbR45owKuKIB70KoZ +6tDGKmhWp/ZJqk25ZDzxGPaZKNnzj2pmZKgDW0WsXTpWlN9RXEEGglOvxC3wgm7p +JQNSka8VbGujyc0RUM/CLuWr7O1NrXw/J4Fch1wbcFYVskI7OQO7UYPkAVlFRyB/ +FJVSpuQWnIjfffi7Z9lAk8tnzOMK+LdUJ3D2KupFYSqljWmzLEUAPY+FrGlSZ43U +6G33FoYRQll4gzoQUUUDXBlzAxwGewvbuCNUI+YhcgVMmNNZPHz5IbSvE+oosIew +LwG2NtCOIu5ceMnukLuo58u7sPkBhKlhsi5ltF0wXqF/mFIEVFfBNBMIKoZIzj0D +AQcCAwQwjH9KY0S+5JWRfRerrQkE5NRPipOvfLA2pQ5JoqKOB1gqPCQgX6OkP7tN +9Ja8zOchT9R53pZ1Guq1BuLgpXN0tCNFZHdhcmQgU25vd2RlbiA8ZWR3YXJkQGV4 +YW1wbGUub3JnPoh5BBMTCAAhBQJUV8E0AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4B +AheAAAoJENF5nnI4JmDjLWYBAO/m/yco7zu7mNlToHj3DEd1Ja0jQj5SZdCGgP7R +5lnIAP0ZRzlUa458LdA4PbLEb4g2e1TduGkW0qoaC7Bb0huSUbhWBFRXwTQSCCqG +SM49AwEHAgMEOx/Lj6ZzYdOMdprseVCR/dwZaYPeInquOlapE22Udwppy4tQqj2j +XDYH8d0Z5uRvT/FD5lpcW+Cv+BAoo2auuwMBCAeIYQQYEwgACQUCVFfBNAIbDAAK +CRDReZ5yOCZg4xsFAQDTK35zpEAe86ZZ7W/2sBqb1jHri1F1cfNWBaW0I40yXQEA +5m4Hr2uu+5hb+fcdI9UFVc7rd/Lql3J4v8Sg3e5GVtiYMwRUV8PkFgkrBgEEAdpH +DwEBB0CQEsCWLbe4idIaPa8ll84uhWHwuSkfqbsF0/HFqDArgrQhTGF1cmEgUG9p +dHJhcyA8bGF1cmFAZXhhbXBsZS5vcmc+iHkEExYIACEFAlRXw+QCGwMFCwkIBwIG +FQgJCgsCBBYCAwECHgECF4AACgkQqoExnlwa/CrojwD/Tx154eojS5dpLIJA0ckH +/Xz3aUmj5bln1BhDgaifmBoA/RqPxVOfP4SXsUfqaR7TmaYpXnW4870yxtoObenY +ptcFmQENBFRYkXMBCACqLZQyCg0hMryI5Fg3Rh0As5tXm0bcm9eS45JdezVeG4gw +APtqjq8N0CUPugn1aQ/FxMoF6QRL9NelYBbgeTLCDRzRPeHSgFHNEdblMGZY3iDT +0Nhf+9rd0hYogQRsGOABwzZ/84ukXDOycIyVv6ZJKnJr8tZAOZD9fFwOsIGPDbMg +mvh/WSZuQSuuDEhlBHbHFspLh1Ft84Og3PG0k+joZaJHJUVofSlStEEW6p5UHlT/ +xPyr+C4Z21zQdhhNmHnGoeK72vzzatmGfQn8rkB8EiUIW9YdTCi4uewAGnIAIVej +nEdYTOlntVYeSQxRI9NQ7CDAtdUtWcx2C10VgHnPABEBAAG0JkRhbmllbCBFbGxz +YmVyZyA8ZWxsc2JlcmdAZXhhbXBsZS5vcmc+iQE3BBMBCAAhBQJUWJFzAhsDBQsJ +CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEHmy/xUtNRHxcRMH/iZ8HAkSd+U7r/z2 +De2h708tVYUqIXPZ1z35Tyfs6VQ7rLSscXrlJGssJDNrF4mKiKK+DjyKOA/omoos +HXwpSRy1ERo1zkmJUiaizuGV1mCw49IugkrhmrTWacA5AvKPkRs+p0pZeqKnM6IJ +VtrN62sA/EoBcoecbicW3swYiCzKROYNHiQMpojtshf0OP3lWT9s7jASaq0iz/t7 +iWtEkxOQJnuU2v+pt8uqDLWc0plQZpUGjktQZB5/h6vTpL9mqfnXTwwgvb/BVaG7 +KqmFMrJVjrB40NZtV2WbfS85jMMWUvsa0vrnfJgpuIvs8jH2TVVYw0Kvu5nhjM4j +YjohWoe5AQ0EVFiRcwEIAM0QnGL35Fvz+RybOtdBOWPX8XHZ3CvPq0gr50pjtZGZ +LjlDe5Jf8oX24cGBVdFdILOlOglXNJX6Qz5WxNrZtU53vDfkgjA8flQXFqIlkxv2 +ZkjKP2S+Vgr9LjbrFxxWRlZY+XqMNahEjbfA9gLr1GG8gM7ABsU7O03/pR2q7iF/ +aDMKm8asN7+k4/tW11e5yZeQkc+aBz8zbhBCZ90jdfQr5jHQsJx9EOlrCWvDcnGo +jDXQBc2AflwuEJQHSHqPsy4E5KnMlpp8ZzFw2spfExWzNnEfZ/qQ9dXgnhdeNFmg +/JRvgohreRExvO3yJiQMbH28UBTb/NBOe14F8j1XdfkAEQEAAYkBHwQYAQgACQUC +VFiRcwIbDAAKCRB5sv8VLTUR8XybCACjbi+zlINJqoRPwDxukgfF60kW1wBMaSlN +KajncxXSahlBFM0b++dPQi6DKNhXgR8kXH5ZI3538xs++4fBSg1lRQPKsYgsZhRn +mg5eiujpQvZV4QgCvrshN8X97WKgcRXnYWcka90tqMCoZdMe5XntAix/ZNDuoZ2z +7oNoA+9sg1Sxpu/bZXA47mL9KTL8Q08/4lzCYvEJHmUZh+eb/hn6ZYCSycydqfyd +3J4zsE3nnt3v4DYrImqX9WEIO6FNgpWNLIHFINhRBxPvYYoDkuvm0RxLbYxcpHoT +Z56rlwGTf0ZazFHfsGZYflJapvPWVTjkFJmB69oRyD5aMLQH1vsbmQENBFRYkaUB +CADMAob60PU1HD7QW3ytFFjrdhma86uyNGYXI36MRg+FF8SjQcR3Mm9nEGE4ebRe +F6iL/XdksrNXOH1Nka+pZzw3OlaUiyqB2Y++o1pHFlX/NPjFxTVaf2KhK0ATLvwJ +APwsJN4RII6kCGTqPWsHwQEyahplvctwrdSFfKDOklDo2EPAnCGto6UjTava4V0I +802FGRyuGsk5o5j77qksVmoVLDmQpQNxh6S2ZBXvZNlCblSFH4cGA+AsiEdZ6pRX +4/O6f1BD7NduuP0aQWoM+Bu+AYi4Yh0LLPDV5tc1okWdcT8iSJKw5uNiUUPuoBn9 +ar5Nrckty3uFvu7IN69PFBMTABEBAAG0LURhbmllbCBFbGxzYmVyZyA8ZGFuaWVs +LmVsbHNiZXJnQGV4YW1wbGUub3JnPokBNwQTAQgAIQUCVFiRpQIbAwULCQgHAgYV +CAkKCwIEFgIDAQIeAQIXgAAKCRDMU3ZHkRuQqXyXCADDmu4ilC5JxJS1yKDRnktT +HVCm+wtY2N3Jq8mJ1LGflHlG2u2CNHKBsEGTOzNQ7I2XHmlZcJ9UodcRxjVDIWHw +W14zcRyFZov43cpokU8zRqlxeFzirT8vokGltQxRn36yJfB/F4eSCLULCnLIAQJ8 +TNhRcIC977k/sNC2dlXSus2KLNdlDXusZR4WgwGeVShXtnr0HLirt8JzdX/564nq +4bpcuUqC/uryVy3vU3McAJ5YeCmjRN6Ep5NhphXhnYXczgn5SD90Ka6LfS8ssSd7 +DNFoEANZAHPhJyhoPo9hRPGF3x8PeuhoXRzyHg7qAU05aqNpT3B4ceQwMRIAmMsP +uQENBFRYkaUBCACuQEgMHcb5tcdLA9T1QI1QhIKNqKk95oP6J6KY97d3VZQbhL9t +3/ufxKC0xCABPLpRgwgUEcO9F4+HuQfO6HOQ8QbNrojBmwl/C+3BELl1UUa8EEeZ +CSOtogpXtaa3oXV01hYGVAV8EOtBgBnn7fzJs561DeKstare3afHqjqvaJ/cQPLi +s4oAmBI0bBnknKxXnQHpoNLKOgFmwks+ktQW2SsWD4pWxu1TL6QNuJID6kIommRE +pRbe4nstOFhPb9urx+QhMVahZfjPrQBiD8ON/V9JXiKXYnU1hXURMOwwpEQY2fHF +myxCH4RK3KNZqpUsUdQL5Ul528sXqx0ETvirABEBAAGJAR8EGAEIAAkFAlRYkaUC +GwwACgkQzFN2R5EbkKlADAf+JjJbbo4FTeQG5qRtZCEfnJgcpQxF4Tnw/QTaENhC +zr9nO9tBbzbo290ALB6sKt8EbTRIG8JidenhZkm89O7L7wNJh9aIl+yttNFD1Zrr +YqbniAFAuQg/7xOy9xmt0vJOOdUQYYM4wzcIpQSy56AukLxv/phvNxBuL2HyTY38 +kadMDVc3BO1uMhFtSxsc23HACJIpH0UEGktNGqzePwiIaOA/bnpnyE1HCOZKg4Et ++eXf2eBqq0dO/vwTTK7aqRC+r4PGaQfJkvhuC1Sm0pFAs0Z9AaqaHodHHnS5S8EB +ePMsSVCko5io9YQiQNbrIvw2U9z18kGzGsqGAqmqahd2spkBDQRUWJLxAQgA8vUU +lUCBU4SI4uqCaoJZwKAh+XcVP+kFoslgs7w16uxG7KBDoCsB01hqv+Hwwqc6RgLC +UhKvd+km2Ppyk+vPohTUrT0dgSlVzqfVRsPmvbmwNz06XzO2DlA9U/5x4DjafOkc +CcwBbsT13PmCwz8fpOWJwXio5Pes5+kGoPHUQc5o5Lql2d6btLBJBnpEV60mi2Re +oQV9I1WUxMuqrKx+TmRRb6OfsHgmWl3tha2Vouw9fJjV0XCLbhWqkiLO05hGhYU5 +vJKulmTC48aRDk/8SqL/b4vtUpc184NEjQ1XoZfUVpD3qUirRj7PURaiMvA9v0lH +YUsaoL7j+ab9btSd/QARAQABtCZEYW5pZWwgRWxsc2JlcmcgPGVsbHNiZXJnQGV4 +YW1wbGUub3JnPokBNwQTAQgAIQUCVFiS8QIbAwULCQgHAgYVCAkKCwIEFgIDAQIe +AQIXgAAKCRDMALUBvRmsHEcKCADbrI4XqQ2tDLGJ34X/sd35NZoe4ytGZX8MRwsv +IuqWWvXiyczGLF+DB5hehMtuzVDtCBnaeWDqSg0XwaRm+QeR899LI0j4AADStC2T +5kVgQxFUH6PABDjPxf2kMnEDfLPES5Ac9abLXhVI523rpOrlw2vINC8ooll/gSJk +rRJNmhU7nov5PAKlBolYoYWO0+lgJ6qgv+1V2/4y3pCHr/JUKMXsN6sdKnBMWBuJ +Gw6uXAB7Do268SAYxJwS2FIkCYUvS8B9io2kp6CWAMrXeYmyBoBJcZN9PpS4Y7C7 +Z750z8eHzk+KXK8KZGSpMi64GwN5USD946al6vbXgtAFN5dEiQEcBBABCAAGBQJU +WJORAAoJEGNqG71o/QCIXeUH/RVFAj2ZFTOGscvlX+KNawmV5vxuK2ccf/voff6R +NhPdZ1WblB7CocJPbJJ7c32lBPSlyL7apTZQMKvzry6U/KnWAiO11uTVn82+vDbu +kXkpzF1KSv3UsEsUT3q03BR1BJxZwJhTovmwHjedXehPWTdI0+lOXq7YUqicTHN0 +7bfdnUe1wTogMzvSqBxVgh71pQ1hfdl7/FHeNEdIwqU0Q+YJDBhV1QsRPJ2cVRGg +X9yp/HGTdmXZNCPKPzNqi+klEn8xT3VjAXfVkg4s7hWnkFtYr3a0kqtzSxMzvNcM +VRY+KKxWICsTg5HIun53rlVeJfSfyI1BpQ3XQmJk9ro4P9q5AQ0EVFiS8QEIAL8O +ibB/4Jrvyu3WLmT9knI/wEmxSjU6PXn7xCyDgxXd45szIKV3uURsYVsexrIRr5y+ +uijOWq2JFunrhNV4sCGpRAnS3EA1y1zqFx7Ob0/k4bLvNn8UFNtblIlxqSjT2Oz2 +T5+4GAmeVo7Z49keWryDyMeo+J1cio0NacBwR5Ee+DL6NfGoSyYYHrrQOn9PCnAS +R/I7THMP4l729yHnVNHnsgA1t/plvgXJj2Vf4KTu8NFaXFbd5a2gW14+nv2kUTen +QuHs3Nn9d9NQeXSZ3tWP7FvthgklO3bp+dmjbynDKacKQGWKFyYlnx/qNKRe9Wnr +59vVSeyktyA0pbyvYNcAEQEAAYkBHwQYAQgACQUCVFiS8QIbDAAKCRDMALUBvRms +HEEKB/9b+NMLDsBnNZUvJq/TEsD6vQ3IfVL9+YRh4H85iVYd+gNj3S2GlN8+3x3u +wOik27PsWI3EZiLApMfvQdlj3xdQncjs6oApcpa8nVVWxAq0UDE5BRXOAwtXvlao +pKPHRWyZQCJEBuNocNLGUb4l5LLKqWmKiJpHXYZKqjqfdJxVac/XLtg7Vujc1SBl +hct7pyWb6stY1K0cR/UDqlYu/uMihHhga4W6ViMme9dM7vk/F32U4hGOoy+6SljW +VTJUnf2N1X8vnPxJ4/vV7nEL/6NXsQzacvJ82cFfp1mFOFgdtGSVldAcJHgTEpbX +PTgzPpanbg78WYNuT7+ZqlZYqj13 +=44AC +-----END PGP PUBLIC KEY BLOCK----- ----------------------------------------------------------------------- Summary of changes: tests/openpgp/Makefile.am | 17 ++- .../2BC997C0B8691D41D29A4EC81CCBCF08454E4961.asc | 31 +++++ .../3C9D5ECA70130C2DBB1FC6AC0076BEEEC197716F.asc | 31 +++++ .../449E644892C951A37525654730DD32C202079926.asc | 10 ++ .../4DF9172D6FF428C97A0E9AA96F03E8BCE3B2F188.asc | 31 +++++ .../58FFE844087634E62440224908BDE44BEA7EB730.asc | 31 +++++ .../6E6B7ED0BD4425018FFC54F3921D5467A3AE00EB.asc | 31 +++++ .../9D7CD8F53F2F14C3E2177D1E9D1D11F39513A4A4.asc | 10 ++ .../B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc | 31 +++++ .../C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc | 13 +++ .../CF60965BF51F67CF80DECE853E0D2D343468571D.asc | 31 +++++ .../DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc | 31 +++++ tests/openpgp/samplekeys/README | 1 + tests/openpgp/samplekeys/whats-new-in-2.1.asc | 128 +++++++++++++++++++++ 14 files changed, 425 insertions(+), 2 deletions(-) create mode 100644 tests/openpgp/privkeys/2BC997C0B8691D41D29A4EC81CCBCF08454E4961.asc create mode 100644 tests/openpgp/privkeys/3C9D5ECA70130C2DBB1FC6AC0076BEEEC197716F.asc create mode 100644 tests/openpgp/privkeys/449E644892C951A37525654730DD32C202079926.asc create mode 100644 tests/openpgp/privkeys/4DF9172D6FF428C97A0E9AA96F03E8BCE3B2F188.asc create mode 100644 tests/openpgp/privkeys/58FFE844087634E62440224908BDE44BEA7EB730.asc create mode 100644 tests/openpgp/privkeys/6E6B7ED0BD4425018FFC54F3921D5467A3AE00EB.asc create mode 100644 tests/openpgp/privkeys/9D7CD8F53F2F14C3E2177D1E9D1D11F39513A4A4.asc create mode 100644 tests/openpgp/privkeys/B2BAA7144303DF19BB6FDE23781DD3FDD97918D4.asc create mode 100644 tests/openpgp/privkeys/C905D0AB6AE9655C5A35975939997BBF3325D6DD.asc create mode 100644 tests/openpgp/privkeys/CF60965BF51F67CF80DECE853E0D2D343468571D.asc create mode 100644 tests/openpgp/privkeys/DF00E361D34F80868D06879AC21D7A7D4E4FAD76.asc create mode 100644 tests/openpgp/samplekeys/whats-new-in-2.1.asc hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 13:37:59 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sat, 16 May 2015 13:37:59 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-19-g9fdb055 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 9fdb05554b5fc9c6f6621d606ccf21c038c7b6cb (commit) via 222866894993041ceaca3ca4ef33373ab78bfdff (commit) via 3d97b18ba928677550a8f7eaa938551aad42dacf (commit) via 21e83f422667e431c1283b9ae3356fded3523e50 (commit) from 4549998627ee04e74f8d1c94aef55e3ed17f14d9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9fdb05554b5fc9c6f6621d606ccf21c038c7b6cb Author: Neal H. Walfield Date: Sat May 16 13:37:46 2015 +0200 Don't emit the LC_CTYPE-not-set warning more than once. * pinentry/pinentry.c (lc_ctype_unknown_warning): New variable. (pinentry_utf8_to_local): Only emit the LC_CTYPE warning if lc_ctype_unknown_warning is not set. After emitted such a warning, set lc_ctype_unknown_warning. (pinentry_local_to_utf8): Likewise. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index eb70ae7..78ac137 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -111,6 +111,8 @@ struct pinentry pinentry = }; +static int lc_ctype_unknown_warning = 0; + #if defined FALLBACK_CURSES || defined PINENTRY_CURSES || defined PINENTRY_GTK char * pinentry_utf8_to_local (const char *lc_ctype, const char *text) @@ -129,8 +131,12 @@ pinentry_utf8_to_local (const char *lc_ctype, const char *text) string. */ if (!lc_ctype) { - fprintf (stderr, "%s: no LC_CTYPE known - assuming UTF-8\n", - this_pgmname); + if (! lc_ctype_unknown_warning) + { + fprintf (stderr, "%s: no LC_CTYPE known - assuming UTF-8\n", + this_pgmname); + lc_ctype_unknown_warning = 1; + } return strdup (text); } @@ -191,8 +197,12 @@ pinentry_local_to_utf8 (char *lc_ctype, char *text, int secure) string. */ if (!lc_ctype) { - fprintf (stderr, "%s: no LC_CTYPE known - assuming UTF-8\n", - this_pgmname); + if (! lc_ctype_unknown_warning) + { + fprintf (stderr, "%s: no LC_CTYPE known - assuming UTF-8\n", + this_pgmname); + lc_ctype_unknown_warning = 1; + } output_buf = secure? secmem_malloc (input_len) : malloc (input_len); if (output_buf) strcpy (output_buf, input); commit 222866894993041ceaca3ca4ef33373ab78bfdff Author: Neal H. Walfield Date: Sat May 16 13:28:16 2015 +0200 curses: Use default-ok and default-cancel if set. * pinentry/pinentry-curses.c (default_notok): New macro. (MAKE_BUTTON): Also check if default variant is set. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 79628fc..73eb05f 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -257,13 +257,23 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) COPY_OUT (error); COPY_OUT (prompt); + /* There is no pinentry->default_notok. Map it to + pinentry->notok. */ +#define default_notok notok #define MAKE_BUTTON(which,default) \ do \ { \ char *new = NULL; \ - if (pinentry->which) \ + if (pinentry->default_##which || pinentry->which) \ { \ - int len = strlen (pinentry->which); \ + int len; \ + char *msg; \ + \ + msg = pinentry->which; \ + if (! msg) \ + msg = pinentry->default_##which; \ + len = strlen (msg); \ + \ new = malloc (len + 3); \ if (!new) \ { \ @@ -272,7 +282,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) goto out; \ } \ new[0] = '<'; \ - memcpy (&new[1], pinentry->which, len); \ + memcpy (&new[1], msg, len); \ new[len + 1] = '>'; \ new[len + 2] = '\0'; \ } \ commit 3d97b18ba928677550a8f7eaa938551aad42dacf Author: Neal H. Walfield Date: Sat May 16 13:10:41 2015 +0200 curses: Don't show the notok button in pin entry mode. * pinentry/pinentry-curses.c (dialog_create): Don't show the notok button in pin entry mode. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 65a5a67..79628fc 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -1,5 +1,5 @@ /* pinentry-curses.c - A secure curses dialog for PIN entry, library version - Copyright (C) 2002 g10 Code GmbH + Copyright (C) 2002, 2015 g10 Code GmbH This file is part of PINENTRY. @@ -535,7 +535,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) move (dialog->ok_y, dialog->ok_x); addstr (dialog->ok); - if (dialog->notok) + if (! pinentry->pin && dialog->notok) { dialog->notok_y = ypos; /* Calculating the left edge of the middle button, rounding up. */ commit 21e83f422667e431c1283b9ae3356fded3523e50 Author: Daniel Kahn Gillmor Date: Wed May 13 16:36:26 2015 -0400 Avoid implicit declaration of function addnwstr. * pinentry/pinentry-curses.c [HAVE_NCURSESW]: Include . [! HAVE_NCURSESW]: Only include in this case. -- When built with libncursesw, we see this problem: pinentry-curses.c:440:8: warning: implicit declaration of function ?addnwstr? [-Wimplicit-function-declaration] ADDCH (start[i]); ^ diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 60fd9da..65a5a67 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -22,7 +22,11 @@ #include #endif #include +#ifdef HAVE_NCURSESW +#include +#else #include +#endif #include #include #include ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry-curses.c | 24 +++++++++++++++++++----- pinentry/pinentry.c | 18 ++++++++++++++---- 2 files changed, 33 insertions(+), 9 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 14:59:51 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sat, 16 May 2015 14:59:51 +0200 Subject: [git] Pinentry - branch, neal/next, updated. pinentry-0.9.2-21-g74522a2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, neal/next has been updated discards 5b7201d27a29ce8f5bbe8f3e14d8516381d29cab (commit) via 74522a268398c7d8726e659bd71301b1a09eb6ea (commit) via 7e571da7f9c9c18448d43f5da00de527c0cfb617 (commit) via 9fdb05554b5fc9c6f6621d606ccf21c038c7b6cb (commit) via 222866894993041ceaca3ca4ef33373ab78bfdff (commit) via 3d97b18ba928677550a8f7eaa938551aad42dacf (commit) via 21e83f422667e431c1283b9ae3356fded3523e50 (commit) via 4549998627ee04e74f8d1c94aef55e3ed17f14d9 (commit) via c68a6854aadaf8c271648f369f14b4943e684ecf (commit) via 960317ec86c06bc737e1ff3c1b571dc8f4194763 (commit) via dd0307be51587a9a7866981ce00eed474bee6e14 (commit) via 496235af8dfd373b54e5610f86bf1cada175ac23 (commit) via 3062742b945f95d72001896f8ba5468b9e63aa9b (commit) via bdd81974633f8e31d582b62999ef9b004bc3b95e (commit) via ae7dfae00df81a683adf0292a52b63632491319e (commit) via 2582cb9eb23ca287520caa04a12f83f10c268f71 (commit) via be87785005d256b7f3dacc607ba5ea0a14de8593 (commit) via 14b95bd6d92ba699c3d263ac1f9140973d8c9156 (commit) via 831782b3b625ca81624fae0ee184da0d2fc46d96 (commit) via 29236f84aca64be72c97a9b5513457a4e45afbc6 (commit) via aa04dac66f2ee949e8789a3c91090b01646f2e57 (commit) via 72939ea63564deec029e8e43743762fdb48cb6e8 (commit) via 8e52ddc874838ad512ed76cdc1c34057da328fba (commit) via bf71ac5a685afacb98f6c4c6a86c9d27d5414beb (commit) via 726c00514be4a0c2831dd775e306f7d5243bab8b (commit) via d7f2081fdd605b0d0789bcb6984decfea3777f23 (commit) via 319e1a32e3ab67cb0624c0586d7519c16c76d43b (commit) via 3d02645d757e573e4628a1caf2e36bb92d523e77 (commit) via 1a8af55b76d8235ce891f44808064e7f846e193c (commit) via 09203147bef487c9a85f55f8cc96d265197b0bf5 (commit) via 3a8daef81c49dc3c04b6703a0384381cb43eb91b (commit) via c6eaa7bf8300f524de41956a339ca0ed3af4656e (commit) via aa98f25ddcc3c36035f18249443cec15d16e8fa5 (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (5b7201d27a29ce8f5bbe8f3e14d8516381d29cab) \ N -- N -- N (74522a268398c7d8726e659bd71301b1a09eb6ea) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 74522a268398c7d8726e659bd71301b1a09eb6ea Author: Neal H. Walfield Date: Sat May 16 14:57:29 2015 +0200 Reinitialize PINENTRY when the Assuan RESET command is invoke. * pinentry/pinentry.c (pinentry_loop2): Register pinentry_reset as the assuan reset handler. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index c4afeb2..4df93ed 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1318,6 +1318,7 @@ pinentry_loop2 (int infd, int outfd) #if 0 assuan_set_log_stream (ctx, stderr); #endif + assuan_register_reset_notify (ctx, pinentry_reset); pinentry_reset (NULL); for (;;) commit 7e571da7f9c9c18448d43f5da00de527c0cfb617 Author: Neal H. Walfield Date: Sat May 16 14:56:27 2015 +0200 Don't use a static initializer to initialize PINENTRY. * pinentry/pinentry.c (pinentry): Don't use a static initializer. (pinentry_reset): Initialize PINENTRY here. (pinentry_loop2): Call pinentry_reset here. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 78ac137..c4afeb2 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -57,59 +57,50 @@ /* Keep the name of our program here. */ static char this_pgmname[50]; +struct pinentry pinentry; -struct pinentry pinentry = - { - NULL, /* Title. */ - NULL, /* Description. */ - NULL, /* Error. */ - NULL, /* Prompt. */ - NULL, /* Ok button. */ - NULL, /* Not-Ok button. */ - NULL, /* Cancel button. */ - NULL, /* PIN. */ - 0, /* PIN length. */ - 0, /* pin_from_cache. */ - 0, /* Display. */ - 0, /* TTY name. */ - 0, /* TTY type. */ - 0, /* TTY LC_CTYPE. */ - 0, /* TTY LC_MESSAGES. */ - 0, /* Debug mode. */ - 60, /* Pinentry timeout in seconds. */ -#ifdef ENABLE_ENHANCED - 0, /* Enhanced mode. */ -#endif - 1, /* Global grab. */ - 0, /* Parent Window ID. */ - NULL, /* Touch file. */ - 0, /* Result. */ - 0, /* Canceled. */ - 0, /* Close button flag. */ - 0, /* Locale error flag. */ - 0, /* Specific error flag. */ - 0, /* One-button flag. */ - NULL, /* Repeat passphrase flag. */ - NULL, /* Repeat error string. */ - 0, /* Correctly repeated flag. */ - NULL, /* Quality-Bar flag and description. */ - NULL, /* Quality-Bar tooltip. */ - PINENTRY_COLOR_DEFAULT, - 0, - PINENTRY_COLOR_DEFAULT, - PINENTRY_COLOR_DEFAULT, - 0, - NULL, /* default_ok */ - NULL, /* default_cancel */ - NULL, /* default_prompt */ - NULL, /* default_pwmngr */ - 0, /* allow_external_password_cache. */ - 0, /* tried_password_cached. */ - NULL, /* keyinfo */ - 0, /* may_cache_password. */ - NULL /* Assuan context. */ - }; - +static void +pinentry_reset (ASSUAN_CONTEXT ctx) +{ + /* Free any allocated strings. */ + free (pinentry.title); + free (pinentry.description); + free (pinentry.error); + free (pinentry.prompt); + free (pinentry.ok); + free (pinentry.notok); + free (pinentry.cancel); + secmem_free (pinentry.pin); + free (pinentry.display); + free (pinentry.ttyname); + free (pinentry.ttytype); + free (pinentry.lc_ctype); + free (pinentry.lc_messages); + free (pinentry.touch_file); + free (pinentry.repeat_passphrase); + free (pinentry.repeat_error_string); + free (pinentry.quality_bar); + free (pinentry.quality_bar_tt); + free (pinentry.default_ok); + free (pinentry.default_cancel); + free (pinentry.default_prompt); + free (pinentry.default_pwmngr); + free (pinentry.keyinfo); + + memset (&pinentry, 0, sizeof (pinentry)); + + /* Pinentry timeout in seconds. */ + pinentry.timeout = 60; + + /* Global grab. */ + pinentry.grab = 1; + + pinentry.color_fg = PINENTRY_COLOR_DEFAULT; + pinentry.color_fg_bright = 0; + pinentry.color_bg = PINENTRY_COLOR_DEFAULT; + pinentry.color_so = PINENTRY_COLOR_DEFAULT; + pinentry.color_so_bright = 0; +} static int lc_ctype_unknown_warning = 0; @@ -1327,6 +1318,7 @@ pinentry_loop2 (int infd, int outfd) #if 0 assuan_set_log_stream (ctx, stderr); #endif + pinentry_reset (NULL); for (;;) { ----------------------------------------------------------------------- Summary of changes: AUTHORS | 1 + Makefile.am | 11 +- NEWS | 15 +- assuan/assuan.h | 9 +- autogen.rc | 4 +- configure.ac | 68 +++++++-- curses/Makefile.am | 5 +- doc/pinentry.texi | 210 +++++++++++++++++++++++++-- {gtk => gnome3}/Makefile.am | 16 +- gnome3/pinentry-gnome3.c | 271 ++++++++++++++++++++++++++++++++++ gtk+-2/Makefile.am | 5 +- gtk+-2/gtksecentry.c | 7 + gtk+-2/pinentry-gtk-2.c | 23 ++- pinentry/password-cache.c | 44 +++--- pinentry/password-cache.h | 4 +- pinentry/pinentry-curses.c | 61 ++++++-- pinentry/pinentry.c | 243 +++++++++++++++++++------------ pinentry/pinentry.h | 92 ++++++++---- qt4/Makefile.am | 10 +- tty/Makefile.am | 6 +- tty/pinentry-tty.c | 347 +++++++++++++++++++++++++++++++++++++------- 21 files changed, 1194 insertions(+), 258 deletions(-) copy {gtk => gnome3}/Makefile.am (80%) create mode 100644 gnome3/pinentry-gnome3.c hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 16:07:29 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sat, 16 May 2015 16:07:29 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-21-gae33525 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via ae3352566994623d54723283e887bc5f74766e1c (commit) via de3241ae0bc9072cfef204ea638171a3a95380a3 (commit) from 9fdb05554b5fc9c6f6621d606ccf21c038c7b6cb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ae3352566994623d54723283e887bc5f74766e1c Author: Neal H. Walfield Date: Sat May 16 16:07:19 2015 +0200 tty: ok takes precedence over default-ok. Likewise for cancel. * tty/pinentry-tty.c (confirm): When creating the ok button, pinentry->ok takes precedence over pinentry->default-ok. Likewise for pinentry->cancel and pinentry->default_cancel. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 82eab87..22713eb 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -154,19 +154,19 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) fflush (ttyfo); - if (pinentry->default_ok) - ok = button (pinentry->default_ok, "OK", ttyfo); - else if (pinentry->ok) + if (pinentry->ok) ok = button (pinentry->ok, "OK", ttyfo); + else if (pinentry->default_ok) + ok = button (pinentry->default_ok, "OK", ttyfo); else ok = button ("OK", NULL, ttyfo); if (! pinentry->one_button) { - if (pinentry->default_cancel) - cancel = button (pinentry->default_cancel, "Cancel", ttyfo); - else if (pinentry->cancel) + if (pinentry->cancel) cancel = button (pinentry->cancel, "Cancel", ttyfo); + else if (pinentry->default_cancel) + cancel = button (pinentry->default_cancel, "Cancel", ttyfo); if (pinentry->notok) notok = button (pinentry->notok, NULL, ttyfo); commit de3241ae0bc9072cfef204ea638171a3a95380a3 Author: Neal H. Walfield Date: Sat May 16 14:56:27 2015 +0200 Don't use a static initializer to initialize PINENTRY. * pinentry/pinentry.c (pinentry): Don't use a static initializer. (pinentry_reset): Initialize PINENTRY here. (pinentry_parse_opts): Call pinentry_reset here. (pinentry_assuan_reset_handler): New function. (pinentry_loop2): Register it as the assuan reset handler. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 78ac137..16b7289 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -57,59 +57,125 @@ /* Keep the name of our program here. */ static char this_pgmname[50]; +struct pinentry pinentry; -struct pinentry pinentry = - { - NULL, /* Title. */ - NULL, /* Description. */ - NULL, /* Error. */ - NULL, /* Prompt. */ - NULL, /* Ok button. */ - NULL, /* Not-Ok button. */ - NULL, /* Cancel button. */ - NULL, /* PIN. */ - 0, /* PIN length. */ - 0, /* pin_from_cache. */ - 0, /* Display. */ - 0, /* TTY name. */ - 0, /* TTY type. */ - 0, /* TTY LC_CTYPE. */ - 0, /* TTY LC_MESSAGES. */ - 0, /* Debug mode. */ - 60, /* Pinentry timeout in seconds. */ +static void +pinentry_reset (int use_defaults) +{ + /* GPG Agent sets these options once when it starts the pinentry. + Don't reset them. */ + int grab = pinentry.grab; + char *ttyname = pinentry.ttyname; + char *ttytype = pinentry.ttytype; + char *lc_ctype = pinentry.lc_ctype; + char *lc_messages = pinentry.lc_messages; + int allow_external_password_cache = pinentry.allow_external_password_cache; + char *default_ok = pinentry.default_ok; + char *default_cancel = pinentry.default_cancel; + char *default_prompt = pinentry.default_prompt; + char *default_pwmngr = pinentry.default_pwmngr; + char *touch_file = pinentry.touch_file; + + /* These options are set from the command line. Don't reset + them. */ + int debug = pinentry.debug; #ifdef ENABLE_ENHANCED - 0, /* Enhanced mode. */ + int enhanced = pinentry.enhanced; #endif - 1, /* Global grab. */ - 0, /* Parent Window ID. */ - NULL, /* Touch file. */ - 0, /* Result. */ - 0, /* Canceled. */ - 0, /* Close button flag. */ - 0, /* Locale error flag. */ - 0, /* Specific error flag. */ - 0, /* One-button flag. */ - NULL, /* Repeat passphrase flag. */ - NULL, /* Repeat error string. */ - 0, /* Correctly repeated flag. */ - NULL, /* Quality-Bar flag and description. */ - NULL, /* Quality-Bar tooltip. */ - PINENTRY_COLOR_DEFAULT, - 0, - PINENTRY_COLOR_DEFAULT, - PINENTRY_COLOR_DEFAULT, - 0, - NULL, /* default_ok */ - NULL, /* default_cancel */ - NULL, /* default_prompt */ - NULL, /* default_pwmngr */ - 0, /* allow_external_password_cache. */ - 0, /* tried_password_cached. */ - NULL, /* keyinfo */ - 0, /* may_cache_password. */ - NULL /* Assuan context. */ - }; + char *display = pinentry.display; + int parent_wid = pinentry.parent_wid; + + pinentry_color_t color_fg = pinentry.color_fg; + int color_fg_bright = pinentry.color_fg_bright; + pinentry_color_t color_bg = pinentry.color_bg; + pinentry_color_t color_so = pinentry.color_so; + int color_so_bright = pinentry.color_so_bright; + + int timout = pinentry.timeout; + + /* Free any allocated memory. */ + if (use_defaults) + { + free (pinentry.ttyname); + free (pinentry.ttytype); + free (pinentry.lc_ctype); + free (pinentry.lc_messages); + free (pinentry.default_ok); + free (pinentry.default_cancel); + free (pinentry.default_prompt); + free (pinentry.default_pwmngr); + free (pinentry.touch_file); + free (pinentry.display); + } + + free (pinentry.title); + free (pinentry.description); + free (pinentry.error); + free (pinentry.prompt); + free (pinentry.ok); + free (pinentry.notok); + free (pinentry.cancel); + secmem_free (pinentry.pin); + free (pinentry.repeat_passphrase); + free (pinentry.repeat_error_string); + free (pinentry.quality_bar); + free (pinentry.quality_bar_tt); + free (pinentry.keyinfo); + + /* Reset the pinentry structure. */ + memset (&pinentry, 0, sizeof (pinentry)); + + if (use_defaults) + { + /* Pinentry timeout in seconds. */ + pinentry.timeout = 60; + /* Global grab. */ + pinentry.grab = 1; + + pinentry.color_fg = PINENTRY_COLOR_DEFAULT; + pinentry.color_fg_bright = 0; + pinentry.color_bg = PINENTRY_COLOR_DEFAULT; + pinentry.color_so = PINENTRY_COLOR_DEFAULT; + pinentry.color_so_bright = 0; + } + else + /* Restore the options. */ + { + pinentry.grab = grab; + pinentry.ttyname = ttyname; + pinentry.ttytype = ttytype; + pinentry.lc_ctype = lc_ctype; + pinentry.lc_messages = lc_messages; + pinentry.allow_external_password_cache = allow_external_password_cache; + pinentry.default_ok = default_ok; + pinentry.default_cancel = default_cancel; + pinentry.default_prompt = default_prompt; + pinentry.default_pwmngr = default_pwmngr; + pinentry.touch_file = touch_file; + + pinentry.debug = debug; +#ifdef ENABLE_ENHANCED + pinentry.enhanced = enhanced; +#endif + pinentry.display = display; + pinentry.parent_wid = parent_wid; + + pinentry.color_fg = color_fg; + pinentry.color_fg_bright = color_fg_bright; + pinentry.color_bg = color_bg; + pinentry.color_so = color_so; + pinentry.color_so_bright = color_so_bright; + + pinentry.timeout = timout; + } +} + +static void +pinentry_assuan_reset_handler (ASSUAN_CONTEXT ctx) +{ + pinentry_reset (0); +} static int lc_ctype_unknown_warning = 0; @@ -601,6 +667,8 @@ pinentry_parse_opts (int argc, char *argv[]) set_strusage (my_strusage); + pinentry_reset (1); + while (arg_parse (&pargs, opts)) { switch (pargs.r_opt) @@ -1327,6 +1395,7 @@ pinentry_loop2 (int infd, int outfd) #if 0 assuan_set_log_stream (ctx, stderr); #endif + assuan_register_reset_notify (ctx, pinentry_assuan_reset_handler); for (;;) { ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry.c | 167 +++++++++++++++++++++++++++++++++++++--------------- tty/pinentry-tty.c | 12 ++-- 2 files changed, 124 insertions(+), 55 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 18:39:40 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sat, 16 May 2015 18:39:40 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-23-g88772dd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 88772ddaac96303a63c97a45c26144d93a942798 (commit) via f3cb78985c3c7f96401a06a73412fb704c5efaab (commit) from ae3352566994623d54723283e887bc5f74766e1c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 88772ddaac96303a63c97a45c26144d93a942798 Author: Neal H. Walfield Date: Sat May 16 18:39:14 2015 +0200 gtk+-2: When the dialog is destroyed, remove any pending timers. * gtk+-2/pinentry-gtk-2.c (timeout_source): New variable. (timeout_cb): Set it to 0. (create_window): When setting up the timeout, save the source identifier in TIMEOUT_SOURCE. (gtk_cmd_handler): If TIMEOUT_SOURCE is not 0, remove the timeout. -- Reported-by: Daniel Kahn Gillmorr . diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 9d29f52..1feecc2 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -75,6 +75,7 @@ static GtkWidget *time_out; #endif static GtkTooltips *tooltips; static gboolean got_input; +static guint timeout_source; /* Gnome hig small and large space in pixels. */ #define HIG_SMALL 6 @@ -353,6 +354,9 @@ timeout_cb (gpointer data) (void)data; if (!got_input) gtk_main_quit (); + + /* Don't run again. */ + timeout_source = 0; return FALSE; } @@ -687,7 +691,7 @@ create_window (pinentry_t ctx, int confirm_mode) gtk_window_present (GTK_WINDOW (win)); /* Make sure it has the focus. */ if (pinentry->timeout > 0) - g_timeout_add (pinentry->timeout*1000, timeout_cb, NULL); + timeout_source = g_timeout_add (pinentry->timeout*1000, timeout_cb, NULL); return win; } @@ -709,6 +713,13 @@ gtk_cmd_handler (pinentry_t pe) while (gtk_events_pending ()) gtk_main_iteration (); + if (timeout_source) + /* There is a timer running. Cancel it. */ + { + g_source_remove (timeout_source); + timeout_source = 0; + } + if (confirm_value == CONFIRM_CANCEL || grab_failed) pe->canceled = 1; commit f3cb78985c3c7f96401a06a73412fb704c5efaab Author: Neal H. Walfield Date: Sat May 16 16:28:19 2015 +0200 curses: If an error occurs while reading input, cancel the operation. * pinentry/pinentry-curses.c (dialog_run) [! HAVE_DOSISH_SYSTEM]: If an error occurs while reading input, cancel the operation. Patch-by: Julien Cristau and Daniel Kahn Gillmor. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 73eb05f..22e1e23 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -863,10 +863,14 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) switch (c) { -#ifndef HAVE_DOSISH_SYSTEM case ERR: +#ifndef HAVE_DOSISH_SYSTEM continue; +#else + done = -2; + break; #endif + case KEY_LEFT: case KEY_UP: switch (diag.pos) ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 13 ++++++++++++- pinentry/pinentry-curses.c | 6 +++++- 2 files changed, 17 insertions(+), 2 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 18:40:00 2015 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Sat, 16 May 2015 18:40:00 +0200 Subject: [git] GPGME - branch, pyme, updated. gpgme-1.5.4-6-g24c738f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, pyme has been updated via 24c738f5bb5c253a17962c62867d6c847250b41e (commit) via 8345bf6f43c4f671124eaa1b713a7f5ac5780cbd (commit) via 4fc123981514c7087114e08ee8ca63de1a1db59f (commit) from 90079786c5cde4dd8ceb2e0fcda7605b08ccd021 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 24c738f5bb5c253a17962c62867d6c847250b41e Author: Ben McGinnes Date: Sun May 17 02:38:32 2015 +1000 Passphrase update * Changed example passphrase to something that meets the current minimum requirements. diff --git a/lang/py3-pyme/examples/genkey.py b/lang/py3-pyme/examples/genkey.py index 0b4feee..f2998cc 100755 --- a/lang/py3-pyme/examples/genkey.py +++ b/lang/py3-pyme/examples/genkey.py @@ -36,7 +36,7 @@ Subkey-Length: 2048 Name-Real: Joe Tester Name-Comment: with stupid passphrase Name-Email: joe at example.org -Passphrase: abcdabcdfs +Passphrase: Crypt0-R0cks Expire-Date: 2020-12-31 """ diff --git a/lang/py3-pyme/examples/signverify.py b/lang/py3-pyme/examples/signverify.py index 0a1660e..6c68838 100755 --- a/lang/py3-pyme/examples/signverify.py +++ b/lang/py3-pyme/examples/signverify.py @@ -41,7 +41,7 @@ if not c.signers_enum(0): # This is a map between signer e-mail and its password passlist = { - "": "abcdabcdfs" + "": "Crypt0-R0cks" } # callback will return password based on the e-mail listed in the hint. commit 8345bf6f43c4f671124eaa1b713a7f5ac5780cbd Author: Ben McGinnes Date: Sun May 17 02:35:24 2015 +1000 example email * changed joe at foo.bar to joe at example.org as it is only a matter of time before ICANN actually creates bar as a gTLD, if they haven't already. diff --git a/lang/py3-pyme/examples/delkey.py b/lang/py3-pyme/examples/delkey.py index e79e120..8bdb85b 100755 --- a/lang/py3-pyme/examples/delkey.py +++ b/lang/py3-pyme/examples/delkey.py @@ -17,7 +17,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Sample of key deletion -# It deletes keys for joe at foo.bar generated by genkey.pl script +# It deletes keys for joe at example.org generated by genkey.pl script from pyme import core @@ -29,6 +29,6 @@ core.check_version(None) c = core.Context() # 0 in keylist means to list not only public but secret keys as well. -for thekey in [x for x in c.op_keylist_all("joe at foo.bar", 0)]: +for thekey in [x for x in c.op_keylist_all("joe at example.org", 0)]: # 1 in delete means to delete not only public but secret keys as well. c.op_delete(thekey, 1) diff --git a/lang/py3-pyme/examples/exportimport.py b/lang/py3-pyme/examples/exportimport.py index 5390463..45f2f51 100755 --- a/lang/py3-pyme/examples/exportimport.py +++ b/lang/py3-pyme/examples/exportimport.py @@ -17,7 +17,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Sample of export and import of keys -# It uses keys for joe at foo.bar generated by genkey.pl script +# It uses keys for joe at example.org generated by genkey.pl script import sys from pyme import core @@ -27,7 +27,7 @@ core.check_version(None) expkey = core.Data() c = core.Context() c.set_armor(1) -user = "joe at foo.bar" +user = "joe at example.org" print(" - Export %s's public keys - " % user) c.op_export(user, 0, expkey) diff --git a/lang/py3-pyme/examples/genkey.py b/lang/py3-pyme/examples/genkey.py index 6c4b2d8..0b4feee 100755 --- a/lang/py3-pyme/examples/genkey.py +++ b/lang/py3-pyme/examples/genkey.py @@ -35,7 +35,7 @@ Subkey-Type: RSA Subkey-Length: 2048 Name-Real: Joe Tester Name-Comment: with stupid passphrase -Name-Email: joe at foo.bar +Name-Email: joe at example.org Passphrase: abcdabcdfs Expire-Date: 2020-12-31 diff --git a/lang/py3-pyme/examples/signverify.py b/lang/py3-pyme/examples/signverify.py index 20c9181..0a1660e 100755 --- a/lang/py3-pyme/examples/signverify.py +++ b/lang/py3-pyme/examples/signverify.py @@ -17,7 +17,7 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # Sample of unattended signing/verifying of a message. -# It uses keys for joe at foo.bar generated by genkey.pl script +# It uses keys for joe at example.org generated by genkey.pl script import sys from pyme import core, callbacks @@ -28,10 +28,10 @@ core.check_version(None) plain = core.Data("Test message") sig = core.Data() c = core.Context() -user = "joe at foo.bar" +user = "joe at example.org" c.signers_clear() -# Add joe at foo.bar's keys in the list of signers +# Add joe at example.org's keys in the list of signers for sigkey in c.op_keylist_all(user, 1): if sigkey.can_sign: c.signers_add(sigkey) @@ -41,7 +41,7 @@ if not c.signers_enum(0): # This is a map between signer e-mail and its password passlist = { - "": "abcdabcdfs" + "": "abcdabcdfs" } # callback will return password based on the e-mail listed in the hint. commit 4fc123981514c7087114e08ee8ca63de1a1db59f Author: Ben McGinnes Date: Sun May 17 02:30:13 2015 +1000 Updated string and key data * Text changed to byte literals. * Changed key type to RSA/RSA. * Changed expiry to the future (2020). diff --git a/lang/py3-pyme/examples/genkey.py b/lang/py3-pyme/examples/genkey.py index a987558..6c4b2d8 100755 --- a/lang/py3-pyme/examples/genkey.py +++ b/lang/py3-pyme/examples/genkey.py @@ -28,16 +28,16 @@ c.set_progress_cb(callbacks.progress_stdout, None) # This example from the GPGME manual -parms = """ -Key-Type: DSA -Key-Length: 1024 -Subkey-Type: ELG-E -Subkey-Length: 1024 +parms = b""" +Key-Type: RSA +Key-Length: 2048 +Subkey-Type: RSA +Subkey-Length: 2048 Name-Real: Joe Tester Name-Comment: with stupid passphrase Name-Email: joe at foo.bar Passphrase: abcdabcdfs -Expire-Date: 2010-08-15 +Expire-Date: 2020-12-31 """ ----------------------------------------------------------------------- Summary of changes: lang/py3-pyme/examples/delkey.py | 4 ++-- lang/py3-pyme/examples/exportimport.py | 4 ++-- lang/py3-pyme/examples/genkey.py | 16 ++++++++-------- lang/py3-pyme/examples/signverify.py | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 21:18:53 2015 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Sat, 16 May 2015 21:18:53 +0200 Subject: [git] GPGME - branch, pyme, updated. gpgme-1.5.4-13-g29887c9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, pyme has been updated via 29887c9b28c0db14bf75e227a8082d23a2c151d2 (commit) via c39cea7a07cec9ab34cd2026f47b6fba80fea3c8 (commit) via 0e6e6689ef1aea36c1cb3cb47e94f1f2ebbd97cb (commit) via 40290507bcdc63ab9023393d071167d455d70737 (commit) via 325b0ca341ae3ac8c3232f557ea2c381b4843969 (commit) via ba3c9f2617955dc828309a4800e4f5b3f1c3a949 (commit) via 1c87ecb86ae364b18f69bca726021271fefaa1c1 (commit) from 24c738f5bb5c253a17962c62867d6c847250b41e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 29887c9b28c0db14bf75e227a8082d23a2c151d2 Author: Ben McGinnes Date: Sun May 17 05:14:47 2015 +1000 Explaining why not all scripts work * Some of them cannot be properly tested on OS X, especially with GTK in the mix (it works on OS X, but is unlikely to be as easily accessible as Cocoa or Qt). * Most major functions are showcased and do work, albeit sometimes with false positives of error messages, at least on OS X. diff --git a/lang/py3-pyme/examples/Examples.rst b/lang/py3-pyme/examples/Examples.rst new file mode 100644 index 0000000..18b03b2 --- /dev/null +++ b/lang/py3-pyme/examples/Examples.rst @@ -0,0 +1,7 @@ +=============== +Example Scripts +=============== + +Most of the examples have been converted to work with Python 3, just as the original versions worked with Python 2. A small number produce errors on OS X, but may behave differently on other POSIX systems. The GTK based scripts (PyGtkGpgKeys.py and pygpa.py) have not been modified at all. + +When using or referring to the example scripts here, the most common change has been the byte encoded strings, so if something does not work then chances are that it will be related to the encoding or decoding of UTF-8. commit c39cea7a07cec9ab34cd2026f47b6fba80fea3c8 Author: Ben McGinnes Date: Sun May 17 05:07:12 2015 +1000 Byte encoding * More string updates. * verifydetails.py still fails, but as Bernhard is still contactable, it might be worth him checking on it instead. diff --git a/lang/py3-pyme/examples/sign.py b/lang/py3-pyme/examples/sign.py index a0572fc..5667cc2 100755 --- a/lang/py3-pyme/examples/sign.py +++ b/lang/py3-pyme/examples/sign.py @@ -22,10 +22,10 @@ from pyme.constants.sig import mode core.check_version(None) -plain = core.Data("Test message") +plain = core.Data(b"Test message") sig = core.Data() c = core.Context() -c.set_passphrase_cb(callbacks.passphrase_stdin, 'for signing') +c.set_passphrase_cb(callbacks.passphrase_stdin, b'for signing') c.op_sign(plain, sig, mode.CLEAR) sig.seek(0,0) print(sig.read()) diff --git a/lang/py3-pyme/examples/signverify.py b/lang/py3-pyme/examples/signverify.py index e2f8035..f8804ca 100755 --- a/lang/py3-pyme/examples/signverify.py +++ b/lang/py3-pyme/examples/signverify.py @@ -25,10 +25,10 @@ from pyme.constants.sig import mode core.check_version(None) -plain = core.Data("Test message") +plain = core.Data(b"Test message") sig = core.Data() c = core.Context() -user = "joe at example.org" +user = b"joe at example.org" c.signers_clear() # Add joe at example.org's keys in the list of signers @@ -41,7 +41,7 @@ if not c.signers_enum(0): # This is a map between signer e-mail and its password passlist = { - "": "Crypt0R0cks" + b"": b"Crypt0R0cks" } # callback will return password based on the e-mail listed in the hint. diff --git a/lang/py3-pyme/examples/t-edit.py b/lang/py3-pyme/examples/t-edit.py index 24d36d3..6c53342 100644 --- a/lang/py3-pyme/examples/t-edit.py +++ b/lang/py3-pyme/examples/t-edit.py @@ -51,7 +51,7 @@ else: c = Context() c.set_passphrase_cb(lambda x,y,z: "abc") out = Data() - c.op_keylist_start("Alpha", 0) + c.op_keylist_start(b"Alpha", 0) key = c.op_keylist_next() c.op_edit(key, KeyEditor().edit_fnc, out, out) print("[-- Last response --]") diff --git a/lang/py3-pyme/examples/verifydetails.py b/lang/py3-pyme/examples/verifydetails.py index 8784487..0d47ba5 100755 --- a/lang/py3-pyme/examples/verifydetails.py +++ b/lang/py3-pyme/examples/verifydetails.py @@ -86,13 +86,13 @@ def main(): sys.exit(1) if argc == 2: - print("trying to verify file: " + sys.argv[1]) - verifyprintdetails(sys.argv[1]) + print("trying to verify file: " + sys.argv[1].encode('utf-8')) + verifyprintdetails(sys.argv[1].encode('utf-8')) if argc == 3: print("trying to verify signature %s for file %s" \ - % (sys.argv[1], sys.argv[2])) + % (sys.argv[1].encode('utf-8'), sys.argv[2].encode('utf-8'))) - verifyprintdetails(sys.argv[1], sys.argv[2]) + verifyprintdetails(sys.argv[1].encode('utf-8'), sys.argv[2].encode('utf-8')) if __name__ == "__main__": main() commit 0e6e6689ef1aea36c1cb3cb47e94f1f2ebbd97cb Author: Ben McGinnes Date: Sun May 17 04:57:26 2015 +1000 No change, note added to explain why. diff --git a/lang/py3-pyme/examples/testCMSgetkey.py b/lang/py3-pyme/examples/testCMSgetkey.py index b0d3eb7..53fdef7 100644 --- a/lang/py3-pyme/examples/testCMSgetkey.py +++ b/lang/py3-pyme/examples/testCMSgetkey.py @@ -3,6 +3,10 @@ # 20080124-2: removed some superflous imports # 20080703: adapted for pyme-0.8.0 # This script is Free Software under GNU GPL v>=2. +# +# No modification made for python3 port, Bernhard can field this one +# if it is still required. -- Ben McGinnes +# """A test applicaton for gpg_get_key() protocol.CMS. Tested on Debian Etch with commit 40290507bcdc63ab9023393d071167d455d70737 Author: Ben McGinnes Date: Sun May 17 04:43:53 2015 +1000 Strings vs. Bytes * CLI input must be byte encoded. diff --git a/lang/py3-pyme/examples/inter-edit.py b/lang/py3-pyme/examples/inter-edit.py index 088b292..f97232b 100644 --- a/lang/py3-pyme/examples/inter-edit.py +++ b/lang/py3-pyme/examples/inter-edit.py @@ -48,7 +48,7 @@ if len(sys.argv) != 2: else: c = Context() out = Data() - c.op_keylist_start(sys.argv[1], 0) + c.op_keylist_start(sys.argv[1].encode('utf-8'), 0) key = c.op_keylist_next() helper = {"skip": 0, "data": out} c.op_edit(key, edit_fnc, helper, out) commit 325b0ca341ae3ac8c3232f557ea2c381b4843969 Author: Ben McGinnes Date: Sun May 17 04:22:53 2015 +1000 More byte changes and passphrase changes * exportimport works, but will still segfault for an as yet unknown reason. * genkey produces a traceback error, but does create the key as intended. * matched passphrase in signverify. diff --git a/lang/py3-pyme/examples/exportimport.py b/lang/py3-pyme/examples/exportimport.py index 45f2f51..54204fb 100755 --- a/lang/py3-pyme/examples/exportimport.py +++ b/lang/py3-pyme/examples/exportimport.py @@ -27,7 +27,7 @@ core.check_version(None) expkey = core.Data() c = core.Context() c.set_armor(1) -user = "joe at example.org" +user = b"joe at example.org" print(" - Export %s's public keys - " % user) c.op_export(user, 0, expkey) diff --git a/lang/py3-pyme/examples/genkey.py b/lang/py3-pyme/examples/genkey.py index f2998cc..14497eb 100755 --- a/lang/py3-pyme/examples/genkey.py +++ b/lang/py3-pyme/examples/genkey.py @@ -36,7 +36,7 @@ Subkey-Length: 2048 Name-Real: Joe Tester Name-Comment: with stupid passphrase Name-Email: joe at example.org -Passphrase: Crypt0-R0cks +Passphrase: Crypt0R0cks Expire-Date: 2020-12-31 """ diff --git a/lang/py3-pyme/examples/signverify.py b/lang/py3-pyme/examples/signverify.py index 6c68838..e2f8035 100755 --- a/lang/py3-pyme/examples/signverify.py +++ b/lang/py3-pyme/examples/signverify.py @@ -41,7 +41,7 @@ if not c.signers_enum(0): # This is a map between signer e-mail and its password passlist = { - "": "Crypt0-R0cks" + "": "Crypt0R0cks" } # callback will return password based on the e-mail listed in the hint. commit ba3c9f2617955dc828309a4800e4f5b3f1c3a949 Author: Ben McGinnes Date: Sun May 17 04:09:38 2015 +1000 More bytes good * Another string to byte change. diff --git a/lang/py3-pyme/examples/delkey.py b/lang/py3-pyme/examples/delkey.py index 8bdb85b..dfcc5ea 100755 --- a/lang/py3-pyme/examples/delkey.py +++ b/lang/py3-pyme/examples/delkey.py @@ -29,6 +29,6 @@ core.check_version(None) c = core.Context() # 0 in keylist means to list not only public but secret keys as well. -for thekey in [x for x in c.op_keylist_all("joe at example.org", 0)]: +for thekey in [x for x in c.op_keylist_all(b"joe at example.org", 0)]: # 1 in delete means to delete not only public but secret keys as well. c.op_delete(thekey, 1) commit 1c87ecb86ae364b18f69bca726021271fefaa1c1 Author: Ben McGinnes Date: Sun May 17 04:03:49 2015 +1000 Updated encrypt-to-all * Changed plaintext string to byte literal. * Nested key selection in a try/except statement in case of UnicodeEncodeError instances. * Tested successfully on over 9,000 keys. diff --git a/lang/py3-pyme/examples/encrypt-to-all.py b/lang/py3-pyme/examples/encrypt-to-all.py index 087e6f7..8f9d250 100755 --- a/lang/py3-pyme/examples/encrypt-to-all.py +++ b/lang/py3-pyme/examples/encrypt-to-all.py @@ -18,9 +18,9 @@ # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA """ -This program will try to encrypt a simple message to each key on your keyring. -If your keyring has any invalid keys on it, those keys will be removed -and it will re-try the encryption.""" +This program will try to encrypt a simple message to each key on your +keyring. If your keyring has any invalid keys on it, those keys will +be skipped and it will re-try the encryption.""" from pyme import core from pyme.core import Data, Context @@ -28,7 +28,7 @@ from pyme.constants import validity core.check_version(None) -plain = Data('This is my message.') +plain = Data(b'This is my message.') c = Context() c.set_armor(1) @@ -41,16 +41,19 @@ def sendto(keylist): names = [] for key in c.op_keylist_all(None, 0): - print(" *** Found key for %s" % key.uids[0].uid) - valid = 0 - for subkey in key.subkeys: - keyid = subkey.keyid - if keyid == None: - break - can_encrypt = subkey.can_encrypt - valid += can_encrypt - print(" Subkey %s: encryption %s" % \ - (keyid, can_encrypt and "enabled" or "disabled")) + try: + print(" *** Found key for %s" % key.uids[0].uid) + valid = 0 + for subkey in key.subkeys: + keyid = subkey.keyid + if keyid == None: + break + can_encrypt = subkey.can_encrypt + valid += can_encrypt + print(" Subkey %s: encryption %s" % \ + (keyid, can_encrypt and "enabled" or "disabled")) + except UnicodeEncodeError as e: + print(e) if valid: names.append(key) ----------------------------------------------------------------------- Summary of changes: lang/py3-pyme/examples/Examples.rst | 7 +++++++ lang/py3-pyme/examples/delkey.py | 2 +- lang/py3-pyme/examples/encrypt-to-all.py | 31 +++++++++++++++++-------------- lang/py3-pyme/examples/exportimport.py | 2 +- lang/py3-pyme/examples/genkey.py | 2 +- lang/py3-pyme/examples/inter-edit.py | 2 +- lang/py3-pyme/examples/sign.py | 4 ++-- lang/py3-pyme/examples/signverify.py | 6 +++--- lang/py3-pyme/examples/t-edit.py | 2 +- lang/py3-pyme/examples/testCMSgetkey.py | 4 ++++ lang/py3-pyme/examples/verifydetails.py | 8 ++++---- 11 files changed, 42 insertions(+), 28 deletions(-) create mode 100644 lang/py3-pyme/examples/Examples.rst hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 21:41:15 2015 From: cvs at cvs.gnupg.org (by Ben McGinnes) Date: Sat, 16 May 2015 21:41:15 +0200 Subject: [git] GPGME - branch, pyme, updated. gpgme-1.5.4-14-g90405ac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG Made Easy". The branch, pyme has been updated via 90405ac84b78ba7e5458ea09986749594a01195a (commit) from 29887c9b28c0db14bf75e227a8082d23a2c151d2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 90405ac84b78ba7e5458ea09986749594a01195a Author: Ben McGinnes Date: Sun May 17 05:31:35 2015 +1000 Python 3 port of PyME * Port of PyME 0.9.0 for Python 2 to Python 3 along with most of the example scripts. * Intended to be developed in parallel with the original Python 2 version until such time as a rewrite of GPGME leads to developing an IO API in Python 3 from scratch. * Python 3 PyME and API maintainer has entered, stage left with current GPG key ID 0x321E4E2373590E5D, primary fingerprint is "DB47 24E6 FA42 86C9 2B4E 55C4 321E 4E23 7359 0E5D" and signing subkey fingerprint is "B7F0 FE75 9387 430D D0C5 8BDB 7FF2 D371 35C7 553C" for future reference with git commit signatures. diff --git a/lang/Makefile.am b/lang/Makefile.am index 854d934..29446eb 100644 --- a/lang/Makefile.am +++ b/lang/Makefile.am @@ -17,6 +17,6 @@ # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA -SUBDIRS = cl +SUBDIRS = cl, py3-pyme EXTRA_DIST = README diff --git a/lang/README b/lang/README index da54c78..559be5f 100644 --- a/lang/README +++ b/lang/README @@ -10,3 +10,4 @@ sub-directory. Directory Language cl Common Lisp +py3-pyme Python 3 (port of PyME 0.9.0) ----------------------------------------------------------------------- Summary of changes: lang/Makefile.am | 2 +- lang/README | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG Made Easy http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 22:34:02 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sat, 16 May 2015 22:34:02 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-28-gd3c52a1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via d3c52a144b5b23d0d841a99a310090dcafe2074b (commit) via 1d3583a2562e83496ac515276e9bd63a7f1abbc7 (commit) via 97a47ee99e14e0c8c6a2c3c5eec0434e6eac77e0 (commit) via c33073eb40ee4bb6e079605dbf2f343de50390d7 (commit) via c7736745f5683b820ebbd11e30ddb425748c16ab (commit) from 88772ddaac96303a63c97a45c26144d93a942798 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d3c52a144b5b23d0d841a99a310090dcafe2074b Author: Neal H. Walfield Date: Sat May 16 22:33:05 2015 +0200 curses: Handle control-u, control-w and alt-backspace. * pinentry/pinentry-curses.c (dialog_input): Take additional argument, alt. Update callers. If passed control-u, erase the whole line. If passed alt-backspace or control-w, erase any white space the the previous word. (dialog_run): Detect when alt is pressed. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index e722009..183fdb4 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -678,12 +678,16 @@ dialog_switch_pos (dialog_t diag, dialog_pos_t new_pos) /* XXX Assume that field width is at least > 5. */ static void -dialog_input (dialog_t diag, int chr) +dialog_input (dialog_t diag, int alt, int chr) { int old_loc = diag->pin_loc; assert (diag->pinentry->pin); assert (diag->pos == DIALOG_POS_PIN); + if (alt && chr == KEY_BACKSPACE) + /* Remap alt-backspace to control-W. */ + chr = 'w' - 'a' + 1; + switch (chr) { case KEY_BACKSPACE: @@ -700,6 +704,43 @@ dialog_input (dialog_t diag, int chr) } break; + case 'u' - 'a' + 1: /* control-u */ + /* Erase the whole line. */ + if (diag->pin_len > 0) + { + diag->pin_len = 0; + diag->pin_loc = 0; + } + break; + + case 'w' - 'a' + 1: /* control-w. */ + while (diag->pin_len > 0 + && diag->pinentry->pin[diag->pin_len - 1] == ' ') + { + diag->pin_len --; + diag->pin_loc --; + if (diag->pin_loc < 0) + { + diag->pin_loc += diag->pin_size; + if (diag->pin_loc > diag->pin_len) + diag->pin_loc = diag->pin_len; + } + } + while (diag->pin_len > 0 + && diag->pinentry->pin[diag->pin_len - 1] != ' ') + { + diag->pin_len --; + diag->pin_loc --; + if (diag->pin_loc < 0) + { + diag->pin_loc += diag->pin_size; + if (diag->pin_loc > diag->pin_len) + diag->pin_loc = diag->pin_len; + } + } + + break; + default: if (chr > 0 && chr < 256 && diag->pin_len < diag->pin_max) { @@ -752,6 +793,7 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) #endif #ifdef HAVE_NCURSESW char *old_ctype = NULL; + int alt = 0; if (pinentry->lc_ctype) { @@ -881,6 +923,11 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) break; #endif + case 27: /* Alt was pressed. */ + alt = 1; + /* Get the next key press. */ + continue; + case KEY_LEFT: case KEY_UP: switch (diag.pos) @@ -974,11 +1021,13 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) default: if (diag.pos == DIALOG_POS_PIN) - dialog_input (&diag, c); + dialog_input (&diag, alt, c); } #ifndef HAVE_DOSISH_SYSTEM no_input = 0; #endif + if (c != -1) + alt = 0; } while (!done); commit 1d3583a2562e83496ac515276e9bd63a7f1abbc7 Author: Neal H. Walfield Date: Sat May 16 21:35:02 2015 +0200 secmem: Clear the buffer before returning it from secmem_malloc. * secmem/secmem.c (secmem_malloc): In case wipememory2 gets optimized away in secmem_free, clear the buffer before returning it. diff --git a/secmem/secmem.c b/secmem/secmem.c index c5da0b5..9a478cf 100644 --- a/secmem/secmem.c +++ b/secmem/secmem.c @@ -363,6 +363,8 @@ secmem_malloc( size_t size ) if( cur_blocks > max_blocks ) max_blocks = cur_blocks; + memset (&mb->u.aligned.c, 0, size); + return &mb->u.aligned.c; } commit 97a47ee99e14e0c8c6a2c3c5eec0434e6eac77e0 Author: Neal H. Walfield Date: Sat May 16 21:34:06 2015 +0200 curses: NUL terminate the pin entry buffer. * pinentry/pinentry-curses.c (dialog_run): NUL terminate the pin entry buffer. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 52abc1f..e722009 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -982,6 +982,11 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) } while (!done); + if (diag.pinentry->pin) + /* NUL terminate the passphrase. dialog_run makes sure there is + enough space for the terminating NUL byte. */ + diag.pinentry->pin[diag.pin_len] = 0; + set_cursor_state (1); endwin (); if (screen) commit c33073eb40ee4bb6e079605dbf2f343de50390d7 Author: Neal H. Walfield Date: Sat May 16 21:30:33 2015 +0200 curses: Make sure the pin entry buffer is larger enough. * pinentry/pinentry-curses.c (dialog_input): Make sure the pin entry buffer is large enough. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 0b9689d..52abc1f 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -703,6 +703,13 @@ dialog_input (dialog_t diag, int chr) default: if (chr > 0 && chr < 256 && diag->pin_len < diag->pin_max) { + /* Make sure there is enough room for this character and a + following NUL byte. */ + if (! pinentry_setbufferlen (diag->pinentry, diag->pin_len + 2)) + { + /* XXX: Bail. */ + } + diag->pinentry->pin[diag->pin_len] = (char) chr; diag->pin_len++; diag->pin_loc++; commit c7736745f5683b820ebbd11e30ddb425748c16ab Author: Neal H. Walfield Date: Sat May 16 21:25:42 2015 +0200 curses: Avoid aliasing the pin buffer. * pinentry/pinentry-curses.c (struct dialog): Remove field pin. Add field pinentry. (dialog_create): Don't set DIALOG->PIN to PINENTRY->PIN. Set DIALOG->PINENTRY to PINENTRY and access PIN via DIALOG->PINENTRY->PIN. Update other users. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 22e1e23..0b9689d 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -88,7 +88,6 @@ struct dialog int pin_size; /* Cursor location in PIN field. */ int pin_loc; - char *pin; int pin_max; /* Length of PIN. */ int pin_len; @@ -102,6 +101,8 @@ struct dialog int notok_y; int notok_x; char *notok; + + pinentry_t pinentry; }; typedef struct dialog *dialog_t; @@ -239,6 +240,8 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) CH *error = NULL; CH *prompt = NULL; + dialog->pinentry = pinentry; + #define COPY_OUT(what) \ do \ if (pinentry->what) \ @@ -417,7 +420,6 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) } dialog->pos = DIALOG_POS_NONE; - dialog->pin = pinentry->pin; dialog->pin_max = pinentry->pin_len; dialog->pin_loc = 0; dialog->pin_len = 0; @@ -679,7 +681,7 @@ static void dialog_input (dialog_t diag, int chr) { int old_loc = diag->pin_loc; - assert (diag->pin); + assert (diag->pinentry->pin); assert (diag->pos == DIALOG_POS_PIN); switch (chr) @@ -701,7 +703,7 @@ dialog_input (dialog_t diag, int chr) default: if (chr > 0 && chr < 256 && diag->pin_len < diag->pin_max) { - diag->pin[diag->pin_len] = (char) chr; + diag->pinentry->pin[diag->pin_len] = (char) chr; diag->pin_len++; diag->pin_loc++; if (diag->pin_loc == diag->pin_size && diag->pin_len < diag->pin_max) @@ -842,7 +844,8 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) fclose (ttyfo); return -2; } - dialog_switch_pos (&diag, diag.pin ? DIALOG_POS_PIN : DIALOG_POS_OK); + dialog_switch_pos (&diag, + diag.pinentry->pin ? DIALOG_POS_PIN : DIALOG_POS_OK); #ifndef HAVE_DOSISH_SYSTEM wtimeout (stdscr, 70); @@ -876,7 +879,7 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) switch (diag.pos) { case DIALOG_POS_OK: - if (diag.pin) + if (diag.pinentry->pin) dialog_switch_pos (&diag, DIALOG_POS_PIN); break; case DIALOG_POS_NOTOK: @@ -930,7 +933,7 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) dialog_switch_pos (&diag, DIALOG_POS_CANCEL); break; case DIALOG_POS_CANCEL: - if (diag.pin) + if (diag.pinentry->pin) dialog_switch_pos (&diag, DIALOG_POS_PIN); else dialog_switch_pos (&diag, DIALOG_POS_OK); @@ -1012,7 +1015,10 @@ dialog_run (pinentry_t pinentry, const char *tty_name, const char *tty_type) if (done == -2) pinentry->canceled = 1; - return diag.pin ? (done < 0 ? -1 : diag.pin_len) : (done < 0 ? 0 : 1); + if (diag.pinentry->pin) + return done < 0 ? -1 : diag.pin_len; + else + return done < 0 ? 0 : 1; } ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry-curses.c | 87 ++++++++++++++++++++++++++++++++++++++++------ secmem/secmem.c | 2 ++ 2 files changed, 79 insertions(+), 10 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sat May 16 22:51:30 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Sat, 16 May 2015 22:51:30 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-29-gedd9a88 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via edd9a884604ff76e63d238504ede9b118655c55b (commit) from d3c52a144b5b23d0d841a99a310090dcafe2074b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit edd9a884604ff76e63d238504ede9b118655c55b Author: Neal H. Walfield Date: Sat May 16 22:51:20 2015 +0200 gtk+-2: If gtk fails to initialize, fallback to the curses backend. * gtk+-2/pinentry-gtk-2.c (main): Use gtk_init_check instead of gtk_init. If gtk_init_check fails, fallback to the curses backend. -- Reported-by: Daniel Kahn Gillmorr . Closes issue #1982. diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index 1feecc2..e7b9acc 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -758,7 +758,10 @@ main (int argc, char *argv[]) #ifdef FALLBACK_CURSES if (pinentry_have_display (argc, argv)) - gtk_init (&argc, &argv); + { + if (! gtk_init_check (&argc, &argv)) + pinentry_cmd_handler = curses_cmd_handler; + } else pinentry_cmd_handler = curses_cmd_handler; #else ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Sun May 17 15:17:44 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 17 May 2015 15:17:44 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-226-g9b0c6c8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 9b0c6c8141ae9bd056392a3f6b5704b505fc8501 (commit) via eb0ed576893b6c7990dbcb568510f831d246cea6 (commit) via 12bc93ca8187b8061c2e705427ef22f5a71d29b0 (commit) via 8d7de4dbf7732c6eb9e9853ad7c19c89075ace6f (commit) via b65e9e71d5ee992db5c96793c6af999545daad28 (commit) via 9597cfddf03c467825da152be5ca0d12a8c30d88 (commit) via 6a6646df80386204675d8b149ab60e74d7ca124c (commit) via 9a4fb3709864bf3e3918800d44ff576590cd4e92 (commit) via e05682093ffb003b589a697428d918d755ac631d (commit) via c46b015bedba7ce0db68929bd33a86a54ab3d919 (commit) via ee8fc4edcb3466b03246c8720b90731bf274ff1d (commit) from bac42c68b069f17abcca810a21439c7233815747 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9b0c6c8141ae9bd056392a3f6b5704b505fc8501 Author: Jussi Kivilinna Date: Thu May 14 13:07:34 2015 +0300 Enable AMD64 Twofish implementation on WIN64 * cipher/twofish-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/twofish.c (USE_AMD64_ASM): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. (twofish_amd64_encrypt_block, twofish_amd64_decrypt_block) (twofish_amd64_ctr_enc, twofish_amd64_cbc_dec) (twofish_amd64_cfb_dec): New wrapper functions for AMD64 assembly functions. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/twofish-amd64.S b/cipher/twofish-amd64.S index a225307..ea88b94 100644 --- a/cipher/twofish-amd64.S +++ b/cipher/twofish-amd64.S @@ -20,7 +20,14 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && defined(USE_TWOFISH) +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_TWOFISH) + +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif #ifdef __PIC__ # define RIP %rip @@ -166,7 +173,7 @@ .align 8 .globl _gcry_twofish_amd64_encrypt_block -.type _gcry_twofish_amd64_encrypt_block, at function; +ELF(.type _gcry_twofish_amd64_encrypt_block, at function;) _gcry_twofish_amd64_encrypt_block: /* input: @@ -205,11 +212,11 @@ _gcry_twofish_amd64_encrypt_block: addq $(3 * 8), %rsp; ret; -.size _gcry_twofish_amd64_encrypt_block,.-_gcry_twofish_amd64_encrypt_block; +ELF(.size _gcry_twofish_amd64_encrypt_block,.-_gcry_twofish_amd64_encrypt_block;) .align 8 .globl _gcry_twofish_amd64_decrypt_block -.type _gcry_twofish_amd64_decrypt_block, at function; +ELF(.type _gcry_twofish_amd64_decrypt_block, at function;) _gcry_twofish_amd64_decrypt_block: /* input: @@ -248,7 +255,7 @@ _gcry_twofish_amd64_decrypt_block: addq $(3 * 8), %rsp; ret; -.size _gcry_twofish_amd64_encrypt_block,.-_gcry_twofish_amd64_encrypt_block; +ELF(.size _gcry_twofish_amd64_encrypt_block,.-_gcry_twofish_amd64_encrypt_block;) #undef CTX @@ -462,7 +469,7 @@ _gcry_twofish_amd64_decrypt_block: outunpack3(RAB, 2); .align 8 -.type __twofish_enc_blk3, at function; +ELF(.type __twofish_enc_blk3, at function;) __twofish_enc_blk3: /* input: @@ -485,10 +492,10 @@ __twofish_enc_blk3: outunpack_enc3(); ret; -.size __twofish_enc_blk3,.-__twofish_enc_blk3; +ELF(.size __twofish_enc_blk3,.-__twofish_enc_blk3;) .align 8 -.type __twofish_dec_blk3, at function; +ELF(.type __twofish_dec_blk3, at function;) __twofish_dec_blk3: /* input: @@ -511,11 +518,11 @@ __twofish_dec_blk3: outunpack_dec3(); ret; -.size __twofish_dec_blk3,.-__twofish_dec_blk3; +ELF(.size __twofish_dec_blk3,.-__twofish_dec_blk3;) .align 8 .globl _gcry_twofish_amd64_ctr_enc -.type _gcry_twofish_amd64_ctr_enc, at function; +ELF(.type _gcry_twofish_amd64_ctr_enc, at function;) _gcry_twofish_amd64_ctr_enc: /* input: * %rdi: ctx, CTX @@ -593,11 +600,11 @@ _gcry_twofish_amd64_ctr_enc: addq $(8 * 8), %rsp; ret; -.size _gcry_twofish_amd64_ctr_enc,.-_gcry_twofish_amd64_ctr_enc; +ELF(.size _gcry_twofish_amd64_ctr_enc,.-_gcry_twofish_amd64_ctr_enc;) .align 8 .globl _gcry_twofish_amd64_cbc_dec -.type _gcry_twofish_amd64_cbc_dec, at function; +ELF(.type _gcry_twofish_amd64_cbc_dec, at function;) _gcry_twofish_amd64_cbc_dec: /* input: * %rdi: ctx, CTX @@ -659,11 +666,11 @@ _gcry_twofish_amd64_cbc_dec: addq $(9 * 8), %rsp; ret; -.size _gcry_twofish_amd64_cbc_dec,.-_gcry_twofish_amd64_cbc_dec; +ELF(.size _gcry_twofish_amd64_cbc_dec,.-_gcry_twofish_amd64_cbc_dec;) .align 8 .globl _gcry_twofish_amd64_cfb_dec -.type _gcry_twofish_amd64_cfb_dec, at function; +ELF(.type _gcry_twofish_amd64_cfb_dec, at function;) _gcry_twofish_amd64_cfb_dec: /* input: * %rdi: ctx, CTX @@ -725,7 +732,7 @@ _gcry_twofish_amd64_cfb_dec: addq $(8 * 8), %rsp; ret; -.size _gcry_twofish_amd64_cfb_dec,.-_gcry_twofish_amd64_cfb_dec; +ELF(.size _gcry_twofish_amd64_cfb_dec,.-_gcry_twofish_amd64_cfb_dec;) #endif /*USE_TWOFISH*/ #endif /*__x86_64*/ diff --git a/cipher/twofish.c b/cipher/twofish.c index ecd76e3..ce83fad 100644 --- a/cipher/twofish.c +++ b/cipher/twofish.c @@ -53,7 +53,8 @@ /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ #undef USE_AMD64_ASM -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AMD64_ASM 1 #endif @@ -754,6 +755,77 @@ extern void _gcry_twofish_amd64_cbc_dec(const TWOFISH_context *c, byte *out, extern void _gcry_twofish_amd64_cfb_dec(const TWOFISH_context *c, byte *out, const byte *in, byte *iv); +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +static inline void +call_sysv_fn (const void *fn, const void *arg1, const void *arg2, + const void *arg3, const void *arg4) +{ + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ + asm volatile ("callq *%0\n\t" + : "+a" (fn), + "+D" (arg1), + "+S" (arg2), + "+d" (arg3), + "+c" (arg4) + : + : "cc", "memory", "r8", "r9", "r10", "r11"); +} +#endif + +static inline void +twofish_amd64_encrypt_block(const TWOFISH_context *c, byte *out, const byte *in) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn(_gcry_twofish_amd64_encrypt_block, c, out, in, NULL); +#else + _gcry_twofish_amd64_encrypt_block(c, out, in); +#endif +} + +static inline void +twofish_amd64_decrypt_block(const TWOFISH_context *c, byte *out, const byte *in) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn(_gcry_twofish_amd64_decrypt_block, c, out, in, NULL); +#else + _gcry_twofish_amd64_decrypt_block(c, out, in); +#endif +} + +static inline void +twofish_amd64_ctr_enc(const TWOFISH_context *c, byte *out, const byte *in, + byte *ctr) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn(_gcry_twofish_amd64_ctr_enc, c, out, in, ctr); +#else + _gcry_twofish_amd64_ctr_enc(c, out, in, ctr); +#endif +} + +static inline void +twofish_amd64_cbc_dec(const TWOFISH_context *c, byte *out, const byte *in, + byte *iv) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn(_gcry_twofish_amd64_cbc_dec, c, out, in, iv); +#else + _gcry_twofish_amd64_cbc_dec(c, out, in, iv); +#endif +} + +static inline void +twofish_amd64_cfb_dec(const TWOFISH_context *c, byte *out, const byte *in, + byte *iv) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn(_gcry_twofish_amd64_cfb_dec, c, out, in, iv); +#else + _gcry_twofish_amd64_cfb_dec(c, out, in, iv); +#endif +} + #elif defined(USE_ARM_ASM) /* Assembly implementations of Twofish. */ @@ -833,7 +905,7 @@ static unsigned int twofish_encrypt (void *context, byte *out, const byte *in) { TWOFISH_context *ctx = context; - _gcry_twofish_amd64_encrypt_block(ctx, out, in); + twofish_amd64_encrypt_block(ctx, out, in); return /*burn_stack*/ (4*sizeof (void*)); } @@ -900,7 +972,7 @@ static unsigned int twofish_decrypt (void *context, byte *out, const byte *in) { TWOFISH_context *ctx = context; - _gcry_twofish_amd64_decrypt_block(ctx, out, in); + twofish_amd64_decrypt_block(ctx, out, in); return /*burn_stack*/ (4*sizeof (void*)); } @@ -980,7 +1052,7 @@ _gcry_twofish_ctr_enc(void *context, unsigned char *ctr, void *outbuf_arg, /* Process data in 3 block chunks. */ while (nblocks >= 3) { - _gcry_twofish_amd64_ctr_enc(ctx, outbuf, inbuf, ctr); + twofish_amd64_ctr_enc(ctx, outbuf, inbuf, ctr); nblocks -= 3; outbuf += 3 * TWOFISH_BLOCKSIZE; @@ -1038,7 +1110,7 @@ _gcry_twofish_cbc_dec(void *context, unsigned char *iv, void *outbuf_arg, /* Process data in 3 block chunks. */ while (nblocks >= 3) { - _gcry_twofish_amd64_cbc_dec(ctx, outbuf, inbuf, iv); + twofish_amd64_cbc_dec(ctx, outbuf, inbuf, iv); nblocks -= 3; outbuf += 3 * TWOFISH_BLOCKSIZE; @@ -1087,7 +1159,7 @@ _gcry_twofish_cfb_dec(void *context, unsigned char *iv, void *outbuf_arg, /* Process data in 3 block chunks. */ while (nblocks >= 3) { - _gcry_twofish_amd64_cfb_dec(ctx, outbuf, inbuf, iv); + twofish_amd64_cfb_dec(ctx, outbuf, inbuf, iv); nblocks -= 3; outbuf += 3 * TWOFISH_BLOCKSIZE; commit eb0ed576893b6c7990dbcb568510f831d246cea6 Author: Jussi Kivilinna Date: Thu May 14 13:07:48 2015 +0300 Enable AMD64 Serpent implementations on WIN64 * cipher/serpent-avx2-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/serpent-sse2-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/chacha20.c (USE_SSE2, USE_AVX2): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [USE_SSE2 || USE_AVX2] (ASM_FUNC_ABI): New. (_gcry_serpent_sse2_ctr_enc, _gcry_serpent_sse2_cbc_dec) (_gcry_serpent_sse2_cfb_dec, _gcry_serpent_avx2_ctr_enc) (_gcry_serpent_avx2_cbc_dec, _gcry_serpent_avx2_cfb_dec): Add ASM_FUNC_ABI. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/serpent-avx2-amd64.S b/cipher/serpent-avx2-amd64.S index 03d29ae..3f59f06 100644 --- a/cipher/serpent-avx2-amd64.S +++ b/cipher/serpent-avx2-amd64.S @@ -20,9 +20,16 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && defined(USE_SERPENT) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_SERPENT) && \ defined(ENABLE_AVX2_SUPPORT) +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + #ifdef __PIC__ # define RIP (%rip) #else @@ -404,7 +411,7 @@ .text .align 8 -.type __serpent_enc_blk16, at function; +ELF(.type __serpent_enc_blk16, at function;) __serpent_enc_blk16: /* input: * %rdi: ctx, CTX @@ -489,10 +496,10 @@ __serpent_enc_blk16: transpose_4x4(RB4, RB1, RB2, RB0, RB3, RTMP0, RTMP1); ret; -.size __serpent_enc_blk16,.-__serpent_enc_blk16; +ELF(.size __serpent_enc_blk16,.-__serpent_enc_blk16;) .align 8 -.type __serpent_dec_blk16, at function; +ELF(.type __serpent_dec_blk16, at function;) __serpent_dec_blk16: /* input: * %rdi: ctx, CTX @@ -579,7 +586,7 @@ __serpent_dec_blk16: transpose_4x4(RB0, RB1, RB2, RB3, RB4, RTMP0, RTMP1); ret; -.size __serpent_dec_blk16,.-__serpent_dec_blk16; +ELF(.size __serpent_dec_blk16,.-__serpent_dec_blk16;) #define inc_le128(x, minus_one, tmp) \ vpcmpeqq minus_one, x, tmp; \ @@ -589,7 +596,7 @@ __serpent_dec_blk16: .align 8 .globl _gcry_serpent_avx2_ctr_enc -.type _gcry_serpent_avx2_ctr_enc, at function; +ELF(.type _gcry_serpent_avx2_ctr_enc, at function;) _gcry_serpent_avx2_ctr_enc: /* input: * %rdi: ctx, CTX @@ -695,11 +702,11 @@ _gcry_serpent_avx2_ctr_enc: vzeroall; ret -.size _gcry_serpent_avx2_ctr_enc,.-_gcry_serpent_avx2_ctr_enc; +ELF(.size _gcry_serpent_avx2_ctr_enc,.-_gcry_serpent_avx2_ctr_enc;) .align 8 .globl _gcry_serpent_avx2_cbc_dec -.type _gcry_serpent_avx2_cbc_dec, at function; +ELF(.type _gcry_serpent_avx2_cbc_dec, at function;) _gcry_serpent_avx2_cbc_dec: /* input: * %rdi: ctx, CTX @@ -746,11 +753,11 @@ _gcry_serpent_avx2_cbc_dec: vzeroall; ret -.size _gcry_serpent_avx2_cbc_dec,.-_gcry_serpent_avx2_cbc_dec; +ELF(.size _gcry_serpent_avx2_cbc_dec,.-_gcry_serpent_avx2_cbc_dec;) .align 8 .globl _gcry_serpent_avx2_cfb_dec -.type _gcry_serpent_avx2_cfb_dec, at function; +ELF(.type _gcry_serpent_avx2_cfb_dec, at function;) _gcry_serpent_avx2_cfb_dec: /* input: * %rdi: ctx, CTX @@ -799,7 +806,7 @@ _gcry_serpent_avx2_cfb_dec: vzeroall; ret -.size _gcry_serpent_avx2_cfb_dec,.-_gcry_serpent_avx2_cfb_dec; +ELF(.size _gcry_serpent_avx2_cfb_dec,.-_gcry_serpent_avx2_cfb_dec;) .data .align 16 diff --git a/cipher/serpent-sse2-amd64.S b/cipher/serpent-sse2-amd64.S index 395f660..adbf4e2 100644 --- a/cipher/serpent-sse2-amd64.S +++ b/cipher/serpent-sse2-amd64.S @@ -20,7 +20,14 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && defined(USE_SERPENT) +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_SERPENT) + +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif #ifdef __PIC__ # define RIP (%rip) @@ -427,7 +434,7 @@ .text .align 8 -.type __serpent_enc_blk8, at function; +ELF(.type __serpent_enc_blk8, at function;) __serpent_enc_blk8: /* input: * %rdi: ctx, CTX @@ -512,10 +519,10 @@ __serpent_enc_blk8: transpose_4x4(RB4, RB1, RB2, RB0, RB3, RTMP0, RTMP1); ret; -.size __serpent_enc_blk8,.-__serpent_enc_blk8; +ELF(.size __serpent_enc_blk8,.-__serpent_enc_blk8;) .align 8 -.type __serpent_dec_blk8, at function; +ELF(.type __serpent_dec_blk8, at function;) __serpent_dec_blk8: /* input: * %rdi: ctx, CTX @@ -602,11 +609,11 @@ __serpent_dec_blk8: transpose_4x4(RB0, RB1, RB2, RB3, RB4, RTMP0, RTMP1); ret; -.size __serpent_dec_blk8,.-__serpent_dec_blk8; +ELF(.size __serpent_dec_blk8,.-__serpent_dec_blk8;) .align 8 .globl _gcry_serpent_sse2_ctr_enc -.type _gcry_serpent_sse2_ctr_enc, at function; +ELF(.type _gcry_serpent_sse2_ctr_enc, at function;) _gcry_serpent_sse2_ctr_enc: /* input: * %rdi: ctx, CTX @@ -732,11 +739,11 @@ _gcry_serpent_sse2_ctr_enc: pxor RNOT, RNOT; ret -.size _gcry_serpent_sse2_ctr_enc,.-_gcry_serpent_sse2_ctr_enc; +ELF(.size _gcry_serpent_sse2_ctr_enc,.-_gcry_serpent_sse2_ctr_enc;) .align 8 .globl _gcry_serpent_sse2_cbc_dec -.type _gcry_serpent_sse2_cbc_dec, at function; +ELF(.type _gcry_serpent_sse2_cbc_dec, at function;) _gcry_serpent_sse2_cbc_dec: /* input: * %rdi: ctx, CTX @@ -793,11 +800,11 @@ _gcry_serpent_sse2_cbc_dec: pxor RNOT, RNOT; ret -.size _gcry_serpent_sse2_cbc_dec,.-_gcry_serpent_sse2_cbc_dec; +ELF(.size _gcry_serpent_sse2_cbc_dec,.-_gcry_serpent_sse2_cbc_dec;) .align 8 .globl _gcry_serpent_sse2_cfb_dec -.type _gcry_serpent_sse2_cfb_dec, at function; +ELF(.type _gcry_serpent_sse2_cfb_dec, at function;) _gcry_serpent_sse2_cfb_dec: /* input: * %rdi: ctx, CTX @@ -857,7 +864,7 @@ _gcry_serpent_sse2_cfb_dec: pxor RNOT, RNOT; ret -.size _gcry_serpent_sse2_cfb_dec,.-_gcry_serpent_sse2_cfb_dec; +ELF(.size _gcry_serpent_sse2_cfb_dec,.-_gcry_serpent_sse2_cfb_dec;) #endif /*defined(USE_SERPENT)*/ #endif /*__x86_64*/ diff --git a/cipher/serpent.c b/cipher/serpent.c index 0be49da..7d0e112 100644 --- a/cipher/serpent.c +++ b/cipher/serpent.c @@ -34,13 +34,15 @@ /* USE_SSE2 indicates whether to compile with AMD64 SSE2 code. */ #undef USE_SSE2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_SSE2 1 #endif /* USE_AVX2 indicates whether to compile with AMD64 AVX2 code. */ #undef USE_AVX2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # if defined(ENABLE_AVX2_SUPPORT) # define USE_AVX2 1 # endif @@ -86,6 +88,18 @@ typedef struct serpent_context } serpent_context_t; +/* Assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#undef ASM_FUNC_ABI +#if defined(USE_SSE2) || defined(USE_AVX2) +# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# else +# define ASM_FUNC_ABI +# endif +#endif + + #ifdef USE_SSE2 /* Assembler implementations of Serpent using SSE2. Process 8 block in parallel. @@ -93,17 +107,17 @@ typedef struct serpent_context extern void _gcry_serpent_sse2_ctr_enc(serpent_context_t *ctx, unsigned char *out, const unsigned char *in, - unsigned char *ctr); + unsigned char *ctr) ASM_FUNC_ABI; extern void _gcry_serpent_sse2_cbc_dec(serpent_context_t *ctx, unsigned char *out, const unsigned char *in, - unsigned char *iv); + unsigned char *iv) ASM_FUNC_ABI; extern void _gcry_serpent_sse2_cfb_dec(serpent_context_t *ctx, unsigned char *out, const unsigned char *in, - unsigned char *iv); + unsigned char *iv) ASM_FUNC_ABI; #endif #ifdef USE_AVX2 @@ -113,17 +127,17 @@ extern void _gcry_serpent_sse2_cfb_dec(serpent_context_t *ctx, extern void _gcry_serpent_avx2_ctr_enc(serpent_context_t *ctx, unsigned char *out, const unsigned char *in, - unsigned char *ctr); + unsigned char *ctr) ASM_FUNC_ABI; extern void _gcry_serpent_avx2_cbc_dec(serpent_context_t *ctx, unsigned char *out, const unsigned char *in, - unsigned char *iv); + unsigned char *iv) ASM_FUNC_ABI; extern void _gcry_serpent_avx2_cfb_dec(serpent_context_t *ctx, unsigned char *out, const unsigned char *in, - unsigned char *iv); + unsigned char *iv) ASM_FUNC_ABI; #endif #ifdef USE_NEON commit 12bc93ca8187b8061c2e705427ef22f5a71d29b0 Author: Jussi Kivilinna Date: Thu May 14 12:37:21 2015 +0300 Enable AMD64 Salsa20 implementation on WIN64 * cipher/salsa20-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/salsa20.c (USE_AMD64): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [USE_AMD64] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. (_gcry_salsa20_amd64_keysetup, _gcry_salsa20_amd64_ivsetup) (_gcry_salsa20_amd64_encrypt_blocks): Add ASM_FUNC_ABI. [USE_AMD64] (salsa20_core): Add ASM_EXTRA_STACK. (salsa20_do_encrypt_stream) [USE_AMD64]: Add ASM_EXTRA_STACK. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/salsa20-amd64.S b/cipher/salsa20-amd64.S index 7046dbb..470c32a 100644 --- a/cipher/salsa20-amd64.S +++ b/cipher/salsa20-amd64.S @@ -25,13 +25,20 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && defined(USE_SALSA20) +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_SALSA20) + +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif .text .align 8 .globl _gcry_salsa20_amd64_keysetup -.type _gcry_salsa20_amd64_keysetup, at function; +ELF(.type _gcry_salsa20_amd64_keysetup, at function;) _gcry_salsa20_amd64_keysetup: movl 0(%rsi),%r8d movl 4(%rsi),%r9d @@ -83,7 +90,7 @@ _gcry_salsa20_amd64_keysetup: .align 8 .globl _gcry_salsa20_amd64_ivsetup -.type _gcry_salsa20_amd64_ivsetup, at function; +ELF(.type _gcry_salsa20_amd64_ivsetup, at function;) _gcry_salsa20_amd64_ivsetup: movl 0(%rsi),%r8d movl 4(%rsi),%esi @@ -97,7 +104,7 @@ _gcry_salsa20_amd64_ivsetup: .align 8 .globl _gcry_salsa20_amd64_encrypt_blocks -.type _gcry_salsa20_amd64_encrypt_blocks, at function; +ELF(.type _gcry_salsa20_amd64_encrypt_blocks, at function;) _gcry_salsa20_amd64_encrypt_blocks: /* * Modifications to original implementation: @@ -918,7 +925,7 @@ _gcry_salsa20_amd64_encrypt_blocks: add $64,%rdi add $64,%rsi jmp .L_bytes_are_64_128_or_192 -.size _gcry_salsa20_amd64_encrypt_blocks,.-_gcry_salsa20_amd64_encrypt_blocks; +ELF(.size _gcry_salsa20_amd64_encrypt_blocks,.-_gcry_salsa20_amd64_encrypt_blocks;) #endif /*defined(USE_SALSA20)*/ #endif /*__x86_64*/ diff --git a/cipher/salsa20.c b/cipher/salsa20.c index d75fe51..fa3d23b 100644 --- a/cipher/salsa20.c +++ b/cipher/salsa20.c @@ -43,7 +43,8 @@ /* USE_AMD64 indicates whether to compile with AMD64 code. */ #undef USE_AMD64 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AMD64 1 #endif @@ -118,12 +119,25 @@ static const char *selftest (void); #ifdef USE_AMD64 + +/* Assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# define ASM_EXTRA_STACK (10 * 16) +#else +# define ASM_FUNC_ABI +# define ASM_EXTRA_STACK 0 +#endif + /* AMD64 assembly implementations of Salsa20. */ -void _gcry_salsa20_amd64_keysetup(u32 *ctxinput, const void *key, int keybits); -void _gcry_salsa20_amd64_ivsetup(u32 *ctxinput, const void *iv); +void _gcry_salsa20_amd64_keysetup(u32 *ctxinput, const void *key, int keybits) + ASM_FUNC_ABI; +void _gcry_salsa20_amd64_ivsetup(u32 *ctxinput, const void *iv) + ASM_FUNC_ABI; unsigned int _gcry_salsa20_amd64_encrypt_blocks(u32 *ctxinput, const void *src, void *dst, - size_t len, int rounds); + size_t len, int rounds) ASM_FUNC_ABI; static void salsa20_keysetup(SALSA20_context_t *ctx, const byte *key, int keylen) @@ -141,7 +155,8 @@ static unsigned int salsa20_core (u32 *dst, SALSA20_context_t *ctx, unsigned int rounds) { memset(dst, 0, SALSA20_BLOCK_SIZE); - return _gcry_salsa20_amd64_encrypt_blocks(ctx->input, dst, dst, 1, rounds); + return _gcry_salsa20_amd64_encrypt_blocks(ctx->input, dst, dst, 1, rounds) + + ASM_EXTRA_STACK; } #else /* USE_AMD64 */ @@ -418,6 +433,7 @@ salsa20_do_encrypt_stream (SALSA20_context_t *ctx, size_t nblocks = length / SALSA20_BLOCK_SIZE; burn = _gcry_salsa20_amd64_encrypt_blocks(ctx->input, inbuf, outbuf, nblocks, rounds); + burn += ASM_EXTRA_STACK; length -= SALSA20_BLOCK_SIZE * nblocks; outbuf += SALSA20_BLOCK_SIZE * nblocks; inbuf += SALSA20_BLOCK_SIZE * nblocks; commit 8d7de4dbf7732c6eb9e9853ad7c19c89075ace6f Author: Jussi Kivilinna Date: Thu May 14 12:39:39 2015 +0300 Enable AMD64 Poly1305 implementations on WIN64 * cipher/poly1305-avx2-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/poly1305-sse2-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/poly1305-internal.h (POLY1305_SYSV_FUNC_ABI): New. (POLY1305_USE_SSE2, POLY1305_USE_AVX2): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (OPS_FUNC_ABI): New. (poly1305_ops_t): Use OPS_FUNC_ABI. * cipher/poly1305.c (_gcry_poly1305_amd64_sse2_init_ext) (_gcry_poly1305_amd64_sse2_finish_ext) (_gcry_poly1305_amd64_sse2_blocks, _gcry_poly1305_amd64_avx2_init_ext) (_gcry_poly1305_amd64_avx2_finish_ext) (_gcry_poly1305_amd64_avx2_blocks, _gcry_poly1305_armv7_neon_init_ext) (_gcry_poly1305_armv7_neon_finish_ext) (_gcry_poly1305_armv7_neon_blocks, poly1305_init_ext_ref32) (poly1305_blocks_ref32, poly1305_finish_ext_ref32) (poly1305_init_ext_ref8, poly1305_blocks_ref8) (poly1305_finish_ext_ref8): Use OPS_FUNC_ABI. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/poly1305-avx2-amd64.S b/cipher/poly1305-avx2-amd64.S index 0ba7e76..9362a5a 100644 --- a/cipher/poly1305-avx2-amd64.S +++ b/cipher/poly1305-avx2-amd64.S @@ -25,15 +25,23 @@ #include -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(ENABLE_AVX2_SUPPORT) +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + + .text .align 8 .globl _gcry_poly1305_amd64_avx2_init_ext -.type _gcry_poly1305_amd64_avx2_init_ext, at function; +ELF(.type _gcry_poly1305_amd64_avx2_init_ext, at function;) _gcry_poly1305_amd64_avx2_init_ext: .Lpoly1305_init_ext_avx2_local: xor %edx, %edx @@ -391,12 +399,12 @@ _gcry_poly1305_amd64_avx2_init_ext: popq %r13 popq %r12 ret -.size _gcry_poly1305_amd64_avx2_init_ext,.-_gcry_poly1305_amd64_avx2_init_ext; +ELF(.size _gcry_poly1305_amd64_avx2_init_ext,.-_gcry_poly1305_amd64_avx2_init_ext;) .align 8 .globl _gcry_poly1305_amd64_avx2_blocks -.type _gcry_poly1305_amd64_avx2_blocks, at function; +ELF(.type _gcry_poly1305_amd64_avx2_blocks, at function;) _gcry_poly1305_amd64_avx2_blocks: .Lpoly1305_blocks_avx2_local: vzeroupper @@ -717,12 +725,12 @@ _gcry_poly1305_amd64_avx2_blocks: leave addq $8, %rax ret -.size _gcry_poly1305_amd64_avx2_blocks,.-_gcry_poly1305_amd64_avx2_blocks; +ELF(.size _gcry_poly1305_amd64_avx2_blocks,.-_gcry_poly1305_amd64_avx2_blocks;) .align 8 .globl _gcry_poly1305_amd64_avx2_finish_ext -.type _gcry_poly1305_amd64_avx2_finish_ext, at function; +ELF(.type _gcry_poly1305_amd64_avx2_finish_ext, at function;) _gcry_poly1305_amd64_avx2_finish_ext: .Lpoly1305_finish_ext_avx2_local: vzeroupper @@ -949,6 +957,6 @@ _gcry_poly1305_amd64_avx2_finish_ext: popq %rbp addq $(8*5), %rax ret -.size _gcry_poly1305_amd64_avx2_finish_ext,.-_gcry_poly1305_amd64_avx2_finish_ext; +ELF(.size _gcry_poly1305_amd64_avx2_finish_ext,.-_gcry_poly1305_amd64_avx2_finish_ext;) #endif diff --git a/cipher/poly1305-internal.h b/cipher/poly1305-internal.h index dfc0c04..bcbe5df 100644 --- a/cipher/poly1305-internal.h +++ b/cipher/poly1305-internal.h @@ -44,24 +44,30 @@ #define POLY1305_REF_ALIGNMENT sizeof(void *) +#undef POLY1305_SYSV_FUNC_ABI + /* POLY1305_USE_SSE2 indicates whether to compile with AMD64 SSE2 code. */ #undef POLY1305_USE_SSE2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define POLY1305_USE_SSE2 1 # define POLY1305_SSE2_BLOCKSIZE 32 # define POLY1305_SSE2_STATESIZE 248 # define POLY1305_SSE2_ALIGNMENT 16 +# define POLY1305_SYSV_FUNC_ABI 1 #endif /* POLY1305_USE_AVX2 indicates whether to compile with AMD64 AVX2 code. */ #undef POLY1305_USE_AVX2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(ENABLE_AVX2_SUPPORT) # define POLY1305_USE_AVX2 1 # define POLY1305_AVX2_BLOCKSIZE 64 # define POLY1305_AVX2_STATESIZE 328 # define POLY1305_AVX2_ALIGNMENT 32 +# define POLY1305_SYSV_FUNC_ABI 1 #endif @@ -112,6 +118,17 @@ #endif +/* Assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#undef OPS_FUNC_ABI +#if defined(POLY1305_SYSV_FUNC_ABI) && \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS) +# define OPS_FUNC_ABI __attribute__((sysv_abi)) +#else +# define OPS_FUNC_ABI +#endif + + typedef struct poly1305_key_s { byte b[POLY1305_KEYLEN]; @@ -121,10 +138,10 @@ typedef struct poly1305_key_s typedef struct poly1305_ops_s { size_t block_size; - void (*init_ext) (void *ctx, const poly1305_key_t * key); - unsigned int (*blocks) (void *ctx, const byte * m, size_t bytes); + void (*init_ext) (void *ctx, const poly1305_key_t * key) OPS_FUNC_ABI; + unsigned int (*blocks) (void *ctx, const byte * m, size_t bytes) OPS_FUNC_ABI; unsigned int (*finish_ext) (void *ctx, const byte * m, size_t remaining, - byte mac[POLY1305_TAGLEN]); + byte mac[POLY1305_TAGLEN]) OPS_FUNC_ABI; } poly1305_ops_t; diff --git a/cipher/poly1305-sse2-amd64.S b/cipher/poly1305-sse2-amd64.S index 106b119..219eb07 100644 --- a/cipher/poly1305-sse2-amd64.S +++ b/cipher/poly1305-sse2-amd64.S @@ -25,14 +25,22 @@ #include -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) + +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .text .align 8 .globl _gcry_poly1305_amd64_sse2_init_ext -.type _gcry_poly1305_amd64_sse2_init_ext, at function; +ELF(.type _gcry_poly1305_amd64_sse2_init_ext, at function;) _gcry_poly1305_amd64_sse2_init_ext: .Lpoly1305_init_ext_x86_local: xor %edx, %edx @@ -273,12 +281,12 @@ _gcry_poly1305_amd64_sse2_init_ext: popq %r13 popq %r12 ret -.size _gcry_poly1305_amd64_sse2_init_ext,.-_gcry_poly1305_amd64_sse2_init_ext; +ELF(.size _gcry_poly1305_amd64_sse2_init_ext,.-_gcry_poly1305_amd64_sse2_init_ext;) .align 8 .globl _gcry_poly1305_amd64_sse2_finish_ext -.type _gcry_poly1305_amd64_sse2_finish_ext, at function; +ELF(.type _gcry_poly1305_amd64_sse2_finish_ext, at function;) _gcry_poly1305_amd64_sse2_finish_ext: .Lpoly1305_finish_ext_x86_local: pushq %rbp @@ -424,12 +432,12 @@ _gcry_poly1305_amd64_sse2_finish_ext: popq %rbp addq $8, %rax ret -.size _gcry_poly1305_amd64_sse2_finish_ext,.-_gcry_poly1305_amd64_sse2_finish_ext; +ELF(.size _gcry_poly1305_amd64_sse2_finish_ext,.-_gcry_poly1305_amd64_sse2_finish_ext;) .align 8 .globl _gcry_poly1305_amd64_sse2_blocks -.type _gcry_poly1305_amd64_sse2_blocks, at function; +ELF(.type _gcry_poly1305_amd64_sse2_blocks, at function;) _gcry_poly1305_amd64_sse2_blocks: .Lpoly1305_blocks_x86_local: pushq %rbp @@ -1030,6 +1038,6 @@ _gcry_poly1305_amd64_sse2_blocks: pxor %xmm8, %xmm8 pxor %xmm0, %xmm0 ret -.size _gcry_poly1305_amd64_sse2_blocks,.-_gcry_poly1305_amd64_sse2_blocks; +ELF(.size _gcry_poly1305_amd64_sse2_blocks,.-_gcry_poly1305_amd64_sse2_blocks;) #endif diff --git a/cipher/poly1305.c b/cipher/poly1305.c index 28dbbf8..1adf0e7 100644 --- a/cipher/poly1305.c +++ b/cipher/poly1305.c @@ -40,12 +40,13 @@ static const char *selftest (void); #ifdef POLY1305_USE_SSE2 -void _gcry_poly1305_amd64_sse2_init_ext(void *state, const poly1305_key_t *key); +void _gcry_poly1305_amd64_sse2_init_ext(void *state, const poly1305_key_t *key) + OPS_FUNC_ABI; unsigned int _gcry_poly1305_amd64_sse2_finish_ext(void *state, const byte *m, size_t remaining, - byte mac[16]); + byte mac[16]) OPS_FUNC_ABI; unsigned int _gcry_poly1305_amd64_sse2_blocks(void *ctx, const byte *m, - size_t bytes); + size_t bytes) OPS_FUNC_ABI; static const poly1305_ops_t poly1305_amd64_sse2_ops = { POLY1305_SSE2_BLOCKSIZE, @@ -59,12 +60,13 @@ static const poly1305_ops_t poly1305_amd64_sse2_ops = { #ifdef POLY1305_USE_AVX2 -void _gcry_poly1305_amd64_avx2_init_ext(void *state, const poly1305_key_t *key); +void _gcry_poly1305_amd64_avx2_init_ext(void *state, const poly1305_key_t *key) + OPS_FUNC_ABI; unsigned int _gcry_poly1305_amd64_avx2_finish_ext(void *state, const byte *m, size_t remaining, - byte mac[16]); + byte mac[16]) OPS_FUNC_ABI; unsigned int _gcry_poly1305_amd64_avx2_blocks(void *ctx, const byte *m, - size_t bytes); + size_t bytes) OPS_FUNC_ABI; static const poly1305_ops_t poly1305_amd64_avx2_ops = { POLY1305_AVX2_BLOCKSIZE, @@ -78,12 +80,13 @@ static const poly1305_ops_t poly1305_amd64_avx2_ops = { #ifdef POLY1305_USE_NEON -void _gcry_poly1305_armv7_neon_init_ext(void *state, const poly1305_key_t *key); +void _gcry_poly1305_armv7_neon_init_ext(void *state, const poly1305_key_t *key) + OPS_FUNC_ABI; unsigned int _gcry_poly1305_armv7_neon_finish_ext(void *state, const byte *m, size_t remaining, - byte mac[16]); + byte mac[16]) OPS_FUNC_ABI; unsigned int _gcry_poly1305_armv7_neon_blocks(void *ctx, const byte *m, - size_t bytes); + size_t bytes) OPS_FUNC_ABI; static const poly1305_ops_t poly1305_armv7_neon_ops = { POLY1305_NEON_BLOCKSIZE, @@ -110,7 +113,7 @@ typedef struct poly1305_state_ref32_s } poly1305_state_ref32_t; -static void +static OPS_FUNC_ABI void poly1305_init_ext_ref32 (void *state, const poly1305_key_t * key) { poly1305_state_ref32_t *st = (poly1305_state_ref32_t *) state; @@ -142,7 +145,7 @@ poly1305_init_ext_ref32 (void *state, const poly1305_key_t * key) } -static unsigned int +static OPS_FUNC_ABI unsigned int poly1305_blocks_ref32 (void *state, const byte * m, size_t bytes) { poly1305_state_ref32_t *st = (poly1305_state_ref32_t *) state; @@ -230,7 +233,7 @@ poly1305_blocks_ref32 (void *state, const byte * m, size_t bytes) } -static unsigned int +static OPS_FUNC_ABI unsigned int poly1305_finish_ext_ref32 (void *state, const byte * m, size_t remaining, byte mac[POLY1305_TAGLEN]) { @@ -370,7 +373,7 @@ typedef struct poly1305_state_ref8_t } poly1305_state_ref8_t; -static void +static OPS_FUNC_ABI void poly1305_init_ext_ref8 (void *state, const poly1305_key_t * key) { poly1305_state_ref8_t *st = (poly1305_state_ref8_t *) state; @@ -471,7 +474,7 @@ poly1305_freeze_ref8 (byte h[17]) } -static unsigned int +static OPS_FUNC_ABI unsigned int poly1305_blocks_ref8 (void *state, const byte * m, size_t bytes) { poly1305_state_ref8_t *st = (poly1305_state_ref8_t *) state; @@ -519,7 +522,7 @@ poly1305_blocks_ref8 (void *state, const byte * m, size_t bytes) } -static unsigned int +static OPS_FUNC_ABI unsigned int poly1305_finish_ext_ref8 (void *state, const byte * m, size_t remaining, byte mac[POLY1305_TAGLEN]) { commit b65e9e71d5ee992db5c96793c6af999545daad28 Author: Jussi Kivilinna Date: Thu May 14 10:31:18 2015 +0300 Enable AMD64 3DES implementation on WIN64 * cipher/des-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/des.c (USE_AMD64_ASM): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. (tripledes_ecb_crypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly function through 'call_sysv_fn'. (tripledes_amd64_ctr_enc, tripledes_amd64_cbc_dec) (tripledes_amd64_cfb_dec): New wrapper functions for bulk assembly functions. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/des-amd64.S b/cipher/des-amd64.S index e8b2c56..307d211 100644 --- a/cipher/des-amd64.S +++ b/cipher/des-amd64.S @@ -20,7 +20,8 @@ #ifdef __x86_64 #include -#if defined(USE_DES) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(USE_DES) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) #ifdef __PIC__ # define RIP (%rip) @@ -28,6 +29,12 @@ # define RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .text #define s1 0 @@ -185,7 +192,7 @@ .align 8 .globl _gcry_3des_amd64_crypt_block -.type _gcry_3des_amd64_crypt_block, at function; +ELF(.type _gcry_3des_amd64_crypt_block, at function;) _gcry_3des_amd64_crypt_block: /* input: @@ -271,7 +278,7 @@ _gcry_3des_amd64_crypt_block: popq %rbp; ret; -.size _gcry_3des_amd64_crypt_block,.-_gcry_3des_amd64_crypt_block; +ELF(.size _gcry_3des_amd64_crypt_block,.-_gcry_3des_amd64_crypt_block;) /*********************************************************************** * 3-way 3DES @@ -458,7 +465,7 @@ _gcry_3des_amd64_crypt_block: movl right##d, 4(io); .align 8 -.type _gcry_3des_amd64_crypt_blk3, at function; +ELF(.type _gcry_3des_amd64_crypt_blk3, at function;) _gcry_3des_amd64_crypt_blk3: /* input: * %rdi: round keys, CTX @@ -528,11 +535,11 @@ _gcry_3des_amd64_crypt_blk3: final_permutation3(RR, RL); ret; -.size _gcry_3des_amd64_crypt_blk3,.-_gcry_3des_amd64_crypt_blk3; +ELF(.size _gcry_3des_amd64_crypt_blk3,.-_gcry_3des_amd64_crypt_blk3;) .align 8 .globl _gcry_3des_amd64_cbc_dec -.type _gcry_3des_amd64_cbc_dec, at function; +ELF(.type _gcry_3des_amd64_cbc_dec, at function;) _gcry_3des_amd64_cbc_dec: /* input: * %rdi: ctx, CTX @@ -604,11 +611,11 @@ _gcry_3des_amd64_cbc_dec: popq %rbp; ret; -.size _gcry_3des_amd64_cbc_dec,.-_gcry_3des_amd64_cbc_dec; +ELF(.size _gcry_3des_amd64_cbc_dec,.-_gcry_3des_amd64_cbc_dec;) .align 8 .globl _gcry_3des_amd64_ctr_enc -.type _gcry_3des_amd64_ctr_enc, at function; +ELF(.type _gcry_3des_amd64_ctr_enc, at function;) _gcry_3des_amd64_ctr_enc: /* input: * %rdi: ctx, CTX @@ -682,11 +689,11 @@ _gcry_3des_amd64_ctr_enc: popq %rbp; ret; -.size _gcry_3des_amd64_cbc_dec,.-_gcry_3des_amd64_cbc_dec; +ELF(.size _gcry_3des_amd64_cbc_dec,.-_gcry_3des_amd64_cbc_dec;) .align 8 .globl _gcry_3des_amd64_cfb_dec -.type _gcry_3des_amd64_cfb_dec, at function; +ELF(.type _gcry_3des_amd64_cfb_dec, at function;) _gcry_3des_amd64_cfb_dec: /* input: * %rdi: ctx, CTX @@ -757,7 +764,7 @@ _gcry_3des_amd64_cfb_dec: popq %rbx; popq %rbp; ret; -.size _gcry_3des_amd64_cfb_dec,.-_gcry_3des_amd64_cfb_dec; +ELF(.size _gcry_3des_amd64_cfb_dec,.-_gcry_3des_amd64_cfb_dec;) .data .align 16 diff --git a/cipher/des.c b/cipher/des.c index d4863d1..be62763 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -127,7 +127,8 @@ /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ #undef USE_AMD64_ASM -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AMD64_ASM 1 #endif @@ -771,6 +772,24 @@ extern void _gcry_3des_amd64_cfb_dec(const void *keys, byte *out, #define TRIPLEDES_ECB_BURN_STACK (8 * sizeof(void *)) +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +static inline void +call_sysv_fn (const void *fn, const void *arg1, const void *arg2, + const void *arg3, const void *arg4) +{ + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ + asm volatile ("callq *%0\n\t" + : "+a" (fn), + "+D" (arg1), + "+S" (arg2), + "+d" (arg3), + "+c" (arg4) + : + : "cc", "memory", "r8", "r9", "r10", "r11"); +} +#endif + /* * Electronic Codebook Mode Triple-DES encryption/decryption of data * according to 'mode'. Sometimes this mode is named 'EDE' mode @@ -784,11 +803,45 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys; +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_3des_amd64_crypt_block, keys, to, from, NULL); +#else _gcry_3des_amd64_crypt_block(keys, to, from); +#endif return 0; } +static inline void +tripledes_amd64_ctr_enc(const void *keys, byte *out, const byte *in, byte *ctr) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_3des_amd64_ctr_enc, keys, out, in, ctr); +#else + _gcry_3des_amd64_ctr_enc(keys, out, in, ctr); +#endif +} + +static inline void +tripledes_amd64_cbc_dec(const void *keys, byte *out, const byte *in, byte *iv) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_3des_amd64_cbc_dec, keys, out, in, iv); +#else + _gcry_3des_amd64_cbc_dec(keys, out, in, iv); +#endif +} + +static inline void +tripledes_amd64_cfb_dec(const void *keys, byte *out, const byte *in, byte *iv) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_3des_amd64_cfb_dec, keys, out, in, iv); +#else + _gcry_3des_amd64_cfb_dec(keys, out, in, iv); +#endif +} + #else /*USE_AMD64_ASM*/ #define TRIPLEDES_ECB_BURN_STACK 32 @@ -871,7 +924,7 @@ _gcry_3des_ctr_enc(void *context, unsigned char *ctr, void *outbuf_arg, /* Process data in 3 block chunks. */ while (nblocks >= 3) { - _gcry_3des_amd64_ctr_enc(ctx->encrypt_subkeys, outbuf, inbuf, ctr); + tripledes_amd64_ctr_enc(ctx->encrypt_subkeys, outbuf, inbuf, ctr); nblocks -= 3; outbuf += 3 * DES_BLOCKSIZE; @@ -926,7 +979,7 @@ _gcry_3des_cbc_dec(void *context, unsigned char *iv, void *outbuf_arg, /* Process data in 3 block chunks. */ while (nblocks >= 3) { - _gcry_3des_amd64_cbc_dec(ctx->decrypt_subkeys, outbuf, inbuf, iv); + tripledes_amd64_cbc_dec(ctx->decrypt_subkeys, outbuf, inbuf, iv); nblocks -= 3; outbuf += 3 * DES_BLOCKSIZE; @@ -974,7 +1027,7 @@ _gcry_3des_cfb_dec(void *context, unsigned char *iv, void *outbuf_arg, /* Process data in 3 block chunks. */ while (nblocks >= 3) { - _gcry_3des_amd64_cfb_dec(ctx->encrypt_subkeys, outbuf, inbuf, iv); + tripledes_amd64_cfb_dec(ctx->encrypt_subkeys, outbuf, inbuf, iv); nblocks -= 3; outbuf += 3 * DES_BLOCKSIZE; commit 9597cfddf03c467825da152be5ca0d12a8c30d88 Author: Jussi Kivilinna Date: Tue May 5 21:02:43 2015 +0300 Enable AMD64 ChaCha20 implementations on WIN64 * cipher/chacha20-avx2-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/chacha20-sse2-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/chacha20-ssse3-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/chacha20.c (USE_SSE2, USE_SSSE3, USE_AVX2): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. (chacha20_blocks_t, _gcry_chacha20_amd64_sse2_blocks) (_gcry_chacha20_amd64_ssse3_blocks, _gcry_chacha20_amd64_avx2_blocks) (_gcry_chacha20_armv7_neon_blocks, chacha20_blocks): Add ASM_FUNC_ABI. (chacha20_core): Add ASM_EXTRA_STACK. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/chacha20-avx2-amd64.S b/cipher/chacha20-avx2-amd64.S index 1f33de8..12bed35 100644 --- a/cipher/chacha20-avx2-amd64.S +++ b/cipher/chacha20-avx2-amd64.S @@ -26,7 +26,8 @@ #ifdef __x86_64__ #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(ENABLE_AVX2_SUPPORT) && USE_CHACHA20 #ifdef __PIC__ @@ -35,11 +36,17 @@ # define RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .text .align 8 .globl _gcry_chacha20_amd64_avx2_blocks -.type _gcry_chacha20_amd64_avx2_blocks, at function; +ELF(.type _gcry_chacha20_amd64_avx2_blocks, at function;) _gcry_chacha20_amd64_avx2_blocks: .Lchacha_blocks_avx2_local: vzeroupper @@ -938,7 +945,7 @@ _gcry_chacha20_amd64_avx2_blocks: vzeroall movl $(63 + 512), %eax ret -.size _gcry_chacha20_amd64_avx2_blocks,.-_gcry_chacha20_amd64_avx2_blocks; +ELF(.size _gcry_chacha20_amd64_avx2_blocks,.-_gcry_chacha20_amd64_avx2_blocks;) .data .align 16 diff --git a/cipher/chacha20-sse2-amd64.S b/cipher/chacha20-sse2-amd64.S index 4811f40..2b9842c 100644 --- a/cipher/chacha20-sse2-amd64.S +++ b/cipher/chacha20-sse2-amd64.S @@ -26,13 +26,20 @@ #ifdef __x86_64__ #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && USE_CHACHA20 +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && USE_CHACHA20 + +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif .text .align 8 .globl _gcry_chacha20_amd64_sse2_blocks -.type _gcry_chacha20_amd64_sse2_blocks, at function; +ELF(.type _gcry_chacha20_amd64_sse2_blocks, at function;) _gcry_chacha20_amd64_sse2_blocks: .Lchacha_blocks_sse2_local: pushq %rbx @@ -646,7 +653,7 @@ _gcry_chacha20_amd64_sse2_blocks: pxor %xmm8, %xmm8 pxor %xmm0, %xmm0 ret -.size _gcry_chacha20_amd64_sse2_blocks,.-_gcry_chacha20_amd64_sse2_blocks; +ELF(.size _gcry_chacha20_amd64_sse2_blocks,.-_gcry_chacha20_amd64_sse2_blocks;) #endif /*defined(USE_CHACHA20)*/ #endif /*__x86_64*/ diff --git a/cipher/chacha20-ssse3-amd64.S b/cipher/chacha20-ssse3-amd64.S index 50c2ff8..a1a843f 100644 --- a/cipher/chacha20-ssse3-amd64.S +++ b/cipher/chacha20-ssse3-amd64.S @@ -26,7 +26,8 @@ #ifdef __x86_64__ #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_GCC_INLINE_ASM_SSSE3) && USE_CHACHA20 #ifdef __PIC__ @@ -35,11 +36,17 @@ # define RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + .text .align 8 .globl _gcry_chacha20_amd64_ssse3_blocks -.type _gcry_chacha20_amd64_ssse3_blocks, at function; +ELF(.type _gcry_chacha20_amd64_ssse3_blocks, at function;) _gcry_chacha20_amd64_ssse3_blocks: .Lchacha_blocks_ssse3_local: pushq %rbx @@ -614,7 +621,7 @@ _gcry_chacha20_amd64_ssse3_blocks: pxor %xmm8, %xmm8 pxor %xmm0, %xmm0 ret -.size _gcry_chacha20_amd64_ssse3_blocks,.-_gcry_chacha20_amd64_ssse3_blocks; +ELF(.size _gcry_chacha20_amd64_ssse3_blocks,.-_gcry_chacha20_amd64_ssse3_blocks;) .data .align 16; diff --git a/cipher/chacha20.c b/cipher/chacha20.c index 2eaeffd..e25e239 100644 --- a/cipher/chacha20.c +++ b/cipher/chacha20.c @@ -50,20 +50,23 @@ /* USE_SSE2 indicates whether to compile with Intel SSE2 code. */ #undef USE_SSE2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_SSE2 1 #endif /* USE_SSSE3 indicates whether to compile with Intel SSSE3 code. */ #undef USE_SSSE3 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(HAVE_GCC_INLINE_ASM_SSSE3) # define USE_SSSE3 1 #endif /* USE_AVX2 indicates whether to compile with Intel AVX2 code. */ #undef USE_AVX2 -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(ENABLE_AVX2_SUPPORT) # define USE_AVX2 1 #endif @@ -82,8 +85,23 @@ struct CHACHA20_context_s; +/* Assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#undef ASM_FUNC_ABI +#undef ASM_EXTRA_STACK +#if (defined(USE_SSE2) || defined(USE_SSSE3) || defined(USE_AVX2)) && \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS) +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# define ASM_EXTRA_STACK (10 * 16) +#else +# define ASM_FUNC_ABI +# define ASM_EXTRA_STACK 0 +#endif + + typedef unsigned int (* chacha20_blocks_t)(u32 *state, const byte *src, - byte *dst, size_t bytes); + byte *dst, + size_t bytes) ASM_FUNC_ABI; typedef struct CHACHA20_context_s { @@ -97,28 +115,32 @@ typedef struct CHACHA20_context_s #ifdef USE_SSE2 unsigned int _gcry_chacha20_amd64_sse2_blocks(u32 *state, const byte *in, - byte *out, size_t bytes); + byte *out, + size_t bytes) ASM_FUNC_ABI; #endif /* USE_SSE2 */ #ifdef USE_SSSE3 unsigned int _gcry_chacha20_amd64_ssse3_blocks(u32 *state, const byte *in, - byte *out, size_t bytes); + byte *out, + size_t bytes) ASM_FUNC_ABI; #endif /* USE_SSSE3 */ #ifdef USE_AVX2 unsigned int _gcry_chacha20_amd64_avx2_blocks(u32 *state, const byte *in, - byte *out, size_t bytes); + byte *out, + size_t bytes) ASM_FUNC_ABI; #endif /* USE_AVX2 */ #ifdef USE_NEON unsigned int _gcry_chacha20_armv7_neon_blocks(u32 *state, const byte *in, - byte *out, size_t bytes); + byte *out, + size_t bytes) ASM_FUNC_ABI; #endif /* USE_NEON */ @@ -141,7 +163,7 @@ static const char *selftest (void); #ifndef USE_SSE2 -static unsigned int +ASM_FUNC_ABI static unsigned int chacha20_blocks (u32 *state, const byte *src, byte *dst, size_t bytes) { u32 pad[CHACHA20_INPUT_LENGTH]; @@ -269,7 +291,8 @@ chacha20_blocks (u32 *state, const byte *src, byte *dst, size_t bytes) static unsigned int chacha20_core(u32 *dst, struct CHACHA20_context_s *ctx) { - return ctx->blocks(ctx->input, NULL, (byte *)dst, CHACHA20_BLOCK_SIZE); + return ctx->blocks(ctx->input, NULL, (byte *)dst, CHACHA20_BLOCK_SIZE) + + ASM_EXTRA_STACK; } commit 6a6646df80386204675d8b149ab60e74d7ca124c Author: Jussi Kivilinna Date: Tue May 5 20:46:10 2015 +0300 Enable AMD64 CAST5 implementation on WIN64 * cipher/cast5-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (RIP): Remove. (GET_EXTERN_POINTER): Use 'leaq' version on WIN64. (ELF): New macro to mask lines with ELF specific commands. * cipher/cast5.c (USE_AMD64_ASM): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. (do_encrypt_block, do_decrypt_block) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly function through 'call_sysv_fn'. (cast5_amd64_ctr_enc, cast5_amd64_cbc_dec) (cast5_amd64_cfb_dec): New wrapper functions for bulk assembly functions. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/cast5-amd64.S b/cipher/cast5-amd64.S index 41fbb74..a5f078e 100644 --- a/cipher/cast5-amd64.S +++ b/cipher/cast5-amd64.S @@ -20,14 +20,19 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && defined(USE_CAST5) +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_CAST5) -#ifdef __PIC__ -# define RIP %rip +#if defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS) || !defined(__PIC__) +# define GET_EXTERN_POINTER(name, reg) leaq name, reg +#else # define GET_EXTERN_POINTER(name, reg) movq name at GOTPCREL(%rip), reg +#endif + +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ #else -# define RIP -# define GET_EXTERN_POINTER(name, reg) leaq name, reg +# define ELF(...) /*_*/ #endif .text @@ -180,7 +185,7 @@ .align 8 .globl _gcry_cast5_amd64_encrypt_block -.type _gcry_cast5_amd64_encrypt_block, at function; +ELF(.type _gcry_cast5_amd64_encrypt_block, at function;) _gcry_cast5_amd64_encrypt_block: /* input: @@ -216,11 +221,11 @@ _gcry_cast5_amd64_encrypt_block: popq %rbx; popq %rbp; ret; -.size _gcry_cast5_amd64_encrypt_block,.-_gcry_cast5_amd64_encrypt_block; +ELF(.size _gcry_cast5_amd64_encrypt_block,.-_gcry_cast5_amd64_encrypt_block;) .align 8 .globl _gcry_cast5_amd64_decrypt_block -.type _gcry_cast5_amd64_decrypt_block, at function; +ELF(.type _gcry_cast5_amd64_decrypt_block, at function;) _gcry_cast5_amd64_decrypt_block: /* input: @@ -256,7 +261,7 @@ _gcry_cast5_amd64_decrypt_block: popq %rbx; popq %rbp; ret; -.size _gcry_cast5_amd64_decrypt_block,.-_gcry_cast5_amd64_decrypt_block; +ELF(.size _gcry_cast5_amd64_decrypt_block,.-_gcry_cast5_amd64_decrypt_block;) /********************************************************************** 4-way cast5, four blocks parallel @@ -359,7 +364,7 @@ _gcry_cast5_amd64_decrypt_block: rorq $32, d; .align 8 -.type __cast5_enc_blk4, at function; +ELF(.type __cast5_enc_blk4, at function;) __cast5_enc_blk4: /* input: @@ -384,10 +389,10 @@ __cast5_enc_blk4: outbswap_block4(RLR0, RLR1, RLR2, RLR3); ret; -.size __cast5_enc_blk4,.-__cast5_enc_blk4; +ELF(.size __cast5_enc_blk4,.-__cast5_enc_blk4;) .align 8 -.type __cast5_dec_blk4, at function; +ELF(.type __cast5_dec_blk4, at function;) __cast5_dec_blk4: /* input: @@ -414,11 +419,11 @@ __cast5_dec_blk4: outbswap_block4(RLR0, RLR1, RLR2, RLR3); ret; -.size __cast5_dec_blk4,.-__cast5_dec_blk4; +ELF(.size __cast5_dec_blk4,.-__cast5_dec_blk4;) .align 8 .globl _gcry_cast5_amd64_ctr_enc -.type _gcry_cast5_amd64_ctr_enc, at function; +ELF(.type _gcry_cast5_amd64_ctr_enc, at function;) _gcry_cast5_amd64_ctr_enc: /* input: * %rdi: ctx, CTX @@ -472,11 +477,11 @@ _gcry_cast5_amd64_ctr_enc: popq %rbx; popq %rbp; ret -.size _gcry_cast5_amd64_ctr_enc,.-_gcry_cast5_amd64_ctr_enc; +ELF(.size _gcry_cast5_amd64_ctr_enc,.-_gcry_cast5_amd64_ctr_enc;) .align 8 .globl _gcry_cast5_amd64_cbc_dec -.type _gcry_cast5_amd64_cbc_dec, at function; +ELF(.type _gcry_cast5_amd64_cbc_dec, at function;) _gcry_cast5_amd64_cbc_dec: /* input: * %rdi: ctx, CTX @@ -526,11 +531,11 @@ _gcry_cast5_amd64_cbc_dec: popq %rbp; ret; -.size _gcry_cast5_amd64_cbc_dec,.-_gcry_cast5_amd64_cbc_dec; +ELF(.size _gcry_cast5_amd64_cbc_dec,.-_gcry_cast5_amd64_cbc_dec;) .align 8 .globl _gcry_cast5_amd64_cfb_dec -.type _gcry_cast5_amd64_cfb_dec, at function; +ELF(.type _gcry_cast5_amd64_cfb_dec, at function;) _gcry_cast5_amd64_cfb_dec: /* input: * %rdi: ctx, CTX @@ -581,7 +586,7 @@ _gcry_cast5_amd64_cfb_dec: popq %rbp; ret; -.size _gcry_cast5_amd64_cfb_dec,.-_gcry_cast5_amd64_cfb_dec; +ELF(.size _gcry_cast5_amd64_cfb_dec,.-_gcry_cast5_amd64_cfb_dec;) #endif /*defined(USE_CAST5)*/ #endif /*__x86_64*/ diff --git a/cipher/cast5.c b/cipher/cast5.c index 115e1e6..94dcee7 100644 --- a/cipher/cast5.c +++ b/cipher/cast5.c @@ -48,7 +48,8 @@ /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ #undef USE_AMD64_ASM -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AMD64_ASM 1 #endif @@ -372,16 +373,72 @@ extern void _gcry_cast5_amd64_cbc_dec(CAST5_context *ctx, byte *out, extern void _gcry_cast5_amd64_cfb_dec(CAST5_context *ctx, byte *out, const byte *in, byte *iv); +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +static inline void +call_sysv_fn (const void *fn, const void *arg1, const void *arg2, + const void *arg3, const void *arg4) +{ + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ + asm volatile ("callq *%0\n\t" + : "+a" (fn), + "+D" (arg1), + "+S" (arg2), + "+d" (arg3), + "+c" (arg4) + : + : "cc", "memory", "r8", "r9", "r10", "r11"); +} +#endif + static void do_encrypt_block (CAST5_context *context, byte *outbuf, const byte *inbuf) { +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_cast5_amd64_encrypt_block, context, outbuf, inbuf, NULL); +#else _gcry_cast5_amd64_encrypt_block (context, outbuf, inbuf); +#endif } static void do_decrypt_block (CAST5_context *context, byte *outbuf, const byte *inbuf) { +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_cast5_amd64_decrypt_block, context, outbuf, inbuf, NULL); +#else _gcry_cast5_amd64_decrypt_block (context, outbuf, inbuf); +#endif +} + +static void +cast5_amd64_ctr_enc(CAST5_context *ctx, byte *out, const byte *in, byte *ctr) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_cast5_amd64_ctr_enc, ctx, out, in, ctr); +#else + _gcry_cast5_amd64_ctr_enc (ctx, out, in, ctr); +#endif +} + +static void +cast5_amd64_cbc_dec(CAST5_context *ctx, byte *out, const byte *in, byte *iv) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_cast5_amd64_cbc_dec, ctx, out, in, iv); +#else + _gcry_cast5_amd64_cbc_dec (ctx, out, in, iv); +#endif +} + +static void +cast5_amd64_cfb_dec(CAST5_context *ctx, byte *out, const byte *in, byte *iv) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_cast5_amd64_cfb_dec, ctx, out, in, iv); +#else + _gcry_cast5_amd64_cfb_dec (ctx, out, in, iv); +#endif } static unsigned int @@ -396,7 +453,7 @@ static unsigned int decrypt_block (void *context, byte *outbuf, const byte *inbuf) { CAST5_context *c = (CAST5_context *) context; - _gcry_cast5_amd64_decrypt_block (c, outbuf, inbuf); + do_decrypt_block (c, outbuf, inbuf); return /*burn_stack*/ (2*8); } @@ -582,7 +639,7 @@ _gcry_cast5_ctr_enc(void *context, unsigned char *ctr, void *outbuf_arg, /* Process data in 4 block chunks. */ while (nblocks >= 4) { - _gcry_cast5_amd64_ctr_enc(ctx, outbuf, inbuf, ctr); + cast5_amd64_ctr_enc(ctx, outbuf, inbuf, ctr); nblocks -= 4; outbuf += 4 * CAST5_BLOCKSIZE; @@ -651,7 +708,7 @@ _gcry_cast5_cbc_dec(void *context, unsigned char *iv, void *outbuf_arg, /* Process data in 4 block chunks. */ while (nblocks >= 4) { - _gcry_cast5_amd64_cbc_dec(ctx, outbuf, inbuf, iv); + cast5_amd64_cbc_dec(ctx, outbuf, inbuf, iv); nblocks -= 4; outbuf += 4 * CAST5_BLOCKSIZE; @@ -710,7 +767,7 @@ _gcry_cast5_cfb_dec(void *context, unsigned char *iv, void *outbuf_arg, /* Process data in 4 block chunks. */ while (nblocks >= 4) { - _gcry_cast5_amd64_cfb_dec(ctx, outbuf, inbuf, iv); + cast5_amd64_cfb_dec(ctx, outbuf, inbuf, iv); nblocks -= 4; outbuf += 4 * CAST5_BLOCKSIZE; commit 9a4fb3709864bf3e3918800d44ff576590cd4e92 Author: Jussi Kivilinna Date: Thu May 14 13:33:07 2015 +0300 Enable AMD64 Camellia implementations on WIN64 * cipher/camellia-aesni-avx-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/camellia-aesni-avx2-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/camellia-glue.c (USE_AESNI_AVX, USE_AESNI_AVX2): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [USE_AESNI_AVX ||?USE_AESNI_AVX2] (ASM_FUNC_ABI, ASM_EXTRA_STACK): New. (_gcry_camellia_aesni_avx_ctr_enc, _gcry_camellia_aesni_avx_cbc_dec) (_gcry_camellia_aesni_avx_cfb_dec, _gcry_camellia_aesni_avx_keygen) (_gcry_camellia_aesni_avx2_ctr_enc, _gcry_camellia_aesni_avx2_cbc_dec) (_gcry_camellia_aesni_avx2_cfb_dec): Add ASM_FUNC_ABI. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/camellia-aesni-avx-amd64.S b/cipher/camellia-aesni-avx-amd64.S index 6d157a7..c047a21 100644 --- a/cipher/camellia-aesni-avx-amd64.S +++ b/cipher/camellia-aesni-avx-amd64.S @@ -20,7 +20,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT) #ifdef __PIC__ @@ -29,6 +30,12 @@ # define RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + #define CAMELLIA_TABLE_BYTE_LEN 272 /* struct CAMELLIA_context: */ @@ -769,7 +776,7 @@ .text .align 8 -.type __camellia_enc_blk16, at function; +ELF(.type __camellia_enc_blk16, at function;) __camellia_enc_blk16: /* input: @@ -853,10 +860,10 @@ __camellia_enc_blk16: %xmm15, %rax, %rcx, 24); jmp .Lenc_done; -.size __camellia_enc_blk16,.-__camellia_enc_blk16; +ELF(.size __camellia_enc_blk16,.-__camellia_enc_blk16;) .align 8 -.type __camellia_dec_blk16, at function; +ELF(.type __camellia_dec_blk16, at function;) __camellia_dec_blk16: /* input: @@ -938,7 +945,7 @@ __camellia_dec_blk16: ((key_table + (24) * 8) + 4)(CTX)); jmp .Ldec_max24; -.size __camellia_dec_blk16,.-__camellia_dec_blk16; +ELF(.size __camellia_dec_blk16,.-__camellia_dec_blk16;) #define inc_le128(x, minus_one, tmp) \ vpcmpeqq minus_one, x, tmp; \ @@ -948,7 +955,7 @@ __camellia_dec_blk16: .align 8 .globl _gcry_camellia_aesni_avx_ctr_enc -.type _gcry_camellia_aesni_avx_ctr_enc, at function; +ELF(.type _gcry_camellia_aesni_avx_ctr_enc, at function;) _gcry_camellia_aesni_avx_ctr_enc: /* input: @@ -1062,11 +1069,11 @@ _gcry_camellia_aesni_avx_ctr_enc: leave; ret; -.size _gcry_camellia_aesni_avx_ctr_enc,.-_gcry_camellia_aesni_avx_ctr_enc; +ELF(.size _gcry_camellia_aesni_avx_ctr_enc,.-_gcry_camellia_aesni_avx_ctr_enc;) .align 8 .globl _gcry_camellia_aesni_avx_cbc_dec -.type _gcry_camellia_aesni_avx_cbc_dec, at function; +ELF(.type _gcry_camellia_aesni_avx_cbc_dec, at function;) _gcry_camellia_aesni_avx_cbc_dec: /* input: @@ -1130,11 +1137,11 @@ _gcry_camellia_aesni_avx_cbc_dec: leave; ret; -.size _gcry_camellia_aesni_avx_cbc_dec,.-_gcry_camellia_aesni_avx_cbc_dec; +ELF(.size _gcry_camellia_aesni_avx_cbc_dec,.-_gcry_camellia_aesni_avx_cbc_dec;) .align 8 .globl _gcry_camellia_aesni_avx_cfb_dec -.type _gcry_camellia_aesni_avx_cfb_dec, at function; +ELF(.type _gcry_camellia_aesni_avx_cfb_dec, at function;) _gcry_camellia_aesni_avx_cfb_dec: /* input: @@ -1202,7 +1209,7 @@ _gcry_camellia_aesni_avx_cfb_dec: leave; ret; -.size _gcry_camellia_aesni_avx_cfb_dec,.-_gcry_camellia_aesni_avx_cfb_dec; +ELF(.size _gcry_camellia_aesni_avx_cfb_dec,.-_gcry_camellia_aesni_avx_cfb_dec;) /* * IN: @@ -1309,7 +1316,7 @@ _gcry_camellia_aesni_avx_cfb_dec: .text .align 8 -.type __camellia_avx_setup128, at function; +ELF(.type __camellia_avx_setup128, at function;) __camellia_avx_setup128: /* input: * %rdi: ctx, CTX; subkey storage at key_table(CTX) @@ -1650,10 +1657,10 @@ __camellia_avx_setup128: vzeroall; ret; -.size __camellia_avx_setup128,.-__camellia_avx_setup128; +ELF(.size __camellia_avx_setup128,.-__camellia_avx_setup128;) .align 8 -.type __camellia_avx_setup256, at function; +ELF(.type __camellia_avx_setup256, at function;) __camellia_avx_setup256: /* input: @@ -2127,11 +2134,11 @@ __camellia_avx_setup256: vzeroall; ret; -.size __camellia_avx_setup256,.-__camellia_avx_setup256; +ELF(.size __camellia_avx_setup256,.-__camellia_avx_setup256;) .align 8 .globl _gcry_camellia_aesni_avx_keygen -.type _gcry_camellia_aesni_avx_keygen, at function; +ELF(.type _gcry_camellia_aesni_avx_keygen, at function;) _gcry_camellia_aesni_avx_keygen: /* input: @@ -2159,7 +2166,7 @@ _gcry_camellia_aesni_avx_keygen: vpor %xmm2, %xmm1, %xmm1; jmp __camellia_avx_setup256; -.size _gcry_camellia_aesni_avx_keygen,.-_gcry_camellia_aesni_avx_keygen; +ELF(.size _gcry_camellia_aesni_avx_keygen,.-_gcry_camellia_aesni_avx_keygen;) #endif /*defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT)*/ #endif /*__x86_64*/ diff --git a/cipher/camellia-aesni-avx2-amd64.S b/cipher/camellia-aesni-avx2-amd64.S index 25f48bc..a3fa229 100644 --- a/cipher/camellia-aesni-avx2-amd64.S +++ b/cipher/camellia-aesni-avx2-amd64.S @@ -20,7 +20,8 @@ #ifdef __x86_64 #include -#if defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT) #ifdef __PIC__ @@ -29,6 +30,12 @@ # define RIP #endif +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif + #define CAMELLIA_TABLE_BYTE_LEN 272 /* struct CAMELLIA_context: */ @@ -748,7 +755,7 @@ .text .align 8 -.type __camellia_enc_blk32, at function; +ELF(.type __camellia_enc_blk32, at function;) __camellia_enc_blk32: /* input: @@ -832,10 +839,10 @@ __camellia_enc_blk32: %ymm15, %rax, %rcx, 24); jmp .Lenc_done; -.size __camellia_enc_blk32,.-__camellia_enc_blk32; +ELF(.size __camellia_enc_blk32,.-__camellia_enc_blk32;) .align 8 -.type __camellia_dec_blk32, at function; +ELF(.type __camellia_dec_blk32, at function;) __camellia_dec_blk32: /* input: @@ -917,7 +924,7 @@ __camellia_dec_blk32: ((key_table + (24) * 8) + 4)(CTX)); jmp .Ldec_max24; -.size __camellia_dec_blk32,.-__camellia_dec_blk32; +ELF(.size __camellia_dec_blk32,.-__camellia_dec_blk32;) #define inc_le128(x, minus_one, tmp) \ vpcmpeqq minus_one, x, tmp; \ @@ -927,7 +934,7 @@ __camellia_dec_blk32: .align 8 .globl _gcry_camellia_aesni_avx2_ctr_enc -.type _gcry_camellia_aesni_avx2_ctr_enc, at function; +ELF(.type _gcry_camellia_aesni_avx2_ctr_enc, at function;) _gcry_camellia_aesni_avx2_ctr_enc: /* input: @@ -1111,11 +1118,11 @@ _gcry_camellia_aesni_avx2_ctr_enc: leave; ret; -.size _gcry_camellia_aesni_avx2_ctr_enc,.-_gcry_camellia_aesni_avx2_ctr_enc; +ELF(.size _gcry_camellia_aesni_avx2_ctr_enc,.-_gcry_camellia_aesni_avx2_ctr_enc;) .align 8 .globl _gcry_camellia_aesni_avx2_cbc_dec -.type _gcry_camellia_aesni_avx2_cbc_dec, at function; +ELF(.type _gcry_camellia_aesni_avx2_cbc_dec, at function;) _gcry_camellia_aesni_avx2_cbc_dec: /* input: @@ -1183,11 +1190,11 @@ _gcry_camellia_aesni_avx2_cbc_dec: leave; ret; -.size _gcry_camellia_aesni_avx2_cbc_dec,.-_gcry_camellia_aesni_avx2_cbc_dec; +ELF(.size _gcry_camellia_aesni_avx2_cbc_dec,.-_gcry_camellia_aesni_avx2_cbc_dec;) .align 8 .globl _gcry_camellia_aesni_avx2_cfb_dec -.type _gcry_camellia_aesni_avx2_cfb_dec, at function; +ELF(.type _gcry_camellia_aesni_avx2_cfb_dec, at function;) _gcry_camellia_aesni_avx2_cfb_dec: /* input: @@ -1257,7 +1264,7 @@ _gcry_camellia_aesni_avx2_cfb_dec: leave; ret; -.size _gcry_camellia_aesni_avx2_cfb_dec,.-_gcry_camellia_aesni_avx2_cfb_dec; +ELF(.size _gcry_camellia_aesni_avx2_cfb_dec,.-_gcry_camellia_aesni_avx2_cfb_dec;) #endif /*defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT)*/ #endif /*__x86_64*/ diff --git a/cipher/camellia-glue.c b/cipher/camellia-glue.c index f18d135..5032321 100644 --- a/cipher/camellia-glue.c +++ b/cipher/camellia-glue.c @@ -75,7 +75,8 @@ /* USE_AESNI inidicates whether to compile with Intel AES-NI/AVX code. */ #undef USE_AESNI_AVX #if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT) -# if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +# if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AESNI_AVX 1 # endif #endif @@ -83,7 +84,8 @@ /* USE_AESNI_AVX2 inidicates whether to compile with Intel AES-NI/AVX2 code. */ #undef USE_AESNI_AVX2 #if defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT) -# if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +# if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AESNI_AVX2 1 # endif #endif @@ -100,6 +102,20 @@ typedef struct #endif /*USE_AESNI_AVX2*/ } CAMELLIA_context; +/* Assembly implementations use SystemV ABI, ABI conversion and additional + * stack to store XMM6-XMM15 needed on Win64. */ +#undef ASM_FUNC_ABI +#undef ASM_EXTRA_STACK +#if defined(USE_AESNI_AVX) || defined(USE_AESNI_AVX2) +# ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +# define ASM_FUNC_ABI __attribute__((sysv_abi)) +# define ASM_EXTRA_STACK (10 * 16) +# else +# define ASM_FUNC_ABI +# define ASM_EXTRA_STACK 0 +# endif +#endif + #ifdef USE_AESNI_AVX /* Assembler implementations of Camellia using AES-NI and AVX. Process data in 16 block same time. @@ -107,21 +123,21 @@ typedef struct extern void _gcry_camellia_aesni_avx_ctr_enc(CAMELLIA_context *ctx, unsigned char *out, const unsigned char *in, - unsigned char *ctr); + unsigned char *ctr) ASM_FUNC_ABI; extern void _gcry_camellia_aesni_avx_cbc_dec(CAMELLIA_context *ctx, unsigned char *out, const unsigned char *in, - unsigned char *iv); + unsigned char *iv) ASM_FUNC_ABI; extern void _gcry_camellia_aesni_avx_cfb_dec(CAMELLIA_context *ctx, unsigned char *out, const unsigned char *in, - unsigned char *iv); + unsigned char *iv) ASM_FUNC_ABI; extern void _gcry_camellia_aesni_avx_keygen(CAMELLIA_context *ctx, const unsigned char *key, - unsigned int keylen); + unsigned int keylen) ASM_FUNC_ABI; #endif #ifdef USE_AESNI_AVX2 @@ -131,17 +147,17 @@ extern void _gcry_camellia_aesni_avx_keygen(CAMELLIA_context *ctx, extern void _gcry_camellia_aesni_avx2_ctr_enc(CAMELLIA_context *ctx, unsigned char *out, const unsigned char *in, - unsigned char *ctr); + unsigned char *ctr) ASM_FUNC_ABI; extern void _gcry_camellia_aesni_avx2_cbc_dec(CAMELLIA_context *ctx, unsigned char *out, const unsigned char *in, - unsigned char *iv); + unsigned char *iv) ASM_FUNC_ABI; extern void _gcry_camellia_aesni_avx2_cfb_dec(CAMELLIA_context *ctx, unsigned char *out, const unsigned char *in, - unsigned char *iv); + unsigned char *iv) ASM_FUNC_ABI; #endif static const char *selftest(void); @@ -318,7 +334,7 @@ _gcry_camellia_ctr_enc(void *context, unsigned char *ctr, if (did_use_aesni_avx2) { int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE + 16 + - 2 * sizeof(void *); + 2 * sizeof(void *) + ASM_EXTRA_STACK; if (burn_stack_depth < avx2_burn_stack_depth) burn_stack_depth = avx2_burn_stack_depth; @@ -347,8 +363,11 @@ _gcry_camellia_ctr_enc(void *context, unsigned char *ctr, if (did_use_aesni_avx) { - if (burn_stack_depth < 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *)) - burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *); + int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + + 2 * sizeof(void *) + ASM_EXTRA_STACK; + + if (burn_stack_depth < avx_burn_stack_depth) + burn_stack_depth = avx_burn_stack_depth; } /* Use generic code to handle smaller chunks... */ @@ -409,7 +428,7 @@ _gcry_camellia_cbc_dec(void *context, unsigned char *iv, if (did_use_aesni_avx2) { int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE + 16 + - 2 * sizeof(void *); + 2 * sizeof(void *) + ASM_EXTRA_STACK;; if (burn_stack_depth < avx2_burn_stack_depth) burn_stack_depth = avx2_burn_stack_depth; @@ -437,8 +456,11 @@ _gcry_camellia_cbc_dec(void *context, unsigned char *iv, if (did_use_aesni_avx) { - if (burn_stack_depth < 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *)) - burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *); + int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + + 2 * sizeof(void *) + ASM_EXTRA_STACK; + + if (burn_stack_depth < avx_burn_stack_depth) + burn_stack_depth = avx_burn_stack_depth; } /* Use generic code to handle smaller chunks... */ @@ -491,7 +513,7 @@ _gcry_camellia_cfb_dec(void *context, unsigned char *iv, if (did_use_aesni_avx2) { int avx2_burn_stack_depth = 32 * CAMELLIA_BLOCK_SIZE + 16 + - 2 * sizeof(void *); + 2 * sizeof(void *) + ASM_EXTRA_STACK; if (burn_stack_depth < avx2_burn_stack_depth) burn_stack_depth = avx2_burn_stack_depth; @@ -519,8 +541,11 @@ _gcry_camellia_cfb_dec(void *context, unsigned char *iv, if (did_use_aesni_avx) { - if (burn_stack_depth < 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *)) - burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + 2 * sizeof(void *); + int avx_burn_stack_depth = 16 * CAMELLIA_BLOCK_SIZE + + 2 * sizeof(void *) + ASM_EXTRA_STACK; + + if (burn_stack_depth < avx_burn_stack_depth) + burn_stack_depth = avx_burn_stack_depth; } /* Use generic code to handle smaller chunks... */ commit e05682093ffb003b589a697428d918d755ac631d Author: Jussi Kivilinna Date: Sun May 3 17:28:40 2015 +0300 Enable AMD64 Blowfish implementation on WIN64 * cipher/blowfish-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/blowfish.c (USE_AMD64_ASM): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS] (call_sysv_fn): New. (do_encrypt, do_encrypt_block, do_decrypt_block) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Call assembly function through 'call_sysv_fn'. (blowfish_amd64_ctr_enc, blowfish_amd64_cbc_dec) (blowfish_amd64_cfb_dec): New wrapper functions for bulk assembly functions. .. Signed-off-by: Jussi Kivilinna diff --git a/cipher/blowfish-amd64.S b/cipher/blowfish-amd64.S index 87b676f..21b63fc 100644 --- a/cipher/blowfish-amd64.S +++ b/cipher/blowfish-amd64.S @@ -20,7 +20,15 @@ #ifdef __x86_64 #include -#if defined(USE_BLOWFISH) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(USE_BLOWFISH) && \ + (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) + +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif .text @@ -120,7 +128,7 @@ movq RX0, (RIO); .align 8 -.type __blowfish_enc_blk1, at function; +ELF(.type __blowfish_enc_blk1, at function;) __blowfish_enc_blk1: /* input: @@ -145,11 +153,11 @@ __blowfish_enc_blk1: movq %r11, %rbp; ret; -.size __blowfish_enc_blk1,.-__blowfish_enc_blk1; +ELF(.size __blowfish_enc_blk1,.-__blowfish_enc_blk1;) .align 8 .globl _gcry_blowfish_amd64_do_encrypt -.type _gcry_blowfish_amd64_do_encrypt, at function; +ELF(.type _gcry_blowfish_amd64_do_encrypt, at function;) _gcry_blowfish_amd64_do_encrypt: /* input: @@ -171,11 +179,11 @@ _gcry_blowfish_amd64_do_encrypt: movl RX0d, (RX2); ret; -.size _gcry_blowfish_amd64_do_encrypt,.-_gcry_blowfish_amd64_do_encrypt; +ELF(.size _gcry_blowfish_amd64_do_encrypt,.-_gcry_blowfish_amd64_do_encrypt;) .align 8 .globl _gcry_blowfish_amd64_encrypt_block -.type _gcry_blowfish_amd64_encrypt_block, at function; +ELF(.type _gcry_blowfish_amd64_encrypt_block, at function;) _gcry_blowfish_amd64_encrypt_block: /* input: @@ -195,11 +203,11 @@ _gcry_blowfish_amd64_encrypt_block: write_block(); ret; -.size _gcry_blowfish_amd64_encrypt_block,.-_gcry_blowfish_amd64_encrypt_block; +ELF(.size _gcry_blowfish_amd64_encrypt_block,.-_gcry_blowfish_amd64_encrypt_block;) .align 8 .globl _gcry_blowfish_amd64_decrypt_block -.type _gcry_blowfish_amd64_decrypt_block, at function; +ELF(.type _gcry_blowfish_amd64_decrypt_block, at function;) _gcry_blowfish_amd64_decrypt_block: /* input: @@ -231,7 +239,7 @@ _gcry_blowfish_amd64_decrypt_block: movq %r11, %rbp; ret; -.size _gcry_blowfish_amd64_decrypt_block,.-_gcry_blowfish_amd64_decrypt_block; +ELF(.size _gcry_blowfish_amd64_decrypt_block,.-_gcry_blowfish_amd64_decrypt_block;) /********************************************************************** 4-way blowfish, four blocks parallel @@ -319,7 +327,7 @@ _gcry_blowfish_amd64_decrypt_block: bswapq RX3; .align 8 -.type __blowfish_enc_blk4, at function; +ELF(.type __blowfish_enc_blk4, at function;) __blowfish_enc_blk4: /* input: @@ -343,10 +351,10 @@ __blowfish_enc_blk4: outbswap_block4(); ret; -.size __blowfish_enc_blk4,.-__blowfish_enc_blk4; +ELF(.size __blowfish_enc_blk4,.-__blowfish_enc_blk4;) .align 8 -.type __blowfish_dec_blk4, at function; +ELF(.type __blowfish_dec_blk4, at function;) __blowfish_dec_blk4: /* input: @@ -372,11 +380,11 @@ __blowfish_dec_blk4: outbswap_block4(); ret; -.size __blowfish_dec_blk4,.-__blowfish_dec_blk4; +ELF(.size __blowfish_dec_blk4,.-__blowfish_dec_blk4;) .align 8 .globl _gcry_blowfish_amd64_ctr_enc -.type _gcry_blowfish_amd64_ctr_enc, at function; +ELF(.type _gcry_blowfish_amd64_ctr_enc, at function;) _gcry_blowfish_amd64_ctr_enc: /* input: * %rdi: ctx, CTX @@ -429,11 +437,11 @@ _gcry_blowfish_amd64_ctr_enc: popq %rbp; ret; -.size _gcry_blowfish_amd64_ctr_enc,.-_gcry_blowfish_amd64_ctr_enc; +ELF(.size _gcry_blowfish_amd64_ctr_enc,.-_gcry_blowfish_amd64_ctr_enc;) .align 8 .globl _gcry_blowfish_amd64_cbc_dec -.type _gcry_blowfish_amd64_cbc_dec, at function; +ELF(.type _gcry_blowfish_amd64_cbc_dec, at function;) _gcry_blowfish_amd64_cbc_dec: /* input: * %rdi: ctx, CTX @@ -477,11 +485,11 @@ _gcry_blowfish_amd64_cbc_dec: popq %rbp; ret; -.size _gcry_blowfish_amd64_cbc_dec,.-_gcry_blowfish_amd64_cbc_dec; +ELF(.size _gcry_blowfish_amd64_cbc_dec,.-_gcry_blowfish_amd64_cbc_dec;) .align 8 .globl _gcry_blowfish_amd64_cfb_dec -.type _gcry_blowfish_amd64_cfb_dec, at function; +ELF(.type _gcry_blowfish_amd64_cfb_dec, at function;) _gcry_blowfish_amd64_cfb_dec: /* input: * %rdi: ctx, CTX @@ -527,7 +535,7 @@ _gcry_blowfish_amd64_cfb_dec: popq %rbx; popq %rbp; ret; -.size _gcry_blowfish_amd64_cfb_dec,.-_gcry_blowfish_amd64_cfb_dec; +ELF(.size _gcry_blowfish_amd64_cfb_dec,.-_gcry_blowfish_amd64_cfb_dec;) #endif /*defined(USE_BLOWFISH)*/ #endif /*__x86_64*/ diff --git a/cipher/blowfish.c b/cipher/blowfish.c index ae470d8..a3fc26c 100644 --- a/cipher/blowfish.c +++ b/cipher/blowfish.c @@ -45,7 +45,8 @@ /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ #undef USE_AMD64_ASM -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) && \ +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \ (BLOWFISH_ROUNDS == 16) # define USE_AMD64_ASM 1 #endif @@ -280,22 +281,87 @@ extern void _gcry_blowfish_amd64_cbc_dec(BLOWFISH_context *ctx, byte *out, extern void _gcry_blowfish_amd64_cfb_dec(BLOWFISH_context *ctx, byte *out, const byte *in, byte *iv); +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS +static inline void +call_sysv_fn (const void *fn, const void *arg1, const void *arg2, + const void *arg3, const void *arg4) +{ + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ + asm volatile ("callq *%0\n\t" + : "+a" (fn), + "+D" (arg1), + "+S" (arg2), + "+d" (arg3), + "+c" (arg4) + : + : "cc", "memory", "r8", "r9", "r10", "r11"); +} +#endif + static void do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr ) { +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_blowfish_amd64_do_encrypt, bc, ret_xl, ret_xr, NULL); +#else _gcry_blowfish_amd64_do_encrypt (bc, ret_xl, ret_xr); +#endif } static void do_encrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf) { +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_blowfish_amd64_encrypt_block, context, outbuf, inbuf, + NULL); +#else _gcry_blowfish_amd64_encrypt_block (context, outbuf, inbuf); +#endif } static void do_decrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf) { +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_blowfish_amd64_decrypt_block, context, outbuf, inbuf, + NULL); +#else _gcry_blowfish_amd64_decrypt_block (context, outbuf, inbuf); +#endif +} + +static inline void +blowfish_amd64_ctr_enc(BLOWFISH_context *ctx, byte *out, const byte *in, + byte *ctr) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_blowfish_amd64_ctr_enc, ctx, out, in, ctr); +#else + _gcry_blowfish_amd64_ctr_enc(ctx, out, in, ctr); +#endif +} + +static inline void +blowfish_amd64_cbc_dec(BLOWFISH_context *ctx, byte *out, const byte *in, + byte *iv) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_blowfish_amd64_cbc_dec, ctx, out, in, iv); +#else + _gcry_blowfish_amd64_cbc_dec(ctx, out, in, iv); +#endif +} + +static inline void +blowfish_amd64_cfb_dec(BLOWFISH_context *ctx, byte *out, const byte *in, + byte *iv) +{ +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + call_sysv_fn (_gcry_blowfish_amd64_cfb_dec, ctx, out, in, iv); +#else + _gcry_blowfish_amd64_cfb_dec(ctx, out, in, iv); +#endif } static unsigned int @@ -605,7 +671,7 @@ _gcry_blowfish_ctr_enc(void *context, unsigned char *ctr, void *outbuf_arg, /* Process data in 4 block chunks. */ while (nblocks >= 4) { - _gcry_blowfish_amd64_ctr_enc(ctx, outbuf, inbuf, ctr); + blowfish_amd64_ctr_enc(ctx, outbuf, inbuf, ctr); nblocks -= 4; outbuf += 4 * BLOWFISH_BLOCKSIZE; @@ -674,7 +740,7 @@ _gcry_blowfish_cbc_dec(void *context, unsigned char *iv, void *outbuf_arg, /* Process data in 4 block chunks. */ while (nblocks >= 4) { - _gcry_blowfish_amd64_cbc_dec(ctx, outbuf, inbuf, iv); + blowfish_amd64_cbc_dec(ctx, outbuf, inbuf, iv); nblocks -= 4; outbuf += 4 * BLOWFISH_BLOCKSIZE; @@ -734,7 +800,7 @@ _gcry_blowfish_cfb_dec(void *context, unsigned char *iv, void *outbuf_arg, /* Process data in 4 block chunks. */ while (nblocks >= 4) { - _gcry_blowfish_amd64_cfb_dec(ctx, outbuf, inbuf, iv); + blowfish_amd64_cfb_dec(ctx, outbuf, inbuf, iv); nblocks -= 4; outbuf += 4 * BLOWFISH_BLOCKSIZE; commit c46b015bedba7ce0db68929bd33a86a54ab3d919 Author: Jussi Kivilinna Date: Sun May 3 17:06:56 2015 +0300 Enable AMD64 arcfour implementation on WIN64 * cipher/arcfour-amd64.S: Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (ELF): New macro to mask lines with ELF specific commands. * cipher/arcfour.c (USE_AMD64_ASM): Enable when HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS defined. (do_encrypt, do_decrypt) [HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS]: Use assembly block to call AMD64 assembly function. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/arcfour-amd64.S b/cipher/arcfour-amd64.S index 8b8031a..2e52ea0 100644 --- a/cipher/arcfour-amd64.S +++ b/cipher/arcfour-amd64.S @@ -15,12 +15,19 @@ #ifdef __x86_64__ #include -#if defined(USE_ARCFOUR) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(USE_ARCFOUR) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) + +#ifdef HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS +# define ELF(...) __VA_ARGS__ +#else +# define ELF(...) /*_*/ +#endif .text .align 16 .globl _gcry_arcfour_amd64 -.type _gcry_arcfour_amd64, at function +ELF(.type _gcry_arcfour_amd64, at function) _gcry_arcfour_amd64: push %rbp push %rbx @@ -91,7 +98,7 @@ _gcry_arcfour_amd64: pop %rbp ret .L__gcry_arcfour_amd64_end: -.size _gcry_arcfour_amd64,.L__gcry_arcfour_amd64_end-_gcry_arcfour_amd64 +ELF(.size _gcry_arcfour_amd64,.L__gcry_arcfour_amd64_end-_gcry_arcfour_amd64) #endif #endif diff --git a/cipher/arcfour.c b/cipher/arcfour.c index 27537bf..44e8ef4 100644 --- a/cipher/arcfour.c +++ b/cipher/arcfour.c @@ -33,7 +33,8 @@ /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ #undef USE_AMD64_ASM -#if defined(__x86_64__) && defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) +#if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ + defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) # define USE_AMD64_ASM 1 #endif @@ -53,7 +54,21 @@ static void encrypt_stream (void *context, byte *outbuf, const byte *inbuf, size_t length) { +#ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS + const void *fn = _gcry_arcfour_amd64; + /* Call SystemV ABI function without storing non-volatile XMM registers, + * as target function does not use vector instruction sets. */ + asm volatile ("callq *%0\n\t" + : "+a" (fn), + "+D" (context), + "+S" (length), + "+d" (inbuf), + "+c" (outbuf) + : + : "cc", "memory", "r8", "r9", "r10", "r11"); +#else _gcry_arcfour_amd64 (context, length, inbuf, outbuf ); +#endif } #else /*!USE_AMD64_ASM*/ commit ee8fc4edcb3466b03246c8720b90731bf274ff1d Author: Jussi Kivilinna Date: Thu May 14 10:02:51 2015 +0300 Update documentation for Poly1305-ChaCha20 AEAD, RFC-7539 * cipher/cipher-poly1305.c: Add RFC-7539 to header. * doc/gcrypt.texi: Update Poly1305 AEAD documentation with mention of RFC-7539; Drop Salsa from supported stream ciphers for Poly1305 AEAD. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/cipher-poly1305.c b/cipher/cipher-poly1305.c index f283333..965a7b6 100644 --- a/cipher/cipher-poly1305.c +++ b/cipher/cipher-poly1305.c @@ -1,4 +1,4 @@ -/* cipher-pol1305.c - Poly1305 based AEAD cipher mode +/* cipher-poly1305.c - Poly1305 based AEAD cipher mode, RFC-7539 * Copyright (C) 2014 Jussi Kivilinna * * This file is part of Libgcrypt. diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 8683ca8..ab4f685 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -1643,9 +1643,10 @@ Associated Data (AEAD) block cipher mode, which is specified in 'NIST Special Publication 800-38D'. @item GCRY_CIPHER_MODE_POLY1305 - at cindex Poly1305 based AEAD mode -Poly1305 is an Authenticated Encryption with Associated Data (AEAD) -mode, which can be used with ChaCha20 and Salsa20 stream ciphers. + at cindex Poly1305 based AEAD mode with ChaCha20 +This mode implements the Poly1305 Authenticated Encryption with Associated +Data (AEAD) mode according to RFC-7539. This mode can be used with ChaCha20 +stream cipher. @item GCRY_CIPHER_MODE_OCB @cindex OCB, OCB3 @@ -1687,7 +1688,7 @@ and the according constants. Note that some modes are incompatible with some algorithms - in particular, stream mode (@code{GCRY_CIPHER_MODE_STREAM}) only works with stream ciphers. Poly1305 AEAD mode (@code{GCRY_CIPHER_MODE_POLY1305}) only works with -ChaCha and Salsa stream ciphers. The block cipher modes +ChaCha20 stream cipher. The block cipher modes (@code{GCRY_CIPHER_MODE_ECB}, @code{GCRY_CIPHER_MODE_CBC}, @code{GCRY_CIPHER_MODE_CFB}, @code{GCRY_CIPHER_MODE_OFB} and @code{GCRY_CIPHER_MODE_CTR}) will work with any block cipher ----------------------------------------------------------------------- Summary of changes: cipher/arcfour-amd64.S | 13 ++++-- cipher/arcfour.c | 17 +++++++- cipher/blowfish-amd64.S | 46 ++++++++++++--------- cipher/blowfish.c | 74 +++++++++++++++++++++++++++++++-- cipher/camellia-aesni-avx-amd64.S | 41 +++++++++++-------- cipher/camellia-aesni-avx2-amd64.S | 29 ++++++++----- cipher/camellia-glue.c | 61 +++++++++++++++++++-------- cipher/cast5-amd64.S | 43 ++++++++++--------- cipher/cast5.c | 67 +++++++++++++++++++++++++++--- cipher/chacha20-avx2-amd64.S | 13 ++++-- cipher/chacha20-sse2-amd64.S | 13 ++++-- cipher/chacha20-ssse3-amd64.S | 13 ++++-- cipher/chacha20.c | 43 ++++++++++++++----- cipher/cipher-poly1305.c | 2 +- cipher/des-amd64.S | 29 ++++++++----- cipher/des.c | 61 +++++++++++++++++++++++++-- cipher/poly1305-avx2-amd64.S | 22 ++++++---- cipher/poly1305-internal.h | 27 +++++++++--- cipher/poly1305-sse2-amd64.S | 22 ++++++---- cipher/poly1305.c | 33 ++++++++------- cipher/salsa20-amd64.S | 17 +++++--- cipher/salsa20.c | 26 +++++++++--- cipher/serpent-avx2-amd64.S | 29 ++++++++----- cipher/serpent-sse2-amd64.S | 29 ++++++++----- cipher/serpent.c | 30 ++++++++++---- cipher/twofish-amd64.S | 37 ++++++++++------- cipher/twofish.c | 84 +++++++++++++++++++++++++++++++++++--- doc/gcrypt.texi | 9 ++-- 28 files changed, 699 insertions(+), 231 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 18 09:57:40 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 18 May 2015 09:57:40 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-31-g25e77c0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 25e77c0fd10e9a1d26c31c0a8ec1917b51da5cd2 (commit) via e89c36a6546515c2a19645356d8f80dd459f2075 (commit) from edd9a884604ff76e63d238504ede9b118655c55b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 25e77c0fd10e9a1d26c31c0a8ec1917b51da5cd2 Author: Neal H. Walfield Date: Mon May 18 09:57:00 2015 +0200 When checking for ncurses, first try using PKG_CHECK_MODULES. * m4/curses.m4: When checking for ncurses, first try using PKG_CHECK_MODULES. -- Patch-By: Alon Bar-Lev diff --git a/m4/curses.m4 b/m4/curses.m4 index 3a01881..792159c 100644 --- a/m4/curses.m4 +++ b/m4/curses.m4 @@ -28,13 +28,17 @@ AC_DEFUN([IU_LIB_NCURSES], [ AC_ARG_ENABLE(ncurses, [ --disable-ncurses don't prefer -lncurses over -lcurses], , enable_ncurses=yes) if test "$enable_ncurses" = yes; then - AC_CHECK_LIB(ncursesw, initscr, LIBNCURSES="-lncursesw", - AC_CHECK_LIB(ncurses, initscr, LIBNCURSES="-lncurses")) - if test "$ac_cv_lib_ncursesw_initscr" = yes; then - have_ncursesw=yes - else - have_ncursesw=no - fi + PKG_CHECK_MODULES([NCURSES], [ncursesw], [LIBNCURSES="${NCURSES_LIBS}" have_ncursesw=yes], [ + PKG_CHECK_MODULES([NCURSES], [ncurses], [LIBNCURSES="${NCURSES_LIBS}" have_ncursesw=no], [ + AC_CHECK_LIB(ncursesw, initscr, LIBNCURSES="-lncursesw", + AC_CHECK_LIB(ncurses, initscr, LIBNCURSES="-lncurses")) + if test "$ac_cv_lib_ncursesw_initscr" = yes; then + have_ncursesw=yes + else + have_ncursesw=no + fi + ]) + ]) if test "$LIBNCURSES"; then # Use ncurses header files instead of the ordinary ones, if possible; # is there a better way of doing this, that avoids looking in specific commit e89c36a6546515c2a19645356d8f80dd459f2075 Author: Neal H. Walfield Date: Mon May 18 09:52:38 2015 +0200 Purge dead code enabled by ENABLE_ENHANCED. diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index e7b9acc..a4ffb44 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -69,10 +69,6 @@ static GtkWidget *entry; static GtkWidget *repeat_entry; static GtkWidget *error_label; static GtkWidget *qualitybar; -#ifdef ENABLE_ENHANCED -static GtkWidget *insure; -static GtkWidget *time_out; -#endif static GtkTooltips *tooltips; static gboolean got_input; static guint timeout_source; @@ -189,16 +185,6 @@ button_clicked (GtkWidget *widget, gpointer data) const char *s, *s2; /* Okay button or enter used in text field. */ -#ifdef ENABLE_ENHANCED - /* FIXME: This is not compatible with assuan. We can't just - print stuff on stdout. */ - /* if (pinentry->enhanced) */ - /* printf ("Options: %s\nTimeout: %d\n\n", */ - /* gtk_toggle_button_get_active (GTK_TOGGLE_BUTTON (insure)) */ - /* ? "insure" : "", */ - /* gtk_spin_button_get_value_as_int (GTK_SPIN_BUTTON (time_out))); */ -#endif - s = gtk_secure_entry_get_text (GTK_SECURE_ENTRY (entry)); if (!s) s = ""; @@ -539,35 +525,6 @@ create_window (pinentry_t ctx, int confirm_mode) gtk_widget_show (entry); nrow++; } - - -#ifdef ENABLE_ENHANCED - if (pinentry->enhanced) - { - GtkWidget *sbox = gtk_hbox_new (FALSE, HIG_SMALL); - gtk_box_pack_start (GTK_BOX (box), sbox, FALSE, FALSE, 0); - - w = gtk_label_new ("Forget secret after"); - gtk_box_pack_start (GTK_BOX (sbox), w, FALSE, FALSE, 0); - gtk_widget_show (w); - - time_out = gtk_spin_button_new - (GTK_ADJUSTMENT (gtk_adjustment_new (0, 0, HUGE_VAL, 1, 60, 60)), - 2, 0); - gtk_box_pack_start (GTK_BOX (sbox), time_out, FALSE, FALSE, 0); - gtk_widget_show (time_out); - - w = gtk_label_new ("seconds"); - gtk_box_pack_start (GTK_BOX (sbox), w, FALSE, FALSE, 0); - gtk_widget_show (w); - gtk_widget_show (sbox); - - insure = gtk_check_button_new_with_label ("ask before giving out " - "secret"); - gtk_box_pack_start (GTK_BOX (box), insure, FALSE, FALSE, 0); - gtk_widget_show (insure); - } -#endif } bbox = gtk_hbutton_box_new (); diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 16b7289..1f57ab5 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -79,9 +79,6 @@ pinentry_reset (int use_defaults) /* These options are set from the command line. Don't reset them. */ int debug = pinentry.debug; -#ifdef ENABLE_ENHANCED - int enhanced = pinentry.enhanced; -#endif char *display = pinentry.display; int parent_wid = pinentry.parent_wid; @@ -155,9 +152,6 @@ pinentry_reset (int use_defaults) pinentry.touch_file = touch_file; pinentry.debug = debug; -#ifdef ENABLE_ENHANCED - pinentry.enhanced = enhanced; -#endif pinentry.display = display; pinentry.parent_wid = parent_wid; @@ -652,9 +646,6 @@ pinentry_parse_opts (int argc, char *argv[]) ARGPARSE_s_s('N', "ttytype", "|NAME|Set the tty terminal type"), ARGPARSE_s_s('C', "lc-ctype", "|STRING|Set the tty LC_CTYPE value"), ARGPARSE_s_s('M', "lc-messages", "|STRING|Set the tty LC_MESSAGES value"), -#ifdef ENABLE_ENHANCED - ARGPARSE_s_n('e', "enhanced", "Ask for timeout and insurance, too"), -#endif ARGPARSE_s_i('o', "timeout", "|SECS|Timeout waiting for input after this many seconds"), ARGPARSE_s_n('g', "no-global-grab", @@ -676,11 +667,6 @@ pinentry_parse_opts (int argc, char *argv[]) case 'd': pinentry.debug = 1; break; -#ifdef ENABLE_ENHANCED - case 'e': - pinentry.enhanced = 1; - break; -#endif case 'g': pinentry.grab = 0; break; diff --git a/pinentry/pinentry.h b/pinentry/pinentry.h index 19fdb55..a5882bf 100644 --- a/pinentry/pinentry.h +++ b/pinentry/pinentry.h @@ -27,8 +27,6 @@ extern "C" { #endif #endif -#undef ENABLE_ENHANCED - typedef enum { PINENTRY_COLOR_NONE, PINENTRY_COLOR_DEFAULT, PINENTRY_COLOR_BLACK, PINENTRY_COLOR_RED, @@ -90,11 +88,6 @@ struct pinentry /* The number of seconds before giving up while waiting for user input. */ int timeout; -#ifdef ENABLE_ENHANCED - /* True if enhanced mode is requested. */ - int enhanced; -#endif - /* True if caller should grab the keyboard. (Assuan: "OPTION grab" or "OPTION no-grab".) */ int grab; ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 43 ------------------------------------------- m4/curses.m4 | 18 +++++++++++------- pinentry/pinentry.c | 14 -------------- pinentry/pinentry.h | 7 ------- 4 files changed, 11 insertions(+), 71 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Mon May 18 22:35:18 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 18 May 2015 22:35:18 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-34-g6fdcad6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 6fdcad6a1f91bc769b03d2cb32f0b8001ed3ae19 (commit) via cade1ae102d5f4972f68b5bef0003f1ad1b3bde3 (commit) via 85646e9c08875214f6888df507c6f9ceb463a000 (commit) from 25e77c0fd10e9a1d26c31c0a8ec1917b51da5cd2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6fdcad6a1f91bc769b03d2cb32f0b8001ed3ae19 Author: Neal H. Walfield Date: Mon May 18 22:34:50 2015 +0200 curses: When creating the button text, respect underscores. * pinentry/pinentry-curses.c (MAKE_BUTTON): When creating the button text, respect underscores. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index fa88bdc..c3c202e 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -271,6 +271,7 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) { \ int len; \ char *msg; \ + int i, j; \ \ msg = pinentry->which; \ if (! msg) \ @@ -284,10 +285,22 @@ dialog_create (pinentry_t pinentry, dialog_t dialog) pinentry->specific_err = ASSUAN_Out_Of_Core; \ goto out; \ } \ - new[0] = '<'; \ - memcpy (&new[1], msg, len); \ - new[len + 1] = '>'; \ - new[len + 2] = '\0'; \ + \ + new[0] = '<'; \ + for (i = 0, j = 1; i < len; i ++, j ++) \ + { \ + if (msg[i] == '_') \ + { \ + i ++; \ + if (msg[i] == 0) \ + /* _ at end of string. */ \ + break; \ + } \ + new[j] = msg[i]; \ + } \ + \ + new[j] = '>'; \ + new[j + 1] = 0; \ } \ dialog->which = pinentry_utf8_to_local (pinentry->lc_ctype, \ new ? new : default); \ commit cade1ae102d5f4972f68b5bef0003f1ad1b3bde3 Author: Neal H. Walfield Date: Mon May 18 22:23:56 2015 +0200 curses: Make control-l repaint the screen. * pinentry/pinentry-curses.c (dialog_input): Make control-l repaint the screen. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 20e2a22..fa88bdc 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -705,6 +705,12 @@ dialog_input (dialog_t diag, int alt, int chr) } break; + case 'l' - 'a' + 1: /* control-l */ + /* Refresh the screen. */ + endwin (); + refresh (); + break; + case 'u' - 'a' + 1: /* control-u */ /* Erase the whole line. */ if (diag->pin_len > 0) commit 85646e9c08875214f6888df507c6f9ceb463a000 Author: Neal H. Walfield Date: Mon May 18 22:23:26 2015 +0200 curses: Make control-h an alias for backspace. * pinentry/pinentry-curses.c (dialog_input): Add control-h an alias for backspace. diff --git a/pinentry/pinentry-curses.c b/pinentry/pinentry-curses.c index 183fdb4..20e2a22 100644 --- a/pinentry/pinentry-curses.c +++ b/pinentry/pinentry-curses.c @@ -691,6 +691,7 @@ dialog_input (dialog_t diag, int alt, int chr) switch (chr) { case KEY_BACKSPACE: + case 'h' - 'a' + 1: /* control-h. */ if (diag->pin_len > 0) { diag->pin_len--; ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry-curses.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 03:22:49 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 19 May 2015 03:22:49 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.19-5-gb3fd304 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via b3fd30451a5464b124b0296afbc341cb98b3977c (commit) from 04667cabef2d6aaa214b288482bb902c891893a5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b3fd30451a5464b124b0296afbc341cb98b3977c Author: NIIBE Yutaka Date: Tue May 19 10:14:09 2015 +0900 g10: Improve handling of no corresponding public key. * g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not exact match. -- In the situation of corrupted .gnupg/ where only private subkey is available but no corresponding public key of the subkey, the code returned public primary key which caused mysterious error (for a user). This fix detects an error earlier. GnuPG-bug-id: 1422 Debian-Bug-Id: #638619 diff --git a/g10/getkey.c b/g10/getkey.c index d5d1135..fc3c179 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -498,7 +498,19 @@ get_seckey( PKT_secret_key *sk, u32 *keyid ) ctx.req_usage = sk->req_usage; rc = lookup( &ctx, &kb, 1 ); if ( !rc ) { + u32 skid[2]; + sk_from_block ( &ctx, sk, kb ); + keyid_from_sk ( sk, skid ); + /* + * Make sure it's exact match of keyid. + * If not, it's secret subkey with no public key. + */ + if (!(keyid[0] == skid[0] && keyid[1] == skid[1])) { + log_error (_("key %s: secret key without public key" + " - skipped\n"), keystr(keyid)); + rc = G10ERR_NO_PUBKEY; + } } get_seckey_end( &ctx ); release_kbnode ( kb ); ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 03:36:23 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 19 May 2015 03:36:23 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.4-4-gc771963 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c771963140cad7c1c25349bcde27e427effc0058 (commit) from 5038276fc47ca8406eb41c640d96f8ec7d2f5f88 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c771963140cad7c1c25349bcde27e427effc0058 Author: NIIBE Yutaka Date: Tue May 19 10:32:07 2015 +0900 g10: detects public key encryption packet error properly. g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for encryption. diff --git a/g10/mainproc.c b/g10/mainproc.c index e72d076..c90b9e3 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -406,12 +406,10 @@ proc_pubkey_enc (CTX c, PACKET *pkt) c->dek = NULL; } } - else if (is_ELGAMAL(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_DSA - || enc->pubkey_algo == PUBKEY_ALGO_ECDSA - || enc->pubkey_algo == PUBKEY_ALGO_EDDSA + else if (enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E || enc->pubkey_algo == PUBKEY_ALGO_ECDH - || is_RSA (enc->pubkey_algo) + || enc->pubkey_algo == PUBKEY_ALGO_RSA + || enc->pubkey_algo == PUBKEY_ALGO_RSA_E || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) { /* Note that we also allow type 20 Elgamal keys for decryption. ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 03:47:11 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 19 May 2015 03:47:11 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-20-g80b6d61 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 80b6d614b7b53058da11ae239e8f1c69f167a200 (commit) via 76e2aa739c0c75a9de7059daebdf2823582d8b24 (commit) from be136273454532d94a955fbbcfa1544b47cad954 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 80b6d614b7b53058da11ae239e8f1c69f167a200 Author: NIIBE Yutaka Date: Tue May 19 10:32:07 2015 +0900 g10: detects public key encryption packet error properly. g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for encryption. -- (backport from 2.1 commit c771963140cad7c1c25349bcde27e427effc0058) diff --git a/g10/mainproc.c b/g10/mainproc.c index be4c73d..17d40de 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -387,9 +387,9 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) xfree(c->dek); c->dek = NULL; } } - else if( is_ELGAMAL(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_DSA - || is_RSA(enc->pubkey_algo) + else if( enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E + || enc->pubkey_algo == PUBKEY_ALGO_RSA + || enc->pubkey_algo == PUBKEY_ALGO_RSA_E || enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL) { /* Note that we also allow type 20 Elgamal keys for decryption. There are still a couple of those keys in active use as a commit 76e2aa739c0c75a9de7059daebdf2823582d8b24 Author: NIIBE Yutaka Date: Tue May 19 10:14:09 2015 +0900 g10: Improve handling of no corresponding public key. * g10/getkey.c (get_seckey): Return G10ERR_NO_PUBKEY when it's not exact match. -- (ported from 1.4 commit b3fd30451a5464b124b0296afbc341cb98b3977c) In the situation of corrupted .gnupg/ where only private subkey is available but no corresponding public key of the subkey, the code returned public primary key which caused mysterious error (for a user). This fix detects an error earlier. GnuPG-bug-id: 1422 Debian-Bug-Id: #638619 diff --git a/g10/getkey.c b/g10/getkey.c index 8b3cf2d..a27c8e2 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -500,7 +500,19 @@ get_seckey( PKT_secret_key *sk, u32 *keyid ) ctx.req_usage = sk->req_usage; rc = lookup( &ctx, &kb, 1 ); if ( !rc ) { + u32 skid[2]; + sk_from_block ( &ctx, sk, kb ); + keyid_from_sk ( sk, skid ); + /* + * Make sure it's exact match of keyid. + * If not, it's secret subkey with no public key. + */ + if (!(keyid[0] == skid[0] && keyid[1] == skid[1])) { + log_error (_("key %s: secret key without public key" + " - skipped\n"), keystr(keyid)); + rc = G10ERR_NO_PUBKEY; + } } get_seckey_end( &ctx ); release_kbnode ( kb ); ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 12 ++++++++++++ g10/mainproc.c | 6 +++--- 2 files changed, 15 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 03:48:46 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Tue, 19 May 2015 03:48:46 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.19-6-gf3b00d8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via f3b00d88efa25e23f70b757cf99302af77d3d7ae (commit) from b3fd30451a5464b124b0296afbc341cb98b3977c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f3b00d88efa25e23f70b757cf99302af77d3d7ae Author: NIIBE Yutaka Date: Tue May 19 10:47:42 2015 +0900 g10: detects public key encryption packet error properly. g10/mainproc.c (proc_pubkey_enc): Only allow relevant algorithms for encryption. -- (backported from 2.1 commit c771963140cad7c1c25349bcde27e427effc0058) diff --git a/g10/mainproc.c b/g10/mainproc.c index 2cf6dbc..a773fde 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -401,9 +401,9 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) xfree(c->dek); c->dek = NULL; } } - else if( is_ELGAMAL(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_DSA - || is_RSA(enc->pubkey_algo) + else if( enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E + || enc->pubkey_algo == PUBKEY_ALGO_RSA + || enc->pubkey_algo == PUBKEY_ALGO_RSA_E || (RFC2440 && enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL)) { /* Note that we also allow type 20 Elgamal keys for decryption. There are still a couple of those keys in active use as a ----------------------------------------------------------------------- Summary of changes: g10/mainproc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 10:45:54 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 19 May 2015 10:45:54 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-35-g516e010 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 516e01049e9829020b40ddbcf387d4c5c05b1c3f (commit) from 6fdcad6a1f91bc769b03d2cb32f0b8001ed3ae19 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 516e01049e9829020b40ddbcf387d4c5c05b1c3f Author: Neal H. Walfield Date: Tue May 19 10:45:45 2015 +0200 If there is an error message, show it and don't read from the cache. * pinentry/pinentry.c (cmd_getpin): If PINENTRY.ERROR is not NULL, don't read the password from the cache. diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 1f57ab5..811cee4 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1114,7 +1114,10 @@ cmd_getpin (ASSUAN_CONTEXT ctx, char *line) && pinentry.allow_external_password_cache && pinentry.keyinfo /* Only read from the cache if we haven't already tried it. */ - && ! pinentry.tried_password_cache) + && ! pinentry.tried_password_cache + /* If the last read resulted in an error, then don't read from + the cache. */ + && ! pinentry.error) { char *password; ----------------------------------------------------------------------- Summary of changes: pinentry/pinentry.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 11:14:36 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 19 May 2015 11:14:36 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-36-g72b653d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 72b653d8088ce508ab688c68d88c363832d50eb7 (commit) from 516e01049e9829020b40ddbcf387d4c5c05b1c3f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 72b653d8088ce508ab688c68d88c363832d50eb7 Author: Neal H. Walfield Date: Tue May 19 11:14:33 2015 +0200 Provide an Assuan command to clear a cached password. * pinentry/password-cache.c (password_cache_clear): New function. * pinentry/password-cache.h (password_cache_clear): New declaration. * pinentry/pinentry.c (cmd_getinfo): New function. (register_commands): Have the Assuan command "CLEARPASSPHRASE" call it. diff --git a/pinentry/password-cache.c b/pinentry/password-cache.c index 3548cdf..ba06b13 100644 --- a/pinentry/password-cache.c +++ b/pinentry/password-cache.c @@ -135,3 +135,29 @@ password_cache_lookup (const char *keygrip) return NULL; #endif } + +/* Try and remove the cached password for key grip. Returns -1 on + error, 0 if the key is not found and 1 if the password was + removed. */ +int +password_cache_clear (const char *keygrip) +{ +#ifdef HAVE_LIBSECRET + GError *error = NULL; + int removed = secret_password_clear_sync (gpg_schema (), NULL, &error, + "keygrip", keygrip, NULL); + if (error != NULL) + { + printf("Failed to clear password for key %s with secret service: %s\n", + keygrip, error->message); + debug(error->message); + g_error_free (error); + return -1; + } + if (removed) + return 1; + return 0; +#else + return -1; +#endif +} diff --git a/pinentry/password-cache.h b/pinentry/password-cache.h index 7c6cd5a..0bc8788 100644 --- a/pinentry/password-cache.h +++ b/pinentry/password-cache.h @@ -24,4 +24,6 @@ void password_cache_save (const char *key_grip, const char *password); char *password_cache_lookup (const char *key_grip); +int password_cache_clear (const char *keygrip); + #endif diff --git a/pinentry/pinentry.c b/pinentry/pinentry.c index 811cee4..9a6a090 100644 --- a/pinentry/pinentry.c +++ b/pinentry/pinentry.c @@ -1301,6 +1301,30 @@ cmd_getinfo (assuan_context_t ctx, char *line) return rc; } +/* CLEARPASSPHRASE + + Clear the cache passphrase associated with the key identified by + cacheid. + */ +static int +cmd_clear_passphrase (ASSUAN_CONTEXT ctx, char *line) +{ + if (! line) + return ASSUAN_Invalid_Value; + + /* Remove leading and trailing white space. */ + while (*line == ' ') + line ++; + while (line[strlen (line) - 1] == ' ') + line[strlen (line) - 1] = 0; + + switch (password_cache_clear (line)) + { + case 1: return 0; + case 0: return ASSUAN_Invalid_Value; + default: return ASSUAN_General_Error; + } +} /* Tell the assuan library about our commands. */ static int @@ -1330,6 +1354,7 @@ register_commands (ASSUAN_CONTEXT ctx) { "GETINFO", 0, cmd_getinfo }, { "SETTITLE", 0, cmd_settitle }, { "SETTIMEOUT", 0, cmd_settimeout }, + { "CLEARPASSPHRASE", 0, cmd_clear_passphrase }, { NULL } }; int i, j, rc; ----------------------------------------------------------------------- Summary of changes: pinentry/password-cache.c | 26 ++++++++++++++++++++++++++ pinentry/password-cache.h | 2 ++ pinentry/pinentry.c | 25 +++++++++++++++++++++++++ 3 files changed, 53 insertions(+) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 15:32:18 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 19 May 2015 15:32:18 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.4-6-g3a93054 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3a9305439b75ccd4446378d4fd87da087fd9c892 (commit) via e201c20f25e7bed29088186c5f717d43047a0f4b (commit) from c771963140cad7c1c25349bcde27e427effc0058 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3a9305439b75ccd4446378d4fd87da087fd9c892 Author: Neal H. Walfield Date: Tue May 19 15:00:16 2015 +0200 agent: When the password cache is cleared, also clear the ext. cache. * agent/agent.h (agent_clear_passphrase): New declaration. * agent/call-pinentry.c (agent_clear_passphrase): New function. * agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase. -- Signed-off-by: Neal H. Walfield diff --git a/agent/agent.h b/agent/agent.h index d5d6392..dbbf689 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -374,7 +374,8 @@ int agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn); int agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn); void agent_popup_message_stop (ctrl_t ctrl); - +int agent_clear_passphrase (ctrl_t ctrl, + const char *keyinfo, cache_mode_t cache_mode); /*-- cache.c --*/ void initialize_module_cache (void); diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index abfea93..018a609 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -1416,3 +1416,29 @@ agent_popup_message_stop (ctrl_t ctrl) /* Now we can close the connection. */ unlock_pinentry (0); } + +int +agent_clear_passphrase (ctrl_t ctrl, + const char *keyinfo, cache_mode_t cache_mode) +{ + int rc; + char line[ASSUAN_LINELENGTH]; + + if (! (keyinfo && (cache_mode == CACHE_MODE_NORMAL + || cache_mode == CACHE_MODE_USER + || cache_mode == CACHE_MODE_SSH))) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + rc = start_pinentry (ctrl); + if (rc) + return rc; + + snprintf (line, DIM(line)-1, "CLEARPASSPHRASE %c/%s", + cache_mode == CACHE_MODE_USER? 'u' : + cache_mode == CACHE_MODE_SSH? 's' : 'n', + keyinfo); + rc = assuan_transact (entry_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + + return unlock_pinentry (rc); +} diff --git a/agent/command.c b/agent/command.c index 8ed9a0f..a5dce44 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1602,6 +1602,10 @@ cmd_clear_passphrase (assuan_context_t ctx, char *line) agent_put_cache (cacheid, opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER, NULL, 0); + + agent_clear_passphrase (ctrl, cacheid, + opt_normal ? CACHE_MODE_NORMAL : CACHE_MODE_USER); + return 0; } commit e201c20f25e7bed29088186c5f717d43047a0f4b Author: Neal H. Walfield Date: Tue May 19 14:58:04 2015 +0200 agent: Modify agent_clear_passphrase to support an ext. password cache. * agent/agent.h (agent_get_passphrase): Add arguments keyinfo and cache_mode. Update callers. * agent/call-pinentry.c (agent_get_passphrase): Add arguments keyinfo and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO to the pinentry. -- Signed-off-by: Neal H. Walfield diff --git a/agent/agent.h b/agent/agent.h index 45f71eb..d5d6392 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -366,7 +366,8 @@ int agent_askpin (ctrl_t ctrl, const char *keyinfo, cache_mode_t cache_mode); int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, - const char *errtext, int with_qualitybar); + const char *errtext, int with_qualitybar, + const char *keyinfo, cache_mode_t cache_mode); int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok, const char *notokay, int with_cancel); int agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn); diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 5c3743a..abfea93 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -1015,7 +1015,8 @@ agent_askpin (ctrl_t ctrl, int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, - const char *errtext, int with_qualitybar) + const char *errtext, int with_qualitybar, + const char *keyinfo, cache_mode_t cache_mode) { int rc; @@ -1060,6 +1061,26 @@ agent_get_passphrase (ctrl_t ctrl, prompt = desc && strstr (desc, "PIN")? "PIN": _("Passphrase"); + /* If we have a KEYINFO string and are normal, user, or ssh cache + mode, we tell that the Pinentry so it may use it for own caching + purposes. Most pinentries won't have this implemented and thus + we do not error out in this case. */ + if (keyinfo && (cache_mode == CACHE_MODE_NORMAL + || cache_mode == CACHE_MODE_USER + || cache_mode == CACHE_MODE_SSH)) + snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s", + cache_mode == CACHE_MODE_USER? 'u' : + cache_mode == CACHE_MODE_SSH? 's' : 'n', + keyinfo); + else + snprintf (line, DIM(line)-1, "SETKEYINFO --clear"); + + rc = assuan_transact (entry_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) + return unlock_pinentry (rc); + + if (desc) snprintf (line, DIM(line)-1, "SETDESC %s", desc); else diff --git a/agent/command.c b/agent/command.c index 3188bbd..8ed9a0f 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1519,7 +1519,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) next_try: rc = agent_get_passphrase (ctrl, &response, desc, prompt, repeat_errtext? repeat_errtext:errtext, - opt_qualbar); + opt_qualbar, cacheid, CACHE_MODE_USER); xfree (repeat_errtext); repeat_errtext = NULL; if (!rc) @@ -1536,7 +1536,8 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) char *response2; rc = agent_get_passphrase (ctrl, &response2, desc2, prompt, - errtext, 0); + errtext, 0, + cacheid, CACHE_MODE_USER); if (rc) break; if (strcmp (response2, response)) ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 6 ++++-- agent/call-pinentry.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- agent/command.c | 9 +++++++-- 3 files changed, 59 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 15:33:12 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 19 May 2015 15:33:12 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-21-gdde8ddf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b (commit) from 80b6d614b7b53058da11ae239e8f1c69f167a200 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b Author: Neal H. Walfield Date: Tue May 19 13:53:43 2015 +0200 agent: Backport changes from 2.1 to support an external password manager. * agent/agent.h (agent_askpin): Add arguments keyinfo and cache_mode. Update callers. (agent_get_passphrase): Likewise. (agent_clear_passphrase): New function. (opt): Add field allow_external_cache. * agent/call-pinentry.c (start_pinentry): Send "OPTION allow-external-password-cache" to the pinentry. (PINENTRY_STATUS_PASSWORD_FROM_CACHE): New constant. (pinentry_status_cb): New function. (agent_askpin): Add arguments keyinfo and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO to the pinentry. Pass PINENTRY_STATUS_CB to the "GETPIN" invocation. If the passphrase was incorrect and PINENTRY_STATUS_PASSWORD_FROM_CACHE is set, decrement PININFO->FAILED_TRIES. (agent_get_passphrase): Add arguments keyinfo and cache_mode. If KEYINFO and CACHE_MODE describe a cachable key, then send SETKEYINFO to the pinentry. (agent_clear_passphrase): New function. * agent/call-pinentry.c (start_pinentry): Act upon new var, allow_external_cache. * agent/command.c (cmd_clear_passphrase): Call agent_clear_passphrase. * agent/gpg-agent.c (oNoAllowExternalCache): New. (opts): Add option --no-allow-external-cache. (parse_rereadable_options): Set this option. -- Signed-off-by: Neal H. Walfield Based on commits: 3a9305439b75ccd4446378d4fd87da087fd9c892 e201c20f25e7bed29088186c5f717d43047a0f4b d7293cb317acc40cc9e5189cef33fe9d8b47e62a 56b5c9f94f2e55d096be585ed061ccf1c9ec0de6 d3b5cad2346bd5747789dc62d7804fa5c15f4f3b 2180845959839705200e3172dbafc94b70b9007f diff --git a/agent/agent.h b/agent/agent.h index 938a9aa..f81743f 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -104,6 +104,12 @@ struct int ignore_cache_for_signing; int allow_mark_trusted; int allow_preset_passphrase; + + /* Allow the use of an external password cache. If this option is + enabled (which is the default) we send an option to Pinentry + to allow it to enable such a cache. */ + int allow_external_cache; + int keep_tty; /* Don't switch the TTY (for pinentry) on request */ int keep_display; /* Don't switch the DISPLAY (for pinentry) on request */ int ssh_support; /* Enable ssh-agent emulation. */ @@ -273,16 +279,20 @@ int pinentry_active_p (ctrl_t ctrl, int waitseconds); int agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *inital_errtext, - struct pin_entry_info_s *pininfo); + struct pin_entry_info_s *pininfo, + const char *keyinfo, cache_mode_t cache_mode); int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, - const char *errtext, int with_qualitybar); + const char *errtext, int with_qualitybar, + const char *keyinfo, cache_mode_t cache_mode); int agent_get_confirmation (ctrl_t ctrl, const char *desc, const char *ok, const char *notokay, int with_cancel); int agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn); int agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn); void agent_popup_message_stop (ctrl_t ctrl); +int agent_clear_passphrase (ctrl_t ctrl, + const char *keyinfo, cache_mode_t cache_mode); /*-- cache.c --*/ diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index c945c13..75e1b23 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -352,6 +352,19 @@ start_pinentry (ctrl_t ctrl) if (rc) return unlock_pinentry (rc); + + /* Indicate to the pinentry that it may read from an external cache. + + It is essential that the pinentry respect this. If the cached + password is not up to date and retry == 1, then, using a version + of GPG Agent that doesn't support this, won't issue another pin + request and the user won't get a chance to correct the + password. */ + rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) + return unlock_pinentry (rc); + value = session_env_getenv (ctrl->session_env, "GPG_TTY"); if (value) { @@ -399,6 +412,22 @@ start_pinentry (ctrl_t ctrl) return unlock_pinentry (rc); } + if (opt.allow_external_cache) + { + /* Indicate to the pinentry that it may read from an external cache. + + It is essential that the pinentry respect this. If the + cached password is not up to date and retry == 1, then, using + a version of GPG Agent that doesn't support this, won't issue + another pin request and the user won't get a chance to + correct the password. */ + rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) + return unlock_pinentry (rc); + } + + { /* Provide a few default strings for use by the pinentries. This may help a pinentry to avoid implementing localization code. */ @@ -411,6 +440,7 @@ start_pinentry (ctrl_t ctrl) { "ok", N_("|pinentry-label|_OK") }, { "cancel", N_("|pinentry-label|_Cancel") }, { "prompt", N_("|pinentry-label|PIN:") }, + { "pwmngr", N_("|pinentry-label|_Save in password manager") }, { NULL, NULL} }; char *optstr; @@ -700,15 +730,36 @@ setup_qualitybar (void) } +enum + { + PINENTRY_STATUS_PASSWORD_FROM_CACHE = 1 << 9 + }; + +/* Check the button_info line for a close action. Also check for the + PIN_REPEATED flag. */ +static gpg_error_t +pinentry_status_cb (void *opaque, const char *line) +{ + unsigned int *flag = opaque; + + if (strcmp (line, "PASSWORD_FROM_CACHE") == 0) + { + *flag |= PINENTRY_STATUS_PASSWORD_FROM_CACHE; + } + + return 0; +} /* Call the Entry and ask for the PIN. We do check for a valid PIN number here and repeat it as long as we have invalid formed - numbers. */ + numbers. KEYINFO and CACHEMODE are used to tell pinentry something + about the key. */ int agent_askpin (ctrl_t ctrl, const char *desc_text, const char *prompt_text, const char *initial_errtext, - struct pin_entry_info_s *pininfo) + struct pin_entry_info_s *pininfo, + const char *keyinfo, cache_mode_t cache_mode) { int rc; char line[ASSUAN_LINELENGTH]; @@ -716,6 +767,7 @@ agent_askpin (ctrl_t ctrl, const char *errtext = NULL; int is_pin = 0; int saveflag; + unsigned int pinentry_status; if (opt.batch) return 0; /* fixme: we should return BAD PIN */ @@ -738,6 +790,25 @@ agent_askpin (ctrl_t ctrl, if (rc) return rc; + /* If we have a KEYINFO string and are normal, user, or ssh cache + mode, we tell that the Pinentry so it may use it for own caching + purposes. Most pinentries won't have this implemented and thus + we do not error out in this case. */ + if (keyinfo && (cache_mode == CACHE_MODE_NORMAL + || cache_mode == CACHE_MODE_USER + || cache_mode == CACHE_MODE_SSH)) + snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s", + cache_mode == CACHE_MODE_USER? 'u' : + cache_mode == CACHE_MODE_SSH? 's' : 'n', + keyinfo); + else + snprintf (line, DIM(line)-1, "SETKEYINFO --clear"); + + rc = assuan_transact (entry_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) + return unlock_pinentry (rc); + snprintf (line, DIM(line)-1, "SETDESC %s", desc_text); line[DIM(line)-1] = 0; rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); @@ -792,11 +863,13 @@ agent_askpin (ctrl_t ctrl, return unlock_pinentry (rc); errtext = NULL; } - + saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); + pinentry_status = 0; rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm, - inq_quality, entry_ctx, NULL, NULL); + inq_quality, entry_ctx, + pinentry_status_cb, &pinentry_status); assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag); /* Most pinentries out in the wild return the old Assuan error code for canceled which gets translated to an assuan Cancel error and @@ -840,6 +913,11 @@ agent_askpin (ctrl_t ctrl, if (!errtext) return unlock_pinentry (0); /* okay, got a PIN or passphrase */ + + if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) + /* The password was read from the cache. Don't count this + against the retry count. */ + pininfo->failed_tries --; } return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN @@ -849,11 +927,12 @@ agent_askpin (ctrl_t ctrl, /* Ask for the passphrase using the supplied arguments. The returned - passphrase needs to be freed by the caller. */ + passphrase needs to be freed by the caller. */ int agent_get_passphrase (ctrl_t ctrl, char **retpass, const char *desc, const char *prompt, - const char *errtext, int with_qualitybar) + const char *errtext, int with_qualitybar, + const char *keyinfo, cache_mode_t cache_mode) { int rc; @@ -873,6 +952,26 @@ agent_get_passphrase (ctrl_t ctrl, prompt = desc && strstr (desc, "PIN")? "PIN": _("Passphrase"); + /* If we have a KEYINFO string and are normal, user, or ssh cache + mode, we tell that the Pinentry so it may use it for own caching + purposes. Most pinentries won't have this implemented and thus + we do not error out in this case. */ + if (keyinfo && (cache_mode == CACHE_MODE_NORMAL + || cache_mode == CACHE_MODE_USER + || cache_mode == CACHE_MODE_SSH)) + snprintf (line, DIM(line)-1, "SETKEYINFO %c/%s", + cache_mode == CACHE_MODE_USER? 'u' : + cache_mode == CACHE_MODE_SSH? 's' : 'n', + keyinfo); + else + snprintf (line, DIM(line)-1, "SETKEYINFO --clear"); + + rc = assuan_transact (entry_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) + return unlock_pinentry (rc); + + if (desc) snprintf (line, DIM(line)-1, "SETDESC %s", desc); else @@ -1185,3 +1284,28 @@ agent_popup_message_stop (ctrl_t ctrl) } +int +agent_clear_passphrase (ctrl_t ctrl, + const char *keyinfo, cache_mode_t cache_mode) +{ + int rc; + char line[ASSUAN_LINELENGTH]; + + if (! (keyinfo && (cache_mode == CACHE_MODE_NORMAL + || cache_mode == CACHE_MODE_USER + || cache_mode == CACHE_MODE_SSH))) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + rc = start_pinentry (ctrl); + if (rc) + return rc; + + snprintf (line, DIM(line)-1, "CLEARPASSPHRASE %c/%s", + cache_mode == CACHE_MODE_USER? 'u' : + cache_mode == CACHE_MODE_SSH? 's' : 'n', + keyinfo); + rc = assuan_transact (entry_ctx, line, + NULL, NULL, NULL, NULL, NULL, NULL); + + return unlock_pinentry (rc); +} diff --git a/agent/command-ssh.c b/agent/command-ssh.c index ea6080a..2aacecc 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -2881,7 +2881,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm) pi2->check_cb_arg = pi->pin; next_try: - err = agent_askpin (ctrl, description, NULL, initial_errtext, pi); + err = agent_askpin (ctrl, description, NULL, initial_errtext, pi, NULL, 0); initial_errtext = NULL; if (err) goto out; @@ -2889,7 +2889,7 @@ ssh_identity_register (ctrl_t ctrl, gcry_sexp_t key, int ttl, int confirm) /* Unless the passphrase is empty, ask to confirm it. */ if (pi->pin && *pi->pin) { - err = agent_askpin (ctrl, description2, NULL, NULL, pi2); + err = agent_askpin (ctrl, description2, NULL, NULL, pi2, NULL, 0); if (err == -1) { /* The re-entered one did not match and the user did not hit cancel. */ diff --git a/agent/command.c b/agent/command.c index 2405c54..765f916 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1269,8 +1269,8 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) next_try: rc = agent_get_passphrase (ctrl, &response, desc, prompt, - repeat_errtext? repeat_errtext:errtext, - opt_qualbar); + repeat_errtext? repeat_errtext:errtext, + opt_qualbar, cacheid, CACHE_MODE_USER); xfree (repeat_errtext); repeat_errtext = NULL; if (!rc) @@ -1287,7 +1287,8 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) char *response2; rc = agent_get_passphrase (ctrl, &response2, desc2, prompt, - errtext, 0); + errtext, 0, + cacheid, CACHE_MODE_USER); if (rc) break; if (strcmp (response2, response)) @@ -1329,6 +1330,7 @@ static const char hlp_clear_passphrase[] = static gpg_error_t cmd_clear_passphrase (assuan_context_t ctx, char *line) { + ctrl_t ctrl = assuan_get_pointer (ctx); char *cacheid = NULL; char *p; @@ -1343,6 +1345,9 @@ cmd_clear_passphrase (assuan_context_t ctx, char *line) return set_error (GPG_ERR_ASS_PARAMETER, "invalid length of cacheID"); agent_put_cache (cacheid, CACHE_MODE_USER, NULL, 0); + + agent_clear_passphrase (ctrl, cacheid, CACHE_MODE_USER); + return 0; } diff --git a/agent/divert-scd.c b/agent/divert-scd.c index 1f36f6e..34ef498 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -266,7 +266,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) if (any_flags) { - rc = agent_askpin (ctrl, info, prompt, again_text, pi); + rc = agent_askpin (ctrl, info, prompt, again_text, pi, NULL, 0); again_text = NULL; if (!rc && newpin) { @@ -288,7 +288,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) is_puk? _("Repeat this PUK"): _("Repeat this PIN")), - prompt, NULL, pi2); + prompt, NULL, pi2, NULL, 0); if (!rc && strcmp (pi->pin, pi2->pin)) { again_text = (resetcode? @@ -312,7 +312,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) info? info:"", info? "')":"") < 0) desc = NULL; - rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi); + rc = agent_askpin (ctrl, desc?desc:info, prompt, NULL, pi, NULL, 0); xfree (desc); } diff --git a/agent/findkey.c b/agent/findkey.c index 550e403..6d85cfd 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -393,7 +393,7 @@ unprotect (ctrl_t ctrl, const char *desc_text, arg.change_required = 0; pi->check_cb_arg = &arg; - rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi); + rc = agent_askpin (ctrl, desc_text, NULL, NULL, pi, hexgrip, cache_mode); if (!rc) { assert (arg.unprotected_key); diff --git a/agent/genkey.c b/agent/genkey.c index d5af9e0..65477ad 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -321,7 +321,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen, pi2->check_cb_arg = pi->pin; next_try: - rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi); + rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0); initial_errtext = NULL; if (!rc) { @@ -333,7 +333,7 @@ agent_genkey (ctrl_t ctrl, const char *keyparam, size_t keyparamlen, } if (pi->pin && *pi->pin) { - rc = agent_askpin (ctrl, text2, NULL, NULL, pi2); + rc = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0); if (rc == -1) { /* The re-entered one did not match and the user did not hit cancel. */ @@ -443,7 +443,7 @@ agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey) pi2->check_cb_arg = pi->pin; next_try: - rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi); + rc = agent_askpin (ctrl, text1, NULL, initial_errtext, pi, NULL, 0); initial_errtext = NULL; if (!rc) { @@ -456,7 +456,7 @@ agent_protect_and_store (ctrl_t ctrl, gcry_sexp_t s_skey) /* Unless the passphrase is empty, ask to confirm it. */ if (pi->pin && *pi->pin) { - rc = agent_askpin (ctrl, text2, NULL, NULL, pi2); + rc = agent_askpin (ctrl, text2, NULL, NULL, pi2, NULL, 0); if (rc == -1) { /* The re-entered one did not match and the user did not hit cancel. */ diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index bf2a26d..479f918 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -114,6 +114,7 @@ enum cmd_and_opt_values oAllowMarkTrusted, oNoAllowMarkTrusted, oAllowPresetPassphrase, + oNoAllowExternalCache, oKeepTTY, oKeepDISPLAY, oSSHSupport, @@ -198,6 +199,8 @@ static ARGPARSE_OPTS opts[] = { "@" #endif }, + { oNoAllowExternalCache, "no-allow-external-cache", 0, + N_("disallow the use of an external password cache") }, { oWriteEnvFile, "write-env-file", 2|8, N_("|FILE|write environment settings also to FILE")}, {0} @@ -509,6 +512,7 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.ignore_cache_for_signing = 0; opt.allow_mark_trusted = 1; opt.disable_scdaemon = 0; + opt.allow_external_cache = 1; return 1; } @@ -571,6 +575,9 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) case oAllowPresetPassphrase: opt.allow_preset_passphrase = 1; break; + case oNoAllowExternalCache: opt.allow_external_cache = 0; + break; + default: return 0; /* not handled */ } @@ -969,6 +976,8 @@ main (int argc, char **argv ) GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); printf ("no-allow-mark-trusted:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); + printf ("no-allow-external-cache:%lu:\n", + GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); printf ("disable-scdaemon:%lu:\n", GC_OPT_FLAG_NONE|GC_OPT_FLAG_RUNTIME); #ifdef HAVE_W32_SYSTEM diff --git a/doc/gpg-agent.texi b/doc/gpg-agent.texi index c3dfd82..5c0dec7 100644 --- a/doc/gpg-agent.texi +++ b/doc/gpg-agent.texi @@ -352,6 +352,19 @@ Allow clients to use the loopback pinentry features; see the option @option{pinentry-mode} for details. @end ifset + at ifset gpgtwoone + at item --no-allow-external-cache + at opindex no-allow-external-cache +Tell Pinentry not to enable features which use an external cache for +passphrases. + +Some desktop environments prefer to unlock all +credentials with one master password and may have installed a Pinentry +which employs an additional external cache to implement such a policy. +By using this option the Pinentry is advised not to make use of such a +cache and instead always ask the user for the requested passphrase. + at end ifset + @item --ignore-cache-for-signing @opindex ignore-cache-for-signing This option will let @command{gpg-agent} bypass the passphrase cache for all @@ -713,6 +726,7 @@ again. Only certain options are honored: @code{quiet}, @code{verbose}, @code{debug}, @code{debug-all}, @code{debug-level}, @code{no-grab}, @code{pinentry-program}, @code{default-cache-ttl}, @code{max-cache-ttl}, @code{ignore-cache-for-signing}, + at code{no-allow-external-cache}, @code{allow-mark-trusted}, @code{disable-scdaemon}, and @code{disable-check-own-socket}. @code{scdaemon-program} is also supported but due to the current implementation, which calls the diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index 4993989..2454f93 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -532,6 +532,9 @@ static gc_option_t gc_options_gpg_agent[] = { "ignore-cache-for-signing", GC_OPT_FLAG_RUNTIME, GC_LEVEL_BASIC, "gnupg", "do not use the PIN cache when signing", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, + { "no-allow-external-cache", GC_OPT_FLAG_RUNTIME, + GC_LEVEL_BASIC, "gnupg", "disallow the use of an external password cache", + GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, { "no-allow-mark-trusted", GC_OPT_FLAG_RUNTIME, GC_LEVEL_ADVANCED, "gnupg", "disallow clients to mark keys as \"trusted\"", GC_ARG_TYPE_NONE, GC_BACKEND_GPG_AGENT }, ----------------------------------------------------------------------- Summary of changes: agent/agent.h | 14 +++++- agent/call-pinentry.c | 136 +++++++++++++++++++++++++++++++++++++++++++++++--- agent/command-ssh.c | 4 +- agent/command.c | 11 ++-- agent/divert-scd.c | 6 +-- agent/findkey.c | 2 +- agent/genkey.c | 8 +-- agent/gpg-agent.c | 9 ++++ doc/gpg-agent.texi | 14 ++++++ tools/gpgconf-comp.c | 3 ++ 10 files changed, 186 insertions(+), 21 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue May 19 15:41:28 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 19 May 2015 15:41:28 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-37-g54dd881 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 54dd881a9a733074bafee4062f8591f4fe69cad5 (commit) from 72b653d8088ce508ab688c68d88c363832d50eb7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 54dd881a9a733074bafee4062f8591f4fe69cad5 Author: Neal H. Walfield Date: Tue May 19 15:41:26 2015 +0200 gtk+-2: Make sure the save-passphrase-externally checkbox is not checked. * gtk+-2/pinentry-gtk-2.c (create_window): Make sure the check button to save the passphrase externally is not checked by default. diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index a4ffb44..1a88e5a 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -546,6 +546,9 @@ create_window (pinentry_t ctx, int confirm_mode) else w = gtk_check_button_new_with_label ("Save passphrase using libsecret"); + /* Make sure it is off by default. */ + gtk_toggle_button_set_active (GTK_TOGGLE_BUTTON (w), FALSE); + gtk_box_pack_start (GTK_BOX (box), w, TRUE, FALSE, 0); gtk_widget_show (w); ----------------------------------------------------------------------- Summary of changes: gtk+-2/pinentry-gtk-2.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 20 16:27:17 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 20 May 2015 16:27:17 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.4-7-g23d2ef8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 23d2ef83cda644c6a83499f9327350d3371e8a17 (commit) from 3a9305439b75ccd4446378d4fd87da087fd9c892 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 23d2ef83cda644c6a83499f9327350d3371e8a17 Author: Werner Koch Date: Wed May 20 16:13:55 2015 +0200 agent: Cleanup caching code for command GET_PASSPHRASE. * agent/command.c (cmd_get_passphrase): Read from the user cache. -- We used to read the passphrase with mode CACHE_MODE_NORMAL but we put it into the cache with CACHE_MODE_USER. However, agent_get_cache does not yet distinguish between them and thus this does not change anything. diff --git a/agent/command.c b/agent/command.c index a5dce44..f71325d 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1495,7 +1495,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) if (!strcmp (desc, "X")) desc = NULL; - pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL) : NULL; + pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_USER) : NULL; if (pw) { rc = send_back_passphrase (ctx, opt_data, pw); ----------------------------------------------------------------------- Summary of changes: agent/command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 20 16:27:25 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Wed, 20 May 2015 16:27:25 +0200 Subject: [git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.27-22-g78e0a30 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-2-0 has been updated via 78e0a30fb19010b48efd752e1a73af20f93be533 (commit) from dde8ddffd37c9ef96cae2e2b1317d1dee607fc0b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 78e0a30fb19010b48efd752e1a73af20f93be533 Author: Werner Koch Date: Wed May 20 16:13:55 2015 +0200 agent: Cleanup caching code for command GET_PASSPHRASE. * agent/command.c (cmd_get_passphrase): Read from the user cache. -- We used to read the passphrase with mode CACHE_MODE_NORMAL but we put it into the cache with CACHE_MODE_USER. However, agent_get_cache does not yet distinguish between them and thus this does not change anything. (backported from commit 23d2ef83cda644c6a83499f9327350d3371e8a17) diff --git a/agent/command.c b/agent/command.c index 765f916..9393212 100644 --- a/agent/command.c +++ b/agent/command.c @@ -1245,7 +1245,7 @@ cmd_get_passphrase (assuan_context_t ctx, char *line) if (!strcmp (desc, "X")) desc = NULL; - pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_NORMAL, &cache_marker) + pw = cacheid ? agent_get_cache (cacheid, CACHE_MODE_USER, &cache_marker) : NULL; if (pw) { ----------------------------------------------------------------------- Summary of changes: agent/command.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 21 16:58:43 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 21 May 2015 16:58:43 +0200 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-229-g2bddd94 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 2bddd947fd1c11b4ec461576db65a5e34fea1b07 (commit) via 102d68b3bd77813a3ff989526855bb1e283bf9d7 (commit) via 8124e357b732a719696bfd5271def4e528f2a1e1 (commit) from 9b0c6c8141ae9bd056392a3f6b5704b505fc8501 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2bddd947fd1c11b4ec461576db65a5e34fea1b07 Author: Werner Koch Date: Thu May 21 16:24:36 2015 +0200 ecc: Add key generation flag "no-keytest". * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "no-keytest". Return an error for invalid flags of length 10. * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags set random level depending on flags. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto. * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and remove var random_level. (nist_generate_key): Implement "no-keytest" flag. * tests/keygen.c (check_ecc_keys): Add tests for transient-key and no-keytest. -- After key creation we usually run a test to check whether the keys really work. However for transient keys this might be too time consuming and given that a failed test would anyway abort the process the optional use of a flag to skip the test is appropriate. Using Ed25519 for EdDSA and the "no-keytest" flags halves the time to create such a key. This was measured by looping the last test from check_ecc_keys() 1000 times with and without the flag. Due to a bug in the flags parser unknown flags with a length of 10 characters were not detected. Thus the "no-keytest" flag can be employed by all software even for libraries before this. That bug is however solved with this version. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 4c74533..d90ee6d 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,10 @@ Noteworthy changes in version 1.7.0 (unreleased) * Added OCB mode. + * New flag "no-keytest" for ECC key generation. Due to a bug in the + parser that flag will also be accepted but ignored by older version + of Libgcrypt. + * Interface changes relative to the 1.6.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_mac_get_algo NEW. diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h index 83bf20d..f0d97ea 100644 --- a/cipher/ecc-common.h +++ b/cipher/ecc-common.h @@ -123,7 +123,7 @@ gpg_err_code_t _gcry_ecc_eddsa_compute_h_d (unsigned char **r_digest, gpg_err_code_t _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, - gcry_random_level_t random_level); + int flags); gpg_err_code_t _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *sk, gcry_mpi_t r_r, gcry_mpi_t s, diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index a12ebab..4323d8e 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -465,15 +465,28 @@ _gcry_ecc_eddsa_compute_h_d (unsigned char **r_digest, } -/* Ed25519 version of the key generation. */ +/** + * _gcry_ecc_eddsa_genkey - EdDSA version of the key generation. + * + * @sk: A struct to receive the secret key. + * @E: Parameters of the curve. + * @ctx: Elliptic curve computation context. + * @flags: Flags controlling aspects of the creation. + * + * Return: An error code. + * + * The only @flags bit used by this function is %PUBKEY_FLAG_TRANSIENT + * to use a faster RNG. + */ gpg_err_code_t _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, - gcry_random_level_t random_level) + int flags) { gpg_err_code_t rc; int b = 256/8; /* The only size we currently support. */ gcry_mpi_t a, x, y; mpi_point_struct Q; + gcry_random_level_t random_level; char *dbuf; size_t dlen; gcry_buffer_t hvec[1]; @@ -482,6 +495,11 @@ _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, point_init (&Q); memset (hvec, 0, sizeof hvec); + if ((flags & PUBKEY_FLAG_TRANSIENT_KEY)) + random_level = GCRY_STRONG_RANDOM; + else + random_level = GCRY_VERY_STRONG_RANDOM; + a = mpi_snew (0); x = mpi_new (0); y = mpi_new (0); diff --git a/cipher/ecc.c b/cipher/ecc.c index 262fcd8..5ffe84b 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1,6 +1,6 @@ /* ecc.c - Elliptic Curve Cryptography * Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc. - * Copyright (C) 2013 g10 Code GmbH + * Copyright (C) 2013, 2015 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -106,12 +106,11 @@ _gcry_register_pk_ecc_progress (void (*cb) (void *, const char *, /** - * nist_generate_key - Standard version of the key generation. - * + * nist_generate_key - Standard version of the ECC key generation. * @sk: A struct to receive the secret key. * @E: Parameters of the curve. * @ctx: Elliptic curve computation context. - * @random_level: The quality of the random. + * @flags: Flags controlling aspects of the creation. * @nbits: Only for testing * @r_x: On success this receives an allocated MPI with the affine * x-coordinate of the poblic key. On error NULL is stored. @@ -119,19 +118,29 @@ _gcry_register_pk_ecc_progress (void (*cb) (void *, const char *, * * Return: An error code. * + * The @flags bits used by this function are %PUBKEY_FLAG_TRANSIENT to + * use a faster RNG, and %PUBKEY_FLAG_NO_KEYTEST to skip the assertion + * that the key works as expected. + * * FIXME: Check whether N is needed. */ static gpg_err_code_t nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, - gcry_random_level_t random_level, unsigned int nbits, + int flags, unsigned int nbits, gcry_mpi_t *r_x, gcry_mpi_t *r_y) { mpi_point_struct Q; + gcry_random_level_t random_level; gcry_mpi_t x, y; const unsigned int pbits = mpi_get_nbits (E->p); point_init (&Q); + if ((flags & PUBKEY_FLAG_TRANSIENT_KEY)) + random_level = GCRY_STRONG_RANDOM; + else + random_level = GCRY_VERY_STRONG_RANDOM; + /* Generate a secret. */ if (ctx->dialect == ECC_DIALECT_ED25519) { @@ -226,7 +235,9 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, point_free (&Q); /* Now we can test our keys (this should never fail!). */ - if (sk->E.model != MPI_EC_MONTGOMERY) + if ((flags & PUBKEY_FLAG_NO_KEYTEST)) + ; /* User requested to skip the test. */ + else if (sk->E.model != MPI_EC_MONTGOMERY) test_keys (sk, nbits - 64); else test_ecdh_only_keys (sk, nbits - 64); @@ -492,7 +503,6 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) gcry_mpi_t Qy = NULL; char *curve_name = NULL; gcry_sexp_t l1; - gcry_random_level_t random_level; mpi_ec_t ctx = NULL; gcry_sexp_t curve_info = NULL; gcry_sexp_t curve_flags = NULL; @@ -560,17 +570,12 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) log_printpnt ("ecgen curve G", &E.G, NULL); } - if ((flags & PUBKEY_FLAG_TRANSIENT_KEY)) - random_level = GCRY_STRONG_RANDOM; - else - random_level = GCRY_VERY_STRONG_RANDOM; - ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, 0, E.p, E.a, E.b); if ((flags & PUBKEY_FLAG_EDDSA)) - rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, random_level); + rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, flags); else - rc = nist_generate_key (&sk, &E, ctx, random_level, nbits, &Qx, &Qy); + rc = nist_generate_key (&sk, &E, ctx, flags, nbits, &Qx, &Qy); if (rc) goto leave; diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 514f1eb..afa3454 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -1,7 +1,7 @@ /* pubkey-util.c - Supporting functions for all pubkey modules. * Copyright (C) 1998, 1999, 2000, 2002, 2003, 2005, * 2007, 2008, 2011 Free Software Foundation, Inc. - * Copyright (C) 2013 g10 Code GmbH + * Copyright (C) 2013, 2015 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -155,6 +155,10 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list, case 10: if (!memcmp (s, "igninvflag", 10)) igninvflag = 1; + else if (!memcmp (s, "no-keytest", 10)) + flags |= PUBKEY_FLAG_NO_KEYTEST; + else if (!igninvflag) + rc = GPG_ERR_INV_FLAG; break; case 11: diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index ab4f685..f13695a 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2327,6 +2327,13 @@ random number generator. This flag may be used for keys which are only used for a short time or per-message and do not require full cryptographic strength. + at item no-keytest + at cindex no-keytest +This flag skips internal failsafe tests to assert that a generated key +is properly working. It currently has an effect only for standard ECC +key generation. It is mostly useful along with transient-key to +achieve fastest ECC key generation. + @item use-x931 @cindex X9.31 Force the use of the ANSI X9.31 key generation algorithm instead of diff --git a/src/cipher.h b/src/cipher.h index 7ad0b2c..ef183fd 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -40,6 +40,7 @@ #define PUBKEY_FLAG_NOCOMP (1 << 11) #define PUBKEY_FLAG_EDDSA (1 << 12) #define PUBKEY_FLAG_GOST (1 << 13) +#define PUBKEY_FLAG_NO_KEYTEST (1 << 14) enum pk_operation diff --git a/tests/keygen.c b/tests/keygen.c index 4aff9c9..8b9a1d5 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -1,5 +1,6 @@ /* keygen.c - key generation regression tests * Copyright (C) 2003, 2005, 2012 Free Software Foundation, Inc. + * Copyright (C) 2013, 2015 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -14,8 +15,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see . */ #ifdef HAVE_CONFIG_H @@ -432,7 +432,43 @@ check_ecc_keys (void) show_sexp ("ECC key:\n", key); check_generated_ecc_key (key); + gcry_sexp_release (key); + + + if (verbose) + show ("creating ECC key using curve Ed25519 for ECDSA (transient-key)\n"); + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve Ed25519)(flags transient-key)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve Ed25519 for ECDSA" + " (transient-key): %s\n", + gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); + gcry_sexp_release (key); + if (verbose) + show ("creating ECC key using curve Ed25519 for ECDSA " + "(transient-key no-keytest)\n"); + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve Ed25519)" + "(flags transient-key no-keytest)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve Ed25519 for ECDSA" + " (transient-key no-keytest): %s\n", + gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); gcry_sexp_release (key); } commit 102d68b3bd77813a3ff989526855bb1e283bf9d7 Author: Werner Koch Date: Thu May 21 11:12:42 2015 +0200 ecc: Avoid double conversion to affine coordinates in keygen. * cipher/ecc.c (nist_generate_key): Add args r_x and r_y. (ecc_generate): Rename vars. Convert to affine coordinates only if not returned by the lower level generation function. -- nist_generate_key already needs to convert to affine coordinates to implement Jivsov's trick. Thus we can return them and avoid calling it in ecc_generate again. Signed-off-by: Werner Koch diff --git a/cipher/ecc.c b/cipher/ecc.c index 2f5e401..262fcd8 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -105,12 +105,30 @@ _gcry_register_pk_ecc_progress (void (*cb) (void *, const char *, -/* Standard version of the key generation. */ +/** + * nist_generate_key - Standard version of the key generation. + * + * @sk: A struct to receive the secret key. + * @E: Parameters of the curve. + * @ctx: Elliptic curve computation context. + * @random_level: The quality of the random. + * @nbits: Only for testing + * @r_x: On success this receives an allocated MPI with the affine + * x-coordinate of the poblic key. On error NULL is stored. + * @r_y: Ditto for the y-coordinate. + * + * Return: An error code. + * + * FIXME: Check whether N is needed. + */ static gpg_err_code_t nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, - gcry_random_level_t random_level, unsigned int nbits) + gcry_random_level_t random_level, unsigned int nbits, + gcry_mpi_t *r_x, gcry_mpi_t *r_y) { mpi_point_struct Q; + gcry_mpi_t x, y; + const unsigned int pbits = mpi_get_nbits (E->p); point_init (&Q); @@ -146,6 +164,11 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, sk->E.h = mpi_copy (E->h); point_init (&sk->Q); + x = mpi_new (pbits); + y = mpi_new (pbits); + if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx)) + log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); + /* We want the Q=(x,y) be a "compliant key" in terms of the * http://tools.ietf.org/html/draft-jivsov-ecc-compact, which simply * means that we choose either Q=(x,y) or -Q=(x,p-y) such that we @@ -159,16 +182,10 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, point_set (&sk->Q, &Q); else { - gcry_mpi_t x, y, negative; - const unsigned int pbits = mpi_get_nbits (E->p); + gcry_mpi_t negative; - x = mpi_new (pbits); - y = mpi_new (pbits); negative = mpi_new (pbits); - if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx)) - log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); - if (E->model == MPI_EC_WEIERSTRASS) mpi_sub (negative, E->p, y); /* negative = p - y */ else @@ -178,12 +195,18 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, { /* We need to end up with -Q; this assures that new Q's y is the smallest one */ - mpi_sub (sk->d, E->n, sk->d); /* d = order - d */ if (E->model == MPI_EC_WEIERSTRASS) - mpi_point_snatch_set (&sk->Q, x, negative, - mpi_alloc_set_ui (1)); + { + mpi_free (y); + y = negative; + } else - mpi_point_snatch_set (&sk->Q, negative, y, mpi_alloc_set_ui (1)); + { + mpi_free (x); + x = negative; + } + mpi_sub (sk->d, E->n, sk->d); /* d = order - d */ + mpi_point_set (&sk->Q, x, y, mpi_const (MPI_C_ONE)); if (DBG_CIPHER) log_debug ("ecgen converted Q to a compliant point\n"); @@ -191,23 +214,16 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, else /* p - y >= p */ { /* No change is needed exactly 50% of the time: just copy. */ + mpi_free (negative); point_set (&sk->Q, &Q); if (DBG_CIPHER) log_debug ("ecgen didn't need to convert Q to a compliant point\n"); - - mpi_free (negative); - if (E->model == MPI_EC_WEIERSTRASS) - mpi_free (x); - else - mpi_free (y); } - - if (E->model == MPI_EC_WEIERSTRASS) - mpi_free (y); - else - mpi_free (x); } + *r_x = x; + *r_y = y; + point_free (&Q); /* Now we can test our keys (this should never fail!). */ if (sk->E.model != MPI_EC_MONTGOMERY) @@ -470,8 +486,10 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) unsigned int nbits; elliptic_curve_t E; ECC_secret_key sk; - gcry_mpi_t x = NULL; - gcry_mpi_t y = NULL; + gcry_mpi_t Gx = NULL; + gcry_mpi_t Gy = NULL; + gcry_mpi_t Qx = NULL; + gcry_mpi_t Qy = NULL; char *curve_name = NULL; gcry_sexp_t l1; gcry_random_level_t random_level; @@ -548,26 +566,27 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) random_level = GCRY_VERY_STRONG_RANDOM; ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, 0, E.p, E.a, E.b); - x = mpi_new (0); - y = mpi_new (0); if ((flags & PUBKEY_FLAG_EDDSA)) rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, random_level); else - rc = nist_generate_key (&sk, &E, ctx, random_level, nbits); + rc = nist_generate_key (&sk, &E, ctx, random_level, nbits, &Qx, &Qy); if (rc) goto leave; /* Copy data to the result. */ - if (_gcry_mpi_ec_get_affine (x, y, &sk.E.G, ctx)) + Gx = mpi_new (0); + Gy = mpi_new (0); + if (_gcry_mpi_ec_get_affine (Gx, Gy, &sk.E.G, ctx)) log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G"); - base = _gcry_ecc_ec2os (x, y, sk.E.p); + base = _gcry_ecc_ec2os (Gx, Gy, sk.E.p); if (sk.E.dialect == ECC_DIALECT_ED25519 && !(flags & PUBKEY_FLAG_NOCOMP)) { unsigned char *encpk; unsigned int encpklen; - rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, x, y, + /* (Gx and Gy are used as scratch variables) */ + rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, Gx, Gy, !!(flags & PUBKEY_FLAG_COMP), &encpk, &encpklen); if (rc) @@ -578,9 +597,16 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) } else { - if (_gcry_mpi_ec_get_affine (x, y, &sk.Q, ctx)) - log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); - public = _gcry_ecc_ec2os (x, y, sk.E.p); + if (!Qx) + { + /* This is the case for a key from _gcry_ecc_eddsa_generate + with no compression. */ + Qx = mpi_new (0); + Qy = mpi_new (0); + if (_gcry_mpi_ec_get_affine (Qx, Qy, &sk.Q, ctx)) + log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); + } + public = _gcry_ecc_ec2os (Qx, Qy, sk.E.p); } secret = sk.d; sk.d = NULL; if (E.name) @@ -614,7 +640,8 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) curve_info, curve_flags, sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, sk.E.h, public, curve_info, curve_flags, - sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, sk.E.h, public, secret); + sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, sk.E.h, public, + secret); else rc = sexp_build (r_skey, NULL, "(key-data" @@ -654,8 +681,10 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) mpi_free (sk.d); } _gcry_ecc_curve_free (&E); - mpi_free (x); - mpi_free (y); + mpi_free (Gx); + mpi_free (Gy); + mpi_free (Qx); + mpi_free (Qy); _gcry_mpi_ec_free (ctx); sexp_release (curve_flags); sexp_release (curve_info); commit 8124e357b732a719696bfd5271def4e528f2a1e1 Author: Werner Koch Date: Mon May 4 16:46:02 2015 +0200 random: Change initial extra seeding from 2400 bits to 128 bits. * random/random-csprng.c (read_pool): Reduce initial seeding. -- See discussion starting at https://lists.gnupg.org/pipermail/gnupg-devel/2015-April/029750.html and also in May. Signed-off-by: Werner Koch diff --git a/random/random-csprng.c b/random/random-csprng.c index 332744b..da50fda 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -973,8 +973,8 @@ read_pool (byte *buffer, size_t length, int level) pool_balance = 0; needed = length - pool_balance; - if (needed < POOLSIZE/2) - needed = POOLSIZE/2; + if (needed < 16) /* At least 128 bits. */ + needed = 16; else if( needed > POOLSIZE ) BUG (); read_random_source (RANDOM_ORIGIN_EXTRAPOLL, needed, ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++ cipher/ecc-common.h | 2 +- cipher/ecc-eddsa.c | 22 ++++++++- cipher/ecc.c | 128 +++++++++++++++++++++++++++++++------------------ cipher/pubkey-util.c | 6 ++- doc/gcrypt.texi | 7 +++ random/random-csprng.c | 4 +- src/cipher.h | 1 + tests/keygen.c | 40 +++++++++++++++- 9 files changed, 159 insertions(+), 55 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 21 17:21:49 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 21 May 2015 17:21:49 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, updated. libgcrypt-1.6.3-2-g9ba6814 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been updated via 9ba681427ef5450250ae1d3e6aa0e342dc7949f6 (commit) from 64ddbac59372a6e54aa004d8df0bb3ce53574803 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9ba681427ef5450250ae1d3e6aa0e342dc7949f6 Author: Werner Koch Date: Mon Apr 13 11:48:33 2015 +0200 mpi: Fix gcry_mpi_copy for NULL opaque data. * mpi/mpiutil.c (_gcry_mpi_copy): Copy opaque only if needed. -- gcry_mpi_set_opaque allows to store NULL as opaque data. Thus we also need to take care when copying such data. Signed-off-by: Werner Koch diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 6bef2a8..59b8f93 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -343,7 +343,8 @@ _gcry_mpi_copy (gcry_mpi_t a) if( a && (a->flags & 4) ) { void *p = _gcry_is_secure(a->d)? xmalloc_secure ((a->sign+7)/8) : xmalloc ((a->sign+7)/8); - memcpy( p, a->d, (a->sign+7)/8 ); + if (a->d) + memcpy( p, a->d, (a->sign+7)/8 ); b = mpi_set_opaque( NULL, p, a->sign ); b->flags &= ~(16|32); /* Reset the immutable and constant flags. */ } ----------------------------------------------------------------------- Summary of changes: mpi/mpiutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 21 17:45:14 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 21 May 2015 17:45:14 +0200 Subject: [git] GCRYPT - branch, LIBGCRYPT-1-6-BRANCH, updated. libgcrypt-1.6.3-5-g5ffa73d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, LIBGCRYPT-1-6-BRANCH has been updated via 5ffa73d10594a2c335b149a2bc83ab70775c3567 (commit) via 1de693f9d229fc7d74d79dbdf57dfb23d8b8d67d (commit) via 19902921389d162d51b77d4c2383a90f4ea20cc4 (commit) from 9ba681427ef5450250ae1d3e6aa0e342dc7949f6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5ffa73d10594a2c335b149a2bc83ab70775c3567 Author: Werner Koch Date: Thu May 21 16:24:36 2015 +0200 ecc: Add key generation flag "no-keytest". * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "no-keytest". * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags set random level depending on flags. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto. * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and remove var random_level. (nist_generate_key): Implement "no-keytest" flag. * tests/keygen.c (check_ecc_keys): Add tests for transient-key and no-keytest. -- After key creation we usually run a test to check whether the keys really work. However for transient keys this might be too time consuming and given that a failed test would anyway abort the process the optional use of a flag to skip the test is appropriate. Using Ed25519 for EdDSA and the "no-keytest" flags halves the time to create such a key. This was measured by looping the last test from check_ecc_keys() 1000 times with and without the flag. Due to a bug in the flags parser unknown flags with a length of 10 characters were not detected. Thus the "no-keytest" flag can be employed by all software even for libraries before this. Signed-off-by: Werner Koch (backported from master commit 2bddd947fd1c11b4ec461576db65a5e34fea1b07) diff --git a/NEWS b/NEWS index b58df39..85838ed 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ Noteworthy changes in version 1.6.4 (unreleased) [C20/A0/R3] ------------------------------------------------ + * New flag "no-keytest" for ECC key generation. Due to a bug in the + parser that flag will also be accepted but ignored by older version + of Libgcrypt. + Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3] ------------------------------------------------ diff --git a/cipher/ecc-common.h b/cipher/ecc-common.h index f066b4b..30821a4 100644 --- a/cipher/ecc-common.h +++ b/cipher/ecc-common.h @@ -122,7 +122,7 @@ gpg_err_code_t _gcry_ecc_eddsa_compute_h_d (unsigned char **r_digest, gpg_err_code_t _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, - gcry_random_level_t random_level); + int flags); gpg_err_code_t _gcry_ecc_eddsa_sign (gcry_mpi_t input, ECC_secret_key *sk, gcry_mpi_t r_r, gcry_mpi_t s, diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 65024a3..62e6729 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -465,15 +465,28 @@ _gcry_ecc_eddsa_compute_h_d (unsigned char **r_digest, } -/* Ed25519 version of the key generation. */ +/** + * _gcry_ecc_eddsa_genkey - EdDSA version of the key generation. + * + * @sk: A struct to receive the secret key. + * @E: Parameters of the curve. + * @ctx: Elliptic curve computation context. + * @flags: Flags controlling aspects of the creation. + * + * Return: An error code. + * + * The only @flags bit used by this function is %PUBKEY_FLAG_TRANSIENT + * to use a faster RNG. + */ gpg_err_code_t _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, - gcry_random_level_t random_level) + int flags) { gpg_err_code_t rc; int b = 256/8; /* The only size we currently support. */ gcry_mpi_t a, x, y; mpi_point_struct Q; + gcry_random_level_t random_level; char *dbuf; size_t dlen; gcry_buffer_t hvec[1]; @@ -482,6 +495,11 @@ _gcry_ecc_eddsa_genkey (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, point_init (&Q); memset (hvec, 0, sizeof hvec); + if ((flags & PUBKEY_FLAG_TRANSIENT_KEY)) + random_level = GCRY_STRONG_RANDOM; + else + random_level = GCRY_VERY_STRONG_RANDOM; + a = mpi_snew (0); x = mpi_new (0); y = mpi_new (0); diff --git a/cipher/ecc.c b/cipher/ecc.c index 5636527..9dd2482 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -1,6 +1,6 @@ /* ecc.c - Elliptic Curve Cryptography * Copyright (C) 2007, 2008, 2010, 2011 Free Software Foundation, Inc. - * Copyright (C) 2013 g10 Code GmbH + * Copyright (C) 2013, 2015 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -105,12 +105,11 @@ _gcry_register_pk_ecc_progress (void (*cb) (void *, const char *, /** - * nist_generate_key - Standard version of the key generation. - * + * nist_generate_key - Standard version of the ECC key generation. * @sk: A struct to receive the secret key. * @E: Parameters of the curve. * @ctx: Elliptic curve computation context. - * @random_level: The quality of the random. + * @flags: Flags controlling aspects of the creation. * @nbits: Only for testing * @r_x: On success this receives an allocated MPI with the affine * x-coordinate of the poblic key. On error NULL is stored. @@ -118,19 +117,29 @@ _gcry_register_pk_ecc_progress (void (*cb) (void *, const char *, * * Return: An error code. * + * The @flags bits used by this function are %PUBKEY_FLAG_TRANSIENT to + * use a faster RNG, and %PUBKEY_FLAG_NO_KEYTEST to skip the assertion + * that the key works as expected. + * * FIXME: Check whether N is needed. */ static gpg_err_code_t nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, - gcry_random_level_t random_level, unsigned int nbits, + int flags, unsigned int nbits, gcry_mpi_t *r_x, gcry_mpi_t *r_y) { mpi_point_struct Q; + gcry_random_level_t random_level; gcry_mpi_t x, y; const unsigned int pbits = mpi_get_nbits (E->p); point_init (&Q); + if ((flags & PUBKEY_FLAG_TRANSIENT_KEY)) + random_level = GCRY_STRONG_RANDOM; + else + random_level = GCRY_VERY_STRONG_RANDOM; + /* Generate a secret. */ if (ctx->dialect == ECC_DIALECT_ED25519) { @@ -224,7 +233,10 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, point_free (&Q); /* Now we can test our keys (this should never fail!). */ - test_keys (sk, nbits - 64); + if ((flags & PUBKEY_FLAG_NO_KEYTEST)) + ; /* User requested to skip the test. */ + else + test_keys (sk, nbits - 64); return 0; } @@ -410,7 +422,6 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) gcry_mpi_t Qy = NULL; char *curve_name = NULL; gcry_sexp_t l1; - gcry_random_level_t random_level; mpi_ec_t ctx = NULL; gcry_sexp_t curve_info = NULL; gcry_sexp_t curve_flags = NULL; @@ -477,17 +488,12 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) log_printpnt ("ecgen curve G", &E.G, NULL); } - if ((flags & PUBKEY_FLAG_TRANSIENT_KEY)) - random_level = GCRY_STRONG_RANDOM; - else - random_level = GCRY_VERY_STRONG_RANDOM; - ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, 0, E.p, E.a, E.b); if ((flags & PUBKEY_FLAG_EDDSA)) - rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, random_level); + rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, flags); else - rc = nist_generate_key (&sk, &E, ctx, random_level, nbits, &Qx, &Qy); + rc = nist_generate_key (&sk, &E, ctx, flags, nbits, &Qx, &Qy); if (rc) goto leave; diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c index 616b499..74594e3 100644 --- a/cipher/pubkey-util.c +++ b/cipher/pubkey-util.c @@ -1,7 +1,7 @@ /* pubkey-util.c - Supporting functions for all pubkey modules. * Copyright (C) 1998, 1999, 2000, 2002, 2003, 2005, * 2007, 2008, 2011 Free Software Foundation, Inc. - * Copyright (C) 2013 g10 Code GmbH + * Copyright (C) 2013, 2015 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -145,6 +145,10 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list, case 10: if (!memcmp (s, "igninvflag", 10)) igninvflag = 1; + else if (!memcmp (s, "no-keytest", 10)) + flags |= PUBKEY_FLAG_NO_KEYTEST; + /* In 1.7.0 we will return an INV_FLAG on error but we + do not fix that bug here in 1.6.4 */ break; case 11: diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 9e9d436..44be096 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -2356,6 +2356,13 @@ random number generator. This flag may be used for keys which are only used for a short time or per-message and do not require full cryptographic strength. + at item no-keytest + at cindex no-keytest +This flag skips internal failsafe tests to assert that a generated key +is properly working. It currently has an effect only for standard ECC +key generation. It is mostly useful along with transient-key to +achieve fastest ECC key generation. + @item use-x931 @cindex X9.31 Force the use of the ANSI X9.31 key generation algorithm instead of diff --git a/src/cipher.h b/src/cipher.h index 10bfe0c..59a78c7 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -40,6 +40,7 @@ #define PUBKEY_FLAG_NOCOMP (1 << 11) #define PUBKEY_FLAG_EDDSA (1 << 12) #define PUBKEY_FLAG_GOST (1 << 13) +#define PUBKEY_FLAG_NO_KEYTEST (1 << 14) enum pk_operation diff --git a/tests/keygen.c b/tests/keygen.c index 4aff9c9..8b9a1d5 100644 --- a/tests/keygen.c +++ b/tests/keygen.c @@ -1,5 +1,6 @@ /* keygen.c - key generation regression tests * Copyright (C) 2003, 2005, 2012 Free Software Foundation, Inc. + * Copyright (C) 2013, 2015 g10 Code GmbH * * This file is part of Libgcrypt. * @@ -14,8 +15,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see . */ #ifdef HAVE_CONFIG_H @@ -432,7 +432,43 @@ check_ecc_keys (void) show_sexp ("ECC key:\n", key); check_generated_ecc_key (key); + gcry_sexp_release (key); + + + if (verbose) + show ("creating ECC key using curve Ed25519 for ECDSA (transient-key)\n"); + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve Ed25519)(flags transient-key)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve Ed25519 for ECDSA" + " (transient-key): %s\n", + gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); + gcry_sexp_release (key); + if (verbose) + show ("creating ECC key using curve Ed25519 for ECDSA " + "(transient-key no-keytest)\n"); + rc = gcry_sexp_build (&keyparm, NULL, + "(genkey(ecc(curve Ed25519)" + "(flags transient-key no-keytest)))"); + if (rc) + die ("error creating S-expression: %s\n", gpg_strerror (rc)); + rc = gcry_pk_genkey (&key, keyparm); + gcry_sexp_release (keyparm); + if (rc) + die ("error generating ECC key using curve Ed25519 for ECDSA" + " (transient-key no-keytest): %s\n", + gpg_strerror (rc)); + if (verbose > 1) + show_sexp ("ECC key:\n", key); + check_generated_ecc_key (key); gcry_sexp_release (key); } commit 1de693f9d229fc7d74d79dbdf57dfb23d8b8d67d Author: Werner Koch Date: Thu May 21 11:12:42 2015 +0200 ecc: Avoid double conversion to affine coordinates in keygen. * cipher/ecc.c (nist_generate_key): Add args r_x and r_y. (ecc_generate): Rename vars. Convert to affine coordinates only if not returned by the lower level generation function. -- nist_generate_key already needs to convert to affine coordinates to implement Jivsov's trick. Thus we can return them and avoid calling it in ecc_generate again. Signed-off-by: Werner Koch (backported from master commit 102d68b3bd77813a3ff989526855bb1e283bf9d7) diff --git a/cipher/ecc.c b/cipher/ecc.c index 885ff09..5636527 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -104,12 +104,30 @@ _gcry_register_pk_ecc_progress (void (*cb) (void *, const char *, -/* Standard version of the key generation. */ +/** + * nist_generate_key - Standard version of the key generation. + * + * @sk: A struct to receive the secret key. + * @E: Parameters of the curve. + * @ctx: Elliptic curve computation context. + * @random_level: The quality of the random. + * @nbits: Only for testing + * @r_x: On success this receives an allocated MPI with the affine + * x-coordinate of the poblic key. On error NULL is stored. + * @r_y: Ditto for the y-coordinate. + * + * Return: An error code. + * + * FIXME: Check whether N is needed. + */ static gpg_err_code_t nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, - gcry_random_level_t random_level, unsigned int nbits) + gcry_random_level_t random_level, unsigned int nbits, + gcry_mpi_t *r_x, gcry_mpi_t *r_y) { mpi_point_struct Q; + gcry_mpi_t x, y; + const unsigned int pbits = mpi_get_nbits (E->p); point_init (&Q); @@ -144,6 +162,11 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, sk->E.n = mpi_copy (E->n); point_init (&sk->Q); + x = mpi_new (pbits); + y = mpi_new (pbits); + if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx)) + log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); + /* We want the Q=(x,y) be a "compliant key" in terms of the * http://tools.ietf.org/html/draft-jivsov-ecc-compact, which simply * means that we choose either Q=(x,y) or -Q=(x,p-y) such that we @@ -157,16 +180,10 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, point_set (&sk->Q, &Q); else { - gcry_mpi_t x, y, negative; - const unsigned int pbits = mpi_get_nbits (E->p); + gcry_mpi_t negative; - x = mpi_new (pbits); - y = mpi_new (pbits); negative = mpi_new (pbits); - if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx)) - log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); - if (E->model == MPI_EC_WEIERSTRASS) mpi_sub (negative, E->p, y); /* negative = p - y */ else @@ -176,12 +193,18 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, { /* We need to end up with -Q; this assures that new Q's y is the smallest one */ - mpi_sub (sk->d, E->n, sk->d); /* d = order - d */ if (E->model == MPI_EC_WEIERSTRASS) - mpi_point_snatch_set (&sk->Q, x, negative, - mpi_alloc_set_ui (1)); + { + mpi_free (y); + y = negative; + } else - mpi_point_snatch_set (&sk->Q, negative, y, mpi_alloc_set_ui (1)); + { + mpi_free (x); + x = negative; + } + mpi_sub (sk->d, E->n, sk->d); /* d = order - d */ + mpi_point_set (&sk->Q, x, y, mpi_const (MPI_C_ONE)); if (DBG_CIPHER) log_debug ("ecgen converted Q to a compliant point\n"); @@ -189,23 +212,16 @@ nist_generate_key (ECC_secret_key *sk, elliptic_curve_t *E, mpi_ec_t ctx, else /* p - y >= p */ { /* No change is needed exactly 50% of the time: just copy. */ + mpi_free (negative); point_set (&sk->Q, &Q); if (DBG_CIPHER) log_debug ("ecgen didn't need to convert Q to a compliant point\n"); - - mpi_free (negative); - if (E->model == MPI_EC_WEIERSTRASS) - mpi_free (x); - else - mpi_free (y); } - - if (E->model == MPI_EC_WEIERSTRASS) - mpi_free (y); - else - mpi_free (x); } + *r_x = x; + *r_y = y; + point_free (&Q); /* Now we can test our keys (this should never fail!). */ test_keys (sk, nbits - 64); @@ -388,8 +404,10 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) unsigned int nbits; elliptic_curve_t E; ECC_secret_key sk; - gcry_mpi_t x = NULL; - gcry_mpi_t y = NULL; + gcry_mpi_t Gx = NULL; + gcry_mpi_t Gy = NULL; + gcry_mpi_t Qx = NULL; + gcry_mpi_t Qy = NULL; char *curve_name = NULL; gcry_sexp_t l1; gcry_random_level_t random_level; @@ -465,26 +483,27 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) random_level = GCRY_VERY_STRONG_RANDOM; ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, 0, E.p, E.a, E.b); - x = mpi_new (0); - y = mpi_new (0); if ((flags & PUBKEY_FLAG_EDDSA)) rc = _gcry_ecc_eddsa_genkey (&sk, &E, ctx, random_level); else - rc = nist_generate_key (&sk, &E, ctx, random_level, nbits); + rc = nist_generate_key (&sk, &E, ctx, random_level, nbits, &Qx, &Qy); if (rc) goto leave; /* Copy data to the result. */ - if (_gcry_mpi_ec_get_affine (x, y, &sk.E.G, ctx)) + Gx = mpi_new (0); + Gy = mpi_new (0); + if (_gcry_mpi_ec_get_affine (Gx, Gy, &sk.E.G, ctx)) log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G"); - base = _gcry_ecc_ec2os (x, y, sk.E.p); + base = _gcry_ecc_ec2os (Gx, Gy, sk.E.p); if (sk.E.dialect == ECC_DIALECT_ED25519 && !(flags & PUBKEY_FLAG_NOCOMP)) { unsigned char *encpk; unsigned int encpklen; - rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, x, y, + /* (Gx and Gy are used as scratch variables) */ + rc = _gcry_ecc_eddsa_encodepoint (&sk.Q, ctx, Gx, Gy, !!(flags & PUBKEY_FLAG_COMP), &encpk, &encpklen); if (rc) @@ -495,9 +514,16 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) } else { - if (_gcry_mpi_ec_get_affine (x, y, &sk.Q, ctx)) - log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); - public = _gcry_ecc_ec2os (x, y, sk.E.p); + if (!Qx) + { + /* This is the case for a key from _gcry_ecc_eddsa_generate + with no compression. */ + Qx = mpi_new (0); + Qy = mpi_new (0); + if (_gcry_mpi_ec_get_affine (Qx, Qy, &sk.Q, ctx)) + log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); + } + public = _gcry_ecc_ec2os (Qx, Qy, sk.E.p); } secret = sk.d; sk.d = NULL; if (E.name) @@ -570,8 +596,10 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) mpi_free (sk.d); } _gcry_ecc_curve_free (&E); - mpi_free (x); - mpi_free (y); + mpi_free (Gx); + mpi_free (Gy); + mpi_free (Qx); + mpi_free (Qy); _gcry_mpi_ec_free (ctx); sexp_release (curve_flags); sexp_release (curve_info); commit 19902921389d162d51b77d4c2383a90f4ea20cc4 Author: Werner Koch Date: Mon May 4 16:46:02 2015 +0200 random: Change initial extra seeding from 2400 bits to 128 bits. * random/random-csprng.c (read_pool): Reduce initial seeding. -- See discussion starting at https://lists.gnupg.org/pipermail/gnupg-devel/2015-April/029750.html and also in May. Signed-off-by: Werner Koch diff --git a/random/random-csprng.c b/random/random-csprng.c index 87235d8..d3b6614 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -978,8 +978,8 @@ read_pool (byte *buffer, size_t length, int level) pool_balance = 0; needed = length - pool_balance; - if (needed < POOLSIZE/2) - needed = POOLSIZE/2; + if (needed < 16) /* At least 128 bits. */ + needed = 16; else if( needed > POOLSIZE ) BUG (); read_random_source (RANDOM_ORIGIN_EXTRAPOLL, needed, ----------------------------------------------------------------------- Summary of changes: NEWS | 4 ++ cipher/ecc-common.h | 2 +- cipher/ecc-eddsa.c | 22 ++++++++- cipher/ecc.c | 126 +++++++++++++++++++++++++++++++------------------ cipher/pubkey-util.c | 6 ++- doc/gcrypt.texi | 7 +++ random/random-csprng.c | 4 +- src/cipher.h | 1 + tests/keygen.c | 40 +++++++++++++++- 9 files changed, 158 insertions(+), 54 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed May 27 03:28:32 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 27 May 2015 03:28:32 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.4-8-g6cb18a8f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6cb18a8f975b7ff7ca79c1fb0cddcd4b66be90fb (commit) from 23d2ef83cda644c6a83499f9327350d3371e8a17 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6cb18a8f975b7ff7ca79c1fb0cddcd4b66be90fb Author: NIIBE Yutaka Date: Wed May 27 10:22:32 2015 +0900 g10: Remove g10/signal.c. * g10/signal.c: Remove. * g10/main.h: Remove old function API. * g10/tdbio.c: Use new API, even in the dead code. -- We use common/signal.c now. The file g10/signal.c has been useless since 2003-06-27. Now, the removal. diff --git a/g10/main.h b/g10/main.h index a89f711..9370ae5 100644 --- a/g10/main.h +++ b/g10/main.h @@ -379,11 +379,6 @@ int hash_datafile_by_fd ( gcry_md_hd_t md, gcry_md_hd_t md2, int data_fd, int textmode ); PKT_plaintext *setup_plaintext_name(const char *filename,IOBUF iobuf); -/*-- signal.c --*/ -void init_signals(void); -void block_all_signals(void); -void unblock_all_signals(void); - /*-- server.c --*/ int gpg_server (ctrl_t); gpg_error_t gpg_proxy_pinentry_notify (ctrl_t ctrl, diff --git a/g10/signal.c b/g10/signal.c deleted file mode 100644 index 6c8a40b..0000000 --- a/g10/signal.c +++ /dev/null @@ -1,204 +0,0 @@ -/* signal.c - signal handling - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2005 Free Software Foundation, Inc. - * - * This file is part of GnuPG. - * - * GnuPG is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * GnuPG is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "gpg.h" -#include "options.h" -#include "status.h" -#include "util.h" -#include "main.h" -#include "ttyio.h" - -#ifdef HAVE_DOSISH_SYSTEM -void init_signals(void) {} -#else -static volatile int caught_fatal_sig = 0; -static volatile int caught_sigusr1 = 0; - -static void -init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign ) -{ -#if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION) - struct sigaction oact, nact; - - if (check_ign) { - /* we don't want to change an IGN handler */ - sigaction (sig, NULL, &oact ); - if (oact.sa_handler == SIG_IGN ) - return; - } - - nact.sa_handler = handler; - sigemptyset (&nact.sa_mask); - nact.sa_flags = 0; - sigaction ( sig, &nact, NULL); -#else - RETSIGTYPE (*ohandler)(int); - - ohandler = signal (sig, handler); - if (check_ign && ohandler == SIG_IGN) { - /* Change it back if it was already set to IGN */ - signal (sig, SIG_IGN); - } -#endif -} - -static RETSIGTYPE -got_fatal_signal( int sig ) -{ - const char *s; - - if( caught_fatal_sig ) - raise( sig ); - caught_fatal_sig = 1; - - gcry_control (GCRYCTL_TERM_SECMEM ); - - tty_cleanup_rl_after_signal (); - tty_cleanup_after_signal (); - - /* Better don't translate these messages. */ - write(2, "\n", 1 ); - s = log_get_name(); if( s ) write(2, s, strlen(s) ); - write(2, ": ", 2 ); - -#if HAVE_DECL_SYS_SIGLIST && defined(NSIG) - s = (sig >= 0 && sig < NSIG) ? sys_siglist[sig] : "?"; - write (2, s, strlen(s) ); -#else - write (2, "signal ", 7 ); - if (sig < 0 || sig >=100) - write (2, "?", 1); - else { - if (sig >= 10) - write (2, "0123456789"+(sig/10), 1 ); - write (2, "0123456789"+(sig%10), 1 ); - } -#endif - write(2, " caught ... exiting\n", 20 ); - - /* Reset action to default action and raise signal again. */ - init_one_signal (sig, SIG_DFL, 0); - dotlock_remove_lockfiles (); -#ifdef __riscos__ - riscos_close_fds (); -#endif /* __riscos__ */ - raise( sig ); -} - - -static RETSIGTYPE -got_usr_signal( int sig ) -{ - caught_sigusr1 = 1; -} - - -void -init_signals() -{ - init_one_signal (SIGINT, got_fatal_signal, 1 ); - init_one_signal (SIGHUP, got_fatal_signal, 1 ); - init_one_signal (SIGTERM, got_fatal_signal, 1 ); - init_one_signal (SIGQUIT, got_fatal_signal, 1 ); - init_one_signal (SIGSEGV, got_fatal_signal, 1 ); - init_one_signal (SIGUSR1, got_usr_signal, 0 ); - init_one_signal (SIGPIPE, SIG_IGN, 0 ); -} - - -/* Disabled - see comment in tdbio.c:tdbio_begin_transaction() */ -#if 0 -static void -do_block( int block ) -{ - static int is_blocked; -#if defined(HAVE_SIGPROCMASK) && defined(HAVE_SIGSET_T) - static sigset_t oldmask; - - if( block ) { - sigset_t newmask; - - if( is_blocked ) - log_bug("signals are already blocked\n"); - sigfillset( &newmask ); - sigprocmask( SIG_BLOCK, &newmask, &oldmask ); - is_blocked = 1; - } - else { - if( !is_blocked ) - log_bug("signals are not blocked\n"); - sigprocmask( SIG_SETMASK, &oldmask, NULL ); - is_blocked = 0; - } -#else /*! HAVE_SIGPROCMASK && HAVE_SIGSET_T */ - -#if defined(NSIG) -#define SIGSMAX (NSIG) -#elif defined(MAXSIG) -#define SIGSMAX (MAXSIG+1) -#else -#error "define SIGSMAX to the number of signals on your platform plus one" -#endif - - static void (*disposition[SIGSMAX])(int); - int sig; - - if( block ) { - if( is_blocked ) - log_bug("signals are already blocked\n"); - for (sig=1; sig < SIGSMAX; sig++) { - disposition[sig] = sigset (sig, SIG_HOLD); - } - is_blocked = 1; - } - else { - if( !is_blocked ) - log_bug("signals are not blocked\n"); - for (sig=1; sig < SIGSMAX; sig++) { - sigset (sig, disposition[sig]); - } - is_blocked = 0; - } -#endif /*! HAVE_SIGPROCMASK && HAVE_SIGSET_T */ -} - -void -block_all_signals() -{ - do_block(1); -} - -void -unblock_all_signals() -{ - do_block(0); -} -#endif - -#endif /* !HAVE_DOSISH_SYSTEM */ diff --git a/g10/tdbio.c b/g10/tdbio.c index 69438b4..98a7773 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -378,10 +378,10 @@ tdbio_end_transaction() else is_locked = 1; } - block_all_signals(); + gnupg_block_all_signals(); in_transaction = 0; rc = tdbio_sync(); - unblock_all_signals(); + gnupg_unblock_all_signals(); if( !opt.lock_once ) { if( !dotlock_release (lockhandle) ) is_locked = 0; ----------------------------------------------------------------------- Summary of changes: g10/main.h | 5 -- g10/signal.c | 204 ----------------------------------------------------------- g10/tdbio.c | 4 +- 3 files changed, 2 insertions(+), 211 deletions(-) delete mode 100644 g10/signal.c hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu May 28 14:38:58 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 28 May 2015 14:38:58 +0200 Subject: [git] gnupg-doc - branch, master, updated. a4133d9e238e266a28a1fd158884f69408f9a69e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via a4133d9e238e266a28a1fd158884f69408f9a69e (commit) from acb4c49a5e5865670f31831782ae88731a9f4d0f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a4133d9e238e266a28a1fd158884f69408f9a69e Author: Werner Koch Date: Thu May 28 14:37:34 2015 +0200 rfc4880bis: Merge with RFC-5581 (Camellia). diff --git a/misc/id/common/reference.RFC.3713.xml b/misc/id/common/reference.RFC.3713.xml new file mode 100644 index 0000000..bffa7fb --- /dev/null +++ b/misc/id/common/reference.RFC.3713.xml @@ -0,0 +1,19 @@ + + + + + +A Description of the Camellia Encryption Algorithm + + + + + + + + +This document describes the Camellia encryption algorithm. Camellia is a block cipher with 128-bit block size and 128-, 192-, and 256-bit keys. The algorithm description is presented together with key scheduling part and data randomizing part. This memo provides information for the Internet community. + + + + diff --git a/misc/id/rfc4880bis/back.mkd b/misc/id/rfc4880bis/back.mkd index c06a404..12cbd83 100644 --- a/misc/id/rfc4880bis/back.mkd +++ b/misc/id/rfc4880bis/back.mkd @@ -1,6 +1,7 @@ -# Changes since -00 +# Changes since RFC 4880 - - xxxx + - Applied errata 2270, 2271, 2242, 3298. + - Added Camellia cipher from RFC 5581. diff --git a/misc/id/rfc4880bis/middle.mkd b/misc/id/rfc4880bis/middle.mkd index d3278d6..f5da03c 100644 --- a/misc/id/rfc4880bis/middle.mkd +++ b/misc/id/rfc4880bis/middle.mkd @@ -10,6 +10,9 @@ and key management functions. It is a revision of RFC 2440, "OpenPGP Message Format", which itself replaces RFC 1991, "PGP Message Exchange Formats" [](#RFC1991) [](#RFC2440). +This document obsoletes: RFC 5581 (Camellia cipher). + + ## {1.1} Terms * OpenPGP - This is a term for security software that uses PGP 5.x @@ -2702,6 +2705,9 @@ algorithm. 8 AES with 192-bit key 9 AES with 256-bit key 10 Twofish with 256-bit key [](#TWOFISH) + 11 Camellia with 128-bit key [](#RFC3713) + 12 Camellia with 192-bit key + 13 Camellia with 256-bit key 100 to 110 Private/Experimental algorithm Implementations MUST implement TripleDES. Implementations SHOULD diff --git a/misc/id/rfc4880bis/template.xml b/misc/id/rfc4880bis/template.xml index 6c93688..b3dca2f 100644 --- a/misc/id/rfc4880bis/template.xml +++ b/misc/id/rfc4880bis/template.xml @@ -16,6 +16,7 @@ + ]> @@ -201,6 +202,7 @@ &rfc.3156; &rfc.3447; &rfc.3629; + &rfc.3713; &rfc.4086; ----------------------------------------------------------------------- Summary of changes: misc/id/common/reference.RFC.3713.xml | 19 +++++++++++++++++++ misc/id/rfc4880bis/back.mkd | 5 +++-- misc/id/rfc4880bis/middle.mkd | 6 ++++++ misc/id/rfc4880bis/template.xml | 2 ++ 4 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 misc/id/common/reference.RFC.3713.xml hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 29 06:49:40 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 29 May 2015 06:49:40 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.4-9-gfe5c6ed Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via fe5c6edaed78839303d67e01e141cfc6b5de9aec (commit) from 6cb18a8f975b7ff7ca79c1fb0cddcd4b66be90fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fe5c6edaed78839303d67e01e141cfc6b5de9aec Author: NIIBE Yutaka Date: Thu May 28 17:08:37 2015 +0900 g10: Fix a race condition initially creating trustdb. * g10/tdbio.c (take_write_lock, release_write_lock): New. (put_record_into_cache, tdbio_sync, tdbio_end_transaction): Use new lock functions. (tdbio_set_dbname): Fix the race. (open_db): Don't call dotlock_create. -- GnuPG-bug-id: 1675 diff --git a/g10/tdbio.c b/g10/tdbio.c index 98a7773..940165c 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -100,7 +100,33 @@ static int in_transaction; static void open_db(void); +static int +take_write_lock (void) +{ + if (!lockhandle) + lockhandle = dotlock_create (db_name, 0); + if (!lockhandle) + log_fatal ( _("can't create lock for '%s'\n"), db_name ); + + if (!is_locked) + { + if (dotlock_take (lockhandle, -1) ) + log_fatal ( _("can't lock '%s'\n"), db_name ); + else + is_locked = 1; + return 0; + } + else + return 1; +} +static void +release_write_lock (void) +{ + if (!opt.lock_once) + if (!dotlock_release (lockhandle)) + is_locked = 0; +} /************************************* ************* record cache ********** @@ -256,12 +282,7 @@ put_record_into_cache( ulong recno, const char *data ) int n = dirty_count / 5; /* discard some dirty entries */ if( !n ) n = 1; - if( !is_locked ) { - if( dotlock_take( lockhandle, -1 ) ) - log_fatal("can't acquire lock - giving up\n"); - else - is_locked = 1; - } + take_write_lock (); for( unused = NULL, r = cache_list; r; r = r->next ) { if( r->flags.used && r->flags.dirty ) { int rc = write_cache_item( r ); @@ -275,10 +296,7 @@ put_record_into_cache( ulong recno, const char *data ) break; } } - if( !opt.lock_once ) { - if( !dotlock_release( lockhandle ) ) - is_locked = 0; - } + release_write_lock (); assert( unused ); r = unused; r->flags.used = 1; @@ -317,13 +335,9 @@ tdbio_sync() if( !cache_is_dirty ) return 0; - if( !is_locked ) { - if( dotlock_take( lockhandle, -1 ) ) - log_fatal("can't acquire lock - giving up\n"); - else - is_locked = 1; - did_lock = 1; - } + if (!take_write_lock ()) + did_lock = 1; + for( r = cache_list; r; r = r->next ) { if( r->flags.used && r->flags.dirty ) { int rc = write_cache_item( r ); @@ -332,10 +346,8 @@ tdbio_sync() } } cache_is_dirty = 0; - if( did_lock && !opt.lock_once ) { - if( !dotlock_release (lockhandle) ) - is_locked = 0; - } + if (did_lock) + release_write_lock (); return 0; } @@ -372,20 +384,12 @@ tdbio_end_transaction() if( !in_transaction ) log_bug("tdbio: no active transaction\n"); - if( !is_locked ) { - if( dotlock_take( lockhandle, -1 ) ) - log_fatal("can't acquire lock - giving up\n"); - else - is_locked = 1; - } + take_write_lock (); gnupg_block_all_signals(); in_transaction = 0; rc = tdbio_sync(); gnupg_unblock_all_signals(); - if( !opt.lock_once ) { - if( !dotlock_release (lockhandle) ) - is_locked = 0; - } + release_write_lock (); return rc; } @@ -483,6 +487,7 @@ int tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile) { char *fname; + struct stat statbuf; static int initialized = 0; if( !initialized ) { @@ -504,6 +509,21 @@ tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile) else fname = xstrdup (new_dbname); + xfree (db_name); + db_name = fname; + + /* + * Quick check for (likely) case where there is trustdb.gpg + * already. This check is not required in theory, but it helps in + * practice, avoiding costly operations of preparing and taking + * the lock. + */ + if (stat (fname, &statbuf) == 0 && statbuf.st_size > 0) + /* OK, we have the valid trustdb.gpg already. */ + return 0; + + take_write_lock (); + if( access( fname, R_OK ) ) { #ifdef HAVE_W32CE_SYSTEM /* We know how the cegcc implementation of access works ;-). */ @@ -512,11 +532,9 @@ tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile) else gpg_err_set_errno (EIO); #endif /*HAVE_W32CE_SYSTEM*/ - if( errno != ENOENT ) { - log_error( _("can't access '%s': %s\n"), fname, strerror(errno) ); - xfree(fname); - return GPG_ERR_TRUSTDB; - } + if( errno != ENOENT ) + log_fatal( _("can't access '%s': %s\n"), fname, strerror(errno) ); + if (!create) *r_nofile = 1; else { @@ -546,16 +564,6 @@ tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile) } *p = save_slash; - xfree(db_name); - db_name = fname; -#ifdef __riscos__ - if( !lockhandle ) - lockhandle = dotlock_create (db_name, 0); - if( !lockhandle ) - log_fatal( _("can't create lock for '%s'\n"), db_name ); - if( dotlock_make (lockhandle, -1) ) - log_fatal( _("can't lock '%s'\n"), db_name ); -#endif /* __riscos__ */ oldmask=umask(077); if (is_secured_filename (fname)) { fp = NULL; @@ -573,13 +581,6 @@ tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile) log_fatal (_("can't open '%s': %s\n"), db_name, strerror (errno)); -#ifndef __riscos__ - if( !lockhandle ) - lockhandle = dotlock_create (db_name, 0); - if( !lockhandle ) - log_fatal( _("can't create lock for '%s'\n"), db_name ); -#endif /* !__riscos__ */ - rc = create_version_record (); if( rc ) log_fatal( _("%s: failed to create version record: %s"), @@ -590,12 +591,10 @@ tdbio_set_dbname( const char *new_dbname, int create, int *r_nofile) if( !opt.quiet ) log_info(_("%s: trustdb created\n"), db_name); - - return 0; } } - xfree(db_name); - db_name = fname; + + release_write_lock (); return 0; } @@ -615,14 +614,6 @@ open_db() assert( db_fd == -1 ); - if (!lockhandle ) - lockhandle = dotlock_create (db_name, 0); - if (!lockhandle ) - log_fatal( _("can't create lock for '%s'\n"), db_name ); -#ifdef __riscos__ - if (dotlock_take (lockhandle, -1) ) - log_fatal( _("can't lock '%s'\n"), db_name ); -#endif /* __riscos__ */ #ifdef HAVE_W32CE_SYSTEM { DWORD prevrc = 0; ----------------------------------------------------------------------- Summary of changes: g10/tdbio.c | 121 ++++++++++++++++++++++++++++-------------------------------- 1 file changed, 56 insertions(+), 65 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri May 29 07:12:34 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Fri, 29 May 2015 07:12:34 +0200 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.4-10-ge5c69e8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e5c69e87beebe99d362ac721ce4ea6b057a30a99 (commit) from fe5c6edaed78839303d67e01e141cfc6b5de9aec (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e5c69e87beebe99d362ac721ce4ea6b057a30a99 Author: NIIBE Yutaka Date: Fri May 29 14:06:38 2015 +0900 scd: Fix key template of ECC. * scd/app-openpgp.c (build_ecc_privkey_template): Use correct value. -- Forthcoming OpenPGPcard specification 3.0 will address this 0x92. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 10bd64e..8520231 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -2755,7 +2755,7 @@ build_ecc_privkey_template (app_t app, int keyno, datalen = 0; tp = privkey; - tp += add_tlv (tp, 0x91, ecc_d_len); /* Tag 0x91??? */ + tp += add_tlv (tp, 0x92, ecc_d_len); datalen += ecc_d_len; privkey_len = tp - privkey; ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Sun May 31 20:14:30 2015 From: cvs at cvs.gnupg.org (by Stanislav Ochotnicky) Date: Sun, 31 May 2015 20:14:30 +0200 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.2-43-geab03a4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via eab03a469d82018e53380f26390594f47bb4c5c8 (commit) from 55ea554b2020b1e7b0996bd9f7bb38c8af2b03f3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eab03a469d82018e53380f26390594f47bb4c5c8 Author: Stanislav Ochotnicky Date: Wed Nov 12 20:48:28 2014 +0100 Fix qt4 pinentry window created in the background This is probably just a workaround. Proper fix is being investigated. See: https://bugzilla.redhat.com/show_bug.cgi?id=589532 http://stackoverflow.com/questions/2788518/calling-activatewindow-on-qdia -- GnuPG-bug-id: 1981 diff --git a/qt4/pinentrydialog.cpp b/qt4/pinentrydialog.cpp index 456f022..89735c2 100644 --- a/qt4/pinentrydialog.cpp +++ b/qt4/pinentrydialog.cpp @@ -76,7 +76,6 @@ void raiseWindow( QWidget* w ) /* Maybe Qt will become agressive enough one day that * this is enough on windows too*/ w->raise(); - w->activateWindow(); #ifdef Q_WS_WIN /* In the meantime we do our own attention grabbing */ if (!SetForegroundWindow (w->winId()) && ----------------------------------------------------------------------- Summary of changes: qt4/pinentrydialog.cpp | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org