From cvs at cvs.gnupg.org Sun Nov 1 20:01:41 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Sun, 01 Nov 2015 20:01:41 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-276-gc0b9eee Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via c0b9eee2d93a13930244f9ce0c14ed6b4aeb6c29 (commit) via 28de6f9e16e386018e81a9cdaee596be7616ccab (commit) via 92ad19873562cfce7bcc4a0b5aed8195d8284cfc (commit) via 577dc2b63ceca6a8a716256d034ea4e7414f65fa (commit) via cee2e122ec6c1886957a8d47498eb63a6a921725 (commit) from 74184c28fbe7ff58cf57f0094ef957d94045da7d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c0b9eee2d93a13930244f9ce0c14ed6b4aeb6c29 Author: Jussi Kivilinna Date: Sun Oct 25 20:34:50 2015 +0200 Keccak: Add SHAKE Extendable-Output Functions * src/hash-common.c (_gcry_hash_selftest_check_one): Add handling for XOFs. * src/keccak.c (keccak_ops_t): Rename 'extract_inplace' to 'extract' and add 'pos' argument. (KECCAK_CONTEXT): Add 'suffix'. (keccak_extract_inplace64): Rename to... (keccak_extract64): ...this; Add handling for 'pos' argument. (keccak_extract_inplace32bi): Rename to... (keccak_extract32bi): ...this; Add handling for 'pos' argument. (keccak_extract_inplace64): Rename to... (keccak_extract64): ...this; Add handling for 'pos' argument. (keccak_extract_inplace32bi_bmi2): Rename to... (keccak_extract32bi_bmi2): ...this; Add handling for 'pos' argument. (keccak_init): Setup 'suffix'; add SHAKE128 & SHAKE256. (shake128_init, shake256_init): New. (keccak_final): Do not initial permute for SHAKE output; use correct suffix for SHAKE. (keccak_extract): New. (keccak_selftests_keccak): Add SHAKE128 & SHAKE256 test-vectors. (run_selftests): Add SHAKE128 & SHAKE256. (shake128_asn, oid_spec_shake128, shake256_asn, oid_spec_shake256) (_gcry_digest_spec_shake128, _gcry_digest_spec_shake256): New. * cipher/md.c (digest_list): Add SHAKE128 & SHAKE256. * doc/gcrypt.texi: Ditto. * src/cipher.h (_gcry_digest_spec_shake128) (_gcry_digest_spec_shake256): New. * src/gcrypt.h.in (GCRY_MD_SHAKE128, GCRY_MD_SHAKE256): New. * tests/basic.c (check_one_md): Add XOF check; Add 'elen' argument. (check_one_md_multi): Skip if algo is XOF. (check_digests): Add SHAKE128 & SHAKE256 test vectors. * tests/bench-slope.c (kdf_bench_one): Skip XOFs. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/hash-common.c b/cipher/hash-common.c index 6743f09..a750d644 100644 --- a/cipher/hash-common.c +++ b/cipher/hash-common.c @@ -49,8 +49,12 @@ _gcry_hash_selftest_check_one (int algo, gcry_error_t err = 0; gcry_md_hd_t hd; unsigned char *digest; + char aaa[1000]; + int xof = 0; - if (_gcry_md_get_algo_dlen (algo) != expectlen) + if (_gcry_md_get_algo_dlen (algo) == 0) + xof = 1; + else if (_gcry_md_get_algo_dlen (algo) != expectlen) return "digest size does not match expected size"; err = _gcry_md_open (&hd, algo, 0); @@ -65,7 +69,6 @@ _gcry_hash_selftest_check_one (int algo, case 1: /* Hash one million times an "a". */ { - char aaa[1000]; int i; /* Write in odd size chunks so that we test the buffering. */ @@ -81,10 +84,23 @@ _gcry_hash_selftest_check_one (int algo, if (!result) { - digest = _gcry_md_read (hd, algo); - - if ( memcmp (digest, expect, expectlen) ) - result = "digest mismatch"; + if (!xof) + { + digest = _gcry_md_read (hd, algo); + + if ( memcmp (digest, expect, expectlen) ) + result = "digest mismatch"; + } + else + { + gcry_assert(expectlen <= sizeof(aaa)); + + err = _gcry_md_extract (hd, algo, aaa, expectlen); + if (err) + result = "error extracting output from XOF"; + else if ( memcmp (aaa, expect, expectlen) ) + result = "digest mismatch"; + } } _gcry_md_close (hd); diff --git a/cipher/keccak.c b/cipher/keccak.c index d46d9cb..f4f0ef3 100644 --- a/cipher/keccak.c +++ b/cipher/keccak.c @@ -90,7 +90,8 @@ typedef struct unsigned int (*permute)(KECCAK_STATE *hd); unsigned int (*absorb)(KECCAK_STATE *hd, int pos, const byte *lanes, unsigned int nlanes, int blocklanes); - unsigned int (*extract_inplace) (KECCAK_STATE *hd, unsigned int outlen); + unsigned int (*extract) (KECCAK_STATE *hd, unsigned int pos, byte *outbuf, + unsigned int outlen); } keccak_ops_t; @@ -100,6 +101,7 @@ typedef struct KECCAK_CONTEXT_S unsigned int outlen; unsigned int blocksize; unsigned int count; + unsigned int suffix; const keccak_ops_t *ops; } KECCAK_CONTEXT; @@ -124,13 +126,18 @@ static const u64 round_consts_64bit[24] = }; static unsigned int -keccak_extract_inplace64(KECCAK_STATE *hd, unsigned int outlen) +keccak_extract64(KECCAK_STATE *hd, unsigned int pos, byte *outbuf, + unsigned int outlen) { unsigned int i; - for (i = 0; i < outlen / 8 + !!(outlen % 8); i++) + /* NOTE: when pos == 0, hd and outbuf may point to same memory (SHA-3). */ + + for (i = pos; i < pos + outlen / 8 + !!(outlen % 8); i++) { - hd->u.state64[i] = le_bswap64(hd->u.state64[i]); + u64 tmp = hd->u.state64[i]; + buf_put_le64(outbuf, tmp); + outbuf += 8; } return 0; @@ -158,14 +165,17 @@ static const u32 round_consts_32bit[2 * 24] = }; static unsigned int -keccak_extract_inplace32bi(KECCAK_STATE *hd, unsigned int outlen) +keccak_extract32bi(KECCAK_STATE *hd, unsigned int pos, byte *outbuf, + unsigned int outlen) { unsigned int i; u32 x0; u32 x1; u32 t; - for (i = 0; i < outlen / 8 + !!(outlen % 8); i++) + /* NOTE: when pos == 0, hd and outbuf may point to same memory (SHA-3). */ + + for (i = pos; i < pos + outlen / 8 + !!(outlen % 8); i++) { x0 = hd->u.state32bi[i * 2 + 0]; x1 = hd->u.state32bi[i * 2 + 1]; @@ -182,8 +192,9 @@ keccak_extract_inplace32bi(KECCAK_STATE *hd, unsigned int outlen) t = (x1 ^ (x1 >> 2)) & 0x0C0C0C0CUL; x1 = x1 ^ t ^ (t << 2); t = (x1 ^ (x1 >> 1)) & 0x22222222UL; x1 = x1 ^ t ^ (t << 1); - hd->u.state32bi[i * 2 + 0] = le_bswap32(x0); - hd->u.state32bi[i * 2 + 1] = le_bswap32(x1); + buf_put_le32(&outbuf[0], x0); + buf_put_le32(&outbuf[4], x1); + outbuf += 8; } return 0; @@ -249,7 +260,7 @@ static const keccak_ops_t keccak_generic64_ops = { .permute = keccak_f1600_state_permute64, .absorb = keccak_absorb_lanes64, - .extract_inplace = keccak_extract_inplace64, + .extract = keccak_extract64, }; #endif /* USE_64BIT */ @@ -300,7 +311,7 @@ static const keccak_ops_t keccak_shld_64_ops = { .permute = keccak_f1600_state_permute64_shld, .absorb = keccak_absorb_lanes64_shld, - .extract_inplace = keccak_extract_inplace64, + .extract = keccak_extract64, }; #endif /* USE_64BIT_SHLD */ @@ -356,7 +367,7 @@ static const keccak_ops_t keccak_bmi2_64_ops = { .permute = keccak_f1600_state_permute64_bmi2, .absorb = keccak_absorb_lanes64_bmi2, - .extract_inplace = keccak_extract_inplace64, + .extract = keccak_extract64, }; #endif /* USE_64BIT_BMI2 */ @@ -404,7 +415,7 @@ static const keccak_ops_t keccak_generic32bi_ops = { .permute = keccak_f1600_state_permute32bi, .absorb = keccak_absorb_lanes32bi, - .extract_inplace = keccak_extract_inplace32bi, + .extract = keccak_extract32bi, }; #endif /* USE_32BIT */ @@ -483,14 +494,17 @@ keccak_absorb_lanes32bi_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes, } static unsigned int -keccak_extract_inplace32bi_bmi2(KECCAK_STATE *hd, unsigned int outlen) +keccak_extract32bi_bmi2(KECCAK_STATE *hd, unsigned int pos, byte *outbuf, + unsigned int outlen) { unsigned int i; u32 x0; u32 x1; u32 t; - for (i = 0; i < outlen / 8 + !!(outlen % 8); i++) + /* NOTE: when pos == 0, hd and outbuf may point to same memory (SHA-3). */ + + for (i = pos; i < pos + outlen / 8 + !!(outlen % 8); i++) { x0 = hd->u.state32bi[i * 2 + 0]; x1 = hd->u.state32bi[i * 2 + 1]; @@ -502,8 +516,9 @@ keccak_extract_inplace32bi_bmi2(KECCAK_STATE *hd, unsigned int outlen) x0 = pdep(pext(x0, 0xffff0001), 0xaaaaaaab) | pdep(x0 >> 1, 0x55555554); x1 = pdep(pext(x1, 0xffff0001), 0xaaaaaaab) | pdep(x1 >> 1, 0x55555554); - hd->u.state32bi[i * 2 + 0] = le_bswap32(x0); - hd->u.state32bi[i * 2 + 1] = le_bswap32(x1); + buf_put_le32(&outbuf[0], x0); + buf_put_le32(&outbuf[4], x1); + outbuf += 8; } return 0; @@ -513,7 +528,7 @@ static const keccak_ops_t keccak_bmi2_32bi_ops = { .permute = keccak_f1600_state_permute32bi_bmi2, .absorb = keccak_absorb_lanes32bi_bmi2, - .extract_inplace = keccak_extract_inplace32bi_bmi2, + .extract = keccak_extract32bi_bmi2, }; #endif /* USE_32BIT */ @@ -638,21 +653,35 @@ keccak_init (int algo, void *context, unsigned int flags) switch (algo) { case GCRY_MD_SHA3_224: + ctx->suffix = SHA3_DELIMITED_SUFFIX; ctx->blocksize = 1152 / 8; ctx->outlen = 224 / 8; break; case GCRY_MD_SHA3_256: + ctx->suffix = SHA3_DELIMITED_SUFFIX; ctx->blocksize = 1088 / 8; ctx->outlen = 256 / 8; break; case GCRY_MD_SHA3_384: + ctx->suffix = SHA3_DELIMITED_SUFFIX; ctx->blocksize = 832 / 8; ctx->outlen = 384 / 8; break; case GCRY_MD_SHA3_512: + ctx->suffix = SHA3_DELIMITED_SUFFIX; ctx->blocksize = 576 / 8; ctx->outlen = 512 / 8; break; + case GCRY_MD_SHAKE128: + ctx->suffix = SHAKE_DELIMITED_SUFFIX; + ctx->blocksize = 1344 / 8; + ctx->outlen = 0; + break; + case GCRY_MD_SHAKE256: + ctx->suffix = SHAKE_DELIMITED_SUFFIX; + ctx->blocksize = 1088 / 8; + ctx->outlen = 0; + break; default: BUG(); } @@ -682,6 +711,17 @@ sha3_512_init (void *context, unsigned int flags) keccak_init (GCRY_MD_SHA3_512, context, flags); } +static void +shake128_init (void *context, unsigned int flags) +{ + keccak_init (GCRY_MD_SHAKE128, context, flags); +} + +static void +shake256_init (void *context, unsigned int flags) +{ + keccak_init (GCRY_MD_SHAKE256, context, flags); +} /* The routine final terminates the computation and * returns the digest. @@ -696,7 +736,7 @@ keccak_final (void *context) KECCAK_CONTEXT *ctx = context; KECCAK_STATE *hd = &ctx->state; const size_t bsize = ctx->blocksize; - const byte suffix = SHA3_DELIMITED_SUFFIX; + const byte suffix = ctx->suffix; unsigned int nburn, burn = 0; unsigned int lastbytes; byte lane[8]; @@ -716,21 +756,21 @@ keccak_final (void *context) nburn = ctx->ops->absorb(&ctx->state, (bsize - 1) / 8, lane, 1, -1); burn = nburn > burn ? nburn : burn; - /* Switch to the squeezing phase. */ - nburn = ctx->ops->permute(hd); - burn = nburn > burn ? nburn : burn; - - /* Squeeze out all the output blocks */ - if (ctx->outlen < bsize) + if (suffix == SHA3_DELIMITED_SUFFIX) { - /* Output SHA3 digest. */ - nburn = ctx->ops->extract_inplace(hd, ctx->outlen); + /* Switch to the squeezing phase. */ + nburn = ctx->ops->permute(hd); + burn = nburn > burn ? nburn : burn; + + /* Squeeze out the SHA3 digest. */ + nburn = ctx->ops->extract(hd, 0, (void *)hd, ctx->outlen); burn = nburn > burn ? nburn : burn; } else { - /* Output SHAKE digest. */ - BUG(); + /* Output for SHAKE can now be read with md_extract(). */ + + ctx->count = 0; } wipememory(lane, sizeof(lane)); @@ -748,6 +788,124 @@ keccak_read (void *context) } +static void +keccak_extract (void *context, void *out, size_t outlen) +{ + KECCAK_CONTEXT *ctx = context; + KECCAK_STATE *hd = &ctx->state; + const size_t bsize = ctx->blocksize; + unsigned int nburn, burn = 0; + byte *outbuf = out; + unsigned int nlanes; + unsigned int nleft; + unsigned int count; + unsigned int i; + byte lane[8]; + + count = ctx->count; + + while (count && outlen && (outlen < 8 || count % 8)) + { + /* Extract partial lane. */ + nburn = ctx->ops->extract(hd, count / 8, lane, 8); + burn = nburn > burn ? nburn : burn; + + for (i = count % 8; outlen && i < 8; i++) + { + *outbuf++ = lane[i]; + outlen--; + count++; + } + + gcry_assert(count <= bsize); + + if (count == bsize) + count = 0; + } + + if (outlen >= 8 && count) + { + /* Extract tail of partial block. */ + nlanes = outlen / 8; + nleft = (bsize - count) / 8; + nlanes = nlanes < nleft ? nlanes : nleft; + + nburn = ctx->ops->extract(hd, count / 8, outbuf, nlanes * 8); + burn = nburn > burn ? nburn : burn; + outlen -= nlanes * 8; + outbuf += nlanes * 8; + count += nlanes * 8; + + gcry_assert(count <= bsize); + + if (count == bsize) + count = 0; + } + + while (outlen >= bsize) + { + gcry_assert(count == 0); + + /* Squeeze more. */ + nburn = ctx->ops->permute(hd); + burn = nburn > burn ? nburn : burn; + + /* Extract full block. */ + nburn = ctx->ops->extract(hd, 0, outbuf, bsize); + burn = nburn > burn ? nburn : burn; + + outlen -= bsize; + outbuf += bsize; + } + + if (outlen) + { + gcry_assert(outlen < bsize); + + if (count == 0) + { + /* Squeeze more. */ + nburn = ctx->ops->permute(hd); + burn = nburn > burn ? nburn : burn; + } + + if (outlen >= 8) + { + /* Extract head of partial block. */ + nlanes = outlen / 8; + nburn = ctx->ops->extract(hd, count / 8, outbuf, nlanes * 8); + burn = nburn > burn ? nburn : burn; + outlen -= nlanes * 8; + outbuf += nlanes * 8; + count += nlanes * 8; + + gcry_assert(count < bsize); + } + + if (outlen) + { + /* Extract head of partial lane. */ + nburn = ctx->ops->extract(hd, count / 8, lane, 8); + burn = nburn > burn ? nburn : burn; + + for (i = count % 8; outlen && i < 8; i++) + { + *outbuf++ = lane[i]; + outlen--; + count++; + } + + gcry_assert(count < bsize); + } + } + + ctx->count = count; + + if (burn) + _gcry_burn_stack (burn); +} + + /* Self-test section. @@ -829,6 +987,32 @@ selftests_keccak (int algo, int extended, selftest_report_func_t report) "\xa8\xaa\x18\xac\xe8\x28\x2a\x0e\x0d\xb5\x96\xc9\x0b\x0a\x7b\x87"; hash_len = 64; break; + + case GCRY_MD_SHAKE128: + short_hash = + "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7" + "\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f\x2c\xc8"; + long_hash = + "\x7b\x6d\xf6\xff\x18\x11\x73\xb6\xd7\x89\x8d\x7f\xf6\x3f\xb0\x7b" + "\x7c\x23\x7d\xaf\x47\x1a\x5a\xe5\x60\x2a\xdb\xcc\xef\x9c\xcf\x4b"; + one_million_a_hash = + "\x9d\x22\x2c\x79\xc4\xff\x9d\x09\x2c\xf6\xca\x86\x14\x3a\xa4\x11" + "\xe3\x69\x97\x38\x08\xef\x97\x09\x32\x55\x82\x6c\x55\x72\xef\x58"; + hash_len = 32; + break; + + case GCRY_MD_SHAKE256: + short_hash = + "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11\x4d" + "\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b\x57\x39"; + long_hash = + "\x98\xbe\x04\x51\x6c\x04\xcc\x73\x59\x3f\xef\x3e\xd0\x35\x2e\xa9" + "\xf6\x44\x39\x42\xd6\x95\x0e\x29\xa3\x72\xa6\x81\xc3\xde\xaf\x45"; + one_million_a_hash = + "\x35\x78\xa7\xa4\xca\x91\x37\x56\x9c\xdf\x76\xed\x61\x7d\x31\xbb" + "\x99\x4f\xca\x9c\x1b\xbf\x8b\x18\x40\x13\xde\x82\x34\xdf\xd1\x3a"; + hash_len = 32; + break; } what = "short string"; @@ -876,6 +1060,8 @@ run_selftests (int algo, int extended, selftest_report_func_t report) case GCRY_MD_SHA3_256: case GCRY_MD_SHA3_384: case GCRY_MD_SHA3_512: + case GCRY_MD_SHAKE128: + case GCRY_MD_SHAKE256: ec = selftests_keccak (algo, extended, report); break; default: @@ -921,7 +1107,22 @@ static gcry_md_oid_spec_t oid_spec_sha3_512[] = { "?" }, { NULL } }; - +static byte shake128_asn[] = { 0x30 }; +static gcry_md_oid_spec_t oid_spec_shake128[] = + { + { "2.16.840.1.101.3.4.2.11" }, + /* PKCS#1 shake128WithRSAEncryption */ + { "?" }, + { NULL } + }; +static byte shake256_asn[] = { 0x30 }; +static gcry_md_oid_spec_t oid_spec_shake256[] = + { + { "2.16.840.1.101.3.4.2.12" }, + /* PKCS#1 shake256WithRSAEncryption */ + { "?" }, + { NULL } + }; gcry_md_spec_t _gcry_digest_spec_sha3_224 = { @@ -955,3 +1156,19 @@ gcry_md_spec_t _gcry_digest_spec_sha3_512 = sizeof (KECCAK_CONTEXT), run_selftests }; +gcry_md_spec_t _gcry_digest_spec_shake128 = + { + GCRY_MD_SHAKE128, {0, 1}, + "SHAKE128", shake128_asn, DIM (shake128_asn), oid_spec_shake128, 0, + shake128_init, keccak_write, keccak_final, NULL, keccak_extract, + sizeof (KECCAK_CONTEXT), + run_selftests + }; +gcry_md_spec_t _gcry_digest_spec_shake256 = + { + GCRY_MD_SHAKE256, {0, 1}, + "SHAKE256", shake256_asn, DIM (shake256_asn), oid_spec_shake256, 0, + shake256_init, keccak_write, keccak_final, NULL, keccak_extract, + sizeof (KECCAK_CONTEXT), + run_selftests + }; diff --git a/cipher/md.c b/cipher/md.c index 6ef8fee..15d944d 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -56,6 +56,8 @@ static gcry_md_spec_t *digest_list[] = &_gcry_digest_spec_sha3_256, &_gcry_digest_spec_sha3_384, &_gcry_digest_spec_sha3_512, + &_gcry_digest_spec_shake128, + &_gcry_digest_spec_shake256, #endif #ifdef USE_GOST_R_3411_94 &_gcry_digest_spec_gost3411_94, diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index facdf65..cdb7644 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3037,7 +3037,7 @@ are also supported. @c begin table of hash algorithms @cindex SHA-1 @cindex SHA-224, SHA-256, SHA-384, SHA-512 - at cindex SHA3-224, SHA3-256, SHA3-384, SHA3-512 + at cindex SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256 @cindex RIPE-MD-160 @cindex MD2, MD4, MD5 @cindex TIGER, TIGER1, TIGER2 @@ -3126,6 +3126,16 @@ See FIPS 202 for the specification. This is the SHA3-384 algorithm which yields a message digest of 64 bytes. See FIPS 202 for the specification. + at item GCRY_MD_SHAKE128 +This is the SHAKE128 extendable-output function (XOF) algorithm with 128 bit +security strength. +See FIPS 202 for the specification. + + at item GCRY_MD_SHAKE256 +This is the SHAKE256 extendable-output function (XOF) algorithm with 256 bit +security strength. +See FIPS 202 for the specification. + @item GCRY_MD_CRC32 This is the ISO 3309 and ITU-T V.42 cyclic redundancy check. It yields an output of 4 bytes. Note that this is not a hash algorithm in the diff --git a/src/cipher.h b/src/cipher.h index d96fdb9..c4b306a 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -295,6 +295,8 @@ extern gcry_md_spec_t _gcry_digest_spec_sha3_224; extern gcry_md_spec_t _gcry_digest_spec_sha3_256; extern gcry_md_spec_t _gcry_digest_spec_sha3_512; extern gcry_md_spec_t _gcry_digest_spec_sha3_384; +extern gcry_md_spec_t _gcry_digest_spec_shake128; +extern gcry_md_spec_t _gcry_digest_spec_shake256; extern gcry_md_spec_t _gcry_digest_spec_tiger; extern gcry_md_spec_t _gcry_digest_spec_tiger1; extern gcry_md_spec_t _gcry_digest_spec_tiger2; diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 39be37a..5ddeee3 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -1174,7 +1174,9 @@ enum gcry_md_algos GCRY_MD_SHA3_224 = 312, GCRY_MD_SHA3_256 = 313, GCRY_MD_SHA3_384 = 314, - GCRY_MD_SHA3_512 = 315 + GCRY_MD_SHA3_512 = 315, + GCRY_MD_SHAKE128 = 316, + GCRY_MD_SHAKE256 = 317 }; /* Flags used with the open function. */ diff --git a/tests/basic.c b/tests/basic.c index 75ff349..0762a89 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -5265,13 +5265,15 @@ check_cipher_modes(void) fprintf (stderr, "Completed Cipher Mode checks.\n"); } + static void -check_one_md (int algo, const char *data, int len, const char *expect) +check_one_md (int algo, const char *data, int len, const char *expect, int elen) { gcry_md_hd_t hd, hd2; unsigned char *p; int mdlen; int i; + int xof = 0; gcry_error_t err = 0; err = gcry_md_open (&hd, algo, 0); @@ -5284,8 +5286,15 @@ check_one_md (int algo, const char *data, int len, const char *expect) mdlen = gcry_md_get_algo_dlen (algo); if (mdlen < 1 || mdlen > 500) { - fail ("algo %d, gcry_md_get_algo_dlen failed: %d\n", algo, mdlen); - return; + if (mdlen == 0 && (algo == GCRY_MD_SHAKE128 || algo == GCRY_MD_SHAKE256)) + { + xof = 1; + } + else + { + fail ("algo %d, gcry_md_get_algo_dlen failed: %d\n", algo, mdlen); + return; + } } if (*data == '!' && !data[1]) @@ -5326,19 +5335,168 @@ check_one_md (int algo, const char *data, int len, const char *expect) gcry_md_close (hd); - p = gcry_md_read (hd2, algo); + if (!xof) + { + p = gcry_md_read (hd2, algo); - if (memcmp (p, expect, mdlen)) + if (memcmp (p, expect, mdlen)) + { + printf ("computed: "); + for (i = 0; i < mdlen; i++) + printf ("%02x ", p[i] & 0xFF); + printf ("\nexpected: "); + for (i = 0; i < mdlen; i++) + printf ("%02x ", expect[i] & 0xFF); + printf ("\n"); + + fail ("algo %d, digest mismatch\n", algo); + } + + } + else { - printf ("computed: "); - for (i = 0; i < mdlen; i++) - printf ("%02x ", p[i] & 0xFF); - printf ("\nexpected: "); - for (i = 0; i < mdlen; i++) - printf ("%02x ", expect[i] & 0xFF); - printf ("\n"); + char buf[1000]; + int outmax = sizeof(buf) > elen ? elen : sizeof(buf); - fail ("algo %d, digest mismatch\n", algo); + err = gcry_md_copy (&hd, hd2); + if (err) + { + fail ("algo %d, gcry_md_copy failed: %s\n", algo, gpg_strerror (err)); + } + + err = gcry_md_extract(hd2, algo, buf, outmax); + if (err) + { + fail ("algo %d, gcry_md_extract failed: %s\n", algo, gpg_strerror (err)); + } + + if (memcmp (buf, expect, outmax)) + { + printf ("computed: "); + for (i = 0; i < outmax; i++) + printf ("%02x ", buf[i] & 0xFF); + printf ("\nexpected: "); + for (i = 0; i < outmax; i++) + printf ("%02x ", expect[i] & 0xFF); + printf ("\n"); + + fail ("algo %d, digest mismatch\n", algo); + } + + memset(buf, 0, sizeof(buf)); + + /* Extract one byte at time. */ + for (i = 0; i < outmax && !err; i++) + err = gcry_md_extract(hd, algo, &buf[i], 1); + if (err) + { + fail ("algo %d, gcry_md_extract failed: %s\n", algo, gpg_strerror (err)); + } + + if (memcmp (buf, expect, outmax)) + { + printf ("computed: "); + for (i = 0; i < outmax; i++) + printf ("%02x ", buf[i] & 0xFF); + printf ("\nexpected: "); + for (i = 0; i < outmax; i++) + printf ("%02x ", expect[i] & 0xFF); + printf ("\n"); + + fail ("algo %d, digest mismatch\n", algo); + } + + if (*data == '!' && !data[1]) + { + int crcalgo = GCRY_MD_RMD160; + gcry_md_hd_t crc1, crc2; + size_t startlen; + size_t piecelen; + size_t left; + const unsigned char *p1, *p2; + int crclen; + + crclen = gcry_md_get_algo_dlen (crcalgo); + + err = gcry_md_open (&crc1, crcalgo, 0); + if (err) + { + fail ("algo %d, crcalgo: %d, gcry_md_open failed: %s\n", algo, + crcalgo, gpg_strerror (err)); + return; + } + + err = gcry_md_open (&crc2, crcalgo, 0); + if (err) + { + fail ("algo %d, crcalgo: %d, gcry_md_open failed: %s\n", algo, + crcalgo, gpg_strerror (err)); + return; + } + + /* Extract large chucks, total 1000000 additional bytes. */ + for (i = 0; i < 1000; i++) + { + err = gcry_md_extract(hd, algo, buf, 1000); + if (!err) + gcry_md_write(crc1, buf, 1000); + } + if (err) + { + fail ("algo %d, gcry_md_extract failed: %s\n", algo, + gpg_strerror (err)); + } + + /* Extract in odd size chunks, total 1000000 additional bytes. */ + left = 1000 * 1000; + startlen = 1; + piecelen = startlen; + + while (!err && left > 0) + { + if (piecelen > sizeof(buf)) + piecelen = sizeof(buf); + if (piecelen > left) + piecelen = left; + + err = gcry_md_extract (hd2, algo, buf, piecelen); + if (!err) + gcry_md_write(crc2, buf, piecelen); + if (err) + { + fail ("algo %d, gcry_md_extract failed: %s\n", algo, + gpg_strerror (err)); + } + + left -= piecelen; + + if (piecelen == sizeof(buf)) + piecelen = ++startlen; + else + piecelen = piecelen * 2 - ((piecelen != startlen) ? startlen : 0); + } + + p1 = gcry_md_read (crc1, crcalgo); + p2 = gcry_md_read (crc2, crcalgo); + + if (memcmp (p1, p2, crclen)) + { + printf ("computed: "); + for (i = 0; i < crclen; i++) + printf ("%02x ", p2[i] & 0xFF); + printf ("\nexpected: "); + for (i = 0; i < crclen; i++) + printf ("%02x ", p1[i] & 0xFF); + printf ("\n"); + + fail ("algo %d, large xof output mismatch\n", algo); + } + + gcry_md_close (crc1); + gcry_md_close (crc2); + } + + gcry_md_close (hd); } gcry_md_close (hd2); @@ -5358,6 +5516,9 @@ check_one_md_multi (int algo, const char *data, int len, const char *expect) mdlen = gcry_md_get_algo_dlen (algo); if (mdlen < 1 || mdlen > 64) { + if (mdlen == 0 && (algo == GCRY_MD_SHAKE128 || algo == GCRY_MD_SHAKE256)) + return; + fail ("check_one_md_multi: algo %d, gcry_md_get_algo_dlen failed: %d\n", algo, mdlen); return; @@ -5420,6 +5581,7 @@ check_digests (void) const char *data; const char *expect; int datalen; + int expectlen; } algos[] = { { GCRY_MD_MD2, "", @@ -5917,7 +6079,238 @@ check_digests (void) #include "./sha3-256.h" #include "./sha3-384.h" #include "./sha3-512.h" - { 0 } + { GCRY_MD_SHAKE128, + "", + "\x7F\x9C\x2B\xA4\xE8\x8F\x82\x7D\x61\x60\x45\x50\x76\x05\x85\x3E" + "\xD7\x3B\x80\x93\xF6\xEF\xBC\x88\xEB\x1A\x6E\xAC\xFA\x66\xEF\x26" + "\x3C\xB1\xEE\xA9\x88\x00\x4B\x93\x10\x3C\xFB\x0A\xEE\xFD\x2A\x68" + "\x6E\x01\xFA\x4A\x58\xE8\xA3\x63\x9C\xA8\xA1\xE3\xF9\xAE\x57\xE2" + "\x35\xB8\xCC\x87\x3C\x23\xDC\x62\xB8\xD2\x60\x16\x9A\xFA\x2F\x75" + "\xAB\x91\x6A\x58\xD9\x74\x91\x88\x35\xD2\x5E\x6A\x43\x50\x85\xB2" + "\xBA\xDF\xD6\xDF\xAA\xC3\x59\xA5\xEF\xBB\x7B\xCC\x4B\x59\xD5\x38" + "\xDF\x9A\x04\x30\x2E\x10\xC8\xBC\x1C\xBF\x1A\x0B\x3A\x51\x20\xEA" + "\x17\xCD\xA7\xCF\xAD\x76\x5F\x56\x23\x47\x4D\x36\x8C\xCC\xA8\xAF" + "\x00\x07\xCD\x9F\x5E\x4C\x84\x9F\x16\x7A\x58\x0B\x14\xAA\xBD\xEF" + "\xAE\xE7\xEE\xF4\x7C\xB0\xFC\xA9\x76\x7B\xE1\xFD\xA6\x94\x19\xDF" + "\xB9\x27\xE9\xDF\x07\x34\x8B\x19\x66\x91\xAB\xAE\xB5\x80\xB3\x2D" + "\xEF\x58\x53\x8B\x8D\x23\xF8\x77\x32\xEA\x63\xB0\x2B\x4F\xA0\xF4" + "\x87\x33\x60\xE2\x84\x19\x28\xCD\x60\xDD\x4C\xEE\x8C\xC0\xD4\xC9" + "\x22\xA9\x61\x88\xD0\x32\x67\x5C\x8A\xC8\x50\x93\x3C\x7A\xFF\x15" + "\x33\xB9\x4C\x83\x4A\xDB\xB6\x9C\x61\x15\xBA\xD4\x69\x2D\x86\x19" + "\xF9\x0B\x0C\xDF\x8A\x7B\x9C\x26\x40\x29\xAC\x18\x5B\x70\xB8\x3F" + "\x28\x01\xF2\xF4\xB3\xF7\x0C\x59\x3E\xA3\xAE\xEB\x61\x3A\x7F\x1B" + "\x1D\xE3\x3F\xD7\x50\x81\xF5\x92\x30\x5F\x2E\x45\x26\xED\xC0\x96" + "\x31\xB1\x09\x58\xF4\x64\xD8\x89\xF3\x1B\xA0\x10\x25\x0F\xDA\x7F" + "\x13\x68\xEC\x29\x67\xFC\x84\xEF\x2A\xE9\xAF\xF2\x68\xE0\xB1\x70" + "\x0A\xFF\xC6\x82\x0B\x52\x3A\x3D\x91\x71\x35\xF2\xDF\xF2\xEE\x06" + "\xBF\xE7\x2B\x31\x24\x72\x1D\x4A\x26\xC0\x4E\x53\xA7\x5E\x30\xE7" + "\x3A\x7A\x9C\x4A\x95\xD9\x1C\x55\xD4\x95\xE9\xF5\x1D\xD0\xB5\xE9" + "\xD8\x3C\x6D\x5E\x8C\xE8\x03\xAA\x62\xB8\xD6\x54\xDB\x53\xD0\x9B" + "\x8D\xCF\xF2\x73\xCD\xFE\xB5\x73\xFA\xD8\xBC\xD4\x55\x78\xBE\xC2" + "\xE7\x70\xD0\x1E\xFD\xE8\x6E\x72\x1A\x3F\x7C\x6C\xCE\x27\x5D\xAB" + "\xE6\xE2\x14\x3F\x1A\xF1\x8D\xA7\xEF\xDD\xC4\xC7\xB7\x0B\x5E\x34" + "\x5D\xB9\x3C\xC9\x36\xBE\xA3\x23\x49\x1C\xCB\x38\xA3\x88\xF5\x46" + "\xA9\xFF\x00\xDD\x4E\x13\x00\xB9\xB2\x15\x3D\x20\x41\xD2\x05\xB4" + "\x43\xE4\x1B\x45\xA6\x53\xF2\xA5\xC4\x49\x2C\x1A\xDD\x54\x45\x12" + "\xDD\xA2\x52\x98\x33\x46\x2B\x71\xA4\x1A\x45\xBE\x97\x29\x0B\x6F", + 0, 512, }, + { GCRY_MD_SHAKE128, + "\x5A\xAB\x62\x75\x6D\x30\x7A\x66\x9D\x14\x6A\xBA\x98\x8D\x90\x74" + "\xC5\xA1\x59\xB3\xDE\x85\x15\x1A\x81\x9B\x11\x7C\xA1\xFF\x65\x97" + "\xF6\x15\x6E\x80\xFD\xD2\x8C\x9C\x31\x76\x83\x51\x64\xD3\x7D\xA7" + "\xDA\x11\xD9\x4E\x09\xAD\xD7\x70\xB6\x8A\x6E\x08\x1C\xD2\x2C\xA0" + "\xC0\x04\xBF\xE7\xCD\x28\x3B\xF4\x3A\x58\x8D\xA9\x1F\x50\x9B\x27" + "\xA6\x58\x4C\x47\x4A\x4A\x2F\x3E\xE0\xF1\xF5\x64\x47\x37\x92\x40" + "\xA5\xAB\x1F\xB7\x7F\xDC\xA4\x9B\x30\x5F\x07\xBA\x86\xB6\x27\x56" + "\xFB\x9E\xFB\x4F\xC2\x25\xC8\x68\x45\xF0\x26\xEA\x54\x20\x76\xB9" + "\x1A\x0B\xC2\xCD\xD1\x36\xE1\x22\xC6\x59\xBE\x25\x9D\x98\xE5\x84" + "\x1D\xF4\xC2\xF6\x03\x30\xD4\xD8\xCD\xEE\x7B\xF1\xA0\xA2\x44\x52" + "\x4E\xEC\xC6\x8F\xF2\xAE\xF5\xBF\x00\x69\xC9\xE8\x7A\x11\xC6\xE5" + "\x19\xDE\x1A\x40\x62\xA1\x0C\x83\x83\x73\x88\xF7\xEF\x58\x59\x8A" + "\x38\x46\xF4\x9D\x49\x96\x82\xB6\x83\xC4\xA0\x62\xB4\x21\x59\x4F" + "\xAF\xBC\x13\x83\xC9\x43\xBA\x83\xBD\xEF\x51\x5E\xFC\xF1\x0D", + "\xF0\x71\x5D\xE3\x56\x92\xFD\x70\x12\x3D\xC6\x83\x68\xD0\xFE\xEC" + "\x06\xA0\xC7\x4C\xF8\xAD\xB0\x5D\xDC\x25\x54\x87\xB1\xA8\xD4\xD1" + "\x21\x3E\x9E\xAB\xAF\x41\xF1\x16\x17\x19\xD0\x65\xD7\x94\xB7\x50" + "\xF8\x4B\xE3\x2A\x32\x34\xB4\xD5\x36\x46\x0D\x55\x20\x68\x8A\x5A" + "\x79\xA1\x7A\x4B\xA8\x98\x7F\xCB\x61\xBF\x7D\xAA\x8B\x54\x7B\xF5" + "\xC1\xCE\x36\xB5\x6A\x73\x25\x7D\xBB\xF1\xBA\xBB\x64\xF2\x49\xBD" + "\xCE\xB6\x7B\xA1\xC8\x88\x37\x0A\x96\x3D\xFD\x6B\x6A\x2A\xDE\x2C" + "\xEF\xD1\x4C\x32\x52\xCB\x37\x58\x52\x0F\x0C\x65\xF4\x52\x46\x82" + "\x77\x24\x99\x46\x3A\xE1\xA3\x41\x80\x01\x83\xAA\x60\xEF\xA0\x51" + "\x18\xA2\x82\x01\x74\x4F\x7B\xA0\xB0\xA3\x92\x8D\xD7\xC0\x26\x3F" + "\xD2\x64\xB7\xCD\x7B\x2E\x2E\x09\xB3\x22\xBF\xCE\xA8\xEE\xD0\x42" + "\x75\x79\x5B\xE7\xC0\xF0\x0E\x11\x38\x27\x37\x0D\x05\x1D\x50\x26" + "\x95\x80\x30\x00\x05\xAC\x12\x88\xFE\xA6\xCD\x9A\xE9\xF4\xF3\x7C" + "\xE0\xF8\xAC\xE8\xBF\x3E\xBE\x1D\x70\x56\x25\x59\x54\xC7\x61\x93" + "\x1D\x3C\x42\xED\x62\xF7\xF1\xCE\x1B\x94\x5C\xDE\xCC\x0A\x74\x32" + "\x2D\x7F\x64\xD6\x00\x4F\xF2\x16\x84\x14\x93\x07\x28\x8B\x44\x8E" + "\x45\x43\x34\x75\xB1\xEA\x13\x14\xB0\x0F\x1F\xC4\x50\x08\x9A\x9D" + "\x1F\x77\x10\xC6\xD7\x65\x2E\xCF\x65\x4F\x3B\x48\x7D\x02\x83\xD4" + "\xD8\xA2\x8E\xFB\x50\x66\xC4\x25\x0D\x5A\xD6\x98\xE1\x5D\xBA\x88" + "\xE9\x25\xE4\xDE\x99\xB6\x9B\xC3\x83\xAC\x80\x45\xB7\xF1\x02\x2A" + "\xDD\x39\xD4\x43\x54\x6A\xE0\x92\x4F\x13\xF4\x89\x60\x96\xDF\xDF" + "\x37\xCA\x72\x20\x79\x87\xC4\xA7\x70\x5A\x7A\xBE\x72\x4B\x7F\xA1" + "\x0C\x90\x9F\x39\x25\x44\x9F\x01\x0D\x61\xE2\x07\xAD\xD9\x52\x19" + "\x07\x1A\xCE\xED\xB9\xB9\xDC\xED\x32\xA9\xE1\x23\x56\x1D\x60\x82" + "\xD4\x6A\xEF\xAE\x07\xEE\x1B\xD1\x32\x76\x5E\x3E\x51\x3C\x66\x50" + "\x1B\x38\x7A\xB2\xEE\x09\xA0\x4A\xE6\x3E\x25\x80\x85\x17\xAF\xEA" + "\x3E\x05\x11\x69\xCF\xD2\xFF\xF8\xC5\x85\x8E\x2D\x96\x23\x89\x7C" + "\x9E\x85\x17\x5A\xC5\xA8\x63\x94\xCD\x0A\x32\xA0\xA6\x2A\x8F\x5D" + "\x6C\xCC\xBF\x49\x3D\xAA\x43\xF7\x83\x62\xBB\xCA\x40\xAD\xF7\x33" + "\xF8\x71\xE0\xC0\x09\x98\xD9\xBF\xD6\x88\x06\x56\x66\x6C\xD7\xBE" + "\x4F\xE9\x89\x2C\x61\xDC\xD5\xCD\x23\xA5\xE4\x27\x7E\xEE\x8B\x4A" + "\xFD\x29\xB6\x9B\xBA\x55\x66\x0A\x21\x71\x12\xFF\x6E\x34\x56\xB1", + 223, 512, }, + { GCRY_MD_SHAKE128, + "!", + "\x9d\x22\x2c\x79\xc4\xff\x9d\x09\x2c\xf6\xca\x86\x14\x3a\xa4\x11" + "\xe3\x69\x97\x38\x08\xef\x97\x09\x32\x55\x82\x6c\x55\x72\xef\x58" + "\x42\x4c\x4b\x5c\x28\x47\x5f\xfd\xcf\x98\x16\x63\x86\x7f\xec\x63" + "\x21\xc1\x26\x2e\x38\x7b\xcc\xf8\xca\x67\x68\x84\xc4\xa9\xd0\xc1" + "\x3b\xfa\x68\x69\x76\x3d\x5a\xe4\xbb\xc9\xb3\xcc\xd0\x9d\x1c\xa5" + "\xea\x74\x46\x53\x8d\x69\xb3\xfb\x98\xc7\x2b\x59\xa2\xb4\x81\x7d" + "\xb5\xea\xdd\x90\x11\xf9\x0f\xa7\x10\x91\x93\x1f\x81\x34\xf4\xf0" + "\x0b\x56\x2e\x2f\xe1\x05\x93\x72\x70\x36\x1c\x19\x09\x86\x2a\xd4" + "\x50\x46\xe3\x93\x2f\x5d\xd3\x11\xec\x72\xfe\xc5\xf8\xfb\x8f\x60" + "\xb4\x5a\x3b\xee\x3f\x85\xbb\xf7\xfc\xed\xc6\xa5\x55\x67\x76\x48" + "\xe0\x65\x4b\x38\x19\x41\xa8\x6b\xd3\xe5\x12\x65\x7b\x0d\x57\xa7" + "\x99\x1f\xc4\x54\x3f\x89\xd8\x29\x04\x92\x22\x2c\xe4\xa3\x3e\x17" + "\x60\x2b\x3b\x99\xc0\x09\xf7\x65\x5f\x87\x53\x5c\xda\xa3\x71\x6f" + "\x58\xc4\x7b\x8a\x15\x7a\xd1\x95\xf0\x28\x09\xf2\x75\x00\xb9\x25" + "\x49\x79\x31\x1c\x6b\xb4\x15\x96\x8c\xd1\x04\x31\x16\x9a\x27\xd5" + "\xa8\xd6\x1e\x13\xa6\xb8\xb7\x7a\xf1\xf8\xb6\xdd\x2e\xef\xde\xa0" + "\x40\x78\x96\x80\x49\x0b\x5e\xdc\xb1\xd3\xe5\x38\xa4\x66\xf7\x57" + "\xad\x71\x8f\xe1\xfd\x9f\xae\xef\xa4\x72\x46\xad\x5e\x36\x7f\x87" + "\xd3\xb4\x85\x0d\x44\x86\xeb\x21\x99\xe9\x4a\x79\x79\xe2\x09\x1a" + "\xbc\xdf\x3b\xc1\x33\x79\xc8\x96\xdc\xeb\x79\xa8\xfd\x08\xf1\x10" + "\x73\xf3\x3e\x3f\x99\x23\x22\xb3\x12\x02\xde\xe2\x34\x33\x0c\xf3" + "\x30\x4a\x58\x8f\x0d\x59\xda\xe4\xe6\x3b\xa2\xac\x3c\xe6\x82\xcc" + "\x19\xd4\xe3\x41\x67\x8c\xc3\xa6\x7a\x47\xc1\x13\xb4\xdb\x89\x0f" + "\x30\xa9\x2a\xa0\x8a\x1f\x6d\xc8\xfb\x64\x63\xf8\x03\x8c\x2b\x40" + "\xb2\x53\x00\x77\xb2\x36\xce\x88\xaf\xcc\xcd\xa0\x8a\xd6\xd7\x5e" + "\xee\x18\x99\xb1\x0c\xd8\x00\xc2\xce\x53\x72\xbf\xf2\x2e\xe3\xa3" + "\x39\xd4\xb9\xc1\xa2\xf5\xf4\xb8\x20\xf6\x87\xe5\x51\x9b\xd0\x5b" + "\x1f\xc5\xda\x0e\xb4\x53\x36\x81\x4f\x48\x13\x2c\x64\x0e\x66\xc3" + "\xa0\x2a\x22\xe6\x35\x98\xf9\x4f\x22\xf3\x51\x84\x11\x04\x46\xb6" + "\x48\xcf\x84\x74\xf3\x0c\x43\xea\xd5\x83\x09\xfb\x25\x90\x16\x09" + "\xe2\x41\x87\xe8\x01\xc8\x09\x56\x1a\x64\x80\x94\x50\xe6\x03\xc4" + "\xa8\x03\x95\x25\xc4\x76\xb5\x8e\x32\xce\x2c\x47\xb3\x7d\xa5\x91", + 0, 512, }, + { GCRY_MD_SHAKE256, + "", + "\x46\xB9\xDD\x2B\x0B\xA8\x8D\x13\x23\x3B\x3F\xEB\x74\x3E\xEB\x24" + "\x3F\xCD\x52\xEA\x62\xB8\x1B\x82\xB5\x0C\x27\x64\x6E\xD5\x76\x2F" + "\xD7\x5D\xC4\xDD\xD8\xC0\xF2\x00\xCB\x05\x01\x9D\x67\xB5\x92\xF6" + "\xFC\x82\x1C\x49\x47\x9A\xB4\x86\x40\x29\x2E\xAC\xB3\xB7\xC4\xBE" + "\x14\x1E\x96\x61\x6F\xB1\x39\x57\x69\x2C\xC7\xED\xD0\xB4\x5A\xE3" + "\xDC\x07\x22\x3C\x8E\x92\x93\x7B\xEF\x84\xBC\x0E\xAB\x86\x28\x53" + "\x34\x9E\xC7\x55\x46\xF5\x8F\xB7\xC2\x77\x5C\x38\x46\x2C\x50\x10" + "\xD8\x46\xC1\x85\xC1\x51\x11\xE5\x95\x52\x2A\x6B\xCD\x16\xCF\x86" + "\xF3\xD1\x22\x10\x9E\x3B\x1F\xDD\x94\x3B\x6A\xEC\x46\x8A\x2D\x62" + "\x1A\x7C\x06\xC6\xA9\x57\xC6\x2B\x54\xDA\xFC\x3B\xE8\x75\x67\xD6" + "\x77\x23\x13\x95\xF6\x14\x72\x93\xB6\x8C\xEA\xB7\xA9\xE0\xC5\x8D" + "\x86\x4E\x8E\xFD\xE4\xE1\xB9\xA4\x6C\xBE\x85\x47\x13\x67\x2F\x5C" + "\xAA\xAE\x31\x4E\xD9\x08\x3D\xAB\x4B\x09\x9F\x8E\x30\x0F\x01\xB8" + "\x65\x0F\x1F\x4B\x1D\x8F\xCF\x3F\x3C\xB5\x3F\xB8\xE9\xEB\x2E\xA2" + "\x03\xBD\xC9\x70\xF5\x0A\xE5\x54\x28\xA9\x1F\x7F\x53\xAC\x26\x6B" + "\x28\x41\x9C\x37\x78\xA1\x5F\xD2\x48\xD3\x39\xED\xE7\x85\xFB\x7F" + "\x5A\x1A\xAA\x96\xD3\x13\xEA\xCC\x89\x09\x36\xC1\x73\xCD\xCD\x0F" + "\xAB\x88\x2C\x45\x75\x5F\xEB\x3A\xED\x96\xD4\x77\xFF\x96\x39\x0B" + "\xF9\xA6\x6D\x13\x68\xB2\x08\xE2\x1F\x7C\x10\xD0\x4A\x3D\xBD\x4E" + "\x36\x06\x33\xE5\xDB\x4B\x60\x26\x01\xC1\x4C\xEA\x73\x7D\xB3\xDC" + "\xF7\x22\x63\x2C\xC7\x78\x51\xCB\xDD\xE2\xAA\xF0\xA3\x3A\x07\xB3" + "\x73\x44\x5D\xF4\x90\xCC\x8F\xC1\xE4\x16\x0F\xF1\x18\x37\x8F\x11" + "\xF0\x47\x7D\xE0\x55\xA8\x1A\x9E\xDA\x57\xA4\xA2\xCF\xB0\xC8\x39" + "\x29\xD3\x10\x91\x2F\x72\x9E\xC6\xCF\xA3\x6C\x6A\xC6\xA7\x58\x37" + "\x14\x30\x45\xD7\x91\xCC\x85\xEF\xF5\xB2\x19\x32\xF2\x38\x61\xBC" + "\xF2\x3A\x52\xB5\xDA\x67\xEA\xF7\xBA\xAE\x0F\x5F\xB1\x36\x9D\xB7" + "\x8F\x3A\xC4\x5F\x8C\x4A\xC5\x67\x1D\x85\x73\x5C\xDD\xDB\x09\xD2" + "\xB1\xE3\x4A\x1F\xC0\x66\xFF\x4A\x16\x2C\xB2\x63\xD6\x54\x12\x74" + "\xAE\x2F\xCC\x86\x5F\x61\x8A\xBE\x27\xC1\x24\xCD\x8B\x07\x4C\xCD" + "\x51\x63\x01\xB9\x18\x75\x82\x4D\x09\x95\x8F\x34\x1E\xF2\x74\xBD" + "\xAB\x0B\xAE\x31\x63\x39\x89\x43\x04\xE3\x58\x77\xB0\xC2\x8A\x9B" + "\x1F\xD1\x66\xC7\x96\xB9\xCC\x25\x8A\x06\x4A\x8F\x57\xE2\x7F\x2A", + 0, 512, }, + { GCRY_MD_SHAKE256, + "\xB3\x2D\x95\xB0\xB9\xAA\xD2\xA8\x81\x6D\xE6\xD0\x6D\x1F\x86\x00" + "\x85\x05\xBD\x8C\x14\x12\x4F\x6E\x9A\x16\x3B\x5A\x2A\xDE\x55\xF8" + "\x35\xD0\xEC\x38\x80\xEF\x50\x70\x0D\x3B\x25\xE4\x2C\xC0\xAF\x05" + "\x0C\xCD\x1B\xE5\xE5\x55\xB2\x30\x87\xE0\x4D\x7B\xF9\x81\x36\x22" + "\x78\x0C\x73\x13\xA1\x95\x4F\x87\x40\xB6\xEE\x2D\x3F\x71\xF7\x68" + "\xDD\x41\x7F\x52\x04\x82\xBD\x3A\x08\xD4\xF2\x22\xB4\xEE\x9D\xBD" + "\x01\x54\x47\xB3\x35\x07\xDD\x50\xF3\xAB\x42\x47\xC5\xDE\x9A\x8A" + "\xBD\x62\xA8\xDE\xCE\xA0\x1E\x3B\x87\xC8\xB9\x27\xF5\xB0\x8B\xEB" + "\x37\x67\x4C\x6F\x8E\x38\x0C\x04", + "\xCC\x2E\xAA\x04\xEE\xF8\x47\x9C\xDA\xE8\x56\x6E\xB8\xFF\xA1\x10" + "\x0A\x40\x79\x95\xBF\x99\x9A\xE9\x7E\xDE\x52\x66\x81\xDC\x34\x90" + "\x61\x6F\x28\x44\x2D\x20\xDA\x92\x12\x4C\xE0\x81\x58\x8B\x81\x49" + "\x1A\xED\xF6\x5C\xAA\xF0\xD2\x7E\x82\xA4\xB0\xE1\xD1\xCA\xB2\x38" + "\x33\x32\x8F\x1B\x8D\xA4\x30\xC8\xA0\x87\x66\xA8\x63\x70\xFA\x84" + "\x8A\x79\xB5\x99\x8D\xB3\xCF\xFD\x05\x7B\x96\xE1\xE2\xEE\x0E\xF2" + "\x29\xEC\xA1\x33\xC1\x55\x48\xF9\x83\x99\x02\x04\x37\x30\xE4\x4B" + "\xC5\x2C\x39\xFA\xDC\x1D\xDE\xEA\xD9\x5F\x99\x39\xF2\x20\xCA\x30" + "\x06\x61\x54\x0D\xF7\xED\xD9\xAF\x37\x8A\x5D\x4A\x19\xB2\xB9\x3E" + "\x6C\x78\xF4\x9C\x35\x33\x43\xA0\xB5\xF1\x19\x13\x2B\x53\x12\xD0" + "\x04\x83\x1D\x01\x76\x9A\x31\x6D\x2F\x51\xBF\x64\xCC\xB2\x0A\x21" + "\xC2\xCF\x7A\xC8\xFB\x6F\x6E\x90\x70\x61\x26\xBD\xAE\x06\x11\xDD" + "\x13\x96\x2E\x8B\x53\xD6\xEA\xE2\x6C\x7B\x0D\x25\x51\xDA\xF6\x24" + "\x8E\x9D\x65\x81\x73\x82\xB0\x4D\x23\x39\x2D\x10\x8E\x4D\x34\x43" + "\xDE\x5A\xDC\x72\x73\xC7\x21\xA8\xF8\x32\x0E\xCF\xE8\x17\x7A\xC0" + "\x67\xCA\x8A\x50\x16\x9A\x6E\x73\x00\x0E\xBC\xDC\x1E\x4E\xE6\x33" + "\x9F\xC8\x67\xC3\xD7\xAE\xAB\x84\x14\x63\x98\xD7\xBA\xDE\x12\x1D" + "\x19\x89\xFA\x45\x73\x35\x56\x4E\x97\x57\x70\xA3\xA0\x02\x59\xCA" + "\x08\x70\x61\x08\x26\x1A\xA2\xD3\x4D\xE0\x0F\x8C\xAC\x7D\x45\xD3" + "\x5E\x5A\xA6\x3E\xA6\x9E\x1D\x1A\x2F\x7D\xAB\x39\x00\xD5\x1E\x0B" + "\xC6\x53\x48\xA2\x55\x54\x00\x70\x39\xA5\x2C\x3C\x30\x99\x80\xD1" + "\x7C\xAD\x20\xF1\x15\x63\x10\xA3\x9C\xD3\x93\x76\x0C\xFE\x58\xF6" + "\xF8\xAD\xE4\x21\x31\x28\x82\x80\xA3\x5E\x1D\xB8\x70\x81\x83\xB9" + "\x1C\xFA\xF5\x82\x7E\x96\xB0\xF7\x74\xC4\x50\x93\xB4\x17\xAF\xF9" + "\xDD\x64\x17\xE5\x99\x64\xA0\x1B\xD2\xA6\x12\xFF\xCF\xBA\x18\xA0" + "\xF1\x93\xDB\x29\x7B\x9A\x6C\xC1\xD2\x70\xD9\x7A\xAE\x8F\x8A\x3A" + "\x6B\x26\x69\x5A\xB6\x64\x31\xC2\x02\xE1\x39\xD6\x3D\xD3\xA2\x47" + "\x78\x67\x6C\xEF\xE3\xE2\x1B\x02\xEC\x4E\x8F\x5C\xFD\x66\x58\x7A" + "\x12\xB4\x40\x78\xFC\xD3\x9E\xEE\x44\xBB\xEF\x4A\x94\x9A\x63\xC0" + "\xDF\xD5\x8C\xF2\xFB\x2C\xD5\xF0\x02\xE2\xB0\x21\x92\x66\xCF\xC0" + "\x31\x81\x74\x86\xDE\x70\xB4\x28\x5A\x8A\x70\xF3\xD3\x8A\x61\xD3" + "\x15\x5D\x99\xAA\xF4\xC2\x53\x90\xD7\x36\x45\xAB\x3E\x8D\x80\xF0", + 136, 512, }, + { GCRY_MD_SHAKE256, + "!", + "\x35\x78\xa7\xa4\xca\x91\x37\x56\x9c\xdf\x76\xed\x61\x7d\x31\xbb" + "\x99\x4f\xca\x9c\x1b\xbf\x8b\x18\x40\x13\xde\x82\x34\xdf\xd1\x3a" + "\x3f\xd1\x24\xd4\xdf\x76\xc0\xa5\x39\xee\x7d\xd2\xf6\xe1\xec\x34" + "\x61\x24\xc8\x15\xd9\x41\x0e\x14\x5e\xb5\x61\xbc\xd9\x7b\x18\xab" + "\x6c\xe8\xd5\x55\x3e\x0e\xab\x3d\x1f\x7d\xfb\x8f\x9d\xee\xfe\x16" + "\x84\x7e\x21\x92\xf6\xf6\x1f\xb8\x2f\xb9\x0d\xde\x60\xb1\x90\x63" + "\xc5\x6a\x4c\x55\xcd\xd7\xb6\x72\xb7\x5b\xf5\x15\xad\xbf\xe2\x04" + "\x90\x3c\x8c\x00\x36\xde\x54\xa2\x99\x9a\x92\x0d\xe9\x0f\x66\xd7" + "\xff\x6e\xc8\xe4\xc9\x3d\x24\xae\x34\x6f\xdc\xb3\xa5\xa5\xbd\x57" + "\x39\xec\x15\xa6\xed\xdb\x5c\xe5\xb0\x2d\xa5\x30\x39\xfa\xc6\x3e" + "\x19\x55\x5f\xaa\x2e\xdd\xc6\x93\xb1\xf0\xc2\xa6\xfc\xbe\x7c\x0a" + "\x0a\x09\x1d\x0e\xe7\x00\xd7\x32\x2e\x4b\x0f\xf0\x95\x90\xde\x16" + "\x64\x22\xf9\xea\xd5\xda\x4c\x99\x3d\x60\x5f\xe4\xd9\xc6\x34\x84" + "\x3a\xa1\x78\xb1\x76\x72\xc6\x56\x8c\x8a\x2e\x62\xab\xeb\xea\x2c" + "\x21\xc3\x02\xbd\x36\x6a\xd6\x98\x95\x9e\x1f\x6e\x43\x4a\xf1\x55" + "\x56\x8b\x27\x34\xd8\x37\x9f\xcd\x3f\xfe\x64\x89\xba\xff\xa6\xd7" + "\x11\x09\x44\x2e\x1b\x34\x4f\x13\x8a\x09\xca\xe3\xe2\xd3\x94\x2e" + "\xee\x82\x8f\xc4\x7e\x64\xde\xb5\xe0\x0a\x02\x4a\xe1\xf2\xc0\x77" + "\xe6\xb7\xb1\x33\xf6\xc1\xde\x91\x30\x92\xd4\xe8\x29\xec\xd2\xb2" + "\xef\x28\xca\x80\x20\x82\x1e\x2b\x8b\xe5\x17\xd9\x3e\xd0\x88\x36" + "\xf6\xf0\x66\xcc\x3d\x03\xb6\x25\xd8\x49\x7f\x29\xdb\xc1\xc3\x9e" + "\x6f\xe4\x63\x22\x6f\x85\xc1\x28\xa2\xc2\x98\x88\x11\x2e\x06\xa9" + "\x9c\x5d\x17\xb2\x5e\x90\x0d\x20\x4f\x39\x72\x31\xcd\xf7\x9c\x31" + "\x34\x46\x53\x2d\xad\x07\xf4\xc0\xbd\x9f\xba\x1d\xd4\x13\xd8\xa7" + "\xe6\xcb\xc0\xa0\x86\x2c\xc7\x69\x23\x9a\x89\xf9\xdb\x08\x5b\x78" + "\xa0\x54\x59\x6a\xd7\x08\x0d\xdf\x96\x01\x9b\x73\x99\xb5\x03\x48" + "\x0e\x5a\x65\xa2\x20\x8d\x74\x72\x4c\x98\x7d\x32\x5e\x9b\x0e\x82" + "\xfe\xcd\x4f\x27\xf3\x13\x5b\x1d\x9e\x27\xb4\x8e\x69\xdd\x6f\x59" + "\x62\xb8\xa6\x3b\x48\x92\x1e\xc8\xee\x53\x86\x9f\x1a\xc1\xc8\x18" + "\x23\x87\xee\x0d\x6c\xfe\xf6\x53\xff\x8b\xf6\x05\xf1\x47\x04\xb7" + "\x1b\xeb\x65\x53\xf2\x81\xfa\x75\x69\x48\xc4\x38\x49\x4b\x19\xb4" + "\xee\x69\xa5\x43\x6b\x22\x2b\xc9\x88\xed\xa4\xac\x60\x00\x24\xc9", + 0, 512, }, + { 0 } }; gcry_error_t err; int i; @@ -5950,7 +6343,7 @@ check_digests (void) check_one_md (algos[i].md, algos[i].data, algos[i].datalen > 0 ? algos[i].datalen : strlen (algos[i].data), - algos[i].expect); + algos[i].expect, algos[i].expectlen); check_one_md_multi (algos[i].md, algos[i].data, algos[i].datalen > 0 ? algos[i].datalen : strlen (algos[i].data), diff --git a/tests/bench-slope.c b/tests/bench-slope.c index 2679556..3a2aa38 100644 --- a/tests/bench-slope.c +++ b/tests/bench-slope.c @@ -1651,6 +1651,12 @@ kdf_bench_one (int algo, int subalgo) return; } + if (gcry_md_get_algo_dlen (subalgo) == 0) + { + /* Skip XOFs */ + return; + } + *algo_name = 0; if (algo == GCRY_KDF_PBKDF2) commit 28de6f9e16e386018e81a9cdaee596be7616ccab Author: Jussi Kivilinna Date: Sun Oct 25 18:57:15 2015 +0200 Few updates to documentation * doc/gcrypt.text: Add mention of new 'intel-fast-shld' hw feature flag; Add mention of x86 RDRAND support in rndhw. -- Signed-off-by: Jussi Kivilinna diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index 3450bb2..facdf65 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -556,6 +556,7 @@ are @item padlock-sha @item padlock-mmul @item intel-cpu + at item intel-fast-shld @item intel-bmi2 @item intel-ssse3 @item intel-pclmul @@ -5610,9 +5611,9 @@ that system and is the only gathering module available for that OS. @item rndhw Extra module to collect additional entropy by utilizing a hardware -random number generator. As of now the only supported hardware RNG is -the Padlock engine of VIA (Centaur) CPUs. It is not available in FIPS -mode. +random number generator. As of now the supported hardware RNG is +the Padlock engine of VIA (Centaur) CPUs and x86 CPUs with the RDRAND +instruction. It is not available in FIPS mode. @end table commit 92ad19873562cfce7bcc4a0b5aed8195d8284cfc Author: Jussi Kivilinna Date: Sun Oct 25 17:59:33 2015 +0200 Add HMAC-SHA3 test vectors * tests/basic.c (check_mac): Add HMAC_SHA3 test vectors. -- Signed-off-by: Jussi Kivilinna diff --git a/tests/basic.c b/tests/basic.c index 4ea91a9..75ff349 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -6784,6 +6784,169 @@ check_mac (void) "\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44" "\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15" "\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58" }, + /* HMAC-SHA3 test vectors from + * http://wolfgang-ehrhardt.de/hmac-sha3-testvectors.html */ + { GCRY_MAC_HMAC_SHA3_224, + "Hi There", + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d" + "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7" }, + { GCRY_MAC_HMAC_SHA3_256, + "Hi There", + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51" + "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb" }, + { GCRY_MAC_HMAC_SHA3_512, + "Hi There", + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac" + "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba" + "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2" + "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e" }, + { GCRY_MAC_HMAC_SHA3_224, "what do ya want for nothing?", "Jefe", + "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11" + "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66" }, + { GCRY_MAC_HMAC_SHA3_256, "what do ya want for nothing?", "Jefe", + "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87" + "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5" }, + { GCRY_MAC_HMAC_SHA3_384, "what do ya want for nothing?", "Jefe", + "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21" + "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce" + "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a" }, + { GCRY_MAC_HMAC_SHA3_512, "what do ya want for nothing?", "Jefe", + "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83" + "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b" + "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e" + "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24" }, + { GCRY_MAC_HMAC_SHA3_224, + "Test Using Larger Than Block-Size Key - Hash Key First", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa", + "\xb9\x6d\x73\x0c\x14\x8c\x2d\xaa\xd8\x64\x9d\x83\xde\xfa\xa3\x71" + "\x97\x38\xd3\x47\x75\x39\x7b\x75\x71\xc3\x85\x15" }, + { GCRY_MAC_HMAC_SHA3_256, + "Test Using Larger Than Block-Size Key - Hash Key First", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa", + "\xa6\x07\x2f\x86\xde\x52\xb3\x8b\xb3\x49\xfe\x84\xcd\x6d\x97\xfb" + "\x6a\x37\xc4\xc0\xf6\x2a\xae\x93\x98\x11\x93\xa7\x22\x9d\x34\x67" }, + { GCRY_MAC_HMAC_SHA3_384, + "Test Using Larger Than Block-Size Key - Hash Key First", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa", + "\x71\x3d\xff\x03\x02\xc8\x50\x86\xec\x5a\xd0\x76\x8d\xd6\x5a\x13" + "\xdd\xd7\x90\x68\xd8\xd4\xc6\x21\x2b\x71\x2e\x41\x64\x94\x49\x11" + "\x14\x80\x23\x00\x44\x18\x5a\x99\x10\x3e\xd8\x20\x04\xdd\xbf\xcc" }, + { GCRY_MAC_HMAC_SHA3_512, + "Test Using Larger Than Block-Size Key - Hash Key First", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa", + "\xb1\x48\x35\xc8\x19\xa2\x90\xef\xb0\x10\xac\xe6\xd8\x56\x8d\xc6" + "\xb8\x4d\xe6\x0b\xc4\x9b\x00\x4c\x3b\x13\xed\xa7\x63\x58\x94\x51" + "\xe5\xdd\x74\x29\x28\x84\xd1\xbd\xce\x64\xe6\xb9\x19\xdd\x61\xdc" + "\x9c\x56\xa2\x82\xa8\x1c\x0b\xd1\x4f\x1f\x36\x5b\x49\xb8\x3a\x5b" }, + { GCRY_MAC_HMAC_SHA3_224, + "This is a test using a larger than block-size key and a larger " + "than block-size data. The key needs to be hashed before being " + "used by the HMAC algorithm.", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa", + "\xc7\x9c\x9b\x09\x34\x24\xe5\x88\xa9\x87\x8b\xbc\xb0\x89\xe0\x18" + "\x27\x00\x96\xe9\xb4\xb1\xa9\xe8\x22\x0c\x86\x6a" }, + { GCRY_MAC_HMAC_SHA3_256, + "This is a test using a larger than block-size key and a larger " + "than block-size data. The key needs to be hashed before being " + "used by the HMAC algorithm.", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa", + "\xe6\xa3\x6d\x9b\x91\x5f\x86\xa0\x93\xca\xc7\xd1\x10\xe9\xe0\x4c" + "\xf1\xd6\x10\x0d\x30\x47\x55\x09\xc2\x47\x5f\x57\x1b\x75\x8b\x5a" }, + { GCRY_MAC_HMAC_SHA3_384, + "This is a test using a larger than block-size key and a larger " + "than block-size data. The key needs to be hashed before being " + "used by the HMAC algorithm.", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa", + "\xca\xd1\x8a\x8f\xf6\xc4\xcc\x3a\xd4\x87\xb9\x5f\x97\x69\xe9\xb6" + "\x1c\x06\x2a\xef\xd6\x95\x25\x69\xe6\xe6\x42\x18\x97\x05\x4c\xfc" + "\x70\xb5\xfd\xc6\x60\x5c\x18\x45\x71\x12\xfc\x6a\xaa\xd4\x55\x85" }, + { GCRY_MAC_HMAC_SHA3_512, + "This is a test using a larger than block-size key and a larger " + "than block-size data. The key needs to be hashed before being " + "used by the HMAC algorithm.", + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa", + "\xdc\x03\x0e\xe7\x88\x70\x34\xf3\x2c\xf4\x02\xdf\x34\x62\x2f\x31" + "\x1f\x3e\x6c\xf0\x48\x60\xc6\xbb\xd7\xfa\x48\x86\x74\x78\x2b\x46" + "\x59\xfd\xbd\xf3\xfd\x87\x78\x52\x88\x5c\xfe\x6e\x22\x18\x5f\xe7" + "\xb2\xee\x95\x20\x43\x62\x9b\xc9\xd5\xf3\x29\x8a\x41\xd0\x2c\x66" }, /* CMAC AES and DES test vectors from http://web.archive.org/web/20130930212819/http://csrc.nist.gov/publica\ tions/nistpubs/800-38B/Updated_CMAC_Examples.pdf */ commit 577dc2b63ceca6a8a716256d034ea4e7414f65fa Author: Jussi Kivilinna Date: Sun Oct 25 14:50:41 2015 +0200 md: add variable length output interface * cipher/crc.c (_gcry_digest_spec_crc32) (_gcry_digest_spec_crc32_rfc1510, _gcry_digest_spec_crc24_rfc2440): Set 'extract' NULL. * cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_94) (_gcry_digest_spec_gost3411_cp): Ditto. * cipher/keccak.c (_gcry_digest_spec_sha3_224) (_gcry_digest_spec_sha3_256, _gcry_digest_spec_sha3_384) (_gcry_digest_spec_sha3_512): Ditto. * cipher/md2.c (_gcry_digest_spec_md2): Ditto. * cipher/md4.c (_gcry_digest_spec_md4): Ditto. * cipher/md5.c (_gcry_digest_spec_md5): Ditto. * cipher/rmd160.c (_gcry_digest_spec_rmd160): Ditto. * cipher/sha1.c (_gcry_digest_spec_sha1): Ditto. * cipher/sha256.c (_gcry_digest_spec_sha224) (_gcry_digest_spec_sha256): Ditto. * cipher/sha512.c (_gcry_digest_spec_sha384) (_gcry_digest_spec_sha512): Ditto. * cipher/stribog.c (_gcry_digest_spec_stribog_256) (_gcry_digest_spec_stribog_512): Ditto. * cipher/tiger.c (_gcry_digest_spec_tiger) (_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): Ditto. * cipher/whirlpool.c (_gcry_digest_spec_whirlpool): Ditto. * cipher/md.c (md_enable): Do not allow combination of HMAC and 'expandable-output function'. (md_final): Check if spec->read is NULL before calling. (md_read): Ditto. (md_extract, _gcry_md_extract): New. * doc/gcrypt.texi: Add SHA3 algorithms and gcry_md_extract. * src/cipher-proto.h (gcry_md_extract_t): New. (gcry_md_spec_t): Add 'extract'. * src/gcrypt-int.g (_gcry_md_extract): New. * src/gcrypt.h.in (gcry_md_extract): New. * src/libgcrypt.def: Add gcry_md_extract. * src/libgcrypt.vers: Add gcry_md_extract. * src/visibility.c (gcry_md_extract): New. * src/visibility.h (gcry_md_extract): New. -- Patch adds new interface for reading output from 'expandable-output function' MD algorithms that can give variable length output (ie. SHAKE algorithms from FIPS-202). New function to read output is gpg_error_t gcry_md_extract(gcry_md_hd_t md, int algo, void *buffer, size_t length); Function implicitly finalizes algorithm so that no new input can be given. Subsequents calls of the function return more output bytes from the algorithm. Signed-off-by: Jussi Kivilinna diff --git a/cipher/crc.c b/cipher/crc.c index 9105dfe..46a185a 100644 --- a/cipher/crc.c +++ b/cipher/crc.c @@ -785,7 +785,7 @@ gcry_md_spec_t _gcry_digest_spec_crc32 = { GCRY_MD_CRC32, {0, 1}, "CRC32", NULL, 0, NULL, 4, - crc32_init, crc32_write, crc32_final, crc32_read, + crc32_init, crc32_write, crc32_final, crc32_read, NULL, sizeof (CRC_CONTEXT) }; @@ -793,8 +793,7 @@ gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510 = { GCRY_MD_CRC32_RFC1510, {0, 1}, "CRC32RFC1510", NULL, 0, NULL, 4, - crc32rfc1510_init, crc32_write, - crc32rfc1510_final, crc32_read, + crc32rfc1510_init, crc32_write, crc32rfc1510_final, crc32_read, NULL, sizeof (CRC_CONTEXT) }; @@ -802,7 +801,6 @@ gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440 = { GCRY_MD_CRC24_RFC2440, {0, 1}, "CRC24RFC2440", NULL, 0, NULL, 3, - crc24rfc2440_init, crc24rfc2440_write, - crc24rfc2440_final, crc32_read, + crc24rfc2440_init, crc24rfc2440_write, crc24rfc2440_final, crc32_read, NULL, sizeof (CRC_CONTEXT) }; diff --git a/cipher/gostr3411-94.c b/cipher/gostr3411-94.c index 7b16e61..a782427 100644 --- a/cipher/gostr3411-94.c +++ b/cipher/gostr3411-94.c @@ -343,13 +343,13 @@ gcry_md_spec_t _gcry_digest_spec_gost3411_94 = { GCRY_MD_GOSTR3411_94, {0, 0}, "GOSTR3411_94", NULL, 0, NULL, 32, - gost3411_init, _gcry_md_block_write, gost3411_final, gost3411_read, + gost3411_init, _gcry_md_block_write, gost3411_final, gost3411_read, NULL, sizeof (GOSTR3411_CONTEXT) }; gcry_md_spec_t _gcry_digest_spec_gost3411_cp = { GCRY_MD_GOSTR3411_CP, {0, 0}, "GOSTR3411_CP", asn, DIM (asn), oid_spec_gostr3411, 32, - gost3411_cp_init, _gcry_md_block_write, gost3411_final, gost3411_read, + gost3411_cp_init, _gcry_md_block_write, gost3411_final, gost3411_read, NULL, sizeof (GOSTR3411_CONTEXT) }; diff --git a/cipher/keccak.c b/cipher/keccak.c index 3a72294..d46d9cb 100644 --- a/cipher/keccak.c +++ b/cipher/keccak.c @@ -927,7 +927,7 @@ gcry_md_spec_t _gcry_digest_spec_sha3_224 = { GCRY_MD_SHA3_224, {0, 1}, "SHA3-224", sha3_224_asn, DIM (sha3_224_asn), oid_spec_sha3_224, 28, - sha3_224_init, keccak_write, keccak_final, keccak_read, + sha3_224_init, keccak_write, keccak_final, keccak_read, NULL, sizeof (KECCAK_CONTEXT), run_selftests }; @@ -935,7 +935,7 @@ gcry_md_spec_t _gcry_digest_spec_sha3_256 = { GCRY_MD_SHA3_256, {0, 1}, "SHA3-256", sha3_256_asn, DIM (sha3_256_asn), oid_spec_sha3_256, 32, - sha3_256_init, keccak_write, keccak_final, keccak_read, + sha3_256_init, keccak_write, keccak_final, keccak_read, NULL, sizeof (KECCAK_CONTEXT), run_selftests }; @@ -943,7 +943,7 @@ gcry_md_spec_t _gcry_digest_spec_sha3_384 = { GCRY_MD_SHA3_384, {0, 1}, "SHA3-384", sha3_384_asn, DIM (sha3_384_asn), oid_spec_sha3_384, 48, - sha3_384_init, keccak_write, keccak_final, keccak_read, + sha3_384_init, keccak_write, keccak_final, keccak_read, NULL, sizeof (KECCAK_CONTEXT), run_selftests }; @@ -951,7 +951,7 @@ gcry_md_spec_t _gcry_digest_spec_sha3_512 = { GCRY_MD_SHA3_512, {0, 1}, "SHA3-512", sha3_512_asn, DIM (sha3_512_asn), oid_spec_sha3_512, 64, - sha3_512_init, keccak_write, keccak_final, keccak_read, + sha3_512_init, keccak_write, keccak_final, keccak_read, NULL, sizeof (KECCAK_CONTEXT), run_selftests }; diff --git a/cipher/md.c b/cipher/md.c index 948d269..6ef8fee 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -408,6 +408,12 @@ md_enable (gcry_md_hd_t hd, int algorithm) } } + if (!err && h->flags.hmac && spec->read == NULL) + { + /* Expandable output function cannot act as part of HMAC. */ + err = GPG_ERR_DIGEST_ALGO; + } + if (!err) { size_t size = (sizeof (*entry) @@ -638,11 +644,16 @@ md_final (gcry_md_hd_t a) for (r = a->ctx->list; r; r = r->next) { - byte *p = r->spec->read (&r->context.c); + byte *p; size_t dlen = r->spec->mdlen; byte *hash; gcry_err_code_t err; + if (r->spec->read == NULL) + continue; + + p = r->spec->read (&r->context.c); + if (a->ctx->flags.secure) hash = xtrymalloc_secure (dlen); else @@ -821,6 +832,8 @@ md_read( gcry_md_hd_t a, int algo ) { if (r->next) log_debug ("more than one algorithm in md_read(0)\n"); + if (r->spec->read == NULL) + return NULL; return r->spec->read (&r->context.c); } } @@ -828,7 +841,11 @@ md_read( gcry_md_hd_t a, int algo ) { for (r = a->ctx->list; r; r = r->next) if (r->spec->algo == algo) - return r->spec->read (&r->context.c); + { + if (r->spec->read == NULL) + return NULL; + return r->spec->read (&r->context.c); + } } BUG(); return NULL; @@ -850,6 +867,52 @@ _gcry_md_read (gcry_md_hd_t hd, int algo) } +/**************** + * If ALGO is null get the digest for the used algo (which should be + * only one) + */ +static gcry_err_code_t +md_extract(gcry_md_hd_t a, int algo, void *out, size_t outlen) +{ + GcryDigestEntry *r = a->ctx->list; + + if (!algo) + { + /* Return the first algorithm */ + if (r && r->spec->extract) + { + if (r->next) + log_debug ("more than one algorithm in md_extract(0)\n"); + r->spec->extract (&r->context.c, out, outlen); + return 0; + } + } + else + { + for (r = a->ctx->list; r; r = r->next) + if (r->spec->algo == algo && r->spec->extract) + { + r->spec->extract (&r->context.c, out, outlen); + return 0; + } + } + + return GPG_ERR_DIGEST_ALGO; +} + + +/* + * Expand the output from XOF class digest, this function implictly finalizes + * the hash. + */ +gcry_err_code_t +_gcry_md_extract (gcry_md_hd_t hd, int algo, void *out, size_t outlen) +{ + _gcry_md_ctl (hd, GCRYCTL_FINALIZE, NULL, 0); + return md_extract (hd, algo, out, outlen); +} + + /* * Read out an intermediate digest. Not yet functional. */ diff --git a/cipher/md2.c b/cipher/md2.c index 97682e5..e339b28 100644 --- a/cipher/md2.c +++ b/cipher/md2.c @@ -177,6 +177,6 @@ gcry_md_spec_t _gcry_digest_spec_md2 = { GCRY_MD_MD2, {0, 0}, "MD2", asn, DIM (asn), oid_spec_md2, 16, - md2_init, _gcry_md_block_write, md2_final, md2_read, + md2_init, _gcry_md_block_write, md2_final, md2_read, NULL, sizeof (MD2_CONTEXT) }; diff --git a/cipher/md4.c b/cipher/md4.c index c9b4154..afa6382 100644 --- a/cipher/md4.c +++ b/cipher/md4.c @@ -286,6 +286,6 @@ gcry_md_spec_t _gcry_digest_spec_md4 = { GCRY_MD_MD4, {0, 0}, "MD4", asn, DIM (asn), oid_spec_md4,16, - md4_init, _gcry_md_block_write, md4_final, md4_read, + md4_init, _gcry_md_block_write, md4_final, md4_read, NULL, sizeof (MD4_CONTEXT) }; diff --git a/cipher/md5.c b/cipher/md5.c index f17af7a..66cc5f6 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -312,6 +312,6 @@ gcry_md_spec_t _gcry_digest_spec_md5 = { GCRY_MD_MD5, {0, 1}, "MD5", asn, DIM (asn), oid_spec_md5, 16, - md5_init, _gcry_md_block_write, md5_final, md5_read, + md5_init, _gcry_md_block_write, md5_final, md5_read, NULL, sizeof (MD5_CONTEXT) }; diff --git a/cipher/rmd160.c b/cipher/rmd160.c index 2695db2..cf7531e 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -526,6 +526,6 @@ gcry_md_spec_t _gcry_digest_spec_rmd160 = { GCRY_MD_RMD160, {0, 0}, "RIPEMD160", asn, DIM (asn), oid_spec_rmd160, 20, - rmd160_init, _gcry_md_block_write, rmd160_final, rmd160_read, + rmd160_init, _gcry_md_block_write, rmd160_final, rmd160_read, NULL, sizeof (RMD160_CONTEXT) }; diff --git a/cipher/sha1.c b/cipher/sha1.c index 554d55c..0de8412 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -573,7 +573,7 @@ gcry_md_spec_t _gcry_digest_spec_sha1 = { GCRY_MD_SHA1, {0, 1}, "SHA1", asn, DIM (asn), oid_spec_sha1, 20, - sha1_init, _gcry_md_block_write, sha1_final, sha1_read, + sha1_init, _gcry_md_block_write, sha1_final, sha1_read, NULL, sizeof (SHA1_CONTEXT), run_selftests }; diff --git a/cipher/sha256.c b/cipher/sha256.c index 63869d5..bc326e0 100644 --- a/cipher/sha256.c +++ b/cipher/sha256.c @@ -633,7 +633,7 @@ gcry_md_spec_t _gcry_digest_spec_sha224 = { GCRY_MD_SHA224, {0, 1}, "SHA224", asn224, DIM (asn224), oid_spec_sha224, 28, - sha224_init, _gcry_md_block_write, sha256_final, sha256_read, + sha224_init, _gcry_md_block_write, sha256_final, sha256_read, NULL, sizeof (SHA256_CONTEXT), run_selftests }; @@ -642,7 +642,7 @@ gcry_md_spec_t _gcry_digest_spec_sha256 = { GCRY_MD_SHA256, {0, 1}, "SHA256", asn256, DIM (asn256), oid_spec_sha256, 32, - sha256_init, _gcry_md_block_write, sha256_final, sha256_read, + sha256_init, _gcry_md_block_write, sha256_final, sha256_read, NULL, sizeof (SHA256_CONTEXT), run_selftests }; diff --git a/cipher/sha512.c b/cipher/sha512.c index 4be1cab..1196db9 100644 --- a/cipher/sha512.c +++ b/cipher/sha512.c @@ -877,7 +877,7 @@ gcry_md_spec_t _gcry_digest_spec_sha512 = { GCRY_MD_SHA512, {0, 1}, "SHA512", sha512_asn, DIM (sha512_asn), oid_spec_sha512, 64, - sha512_init, _gcry_md_block_write, sha512_final, sha512_read, + sha512_init, _gcry_md_block_write, sha512_final, sha512_read, NULL, sizeof (SHA512_CONTEXT), run_selftests }; @@ -903,7 +903,7 @@ gcry_md_spec_t _gcry_digest_spec_sha384 = { GCRY_MD_SHA384, {0, 1}, "SHA384", sha384_asn, DIM (sha384_asn), oid_spec_sha384, 48, - sha384_init, _gcry_md_block_write, sha512_final, sha512_read, + sha384_init, _gcry_md_block_write, sha512_final, sha512_read, NULL, sizeof (SHA512_CONTEXT), run_selftests }; diff --git a/cipher/stribog.c b/cipher/stribog.c index de167a7..7f38e6f 100644 --- a/cipher/stribog.c +++ b/cipher/stribog.c @@ -1326,6 +1326,7 @@ gcry_md_spec_t _gcry_digest_spec_stribog_256 = GCRY_MD_STRIBOG256, {0, 0}, "STRIBOG256", NULL, 0, NULL, 32, stribog_init_256, _gcry_md_block_write, stribog_final, stribog_read_256, + NULL, sizeof (STRIBOG_CONTEXT) }; @@ -1334,5 +1335,6 @@ gcry_md_spec_t _gcry_digest_spec_stribog_512 = GCRY_MD_STRIBOG512, {0, 0}, "STRIBOG512", NULL, 0, NULL, 64, stribog_init_512, _gcry_md_block_write, stribog_final, stribog_read_512, + NULL, sizeof (STRIBOG_CONTEXT) }; diff --git a/cipher/tiger.c b/cipher/tiger.c index 8a08953..078133a 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -840,7 +840,7 @@ gcry_md_spec_t _gcry_digest_spec_tiger = { GCRY_MD_TIGER, {0, 0}, "TIGER192", NULL, 0, NULL, 24, - tiger_init, _gcry_md_block_write, tiger_final, tiger_read, + tiger_init, _gcry_md_block_write, tiger_final, tiger_read, NULL, sizeof (TIGER_CONTEXT) }; @@ -863,7 +863,7 @@ gcry_md_spec_t _gcry_digest_spec_tiger1 = { GCRY_MD_TIGER1, {0, 0}, "TIGER", asn1, DIM (asn1), oid_spec_tiger1, 24, - tiger1_init, _gcry_md_block_write, tiger_final, tiger_read, + tiger1_init, _gcry_md_block_write, tiger_final, tiger_read, NULL, sizeof (TIGER_CONTEXT) }; @@ -874,7 +874,7 @@ gcry_md_spec_t _gcry_digest_spec_tiger2 = { GCRY_MD_TIGER2, {0, 0}, "TIGER2", NULL, 0, NULL, 24, - tiger2_init, _gcry_md_block_write, tiger_final, tiger_read, + tiger2_init, _gcry_md_block_write, tiger_final, tiger_read, NULL, sizeof (TIGER_CONTEXT) }; diff --git a/cipher/whirlpool.c b/cipher/whirlpool.c index 5f224a1..8a06939 100644 --- a/cipher/whirlpool.c +++ b/cipher/whirlpool.c @@ -1525,6 +1525,6 @@ gcry_md_spec_t _gcry_digest_spec_whirlpool = { GCRY_MD_WHIRLPOOL, {0, 0}, "WHIRLPOOL", NULL, 0, NULL, 64, - whirlpool_init, whirlpool_write, whirlpool_final, whirlpool_read, + whirlpool_init, whirlpool_write, whirlpool_final, whirlpool_read, NULL, sizeof (whirlpool_context_t) }; diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi index f13695a..3450bb2 100644 --- a/doc/gcrypt.texi +++ b/doc/gcrypt.texi @@ -3036,6 +3036,7 @@ are also supported. @c begin table of hash algorithms @cindex SHA-1 @cindex SHA-224, SHA-256, SHA-384, SHA-512 + at cindex SHA3-224, SHA3-256, SHA3-384, SHA3-512 @cindex RIPE-MD-160 @cindex MD2, MD4, MD5 @cindex TIGER, TIGER1, TIGER2 @@ -3108,6 +3109,22 @@ See FIPS 180-2 for the specification. This is the SHA-384 algorithm which yields a message digest of 64 bytes. See FIPS 180-2 for the specification. + at item GCRY_MD_SHA3_224 +This is the SHA3-224 algorithm which yields a message digest of 28 bytes. +See FIPS 202 for the specification. + + at item GCRY_MD_SHA3_256 +This is the SHA3-256 algorithm which yields a message digest of 32 bytes. +See FIPS 202 for the specification. + + at item GCRY_MD_SHA3_384 +This is the SHA3-384 algorithm which yields a message digest of 48 bytes. +See FIPS 202 for the specification. + + at item GCRY_MD_SHA3_512 +This is the SHA3-384 algorithm which yields a message digest of 64 bytes. +See FIPS 202 for the specification. + @item GCRY_MD_CRC32 This is the ISO 3309 and ITU-T V.42 cyclic redundancy check. It yields an output of 4 bytes. Note that this is not a hash algorithm in the @@ -3170,11 +3187,12 @@ this is the hashed data is highly confidential. @item GCRY_MD_FLAG_HMAC @cindex HMAC Turn the algorithm into a HMAC message authentication algorithm. This -only works if just one algorithm is enabled for the handle. Note that -the function @code{gcry_md_setkey} must be used to set the MAC key. -The size of the MAC is equal to the message digest of the underlying -hash algorithm. If you want CBC message authentication codes based on -a cipher, see @xref{Working with cipher handles}. +only works if just one algorithm is enabled for the handle and that +algorithm is not an extendable-output function. Note that the function + at code{gcry_md_setkey} must be used to set the MAC key. The size of the +MAC is equal to the message digest of the underlying hash algorithm. +If you want CBC message authentication codes based on a cipher, +see @xref{Working with cipher handles}. @item GCRY_MD_FLAG_BUGEMU1 @cindex bug emulation @@ -3293,9 +3311,9 @@ message digest or some padding. @deftypefun void gcry_md_final (gcry_md_hd_t @var{h}) Finalize the message digest calculation. This is not really needed -because @code{gcry_md_read} does this implicitly. After this has been -done no further updates (by means of @code{gcry_md_write} or - at code{gcry_md_putc} should be done; However, to mitigate timing +because @code{gcry_md_read} and @code{gcry_md_extract} do this implicitly. +After this has been done no further updates (by means of @code{gcry_md_write} +or @code{gcry_md_putc} should be done; However, to mitigate timing attacks it is sometimes useful to keep on updating the context after having stored away the actual digest. Only the first call to this function has an effect. It is implemented as a macro. @@ -3318,6 +3336,22 @@ The function does return @code{NULL} if the requested algorithm has not been enabled. @end deftypefun +The way to read output of extendable-output function is by using the +function: + + at deftypefun gpg_err_code_t gcry_md_extract (gcry_md_hd_t @var{h}, @ + int @var{algo}, void *@var{buffer}, size_t @var{length}) + + at code{gcry_mac_read} returns output from extendable-output function. +This function may be used as often as required to generate more output +byte stream from the algorithm. Function extracts the new output bytes +to @var{buffer} of the length @var{length}. Buffer will be fully +populated with new output. @var{algo} may be given as 0 to return the only +enabled message digest or it may specify one of the enabled algorithms. +The function does return non-zero value if the requested algorithm has not +been enabled. + at end deftypefun + Because it is often necessary to get the message digest of blocks of memory, two fast convenience function are available for this task: @@ -3493,6 +3527,7 @@ provided by Libgcrypt. @c begin table of MAC algorithms @cindex HMAC-SHA-1 @cindex HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 + at cindex HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 @cindex HMAC-RIPE-MD-160 @cindex HMAC-MD2, HMAC-MD4, HMAC-MD5 @cindex HMAC-TIGER1 @@ -3520,6 +3555,22 @@ algorithm. This is HMAC message authentication algorithm based on the SHA-384 hash algorithm. + at item GCRY_MAC_HMAC_SHA3_256 +This is HMAC message authentication algorithm based on the SHA3-384 hash +algorithm. + + at item GCRY_MAC_HMAC_SHA3_224 +This is HMAC message authentication algorithm based on the SHA3-224 hash +algorithm. + + at item GCRY_MAC_HMAC_SHA3_512 +This is HMAC message authentication algorithm based on the SHA3-512 hash +algorithm. + + at item GCRY_MAC_HMAC_SHA3_384 +This is HMAC message authentication algorithm based on the SHA3-384 hash +algorithm. + @item GCRY_MAC_HMAC_SHA1 This is HMAC message authentication algorithm based on the SHA-1 hash algorithm. diff --git a/src/cipher-proto.h b/src/cipher-proto.h index 8267791..3bca9c7 100644 --- a/src/cipher-proto.h +++ b/src/cipher-proto.h @@ -215,6 +215,9 @@ typedef void (*gcry_md_final_t) (void *c); /* Type for the md_read function. */ typedef unsigned char *(*gcry_md_read_t) (void *c); +/* Type for the md_extract function. */ +typedef void (*gcry_md_extract_t) (void *c, void *outbuf, size_t nbytes); + typedef struct gcry_md_oid_spec { const char *oidstring; @@ -237,6 +240,7 @@ typedef struct gcry_md_spec gcry_md_write_t write; gcry_md_final_t final; gcry_md_read_t read; + gcry_md_extract_t extract; size_t contextsize; /* allocate this amount of context */ selftest_func_t selftest; } gcry_md_spec_t; diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h index 8014d61..d367307 100644 --- a/src/gcrypt-int.h +++ b/src/gcrypt-int.h @@ -129,6 +129,8 @@ gpg_err_code_t _gcry_md_ctl (gcry_md_hd_t hd, int cmd, void *buffer, size_t buflen); void _gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length); unsigned char *_gcry_md_read (gcry_md_hd_t hd, int algo); +gpg_error_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, + size_t length); void _gcry_md_hash_buffer (int algo, void *digest, const void *buffer, size_t length); gpg_err_code_t _gcry_md_hash_buffers (int algo, unsigned int flags, diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 585da6a..39be37a 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -473,7 +473,7 @@ char *gcry_sexp_nth_string (gcry_sexp_t list, int number); value can't be converted to an MPI, `NULL' is returned. */ gcry_mpi_t gcry_sexp_nth_mpi (gcry_sexp_t list, int number, int mpifmt); -/* Convenience fucntion to extract parameters from an S-expression +/* Convenience function to extract parameters from an S-expression * using a list of single letter parameters. */ gpg_error_t gcry_sexp_extract_param (gcry_sexp_t sexp, const char *path, @@ -1170,7 +1170,7 @@ enum gcry_md_algos GCRY_MD_GOSTR3411_94 = 308, /* GOST R 34.11-94. */ GCRY_MD_STRIBOG256 = 309, /* GOST R 34.11-2012, 256 bit. */ GCRY_MD_STRIBOG512 = 310, /* GOST R 34.11-2012, 512 bit. */ - GCRY_MD_GOSTR3411_CP = 311, /* GOST R 34.11-94 with CryptoPro-A S-Box. */ + GCRY_MD_GOSTR3411_CP = 311, /* GOST R 34.11-94 with CryptoPro-A S-Box. */ GCRY_MD_SHA3_224 = 312, GCRY_MD_SHA3_256 = 313, GCRY_MD_SHA3_384 = 314, @@ -1239,6 +1239,11 @@ void gcry_md_write (gcry_md_hd_t hd, const void *buffer, size_t length); algorithm ALGO. */ unsigned char *gcry_md_read (gcry_md_hd_t hd, int algo); +/* Read more output from algorithm ALGO to BUFFER of size LENGTH from + * digest object HD. Algorithm needs to be 'expendable-output function'. */ +gpg_error_t gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, + size_t length); + /* Convenience function to calculate the hash from the data in BUFFER of size LENGTH using the algorithm ALGO avoiding the creating of a hash object. The hash is returned in the caller provided buffer diff --git a/src/libgcrypt.def b/src/libgcrypt.def index 924f17f..f3e074b 100644 --- a/src/libgcrypt.def +++ b/src/libgcrypt.def @@ -278,5 +278,6 @@ EXPORTS gcry_mpi_ec_sub @244 + gcry_md_extract @245 ;; end of file with public symbols for Windows. diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers index 7e8df3f..5b3d419 100644 --- a/src/libgcrypt.vers +++ b/src/libgcrypt.vers @@ -41,7 +41,7 @@ GCRYPT_1.6 { gcry_md_get_algo; gcry_md_get_algo_dlen; gcry_md_hash_buffer; gcry_md_hash_buffers; gcry_md_info; gcry_md_is_enabled; gcry_md_is_secure; - gcry_md_map_name; gcry_md_open; gcry_md_read; + gcry_md_map_name; gcry_md_open; gcry_md_read; gcry_md_extract; gcry_md_reset; gcry_md_setkey; gcry_md_write; gcry_md_debug; diff --git a/src/visibility.c b/src/visibility.c index cbf24e7..23a2705 100644 --- a/src/visibility.c +++ b/src/visibility.c @@ -1165,6 +1165,12 @@ gcry_md_read (gcry_md_hd_t hd, int algo) return _gcry_md_read (hd, algo); } +gcry_err_code_t +gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer, size_t length) +{ + return _gcry_md_extract(hd, algo, buffer, length); +} + void gcry_md_hash_buffer (int algo, void *digest, const void *buffer, size_t length) diff --git a/src/visibility.h b/src/visibility.h index fa3c763..bb25de0 100644 --- a/src/visibility.h +++ b/src/visibility.h @@ -110,6 +110,7 @@ MARK_VISIBLEX (gcry_md_is_secure) MARK_VISIBLEX (gcry_md_map_name) MARK_VISIBLEX (gcry_md_open) MARK_VISIBLEX (gcry_md_read) +MARK_VISIBLEX (gcry_md_extract) MARK_VISIBLEX (gcry_md_reset) MARK_VISIBLEX (gcry_md_setkey) MARK_VISIBLEX (gcry_md_write) @@ -374,6 +375,7 @@ MARK_VISIBLEX (_gcry_mpi_get_const) #define gcry_md_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_md_open _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_md_read _gcry_USE_THE_UNDERSCORED_FUNCTION +#define gcry_md_extract _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_md_reset _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_md_setkey _gcry_USE_THE_UNDERSCORED_FUNCTION #define gcry_md_write _gcry_USE_THE_UNDERSCORED_FUNCTION commit cee2e122ec6c1886957a8d47498eb63a6a921725 Author: Jussi Kivilinna Date: Sun Oct 25 15:11:14 2015 +0200 md: check hmac flag in prepare_macpads * cipher/md.c (prepare_macpads): Check hmac flag. -- Signed-off-by: Jussi Kivilinna diff --git a/cipher/md.c b/cipher/md.c index c6bf90d..948d269 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -671,6 +671,9 @@ prepare_macpads (gcry_md_hd_t a, const unsigned char *key, size_t keylen) if (!a->ctx->list) return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */ + if (!a->ctx->flags.hmac) + return GPG_ERR_DIGEST_ALGO; /* Tried setkey for non-HMAC md. */ + for (r = a->ctx->list; r; r = r->next) { const unsigned char *k; ----------------------------------------------------------------------- Summary of changes: cipher/crc.c | 8 +- cipher/gostr3411-94.c | 4 +- cipher/hash-common.c | 28 ++- cipher/keccak.c | 283 +++++++++++++++++++++--- cipher/md.c | 72 ++++++- cipher/md2.c | 2 +- cipher/md4.c | 2 +- cipher/md5.c | 2 +- cipher/rmd160.c | 2 +- cipher/sha1.c | 2 +- cipher/sha256.c | 4 +- cipher/sha512.c | 4 +- cipher/stribog.c | 2 + cipher/tiger.c | 6 +- cipher/whirlpool.c | 2 +- doc/gcrypt.texi | 84 +++++++- src/cipher-proto.h | 4 + src/cipher.h | 2 + src/gcrypt-int.h | 2 + src/gcrypt.h.in | 13 +- src/libgcrypt.def | 1 + src/libgcrypt.vers | 2 +- src/visibility.c | 6 + src/visibility.h | 2 + tests/basic.c | 586 ++++++++++++++++++++++++++++++++++++++++++++++++-- tests/bench-slope.c | 6 + 26 files changed, 1040 insertions(+), 91 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 2 06:40:14 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 02 Nov 2015 06:40:14 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-93-g06f3ead Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 06f3eadb22986d9ebde9efff2794eb1d45d6c6d4 (commit) from 18cd09246f5dcddcafb8662afd84fa046e36de3f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 06f3eadb22986d9ebde9efff2794eb1d45d6c6d4 Author: NIIBE Yutaka Date: Mon Nov 2 14:33:38 2015 +0900 g10: notify a user when importing stub is skipped. * g10/import.c (transfer_secret_keys): Return GPG_ERR_NOT_PROCESSED when stub_key_skipped. (import_secret_one): Notify a user, suggesting --card-status. -- Migration to 2.1 might be confusing with smartcard. With this patch, a user can learn to run gpg ---card-status. Thanks to intrigeri for the report. Debian-bug-id: 795881 diff --git a/g10/import.c b/g10/import.c index 048b136..82ccfa7 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1331,6 +1331,7 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, unsigned char *wrappedkey = NULL; size_t wrappedkeylen; char *cache_nonce = NULL; + int stub_key_skipped = 0; /* Get the current KEK. */ err = agent_keywrap_key (ctrl, 0, &kek, &keklen); @@ -1391,7 +1392,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, has been inserted and a stub key is in turn generated by the agent. */ if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002) - continue; + { + stub_key_skipped = 1; + continue; + } /* Convert our internal secret key object into an S-expression. */ nskey = pubkey_get_nskey (pk->pubkey_algo); @@ -1568,6 +1572,10 @@ transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock, } } + if (!err && stub_key_skipped) + /* We need to notify user how to migrate stub keys. */ + err = gpg_error (GPG_ERR_NOT_PROCESSED); + leave: gcry_sexp_release (curve); xfree (cache_nonce); @@ -1757,8 +1765,27 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock, keystr_from_pk (pk)); else { + gpg_error_t err; + nr_prev = stats->secret_imported; - if (!transfer_secret_keys (ctrl, stats, keyblock, batch)) + err = transfer_secret_keys (ctrl, stats, keyblock, batch); + if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED) + { + /* TRANSLATORS: For smarcard, each private key on + host has a reference (stub) to a smartcard and + actual private key data is stored on the card. A + single smartcard can have up to three private key + data. Importing private key stub is always + skipped in 2.1, and it returns + GPG_ERR_NOT_PROCESSED. Instead, user should be + suggested to run 'gpg --card-status', then, + references to a card will be automatically + created again. */ + log_info (_("To migrate secring.gpg, with each smartcard, run:" + "gpg --card-status")); + err = 0; + } + if (!err) { int status = 16; if (!opt.quiet) ----------------------------------------------------------------------- Summary of changes: g10/import.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 2 15:21:34 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 02 Nov 2015 15:21:34 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-81-g7294034 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 7294034592b5bef76dc06be5242e13bf6e39922f (commit) from eb54d1fb786b2944d787ee764f99843bbfab2641 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7294034592b5bef76dc06be5242e13bf6e39922f Author: Andre Heinecke Date: Mon Nov 2 15:16:46 2015 +0100 Fix handling sent and exchange to exchange mails. * src/mail.cpp (Mail::process_message): Always change message class. -- Changing the message class in the before read event causes Outlook to reconsider what it knows about a message and to read information again from the unwrapped basemessage. While this may have a negative impact on performance this fixes the case where Outlook already knows too much about a message because it was either recieved by exchange (and so already had the MAPI properties from GPGOL set) or because it sent the message itself and so also had the GpgOL MAPI properties. diff --git a/src/mail.cpp b/src/mail.cpp index 232183a..baf0cb5 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -99,6 +99,14 @@ Mail::process_message () } log_oom_extra ("%s:%s: GetBaseMessage OK.", SRCNAME, __func__); + /* Change the message class here. It is important that + we change the message class in the before read event + regardless if it is already set to one of GpgOL's message + classes. Changing the message class (even if we set it + to the same value again that it already has) causes + Outlook to reconsider what it "knows" about a message + and reread data from the underlying base message. */ + mapi_change_message_class (message, 1); err = message_incoming_handler (message, NULL, false); m_processed = (err == 1) || (err == 2); ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 2 16:04:53 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 02 Nov 2015 16:04:53 +0100 Subject: [git] gnupg-doc - branch, master, updated. 84666dbfe2fdf6de43a071de4fbd80fee9b0ef3c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 84666dbfe2fdf6de43a071de4fbd80fee9b0ef3c (commit) from 6d5ebbb843ac68a3b280baa78eaf329b55fd980c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 84666dbfe2fdf6de43a071de4fbd80fee9b0ef3c Author: Werner Koch Date: Mon Nov 2 16:00:35 2015 +0100 web: Replace broken link to Russion key signing party Howto. From stargrave at ...: I have hosted its latest known version here: http://www.cypherpunks.ru/KSP.html diff --git a/web/documentation/howtos.org b/web/documentation/howtos.org index cd6b2e6..26b1723 100644 --- a/web/documentation/howtos.org +++ b/web/documentation/howtos.org @@ -87,7 +87,7 @@ [[http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html][en]] ? [[../howtos/es/gpg-party.html][es]] ? [[../howtos/it/keysigning_party.html][it]] ? - [[http://www.cryptnet.net/fdp/crypto/gpg-party/gpg-party.html.ru][ru]] ? + [[http://www.cypherpunks.ru/KSP.html][ru]] ? [[http://www.cryptnet.net/fdp/crypto/gpg-party/gpg-party.si.html][si]] ? [[http://www.cryptnet.net/fdp/crypto/gpg-party/gpg-party.zh-TW.html.big5][zh-TW.big5]] ? [[http://www.cryptnet.net/fdp/crypto/gpg-party/gpg-party.zh-TW.html.euc-tw][zh-TW.euc-tw]] ) ----------------------------------------------------------------------- Summary of changes: web/documentation/howtos.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 2 17:25:58 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 02 Nov 2015 17:25:58 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-83-g4524779 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 452477949fe2f1d8ca36ebbad31c6f3c6607e30e (commit) via 9ea4f4f9993d6cf87c20d75e6de9b65783f268ac (commit) from 7294034592b5bef76dc06be5242e13bf6e39922f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 452477949fe2f1d8ca36ebbad31c6f3c6607e30e Author: Andre Heinecke Date: Mon Nov 2 17:24:15 2015 +0100 Save mailitem on close * src/mail.h (Mail::is_crypto_mail): New. * src/mailitem-events.cpp (EVENT_SINK_INVOKE): Call Save on Close. -- This prevents the "The properties of the message have changed" Dialog but has the side effect that the plain text has to be removed from the mail as the Save will trigger a Write event. diff --git a/src/mail.h b/src/mail.h index fc9ca21..81547cd 100644 --- a/src/mail.h +++ b/src/mail.h @@ -114,6 +114,15 @@ public: * @returns A reference to the utf8 sender address. Or NULL. */ const char *get_sender (); + /** @brief Is this a crypto mail handled by gpgol. + * + * Calling this is only valid after a message has been processed. + * + * @returns true if the mail was either signed or encrypted and we processed + * it. + */ + bool is_crypto_mail () { return m_processed; } + private: LPDISPATCH m_mailitem; LPDISPATCH m_event_sink; diff --git a/src/mailitem-events.cpp b/src/mailitem-events.cpp index 910eabf..5608356 100644 --- a/src/mailitem-events.cpp +++ b/src/mailitem-events.cpp @@ -228,6 +228,13 @@ EVENT_SINK_INVOKE(MailItemEvents) } break; } + case Close: + { + if (m_mail->is_crypto_mail ()) + { + invoke_oom_method (m_object, "Save", NULL); + } + } case Unload: { log_debug ("%s:%s: Removing Mail for message: %p.", commit 9ea4f4f9993d6cf87c20d75e6de9b65783f268ac Author: Andre Heinecke Date: Mon Nov 2 17:22:14 2015 +0100 Add more debug output for msg wipes. * src/mail.cpp (Mail::insert_plaintext): Check if msg already needs wipe and log it. Log plaintext with msg ptr. (Mail::wipe): Log wipe error. diff --git a/src/mail.cpp b/src/mail.cpp index baf0cb5..c5ea30a 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -161,6 +161,13 @@ Mail::insert_plaintext () return 0; } + if (m_needs_wipe) + { + log_error ("%s:%s: Insert plaintext called for msg that needs wipe: %p", + SRCNAME, __func__, m_mailitem); + return 0; + } + /* Outlook somehow is confused about the attachment table of our sent mails. The securemessage interface gives us access to the real attach table but the attachment @@ -175,6 +182,9 @@ Mail::insert_plaintext () err = mapi_get_gpgol_body_attachment (base_message, &body, NULL, &is_html, &was_protected); m_needs_wipe = was_protected; + + log_debug ("%s:%s: Setting plaintext for msg: %p", + SRCNAME, __func__, m_mailitem); if (err || !body) { log_error ("%s:%s: Failed to get body attachment. Err: %i", @@ -285,6 +295,8 @@ Mail::wipe () HTML_TEMPLATE) || protect_attachments (m_mailitem)) { + log_debug ("%s:%s: Failed to wipe mailitem: %p.", + SRCNAME, __func__, m_mailitem); return -1; } m_needs_wipe = false; ----------------------------------------------------------------------- Summary of changes: src/mail.cpp | 12 ++++++++++++ src/mail.h | 9 +++++++++ src/mailitem-events.cpp | 7 +++++++ 3 files changed, 28 insertions(+) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 2 17:54:20 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 02 Nov 2015 17:54:20 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-84-gb942f73 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via b942f73f7961fd277cbafab9d2a5ed08038f00db (commit) from 452477949fe2f1d8ca36ebbad31c6f3c6607e30e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b942f73f7961fd277cbafab9d2a5ed08038f00db Author: Andre Heinecke Date: Mon Nov 2 17:46:55 2015 +0100 Wipe all decrypted mails on disconnect. * src/mail.cpp (wipe_all_mails): New. * src/gpgoladdin.cpp (~GpgOLAddin): Add more debug output. (OnDisconnection): Call wipe all mails. -- This should cover the case that we decrypted a message and are deactivated before the write / save event that removes the plaintext in that message again. nuPG-Bug-Id: 2138 diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp index 5ba8a72..6f4c4a4 100644 --- a/src/gpgoladdin.cpp +++ b/src/gpgoladdin.cpp @@ -48,6 +48,7 @@ #include "eventsinks.h" #include "eventsink.h" #include "windowmessages.h" +#include "mail.h" #define ICON_SIZE_LARGE 32 #define ICON_SIZE_NORMAL 16 @@ -163,11 +164,13 @@ GpgolAddin::GpgolAddin (void) : m_lRef(0), m_application(0), GpgolAddin::~GpgolAddin (void) { - log_debug ("%s:%s: cleaning up GpgolAddin object;", + log_debug ("%s:%s: Releasing Extender;", SRCNAME, __func__); - m_ribbonExtender->Release (); - m_applicationEventSink->Release() ; + + log_debug ("%s:%s: Releasing Application Event Sink;", + SRCNAME, __func__); + m_applicationEventSink->Release(); if (!m_disabled) { @@ -264,6 +267,23 @@ GpgolAddin::OnDisconnection (ext_DisconnectMode RemoveMode, { (void)custom; (void)RemoveMode; + log_debug ("%s:%s: cleaning up GpgolAddin object;", + SRCNAME, __func__); + + /* Doing the wipe in the dtor is too late. Outlook + does not allow us any OOM calls then and only returns + "Unexpected error" in that case. Weird. */ + + if (Mail::wipe_all_mails ()) + { + MessageBox (NULL, + _("Failed to remove plaintext from at least one message.\n\n" + "Until GpgOL is activated again it is possible that the " + "plaintext of messages decrypted in this Session is saved " + "or transfered back to your mailserver."), + _("GpgOL"), + MB_ICONINFORMATION|MB_OK); + } write_options(); return S_OK; diff --git a/src/mail.cpp b/src/mail.cpp index c5ea30a..9e81e13 100644 --- a/src/mail.cpp +++ b/src/mail.cpp @@ -337,3 +337,20 @@ Mail::get_sender () } return m_sender; } + + +int +Mail::wipe_all_mails () +{ + int err = 0; + std::map::iterator it; + for (it = g_mail_map.begin(); it != g_mail_map.end(); ++it) + { + if (it->second->wipe ()) + { + log_error ("Failed to wipe mail: %p ", it->first); + err++; + } + } + return err; +} diff --git a/src/mail.h b/src/mail.h index 81547cd..0d7084d 100644 --- a/src/mail.h +++ b/src/mail.h @@ -54,6 +54,16 @@ public: */ static Mail* get_mail_for_item (LPDISPATCH mailitem); + /** @brief wipe the plaintext from all known Mail objects. + * + * This is intended as a "cleanup" call to be done on unload + * to avoid leaking plaintext in case we are deactivated while + * some mails still have their plaintext inserted. + * + * @returns the number of errors that occured. + */ + static int wipe_all_mails (); + /** @brief Reference to the mailitem. Do not Release! */ LPDISPATCH item () { return m_mailitem; } ----------------------------------------------------------------------- Summary of changes: src/gpgoladdin.cpp | 26 +++++++++++++++++++++++--- src/mail.cpp | 17 +++++++++++++++++ src/mail.h | 10 ++++++++++ 3 files changed, 50 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 3 12:39:58 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 03 Nov 2015 12:39:58 +0100 Subject: [git] gnupg-doc - branch, master, updated. 8ce8b1d31e9f4f3f8f7e88ba90f035a8427784e2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 8ce8b1d31e9f4f3f8f7e88ba90f035a8427784e2 (commit) from 84666dbfe2fdf6de43a071de4fbd80fee9b0ef3c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8ce8b1d31e9f4f3f8f7e88ba90f035a8427784e2 Author: Neal H. Walfield Date: Tue Nov 3 12:39:14 2015 +0100 blog: News for September and October. diff --git a/misc/blog.gnupg.org/20151103-gnupg-in-october.org b/misc/blog.gnupg.org/20151103-gnupg-in-october.org new file mode 100644 index 0000000..39b18ae --- /dev/null +++ b/misc/blog.gnupg.org/20151103-gnupg-in-october.org @@ -0,0 +1,301 @@ +# GnuPG News for September and October 2015 +#+STARTUP: showall +#+AUTHOR: Neal +#+DATE: November 3rd, 2015 +#+Keywords: Presentation, TOFU, Tor, g13, disk encryption + +** GnuPG News for September and October 2015 + +*** Keynote at FSCONs + +If you'll be in Sweden next week for the FSCONS, you'll have the +opportunity to hear Werner Koch's talk on Saturday afternoon: [[https://frab.fscons.org/en/fscons2015/public/events/243][The +state of everyday cryptography]]: + + After Snowden explained to the world that even the crypto geeks had + been too optimistic about the state of global surveillance, a new + interest in developing and promoting systems to provide encryption + service for normal human beings awoke. There are several systems + with widely different goals, user bases, and cryptographic strength + in active use. Some popped up and quickly drowned, others are + getting more and more attention, and finally there are some old + comrades finally getting public interest. In this talk, Werner gives + an overview of these different systems and tries to predict their + future. Will some of these encryption systems survive and thus + force the NSA/CGHQ/BND to spend a lot more money on mass + surveillance? + +*** Development + +Since the last blog post, there have been two releases of GnuPG: +version [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q3/000379.html][2.1.8]] and version [[https://lists.gnupg.org/pipermail/gnupg-announce/2015q4/000380.html][2.1.9]]. These releases were primarily bug +fix releases. The one noteworthy new feature (implemented by Werner) +is support for [[http://tools.ietf.org/wg/dane/draft-ietf-dane-openpgpkey/][OpenPGP DANE]], which allows looking up keys that have +been stored in the DNS. + +In terms of development, Neal has finished the preliminary +implementation of TOFU and Werner has been working on two new +features: Tor support for GnuPG and g13, which provides GnuPG support +for DM-Crypt. Daniel Kahn Gillmor provided a patch to explicitly +deprecate algorithms in addition to those that GnuPG has marked as +deprecated. Andre Heinecke has been working on GpgOL, a GnuPG plug-in +for Outlook, and Kai has continued to work on Enigmail. + +**** Noteworthy Bugs + +Niibe fixed a bug effecting the use of ed25519 keys with GnuPG's ssh +agent code. When using an ed25519 authentication key imported with +~ssh-add~, GnuPG 2.1.8 and later could no longer read the keys saved +by older versions of GnuPG. This was due to a bug in the way that +older versions of GnuPG saved the key. To work around this, you need +to manually delete the old key and reimport it using ssh-add. Refer +to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798956#24 and +https://bugs.gnupg.org/gnupg/issue2096 for more details. + +Niibe also fixed a bug arising from a new GCC optimization. The +optimization, which was introduced in GCC 5, caused GnuPG to fail to +positively verify some messages. The issue was that instead of +returning the address of a local variable, gcc would simply return +NULL. (GnuPG was using this ugly hack to return something other than +NULL to indicate success for an empty packet; the caller didn't +actually examine the value pointed to by the address.) See this +[[https://lists.gnupg.org/pipermail/gnupg-devel/2015-September/030334.html][message]] for more details. + +Jonas Magazinius [[http://www.metzdowd.com/pipermail/cryptography/2015-October/026685.html][identified a downgrade attack]] on the OpenPGP message +format: + + [He] found that [OpenPGP] is vulnerable to a chosen-ciphertext + attack to downgrade [a Symmetrically Encrypted Integrity Protected + Data Packet (SEIP)] to a plain [Symmetrically Encrypted Data Packet + (SE)] packet. Due to the properties of CFB mode and OpenPGP?s + predictable message structure, it is possible to switch the SEIP tag + to SE, strip the MDC (and signature), and align and manipulate the + encrypted packet. The implications are, among others, that an + encrypted and signed message can be stripped of its signature and + modified arbitrarily, with certain restrictions, by an attacker + without knowing the key. + +Since symmetrically encrypted data packets have been deprecated since +RFC 4880, which was release in 2007, GnuPG mitigates this attack by +aborting if the message contains an SE packet and was encrypted with a +relatively modern cipher (anything with a block length that is greater +than 64-bits as well as twofish). Since (hopefully) no one is using +the old ciphers, an attacker will only be able to downgrade old +messages. + +**** OpenPGP DANE + +[[https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/?include_text%3D1][OpenPGP DANE]] ist a new mechanism for OpenPGP key discovery. The basic +idea is that users publish their key in the Secure DNS. Then, when +someone is looking up a key, they simply use DNS to find it. This has +the advantage that since the user (or the user's mail provider) +controls the domain, it is less likely that a rogue key will be +returned, which can happen when using an HKP keyserver since the +keyserver has no way to determine what key is correct. + +Werner has implemented this and it is available in the most recent +GnuPG release. GnuPG makes one small derivation from the proposed +standard: GnuPG always lower-cases the local-part of the email +address. + +To create a DANE record, use the following command: + +#+BEGIN_EXAMPLE +$ gpg2 --print-dane-records -k KEYID +#+END_EXAMPLE + +To search for a key using DANE, use: + +#+BEGIN_EXAMPLE +$ gpg2 --auto-key-locate dane --search-keys email at example.org +#+END_EXAMPLE + +**** TOFU + +Neal finally committed TOFU support to the git repository. Special +thanks go to Andre Heinecke, who helped debug the code. It will be +available in the next release. Although TOFU will not be turned on by +default, we encourage MUAs to prompt users to switch to this trust +model. + +[[https://en.wikipedia.org/wiki/Trust_on_first_use][TOFU]] stands for Trust on First Use and is a concept that will be +familiar to anyone who regularly uses ssh. When you ssh to a host for +the first time, ssh asks you to verify the host's key (most people +just say yes here). When connecting to the same host in the future, +ssh checks that the key hasn't changed. If it has, ssh displays a +warning. TOFU for GnuPG works similarly. + +In contrast to the [[https://en.wikipedia.org/wiki/Web_of_trust][Web of Trust]] (WoT), TOFU's security guarantees are +rather weak. When using the WoT correctly, you can have high +confidence that if GnuPG says a given key is controlled by a specific +user, then it probably is. TOFU, on the other hand, is only able to +detect when the key associated with an email address has changed. +Despite this, TOFU will be more secure than the WoT for most users in +practice. This is because using the WoT requires a lot of manual +support, which most users never both with. In particular, you need to +verify fingerprints and set the owner trust to take advantage of +friend of friend verification. + +Happily you don't need to choose between TOFU and the WoT. It is +possible to combine them using the tofu+pgp trust model. In this +model, the trust level for a key under each model is computed and then +the maximum is taken. + +For users who want TOFU's ability to detect conflicts, but don't like +that TOFU assigns positive (marginal) trust to new keys without +prompting, it is possible to change the default policy to unknown or +to always prompt the user for the policy for new keys using the +--tofu-default-policy option. + +To enable TOFU support, you just need to add the following to your +gpg.conf file: + +#+BEGIN_EXAMPLE +trust-model tofu+pgp +#+END_EXAMPLE + +Other than that, there is nothing special that you need to do to take +advantage of TOFU. See [[https://lists.gnupg.org/pipermail/gnupg-users/2015-October/054608.html][this mail]] for more details. (For a more +implementation-focused discussion, see [[https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030341.html][this mail]].) Also consult the +manual (search for tofu to find the relevant options). + +**** Tor Support + +Werner has committed basic support for Tor to the GnuPG git +repository. It can be enabled by passing the --use-tor flag to +dirmngr (or setting use-tor in dirmngr.conf). Note: to test this +feature, you'll also need a version of libassuan from git. + +GnuPG's Tor support is careful to make sure that traffic is not +accidentally routed via the open Internet. To ensure this, when Tor +support is enabled and traffic can't be routed via Tor, GnuPG fails +rather than leaks data. In order to ensure that information is not +leaked via DNS, GnuPG will use [[http://www.chiark.greenend.org.uk/~ian/adns/][ADNS]] to access the DNS rather than the +system resolver. (ADNS has been used by GnuPG on Windows since 2008.) +Werner has modified it to support Tor and is currently in the process +of getting the patches integrated upstream. + +Kristian Fiskers, the manager of the SKS Keyserver pool, began looking +into making keyservers accessible as Tor hidden services. Information +about which keyservers support Tor and their respective .onion +addresses can be found on [[https://sks-keyservers.net/status/][the SKS status page]]. However, just as you +don't typically want to configure GnuPG to use a single key server +rather than the fault-tolerant pool, Kristian has set up an Onion +Balancer, [[hkp://jirk5u4osbsr34t5.onion][hkp://jirk5u4osbsr34t5.onion]], to redirect requests to the +various Tor-enabled keyservers. Support is still experimental. + +**** g13 + +Werner has been working on g13. g13 is part of the GnuPG suite of +tools. It provides support for working with DM-Crypt devices with +OpenPGP keys and takes advantage of the existing GnuPG infrastructure. + +Currently, DM-Crypt is primarily used with LUKS. A LUKS encrypted +volume has a small header at the start of the volume, which includes +the master key encrypted with a passphrase. The passphrase is a weak +point of the system as it is often vulnerable to a brute-force attack. +A more secure approach is to encrypt the master key with a secret key +stored on a smart card. Further, it should be possible to use +existing keys. GnuPG, of course, has long had good support for +interacting with smartcards and working with OpenPGP keys. + +**** Deprecating Specific Algorithms + +Daniel Kahn Gillmor (dkg) contributed a patch to provide an option to +explicitly deprecate algorithms in addition to those that GnuPG has +marked as deprecated. This is useful for deprecating SHA-1, for +instance. GnuPG can't do this by default because SHA-1 is a +mandatory-to-implement algorithm and is widely used in the OpenPGP +ecosystem. Nevertheless, as dkg says: + + Some operators of high-value targets that depend on OpenPGP + signatures may wish to require their signers to use a stronger + digest algorithm than SHA1, even if the OpenPGP ecosystem at large + cannot deprecate SHA1 entirely today. + +**** GpgOL + +Andre Heinecke has been evaluating the feasibility of supporting +PGP/MIME and S/MIME in Outlook 2007 and later. So far he has +implemented support for reading MIME messages. This is included in a +[[https://wiki.gnupg.org/GpgOL/Development/Testversions][beta version of GpgOL]]. He is currently working on sending PGP/MIME +messages. Some preliminary code has been committed to the master +branch of GpgOL. Testing is appreciated and bug reports should be +filed in the [[bugs.gnupg.org][bugs.gnupg.org bug tracker]]. + +For a draft of the release plan please refer to the [[https://wiki.gnupg.org/Gpg4win/Roadmap][Gpg4win Roadmap]]. + +**** Enigmail + +Kai has continued to work on Enigmail. He added support for the +Keybase protocol and for importing public keys from URLs. He also +work on ensuring that warnings about sending unsigned emails. + +*** Furture Work + +Intevation and and g10code have been awarded a 2 year contract by the +[[https://en.wikipedia.org/wiki/Federal_Office_for_Information_Security][BSI]] (the German office for information security) to start work on the +[[http://ted.europa.eu/udl?uri=TED:NOTICE:344537-2015:TEXT:EN:HTML][Gpg4all]] project ([[http://lists.wald.intevation.org/pipermail/gpg4win-devel/2015-October/001528.html][announcement]]). The main objectives of Gpg4all are to +maintain Gpg4win and to research end-to-end encryption for webmail and +Android phones. + +The BSI also accepted a bid by Intevation and g10code to work on the +[[http://www.evergabe-online.de/home?0&id=96898][Gpg4VS-NfD]] project. The goal of this project is to prepare Gpg4win +and GnuPG for approval for use with classified documents at the VS-Nfd +(restricted) level in Germany. The main task is to improve the +internal documentation of GnuPG and to implement a configuration +option to restrict what GnuPG can do according to this classification +level's requirements (e.g., the set of permitted algorithms). More +details will be published soon. + +*** Discussions + +On gnupg-devel, Andreas Schwier asked about [[https://lists.gnupg.org/pipermail/gnupg-devel/2015-September/030271.html][n-of-m threshold schemes]] +for accessing sensitive keys. He's implemented this support in the +SmartCard-HSM and would like to see support for it in scdaemon. +Andreas also wrote a [[http://www.smartcard-hsm.com/2015/10/10/Shared_Control_over_Key_Usage.html][blog post]] describing the various use cases in +more detail. Werner replied that the main challenge will be coming up +with a good user interface and that this is the reason that GnuPG +doesn't support this type of secret sharing yet. + +Werner [[https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030483.html][announced]] that the GnuPG would start to use some C99 features. +In particular, we'll start using variadic macros (__VA_ARGS__), the +predefined macro __func__ and variable declarations inside a for loop +(for (int i = 0; i < 5; i ++) {}). + +On gnupg-users, Nix asked about using [[https://lists.gnupg.org/pipermail/gnupg-users/2015-September/054334.html][GnuPG 2.1 with NFS]]. Werner +provided [[https://lists.gnupg.org/pipermail/gnupg-users/2015-September/054337.html][a workaround to use a non-standard socket name for gpg-agent]]. + +Robert H. Hansen posted that [[http://www.theregister.co.uk/2015/09/24/facebook_crypto_upped/][Facebook has upgraded their support]] for +OpenPGP. After a question from Christian Heinrich about Facebook's +support, Jon Millican indicated that it is possible to [[https://lists.gnupg.org/pipermail/gnupg-users/2015-October/054460.html][fetch public +keys via Facebook's Graph API]]. + +Bernhard Reiter [[https://lists.gnupg.org/pipermail/gnupg-users/2015-October/054582.html][encouraged people to edit the libgcrypt page on +Wikipedia]]. He noted that people closely related to the project are +discouraged from editing pages about their own work and encouraged +other members of the community to get involved this way. + +*** New Employee + +g10code has hired another developer, Justus Winter, to work on GnuPG +and related projects. Justus has been hacking on Free Software, in +particular, the Hurd, since 2013. His major contributions include +porting Debian/Hurd to sysvinit, and improving the performance along +the RPC path, notably by amending the Mach message format to include +Protected Payloads. He started work at the beginning of November. + +*** Donations + +Werner improved the [[https://gnupg.org/donate/index.html][donation system]] to accept donations using SEPA +bank transfer. This should make it easy and cheap to donate Euros +from most of the European states. + + +** About this news posting + +We try to write a news posting each month. However, other work may +have a higher priority (e.g. security fixes) and thus there is no +promise for a fixed publication date. If you have an interesting +topic for a news posting, please send it to us. A regular summary of +the mailing list discussions would make a nice column on this news. ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20151103-gnupg-in-october.org | 301 ++++++++++++++++++++++ 1 file changed, 301 insertions(+) create mode 100644 misc/blog.gnupg.org/20151103-gnupg-in-october.org hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 3 15:22:19 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Nov 2015 15:22:19 +0100 Subject: [git] gnupg-doc - branch, master, updated. d9b142369758e759470218433b742c8cad3660b5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d9b142369758e759470218433b742c8cad3660b5 (commit) from 8ce8b1d31e9f4f3f8f7e88ba90f035a8427784e2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d9b142369758e759470218433b742c8cad3660b5 Author: Werner Koch Date: Tue Nov 3 14:55:34 2015 +0100 blog: Fix formatting and a name spelling error. diff --git a/misc/blog.gnupg.org/20151103-gnupg-in-october.org b/misc/blog.gnupg.org/20151103-gnupg-in-october.org index 39b18ae..7888c64 100644 --- a/misc/blog.gnupg.org/20151103-gnupg-in-october.org +++ b/misc/blog.gnupg.org/20151103-gnupg-in-october.org @@ -6,12 +6,13 @@ ** GnuPG News for September and October 2015 -*** Keynote at FSCONs +*** Talk at FSCONS If you'll be in Sweden next week for the FSCONS, you'll have the opportunity to hear Werner Koch's talk on Saturday afternoon: [[https://frab.fscons.org/en/fscons2015/public/events/243][The state of everyday cryptography]]: +#+begin_quote After Snowden explained to the world that even the crypto geeks had been too optimistic about the state of global surveillance, a new interest in developing and promoting systems to provide encryption @@ -24,6 +25,7 @@ state of everyday cryptography]]: future. Will some of these encryption systems survive and thus force the NSA/CGHQ/BND to spend a lot more money on mass surveillance? +#+end_quote *** Development @@ -41,7 +43,7 @@ deprecate algorithms in addition to those that GnuPG has marked as deprecated. Andre Heinecke has been working on GpgOL, a GnuPG plug-in for Outlook, and Kai has continued to work on Enigmail. -**** Noteworthy Bugs +*** Noteworthy Bugs Niibe fixed a bug effecting the use of ed25519 keys with GnuPG's ssh agent code. When using an ed25519 authentication key imported with @@ -64,6 +66,7 @@ actually examine the value pointed to by the address.) See this Jonas Magazinius [[http://www.metzdowd.com/pipermail/cryptography/2015-October/026685.html][identified a downgrade attack]] on the OpenPGP message format: +#+begin_quote [He] found that [OpenPGP] is vulnerable to a chosen-ciphertext attack to downgrade [a Symmetrically Encrypted Integrity Protected Data Packet (SEIP)] to a plain [Symmetrically Encrypted Data Packet @@ -74,6 +77,7 @@ format: encrypted and signed message can be stripped of its signature and modified arbitrarily, with certain restrictions, by an attacker without knowing the key. +#+end_quote Since symmetrically encrypted data packets have been deprecated since RFC 4880, which was release in 2007, GnuPG mitigates this attack by @@ -83,7 +87,7 @@ than 64-bits as well as twofish). Since (hopefully) no one is using the old ciphers, an attacker will only be able to downgrade old messages. -**** OpenPGP DANE +*** OpenPGP DANE [[https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/?include_text%3D1][OpenPGP DANE]] ist a new mechanism for OpenPGP key discovery. The basic idea is that users publish their key in the Secure DNS. Then, when @@ -110,7 +114,7 @@ To search for a key using DANE, use: $ gpg2 --auto-key-locate dane --search-keys email at example.org #+END_EXAMPLE -**** TOFU +*** TOFU Neal finally committed TOFU support to the git repository. Special thanks go to Andre Heinecke, who helped debug the code. It will be @@ -159,7 +163,7 @@ advantage of TOFU. See [[https://lists.gnupg.org/pipermail/gnupg-users/2015-Oct implementation-focused discussion, see [[https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030341.html][this mail]].) Also consult the manual (search for tofu to find the relevant options). -**** Tor Support +*** Tor Support Werner has committed basic support for Tor to the GnuPG git repository. It can be enabled by passing the --use-tor flag to @@ -175,16 +179,16 @@ system resolver. (ADNS has been used by GnuPG on Windows since 2008.) Werner has modified it to support Tor and is currently in the process of getting the patches integrated upstream. -Kristian Fiskers, the manager of the SKS Keyserver pool, began looking +Kristian Fiskerstrand, the manager of the SKS Keyserver pool, began looking into making keyservers accessible as Tor hidden services. Information about which keyservers support Tor and their respective .onion addresses can be found on [[https://sks-keyservers.net/status/][the SKS status page]]. However, just as you don't typically want to configure GnuPG to use a single key server rather than the fault-tolerant pool, Kristian has set up an Onion -Balancer, [[hkp://jirk5u4osbsr34t5.onion][hkp://jirk5u4osbsr34t5.onion]], to redirect requests to the +Balancer, [[hkp://jirk5u4osbsr34t5.onion]], to redirect requests to the various Tor-enabled keyservers. Support is still experimental. -**** g13 +*** g13 Werner has been working on g13. g13 is part of the GnuPG suite of tools. It provides support for working with DM-Crypt devices with @@ -199,7 +203,7 @@ stored on a smart card. Further, it should be possible to use existing keys. GnuPG, of course, has long had good support for interacting with smartcards and working with OpenPGP keys. -**** Deprecating Specific Algorithms +*** Deprecating Specific Algorithms Daniel Kahn Gillmor (dkg) contributed a patch to provide an option to explicitly deprecate algorithms in addition to those that GnuPG has @@ -208,12 +212,14 @@ instance. GnuPG can't do this by default because SHA-1 is a mandatory-to-implement algorithm and is widely used in the OpenPGP ecosystem. Nevertheless, as dkg says: +#+begin_quote Some operators of high-value targets that depend on OpenPGP signatures may wish to require their signers to use a stronger digest algorithm than SHA1, even if the OpenPGP ecosystem at large cannot deprecate SHA1 entirely today. +#+end_quote -**** GpgOL +*** GpgOL Andre Heinecke has been evaluating the feasibility of supporting PGP/MIME and S/MIME in Outlook 2007 and later. So far he has @@ -225,21 +231,21 @@ filed in the [[bugs.gnupg.org][bugs.gnupg.org bug tracker]]. For a draft of the release plan please refer to the [[https://wiki.gnupg.org/Gpg4win/Roadmap][Gpg4win Roadmap]]. -**** Enigmail +*** Enigmail Kai has continued to work on Enigmail. He added support for the Keybase protocol and for importing public keys from URLs. He also work on ensuring that warnings about sending unsigned emails. -*** Furture Work +*** Future Work -Intevation and and g10code have been awarded a 2 year contract by the +Intevation and g10^code have been awarded a 2 year contract by the [[https://en.wikipedia.org/wiki/Federal_Office_for_Information_Security][BSI]] (the German office for information security) to start work on the [[http://ted.europa.eu/udl?uri=TED:NOTICE:344537-2015:TEXT:EN:HTML][Gpg4all]] project ([[http://lists.wald.intevation.org/pipermail/gpg4win-devel/2015-October/001528.html][announcement]]). The main objectives of Gpg4all are to maintain Gpg4win and to research end-to-end encryption for webmail and Android phones. -The BSI also accepted a bid by Intevation and g10code to work on the +The BSI also accepted a bid by Intevation and g10^code to work on the [[http://www.evergabe-online.de/home?0&id=96898][Gpg4VS-NfD]] project. The goal of this project is to prepare Gpg4win and GnuPG for approval for use with classified documents at the VS-Nfd (restricted) level in Germany. The main task is to improve the @@ -259,9 +265,9 @@ with a good user interface and that this is the reason that GnuPG doesn't support this type of secret sharing yet. Werner [[https://lists.gnupg.org/pipermail/gnupg-devel/2015-October/030483.html][announced]] that the GnuPG would start to use some C99 features. -In particular, we'll start using variadic macros (__VA_ARGS__), the -predefined macro __func__ and variable declarations inside a for loop -(for (int i = 0; i < 5; i ++) {}). +In particular, we'll start using variadic macros (=__VA_ARGS__=), the +predefined macro =__func__= and variable declarations inside a for loop +(=for (int i = 0; i < 5; i ++) {}=). On gnupg-users, Nix asked about using [[https://lists.gnupg.org/pipermail/gnupg-users/2015-September/054334.html][GnuPG 2.1 with NFS]]. Werner provided [[https://lists.gnupg.org/pipermail/gnupg-users/2015-September/054337.html][a workaround to use a non-standard socket name for gpg-agent]]. @@ -278,7 +284,7 @@ other members of the community to get involved this way. *** New Employee -g10code has hired another developer, Justus Winter, to work on GnuPG +g10^code has hired another developer, Justus Winter, to work on GnuPG and related projects. Justus has been hacking on Free Software, in particular, the Hurd, since 2013. His major contributions include porting Debian/Hurd to sysvinit, and improving the performance along ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20151103-gnupg-in-october.org | 42 +++++++++++++---------- 1 file changed, 24 insertions(+), 18 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 3 15:52:57 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Nov 2015 15:52:57 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.3.0-8-gc2fca26 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via c2fca26e2d9fb9ba7a9d87300e735a53e2615a7a (commit) via 0beb1784e7b72e31ecec441ee0a8ba4cef63d853 (commit) via 6034cc02e38cb947800f904f678c4ef5ff9c2050 (commit) via 7279c3ce9283723bd7f670051cd8a2087f62cd7f (commit) from dda9c84bc67326a6d2bef1e5c45b5de8b67eeb40 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c2fca26e2d9fb9ba7a9d87300e735a53e2615a7a Author: Werner Koch Date: Tue Nov 3 15:49:17 2015 +0100 Post release updates. -- diff --git a/NEWS b/NEWS index 1c2ab56..63b6e64 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.4.1 (unreleased) [C7/A7/R_] +------------------------------------------------ + + Noteworthy changes in version 2.4.0 (2015-11-03) [C7/A7/R0] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index a4e7ee7..313dafc 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libassuan]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [4]) -m4_define([mym4_micro], [0]) +m4_define([mym4_micro], [1]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit 0beb1784e7b72e31ecec441ee0a8ba4cef63d853 Author: Werner Koch Date: Tue Nov 3 15:42:10 2015 +0100 Release 2.4.0 * configure.ac: Bump LT version to C7/A7/Ro. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 35a5725..1c2ab56 100644 --- a/NEWS +++ b/NEWS @@ -1,11 +1,11 @@ -Noteworthy changes in version 2.4.0 (unreleased) [C6/A6/R_] +Noteworthy changes in version 2.4.0 (2015-11-03) [C7/A7/R0] ------------------------------------------------ * New flags "socks" and "tor-mode" for assuan_sock_{set,get}_flag. * New function assuan_sock_connect_byname. - * Requires at least libgpg-error 1.17. + * Require at least libgpg-error 1.17. * Interface changes relative to the 2.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/configure.ac b/configure.ac index c18c2d3..a4e7ee7 100644 --- a/configure.ac +++ b/configure.ac @@ -31,8 +31,8 @@ min_automake_version="1.14" # for the LT versions. m4_define([mym4_package],[libassuan]) m4_define([mym4_major], [2]) -m4_define([mym4_minor], [3]) -m4_define([mym4_micro], [1]) +m4_define([mym4_minor], [4]) +m4_define([mym4_micro], [0]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release @@ -59,8 +59,8 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # (Interfaces added: AGE++) # (Interfaces removed/changed: AGE=0) # -LIBASSUAN_LT_CURRENT=6 -LIBASSUAN_LT_AGE=6 +LIBASSUAN_LT_CURRENT=7 +LIBASSUAN_LT_AGE=7 LIBASSUAN_LT_REVISION=0 # If the API is changed in an incompatible way: increment the next counter. commit 6034cc02e38cb947800f904f678c4ef5ff9c2050 Author: Werner Koch Date: Tue Nov 3 15:39:08 2015 +0100 w32: Use assuan_fd_t with the new socket functions. * src/assuan-socket.c (socks5_connect): Use assuan_fd_t instead of int. (_assuan_sock_connect): Ditto. (_assuan_sock_connect_byname): Ditto. Signed-off-by: Werner Koch diff --git a/src/assuan-socket.c b/src/assuan-socket.c index 12e9e38..89723b3 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -659,7 +659,8 @@ do_writen (assuan_context_t ctx, assuan_fd_t sockfd, /* Connect using the SOCKS5 protocol. */ static int -socks5_connect (assuan_context_t ctx, int sock, unsigned short socksport, +socks5_connect (assuan_context_t ctx, assuan_fd_t sock, + unsigned short socksport, const char *credentials, const char *hostname, unsigned short hostport, struct sockaddr *addr, socklen_t length) @@ -704,7 +705,7 @@ socks5_connect (assuan_context_t ctx, int sock, unsigned short socksport, proxyaddr_in.sin_addr.s_addr = htonl (INADDR_LOOPBACK); proxyaddr = (struct sockaddr *)&proxyaddr_in; proxyaddrlen = sizeof proxyaddr_in; - ret = _assuan_connect (ctx, sock, proxyaddr, proxyaddrlen); + ret = _assuan_connect (ctx, HANDLE2SOCKET (sock), proxyaddr, proxyaddrlen); if (ret) return ret; buffer[0] = 5; /* RFC-1928 VER field. */ @@ -968,7 +969,7 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, } else if (use_socks (addr)) { - return socks5_connect (ctx, HANDLE2SOCKET (sockfd), tor_mode, + return socks5_connect (ctx, sockfd, tor_mode, NULL, NULL, 0, addr, addrlen); } else @@ -1034,7 +1035,7 @@ _assuan_sock_connect_byname (assuan_context_t ctx, const char *host, unsigned short port, int reserved, const char *credentials, unsigned int flags) { - int fd; + assuan_fd_t fd; unsigned short socksport; if ((flags & ASSUAN_SOCK_TOR)) @@ -1057,7 +1058,7 @@ _assuan_sock_connect_byname (assuan_context_t ctx, const char *host, int save_errno = errno; assuan_sock_close (fd); gpg_err_set_errno (save_errno); - return -1; + return ASSUAN_INVALID_FD; } return fd; commit 7279c3ce9283723bd7f670051cd8a2087f62cd7f Author: Werner Koch Date: Tue Nov 3 15:26:29 2015 +0100 Use asprintf function from libgpg-error. * configure.ac: Require libgpg-error 1.17. (vasprintf): Remove ac_replace. * src/assuan-defs.h [!HAVE_VASPRINTF]: Remove replace wrapper. * src/assuan-logging.c (_assuan_log_control_channel): (_assuan_log_control_channel): s/asprintf/gpgrt_asprintf/. * src/debug.c (_assuan_debug): s/vasprintf/gpgrt_vasprintf/. (_assuan_debug_begin): Ditto. (_assuan_debug_add): Ditto. s/asprintf/gpgrt_asprintf/. -- We plan to move more code into libgpg-error/gpgrt anyway thus this is a good start which also fixes this bug: GnuPG-bug-id: 1477 Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 01fa3b6..35a5725 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,8 @@ Noteworthy changes in version 2.4.0 (unreleased) [C6/A6/R_] * New function assuan_sock_connect_byname. + * Requires at least libgpg-error 1.17. + * Interface changes relative to the 2.3.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ assuan_sock_connect_byname NEW. diff --git a/configure.ac b/configure.ac index 8e8768f..c18c2d3 100644 --- a/configure.ac +++ b/configure.ac @@ -355,7 +355,7 @@ AM_CONDITIONAL(USE_DESCRIPTOR_PASSING, test "$use_descriptor_passing" = "yes") # Checking for libgpg-error. -AM_PATH_GPG_ERROR(1.8,, AC_MSG_ERROR([libgpg-error was not found])) +AM_PATH_GPG_ERROR(1.17,, AC_MSG_ERROR([libgpg-error was not found])) # # Checks for library functions. @@ -396,7 +396,6 @@ AC_REPLACE_FUNCS(memrchr) AC_REPLACE_FUNCS(stpcpy) AC_CHECK_HEADERS(unistd.h) AC_REPLACE_FUNCS(setenv) -AC_REPLACE_FUNCS(vasprintf) # diff --git a/doc/assuan.texi b/doc/assuan.texi index 8445eb4..131ffc1 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -603,10 +603,14 @@ this will retrieve the underlying system handle with @node Initializing the library @section Initializing the library -In general the library requires no initialization. There are however -some initialization hooks provided which are often useful. These -should be called as early as possible and in a multi-threaded -application before a second thread is created. +Libassuan makes use of Libgpg-error and assumes that Libgpg-error has +been initialized. In general @code{gpgrt_check_version} should be +called to guarantee this; the Libgpg-error manual for details. + +Libassuan itself requires no initialization. There are however some +initialization hooks provided which are often useful. These should be +called as early as possible and in a multi-threaded application before +a second thread is created. These functions initialize default values that are used at context creation with @code{assuan_new}. As there can only be one default, diff --git a/src/assuan-defs.h b/src/assuan-defs.h index cf0015e..97b053d 100644 --- a/src/assuan-defs.h +++ b/src/assuan-defs.h @@ -394,12 +394,6 @@ int setenv (const char *name, const char *value, int replace); #ifndef HAVE_PUTC_UNLOCKED int putc_unlocked (int c, FILE *stream); #endif -#ifndef HAVE_VASPRINTF -int _assuan_vasprintf (char **result, const char *format, va_list args); -int _assuan_asprintf (char **buf, const char *fmt, ...); -#define vasprintf _assuan_vasprintf -#define asprintf _assuan_asprintf -#endif #define DIM(v) (sizeof(v)/sizeof((v)[0])) diff --git a/src/assuan-logging.c b/src/assuan-logging.c index d74e5d2..ca87488 100644 --- a/src/assuan-logging.c +++ b/src/assuan-logging.c @@ -28,7 +28,7 @@ #ifdef HAVE_W32_SYSTEM # ifdef HAVE_WINSOCK2_H # include -# endif +# endif # include #endif /*HAVE_W32_SYSTEM*/ #include @@ -147,7 +147,7 @@ _assuan_log_handler (assuan_context_t ctx, void *hook, unsigned int cat, fprintf (fp, "%s", msg); /* If the log stream is a file, the output would be buffered. This is bad for debugging, thus we flush the stream if FORMAT ends - with a LF. */ + with a LF. */ if (msg && *msg && msg[strlen (msg) - 1] == '\n') fflush (fp); gpg_err_set_errno (saved_errno); @@ -174,7 +174,7 @@ _assuan_log_control_channel (assuan_context_t ctx, int outbound, /* Check whether logging is enabled and do a quick check to see whether the callback supports our category. */ if (!ctx - || !ctx->log_cb + || !ctx->log_cb || ctx->flags.no_logging || !(*ctx->log_cb) (ctx, ctx->log_cb_data, ASSUAN_LOG_CONTROL, NULL)) return; @@ -204,8 +204,8 @@ _assuan_log_control_channel (assuan_context_t ctx, int outbound, if (string) { /* Print the diagnostic. */ - res = asprintf (&outbuf, "chan_" CHANNEL_FMT " %s [%s]\n", - ctx->inbound.fd, outbound? "->":"<-", string); + res = gpgrt_asprintf (&outbuf, "chan_" CHANNEL_FMT " %s [%s]\n", + ctx->inbound.fd, outbound? "->":"<-", string); } else if (buffer1) { @@ -231,7 +231,7 @@ _assuan_log_control_channel (assuan_context_t ctx, int outbound, { /* No control characters and not starting with our error message indicator. Log it verbatim. */ - res = asprintf (&outbuf, "chan_" CHANNEL_FMT " %s %.*s%.*s\n", + res = gpgrt_asprintf (&outbuf, "chan_" CHANNEL_FMT " %s %.*s%.*s\n", ctx->inbound.fd, outbound? "->":"<-", (int)length1, (const char*)buffer1, (int)length2, buffer2? (const char*)buffer2:""); @@ -246,7 +246,7 @@ _assuan_log_control_channel (assuan_context_t ctx, int outbound, char *hp; unsigned int nbytes; unsigned int maxbytes = full_logging? (2*LINELENGTH) : 16; - + nbytes = length1 + length2; if (nbytes > maxbytes) nbytes = maxbytes; diff --git a/src/debug.c b/src/debug.c index d6c3e80..9ef6237 100644 --- a/src/debug.c +++ b/src/debug.c @@ -60,7 +60,7 @@ _assuan_debug (assuan_context_t ctx, unsigned int cat, const char *format, ...) saved_errno = errno; va_start (arg_ptr, format); - res = vasprintf (&msg, format, arg_ptr); + res = gpgrt_vasprintf (&msg, format, arg_ptr); va_end (arg_ptr); if (res < 0) return; @@ -87,7 +87,7 @@ _assuan_debug_begin (assuan_context_t ctx, return; va_start (arg_ptr, format); - res = vasprintf ((char **) line, format, arg_ptr); + res = gpgrt_vasprintf ((char **) line, format, arg_ptr); va_end (arg_ptr); if (res < 0) *line = NULL; @@ -107,14 +107,14 @@ _assuan_debug_add (assuan_context_t ctx, void **line, const char *format, ...) return; va_start (arg_ptr, format); - res = vasprintf (&toadd, format, arg_ptr); + res = gpgrt_vasprintf (&toadd, format, arg_ptr); va_end (arg_ptr); if (res < 0) { free (*line); *line = NULL; } - res = asprintf (&result, "%s%s", *(char **) line, toadd); + res = gpgrt_asprintf (&result, "%s%s", *(char **) line, toadd); free (toadd); free (*line); if (res < 0) diff --git a/src/vasprintf.c b/src/vasprintf.c deleted file mode 100644 index bacb71c..0000000 --- a/src/vasprintf.c +++ /dev/null @@ -1,211 +0,0 @@ -/* Like vsprintf but provides a pointer to malloc'd storage, which must - be freed by the caller. - Copyright (C) 1994, 2002 Free Software Foundation, Inc. - -This file is part of the libiberty library. -Libiberty is free software; you can redistribute it and/or -modify it under the terms of the GNU Library General Public -License as published by the Free Software Foundation; either -version 2 of the License, or (at your option) any later version. - -Libiberty is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Library General Public License for more details. - -You should have received a copy of the GNU Library General Public -License along with libiberty; see the file COPYING.LIB. If -not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, -Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include -#include - - -#ifndef va_copy /* According to POSIX, va_copy is a macro. */ -#if defined (__GNUC__) && defined (__PPC__) \ - && (defined (_CALL_SYSV) || defined (_WIN32)) -#define va_copy(d, s) (*(d) = *(s)) -#elif defined (MUST_COPY_VA_BYVAL) -#define va_copy(d, s) ((d) = (s)) -#else -#define va_copy(d, s) memcpy ((d), (s), sizeof (va_list)) -#endif -#endif - - -#ifdef TEST -int global_total_width; -#endif - -static int int_vasprintf (char **, const char *, va_list *); - -static int -int_vasprintf (result, format, args) - char **result; - const char *format; - va_list *args; -{ -#if defined(HAVE_W32CE_SYSTEM) && defined(_MSC_VER) - /* No va_copy and the replacement above doesn't work. */ -#define MAX_STRLEN 256 - *result = malloc (MAX_STRLEN); - if (*result != NULL) - { - int res = _vsnprintf (*result, MAX_STRLEN, format, *args); - (*result)[MAX_STRLEN - 1] = '\0'; - return res; - } - else - return 0; -#else - const char *p = format; - /* Add one to make sure that it is never zero, which might cause malloc - to return NULL. */ - int total_width = strlen (format) + 1; - va_list ap; - - va_copy (ap, *args); - - while (*p != '\0') - { - if (*p++ == '%') - { - while (strchr ("-+ #0", *p)) - ++p; - if (*p == '*') - { - ++p; - total_width += abs (va_arg (ap, int)); - } - else - total_width += strtoul (p, (char **) &p, 10); - if (*p == '.') - { - ++p; - if (*p == '*') - { - ++p; - total_width += abs (va_arg (ap, int)); - } - else - total_width += strtoul (p, (char **) &p, 10); - } - while (strchr ("hlL", *p)) - ++p; - /* Should be big enough for any format specifier except %s and floats. */ - total_width += 30; - switch (*p) - { - case 'd': - case 'i': - case 'o': - case 'u': - case 'x': - case 'X': - case 'c': - (void) va_arg (ap, int); - break; - case 'f': - case 'e': - case 'E': - case 'g': - case 'G': - (void) va_arg (ap, double); - /* Since an ieee double can have an exponent of 307, we'll - make the buffer wide enough to cover the gross case. */ - total_width += 307; - break; - case 's': - { - char *tmp = va_arg (ap, char *); - if (tmp) - total_width += strlen (tmp); - else /* in case the vsprintf does prints a text */ - total_width += 25; /* e.g. "(null pointer reference)" */ - } - break; - case 'p': - case 'n': - (void) va_arg (ap, char *); - break; - } - p++; - } - } -#ifdef TEST - global_total_width = total_width; -#endif - *result = malloc (total_width); - if (*result != NULL) - return vsprintf (*result, format, *args); - else - return 0; -#endif -} - - -/* We use the _assuan prefix to keep our name space clean. */ -int -_assuan_vasprintf (char **result, const char *format, va_list args) -{ - return int_vasprintf (result, format, &args); -} - - -int -_assuan_asprintf (char **buf, const char *fmt, ...) -{ - int status; - va_list ap; - - va_start (ap, fmt); - status = _assuan_vasprintf (buf, fmt, ap); - va_end (ap); - return status; -} - - -#ifdef TEST - -#define asprintf _assuan_asprintf -#define vasprintf _assuan_vasprintf -static int any_failed; - -void -checkit (const char* format, ...) -{ - va_list args; - char *result; - - va_start (args, format); - vasprintf (&result, format, args); - if (strlen (result) < global_total_width) - printf ("PASS: "); - else - { - any_failed = 1; - printf ("FAIL: "); - } - printf ("%d %s\n", global_total_width, result); -} - -int -main (void) -{ - checkit ("%d", 0x12345678); - checkit ("%200d", 5); - checkit ("%.300d", 6); - checkit ("%100.150d", 7); - checkit ("%s", "jjjjjjjjjiiiiiiiiiiiiiiioooooooooooooooooppppppppppppaa\n\ -777777777777777777333333333333366666666666622222222222777777777777733333"); - checkit ("%f%s%d%s", 1.0, "foo", 77, "asdjffffffffffffffiiiiiiiiiiixxxxx"); - checkit ("%2$f%4$s%3$d%1$s", "asdjffffffffffffffiiiiiiiiiiixxxxx", 1.0, 77, "foo"); - return any_failed; -} -#endif /* TEST */ ----------------------------------------------------------------------- Summary of changes: NEWS | 8 +- configure.ac | 9 +-- doc/assuan.texi | 12 ++- src/assuan-defs.h | 6 -- src/assuan-logging.c | 14 ++-- src/assuan-socket.c | 11 +-- src/debug.c | 8 +- src/vasprintf.c | 211 --------------------------------------------------- 8 files changed, 36 insertions(+), 243 deletions(-) delete mode 100644 src/vasprintf.c hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 3 16:34:45 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 03 Nov 2015 16:34:45 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-97-g621afac Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 621afac37e5555fd68054531e611ead444b62928 (commit) via 36326112290b6eef47c9dada30dddbdf408680e4 (commit) via c8ef9f9a64d13ea8b9b4ade62525243abe2976ba (commit) via 8ae3946d28c43e30ef692ba6cf1a7fa4ed65ecc5 (commit) from 06f3eadb22986d9ebde9efff2794eb1d45d6c6d4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 621afac37e5555fd68054531e611ead444b62928 Author: Neal H. Walfield Date: Tue Nov 3 16:26:25 2015 +0100 gpg: Also show when the most recently signed message was observed. * g10/tofu.c (show_statistics): Also show when the most recently signed message was observed. -- Signed-off-by: Neal H. Walfield . Suggested-by: MFPA <2014-667rhzu3dc-lists-groups at riseup.net> diff --git a/g10/tofu.c b/g10/tofu.c index 06183ed..4dcaa11 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2377,6 +2377,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint, char *tail = NULL; signed long messages; signed long first_seen_ago; + signed long most_recent_seen_ago; assert (strlist_length (strlist) == 3); @@ -2392,7 +2393,10 @@ show_statistics (struct dbs *dbs, const char *fingerprint, if (messages == 0 && *strlist->next->d == '\0') /* min(NULL) => NULL => "". */ - first_seen_ago = -1; + { + first_seen_ago = -1; + most_recent_seen_ago = -1; + } else { errno = 0; @@ -2405,6 +2409,17 @@ show_statistics (struct dbs *dbs, const char *fingerprint, strlist->next->d, strerror (errno)); first_seen_ago = 0; } + + errno = 0; + most_recent_seen_ago = strtol (strlist->next->next->d, &tail, 0); + if (errno || *tail != '\0') + /* Abort. */ + { + log_debug ("%s:%d: Couldn't convert %s (most_recent_seen) to an int: %s.\n", + __func__, __LINE__, + strlist->next->next->d, strerror (errno)); + most_recent_seen_ago = 0; + } } if (messages == -1 || first_seen_ago == 0) @@ -2428,6 +2443,8 @@ show_statistics (struct dbs *dbs, const char *fingerprint, else { char *first_seen_ago_str = time_ago_str (first_seen_ago); + char *most_recent_seen_ago_str = + time_ago_str (most_recent_seen_ago); es_fprintf (fp, _("Verified %ld messages signed by \"%s\"" @@ -2436,8 +2453,13 @@ show_statistics (struct dbs *dbs, const char *fingerprint, fingerprint_pp, tofu_policy_str (policy), first_seen_ago_str); + if (messages > 1) + es_fprintf (fp, + _(" The most recent message was verified %s ago."), + most_recent_seen_ago_str); xfree (first_seen_ago_str); + xfree (most_recent_seen_ago_str); } es_fputc (0, fp); commit 36326112290b6eef47c9dada30dddbdf408680e4 Author: Neal H. Walfield Date: Tue Nov 3 16:24:08 2015 +0100 gpg: Split a utility function out of a large function. * g10/tofu.c (show_statistics): Break the time delta to string code into... (time_ago_str): ... this new function. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index b936f68..06183ed 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2184,6 +2184,152 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, return trust_level; } +static char * +time_ago_str (long long int t) +{ + estream_t fp; + int years = 0; + int months = 0; + int days = 0; + int hours = 0; + int minutes = 0; + int seconds = 0; + + /* The number of units that we've printed so far. */ + int count = 0; + /* The first unit that we printed (year = 0, month = 1, + etc.). */ + int first = -1; + /* The current unit. */ + int i = 0; + + char *str; + + /* It would be nice to use a macro to do this, but gettext + works on the unpreprocessed code. */ +#define MIN_SECS (60) +#define HOUR_SECS (60 * MIN_SECS) +#define DAY_SECS (24 * HOUR_SECS) +#define MONTH_SECS (30 * DAY_SECS) +#define YEAR_SECS (365 * DAY_SECS) + + if (t > YEAR_SECS) + { + years = t / YEAR_SECS; + t -= years * YEAR_SECS; + } + if (t > MONTH_SECS) + { + months = t / MONTH_SECS; + t -= months * MONTH_SECS; + } + if (t > DAY_SECS) + { + days = t / DAY_SECS; + t -= days * DAY_SECS; + } + if (t > HOUR_SECS) + { + hours = t / HOUR_SECS; + t -= hours * HOUR_SECS; + } + if (t > MIN_SECS) + { + minutes = t / MIN_SECS; + t -= minutes * MIN_SECS; + } + seconds = t; + +#undef MIN_SECS +#undef HOUR_SECS +#undef DAY_SECS +#undef MONTH_SECS +#undef YEAR_SECS + + fp = es_fopenmem (0, "rw,samethread"); + if (! fp) + log_fatal ("error creating memory stream\n"); + + if (years) + { + if (years > 1) + es_fprintf (fp, _("%d years"), years); + else + es_fprintf (fp, _("%d year"), years); + count ++; + first = i; + } + i ++; + if ((first == -1 || i - first <= 3) && months) + { + if (count) + es_fprintf (fp, _(", ")); + + if (months > 1) + es_fprintf (fp, _("%d months"), months); + else + es_fprintf (fp, _("%d month"), months); + count ++; + first = i; + } + i ++; + if ((first == -1 || i - first <= 3) && count < 2 && days) + { + if (count) + es_fprintf (fp, _(", ")); + + if (days > 1) + es_fprintf (fp, _("%d days"), days); + else + es_fprintf (fp, _("%d day"), days); + count ++; + first = i; + } + i ++; + if ((first == -1 || i - first <= 3) && count < 2 && hours) + { + if (count) + es_fprintf (fp, _(", ")); + + if (hours > 1) + es_fprintf (fp, _("%d hours"), hours); + else + es_fprintf (fp, _("%d hour"), hours); + count ++; + first = i; + } + i ++; + if ((first == -1 || i - first <= 3) && count < 2 && minutes) + { + if (count) + es_fprintf (fp, _(", ")); + + if (minutes > 1) + es_fprintf (fp, _("%d minutes"), minutes); + else + es_fprintf (fp, _("%d minute"), minutes); + count ++; + first = i; + } + i ++; + if ((first == -1 || i - first <= 3) && count < 2) + { + if (count) + es_fprintf (fp, _(", ")); + + if (seconds > 1) + es_fprintf (fp, _("%d seconds"), seconds); + else + es_fprintf (fp, _("%d second"), seconds); + } + + es_fputc (0, fp); + if (es_fclose_snatch (fp, (void **) &str, NULL)) + log_fatal ("error snatching memory stream\n"); + + return str; +} + static void show_statistics (struct dbs *dbs, const char *fingerprint, const char *email, const char *user_id, @@ -2203,7 +2349,8 @@ show_statistics (struct dbs *dbs, const char *fingerprint, rc = sqlite3_exec_printf (db->db, strings_collect_cb, &strlist, &err, - "select count (*), strftime('%%s','now') - min (signatures.time)\n" + "select count (*), strftime('%%s','now') - min (signatures.time),\n" + " strftime('%%s','now') - max (signatures.time)\n" " from signatures\n" " left join bindings on signatures.binding = bindings.oid\n" " where fingerprint = %Q and email = %Q and sig_digest %s%s%s;", @@ -2231,7 +2378,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint, signed long messages; signed long first_seen_ago; - assert (strlist_length (strlist) == 2); + assert (strlist_length (strlist) == 3); errno = 0; messages = strtol (strlist->d, &tail, 0); @@ -2253,7 +2400,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint, if (errno || *tail != '\0') /* Abort. */ { - log_debug ("%s:%d: Cound't convert %s (first_seen) to an int: %s.\n", + log_debug ("%s:%d: Couldn't convert %s (first_seen) to an int: %s.\n", __func__, __LINE__, strlist->next->d, strerror (errno)); first_seen_ago = 0; @@ -2280,149 +2427,25 @@ show_statistics (struct dbs *dbs, const char *fingerprint, user_id, fingerprint_pp, tofu_policy_str (policy)); else { - int years = 0; - int months = 0; - int days = 0; - int hours = 0; - int minutes = 0; - int seconds = 0; - - /* The number of units that we've printed so far. */ - int count = 0; - /* The first unit that we printed (year = 0, month = 1, - etc.). */ - int first = -1; - /* The current unit. */ - int i = 0; + char *first_seen_ago_str = time_ago_str (first_seen_ago); es_fprintf (fp, _("Verified %ld messages signed by \"%s\"" - " (key: %s, policy: %s) in the past "), + " (key: %s, policy: %s) in the past %s."), messages, user_id, - fingerprint_pp, tofu_policy_str (policy)); - - /* It would be nice to use a macro to do this, but gettext - works on the unpreprocessed code. */ -#define MIN_SECS (60) -#define HOUR_SECS (60 * MIN_SECS) -#define DAY_SECS (24 * HOUR_SECS) -#define MONTH_SECS (30 * DAY_SECS) -#define YEAR_SECS (365 * DAY_SECS) + fingerprint_pp, tofu_policy_str (policy), + first_seen_ago_str); - if (first_seen_ago > YEAR_SECS) - { - years = first_seen_ago / YEAR_SECS; - first_seen_ago -= years * YEAR_SECS; - } - if (first_seen_ago > MONTH_SECS) - { - months = first_seen_ago / MONTH_SECS; - first_seen_ago -= months * MONTH_SECS; - } - if (first_seen_ago > DAY_SECS) - { - days = first_seen_ago / DAY_SECS; - first_seen_ago -= days * DAY_SECS; - } - if (first_seen_ago > HOUR_SECS) - { - hours = first_seen_ago / HOUR_SECS; - first_seen_ago -= hours * HOUR_SECS; - } - if (first_seen_ago > MIN_SECS) - { - minutes = first_seen_ago / MIN_SECS; - first_seen_ago -= minutes * MIN_SECS; - } - seconds = first_seen_ago; -#undef MIN_SECS -#undef HOUR_SECS -#undef DAY_SECS -#undef MONTH_SECS -#undef YEAR_SECS - - if (years) - { - if (years > 1) - es_fprintf (fp, _("%d years"), years); - else - es_fprintf (fp, _("%d year"), years); - count ++; - first = i; - } - i ++; - if ((first == -1 || i - first <= 3) && months) - { - if (count) - es_fprintf (fp, _(", ")); - - if (months > 1) - es_fprintf (fp, _("%d months"), months); - else - es_fprintf (fp, _("%d month"), months); - count ++; - first = i; - } - i ++; - if ((first == -1 || i - first <= 3) && count < 2 && days) - { - if (count) - es_fprintf (fp, _(", ")); - - if (days > 1) - es_fprintf (fp, _("%d days"), days); - else - es_fprintf (fp, _("%d day"), days); - count ++; - first = i; - } - i ++; - if ((first == -1 || i - first <= 3) && count < 2 && hours) - { - if (count) - es_fprintf (fp, _(", ")); - - if (hours > 1) - es_fprintf (fp, _("%d hours"), hours); - else - es_fprintf (fp, _("%d hour"), hours); - count ++; - first = i; - } - i ++; - if ((first == -1 || i - first <= 3) && count < 2 && minutes) - { - if (count) - es_fprintf (fp, _(", ")); - - if (minutes > 1) - es_fprintf (fp, _("%d minutes"), minutes); - else - es_fprintf (fp, _("%d minute"), minutes); - count ++; - first = i; - } - i ++; - if ((first == -1 || i - first <= 3) && count < 2) - { - if (count) - es_fprintf (fp, _(", ")); - - if (seconds > 1) - es_fprintf (fp, _("%d seconds"), seconds); - else - es_fprintf (fp, _("%d second"), seconds); - } - - es_fprintf (fp, _(".")); - } + xfree (first_seen_ago_str); + } es_fputc (0, fp); if (es_fclose_snatch (fp, (void **) &msg, NULL)) log_fatal ("error snatching memory stream\n"); log_info ("%s\n", msg); + xfree (msg); if (policy == TOFU_POLICY_AUTO && messages < 10) { commit c8ef9f9a64d13ea8b9b4ade62525243abe2976ba Author: Neal H. Walfield Date: Tue Nov 3 15:51:29 2015 +0100 gpg: Fix message formatting. * g10/tofu.c (get_trust): Fix message formatting. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 37ae8c6..b936f68 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1876,7 +1876,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, char *conflict_pp = fingerprint_format (conflict); es_fprintf (fp, _("The key %s raised a conflict with this binding (%s)." - " Since this binding's policy was 'auto', it was" + " Since this binding's policy was 'auto', it was " "changed to 'ask'. "), conflict_pp, binding); xfree (conflict_pp); @@ -2069,7 +2069,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, "Normally, there is only a single key associated with an email " "address. However, people sometimes generate a new key if " "their key is too old or they think it might be compromised. " - "Alternatively, a new key may indicate a man-in-the-middle" + "Alternatively, a new key may indicate a man-in-the-middle " "attack! Before accepting this key, you should talk to or " "call the person to make sure this new key is legitimate."; es_fprintf (fp, "\n%s\n", text); commit 8ae3946d28c43e30ef692ba6cf1a7fa4ed65ecc5 Author: Neal H. Walfield Date: Tue Nov 3 15:43:03 2015 +0100 gpg: Don't store formatting fingerprints in the TOFU DB. * g10/tofu.c (fingerprint_pp): Split this function into... (fingerprint_str): ... this function... (fingerprint_format): ... and this function. (record_binding): Store the unformatted fingerprint in the DB. Only use the formatting fingerprint when displaying a message to the user. (get_trust): Likewise. (show_statistics): Likewise. (tofu_register): Likewise. (tofu_get_validity): Likewise. (tofu_set_policy): Likewise. (tofu_get_policy): Likewise. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index 6dda873..37ae8c6 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -167,9 +167,56 @@ tofu_cache_dump (struct db *db) # define TIME_AGO_UNIT_LARGE_NAME _("month") # define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("months") #endif + +static char * +fingerprint_str (const byte *fingerprint_bin) +{ + char *fingerprint = bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, NULL); + if (! fingerprint) + log_fatal ("Out of memory.\n"); + return fingerprint; +} + +/* Pretty print a MAX_FINGERPRINT_LEN-byte binary fingerprint into a + malloc'd string. */ +static char * +fingerprint_format (const byte *fingerprint) +{ + char *fingerprint_pretty; + int space = (/* The characters and the NUL. */ + 2 * MAX_FINGERPRINT_LEN + 1 + /* After every fourth character, we add a space (except + the last). */ + + 2 * MAX_FINGERPRINT_LEN / 4 - 1 + /* Half way through we add a second space. */ + + 1); + int i; + int j; + + if (strlen (fingerprint) != 2 * MAX_FINGERPRINT_LEN) + { + log_info (_("Fingerprint with unexpected length (%zd chars)\n"), + strlen (fingerprint)); + return xstrdup (fingerprint); + } + fingerprint_pretty = xmalloc (space); + + for (i = 0, j = 0; i < MAX_FINGERPRINT_LEN * 2; i ++) + { + if (i && i % 4 == 0) + fingerprint_pretty[j ++] = ' '; + if (i == MAX_FINGERPRINT_LEN * 2 / 2) + fingerprint_pretty[j ++] = ' '; + fingerprint_pretty[j ++] = fingerprint[i]; + } + fingerprint_pretty[j ++] = 0; + assert (j == space); + return fingerprint_pretty; +} + const char * tofu_policy_str (enum tofu_policy policy) { @@ -1074,6 +1121,7 @@ static gpg_error_t record_binding (struct dbs *dbs, const char *fingerprint, const char *email, const char *user_id, enum tofu_policy policy, int show_old) { + char *fingerprint_pp = fingerprint_format (fingerprint); struct db *db_email = NULL, *db_key = NULL; int rc; char *err = NULL; @@ -1132,7 +1180,7 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email, { log_debug ("TOFU: Error reading from binding database" " (reading policy for <%s, %s>): %s\n", - fingerprint, email, err); + fingerprint_pp, email, err); sqlite3_free (err); } } @@ -1142,12 +1190,12 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email, if (policy_old != TOFU_POLICY_NONE) log_debug ("Changing TOFU trust policy for binding <%s, %s>" " from %s to %s.\n", - fingerprint, email, + fingerprint_pp, email, tofu_policy_str (policy_old), tofu_policy_str (policy)); else log_debug ("Set TOFU trust policy for binding <%s, %s> to %s.\n", - fingerprint, email, + fingerprint_pp, email, tofu_policy_str (policy)); } @@ -1173,7 +1221,7 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email, { log_error (_("error updating TOFU binding database" " (inserting <%s, %s> = %s): %s\n"), - fingerprint, email, tofu_policy_str (policy), + fingerprint_pp, email, tofu_policy_str (policy), err); sqlite3_free (err); goto out; @@ -1201,7 +1249,7 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email, { log_error (_("error updating TOFU binding database" " (inserting <%s, %s>): %s\n"), - fingerprint, email, err); + fingerprint_pp, email, err); sqlite3_free (err); goto out; } @@ -1239,6 +1287,8 @@ record_binding (struct dbs *dbs, const char *fingerprint, const char *email, } } + xfree (fingerprint_pp); + if (rc) return gpg_error (GPG_ERR_GENERAL); return 0; @@ -1568,6 +1618,7 @@ static enum tofu_policy get_trust (struct dbs *dbs, const char *fingerprint, const char *email, const char *user_id, int may_ask) { + char *fingerprint_pp; struct db *db; enum tofu_policy policy; char *conflict = NULL; @@ -1595,38 +1646,33 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, if (! db) return _tofu_GET_TRUST_ERROR; + fingerprint_pp = fingerprint_format (fingerprint); + policy = get_policy (dbs, fingerprint, email, &conflict); if (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_NONE) /* See if the key is ultimately trusted. If so, we're done. */ { - int i, j; - char keyid[17]; + const char *keyid; KEYDB_SEARCH_DESC desc; /* We need to convert the fingerprint as a string to a long keyid. - FINGERPRINT has the form: + FINGERPRINT is stored as follows: - 362D 3527 F53A AD19 71AA FDE6 5885 9975 EE37 CF96 - ------------------- + 362D3527F53AAD1971AAFDE658859975EE37CF96 + ------------------- The last 16 characters are the long keyid. */ - assert (strlen (fingerprint) > 4 * 4 + 3); - for (i = strlen (fingerprint) - (4 * 4 + 3), j = 0; j < 16; i ++, j ++) - { - if (fingerprint[i] == ' ') - i ++; - keyid[j] = fingerprint[i]; - } - keyid[j] = 0; + assert (strlen (fingerprint) > 4 * 4); + keyid = &fingerprint[strlen (fingerprint) - 16]; rc = classify_user_id (keyid, &desc, 1); if (rc || desc.mode != KEYDB_SEARCH_MODE_LONG_KID) { log_error (_("'%s' is not a valid long keyID\n"), keyid); - return _tofu_GET_TRUST_ERROR; + goto out; } if (tdb_keyid_is_utk (desc.u.kid)) @@ -1653,7 +1699,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, policy = opt.tofu_default_policy; if (DBG_TRUST) log_debug ("TOFU: binding <%s, %s>'s policy is auto (default: %s).\n", - fingerprint, email, + fingerprint_pp, email, tofu_policy_str (opt.tofu_default_policy)); } switch (policy) @@ -1666,7 +1712,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, We don't need to ask the user anything. */ if (DBG_TRUST) log_debug ("TOFU: Known binding <%s, %s>'s policy: %s\n", - fingerprint, email, tofu_policy_str (policy)); + fingerprint_pp, email, tofu_policy_str (policy)); trust_level = tofu_policy_to_trust_level (policy); goto out; @@ -1745,7 +1791,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, if (DBG_TRUST) log_debug ("TOFU: New binding <%s, %s>, no conflict.\n", - email, fingerprint); + email, fingerprint_pp); if (record_binding (dbs, fingerprint, email, user_id, TOFU_POLICY_AUTO, 0) != 0) @@ -1814,7 +1860,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, if (! fp) log_fatal ("Error creating memory stream\n"); - binding = xasprintf ("<%s, %s>", fingerprint, email); + binding = xasprintf ("<%s, %s>", fingerprint_pp, email); binding_shown = 0; if (policy == TOFU_POLICY_NONE) @@ -1827,11 +1873,13 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, display this message. */ && conflict && strcmp (conflict, fingerprint) != 0) { + char *conflict_pp = fingerprint_format (conflict); es_fprintf (fp, _("The key %s raised a conflict with this binding (%s)." " Since this binding's policy was 'auto', it was" "changed to 'ask'. "), - conflict, binding); + conflict_pp, binding); + xfree (conflict_pp); binding_shown = 1; } es_fprintf (fp, @@ -1979,13 +2027,16 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, if (! key || strcmp (key, stats_iter->fingerprint) != 0) { int this_key; + char *key_pp; key = stats_iter->fingerprint; this_key = strcmp (key, fingerprint) == 0; + key_pp = fingerprint_format (key); if (this_key) - es_fprintf (fp, _(" %s (this key):"), key); + es_fprintf (fp, _(" %s (this key):"), key_pp); else es_fprintf (fp, _(" %s (policy: %s):"), - key, tofu_policy_str (stats_iter->policy)); + key_pp, tofu_policy_str (stats_iter->policy)); + xfree (key_pp); es_fprintf (fp, "\n"); } @@ -2128,6 +2179,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, xfree (conflict); free_strlist (bindings_with_this_email); + xfree (fingerprint_pp); return trust_level; } @@ -2138,6 +2190,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint, const char *sig_exclude) { struct db *db; + char *fingerprint_pp; int rc; strlist_t strlist = NULL; char *err = NULL; @@ -2146,6 +2199,8 @@ show_statistics (struct dbs *dbs, const char *fingerprint, if (! db) return; + fingerprint_pp = fingerprint_format (fingerprint); + rc = sqlite3_exec_printf (db->db, strings_collect_cb, &strlist, &err, "select count (*), strftime('%%s','now') - min (signatures.time)\n" @@ -2169,7 +2224,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint, if (! strlist) log_info (_("Have never verified a message signed by key %s!\n"), - fingerprint); + fingerprint_pp); else { char *tail = NULL; @@ -2206,8 +2261,8 @@ show_statistics (struct dbs *dbs, const char *fingerprint, } if (messages == -1 || first_seen_ago == 0) - log_info (_("Failed to collect signature statistics for \"%s\" (key %s)\n"), - user_id, fingerprint); + log_info (_("Failed to collect signature statistics for \"%s\" (key %s)\n"), + user_id, fingerprint_pp); else { enum tofu_policy policy = get_policy (dbs, fingerprint, email, NULL); @@ -2219,10 +2274,10 @@ show_statistics (struct dbs *dbs, const char *fingerprint, log_fatal ("error creating memory stream\n"); if (messages == 0) - es_fprintf (fp, - _("Verified 0 messages signed by \"%s\"" - " (key: %s, policy %s)."), - user_id, fingerprint, tofu_policy_str (policy)); + es_fprintf (fp, + _("Verified 0 messages signed by \"%s\"" + " (key: %s, policy %s)."), + user_id, fingerprint_pp, tofu_policy_str (policy)); else { int years = 0; @@ -2244,7 +2299,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint, _("Verified %ld messages signed by \"%s\"" " (key: %s, policy: %s) in the past "), messages, user_id, - fingerprint, tofu_policy_str (policy)); + fingerprint_pp, tofu_policy_str (policy)); /* It would be nice to use a macro to do this, but gettext works on the unpreprocessed code. */ @@ -2402,6 +2457,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint, out: free_strlist (strlist); + xfree (fingerprint_pp); return; } @@ -2422,42 +2478,6 @@ email_from_user_id (const char *user_id) return email; } -/* Pretty print a MAX_FINGERPRINT_LEN-byte binary fingerprint into a - malloc'd string. */ -static char * -fingerprint_pp (const byte *fingerprint_bin) -{ - char fingerprint[MAX_FINGERPRINT_LEN * 2 + 1]; - char *fingerprint_pretty; - int space = (/* The characters and the NUL. */ - sizeof (fingerprint) - /* After every fourth character, we add a space (except - the last). */ - + (sizeof (fingerprint) - 1) / 4 - 1 - /* Half way through we add a second space. */ - + 1); - int i; - int j; - - bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); - - fingerprint_pretty = xmalloc (space); - - for (i = 0, j = 0; i < MAX_FINGERPRINT_LEN * 2; i ++) - { - if (i && i % 4 == 0) - fingerprint_pretty[j ++] = ' '; - if (i == MAX_FINGERPRINT_LEN * 2 / 2) - fingerprint_pretty[j ++] = ' '; - - fingerprint_pretty[j ++] = fingerprint[i]; - } - fingerprint_pretty[j ++] = 0; - assert (j == space); - - return fingerprint_pretty; -} - /* Register the signature with the binding . FINGERPRINT must be MAX_FINGERPRINT_LEN bytes long. @@ -2485,6 +2505,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id, struct dbs *dbs; struct db *db; char *fingerprint = NULL; + char *fingerprint_pp = NULL; char *email = NULL; char *err = NULL; int rc; @@ -2502,7 +2523,8 @@ tofu_register (const byte *fingerprint_bin, const char *user_id, goto die; } - fingerprint = fingerprint_pp (fingerprint_bin); + fingerprint = fingerprint_str (fingerprint_bin); + fingerprint_pp = fingerprint_format (fingerprint); if (! *user_id) { @@ -2568,7 +2590,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id, log_debug ("SIGNATURES DB contains duplicate records" " ." " Please report.\n", - fingerprint, email, (unsigned long) sig_time, + fingerprint_pp, email, (unsigned long) sig_time, sig_digest, origin); else if (c == 1) { @@ -2576,7 +2598,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id, if (DBG_TRUST) log_debug ("Already observed the signature" " \n", - fingerprint, email, (unsigned long) sig_time, + fingerprint_pp, email, (unsigned long) sig_time, sig_digest, origin); } else @@ -2585,7 +2607,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id, { if (DBG_TRUST) log_debug ("TOFU: Saving signature <%s, %s, %s>\n", - fingerprint, email, sig_digest); + fingerprint_pp, email, sig_digest); assert (c == 0); @@ -2631,6 +2653,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id, already_verified ? NULL : sig_digest); xfree (email); + xfree (fingerprint_pp); xfree (fingerprint); if (dbs) closedbs (dbs); @@ -2715,7 +2738,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id, goto die; } - fingerprint = fingerprint_pp (fingerprint_bin); + fingerprint = fingerprint_str (fingerprint_bin); if (! *user_id) { @@ -2778,7 +2801,7 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy) fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); assert (fingerprint_bin_len == sizeof (fingerprint_bin)); - fingerprint = fingerprint_pp (fingerprint_bin); + fingerprint = fingerprint_str (fingerprint_bin); for (; kb; kb = kb->next) { @@ -2855,7 +2878,7 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id, fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); assert (fingerprint_bin_len == sizeof (fingerprint_bin)); - fingerprint = fingerprint_pp (fingerprint_bin); + fingerprint = fingerprint_str (fingerprint_bin); email = email_from_user_id (user_id->name); ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 494 +++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 281 insertions(+), 213 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 3 16:39:42 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Nov 2015 16:39:42 +0100 Subject: [git] gnupg-doc - branch, master, updated. fc36f42cec4477f023d167ef725d4a09defbb3d9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via fc36f42cec4477f023d167ef725d4a09defbb3d9 (commit) from d9b142369758e759470218433b742c8cad3660b5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fc36f42cec4477f023d167ef725d4a09defbb3d9 Author: Werner Koch Date: Tue Nov 3 15:51:32 2015 +0100 swdb: Released Libassuan 2.4.0 diff --git a/web/swdb.mac b/web/swdb.mac index 3c58454..6d25cab 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -103,9 +103,9 @@ # # LIBASSUAN # -#+macro: libassuan_ver 2.3.0 -#+macro: libassuan_size 531k -#+macro: libassuan_sha1 23f7ea010983b869f765c36d169dec51c8296cff +#+macro: libassuan_ver 2.4.0 +#+macro: libassuan_size 572k +#+macro: libassuan_sha1 8b00866b3b0386e996cc6bdcb902c727f0d190a5 # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 3 22:10:07 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 03 Nov 2015 22:10:07 +0100 Subject: [git] GPA - branch, master, updated. gpa-0.9.9-4-gea99f88 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Assistant". The branch, master has been updated via ea99f888c0f557fdce3870bb021ac7c3dd84a12d (commit) from 60ddc172ba09d7c0c57835e23ddb6074a695e258 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ea99f888c0f557fdce3870bb021ac7c3dd84a12d Author: Neal H. Walfield Date: Tue Nov 3 22:09:54 2015 +0100 Provide an option to choose an alternate name for files that exist * src/gpgmetools.c (check_overwriting): Change return type from a boolean to a char *. If the file exists, offer the user the option to select a different file. Return the file that is actually used. (gpa_fopen): Take an additional parameter, FILENAME_USED. Save the filename returned by check_overwriting there. Update users. (gpa_open_output): Likewise. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 758 diff --git a/src/gpafiledecryptop.c b/src/gpafiledecryptop.c index 362d15d..64aa719 100644 --- a/src/gpafiledecryptop.c +++ b/src/gpafiledecryptop.c @@ -1,6 +1,6 @@ /* gpafiledecryptop.c - The GpaOperation object. * Copyright (C) 2003 Miguel Coca. - * Copyright (C) 2008 g10 Code GmbH. + * Copyright (C) 2008, 2015 g10 Code GmbH. * * This file is part of GPA * @@ -307,6 +307,7 @@ gpa_file_decrypt_operation_start (GpaFileDecryptOperation *op, else { gchar *cipher_filename = file_item->filename_in; + char *filename_used; file_item->filename_out = destination_filename (cipher_filename); /* Open the files */ @@ -317,15 +318,20 @@ gpa_file_decrypt_operation_start (GpaFileDecryptOperation *op, return gpg_error (GPG_ERR_GENERAL); op->plain_fd = gpa_open_output (file_item->filename_out, &op->plain, - GPA_OPERATION (op)->window); + GPA_OPERATION (op)->window, + &filename_used); if (op->plain_fd == -1) { gpgme_data_release (op->cipher); close (op->cipher_fd); + xfree (filename_used); /* FIXME: Error value. */ return gpg_error (GPG_ERR_GENERAL); } + xfree (file_item->filename_out); + file_item->filename_out = filename_used; + gpgme_set_protocol (GPA_OPERATION (op)->context->ctx, is_cms_file (cipher_filename) ? GPGME_PROTOCOL_CMS : GPGME_PROTOCOL_OpenPGP); diff --git a/src/gpafileencryptop.c b/src/gpafileencryptop.c index 4731fda..4e22446 100644 --- a/src/gpafileencryptop.c +++ b/src/gpafileencryptop.c @@ -1,6 +1,6 @@ /* gpafiledecryptop.c - The GpaOperation object. * Copyright (C) 2003 Miguel Coca. - * Copyright (C) 2008 g10 Code GmbH. + * Copyright (C) 2008, 2015 g10 Code GmbH. * * This file is part of GPA * @@ -310,6 +310,7 @@ gpa_file_encrypt_operation_start (GpaFileEncryptOperation *op, else { gchar *plain_filename = file_item->filename_in; + char *filename_used; file_item->filename_out = destination_filename (plain_filename, gpgme_get_armor (GPA_OPERATION (op)->context->ctx)); @@ -321,15 +322,20 @@ gpa_file_encrypt_operation_start (GpaFileEncryptOperation *op, return gpg_error (GPG_ERR_GENERAL); op->cipher_fd = gpa_open_output (file_item->filename_out, &op->cipher, - GPA_OPERATION (op)->window); + GPA_OPERATION (op)->window, + &filename_used); if (op->cipher_fd == -1) { gpgme_data_release (op->plain); close (op->plain_fd); op->plain_fd = -1; + xfree (filename_used); /* FIXME: Error value. */ return gpg_error (GPG_ERR_GENERAL); } + + xfree (file_item->filename_out); + file_item->filename_out = filename_used; } /* Start the operation. */ diff --git a/src/gpafilesignop.c b/src/gpafilesignop.c index 5ecef78..b926d17 100644 --- a/src/gpafilesignop.c +++ b/src/gpafilesignop.c @@ -1,6 +1,6 @@ /* gpafiledecryptop.c - The GpaOperation object. * Copyright (C) 2003 Miguel Coca. - * Copyright (C) 2008 g10 Code GmbH. + * Copyright (C) 2008, 2015 g10 Code GmbH. * * This file is part of GPA * @@ -285,6 +285,7 @@ gpa_file_sign_operation_start (GpaFileSignOperation *op, else { gchar *plain_filename = file_item->filename_in; + char *filename_used; file_item->filename_out = destination_filename (plain_filename, gpgme_get_armor (GPA_OPERATION (op)->context->ctx), @@ -298,14 +299,19 @@ gpa_file_sign_operation_start (GpaFileSignOperation *op, return gpg_error (GPG_ERR_GENERAL); op->sig_fd = gpa_open_output (file_item->filename_out, &op->sig, - GPA_OPERATION (op)->window); + GPA_OPERATION (op)->window, + &filename_used); if (op->sig_fd == -1) { gpgme_data_release (op->plain); close (op->plain_fd); + xfree (filename_used); /* FIXME: Error value. */ return gpg_error (GPG_ERR_GENERAL); } + + xfree (file_item->filename_out); + file_item->filename_out = filename_used; } /* Start the operation */ diff --git a/src/gpgmetools.c b/src/gpgmetools.c index 83c4a69..cc45052 100644 --- a/src/gpgmetools.c +++ b/src/gpgmetools.c @@ -1,6 +1,6 @@ /* gpgmetools.h - Additional gpgme support functions for GPA. Copyright (C) 2002 Miguel Coca. - Copyright (C) 2005, 2008, 2009, 2012, 2014 g10 Code GmbH. + Copyright (C) 2005, 2008, 2009, 2012, 2014, 2015 g10 Code GmbH. This file is part of GPA @@ -160,28 +160,56 @@ dump_data_to_file (gpgme_data_t data, FILE *file) } -static gboolean +static char * check_overwriting (const char *filename, GtkWidget *parent) { - /* If the file exists, ask before overwriting. */ - if (g_file_test (filename, G_FILE_TEST_EXISTS)) - { - GtkWidget *msgbox = gtk_message_dialog_new - (GTK_WINDOW(parent), GTK_DIALOG_MODAL, - GTK_MESSAGE_WARNING, GTK_BUTTONS_NONE, - _("The file %s already exists.\n" - "Do you want to overwrite it?"), filename); - gtk_dialog_add_buttons (GTK_DIALOG (msgbox), - _("_Yes"), GTK_RESPONSE_YES, - _("_No"), GTK_RESPONSE_NO, NULL); - if (gtk_dialog_run (GTK_DIALOG (msgbox)) != GTK_RESPONSE_YES) - { - gtk_widget_destroy (msgbox); - return FALSE; - } - gtk_widget_destroy (msgbox); + GtkWidget *dialog; + int response; + GtkFileChooserAction action = GTK_FILE_CHOOSER_ACTION_SAVE; + char *filename_used = xstrdup (filename); + + while (1) + { + /* If the file exists, ask before overwriting. */ + if (! g_file_test (filename_used, G_FILE_TEST_EXISTS)) + return filename_used; + + dialog = gtk_message_dialog_new + (GTK_WINDOW (parent), GTK_DIALOG_MODAL, + GTK_MESSAGE_WARNING, GTK_BUTTONS_NONE, + _("The file %s already exists.\n" + "Do you want to overwrite it?"), filename_used); + gtk_dialog_add_buttons (GTK_DIALOG (dialog), + _("_Yes"), GTK_RESPONSE_YES, + _("_No"), GTK_RESPONSE_NO, + _("_Use a different filename"), 1, + NULL); + + response = gtk_dialog_run (GTK_DIALOG (dialog)); + gtk_widget_destroy (dialog); + if (response == GTK_RESPONSE_YES) + return filename_used; + if (response == GTK_RESPONSE_NO) + { + xfree (filename_used); + return NULL; + } + + /* Use a different filename. */ + dialog = gtk_file_chooser_dialog_new + ("Open File", GTK_WINDOW (parent), action, + _("_Cancel"), GTK_RESPONSE_CANCEL, + _("_Open"), GTK_RESPONSE_ACCEPT, + NULL); + response = gtk_dialog_run (GTK_DIALOG (dialog)); + if (response == GTK_RESPONSE_ACCEPT) + { + GtkFileChooser *chooser = GTK_FILE_CHOOSER (dialog); + filename_used = gtk_file_chooser_get_filename (chooser); + } + + gtk_widget_destroy (dialog); } - return TRUE; } /* Not really a gpgme function, but needed in most places @@ -190,20 +218,20 @@ check_overwriting (const char *filename, GtkWidget *parent) NULL on failure, but you can assume the user has been informed of the error (or maybe he just didn't want to overwrite!). */ FILE * -gpa_fopen (const char *filename, GtkWidget *parent) +gpa_fopen (const char *filename, GtkWidget *parent, char **filename_used) { FILE *target; - if (!check_overwriting (filename, parent)) + *filename_used = check_overwriting (filename, parent); + if (! *filename_used) return NULL; - target = g_fopen (filename, "w"); + target = g_fopen (*filename_used, "w"); if (!target) { gchar *message; - message = g_strdup_printf ("%s: %s", filename, strerror(errno)); + message = g_strdup_printf ("%s: %s", *filename_used, strerror(errno)); gpa_window_error (message, parent); g_free (message); - return NULL; } return target; } @@ -237,12 +265,17 @@ gpa_open_output_direct (const char *filename, gpgme_data_t *data, int -gpa_open_output (const char *filename, gpgme_data_t *data, GtkWidget *parent) +gpa_open_output (const char *filename, gpgme_data_t *data, GtkWidget *parent, + char **filename_used) { - if (! check_overwriting (filename, parent)) + int res; + + *filename_used = check_overwriting (filename, parent); + if (! *filename_used) return -1; - return gpa_open_output_direct (filename, data, parent); + res = gpa_open_output_direct (*filename_used, data, parent); + return res; } diff --git a/src/gpgmetools.h b/src/gpgmetools.h index 1320f88..1cfeb3a 100644 --- a/src/gpgmetools.h +++ b/src/gpgmetools.h @@ -1,6 +1,7 @@ /* gpgmetools.h - additional gpgme support functions for GPA. Copyright (C) 2002, Miguel Coca. Copyright (C) 2005, 2008 g10 Code GmbH. + Copyright (C) 2015 g10 Code GmbH. This file is part of GPA @@ -114,8 +115,13 @@ void dump_data_to_file (gpgme_data_t data, FILE *file); dump_data_to_file is used. Opens a file for writing, asking the user to overwrite if it exists and reporting any errors. Returns NULL on failure, but you can assume the user has been informed of - the error (or maybe he just didn't want to overwrite!). */ -FILE *gpa_fopen (const char *filename, GtkWidget *parent); + the error (or maybe he just didn't want to overwrite!). The + filename of the file that is actually open (if FILENAME already + exists, then the user can choose a different file) is saved in + *FILENAME_USED. It must be xfreed. This is set even if this + function returns NULL! */ +FILE *gpa_fopen (const char *filename, GtkWidget *parent, + char **filename_used); /* Do a gpgme_data_new_from_file and report any GPG_ERR_File_Error to the user. */ @@ -125,11 +131,15 @@ gpg_error_t gpa_gpgme_data_new_from_file (gpgme_data_t *data, /* Create a new gpgme_data_t from a file for writing, and return the file descriptor for the file. Always reports all errors to the - user. The _direct variant does not check for overwriting. */ + user. The _direct variant does not check for overwriting. The + filename of the file that is actually open (if FILENAME already + exists, then the user can choose a different file) is saved in + *FILENAME_USED. It must be xfreed. This is set even if this + function returns NULL! */ int gpa_open_output_direct (const char *filename, gpgme_data_t *data, GtkWidget *parent); int gpa_open_output (const char *filename, gpgme_data_t *data, - GtkWidget *parent); + GtkWidget *parent, char **filename_used); /* Create a new gpgme_data_t from a file for reading, and return the file descriptor for the file. Always reports all errors to the user. */ ----------------------------------------------------------------------- Summary of changes: src/gpafiledecryptop.c | 10 ++++-- src/gpafileencryptop.c | 10 ++++-- src/gpafilesignop.c | 10 ++++-- src/gpgmetools.c | 89 ++++++++++++++++++++++++++++++++++---------------- src/gpgmetools.h | 18 +++++++--- 5 files changed, 99 insertions(+), 38 deletions(-) hooks/post-receive -- The GNU Privacy Assistant http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 3 23:27:00 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 03 Nov 2015 23:27:00 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-99-g44ad9f2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 44ad9f29d43f40bbc1840454880f4af3df1c5295 (commit) via 62b8cd5495dcac9a0f8a3d88c7bd4cd80997fd3f (commit) from 621afac37e5555fd68054531e611ead444b62928 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 44ad9f29d43f40bbc1840454880f4af3df1c5295 Author: Werner Koch Date: Tue Nov 3 23:15:57 2015 +0100 gpg: Change out of core error message. * g10/tofu.c (fingerprint_str): Die with the error code returned by the failed function. (time_ago_str): Ditto. Do not make a comma translatable. (fingerprint_format): Use "%zu" for a size_t. -- Also wrapped some long strings. In general we should not use log_fatal or use xmalloc functions but properly return an error code and use xtrymalloc like functions. Signed-off-by: Werner Koch diff --git a/g10/tofu.c b/g10/tofu.c index 4dcaa11..f6d2d5e 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -173,7 +173,8 @@ fingerprint_str (const byte *fingerprint_bin) { char *fingerprint = bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, NULL); if (! fingerprint) - log_fatal ("Out of memory.\n"); + log_fatal ("bin2hex failed: %s\n", + gpg_strerror (gpg_error_from_syserror())); return fingerprint; } @@ -195,7 +196,7 @@ fingerprint_format (const byte *fingerprint) if (strlen (fingerprint) != 2 * MAX_FINGERPRINT_LEN) { - log_info (_("Fingerprint with unexpected length (%zd chars)\n"), + log_info (_("Fingerprint with unexpected length (%zu chars)\n"), strlen (fingerprint)); return xstrdup (fingerprint); } @@ -995,7 +996,8 @@ opendbs (void) if (have_tofu_db && have_tofu_d) { - log_info (_("Warning: Home directory contains both tofu.db and tofu.d. Using split format for TOFU DB.\n")); + log_info (_("Warning: Home directory contains both tofu.db" + " and tofu.d. Using split format for TOFU DB.\n")); opt.tofu_db_format = TOFU_DB_SPLIT; } else if (have_tofu_db) @@ -1682,8 +1684,8 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, if (record_binding (dbs, fingerprint, email, user_id, TOFU_POLICY_AUTO, 0) != 0) { - log_error (_("error setting TOFU binding's trust level to %s\n"), - "auto"); + log_error (_("error setting TOFU binding's trust level" + " to %s\n"), "auto"); trust_level = _tofu_GET_TRUST_ERROR; goto out; } @@ -2248,7 +2250,8 @@ time_ago_str (long long int t) fp = es_fopenmem (0, "rw,samethread"); if (! fp) - log_fatal ("error creating memory stream\n"); + log_fatal ("error creating memory stream: %s\n", + gpg_strerror (gpg_error_from_syserror())); if (years) { @@ -2263,7 +2266,7 @@ time_ago_str (long long int t) if ((first == -1 || i - first <= 3) && months) { if (count) - es_fprintf (fp, _(", ")); + es_fprintf (fp, ", "); if (months > 1) es_fprintf (fp, _("%d months"), months); @@ -2276,7 +2279,7 @@ time_ago_str (long long int t) if ((first == -1 || i - first <= 3) && count < 2 && days) { if (count) - es_fprintf (fp, _(", ")); + es_fprintf (fp, ", "); if (days > 1) es_fprintf (fp, _("%d days"), days); @@ -2289,7 +2292,7 @@ time_ago_str (long long int t) if ((first == -1 || i - first <= 3) && count < 2 && hours) { if (count) - es_fprintf (fp, _(", ")); + es_fprintf (fp, ", "); if (hours > 1) es_fprintf (fp, _("%d hours"), hours); @@ -2302,7 +2305,7 @@ time_ago_str (long long int t) if ((first == -1 || i - first <= 3) && count < 2 && minutes) { if (count) - es_fprintf (fp, _(", ")); + es_fprintf (fp, ", "); if (minutes > 1) es_fprintf (fp, _("%d minutes"), minutes); @@ -2315,7 +2318,7 @@ time_ago_str (long long int t) if ((first == -1 || i - first <= 3) && count < 2) { if (count) - es_fprintf (fp, _(", ")); + es_fprintf (fp, ", "); if (seconds > 1) es_fprintf (fp, _("%d seconds"), seconds); @@ -2423,7 +2426,8 @@ show_statistics (struct dbs *dbs, const char *fingerprint, } if (messages == -1 || first_seen_ago == 0) - log_info (_("Failed to collect signature statistics for \"%s\" (key %s)\n"), + log_info (_("Failed to collect signature statistics" + " for \"%s\" (key %s)\n"), user_id, fingerprint_pp); else { @@ -2475,9 +2479,11 @@ show_statistics (struct dbs *dbs, const char *fingerprint, const char *text; if (messages == 0) - log_info (_("Warning: we've have yet to see a message signed by this key!\n")); + log_info (_("Warning: we've have yet to see" + " a message signed by this key!\n")); else if (messages == 1) - log_info (_("Warning: we've only seen a single message signed by this key!\n")); + log_info (_("Warning: we've only seen a" + " single message signed by this key!\n")); set_policy_command = xasprintf ("gpg --tofu-policy bad \"%s\"", fingerprint); @@ -2515,10 +2521,12 @@ email_from_user_id (const char *user_id) { char *email = mailbox_from_userid (user_id); if (! email) - /* Hmm, no email address was provided. Just take the lower-case - version of the whole user id. It could be a hostname, for - instance. */ - email = ascii_strlwr (xstrdup (user_id)); + { + /* Hmm, no email address was provided or we are out of core. Just + take the lower-case version of the whole user id. It could be + a hostname, for instance. */ + email = ascii_strlwr (xstrdup (user_id)); + } return email; } @@ -2787,7 +2795,8 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id, if (! *user_id) { - log_debug ("user id is empty. Can't get TOFU validity for this binding.\n"); + log_debug ("user id is empty." + " Can't get TOFU validity for this binding.\n"); goto die; } commit 62b8cd5495dcac9a0f8a3d88c7bd4cd80997fd3f Author: Werner Koch Date: Tue Nov 3 20:44:14 2015 +0100 gpg: Make translation easier. * g10/import.c (import_secret_one): Split info string for easier translation. Signed-off-by: Werner Koch diff --git a/g10/import.c b/g10/import.c index 82ccfa7..0847a9a 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1771,7 +1771,7 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock, err = transfer_secret_keys (ctrl, stats, keyblock, batch); if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED) { - /* TRANSLATORS: For smarcard, each private key on + /* TRANSLATORS: For smartcard, each private key on host has a reference (stub) to a smartcard and actual private key data is stored on the card. A single smartcard can have up to three private key @@ -1781,8 +1781,8 @@ import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock, suggested to run 'gpg --card-status', then, references to a card will be automatically created again. */ - log_info (_("To migrate secring.gpg, with each smartcard, run:" - "gpg --card-status")); + log_info (_("To migrate '%s', with each smartcard, " + "run: %s\n"), "secring.gpg", "gpg --card-status"); err = 0; } if (!err) ----------------------------------------------------------------------- Summary of changes: g10/import.c | 6 +++--- g10/tofu.c | 47 ++++++++++++++++++++++++++++------------------- 2 files changed, 31 insertions(+), 22 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 4 02:54:20 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 04 Nov 2015 02:54:20 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-100-gc5a9fed Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via c5a9fedba66361ddd9f596528882750068543298 (commit) from 44ad9f29d43f40bbc1840454880f4af3df1c5295 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c5a9fedba66361ddd9f596528882750068543298 Author: NIIBE Yutaka Date: Wed Nov 4 10:48:59 2015 +0900 scd: fix change_keyattr. * scd/app-openpgp.c (change_keyattr_from_string): Fix parsing. diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index d43db5b..06ab327 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -2793,8 +2793,8 @@ change_keyattr_from_string (app_t app, /* Because this function deletes the key we require the string "--force" in the data to make clear that something serious might happen. */ - sscanf (string, " --force %d %d %n", &key, &algo, &n); - if (n < 13) + sscanf (string, "--force %d %d %n", &key, &algo, &n); + if (n < 12) { err = gpg_error (GPG_ERR_INV_DATA); goto leave; ----------------------------------------------------------------------- Summary of changes: scd/app-openpgp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 4 11:27:13 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 04 Nov 2015 11:27:13 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-85-g4052dfc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 4052dfcc96da23bf617be1e16f771dec4f086cf0 (commit) from b942f73f7961fd277cbafab9d2a5ed08038f00db (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4052dfcc96da23bf617be1e16f771dec4f086cf0 Author: Andre Heinecke Date: Wed Nov 4 11:24:54 2015 +0100 Fix recipient lookup * src/message.cpp (get_recipients): Actually fallback to the email property in case the smtp address property is not set. diff --git a/src/message.cpp b/src/message.cpp index 1d9fb4a..3adc7ed 100644 --- a/src/message.cpp +++ b/src/message.cpp @@ -1118,7 +1118,7 @@ get_recipients (LPMESSAGE message) LPMAPITABLE lpRecipientTable = NULL; LPSRowSet lpRecipientRows = NULL; unsigned int rowidx; - LPSPropValue row; + SPropValue_s val; char **rset; int rsetidx; @@ -1151,12 +1151,12 @@ get_recipients (LPMESSAGE message) for (int colidx = 0; colidx < lpRecipientRows->aRow[rowidx].cValues; colidx++) { - row = lpRecipientRows->aRow[rowidx].lpProps; + val = lpRecipientRows->aRow[rowidx].lpProps[colidx]; - switch (PROP_TYPE (row->ulPropTag)) + switch (PROP_TYPE (val.ulPropTag)) { case PT_UNICODE: - if ((rset[rsetidx] = wchar_to_utf8 (row->Value.lpszW))) + if ((rset[rsetidx] = wchar_to_utf8 (val.Value.lpszW))) { rsetidx++; found_one = true; @@ -1167,13 +1167,13 @@ get_recipients (LPMESSAGE message) break; case PT_STRING8: /* Assume ASCII. */ - rset[rsetidx++] = xstrdup (row->Value.lpszA); + rset[rsetidx++] = xstrdup (val.Value.lpszA); found_one = true; break; default: log_debug ("%s:%s: proptag=0x%08lx not supported\n", - SRCNAME, __func__, row->ulPropTag); + SRCNAME, __func__, val.ulPropTag); break; } if (found_one) ----------------------------------------------------------------------- Summary of changes: src/message.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 4 13:16:47 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 04 Nov 2015 13:16:47 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-101-g1e94a67 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1e94a672efb8bf66f416bc63bf6670e509a21fe5 (commit) from c5a9fedba66361ddd9f596528882750068543298 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1e94a672efb8bf66f416bc63bf6670e509a21fe5 Author: NIIBE Yutaka Date: Wed Nov 4 21:07:49 2015 +0900 scd: Fix error handling with libusb-compat library. * scd/ccid-driver.c (bulk_out): Use LIBUSB_ERRNO_NO_SUCH_DEVICE. -- With libusb-compat library, the error is different than original libusb. (The libusb-compat library is used by Fedora.) diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index 5a1a243..b64f24c 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1839,6 +1839,11 @@ writen (int fd, const void *buf, size_t nbytes) return 0; } +#if defined(ENXIO) && !defined(LIBUSB_PATH_MAX) && defined(__GNU_LIBRARY__) +#define LIBUSB_ERRNO_NO_SUCH_DEVICE ENXIO /* libusb-compat */ +#elif defined(ENODEV) +#define LIBUSB_ERRNO_NO_SUCH_DEVICE ENODEV /* Original libusb */ +#endif /* Write a MSG of length MSGLEN to the designated bulk out endpoint. Returns 0 on success. */ @@ -1913,26 +1918,26 @@ bulk_out (ccid_driver_t handle, unsigned char *msg, size_t msglen, 5000 /* ms timeout */); if (rc == msglen) return 0; -#ifdef ENODEV - if (rc == -(ENODEV)) +#ifdef LIBUSB_ERRNO_NO_SUCH_DEVICE + if (rc == -(LIBUSB_ERRNO_NO_SUCH_DEVICE)) { /* The Linux libusb returns a negative error value. Catch the most important one. */ - errno = ENODEV; + errno = LIBUSB_ERRNO_NO_SUCH_DEVICE; rc = -1; } -#endif /*ENODEV*/ +#endif /*LIBUSB_ERRNO_NO_SUCH_DEVICE*/ if (rc == -1) { DEBUGOUT_1 ("usb_bulk_write error: %s\n", strerror (errno)); -#ifdef ENODEV - if (errno == ENODEV) +#ifdef LIBUSB_ERRNO_NO_SUCH_DEVICE + if (errno == LIBUSB_ERRNO_NO_SUCH_DEVICE) { handle->enodev_seen = 1; return CCID_DRIVER_ERR_NO_READER; } -#endif /*ENODEV*/ +#endif /*LIBUSB_ERRNO_NO_SUCH_DEVICE*/ } else DEBUGOUT_1 ("usb_bulk_write failed: %d\n", rc); ----------------------------------------------------------------------- Summary of changes: scd/ccid-driver.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 4 13:19:57 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 04 Nov 2015 13:19:57 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-103-gde9b234 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via de9b2340153d70b083494d1a277a384dcf43bff0 (commit) via e16d7168c54e5f7bc2f0037806ee4f730930eaf0 (commit) from 1e94a672efb8bf66f416bc63bf6670e509a21fe5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit de9b2340153d70b083494d1a277a384dcf43bff0 Author: Neal H. Walfield Date: Tue Nov 3 23:39:46 2015 +0100 gpg: Add --encrypt-to-default-key. * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and export the function. * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey. (opts): Handle oEncryptToDefaultKey. (main): Likewise. * g10/options.h (opt): Add field encrypt_to_default_key. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 807 diff --git a/doc/gpg.texi b/doc/gpg.texi index efbeef2..246b441 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1916,6 +1916,11 @@ recipients given either by use of @option{--recipient} or by the asked user id. No trust checking is performed for these user ids and even disabled keys can be used. + at item --encrypt-to-default-key + at opindex encrypt-to-default-key +If the default secret key is taken from @option{--default-key}, then +also encrypt to that key. + @item --no-encrypt-to @opindex no-encrypt-to Disable the use of all @option{--encrypt-to} and diff --git a/g10/getkey.c b/g10/getkey.c index d3ce7d2..b4086a2 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1121,7 +1121,7 @@ get_pubkey_byfprint_fast (PKT_public_key * pk, return 0; } -static const char * +const char * parse_def_secret_key (ctrl_t ctrl) { KEYDB_HANDLE hd = NULL; diff --git a/g10/gpg.c b/g10/gpg.c index e61f90d..7338ac9 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -303,6 +303,7 @@ enum cmd_and_opt_values oEncryptTo, oHiddenEncryptTo, oNoEncryptTo, + oEncryptToDefaultKey, oLoggerFD, oLoggerFile, oUtf8Strings, @@ -500,6 +501,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oEncryptTo, "encrypt-to", "@"), ARGPARSE_s_n (oNoEncryptTo, "no-encrypt-to", "@"), ARGPARSE_s_s (oHiddenEncryptTo, "hidden-encrypt-to", "@"), + ARGPARSE_s_n (oEncryptToDefaultKey, "encrypt-to-default-key", "@"), ARGPARSE_s_s (oLocalUser, "local-user", N_("|USER-ID|use USER-ID to sign or decrypt")), @@ -2776,6 +2778,9 @@ main (int argc, char **argv) sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); sl->flags = 1|2; break; + case oEncryptToDefaultKey: + opt.encrypt_to_default_key = 1; + break; case oRecipient: /* store the recipient */ add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); any_explicit_recipient = 1; @@ -3727,6 +3732,20 @@ main (int argc, char **argv) break; } + if (opt.encrypt_to_default_key) + { + const char *default_key = parse_def_secret_key (ctrl); + if (default_key) + { + sl = add_to_strlist2 (&remusr, default_key, utf8_strings); + sl->flags = 1; + } + else if (opt.def_secret_key) + log_info (_("--encrypt-to-default-key specified, but no valid default keys specified.\n")); + else + log_info (_("--encrypt-to-default-key specified, but --default-key not specified.\n")); + } + /* The command dispatcher. */ switch( cmd ) { diff --git a/g10/keydb.h b/g10/keydb.h index 7d14fb8..76136c1 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -582,6 +582,10 @@ int get_pubkey_byfprint_fast (PKT_public_key *pk, with the specified key id. */ int have_secret_key_with_kid (u32 *keyid); +/* Parse the --default-key parameter. Returns the last key (in terms + of when the option is given) that is available. */ +const char *parse_def_secret_key (ctrl_t ctrl); + /* Look up a secret key. If PK is not NULL, the public key of the first result is returned diff --git a/g10/options.h b/g10/options.h index 7485985..bc92dd7 100644 --- a/g10/options.h +++ b/g10/options.h @@ -175,6 +175,7 @@ struct int no_mdc_warn; char *temp_dir; int no_encrypt_to; + int encrypt_to_default_key; int interactive; struct notation *sig_notations; struct notation *cert_notations; commit e16d7168c54e5f7bc2f0037806ee4f730930eaf0 Author: Neal H. Walfield Date: Tue Nov 3 23:15:27 2015 +0100 gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield GnuPG-bug-id: 806 diff --git a/doc/gpg.texi b/doc/gpg.texi index 6e62917..efbeef2 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -993,6 +993,10 @@ in the option file. Use @var{name} as the default key to sign with. If this option is not used, the default key is the first key found in the secret keyring. Note that @option{-u} or @option{--local-user} overrides this option. +This option may be given multiple times. In this case, the last key +for which a secret key is available is used. If there is no secret +key available for any of the specified values, GnuPG will not emit an +error message but continue as if this option wasn't given. @item --default-recipient @var{name} @opindex default-recipient diff --git a/g10/getkey.c b/g10/getkey.c index a5f5689..d3ce7d2 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1121,17 +1121,93 @@ get_pubkey_byfprint_fast (PKT_public_key * pk, return 0; } +static const char * +parse_def_secret_key (ctrl_t ctrl) +{ + KEYDB_HANDLE hd = NULL; + strlist_t t; + static int warned; + + for (t = opt.def_secret_key; t; t = t->next) + { + gpg_error_t err; + KEYDB_SEARCH_DESC desc; + KBNODE kb; + + err = classify_user_id (t->d, &desc, 1); + if (err) + { + log_error (_("Invalid value ('%s') for --default-key.\n"), + t->d); + continue; + } + + if (! (desc.mode == KEYDB_SEARCH_MODE_LONG_KID + || desc.mode == KEYDB_SEARCH_MODE_FPR16 + || desc.mode == KEYDB_SEARCH_MODE_FPR20 + || desc.mode == KEYDB_SEARCH_MODE_FPR) + && ! warned) + log_info (_("Warning: value '%s' for --default-key" + " should be a long keyid or a fingerprint.\n"), + t->d); + + if (! hd) + hd = keydb_new (); + else + keydb_search_reset (hd); + + err = keydb_search (hd, &desc, 1, NULL); + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + continue; + + if (err) + { + log_error (_("Error reading from keyring: %s.\n"), + gpg_strerror (err)); + t = NULL; + break; + } + + err = keydb_get_keyblock (hd, &kb); + if (err) + { + log_error (_("error reading keyblock: %s\n"), + gpg_strerror (err)); + continue; + } + + err = agent_probe_secret_key (ctrl, kb->pkt->pkt.public_key); + release_kbnode (kb); + if (! err) + { + if (! warned) + log_debug (_("Using %s as default secret key.\n"), t->d); + break; + } + } + + warned = 1; + + if (hd) + keydb_release (hd); + + if (t) + return t->d; + return NULL; +} /* For documentation see keydb.h. */ gpg_error_t -get_seckey_default (PKT_public_key *pk) +get_seckey_default (ctrl_t ctrl, PKT_public_key *pk) { gpg_error_t err; strlist_t namelist = NULL; int include_unusable = 1; - if (opt.def_secret_key && *opt.def_secret_key) - add_to_strlist (&namelist, opt.def_secret_key); + + const char *def_secret_key = parse_def_secret_key (ctrl); + if (def_secret_key) + add_to_strlist (&namelist, def_secret_key); else include_unusable = 0; @@ -1154,15 +1230,19 @@ getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk, /* For documentation see keydb.h. */ gpg_error_t -getkey_byname (getkey_ctx_t *retctx, PKT_public_key *pk, +getkey_byname (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk, const char *name, int want_secret, kbnode_t *ret_keyblock) { gpg_error_t err; strlist_t namelist = NULL; int with_unusable = 1; + const char *def_secret_key = NULL; + + if (want_secret && !name) + def_secret_key = parse_def_secret_key (ctrl); - if (want_secret && !name && opt.def_secret_key && *opt.def_secret_key) - add_to_strlist (&namelist, opt.def_secret_key); + if (want_secret && !name && def_secret_key) + add_to_strlist (&namelist, def_secret_key); else if (name) add_to_strlist (&namelist, name); else @@ -2737,7 +2817,7 @@ found: /* For documentation see keydb.h. */ gpg_error_t -enum_secret_keys (void **context, PKT_public_key *sk) +enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *sk) { gpg_error_t err = 0; const char *name; @@ -2783,8 +2863,7 @@ enum_secret_keys (void **context, PKT_public_key *sk) switch (c->state) { case 0: /* First try to use the --default-key. */ - if (opt.def_secret_key && *opt.def_secret_key) - name = opt.def_secret_key; + name = parse_def_secret_key (ctrl); c->state = 1; break; @@ -2810,7 +2889,7 @@ enum_secret_keys (void **context, PKT_public_key *sk) } while (!name || !*name); - err = getkey_byname (NULL, NULL, name, 1, &c->keyblock); + err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock); if (err) { /* getkey_byname might return a keyblock even in the diff --git a/g10/gpg.c b/g10/gpg.c index 0f1c74a..e61f90d 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2577,7 +2577,9 @@ main (int argc, char **argv) case oTrustDBName: trustdb_name = pargs.r.ret_str; break; #endif /*!NO_TRUST_MODELS*/ - case oDefaultKey: opt.def_secret_key = pargs.r.ret_str; break; + case oDefaultKey: + add_to_strlist (&opt.def_secret_key, pargs.r.ret_str); + break; case oDefRecipient: if( *pargs.r.ret_str ) { @@ -3865,7 +3867,7 @@ main (int argc, char **argv) case aSignSym: /* sign and conventionally encrypt the given file */ if (argc > 1) wrong_args(_("--sign --symmetric [filename]")); - rc = sign_symencrypt_file (fname, locusr); + rc = sign_symencrypt_file (ctrl, fname, locusr); if (rc) { write_status_failure ("sign-symencrypt", rc); @@ -3877,7 +3879,7 @@ main (int argc, char **argv) case aClearsign: /* make a clearsig */ if( argc > 1 ) wrong_args(_("--clearsign [filename]")); - if( (rc = clearsign_file(fname, locusr, NULL)) ) + if( (rc = clearsign_file (ctrl, fname, locusr, NULL)) ) { write_status_failure ("sign", rc); log_error("%s: clearsign failed: %s\n", diff --git a/g10/gpgv.c b/g10/gpgv.c index 9a6dbd6..138f035 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -386,8 +386,9 @@ keyserver_import_ldap (const char *name) * No encryption here but mainproc links to these functions. */ gpg_error_t -get_session_key (PKT_pubkey_enc *k, DEK *dek) +get_session_key (ctrl_t ctrl, PKT_pubkey_enc *k, DEK *dek) { + (void)ctrl; (void)k; (void)dek; return GPG_ERR_GENERAL; diff --git a/g10/keydb.h b/g10/keydb.h index 680af1c..7d14fb8 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -364,8 +364,8 @@ void warn_missing_aes_from_pklist (PK_LIST pk_list); /*-- skclist.c --*/ int random_is_faked (void); void release_sk_list( SK_LIST sk_list ); -gpg_error_t build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, - unsigned use); +gpg_error_t build_sk_list (ctrl_t ctrl, strlist_t locusr, + SK_LIST *ret_sk_list, unsigned use); /*-- passphrase.h --*/ unsigned char encode_s2k_iterations (int iterations); @@ -605,7 +605,7 @@ int have_secret_key_with_kid (u32 *keyid); This function returns the first match. Additional results can be returned using getkey_next. */ -gpg_error_t get_seckey_default (PKT_public_key *pk); +gpg_error_t get_seckey_default (ctrl_t ctrl, PKT_public_key *pk); /* Search for keys matching some criteria. @@ -686,7 +686,8 @@ gpg_error_t getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk, FIXME: We also have the get_pubkey_byname function which has a different semantic. Should be merged with this one. */ -gpg_error_t getkey_byname (getkey_ctx_t *retctx, PKT_public_key *pk, +gpg_error_t getkey_byname (ctrl_t ctrl, + getkey_ctx_t *retctx, PKT_public_key *pk, const char *name, int want_secret, kbnode_t *ret_keyblock); @@ -748,7 +749,7 @@ KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx); if (gpg_err_code (err) != GPG_ERR_EOF) ; // An error occured. */ -gpg_error_t enum_secret_keys (void **context, PKT_public_key *pk); +gpg_error_t enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *pk); /* Set the mainkey_id fields for all keys in KEYBLOCK. This is usually done by merge_selfsigs but at some places we only need the diff --git a/g10/keyedit.c b/g10/keyedit.c index fba7d35..afa6f85 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -565,7 +565,7 @@ sign_uids (ctrl_t ctrl, estream_t fp, * why to sign keys using a subkey. Implementation of USAGE_CERT * is just a hack in getkey.c and does not mean that a subkey * marked as certification capable will be used. */ - rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_CERT); + rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_CERT); if (rc) goto leave; @@ -2319,7 +2319,7 @@ keyedit_passwd (ctrl_t ctrl, const char *username) err = gpg_error_from_syserror (); goto leave; } - err = getkey_byname (NULL, pk, username, 1, &keyblock); + err = getkey_byname (ctrl, NULL, pk, username, 1, &keyblock); if (err) goto leave; diff --git a/g10/main.h b/g10/main.h index cb79a71..cdf6031 100644 --- a/g10/main.h +++ b/g10/main.h @@ -236,8 +236,9 @@ int complete_sig (PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md, const char *cache_nonce); int sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, int do_encrypt, strlist_t remusr, const char *outfile ); -int clearsign_file( const char *fname, strlist_t locusr, const char *outfile ); -int sign_symencrypt_file (const char *fname, strlist_t locusr); +int clearsign_file (ctrl_t ctrl, + const char *fname, strlist_t locusr, const char *outfile); +int sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr); /*-- sig-check.c --*/ diff --git a/g10/mainproc.c b/g10/mainproc.c index b8e0ea6..f4e5f45 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -106,7 +106,7 @@ struct mainproc_context /*** Local prototypes. ***/ -static int do_proc_packets (CTX c, iobuf_t a); +static int do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a); static void list_node (CTX c, kbnode_t node); static void proc_tree (CTX c, kbnode_t node); static int literals_seen; @@ -366,7 +366,7 @@ proc_symkey_enc (CTX c, PACKET *pkt) static void -proc_pubkey_enc (CTX c, PACKET *pkt) +proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt) { PKT_pubkey_enc *enc; int result = 0; @@ -428,7 +428,7 @@ proc_pubkey_enc (CTX c, PACKET *pkt) else { c->dek = xmalloc_secure_clear (sizeof *c->dek); - if ((result = get_session_key (enc, c->dek))) + if ((result = get_session_key (ctrl, enc, c->dek))) { /* Error: Delete the DEK. */ xfree (c->dek); @@ -1195,7 +1195,7 @@ proc_packets (ctrl_t ctrl, void *anchor, iobuf_t a ) c->ctrl = ctrl; c->anchor = anchor; - rc = do_proc_packets (c, a); + rc = do_proc_packets (ctrl, c, a); xfree (c); return rc; @@ -1218,7 +1218,7 @@ proc_signature_packets (ctrl_t ctrl, void *anchor, iobuf_t a, c->signed_data.used = !!signedfiles; c->sigfilename = sigfilename; - rc = do_proc_packets ( c, a ); + rc = do_proc_packets (ctrl, c, a); /* If we have not encountered any signature we print an error messages, send a NODATA status back and return an error code. @@ -1261,7 +1261,7 @@ proc_signature_packets_by_fd (ctrl_t ctrl, c->signed_data.data_names = NULL; c->signed_data.used = (signed_data_fd != -1); - rc = do_proc_packets ( c, a ); + rc = do_proc_packets (ctrl, c, a); /* If we have not encountered any signature we print an error messages, send a NODATA status back and return an error code. @@ -1294,7 +1294,7 @@ proc_encryption_packets (ctrl_t ctrl, void *anchor, iobuf_t a ) c->ctrl = ctrl; c->anchor = anchor; c->encrypt_only = 1; - rc = do_proc_packets (c, a); + rc = do_proc_packets (ctrl, c, a); xfree (c); return rc; } @@ -1320,7 +1320,7 @@ check_nesting (CTX c) static int -do_proc_packets (CTX c, iobuf_t a) +do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a) { PACKET *pkt; int rc = 0; @@ -1352,7 +1352,7 @@ do_proc_packets (CTX c, iobuf_t a) { switch (pkt->pkttype) { - case PKT_PUBKEY_ENC: proc_pubkey_enc (c, pkt); break; + case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break; case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break; case PKT_ENCRYPTED: case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break; @@ -1396,7 +1396,7 @@ do_proc_packets (CTX c, iobuf_t a) case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break; case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break; - case PKT_PUBKEY_ENC: proc_pubkey_enc (c, pkt); break; + case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break; case PKT_ENCRYPTED: case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break; case PKT_PLAINTEXT: proc_plaintext (c, pkt); break; @@ -1422,7 +1422,7 @@ do_proc_packets (CTX c, iobuf_t a) break; case PKT_USER_ID: newpkt = add_user_id (c, pkt); break; case PKT_SIGNATURE: newpkt = add_signature (c, pkt); break; - case PKT_PUBKEY_ENC: proc_pubkey_enc (c, pkt); break; + case PKT_PUBKEY_ENC: proc_pubkey_enc (ctrl, c, pkt); break; case PKT_SYMKEY_ENC: proc_symkey_enc (c, pkt); break; case PKT_ENCRYPTED: case PKT_ENCRYPTED_MDC: proc_encrypted (c, pkt); break; diff --git a/g10/options.h b/g10/options.h index 4c7a5db..7485985 100644 --- a/g10/options.h +++ b/g10/options.h @@ -1,6 +1,7 @@ /* options.h * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, * 2007, 2010, 2011 Free Software Foundation, Inc. + * Copyright (C) 2015 g10 Code GmbH * * This file is part of GnuPG. * @@ -87,7 +88,7 @@ struct int compress_level; int bz2_compress_level; int bz2_decompress_lowmem; - const char *def_secret_key; + strlist_t def_secret_key; char *def_recipient; int def_recipient_self; strlist_t secret_keys_to_try; diff --git a/g10/packet.h b/g10/packet.h index 2fb5d7d..21c80f3 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -652,7 +652,7 @@ int check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, /*-- pubkey-enc.c --*/ -gpg_error_t get_session_key (PKT_pubkey_enc *k, DEK *dek); +gpg_error_t get_session_key (ctrl_t ctrl, PKT_pubkey_enc *k, DEK *dek); gpg_error_t get_override_session_key (DEK *dek, const char *string); /*-- compress.c --*/ diff --git a/g10/pkclist.c b/g10/pkclist.c index 06ba86e..d810f91 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -702,7 +702,7 @@ key_present_in_pk_list(PK_LIST pk_list, PKT_public_key *pk) * Return a malloced string with a default recipient if there is any */ static char * -default_recipient(void) +default_recipient(ctrl_t ctrl) { PKT_public_key *pk; byte fpr[MAX_FINGERPRINT_LEN+1]; @@ -715,7 +715,7 @@ default_recipient(void) if( !opt.def_recipient_self ) return NULL; pk = xmalloc_clear( sizeof *pk ); - i = get_seckey_default (pk); + i = get_seckey_default (ctrl, pk); if( i ) { free_public_key( pk ); return NULL; @@ -1010,7 +1010,7 @@ build_pk_list (ctrl_t ctrl, if (pk_list) any_recipients = 1; - def_rec = default_recipient(); + def_rec = default_recipient(ctrl); have_def_rec = !!def_rec; if ( !have_def_rec ) tty_printf(_("You did not specify a user ID. (you may use \"-r\")\n")); @@ -1153,7 +1153,7 @@ build_pk_list (ctrl_t ctrl, pk = NULL; } } - else if ( !any_recipients && (def_rec = default_recipient()) ) + else if ( !any_recipients && (def_rec = default_recipient(ctrl)) ) { /* We are in batch mode and have only a default recipient. */ pk = xmalloc_clear( sizeof *pk ); diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index fd7f812..23a4473 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -72,7 +72,7 @@ is_algo_in_prefs (kbnode_t keyblock, preftype_t type, int algo) * which should have been allocated in secure memory by the caller. */ gpg_error_t -get_session_key (PKT_pubkey_enc * k, DEK * dek) +get_session_key (ctrl_t ctrl, PKT_pubkey_enc * k, DEK * dek) { PKT_public_key *sk = NULL; int rc; @@ -102,7 +102,7 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek) { free_public_key (sk); sk = xmalloc_clear (sizeof *sk); - rc = enum_secret_keys (&enum_context, sk); + rc = enum_secret_keys (ctrl, &enum_context, sk); if (rc) { rc = GPG_ERR_NO_SECKEY; @@ -127,7 +127,7 @@ get_session_key (PKT_pubkey_enc * k, DEK * dek) else if (gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) break; /* Don't try any more secret keys. */ } - enum_secret_keys (&enum_context, NULL); /* free context */ + enum_secret_keys (ctrl, &enum_context, NULL); /* free context */ } leave: diff --git a/g10/revoke.c b/g10/revoke.c index b341cce..7ff50be 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -248,7 +248,7 @@ gen_desig_revoke (ctrl_t ctrl, const char *uname, strlist_t locusr) if(locusr) { - rc=build_sk_list(locusr, &sk_list, PUBKEY_USAGE_CERT); + rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_CERT); if(rc) goto leave; } diff --git a/g10/sign.c b/g10/sign.c index fadf4cc..baa0068 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -769,7 +769,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, /* Note: In the old non-agent version the following call used to unprotect the secret key. This is now done on demand by the agent. */ - if( (rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG )) ) + if( (rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG )) ) goto leave; if (encryptflag @@ -1057,7 +1057,8 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr, * make a clear signature. note that opt.armor is not needed */ int -clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) +clearsign_file (ctrl_t ctrl, + const char *fname, strlist_t locusr, const char *outfile ) { armor_filter_context_t *afx; progress_filter_context_t *pfx; @@ -1080,7 +1081,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) /* Note: In the old non-agent version the following call used to unprotect the secret key. This is now done on demand by the agent. */ - if( (rc=build_sk_list( locusr, &sk_list, PUBKEY_USAGE_SIG )) ) + if( (rc=build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG )) ) goto leave; /* prepare iobufs */ @@ -1191,7 +1192,7 @@ clearsign_file( const char *fname, strlist_t locusr, const char *outfile ) * FIXME: Far too much code is duplicated - revamp the whole file. */ int -sign_symencrypt_file (const char *fname, strlist_t locusr) +sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr) { armor_filter_context_t *afx; progress_filter_context_t *pfx; @@ -1224,7 +1225,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) /* Note: In the old non-agent version the following call used to unprotect the secret key. This is now done on demand by the agent. */ - rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_SIG); + rc = build_sk_list (ctrl, locusr, &sk_list, PUBKEY_USAGE_SIG); if (rc) goto leave; diff --git a/g10/skclist.c b/g10/skclist.c index 53d6f77..3d137b2 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -114,7 +114,8 @@ is_duplicated_entry (strlist_t list, strlist_t item) gpg_error_t -build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use) +build_sk_list (ctrl_t ctrl, + strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use) { gpg_error_t err; SK_LIST sk_list = NULL; @@ -125,7 +126,7 @@ build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use) pk = xmalloc_clear (sizeof *pk); pk->req_usage = use; - if ((err = getkey_byname (NULL, pk, NULL, 1, NULL))) + if ((err = getkey_byname (ctrl, NULL, pk, NULL, 1, NULL))) { free_public_key (pk); pk = NULL; @@ -182,7 +183,7 @@ build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list, unsigned int use) } pk = xmalloc_clear (sizeof *pk); pk->req_usage = use; - if ((err = getkey_byname (NULL, pk, locusr->d, 1, NULL))) + if ((err = getkey_byname (ctrl, NULL, pk, locusr->d, 1, NULL))) { free_public_key (pk); pk = NULL; diff --git a/g10/test-stubs.c b/g10/test-stubs.c index dfe6edb..0aa89b2 100644 --- a/g10/test-stubs.c +++ b/g10/test-stubs.c @@ -198,8 +198,9 @@ keyserver_import_ldap (const char *name) * No encryption here but mainproc links to these functions. */ gpg_error_t -get_session_key (PKT_pubkey_enc *k, DEK *dek) +get_session_key (ctrl_t ctrl, PKT_pubkey_enc *k, DEK *dek) { + (void)ctrl; (void)k; (void)dek; return GPG_ERR_GENERAL; ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 9 ++++++ g10/getkey.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++------ g10/gpg.c | 27 ++++++++++++++-- g10/gpgv.c | 3 +- g10/keydb.h | 15 ++++++--- g10/keyedit.c | 4 +-- g10/main.h | 5 +-- g10/mainproc.c | 22 ++++++------- g10/options.h | 4 ++- g10/packet.h | 2 +- g10/pkclist.c | 8 ++--- g10/pubkey-enc.c | 6 ++-- g10/revoke.c | 2 +- g10/sign.c | 11 ++++--- g10/skclist.c | 7 ++-- g10/test-stubs.c | 3 +- 16 files changed, 174 insertions(+), 53 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 4 13:27:55 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 04 Nov 2015 13:27:55 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-104-g6897bbf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6897bbf1aa9bf0a61b186ea1a9bcb463fb1fd10e (commit) from de9b2340153d70b083494d1a277a384dcf43bff0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6897bbf1aa9bf0a61b186ea1a9bcb463fb1fd10e Author: Neal H. Walfield Date: Wed Nov 4 13:27:49 2015 +0100 gpg: Print a better error message for --multifile --sign --encrypt. * g10/gpg.c (main): Print a better error message for --multifile --sign --encrypt. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1009 diff --git a/g10/gpg.c b/g10/gpg.c index 7338ac9..cdf7b0d 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -3503,6 +3503,9 @@ main (int argc, char **argv) case aSign: cmdname="--sign"; break; + case aSignEncr: + cmdname="--sign --encrypt"; + break; case aClearsign: cmdname="--clearsign"; break; ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 4 16:52:38 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 04 Nov 2015 16:52:38 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-92-g6533170 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 6533170a34d9e6f7191e41b31045ad0b4b4af1df (commit) via 6bc833c018004608df1a76cb10bf826fb545eea2 (commit) via 2a24cdbfbc75128b87097f792c854c17cb9084e2 (commit) via 0c460a499d0ce486295ebd9d2c3de5a99105c627 (commit) via c41e2e4e1ed7baa57d4047613d543f25349f9895 (commit) via af0e348eb32a33f7a9e58d0cb9cc32b0fb000570 (commit) via 0fb822b13c907e0589c2b8278937af5a44d3a67f (commit) from 4052dfcc96da23bf617be1e16f771dec4f086cf0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6533170a34d9e6f7191e41b31045ad0b4b4af1df Author: Andre Heinecke Date: Wed Nov 4 16:50:22 2015 +0100 Use libmapi32 from mingw * Makefile.am: Remove our own libmapi32 creation * mapi32.def: Removed. -- The libmapi32 that comes with debian stable (jessie) has all the symbols we need. And this solves a linker problem when building for x64. diff --git a/src/Makefile.am b/src/Makefile.am index e5cb2c4..2f9a6c6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -16,7 +16,7 @@ unused_sources = item-events.cpp bin_PROGRAMS = gpgol #treeview EXTRA_DIST = \ - versioninfo.rc.in mapi32.def $(unused_sources) Outlook.gpl \ + versioninfo.rc.in $(unused_sources) Outlook.gpl \ encrypt-16.bmp encrypt-16m.bmp \ sign-16.bmp sign-16m.bmp \ key-manager-16.bmp key-manager-16m.bmp \ @@ -86,16 +86,11 @@ gpgol_SOURCES = \ #treeview_SOURCES = treeview.c -# W32API 3.2 comes with an unusable libmapi32.a. We build our own -# version. Note the omission of -k (--kill-at) from the DLLTOOL -# command line. We also create our own virtual copies to the _static_ +# We create our own virtual copies to the _static_ # versions of GPGME and gpg-error, because we want to link to them # statically, and not dynamically (otherwise Outlook would not find # them). -gpgol_DEPENDENCIES = libmapi32.a libgpg-error.a libgpgme.a libassuan.a - -libmapi32.a: mapi32.def - $(DLLTOOL) --output-lib $@ --def $< +gpgol_DEPENDENCIES = libgpg-error.a libgpgme.a libassuan.a libgpg-error.a: ln -s $$($(GPG_ERROR_CONFIG) --prefix)/lib/libgpg-error.a . diff --git a/src/mapi32.def b/src/mapi32.def deleted file mode 100644 index 2e4fe42..0000000 --- a/src/mapi32.def +++ /dev/null @@ -1,164 +0,0 @@ -LIBRARY MAPI32.DLL -EXPORTS -BuildDisplayTable at 40 -CbOfEncoded at 4 -CchOfEncoding at 4 -ChangeIdleRoutine at 28 -CloseIMsgSession at 4 -CreateIProp at 24 -CreateTable at 36 -DeinitMapiUtil at 0 -DeregisterIdleRoutine at 4 -EnableIdleRoutine at 8 -EncodeID at 12 -FBadColumnSet at 4 -FBadEntryList at 4 -FBadProp at 4 -FBadPropTag at 4 -FBadRestriction at 4 -FBadRglpNameID at 8 -FBadRglpszA at 8 -FBadRglpszW at 8 -FBadRow at 4 -FBadRowSet at 4 -FBadSortOrderSet at 4 -FBinFromHex at 8 -FDecodeID at 12 -FEqualNames at 8 -FPropCompareProp at 12 -FPropContainsProp at 12 -FPropExists at 8 -FreePadrlist at 4 -FreeProws at 4 -FtAdcFt at 20 -FtAddFt at 16 -FtDivFtBogus at 20 -FtMulDw at 12 -FtMulDwDw at 8 -FtNegFt at 8 -FtSubFt at 16 -FtgRegisterIdleRoutine at 20 -GetAttribIMsgOnIStg at 12 -GetTnefStreamCodepage -GetTnefStreamCodepage at 12 -HexFromBin at 12 -HrAddColumns at 16 -HrAddColumnsEx at 20 -HrAllocAdviseSink at 12 -HrComposeEID at 28 -HrComposeMsgID at 24 -HrDecomposeEID at 28 -HrDecomposeMsgID at 24 -HrDispatchNotifications at 4 -HrEntryIDFromSz at 12 -HrGetOneProp at 12 -HrIStorageFromStream at 16 -HrQueryAllRows at 24 -HrSetOneProp at 8 -HrSzFromEntryID at 12 -HrThisThreadAdviseSink at 8 -HrValidateIPMSubtree at 20 -HrValidateParameters at 8 -InstallFilterHook at 4 -IsBadBoundedStringPtr at 8 -LAUNCHWIZARD -LPropCompareProp at 8 -LaunchWizard at 20 -LpValFindProp at 12 -MAPI_NSCP_SynchronizeClient at 8 -MAPIAddress at 44 -MAPIAdminProfiles -MAPIAdminProfiles at 8 -MAPIAllocateBuffer -MAPIAllocateBuffer at 8 -MAPIAllocateMore -MAPIAllocateMore at 12 -MAPIDeinitIdle at 0 -MAPIDeleteMail at 20 -MAPIDetails at 20 -MAPIFindNext at 28 -MAPIFreeBuffer -MAPIFreeBuffer at 4 -MAPIGetDefaultMalloc at 0 -MAPIGetNetscapeVersion at 0 -MAPIInitIdle at 4 -MAPIInitialize -MAPIInitialize at 4 -MAPILogoff at 16 -MAPILogon at 24 -MAPILogonEx -MAPILogonEx at 20 -MAPIOpenFormMgr -MAPIOpenFormMgr at 8 -MAPIOpenLocalFormContainer -MAPIOpenLocalFormContainer at 4 -MAPIReadMail at 24 -MAPIResolveName at 24 -MAPISaveMail at 24 -MAPISendDocuments at 20 -MAPISendMail -MAPISendMail at 20 -MAPIUninitialize -MAPIUninitialize at 0 -MNLS_CompareStringW at 24 -MNLS_IsBadStringPtrW at 8 -MNLS_MultiByteToWideChar at 24 -MNLS_WideCharToMultiByte at 32 -MNLS_lstrcmpW at 8 -MNLS_lstrcpyW at 8 -MNLS_lstrlenW at 4 -MapStorageSCode at 4 -OpenIMsgOnIStg at 44 -OpenIMsgSession at 12 -OpenStreamOnFile -OpenStreamOnFile at 24 -OpenTnefStream -OpenTnefStream at 28 -OpenTnefStreamEx -OpenTnefStreamEx at 32 -PRProviderInit -PpropFindProp at 12 -PropCopyMore at 16 -RTFSync -RTFSync at 12 -ScBinFromHexBounded at 12 -ScCopyNotifications at 16 -ScCopyProps at 16 -ScCountNotifications at 12 -ScCountProps at 12 -ScCreateConversationIndex at 16 -ScDupPropset at 16 -ScGenerateMuid at 4 -ScInitMapiUtil at 4 -ScLocalPathFromUNC at 12 -ScMAPIXFromCMC -ScMAPIXFromSMAPI -ScRelocNotifications at 20 -ScRelocProps at 20 -ScSplEntry -ScUNCFromLocalPath at 12 -SetAttribIMsgOnIStg at 16 -SwapPlong at 8 -SwapPword at 8 -SzFindCh at 8 -SzFindLastCh at 8 -SzFindSz at 8 -UFromSz at 4 -UNKOBJ_COFree at 8 -UNKOBJ_Free at 8 -UNKOBJ_FreeRows at 8 -UNKOBJ_ScAllocate at 12 -UNKOBJ_ScAllocateMore at 16 -UNKOBJ_ScCOAllocate at 12 -UNKOBJ_ScCOReallocate at 12 -UNKOBJ_ScSzFromIdsAlloc at 20 -UlAddRef at 4 -UlFromSzHex at 4 -UlPropSize at 4 -UlRelease at 4 -WrapCompressedRTFStream -WrapCompressedRTFStream at 12 -WrapProgress at 20 -WrapStoreEntryID at 24 -__CPPValidateParameters at 8 -__ValidateParameters at 8 commit 6bc833c018004608df1a76cb10bf826fb545eea2 Author: Andre Heinecke Date: Wed Nov 4 16:45:33 2015 +0100 Fix int to pointer cast when creating worker * src/engine-assuan.c (async_worker_thread): Expect parameter to be a pointer instead of a value. (op_assuan_init): Pass a reference instead. -- While the old code was not broken building for x64 created a warning. And I also don't think you should do it even if it works here. diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 970cebc..f3422e3 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -629,7 +629,7 @@ op_assuan_init (void) return gpg_error (GPG_ERR_GENERAL); } mytid = GetCurrentThreadId (); - th = CreateThread (NULL, 256*1024, async_worker_thread, (void*)mytid, + th = CreateThread (NULL, 256*1024, async_worker_thread, &mytid, 0, &tid); if (th == INVALID_HANDLE_VALUE) log_error ("failed to launch the async_worker_thread"); @@ -904,11 +904,12 @@ async_worker_thread (void *dummy) Wordview, we can't use MsgWaitForMultipleObjects and the event loops. For test purposes a compatibiliy option allows to revert to the old behaviour. */ - int msgwait = opt.compat.use_mwfmo; + int msgwait = opt.compat.use_mwfmo; + DWORD orig_thread = *(DWORD*)dummy; if (msgwait) - attach_thread_input ( (DWORD)dummy ); + attach_thread_input ( orig_thread ); for (;;) { commit 2a24cdbfbc75128b87097f792c854c17cb9084e2 Author: Andre Heinecke Date: Wed Nov 4 16:42:40 2015 +0100 Handle handle to int casts * src/engine-assuan.c (handle_to_int): New. (send_options, op_assuan_init, op_assuan_encrypt), (op_assuan_sign, op_assuan_decrypt, op_assuan_verify): Use it. -- Doing this in a function explictly ensures that we only downcast Handle pointers. For them this is allowed and we can locally deactive the warning. diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 86207c3..970cebc 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -139,7 +139,33 @@ static HANDLE work_queue_event; /*-- prototypes --*/ static DWORD WINAPI async_worker_thread (void *dummy); - +static unsigned int +handle_to_int (HANDLE handle) +{ + /* According to MSDN + https://msdn.microsoft.com/en-us/library/ + windows/desktop/aa384203%28v=vs.85%29.aspx: + + 64-bit versions of Windows use 32-bit handles for + interoperability. When sharing a handle between 32-bit + and 64-bit applications, only the lower 32 bits are significant, + so it is safe to truncate the handle (when passing it from 64-bit + to 32-bit) or sign-extend the handle (when passing it from 32-bit + to 64-bit). Handles that can be shared include handles to user + objects such as windows (HWND), handles to GDI objects such as pens + and brushes (HBRUSH and HPEN), and handles to named objects such + as mutexes, semaphores, and file handles. + + So this hack is safe. + */ +#ifndef __clang__ +#pragma GCC diagnostic ignored "-Wpointer-to-int-cast" +#endif + return (unsigned int) handle; +#ifndef __clang__ +#pragma GCC diagnostic pop +#endif +} /* Return the next command id. Command Ids are used to group @@ -425,11 +451,12 @@ send_options (assuan_context_t ctx, void *hwnd, pid_t *r_pid) } if (*r_pid != (pid_t)(-1) && !AllowSetForegroundWindow (*r_pid)) - log_error_w32 (-1, "AllowSetForegroundWindow(%u) failed", *r_pid); + log_error_w32 (-1, "AllowSetForegroundWindow("SIZE_T_FORMAT") failed", + *r_pid); if (!err && hwnd) { - snprintf (numbuf, sizeof numbuf, "%x", (unsigned int)hwnd); + snprintf (numbuf, sizeof numbuf, "%x", handle_to_int (hwnd)); err = send_one_option (ctx, "window-id", numbuf); } @@ -1694,15 +1721,15 @@ op_assuan_encrypt (protocol_t protocol, duplicate the handle into the server process and the server then uses this handle. Eventually we should put this code into assuan_sendfd. */ - snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)inpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", handle_to_int (inpipe[0])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; if (flags & ENGINE_FLAG_BINARY_OUTPUT) snprintf (line, sizeof line, "OUTPUT FD=%d --binary", - (unsigned int)outpipe[1]); + handle_to_int (outpipe[1])); else - snprintf (line, sizeof line, "OUTPUT FD=%d", (unsigned int)outpipe[1]); + snprintf (line, sizeof line, "OUTPUT FD=%d", handle_to_int (outpipe[1])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; @@ -1875,11 +1902,11 @@ op_assuan_sign (protocol_t protocol, *r_used_protocol = protocol; log_debug ("%s:%s: using protocol %s", SRCNAME, __func__, protocol_name); - snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)inpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", handle_to_int (inpipe[0])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "OUTPUT FD=%d", (unsigned int)outpipe[1]); + snprintf (line, sizeof line, "OUTPUT FD=%d", handle_to_int (outpipe[1])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; @@ -1976,11 +2003,11 @@ op_assuan_decrypt (protocol_t protocol, goto leave; } - snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)inpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", handle_to_int (inpipe[0])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "OUTPUT FD=%d", (unsigned int)outpipe[1]); + snprintf (line, sizeof line, "OUTPUT FD=%d", handle_to_int (outpipe[1])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; @@ -2116,11 +2143,12 @@ op_assuan_verify (gpgme_protocol_t protocol, if (!opaque_mode) { - snprintf (line, sizeof line, "MESSAGE FD=%d", (unsigned int)msgpipe[0]); + snprintf (line, sizeof line, "MESSAGE FD=%d", + handle_to_int (msgpipe[0])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)sigpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", handle_to_int (sigpipe[0])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; @@ -2131,11 +2159,11 @@ op_assuan_verify (gpgme_protocol_t protocol, } else { - snprintf (line, sizeof line, "INPUT FD=%d", (unsigned int)msgpipe[0]); + snprintf (line, sizeof line, "INPUT FD=%d", handle_to_int (msgpipe[0])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; - snprintf (line, sizeof line, "OUTPUT FD=%d", (unsigned int)outpipe[1]); + snprintf (line, sizeof line, "OUTPUT FD=%d", handle_to_int (outpipe[1])); err = assuan_transact (ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; commit 0c460a499d0ce486295ebd9d2c3de5a99105c627 Author: Andre Heinecke Date: Wed Nov 4 16:38:13 2015 +0100 Add format string macro for size_t * src/util.h (SIZE_T_FORMAT): Use a macro for a portable way of printing size_t. * src/engine.c (engine_filter, engine_wait): Use it in debug output. -- %z is not available for us. diff --git a/src/engine.c b/src/engine.c index 73e20b6..a30408d 100644 --- a/src/engine.c +++ b/src/engine.c @@ -445,7 +445,7 @@ engine_filter (engine_filter_t filter, const void *indata, size_t indatalen) while (filter->out.length) { if (debug_filter) - log_debug ("%s:%s: pushing %d bytes to the outfnc\n", + log_debug ("%s:%s: pushing "SIZE_T_FORMAT" bytes to the outfnc\n", SRCNAME, __func__, filter->out.length); nbytes = filter->outfnc (filter->outfncdata, filter->out.buffer, filter->out.length); @@ -678,7 +678,7 @@ engine_wait (engine_filter_t filter) if (filter->out.length) { if (debug_filter_extra) - log_debug ("%s:%s: still %d pending bytes for outfnc\n", + log_debug ("%s:%s: still "SIZE_T_FORMAT" pending bytes for outfnc\n", SRCNAME, __func__, filter->out.length); more = 1; } diff --git a/src/util.h b/src/util.h index 3dfab5f..c8a44db 100644 --- a/src/util.h +++ b/src/util.h @@ -172,6 +172,13 @@ _gpgol_stpcpy (char *a, const char *b) extern int g_ol_version_major; +#ifdef WIN64 +#define SIZE_T_FORMAT "%I64u" +#else +#define SIZE_T_FORMAT "%u" +#endif + + #ifdef __cplusplus } #endif commit c41e2e4e1ed7baa57d4047613d543f25349f9895 Author: Andre Heinecke Date: Wed Nov 4 16:33:33 2015 +0100 Define out code that does not compile for x64 * src/config-dialog.c (config_dialog_box): Define out for x64 * src/olflange-dlgs.c (GPGOptionsDlgProc): Define out call to SetWindowLong -- This code is only used in older outlook versions which are not avaibale for 64 bit. And I rather not compile it then change it and cause regressions in those versions. diff --git a/src/config-dialog.c b/src/config-dialog.c index 5814d6f..4587fc8 100644 --- a/src/config-dialog.c +++ b/src/config-dialog.c @@ -182,6 +182,7 @@ config_dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) void config_dialog_box (HWND parent) { +#ifndef WIN64 int resid; resid = IDD_EXT_OPTIONS; @@ -189,6 +190,10 @@ config_dialog_box (HWND parent) if (!parent) parent = GetDesktopWindow (); DialogBoxParam (glob_hinst, (LPCTSTR)resid, parent, config_dlg_proc, 0); +#else + (void)parent; + (void)config_dlg_proc; +#endif } diff --git a/src/olflange-dlgs.cpp b/src/olflange-dlgs.cpp index a957bff..8bccbaa 100644 --- a/src/olflange-dlgs.cpp +++ b/src/olflange-dlgs.cpp @@ -279,7 +279,13 @@ GPGOptionsDlgProc (HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) break; } +#ifndef WIN64 + /* SetWindowLong is not portable according to msdn + it should be replaced by SetWindowLongPtr. But + as this here is code for Outlook < 2010 we don't + care as there is no 64bit version for that. */ SetWindowLong (hDlg, DWL_MSGRESULT, bMsgResult); +#endif break; default: commit af0e348eb32a33f7a9e58d0cb9cc32b0fb000570 Author: Andre Heinecke Date: Wed Nov 4 16:25:22 2015 +0100 Fix pointer to int cast in debug output * src/oomhelp.cpp (dump_excepinfo): Fix deferredFill output format. diff --git a/src/oomhelp.cpp b/src/oomhelp.cpp index 7ba2775..83cc344 100644 --- a/src/oomhelp.cpp +++ b/src/oomhelp.cpp @@ -116,13 +116,13 @@ dump_excepinfo (EXCEPINFO err) " desc: %S\n" " help: %S\n" " helpCtx: 0x%x\n" - " deferredFill: 0x%x\n" + " deferredFill: %p\n" " scode: 0x%x\n", SRCNAME, __func__, (unsigned int) err.wCode, (unsigned int) err.wReserved, err.bstrSource, err.bstrDescription, err.bstrHelpFile, (unsigned int) err.dwHelpContext, - (unsigned int) err.pfnDeferredFillIn, + err.pfnDeferredFillIn, (unsigned int) err.scode); } commit 0fb822b13c907e0589c2b8278937af5a44d3a67f Author: Andre Heinecke Date: Wed Nov 4 16:18:30 2015 +0100 Remove dead code * Makefile.am: Update gpgol_Sources accordingly. * main.c (init_options, read_options): Remove password_ttl setting. (DllMain): No longer initialize passcache. * passcache.c, passcache.h, passphrase-dialog.c, recipient-dialog.c, verify-dialog.c: Removed. This is handled by the uiserver now. -- This is code from a time before assuan architecture and unlikely to be useful again. diff --git a/src/Makefile.am b/src/Makefile.am index ff96120..e5cb2c4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -55,11 +55,7 @@ gpgol_SOURCES = \ rfc822parse.c rfc822parse.h \ common.h common.c util.h \ xmalloc.h \ - passcache.c passcache.h \ config-dialog.c \ - passphrase-dialog.c \ - recipient-dialog.c \ - verify-dialog.c \ mapihelp.cpp mapihelp.h \ mymapi.h mymapitags.h \ serpent.c serpent.h \ diff --git a/src/main.c b/src/main.c index 6e7eb79..b8b9160 100644 --- a/src/main.c +++ b/src/main.c @@ -28,7 +28,6 @@ #include "mymapitags.h" #include "common.h" -#include "passcache.h" #include "msgcache.h" #include "mymapi.h" @@ -64,9 +63,6 @@ int g_ol_version_major; static void init_options (void) { - opt.passwd_ttl = 10; /* Seconds. Use a small value, so that no - multiple prompts for attachment encryption - are issued. */ opt.enc_format = GPG_FMT_CLASSIC; } @@ -178,8 +174,6 @@ DllMain (HINSTANCE hinst, DWORD reason, LPVOID reserved) i18n_init (); if (initialize_session_key ()) return FALSE; - if (initialize_passcache ()) - return FALSE; if (initialize_msgcache ()) return FALSE; if (initialize_inspectors ()) @@ -646,12 +640,6 @@ read_options (void) opt.enable_default_key = val == NULL || *val != '1' ? 0 : 1; xfree (val); val = NULL; - if (load_extension_value ("storePasswdTime", &val) ) - opt.passwd_ttl = 600; /* Initial default. */ - else - opt.passwd_ttl = val == NULL || *val == '0'? 0 : atol (val); - xfree (val); val = NULL; - load_extension_value ("encodingFormat", &val); opt.enc_format = val == NULL? GPG_FMT_CLASSIC : atol (val); xfree (val); val = NULL; @@ -747,7 +735,6 @@ write_options (void) {"encryptDefault", 0, opt.encrypt_default}, {"signDefault", 0, opt.sign_default}, {"previewDecrypt", 0, opt.preview_decrypt}, - {"storePasswdTime", 1, opt.passwd_ttl}, {"encodingFormat", 1, opt.enc_format}, {"logFile", 2, 0, logfile}, {"defaultKey", 2, 0, opt.default_key}, diff --git a/src/passcache.c b/src/passcache.c deleted file mode 100644 index f857cca..0000000 --- a/src/passcache.c +++ /dev/null @@ -1,263 +0,0 @@ -/* passcache.c - passphrase cache for GPGol - * Copyright (C) 2005 g10 Code GmbH - * - * This file is part of GpgOL. - * - * GpgOL is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * GpgOL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, see . - */ - -/* We use a global passphrase cache. The cache time is set at the - time the passphrase gets stored. */ - -#include -#include -#include -#include -#include -#include /* Argg: Only required for the locking. */ - -#include "util.h" -#include "passcache.h" - - -/* An item to hold a cached passphrase. */ -struct cache_item -{ - /* We love linked lists; there are only a few passwords and access - to them is not in any way time critical. */ - struct cache_item *next; - - /* The Time to Live for this entry. */ - int ttl; - - /* The timestamp is updated with each access to the item and used - along with TTL to exire this item. */ - time_t timestamp; - - /* The value of this item. Malloced C String. If this one is NULL - this item may be deleted. */ - char *value; - - /* The key for this item. C String. */ - char key[1]; -}; -typedef struct cache_item *cache_item_t; - - -/* The actual cache is a simple list anchord at this global - variable. */ -static cache_item_t the_cache; - -/* Mutex used to serialize access to the cache. */ -static HANDLE cache_mutex; - - -/* Initialize this mode. Called at a very early stage. Returns 0 on - success. */ -int -initialize_passcache (void) -{ - SECURITY_ATTRIBUTES sa; - - memset (&sa, 0, sizeof sa); - sa.bInheritHandle = FALSE; - sa.lpSecurityDescriptor = NULL; - sa.nLength = sizeof sa; - cache_mutex = CreateMutex (&sa, FALSE, NULL); - return cache_mutex? 0 : -1; -} - -/* Acquire the mutex. Returns 0 on success. */ -static int -lock_cache (void) -{ - int code = WaitForSingleObject (cache_mutex, INFINITE); - if (code != WAIT_OBJECT_0) - log_error ("%s:%s: waiting on mutex failed: code=%#x\n", - SRCNAME, __func__, code); - return code != WAIT_OBJECT_0; -} - -/* Release the mutex. No error is returned because this is a fatal - error anyway and there is no way to clean up. */ -static void -unlock_cache (void) -{ - if (!ReleaseMutex (cache_mutex)) - log_error_w32 (-1, "%s:%s: ReleaseMutex failed", SRCNAME, __func__); -} - - -/* This is routine is used to remove all deleted entries from the - linked list. Deleted entries are marked by a value of NULL. Note, - that this routine must be called in a locked state. */ -static void -remove_deleted_items (void) -{ - cache_item_t item, prev; - - again: - for (item = the_cache; item; item = item->next) - if (!item->value) - { - if (item == the_cache) - { - the_cache = item->next; - xfree (item); - } - else - { - for (prev=the_cache; prev->next; prev = prev->next) - if (prev->next == item) - { - prev->next = item->next; - xfree (item); - item = NULL; - break; - } - assert (!item); - } - goto again; /* Yes, we use this pretty dumb algorithm ;-) */ - } -} - - - -/* Flush all entries from the cache. */ -void -passcache_flushall (void) -{ - cache_item_t item; - - if (lock_cache ()) - return; /* FIXME: Should we pop up a message box? */ - - for (item = the_cache; item; item = item->next) - if (item->value) - { - wipestring (item->value); - xfree (item->value); - item->value = NULL; - } - remove_deleted_items (); - - unlock_cache (); -} - - -/* Store the passphrase in VALUE under KEY in out cache. Assign TTL - seconds as maximum caching time. If it already exists, merely - updates the TTL. If the TTL is 0 or VALUE is NULL or empty, flush a - possible entry. */ -void -passcache_put (const char *key, const char *value, int ttl) -{ - cache_item_t item; - - if (!key || !*key) - { - log_error ("%s:%s: no key given", SRCNAME, __func__); - return; - } - - if (lock_cache ()) - return; /* FIXME: Should we pop up a message box if a flush was - requested? */ - - for (item = the_cache; item; item = item->next) - if (item->value && !strcmp (item->key, key)) - break; - if (item && (!ttl || !value || !*value)) - { - /* Delete this entry. */ - wipestring (item->value); - xfree (item->value); - item->value = NULL; - /* Actual delete will happen before we allocate a new entry. */ - } - else if (item) - { - /* Update this entry. */ - if (item->value) - { - wipestring (item->value); - xfree (item->value); - } - item->value = xstrdup (value); - item->ttl = ttl; - item->timestamp = time (NULL); - } - else if (!ttl || !value || !*value) - { - log_debug ("%s:%s: ignoring attempt to add empty entry `%s'", - SRCNAME, __func__, key); - } - else - { - /* Create new cache entry. */ - remove_deleted_items (); - item = xcalloc (1, sizeof *item + strlen (key)); - strcpy (item->key, key); - item->ttl = ttl; - item->value = xstrdup (value); - item->timestamp = time (NULL); - - item->next = the_cache; - the_cache = item; - } - - unlock_cache (); -} - - -/* Return the passphrase stored under KEY as a newly malloced string. - Caller must release that string using xfree. Using this function - won't update the TTL. If no passphrase is available under this - key, the function returns NULL. Calling thsi function with KEY set - to NULL will only expire old entries. */ -char * -passcache_get (const char *key) -{ - cache_item_t item; - char *result = NULL; - time_t now = time (NULL); - - if (lock_cache ()) - return NULL; - - /* Expire entries. */ - for (item = the_cache; item; item = item->next) - if (item->value && item->timestamp + item->ttl < now) - { - wipestring (item->value); - xfree (item->value); - item->value = NULL; - } - - /* Look for the entry. */ - if (key && *key) - { - for (item = the_cache; item; item = item->next) - if (item->value && !strcmp (item->key, key)) - { - result = xstrdup (item->value); - item->timestamp = time (NULL); - break; - } - } - - unlock_cache (); - - return result; -} diff --git a/src/passcache.h b/src/passcache.h deleted file mode 100644 index 84e7418..0000000 --- a/src/passcache.h +++ /dev/null @@ -1,34 +0,0 @@ -/* passcache.h - Interface the passphrase cache for GPGol - * Copyright (C) 2005 g10 Code GmbH - * - * This file is part of GpgOL. - * - * GpgOL is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * GpgOL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, see . - */ - -#ifndef PASSCACHE_H -#define PASSCACHE_H - - -/* Initialize the passcache subsystem. */ -int initialize_passcache (void); - -/* Flush all entries. */ -void passcache_flushall (void); - -/* Store and retrieve a cached passphrase. */ -void passcache_put (const char *key, const char *value, int ttl); -char *passcache_get (const char *key); - -#endif /*PASSCACHE_H*/ diff --git a/src/passphrase-dialog.c b/src/passphrase-dialog.c deleted file mode 100644 index 54fdcea..0000000 --- a/src/passphrase-dialog.c +++ /dev/null @@ -1,786 +0,0 @@ -/* passphrase-dialog.c - * Copyright (C) 2004 Timo Schulz - * Copyright (C) 2005, 2006, 2007 g10 Code GmbH - * - * This file is part of GpgOL. - * - * GpgOL is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * GpgOL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, see . - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#include -#include -#include -#include - -#include "common.h" -#include "gpgol-ids.h" -#include "passcache.h" -#include "dialogs.h" - - -/* Object to maintai8n state in the dialogs. */ -struct dialog_context_s -{ - struct passphrase_cb_s *dec; /* The decryption info. */ - - gpgme_key_t *keyarray; /* NULL or an array of keys. */ - - int hide_state; /* Flag indicating that some stuff is hidden. */ - - unsigned int use_as_cb; /* This is used by the passphrase callback. */ - - int no_encrypt_warning; /* Print a warning after cancel. */ -}; - - -static char const allhexdigits[] = "1234567890ABCDEFabcdef"; - - -static void -set_key_hint (struct passphrase_cb_s *dec, HWND dlg, int ctrlid) -{ - const char *s = dec->user_id; - char *key_hint; - - if (s && dec->keyid) - { - char stop_char; - size_t i = 0; - - key_hint = xmalloc (17 + strlen (s) + strlen (dec->keyid) + 32); - if (strchr (s, '<') && strchr (s, '>')) - stop_char = '<'; - else if (strchr (s, '(') && strchr (s, ')')) - stop_char = '('; - else - stop_char = 0; - while (*s != stop_char) - key_hint[i++] = *s++; - key_hint[i++] = ' '; - if (dec->keyid && strlen (dec->keyid) > 8) - sprintf (key_hint+i, "(0x%s)", dec->keyid+8); - else - key_hint[i] = 0; - } - else - key_hint = xstrdup (_("No certificate hint given.")); - SendDlgItemMessage (dlg, ctrlid, CB_ADDSTRING, 0, - (LPARAM)(const char *)key_hint); - SendDlgItemMessage (dlg, ctrlid, CB_SETCURSEL, 0, 0); - xfree (key_hint); -} - -/* Release the key array ARRAY as well as all COUNT keys. */ -static void -release_keyarray (gpgme_key_t *array) -{ - size_t n; - - if (!array) - return; - for (n=0; array[n]; n++) - gpgme_key_release (array[n]); - xfree (array); -} - -/* Return the number of keys in the key array KEYS. */ -static size_t -count_keys (gpgme_key_t *keys) -{ - size_t n = 0; - - if (keys) - for (; *keys; keys++) - n++; - return n; -} - - -static void -load_recipbox (HWND dlg, int ctlid, gpgme_ctx_t ctx) -{ - gpgme_decrypt_result_t res; - gpgme_recipient_t rset, r; - gpgme_ctx_t keyctx = NULL; - gpgme_key_t key; - gpgme_error_t err; - char *buffer, *p; - size_t n; - - if (!ctx) - return; - - /* Lump together all recipients of the message. */ - res = gpgme_op_decrypt_result (ctx); - if (!res || !res->recipients) - return; - rset = res->recipients; - for (n=0, r = rset; r; r = r->next) - if (r->keyid) - n += strlen (r->keyid) + 1; - buffer = xmalloc (n + 1); - for (p=buffer, r = rset; r; r = r->next) - if (r->keyid) - p = stpcpy (stpcpy (p, r->keyid), " "); - - /* Run a key list on all of them to fill up the list box. */ - err = gpgme_new (&keyctx); - if (err) - goto fail; - err = gpgme_op_keylist_start (keyctx, buffer, 0); - if (err) - { - log_error ("failed to initialize keylisting: %s", gpg_strerror (err)); - goto fail; - } - - while (!gpgme_op_keylist_next (keyctx, &key)) - { - if (key && key->uids && key->uids->uid) - { - char *utf8_uid = utf8_to_native (key->uids->uid); - SendDlgItemMessage (dlg, ctlid, LB_ADDSTRING, 0, - (LPARAM)(const char *)utf8_uid); - xfree (utf8_uid); - } - if (key) - gpgme_key_release (key); - } - - fail: - if (keyctx) - gpgme_release (keyctx); - xfree (buffer); -} - - - -/* Return a string with the short description of the algorithm. This - function is guaranteed to not return NULL or a string longer that 3 - bytes. */ -const char* -get_pubkey_algo_str (gpgme_pubkey_algo_t alg) -{ - switch (alg) - { - case GPGME_PK_RSA: - case GPGME_PK_RSA_E: - case GPGME_PK_RSA_S: - return "RSA"; - - case GPGME_PK_ELG_E: - case GPGME_PK_ELG: - return "ELG"; - - case GPGME_PK_DSA: - return "DSA"; - - default: - break; - } - - return "???"; -} - - -/* Fill a combo box with all keys and return an error with those keys. - set *R_NKEYS to the amount of keys if requested. */ -static gpgme_key_t* -load_secbox (HWND dlg, int ctlid, size_t *r_nkeys) -{ - gpg_error_t err; - gpgme_ctx_t ctx; - gpgme_key_t key; - gpgme_key_t *keyarray; - size_t pos, keyarray_size; - - err = gpgme_new (&ctx); - if (err) - return NULL; - - err = gpgme_op_keylist_start (ctx, NULL, 1); - if (err) - { - log_error ("failed to initiate key listing: %s\n", gpg_strerror (err)); - gpgme_release (ctx); - return NULL; - } - - keyarray_size = 20; - keyarray = xcalloc (keyarray_size+1, sizeof *keyarray); - pos = 0; - - while (!gpgme_op_keylist_next (ctx, &key)) - { - const char *email, *keyid, *algo; - char *p, *name; - long idx; - - if (key->revoked || key->expired || key->disabled || key->invalid) - { - gpgme_key_release (key); - continue; - } - if (!key->uids || !key->subkeys) - { - gpgme_key_release (key); - continue; - } - - if (!key->uids->name) - name = strdup (""); - else - name = utf8_to_native (key->uids->name); - email = key->uids->email; - if (!email) - email = ""; - keyid = key->subkeys->keyid; - if (!keyid || strlen (keyid) < 8) - { - xfree (name); - gpgme_key_release (key); - continue; - } - - algo = get_pubkey_algo_str (key->subkeys->pubkey_algo); - p = xmalloc (strlen (name) + strlen (email) + strlen (keyid+8) + 3 + 20); - if (email && *email) - sprintf (p, "%s <%s> (0x%s, %s)", name, email, keyid+8, algo); - else - sprintf (p, "%s (0x%s, %s)", name, keyid+8, algo); - idx = SendDlgItemMessage (dlg, ctlid, CB_ADDSTRING, 0, - (LPARAM)(const char *)p); - xfree (p); - xfree (name); - if (idx < 0) /* Error. */ - { - gpgme_key_release (key); - continue; - } - - SendDlgItemMessage (dlg, ctlid, CB_SETITEMDATA, idx, (LPARAM)pos); - - if (pos >= keyarray_size) - { - gpgme_key_t *tmparr; - size_t i; - - keyarray_size += 10; - tmparr = xcalloc (keyarray_size, sizeof *tmparr); - for (i=0; i < pos; i++) - tmparr[i] = keyarray[i]; - xfree (keyarray); - keyarray = tmparr; - } - keyarray[pos++] = key; - } - SendDlgItemMessage (dlg, ctlid, CB_SETCURSEL, 0, 0); - - gpgme_op_keylist_end (ctx); - gpgme_release (ctx); - if (r_nkeys) - *r_nkeys = pos; - return keyarray; -} - - -/* To avoid writing a dialog template for each language we use gettext - for the labels and hope that there is enough space in the dialog to - fit teh longest translation. */ -static void -decrypt_key_dlg_set_labels (HWND dlg) -{ - static struct { int itemid; const char *label; } labels[] = { - { IDC_DEC_PASSINF, N_("Enter passphrase to unlock the secret key")}, - { IDC_DEC_HIDE, N_("Hide typing")}, - { IDCANCEL, N_("&Cancel")}, - { 0, NULL} - }; - int i; - - for (i=0; labels[i].itemid; i++) - SetDlgItemText (dlg, labels[i].itemid, _(labels[i].label)); -} - - - -static BOOL CALLBACK -decrypt_key_dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) -{ - /* Fixme: We should not use a static here but keep it in an array - index by DLG. */ - static struct dialog_context_s *context; - struct passphrase_cb_s *dec; - size_t n; - - if (msg == WM_INITDIALOG) - { - context = (struct dialog_context_s *)lparam; - context->hide_state = 1; - dec = context->dec; - if (dec && context->use_as_cb) - { - dec->opts = 0; - dec->pass = NULL; - set_key_hint (dec, dlg, IDC_DEC_KEYLIST); - EnableWindow (GetDlgItem (dlg, IDC_DEC_KEYLIST), FALSE); - } - if (dec && dec->last_was_bad) - SetDlgItemText (dlg, IDC_DEC_HINT, - (dec && dec->last_was_bad)? - _("Invalid passphrase; please try again..."):""); - - if (dec && !context->use_as_cb) - { - context->keyarray = load_secbox (dlg, IDC_DEC_KEYLIST, &n); - /* If only one secret key is available, it makes no sense to - ask the user to select one. */ - if (n == 1) - { - dec->signer = context->keyarray[0]; - gpgme_key_ref (context->keyarray[0]); - EndDialog (dlg, TRUE); - return FALSE; - } - } - - decrypt_key_dlg_set_labels (dlg); - CheckDlgButton (dlg, IDC_DEC_HIDE, BST_CHECKED); - center_window (dlg, NULL); - if (dec && dec->hide_pwd) - { - ShowWindow (GetDlgItem (dlg, IDC_DEC_HIDE), SW_HIDE); - ShowWindow (GetDlgItem (dlg, IDC_DEC_PASS), SW_HIDE); - ShowWindow (GetDlgItem (dlg, IDC_DEC_PASSINF), SW_HIDE); - } - else - SetFocus (GetDlgItem (dlg, IDC_DEC_PASS)); - - if (!context->use_as_cb) - SetWindowText (dlg, _("Select Signing Key")); - SetForegroundWindow (dlg); - return FALSE; - } - - if (!context) - return FALSE; - - dec = context->dec; - - switch (msg) - { - case WM_DESTROY: - context->hide_state = 1; - break; - - case WM_COMMAND: - switch (HIWORD (wparam)) - { - case BN_CLICKED: - if ((int)LOWORD (wparam) == IDC_DEC_HIDE) - { - HWND hwnd; - - context->hide_state ^= 1; - hwnd = GetDlgItem (dlg, IDC_DEC_PASS); - SendMessage (hwnd, EM_SETPASSWORDCHAR, - context->hide_state? '*' : 0, 0); - SetFocus (hwnd); - } - break; - } - - switch (LOWORD (wparam)) - { - case IDOK: - n = SendDlgItemMessage (dlg, IDC_DEC_PASS, WM_GETTEXTLENGTH, 0, 0); - if (n && dec) - { - dec->pass = xmalloc (n + 2); - GetDlgItemText (dlg, IDC_DEC_PASS, dec->pass, n+1); - } - if (dec && !context->use_as_cb) - { - int idx, pos; - - idx = SendDlgItemMessage (dlg, IDC_DEC_KEYLIST, - CB_GETCURSEL, 0, 0); - pos = SendDlgItemMessage (dlg, IDC_DEC_KEYLIST, - CB_GETITEMDATA, idx, 0); - if (pos >= 0 && pos < count_keys (context->keyarray)) - { - dec->signer = context->keyarray[pos]; - gpgme_key_ref (dec->signer); - } - } - EndDialog (dlg, TRUE); - break; - - case IDCANCEL: - /* Outlook show now correctly abort the sending process - and thus no warning is shown any longer. */ - if (dec) - { - dec->opts = OPT_FLAG_CANCEL; - dec->pass = NULL; - } - EndDialog (dlg, FALSE); - break; - } - break; /*WM_COMMAND*/ - } - - return FALSE; -} - - -/* To avoid writing a dialog template for each language we use gettext - for the labels and hope that there is enough space in the dialog to - fit teh longest translation. */ -static void -decrypt_key_ext_dlg_set_labels (HWND dlg) -{ - static struct { int itemid; const char *label; } labels[] = { - { IDC_DECEXT_RSET_T, N_("Encrypted to the following certificates:")}, - { IDC_DECEXT_PASSINF, N_("Enter passphrase to unlock the secret key")}, - { IDC_DECEXT_HIDE, N_("Hide typing")}, - { IDCANCEL, N_("&Cancel")}, - { 0, NULL} - }; - int i; - - for (i=0; labels[i].itemid; i++) - SetDlgItemText (dlg, labels[i].itemid, _(labels[i].label)); -} - -static BOOL CALLBACK -decrypt_key_ext_dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) -{ - /* Fixme: We should not use a static here but keep it in an array - index by DLG. */ - static struct dialog_context_s *context; - struct passphrase_cb_s * dec; - size_t n; - - if (msg == WM_INITDIALOG) - { - context = (struct dialog_context_s *)lparam; - context->hide_state = 1; - dec = context->dec; - if (dec) - { - dec->opts = 0; - dec->pass = NULL; - set_key_hint (dec, dlg, IDC_DECEXT_KEYLIST); - EnableWindow (GetDlgItem (dlg, IDC_DECEXT_KEYLIST), FALSE); - } - - SetDlgItemText (dlg, IDC_DECEXT_HINT, - (dec && dec->last_was_bad)? - _("Invalid passphrase; please try again..."):""); - if (dec) - load_recipbox (dlg, IDC_DECEXT_RSET, dec->ctx); - - decrypt_key_ext_dlg_set_labels (dlg); - CheckDlgButton (dlg, IDC_DECEXT_HIDE, BST_CHECKED); - center_window (dlg, NULL); - SetFocus (GetDlgItem (dlg, IDC_DECEXT_PASS)); - SetForegroundWindow (dlg); - return FALSE; - } - - if (!context) - return FALSE; - - dec = context->dec; - - switch (msg) - { - case WM_DESTROY: - context->hide_state = 1; - break; - - case WM_COMMAND: - switch (HIWORD (wparam)) - { - case BN_CLICKED: - if ((int)LOWORD (wparam) == IDC_DECEXT_HIDE) - { - HWND hwnd; - - context->hide_state ^= 1; - hwnd = GetDlgItem (dlg, IDC_DECEXT_PASS); - SendMessage (hwnd, EM_SETPASSWORDCHAR, - context->hide_state? '*' : 0, 0); - SetFocus (hwnd); - } - break; - } - - switch (LOWORD (wparam)) - { - case IDOK: - n = SendDlgItemMessage (dlg, IDC_DECEXT_PASS, WM_GETTEXTLENGTH,0,0); - if (n && dec) - { - dec->pass = xmalloc (n + 2); - GetDlgItemText (dlg, IDC_DECEXT_PASS, dec->pass, n+1); - } - EndDialog (dlg, TRUE); - break; - - case IDCANCEL: - /* See comment in decrypt_key_dlg_proc. */ - if (dec) - { - dec->opts = OPT_FLAG_CANCEL; - dec->pass = NULL; - } - EndDialog (dlg, FALSE); - break; - } - break; /*WM_COMMAND*/ - } - - return FALSE; -} - -/* Display a signer dialog which contains all secret keys, useable for - signing data. The key is returned in R_KEY. The passprase in - r_passwd. If Encrypting is true, the message will get encrypted - later. */ -int -signer_dialog_box (gpgme_key_t *r_key, char **r_passwd, int encrypting) -{ - struct dialog_context_s context; - struct passphrase_cb_s dec; - int resid; - - memset (&context, 0, sizeof context); - memset (&dec, 0, sizeof dec); - dec.hide_pwd = 1; - context.dec = &dec; - context.no_encrypt_warning = encrypting; - - resid = IDD_DEC; - DialogBoxParam (glob_hinst, (LPCTSTR)resid, GetDesktopWindow (), - decrypt_key_dlg_proc, (LPARAM)&context); - - if (dec.signer) - { - if (r_passwd) - *r_passwd = dec.pass; - else - { - if (dec.pass) - wipestring (dec.pass); - xfree (dec.pass); - } - dec.pass = NULL; - *r_key = dec.signer; - dec.signer = NULL; - } - if (dec.pass) - wipestring (dec.pass); - xfree (dec.pass); - if (dec.signer) - gpgme_key_release (dec.signer); - release_keyarray (context.keyarray); - return (dec.opts & OPT_FLAG_CANCEL)? -1 : 0; -} - - -/* GPGME passphrase callback function. It starts the decryption dialog - to request the passphrase from the user. See the GPGME manual for - a description of the arguments. */ -gpgme_error_t -passphrase_callback_box (void *opaque, const char *uid_hint, - const char *pass_info, - int prev_was_bad, int fd) -{ - struct passphrase_cb_s *dec = opaque; - DWORD nwritten = 0; - char keyidstr[16+1]; - int resid; - - log_debug ("passphrase_callback_box: enter (uh=`%s',pi=`%s')\n", - uid_hint?uid_hint:"(null)", pass_info?pass_info:"(null)"); - - *keyidstr = 0; - - /* First remove a possible passphrase from the return structure. */ - if (dec->pass) - wipestring (dec->pass); - xfree (dec->pass); - dec->pass = NULL; - - /* For some reasons the cancel flag has been set - write an empty - passphrase and close the handle to indicate the cancel state to - the backend. */ - if (dec->opts & OPT_FLAG_CANCEL) - { - /* Casting the FD to a handle is okay as gpgme uses OS handles. */ - WriteFile ((HANDLE)fd, "\n", 1, &nwritten, NULL); - CloseHandle ((HANDLE)fd); - log_debug ("passphrase_callback_box: leave (due to cancel flag)\n"); - return -1; - } - - /* Parse the information to get the keyid we use for caching of the - passphrase. If we got suitable information, we will have a proper - 16 character string in KEYIDSTR; if not KEYIDSTR has been set to - empty. */ - if (pass_info) - { - /* As of now (gpg 1.4.2) these information are possible: - - 1. Standard passphrase requested: - " " - 2. Passphrase for symmetric key requested: - " " - 3. PIN for a card requested. - " " - - For caching we need to use the long keyid from case 1; the main - keyid can't be used because a key may have different - passphrases on the subkeys. Caching for symmetrical keys is - not possible because there is no information on what - key(i.e. passphrase) to use. Caching of PINs is not yet - possible because we don't have information on the card's serial - number yet; that must be solved by gpgme. - - To detect case 1 we simply check whether the first token - consists in its entire of 16 hex digits. - */ - const char *s; - int i; - - for (s=pass_info, i=0; *s && strchr (allhexdigits, *s) ; s++, i++) - ; - if (i == 16) - { - while (*s == ' ') - s++; - for (i=0; *s && strchr (allhexdigits, *s) && i < 16; s++, i++) - keyidstr[i] = *s; - keyidstr[i] = 0; - if (*s) - s++; - if (i != 16 || !strchr (allhexdigits, *s)) - { - log_debug ("%s: oops: does not look like pass_info\n", __func__); - *keyidstr = 0; - } - } - } - - log_debug ("%s: using keyid 0x%s\n", __func__, keyidstr); - - /* Now check how to proceed. */ - if (prev_was_bad) - { - log_debug ("%s: last passphrase was bad\n", __func__); - /* Flush a possible cache entry for that keyID. */ - if (*keyidstr) - passcache_put (keyidstr, NULL, 0); - } - else if (*keyidstr) - { - dec->pass = passcache_get (keyidstr); - log_debug ("%s: getting passphrase for 0x%s from cache: %s\n", - __func__, keyidstr, dec->pass? "hit":"miss"); - } - - /* Copy the keyID into the context. */ - assert (strlen (keyidstr) < sizeof dec->keyid); - strcpy (dec->keyid, keyidstr); - - /* If we have no cached passphrase, popup the passphrase dialog. */ - if (!dec->pass) - { - int rc; - const char *s; - struct dialog_context_s context; - - memset (&context, 0, sizeof context); - context.dec = dec; - context.use_as_cb = 1; - - /* Construct the user ID. */ - if (uid_hint) - { - /* Skip the first token (keyID). */ - for (s=uid_hint; *s && *s != ' '; s++) - ; - while (*s == ' ') - s++; - } - else - s = "[no user Id]"; - xfree (dec->user_id); - dec->user_id = utf8_to_native (s); - dec->last_was_bad = prev_was_bad; - if (!dec->decrypt_cmd) - { - resid = IDD_DEC; - rc = DialogBoxParam (glob_hinst, (LPCSTR)resid, - GetDesktopWindow (), - decrypt_key_dlg_proc, (LPARAM)&context); - } - else - { - resid = IDD_DECEXT; - rc = DialogBoxParam (glob_hinst, (LPCTSTR)resid, - GetDesktopWindow (), - decrypt_key_ext_dlg_proc, (LPARAM)&context); - } - if (rc <= 0) - log_debug_w32 (-1, "%s: dialog failed (rc=%d)", __func__, rc); - release_keyarray (context.keyarray); - } - else - log_debug ("%s:%s: dec=%p dec->pass=`[censored]'\n", - SRCNAME, __func__, dec); - - /* If we got a passphrase, send it to the FD. */ - if (dec->pass) - { - log_debug ("passphrase_callback_box: sending passphrase ...\n"); - WriteFile ((HANDLE)fd, dec->pass, strlen (dec->pass), &nwritten, NULL); - } - - WriteFile((HANDLE)fd, "\n", 1, &nwritten, NULL); - - log_debug ("passphrase_callback_box: leave\n"); - return 0; -} - - -/* Release the context which was used in the passphrase callback. */ -void -free_decrypt_key (struct passphrase_cb_s *ctx) -{ - if (!ctx) - return; - if (ctx->pass) { - wipestring (ctx->pass); - xfree (ctx->pass); - } - xfree (ctx->user_id); - xfree(ctx); -} diff --git a/src/proto-auto.bmp b/src/proto-auto.bmp deleted file mode 100644 index 67a9ca3..0000000 Binary files a/src/proto-auto.bmp and /dev/null differ diff --git a/src/proto-pgpmime.bmp b/src/proto-pgpmime.bmp deleted file mode 100644 index 750a2b8..0000000 Binary files a/src/proto-pgpmime.bmp and /dev/null differ diff --git a/src/proto-smime.bmp b/src/proto-smime.bmp deleted file mode 100644 index 4111b41..0000000 Binary files a/src/proto-smime.bmp and /dev/null differ diff --git a/src/recipient-dialog.c b/src/recipient-dialog.c deleted file mode 100644 index a2684f8..0000000 --- a/src/recipient-dialog.c +++ /dev/null @@ -1,565 +0,0 @@ -/* recipient-dialog.c - * Copyright (C) 2004 Timo Schulz - * Copyright (C) 2005, 2006, 2007 g10 Code GmbH - * - * This file is part of GpgOL. - * - * GpgOL is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * GpgOL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, see . - */ - -#ifdef HAVE_CONFIG_H -#include -#endif - -#ifndef _WIN32_IE /* allow to use advanced list view modes. */ -#define _WIN32_IE 0x0600 -#endif - -#include -#include -#include -#include -#include - -#include "common.h" -#include "gpgol-ids.h" -#include "dialogs.h" - -struct recipient_cb_s -{ - char **unknown_keys; /* A string array with the names of the - unknown recipients. */ - - gpgme_key_t *fnd_keys; /* email address to key mapping list. */ - - /* A bit vector used to return selected options. */ - unsigned int opts; - - /* A key array to hold all keys. */ - gpgme_key_t *keyarray; - size_t keyarray_count; - - /* The result key Array, i.e. the selected keys. This array is NULL - terminated. */ - gpgme_key_t *selected_keys; - size_t selected_keys_count; -}; - - -/* Symbolic column IDs. */ -enum klist_col_t -{ - KL_COL_NAME = 0, - KL_COL_EMAIL = 1, - KL_COL_INFO = 2, - KL_COL_KEYID = 3, - KL_COL_VALID = 4, - /* number of columns. */ - KL_COL_N = 5 -}; - -/* Insert the columns, needed to display keys, into the list view HWND. */ -static void -initialize_rsetbox (HWND hwnd) -{ - LVCOLUMN col; - - /* We cannot avoid the casting here because gettext always returns - a constant string but the listview interface needs char*. */ - memset (&col, 0, sizeof (col)); - col.mask = LVCF_TEXT | LVCF_WIDTH | LVCF_SUBITEM; - col.pszText = (char*)_("Name"); - col.cx = 100; - col.iSubItem = KL_COL_NAME; - ListView_InsertColumn (hwnd, KL_COL_NAME, &col); - - col.pszText = (char*)_("E-Mail"); - col.cx = 100; - col.iSubItem = KL_COL_EMAIL; - ListView_InsertColumn (hwnd, KL_COL_EMAIL, &col); - - col.pszText = (char*)_("Key-Info"); - col.cx = 100; - col.iSubItem = KL_COL_INFO; - ListView_InsertColumn (hwnd, KL_COL_INFO, &col); - - col.pszText = (char*)_("Key ID"); - col.cx = 80; - col.iSubItem = KL_COL_KEYID; - ListView_InsertColumn (hwnd, KL_COL_KEYID, &col); - - col.pszText = (char*)_("Validity"); - col.cx = 70; - col.iSubItem = KL_COL_VALID; - ListView_InsertColumn (hwnd, KL_COL_VALID, &col); - - ListView_SetExtendedListViewStyleEx (hwnd, 0, LVS_EX_FULLROWSELECT); -} - - -/* Load the key list view control HWND with all useable keys - for encryption. Return the array size in *R_ARRAYSIZE. */ -static gpgme_key_t* -load_rsetbox (HWND hwnd, size_t *r_arraysize) -{ - LVITEM lvi; - gpg_error_t err; - gpgme_ctx_t ctx; - gpgme_key_t key = NULL; - gpgme_key_t *keyarray; - size_t keyarray_size; - size_t pos; - char keybuf[128], *s; - const char *trust_items[] = - { - "Unknown", - "Undefined", - "Never", - "Marginal", - "Full", - "Ultimate" - }; - enum {COL_NAME, COL_EMAIL, COL_KEYINF, COL_KEYID, COL_TRUST}; - DWORD val; - - memset (&lvi, 0, sizeof (lvi)); - - err = gpgme_new (&ctx); - if (err) - return NULL; - - err = gpgme_op_keylist_start (ctx, NULL, 0); - if (err) - { - log_error ("failed to initiate key listing: %s\n", gpg_strerror (err)); - gpgme_release (ctx); - return NULL; - } - - keyarray_size = 500; - keyarray = xcalloc (keyarray_size, sizeof *keyarray); - pos = 0; - - while (!gpgme_op_keylist_next (ctx, &key)) - { - /* We only want keys capable of encrypting. */ - if (!key->can_encrypt) - { - gpgme_key_release (key); - continue; - } - - /* Check that the primary key is *not* revoked, expired or invalid */ - if (key->revoked || key->expired || key->invalid || key->disabled) - { - gpgme_key_release (key); - continue; - } - - /* Ignore keys without a user ID or without a subkey */ - if (!key->uids || !key->subkeys) - { - gpgme_key_release (key); - continue; - } - - /* Store the position in the opaque param. */ - lvi.mask = LVIF_PARAM; - lvi.lParam = (LPARAM)pos; - ListView_InsertItem (hwnd, &lvi); - - s = utf8_to_native (key->uids->name); - ListView_SetItemText (hwnd, 0, COL_NAME, s); - xfree (s); - - s = key->uids->email; - ListView_SetItemText (hwnd, 0, COL_EMAIL, s); - - s = keybuf; - *s = 0; - s = stpcpy (s, get_pubkey_algo_str (key->subkeys->pubkey_algo)); - if (key->subkeys->next) - { - /* Fixme: This is not really correct because we don't know - which encryption subkey gpg is going to select. Same - holds true for the key length below. */ - *s++ = '/'; - s = stpcpy (s, get_pubkey_algo_str - (key->subkeys->next->pubkey_algo)); - } - - *s++ = ' '; - if (key->subkeys->next) - sprintf (s, "%d", key->subkeys->next->length); - else - sprintf (s, "%d", key->subkeys->length); - - s = keybuf; - ListView_SetItemText (hwnd, 0, COL_KEYINF, s); - - if (key->subkeys->keyid && strlen (key->subkeys->keyid) > 8) - { - _snprintf (keybuf, sizeof (keybuf)-1, "0x%s", key->subkeys->keyid+8); - ListView_SetItemText (hwnd, 0, COL_KEYID, keybuf); - } - - val = key->uids->validity; - if (val > 5) - val = 0; - strcpy (keybuf, trust_items[val]); - s = keybuf; - ListView_SetItemText (hwnd, 0, COL_TRUST, s); - - if (pos >= keyarray_size) - { - gpgme_key_t *tmparr; - size_t i; - - keyarray_size += 500; - tmparr = xcalloc (keyarray_size, sizeof *tmparr); - for (i=0; i < pos; i++) - tmparr[i] = keyarray[i]; - xfree (keyarray); - keyarray = tmparr; - } - keyarray[pos++] = key; - - } - - gpgme_op_keylist_end (ctx); - gpgme_release (ctx); - - *r_arraysize = pos; - return keyarray; -} - - -/* Release the key array ARRAY as well as all COUNT keys. */ -static void -release_keyarray (gpgme_key_t *array, size_t count) -{ - size_t n; - - if (!array) - return; - for (n=0; n < count; n++) - gpgme_key_release (array[n]); - xfree (array); -} - - -/* Default maximal text size for a column. */ -#define ITEMSIZE 200 - -/* Return the opaque param of the item with the index IDX. - If the function call failed, return -1. */ -static LPARAM -lv_get_item_param (HWND hwnd, int idx) -{ - LVITEM lv; - - memset (&lv, 0, sizeof (lv)); - lv.mask = LVIF_PARAM; - lv.iItem = idx; - if (!ListView_GetItem (hwnd, &lv)) - return (LPARAM)-1; - return lv.lParam; -} - -/* Copy one list view item from one view to another. */ -static void -copy_item (HWND dlg, int id_from, int pos) -{ - HWND src, dst; - LVITEM lvi; - char item[KL_COL_N][ITEMSIZE]; - int idx = pos, i; - int lparam; - - src = GetDlgItem (dlg, id_from); - dst = GetDlgItem (dlg, id_from==IDC_ENC_RSET1 ? - IDC_ENC_RSET2 : IDC_ENC_RSET1); - - if (idx == -1) - { - idx = ListView_GetNextItem (src, -1, LVNI_SELECTED); - if (idx == -1) - return; - } - - for (i=0; i < KL_COL_N; i++) - ListView_GetItemText (src, idx, i, item[i], ITEMSIZE-1); - - /* Before we delete the item, we backup the lparam which - holds the position to copy it to the new item. */ - lparam = (int)lv_get_item_param (src, idx); - ListView_DeleteItem (src, idx); - - /* Add the lparam value from the source item. */ - memset (&lvi, 0, sizeof (lvi)); - lvi.mask = LVIF_PARAM; - lvi.lParam = lparam; - ListView_InsertItem (dst, &lvi); - - for (i=0; i < KL_COL_N; i++) - ListView_SetItemText (dst, 0, i, item[i]); -} - - -/* Try to find an item with STR as the text in the first column. - Return the index of the item or -1 if no item was found. */ -static int -find_item (HWND hwnd, const char *str) -{ - LVFINDINFO fnd; - int pos; - - memset (&fnd, 0, sizeof (fnd)); - fnd.flags = LVFI_STRING|LVFI_PARTIAL;; - fnd.psz = str; - pos = ListView_FindItem (hwnd, -1, &fnd); - if (pos != -1) - return pos; - return -1; -} - - -static void -initialize_keybox (HWND dlg, struct recipient_cb_s *cb) -{ - size_t i; - HWND box = GetDlgItem (dlg, IDC_ENC_NOTFOUND); - HWND rset = GetDlgItem (dlg, IDC_ENC_RSET1); - int n; - - if (cb->unknown_keys) - { - for (i=0; cb->unknown_keys[i]; i++) - SendMessage (box, LB_ADDSTRING, 0, - (LPARAM)(const char *)cb->unknown_keys[i]); - } - - if (!cb->fnd_keys) - return; - - /* Copy all requested keys into the second recipient listview - to indicate that these key were automatically picked via - the 'From' mailing header. */ - for (i=0; cb->fnd_keys[i]; i++) - { - char *uid = utf8_to_native (cb->fnd_keys[i]->uids->name); - - n = find_item (rset, uid); - if (n != -1) - copy_item (dlg, IDC_ENC_RSET1, n); - xfree (uid); - } -} - -/* To avoid writing a dialog template for each language we use gettext - for the labels and hope that there is enough space in the dialog to - fit teh longest translation. */ -static void -recipient_dlg_set_labels (HWND dlg) -{ - static struct { int itemid; const char *label; } labels[] = { - { IDC_ENC_RSET2_T, N_("Selected recipients:")}, - { IDC_ENC_NOTFOUND_T, N_("Recipient which were NOT found")}, - { IDCANCEL, N_("&Cancel")}, - { 0, NULL} - }; - int i; - - for (i=0; labels[i].itemid; i++) - SetDlgItemText (dlg, labels[i].itemid, _(labels[i].label)); -} - - -BOOL CALLBACK -recipient_dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) -{ - static struct recipient_cb_s *rset_cb; - NMHDR *notify; - HWND hrset; - size_t pos; - int i, j; - - switch (msg) - { - case WM_INITDIALOG: - rset_cb = (struct recipient_cb_s *)lparam; - assert (rset_cb != NULL); - recipient_dlg_set_labels (dlg); - initialize_rsetbox (GetDlgItem (dlg, IDC_ENC_RSET1)); - rset_cb->keyarray = load_rsetbox (GetDlgItem (dlg, IDC_ENC_RSET1), - &rset_cb->keyarray_count); - initialize_rsetbox (GetDlgItem (dlg, IDC_ENC_RSET2)); - - if (rset_cb->unknown_keys) - initialize_keybox (dlg, rset_cb); - else - { - /* No unknown keys; thus we do not need the unwanted key box. */ - ShowWindow (GetDlgItem (dlg, IDC_ENC_NOTFOUND_T), SW_HIDE); - ShowWindow (GetDlgItem (dlg, IDC_ENC_NOTFOUND), SW_HIDE); - } - - center_window (dlg, NULL); - SetForegroundWindow (dlg); - return TRUE; - - case WM_NOTIFY: - notify = (LPNMHDR)lparam; - if (notify && notify->code == NM_DBLCLK - && (notify->idFrom == IDC_ENC_RSET1 - || notify->idFrom == IDC_ENC_RSET2)) - copy_item (dlg, notify->idFrom, -1); - break; - - case WM_COMMAND: - switch (LOWORD (wparam)) - { - case IDOK: - hrset = GetDlgItem (dlg, IDC_ENC_RSET2); - if (ListView_GetItemCount (hrset) == 0) - { - MessageBox (dlg, - _("Please select at least one recipient certificate."), - _("Recipient Dialog"), MB_ICONINFORMATION|MB_OK); - return TRUE; - } - - for (j=0; rset_cb->fnd_keys && rset_cb->fnd_keys[j]; j++) - ; - rset_cb->selected_keys_count = ListView_GetItemCount (hrset); - rset_cb->selected_keys = xcalloc (rset_cb->selected_keys_count - + j + 1, - sizeof *rset_cb->selected_keys); - /* Add the selected keys. */ - for (i=0, pos=0; i < rset_cb->selected_keys_count; i++) - { - gpgme_key_t key; - int idata; - - idata = (int)lv_get_item_param (hrset, i); - if (idata >= 0 && idata < rset_cb->keyarray_count) - { - key = rset_cb->keyarray[idata]; - gpgme_key_ref (key); - rset_cb->selected_keys[pos++] = key; - - switch (key->uids->validity) - { - case GPGME_VALIDITY_FULL: - case GPGME_VALIDITY_ULTIMATE: - break; - default: - /* Force encryption if one key is not fully - trusted. Actually this is a bit silly but - supposedly here to allow adding an option to - disable this "feature". It is however pretty - much messed up: The default key should never - be processed here but set into the gpg.conf - file becuase it is always trusted. */ - rset_cb->opts |= OPT_FLAG_FORCE; - break; - } - } - else - log_debug ("List item not correctly initialized - ignored\n"); - } - /* Add the already found keys. */ - for (i=0; rset_cb->fnd_keys && rset_cb->fnd_keys[i]; i++) - { - gpgme_key_ref (rset_cb->fnd_keys[i]); - rset_cb->selected_keys[pos++] = rset_cb->fnd_keys[i]; - } - - rset_cb->selected_keys_count = pos; - EndDialog (dlg, TRUE); - break; - - case IDCANCEL: - /* now that Outlook correctly aborts the delivery, we do not - need any warning message if the user cancels thi dialog. */ - rset_cb->opts = OPT_FLAG_CANCEL; - EndDialog (dlg, FALSE); - break; - } - break; - } - return FALSE; -} - - - -/* Display a recipient dialog to select keys and return all selected - keys in RET_RSET. Returns the selected options which may include - OPT_FLAG_CANCEL. */ -unsigned int -recipient_dialog_box (gpgme_key_t **ret_rset) -{ - struct recipient_cb_s cb; - int resid; - - *ret_rset = NULL; - - memset (&cb, 0, sizeof (cb)); - resid = IDD_ENC; - DialogBoxParam (glob_hinst, (LPCTSTR)resid, GetDesktopWindow(), - recipient_dlg_proc, (LPARAM)&cb); - if (cb.opts & OPT_FLAG_CANCEL) - release_keyarray (cb.selected_keys, cb.selected_keys_count); - else - *ret_rset = cb.selected_keys; - release_keyarray (cb.keyarray, cb.keyarray_count); - return cb.opts; -} - - -/* Exactly like recipient_dialog_box with the difference, that this - dialog is used when some recipients were not found due to automatic - selection. In such a case, the dialog displays the found recipients - and the listbox contains the items which were _not_ found. FND is - a NULL terminated array with the keys we already found, UNKNOWn is - a string array with names of recipients for whom we don't have a - key yet. RET_RSET returs a NULL termintated array with all - selected keys. The function returns the selected options which may - include OPT_FLAG_CANCEL. -*/ -unsigned int -recipient_dialog_box2 (gpgme_key_t *fnd, char **unknown, - gpgme_key_t **ret_rset) -{ - struct recipient_cb_s cb; - int resid; - - *ret_rset = NULL; - - memset (&cb, 0, sizeof (cb)); - cb.fnd_keys = fnd; - cb.unknown_keys = unknown; - - resid = IDD_ENC; - DialogBoxParam (glob_hinst, (LPCTSTR)resid, GetDesktopWindow (), - recipient_dlg_proc, (LPARAM)&cb); - - if (cb.opts & OPT_FLAG_CANCEL) - release_keyarray (cb.selected_keys, cb.selected_keys_count); - else - *ret_rset = cb.selected_keys; - - release_keyarray (cb.keyarray, cb.keyarray_count); - return cb.opts; -} diff --git a/src/verify-dialog.c b/src/verify-dialog.c deleted file mode 100644 index 34e9d5a..0000000 --- a/src/verify-dialog.c +++ /dev/null @@ -1,296 +0,0 @@ -/* verify-dialog.c - * Copyright (C) 2005, 2007 g10 Code GmbH - * - * This file is part of GpgOL. - * - * GpgOL is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * GpgOL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program; if not, see . - */ - -#include - -#include -#include - -#include "common.h" -#include "gpgol-ids.h" -#include "dialogs.h" - -struct dialog_context -{ - gpgme_verify_result_t res; - gpgme_protocol_t protocol; - const char *filename; -}; - - -static char* -get_timestamp (time_t l) -{ - static char buf[64]; - struct tm * tm; - - if (l == 0) { - sprintf (buf, "????" "-??" "-?? ??" ":??" ":??"); - return buf; - } - - tm = localtime (&l); - sprintf (buf, "%04d-%02d-%02d %02d:%02d:%02d", - tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday, - tm->tm_hour, tm->tm_min, tm->tm_sec); - return buf; -} - - -static int -load_akalist (HWND dlg, gpgme_key_t key) -{ - gpgme_user_id_t u; - char *uid; - int n = 0; - - u = key->uids; - if (!u->next) - return n; - for (u=u->next; u; u=u->next) - { - uid = utf8_to_native (u->uid); - SendDlgItemMessage (dlg, IDC_VRY_AKALIST, LB_ADDSTRING, - 0, (LPARAM)(const char*)uid); - xfree (uid); - n++; - } - return n; -} - - -static void -load_sigbox (HWND dlg, gpgme_verify_result_t ctx, gpgme_protocol_t protocol) -{ - gpgme_error_t err; - gpgme_key_t key; - char buf[2+16+1]; - char *p; - const char *s; - int stat; - int valid, no_key = 0, n = 0; - - s = get_timestamp (ctx->signatures->timestamp); - SetDlgItemText (dlg, IDC_VRY_TIME, s); - - s = ctx->signatures->fpr; - if (strlen (s) == 40) - strncpy (buf+2, s+40-8, 8); - else if (strlen (s) == 32) /* MD5:RSAv3 */ - strncpy (buf+2, s+32-8, 8); - else - strncpy (buf+2, s+8, 8); - buf[10] = 0; - buf[0] = '0'; - buf[1] = 'x'; - SetDlgItemText (dlg, IDC_VRY_KEYID, buf); - - { - gpgme_ctx_t gctx; - - key = NULL; - if (!gpgme_new (&gctx)) - { - gpgme_set_protocol (gctx, protocol); - err = gpgme_get_key (gctx, buf+2, &key, 0); - if (err) - { - log_debug ("getting key `%s' failed: %s", - buf+2, gpg_strerror (err)); - key = NULL; - } - gpgme_release (gctx); - } - } - - stat = ctx->signatures->summary; - if (stat & GPGME_SIGSUM_RED) - s = _("BAD signature!"); - else if (!stat || (stat & GPGME_SIGSUM_GREEN)) - s = _("Good signature"); - else if (stat & GPGME_SIGSUM_KEY_REVOKED) - s = _("Good signature from revoked certificate"); - else if (stat & GPGME_SIGSUM_KEY_EXPIRED) - s = _("Good signature from expired certificate"); - else if (stat & GPGME_SIGSUM_SIG_EXPIRED) - s = _("Good expired signature"); - else if (stat & GPGME_SIGSUM_KEY_MISSING) - { - s = _("Could not check signature: missing certificate"); - no_key = 1; - } - else - s = _("Verification error"); - /* XXX: if we have a key we do _NOT_ trust, stat is 'wrong' */ - SetDlgItemText (dlg, IDC_VRY_STATUS, s); - - if (key && key->uids) - { - p = utf8_to_native (key->uids->uid); - SetDlgItemText (dlg, IDC_VRY_ISSUER, p); - xfree (p); - - n = load_akalist (dlg, key); - gpgme_key_release (key); - if (n == 0) - EnableWindow (GetDlgItem (dlg, IDC_VRY_AKALIST), FALSE); - } - else - { - s = _("User-ID not found"); - SetDlgItemText (dlg, IDC_VRY_ISSUER, s); - } - - s = get_pubkey_algo_str (ctx->signatures->pubkey_algo); - SetDlgItemText (dlg, IDC_VRY_PKALGO, s); - - valid = ctx->signatures->validity; - if (stat & GPGME_SIGSUM_RED) - { - /* This is a BAD signature; give a hint to the user. */ - SetDlgItemText (dlg, IDC_VRY_HINT, - _("This may be due to a wrong option setting")); - } - else if (stat & GPGME_SIGSUM_SIG_EXPIRED) - { - const char *fmt; - - fmt = _("Signature expired on %s"); - s = get_timestamp (ctx->signatures->exp_timestamp); - p = xmalloc (strlen (s)+1+strlen (fmt)+2); - sprintf (p, fmt, s); - SetDlgItemText (dlg, IDC_VRY_HINT, s); - xfree (p); - } - else if (valid < GPGME_VALIDITY_MARGINAL) - { - switch (valid) - { - case GPGME_VALIDITY_NEVER: - s = _("Signature issued by a certificate we do NOT trust."); - break; - - default: - if (no_key) - s = ""; - else - s = _("Signature issued by a non-valid certificate."); - break; - } - SetDlgItemText (dlg, IDC_VRY_HINT, s); - } -} - - - -/* To avoid writing a dialog template for each language we use gettext - for the labels and hope that there is enough space in the dialog to - fit teh longest translation. */ -static void -verify_dlg_set_labels (HWND dlg) -{ - static struct { int itemid; const char *label; } labels[] = { - { IDC_VRY_TIME_T, N_("Signature made")}, - { IDC_VRY_PKALGO_T, N_("using")}, - { IDC_VRY_KEYID_T, N_("cert-ID")}, - { IDC_VRY_ISSUER_T, N_("from")}, - { IDC_VRY_AKALIST_T,N_("also known as")}, - { 0, NULL} - }; - int i; - - for (i=0; labels[i].itemid; i++) - SetDlgItemText (dlg, labels[i].itemid, _(labels[i].label)); -} - - - -static BOOL CALLBACK -verify_dlg_proc (HWND dlg, UINT msg, WPARAM wparam, LPARAM lparam) -{ - static struct dialog_context *ctx; - - switch (msg) - { - case WM_INITDIALOG: - ctx = (struct dialog_context *)lparam; - load_sigbox (dlg, ctx->res, ctx->protocol); - verify_dlg_set_labels (dlg); - center_window (dlg, NULL); - SetForegroundWindow (dlg); - if (ctx->filename) - { - const char *s; - - switch (ctx->protocol) - { - case GPGME_PROTOCOL_OpenPGP: - s = _("PGP/MIME Verification Result"); - break; - case GPGME_PROTOCOL_CMS: - s = _("S/MIME Verification Result"); - break; - default: - s = "?"; - break; - } - - char *tmp = xmalloc (strlen (ctx->filename) - + strlen (s) + 100); - strcpy (stpcpy (stpcpy (stpcpy (tmp, s), - " ("), ctx->filename), ")"); - SetWindowText (dlg, tmp); - xfree (tmp); - } - break; - - case WM_COMMAND: - switch (LOWORD(wparam)) - { - case IDOK: - EndDialog (dlg, TRUE); - break; - } - break; - } - - return FALSE; -} - - -/* Display the verify dialog based on the gpgme result in - RES. FILENAME is used to modify the caption of the dialog; it may - be NULL. */ -int -verify_dialog_box (gpgme_protocol_t protocol, - gpgme_verify_result_t res, const char *filename) -{ - struct dialog_context ctx; - int resid; - - memset (&ctx,0, sizeof ctx); - ctx.res = res; - ctx.protocol = protocol; - ctx.filename = filename; - - resid = IDD_VRY; - DialogBoxParam (glob_hinst, (LPCTSTR)resid, GetDesktopWindow (), - verify_dlg_proc, (LPARAM)&ctx); - return res->signatures->summary == GPGME_SIGSUM_GREEN? 0 : -1; -} ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 15 +- src/config-dialog.c | 5 + src/engine-assuan.c | 63 ++-- src/engine.c | 4 +- src/main.c | 13 - src/mapi32.def | 164 ---------- src/olflange-dlgs.cpp | 6 + src/oomhelp.cpp | 4 +- src/passcache.c | 263 ---------------- src/passcache.h | 34 --- src/passphrase-dialog.c | 786 ------------------------------------------------ src/proto-auto.bmp | Bin 246 -> 0 bytes src/proto-pgpmime.bmp | Bin 246 -> 0 bytes src/proto-smime.bmp | Bin 246 -> 0 bytes src/recipient-dialog.c | 565 ---------------------------------- src/util.h | 7 + src/verify-dialog.c | 296 ------------------ 17 files changed, 71 insertions(+), 2154 deletions(-) delete mode 100644 src/mapi32.def delete mode 100644 src/passcache.c delete mode 100644 src/passcache.h delete mode 100644 src/passphrase-dialog.c delete mode 100644 src/proto-auto.bmp delete mode 100644 src/proto-pgpmime.bmp delete mode 100644 src/proto-smime.bmp delete mode 100644 src/recipient-dialog.c delete mode 100644 src/verify-dialog.c hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 4 17:10:58 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Wed, 04 Nov 2015 17:10:58 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-93-g099467d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 099467d571206a3dbf4b606792a01a1e7f0e0df8 (commit) from 6533170a34d9e6f7191e41b31045ad0b4b4af1df (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 099467d571206a3dbf4b606792a01a1e7f0e0df8 Author: Andre Heinecke Date: Wed Nov 4 17:09:48 2015 +0100 Add mkinstalldirs script * build-aux/mkinstalldirs: New. Copied from gpgme. -- This fixes make install which was broken after the latest build system upgrade. diff --git a/build-aux/mkinstalldirs b/build-aux/mkinstalldirs new file mode 100755 index 0000000..ef7e16f --- /dev/null +++ b/build-aux/mkinstalldirs @@ -0,0 +1,161 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy + +scriptversion=2006-05-11.19 + +# Original author: Noah Friedman +# Created: 1993-05-16 +# Public domain. +# +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +nl=' +' +IFS=" "" $nl" +errstatus=0 +dirmode= + +usage="\ +Usage: mkinstalldirs [-h] [--help] [--version] [-m MODE] DIR ... + +Create each directory DIR (with mode MODE, if specified), including all +leading file name components. + +Report bugs to ." + +# process command line arguments +while test $# -gt 0 ; do + case $1 in + -h | --help | --h*) # -h for help + echo "$usage" + exit $? + ;; + -m) # -m PERM arg + shift + test $# -eq 0 && { echo "$usage" 1>&2; exit 1; } + dirmode=$1 + shift + ;; + --version) + echo "$0 $scriptversion" + exit $? + ;; + --) # stop option processing + shift + break + ;; + -*) # unknown option + echo "$usage" 1>&2 + exit 1 + ;; + *) # first non-opt arg + break + ;; + esac +done + +for file +do + if test -d "$file"; then + shift + else + break + fi +done + +case $# in + 0) exit 0 ;; +esac + +# Solaris 8's mkdir -p isn't thread-safe. If you mkdir -p a/b and +# mkdir -p a/c at the same time, both will detect that a is missing, +# one will create a, then the other will try to create a and die with +# a "File exists" error. This is a problem when calling mkinstalldirs +# from a parallel make. We use --version in the probe to restrict +# ourselves to GNU mkdir, which is thread-safe. +case $dirmode in + '') + if mkdir -p --version . >/dev/null 2>&1 && test ! -d ./--version; then + echo "mkdir -p -- $*" + exec mkdir -p -- "$@" + else + # On NextStep and OpenStep, the `mkdir' command does not + # recognize any option. It will interpret all options as + # directories to create, and then abort because `.' already + # exists. + test -d ./-p && rmdir ./-p + test -d ./--version && rmdir ./--version + fi + ;; + *) + if mkdir -m "$dirmode" -p --version . >/dev/null 2>&1 && + test ! -d ./--version; then + echo "mkdir -m $dirmode -p -- $*" + exec mkdir -m "$dirmode" -p -- "$@" + else + # Clean up after NextStep and OpenStep mkdir. + for d in ./-m ./-p ./--version "./$dirmode"; + do + test -d $d && rmdir $d + done + fi + ;; +esac + +for file +do + case $file in + /*) pathcomp=/ ;; + *) pathcomp= ;; + esac + oIFS=$IFS + IFS=/ + set fnord $file + shift + IFS=$oIFS + + for d + do + test "x$d" = x && continue + + pathcomp=$pathcomp$d + case $pathcomp in + -*) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + else + if test ! -z "$dirmode"; then + echo "chmod $dirmode $pathcomp" + lasterr= + chmod "$dirmode" "$pathcomp" || lasterr=$? + + if test ! -z "$lasterr"; then + errstatus=$lasterr + fi + fi + fi + fi + + pathcomp=$pathcomp/ + done +done + +exit $errstatus + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: ----------------------------------------------------------------------- Summary of changes: build-aux/mkinstalldirs | 161 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100755 build-aux/mkinstalldirs hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 5 13:59:57 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 05 Nov 2015 13:59:57 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-106-gcd2d685 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via cd2d685230ecafb7df504ef2b16cf1ec9a014300 (commit) via 2b27acc3435e73fad7460b551a36b4064cdd58be (commit) from 6897bbf1aa9bf0a61b186ea1a9bcb463fb1fd10e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cd2d685230ecafb7df504ef2b16cf1ec9a014300 Author: Neal H. Walfield Date: Thu Nov 5 13:59:33 2015 +0100 tools: Fix gpgkey2ssh's most gratuitous errors. Use gpg2, not gpg. * tools/gpgkey2ssh.c (main): Add support for --help. Replace the most gratuitous asserts with error messages. Invoke gpg2, not gpg. -- Signed-off-by: Neal H. Walfield Debian-bug-id: 380241 diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c index d22c5ac..2054150 100644 --- a/tools/gpgkey2ssh.c +++ b/tools/gpgkey2ssh.c @@ -248,7 +248,7 @@ main (int argc, char **argv) int algorithm_id; pkdbuf_t *pkdbuf; size_t pkdbuf_n; - char *command; + char *command = NULL; FILE *fp; int ret; gcry_error_t err; @@ -263,21 +263,50 @@ main (int argc, char **argv) algorithm_id = 0; /* (avoid cc warning) */ identifier = NULL; /* (avoid cc warning) */ - assert (argc == 2); + if (argc != 2) + { + fprintf (stderr, "Usage: %s KEYID\n", argv[0]); + exit (1); + } + if (strcmp (argv[1], "--help") == 0) + { + fprintf (stderr, "Usage: %s KEYID\n", argv[0]); + fprintf (stderr, "\n"); + fprintf (stderr, + "Convert a gpg key to a format appropriate for inclusion in an\n" + "ssh authorized_keys file.\n"); + exit (0); + } keyid = argv[1]; - ret = asprintf (&command, - "gpg --list-keys --with-colons --with-key-data '%s'", - keyid); - assert (ret > 0); + asprintf (&command, + "gpg2 --list-keys --with-colons --with-key-data '%s'", + keyid); + if (! command) + { + fprintf (stderr, "Out of memory.\n"); + exit (1); + } fp = popen (command, "r"); - assert (fp); + if (! fp) + { + fprintf (stderr, "Failed to running: '%s'\n", command); + exit (1); + } err = retrieve_key_material (fp, keyid, &algorithm_id, &pkdbuf, &pkdbuf_n); - assert (! err); - assert ((algorithm_id == 1) || (algorithm_id == 17)); + if (err) + { + fprintf (stderr, "Error looking up key: %s\n", gpg_strerror (err)); + exit (1); + } + if (! ((algorithm_id == 1) || (algorithm_id == 17))) + { + fprintf (stderr, "Unsupported algorithm: %d\n", algorithm_id); + exit (1); + } if (algorithm_id == 1) { commit 2b27acc3435e73fad7460b551a36b4064cdd58be Author: Neal H. Walfield Date: Thu Nov 5 13:57:32 2015 +0100 doc: Add documentation for gpgkey2ssh. * doc/tools.texi: Add documentation for gpgkey2ssh. -- Signed-off-by: Neal H. Walfield Co-authored-by: Daniel Kahn Gillmor GnuPG-bug-id: 1067 Debian-bug-id 380241 diff --git a/doc/tools.texi b/doc/tools.texi index 425790e..bab0fe8 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -21,6 +21,7 @@ GnuPG comes with a couple of smaller tools: * gpgparsemail:: Parse a mail message into an annotated format * symcryptrun:: Call a simple symmetric encryption tool. * gpg-zip:: Encrypt or sign files into an archive. +* gpgkey2ssh:: Emit GPG public keys in OpenSSH format. @end menu @c @@ -1893,3 +1894,73 @@ gpg-zip --list-archive test1 @command{tar}(1), @end ifset @include see-also-note.texi + + + at c + at c GPGKEY2SSH + at c + at manpage gpgkey2ssh.1 + at node gpgkey2ssh + at section Emit GPG public keys in OpenSSH format + at ifset manverb +.B gpgkey2ssh \- Emit GPG public keys in OpenSSH format + at end ifset + + at mansect synopsis + at ifset manverb +.B gpgkey2ssh +.I keyid + at end ifset + + at mansect description + at command{gpgkey2ssh} emits the public key of an OpenPGP RSA or DSA key +in a format readable by OpenSSH clients and servers. + +It takes only a single argument, a key ID, which designates the +primary key or subkey whose public key should be converted. + +The key ID should use upper-case (A-F, not a-f) for all hex digits +greater than 9, and the key in question must be present in + at code{gpg}'s public keyring. + +The output of a successful run can be used verbatim as an entry in an + at code{authorized_keys} file for @code{sshd}, or can be prefixed with a +host name and appended to a @code{known_hosts} file for @code{ssh}. + + at mansect return value + +The program returns 0 if the key was successfully converted and +non-zero if there was an error (e.g., if the key ID was malformed, the +key was not present in the public keyring, or if the key is not an RSA +or DSA key). + + at mansect environment + at subsection Environment + + at table @asis + + at item HOME +Used to locate the default home directory. + + at item GNUPGHOME +If set directory used instead of "~/.gnupg". + + at end table + + at mansect files + at subsection FILES + + at table @asis + + at item gpg2 +The command used to search the user's keyring. + + at end table + + at mansect see also + at ifset isman + at command{gpg2}(1), + at command{sshd}(8), + at command{ssh}(1) + at end ifset + at include see-also-note.texi ----------------------------------------------------------------------- Summary of changes: doc/tools.texi | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ tools/gpgkey2ssh.c | 47 +++++++++++++++++++++++++++++------- 2 files changed, 109 insertions(+), 9 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 5 14:20:31 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 05 Nov 2015 14:20:31 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-109-gec409e6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via ec409e62aea6cc829299be794f9d035d033cb51b (commit) via fd4b9e232805b2e30b29903568c95cc0aad8bbec (commit) via 2b0e0a53b4db8c44e299f57a9f4f9fc1b825e707 (commit) from cd2d685230ecafb7df504ef2b16cf1ec9a014300 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ec409e62aea6cc829299be794f9d035d033cb51b Author: Neal H. Walfield Date: Thu Nov 5 12:20:42 2015 +0100 gpg: Add support for unwrapping the outer level of encryption. * g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set, copy the data to the output file instead of continuing to process it. * g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap. (opts): Handle oUnwrap. (main): Likewise. * g10/options.h (opt): Add field unwrap_encryption. * g10/plaintext.c (handle_plaintext): Break the output file selection functionality into ... (get_output_file): ... this new function. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1060 Debian-bug-id: 282061 diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 570a71d..b575f39 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -221,7 +221,38 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) else iobuf_push_filter ( ed->buf, decode_filter, dfx ); - proc_packets (ctrl, procctx, ed->buf ); + if (opt.unwrap_encryption) + { + char *filename; + estream_t fp; + rc = get_output_file ("", 0, ed->buf, &filename, &fp); + if (! rc) + { + iobuf_t output = iobuf_esopen (fp, "w", 0); + armor_filter_context_t *afx = NULL; + + if (opt.armor) + { + afx = new_armor_context (); + push_armor_filter (afx, output); + } + + iobuf_copy (output, ed->buf); + if ((rc = iobuf_error (ed->buf))) + log_error (_("error reading: %s\n"), + filename, gpg_strerror (rc)); + else if ((rc = iobuf_error (output))) + log_error (_("error writing output ('%s'): %s\n"), + filename, gpg_strerror (rc)); + + iobuf_close (output); + if (afx) + release_armor_context (afx); + } + } + else + proc_packets (ctrl, procctx, ed->buf ); + ed->buf = NULL; if (dfx->eof_seen > 1 ) rc = gpg_error (GPG_ERR_INV_PACKET); diff --git a/g10/gpg.c b/g10/gpg.c index cdf7b0d..ef283b4 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -391,6 +391,7 @@ enum cmd_and_opt_values oTOFUDefaultPolicy, oTOFUDBFormat, oWeakDigest, + oUnwrap, oNoop }; @@ -753,6 +754,7 @@ static ARGPARSE_OPTS opts[] = { "personal-compress-preferences", "@"), ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), + ARGPARSE_s_n (oUnwrap, "unwrap", "@"), /* Aliases. I constantly mistype these, and assume other people do as well. */ @@ -3147,6 +3149,9 @@ main (int argc, char **argv) case oWeakDigest: additional_weak_digest(pargs.r.ret_str); break; + case oUnwrap: + opt.unwrap_encryption = 1; + break; case oDisplay: set_opt_session_env ("DISPLAY", pargs.r.ret_str); diff --git a/g10/options.h b/g10/options.h index bc92dd7..c8541b2 100644 --- a/g10/options.h +++ b/g10/options.h @@ -262,6 +262,8 @@ struct int passphrase_repeat; int pinentry_mode; + + int unwrap_encryption; } opt; /* CTRL is used to keep some global variables we currently can't diff --git a/g10/packet.h b/g10/packet.h index 21c80f3..387a5b5 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -663,6 +663,8 @@ int handle_compressed (ctrl_t ctrl, void *ctx, PKT_compressed *cd, int decrypt_data (ctrl_t ctrl, void *ctx, PKT_encrypted *ed, DEK *dek ); /*-- plaintext.c --*/ +gpg_error_t get_output_file (const byte *embedded_name, int embedded_namelen, + iobuf_t data, char **fnamep, estream_t *fpp); int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, int nooutput, int clearsig ); int ask_for_detached_datafile( gcry_md_hd_t md, gcry_md_hd_t md2, diff --git a/g10/plaintext.c b/g10/plaintext.c index 7929f66..aeee2ac 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -40,53 +40,29 @@ #include "i18n.h" -/* Handle a plaintext packet. If MFX is not NULL, update the MDs - * Note: We should have used the filter stuff here, but we have to add - * some easy mimic to set a read limit, so we calculate only the bytes - * from the plaintext. */ -int -handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx, - int nooutput, int clearsig) -{ - char *fname = NULL; - estream_t fp = NULL; - static off_t count = 0; - int err = 0; - int c; - int convert = (pt->mode == 't' || pt->mode == 'u'); -#ifdef __riscos__ - int filetype = 0xfff; -#endif +/* Get the output filename. On success, the actual filename that is + used is set in *FNAMEP and a filepointer is returned in *FP. - /* Let people know what the plaintext info is. This allows the - receiving program to try and do something different based on the - format code (say, recode UTF-8 to local). */ - if (!nooutput && is_status_enabled ()) - { - char status[50]; + EMBEDDED_NAME AND EMBEDDED_NAMELEN are normally stored in a + plaintext packet. EMBEDDED_NAMELEN should not include any NUL + terminator (EMBEDDED_NAME does not need to be NUL terminated). - /* Better make sure that stdout has been flushed in case the - output will be written to it. This is to make sure that no - not-yet-flushed stuff will be written after the plaintext - status message. */ - es_fflush (es_stdout); - - snprintf (status, sizeof status, - "%X %lu ", (byte) pt->mode, (ulong) pt->timestamp); - write_status_text_and_buffer (STATUS_PLAINTEXT, - status, pt->name, pt->namelen, 0); + DATA is the iobuf containing the input data. We just use it to get + the input file's filename. - if (!pt->is_partial) - { - snprintf (status, sizeof status, "%lu", (ulong) pt->len); - write_status_text (STATUS_PLAINTEXT_LENGTH, status); - } - } + On success, the caller is responsible for calling xfree on *FNAMEP + and calling es_close on *FPP. */ +gpg_error_t +get_output_file (const byte *embedded_name, int embedded_namelen, + iobuf_t data, char **fnamep, estream_t *fpp) +{ + gpg_error_t err = 0; + char *fname = NULL; + estream_t fp = NULL; + int nooutput = 0; /* Create the filename as C string. */ - if (nooutput) - ; - else if (opt.outfp) + if (opt.outfp) { fname = xtrystrdup ("[FP]"); if (!fname) @@ -104,16 +80,17 @@ handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx, goto leave; } } - else if (pt->namelen == 8 && !memcmp (pt->name, "_CONSOLE", 8)) + else if (embedded_namelen == 8 && !memcmp (embedded_name, "_CONSOLE", 8)) { log_info (_("data not saved; use option \"--output\" to save it\n")); nooutput = 1; } else if (!opt.flags.use_embedded_filename) { - fname = make_outfile_name (iobuf_get_real_fname (pt->buf)); + if (data) + fname = make_outfile_name (iobuf_get_real_fname (data)); if (!fname) - fname = ask_outfile_name (pt->name, pt->namelen); + fname = ask_outfile_name (embedded_name, embedded_namelen); if (!fname) { err = gpg_error (GPG_ERR_GENERAL); /* Can't create file. */ @@ -121,7 +98,7 @@ handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx, } } else - fname = utf8_to_native (pt->name, pt->namelen, 0); + fname = utf8_to_native (embedded_name, embedded_namelen, 0); if (nooutput) ; @@ -205,7 +182,8 @@ handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx, /* If there's a ,xxx extension in the embedded filename, use that, else check whether the user input (in fname) has a ,xxx appended, then use that in preference */ - if ((c = riscos_get_filetype_from_string (pt->name, pt->namelen)) != -1) + if ((c = riscos_get_filetype_from_string (embedded_name, + embedded_namelen)) != -1) filetype = c; if ((c = riscos_get_filetype_from_string (fname, strlen (fname))) != -1) filetype = c; @@ -213,6 +191,70 @@ handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx, } #endif /* __riscos__ */ + leave: + if (err) + { + if (fp && fp != es_stdout && fp != opt.outfp) + es_fclose (fp); + xfree (fname); + return err; + } + + *fnamep = fname; + *fpp = fp; + return 0; +} + +/* Handle a plaintext packet. If MFX is not NULL, update the MDs + * Note: We should have used the filter stuff here, but we have to add + * some easy mimic to set a read limit, so we calculate only the bytes + * from the plaintext. */ +int +handle_plaintext (PKT_plaintext * pt, md_filter_context_t * mfx, + int nooutput, int clearsig) +{ + char *fname = NULL; + estream_t fp = NULL; + static off_t count = 0; + int err = 0; + int c; + int convert = (pt->mode == 't' || pt->mode == 'u'); +#ifdef __riscos__ + int filetype = 0xfff; +#endif + + /* Let people know what the plaintext info is. This allows the + receiving program to try and do something different based on the + format code (say, recode UTF-8 to local). */ + if (!nooutput && is_status_enabled ()) + { + char status[50]; + + /* Better make sure that stdout has been flushed in case the + output will be written to it. This is to make sure that no + not-yet-flushed stuff will be written after the plaintext + status message. */ + es_fflush (es_stdout); + + snprintf (status, sizeof status, + "%X %lu ", (byte) pt->mode, (ulong) pt->timestamp); + write_status_text_and_buffer (STATUS_PLAINTEXT, + status, pt->name, pt->namelen, 0); + + if (!pt->is_partial) + { + snprintf (status, sizeof status, "%lu", (ulong) pt->len); + write_status_text (STATUS_PLAINTEXT_LENGTH, status); + } + } + + if (! nooutput) + { + err = get_output_file (pt->name, pt->namelen, pt->buf, &fname, &fp); + if (err) + goto leave; + } + if (!pt->is_partial) { /* We have an actual length (which might be zero). */ commit fd4b9e232805b2e30b29903568c95cc0aad8bbec Author: Neal H. Walfield Date: Thu Nov 5 12:19:45 2015 +0100 common: Add a function for copying data from one iobuf to another. * common/iobuf.c (iobuf_copy): New function. -- Signed-off-by: Neal H. Walfield diff --git a/common/iobuf.c b/common/iobuf.c index 795ff11..ca8609e 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -2208,6 +2208,41 @@ iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen) return n; } +/* Copies the data from the input iobuf SOURCE to the output iobuf + DEST until either an error is encountered or EOF is reached. + Returns the number of bytes copies. */ +size_t +iobuf_copy (iobuf_t dest, iobuf_t source) +{ + char *temp; + /* Use a 1 MB buffer. */ + const size_t temp_size = 1024 * 1024; + + size_t nread; + size_t nwrote = 0; + int err; + + assert (source->use == IOBUF_INPUT || source->use == IOBUF_INPUT_TEMP); + assert (dest->use == IOBUF_OUTPUT || source->use == IOBUF_OUTPUT_TEMP); + + temp = xmalloc (temp_size); + while (1) + { + nread = iobuf_read (source, temp, temp_size); + if (nread == -1) + /* EOF. */ + break; + + err = iobuf_write (dest, temp, nread); + if (err) + break; + nwrote += nread; + } + xfree (temp); + + return nwrote; +} + void iobuf_flush_temp (iobuf_t temp) diff --git a/common/iobuf.h b/common/iobuf.h index bce6c31..e106292 100644 --- a/common/iobuf.h +++ b/common/iobuf.h @@ -552,6 +552,14 @@ int iobuf_write_temp (iobuf_t dest, iobuf_t source); BUFFER. Returns the number of bytes actually copied. */ size_t iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen); +/* Copies the data from the input iobuf SOURCE to the output iobuf + DEST until either an error is encountered or EOF is reached. + Returns the number of bytes successfully written. If an error + occured, then any buffered bytes are not returned to SOURCE and are + effectively lost. To check if an error occured, use + iobuf_error. */ +size_t iobuf_copy (iobuf_t dest, iobuf_t source); + /* Return the size of any underlying file. This only works with file_filter based pipelines. commit 2b0e0a53b4db8c44e299f57a9f4f9fc1b825e707 Author: Neal H. Walfield Date: Thu Nov 5 14:08:49 2015 +0100 doc: Note that gpgkey2ssh is deprecated. * doc/tools.texi (gpgkey2ssh): Note that gpgkey2ssh is deprecated. -- Signed-off-by: Neal H. Walfield diff --git a/doc/tools.texi b/doc/tools.texi index bab0fe8..633502e 100644 --- a/doc/tools.texi +++ b/doc/tools.texi @@ -1913,6 +1913,8 @@ gpg-zip --list-archive test1 @end ifset @mansect description +This tool is deprecated and will be removed soon. + @command{gpgkey2ssh} emits the public key of an OpenPGP RSA or DSA key in a format readable by OpenSSH clients and servers. ----------------------------------------------------------------------- Summary of changes: common/iobuf.c | 35 ++++++++++++++ common/iobuf.h | 8 ++++ doc/tools.texi | 2 + g10/decrypt-data.c | 33 ++++++++++++- g10/gpg.c | 5 ++ g10/options.h | 2 + g10/packet.h | 2 + g10/plaintext.c | 136 +++++++++++++++++++++++++++++++++++------------------ 8 files changed, 175 insertions(+), 48 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 5 14:32:03 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Thu, 05 Nov 2015 14:32:03 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-110-ga958ffd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a958ffd148a46f3757d1c309bb13555638044640 (commit) from ec409e62aea6cc829299be794f9d035d033cb51b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a958ffd148a46f3757d1c309bb13555638044640 Author: Neal H. Walfield Date: Thu Nov 5 14:31:58 2015 +0100 gpg: Indicate which characters are invalid. * g10/keygen.c (ask_user_id): Indicate which characters are invalid. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1143 diff --git a/g10/keygen.c b/g10/keygen.c index 85bbe13..70d351d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -2536,7 +2536,10 @@ ask_user_id (int mode, int full, KBNODE keyblock) break; if( strpbrk( aname, "<>" ) ) + { tty_printf(_("Invalid character in name\n")); + tty_printf(_("The characters < and > may not appear in name\n")); + } else if( digitp(aname) ) tty_printf(_("Name may not start with a digit\n")); else if( strlen(aname) < 5 ) ----------------------------------------------------------------------- Summary of changes: g10/keygen.c | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 5 18:11:43 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Thu, 05 Nov 2015 18:11:43 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-280-g89fa74d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 89fa74d6b3e58cd4fcd6e0939a35e46cbaca2ea0 (commit) via a1cc7bb15473a2419b24ecac765ae0ce5989a13b (commit) via 2857cb89c6dc1c02266600bc1fd2967a3cd5cf88 (commit) via 07e4839e75a7bca3a6c0a94aecfe75efe61d7ff2 (commit) from c0b9eee2d93a13930244f9ce0c14ed6b4aeb6c29 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 89fa74d6b3e58cd4fcd6e0939a35e46cbaca2ea0 Author: Jussi Kivilinna Date: Sun Nov 1 20:44:09 2015 +0200 Improve performance of Tiger hash algorithms * cipher/tiger.c (tiger_round, pass, key_schedule): Convert functions to macros. (transform_blk): Pass variable names instead of pointers to 'pass'. -- Benchmark results on Intel Haswell @ 3.2 Ghz: Before: | nanosecs/byte mebibytes/sec cycles/byte TIGER | 3.25 ns/B 293.5 MiB/s 10.40 c/B After (1.75x faster): | nanosecs/byte mebibytes/sec cycles/byte TIGER | 1.85 ns/B 515.3 MiB/s 5.92 c/B Benchmark results on Cortex-A8 @?1008 Mhz: Before: | nanosecs/byte mebibytes/sec cycles/byte TIGER | 63.42 ns/B 15.04 MiB/s 63.93 c/B After (1.26x faster): | nanosecs/byte mebibytes/sec cycles/byte TIGER | 49.99 ns/B 19.08 MiB/s 50.39 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/tiger.c b/cipher/tiger.c index 078133a..516bd44 100644 --- a/cipher/tiger.c +++ b/cipher/tiger.c @@ -633,68 +633,44 @@ tiger2_init (void *context, unsigned int flags) do_init (context, 2); } -static void -tiger_round( u64 *ra, u64 *rb, u64 *rc, u64 x, int mul ) -{ - u64 a = *ra; - u64 b = *rb; - u64 c = *rc; - - c ^= x; - a -= ( sbox1[ c & 0xff ] ^ sbox2[ (c >> 16) & 0xff ] - ^ sbox3[ (c >> 32) & 0xff ] ^ sbox4[ (c >> 48) & 0xff ]); - b += ( sbox4[ (c >> 8) & 0xff ] ^ sbox3[ (c >> 24) & 0xff ] - ^ sbox2[ (c >> 40) & 0xff ] ^ sbox1[ (c >> 56) & 0xff ]); - b *= mul; - - *ra = a; - *rb = b; - *rc = c; -} - - -static void -pass( u64 *ra, u64 *rb, u64 *rc, u64 *x, int mul ) -{ - u64 a = *ra; - u64 b = *rb; - u64 c = *rc; - - tiger_round( &a, &b, &c, x[0], mul ); - tiger_round( &b, &c, &a, x[1], mul ); - tiger_round( &c, &a, &b, x[2], mul ); - tiger_round( &a, &b, &c, x[3], mul ); - tiger_round( &b, &c, &a, x[4], mul ); - tiger_round( &c, &a, &b, x[5], mul ); - tiger_round( &a, &b, &c, x[6], mul ); - tiger_round( &b, &c, &a, x[7], mul ); - - *ra = a; - *rb = b; - *rc = c; -} - -static void -key_schedule( u64 *x ) -{ - x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5LL; - x[1] ^= x[0]; - x[2] += x[1]; - x[3] -= x[2] ^ ((~x[1]) << 19 ); - x[4] ^= x[3]; - x[5] += x[4]; - x[6] -= x[5] ^ ((~x[4]) >> 23 ); - x[7] ^= x[6]; - x[0] += x[7]; - x[1] -= x[0] ^ ((~x[7]) << 19 ); - x[2] ^= x[1]; - x[3] += x[2]; - x[4] -= x[3] ^ ((~x[2]) >> 23 ); - x[5] ^= x[4]; - x[6] += x[5]; - x[7] -= x[6] ^ 0x0123456789abcdefLL; -} +#define tiger_round(xa, xb, xc, xx, xmul) { \ + xc ^= xx; \ + xa -= ( sbox1[ (xc) & 0xff ] ^ sbox2[ ((xc) >> 16) & 0xff ] \ + ^ sbox3[ ((xc) >> 32) & 0xff ] ^ sbox4[ ((xc) >> 48) & 0xff ]); \ + xb += ( sbox4[ ((xc) >> 8) & 0xff ] ^ sbox3[ ((xc) >> 24) & 0xff ] \ + ^ sbox2[ ((xc) >> 40) & 0xff ] ^ sbox1[ ((xc) >> 56) & 0xff ]); \ + xb *= xmul; } + + +#define pass(ya, yb, yc, yx, ymul) { \ + tiger_round( ya, yb, yc, yx[0], ymul ); \ + tiger_round( yb, yc, ya, yx[1], ymul ); \ + tiger_round( yc, ya, yb, yx[2], ymul ); \ + tiger_round( ya, yb, yc, yx[3], ymul ); \ + tiger_round( yb, yc, ya, yx[4], ymul ); \ + tiger_round( yc, ya, yb, yx[5], ymul ); \ + tiger_round( ya, yb, yc, yx[6], ymul ); \ + tiger_round( yb, yc, ya, yx[7], ymul ); } + + +#define key_schedule(x) { \ + x[0] -= x[7] ^ 0xa5a5a5a5a5a5a5a5LL; \ + x[1] ^= x[0]; \ + x[2] += x[1]; \ + x[3] -= x[2] ^ ((~x[1]) << 19 ); \ + x[4] ^= x[3]; \ + x[5] += x[4]; \ + x[6] -= x[5] ^ ((~x[4]) >> 23 ); \ + x[7] ^= x[6]; \ + x[0] += x[7]; \ + x[1] -= x[0] ^ ((~x[7]) << 19 ); \ + x[2] ^= x[1]; \ + x[3] += x[2]; \ + x[4] -= x[3] ^ ((~x[2]) >> 23 ); \ + x[5] ^= x[4]; \ + x[6] += x[5]; \ + x[7] -= x[6] ^ 0x0123456789abcdefLL; } /**************** @@ -716,11 +692,11 @@ transform_blk ( void *ctx, const unsigned char *data ) b = bb = hd->b; c = cc = hd->c; - pass( &a, &b, &c, x, 5); + pass( a, b, c, x, 5); key_schedule( x ); - pass( &c, &a, &b, x, 7); + pass( c, a, b, x, 7); key_schedule( x ); - pass( &b, &c, &a, x, 9); + pass( b, c, a, x, 9); /* feedforward */ a ^= aa; commit a1cc7bb15473a2419b24ecac765ae0ce5989a13b Author: Jussi Kivilinna Date: Sun Nov 1 16:06:26 2015 +0200 Add ARMv7/NEON implementation of Keccak * cipher/Makefile.am: Add 'keccak-armv7-neon.S'. * cipher/keccak-armv7-neon.S: New. * cipher/keccak.c (USE_64BIT_ARM_NEON): New. (NEED_COMMON64): Select if USE_64BIT_ARM_NEON. [NEED_COMMON64] (round_consts_64bit): Rename to... [NEED_COMMON64] (_gcry_keccak_round_consts_64bit): ...this; Add terminator at end. [USE_64BIT_ARM_NEON] (_gcry_keccak_permute_armv7_neon) (_gcry_keccak_absorb_lanes64_armv7_neon, keccak_permute64_armv7_neon) (keccak_absorb_lanes64_armv7_neon, keccak_armv7_neon_64_ops): New. (keccak_init) [USE_64BIT_ARM_NEON]: Select ARM/NEON implementation if supported by HW. * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Update to use new round constant table. * configure.ac: Add 'keccak-armv7-neon.lo'. -- Patch adds ARMv7/NEON implementation of Keccak (SHAKE/SHA3). Patch is based on public-domain implementation by Ronny Van Keer from SUPERCOP package: https://github.com/floodyberry/supercop/blob/master/crypto_hash/\ keccakc1024/inplace-armv7a-neon/keccak2.s Benchmark results on Cortex-A8 @ 1008 Mhz: Before (generic 32-bit bit-interleaved impl.): | nanosecs/byte mebibytes/sec cycles/byte SHAKE128 | 83.00 ns/B 11.49 MiB/s 83.67 c/B SHAKE256 | 101.7 ns/B 9.38 MiB/s 102.5 c/B SHA3-224 | 96.13 ns/B 9.92 MiB/s 96.90 c/B SHA3-256 | 101.5 ns/B 9.40 MiB/s 102.3 c/B SHA3-384 | 131.4 ns/B 7.26 MiB/s 132.5 c/B SHA3-512 | 189.1 ns/B 5.04 MiB/s 190.6 c/B After (ARM/NEON, ~3.2x faster): | nanosecs/byte mebibytes/sec cycles/byte SHAKE128 | 25.09 ns/B 38.01 MiB/s 25.29 c/B SHAKE256 | 30.95 ns/B 30.82 MiB/s 31.19 c/B SHA3-224 | 29.24 ns/B 32.61 MiB/s 29.48 c/B SHA3-256 | 30.95 ns/B 30.82 MiB/s 31.19 c/B SHA3-384 | 40.42 ns/B 23.59 MiB/s 40.74 c/B SHA3-512 | 58.37 ns/B 16.34 MiB/s 58.84 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/Makefile.am b/cipher/Makefile.am index be03d06..88c8fbf 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -90,7 +90,7 @@ sha1.c sha1-ssse3-amd64.S sha1-avx-amd64.S sha1-avx-bmi2-amd64.S \ sha256.c sha256-ssse3-amd64.S sha256-avx-amd64.S sha256-avx2-bmi2-amd64.S \ sha512.c sha512-ssse3-amd64.S sha512-avx-amd64.S sha512-avx2-bmi2-amd64.S \ sha512-armv7-neon.S \ -keccak.c keccak_permute_32.h keccak_permute_64.h \ +keccak.c keccak_permute_32.h keccak_permute_64.h keccak-armv7-neon.S \ stribog.c \ tiger.c \ whirlpool.c whirlpool-sse2-amd64.S \ diff --git a/cipher/keccak-armv7-neon.S b/cipher/keccak-armv7-neon.S new file mode 100644 index 0000000..0bec8d5 --- /dev/null +++ b/cipher/keccak-armv7-neon.S @@ -0,0 +1,945 @@ +/* keccak-armv7-neon.S - ARMv7/NEON implementation of Keccak + * + * Copyright (C) 2015 Jussi Kivilinna + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#include + +#if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) && \ + defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) && \ + defined(HAVE_GCC_INLINE_ASM_NEON) + +/* Based on public-domain/CC0 implementation from SUPERCOP package + * (keccakc1024/inplace-armv7a-neon/keccak2.s) + * + * Original copyright header follows: + */ + +@ The Keccak sponge function, designed by Guido Bertoni, Joan Daemen, +@ Micha?l Peeters and Gilles Van Assche. For more information, feedback or +@ questions, please refer to our website: http://keccak.noekeon.org/ +@ +@ Implementation by Ronny Van Keer, hereby denoted as "the implementer". +@ +@ To the extent possible under law, the implementer has waived all copyright +@ and related or neighboring rights to the source code in this file. +@ http://creativecommons.org/publicdomain/zero/1.0/ + +.text + +.syntax unified +.fpu neon +.arm + + +.extern _gcry_keccak_round_consts_64bit; + +#ifdef __PIC__ +# define GET_DATA_POINTER(reg, name, rtmp) \ + ldr reg, 1f; \ + ldr rtmp, 2f; \ + b 3f; \ + 1: .word _GLOBAL_OFFSET_TABLE_-(3f+8); \ + 2: .word name(GOT); \ + 3: add reg, pc, reg; \ + ldr reg, [reg, rtmp]; +#else +# define GET_DATA_POINTER(reg, name, rtmp) ldr reg, =name +#endif + + +@// --- offsets in state +.equ Aba, 0*8 +.equ Aga, 1*8 +.equ Aka, 2*8 +.equ Ama, 3*8 +.equ Asa, 4*8 + +@// --- macros + +.macro KeccakThetaRhoPiChiIota argA1, argA2, argA3, argA4, argA5 + + @Prepare Theta + @Ca = Aba^Aga^Aka^Ama^Asa@ + @Ce = Abe^Age^Ake^Ame^Ase@ + @Ci = Abi^Agi^Aki^Ami^Asi@ + @Co = Abo^Ago^Ako^Amo^Aso@ + @Cu = Abu^Agu^Aku^Amu^Asu@ + @De = Ca^ROL64(Ci, 1)@ + @Di = Ce^ROL64(Co, 1)@ + @Do = Ci^ROL64(Cu, 1)@ + @Du = Co^ROL64(Ca, 1)@ + @Da = Cu^ROL64(Ce, 1)@ + + veor.64 q4, q6, q7 + veor.64 q5, q9, q10 + veor.64 d8, d8, d9 + veor.64 d10, d10, d11 + veor.64 d1, d8, d16 + veor.64 d2, d10, d17 + + veor.64 q4, q11, q12 + veor.64 q5, q14, q15 + veor.64 d8, d8, d9 + veor.64 d10, d10, d11 + veor.64 d3, d8, d26 + + vadd.u64 q4, q1, q1 + veor.64 d4, d10, d27 + vmov.64 d0, d5 + vsri.64 q4, q1, #63 + + vadd.u64 q5, q2, q2 + veor.64 q4, q4, q0 + vsri.64 q5, q2, #63 + vadd.u64 d7, d1, d1 + veor.64 \argA2, \argA2, d8 + veor.64 q5, q5, q1 + + vsri.64 d7, d1, #63 + vshl.u64 d1, \argA2, #44 + veor.64 \argA3, \argA3, d9 + veor.64 d7, d7, d4 + + @Ba = argA1^Da@ + @Be = ROL64((argA2^De), 44)@ + @Bi = ROL64((argA3^Di), 43)@ + @Bo = ROL64((argA4^Do), 21)@ + @Bu = ROL64((argA5^Du), 14)@ + @argA2 = Be ^((~Bi)& Bo )@ + @argA3 = Bi ^((~Bo)& Bu )@ + @argA4 = Bo ^((~Bu)& Ba )@ + @argA5 = Bu ^((~Ba)& Be )@ + @argA1 = Ba ^((~Be)& Bi )@ argA1 ^= KeccakF1600RoundConstants[i+round]@ + vsri.64 d1, \argA2, #64-44 + vshl.u64 d2, \argA3, #43 + vldr.64 d0, [sp, #\argA1] + veor.64 \argA4, \argA4, d10 + vsri.64 d2, \argA3, #64-43 + vshl.u64 d3, \argA4, #21 + veor.64 \argA5, \argA5, d11 + veor.64 d0, d0, d7 + vsri.64 d3, \argA4, #64-21 + vbic.64 d5, d2, d1 + vshl.u64 d4, \argA5, #14 + vbic.64 \argA2, d3, d2 + vld1.64 d6, [ip]! + veor.64 d5, d0 + vsri.64 d4, \argA5, #64-14 + veor.64 d5, d6 + vbic.64 \argA5, d1, d0 + vbic.64 \argA3, d4, d3 + vbic.64 \argA4, d0, d4 + veor.64 \argA2, d1 + vstr.64 d5, [sp, #\argA1] + veor.64 \argA3, d2 + veor.64 \argA4, d3 + veor.64 \argA5, d4 + + .endm + +.macro KeccakThetaRhoPiChi1 argA1, argA2, argA3, argA4, argA5 + + @d2 = ROL64((argA1^Da), 3)@ + @d3 = ROL64((argA2^De), 45)@ + @d4 = ROL64((argA3^Di), 61)@ + @d0 = ROL64((argA4^Do), 28)@ + @d1 = ROL64((argA5^Du), 20)@ + @argA1 = Ba ^((~Be)& Bi )@ Ca ^= argA1@ + @argA2 = Be ^((~Bi)& Bo )@ + @argA3 = Bi ^((~Bo)& Bu )@ + @argA4 = Bo ^((~Bu)& Ba )@ + @argA5 = Bu ^((~Ba)& Be )@ + + veor.64 \argA2, \argA2, d8 + veor.64 \argA3, \argA3, d9 + vshl.u64 d3, \argA2, #45 + vldr.64 d6, [sp, #\argA1] + vshl.u64 d4, \argA3, #61 + veor.64 \argA4, \argA4, d10 + vsri.64 d3, \argA2, #64-45 + veor.64 \argA5, \argA5, d11 + vsri.64 d4, \argA3, #64-61 + vshl.u64 d0, \argA4, #28 + veor.64 d6, d6, d7 + vshl.u64 d1, \argA5, #20 + vbic.64 \argA3, d4, d3 + vsri.64 d0, \argA4, #64-28 + vbic.64 \argA4, d0, d4 + vshl.u64 d2, d6, #3 + vsri.64 d1, \argA5, #64-20 + veor.64 \argA4, d3 + vsri.64 d2, d6, #64-3 + vbic.64 \argA5, d1, d0 + vbic.64 d6, d2, d1 + vbic.64 \argA2, d3, d2 + veor.64 d6, d0 + veor.64 \argA2, d1 + vstr.64 d6, [sp, #\argA1] + veor.64 \argA3, d2 + veor.64 d5, d6 + veor.64 \argA5, d4 + + .endm + +.macro KeccakThetaRhoPiChi2 argA1, argA2, argA3, argA4, argA5 + + @d4 = ROL64((argA1^Da), 18)@ + @d0 = ROL64((argA2^De), 1)@ + @d1 = ROL64((argA3^Di), 6)@ + @d2 = ROL64((argA4^Do), 25)@ + @d3 = ROL64((argA5^Du), 8)@ + @argA1 = Ba ^((~Be)& Bi )@ Ca ^= argA1@ + @argA2 = Be ^((~Bi)& Bo )@ + @argA3 = Bi ^((~Bo)& Bu )@ + @argA4 = Bo ^((~Bu)& Ba )@ + @argA5 = Bu ^((~Ba)& Be )@ + + veor.64 \argA3, \argA3, d9 + veor.64 \argA4, \argA4, d10 + vshl.u64 d1, \argA3, #6 + vldr.64 d6, [sp, #\argA1] + vshl.u64 d2, \argA4, #25 + veor.64 \argA5, \argA5, d11 + vsri.64 d1, \argA3, #64-6 + veor.64 \argA2, \argA2, d8 + vsri.64 d2, \argA4, #64-25 + vext.8 d3, \argA5, \argA5, #7 + veor.64 d6, d6, d7 + vbic.64 \argA3, d2, d1 + vadd.u64 d0, \argA2, \argA2 + vbic.64 \argA4, d3, d2 + vsri.64 d0, \argA2, #64-1 + vshl.u64 d4, d6, #18 + veor.64 \argA2, d1, \argA4 + veor.64 \argA3, d0 + vsri.64 d4, d6, #64-18 + vstr.64 \argA3, [sp, #\argA1] + veor.64 d5, \argA3 + vbic.64 \argA5, d1, d0 + vbic.64 \argA3, d4, d3 + vbic.64 \argA4, d0, d4 + veor.64 \argA3, d2 + veor.64 \argA4, d3 + veor.64 \argA5, d4 + + .endm + +.macro KeccakThetaRhoPiChi3 argA1, argA2, argA3, argA4, argA5 + + @d1 = ROL64((argA1^Da), 36)@ + @d2 = ROL64((argA2^De), 10)@ + @d3 = ROL64((argA3^Di), 15)@ + @d4 = ROL64((argA4^Do), 56)@ + @d0 = ROL64((argA5^Du), 27)@ + @argA1 = Ba ^((~Be)& Bi )@ Ca ^= argA1@ + @argA2 = Be ^((~Bi)& Bo )@ + @argA3 = Bi ^((~Bo)& Bu )@ + @argA4 = Bo ^((~Bu)& Ba )@ + @argA5 = Bu ^((~Ba)& Be )@ + + veor.64 \argA2, \argA2, d8 + veor.64 \argA3, \argA3, d9 + vshl.u64 d2, \argA2, #10 + vldr.64 d6, [sp, #\argA1] + vshl.u64 d3, \argA3, #15 + veor.64 \argA4, \argA4, d10 + vsri.64 d2, \argA2, #64-10 + vsri.64 d3, \argA3, #64-15 + veor.64 \argA5, \argA5, d11 + vext.8 d4, \argA4, \argA4, #1 + vbic.64 \argA2, d3, d2 + vshl.u64 d0, \argA5, #27 + veor.64 d6, d6, d7 + vbic.64 \argA3, d4, d3 + vsri.64 d0, \argA5, #64-27 + vshl.u64 d1, d6, #36 + veor.64 \argA3, d2 + vbic.64 \argA4, d0, d4 + vsri.64 d1, d6, #64-36 + + veor.64 \argA4, d3 + vbic.64 d6, d2, d1 + vbic.64 \argA5, d1, d0 + veor.64 d6, d0 + veor.64 \argA2, d1 + vstr.64 d6, [sp, #\argA1] + veor.64 d5, d6 + veor.64 \argA5, d4 + + .endm + +.macro KeccakThetaRhoPiChi4 argA1, argA2, argA3, argA4, argA5 + + @d3 = ROL64((argA1^Da), 41)@ + @d4 = ROL64((argA2^De), 2)@ + @d0 = ROL64((argA3^Di), 62)@ + @d1 = ROL64((argA4^Do), 55)@ + @d2 = ROL64((argA5^Du), 39)@ + @argA1 = Ba ^((~Be)& Bi )@ Ca ^= argA1@ + @argA2 = Be ^((~Bi)& Bo )@ + @argA3 = Bi ^((~Bo)& Bu )@ + @argA4 = Bo ^((~Bu)& Ba )@ + @argA5 = Bu ^((~Ba)& Be )@ + + veor.64 \argA2, \argA2, d8 + veor.64 \argA3, \argA3, d9 + vshl.u64 d4, \argA2, #2 + veor.64 \argA5, \argA5, d11 + vshl.u64 d0, \argA3, #62 + vldr.64 d6, [sp, #\argA1] + vsri.64 d4, \argA2, #64-2 + veor.64 \argA4, \argA4, d10 + vsri.64 d0, \argA3, #64-62 + + vshl.u64 d1, \argA4, #55 + veor.64 d6, d6, d7 + vshl.u64 d2, \argA5, #39 + vsri.64 d1, \argA4, #64-55 + vbic.64 \argA4, d0, d4 + vsri.64 d2, \argA5, #64-39 + vbic.64 \argA2, d1, d0 + vshl.u64 d3, d6, #41 + veor.64 \argA5, d4, \argA2 + vbic.64 \argA2, d2, d1 + vsri.64 d3, d6, #64-41 + veor.64 d6, d0, \argA2 + + vbic.64 \argA2, d3, d2 + vbic.64 \argA3, d4, d3 + veor.64 \argA2, d1 + vstr.64 d6, [sp, #\argA1] + veor.64 d5, d6 + veor.64 \argA3, d2 + veor.64 \argA4, d3 + + .endm + + +@// --- code + + at not callable from C! +.p2align 3 +.type KeccakF_armv7a_neon_asm,%function; +KeccakF_armv7a_neon_asm: @ + +.LroundLoop: + + KeccakThetaRhoPiChiIota Aba, d13, d19, d25, d31 + KeccakThetaRhoPiChi1 Aka, d15, d21, d22, d28 + KeccakThetaRhoPiChi2 Asa, d12, d18, d24, d30 + KeccakThetaRhoPiChi3 Aga, d14, d20, d26, d27 + KeccakThetaRhoPiChi4 Ama, d16, d17, d23, d29 + + KeccakThetaRhoPiChiIota Aba, d15, d18, d26, d29 + KeccakThetaRhoPiChi1 Asa, d14, d17, d25, d28 + KeccakThetaRhoPiChi2 Ama, d13, d21, d24, d27 + KeccakThetaRhoPiChi3 Aka, d12, d20, d23, d31 + KeccakThetaRhoPiChi4 Aga, d16, d19, d22, d30 + + KeccakThetaRhoPiChiIota Aba, d14, d21, d23, d30 + KeccakThetaRhoPiChi1 Ama, d12, d19, d26, d28 + KeccakThetaRhoPiChi2 Aga, d15, d17, d24, d31 + KeccakThetaRhoPiChi3 Asa, d13, d20, d22, d29 + KeccakThetaRhoPiChi4 Aka, d16, d18, d25, d27 + + KeccakThetaRhoPiChiIota Aba, d12, d17, d22, d27 + KeccakThetaRhoPiChi1 Aga, d13, d18, d23, d28 + KeccakThetaRhoPiChi2 Aka, d14, d19, d24, d29 + ldr r0, [ip] + KeccakThetaRhoPiChi3 Ama, d15, d20, d25, d30 + cmp r0, #0xFFFFFFFF + KeccakThetaRhoPiChi4 Asa, d16, d21, d26, d31 + + bne .LroundLoop + sub ip, #(8*24) + bx lr +.p2align 2 +.ltorg +.size KeccakF_armv7a_neon_asm,.-KeccakF_armv7a_neon_asm; + + +@//unsigned _gcry_keccak_permute_armv7_neon(u64 *state) callable from C +.p2align 3 +.global _gcry_keccak_permute_armv7_neon +.type _gcry_keccak_permute_armv7_neon,%function; +_gcry_keccak_permute_armv7_neon: + + push {ip, lr} + vpush {q4-q7} + sub sp,sp, #5*8 + + vldr.64 d0, [r0, #0*8] + vldr.64 d12, [r0, #1*8] + vldr.64 d17, [r0, #2*8] + vldr.64 d22, [r0, #3*8] + vldr.64 d27, [r0, #4*8] + + GET_DATA_POINTER(ip, _gcry_keccak_round_consts_64bit, lr); + + vldr.64 d1, [r0, #5*8] + vldr.64 d13, [r0, #6*8] + vldr.64 d18, [r0, #7*8] + vldr.64 d23, [r0, #8*8] + vldr.64 d28, [r0, #9*8] + + vldr.64 d2, [r0, #10*8] + vldr.64 d14, [r0, #11*8] + vldr.64 d19, [r0, #12*8] + vldr.64 d24, [r0, #13*8] + vldr.64 d29, [r0, #14*8] + + vldr.64 d3, [r0, #15*8] + vldr.64 d15, [r0, #16*8] + vldr.64 d20, [r0, #17*8] + vldr.64 d25, [r0, #18*8] + vldr.64 d30, [r0, #19*8] + + vldr.64 d4, [r0, #20*8] + vldr.64 d16, [r0, #21*8] + vldr.64 d21, [r0, #22*8] + vldr.64 d26, [r0, #23*8] + vldr.64 d31, [r0, #24*8] + + vstr.64 d0, [sp, #Aba] + vstr.64 d1, [sp, #Aga] + veor.64 q0, q0, q1 + vstr.64 d2, [sp, #Aka] + veor.64 d5, d0, d1 + vstr.64 d3, [sp, #Ama] + mov r1, r0 + vstr.64 d4, [sp, #Asa] + veor.64 d5, d5, d4 + + bl KeccakF_armv7a_neon_asm + + vpop.64 { d0- d4 } + + vstr.64 d0, [r1, #0*8] + vstr.64 d12, [r1, #1*8] + vstr.64 d17, [r1, #2*8] + vstr.64 d22, [r1, #3*8] + vstr.64 d27, [r1, #4*8] + + vstr.64 d1, [r1, #5*8] + vstr.64 d13, [r1, #6*8] + vstr.64 d18, [r1, #7*8] + vstr.64 d23, [r1, #8*8] + vstr.64 d28, [r1, #9*8] + + vstr.64 d2, [r1, #10*8] + vstr.64 d14, [r1, #11*8] + vstr.64 d19, [r1, #12*8] + vstr.64 d24, [r1, #13*8] + vstr.64 d29, [r1, #14*8] + + vstr.64 d3, [r1, #15*8] + vstr.64 d15, [r1, #16*8] + vstr.64 d20, [r1, #17*8] + vstr.64 d25, [r1, #18*8] + vstr.64 d30, [r1, #19*8] + + vstr.64 d4, [r1, #20*8] + vstr.64 d16, [r1, #21*8] + vstr.64 d21, [r1, #22*8] + vstr.64 d26, [r1, #23*8] + vstr.64 d31, [r1, #24*8] + + mov r0, #112 + vpop {q4-q7} + pop {ip, pc} +.p2align 2 +.ltorg +.size _gcry_keccak_permute_armv7_neon,.-_gcry_keccak_permute_armv7_neon; + +@//unsigned _gcry_keccak_permute_armv7_neon(u64 *state, @r4 +@ int pos, @r1 +@ const byte *lanes, @r2 +@ unsigned int nlanes, @r3 +@ int blocklanes) @ r5 callable from C +.p2align 3 +.global _gcry_keccak_absorb_lanes64_armv7_neon +.type _gcry_keccak_absorb_lanes64_armv7_neon,%function; +_gcry_keccak_absorb_lanes64_armv7_neon: + + cmp r3, #0 @ nlanes == 0 + itt eq + moveq r0, #0 + bxeq lr + + push {r4-r5, ip, lr} + beq .Lout + mov r4, r0 + ldr r5, [sp, #(4*4)] + vpush {q4-q7} + + @ load state + vldr.64 d0, [r4, #0*8] + vldr.64 d12, [r4, #1*8] + vldr.64 d17, [r4, #2*8] + vldr.64 d22, [r4, #3*8] + vldr.64 d27, [r4, #4*8] + + GET_DATA_POINTER(ip, _gcry_keccak_round_consts_64bit, lr); + + vldr.64 d1, [r4, #5*8] + vldr.64 d13, [r4, #6*8] + vldr.64 d18, [r4, #7*8] + vldr.64 d23, [r4, #8*8] + vldr.64 d28, [r4, #9*8] + + vldr.64 d2, [r4, #10*8] + vldr.64 d14, [r4, #11*8] + vldr.64 d19, [r4, #12*8] + vldr.64 d24, [r4, #13*8] + vldr.64 d29, [r4, #14*8] + + vldr.64 d3, [r4, #15*8] + vldr.64 d15, [r4, #16*8] + vldr.64 d20, [r4, #17*8] + vldr.64 d25, [r4, #18*8] + vldr.64 d30, [r4, #19*8] + + vldr.64 d4, [r4, #20*8] + vldr.64 d16, [r4, #21*8] + vldr.64 d21, [r4, #22*8] + vldr.64 d26, [r4, #23*8] + vldr.64 d31, [r4, #24*8] + +.Lmain_loop: + + @ detect absorb mode (full blocks vs lanes) + + cmp r1, #0 @ pos != 0 + bne .Llanes_loop + +.Lmain_loop_pos0: + + @ full blocks mode + + @ switch (blocksize) + cmp r5, #21 + beq .Lfull_block_21 + cmp r5, #18 + beq .Lfull_block_18 + cmp r5, #17 + beq .Lfull_block_17 + cmp r5, #13 + beq .Lfull_block_13 + cmp r5, #9 + beq .Lfull_block_9 + + @ unknown blocksize + b .Llanes_loop + +.Lfull_block_21: + + @ SHAKE128 + + cmp r3, #21 @ nlanes < blocklanes + blo .Llanes_loop + + sub sp,sp, #5*8 + + vld1.64 {d5-d8}, [r2]! + veor d0, d5 + vld1.64 {d9-d11}, [r2]! + veor d12, d6 + veor d17, d7 + veor d22, d8 + vld1.64 {d5-d8}, [r2]! + veor d27, d9 + + veor d1, d10 + veor d13, d11 + vld1.64 {d9-d11}, [r2]! + veor d18, d5 + veor d23, d6 + veor d28, d7 + + veor d2, d8 + vld1.64 {d5-d8}, [r2]! + veor d14, d9 + veor d19, d10 + veor d24, d11 + vld1.64 {d9-d11}, [r2]! + veor d29, d5 + + veor d3, d6 + veor d15, d7 + veor d20, d8 + veor d25, d9 + veor d30, d10 + + veor d4, d11 + + vstr.64 d0, [sp, #Aba] + vstr.64 d1, [sp, #Aga] + veor.64 q0, q0, q1 + vstr.64 d2, [sp, #Aka] + veor.64 d5, d0, d1 + vstr.64 d3, [sp, #Ama] + vstr.64 d4, [sp, #Asa] + veor.64 d5, d5, d4 + + bl KeccakF_armv7a_neon_asm + + subs r3, #21 @ nlanes -= 21 + vpop.64 { d0-d4 } + + beq .Ldone + + b .Lfull_block_21 + +.Lfull_block_18: + + @ SHA3-224 + + cmp r3, #18 @ nlanes < blocklanes + blo .Llanes_loop + + sub sp,sp, #5*8 + + vld1.64 {d5-d8}, [r2]! + veor d0, d5 + vld1.64 {d9-d11}, [r2]! + veor d12, d6 + veor d17, d7 + veor d22, d8 + vld1.64 {d5-d8}, [r2]! + veor d27, d9 + + veor d1, d10 + veor d13, d11 + vld1.64 {d9-d11}, [r2]! + veor d18, d5 + veor d23, d6 + veor d28, d7 + + veor d2, d8 + vld1.64 {d5-d8}, [r2]! + veor d14, d9 + veor d19, d10 + veor d24, d11 + veor d29, d5 + + veor d3, d6 + veor d15, d7 + veor d20, d8 + + vstr.64 d0, [sp, #Aba] + vstr.64 d1, [sp, #Aga] + veor.64 q0, q0, q1 + vstr.64 d2, [sp, #Aka] + veor.64 d5, d0, d1 + vstr.64 d3, [sp, #Ama] + vstr.64 d4, [sp, #Asa] + veor.64 d5, d5, d4 + + bl KeccakF_armv7a_neon_asm + + subs r3, #18 @ nlanes -= 18 + vpop.64 { d0-d4 } + + beq .Ldone + + b .Lfull_block_18 + +.Lfull_block_17: + + @ SHA3-256 & SHAKE256 + + cmp r3, #17 @ nlanes < blocklanes + blo .Llanes_loop + + sub sp,sp, #5*8 + + vld1.64 {d5-d8}, [r2]! + veor d0, d5 + vld1.64 {d9-d11}, [r2]! + veor d12, d6 + veor d17, d7 + veor d22, d8 + vld1.64 {d5-d8}, [r2]! + veor d27, d9 + + veor d1, d10 + veor d13, d11 + vld1.64 {d9-d11}, [r2]! + veor d18, d5 + veor d23, d6 + veor d28, d7 + + veor d2, d8 + vld1.64 {d5-d7}, [r2]! + veor d14, d9 + veor d19, d10 + veor d24, d11 + veor d29, d5 + + veor d3, d6 + veor d15, d7 + + vstr.64 d0, [sp, #Aba] + vstr.64 d1, [sp, #Aga] + veor.64 q0, q0, q1 + vstr.64 d2, [sp, #Aka] + veor.64 d5, d0, d1 + vstr.64 d3, [sp, #Ama] + vstr.64 d4, [sp, #Asa] + veor.64 d5, d5, d4 + + bl KeccakF_armv7a_neon_asm + + subs r3, #17 @ nlanes -= 17 + vpop.64 { d0-d4 } + + beq .Ldone + + b .Lfull_block_17 + +.Lfull_block_13: + + @ SHA3-384 + + cmp r3, #13 @ nlanes < blocklanes + blo .Llanes_loop + + sub sp,sp, #5*8 + + vld1.64 {d5-d8}, [r2]! + veor d0, d5 + vld1.64 {d9-d11}, [r2]! + veor d12, d6 + veor d17, d7 + veor d22, d8 + vld1.64 {d5-d8}, [r2]! + veor d27, d9 + + veor d1, d10 + veor d13, d11 + vld1.64 {d9-d10}, [r2]! + veor d18, d5 + veor d23, d6 + veor d28, d7 + + veor d2, d8 + veor d14, d9 + veor d19, d10 + + vstr.64 d0, [sp, #Aba] + vstr.64 d1, [sp, #Aga] + veor.64 q0, q0, q1 + vstr.64 d2, [sp, #Aka] + veor.64 d5, d0, d1 + vstr.64 d3, [sp, #Ama] + vstr.64 d4, [sp, #Asa] + veor.64 d5, d5, d4 + + bl KeccakF_armv7a_neon_asm + + subs r3, #13 @ nlanes -= 13 + vpop.64 { d0-d4 } + + beq .Ldone + + b .Lfull_block_13 + +.Lfull_block_9: + + @ SHA3-512 + + cmp r3, #9 @ nlanes < blocklanes + blo .Llanes_loop + + sub sp,sp, #5*8 + + vld1.64 {d5-d8}, [r2]! + veor d0, d5 + vld1.64 {d9-d11}, [r2]! + veor d12, d6 + veor d17, d7 + veor d22, d8 + vld1.64 {d5-d6}, [r2]! + veor d27, d9 + + veor d1, d10 + veor d13, d11 + veor d18, d5 + veor d23, d6 + + vstr.64 d0, [sp, #Aba] + vstr.64 d1, [sp, #Aga] + veor.64 q0, q0, q1 + vstr.64 d2, [sp, #Aka] + veor.64 d5, d0, d1 + vstr.64 d3, [sp, #Ama] + vstr.64 d4, [sp, #Asa] + veor.64 d5, d5, d4 + + bl KeccakF_armv7a_neon_asm + + subs r3, #9 @ nlanes -= 9 + vpop.64 { d0-d4 } + + beq .Ldone + + b .Lfull_block_9 + +.Llanes_loop: + + @ per-lane mode + + @ switch (pos) + ldrb r0, [pc, r1] + add pc, pc, r0, lsl #2 +.Lswitch_table: + .byte (.Llane0-.Lswitch_table-4)/4 + .byte (.Llane1-.Lswitch_table-4)/4 + .byte (.Llane2-.Lswitch_table-4)/4 + .byte (.Llane3-.Lswitch_table-4)/4 + .byte (.Llane4-.Lswitch_table-4)/4 + .byte (.Llane5-.Lswitch_table-4)/4 + .byte (.Llane6-.Lswitch_table-4)/4 + .byte (.Llane7-.Lswitch_table-4)/4 + .byte (.Llane8-.Lswitch_table-4)/4 + .byte (.Llane9-.Lswitch_table-4)/4 + .byte (.Llane10-.Lswitch_table-4)/4 + .byte (.Llane11-.Lswitch_table-4)/4 + .byte (.Llane12-.Lswitch_table-4)/4 + .byte (.Llane13-.Lswitch_table-4)/4 + .byte (.Llane14-.Lswitch_table-4)/4 + .byte (.Llane15-.Lswitch_table-4)/4 + .byte (.Llane16-.Lswitch_table-4)/4 + .byte (.Llane17-.Lswitch_table-4)/4 + .byte (.Llane18-.Lswitch_table-4)/4 + .byte (.Llane19-.Lswitch_table-4)/4 + .byte (.Llane20-.Lswitch_table-4)/4 + .byte (.Llane21-.Lswitch_table-4)/4 + .byte (.Llane22-.Lswitch_table-4)/4 + .byte (.Llane23-.Lswitch_table-4)/4 + .byte (.Llane24-.Lswitch_table-4)/4 +.p2align 2 + +#define ABSORB_LANE(label, vreg) \ + label: \ + add r1, #1; \ + vld1.64 d5, [r2]!; \ + cmp r1, r5; /* pos == blocklanes */ \ + veor vreg, vreg, d5; \ + beq .Llanes_permute; \ + subs r3, #1; \ + beq .Ldone; + + ABSORB_LANE(.Llane0, d0) + ABSORB_LANE(.Llane1, d12) + ABSORB_LANE(.Llane2, d17) + ABSORB_LANE(.Llane3, d22) + ABSORB_LANE(.Llane4, d27) + + ABSORB_LANE(.Llane5, d1) + ABSORB_LANE(.Llane6, d13) + ABSORB_LANE(.Llane7, d18) + ABSORB_LANE(.Llane8, d23) + ABSORB_LANE(.Llane9, d28) + + ABSORB_LANE(.Llane10, d2) + ABSORB_LANE(.Llane11, d14) + ABSORB_LANE(.Llane12, d19) + ABSORB_LANE(.Llane13, d24) + ABSORB_LANE(.Llane14, d29) + + ABSORB_LANE(.Llane15, d3) + ABSORB_LANE(.Llane16, d15) + ABSORB_LANE(.Llane17, d20) + ABSORB_LANE(.Llane18, d25) + ABSORB_LANE(.Llane19, d30) + + ABSORB_LANE(.Llane20, d4) + ABSORB_LANE(.Llane21, d16) + ABSORB_LANE(.Llane22, d21) + ABSORB_LANE(.Llane23, d26) + ABSORB_LANE(.Llane24, d31) + + b .Llanes_loop + +.Llanes_permute: + + sub sp,sp, #5*8 + vstr.64 d0, [sp, #Aba] + vstr.64 d1, [sp, #Aga] + veor.64 q0, q0, q1 + vstr.64 d2, [sp, #Aka] + veor.64 d5, d0, d1 + vstr.64 d3, [sp, #Ama] + vstr.64 d4, [sp, #Asa] + veor.64 d5, d5, d4 + + bl KeccakF_armv7a_neon_asm + + mov r1, #0 @ pos <= 0 + subs r3, #1 + + vpop.64 { d0-d4 } + + beq .Ldone + + b .Lmain_loop_pos0 + +.Ldone: + + @ save state + vstr.64 d0, [r4, #0*8] + vstr.64 d12, [r4, #1*8] + vstr.64 d17, [r4, #2*8] + vstr.64 d22, [r4, #3*8] + vstr.64 d27, [r4, #4*8] + + vstr.64 d1, [r4, #5*8] + vstr.64 d13, [r4, #6*8] + vstr.64 d18, [r4, #7*8] + vstr.64 d23, [r4, #8*8] + vstr.64 d28, [r4, #9*8] + + vstr.64 d2, [r4, #10*8] + vstr.64 d14, [r4, #11*8] + vstr.64 d19, [r4, #12*8] + vstr.64 d24, [r4, #13*8] + vstr.64 d29, [r4, #14*8] + + vstr.64 d3, [r4, #15*8] + vstr.64 d15, [r4, #16*8] + vstr.64 d20, [r4, #17*8] + vstr.64 d25, [r4, #18*8] + vstr.64 d30, [r4, #19*8] + + vstr.64 d4, [r4, #20*8] + vstr.64 d16, [r4, #21*8] + vstr.64 d21, [r4, #22*8] + vstr.64 d26, [r4, #23*8] + vstr.64 d31, [r4, #24*8] + + mov r0, #120 + vpop {q4-q7} +.Lout: + pop {r4-r5, ip, pc} +.p2align 2 +.ltorg +.size _gcry_keccak_absorb_lanes64_armv7_neon,.-_gcry_keccak_absorb_lanes64_armv7_neon; + +#endif diff --git a/cipher/keccak.c b/cipher/keccak.c index ce57860..0bb3155 100644 --- a/cipher/keccak.c +++ b/cipher/keccak.c @@ -59,7 +59,19 @@ #endif -#ifdef USE_64BIT +/* USE_64BIT_ARM_NEON indicates whether to enable 64-bit ARM/NEON assembly + * code. */ +#undef USE_64BIT_ARM_NEON +#ifdef ENABLE_NEON_SUPPORT +# if defined(HAVE_ARM_ARCH_V6) && defined(__ARMEL__) \ + && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) \ + && defined(HAVE_GCC_INLINE_ASM_NEON) +# define USE_64BIT_ARM_NEON 1 +# endif +#endif /*ENABLE_NEON_SUPPORT*/ + + +#if defined(USE_64BIT) || defined(USE_64BIT_ARM_NEON) # define NEED_COMMON64 1 #endif @@ -109,7 +121,7 @@ typedef struct KECCAK_CONTEXT_S #ifdef NEED_COMMON64 -static const u64 round_consts_64bit[24] = +const u64 _gcry_keccak_round_consts_64bit[24 + 1] = { U64_C(0x0000000000000001), U64_C(0x0000000000008082), U64_C(0x800000000000808A), U64_C(0x8000000080008000), @@ -122,7 +134,8 @@ static const u64 round_consts_64bit[24] = U64_C(0x8000000000008002), U64_C(0x8000000000000080), U64_C(0x000000000000800A), U64_C(0x800000008000000A), U64_C(0x8000000080008081), U64_C(0x8000000000008080), - U64_C(0x0000000080000001), U64_C(0x8000000080008008) + U64_C(0x0000000080000001), U64_C(0x8000000080008008), + U64_C(0xFFFFFFFFFFFFFFFF) }; static unsigned int @@ -400,6 +413,54 @@ static const keccak_ops_t keccak_bmi2_64_ops = #endif /* USE_64BIT_BMI2 */ +/* 64-bit ARMv7/NEON implementation. */ +#ifdef USE_64BIT_ARM_NEON + +unsigned int _gcry_keccak_permute_armv7_neon(u64 *state); +unsigned int _gcry_keccak_absorb_lanes64_armv7_neon(u64 *state, int pos, + const byte *lanes, + unsigned int nlanes, + int blocklanes); + +static unsigned int keccak_permute64_armv7_neon(KECCAK_STATE *hd) +{ + return _gcry_keccak_permute_armv7_neon(hd->u.state64); +} + +static unsigned int +keccak_absorb_lanes64_armv7_neon(KECCAK_STATE *hd, int pos, const byte *lanes, + unsigned int nlanes, int blocklanes) +{ + if (blocklanes < 0) + { + /* blocklanes == -1, permutationless absorb from keccak_final. */ + + while (nlanes) + { + hd->u.state64[pos] ^= buf_get_le64(lanes); + lanes += 8; + nlanes--; + } + + return 0; + } + else + { + return _gcry_keccak_absorb_lanes64_armv7_neon(hd->u.state64, pos, lanes, + nlanes, blocklanes); + } +} + +static const keccak_ops_t keccak_armv7_neon_64_ops = +{ + .permute = keccak_permute64_armv7_neon, + .absorb = keccak_absorb_lanes64_armv7_neon, + .extract = keccak_extract64, +}; + +#endif /* USE_64BIT_ARM_NEON */ + + /* Construct generic 32-bit implementation. */ #ifdef USE_32BIT @@ -662,6 +723,10 @@ keccak_init (int algo, void *context, unsigned int flags) /* Select optimized implementation based in hw features. */ if (0) {} +#ifdef USE_64BIT_ARM_NEON + else if (features & HWF_ARM_NEON) + ctx->ops = &keccak_armv7_neon_64_ops; +#endif #ifdef USE_64BIT_BMI2 else if (features & HWF_INTEL_BMI2) ctx->ops = &keccak_bmi2_64_ops; diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h index 6f24217..1a80192 100644 --- a/cipher/keccak_permute_64.h +++ b/cipher/keccak_permute_64.h @@ -25,7 +25,7 @@ static unsigned int KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) { - const u64 *round_consts = round_consts_64bit; + const u64 *round_consts = _gcry_keccak_round_consts_64bit; u64 Aba, Abe, Abi, Abo, Abu; u64 Aga, Age, Agi, Ago, Agu; u64 Aka, Ake, Aki, Ako, Aku; diff --git a/configure.ac b/configure.ac index 2acfa36..ed37ab5 100644 --- a/configure.ac +++ b/configure.ac @@ -2108,7 +2108,7 @@ if test "$found" = "1" ; then if test x"$neonsupport" = xyes ; then # Build with the NEON implementation - : + GCRYPT_DIGESTS="$GCRYPT_DIGESTS keccak-armv7-neon.lo" fi fi commit 2857cb89c6dc1c02266600bc1fd2967a3cd5cf88 Author: Jussi Kivilinna Date: Sat Oct 31 21:29:56 2015 +0200 Optimize Keccak 64-bit absorb functions * cipher/keccak.c [USE_64BIT] [__x86_64__] (absorb_lanes64_8) (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New. * cipher/keccak.c [USE_64BIT] [!__x86_64__] (absorb_lanes64_8) (absorb_lanes64_4, absorb_lanes64_2, absorb_lanes64_1): New. [USE_64BIT] (KECCAK_F1600_ABSORB_FUNC_NAME): New. [USE_64BIT] (keccak_absorb_lanes64): Remove. [USE_64BIT_SHLD] (KECCAK_F1600_ABSORB_FUNC_NAME): New. [USE_64BIT_SHLD] (keccak_absorb_lanes64_shld): Remove. [USE_64BIT_BMI2] (KECCAK_F1600_ABSORB_FUNC_NAME): New. [USE_64BIT_BMI2] (keccak_absorb_lanes64_bmi2): Remove. * cipher/keccak_permute_64.h (KECCAK_F1600_ABSORB_FUNC_NAME): New. -- Optimize 64-bit absorb functions for small speed-up. After this change, 64-bit BMI2 implementation matches speed of fastest results from SUPERCOP for Intel Haswell CPUs (long messages). Benchmark on Intel Haswell @ 3.2 Ghz: Before: | nanosecs/byte mebibytes/sec cycles/byte SHAKE128 | 2.32 ns/B 411.7 MiB/s 7.41 c/B SHAKE256 | 2.84 ns/B 336.2 MiB/s 9.08 c/B SHA3-224 | 2.69 ns/B 354.9 MiB/s 8.60 c/B SHA3-256 | 2.84 ns/B 336.0 MiB/s 9.08 c/B SHA3-384 | 3.69 ns/B 258.4 MiB/s 11.81 c/B SHA3-512 | 5.30 ns/B 179.9 MiB/s 16.97 c/B After: | nanosecs/byte mebibytes/sec cycles/byte SHAKE128 | 2.27 ns/B 420.6 MiB/s 7.26 c/B SHAKE256 | 2.79 ns/B 341.4 MiB/s 8.94 c/B SHA3-224 | 2.64 ns/B 361.7 MiB/s 8.44 c/B SHA3-256 | 2.79 ns/B 341.5 MiB/s 8.94 c/B SHA3-384 | 3.65 ns/B 261.4 MiB/s 11.68 c/B SHA3-512 | 5.27 ns/B 181.0 MiB/s 16.87 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/keccak.c b/cipher/keccak.c index f4f0ef3..ce57860 100644 --- a/cipher/keccak.c +++ b/cipher/keccak.c @@ -223,38 +223,105 @@ keccak_absorb_lane32bi(u32 *lane, u32 x0, u32 x1) /* Construct generic 64-bit implementation. */ #ifdef USE_64BIT +#if __GNUC__ >= 4 && defined(__x86_64__) + +static inline void absorb_lanes64_8(u64 *dst, const byte *in) +{ + asm ("movdqu 0*16(%[dst]), %%xmm0\n\t" + "movdqu 0*16(%[in]), %%xmm4\n\t" + "movdqu 1*16(%[dst]), %%xmm1\n\t" + "movdqu 1*16(%[in]), %%xmm5\n\t" + "movdqu 2*16(%[dst]), %%xmm2\n\t" + "movdqu 3*16(%[dst]), %%xmm3\n\t" + "pxor %%xmm4, %%xmm0\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu 2*16(%[in]), %%xmm4\n\t" + "movdqu 3*16(%[in]), %%xmm5\n\t" + "movdqu %%xmm0, 0*16(%[dst])\n\t" + "pxor %%xmm4, %%xmm2\n\t" + "movdqu %%xmm1, 1*16(%[dst])\n\t" + "pxor %%xmm5, %%xmm3\n\t" + "movdqu %%xmm2, 2*16(%[dst])\n\t" + "movdqu %%xmm3, 3*16(%[dst])\n\t" + : + : [dst] "r" (dst), [in] "r" (in) + : "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5", "memory"); +} + +static inline void absorb_lanes64_4(u64 *dst, const byte *in) +{ + asm ("movdqu 0*16(%[dst]), %%xmm0\n\t" + "movdqu 0*16(%[in]), %%xmm4\n\t" + "movdqu 1*16(%[dst]), %%xmm1\n\t" + "movdqu 1*16(%[in]), %%xmm5\n\t" + "pxor %%xmm4, %%xmm0\n\t" + "pxor %%xmm5, %%xmm1\n\t" + "movdqu %%xmm0, 0*16(%[dst])\n\t" + "movdqu %%xmm1, 1*16(%[dst])\n\t" + : + : [dst] "r" (dst), [in] "r" (in) + : "xmm0", "xmm1", "xmm4", "xmm5", "memory"); +} + +static inline void absorb_lanes64_2(u64 *dst, const byte *in) +{ + asm ("movdqu 0*16(%[dst]), %%xmm0\n\t" + "movdqu 0*16(%[in]), %%xmm4\n\t" + "pxor %%xmm4, %%xmm0\n\t" + "movdqu %%xmm0, 0*16(%[dst])\n\t" + : + : [dst] "r" (dst), [in] "r" (in) + : "xmm0", "xmm4", "memory"); +} + +#else /* __x86_64__ */ + +static inline void absorb_lanes64_8(u64 *dst, const byte *in) +{ + dst[0] ^= buf_get_le64(in + 8 * 0); + dst[1] ^= buf_get_le64(in + 8 * 1); + dst[2] ^= buf_get_le64(in + 8 * 2); + dst[3] ^= buf_get_le64(in + 8 * 3); + dst[4] ^= buf_get_le64(in + 8 * 4); + dst[5] ^= buf_get_le64(in + 8 * 5); + dst[6] ^= buf_get_le64(in + 8 * 6); + dst[7] ^= buf_get_le64(in + 8 * 7); +} + +static inline void absorb_lanes64_4(u64 *dst, const byte *in) +{ + dst[0] ^= buf_get_le64(in + 8 * 0); + dst[1] ^= buf_get_le64(in + 8 * 1); + dst[2] ^= buf_get_le64(in + 8 * 2); + dst[3] ^= buf_get_le64(in + 8 * 3); +} + +static inline void absorb_lanes64_2(u64 *dst, const byte *in) +{ + dst[0] ^= buf_get_le64(in + 8 * 0); + dst[1] ^= buf_get_le64(in + 8 * 1); +} + +#endif /* !__x86_64__ */ + +static inline void absorb_lanes64_1(u64 *dst, const byte *in) +{ + dst[0] ^= buf_get_le64(in + 8 * 0); +} + + # define ANDN64(x, y) (~(x) & (y)) # define ROL64(x, n) (((x) << ((unsigned int)n & 63)) | \ ((x) >> ((64 - (unsigned int)(n)) & 63))) # define KECCAK_F1600_PERMUTE_FUNC_NAME keccak_f1600_state_permute64 +# define KECCAK_F1600_ABSORB_FUNC_NAME keccak_absorb_lanes64 # include "keccak_permute_64.h" # undef ANDN64 # undef ROL64 # undef KECCAK_F1600_PERMUTE_FUNC_NAME - -static unsigned int -keccak_absorb_lanes64(KECCAK_STATE *hd, int pos, const byte *lanes, - unsigned int nlanes, int blocklanes) -{ - unsigned int burn = 0; - - while (nlanes) - { - hd->u.state64[pos] ^= buf_get_le64(lanes); - lanes += 8; - nlanes--; - - if (++pos == blocklanes) - { - burn = keccak_f1600_state_permute64(hd); - pos = 0; - } - } - - return burn; -} +# undef KECCAK_F1600_ABSORB_FUNC_NAME static const keccak_ops_t keccak_generic64_ops = { @@ -279,33 +346,13 @@ static const keccak_ops_t keccak_generic64_ops = tmp; }) # define KECCAK_F1600_PERMUTE_FUNC_NAME keccak_f1600_state_permute64_shld +# define KECCAK_F1600_ABSORB_FUNC_NAME keccak_absorb_lanes64_shld # include "keccak_permute_64.h" # undef ANDN64 # undef ROL64 # undef KECCAK_F1600_PERMUTE_FUNC_NAME - -static unsigned int -keccak_absorb_lanes64_shld(KECCAK_STATE *hd, int pos, const byte *lanes, - unsigned int nlanes, int blocklanes) -{ - unsigned int burn = 0; - - while (nlanes) - { - hd->u.state64[pos] ^= buf_get_le64(lanes); - lanes += 8; - nlanes--; - - if (++pos == blocklanes) - { - burn = keccak_f1600_state_permute64_shld(hd); - pos = 0; - } - } - - return burn; -} +# undef KECCAK_F1600_ABSORB_FUNC_NAME static const keccak_ops_t keccak_shld_64_ops = { @@ -335,33 +382,13 @@ static const keccak_ops_t keccak_shld_64_ops = tmp; }) # define KECCAK_F1600_PERMUTE_FUNC_NAME keccak_f1600_state_permute64_bmi2 +# define KECCAK_F1600_ABSORB_FUNC_NAME keccak_absorb_lanes64_bmi2 # include "keccak_permute_64.h" # undef ANDN64 # undef ROL64 # undef KECCAK_F1600_PERMUTE_FUNC_NAME - -static unsigned int -keccak_absorb_lanes64_bmi2(KECCAK_STATE *hd, int pos, const byte *lanes, - unsigned int nlanes, int blocklanes) -{ - unsigned int burn = 0; - - while (nlanes) - { - hd->u.state64[pos] ^= buf_get_le64(lanes); - lanes += 8; - nlanes--; - - if (++pos == blocklanes) - { - burn = keccak_f1600_state_permute64_bmi2(hd); - pos = 0; - } - } - - return burn; -} +# undef KECCAK_F1600_ABSORB_FUNC_NAME static const keccak_ops_t keccak_bmi2_64_ops = { diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h index 1264f19..6f24217 100644 --- a/cipher/keccak_permute_64.h +++ b/cipher/keccak_permute_64.h @@ -288,3 +288,102 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) return sizeof(void *) * 4 + sizeof(u64) * 12 * 5; } + +static unsigned int +KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes, + unsigned int nlanes, int blocklanes) +{ + unsigned int burn = 0; + + while (nlanes) + { + switch (blocklanes) + { + case 21: + /* SHAKE128 */ + while (pos == 0 && nlanes >= 21) + { + absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); + absorb_lanes64_4(&hd->u.state64[8], lanes + 8 * 8); + absorb_lanes64_8(&hd->u.state64[12], lanes + 8 * 12); + absorb_lanes64_1(&hd->u.state64[20], lanes + 8 * 20); + lanes += 8 * 21; + nlanes -= 21; + + burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); + } + break; + + case 18: + /* SHA3-224 */ + while (pos == 0 && nlanes >= 18) + { + absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); + absorb_lanes64_2(&hd->u.state64[8], lanes + 8 * 8); + absorb_lanes64_8(&hd->u.state64[10], lanes + 8 * 10); + lanes += 8 * 18; + nlanes -= 18; + + burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); + } + break; + + case 17: + /* SHA3-256 & SHAKE256 */ + while (pos == 0 && nlanes >= 17) + { + absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); + absorb_lanes64_8(&hd->u.state64[8], lanes + 8 * 8); + absorb_lanes64_1(&hd->u.state64[16], lanes + 8 * 16); + lanes += 8 * 17; + nlanes -= 17; + + burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); + } + break; + + case 13: + /* SHA3-384 */ + while (pos == 0 && nlanes >= 13) + { + absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); + absorb_lanes64_4(&hd->u.state64[8], lanes + 8 * 8); + absorb_lanes64_1(&hd->u.state64[12], lanes + 8 * 12); + lanes += 8 * 13; + nlanes -= 13; + + burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); + } + break; + + case 9: + /* SHA3-512 */ + while (pos == 0 && nlanes >= 9) + { + absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); + absorb_lanes64_1(&hd->u.state64[8], lanes + 8 * 8); + lanes += 8 * 9; + nlanes -= 9; + + burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); + } + break; + } + + while (nlanes) + { + hd->u.state64[pos] ^= buf_get_le64(lanes); + lanes += 8; + nlanes--; + + if (++pos == blocklanes) + { + burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); + pos = 0; + break; + } + } + } + + return burn; +} commit 07e4839e75a7bca3a6c0a94aecfe75efe61d7ff2 Author: Jussi Kivilinna Date: Sat Oct 31 20:19:59 2015 +0200 Enable CRC test vectors with zero bytes * tests/basic.c (check_digests): Enable CRC test-vectors with zero bytes. -- Signed-off-by: Jussi Kivilinna diff --git a/tests/basic.c b/tests/basic.c index 0762a89..7d5de00 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -5851,16 +5851,12 @@ check_digests (void) { GCRY_MD_CRC32_RFC1510, "test0123456789", "\xb8\x3e\x88\xd6" }, { GCRY_MD_CRC32_RFC1510, "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", "\xe3\x41\x80\xf7" }, -#if 0 - { GCRY_MD_CRC32_RFC1510, "\x80\x00", "\x3b\x83\x98\x4b" }, - { GCRY_MD_CRC32_RFC1510, "\x00\x08", "\x0e\xdb\x88\x32" }, - { GCRY_MD_CRC32_RFC1510, "\x00\x80", "\xed\xb8\x83\x20" }, -#endif + { GCRY_MD_CRC32_RFC1510, "\x80\x00", "\x3b\x83\x98\x4b", 2 }, + { GCRY_MD_CRC32_RFC1510, "\x00\x08", "\x0e\xdb\x88\x32", 2 }, + { GCRY_MD_CRC32_RFC1510, "\x00\x80", "\xed\xb8\x83\x20", 2 }, { GCRY_MD_CRC32_RFC1510, "\x80", "\xed\xb8\x83\x20" }, -#if 0 - { GCRY_MD_CRC32_RFC1510, "\x80\x00\x00\x00", "\xed\x59\xb6\x3b" }, - { GCRY_MD_CRC32_RFC1510, "\x00\x00\x00\x01", "\x77\x07\x30\x96" }, -#endif + { GCRY_MD_CRC32_RFC1510, "\x80\x00\x00\x00", "\xed\x59\xb6\x3b", 4 }, + { GCRY_MD_CRC32_RFC1510, "\x00\x00\x00\x01", "\x77\x07\x30\x96", 4 }, { GCRY_MD_CRC32_RFC1510, "123456789", "\x2d\xfd\x2d\x88" }, { GCRY_MD_CRC24_RFC2440, "", "\xb7\x04\xce" }, { GCRY_MD_CRC24_RFC2440, "foo", "\x4f\xc2\x55" }, ----------------------------------------------------------------------- Summary of changes: cipher/Makefile.am | 2 +- cipher/keccak-armv7-neon.S | 945 +++++++++++++++++++++++++++++++++++++++++++++ cipher/keccak.c | 220 ++++++++--- cipher/keccak_permute_64.h | 101 ++++- cipher/tiger.c | 104 ++--- configure.ac | 2 +- tests/basic.c | 14 +- 7 files changed, 1248 insertions(+), 140 deletions(-) create mode 100644 cipher/keccak-armv7-neon.S hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 6 11:09:39 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 06 Nov 2015 11:09:39 +0100 Subject: [git] gnupg-doc - branch, master, updated. 1c09fb3a84597ed3dde6ea9ad2c8eb7e67f1f228 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 1c09fb3a84597ed3dde6ea9ad2c8eb7e67f1f228 (commit) from fc36f42cec4477f023d167ef725d4a09defbb3d9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1c09fb3a84597ed3dde6ea9ad2c8eb7e67f1f228 Author: Neal H. Walfield Date: Fri Nov 6 11:07:58 2015 +0100 web: Add links to keyserver software. GnuPG-bug-id: 268 diff --git a/web/related_software/tools.org b/web/related_software/tools.org index b5a73e2..97c0b5f 100644 --- a/web/related_software/tools.org +++ b/web/related_software/tools.org @@ -17,3 +17,5 @@ Report]] form. - [[file:swlist.org::#pgpdump-web][PGPdump Web interface]] :: Can be used to analyze OpenPGP data formats. - [[file:swlist.org::#pinentry][Pinentry]] :: Secure PinEntry Dialog. + - [[https://bitbucket.org/skskeyserver/sks-keyserver/overview][SKS]] :: Popular keyserver software. + - [[https://hockeypuck.github.io/][Hockeypuck]] :: Keyserver written in Go. ----------------------------------------------------------------------- Summary of changes: web/related_software/tools.org | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 6 11:18:43 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 06 Nov 2015 11:18:43 +0100 Subject: [git] gnupg-doc - branch, master, updated. 551a71de65f5ba02e72f77ac9d288db8d986e60d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 551a71de65f5ba02e72f77ac9d288db8d986e60d (commit) from 1c09fb3a84597ed3dde6ea9ad2c8eb7e67f1f228 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 551a71de65f5ba02e72f77ac9d288db8d986e60d Author: Neal H. Walfield Date: Fri Nov 6 11:18:41 2015 +0100 web: Remove deadlink to PocketConsole. GnuPG-bug-id: 1140. diff --git a/web/download/supported_systems.org b/web/download/supported_systems.org index 681b5ca..c2c566c 100644 --- a/web/download/supported_systems.org +++ b/web/download/supported_systems.org @@ -31,9 +31,6 @@ expect them to do. We plan to work on it, iff there are enough requests for it. - *[[http://www.symbolictools.de/public/pocketconsole/][PocketConsole]]* - a Windows NT-like console for the Pocket PC - is - supported. - *MacOS X* is also supported; please see [[http://macgpg.sf.net][macgpg.sf.net]] for detailed information. ----------------------------------------------------------------------- Summary of changes: web/download/supported_systems.org | 3 --- 1 file changed, 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 6 12:04:40 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 06 Nov 2015 12:04:40 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-113-ge8c53fc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e8c53fca954d33366e3494a6d4eecc3868282bcc (commit) via f38bac8883ea2e9ed8e2836f97a953efb85e774c (commit) via 23e163473f050d1f2c08f589beb9dab283b7d624 (commit) from a958ffd148a46f3757d1c309bb13555638044640 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e8c53fca954d33366e3494a6d4eecc3868282bcc Author: Neal H. Walfield Date: Thu Nov 5 17:29:53 2015 +0100 gpg: Check for ambiguous or non-matching key specs. * g10/gpg.c (check_user_ids): New function. (main): Check that any user id specifications passed to --local-user and --remote-user correspond to exactly 1 user. Check that any user id specifications passed to --default-key correspond to at most 1 user. Warn if any user id specifications passed to --local-user or --default-user are possible ambiguous (are not specified by long keyid or fingerprint). * g10/getkey.c (parse_def_secret_key): Don't warn about possible ambiguous key descriptions here. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1128 Debian-debug-id: 544490 diff --git a/g10/getkey.c b/g10/getkey.c index b4086a2..9e123ee 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1142,15 +1142,6 @@ parse_def_secret_key (ctrl_t ctrl) continue; } - if (! (desc.mode == KEYDB_SEARCH_MODE_LONG_KID - || desc.mode == KEYDB_SEARCH_MODE_FPR16 - || desc.mode == KEYDB_SEARCH_MODE_FPR20 - || desc.mode == KEYDB_SEARCH_MODE_FPR) - && ! warned) - log_info (_("Warning: value '%s' for --default-key" - " should be a long keyid or a fingerprint.\n"), - t->d); - if (! hd) hd = keydb_new (); else diff --git a/g10/gpg.c b/g10/gpg.c index ef283b4..b15be91 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2081,6 +2081,159 @@ get_default_configname (void) return configname; } +gpg_error_t +check_user_ids (strlist_t *sp, + int warn_possibly_ambiguous, + int error_if_not_found) +{ + strlist_t s = *sp; + strlist_t s2 = NULL; + strlist_t t; + + gpg_error_t rc = 0; + gpg_error_t err; + + KEYDB_HANDLE hd = NULL; + + if (! s) + return 0; + + for (t = s; t; t = t->next) + { + const char *option; + + KEYDB_SEARCH_DESC desc; + KBNODE kb; + PKT_public_key *pk; + char fingerprint_bin[MAX_FINGERPRINT_LEN]; + size_t fingerprint_bin_len = sizeof (fingerprint_bin); + char fingerprint[2 * MAX_FINGERPRINT_LEN + 1]; + + + switch (t->flags >> 2) + { + case oDefaultKey: option = "--default-key"; break; + case oEncryptTo: option = "--encrypt-to"; break; + case oHiddenEncryptTo: option = "--hidden-encrypt-to"; break; + case oEncryptToDefaultKey: option = "--encrypt-to-default-key"; break; + case oRecipient: option = "--recipient"; break; + case oHiddenRecipient: option = "--hidden-recipient"; break; + case oLocalUser: option = "--local-user"; break; + default: log_bug ("Unsupport option: %d\n", t->flags >> 2); + } + + err = classify_user_id (t->d, &desc, 1); + if (err) + { + if (! rc) + rc = err; + + log_error (_("Invalid value ('%s')."), t->d); + if (!opt.quiet) + log_info (_("(check argument of option '%s')\n"), option); + continue; + } + + if (warn_possibly_ambiguous + && ! (desc.mode == KEYDB_SEARCH_MODE_LONG_KID + || desc.mode == KEYDB_SEARCH_MODE_FPR16 + || desc.mode == KEYDB_SEARCH_MODE_FPR20 + || desc.mode == KEYDB_SEARCH_MODE_FPR)) + log_info (_("Warning: value '%s' for %s" + " should be a long keyid or a fingerprint.\n"), + t->d, option); + + if (! hd) + hd = keydb_new (); + else + keydb_search_reset (hd); + + err = keydb_search (hd, &desc, 1, NULL); + if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) + { + if (error_if_not_found) + { + if (! rc) + rc = err; + + log_error (_("no such key corresponding to '%s'\n"), t->d); + if (!opt.quiet) + log_info (_("(check argument of option '%s')\n"), option); + } + continue; + } + if (err) + { + if (! rc) + rc = err; + + log_error (_("error looking up '%s' in keyring: %s.\n"), + t->d, gpg_strerror (err)); + break; + } + + err = keydb_get_keyblock (hd, &kb); + if (err) + { + if (! rc) + rc = err; + + log_error (_("error reading key block for '%s': %s\n"), + t->d, gpg_strerror (err)); + continue; + } + + pk = kb->pkt->pkt.public_key; + fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); + assert (fingerprint_bin_len == sizeof (fingerprint_bin)); + bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, fingerprint); + add_to_strlist (&s2, fingerprint); + s2->flags = s->flags; + + release_kbnode (kb); + + /* Continue the search. */ + err = keydb_search (hd, &desc, 1, NULL); + if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND + || gpg_err_code (err) == GPG_ERR_EOF)) + { + char fingerprint_bin2[MAX_FINGERPRINT_LEN]; + size_t fingerprint_bin2_len = sizeof (fingerprint_bin2); + char fingerprint2[2 * MAX_FINGERPRINT_LEN + 1]; + + log_error (_("Error: the key specification '%s' is ambiguous.\n"), + t->d); + if (!opt.quiet) + log_info (_("(check argument of option '%s')\n"), option); + + err = keydb_get_keyblock (hd, &kb); + if (err) + log_error (_("error reading key block for '%s': %s.\n"), + t->d, gpg_strerror (err)); + else + { + pk = kb->pkt->pkt.public_key; + fingerprint_from_pk (pk, fingerprint_bin2, &fingerprint_bin2_len); + assert (fingerprint_bin2_len == sizeof (fingerprint_bin2)); + bin2hex (fingerprint_bin2, MAX_FINGERPRINT_LEN, fingerprint2); + + log_error ("'%s' matches at least: %s and %s.\n", + t->d, fingerprint, fingerprint2); + + release_kbnode (kb); + } + } + } + + strlist_rev (&s2); + + if (hd) + keydb_release (hd); + + free_strlist (s); + *sp = s2; + return rc; +} int main (int argc, char **argv) @@ -2582,7 +2735,8 @@ main (int argc, char **argv) #endif /*!NO_TRUST_MODELS*/ case oDefaultKey: - add_to_strlist (&opt.def_secret_key, pargs.r.ret_str); + sl = add_to_strlist (&opt.def_secret_key, pargs.r.ret_str); + sl->flags = (pargs.r_opt << 2); break; case oDefRecipient: if( *pargs.r.ret_str ) @@ -2774,22 +2928,23 @@ main (int argc, char **argv) case oNoEncryptTo: opt.no_encrypt_to = 1; break; case oEncryptTo: /* store the recipient in the second list */ sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); - sl->flags = 1; + sl->flags = (pargs.r_opt << 2) | 1; break; case oHiddenEncryptTo: /* store the recipient in the second list */ sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); - sl->flags = 1|2; + sl->flags = (pargs.r_opt << 2) | 1|2; break; case oEncryptToDefaultKey: opt.encrypt_to_default_key = 1; break; case oRecipient: /* store the recipient */ - add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); + sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); + sl->flags = (pargs.r_opt << 2); any_explicit_recipient = 1; break; case oHiddenRecipient: /* store the recipient with a flag */ sl = add_to_strlist2( &remusr, pargs.r.ret_str, utf8_strings ); - sl->flags = 2; + sl->flags = (pargs.r_opt << 2) | 2; any_explicit_recipient = 1; break; @@ -2832,7 +2987,8 @@ main (int argc, char **argv) case oAskCertLevel: opt.ask_cert_level = 1; break; case oNoAskCertLevel: opt.ask_cert_level = 0; break; case oLocalUser: /* store the local users */ - add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings ); + sl = add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings ); + sl->flags = (pargs.r_opt << 2); break; case oCompress: /* this is the -z command line option */ @@ -3740,19 +3896,33 @@ main (int argc, char **argv) break; } - if (opt.encrypt_to_default_key) - { - const char *default_key = parse_def_secret_key (ctrl); - if (default_key) - { - sl = add_to_strlist2 (&remusr, default_key, utf8_strings); - sl->flags = 1; - } - else if (opt.def_secret_key) - log_info (_("--encrypt-to-default-key specified, but no valid default keys specified.\n")); - else - log_info (_("--encrypt-to-default-key specified, but --default-key not specified.\n")); - } + { + int have_def_secret_key = opt.def_secret_key != NULL; + + rc = check_user_ids (&locusr, 1, 1); + if (rc) + g10_exit (1); + rc = check_user_ids (&remusr, 0, 1); + if (rc) + g10_exit (1); + rc = check_user_ids (&opt.def_secret_key, 1, 0); + if (rc) + g10_exit (1); + + if (opt.encrypt_to_default_key) + { + const char *default_key = parse_def_secret_key (ctrl); + if (default_key) + { + sl = add_to_strlist2 (&remusr, default_key, utf8_strings); + sl->flags = (oEncryptToDefaultKey << 2) | 1; + } + else if (have_def_secret_key) + log_info (_("--encrypt-to-default-key specified, but no valid default keys specified.\n")); + else + log_info (_("--encrypt-to-default-key specified, but --default-key not specified.\n")); + } + } /* The command dispatcher. */ switch( cmd ) commit f38bac8883ea2e9ed8e2836f97a953efb85e774c Author: Neal H. Walfield Date: Fri Nov 6 10:51:35 2015 +0100 common: Add new function strlist_rev. * common/strlist.c (strlist_rev): New function. * common/t-strlist.c: New file. * common/Makefile.am (common_sources): Add strlist.c and strlist.h. (module_tests): Add t-strlist. (t_strlist_LDADD): New variable. -- Signed-off-by: Neal H. Walfield diff --git a/common/Makefile.am b/common/Makefile.am index f84cea1..678e1a2 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -85,7 +85,8 @@ common_sources = \ ssh-utils.c ssh-utils.h \ agent-opt.c \ helpfile.c \ - mkdir_p.c mkdir_p.h + mkdir_p.c mkdir_p.h \ + strlist.c strlist.h if HAVE_W32_SYSTEM common_sources += w32-reg.c w32-afunix.c w32-afunix.h @@ -150,7 +151,7 @@ endif module_tests = t-stringhelp t-timestuff \ t-convert t-percent t-gettime t-sysutils t-sexputil \ t-session-env t-openpgp-oid t-ssh-utils \ - t-mapstrings t-zb32 t-mbox-util t-iobuf + t-mapstrings t-zb32 t-mbox-util t-iobuf t-strlist if !HAVE_W32CE_SYSTEM module_tests += t-exechelp endif @@ -198,6 +199,7 @@ t_zb32_LDADD = $(t_common_ldadd) t_mbox_util_LDADD = $(t_common_ldadd) t_iobuf_LDADD = $(t_common_ldadd) +t_strlist_LDADD = $(t_common_ldadd) # System specific test if HAVE_W32_SYSTEM diff --git a/common/strlist.c b/common/strlist.c index 9bd6195..760a460 100644 --- a/common/strlist.c +++ b/common/strlist.c @@ -231,3 +231,22 @@ strlist_length (strlist_t list) return i; } + +/* Reverse the list *LIST in place. */ +strlist_t +strlist_rev (strlist_t *list) +{ + strlist_t l = *list; + strlist_t lrev = NULL; + + while (l) + { + strlist_t tail = l->next; + l->next = lrev; + lrev = l; + l = tail; + } + + *list = lrev; + return lrev; +} diff --git a/common/strlist.h b/common/strlist.h index fccce87..acb92f7 100644 --- a/common/strlist.h +++ b/common/strlist.h @@ -58,6 +58,7 @@ char * strlist_pop (strlist_t *list); strlist_t strlist_find (strlist_t haystack, const char *needle); int strlist_length (strlist_t list); +strlist_t strlist_rev (strlist_t *haystack); #define FREE_STRLIST(a) do { free_strlist((a)); (a) = NULL ; } while(0) diff --git a/common/t-strlist.c b/common/t-strlist.c new file mode 100644 index 0000000..b033905 --- /dev/null +++ b/common/t-strlist.c @@ -0,0 +1,82 @@ +/* t-strlist.c - Regression tests for strist.c + * Copyright (C) 2015 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify it + * under the terms of either + * + * - the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 3 of the License, or (at + * your option) any later version. + * + * or + * + * - the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * or both in parallel, as here. + * + * GnuPG is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copies of the GNU General Public License + * and the GNU Lesser General Public License along with this program; + * if not, see . + */ + +#include +#include + +#include "strlist.h" + +#include "t-support.h" + +static void +test_strlist_rev (void) +{ + strlist_t s = NULL; + + /* Reversing an empty list should yield the empty list. */ + if (! (strlist_rev (&s) == NULL)) + fail (1); + + add_to_strlist (&s, "1"); + add_to_strlist (&s, "2"); + add_to_strlist (&s, "3"); + + if (strcmp (s->d, "3") != 0) + fail (2); + if (strcmp (s->next->d, "2") != 0) + fail (2); + if (strcmp (s->next->next->d, "1") != 0) + fail (2); + if (s->next->next->next) + fail (2); + + strlist_rev (&s); + + if (strcmp (s->d, "1") != 0) + fail (2); + if (strcmp (s->next->d, "2") != 0) + fail (2); + if (strcmp (s->next->next->d, "3") != 0) + fail (2); + if (s->next->next->next) + fail (2); +} + + +int +main (int argc, char **argv) +{ + (void)argc; + (void)argv; + + test_strlist_rev (); + + return 0; +} commit 23e163473f050d1f2c08f589beb9dab283b7d624 Author: Neal H. Walfield Date: Fri Nov 6 10:49:09 2015 +0100 common: Include required, but not included headers in t-support.h. * common/t-support.h: Include and . -- Signed-off-by: Neal H. Walfield diff --git a/common/t-support.h b/common/t-support.h index c0d0c8c..8ff2810 100644 --- a/common/t-support.h +++ b/common/t-support.h @@ -35,6 +35,9 @@ #error The regression tests should not include with gcrypt.h #endif +#include +#include + #ifdef HAVE_W32CE_SYSTEM #include /* Defines strerror. */ #endif ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 6 +- common/strlist.c | 19 ++++ common/strlist.h | 1 + common/{t-w32-reg.c => t-strlist.c} | 60 ++++++----- common/t-support.h | 3 + g10/getkey.c | 9 -- g10/gpg.c | 208 ++++++++++++++++++++++++++++++++---- 7 files changed, 247 insertions(+), 59 deletions(-) copy common/{t-w32-reg.c => t-strlist.c} (58%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 6 12:31:22 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 06 Nov 2015 12:31:22 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-114-gf99830b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f99830b72812395da5451152bdd2f2d90a7cb7fb (commit) from e8c53fca954d33366e3494a6d4eecc3868282bcc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f99830b72812395da5451152bdd2f2d90a7cb7fb Author: Neal H. Walfield Date: Fri Nov 6 12:31:16 2015 +0100 common: When classifying keyids and fingerprints, reject trailing junk. * common/userids.c (classify_user_id): Trim any trailing whitespace. Before assuming that a hexstring corresponds to a key id or fingerprint, make sure that it is NUL terminated. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1206 Debian-bug-id: 575084 diff --git a/common/userids.c b/common/userids.c index e1304be..25d6741 100644 --- a/common/userids.c +++ b/common/userids.c @@ -1,6 +1,7 @@ /* userids.c - Utility functions for user ids. * Copyright (C) 2001, 2003, 2004, 2006, * 2009 Free Software Foundation, Inc. + * Copyright (C) 2015 g10 Code GmbH * * This file is part of GnuPG. * @@ -70,6 +71,8 @@ gpg_error_t classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) { const char *s; + char *s2 = NULL; + int rc = 0; int hexprefix = 0; int hexlength; int mode = 0; @@ -83,14 +86,22 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) function. */ memset (desc, 0, sizeof *desc); - /* Skip leading spaces. */ + /* Skip leading and trailing spaces. */ for(s = name; *s && spacep (s); s++ ) ; + if (s[strlen(s) - 1] == ' ') + { + s2 = xstrdup (s); + while (s2[strlen(s2) - 1] == ' ') + s2[strlen(s2) - 1] = 0; + s = s2; + } switch (*s) { case 0: /* Empty string is an error. */ - return gpg_error (GPG_ERR_INV_USER_ID); + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; case '.': /* An email address, compare from end. Note that this has not yet been implemented in the search code. */ @@ -138,7 +149,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) case '/': /* Subject's DN. */ s++; if (!*s || spacep (s)) /* No DN or prefixed with a space. */ - return gpg_error (GPG_ERR_INV_USER_ID); + { + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; + } desc->u.name = s; mode = KEYDB_SEARCH_MODE_SUBJECT; break; @@ -152,7 +166,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) { /* "#/" indicates an issuer's DN. */ s++; if (!*s || spacep (s)) /* No DN or prefixed with a space. */ - return gpg_error (GPG_ERR_INV_USER_ID); + { + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; + } desc->u.name = s; mode = KEYDB_SEARCH_MODE_ISSUER; } @@ -162,7 +179,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) { /* Check for an invalid digit in the serial number. */ if (!strchr("01234567890abcdefABCDEF", *si)) - return gpg_error (GPG_ERR_INV_USER_ID); + { + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; + } } desc->sn = (const unsigned char*)s; desc->snlen = -1; @@ -172,7 +192,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) { s = si+1; if (!*s || spacep (s)) /* No DN or prefixed with a space. */ - return gpg_error (GPG_ERR_INV_USER_ID); + { + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; + } desc->u.name = s; mode = KEYDB_SEARCH_MODE_ISSUER_SN; } @@ -187,14 +210,23 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) se = strchr (++s,':'); if (!se) - return gpg_error (GPG_ERR_INV_USER_ID); + { + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; + } for (i=0,si=s; si < se; si++, i++ ) { if (!strchr("01234567890abcdefABCDEF", *si)) - return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid digit. */ + { + rc = gpg_error (GPG_ERR_INV_USER_ID); /* Invalid digit. */ + goto out; + } } if (i != 32 && i != 40) - return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid length of fpr. */ + { + rc = gpg_error (GPG_ERR_INV_USER_ID); /* Invalid length of fpr. */ + goto out; + } for (i=0,si=s; si < se; i++, si +=2) desc->u.fpr[i] = hextobyte(si); for (; i < 20; i++) @@ -207,7 +239,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) case '&': /* Keygrip*/ { if (hex2bin (s+1, desc->u.grip, 20) < 0) - return gpg_error (GPG_ERR_INV_USER_ID); /* Invalid. */ + { + rc = gpg_error (GPG_ERR_INV_USER_ID); /* Invalid. */ + goto out; + } mode = KEYDB_SEARCH_MODE_KEYGRIP; } break; @@ -231,7 +266,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) { if (hexprefix) /* A "0x" prefix without a correct termination is an error. */ - return gpg_error (GPG_ERR_INV_USER_ID); + { + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; + } /* The first characters looked like a hex number, but the entire string is not. */ hexlength = 0; @@ -240,7 +278,7 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) if (desc->exact) hexlength--; /* Remove the bang. */ - if (hexlength == 8 + if ((hexlength == 8 && s[hexlength] == 0) || (!hexprefix && hexlength == 9 && *s == '0')) { /* Short keyid. */ @@ -249,7 +287,7 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) desc->u.kid[1] = strtoul( s, NULL, 16 ); mode = KEYDB_SEARCH_MODE_SHORT_KID; } - else if (hexlength == 16 + else if ((hexlength == 16 && s[hexlength] == 0) || (!hexprefix && hexlength == 17 && *s == '0')) { /* Long keyid. */ @@ -261,7 +299,7 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) desc->u.kid[1] = strtoul (s+8, NULL, 16); mode = KEYDB_SEARCH_MODE_LONG_KID; } - else if (hexlength == 32 + else if ((hexlength == 32 && s[hexlength] == 0) || (!hexprefix && hexlength == 33 && *s == '0')) { /* MD5 fingerprint. */ @@ -273,12 +311,15 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) { int c = hextobyte(s); if (c == -1) - return gpg_error (GPG_ERR_INV_USER_ID); + { + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; + } desc->u.fpr[i] = c; } mode = KEYDB_SEARCH_MODE_FPR16; } - else if (hexlength == 40 + else if ((hexlength == 40 && s[hexlength] == 0) || (!hexprefix && hexlength == 41 && *s == '0')) { /* SHA1/RMD160 fingerprint. */ @@ -289,7 +330,10 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) { int c = hextobyte(s); if (c == -1) - return gpg_error (GPG_ERR_INV_USER_ID); + { + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; + } desc->u.fpr[i] = c; } mode = KEYDB_SEARCH_MODE_FPR20; @@ -367,10 +411,13 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) else { /* Hex number with a prefix but with a wrong length. */ - return gpg_error (GPG_ERR_INV_USER_ID); + rc = gpg_error (GPG_ERR_INV_USER_ID); + goto out; } } desc->mode = mode; - return 0; + out: + xfree (s2); + return rc; } ----------------------------------------------------------------------- Summary of changes: common/userids.c | 85 +++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 66 insertions(+), 19 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 6 13:17:26 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 06 Nov 2015 13:17:26 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-116-g28e1982 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 28e198201e580b39bceb9c151df07fc0e936a91d (commit) via a74aeb5dae1f673fcd98b39a6a0496f3c622709a (commit) from f99830b72812395da5451152bdd2f2d90a7cb7fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 28e198201e580b39bceb9c151df07fc0e936a91d Author: Neal H. Walfield Date: Fri Nov 6 13:15:34 2015 +0100 gpg: Fix formatting string. * g10/decrypt-data.c (decrypt_data): Fix formatting string. -- Signed-off-by: Neal H. Walfield diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index b575f39..970d911 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -239,7 +239,7 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) iobuf_copy (output, ed->buf); if ((rc = iobuf_error (ed->buf))) - log_error (_("error reading: %s\n"), + log_error (_("error reading: %s: %s\n"), filename, gpg_strerror (rc)); else if ((rc = iobuf_error (output))) log_error (_("error writing output ('%s'): %s\n"), commit a74aeb5dae1f673fcd98b39a6a0496f3c622709a Author: Neal H. Walfield Date: Fri Nov 6 13:14:57 2015 +0100 gpg: Add new option --only-sign-text-ids. * g10/options.h (opt): Add field only_sign_text_ids. * g10/gpg.c (enum cmd_and_opt_values): Add value oOnlySignTextIDs. (opts): Handle oOnlySignTextIDs. (main): Likewise. * g10/keyedit.c (sign_uids): If OPT.ONLY_SIGN_TEXT_IDS is set, don't select non-text based IDs automatically. (keyedit_menu): Adapt the prompt asking to sign all user ids according to OPT.ONLY_SIGN_TEXT_IDS. * doc/gpg.texi: Document the new option --only-sign-text-ids. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1241 Debian-bug-id: 569702 diff --git a/doc/gpg.texi b/doc/gpg.texi index 246b441..dcef495 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -650,6 +650,10 @@ and "t" (for trust) may be freely mixed and prefixed to "sign" to create a signature of any type desired. @c man:.RE +If the option @option{--only-sign-text-ids} is specified, then any +non-text based user ids (e.g., photo IDs) will not be selected for +signing. + @table @asis @item delsig diff --git a/g10/gpg.c b/g10/gpg.c index b15be91..e47b7f5 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -392,6 +392,7 @@ enum cmd_and_opt_values oTOFUDBFormat, oWeakDigest, oUnwrap, + oOnlySignTextIDs, oNoop }; @@ -755,6 +756,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oFakedSystemTime, "faked-system-time", "@"), ARGPARSE_s_s (oWeakDigest, "weak-digest","@"), ARGPARSE_s_n (oUnwrap, "unwrap", "@"), + ARGPARSE_s_n (oOnlySignTextIDs, "only-sign-text-ids", "@"), /* Aliases. I constantly mistype these, and assume other people do as well. */ @@ -3308,6 +3310,9 @@ main (int argc, char **argv) case oUnwrap: opt.unwrap_encryption = 1; break; + case oOnlySignTextIDs: + opt.only_sign_text_ids = 1; + break; case oDisplay: set_opt_session_env ("DISPLAY", pargs.r.ret_str); diff --git a/g10/keyedit.c b/g10/keyedit.c index afa6f85..16b0cec 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1,6 +1,7 @@ /* keyedit.c - Edit properties of a key * Copyright (C) 1998-2010 Free Software Foundation, Inc. * Copyright (C) 1998-2015 Werner Koch + * Copyright (C) 2015 g10 Code GmbH * * This file is part of GnuPG. * @@ -614,7 +615,16 @@ sign_uids (ctrl_t ctrl, estream_t fp, user = utf8_to_native (uidnode->pkt->pkt.user_id->name, uidnode->pkt->pkt.user_id->len, 0); - if (uidnode->pkt->pkt.user_id->is_revoked) + if (opt.only_sign_text_ids + && uidnode->pkt->pkt.user_id->attribs) + { + tty_fprintf (fp, _("Skipping User ID \"%s\"," + " which is not a text ID.\n"), + user); + uidnode->flag &= ~NODFLG_MARK_A; + uidnode = NULL; + } + else if (uidnode->pkt->pkt.user_id->is_revoked) { tty_fprintf (fp, _("User ID \"%s\" is revoked."), user); @@ -1742,21 +1752,31 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, } } - if (count_uids (keyblock) > 1 && !count_selected_uids (keyblock) - && !cpr_get_answer_is_yes ("keyedit.sign_all.okay", - _("Really sign all user IDs?" - " (y/N) "))) - { - if (opt.interactive) - interactive = 1; - else - { - tty_printf (_("Hint: Select the user IDs to sign\n")); - have_commands = 0; - break; - } - - } + if (count_uids (keyblock) > 1 && !count_selected_uids (keyblock)) + { + int result; + if (opt.only_sign_text_ids) + result = cpr_get_answer_is_yes + ("keyedit.sign_all.okay", + _("Really sign all user IDs? (y/N) ")); + else + result = cpr_get_answer_is_yes + ("keyedit.sign_all.okay", + _("Really sign all text user IDs? (y/N) ")); + + if (! result) + { + if (opt.interactive) + interactive = 1; + else + { + tty_printf (_("Hint: Select the user IDs to sign\n")); + have_commands = 0; + break; + } + + } + } /* What sort of signing are we doing? */ if (!parse_sign_type (answer, &localsig, &nonrevokesig, &trustsig)) diff --git a/g10/options.h b/g10/options.h index c8541b2..68f5d39 100644 --- a/g10/options.h +++ b/g10/options.h @@ -264,6 +264,7 @@ struct int pinentry_mode; int unwrap_encryption; + int only_sign_text_ids; } opt; /* CTRL is used to keep some global variables we currently can't ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 4 ++++ g10/decrypt-data.c | 2 +- g10/gpg.c | 5 +++++ g10/keyedit.c | 52 ++++++++++++++++++++++++++++++++++++---------------- g10/options.h | 1 + 5 files changed, 47 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 6 13:33:01 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 06 Nov 2015 13:33:01 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-118-g2242658 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2242658efe0c975a46c3316bc9171ddbce085e2c (commit) via 20125333e7b822e8c70ac8cef986649f0654eb56 (commit) from 28e198201e580b39bceb9c151df07fc0e936a91d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2242658efe0c975a46c3316bc9171ddbce085e2c Author: Werner Koch Date: Fri Nov 6 13:29:01 2015 +0100 gpg: Avoid new strings. * g10/decrypt-data.c (decrypt_data): Use already translated strings. Signed-off-by: Werner Koch diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index 970d911..2d9f54f 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -239,10 +239,10 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) iobuf_copy (output, ed->buf); if ((rc = iobuf_error (ed->buf))) - log_error (_("error reading: %s: %s\n"), + log_error (_("error reading '%s': %s\n"), filename, gpg_strerror (rc)); else if ((rc = iobuf_error (output))) - log_error (_("error writing output ('%s'): %s\n"), + log_error (_("error writing '%s': %s\n"), filename, gpg_strerror (rc)); iobuf_close (output); commit 20125333e7b822e8c70ac8cef986649f0654eb56 Author: Werner Koch Date: Fri Nov 6 13:20:01 2015 +0100 common: Fix commit f99830b. * common/userids.c (classify_user_id): Avoid underflow. Use spacep to also trim tabs. -- This is actually not fully consistent because the now used trim_trailing_spaces uses the locale dependent isspace and not spacep. Given that the use of isspace is anyway problematic we should check whether we can chnage trim_trailing_spaces. Signed-off-by: Werner Koch diff --git a/common/userids.c b/common/userids.c index 25d6741..f9a0036 100644 --- a/common/userids.c +++ b/common/userids.c @@ -89,11 +89,15 @@ classify_user_id (const char *name, KEYDB_SEARCH_DESC *desc, int openpgp_hack) /* Skip leading and trailing spaces. */ for(s = name; *s && spacep (s); s++ ) ; - if (s[strlen(s) - 1] == ' ') + if (*s && spacep (s + strlen(s) - 1)) { - s2 = xstrdup (s); - while (s2[strlen(s2) - 1] == ' ') - s2[strlen(s2) - 1] = 0; + s2 = xtrystrdup (s); + if (!s2) + { + rc = gpg_error_from_syserror (); + goto out; + } + trim_trailing_spaces (s2); s = s2; } ----------------------------------------------------------------------- Summary of changes: common/userids.c | 12 ++++++++---- g10/decrypt-data.c | 4 ++-- 2 files changed, 10 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 9 08:20:10 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Mon, 09 Nov 2015 08:20:10 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-119-gbce0e3f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via bce0e3f71df0709a7d323a688ddf2690c1727a6c (commit) from 2242658efe0c975a46c3316bc9171ddbce085e2c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bce0e3f71df0709a7d323a688ddf2690c1727a6c Author: NIIBE Yutaka Date: Mon Nov 9 16:15:44 2015 +0900 scd: Add reder information to --card-status. * g10/call-agent.h, g10/call-agent.c (agent_release_card_info) g10/card-util.c (card_status): Add READER. * scd/apdu.c (close_ccid_reader, open_ccid_reader): Handle RDRNAME. (apdu_get_reader_name): New. * scd/ccid-driver.c (ccid_open_reader): Add argument to RDRNAME_P. * scd/command.c (cmd_learn): Return READER information. diff --git a/g10/call-agent.c b/g10/call-agent.c index 6345784..8eb16e4 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -480,6 +480,7 @@ agent_release_card_info (struct agent_card_info_s *info) if (!info) return; + xfree (info->reader); info->reader = NULL; xfree (info->serialno); info->serialno = NULL; xfree (info->apptype); info->apptype = NULL; xfree (info->disp_name); info->disp_name = NULL; @@ -509,7 +510,12 @@ learn_status_cb (void *opaque, const char *line) while (spacep (line)) line++; - if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen)) + if (keywordlen == 6 && !memcmp (keyword, "READER", keywordlen)) + { + xfree (parm->reader); + parm->reader = unescape_status_string (line); + } + else if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen)) { xfree (parm->serialno); parm->serialno = store_serialno (line); diff --git a/g10/call-agent.h b/g10/call-agent.h index 70421db..fa1b88a 100644 --- a/g10/call-agent.h +++ b/g10/call-agent.h @@ -23,6 +23,7 @@ struct agent_card_info_s { int error; /* private. */ + char *reader; /* Reader information. */ char *apptype; /* Malloced application type string. */ char *serialno; /* malloced hex string. */ char *disp_name; /* malloced. */ diff --git a/g10/card-util.c b/g10/card-util.c index b8c5054..7196031 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -387,6 +387,11 @@ card_status (estream_t fp, char *serialno, size_t serialnobuflen) } if (opt.with_colons) + es_fprintf (fp, "Reader:%s:", info.reader? info.reader : ""); + else + tty_fprintf (fp, "Reader ...........: %s\n", + info.reader? info.reader : "[none]"); + if (opt.with_colons) es_fprintf (fp, "AID:%s:", info.serialno? info.serialno : ""); else tty_fprintf (fp, "Application ID ...: %s\n", diff --git a/scd/apdu.c b/scd/apdu.c index 1aebdd3..41790c6 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2466,6 +2466,7 @@ static int close_ccid_reader (int slot) { ccid_close_reader (reader_table[slot].ccid.handle); + reader_table[slot].rdrname = NULL; reader_table[slot].used = 0; return 0; } @@ -2619,7 +2620,8 @@ open_ccid_reader (const char *portstr) return -1; slotp = reader_table + slot; - err = ccid_open_reader (&slotp->ccid.handle, portstr); + err = ccid_open_reader (&slotp->ccid.handle, portstr, + (const char **)&slotp->rdrname); if (err) { slotp->used = 0; @@ -4326,3 +4328,10 @@ apdu_send_direct (int slot, size_t extended_length, return 0; } + + +const char * +apdu_get_reader_name (int slot) +{ + return reader_table[slot].rdrname; +} diff --git a/scd/apdu.h b/scd/apdu.h index 7e30f76..1694eac 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -134,6 +134,6 @@ int apdu_send_direct (int slot, size_t extended_length, const unsigned char *apdudata, size_t apdudatalen, int handle_more, unsigned char **retbuf, size_t *retbuflen); - +const char *apdu_get_reader_name (int slot); #endif /*APDU_H*/ diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index b64f24c..bf5b735 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -1542,7 +1542,8 @@ ccid_vendor_specific_init (ccid_driver_t handle) /* Open the reader with the internal number READERNO and return a pointer to be used as handle in HANDLE. Returns 0 on success. */ int -ccid_open_reader (ccid_driver_t *handle, const char *readerid) +ccid_open_reader (ccid_driver_t *handle, const char *readerid, + const char **rdrname_p) { int rc = 0; struct usb_device *dev = NULL; @@ -1661,6 +1662,9 @@ ccid_open_reader (ccid_driver_t *handle, const char *readerid) free (*handle); *handle = NULL; } + else + if (rdrname_p) + *rdrname_p = (*handle)->rid; return rc; } @@ -3735,7 +3739,7 @@ main (int argc, char **argv) break; } - rc = ccid_open_reader (&ccid, argc? *argv:NULL); + rc = ccid_open_reader (&ccid, argc? *argv:NULL, NULL); if (rc) return 1; diff --git a/scd/ccid-driver.h b/scd/ccid-driver.h index e62ad5c..be8a5ce 100644 --- a/scd/ccid-driver.h +++ b/scd/ccid-driver.h @@ -111,7 +111,8 @@ typedef struct ccid_driver_s *ccid_driver_t; int ccid_set_debug_level (int level); char *ccid_get_reader_list (void); -int ccid_open_reader (ccid_driver_t *handle, const char *readerid); +int ccid_open_reader (ccid_driver_t *handle, const char *readerid, + const char **rdrname_p); int ccid_set_progress_cb (ccid_driver_t handle, void (*cb)(void *, const char *, int, int, int), void *cb_arg); diff --git a/scd/command.c b/scd/command.c index 41a150b..a7033e8 100644 --- a/scd/command.c +++ b/scd/command.c @@ -667,9 +667,18 @@ cmd_learn (assuan_context_t ctx, char *line) knows about this card */ if (!only_keypairinfo) { + int slot; + const char *reader; char *serial; time_t stamp; + slot = vreader_slot (ctrl->server_local->vreader_idx); + reader = apdu_get_reader_name (slot); + if (!reader) + return out_of_core (); + send_status_direct (ctrl, "READER", reader); + /* No need to free the string of READER. */ + rc = app_get_serial_and_stamp (ctrl->app_ctx, &serial, &stamp); if (rc) return rc; ----------------------------------------------------------------------- Summary of changes: g10/call-agent.c | 8 +++++++- g10/call-agent.h | 1 + g10/card-util.c | 5 +++++ scd/apdu.c | 11 ++++++++++- scd/apdu.h | 2 +- scd/ccid-driver.c | 8 ++++++-- scd/ccid-driver.h | 3 ++- scd/command.c | 9 +++++++++ 8 files changed, 41 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 9 20:48:30 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 09 Nov 2015 20:48:30 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-121-g288c991 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 288c9919dc45496b2380eeac487a8539692d6842 (commit) via f92e95175e90120362a7d6376fb32307e11267b5 (commit) from bce0e3f71df0709a7d323a688ddf2690c1727a6c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 288c9919dc45496b2380eeac487a8539692d6842 Author: Werner Koch Date: Mon Nov 9 20:44:13 2015 +0100 dirmngr: Change to new ADNS Tor mode init scheme. * dirmngr/dns-stuff.c (tor_credentials): New. (enable_dns_tormode): Add arg new_circuit and update tor_credentials. (my_adns_init): Rework to set Tor mode using a config file options and always use credentials. * dirmngr/server.c (cmd_dns_cert): Improve error message. * dirmngr/t-dns-stuff.c (main): Add option --new-circuit. -- Note that the option --new-circuit in t-dns-stuff is not really useful because a new circuit is also used for the first call to the function. Todo: We need to find a policy when to requrest a new curcuit and we also need to add credentials to the assuan_sock_connect calls. Signed-off-by: Werner Koch diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index cae2c57..6bf36a5 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -85,17 +85,32 @@ /* If set Tor mode shall be used. */ static int tor_mode; +/* A string to hold the credentials presented to Tor. */ +#ifdef USE_ADNS +static char tor_credentials[50]; +#endif + /* Sets the module in Tor mode. Returns 0 is this is possible or an error code. */ gpg_error_t -enable_dns_tormode (void) +enable_dns_tormode (int new_circuit) { #if defined(USE_DNS_CERT) && defined(USE_ADNS) # if HAVE_ADNS_IF_TORMODE + if (!*tor_credentials || new_circuit) + { + static unsigned int counter; + + gpgrt_snprintf (tor_credentials, sizeof tor_credentials, + "dirmngr-%lu:p%u", + (unsigned long)getpid (), counter); + counter++; + } tor_mode = 1; return 0; # endif #endif + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); } @@ -145,14 +160,35 @@ map_eai_to_gpg_error (int ec) static gpg_error_t my_adns_init (adns_state *r_state) { - gpg_error_t err; + gpg_error_t err = 0; + int ret; - if (tor_mode? adns_init_strcfg (r_state, - adns_if_noerrprint|adns_if_tormode, - NULL, "nameserver 8.8.8.8") - /* */: adns_init (r_state, adns_if_noerrprint, NULL)) + if (tor_mode) + { + char *cfgstr; + + cfgstr = xtryasprintf ("nameserver %s\n" + "options adns_tormode adns_sockscred:%s", + "8.8.8.8", tor_credentials); + if (!cfgstr) + err = gpg_error_from_syserror (); + else + { + ret = adns_init_strcfg (r_state, adns_if_noerrprint, NULL, cfgstr); + if (ret) + err = gpg_error_from_errno (ret); + xfree (cfgstr); + } + } + else + { + ret = adns_init (r_state, adns_if_noerrprint, NULL); + if (ret) + err = gpg_error_from_errno (ret); + } + + if (err) { - err = gpg_error_from_syserror (); log_error ("error initializing adns: %s\n", gpg_strerror (err)); return err; } @@ -176,6 +212,9 @@ resolve_name_adns (const char *name, unsigned short port, adns_answer *answer = NULL; int count; + (void)port; + (void)want_family; + *r_dai = NULL; if (r_canonname) *r_canonname = NULL; diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h index 515a859..69637d6 100644 --- a/dirmngr/dns-stuff.h +++ b/dirmngr/dns-stuff.h @@ -94,7 +94,7 @@ struct srventry /* Calling this function switches the DNS code into Tor mode if possibe. Return 0 on success. */ -gpg_error_t enable_dns_tormode (void); +gpg_error_t enable_dns_tormode (int new_circuit); void free_dns_addrinfo (dns_addrinfo_t ai); diff --git a/dirmngr/server.c b/dirmngr/server.c index 74e00fb..ba37508 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -714,10 +714,10 @@ cmd_dns_cert (assuan_context_t ctx, char *line) } } - if (opt.use_tor && enable_dns_tormode ()) + if (opt.use_tor && (err = enable_dns_tormode (0))) { /* Tor mode is requested but the DNS code can't enable it. */ - err = gpg_error (GPG_ERR_FORBIDDEN); + assuan_set_error (ctx, err, "error enabling Tor mode"); goto leave; } diff --git a/dirmngr/t-dns-stuff.c b/dirmngr/t-dns-stuff.c index 191b581..3030277 100644 --- a/dirmngr/t-dns-stuff.c +++ b/dirmngr/t-dns-stuff.c @@ -41,6 +41,7 @@ main (int argc, char **argv) gpg_error_t err; int any_options = 0; int opt_tor = 0; + int opt_new_circuit = 0; int opt_cert = 0; int opt_srv = 0; int opt_bracket = 0; @@ -66,6 +67,7 @@ main (int argc, char **argv) " --verbose print timings etc.\n" " --debug flyswatter\n" " --use-tor use Tor\n" + " --new-circuit use a new Tor circuit\n" " --bracket enclose v6 addresses in brackets\n" " --cert lookup a CERT RR\n" " --srv lookup a SRV RR\n" @@ -89,6 +91,11 @@ main (int argc, char **argv) opt_tor = 1; argc--; argv++; } + else if (!strcmp (*argv, "--new-circuit")) + { + opt_new_circuit = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--bracket")) { opt_bracket = 1; @@ -131,7 +138,7 @@ main (int argc, char **argv) if (opt_tor) { - err = enable_dns_tormode (); + err = enable_dns_tormode (opt_new_circuit); if (err) { fprintf (stderr, "error switching into Tor mode: %s\n", commit f92e95175e90120362a7d6376fb32307e11267b5 Author: Werner Koch Date: Mon Nov 9 20:34:42 2015 +0100 dirmngr: Improve detection of ADNS. * configure.ac (HAVE_ADNS_FREE): New ac_define. Signed-off-by: Werner Koch diff --git a/configure.ac b/configure.ac index 22d1cfc..57bf85e 100644 --- a/configure.ac +++ b/configure.ac @@ -943,12 +943,8 @@ AC_ARG_WITH(adns, LDFLAGS="${LDFLAGS} -L$withval/lib" fi]) if test "$with_adns" != "no"; then - AC_CHECK_HEADERS(adns.h, - AC_CHECK_LIB(adns, adns_free, - [have_adns=yes], - [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]), - [CPPFLAGS=${_cppflags} LDFLAGS=${_ldflags}]) - + AC_CHECK_HEADERS(adns.h,AC_CHECK_LIB(adns, adns_init_strcfg,[have_adns=yes])) + AC_CHECK_FUNCS(adns_free) AC_MSG_CHECKING([if adns supports adns_if_tormode]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include @@ -959,6 +955,8 @@ if test "$with_adns" != "no"; then AC_DEFINE(HAVE_ADNS_IF_TORMODE,1,[define if adns_if_tormode is available]) fi fi +CPPFLAGS=${_cppflags} +LDFLAGS=${_ldflags} if test "$have_adns" = "yes"; then ADNSLIBS="-ladns" fi diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 3220d76..cae2c57 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -65,6 +65,11 @@ # define AI_ADDRCONFIG 0 #endif +/* Provide a replacement function for older ADNS versions. */ +#ifndef HAVE_ADNS_FREE +# define adns_free(a) free ((a)) +#endif + /* Not every installation has gotten around to supporting SRVs or CERTs yet... */ #ifndef T_SRV ----------------------------------------------------------------------- Summary of changes: configure.ac | 10 ++++----- dirmngr/dns-stuff.c | 58 ++++++++++++++++++++++++++++++++++++++++++++------- dirmngr/dns-stuff.h | 2 +- dirmngr/server.c | 4 ++-- dirmngr/t-dns-stuff.c | 9 +++++++- 5 files changed, 66 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 9 20:50:32 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 09 Nov 2015 20:50:32 +0100 Subject: [git] ADNS-g10 - branch, master, updated. adns-1.4-g10-6-12-g95b256a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "ADNS migrated to autotools/libtool". The branch, master has been updated via 95b256a42bfbe5df1f60440567e5db2cab438e1f (commit) via 637132f9b042fd34a539971bf73a5da5ddf2e0a1 (commit) via adfac89d2b7b759a303cb4515b120f3f791fb812 (commit) via 88f7746879866596d783cf6dea403d9b9ae357da (commit) via 92075c89ebcea44a4ba7199f26d51dd47289e38c (commit) via 3eb42f2a33580056cd39de1ef5f0cc067a66fba3 (commit) via dfddd7b35735cc2a6208b3a873a9c9727523fcb2 (commit) via 1491daf4adbd0b868da6667395d188b4049664d3 (commit) from e317a09c6f855e806efa035ecb97f27f6b6942fd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 95b256a42bfbe5df1f60440567e5db2cab438e1f Author: Werner Koch Date: Mon Nov 9 18:10:27 2015 +0100 Allow SOCKS5 authentication with username/password. * src/event.c (socks_connect): Implemedn authentication method 2. -- The credentials are given by the new config option adns_sockscred. Changing the credentials is an indication to Tor to use a new circuit. Tor ignore the actual values. Signed-off-by: Werner Koch diff --git a/src/event.c b/src/event.c index 925617d..064fbd9 100644 --- a/src/event.c +++ b/src/event.c @@ -149,8 +149,10 @@ socks_connect (adns_state ads, int fd, size_t proxyaddrlen; struct sockaddr_in6 *addr_in6; struct sockaddr_in *addr_in; - unsigned char buffer[22]; + unsigned char buffer[22+512]; /* The extra 512 bytes is used as + space for username:password. */ size_t buflen; + int method; memset (&proxyaddr_in, 0, sizeof proxyaddr_in); @@ -168,7 +170,11 @@ socks_connect (adns_state ads, int fd, /* Negotiate method. */ buffer[0] = 5; /* RFC-1928 VER field. */ buffer[1] = 1; /* NMETHODS */ - buffer[2] = 0; /* Method: No authentication required. */ + if (ads->sockscred) + method = 2; /* Method: username/password authentication. */ + else + method = 0; /* Method: No authentication required. */ + buffer[2] = method; adns__sigpipe_protect(ads); ret = adns__sock_write(fd, buffer, 3); adns__sigpipe_unprotect(ads); @@ -181,7 +187,7 @@ socks_connect (adns_state ads, int fd, ret = adns__sock_read(fd, buffer, 2); if (ret < 0) return ret; - if (ret != 2 || buffer[0] != 5 || buffer[1] != 0 ) + if (ret != 2 || buffer[0] != 5 || buffer[1] != method ) { /* Socks server returned wrong version or does not support our requested method. */ @@ -189,6 +195,66 @@ socks_connect (adns_state ads, int fd, return -1; } + if (ads->sockscred) + { + /* Username/Password sub-negotiation. */ + const char *password; + int ulen, plen; + + password = strchr (ads->sockscred, ':'); + if (!password) + { + errno = EINVAL; /* No password given. */ + return -1; + } + ulen = password - ads->sockscred; + password++; + plen = strlen (password); + if (!ulen || ulen > 255 || !plen || plen > 255) + { + errno = EINVAL; /* Credentials too long or too short. */ + return -1; + } + + buffer[0] = 1; /* VER of the sub-negotiation. */ + buffer[1] = ulen; + buflen = 2; + memcpy (buffer+buflen, ads->sockscred, ulen); + buflen += ulen; + buffer[buflen++] = plen; + memcpy (buffer+buflen, password, plen); + buflen += plen; + adns__sigpipe_protect(ads); + ret = adns__sock_write(fd, buffer, buflen); + adns__sigpipe_unprotect(ads); + WIPEMEMORY (buffer, buflen); + if (ret != buflen) + { + if (ret >= 0) + errno = EIO; + return -1; + } + ret = adns__sock_read(fd, buffer, 2); + if (ret != 2) + { + if (ret >= 0) + errno = EIO; + return -1; + } + if (buffer[0] != 1) + { + /* SOCKS server returned wrong version. */ + errno = EPROTO; + return -1; + } + if (buffer[1]) + { + /* SOCKS server denied access. */ + errno = EACCES; + return -1; + } + } + /* Send request details (rfc-1928, 4). */ buffer[0] = 5; /* VER */ buffer[1] = 1; /* CMD = CONNECT */ commit 637132f9b042fd34a539971bf73a5da5ddf2e0a1 Author: Werner Koch Date: Mon Nov 9 18:08:03 2015 +0100 Make handling of returned SOCKS bound address more robust. * src/event.c (socks_connect): Allow proxy to return a v6 address instead of the provided v4 and vice versa. -- The specs say nothing about this but doing it this way is likely more robust that assuming the same family will be returned. Signed-off-by: Werner Koch diff --git a/src/event.c b/src/event.c index 8aae3af..925617d 100644 --- a/src/event.c +++ b/src/event.c @@ -220,7 +220,7 @@ socks_connect (adns_state ads, int fd, errno = EIO; return -1; } - ret = adns__sock_read(fd, buffer, buflen); + ret = adns__sock_read(fd, buffer, 10 /*(v4 length)*/); if (ret < 0) return ret; if (ret != buflen || buffer[0] != 5 || buffer[2] != 0 ) @@ -258,9 +258,23 @@ socks_connect (adns_state ads, int fd, case 0x07: /* Command not supported */ default: errno = ENOTSUP; /* Fixme: Is there a better errno? */ + break; } return -1; } + if (buffer[3] == 4) + { + /* ATYP indicates a v6 address. We need to read the remaining + 12 bytes to finialize the SOCKS5 intro. */ + ret = adns__sock_read(fd, buffer, 12 /*(v6-v4 length)*/); + if (ret != 12) + { + if (ret >= 0) + errno = EIO; + return -1; + } + } + /* FIXME: We have not way to store the actual address used by the server. */ commit adfac89d2b7b759a303cb4515b120f3f791fb812 Author: Werner Koch Date: Mon Nov 9 18:01:43 2015 +0100 Add macro to safely clear memory. * src/internal.h (WIPEMEMORY): New. -- This kind of platform neutral code has been in use by GnuPG and Libgcrypt for ages. I am still waiting for some C committee f^D experts to figure that this makes use of undefined behaviour for volatile and they tell their optimizing-for-the-flat-world compiler to remove such code and thereby unveil passwords in memory (which actually happened for the standard memset). Signed-off-by: Werner Koch diff --git a/src/internal.h b/src/internal.h index dafb50b..271d000 100644 --- a/src/internal.h +++ b/src/internal.h @@ -760,6 +760,14 @@ static inline int errno_resources(int e) { return e==ENOMEM || e==ENOBUFS; } ) +/* To avoid that a compiler optimizes certain memset calls away, this + macro may be used instead. */ +#define WIPEMEMORY(_ptr,_len) do { \ + volatile char *_vptr=(volatile char *)(_ptr); \ + size_t _vlen=(_len); \ + while(_vlen) { *_vptr=0; _vptr++; _vlen--; } \ + } while(0) + #endif commit 88f7746879866596d783cf6dea403d9b9ae357da Author: Werner Koch Date: Sun Nov 8 18:57:56 2015 +0100 Add config options adns_tormode and adns_sockscred. * src/internal.h (struct adns__state): Add field "sockscred". * src/setup.c (init_begin): Clear SOCKSCRED. (init_finish): Free SOCKSCRED. (ccf_options): Implement new options. * src/adns.h: Describe options. Signed-off-by: Werner Koch diff --git a/src/adns.h b/src/adns.h index 6ed9a97..9fe9a9a 100644 --- a/src/adns.h +++ b/src/adns.h @@ -515,6 +515,14 @@ int adns_init_logfn(adns_state *newstate_r, adns_initflags flags, * setting of adns_if_check_entex, adns_if_check_freq, or neither, * in the flags passed to adns_init. * + * adns_tormode + * Forces the use of virtual circuits over a SOCKS5 proxy running at + * port 9050. No UDP based communication is done. + * + * adns_sockscred:username:password + * Use username and password for SOCKS5 authentication. Default is + * no authentication. + * * There are a number of environment variables which can modify the * behaviour of adns. They take effect only if adns_init is used, and * the caller of adns_init can disable them using adns_if_noenv. In diff --git a/src/internal.h b/src/internal.h index c72a2ee..dafb50b 100644 --- a/src/internal.h +++ b/src/internal.h @@ -338,6 +338,7 @@ struct adns__state { } sortlist[MAXSORTLIST]; char **searchlist; unsigned short rand48xsubi[3]; + char *sockscred; /* Malloced string with the SOCKS5 credentials or NULL. */ }; /* From setup.c: */ diff --git a/src/setup.c b/src/setup.c index 6b0172c..c33e2c5 100644 --- a/src/setup.c +++ b/src/setup.c @@ -269,6 +269,21 @@ static void ccf_options(adns_state ads, const char *fn, } continue; } + if (l==12 && !memcmp(word,"adns_tormode",12)) { + ads->iflags |= adns_if_tormode; + continue; + } + if (l>=15 && !memcmp(word,"adns_sockscred:",15)) { + l -= 15; + ads->sockscred = malloc (l + 1); + if (!ads->sockscred) { + saveerr(ads,errno); + continue; + } + memcpy (ads->sockscred, word+15, l); + ads->sockscred[l] = 0; + continue; + } adns__diag(ads,-1,0,"%s:%d: unknown option `%.*s'", fn,lno, l,word); } } @@ -557,6 +572,8 @@ static int init_begin(adns_state *ads_r, adns_initflags flags, ads->rand48xsubi[1]= (unsigned long)pid >> 16; ads->rand48xsubi[2]= pid ^ ((unsigned long)pid >> 16); + ads->sockscred = NULL; + *ads_r= ads; return 0; } @@ -585,6 +602,8 @@ static int init_finish(adns_state ads) { x_closeudp: close(ads->udpsocket); x_free: + if (ads->sockscred) + free (ads->sockscred); free(ads); return r; } commit 92075c89ebcea44a4ba7199f26d51dd47289e38c Author: Mark Wooding Date: Mon Jun 9 10:41:33 2014 +0100 src/types.c: Fix up the table-of-contents comments. Cheesy but useful sed(1) rune: sed -n ' /order of sections/,/\*\//d /^ \* _/s///p /^static \+[a-z0-9_]\+ \+\**\([0-9a-z_]\+\).*$/s// \1/p' Signed-off-by: Mark Wooding Resolved conflicts: src/types.c - keep my own v6 parser. diff --git a/src/types.c b/src/types.c index c73fd22..8a0986f 100644 --- a/src/types.c +++ b/src/types.c @@ -49,22 +49,25 @@ * _intstr (mf,csp,cs) * _manyistr (mf,cs) * _txt (pa) - * _inaddr (pa,dip,di) - * _addr (pa,di,csp,cs) - * _domain (pap) + * _inaddr (pa,dip,di,cs +search_sortlist) + * _addr (pa,di,div,csp,cs) + * _domain (pap,csp,cs) + * _dom_raw (pa) * _host_raw (pa) - * _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs +pap_findaddrs) + * _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs + * +pap_findaddrs, icb_hostaddr) * _mx_raw (pa,di) * _mx (pa,di) * _inthostaddr (mf,cs) + * _inthost (cs) * _ptr (pa) - * _strpair (mf,cs) - * _intstrpair (mf,cs) + * _strpair (mf) + * _intstrpair (mf) * _hinfo (pa) - * _mailbox (pap +pap_mailbox822) - * _rp (pa) + * _mailbox (pap,csp +pap_mailbox822) + * _rp (pa,cs) * _soa (pa,mf,cs) - * _srv* (qdpl,(pap),pa,mf,di,(csp),cs,postsort) + * _srv* (qdpl,(pap),pa*2,mf*2,di,(csp),cs*2,postsort) * _byteblock (mf) * _opaque (pa,cs) * _flat (mf) @@ -241,7 +244,7 @@ static adns_status cs_hinfo(vbuf *vb, const void *datap) { } /* - * _inaddr (pa,dip,di) + * _inaddr (pa,dip,di,cs +search_sortlist) */ static adns_status pa_inaddr(const parseinfo *pai, int cbyte, @@ -365,7 +368,7 @@ static adns_status cs_in6addr(vbuf *vb, const void *datap) { /* - * _addr (pa,di,csp,cs) + * _addr (pa,di,div,csp,cs) */ static adns_status pa_addr(const parseinfo *pai, int cbyte, @@ -484,7 +487,7 @@ static adns_status pa_host_raw(const parseinfo *pai, int cbyte, } /* - * _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs +icb_hostaddr, pap_findaddrs) + * _hostaddr (pap,pa,dip,di,mfp,mf,csp,cs +pap_findaddrs, icb_hostaddr) */ static adns_status pap_findaddrs(const parseinfo *pai, adns_rr_hostaddr *ha, @@ -924,7 +927,7 @@ static adns_status pa_hinfo(const parseinfo *pai, int cbyte, } /* - * _mailbox (pap,cs) + * _mailbox (pap,cs +pap_mailbox822) */ static adns_status pap_mailbox822(const parseinfo *pai, @@ -1081,7 +1084,7 @@ static adns_status cs_soa(vbuf *vb, const void *datap) { } /* - * _srv* (pa*2,di,cs*2,qdpl,postsort) + * _srv* (qdpl,(pap),pa*2,mf*2,di,(csp),cs*2,postsort) */ static adns_status qdpl_srv(adns_state ads, commit 3eb42f2a33580056cd39de1ef5f0cc067a66fba3 Author: Mark Wooding Date: Sun Jun 8 00:01:46 2014 +0100 client/adh-query.c: Surprising comma rather than semicolon. This doesn't change the meaning of the code, but it's really surprising. Signed-off-by: Mark Wooding Resolved conflicts: client/adh-query.c - white space diff --git a/client/adh-query.c b/client/adh-query.c index a2fb4f5..12021db 100644 --- a/client/adh-query.c +++ b/client/adh-query.c @@ -121,7 +121,7 @@ static void prep_query(struct query_node **qun_r, int *quflags_r) { (ov_qc_query ? adns_qf_quoteok_query : 0) | (ov_qc_anshost ? adns_qf_quoteok_anshost : 0) | (ov_qc_cname ? 0 : adns_qf_quoteok_cname) | - ov_cname, + ov_cname; *qun_r= qun; } commit dfddd7b35735cc2a6208b3a873a9c9727523fcb2 Author: Mark Wooding Date: Sat Jun 7 18:02:53 2014 +0100 src/internal.h: Delete decoy type `rr_align'. The droid you were looking for is called `union maxalign'. Signed-off-by: Mark Wooding diff --git a/src/internal.h b/src/internal.h index 6bc0702..c72a2ee 100644 --- a/src/internal.h +++ b/src/internal.h @@ -91,15 +91,6 @@ typedef enum { /* Shared data structures */ -typedef union { - adns_status status; - char *cp; - adns_rrtype type; - int i; - struct in_addr ia; - unsigned long ul; -} rr_align; - typedef struct { int used, avail; byte *buf; commit 1491daf4adbd0b868da6667395d188b4049664d3 Author: Mark Wooding Date: Sat May 31 15:05:17 2014 +0100 src/types.c: Remove some unused macros. Signed-off-by: Mark Wooding diff --git a/src/types.c b/src/types.c index 07d16da..c73fd22 100644 --- a/src/types.c +++ b/src/types.c @@ -1321,9 +1321,6 @@ static void mf_flat(adns_query qu, void *data) { } #define TYPESZ_M(member) (sizeof(*((adns_answer*)0)->rrs.member)) -#define DEEP_MEMB(memb) TYPESZ_M(memb), mf_##memb, cs_##memb -#define FLAT_MEMB(memb) TYPESZ_M(memb), mf_flat, cs_##memb - #define DEEP_TYPE(code,rrt,fmt,memb,parser,comparer,printer) \ { adns_r_##code, rrt,fmt,TYPESZ_M(memb), mf_##memb, \ printer,parser,comparer, adns__qdpl_normal,0 } ----------------------------------------------------------------------- Summary of changes: client/adh-query.c | 2 +- src/adns.h | 8 +++++ src/event.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++--- src/internal.h | 18 +++++------ src/setup.c | 19 ++++++++++++ src/types.c | 34 ++++++++++----------- 6 files changed, 138 insertions(+), 31 deletions(-) hooks/post-receive -- ADNS migrated to autotools/libtool http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 10 08:11:07 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 10 Nov 2015 08:11:07 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-123-g67c701d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 67c701d1e53f56305e3b8771c683c45bb9672305 (commit) via 951f277b6bf8178560105538d38e2a07a96865bd (commit) from 288c9919dc45496b2380eeac487a8539692d6842 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 67c701d1e53f56305e3b8771c683c45bb9672305 Author: Neal H. Walfield Date: Tue Nov 10 08:05:17 2015 +0100 gpg: Default to the the PGP trust model. * g10/trustdb.c (init_trustdb): If we can't read the trust model from the trust DB, default to TM_PGP, not TM_TOFU_PGP. -- Signed-off-by: Neal H. Walfield diff --git a/g10/trustdb.c b/g10/trustdb.c index 64de985..4f60f1f 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -466,8 +466,8 @@ init_trustdb () && opt.trust_model != TM_EXTERNAL) { log_info(_("unable to use unknown trust model (%d) - " - "assuming %s trust model\n"),opt.trust_model,"tofu+pgp"); - opt.trust_model = TM_TOFU_PGP; + "assuming %s trust model\n"),opt.trust_model,"pgp"); + opt.trust_model = TM_PGP; } if(opt.verbose) commit 951f277b6bf8178560105538d38e2a07a96865bd Author: Neal H. Walfield Date: Tue Nov 10 08:03:57 2015 +0100 gpg: Default to the flat TOFU DB format. * g10/tofu.c (opendbs): If the TOFU DB format is set to auto and there is no TOFU DB, default to the flat format. -- Signed-off-by: Neal H. Walfield diff --git a/g10/tofu.c b/g10/tofu.c index f6d2d5e..f7dd40d 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1014,9 +1014,9 @@ opendbs (void) } else { - opt.tofu_db_format = TOFU_DB_SPLIT; + opt.tofu_db_format = TOFU_DB_FLAT; if (DBG_TRUST) - log_debug ("Using split format for TOFU DB.\n"); + log_debug ("Using flat format for TOFU DB.\n"); } } ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 4 ++-- g10/trustdb.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 11 18:32:19 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 11 Nov 2015 18:32:19 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-124-g7546e81 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7546e818791988c00b8635dab5b899265d8d9f42 (commit) from 67c701d1e53f56305e3b8771c683c45bb9672305 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7546e818791988c00b8635dab5b899265d8d9f42 Author: Neal H. Walfield Date: Wed Nov 11 18:26:53 2015 +0100 gpg: Fix cache consistency problem. g10/keyring.c (keyring_search): Only mark the cache as completely filled if we start the scan from the beginning of the keyring. -- Signed-off-by: Neal H. Walfield Reported-by: NIIBE Yutaka A new feature (e8c53fc) turned up a bug whereby checking if a search term matches multiple keys in the keyring causes the cache to be inconsistent. When we look for a key on the keyring, we iterate over each of the keyblocks starting with the keyblock following the last result. For each keyblock, we iterate over the public key and any subkeys. As we iterate over each key, we first insert it into the cache and then check if the key matches. If so, we are done. In pseudo code: for (i = last_result + 1; i < num_records; i ++) keyblock = get_keyblock (i) for (j = 1; j < len(keyblock); j ++) key = keyblock[j] update_cache (key) if (compare (key, search_terms)) return ok cache_filled = true return ENOFOUND When we look for the next match, we start with the following keyblock. The result is that any subkeys following the key that matched are not added to the cache (in other words, when a keyblock matches, the inner loop did not necessarily complete and the subsequent search doesn't resume it). This patch includes a straightforward fix: only indicate the cache as complete if we started the scan from the beginning of the keyring and really didn't find anything. diff --git a/g10/keyring.c b/g10/keyring.c index 81d2174..4e2145f 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -943,6 +943,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, int need_uid, need_words, need_keyid, need_fpr, any_skip; int pk_no, uid_no; int initial_skip; + int scanned_from_start; int use_offtbl; PKT_user_id *uid = NULL; PKT_public_key *pk = NULL; @@ -1045,6 +1046,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, main_offset = 0; pk_no = uid_no = 0; initial_skip = 1; /* skip until we see the start of a keyblock */ + scanned_from_start = iobuf_tell (hd->current.iobuf) == 0; while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid))) { byte afp[MAX_FINGERPRINT_LEN]; @@ -1080,7 +1082,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, if (need_keyid) keyid_from_pk (pk, aki); - if (use_offtbl && !kr_offtbl_ready) + if (use_offtbl && !kr_offtbl_ready && scanned_from_start) update_offset_hash_table (kr_offtbl, aki, main_offset); } else if (pkt.pkttype == PKT_USER_ID) @@ -1168,7 +1170,7 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, hd->current.eof = 1; /* if we scanned all keyrings, we are sure that * all known key IDs are in our offtbl, mark that. */ - if (use_offtbl && !kr_offtbl_ready) + if (use_offtbl && !kr_offtbl_ready && scanned_from_start) { KR_NAME kr; ----------------------------------------------------------------------- Summary of changes: g10/keyring.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 12 11:52:57 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 12 Nov 2015 11:52:57 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-95-gf0bca1f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via f0bca1fdeb4ce24a6f665517b12f0e502a2cb906 (commit) via 4f8c746e390d754fe4a8f7ae7a8968f750d2b1f9 (commit) from 099467d571206a3dbf4b606792a01a1e7f0e0df8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f0bca1fdeb4ce24a6f665517b12f0e502a2cb906 Author: Andre Heinecke Date: Thu Nov 12 10:55:19 2015 +0100 Do not release eventsink when disabled * src/gpgoladdin.cpp (GpgolAddin::~GpgolAddin): Do not release m_appliactionEventSink when disabled. Use NULL guarded release. -- When we are disabled OnStartupComplete never creates the event sink but the addin's dtor is called on unload. diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp index 93a0f7a..8b03782 100644 --- a/src/gpgoladdin.cpp +++ b/src/gpgoladdin.cpp @@ -164,15 +164,16 @@ GpgolAddin::GpgolAddin (void) : m_lRef(0), m_application(0), GpgolAddin::~GpgolAddin (void) { + if (m_disabled) + { + return; + } log_debug ("%s:%s: Releasing Application Event Sink;", SRCNAME, __func__); - m_applicationEventSink->Release(); + RELDISP (m_applicationEventSink); - if (!m_disabled) - { - engine_deinit (); - write_options (); - } + engine_deinit (); + write_options (); log_debug ("%s:%s: Object deleted\n", SRCNAME, __func__); } commit 4f8c746e390d754fe4a8f7ae7a8968f750d2b1f9 Author: Andre Heinecke Date: Thu Nov 12 10:50:08 2015 +0100 Fix double free when addin is disabled * src/gpgoladdin.cpp (GpgolAddin::~GpgolAddin): Do not release RibbonExtender. -- The RibbonExtender is already released by outlook. So we released an invalid object here. This worked often enough but could of course crash. diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp index 6f4c4a4..93a0f7a 100644 --- a/src/gpgoladdin.cpp +++ b/src/gpgoladdin.cpp @@ -164,10 +164,6 @@ GpgolAddin::GpgolAddin (void) : m_lRef(0), m_application(0), GpgolAddin::~GpgolAddin (void) { - log_debug ("%s:%s: Releasing Extender;", - SRCNAME, __func__); - m_ribbonExtender->Release (); - log_debug ("%s:%s: Releasing Application Event Sink;", SRCNAME, __func__); m_applicationEventSink->Release(); ----------------------------------------------------------------------- Summary of changes: src/gpgoladdin.cpp | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 12 13:37:11 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 12 Nov 2015 13:37:11 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-126-ga3b26d6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a3b26d6c0839ec18d1dc226bb537d5067c86d574 (commit) via a2cc1d57552ccac7b2f9a0c6423b171b2a168b2a (commit) from 7546e818791988c00b8635dab5b899265d8d9f42 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a3b26d6c0839ec18d1dc226bb537d5067c86d574 Author: Werner Koch Date: Thu Nov 12 13:31:59 2015 +0100 dirmngr: Do not block during ADNS calls. * dirmngr/dns-stuff.c: Include npth.h (my_unprotect, my_protect): New wrapper. (resolve_name_adns): Put unprotect/protect around adns calls. (get_dns_cert): Ditto. (getsrv): Ditto. (get_dns_cname): Ditto. Signed-off-by: Werner Koch diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am index 009802a..c3bce0d 100644 --- a/dirmngr/Makefile.am +++ b/dirmngr/Makefile.am @@ -142,6 +142,7 @@ t_ldap_parse_uri_SOURCES = \ t_ldap_parse_uri_CFLAGS = -DWITHOUT_NPTH=1 t_ldap_parse_uri_LDADD = $(ldaplibs) $(t_common_ldadd) $(DNSLIBS) +t_dns_stuff_CFLAGS = -DWITHOUT_NPTH=1 t_dns_stuff_SOURCES = t-dns-stuff.c dns-stuff.c t_dns_stuff_LDADD = $(t_common_ldadd) $(DNSLIBS) diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 6f3ce39..200e1e2 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -51,10 +51,25 @@ # error Either getaddrinfo or the ADNS libary is required. #endif +#ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ +# undef USE_NPTH +#endif +#ifdef USE_NPTH +# include +#endif + #include "util.h" #include "host2net.h" #include "dns-stuff.h" +#ifdef USE_NPTH +# define my_unprotect() npth_unprotect () +# define my_protect() npth_protect () +#else +# define my_unprotect() do { } while(0) +# define my_protect() do { } while(0) +#endif + /* We allow the use of 0 instead of AF_UNSPEC - check this assumption. */ #if AF_UNSPEC != 0 # error AF_UNSPEC does not have the value 0 @@ -231,6 +246,7 @@ resolve_name_adns (const char *name, unsigned short port, dns_addrinfo_t *r_dai, char **r_canonname) { gpg_error_t err = 0; + int ret; dns_addrinfo_t daihead = NULL; dns_addrinfo_t dai; adns_state state; @@ -251,8 +267,11 @@ resolve_name_adns (const char *name, unsigned short port, if (err) return err; - if (adns_synchronous (state, name, adns_r_addr, - adns_qf_quoteok_query, &answer)) + my_unprotect (); + ret = adns_synchronous (state, name, adns_r_addr, + adns_qf_quoteok_query, &answer); + my_protect (); + if (ret) { err = gpg_error_from_syserror (); log_error ("DNS query failed: %s\n", gpg_strerror (err)); @@ -629,6 +648,7 @@ get_dns_cert (const char *name, int want_certtype, #ifdef USE_DNS_CERT #ifdef USE_ADNS gpg_error_t err; + int ret; adns_state state; adns_answer *answer = NULL; unsigned int ctype; @@ -646,12 +666,15 @@ get_dns_cert (const char *name, int want_certtype, if (err) return err; - if (adns_synchronous (state, name, - (adns_r_unknown - | (want_certtype < DNS_CERTTYPE_RRBASE - ? my_adns_r_cert - : (want_certtype - DNS_CERTTYPE_RRBASE))), - adns_qf_quoteok_query, &answer)) + my_unprotect (); + ret = adns_synchronous (state, name, + (adns_r_unknown + | (want_certtype < DNS_CERTTYPE_RRBASE + ? my_adns_r_cert + : (want_certtype - DNS_CERTTYPE_RRBASE))), + adns_qf_quoteok_query, &answer); + my_protect (); + if (ret) { err = gpg_error_from_syserror (); /* log_error ("DNS query failed: %s\n", strerror (errno)); */ @@ -1001,8 +1024,10 @@ getsrv (const char *name,struct srventry **list) if (my_adns_init (&state)) return -1; + my_unprotect (); rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query, &answer); + my_protect (); if (rc) { log_error ("DNS query failed: %s\n", strerror (errno)); @@ -1241,8 +1266,10 @@ get_dns_cname (const char *name, char **r_cname) if (my_adns_init (&state)) return gpg_error (GPG_ERR_GENERAL); + my_unprotect (); rc = adns_synchronous (state, name, adns_r_cname, adns_qf_quoteok_query, &answer); + my_protect (); if (rc) { err = gpg_error_from_syserror (); commit a2cc1d57552ccac7b2f9a0c6423b171b2a168b2a Author: Werner Koch Date: Thu Nov 12 13:20:18 2015 +0100 dirmngr: New option --nameserver. * dirmngr/dirmngr.c (oNameServer): New. (opts): Add --nameserver. (parse_rereadable_options): Act upon oNameServer. * dirmngr/dns-stuff.c (DEFAULT_NAMESERVER): New. (tor_nameserver): New. (set_dns_nameserver): New. (my_adns_init): Make name server configurable. Signed-off-by: Werner Koch diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index d6c1670..8789d81 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -68,6 +68,7 @@ #endif #include "../common/init.h" #include "gc-opt-flags.h" +#include "dns-stuff.h" /* The plain Windows version uses the windows service system. For example to start the service you may use "sc start dirmngr". @@ -142,6 +143,7 @@ enum cmd_and_opt_values { oIgnoreCertExtension, oUseTor, oKeyServer, + oNameServer, aTest }; @@ -214,6 +216,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_i (oMaxReplies, "max-replies", N_("|N|do not return more than N items in one query")), + ARGPARSE_s_s (oNameServer, "nameserver", "@"), ARGPARSE_s_s (oKeyServer, "keyserver", "@"), ARGPARSE_s_s (oHkpCaCert, "hkp-cacert", N_("|FILE|use the CA certificates in FILE for HKP over TLS")), @@ -623,6 +626,10 @@ parse_rereadable_options (ARGPARSE_ARGS *pargs, int reread) opt.keyserver = *pargs->r.ret_str? xtrystrdup (pargs->r.ret_str) : NULL; break; + case oNameServer: + set_dns_nameserver (pargs->r.ret_str); + break; + default: return 0; /* Not handled. */ } diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 6bf36a5..6f3ce39 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -82,9 +82,18 @@ /* ADNS has no support for CERT yet. */ #define my_adns_r_cert 37 + +/* The default nameserver used with ADNS in Tor mode. */ +#define DEFAULT_NAMESERVER "8.8.8.8" + + /* If set Tor mode shall be used. */ static int tor_mode; +/* A string with the nameserver IP address used with Tor. + (40 should be sufficient for v6 but we add some extra for a scope.) */ +static char tor_nameserver[40+20]; + /* A string to hold the credentials presented to Tor. */ #ifdef USE_ADNS static char tor_credentials[50]; @@ -114,6 +123,19 @@ enable_dns_tormode (int new_circuit) return gpg_error (GPG_ERR_NOT_IMPLEMENTED); } + +/* Change the default IP address of the nameserver to IPADDR. The + address needs to be a numerical IP address and will be used for the + next DNS query. Note that this is only used in Tor mode. */ +void +set_dns_nameserver (const char *ipaddr) +{ + strncpy (tor_nameserver, ipaddr? ipaddr : DEFAULT_NAMESERVER, + sizeof tor_nameserver -1); + tor_nameserver[sizeof tor_nameserver -1] = 0; +} + + /* Free an addressinfo linked list as returned by resolve_dns_name. */ void free_dns_addrinfo (dns_addrinfo_t ai) @@ -167,14 +189,17 @@ my_adns_init (adns_state *r_state) { char *cfgstr; + if (!*tor_nameserver) + set_dns_nameserver (NULL); + cfgstr = xtryasprintf ("nameserver %s\n" "options adns_tormode adns_sockscred:%s", - "8.8.8.8", tor_credentials); + tor_nameserver, tor_credentials); if (!cfgstr) err = gpg_error_from_syserror (); else { - ret = adns_init_strcfg (r_state, adns_if_noerrprint, NULL, cfgstr); + ret = adns_init_strcfg (r_state, adns_if_debug /*adns_if_noerrprint*/, NULL, cfgstr); if (ret) err = gpg_error_from_errno (ret); xfree (cfgstr); diff --git a/dirmngr/dns-stuff.h b/dirmngr/dns-stuff.h index 69637d6..ee5132d 100644 --- a/dirmngr/dns-stuff.h +++ b/dirmngr/dns-stuff.h @@ -96,6 +96,12 @@ struct srventry possibe. Return 0 on success. */ gpg_error_t enable_dns_tormode (int new_circuit); +/* Change the default IP address of the nameserver to IPADDR. The + address needs to be a numerical IP address and will be used for the + next DNS query. Note that this is only used in Tor mode. */ +void set_dns_nameserver (const char *ipaddr); + + void free_dns_addrinfo (dns_addrinfo_t ai); /* Function similar to getaddrinfo. */ diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 06da87e..e453e8a 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -244,11 +244,11 @@ this still leaks the DNS queries; e.g. to lookup the hosts in a keyserver pool. Certain other features are disabled if this mode is active. - at item --keyserver @code{name} + at item --keyserver @var{name} @opindex keyserver -Use @code{name} as your keyserver. This is the server that @command{gpg} +Use @var{name} as your keyserver. This is the server that @command{gpg} communicates with to receive keys, send keys, and search for -keys. The format of the @code{name} is a URI: +keys. The format of the @var{name} is a URI: `scheme:[//]keyservername[:port]' The scheme is the type of keyserver: "hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP keyservers, or "mailto" for the Graff email keyserver. Note that your @@ -263,6 +263,16 @@ need to send keys to more than one server. The keyserver @code{hkp://keys.gnupg.net} uses round robin DNS to give a different keyserver each time you use it. + + at item --nameserver @var{ipaddr} + at opindex nameserver +In ``Tor mode'' Dirmngr uses a public resolver via Tor to resolve DNS +names. If the default public resolver, which is @code{8.8.8.8}, shall +not be used a different one can be given using this option. Note that +a numerical IP address must be given (IPv6 or IPv4) and that no error +checking is done for @var{ipaddr}. DNS queries in Tor mode do only +work if GnuPG as been build with ADNS support. + @item --disable-ldap @opindex disable-ldap Entirely disables the use of LDAP. ----------------------------------------------------------------------- Summary of changes: dirmngr/Makefile.am | 1 + dirmngr/dirmngr.c | 7 ++++++ dirmngr/dns-stuff.c | 72 +++++++++++++++++++++++++++++++++++++++++++++-------- dirmngr/dns-stuff.h | 6 +++++ doc/dirmngr.texi | 16 +++++++++--- 5 files changed, 89 insertions(+), 13 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 12 16:37:57 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 12 Nov 2015 16:37:57 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-100-ge825977 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via e8259773872cdc10cb29b539e6c6de435065d4f4 (commit) from ab0a5867b372b9f9436ffc4acc34363c53ed8b48 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e8259773872cdc10cb29b539e6c6de435065d4f4 Author: Andre Heinecke Date: Thu Nov 12 16:37:01 2015 +0100 Actually add French translation from afb7e445c -- Woops forgot to git add diff --git a/po/fr.po b/po/fr.po new file mode 100644 index 0000000..0b39be9 --- /dev/null +++ b/po/fr.po @@ -0,0 +1,799 @@ +# Copyright (C) 2015 Olivier Serve +# This file is distributed under the same license as the GpgOL package. +# +# Olivier Serve , 2015. +msgid "" +msgstr "" +"Project-Id-Version: \n" +"Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" +"POT-Creation-Date: 2015-11-12 12:50+0100\n" +"PO-Revision-Date: 2015-10-01 17:05+0200\n" +"Last-Translator: Olivier Serve \n" +"Language-Team: French \n" +"Language: fr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Lokalize 1.5\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#: src/attached-file-events.cpp:54 +msgid "Error creating file for attachment." +msgstr "Erreur ? la cr?ation du fichier ? joindre." + +#: src/attached-file-events.cpp:67 +msgid "Error reading attachment." +msgstr "Erreur ? la lecture du fichier joint." + +#: src/attached-file-events.cpp:78 src/attached-file-events.cpp:92 +msgid "Error writing attachment." +msgstr "Erreur ? l'?criture du fichier joint." + +#: src/attached-file-events.cpp:213 +msgid "" +"Sorry, we are not able to decrypt this attachment.\n" +"\n" +"Please use the decrypt/verify button to decrypt the\n" +"entire message again. Then open this attachment." +msgstr "" +"D?sol?, il n'est pas possible de d?chiffrer ce fichier joint.\n" +"\n" +"Veuillez utiliser le bouton d?chiffrer/v?rifier pour d?chiffrer\n" +"? nouveau le message entier, puis ouvrir ce fichier joint." + +#: src/common.c:269 +msgid "GpgOL - Save attachment" +msgstr "GpgOL - Enregistrer le fichier joint" + +#: src/config-dialog.c:137 +msgid "Debug output (for analysing problems)" +msgstr "Sortie Debug (pour analyser les probl?mes)" + +#: src/engine.c:374 +msgid "" +"The user interface server is not available or could not be started in time. " +"You may want to try again." +msgstr "" +"Kleopatra n'est pas disponible ou n'a pas pu ?tre d?marr?e ? temps. Veuillez " +"r?-essayer." + +#: src/engine.c:377 src/main.c:708 src/main.c:714 src/message.cpp:300 +#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:281 +#: src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 src/gpgoladdin.cpp:870 +#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:944 src/gpgoladdin.cpp:947 +#: src/ribbon-callbacks.cpp:119 src/ribbon-callbacks.cpp:233 +#: src/ribbon-callbacks.cpp:248 src/ribbon-callbacks.cpp:260 +#: src/ribbon-callbacks.cpp:297 src/ribbon-callbacks.cpp:309 +#: src/ribbon-callbacks.cpp:654 src/ribbon-callbacks.cpp:671 +#: src/ribbon-callbacks.cpp:688 src/ribbon-callbacks.cpp:702 +#: src/ribbon-callbacks.cpp:715 src/ribbon-callbacks.cpp:777 +#: src/ribbon-callbacks.cpp:1077 src/ribbon-callbacks.cpp:1111 +#: src/ribbon-callbacks.cpp:1123 src/ribbon-callbacks.cpp:1148 +msgid "GpgOL" +msgstr "GpgOL" + +#: src/main.c:707 +#, c-format +msgid "Note: Using compatibility flags: %s" +msgstr "Note?: Utilisation de marqueurs de compatibilit??: %s" + +#: src/main.c:713 +#, c-format +msgid "" +"Note: Writing debug logs to\n" +"\n" +"\"%s\"" +msgstr "" +"Note?: ?criture du journal de debug dans\n" +"\n" +"\"%s\"" + +#: src/mapihelp.cpp:1542 src/mapihelp.cpp:1550 src/mapihelp.cpp:1558 +msgid "[no subject]" +msgstr "[pas de sujet]" + +#: src/mapihelp.cpp:2167 +msgid "" +"[The content of this message is not visible because it has been decrypted by " +"another Outlook session. Use the \"decrypt/verify\" command to make it " +"visible]" +msgstr "" +"[Le contenu de ce message n'est pas visible car il a ?t? d?chiffr? par une " +"autre session Outlook. Utiliser la commande \"d?chiffrer/v?rifier\" afin de " +"le rendre visible]" + +#: src/mapihelp.cpp:3062 +msgid "" +"[The content of this message is not visible due to an processing error in " +"GpgOL.]" +msgstr "" +"[Le contenu de ce message n'est pas visible ? cause d'une erreur d'ex?cution " +"de GpgOL.]" + +#: src/message-events.cpp:279 src/mailitem.cpp:160 +msgid "" +"Sorry, we can only encrypt plain text messages and\n" +"no RTF messages. Please make sure that only the text\n" +"format has been selected." +msgstr "" +"Attention, il n'est possible de chiffrer que des messages texte\n" +"et non des messages RTF. Merci de v?rifier que seul le format texte\n" +"a ?t? s?lectionn?." + +#: src/message.cpp:178 +msgid "[Crypto operation failed - can't show the body of the message]" +msgstr "" +"[?chec de l'op?ration cryptographique - impossible de visualiser le corps du " +"message]" + +#: src/message.cpp:280 +#, c-format +msgid "" +"Signature status: %s\n" +"Message class ..: %s\n" +"MIME structure .:\n" +"%s" +msgstr "" +"?tat de signature?: %s\n" +"Classe de message ..?: %s\n" +"Structure MIME?: \n" +"%s" + +#: src/message.cpp:288 +msgid "GpgOL - Message Information" +msgstr "GgpOL - Message d'information" + +#: src/message.cpp:520 +msgid "Signature verification of an encrypted message is not possible." +msgstr "Il n'est pas possible de v?rifier la signature d'un message chiffr?." + +#: src/message.cpp:531 +msgid "Signature verification of this message class is not possible." +msgstr "Il n'est pas possible de v?rifier la signature de ce type de message." + +#: src/message.cpp:534 +msgid "" +"Signature verification of this S/MIME message is not possible. Please check " +"that S/MIME processing has been enabled." +msgstr "" +"Il n'est pas possible de v?rifier la signature S/MIME de ce message. " +"Veuillez v?rifier que le traitement S/MIME a ?t? activ?." + +#: src/message.cpp:538 +msgid "This message has no signature." +msgstr "Ce message n'a pas de signature." + +#: src/message.cpp:837 +msgid "This message is not encrypted." +msgstr "Ce message n'est pas chiffr?" + +#: src/message.cpp:1064 +#, c-format +msgid "" +"Decryption failed\n" +"(%s)" +msgstr "" +"?chec du d?chiffrement\n" +"(%s)" + +#: src/message.cpp:1225 +msgid "No recipients to encrypt to are given" +msgstr "Il n'y a pas de destinataires vers qui chiffrer" + +#: src/message.cpp:1240 src/message.cpp:1268 +msgid "Encrypting or signing an empty message is not possible." +msgstr "Il n'est pas possible de chiffrer ou signer un message vide." + +#: src/message.cpp:1249 +#, c-format +msgid "Encryption failed (%s)" +msgstr "?chec du chiffrement (%s)" + +#: src/message.cpp:1277 +#, c-format +msgid "Signing failed (%s)" +msgstr "?chec de la signature (%s)" + +#: src/mimeparser.c:1200 +msgid "Error writing to stream" +msgstr "Erreur d'?criture dans le flux" + +#: src/mimeparser.c:1201 +msgid "I/O-Error" +msgstr "Erreur d'entr?e/sortie" + +#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 +#: src/gpgoladdin.cpp:870 src/gpgoladdin.cpp:944 +msgid "General" +msgstr "G?n?ral" + +#: src/olflange-dlgs.cpp:44 +msgid "Enable the S/MIME support" +msgstr "Activer le support S/MIME" + +#: src/olflange-dlgs.cpp:46 +msgid "Message sending" +msgstr "Envoi du message" + +#: src/olflange-dlgs.cpp:47 +msgid "&Encrypt new messages by default" +msgstr "&Chiffrer les nouveaux messages par d?faut" + +#: src/olflange-dlgs.cpp:48 +msgid "&Sign new messages by default" +msgstr "&Signer les nouveaux messages par d?faut" + +#: src/olflange-dlgs.cpp:50 +msgid "Message receiving" +msgstr "R?ception de message" + +#: src/olflange-dlgs.cpp:52 +msgid "Show HTML view if possible" +msgstr "Afficher la vue HTML si possible" + +#: src/olflange-dlgs.cpp:53 +msgid "Present encrypted message as attachment" +msgstr "Pr?senter le message chiffr? en tant que fichier joint" + +#: src/olflange-dlgs.cpp:56 +msgid "Crypto Engine" +msgstr "Moteur de Cryptographie" + +#. TRANSLATORS: See the source for the full english text. +#: src/olflange-dlgs.cpp:256 +msgid "-#GpgOLFullHelpText#-" +msgstr "-#GpgOLFullHelpText#-" + +#: src/olflange-dlgs.cpp:262 +#, c-format +msgid "This is GpgOL version %s" +msgstr "La version de GpgOL est %s" + +#: src/olflange.cpp:523 +msgid "Welcome to GpgOL " +msgstr "Bienvenue dans GpgOL" + +#: src/olflange.cpp:524 +msgid "" +"GpgOL adds integrated OpenPGP and S/MIME encryption and digital signing " +"support to Outlook 2003 and 2007.\n" +"\n" +"Although we tested this software extensively, we can't give you any " +"guarantee that it will work as expected. The programming interface we are " +"using has not been properly documented by Microsoft and thus the " +"functionality of GpgOL may cease to work with an update of your Windows " +"system.\n" +"\n" +"WE STRONGLY ADVISE TO RUN ENCRYPTION TESTS BEFORE YOU START TO USE GPGOL ON " +"ANY SENSITIVE DATA!\n" +"\n" +"There are some known problems, the most severe being that sending encrypted " +"or signed mails using an Exchange based account does not work. Using GpgOL " +"along with other Outlook plugins may in some cases not work.\n" +msgstr "" +"GpgOL ajoute le chiffrement et de la signature num?rique OpenPGP et S/MIME ? " +"Outlook.\n" +"Bien que ce logiciel soit test? de mani?re extensive, il est fourni sans " +"aucune garantie de fonctionnement. L'interface de programmation utilis?e n'a " +"pas ?t? correctement document?e par Microsoft et les fonctionnalit?s de " +"GpgOL sont susceptibles de ne plus fonctionner avec une mise ? jour du " +"syst?me Windows.\n" +"\n" +"IL EST FORTEMENT RECOMMAND? DE FAIRE DES TESTS DE CHIFFREMENT AVANT " +"D'UTILISER GPGOL DE MANI?RE INTENSIVE.\n" +"\n" +"Il y a des probl?mes connus, les plus s?v?res portent sur le fait que " +"l'envoi de mails chiffr?s ou sign?s utilisant un compte bas? sur Exchange ne " +"fonctionne pas. L'utilisation de GpgOL avec d'autres plugins Outlook peut " +"?galement mener ? des dysfonctionnements.\n" + +#: src/olflange.cpp:550 +msgid "" +"You have installed a new version of GpgOL.\n" +"\n" +"Please open the option dialog and confirm that the settings are correct for " +"your needs. The option dialog can be found in the main menu at: Extras-" +">Options->GpgOL.\n" +msgstr "" +"Vous avez install? une nouvelle version de GpgOL.\n" +"\n" +"Veuillez ouvrir la boite de dialogue d'options et confirmer que la " +"configuration correspond ? vos besoins. Cette boite de dialogue est " +"accessible depuis le menu principal?: Extras > Options > GpgOL.\n" + +#: src/olflange.cpp:751 +msgid "" +"This version of Outlook is too old!\n" +"\n" +"At least versions of Outlook 2003 older than SP2 exhibit crashes when " +"sending messages and messages might get stuck in the outgoing queue.\n" +"\n" +"Please update at least to SP2 before trying to send a message" +msgstr "" +"Cette version d'Outlook est trop ancienne?!\n" +"\n" +"Une version d'Outlook 2003 ant?rieure au SP2 provoque un crash lors de " +"l'envoi de messages et les messages peuvent ?tre bloqu?s dans la queue " +"d'envoi.\n" +"\n" +"Merci de mettre ? jour au moins ? la version SP2 avant d'envoyer un message." + +#: src/inspectors.cpp:690 +msgid "&encrypt message with GnuPG" +msgstr "&chiffrer le message avec GnuPG" + +#: src/inspectors.cpp:704 +msgid "&sign message with GnuPG" +msgstr "&signer le message avec GnuPG" + +#: src/inspectors.cpp:730 +msgid "GpgOL Decrypt/Verify" +msgstr "GpgOL D?chiffrer / V?rifier" + +#: src/inspectors.cpp:791 +msgid "Encrypt message with GnuPG" +msgstr "Chiffrer le message avec GnuPG" + +#: src/inspectors.cpp:807 +msgid "Sign message with GnuPG" +msgstr "Signer le message avec GnuPG" + +#: src/inspectors.cpp:924 +msgid "" +"This is a signed and encrypted message.\n" +"Click for more information. " +msgstr "" +"Ceci est un message sign? et chiffr?.\n" +"Veuillez le s?lectionner pour plus d'informations." + +#: src/inspectors.cpp:930 +msgid "" +"This is a signed message.\n" +"Click for more information. " +msgstr "" +"Ceci est un message sign?.\n" +"Veuillez le s?lectionner pour plus d'informations." + +#: src/inspectors.cpp:936 +msgid "" +"This is an encrypted message.\n" +"Click for more information. " +msgstr "" +"Ceci est un message chiffr?.\n" +"Veuillez le s?lectionner pour plus d'informations." + +#: src/explorers.cpp:126 +msgid "GnuPG Certificate &Manager" +msgstr "&Gestionnaire de certificats GnuPG" + +#: src/explorers.cpp:140 +msgid "Remove GpgOL flags from this folder" +msgstr "Retirer les marqueurs GpgOL de ce r?pertoire" + +#: src/explorers.cpp:167 +msgid "Open the certificate manager" +msgstr "Ouvrir le gestionnaire de certificats" + +#: src/explorers.cpp:194 +msgid "" +"You are about to start the process of reversing messages created by GpgOL to " +"prepare deinstalling of GpgOL. Running this command will put GpgOL into a " +"disabled state so that messages are not anymore processed by GpgOL.\n" +"\n" +"You should convert all folders one after the other with this command, close " +"Outlook and then deinstall GpgOL.\n" +"\n" +"Note that if you start Outlook again with GpgOL still being installed, GpgOL " +"will again process messages." +msgstr "" +"Vous aller d?marrer le processus de r?cup?ration des messages cr??s par " +"GpgOL afin de pr?parer sa d?sinstallation. Cette commande va d?sactiver " +"GpgOL afin qu'il ne traite plus les messages.\n" +"\n" +"Vous devriez convertir tous les dossiers un par un avec cette commande, " +"fermer Outlook puis d?sinstaller GpgOL.\n" +"\n" +"Veuillez noter que si vous d?marrez Outlook alors que GpgOL est encore " +"install?, GpgOL traitera ? nouveau les messages." + +#: src/explorers.cpp:208 +msgid "Do you want to revert this folder?" +msgstr "Voulez-vous r?cup?rer ce dossier ?" + +#: src/gpgoladdin.cpp:277 +msgid "" +"Failed to remove plaintext from at least one message.\n" +"\n" +"Until GpgOL is activated again it is possible that the plaintext of messages " +"decrypted in this Session is saved or transfered back to your mailserver." +msgstr "" + +#: src/gpgoladdin.cpp:580 src/gpgoladdin.cpp:669 +msgid "Start the Certificate Management Software" +msgstr "Lancer le gestionnaire de certificats" + +#: src/gpgoladdin.cpp:582 src/gpgoladdin.cpp:671 +msgid "" +"Open GPA or Kleopatra to manage your certificates. You can use this you to " +"generate your own certificates. " +msgstr "" +"Ouvre GPA ou Kleopatra pour la gestion de vos certificats. Vous pouvez " +"utiliser ces outils pour g?n?rer vos propres certificats." + +#: src/gpgoladdin.cpp:586 +#, fuzzy +msgid "Encrypt the message." +msgstr "D?chiffrer le message" + +#: src/gpgoladdin.cpp:588 +msgid "Encrypts the message and all attachments before sending." +msgstr "" + +#: src/gpgoladdin.cpp:590 +#, fuzzy +msgid "Sign the message." +msgstr "D?chiffrer le message" + +#: src/gpgoladdin.cpp:592 +msgid "Sign the message and all attchments before sending." +msgstr "" + +#: src/gpgoladdin.cpp:638 src/gpgoladdin.cpp:793 src/gpgoladdin.cpp:871 +#: src/gpgoladdin.cpp:945 +msgid "Start Certificate Manager" +msgstr "D?marrer le gestionnaire de certificats" + +#: src/gpgoladdin.cpp:639 +msgid "GnuPG" +msgstr "" + +#: src/gpgoladdin.cpp:640 src/gpgoladdin.cpp:795 src/gpgoladdin.cpp:802 +msgid "Encrypt" +msgstr "Chiffrer" + +#: src/gpgoladdin.cpp:641 src/gpgoladdin.cpp:797 +msgid "Sign" +msgstr "Signer" + +#: src/gpgoladdin.cpp:675 +msgid "Encrypt the text of the message" +msgstr "Chiffrer le texte du message" + +#: src/gpgoladdin.cpp:677 +msgid "" +"Choose the certificates for which the message should be encrypted and " +"replace the text with the encrypted message." +msgstr "" +"Veuillez choisir les certificats avec lesquels le message sera chiffr?. Le " +"texte sera remplac? par le message chiffr?." + +#: src/gpgoladdin.cpp:681 +msgid "Add a file as an encrypted attachment" +msgstr "Chiffrer un fichier joint" + +#: src/gpgoladdin.cpp:683 +msgid "Encrypts a file and adds it as an attachment to the message. " +msgstr "Chiffre un fichier et le joint au message." + +#: src/gpgoladdin.cpp:686 +msgid "Add a file as an encrypted attachment with a signature" +msgstr "Chiffrer et signer un fichier joint" + +#: src/gpgoladdin.cpp:688 +msgid "" +"Encrypts a file, signs it and adds both the encrypted file and the signature " +"as attachments to the message. " +msgstr "" +"Chiffre un fichier, le signe puis joint au message le fichier chiffr? et la " +"signature." + +#: src/gpgoladdin.cpp:691 +msgid "Decrypt the message" +msgstr "D?chiffrer le message" + +#: src/gpgoladdin.cpp:693 +msgid "" +"Look for PGP or S/MIME encrypted data in the message text and decrypt it." +msgstr "D?chiffre les donn?es du message chiffr?es avec PGP ou S/MIME." + +#: src/gpgoladdin.cpp:696 +msgid "Add a signature of the message" +msgstr "Ajouter une signature au message" + +#: src/gpgoladdin.cpp:698 +msgid "" +"Appends a signed copy of the message text in an opaque signature. An opaque " +"signature ensures that the signed text is not modified by embedding it in " +"the signature itself. The combination of the signed message text and your " +"signature is added below the plain text. The message will not be encrypted!" +msgstr "" +"Ajoute une copie sign?e du message dans une signature opaque. Une signature " +"opaque assure que le texte sign? n'est pas modifi? en l'int?grant ? la " +"signature elle-m?me. La combinaison du message sign? et de votre signature " +"est ajout?e ? la fin du message. Le message ne sera pas chiffr??!" + +#: src/gpgoladdin.cpp:794 src/gpgoladdin.cpp:872 +msgid "Textbody" +msgstr "Corps du message" + +#: src/gpgoladdin.cpp:796 src/gpgoladdin.cpp:802 src/gpgoladdin.cpp:873 +#: src/gpgoladdin.cpp:876 src/gpgoladdin.cpp:877 +msgid "Decrypt" +msgstr "D?chiffrer" + +#: src/gpgoladdin.cpp:798 src/gpgoladdin.cpp:874 +msgid "Verify" +msgstr "V?rifier" + +#: src/gpgoladdin.cpp:799 +msgid "Attachments" +msgstr "Fichiers joints" + +#: src/gpgoladdin.cpp:800 +msgid "Encrypted file" +msgstr "Chiffrer un fichier" + +#: src/gpgoladdin.cpp:801 +msgid "Encrypted file and Signature" +msgstr "Chiffrer et signer un fichier" + +#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:947 src/gpgoladdin.cpp:948 +msgid "Save and decrypt" +msgstr "Enregistrer et d?chiffrer" + +#: src/ribbon-callbacks.cpp:247 +msgid "Please select text to encrypt." +msgstr "Veuillez s?lectionner le texte ? chiffrer." + +#: src/ribbon-callbacks.cpp:259 +msgid "Textbody empty." +msgstr "Corps du texte vide." + +#: src/ribbon-callbacks.cpp:308 src/ribbon-callbacks.cpp:1076 +msgid "Please add at least one recipent." +msgstr "Veuillez ajouter au moins un destinataire." + +#: src/ribbon-callbacks.cpp:670 +msgid "Please select a Mail." +msgstr "Veuillez s?lectionner un mail." + +#: src/ribbon-callbacks.cpp:701 +msgid "Please select the data you wish to decrypt." +msgstr "Veuillez s?lectionner les donn?es ? d?chiffrer." + +#: src/ribbon-callbacks.cpp:714 +msgid "Nothing to decrypt." +msgstr "Rien ? d?chiffrer." + +#: src/ribbon-callbacks.cpp:872 +msgid "Plain text" +msgstr "\"Plain text\"" + +#: src/ribbon-callbacks.cpp:873 +msgid "Signed text" +msgstr "Texte sign?" + +#: src/ribbon-callbacks.cpp:1083 +msgid "Select file to encrypt" +msgstr "S?lectionner le fichier ? chiffrer" + +#~ msgid "" +#~ "The user interface server is not available or does not work. Using an " +#~ "internal user interface.\n" +#~ "\n" +#~ "This is limited to the PGP/MIME protocol and thus S/MIME protected " +#~ "message are not readable." +#~ msgstr "" +#~ "Kleopatra n'est pas disponible ou ne fonctionne pas. Une interface " +#~ "interne va ?tre utilis?e\n" +#~ "\n" +#~ "Ceci est limit? au protocole PGP/MIME, les messages prot?g?s par S/MIME " +#~ "ne sont pas lisibles." + +#~ msgid "" +#~ "The configured default encryption certificate is not available or does " +#~ "not unambigiously specify one. Please fix this in the option dialog.\n" +#~ "\n" +#~ "This message won't be be encrypted to this certificate!" +#~ msgstr "" +#~ "Le certificat de chiffrement par d?faut n'est pas disponible ou n'est pas " +#~ "sp?cifi? clairement. Merci de configurer cela dans le dialogue d'option.\n" +#~ "\n" +#~ "Ce message ne sera pas chiffr? avec ce certificat ! " + +#~ msgid "Encryption" +#~ msgstr "Chiffrement" + +#~ msgid "Fingerprint: " +#~ msgstr "Empreinte : " + +#~ msgid "This signature is valid\n" +#~ msgstr "Cette signature est valide\n" + +#~ msgid "signature state is \"green\"\n" +#~ msgstr "la signature est en ?tat \"vert\"\n" + +#~ msgid "signature state is \"red\"\n" +#~ msgstr "la signature est en ?tat \"rouge\"\n" + +#~ msgid "Warning: One of the certificates has been revoked\n" +#~ msgstr "Attention?: un des certificats a ?t? r?voqu?\n" + +#~ msgid "Warning: The certificate used to create the signature expired at: " +#~ msgstr "Attention?: Le certificat utilis? pour la signature expire le :" + +#~ msgid "Warning: At least one certification certificate has expired\n" +#~ msgstr "Attention?: Au moins un certificat de certification a expir?\n" + +#~ msgid "Warning: The signature expired at: " +#~ msgstr "Attention?: La signature expire le : " + +#~ msgid "Can't verify due to a missing certificate\n" +#~ msgstr "" +#~ "Impossible d'effectuer la v?rification car il manque un certificat\n" + +#~ msgid "The CRL is not available\n" +#~ msgstr "La liste de r?vocation (CRL) n'est pas disponible\n" + +#~ msgid "Available CRL is too old\n" +#~ msgstr "La liste de r?vocation (CRL) est trop vieille\n" + +#~ msgid "A policy requirement was not met\n" +#~ msgstr "Une exigence de la politique n'est pas atteinte\n" + +#~ msgid "A system error occured" +#~ msgstr "Il y a eu une erreur syst?me" + +#~ msgid "" +#~ "WARNING: We have NO indication whether this certificate belongs to the " +#~ "person named as shown above\n" +#~ msgstr "" +#~ "Attention : Il n'y a pas de preuve que ce certificat appartient ? la " +#~ "personne dont le nom est indiqu?\n" + +#~ msgid "" +#~ "WARNING: The certificate does NOT BELONG to the person named as shown " +#~ "above\n" +#~ msgstr "Attention?: Ce certificat n'APPARTIENT PAS ? la personne indiqu?e\n" + +#~ msgid "" +#~ "WARNING: It is NOT certain that the certificate belongs to the person " +#~ "named as shown above\n" +#~ msgstr "" +#~ "Attention?: Il n'est PAS certain que ce certificat appartient ? la " +#~ "personne indiqu?e\n" + +#~ msgid "Verification started at: " +#~ msgstr "V?rification commenc?e ??:" + +#~ msgid "Verification result for: " +#~ msgstr "R?sultat de v?rification pour?: " + +#~ msgid "[unnamed part]" +#~ msgstr "[partie anonyme]" + +#~ msgid "Good signature from: " +#~ msgstr "Signature valide par?: " + +#~ msgid " aka: " +#~ msgstr " alias?: " + +#~ msgid " created: " +#~ msgstr " cr??e?: " + +#~ msgid "*BAD* signature claimed to be from: " +#~ msgstr "*MAUVAISE* pr?tendant ?tre de?: " + +#~ msgid "Error checking signature" +#~ msgstr "Erreur ? la v?rification de signature" + +#~ msgid "*** Begin Notation (signature by: " +#~ msgstr "*** D?but Notation (signature par?: " + +#~ msgid "*** End Notation ***\n" +#~ msgstr "*** Fin Notation ***\n" + +#~ msgid "No certificate hint given." +#~ msgstr "Aucun indice de certificat donn?." + +#~ msgid "Enter passphrase to unlock the secret key" +#~ msgstr "Saisir la phrase de passe pour d?verrouiller la cl? secr?te" + +#~ msgid "Hide typing" +#~ msgstr "Cacher la saisie" + +#~ msgid "&Cancel" +#~ msgstr "&Annuler" + +#~ msgid "Invalid passphrase; please try again..." +#~ msgstr "Phrase de passe invalide?; veuillez r?essayer ... " + +#~ msgid "Select Signing Key" +#~ msgstr "S?lectionner la cl? de signature" + +#~ msgid "Encrypted to the following certificates:" +#~ msgstr "Chiffr? avec les certificats suivants?:" + +#~ msgid "Name" +#~ msgstr "Nom" + +#~ msgid "E-Mail" +#~ msgstr "E-Mail" + +#~ msgid "Key-Info" +#~ msgstr "Info-Cl?" + +#~ msgid "Key ID" +#~ msgstr "ID de cl?" + +#~ msgid "Validity" +#~ msgstr "Validit?" + +#~ msgid "Selected recipients:" +#~ msgstr "Destinataires s?lectionn?s?:" + +#~ msgid "Recipient which were NOT found" +#~ msgstr "Destinataire non trouv?" + +#~ msgid "Please select at least one recipient certificate." +#~ msgstr "Veuillez s?lectionner au moins un certificat de destinataire." + +#~ msgid "Recipient Dialog" +#~ msgstr "Dialogue de destinataire" + +#~ msgid "BAD signature!" +#~ msgstr "Mauvaise signature?!" + +#~ msgid "Good signature" +#~ msgstr "Signature valide" + +#~ msgid "Good signature from revoked certificate" +#~ msgstr "Signature correcte mais issue d'un certificat r?voqu?" + +#~ msgid "Good signature from expired certificate" +#~ msgstr "Signature correcte mais issue d'un certificat expir?" + +#~ msgid "Good expired signature" +#~ msgstr "Signature correcte mais expir?e" + +#~ msgid "Could not check signature: missing certificate" +#~ msgstr "Impossible de v?rifier la signature?: il manque un certificat" + +#~ msgid "Verification error" +#~ msgstr "Erreur de v?rification" + +#~ msgid "User-ID not found" +#~ msgstr "User-ID non trouv?" + +#~ msgid "This may be due to a wrong option setting" +#~ msgstr "Ceci peut ?tre d? ? une mauvaise configuration" + +#~ msgid "Signature expired on %s" +#~ msgstr "La signature expire le %s" + +#~ msgid "Signature issued by a certificate we do NOT trust." +#~ msgstr "Signature par un certificat auquel on ne fait pas confiance." + +#~ msgid "Signature issued by a non-valid certificate." +#~ msgstr "Signature par un certificat non valide." + +#~ msgid "Signature made" +#~ msgstr "Signature termin?e" + +#~ msgid "using" +#~ msgstr "utilisant" + +#~ msgid "cert-ID" +#~ msgstr "cert-ID" + +#~ msgid "from" +#~ msgstr "de" + +#~ msgid "also known as" +#~ msgstr "?galement connu comme" + +#~ msgid "PGP/MIME Verification Result" +#~ msgstr "R?sultat de la v?rification PGP/MIME" + +#~ msgid "S/MIME Verification Result" +#~ msgstr "R?sultat de la v?rification S/MIME" ----------------------------------------------------------------------- Summary of changes: po/{zh_CN.po => fr.po} | 431 ++++++++++++++++++++++++++----------------------- 1 file changed, 226 insertions(+), 205 deletions(-) copy po/{zh_CN.po => fr.po} (57%) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 12 16:48:24 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 12 Nov 2015 16:48:24 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-127-ge3c4833 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e3c48335f9c5081c6080bceafa7a04140403427a (commit) from a3b26d6c0839ec18d1dc226bb537d5067c86d574 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e3c48335f9c5081c6080bceafa7a04140403427a Author: Werner Koch Date: Thu Nov 12 16:02:35 2015 +0100 gpg: Print export statistics to the status-fd. * common/status.h (STATUS_EXPORT_RES): New. * g10/main.h (export_stats_t): New. * g10/export.c (export_stats_s): New. (export_new_stats, export_release_stats): New. (export_print_stats): New. (export_pubkeys, export_seckeys, export_secsubkeys) (export_pubkey_buffer, do_export): Add arg "stats". (do_export_stream): Add arg stats and update it. * g10/gpg.c (main) : Create, pass, and print a stats object to the export function calls. * g10/export.c (export_pubkeys_stream): Remove unused function. Signed-off-by: Werner Koch diff --git a/common/status.h b/common/status.h index 76b1b30..3409167 100644 --- a/common/status.h +++ b/common/status.h @@ -55,12 +55,15 @@ enum STATUS_GOODMDC, STATUS_BADMDC, STATUS_ERRMDC, + STATUS_IMPORTED, STATUS_IMPORT_OK, STATUS_IMPORT_PROBLEM, STATUS_IMPORT_RES, STATUS_IMPORT_CHECK, + STATUS_EXPORT_RES, + STATUS_FILE_START, STATUS_FILE_DONE, STATUS_FILE_ERROR, diff --git a/doc/DETAILS b/doc/DETAILS index 97079b0..aa5a57b 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -768,6 +768,16 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - - +*** EXPORT_RES + + Final statistics on export process (this is one long line). The + args are a list of unsigned numbers separated by white space: + + - + - + - + + ** Smartcard related *** CARDCTRL [] This is used to control smartcard operations. Defined values for diff --git a/g10/export.c b/g10/export.c index 2e9e61c..d84ff74 100644 --- a/g10/export.c +++ b/g10/export.c @@ -46,14 +46,28 @@ struct subkey_list_s typedef struct subkey_list_s *subkey_list_t; -static int do_export (ctrl_t ctrl, - strlist_t users, int secret, unsigned int options ); +/* An object to track statistics for export operations. */ +struct export_stats_s +{ + ulong count; /* Number of processed keys. */ + ulong secret_count; /* Number of secret keys seen. */ + ulong exported; /* Number of actual exported keys. */ +}; + + +/* Local prototypes. */ +static int do_export (ctrl_t ctrl, strlist_t users, int secret, + unsigned int options, export_stats_t stats); static int do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, kbnode_t *keyblock_out, unsigned int options, - int *any); + export_stats_t stats, int *any); + + +/* Option parser for export options. See parse_options fro + details. */ int parse_export_options(char *str,unsigned int *options,int noisy) { @@ -85,39 +99,102 @@ parse_export_options(char *str,unsigned int *options,int noisy) } -/**************** - * Export the public keys (to standard out or --output). - * Depending on opt.armor the output is armored. - * options are defined in main.h. - * If USERS is NULL, the complete ring will be exported. */ +/* Create a new export stats object initialized to zero. On error + returns NULL and sets ERRNO. */ +export_stats_t +export_new_stats (void) +{ + export_stats_t stats; + + return xtrycalloc (1, sizeof *stats); +} + + +/* Release an export stats object. */ +void +export_release_stats (export_stats_t stats) +{ + xfree (stats); +} + + +/* Print export statistics using the status interface. */ +void +export_print_stats (export_stats_t stats) +{ + if (!stats) + return; + + if (is_status_enabled ()) + { + char buf[15*20]; + + snprintf (buf, sizeof buf, "%lu %lu %lu", + stats->count, + stats->secret_count, + stats->exported ); + write_status_text (STATUS_EXPORT_RES, buf); + } +} + + +/* + * Export public keys (to stdout or to --output FILE). + * + * Depending on opt.armor the output is armored. OPTIONS are defined + * in main.h. If USERS is NULL, all keys will be exported. STATS is + * either an export stats object for update or NULL. + * + * This function is the core of "gpg --export". + */ int -export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options ) +export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, + export_stats_t stats) { - return do_export (ctrl, users, 0, options ); + return do_export (ctrl, users, 0, options, stats); } -/**************** - * Export to an already opened stream; return -1 if no keys have - * been exported + +/* + * Export secret keys (to stdout or to --output FILE). + * + * Depending on opt.armor the output is armored. If USERS is NULL, + * all secret keys will be exported. STATS is either an export stats + * object for update or NULL. + * + * This function is the core of "gpg --export-secret-keys". */ int -export_pubkeys_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, - kbnode_t *keyblock_out, unsigned int options ) +export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats) { - int any, rc; + return do_export (ctrl, users, 1, 0, stats); +} - rc = do_export_stream (ctrl, out, users, 0, keyblock_out, options, &any); - if (!rc && !any) - rc = -1; - return rc; + +/* + * Export secret sub keys (to stdout or to --output FILE). + * + * This is the same as export_seckeys but replaces the primary key by + * a stub key. Depending on opt.armor the output is armored. If + * USERS is NULL, all secret subkeys will be exported. STATS is + * either an export stats object for update or NULL. + * + * This function is the core of "gpg --export-secret-subkeys". + */ +int +export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats) +{ + return do_export (ctrl, users, 2, 0, stats); } /* - * Export a single key into a memory buffer. + * Export a single key into a memory buffer. STATS is either an + * export stats object for update or NULL. */ gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, + export_stats_t stats, kbnode_t *r_keyblock, void **r_data, size_t *r_datalen) { gpg_error_t err; @@ -134,7 +211,8 @@ export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, return gpg_error_from_syserror (); iobuf = iobuf_temp (); - err = do_export_stream (ctrl, iobuf, helplist, 0, r_keyblock, options, &any); + err = do_export_stream (ctrl, iobuf, helplist, 0, r_keyblock, options, + stats, &any); if (!err && !any) err = gpg_error (GPG_ERR_NOT_FOUND); if (!err) @@ -166,26 +244,14 @@ export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, } -int -export_seckeys (ctrl_t ctrl, strlist_t users ) -{ - return do_export (ctrl, users, 1, 0); -} - -int -export_secsubkeys (ctrl_t ctrl, strlist_t users ) -{ - return do_export (ctrl, users, 2, 0); -} - - /* Export the keys identified by the list of strings in USERS. If Secret is false public keys will be exported. With secret true secret keys will be exported; in this case 1 means the entire secret keyblock and 2 only the subkeys. OPTIONS are the export options to apply. */ static int -do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options ) +do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options, + export_stats_t stats) { IOBUF out = NULL; int any, rc; @@ -205,7 +271,7 @@ do_export (ctrl_t ctrl, strlist_t users, int secret, unsigned int options ) push_armor_filter (afx, out); } - rc = do_export_stream (ctrl, out, users, secret, NULL, options, &any ); + rc = do_export_stream (ctrl, out, users, secret, NULL, options, stats, &any); if ( rc || !any ) iobuf_cancel (out); @@ -754,7 +820,8 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) key has been exported true is stored at ANY. */ static int do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, - kbnode_t *keyblock_out, unsigned int options, int *any) + kbnode_t *keyblock_out, unsigned int options, + export_stats_t stats, int *any) { gpg_error_t err = 0; PACKET pkt; @@ -767,7 +834,10 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, strlist_t sl; gcry_cipher_hd_t cipherhd = NULL; char *cache_nonce = NULL; + struct export_stats_s dummystats; + if (!stats) + stats = &dummystats; *any = 0; init_packet (&pkt); kdbhd = keydb_new (); @@ -877,6 +947,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, log_error ("public key packet not found in keyblock - skipped\n"); continue; } + stats->count++; setup_main_keyids (keyblock); /* gpg_format_keydesc needs it. */ pk = node->pkt->pkt.public_key; keyid_from_pk (pk, keyid); @@ -906,6 +977,7 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, "not yet supported - skipped\n", keystr (keyid)); continue; } + stats->secret_count++; } /* Always do the cleaning on the public key part if requested. @@ -1109,6 +1181,8 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, } err = build_packet (out, node->pkt); + if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) + stats->exported++; } else if (!err) { @@ -1164,6 +1238,8 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, goto unwraperror; err = build_packet (out, node->pkt); + if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) + stats->exported++; goto unwraperror_leave; unwraperror: @@ -1201,8 +1277,11 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, else { err = build_packet (out, node->pkt); + if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) + stats->exported++; } + if (err) { log_error ("build_packet(%d) failed: %s\n", diff --git a/g10/gpg.c b/g10/gpg.c index e47b7f5..36e6542 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4306,7 +4306,12 @@ main (int argc, char **argv) else if( cmd == aRecvKeys ) rc = keyserver_import (ctrl, sl ); else - rc = export_pubkeys (ctrl, sl, opt.export_options); + { + export_stats_t stats = export_new_stats (); + rc = export_pubkeys (ctrl, sl, opt.export_options, stats); + export_print_stats (stats); + export_release_stats (stats); + } if(rc) { if(cmd==aSendKeys) @@ -4372,7 +4377,12 @@ main (int argc, char **argv) sl = NULL; for( ; argc; argc--, argv++ ) add_to_strlist2( &sl, *argv, utf8_strings ); - export_seckeys (ctrl, sl); + { + export_stats_t stats = export_new_stats (); + export_seckeys (ctrl, sl, stats); + export_print_stats (stats); + export_release_stats (stats); + } free_strlist(sl); break; @@ -4380,7 +4390,12 @@ main (int argc, char **argv) sl = NULL; for( ; argc; argc--, argv++ ) add_to_strlist2( &sl, *argv, utf8_strings ); - export_secsubkeys (ctrl, sl); + { + export_stats_t stats = export_new_stats (); + export_secsubkeys (ctrl, sl, stats); + export_print_stats (stats); + export_release_stats (stats); + } free_strlist(sl); break; diff --git a/g10/gpgv.c b/g10/gpgv.c index 138f035..d39eb66 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -606,11 +606,13 @@ gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid, gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, + export_stats_t stats, kbnode_t *r_keyblock, void **r_data, size_t *r_datalen) { (void)ctrl; (void)keyspec; (void)options; + (void)stats; *r_keyblock = NULL; *r_data = NULL; diff --git a/g10/keylist.c b/g10/keylist.c index cc97846..f3fd9d9 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -906,7 +906,7 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock) /* We do not have an export fucntion which allows to pass a keyblock, thus we need to search the key again. */ err = export_pubkey_buffer (ctrl, hexfpr, - EXPORT_DANE_FORMAT, + EXPORT_DANE_FORMAT, NULL, &dummy_keyblock, &data, &datalen); release_kbnode (dummy_keyblock); if (!err) diff --git a/g10/keyserver.c b/g10/keyserver.c index 37e62fd..72c244a 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1796,6 +1796,7 @@ keyserver_put (ctrl_t ctrl, strlist_t keyspecs, err = export_pubkey_buffer (ctrl, kspec->d, opt.keyserver_options.export_options, + NULL, &keyblock, &data, &datalen); if (err) log_error (_("skipped \"%s\": %s\n"), kspec->d, gpg_strerror (err)); diff --git a/g10/main.h b/g10/main.h index cdf6031..be4be29 100644 --- a/g10/main.h +++ b/g10/main.h @@ -339,16 +339,25 @@ int collapse_uids( KBNODE *keyblock ); /*-- export.c --*/ +struct export_stats_s; +typedef struct export_stats_s *export_stats_t; + +export_stats_t export_new_stats (void); +void export_release_stats (export_stats_t stats); +void export_print_stats (export_stats_t stats); + int parse_export_options(char *str,unsigned int *options,int noisy); -int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options ); -int export_pubkeys_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, - kbnode_t *keyblock_out, unsigned int options ); + +int export_pubkeys (ctrl_t ctrl, strlist_t users, unsigned int options, + export_stats_t stats); +int export_seckeys (ctrl_t ctrl, strlist_t users, export_stats_t stats); +int export_secsubkeys (ctrl_t ctrl, strlist_t users, export_stats_t stats); + gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, + export_stats_t stats, kbnode_t *r_keyblock, void **r_data, size_t *r_datalen); -int export_seckeys (ctrl_t ctrl, strlist_t users); -int export_secsubkeys (ctrl_t ctrl, strlist_t users); /*-- dearmor.c --*/ int dearmor_file( const char *fname ); diff --git a/g10/test-stubs.c b/g10/test-stubs.c index 0aa89b2..0e6616c 100644 --- a/g10/test-stubs.c +++ b/g10/test-stubs.c @@ -418,11 +418,13 @@ gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid, gpg_error_t export_pubkey_buffer (ctrl_t ctrl, const char *keyspec, unsigned int options, + export_stats_t stats, kbnode_t *r_keyblock, void **r_data, size_t *r_datalen) { (void)ctrl; (void)keyspec; (void)options; + (void)stats; *r_keyblock = NULL; *r_data = NULL; ----------------------------------------------------------------------- Summary of changes: common/status.h | 3 ++ doc/DETAILS | 10 ++++ g10/export.c | 155 +++++++++++++++++++++++++++++++++++++++++-------------- g10/gpg.c | 21 ++++++-- g10/gpgv.c | 2 + g10/keylist.c | 2 +- g10/keyserver.c | 1 + g10/main.h | 19 +++++-- g10/test-stubs.c | 2 + 9 files changed, 168 insertions(+), 47 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 12 17:07:52 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 12 Nov 2015 17:07:52 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-128-g2038adf Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 2038adf16d0e7eeb614043aae17b16a867de6b70 (commit) from e3c48335f9c5081c6080bceafa7a04140403427a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2038adf16d0e7eeb614043aae17b16a867de6b70 Author: Werner Koch Date: Thu Nov 12 17:02:18 2015 +0100 gpg: Print a new EXPORTED status line. * common/status.h (STATUS_EXPORTED): New. * g10/export.c (print_status_exported): New. (do_export_stream): Call that function. Signed-off-by: Werner Koch diff --git a/common/status.h b/common/status.h index 3409167..71bcc95 100644 --- a/common/status.h +++ b/common/status.h @@ -62,6 +62,7 @@ enum STATUS_IMPORT_RES, STATUS_IMPORT_CHECK, + STATUS_EXPORTED, STATUS_EXPORT_RES, STATUS_FILE_START, diff --git a/doc/DETAILS b/doc/DETAILS index aa5a57b..7c3e67c 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -768,6 +768,11 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: - - +*** EXPORTED + The key with has been exported. The fingerprint is + the fingerprint of the primary key even if the primary key has + been replaced by a stub key during secret key export. + *** EXPORT_RES Final statistics on export process (this is one long line). The diff --git a/g10/export.c b/g10/export.c index d84ff74..b927251 100644 --- a/g10/export.c +++ b/g10/export.c @@ -809,6 +809,22 @@ transfer_format_to_openpgp (gcry_sexp_t s_pgp, PKT_public_key *pk) goto leave; } + +/* Print an "EXPORTED" status line. PK is the primary public key. */ +static void +print_status_exported (PKT_public_key *pk) +{ + char *hexfpr; + + if (!is_status_enabled ()) + return; + + hexfpr = hexfingerprint (pk); + write_status_text (STATUS_EXPORTED, hexfpr? hexfpr : "[?]"); + xfree (hexfpr); +} + + /* Export the keys identified by the list of strings in USERS to the stream OUT. If Secret is false public keys will be exported. With secret true secret keys will be exported; in this case 1 means the @@ -1182,7 +1198,10 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, err = build_packet (out, node->pkt); if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) - stats->exported++; + { + stats->exported++; + print_status_exported (node->pkt->pkt.public_key); + } } else if (!err) { @@ -1239,7 +1258,10 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, err = build_packet (out, node->pkt); if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) - stats->exported++; + { + stats->exported++; + print_status_exported (node->pkt->pkt.public_key); + } goto unwraperror_leave; unwraperror: @@ -1278,7 +1300,10 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, { err = build_packet (out, node->pkt); if (!err && node->pkt->pkttype == PKT_PUBLIC_KEY) - stats->exported++; + { + stats->exported++; + print_status_exported (node->pkt->pkt.public_key); + } } ----------------------------------------------------------------------- Summary of changes: common/status.h | 1 + doc/DETAILS | 5 +++++ g10/export.c | 31 ++++++++++++++++++++++++++++--- 3 files changed, 34 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 12 17:40:08 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 12 Nov 2015 17:40:08 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-101-g4df4e26 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 4df4e26146ec45ea31c457f8ae124e11a0b42088 (commit) from e8259773872cdc10cb29b539e6c6de435065d4f4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4df4e26146ec45ea31c457f8ae124e11a0b42088 Author: Andre Heinecke Date: Thu Nov 12 17:36:21 2015 +0100 Add workaround for opaque signed encrypted data * src/ribbon-callbacks.cpp (do_reader_action): Only use the mime handling when there is no "BEGIN PGP MESSAGE" in body. -- The sign verify split of the old addon allowed you to first opaque sign a message, then encrypt it. The mime code now only detects the encryption as this is a standard thing. The signature is not verified as it is treated as just another plaintext. diff --git a/src/ribbon-callbacks.cpp b/src/ribbon-callbacks.cpp index e9182fe..8414f83 100644 --- a/src/ribbon-callbacks.cpp +++ b/src/ribbon-callbacks.cpp @@ -48,6 +48,8 @@ #include "gpgolstr.h" #include "message.h" +#define OPAQUE_SIGNED_MARKER "-----BEGIN PGP MESSAGE-----" + /* Gets the context of a ribbon control. And prints some useful debug output */ HRESULT getContext (LPDISPATCH ctrl, LPDISPATCH *context) @@ -674,23 +676,6 @@ do_reader_action (LPDISPATCH ctrl, int flags) } } - if (verify_mime (mailItem)) - { - log_debug ("%s:%s: This was a mime message.", - SRCNAME, __func__); - - if (flags & OP_DECRYPT) - { - MessageBox (NULL, - "This message is in MIME format. Due to technical restrictions " - "it can only be decrypted once per session. To decrypt it again " - "please restart Outlook and open the message.", - _("GpgOL"), - MB_ICONINFORMATION|MB_OK); - } - goto failure; - } - if (flags & DATA_SELECTION) { encData = get_oom_string (selection, "Text"); @@ -720,6 +705,27 @@ do_reader_action (LPDISPATCH ctrl, int flags) fix_linebreaks (encData, &encDataLen); + /* We check if the data we work on was opaque signed. This is + true for signed stuff created by ribbon-callbacks and not a + decent MIME implementation. So in that case we don't use + verify_mime */ + if (!strstr (encData, OPAQUE_SIGNED_MARKER) && verify_mime (mailItem)) + { + log_debug ("%s:%s: This was a mime message.", + SRCNAME, __func__); + + if (flags & OP_DECRYPT) + { + MessageBox (NULL, + "This message is in MIME format. Due to technical restrictions " + "it can only be decrypted once per session. To decrypt it again " + "please restart Outlook and open the message.", + _("GpgOL"), + MB_ICONINFORMATION|MB_OK); + } + goto failure; + } + subject = get_oom_string (mailItem, "Subject"); if (get_oom_bool (mailItem, "Sent")) { ----------------------------------------------------------------------- Summary of changes: src/ribbon-callbacks.cpp | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 12 19:02:30 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 12 Nov 2015 19:02:30 +0100 Subject: [git] gnupg-doc - branch, master, updated. 25cd0bed9dc2696ce9abdda560dcd8321d411908 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via 25cd0bed9dc2696ce9abdda560dcd8321d411908 (commit) via d465f1b7f3fb9e7414dafbb5fd89fda2ee65e440 (commit) from 551a71de65f5ba02e72f77ac9d288db8d986e60d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 25cd0bed9dc2696ce9abdda560dcd8321d411908 Author: Werner Koch Date: Thu Nov 12 18:57:43 2015 +0100 web: Fix netzpolitik URL diff --git a/web/share/gpgweb.el b/web/share/gpgweb.el index d8ef81e..3fd950f 100644 --- a/web/share/gpgweb.el +++ b/web/share/gpgweb.el @@ -295,7 +295,7 @@ string of the source file or nil if not available." ") (gpgweb--insert-menu gpgweb-gnupg-bottom-menu-alist 0 nil) (insert "
  • -
    • ") +") (insert " ") commit d465f1b7f3fb9e7414dafbb5fd89fda2ee65e440 Author: Werner Koch Date: Thu Nov 12 18:56:31 2015 +0100 cgi: Fix bug in mail address storing of SEPA preorders. diff --git a/cgi/procdonate.cgi b/cgi/procdonate.cgi index 91a1bb0..b58dc16 100755 --- a/cgi/procdonate.cgi +++ b/cgi/procdonate.cgi @@ -652,10 +652,8 @@ sub complete_sepa () $request{"Currency"} = $data{"Currency"}; $request{"Amount"} = $data{"Amount"}; $request{"Desc"} = "GnuPG SEPA donation"; + $request{"Email"} = $data{"Mail"} unless $data{"Mail"} eq ''; $request{"Meta[name]"} = $data{"Name"} unless $data{"Name"} eq 'Anonymous'; - if ($data{"Mail"} ne '') { - $request{"Meta[mail]"} = $data{"Mail"}; - } if ($data{"Message"} ne '') { $request{"Meta[message]"} = $data{"Message"}; } ----------------------------------------------------------------------- Summary of changes: cgi/procdonate.cgi | 4 +--- web/share/gpgweb.el | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 13 10:41:26 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 13 Nov 2015 10:41:26 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-103-ge1070f0 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via e1070f0012acbb57b04d0babda3d76d9266a91ff (commit) via 40a79500f09ebf6dac1c4be9155a0aa50d2176b8 (commit) from 4df4e26146ec45ea31c457f8ae124e11a0b42088 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e1070f0012acbb57b04d0babda3d76d9266a91ff Author: Andre Heinecke Date: Fri Nov 13 10:40:17 2015 +0100 Disable msgclass changing code for in Body Crypto * src/mapihelp.cpp (get_msgcls_from_pgp_lines): Disable for Outlook >= 2010. -- For now we want to ignore clearsigned and PGP/Inline signed code as we still have the old body based interface for those. And before we handle them we should tackle some interoperability issues arising from our current handling (e.g. fix the wipe to restore the PGP body) diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index f6b0a9b..17032e0 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -543,7 +543,17 @@ get_msgcls_from_pgp_lines (LPMESSAGE message) char *msgcls = NULL; ULONG tag; int is_binary = 0; - + + if (g_ol_version_major >= 14) + { + /* XXX For now we want to ignore clearsigned and PGP/Inline + signed code as we still have the old body based interface + for those. And before we handle them we should tackle + some interoperability issues arising from our current + handling (e.g. fix the wipe to restore the PGP body) */ + return NULL; + } + hr = 0; if (!get_internetcharsetbody_tag (message, &tag) ) { commit 40a79500f09ebf6dac1c4be9155a0aa50d2176b8 Author: Andre Heinecke Date: Fri Nov 13 10:34:11 2015 +0100 Check PGP Body tags for additional msgtypes * src/mapihelp.cpp (change_message_class_ipm_note), (change_message_class_ipm_note_secure_cex): Also check multipart/alternative and multipart/mixed. -- Especially PGP/Inline mails sent by Outlook with the old code is often times multipart/alternative as Outlook sends this by default. diff --git a/src/mapihelp.cpp b/src/mapihelp.cpp index abd5d9b..f6b0a9b 100644 --- a/src/mapihelp.cpp +++ b/src/mapihelp.cpp @@ -904,18 +904,16 @@ change_message_class_ipm_note (LPMESSAGE message) } xfree (proto); } - else if (!strcmp (ct, "text/plain")) + else if (!strcmp (ct, "text/plain") || + !strcmp (ct, "multipart/mixed") || + !strcmp (ct, "multipart/alternative")) { - newvalue = get_msgcls_from_pgp_lines (message); - } - else if (!strcmp (ct, "multipart/mixed")) - { - /* It is quite common to have a multipart/mixed mail with - separate encrypted PGP parts. Look at the body to + /* It is quite common to have a multipart/mixed or alternative + mail with separate encrypted PGP parts. Look at the body to decide. */ newvalue = get_msgcls_from_pgp_lines (message); } - + xfree (ct); } else @@ -1091,7 +1089,9 @@ change_message_class_ipm_note_secure_cex (LPMESSAGE message, int is_cexenc) } } - if (!newvalue && !strcmp (ct, "text/plain")) + if (!newvalue && (!strcmp (ct, "text/plain") || + !strcmp (ct, "multipart/alternative") || + !strcmp (ct, "multipart/mixed"))) { newvalue = get_msgcls_from_pgp_lines (message); } ----------------------------------------------------------------------- Summary of changes: src/mapihelp.cpp | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 13 13:03:11 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 13 Nov 2015 13:03:11 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-129-g7e59fb2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7e59fb21f728b5f54468cd35b1415a2f86003d4f (commit) from 2038adf16d0e7eeb614043aae17b16a867de6b70 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7e59fb21f728b5f54468cd35b1415a2f86003d4f Author: Werner Koch Date: Fri Nov 13 12:56:13 2015 +0100 gpg: Fix regression in --locate-keys (in 2.1.9). * g10/getkey.c (getkey_ctx_s): Add field "extra_list". (get_pubkey_byname): Store strings in the context. (getkey_end): Free EXTRA_LIST. -- This fixes a use-after-free bug. It showed up with: gpg --auto-key-locate local --locate-key wk at gnupg.org The key was shown but also all other following keys in the keyring. Bisecting showed d47e84946ee010917cfc3501062721b74afbb771 as culprit but the actual cause was a part of: Regression-due-to: b06f96ba4f57f55194efcd37a0e3a2aa5450b974 Signed-off-by: Werner Koch diff --git a/g10/getkey.c b/g10/getkey.c index 9e123ee..7238bc3 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -77,6 +77,10 @@ struct getkey_ctx_s released using getkey_end()). */ int not_allocated; + /* This variable is used as backing store for strings which have + their address used in ITEMS. */ + strlist_t extra_list; + /* Part of the search criteria: The low-level search specification as passed to keydb_search. */ int nitems; @@ -1028,7 +1032,14 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk, *retctx = NULL; } - free_strlist (namelist); + if (retctx && *retctx) + { + assert (!(*retctx)->extra_list); + (*retctx)->extra_list = namelist; + } + else + free_strlist (namelist); + return rc; } @@ -1279,6 +1290,7 @@ getkey_end (getkey_ctx_t ctx) if (ctx) { keydb_release (ctx->kr_handle); + free_strlist (ctx->extra_list); if (!ctx->not_allocated) xfree (ctx); } ----------------------------------------------------------------------- Summary of changes: g10/getkey.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 13 15:17:01 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 13 Nov 2015 15:17:01 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-104-gf620398 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via f620398facc12abb8772e32c010e27658a0422ad (commit) from e1070f0012acbb57b04d0babda3d76d9266a91ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f620398facc12abb8772e32c010e27658a0422ad Author: Andre Heinecke Date: Fri Nov 13 15:14:36 2015 +0100 Revert "Use libmapi32 from mingw" This reverts commit 6533170a34d9e6f7191e41b31045ad0b4b4af1df. -- With libmapi32.a from mingw we get unresolved symbol errors on runtime. diff --git a/src/Makefile.am b/src/Makefile.am index 2f9a6c6..e5cb2c4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -16,7 +16,7 @@ unused_sources = item-events.cpp bin_PROGRAMS = gpgol #treeview EXTRA_DIST = \ - versioninfo.rc.in $(unused_sources) Outlook.gpl \ + versioninfo.rc.in mapi32.def $(unused_sources) Outlook.gpl \ encrypt-16.bmp encrypt-16m.bmp \ sign-16.bmp sign-16m.bmp \ key-manager-16.bmp key-manager-16m.bmp \ @@ -86,11 +86,16 @@ gpgol_SOURCES = \ #treeview_SOURCES = treeview.c -# We create our own virtual copies to the _static_ +# W32API 3.2 comes with an unusable libmapi32.a. We build our own +# version. Note the omission of -k (--kill-at) from the DLLTOOL +# command line. We also create our own virtual copies to the _static_ # versions of GPGME and gpg-error, because we want to link to them # statically, and not dynamically (otherwise Outlook would not find # them). -gpgol_DEPENDENCIES = libgpg-error.a libgpgme.a libassuan.a +gpgol_DEPENDENCIES = libmapi32.a libgpg-error.a libgpgme.a libassuan.a + +libmapi32.a: mapi32.def + $(DLLTOOL) --output-lib $@ --def $< libgpg-error.a: ln -s $$($(GPG_ERROR_CONFIG) --prefix)/lib/libgpg-error.a . diff --git a/src/mapi32.def b/src/mapi32.def new file mode 100644 index 0000000..2e4fe42 --- /dev/null +++ b/src/mapi32.def @@ -0,0 +1,164 @@ +LIBRARY MAPI32.DLL +EXPORTS +BuildDisplayTable at 40 +CbOfEncoded at 4 +CchOfEncoding at 4 +ChangeIdleRoutine at 28 +CloseIMsgSession at 4 +CreateIProp at 24 +CreateTable at 36 +DeinitMapiUtil at 0 +DeregisterIdleRoutine at 4 +EnableIdleRoutine at 8 +EncodeID at 12 +FBadColumnSet at 4 +FBadEntryList at 4 +FBadProp at 4 +FBadPropTag at 4 +FBadRestriction at 4 +FBadRglpNameID at 8 +FBadRglpszA at 8 +FBadRglpszW at 8 +FBadRow at 4 +FBadRowSet at 4 +FBadSortOrderSet at 4 +FBinFromHex at 8 +FDecodeID at 12 +FEqualNames at 8 +FPropCompareProp at 12 +FPropContainsProp at 12 +FPropExists at 8 +FreePadrlist at 4 +FreeProws at 4 +FtAdcFt at 20 +FtAddFt at 16 +FtDivFtBogus at 20 +FtMulDw at 12 +FtMulDwDw at 8 +FtNegFt at 8 +FtSubFt at 16 +FtgRegisterIdleRoutine at 20 +GetAttribIMsgOnIStg at 12 +GetTnefStreamCodepage +GetTnefStreamCodepage at 12 +HexFromBin at 12 +HrAddColumns at 16 +HrAddColumnsEx at 20 +HrAllocAdviseSink at 12 +HrComposeEID at 28 +HrComposeMsgID at 24 +HrDecomposeEID at 28 +HrDecomposeMsgID at 24 +HrDispatchNotifications at 4 +HrEntryIDFromSz at 12 +HrGetOneProp at 12 +HrIStorageFromStream at 16 +HrQueryAllRows at 24 +HrSetOneProp at 8 +HrSzFromEntryID at 12 +HrThisThreadAdviseSink at 8 +HrValidateIPMSubtree at 20 +HrValidateParameters at 8 +InstallFilterHook at 4 +IsBadBoundedStringPtr at 8 +LAUNCHWIZARD +LPropCompareProp at 8 +LaunchWizard at 20 +LpValFindProp at 12 +MAPI_NSCP_SynchronizeClient at 8 +MAPIAddress at 44 +MAPIAdminProfiles +MAPIAdminProfiles at 8 +MAPIAllocateBuffer +MAPIAllocateBuffer at 8 +MAPIAllocateMore +MAPIAllocateMore at 12 +MAPIDeinitIdle at 0 +MAPIDeleteMail at 20 +MAPIDetails at 20 +MAPIFindNext at 28 +MAPIFreeBuffer +MAPIFreeBuffer at 4 +MAPIGetDefaultMalloc at 0 +MAPIGetNetscapeVersion at 0 +MAPIInitIdle at 4 +MAPIInitialize +MAPIInitialize at 4 +MAPILogoff at 16 +MAPILogon at 24 +MAPILogonEx +MAPILogonEx at 20 +MAPIOpenFormMgr +MAPIOpenFormMgr at 8 +MAPIOpenLocalFormContainer +MAPIOpenLocalFormContainer at 4 +MAPIReadMail at 24 +MAPIResolveName at 24 +MAPISaveMail at 24 +MAPISendDocuments at 20 +MAPISendMail +MAPISendMail at 20 +MAPIUninitialize +MAPIUninitialize at 0 +MNLS_CompareStringW at 24 +MNLS_IsBadStringPtrW at 8 +MNLS_MultiByteToWideChar at 24 +MNLS_WideCharToMultiByte at 32 +MNLS_lstrcmpW at 8 +MNLS_lstrcpyW at 8 +MNLS_lstrlenW at 4 +MapStorageSCode at 4 +OpenIMsgOnIStg at 44 +OpenIMsgSession at 12 +OpenStreamOnFile +OpenStreamOnFile at 24 +OpenTnefStream +OpenTnefStream at 28 +OpenTnefStreamEx +OpenTnefStreamEx at 32 +PRProviderInit +PpropFindProp at 12 +PropCopyMore at 16 +RTFSync +RTFSync at 12 +ScBinFromHexBounded at 12 +ScCopyNotifications at 16 +ScCopyProps at 16 +ScCountNotifications at 12 +ScCountProps at 12 +ScCreateConversationIndex at 16 +ScDupPropset at 16 +ScGenerateMuid at 4 +ScInitMapiUtil at 4 +ScLocalPathFromUNC at 12 +ScMAPIXFromCMC +ScMAPIXFromSMAPI +ScRelocNotifications at 20 +ScRelocProps at 20 +ScSplEntry +ScUNCFromLocalPath at 12 +SetAttribIMsgOnIStg at 16 +SwapPlong at 8 +SwapPword at 8 +SzFindCh at 8 +SzFindLastCh at 8 +SzFindSz at 8 +UFromSz at 4 +UNKOBJ_COFree at 8 +UNKOBJ_Free at 8 +UNKOBJ_FreeRows at 8 +UNKOBJ_ScAllocate at 12 +UNKOBJ_ScAllocateMore at 16 +UNKOBJ_ScCOAllocate at 12 +UNKOBJ_ScCOReallocate at 12 +UNKOBJ_ScSzFromIdsAlloc at 20 +UlAddRef at 4 +UlFromSzHex at 4 +UlPropSize at 4 +UlRelease at 4 +WrapCompressedRTFStream +WrapCompressedRTFStream at 12 +WrapProgress at 20 +WrapStoreEntryID at 24 +__CPPValidateParameters at 8 +__ValidateParameters at 8 ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 11 ++-- src/mapi32.def | 164 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 172 insertions(+), 3 deletions(-) create mode 100644 src/mapi32.def hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 13 16:14:31 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 13 Nov 2015 16:14:31 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-130-g7de8376 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 7de8376430625c1f6f3a58ae16276deca8ff6a82 (commit) from 7e59fb21f728b5f54468cd35b1415a2f86003d4f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7de8376430625c1f6f3a58ae16276deca8ff6a82 Author: Werner Koch Date: Fri Nov 13 16:09:01 2015 +0100 gpg: Make trusted-key override for Tofu robust against swapped tofu.db. * g10/tofu.c (get_trust): For the UTK check lookup the key by fingerprint. -- Extracting the keyid form the fingerprint is not a good idea because that only works for v4 keys. It is also better to first read the key and then extract the keyid from the actual available key. The entire trusted-key stuff should be reworked to make use of fingerprints. Signed-off-by: Werner Koch diff --git a/g10/tofu.c b/g10/tofu.c index f7dd40d..e60ee54 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -1654,30 +1654,42 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, if (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_NONE) /* See if the key is ultimately trusted. If so, we're done. */ { - const char *keyid; - KEYDB_SEARCH_DESC desc; + PKT_public_key *pk; + u32 kid[2]; + char fpr_bin[MAX_FINGERPRINT_LEN+1]; + size_t fpr_bin_len; - /* We need to convert the fingerprint as a string to a long - keyid. - - FINGERPRINT is stored as follows: - - 362D3527F53AAD1971AAFDE658859975EE37CF96 - ------------------- - - The last 16 characters are the long keyid. - */ - assert (strlen (fingerprint) > 4 * 4); - keyid = &fingerprint[strlen (fingerprint) - 16]; + if (!hex2str (fingerprint, fpr_bin, sizeof fpr_bin, &fpr_bin_len)) + { + log_error ("error converting fingerprint: %s\n", + gpg_strerror (gpg_error_from_syserror ())); + return _tofu_GET_TRUST_ERROR; + } - rc = classify_user_id (keyid, &desc, 1); - if (rc || desc.mode != KEYDB_SEARCH_MODE_LONG_KID) + /* We need to lookup the key by fingerprint again so that we can + properly extract the keyid. Extracting direct from the + fingerprint works only for v4 keys and would assume that + there is no collision in the low 64 bit. We can't guarantee + the latter in case the Tofu DB is used with a different + keyring. In any case the UTK stuff needs to be changed to + use only fingerprints. */ + pk = xtrycalloc (1, sizeof *pk); + if (!pk) + { + log_error (_("out of core\n")); + return _tofu_GET_TRUST_ERROR; + } + rc = get_pubkey_byfprint_fast (pk, fpr_bin, fpr_bin_len); + if (rc) { - log_error (_("'%s' is not a valid long keyID\n"), keyid); - goto out; + log_error (_("public key %s not found: %s\n"), + fingerprint, gpg_strerror (rc)); + return _tofu_GET_TRUST_ERROR; } + keyid_from_pk (pk, kid); + free_public_key (pk); - if (tdb_keyid_is_utk (desc.u.kid)) + if (tdb_keyid_is_utk (kid)) { if (policy == TOFU_POLICY_NONE) { ----------------------------------------------------------------------- Summary of changes: g10/tofu.c | 50 +++++++++++++++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 19 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 13 17:20:12 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 13 Nov 2015 17:20:12 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-106-gb4ce4fd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via b4ce4fdf509c7223e605770610d38611483572e1 (commit) via 1b664e0d4a74c8b8daeafa9fe1fe82af488c141d (commit) from f620398facc12abb8772e32c010e27658a0422ad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b4ce4fdf509c7223e605770610d38611483572e1 Author: Andre Heinecke Date: Fri Nov 13 17:18:28 2015 +0100 Use gpgrt_asprintf * src/attachment.cpp (do_crypt), src/gpgoladdin.cpp (GetCustomUI): Use gpgrt_asprintf. -- We link libgpg-error anyway so let's make use of it. Fixes the build on debian wheezy diff --git a/src/attachment.cpp b/src/attachment.cpp index 66588d5..2043658 100644 --- a/src/attachment.cpp +++ b/src/attachment.cpp @@ -27,6 +27,7 @@ #include "mapihelp.h" #include +#include #define COPYBUFFERSIZE 4096 @@ -280,7 +281,7 @@ do_crypt (LPDISPATCH mailitem, bool protect) LPATTACH mapi_attachment; attachtype_t att_type; - if (asprintf (&item_str, "Item(%i)", i) == -1) + if (gpgrt_asprintf (&item_str, "Item(%i)", i) == -1) { log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); goto done; diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp index 8b03782..269c2af 100644 --- a/src/gpgoladdin.cpp +++ b/src/gpgoladdin.cpp @@ -50,6 +50,8 @@ #include "windowmessages.h" #include "mail.h" +#include + #define ICON_SIZE_LARGE 32 #define ICON_SIZE_NORMAL 16 @@ -598,7 +600,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml) if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Compose")) { - asprintf (&buffer, + gpgrt_asprintf (&buffer, "" " " " " @@ -712,7 +714,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml) if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Compose")) { TRACEPOINT - asprintf (&buffer, + gpgrt_asprintf (&buffer, "" " " " " @@ -805,7 +807,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml) else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Mail.Read")) { TRACEPOINT - asprintf (&buffer, + gpgrt_asprintf (&buffer, "" " " " " @@ -879,7 +881,7 @@ GpgolRibbonExtender::GetCustomUI (BSTR RibbonID, BSTR * RibbonXml) else if (!wcscmp (RibbonID, L"Microsoft.Outlook.Explorer")) { TRACEPOINT - asprintf (&buffer, + gpgrt_asprintf (&buffer, "" " " " " commit 1b664e0d4a74c8b8daeafa9fe1fe82af488c141d Author: Andre Heinecke Date: Fri Nov 13 17:17:38 2015 +0100 Remove unsed vasprintf implementation * src/missing/vasprintf.c: Removed. -- This didn't compile anymore with gcc-4.9 diff --git a/src/missing/vasprintf.c b/src/missing/vasprintf.c deleted file mode 100644 index 6adff11..0000000 --- a/src/missing/vasprintf.c +++ /dev/null @@ -1,169 +0,0 @@ -/* Like vsprintf but provides a pointer to malloc'd storage, which must - be freed by the caller. - Copyright (C) 1994, 2002 Free Software Foundation, Inc. - -This file is part of the libiberty library. -Libiberty is free software; you can redistribute it and/or -modify it under the terms of the GNU Library General Public -License as published by the Free Software Foundation; either -version 2 of the License, or (at your option) any later version. - -Libiberty is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Library General Public License for more details. - -You should have received a copy of the GNU Library General Public -License along with libiberty; see the file COPYING.LIB. If -not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, -Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -#include -#endif -#include -#include -#include -#include - -#ifdef TEST -int global_total_width; -#endif - -int -vasprintf (char **result, const char *format, va_list *args) -{ - const char *p = format; - /* Add one to make sure that it is never zero, which might cause malloc - to return NULL. */ - int total_width = strlen (format) + 1; - va_list ap; - -#ifdef va_copy - va_copy (ap, args); -#else -#ifdef __va_copy - __va_copy (ap, args); -#else - memcpy (&ap, args, sizeof (va_list)); -#endif /* __va_copy */ -#endif /* va_copy */ - - while (*p != '\0') - { - if (*p++ == '%') - { - while (strchr ("-+ #0", *p)) - ++p; - if (*p == '*') - { - ++p; - total_width += abs (va_arg (ap, int)); - } - else - total_width += strtoul (p, (char**)&p, 10); - if (*p == '.') - { - ++p; - if (*p == '*') - { - ++p; - total_width += abs (va_arg (ap, int)); - } - else - total_width += strtoul (p, (char**)&p, 10); - } - while (strchr ("hlL", *p)) - ++p; - /* Should be big enough for any format specifier except %s - and floats. */ - total_width += 30; - switch (*p) - { - case 'd': - case 'i': - case 'o': - case 'u': - case 'x': - case 'X': - case 'c': - (void) va_arg (ap, int); - break; - case 'f': - case 'e': - case 'E': - case 'g': - case 'G': - (void) va_arg (ap, double); - /* Since an ieee double can have an exponent of 307, we'll - make the buffer wide enough to cover the gross case. */ - total_width += 307; - break; - case 's': - { - char *tmp = va_arg (ap, char *); - if (tmp) - total_width += strlen (tmp); - else /* in case the vsprintf does prints a text */ - total_width += 25; /* e.g. "(null pointer reference)" */ - } - break; - case 'p': - case 'n': - (void) va_arg (ap, char *); - break; - } - } - } -#ifdef TEST - global_total_width = total_width; -#endif - *result = malloc (total_width); - if (*result != NULL) - return vsprintf (*result, format, *args); - else - return 0; -} - - -int -asprintf (char **buf, const char *fmt, ...) -{ - int status; - va_list ap; - - va_start (ap, fmt); - status = vasprintf (buf, fmt, ap); - va_end (ap); - return status; -} - - -#ifdef TEST -void -checkit (const char* format, ...) -{ - va_list args; - char *result; - - va_start (args, format); - vasprintf (&result, format, args); - if (strlen (result) < global_total_width) - printf ("PASS: "); - else - printf ("FAIL: "); - printf ("%d %s\n", global_total_width, result); -} - -int -main (void) -{ - checkit ("%d", 0x12345678); - checkit ("%200d", 5); - checkit ("%.300d", 6); - checkit ("%100.150d", 7); - checkit ("%s", "jjjjjjjjjiiiiiiiiiiiiiiioooooooooooooooooppppppppppppaa\n\ -777777777777777777333333333333366666666666622222222222777777777777733333"); - checkit ("%f%s%d%s", 1.0, "foo", 77, "asdjffffffffffffffiiiiiiiiiiixxxxx"); -} -#endif /* TEST */ ----------------------------------------------------------------------- Summary of changes: src/attachment.cpp | 3 +- src/gpgoladdin.cpp | 10 +-- src/missing/vasprintf.c | 169 ------------------------------------------------ 3 files changed, 8 insertions(+), 174 deletions(-) delete mode 100644 src/missing/vasprintf.c hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 13 17:27:56 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 13 Nov 2015 17:27:56 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-107-g36547fa Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 36547fa3ff1c40d6b4b1204f44d3c0966354c73d (commit) from b4ce4fdf509c7223e605770610d38611483572e1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 36547fa3ff1c40d6b4b1204f44d3c0966354c73d Author: Andre Heinecke Date: Fri Nov 13 17:27:01 2015 +0100 Remove unused include * src/attachment.cpp: Remove unused include. -- objidlbase.h is not part of mingw-2.0 but luckily we don't need it anway and it's just a leftover from an experiment. diff --git a/src/attachment.cpp b/src/attachment.cpp index 2043658..c93a3a4 100644 --- a/src/attachment.cpp +++ b/src/attachment.cpp @@ -26,7 +26,6 @@ #include "mymapitags.h" #include "mapihelp.h" -#include #include #define COPYBUFFERSIZE 4096 ----------------------------------------------------------------------- Summary of changes: src/attachment.cpp | 1 - 1 file changed, 1 deletion(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Sat Nov 14 09:17:29 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Sat, 14 Nov 2015 09:17:29 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-132-g3689c21 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 3689c2105aab6a4304e9464c5b20207d69b9a133 (commit) via e7d7160ab7cd4e6b460bfe36fd3a7275adadb4e2 (commit) from 7de8376430625c1f6f3a58ae16276deca8ff6a82 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3689c2105aab6a4304e9464c5b20207d69b9a133 Author: Werner Koch Date: Sat Nov 14 09:13:02 2015 +0100 gpg: Use only one fingerprint formatting function. * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New. * g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN. Change all callers. (format_hexfingerprint): New. * g10/keylist.c (print_fingerprint): Change to use hexfingerprint. * g10/tofu.c (fingerprint_format): Remove. Replace calls by format_hexfingerprint. Signed-off-by: Werner Koch diff --git a/g10/export.c b/g10/export.c index b927251..3c2aa57 100644 --- a/g10/export.c +++ b/g10/export.c @@ -819,7 +819,7 @@ print_status_exported (PKT_public_key *pk) if (!is_status_enabled ()) return; - hexfpr = hexfingerprint (pk); + hexfpr = hexfingerprint (pk, NULL, 0); write_status_text (STATUS_EXPORTED, hexfpr? hexfpr : "[?]"); xfree (hexfpr); } diff --git a/g10/gpg.h b/g10/gpg.h index 6f92abd..5cd8366 100644 --- a/g10/gpg.h +++ b/g10/gpg.h @@ -43,6 +43,10 @@ Warning: At some places we still use 20 instead of this macro. */ #define MAX_FINGERPRINT_LEN 20 +/* The maximum length of a formatted fingerprint as returned by + format_hexfingerprint(). */ +#define MAX_FORMATTED_FINGERPRINT_LEN 50 + /* Forward declarations. diff --git a/g10/keydb.h b/g10/keydb.h index 76136c1..e909c0f 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -809,7 +809,9 @@ const char *colon_datestr_from_pk (PKT_public_key *pk); const char *colon_datestr_from_sig (PKT_signature *sig); const char *colon_expirestr_from_sig (PKT_signature *sig); byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len ); -char *hexfingerprint (PKT_public_key *pk); +char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen); +char *format_hexfingerprint (const char *fingerprint, + char *buffer, size_t buflen); gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array); gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip); diff --git a/g10/keyid.c b/g10/keyid.c index 42a5f9f..de46d72 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -704,18 +704,81 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len) /* Return an allocated buffer with the fingerprint of PK formatted as - a plain hexstring. */ + a plain hexstring. If BUFFER is NULL the result is a malloc'd + string. If BUFFER is not NULL the result will be copied into this + buffer. In the latter case BUFLEN describes the length of the + buffer; if this is too short the function terminates the process. + Returns a malloc'ed string or BUFFER. A suitable length for BUFFER + is (2*MAX_FINGERPRINT_LEN + 1). */ char * -hexfingerprint (PKT_public_key *pk) +hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen) { unsigned char fpr[MAX_FINGERPRINT_LEN]; size_t len; - char *result; fingerprint_from_pk (pk, fpr, &len); - result = xmalloc (2 * len + 1); - bin2hex (fpr, len, result); - return result; + if (!buffer) + buffer = xmalloc (2 * len + 1); + else if (buflen < 2*len+1) + log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen); + bin2hex (fpr, len, buffer); + return buffer; +} + + +/* Pretty print a hex fingerprint. If BUFFER is NULL the result is a + malloc'd string. If BUFFER is not NULL the result will be copied + into this buffer. In the latter case BUFLEN describes the length + of the buffer; if this is too short the function terminates the + process. Returns a malloc'ed string or BUFFER. A suitable length + for BUFFER is (MAX_FORMATTED_FINGERPRINT_LEN + 1). */ +char * +format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen) +{ + int hexlen = strlen (fingerprint); + int space; + int i, j; + + if (hexlen == 40) /* v4 fingerprint */ + { + space = (/* The characters and the NUL. */ + 40 + 1 + /* After every fourth character, we add a space (except + the last). */ + + 40 / 4 - 1 + /* Half way through we add a second space. */ + + 1); + } + else /* Other fingerprint versions - print as is. */ + { + space = hexlen + 1; + } + + if (!buffer) + buffer = xmalloc (space); + else if (buflen < space) + log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen); + + if (hexlen == 40) /* v4 fingerprint */ + { + for (i = 0, j = 0; i < 40; i ++) + { + if (i && i % 4 == 0) + buffer[j ++] = ' '; + if (i == 40 / 2) + buffer[j ++] = ' '; + + buffer[j ++] = fingerprint[i]; + } + buffer[j ++] = 0; + assert (j == space); + } + else + { + strcpy (buffer, fingerprint); + } + + return buffer; } diff --git a/g10/keylist.c b/g10/keylist.c index f3fd9d9..2923a13 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -895,7 +895,7 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock) } - hexfpr = hexfingerprint (pk); + hexfpr = hexfingerprint (pk, NULL, 0); if (opt.print_dane_records) { kbnode_t dummy_keyblock; @@ -1833,8 +1833,9 @@ print_icao_hexdigit (estream_t fp, int c) void print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) { - byte array[MAX_FINGERPRINT_LEN], *p; - size_t i, n; + char hexfpr[2*MAX_FINGERPRINT_LEN+1]; + char *p; + size_t i; estream_t fp; const char *text; int primary = 0; @@ -1903,47 +1904,33 @@ print_fingerprint (estream_t override_fp, PKT_public_key *pk, int mode) text = _(" Key fingerprint ="); } - fingerprint_from_pk (pk, array, &n); - p = array; + hexfingerprint (pk, hexfpr, sizeof hexfpr); if (with_colons && !mode) { - es_fprintf (fp, "fpr:::::::::"); - for (i = 0; i < n; i++, p++) - es_fprintf (fp, "%02X", *p); - es_putc (':', fp); + es_fprintf (fp, "fpr:::::::::%s:", hexfpr); } else { - tty_fprintf (fp, "%s", text); - if (n == 20) - { - for (i = 0; i < n; i++, i++, p += 2) - tty_fprintf (fp, "%s %02X%02X", i==10? " ":"", *p, p[1]); - } - else - { - for (i = 0; i < n; i++, p++) - tty_fprintf (fp, "%s %02X", (i && !(i % 8))? " ":"", *p); - } + char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1]; + format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr); + tty_fprintf (fp, "%s %s", text, fmtfpr); } tty_fprintf (fp, "\n"); if (!with_colons && with_icao) { - p = array; + ; tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, ""); - for (i = 0; i < n; i++, p++) + for (i = 0, p = hexfpr; *p; i++, p++) { if (!i) ; - else if (!(i%4)) + else if (!(i%8)) tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, ""); - else if (!(i%2)) + else if (!(i%4)) tty_fprintf (fp, " "); else tty_fprintf (fp, " "); - print_icao_hexdigit (fp, *p >> 4); - tty_fprintf (fp, " "); - print_icao_hexdigit (fp, *p & 15); + print_icao_hexdigit (fp, xtoi_1 (p)); } tty_fprintf (fp, "\"\n"); } diff --git a/g10/revoke.c b/g10/revoke.c index 7ff50be..460f346 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -530,7 +530,7 @@ gen_standard_revoke (PKT_public_key *psk, const char *cache_nonce) char *orig_codeset; dir = get_openpgp_revocdir (opt.homedir); - tmpstr = hexfingerprint (psk); + tmpstr = hexfingerprint (psk, NULL, 0); fname = xstrconcat (dir, DIRSEP_S, tmpstr, NULL); xfree (tmpstr); xfree (dir); diff --git a/g10/tofu.c b/g10/tofu.c index 5501cee..b1b9f71 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -167,48 +167,9 @@ tofu_cache_dump (struct db *db) # define TIME_AGO_UNIT_LARGE_NAME _("month") # define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("months") #endif - - -/* Pretty print a MAX_FINGERPRINT_LEN-byte binary fingerprint into a - malloc'd string. */ -static char * -fingerprint_format (const byte *fingerprint) -{ - char *fingerprint_pretty; - int space = (/* The characters and the NUL. */ - 2 * MAX_FINGERPRINT_LEN + 1 - /* After every fourth character, we add a space (except - the last). */ - + 2 * MAX_FINGERPRINT_LEN / 4 - 1 - /* Half way through we add a second space. */ - + 1); - int i; - int j; - - if (strlen (fingerprint) != 2 * MAX_FINGERPRINT_LEN) - { - log_info (_("Fingerprint with unexpected length (%zu chars)\n"), - strlen (fingerprint)); - return xstrdup (fingerprint); - } - fingerprint_pretty = xmalloc (space); - - for (i = 0, j = 0; i < MAX_FINGERPRINT_LEN * 2; i ++) - { - if (i && i % 4 == 0) - fingerprint_pretty[j ++] = ' '; - if (i == MAX_FINGERPRINT_LEN * 2 / 2) - fingerprint_pretty[j ++] = ' '; - - fingerprint_pretty[j ++] = fingerprint[i]; - } - fingerprint_pretty[j ++] = 0; - assert (j == space); - - return fingerprint_pretty; -} + const char * tofu_policy_str (enum tofu_policy policy) { @@ -1114,7 +1075,7 @@ static gpg_error_t record_binding (struct dbs *dbs, const char *fingerprint, const char *email, const char *user_id, enum tofu_policy policy, int show_old) { - char *fingerprint_pp = fingerprint_format (fingerprint); + char *fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); struct db *db_email = NULL, *db_key = NULL; int rc; char *err = NULL; @@ -1639,7 +1600,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, if (! db) return _tofu_GET_TRUST_ERROR; - fingerprint_pp = fingerprint_format (fingerprint); + fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); policy = get_policy (dbs, fingerprint, email, &conflict); if (policy == TOFU_POLICY_AUTO || policy == TOFU_POLICY_NONE) @@ -1878,7 +1839,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, display this message. */ && conflict && strcmp (conflict, fingerprint) != 0) { - char *conflict_pp = fingerprint_format (conflict); + char *conflict_pp = format_hexfingerprint (conflict, NULL, 0); es_fprintf (fp, _("The key %s raised a conflict with this binding (%s)." " Since this binding's policy was 'auto', it was " @@ -2035,7 +1996,7 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, char *key_pp; key = stats_iter->fingerprint; this_key = strcmp (key, fingerprint) == 0; - key_pp = fingerprint_format (key); + key_pp = format_hexfingerprint (key, NULL, 0); if (this_key) es_fprintf (fp, _(" %s (this key):"), key_pp); else @@ -2351,7 +2312,7 @@ show_statistics (struct dbs *dbs, const char *fingerprint, if (! db) return; - fingerprint_pp = fingerprint_format (fingerprint); + fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); rc = sqlite3_exec_printf (db->db, strings_collect_cb, &strlist, &err, @@ -2579,8 +2540,8 @@ tofu_register (PKT_public_key *pk, const char *user_id, goto die; } - fingerprint = hexfingerprint (pk); - fingerprint_pp = fingerprint_format (fingerprint); + fingerprint = hexfingerprint (pk, NULL, 0); + fingerprint_pp = format_hexfingerprint (fingerprint, NULL, 0); if (! *user_id) { @@ -2794,7 +2755,7 @@ tofu_get_validity (PKT_public_key *pk, const char *user_id, goto die; } - fingerprint = hexfingerprint (pk); + fingerprint = hexfingerprint (pk, NULL, 0); if (! *user_id) { @@ -2853,7 +2814,7 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy) && pk->main_keyid[1] == pk->keyid[1])) log_bug ("%s: Passed a subkey, but expecting a primary key.\n", __func__); - fingerprint = hexfingerprint (pk); + fingerprint = hexfingerprint (pk, NULL, 0); for (; kb; kb = kb->next) { @@ -2925,7 +2886,7 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id, return gpg_error (GPG_ERR_GENERAL); } - fingerprint = hexfingerprint (pk); + fingerprint = hexfingerprint (pk, NULL, 0); email = email_from_user_id (user_id->name); commit e7d7160ab7cd4e6b460bfe36fd3a7275adadb4e2 Author: Werner Koch Date: Fri Nov 13 16:42:59 2015 +0100 gpg: Simplify the tofu interface by using the public key packet. * g10/tofu.c (fingerprint_str): Remove. (tofu_register): Take a public key instead of a fingerprint as arg. Use hexfingerprint() to get a fpr from the PK. (tofu_get_validity): Ditto. (tofu_set_policy, tofu_get_policy): Simplify by using hexfingerprint. * g10/trustdb.c (tdb_get_validity_core): Pass the primary key PK to instead of the fingerprint to the tofu functions. -- This change has the advantage that we are not bound to a specific fingerprint length and will thus helps us to implement rfc4880bis. Signed-off-by: Werner Koch diff --git a/g10/gpg.h b/g10/gpg.h index accec24..6f92abd 100644 --- a/g10/gpg.h +++ b/g10/gpg.h @@ -37,7 +37,9 @@ /* Number of bits we accept when reading or writing MPIs. */ #define MAX_EXTERN_MPI_BITS 16384 -/* The maximum length of a binary fingerprints. +/* The maximum length of a binary fingerprints. This is used to + provide a static buffer and will be increased if we need to support + longer fingerprints. Warning: At some places we still use 20 instead of this macro. */ #define MAX_FINGERPRINT_LEN 20 diff --git a/g10/tofu.c b/g10/tofu.c index e60ee54..5501cee 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -168,15 +168,6 @@ tofu_cache_dump (struct db *db) # define TIME_AGO_UNIT_LARGE_NAME_PLURAL _("months") #endif -static char * -fingerprint_str (const byte *fingerprint_bin) -{ - char *fingerprint = bin2hex (fingerprint_bin, MAX_FINGERPRINT_LEN, NULL); - if (! fingerprint) - log_fatal ("bin2hex failed: %s\n", - gpg_strerror (gpg_error_from_syserror())); - return fingerprint; -} /* Pretty print a MAX_FINGERPRINT_LEN-byte binary fingerprint into a malloc'd string. */ @@ -2543,8 +2534,8 @@ email_from_user_id (const char *user_id) return email; } -/* Register the signature with the binding . - FINGERPRINT must be MAX_FINGERPRINT_LEN bytes long. +/* Register the signature with the binding . + The fingerprint is taken from the primary key packet PK. SIG_DIGEST_BIN is the binary representation of the message's digest. SIG_DIGEST_BIN_LEN is its length. @@ -2563,7 +2554,7 @@ email_from_user_id (const char *user_id) This function returns the binding's trust level on return. If an error occurs, this function returns TRUST_UNKNOWN. */ int -tofu_register (const byte *fingerprint_bin, const char *user_id, +tofu_register (PKT_public_key *pk, const char *user_id, const byte *sig_digest_bin, int sig_digest_bin_len, time_t sig_time, const char *origin, int may_ask) { @@ -2588,7 +2579,7 @@ tofu_register (const byte *fingerprint_bin, const char *user_id, goto die; } - fingerprint = fingerprint_str (fingerprint_bin); + fingerprint = hexfingerprint (pk); fingerprint_pp = fingerprint_format (fingerprint); if (! *user_id) @@ -2780,7 +2771,7 @@ tofu_wot_trust_combine (int tofu_base, int wot_base) /* Return the validity (TRUST_NEVER, etc.) of the binding . - FINGERPRINT must be a MAX_FINGERPRINT_LEN-byte fingerprint. + PK is the primary key packet. If MAY_ASK is 1 and the policy is TOFU_POLICY_ASK, then the user will be prompted to choose a different policy. If MAY_ASK is 0 and @@ -2788,7 +2779,7 @@ tofu_wot_trust_combine (int tofu_base, int wot_base) Returns TRUST_UNDEFINED if an error occurs. */ int -tofu_get_validity (const byte *fingerprint_bin, const char *user_id, +tofu_get_validity (PKT_public_key *pk, const char *user_id, int may_ask) { struct dbs *dbs; @@ -2803,7 +2794,7 @@ tofu_get_validity (const byte *fingerprint_bin, const char *user_id, goto die; } - fingerprint = fingerprint_str (fingerprint_bin); + fingerprint = hexfingerprint (pk); if (! *user_id) { @@ -2843,8 +2834,6 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy) { struct dbs *dbs; PKT_public_key *pk; - char fingerprint_bin[MAX_FINGERPRINT_LEN]; - size_t fingerprint_bin_len = sizeof (fingerprint_bin); char *fingerprint = NULL; assert (kb->pkt->pkttype == PKT_PUBLIC_KEY); @@ -2864,10 +2853,7 @@ tofu_set_policy (kbnode_t kb, enum tofu_policy policy) && pk->main_keyid[1] == pk->keyid[1])) log_bug ("%s: Passed a subkey, but expecting a primary key.\n", __func__); - fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); - assert (fingerprint_bin_len == sizeof (fingerprint_bin)); - - fingerprint = fingerprint_str (fingerprint_bin); + fingerprint = hexfingerprint (pk); for (; kb; kb = kb->next) { @@ -2925,8 +2911,6 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id, enum tofu_policy *policy) { struct dbs *dbs; - char fingerprint_bin[MAX_FINGERPRINT_LEN]; - size_t fingerprint_bin_len = sizeof (fingerprint_bin); char *fingerprint; char *email; @@ -2941,10 +2925,7 @@ tofu_get_policy (PKT_public_key *pk, PKT_user_id *user_id, return gpg_error (GPG_ERR_GENERAL); } - fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); - assert (fingerprint_bin_len == sizeof (fingerprint_bin)); - - fingerprint = fingerprint_str (fingerprint_bin); + fingerprint = hexfingerprint (pk); email = email_from_user_id (user_id->name); diff --git a/g10/tofu.h b/g10/tofu.h index 2d23e86..7ee1083 100644 --- a/g10/tofu.h +++ b/g10/tofu.h @@ -71,14 +71,14 @@ const char *tofu_policy_str (enum tofu_policy policy); (e.g., TRUST_BAD) in light of the current configuration. */ int tofu_policy_to_trust_level (enum tofu_policy policy); -/* Register the binding and the signature +/* Register the binding and the signature described by SIGS_DIGEST and SIG_TIME, which it generated. Origin describes where the signed data came from, e.g., "email:claws" (default: "unknown"). If MAY_ASK is 1, then this function may interact with the user in the case of a conflict or if the binding's policy is ask. This function returns the binding's trust level. If an error occurs, it returns TRUST_UNKNOWN. */ -int tofu_register (const byte *fingerprint, const char *user_id, +int tofu_register (PKT_public_key *pk, const char *user_id, const byte *sigs_digest, int sigs_digest_len, time_t sig_time, const char *origin, int may_ask); @@ -88,11 +88,10 @@ int tofu_register (const byte *fingerprint, const char *user_id, int tofu_wot_trust_combine (int tofu, int wot); /* Determine the validity (TRUST_NEVER, etc.) of the binding - . If MAY_ASK is 1, then this function may + . If MAY_ASK is 1, then this function may interact with the user. If not, TRUST_UNKNOWN is returned. If an error occurs, TRUST_UNDEFINED is returned. */ -int tofu_get_validity (const byte *fingerprint, const char *user_id, - int may_ask); +int tofu_get_validity (PKT_public_key *pk, const char *user_id, int may_ask); /* Set the policy for all non-revoked user ids in the keyblock KB to POLICY. */ diff --git a/g10/trustdb.c b/g10/trustdb.c index 4f60f1f..b58d5e1 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1021,12 +1021,6 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, int user_ids = 0; int user_ids_expired = 0; - char fingerprint[MAX_FINGERPRINT_LEN]; - size_t fingerprint_len = sizeof (fingerprint); - - fingerprint_from_pk (main_pk, fingerprint, &fingerprint_len); - assert (fingerprint_len == sizeof (fingerprint)); - /* If the caller didn't supply a user id then iterate over all uids. */ if (! uid) @@ -1062,12 +1056,12 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, user_ids ++; if (sig) - tl = tofu_register (fingerprint, user_id->name, + tl = tofu_register (main_pk, user_id->name, sig->digest, sig->digest_len, sig->timestamp, "unknown", may_ask); else - tl = tofu_get_validity (fingerprint, user_id->name, may_ask); + tl = tofu_get_validity (main_pk, user_id->name, may_ask); if (tl == TRUST_EXPIRED) user_ids_expired ++; ----------------------------------------------------------------------- Summary of changes: g10/export.c | 2 +- g10/gpg.h | 8 +++++- g10/keydb.h | 4 ++- g10/keyid.c | 75 +++++++++++++++++++++++++++++++++++++++++++++---- g10/keylist.c | 41 ++++++++++----------------- g10/revoke.c | 2 +- g10/tofu.c | 90 +++++++++++------------------------------------------------ g10/tofu.h | 9 +++--- g10/trustdb.c | 10 ++----- 9 files changed, 117 insertions(+), 124 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 16 10:34:22 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 16 Nov 2015 10:34:22 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-133-g8e2bea2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 8e2bea22b0927f4f95a248cc7517f407a705d8a8 (commit) from 3689c2105aab6a4304e9464c5b20207d69b9a133 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8e2bea22b0927f4f95a248cc7517f407a705d8a8 Author: Neal H. Walfield Date: Mon Nov 16 10:34:01 2015 +0100 gpg: Fix error checking and improve error reporting. * g10/gpg.c (check_user_ids): Differentiate between a second result and an error. If the key specification is ambiguous or an error occurs, set RC appropriately. -- Signed-off-by: Neal H. Walfield Reported-by: Werner Koch Suggested-by: NIIBE Yutaka diff --git a/g10/gpg.c b/g10/gpg.c index 36e6542..75060b8 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2196,8 +2196,8 @@ check_user_ids (strlist_t *sp, /* Continue the search. */ err = keydb_search (hd, &desc, 1, NULL); - if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND - || gpg_err_code (err) == GPG_ERR_EOF)) + if (! err) + /* Another result! */ { char fingerprint_bin2[MAX_FINGERPRINT_LEN]; size_t fingerprint_bin2_len = sizeof (fingerprint_bin2); @@ -2208,6 +2208,9 @@ check_user_ids (strlist_t *sp, if (!opt.quiet) log_info (_("(check argument of option '%s')\n"), option); + if (! rc) + rc = GPG_ERR_CONFLICT; + err = keydb_get_keyblock (hd, &kb); if (err) log_error (_("error reading key block for '%s': %s.\n"), @@ -2225,6 +2228,15 @@ check_user_ids (strlist_t *sp, release_kbnode (kb); } } + else if (! (gpg_err_code (err) == GPG_ERR_NOT_FOUND + || gpg_err_code (err) == GPG_ERR_EOF)) + /* An error (other than "not found"). */ + { + log_error (_("Error reading from keyring: %s\n"), + gpg_strerror (err)); + if (! rc) + rc = err; + } } strlist_rev (&s2); ----------------------------------------------------------------------- Summary of changes: g10/gpg.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 10:54:35 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 17 Nov 2015 10:54:35 +0100 Subject: [git] GnuPG - branch, justus/issue2012, created. gnupg-2.1.9-134-gebba10c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, justus/issue2012 has been created at ebba10cf9edd2df5e46333cda991cf3168f2d662 (commit) - Log ----------------------------------------------------------------- commit ebba10cf9edd2df5e46333cda991cf3168f2d662 Author: Justus Winter Date: Mon Nov 16 18:18:25 2015 +0100 dirmngr: Fix specifying keyservers by IP address. Previously, if a keyserver was given using its IP address (e.g. 'hkp://127.0.0.1'), 'map_host' would create two entries in the 'hosttable', one with the name '127.0.0.1', and the second one with the name 'localhost' and 'v4addr' being set to '127.0.0.1'. But the first entry is the one being used for lookups, and since the 'v4' flag is not set, the 'HTTP_FLAG_IGNORE_IPv4' is used when doing the http request, making it fail. * dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable' entry instead of creating another one. Signed-off-by: Justus Winter GnuPG-bug-id: 2012 diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index a658727..7051a5b 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -378,7 +378,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, } else { - tmpidx = find_hostinfo (tmphost); + if (!is_pool && is_ip_address (name)) + /* Update the original entry. */ + tmpidx = idx; + else + tmpidx = find_hostinfo (tmphost); log_info ("resolve_dns_addr for '%s': '%s'%s\n", name, tmphost, tmpidx == -1? "" : " [already known]"); ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 11:20:22 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 17 Nov 2015 11:20:22 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-281-g0e39594 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 0e395944b70c7a92a6437f6bcc14f287c19ce9de (commit) from 89fa74d6b3e58cd4fcd6e0939a35e46cbaca2ea0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0e395944b70c7a92a6437f6bcc14f287c19ce9de Author: Justus Winter Date: Mon Nov 16 12:18:47 2015 +0100 Fix typos found using codespell * cipher/cipher-ocb.c: Fix typos. * cipher/des.c: Likewise. * cipher/dsa-common.c: Likewise. * cipher/ecc.c: Likewise. * cipher/pubkey.c: Likewise. * cipher/rsa-common.c: Likewise. * cipher/scrypt.c: Likewise. * random/random-csprng.c: Likewise. * random/random-fips.c: Likewise. * random/rndw32.c: Likewise. * src/cipher-proto.h: Likewise. * src/context.c: Likewise. * src/fips.c: Likewise. * src/gcrypt.h.in: Likewise. * src/global.c: Likewise. * src/sexp.c: Likewise. * tests/mpitests.c: Likewise. * tests/t-lock.c: Likewise. Signed-off-by: Justus Winter diff --git a/cipher/cipher-ocb.c b/cipher/cipher-ocb.c index a3a2c9b..6db1db3 100644 --- a/cipher/cipher-ocb.c +++ b/cipher/cipher-ocb.c @@ -307,7 +307,7 @@ _gcry_cipher_ocb_authenticate (gcry_cipher_hd_t c, const unsigned char *abuf, c->spec->encrypt (&c->context.c, l_tmp, l_tmp); buf_xor_1 (c->u_mode.ocb.aad_sum, l_tmp, OCB_BLOCK_LEN); - /* Mark AAD as finalized to avoid accidently calling this + /* Mark AAD as finalized to avoid accidentally calling this function again after a non-full block has been processed. */ c->u_mode.ocb.aad_finalized = 1; } diff --git a/cipher/des.c b/cipher/des.c index be62763..5c99f50 100644 --- a/cipher/des.c +++ b/cipher/des.c @@ -49,7 +49,7 @@ * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode. * * (In the examples below the slashes at the beginning and ending of comments - * are omited.) + * are omitted.) * * DES Example * ----------- @@ -68,7 +68,7 @@ * * Encrypt the plaintext * * des_ecb_encrypt(context, plaintext, ciphertext); * - * * To recover the orginal plaintext from ciphertext use: * + * * To recover the original plaintext from ciphertext use: * * des_ecb_decrypt(context, ciphertext, recoverd); * * diff --git a/cipher/dsa-common.c b/cipher/dsa-common.c index a5e42a2..6f2c2f9 100644 --- a/cipher/dsa-common.c +++ b/cipher/dsa-common.c @@ -319,7 +319,7 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k, /* The caller may have requested that we introduce some extra loops. This is for example useful if the caller wants another value for - K because the last returned one yielded an R of 0. Becuase this + K because the last returned one yielded an R of 0. Because this is very unlikely we implement it in a straightforward way. */ if (extraloops) { diff --git a/cipher/ecc.c b/cipher/ecc.c index 4958fbb..bd3e754 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -30,7 +30,7 @@ Ramiro Moreno Chiral Mikael Mylnikov (mmr) For use in Libgcrypt the code has been heavily modified and cleaned - up. In fact there is not much left of the orginally code except for + up. In fact there is not much left of the originally code except for some variable names and the text book implementaion of the sign and verification algorithms. The arithmetic functions have entirely been rewritten and moved to mpi/ec.c. diff --git a/cipher/pubkey.c b/cipher/pubkey.c index e3842c0..b321a89 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -114,7 +114,7 @@ spec_from_name (const char *name) * set the function will only succeed if a private key has been given. * On success the spec is stored at R_SPEC. On error NULL is stored * at R_SPEC and an error code returned. If R_PARMS is not NULL and - * the fucntion returns success, the parameter list below + * the function returns success, the parameter list below * "private-key" or "public-key" is stored there and the caller must * call gcry_sexp_release on it. */ @@ -945,7 +945,7 @@ _gcry_pk_selftest (int algo, int extended, selftest_report_func_t report) else { ec = GPG_ERR_PUBKEY_ALGO; - /* Fixme: We need to change the report fucntion to allow passing + /* Fixme: We need to change the report function to allow passing of an encryption mode (e.g. pkcs1, ecdsa, or ecdh). */ if (report) report ("pubkey", algo, "module", diff --git a/cipher/rsa-common.c b/cipher/rsa-common.c index b260142..7b56237 100644 --- a/cipher/rsa-common.c +++ b/cipher/rsa-common.c @@ -46,7 +46,7 @@ octet_string_from_mpi (unsigned char **r_frame, void *space, /* Encode {VALUE,VALUELEN} for an NBITS keys using the pkcs#1 block - type 2 padding. On sucess the result is stored as a new MPI at + type 2 padding. On success the result is stored as a new MPI at R_RESULT. On error the value at R_RESULT is undefined. If {RANDOM_OVERRIDE, RANDOM_OVERRIDE_LEN} is given it is used as @@ -675,7 +675,7 @@ _gcry_rsa_oaep_decode (unsigned char **r_result, size_t *r_resultlen, } db = seed + hlen; - /* To avoid choosen ciphertext attacks from now on we make sure to + /* To avoid chosen ciphertext attacks from now on we make sure to run all code even in the error case; this avoids possible timing attacks as described by Manger. */ diff --git a/cipher/scrypt.c b/cipher/scrypt.c index 3c21c2a..a05b5bf 100644 --- a/cipher/scrypt.c +++ b/cipher/scrypt.c @@ -246,7 +246,7 @@ _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen, unsigned long iterations, size_t dkLen, unsigned char *DK) { - u64 N = subalgo; /* CPU/memory cost paramter. */ + u64 N = subalgo; /* CPU/memory cost parameter. */ u32 r; /* Block size. */ u32 p = iterations; /* Parallelization parameter. */ diff --git a/random/random-csprng.c b/random/random-csprng.c index da50fda..dbebe98 100644 --- a/random/random-csprng.c +++ b/random/random-csprng.c @@ -1234,7 +1234,7 @@ do_fast_random_poll (void) # endif /*!RUSAGE_SELF*/ #endif /*HAVE_GETRUSAGE*/ - /* Time and clock are availabe on all systems - so we better do it + /* Time and clock are available on all systems - so we better do it just in case one of the above functions didn't work. */ { time_t x = time(NULL); @@ -1275,12 +1275,12 @@ _gcry_rngcsprng_fast_poll (void) static void -read_random_source (enum random_origins orgin, size_t length, int level ) +read_random_source (enum random_origins origin, size_t length, int level) { if ( !slow_gather_fnc ) log_fatal ("Slow entropy gathering module not yet initialized\n"); - if ( slow_gather_fnc (add_randomness, orgin, length, level) < 0) + if (slow_gather_fnc (add_randomness, origin, length, level) < 0) log_fatal ("No way to gather entropy for the RNG\n"); } diff --git a/random/random-fips.c b/random/random-fips.c index 0a76362..3a641b2 100644 --- a/random/random-fips.c +++ b/random/random-fips.c @@ -104,7 +104,7 @@ static size_t entropy_collect_buffer_size; /* Allocated length. */ /* This random context type is used to track properties of one random generator. Thee context are usually allocated in secure memory so that the seed value is well protected. There are a couble of guard - fields to help detecting applications accidently overwriting parts + fields to help detecting applications accidentally overwriting parts of the memory. */ struct rng_context { @@ -315,7 +315,7 @@ x931_get_dt (unsigned char *buffer, size_t length, rng_context_t rng_ctx) if (gettimeofday (&tv, NULL)) log_fatal ("gettimeofday() failed: %s\n", strerror (errno)); - /* The microseconds part is always less than 1 millon (0x0f4240). + /* The microseconds part is always less than 1 million (0x0f4240). Thus we don't care about the MSB and in addition shift it to the left by 4 bits. */ usec = tv.tv_usec; diff --git a/random/rndw32.c b/random/rndw32.c index 1325b18..1c0fc3d 100644 --- a/random/rndw32.c +++ b/random/rndw32.c @@ -955,7 +955,7 @@ _gcry_rndw32_gather_random_fast (void (*add)(const void*, size_t, However, the kernel appears to synchronise the TSCs across CPUs at boot time (it resets the TSC as part of its system init), so this shouldn't really be a problem. Under WinCE it's completely platform- - dependant, if there's no hardware performance counter available, it + dependent, if there's no hardware performance counter available, it uses the 1ms system timer. Another feature of the TSC (although it doesn't really affect us here) diff --git a/src/cipher-proto.h b/src/cipher-proto.h index 3bca9c7..d1ddc5d 100644 --- a/src/cipher-proto.h +++ b/src/cipher-proto.h @@ -92,7 +92,7 @@ typedef const char *(*pk_get_curve_t)(gcry_sexp_t keyparms, int iterator, typedef gcry_sexp_t (*pk_get_curve_param_t)(const char *name); -/* Module specification structure for public key algoritms. */ +/* Module specification structure for public key algorithms. */ typedef struct gcry_pk_spec { int algo; diff --git a/src/context.c b/src/context.c index 94e5be9..f77878b 100644 --- a/src/context.c +++ b/src/context.c @@ -47,7 +47,7 @@ struct gcry_context /* Allocate a fresh generic context of contect TYPE and allocate LENGTH extra bytes for private use of the type handler. DEINIT is a - fucntion used called to deinitialize the private part; it may be + function used called to deinitialize the private part; it may be NULL if de-initialization is not required. Returns NULL and sets ERRNO if memory allocation failed. */ gcry_ctx_t diff --git a/src/fips.c b/src/fips.c index 7939abd..edcbeac 100644 --- a/src/fips.c +++ b/src/fips.c @@ -102,7 +102,7 @@ _gcry_initialize_fips_mode (int force) static int done; gpg_error_t err; - /* Make sure we are not accidently called twice. */ + /* Make sure we are not accidentally called twice. */ if (done) { if ( fips_mode () ) @@ -377,7 +377,7 @@ _gcry_fips_is_operational (void) (GCRYCTL_INITIALIZATION_FINISHED) where the latter will run the selftests. The drawback of these on-demand self-tests are a small chance that self-tests are - performed by severeal threads; that is no problem because + performed by several threads; that is no problem because our FSM make sure that we won't oversee any error. */ unlock_fsm (); _gcry_fips_run_selftests (0); diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in index 5ddeee3..93b1f43 100644 --- a/src/gcrypt.h.in +++ b/src/gcrypt.h.in @@ -583,7 +583,7 @@ gcry_error_t gcry_mpi_print (enum gcry_mpi_format format, size_t *nwritten, const gcry_mpi_t a); -/* Convert the big integer A int the external representation described +/* Convert the big integer A into the external representation described by FORMAT and store it in a newly allocated buffer which address will be put into BUFFER. NWRITTEN receives the actual lengths of the external representation. */ @@ -1598,7 +1598,7 @@ gcry_error_t gcry_prime_generate (gcry_mpi_t *prime, /* Find a generator for PRIME where the factorization of (prime-1) is in the NULL terminated array FACTORS. Return the generator as a newly allocated MPI in R_G. If START_G is not NULL, use this as - teh start for the search. */ + the start for the search. */ gcry_error_t gcry_prime_group_generator (gcry_mpi_t *r_g, gcry_mpi_t prime, gcry_mpi_t *factors, diff --git a/src/global.c b/src/global.c index 2290393..889de4c 100644 --- a/src/global.c +++ b/src/global.c @@ -305,7 +305,7 @@ print_config ( int (*fnc)(FILE *fp, const char *format, ...), FILE *fp) fnc (fp, "%s:", s); fnc (fp, "\n"); /* We use y/n instead of 1/0 for the simple reason that Emacsen's - compile error parser would accidently flag that line when printed + compile error parser would accidentally flag that line when printed during "make check" as an error. */ fnc (fp, "fips-mode:%c:%c:\n", fips_mode ()? 'y':'n', @@ -867,7 +867,7 @@ _gcry_free (void *p) return; /* In case ERRNO is set we better save it so that the free machinery - may not accidently change ERRNO. We restore it only if it was + may not accidentally change ERRNO. We restore it only if it was already set to comply with the usual C semantic for ERRNO. */ save_errno = errno; if (free_func) diff --git a/src/sexp.c b/src/sexp.c index f1bbffa..d063962 100644 --- a/src/sexp.c +++ b/src/sexp.c @@ -53,7 +53,7 @@ data) is required as well. The close_tag finishes the list and would actually be sufficient. For fail-safe reasons a final stop tag is always the last byte in a buffer; it has a value of 0 so - that string function accidently applied to an S-expression will + that string function accidentally applied to an S-expression will never access unallocated data. We do not support display hints and thus don't need to represent them. A list may have more an arbitrary number of data elements but at least one is required. diff --git a/tests/mpitests.c b/tests/mpitests.c index d75aca9..e6f8525 100644 --- a/tests/mpitests.c +++ b/tests/mpitests.c @@ -426,7 +426,7 @@ test_mul (void) /* What we test here is that we don't overwrite our args and that - using thne same mpi for several args works. */ + using the same mpi for several args works. */ static int test_powm (void) { diff --git a/tests/t-lock.c b/tests/t-lock.c index 22b67ef..815f63b 100644 --- a/tests/t-lock.c +++ b/tests/t-lock.c @@ -229,7 +229,7 @@ init_accounts (void) } -/* Check that the sum of all accounts matches the intial sum. */ +/* Check that the sum of all accounts matches the initial sum. */ static void check_accounts (void) { @@ -261,7 +261,7 @@ get_rand (int high) } -/* Pick a random account. Note that this fucntion is not +/* Pick a random account. Note that this function is not thread-safe. */ static int pick_account (void) ----------------------------------------------------------------------- Summary of changes: cipher/cipher-ocb.c | 2 +- cipher/des.c | 4 ++-- cipher/dsa-common.c | 2 +- cipher/ecc.c | 2 +- cipher/pubkey.c | 4 ++-- cipher/rsa-common.c | 4 ++-- cipher/scrypt.c | 2 +- random/random-csprng.c | 6 +++--- random/random-fips.c | 4 ++-- random/rndw32.c | 2 +- src/cipher-proto.h | 2 +- src/context.c | 2 +- src/fips.c | 4 ++-- src/gcrypt.h.in | 4 ++-- src/global.c | 4 ++-- src/sexp.c | 2 +- tests/mpitests.c | 2 +- tests/t-lock.c | 4 ++-- 18 files changed, 28 insertions(+), 28 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 12:57:59 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 17 Nov 2015 12:57:59 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-134-ga9e0905 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a9e0905342e847e8961ec4fe9b3aaedf05e33423 (commit) from 8e2bea22b0927f4f95a248cc7517f407a705d8a8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a9e0905342e847e8961ec4fe9b3aaedf05e33423 Author: Justus Winter Date: Mon Nov 16 12:41:46 2015 +0100 Fix typos found using codespell. * agent/cache.c: Fix typos. * agent/call-pinentry.c: Likewise. * agent/call-scd.c: Likewise. * agent/command-ssh.c: Likewise. * agent/command.c: Likewise. * agent/divert-scd.c: Likewise. * agent/findkey.c: Likewise. * agent/gpg-agent.c: Likewise. * agent/w32main.c: Likewise. * common/argparse.c: Likewise. * common/audit.c: Likewise. * common/audit.h: Likewise. * common/convert.c: Likewise. * common/dotlock.c: Likewise. * common/exechelp-posix.c: Likewise. * common/exechelp-w32.c: Likewise. * common/exechelp-w32ce.c: Likewise. * common/exechelp.h: Likewise. * common/helpfile.c: Likewise. * common/i18n.h: Likewise. * common/iobuf.c: Likewise. * common/iobuf.h: Likewise. * common/localename.c: Likewise. * common/logging.c: Likewise. * common/openpgp-oid.c: Likewise. * common/session-env.c: Likewise. * common/sexputil.c: Likewise. * common/sysutils.c: Likewise. * common/t-sexputil.c: Likewise. * common/ttyio.c: Likewise. * common/util.h: Likewise. * dirmngr/cdblib.c: Likewise. * dirmngr/certcache.c: Likewise. * dirmngr/crlcache.c: Likewise. * dirmngr/dirmngr-client.c: Likewise. * dirmngr/dirmngr.c: Likewise. * dirmngr/dirmngr_ldap.c: Likewise. * dirmngr/dns-stuff.c: Likewise. * dirmngr/http.c: Likewise. * dirmngr/ks-engine-hkp.c: Likewise. * dirmngr/ks-engine-ldap.c: Likewise. * dirmngr/ldap-wrapper.c: Likewise. * dirmngr/ldap.c: Likewise. * dirmngr/misc.c: Likewise. * dirmngr/ocsp.c: Likewise. * dirmngr/validate.c: Likewise. * g10/encrypt.c: Likewise. * g10/getkey.c: Likewise. * g10/gpg.c: Likewise. * g10/gpgv.c: Likewise. * g10/import.c: Likewise. * g10/keydb.c: Likewise. * g10/keydb.h: Likewise. * g10/keygen.c: Likewise. * g10/keyid.c: Likewise. * g10/keylist.c: Likewise. * g10/keyring.c: Likewise. * g10/mainproc.c: Likewise. * g10/misc.c: Likewise. * g10/options.h: Likewise. * g10/packet.h: Likewise. * g10/parse-packet.c: Likewise. * g10/pkclist.c: Likewise. * g10/pkglue.c: Likewise. * g10/plaintext.c: Likewise. * g10/server.c: Likewise. * g10/sig-check.c: Likewise. * g10/sqlite.c: Likewise. * g10/tdbio.c: Likewise. * g10/test-stubs.c: Likewise. * g10/tofu.c: Likewise. * g10/trust.c: Likewise. * g10/trustdb.c: Likewise. * g13/create.c: Likewise. * g13/mountinfo.c: Likewise. * kbx/keybox-blob.c: Likewise. * kbx/keybox-file.c: Likewise. * kbx/keybox-init.c: Likewise. * kbx/keybox-search-desc.h: Likewise. * kbx/keybox-search.c: Likewise. * kbx/keybox-update.c: Likewise. * scd/apdu.c: Likewise. * scd/app-openpgp.c: Likewise. * scd/app-p15.c: Likewise. * scd/app.c: Likewise. * scd/ccid-driver.c: Likewise. * scd/command.c: Likewise. * scd/iso7816.c: Likewise. * sm/base64.c: Likewise. * sm/call-agent.c: Likewise. * sm/call-dirmngr.c: Likewise. * sm/certchain.c: Likewise. * sm/gpgsm.c: Likewise. * sm/import.c: Likewise. * sm/keydb.c: Likewise. * sm/minip12.c: Likewise. * sm/qualified.c: Likewise. * sm/server.c: Likewise. * tools/gpg-check-pattern.c: Likewise. * tools/gpgconf-comp.c: Likewise. * tools/gpgkey2ssh.c: Likewise. * tools/gpgparsemail.c: Likewise. * tools/gpgtar.c: Likewise. * tools/rfc822parse.c: Likewise. * tools/symcryptrun.c: Likewise. Signed-off-by: Justus Winter diff --git a/agent/cache.c b/agent/cache.c index 49402e4..3fffd2d 100644 --- a/agent/cache.c +++ b/agent/cache.c @@ -167,7 +167,7 @@ new_data (const char *string, struct secret_data_s **r_data) /* We pad the data to 32 bytes so that it get more complicated finding something out by watching allocation patterns. This is - usally not possible but we better assume nothing about our secure + usually not possible but we better assume nothing about our secure storage provider. To support the AESWRAP mode we need to add 8 extra bytes as well. */ total = (length + 8) + 32 - ((length+8) % 32); diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index ada477a..4de897a 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -226,7 +226,7 @@ getinfo_pid_cb (void *opaque, const void *buffer, size_t length) } /* Fork off the pin entry if this has not already been done. Note, - that this function must always be used to aquire the lock for the + that this function must always be used to acquire the lock for the pinentry - we will serialize _all_ pinentry calls. */ static gpg_error_t diff --git a/agent/call-scd.c b/agent/call-scd.c index 65b5e7c..9c4d7b1 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -189,7 +189,7 @@ atfork_cb (void *opaque, int where) /* Fork off the SCdaemon if this has not already been done. Lock the daemon and make sure that a proper context has been setup in CTRL. This function might also lock the daemon, which means that the - caller must call unlock_scd after this fucntion has returned + caller must call unlock_scd after this function has returned success and the actual Assuan transaction been done. */ static int start_scd (ctrl_t ctrl) diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 6144ae1..5f159f1 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -3569,7 +3569,7 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) out: if (err && es_feof (stream_sock)) - log_error ("error occured while processing request: %s\n", + log_error ("error occurred while processing request: %s\n", gpg_strerror (err)); if (send_err) diff --git a/agent/command.c b/agent/command.c index 509f457..4b6040a 100644 --- a/agent/command.c +++ b/agent/command.c @@ -2585,7 +2585,7 @@ static const char hlp_putval[] = "\n" "KEY is an an arbitrary symbol with the same syntax rules as keys\n" "for shell environment variables. PERCENT_ESCAPED_VALUE is the\n" - "corresponsing value; they should be similar to the values of\n" + "corresponding value; they should be similar to the values of\n" "envronment variables but gpg-agent does not enforce any\n" "restrictions. If that value is not given any value under that KEY\n" "is removed from this special environment."; diff --git a/agent/divert-scd.c b/agent/divert-scd.c index a2da9e7..5d3b1ef 100644 --- a/agent/divert-scd.c +++ b/agent/divert-scd.c @@ -224,7 +224,7 @@ getpin_cb (void *opaque, const char *info, char *buf, size_t maxbuf) log_debug ("pin_cb called without proper PIN info hack\n"); /* If BUF has been passed as NULL, we are in pinpad mode: The - callback opens the popup and immediatley returns. */ + callback opens the popup and immediately returns. */ if (!buf) { if (maxbuf == 0) /* Close the pinentry. */ diff --git a/agent/findkey.c b/agent/findkey.c index af61e7e..c5e7ae7 100644 --- a/agent/findkey.c +++ b/agent/findkey.c @@ -1219,7 +1219,7 @@ agent_key_info_from_file (ctrl_t ctrl, const unsigned char *grip, /* Delete the key with GRIP from the disk after having asked for - confirmation using DESC_TEXT. If FORCE is set the fucntion won't + confirmation using DESC_TEXT. If FORCE is set the function won't require a confirmation via Pinentry or warns if the key is also used by ssh. diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index f81a2fb..3a5abbb 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1485,7 +1485,7 @@ agent_deinit_default_ctrl (ctrl_t ctrl) /* Because the ssh protocol does not send us information about the current TTY setting, we use this function to use those from startup - or those explictly set. This is also used for the restricted mode + or those explicitly set. This is also used for the restricted mode where we ignore requests to change the environment. */ gpg_error_t agent_copy_startup_env (ctrl_t ctrl) diff --git a/agent/w32main.c b/agent/w32main.c index 5ccbb5e..d907fe5 100644 --- a/agent/w32main.c +++ b/agent/w32main.c @@ -258,7 +258,7 @@ handle_taskbar (void *ctx) /* This function initializes the Window system and sets up the taskbar icon. We only have very limited GUI support just to give the - taskbar icon a little bit of life. This fucntion is called once to + taskbar icon a little bit of life. This function is called once to fire up the icon. */ int w32_setup_taskbar (void) diff --git a/common/argparse.c b/common/argparse.c index 53c20fc..b6abf86 100644 --- a/common/argparse.c +++ b/common/argparse.c @@ -851,7 +851,7 @@ find_long_option( ARGPARSE_ARGS *arg, /* Would be better if we can do a binary search, but it is not possible to reorder our option table because we would mess up our help strings - What we can do is: Build a nice option - lookup table wehn this function is first invoked */ + lookup table when this function is first invoked */ if( !*keyword ) return -1; for(i=0; opts[i].short_opt; i++ ) diff --git a/common/audit.c b/common/audit.c index 198b8e6..efd5fcd 100644 --- a/common/audit.c +++ b/common/audit.c @@ -164,7 +164,7 @@ audit_release (audit_ctx_t ctx) /* Set the type for the audit operation. If CTX is NULL, this is a - dummy fucntion. */ + dummy function. */ void audit_set_type (audit_ctx_t ctx, audit_type_t type) { diff --git a/common/audit.h b/common/audit.h index 345477d..b324a28 100644 --- a/common/audit.h +++ b/common/audit.h @@ -174,7 +174,7 @@ typedef enum AUDIT_ROOT_TRUSTED, /* cert, err */ /* Tells whether the root certificate is trusted. This event is - emmited durcing chain validation. */ + emitted during chain validation. */ AUDIT_CRL_CHECK, /* err */ /* Tells the status of a CRL or OCSP check. */ diff --git a/common/convert.c b/common/convert.c index 6b0ff35..30e5a60 100644 --- a/common/convert.c +++ b/common/convert.c @@ -70,7 +70,7 @@ hex2bin (const char *string, void *buffer, size_t length) /* Convert STRING consisting of hex characters into its binary representation and store that at BUFFER. BUFFER needs to be of LENGTH bytes. The function check that the STRING will convert exactly to LENGTH - bytes. Colons inbetween the hex digits are allowed, if one colon + bytes. Colons between the hex digits are allowed, if one colon has been given a colon is expected very 2 characters. The string is delimited by either end of string or a white space character. The function returns -1 on error or the length of the parsed @@ -180,7 +180,7 @@ bin2hexcolon (const void *buffer, size_t length, char *stringbuf) Nul byte at the end is used to make sure tha the result can always be used as a C-string. - BUFSIZE is the availabe length of BUFFER; if the converted result + BUFSIZE is the available length of BUFFER; if the converted result plus a possible required extra Nul character does not fit into this buffer, the function returns NULL and won't change the existing content of BUFFER. In-place conversion is possible as long as @@ -190,7 +190,7 @@ bin2hexcolon (const void *buffer, size_t length, char *stringbuf) does not store anything. This may be used to find the end of HEXSTRING. - On sucess the function returns a pointer to the next character + On success the function returns a pointer to the next character after HEXSTRING (which is either end-of-string or a the next white space). If BUFLEN is not NULL the number of valid vytes in BUFFER is stored there (an extra Nul byte is not counted); this will even diff --git a/common/dotlock.c b/common/dotlock.c index bccd0c6..d880859 100644 --- a/common/dotlock.c +++ b/common/dotlock.c @@ -1293,7 +1293,7 @@ dotlock_remove_lockfiles (void) dotlock_t h, h2; /* First set the lockfiles list to NULL so that for example - dotlock_release is ware that this fucntion is currently + dotlock_release is aware that this function is currently running. */ LOCK_all_lockfiles (); h = all_lockfiles; diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 2bf2592..5706dbe 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -171,7 +171,7 @@ close_all_fds (int first, int *except) /* Returns an array with all currently open file descriptors. The end of the array is marked by -1. The caller needs to release this array using the *standard free* and not with xfree. This allow the - use of this fucntion right at startup even before libgcrypt has + use of this function right at startup even before libgcrypt has been initialized. Returns NULL on error and sets ERRNO accordingly. */ int * diff --git a/common/exechelp-w32.c b/common/exechelp-w32.c index ba3b357..bc9b5b4 100644 --- a/common/exechelp-w32.c +++ b/common/exechelp-w32.c @@ -116,7 +116,7 @@ close_all_fds (int first, int *except) /* Returns an array with all currently open file descriptors. The end of the array is marked by -1. The caller needs to release this array using the *standard free* and not with xfree. This allow the - use of this fucntion right at startup even before libgcrypt has + use of this function right at startup even before libgcrypt has been initialized. Returns NULL on error and sets ERRNO accordingly. */ int * @@ -751,7 +751,7 @@ gnupg_release_process (pid_t pid) } -/* Spawn a new process and immediatley detach from it. The name of +/* Spawn a new process and immediately detach from it. The name of the program to exec is PGMNAME and its arguments are in ARGV (the programname is automatically passed as first argument). Environment strings in ENVP are set. An error is returned if diff --git a/common/exechelp-w32ce.c b/common/exechelp-w32ce.c index 975386a..49ccdbb 100644 --- a/common/exechelp-w32ce.c +++ b/common/exechelp-w32ce.c @@ -799,7 +799,7 @@ gnupg_release_process (pid_t pid) } -/* Spawn a new process and immediatley detach from it. The name of +/* Spawn a new process and immediately detach from it. The name of the program to exec is PGMNAME and its arguments are in ARGV (the programname is automatically passed as first argument). Environment strings in ENVP are set. An error is returned if diff --git a/common/exechelp.h b/common/exechelp.h index a146d89..9088342 100644 --- a/common/exechelp.h +++ b/common/exechelp.h @@ -46,7 +46,7 @@ void close_all_fds (int first, int *except); /* Returns an array with all currently open file descriptors. The end of the array is marked by -1. The caller needs to release this array using the *standard free* and not with xfree. This allow the - use of this fucntion right at startup even before libgcrypt has + use of this function right at startup even before libgcrypt has been initialized. Returns NULL on error and sets ERRNO accordingly. */ int *get_all_open_fds (void); @@ -168,7 +168,7 @@ void gnupg_kill_process (pid_t pid); void gnupg_release_process (pid_t pid); -/* Spawn a new process and immediatley detach from it. The name of +/* Spawn a new process and immediately detach from it. The name of the program to exec is PGMNAME and its arguments are in ARGV (the programname is automatically passed as first argument). Environment strings in ENVP are set. An error is returned if diff --git a/common/helpfile.c b/common/helpfile.c index faed819..0fb4e02 100644 --- a/common/helpfile.c +++ b/common/helpfile.c @@ -216,7 +216,7 @@ findkey_locale (const char *key, const char *locname, /usr/share/gnupg/help.txt Here LL denotes the two digit language code of the current locale. - If ONLY_CURRENT_LOCALE is set, the fucntion won;t fallback to the + If ONLY_CURRENT_LOCALE is set, the function won't fallback to the english valiant ("help.txt") unless that locale has been requested. The help file needs to be encoded in UTF-8, lines with a '#' in the diff --git a/common/i18n.h b/common/i18n.h index 45710b2..22e8a90 100644 --- a/common/i18n.h +++ b/common/i18n.h @@ -53,7 +53,7 @@ const char *i18n_utf8 (const char *string); const char *i18n_localegettext (const char *lc_messages, const char *string) GNUPG_GCC_ATTR_FORMAT_ARG(2); -/* If a module wants a local L_() fucntion we define it here. */ +/* If a module wants a local L_() function we define it here. */ #ifdef LunderscoreIMPL LunderscorePROTO LunderscoreIMPL diff --git a/common/iobuf.c b/common/iobuf.c index ca8609e..12affcb 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -1141,7 +1141,7 @@ iobuf_close (iobuf_t a) a->chain, NULL, &dummy_len))) log_error ("IOBUFCTRL_FREE failed on close: %s\n", gpg_strerror (rc)); if (! rc && rc2) - /* Whoops! An error occured. Save it in RC if we haven't + /* Whoops! An error occurred. Save it in RC if we haven't already recorded an error. */ rc = rc2; diff --git a/common/iobuf.h b/common/iobuf.h index e106292..cb79105 100644 --- a/common/iobuf.h +++ b/common/iobuf.h @@ -426,7 +426,7 @@ int iobuf_push_filter2 (iobuf_t a, IOBUF_DEBUG_MODE is not 0. */ int iobuf_print_chain (iobuf_t a); -/* Indicate that some error occured on the specified filter. */ +/* Indicate that some error occurred on the specified filter. */ #define iobuf_set_error(a) do { (a)->error = 1; } while(0) /* Return any pending error on filter A. */ @@ -458,7 +458,7 @@ off_t iobuf_tell (iobuf_t a); That is, data is appended to the buffer and the seek does not cause the size of the buffer to grow. - If no error occured, then any limit previous set by + If no error occurred, then any limit previous set by iobuf_set_limit() is cleared. Further, any error on the filter (the file filter or the temp filter) is cleared. @@ -555,8 +555,8 @@ size_t iobuf_temp_to_buffer (iobuf_t a, byte * buffer, size_t buflen); /* Copies the data from the input iobuf SOURCE to the output iobuf DEST until either an error is encountered or EOF is reached. Returns the number of bytes successfully written. If an error - occured, then any buffered bytes are not returned to SOURCE and are - effectively lost. To check if an error occured, use + occurred, then any buffered bytes are not returned to SOURCE and are + effectively lost. To check if an error occurred, use iobuf_error. */ size_t iobuf_copy (iobuf_t dest, iobuf_t source); diff --git a/common/localename.c b/common/localename.c index 54d22d0..876fdb0 100644 --- a/common/localename.c +++ b/common/localename.c @@ -55,7 +55,7 @@ /* Use a dummy value for LC_MESSAGES in case it is not defined. This works because we always test for HAVE_LC_MESSAGES and the core - fucntion takes the category as a string as well. */ + function takes the category as a string as well. */ #ifndef HAVE_LC_MESSAGES #define LC_MESSAGES 0 #endif diff --git a/common/logging.c b/common/logging.c index 2932c3d..54b8c89 100644 --- a/common/logging.c +++ b/common/logging.c @@ -204,7 +204,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size) avoids the ugly mix of fd and estream code. */ /* Note that we always try to reconnect to the socket but print - error messages only the first time an error occured. If + error messages only the first time an error occurred. If RUNNING_DETACHED is set we don't fall back to stderr and even do not print any error messages. This is needed because detached processes often close stderr and by writing to file descriptor 2 diff --git a/common/openpgp-oid.c b/common/openpgp-oid.c index 8a964a4..1b6d5f3 100644 --- a/common/openpgp-oid.c +++ b/common/openpgp-oid.c @@ -390,7 +390,7 @@ curve_supported_p (const char *name) /* Enumerate available and supported OpenPGP curves. The caller needs to set the integer variable at ITERP to zero and keep on calling - this fucntion until NULL is returned. */ + this function until NULL is returned. */ const char * openpgp_enum_curves (int *iterp) { diff --git a/common/session-env.c b/common/session-env.c index 171bf8f..8c3dbb5 100644 --- a/common/session-env.c +++ b/common/session-env.c @@ -97,7 +97,7 @@ static size_t lastallocatedarraysize; /* Return the names of standard environment variables one after the other. The caller needs to set the value at the address of - ITERATOR initally to 0 and then call this function until it returns + ITERATOR initially to 0 and then call this function until it returns NULL. */ const char * session_env_list_stdenvnames (int *iterator, const char **r_assname) diff --git a/common/sexputil.c b/common/sexputil.c index c24facb..a63fc20 100644 --- a/common/sexputil.c +++ b/common/sexputil.c @@ -335,7 +335,7 @@ hash_algo_from_sigval (const unsigned char *sigval) if (sskip (&s, &depth) || depth) return 0; /* Invalid S-expression. */ if (*s != '(') - return 0; /* No futher list. */ + return 0; /* No further list. */ /* Check whether this is (hash ALGO). */ s++; n = snext (&s); diff --git a/common/sysutils.c b/common/sysutils.c index 3971845..ccd3542 100644 --- a/common/sysutils.c +++ b/common/sysutils.c @@ -267,7 +267,7 @@ check_permissions(const char *path,int extension,int checkonly) #endif -/* Wrapper around the usual sleep fucntion. This one won't wake up +/* Wrapper around the usual sleep function. This one won't wake up before the sleep time has really elapsed. When build with Pth it merely calls pth_sleep and thus suspends only the current thread. */ @@ -446,7 +446,7 @@ gnupg_tmpfile (void) some folks close them before an exec and the next file we open will get one of them assigned and thus any output (i.e. diagnostics) end up in that file (e.g. the trustdb). Not actually a gpg problem as - this will hapen with almost all utilities when called in a wrong + this will happen with almost all utilities when called in a wrong way. However we try to minimize the damage here and raise awareness of the problem. diff --git a/common/t-sexputil.c b/common/t-sexputil.c index 987b062..77f8199 100644 --- a/common/t-sexputil.c +++ b/common/t-sexputil.c @@ -79,7 +79,7 @@ test_make_canon_sexp_from_rsa_pk (void) size_t elen; unsigned char *result; size_t resultlen; - gpg_err_code_t reverr; /* Expected error from the reverse fucntion. */ + gpg_err_code_t reverr; /* Expected error from the reverse function. */ } tests[] = { { "\x82\xB4\x12\x48\x08\x48\xC0\x76\xAA\x8E\xF1\xF8\x7F\x5E\x9B\x89" diff --git a/common/ttyio.c b/common/ttyio.c index 3b409e9..6167412 100644 --- a/common/ttyio.c +++ b/common/ttyio.c @@ -502,7 +502,7 @@ do_get( const char *prompt, int hidden ) do { #ifdef HAVE_W32CE_SYSTEM /* Using getchar is not a correct solution but for now it - doesn't matter becuase we have no real console at all. We + doesn't matter because we have no real console at all. We should rework this as soon as we have switched this entire module to estream. */ c = getchar(); diff --git a/common/util.h b/common/util.h index b2651c4..81d63ee 100644 --- a/common/util.h +++ b/common/util.h @@ -221,7 +221,7 @@ extern gpg_err_source_t default_errsource; /* Convenience function to return a gpg-error code for memory allocation failures. This function makes sure that an error will - be returned even if accidently ERRNO is not set. */ + be returned even if accidentally ERRNO is not set. */ static inline gpg_error_t out_of_core (void) { diff --git a/dirmngr/cdblib.c b/dirmngr/cdblib.c index 9636b6c..23cb317 100644 --- a/dirmngr/cdblib.c +++ b/dirmngr/cdblib.c @@ -696,7 +696,7 @@ make_find (struct cdb_make *cdbmp, { struct cdb_rl *rl = cdbmp->cdb_rec[hval&255]; int r, i; - int seeked = 0; + int sought = 0; while(rl) { for(i = rl->cnt - 1; i >= 0; --i) { /* search backward */ if (rl->rec[i].hval != hval) @@ -711,7 +711,7 @@ make_find (struct cdb_make *cdbmp, return -1; cdbmp->cdb_bpos = cdbmp->cdb_buf; } - seeked = 1; + sought = 1; r = match(cdbmp->cdb_fd, rl->rec[i].rpos, key, klen); if (!r) continue; @@ -725,7 +725,7 @@ make_find (struct cdb_make *cdbmp, } rl = rl->next; } - if (seeked && lseek(cdbmp->cdb_fd, cdbmp->cdb_dpos, SEEK_SET) < 0) + if (sought && lseek(cdbmp->cdb_fd, cdbmp->cdb_dpos, SEEK_SET) < 0) return -1; return 0; } diff --git a/dirmngr/certcache.c b/dirmngr/certcache.c index 8c5feef..45be1f2 100644 --- a/dirmngr/certcache.c +++ b/dirmngr/certcache.c @@ -331,7 +331,7 @@ put_cert (ksba_cert_t cert, int is_loaded, int is_trusted, void *fpr_buffer) /* Load certificates from the directory DIRNAME. All certificates matching the pattern "*.crt" or "*.der" are loaded. We assume that certificates are DER encoded and not PEM encapsulated. The cache - should be in a locked state when calling this fucntion. */ + should be in a locked state when calling this function. */ static gpg_error_t load_certs_from_dir (const char *dirname, int are_trusted) { @@ -687,7 +687,7 @@ get_cert_bysubject (const char *subject_dn, unsigned int seq) -/* Return a value decribing the the class of PATTERN. The offset of +/* Return a value describing the the class of PATTERN. The offset of the actual string to be used for the comparison is stored at R_OFFSET. The offset of the serialnumer is stored at R_SN_OFFSET. */ static enum pattern_class diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index d205999..6d3f8ce 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -859,7 +859,7 @@ update_dir (crl_cache_t cache) field, thus we can compare it pretty easily. */ *endp = 0; e = find_entry ( cache->entries, fieldp); - *endp = ':'; /* Restore orginal line. */ + *endp = ':'; /* Restore original line. */ if (e && e->deleted) { /* Marked for deletion, so don't write it. */ @@ -1212,7 +1212,7 @@ find_entry (crl_cache_entry_t first, const char *issuer_hash) } -/* Create a new CRL cache. This fucntion is usually called only once. +/* Create a new CRL cache. This function is usually called only once. never fail. */ void crl_cache_init(void) diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c index 29e29b5..8e280f6 100644 --- a/dirmngr/dirmngr-client.c +++ b/dirmngr/dirmngr-client.c @@ -185,7 +185,7 @@ main (int argc, char **argv ) log_set_prefix ("dirmngr-client", GPGRT_LOG_WITH_PREFIX); - /* For W32 we need to initialize the socket subsystem. Becuase we + /* For W32 we need to initialize the socket subsystem. Because we don't use Pth we need to do this explicit. */ #ifdef HAVE_W32_SYSTEM { diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c index 8789d81..ccefc3c 100644 --- a/dirmngr/dirmngr.c +++ b/dirmngr/dirmngr.c @@ -1987,7 +1987,7 @@ check_nonce (assuan_fd_t fd, assuan_sock_nonce_t *nonce) } -/* Helper to call a connection's main fucntion. */ +/* Helper to call a connection's main function. */ static void * start_connection_thread (void *arg) { diff --git a/dirmngr/dirmngr_ldap.c b/dirmngr/dirmngr_ldap.c index 61a7e39..6309413 100644 --- a/dirmngr/dirmngr_ldap.c +++ b/dirmngr/dirmngr_ldap.c @@ -165,7 +165,7 @@ struct my_opt_s unsigned int alarm_timeout; /* And for the alarm based timeout. */ int multi; - estream_t outstream; /* Send output to thsi stream. */ + estream_t outstream; /* Send output to this stream. */ /* Note that we can't use const for the strings because ldap_* are not defined that way. */ diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 200e1e2..2af4dec 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -48,7 +48,7 @@ #endif #if !defined(HAVE_GETADDRINFO) && !defined(USE_ADNS) -# error Either getaddrinfo or the ADNS libary is required. +# error Either getaddrinfo or the ADNS library is required. #endif #ifdef WITHOUT_NPTH /* Give the Makefile a chance to build without Pth. */ @@ -511,7 +511,7 @@ resolve_addr_standard (const struct sockaddr *addr, int addrlen, } -/* This a wrapper around getaddrinfo with slighly different semantics. +/* This a wrapper around getaddrinfo with slightly different semantics. NAME is the name to resolve. PORT is the requested port or 0. WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4. diff --git a/dirmngr/http.c b/dirmngr/http.c index 9e2ba90..e33a594 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -267,7 +267,7 @@ struct http_context_s }; -/* The global callback for the verification fucntion. */ +/* The global callback for the verification function. */ static gpg_error_t (*tls_callback) (http_t, http_session_t, int); /* The list of files with trusted CA certificates. */ diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index a658727..c856d6c 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -101,7 +101,7 @@ struct hostinfo_s static hostinfo_t *hosttable; static int hosttable_size; -/* The number of host slots we initally allocate for HOSTTABLE. */ +/* The number of host slots we initially allocate for HOSTTABLE. */ #define INITIAL_HOSTTABLE_SIZE 10 diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 77a2dd0..ad2110e 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -433,10 +433,10 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact) If this function successfully interrogated the server, it returns 0. If there was an LDAP error, it returns the LDAP error code. If - an error occured, *basednp, etc., are undefined (and don't need to + an error occurred, *basednp, etc., are undefined (and don't need to be freed.) - If no LDAP error occured, you still need to check that *basednp is + If no LDAP error occurred, you still need to check that *basednp is valid. If it is NULL, then the server does not appear to be an OpenPGP Keyserver. In this case, you also do not need to xfree *pgpkeyattrp. */ @@ -1616,7 +1616,7 @@ extract_attributes (LDAPMod ***modlist, char *line) fields = strsplit (line, ':', '\0', &field_count); if (field_count == 1) - /* We only have a single field. There is definately nothing to + /* We only have a single field. There is definitely nothing to do. */ goto out; diff --git a/dirmngr/ldap-wrapper.c b/dirmngr/ldap-wrapper.c index a54e405..c073f17 100644 --- a/dirmngr/ldap-wrapper.c +++ b/dirmngr/ldap-wrapper.c @@ -160,7 +160,7 @@ destroy_wrapper (struct wrapper_context_s *ctx) /* Print the content of LINE to thye log stream but make sure to only print complete lines. Using NULL for LINE will flush any pending - output. LINE may be modified by this fucntion. */ + output. LINE may be modified by this function. */ static void print_log_line (struct wrapper_context_s *ctx, char *line) { diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index e4c6aa2..8a543a4 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -382,7 +382,7 @@ parse_one_pattern (const char *pattern) return result; } -/* Take the string STRING and escape it accoring to the URL rules. +/* Take the string STRING and escape it according to the URL rules. Retun a newly allocated string. */ static char * escape4url (const char *string) @@ -512,7 +512,7 @@ start_default_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, } -/* Prepare an LDAP query to return certificates maching PATTERNS using +/* Prepare an LDAP query to return certificates matching PATTERNS using the SERVER. This function returns an error code or 0 and a CONTEXT on success. */ gpg_error_t diff --git a/dirmngr/misc.c b/dirmngr/misc.c index 244919e..c2c5af1 100644 --- a/dirmngr/misc.c +++ b/dirmngr/misc.c @@ -36,7 +36,7 @@ buffer will be returned. The caller should provide RESULT of at least strlen(STRING)/2 bytes. There is no error detection, the parsing stops at the first non hex character. With RESULT given as - NULL, the fucntion does only return the size of the buffer which + NULL, the function does only return the size of the buffer which would be needed. */ size_t unhexify (unsigned char *result, const char *string) diff --git a/dirmngr/ocsp.c b/dirmngr/ocsp.c index 392c02b..e123409 100644 --- a/dirmngr/ocsp.c +++ b/dirmngr/ocsp.c @@ -83,7 +83,7 @@ read_response (estream_t fp, unsigned char **r_buffer, size_t *r_buflen) return err; } if ( !(nread == bufsize-nbytes && !es_feof (fp))) - { /* Response succesfully received. */ + { /* Response successfully received. */ nbytes += nread; *r_buffer = buffer; *r_buflen = nbytes; @@ -116,7 +116,7 @@ read_response (estream_t fp, unsigned char **r_buffer, size_t *r_buflen) /* Construct an OCSP request, send it to the configured OCSP responder and parse the response. On success the OCSP context may be used to - further process the reponse. */ + further process the response. */ static gpg_error_t do_ocsp_request (ctrl_t ctrl, ksba_ocsp_t ocsp, gcry_md_hd_t md, const char *url, ksba_cert_t cert, ksba_cert_t issuer_cert) diff --git a/dirmngr/validate.c b/dirmngr/validate.c index 574eca6..1a851b6 100644 --- a/dirmngr/validate.c +++ b/dirmngr/validate.c @@ -597,7 +597,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, break; /* Okay: a self-signed certicate is an end-point. */ } - /* To avoid loops, we use an arbitary limit on the length of + /* To avoid loops, we use an arbitrary limit on the length of the chain. */ depth++; if (depth > maxdepth) @@ -757,7 +757,7 @@ validate_cert_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t r_exptime, here because this does not seem to make much sense. This might become a recursive process and we should better cache our validity results to avoid double work. Far worse a - catch-22 may happen for an improper setup hierachy and we + catch-22 may happen for an improper setup hierarchy and we need a way to break up such a deadlock. */ err = check_revocations (ctrl, chain); } diff --git a/g10/encrypt.c b/g10/encrypt.c index 8bdbe8c..4432f29 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -85,7 +85,7 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey) buf[0] = (*seskey)->algo; memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen ); - /* We only pass already checked values to the following fucntion, + /* We only pass already checked values to the following function, thus we consider any failure as fatal. */ if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) BUG (); diff --git a/g10/getkey.c b/g10/getkey.c index 7238bc3..dd6820b 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -986,7 +986,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk, add_to_strlist (&namelist, fpr_string); } else if (!rc && !fpr && !did_key_byname) - /* The acquisition method said no failure occured, but it + /* The acquisition method said no failure occurred, but it didn't return a fingerprint. That's a failure. */ { no_fingerprint = 1; @@ -2297,7 +2297,7 @@ merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode) if (backsig) { - /* At ths point, backsig contains the most recent 0x19 sig. + /* At this point, backsig contains the most recent 0x19 sig. Let's see if it is good. */ /* 2==valid, 1==invalid, 0==didn't check */ diff --git a/g10/gpg.c b/g10/gpg.c index 75060b8..dacfa74 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2008,7 +2008,7 @@ parse_tofu_db_format (const char *db_format) } } -/* This fucntion called to initialized a new control object. It is +/* This function called to initialized a new control object. It is assumed that this object has been zeroed out before calling this function. */ static void @@ -3579,7 +3579,7 @@ main (int argc, char **argv) /* Do these after the switch(), so they can override settings. */ if(PGP6) { - /* That does not anymore work becuase we have no more support + /* That does not anymore work because we have no more support for v3 signatures. */ opt.disable_mdc=1; opt.escape_from=1; diff --git a/g10/gpgv.c b/g10/gpgv.c index d39eb66..9932756 100644 --- a/g10/gpgv.c +++ b/g10/gpgv.c @@ -242,7 +242,7 @@ g10_exit( int rc ) /* Stub: - * We have to override the trustcheck from pkclist.c becuase + * We have to override the trustcheck from pkclist.c because * this utility assumes that all keys in the keyring are trustworthy */ int diff --git a/g10/import.c b/g10/import.c index 0847a9a..e1577b8 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1638,7 +1638,7 @@ sec_to_pub_keyblock (kbnode_t sec_keyblock) /**************** * Ditto for secret keys. Handling is simpler than for public keys. * We allow secret key importing only when allow is true, this is so - * that a secret key can not be imported accidently and thereby tampering + * that a secret key can not be imported accidentally and thereby tampering * with the trust calculation. */ static int diff --git a/g10/keydb.c b/g10/keydb.c index bcafe90..1705c71 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -156,7 +156,7 @@ static int lock_all (KEYDB_HANDLE hd); static void unlock_all (KEYDB_HANDLE hd); -/* Check whether the keyid KID is in key id is definately not in the +/* Check whether the keyid KID is in key id is definitely not in the database. Returns: diff --git a/g10/keydb.h b/g10/keydb.h index e909c0f..882af35 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -288,7 +288,7 @@ unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd); so that the next search starts at the beginning of the database (the start of the first resource). - Returns 0 on success and an error code if an error occured. + Returns 0 on success and an error code if an error occurred. (Currently, this function always returns 0 if HD is valid.) */ gpg_error_t keydb_search_reset (KEYDB_HANDLE hd); @@ -305,7 +305,7 @@ gpg_error_t keydb_search_reset (KEYDB_HANDLE hd); If no key matches the search description, returns GPG_ERR_NOT_FOUND. If there was a match, returns 0. If an error - occured, returns an error code. + occurred, returns an error code. The returned key is considered to be selected and the raw data can, for instance, be returned by calling keydb_get_keyblock(). */ @@ -437,7 +437,7 @@ void getkey_disable_caches(void); occurs. If the data was not read from the cache, then the self-signed data - has definately been merged into the public key using + has definitely been merged into the public key using merge_selfsigs. */ int get_pubkey( PKT_public_key *pk, u32 *keyid ); @@ -751,7 +751,7 @@ KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx); free_public_key (sk); if (gpg_err_code (err) != GPG_ERR_EOF) - ; // An error occured. + ; // An error occurred. */ gpg_error_t enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *pk); diff --git a/g10/keygen.c b/g10/keygen.c index 70d351d..4296fe7 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1284,7 +1284,7 @@ do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip, } -/* Common code for the key generation fucntion gen_xxx. */ +/* Common code for the key generation function gen_xxx. */ static int common_gen (const char *keyparms, int algo, const char *algoelem, kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, diff --git a/g10/keyid.c b/g10/keyid.c index de46d72..d716985 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -785,7 +785,7 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen) /* Return the so called KEYGRIP which is the SHA-1 hash of the public key parameters expressed as an canoncial encoded S-Exp. ARRAY must - be 20 bytes long. Returns 0 on sucess or an error code. */ + be 20 bytes long. Returns 0 on success or an error code. */ gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array) { diff --git a/g10/keylist.c b/g10/keylist.c index 2923a13..9b2d83f 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -903,7 +903,7 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock) size_t datalen; gpg_error_t err; - /* We do not have an export fucntion which allows to pass a + /* We do not have an export function which allows to pass a keyblock, thus we need to search the key again. */ err = export_pubkey_buffer (ctrl, hexfpr, EXPORT_DANE_FORMAT, NULL, diff --git a/g10/keyring.c b/g10/keyring.c index 4e2145f..8ebc2e4 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -1215,7 +1215,7 @@ create_tmp_file (const char *template, # ifdef USE_ONLY_8DOT3 /* Here is another Windoze bug?: - * you cant rename("pubring.gpg.tmp", "pubring.gpg"); + * you can't rename("pubring.gpg.tmp", "pubring.gpg"); * but rename("pubring.gpg.tmp", "pubring.aaa"); * works. So we replace .gpg by .bak or .tmp */ diff --git a/g10/mainproc.c b/g10/mainproc.c index f4e5f45..3c1508d 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -387,7 +387,7 @@ proc_pubkey_enc (ctrl_t ctrl, CTX c, PACKET *pkt) to the Libgcrypt defined one. This is due a chicken-egg problem: We need to have code in Libgcrypt for a new algorithm so to implement a proposed new algorithm before the - IANA will finally assign an OpenPGP indentifier. */ + IANA will finally assign an OpenPGP identifier. */ snprintf (buf, sizeof buf, "%08lX%08lX %d 0", (ulong)enc->keyid[0], (ulong)enc->keyid[1], enc->pubkey_algo); write_status_text (STATUS_ENC_TO, buf); @@ -1091,7 +1091,7 @@ list_node (CTX c, kbnode_t node) { log_debug ("FIXME: No way to print secret key packets here\n"); - /* fixme: We may use a fucntion to turn a secret key packet into + /* fixme: We may use a function to turn a secret key packet into a public key one and use that here. */ } else if (node->pkt->pkttype == PKT_SIGNATURE) @@ -1442,7 +1442,7 @@ do_proc_packets (ctrl_t ctrl, CTX c, iobuf_t a) * I used it. Adding the MDC check here is a hack. * The right solution is to initiate another context for encrypted * packet and not to reuse the current one ... It works right - * when there is a compression packet inbetween which adds just + * when there is a compression packet between which adds just * an extra layer. * Hmmm: Rewrite this whole module here?? */ diff --git a/g10/misc.c b/g10/misc.c index 7f0b08a..861ba87 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -98,7 +98,7 @@ register_secured_file (const char *fname) struct stat buf; struct secured_file_item *sf; - /* Note that we stop immediatley if something goes wrong here. */ + /* Note that we stop immediately if something goes wrong here. */ if (stat (fname, &buf)) log_fatal (_("fstat of '%s' failed in %s: %s\n"), fname, "register_secured_file", strerror (errno)); @@ -498,7 +498,7 @@ openpgp_cipher_blocklen (cipher_algo_t algo) } /**************** - * Wrapper around the libgcrypt function with additonal checks on + * Wrapper around the libgcrypt function with additional checks on * the OpenPGP contraints for the algo ID. */ int @@ -862,7 +862,7 @@ pct_expando(const char *string,struct expando_args *args) case 'f': /* Fingerprint of key being signed */ case 'p': /* Fingerprint of the primary key making the signature. */ - case 'g': /* Fingerprint of thge key making the signature. */ + case 'g': /* Fingerprint of the key making the signature. */ { byte array[MAX_FINGERPRINT_LEN]; size_t len; @@ -1074,7 +1074,7 @@ string_to_digest_algo (const char *string) { int val; - /* FIXME: We should make use of our wrapper fucntion and not assume + /* FIXME: We should make use of our wrapper function and not assume that there is a 1 to 1 mapping between OpenPGP and Libgcrypt. */ val = gcry_md_map_name (string); if (!val && string && (string[0]=='H' || string[0]=='h')) diff --git a/g10/options.h b/g10/options.h index 68f5d39..6fca714 100644 --- a/g10/options.h +++ b/g10/options.h @@ -116,7 +116,7 @@ struct int skip_verify; int skip_hidden_recipients; - /* TM_CLASSIC must be zero to accomodate trustdbs generated before + /* TM_CLASSIC must be zero to accommodate trustdbs generated before we started storing the trust model inside the trustdb. */ enum { diff --git a/g10/packet.h b/g10/packet.h index 387a5b5..9eb16cf 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -481,7 +481,7 @@ int search_packet( iobuf_t inp, PACKET *pkt, off_t *retpos, int with_uid ); reached. Returns -1 when end of file is reached or an error code, if an - error occured. (Note: this function never returns 0, because it + error occurred. (Note: this function never returns 0, because it effectively keeps going until it gets an EOF.) */ int copy_all_packets( iobuf_t inp, iobuf_t out ); @@ -578,7 +578,7 @@ const byte *parse_sig_subpkt2 ( PKT_signature *sig, constraints. Returns 0 if the size is acceptable. Returns -2 if the buffer is - definately too short. To check for an error, check whether the + definitely too short. To check for an error, check whether the return value is less than 0. */ int parse_one_sig_subpkt( const byte *buffer, size_t n, int type ); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 4e236cb..53b75a6 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -3019,7 +3019,7 @@ parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen, /* * This packet is internally generated by us (ibn armor.c) to transfer * some information to the lower layer. To make sure that this packet - * is really a GPG faked one and not one comming from outside, we + * is really a GPG faked one and not one coming from outside, we * first check that there is a unique tag in it. * * The format of such a control packet is: diff --git a/g10/pkclist.c b/g10/pkclist.c index d810f91..4805782 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -113,7 +113,7 @@ do_show_revocation_reason( PKT_signature *sig ) void show_revocation_reason( PKT_public_key *pk, int mode ) { - /* Hmmm, this is not so easy becuase we have to duplicate the code + /* Hmmm, this is not so easy because we have to duplicate the code * used in the trustbd to calculate the keyflags. We need to find * a clean way to check revocation certificates on keys and * signatures. And there should be no duplicate code. Because we @@ -1076,7 +1076,7 @@ build_pk_list (ctrl_t ctrl, } /* Do group expand here too. The trick here is to continue - the loop if any expansion occured. The code above will + the loop if any expansion occurred. The code above will then list all expanded keys. */ if (expand_id(answer,&backlog,0)) continue; diff --git a/g10/pkglue.c b/g10/pkglue.c index a834621..c8a5d24 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -31,7 +31,7 @@ #include "main.h" #include "options.h" -/* FIXME: Better chnage the fucntion name because mpi_ is used by +/* FIXME: Better change the function name because mpi_ is used by gcrypt macros. */ gcry_mpi_t get_mpi_from_sexp (gcry_sexp_t sexp, const char *item, int mpifmt) diff --git a/g10/plaintext.c b/g10/plaintext.c index aeee2ac..94ede07 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -165,7 +165,7 @@ get_output_file (const byte *embedded_name, int embedded_namelen, ; else { - /* Note: riscos stuff is not expected to wrok anymore. If we + /* Note: riscos stuff is not expected to work anymore. If we want to port it again to riscos we should do most of the suff in estream. FIXME: Consider to remove all riscos special cases. */ diff --git a/g10/server.c b/g10/server.c index d02f20e..e5539d5 100644 --- a/g10/server.c +++ b/g10/server.c @@ -257,7 +257,7 @@ cmd_recipient (assuan_context_t ctx, char *line) then not be done for this key. If the policy is not to sign at all if not all signer keys are valid, the client has to take care of this. All SIGNER commands are cumulative until a RESET but they - are *not* reset by an SIGN command becuase it can be expected that + are *not* reset by an SIGN command because it can be expected that set of signers are used for more than one sign operation. Note that this command returns an INV_RECP status which is a bit diff --git a/g10/sig-check.c b/g10/sig-check.c index 2cfc5da..75b06e8 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -176,7 +176,7 @@ check_signature2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, * like this feature here. * * Note that before 2.0.10, we used RIPE-MD160 for the hash - * and accidently didn't include the timestamp and algorithm + * and accidentally didn't include the timestamp and algorithm * information in the hash. Given that this feature is not * commonly used and that a replay attacks detection should * not solely be based on this feature (because it does not diff --git a/g10/sqlite.c b/g10/sqlite.c index 04f15d9..599a3ef 100644 --- a/g10/sqlite.c +++ b/g10/sqlite.c @@ -179,7 +179,7 @@ sqlite3_stepx (sqlite3 *db, rc = sqlite3_step (stmt); if (rc != SQLITE_ROW) - /* No more data (SQLITE_DONE) or an error occured. */ + /* No more data (SQLITE_DONE) or an error occurred. */ break; if (! callback) diff --git a/g10/tdbio.c b/g10/tdbio.c index c7432a8..63ccfae 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -87,7 +87,7 @@ static int cache_entries; static int cache_is_dirty; -/* An object to pass infomation to cmp_krec_fpr. */ +/* An object to pass information to cmp_krec_fpr. */ struct cmp_krec_fpr_struct { int pubkey_algo; @@ -95,7 +95,7 @@ struct cmp_krec_fpr_struct int fprlen; }; -/* An object used to pass infomation to cmp_[s]dir. */ +/* An object used to pass information to cmp_[s]dir. */ struct cmp_xdir_struct { int pubkey_algo; @@ -446,7 +446,7 @@ tdbio_sync() /* * Simple transactions system: * Everything between begin_transaction and end/cancel_transaction - * is not immediatly written but at the time of end_transaction. + * is not immediately written but at the time of end_transaction. * * NOTE: The transaction code is disabled in the 1.2 branch, as it is * not yet used. diff --git a/g10/test-stubs.c b/g10/test-stubs.c index 0e6616c..a1988f0 100644 --- a/g10/test-stubs.c +++ b/g10/test-stubs.c @@ -54,7 +54,7 @@ g10_exit( int rc ) /* Stub: - * We have to override the trustcheck from pkclist.c becuase + * We have to override the trustcheck from pkclist.c because * this utility assumes that all keys in the keyring are trustworthy */ int diff --git a/g10/tofu.c b/g10/tofu.c index b1b9f71..5e38d21 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -573,7 +573,7 @@ initdb (sqlite3 *db, enum db_type type) latter binding, we warn the user about the conflict and ask for a policy decision about the new binding. We also change the old binding's policy to ask if it was auto. So that we - know why this occured, we also set conflict to 0xbaddecaf. + know why this occurred, we also set conflict to 0xbaddecaf. */ if (type == DB_EMAIL || type == DB_COMBINED) rc = sqlite3_exec_printf diff --git a/g10/trust.c b/g10/trust.c index 38d957e..a89b0e5 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -294,7 +294,7 @@ check_or_update_trustdb (void) /* * Return the validity information for PK. If the namehash is not - * NULL, the validity of the corresponsing user ID is returned, + * NULL, the validity of the corresponding user ID is returned, * otherwise, a reasonable value for the entire key is returned. */ unsigned int @@ -641,7 +641,7 @@ clean_sigs_from_uid (kbnode_t keyblock, kbnode_t uidnode, compacted. To "compact" a user ID, we simply remove ALL signatures except the self-sig that caused the user ID to be remove-worthy. We don't actually remove the user ID packet itself since it might - be ressurected in a later merge. Note that this function requires + be resurrected in a later merge. Note that this function requires that the caller has already done a merge_keys_and_selfsig(). TODO: change the import code to allow importing a uid with only a diff --git a/g10/trustdb.c b/g10/trustdb.c index b58d5e1..943357c 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1887,7 +1887,7 @@ validate_keys (int interactive) u32 start_time, next_expire; /* Make sure we have all sigs cached. TODO: This is going to - require some architectual re-thinking, as it is agonizingly slow. + require some architectural re-thinking, as it is agonizingly slow. Perhaps combine this with reset_trust_records(), or only check the caches on keys that are actually involved in the web of trust. */ diff --git a/g13/create.c b/g13/create.c index 58ab590..6c09c2e 100644 --- a/g13/create.c +++ b/g13/create.c @@ -119,7 +119,7 @@ encrypt_keyblob (ctrl_t ctrl, void *keyblob, size_t keybloblen, /* Write a new file under the name FILENAME with the keyblob and an - appropriate header. This fucntion is called with a lock file in + appropriate header. This function is called with a lock file in place and after checking that the filename does not exists. */ static gpg_error_t write_keyblob (const char *filename, diff --git a/g13/mountinfo.c b/g13/mountinfo.c index e2de8d9..085fb86 100644 --- a/g13/mountinfo.c +++ b/g13/mountinfo.c @@ -118,7 +118,7 @@ mountinfo_del_mount (const char *container, const char *mountpoint, mtab_t m; /* If a container or mountpint is givem search the RID via the - standard find fucntion. */ + standard find function. */ if (container || mountpoint) { err = mountinfo_find_mount (container, mountpoint, &rid); diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c index ef72148..556605a 100644 --- a/kbx/keybox-blob.c +++ b/kbx/keybox-blob.c @@ -54,7 +54,7 @@ ** The OpenPGP and X.509 blobs - The OpenPGP and X.509 blobs are very similiar, things which are + The OpenPGP and X.509 blobs are very similar, things which are X.509 specific are noted like [X.509: xxx] - u32 Length of this blob (including these 4 bytes) diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c index 21d6038..eaf7565 100644 --- a/kbx/keybox-file.c +++ b/kbx/keybox-file.c @@ -45,7 +45,7 @@ ftello (FILE *stream) -/* Read a block at the current postion and return it in r_blob. +/* Read a block at the current position and return it in r_blob. r_blob may be NULL to simply skip the current block. */ int _keybox_read_blob2 (KEYBOXBLOB *r_blob, FILE *fp, int *skipped_deleted) diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index 0d4800e..618966f 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -228,7 +228,7 @@ keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes) /* Close the file of the resource identified by HD. For consistent - results this fucntion closes the files of all handles pointing to + results this function closes the files of all handles pointing to the resource identified by HD. */ void _keybox_close_file (KEYBOX_HANDLE hd) diff --git a/kbx/keybox-search-desc.h b/kbx/keybox-search-desc.h index fd8ffe4..741f2e8 100644 --- a/kbx/keybox-search-desc.h +++ b/kbx/keybox-search-desc.h @@ -70,7 +70,7 @@ struct keydb_search_desc union { const char *name; unsigned char fpr[24]; - u32 kid[2]; /* Note that this is in native endianess. */ + u32 kid[2]; /* Note that this is in native endianness. */ unsigned char grip[20]; } u; int exact; /* Use exactly this key ('!' suffix in gpg). */ diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index a0b778f..f3cdb8c 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -431,7 +431,7 @@ blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr, if (namelen < 1) return 0; - /* Note that for X.509 we start at index 1 becuase index 0 is used + /* Note that for X.509 we start at index 1 because index 0 is used for the issuer name. */ for (idx=!!x509 ;idx < nuids; idx++) { diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index 2eaae86..ef3e330 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -80,7 +80,7 @@ create_tmp_file (const char *template, # ifdef USE_ONLY_8DOT3 /* Here is another Windoze bug?: - * you cant rename("pubring.kbx.tmp", "pubring.kbx"); + * you can't rename("pubring.kbx.tmp", "pubring.kbx"); * but rename("pubring.kbx.tmp", "pubring.aaa"); * works. So we replace ".kbx" by ".kb_" or ".k__". Note that we * can't use ".bak" and ".tmp", because these suffixes are used by diff --git a/scd/apdu.c b/scd/apdu.c index 41790c6..eb3d4b6 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -686,7 +686,7 @@ static int ct_get_status (int slot, unsigned int *status) { (void)slot; - /* The status we returned is wrong but we don't care becuase ctAPI + /* The status we returned is wrong but we don't care because ctAPI is not anymore required. */ *status = APDU_CARD_USABLE|APDU_CARD_PRESENT|APDU_CARD_ACTIVE; return 0; @@ -2035,7 +2035,7 @@ open_pcsc_reader_wrapped (const char *portstr) int err; unsigned int dummy_status; - /* Note that we use the constant and not the fucntion because this + /* Note that we use the constant and not the function because this code won't be be used under Windows. */ const char *wrapperpgm = GNUPG_LIBEXECDIR "/gnupg-pcsc-wrapper"; @@ -3158,7 +3158,7 @@ apdu_open_reader (const char *portstr) with remote readers only. Note that the supplied CLOSEFNC will only be called once and the slot will not be valid afther this. - If PORTSTR is NULL we default to the first availabe port. + If PORTSTR is NULL we default to the first available port. */ int apdu_open_remote_reader (const char *portstr, @@ -4052,7 +4052,7 @@ send_le (int slot, int class, int ins, int p0, int p1, The return value is the status word or -1 for an invalid SLOT or other non card related error. If RETBUF is not NULL, it will receive an allocated buffer with the returned data. The length of - that data will be put into *RETBUFLEN. The caller is reponsible + that data will be put into *RETBUFLEN. The caller is responsible for releasing the buffer even in case of errors. */ int apdu_send_le(int slot, int extended_mode, @@ -4075,7 +4075,7 @@ apdu_send_le(int slot, int extended_mode, return value is the status word or -1 for an invalid SLOT or other non card related error. If RETBUF is not NULL, it will receive an allocated buffer with the returned data. The length of that data - will be put into *RETBUFLEN. The caller is reponsible for + will be put into *RETBUFLEN. The caller is responsible for releasing the buffer even in case of errors. */ int apdu_send (int slot, int extended_mode, diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 06ab327..a7601b8 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1223,7 +1223,7 @@ retrieve_key_material (FILE *fp, const char *hexkeyid, /* Get the public key for KEYNO and store it as an S-expresion with the APP handle. On error that field gets cleared. If we already know about the public key we will just return. Note that this does - not mean a key is available; this is soley indicated by the + not mean a key is available; this is solely indicated by the presence of the app->app_local->pk[KEYNO].key field. Note that GnuPG 1.x does not need this and it would be too time @@ -1548,7 +1548,7 @@ do_learn_status (app_t app, ctrl_t ctrl, unsigned int flags) send_keypair_info (app, ctrl, 2); send_keypair_info (app, ctrl, 3); /* Note: We do not send the Cardholder Certificate, because that is - relativly long and for OpenPGP applications not really needed. */ + relatively long and for OpenPGP applications not really needed. */ return 0; } @@ -1675,7 +1675,7 @@ check_pinpad_request (app_t app, pininfo_t *pininfo, int admin_pin) } -/* Verify a CHV either using using the pinentry or if possibile by +/* Verify a CHV either using using the pinentry or if possible by using a pinpad. PINCB and PINCB_ARG describe the usual callback for the pinentry. CHVNO must be either 1 or 2. SIGCOUNT is only used with CHV1. PINVALUE is the address of a pointer which will @@ -4632,7 +4632,7 @@ app_select_openpgp (app_t app) } xfree (relptr); - /* Some of the first cards accidently don't set the + /* Some of the first cards accidentally don't set the CHANGE_FORCE_CHV bit but allow it anyway. */ if (app->card_version <= 0x0100 && manufacturer == 1) app->app_local->extcap.change_force_chv = 1; diff --git a/scd/app-p15.c b/scd/app-p15.c index eb074ef..e4d9de0 100644 --- a/scd/app-p15.c +++ b/scd/app-p15.c @@ -276,7 +276,7 @@ typedef struct aodf_object_s *aodf_object_t; struct app_local_s { /* The home DF. Note, that we don't yet support a multilevel - hierachy. Thus we assume this is directly below the MF. */ + hierarchy. Thus we assume this is directly below the MF. */ unsigned short home_df; /* The type of the card. */ diff --git a/scd/app.c b/scd/app.c index 5fa06b0..49e08e6 100644 --- a/scd/app.c +++ b/scd/app.c @@ -915,7 +915,7 @@ app_genkey (app_t app, ctrl_t ctrl, const char *keynostr, unsigned int flags, } -/* Perform a GET CHALLENGE operation. This fucntion is special as it +/* Perform a GET CHALLENGE operation. This function is special as it directly accesses the card without any application specific wrapper. */ gpg_error_t diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c index bf5b735..7f83f80 100644 --- a/scd/ccid-driver.c +++ b/scd/ccid-driver.c @@ -2321,7 +2321,7 @@ ccid_poll (ccid_driver_t handle) } else if (msg[0] == RDR_to_PC_HardwareError) { - DEBUGOUT ("hardware error occured\n"); + DEBUGOUT ("hardware error occurred\n"); } else { @@ -3136,7 +3136,7 @@ ccid_transceive (ccid_driver_t handle, } if (!!(tpdu[1] & 0x40) != handle->t1_nr) - { /* Reponse does not match our sequence number. */ + { /* Response does not match our sequence number. */ msg = send_buffer; tpdu = msg + hdrlen; tpdu[0] = nad_byte; @@ -3563,7 +3563,7 @@ ccid_transceive_secure (ccid_driver_t handle, handle->t1_ns ^= 1; if (!!(tpdu[1] & 0x40) != handle->t1_nr) - { /* Reponse does not match our sequence number. */ + { /* Response does not match our sequence number. */ DEBUGOUT ("I-block with wrong seqno received\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } @@ -3603,7 +3603,7 @@ ccid_transceive_secure (ccid_driver_t handle, return CCID_DRIVER_ERR_CARD_IO_ERROR; } else if (!!(tpdu[1] & 0x10) == handle->t1_ns) - { /* Reponse does not match our sequence number. */ + { /* Response does not match our sequence number. */ DEBUGOUT ("R-block with wrong seqno received on more bit\n"); return CCID_DRIVER_ERR_CARD_IO_ERROR; } diff --git a/scd/command.c b/scd/command.c index a7033e8..ba830de 100644 --- a/scd/command.c +++ b/scd/command.c @@ -529,7 +529,7 @@ open_card (ctrl_t ctrl, const char *apptype) static const char hlp_serialno[] = "SERIALNO []\n" "\n" - "Return the serial number of the card using a status reponse. This\n" + "Return the serial number of the card using a status response. This\n" "function should be used to check for the presence of a card.\n" "\n" "If APPTYPE is given, an application of that type is selected and an\n" @@ -1147,7 +1147,7 @@ static const char hlp_getattr[] = "returned through status message, see the LEARN command for details.\n" "\n" "However, the current implementation assumes that Name is not escaped;\n" - "this works as long as noone uses arbitrary escaping. \n" + "this works as long as no one uses arbitrary escaping. \n" "\n" "Note, that this function may even be used on a locked card."; static gpg_error_t @@ -1185,7 +1185,7 @@ static const char hlp_setattr[] = "application. NAME and VALUE must be percent and '+' escaped.\n" "\n" "However, the current implementation assumes that NAME is not\n" - "escaped; this works as long as noone uses arbitrary escaping.\n" + "escaped; this works as long as no one uses arbitrary escaping.\n" "\n" "A PIN will be requested for most NAMEs. See the corresponding\n" "setattr function of the actually used application (app-*.c) for\n" @@ -1487,7 +1487,7 @@ static const char hlp_passwd[] = "PASSWD [--reset] [--nullpin] \n" "\n" "Change the PIN or, if --reset is given, reset the retry counter of\n" - "the card holder verfication vector CHVNO. The option --nullpin is\n" + "the card holder verification vector CHVNO. The option --nullpin is\n" "used for TCOS cards to set the initial PIN. The format of CHVNO\n" "depends on the card application."; static gpg_error_t @@ -1837,7 +1837,7 @@ static const char hlp_apdu[] = " S CARD-ATR 3BFA1300FF813180450031C173C00100009000B1\n" "\n" "Using the option --more handles the card status word MORE_DATA\n" - "(61xx) and concatenates all reponses to one block.\n" + "(61xx) and concatenates all responses to one block.\n" "\n" "Using the option \"--exlen\" the returned APDU may use extended\n" "length up to N bytes. If N is not given a default value is used\n" diff --git a/scd/iso7816.c b/scd/iso7816.c index 3c43a4c..515e21f 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -291,7 +291,7 @@ iso7816_verify_kp (int slot, int chvno, pininfo_t *pininfo) } /* Perform a VERIFY command on SLOT using the card holder verification - vector CHVNO with a CHV of lenght CHVLEN. Returns 0 on success. */ + vector CHVNO with a CHV of length CHVLEN. Returns 0 on success. */ gpg_error_t iso7816_verify (int slot, int chvno, const char *chv, size_t chvlen) { diff --git a/sm/base64.c b/sm/base64.c index 4a67d61..43781ab 100644 --- a/sm/base64.c +++ b/sm/base64.c @@ -540,7 +540,7 @@ base64_finish_write (struct writer_cb_parm_s *parm) /* Create a reader for the given file descriptor. Depending on the - control information an input decoding is automagically choosen. + control information an input decoding is automagically chosen. The function returns a Base64Context object which must be passed to the gpgme_destroy_reader function. The created KsbaReader object is also returned, but the caller must not call the @@ -621,7 +621,7 @@ gpgsm_destroy_reader (Base64Context ctx) /* Create a writer for the given STREAM. Depending on the control information an output encoding is automagically - choosen. The function returns a Base64Context object which must be + chosen. The function returns a Base64Context object which must be passed to the gpgme_destroy_writer function. The created KsbaWriter object is also returned, but the caller must not call the ksba_reader_release function on it. */ diff --git a/sm/call-agent.c b/sm/call-agent.c index 4b2ec33..c1457b6 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -578,7 +578,7 @@ store_serialno (const char *line) } -/* Callback for the gpgsm_agent_serialno fucntion. */ +/* Callback for the gpgsm_agent_serialno function. */ static gpg_error_t scd_serialno_status_cb (void *opaque, const char *line) { @@ -630,7 +630,7 @@ gpgsm_agent_scd_serialno (ctrl_t ctrl, char **r_serialno) -/* Callback for the gpgsm_agent_serialno fucntion. */ +/* Callback for the gpgsm_agent_serialno function. */ static gpg_error_t scd_keypairinfo_status_cb (void *opaque, const char *line) { diff --git a/sm/call-dirmngr.c b/sm/call-dirmngr.c index bfb80fb..b06397f 100644 --- a/sm/call-dirmngr.c +++ b/sm/call-dirmngr.c @@ -239,7 +239,7 @@ start_dirmngr (ctrl_t ctrl) dirmngr_ctx_locked = 1; err = start_dirmngr_ext (ctrl, &dirmngr_ctx); - /* We do not check ERR but the existance of a context because the + /* We do not check ERR but the existence of a context because the error might come from a failed command send to the dirmngr. Fixme: Why don't we close the drimngr context if we encountered an error in prepare_dirmngr? */ diff --git a/sm/certchain.c b/sm/certchain.c index 579ca9e..d43147e 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -1784,7 +1784,7 @@ do_validate_chain (ctrl_t ctrl, ksba_cert_t cert, ksba_isotime_t checktime_arg, /* Note that it is possible for the last certificate in the chain (i.e. our target certificate) that it has not yet been stored in the keybox and thus the flag can't be set. - We ignore this error becuase it will later be stored + We ignore this error because it will later be stored anyway. */ err = keydb_set_cert_flags (ci->cert, 1, KEYBOX_FLAG_BLOB, 0, KEYBOX_FLAG_BLOB_EPHEMERAL, 0); @@ -2079,7 +2079,7 @@ get_regtp_ca_info (ctrl_t ctrl, ksba_cert_t cert, int *chainlen) until we have found the root. Because we are only interested in German Bundesnetzagentur (former RegTP) derived certificates 3 levels are enough. (The German signature law demands a 3 tier - hierachy; thus there is only one CA between the EE and the Root + hierarchy; thus there is only one CA between the EE and the Root CA.) */ memset (&array, 0, sizeof array); diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 977494c..262781c 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -214,7 +214,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_c (aExport, "export", N_("export certificates")), /* We use -raw and not -p1 for pkcs#1 secret key export so that it - won't accidently be used in case -p12 was intended. */ + won't accidentally be used in case -p12 was intended. */ ARGPARSE_c (aExportSecretKeyP12, "export-secret-key-p12", "@"), ARGPARSE_c (aExportSecretKeyP8, "export-secret-key-p8", "@"), ARGPARSE_c (aExportSecretKeyRaw, "export-secret-key-raw", "@"), @@ -1487,7 +1487,7 @@ main ( int argc, char **argv) log_info (_("WARNING: program may create a core file!\n")); /* if (opt.qualsig_approval && !opt.quiet) */ -/* log_info (_("This software has offically been approved to " */ +/* log_info (_("This software has officially been approved to " */ /* "create and verify\n" */ /* "qualified signatures according to German law.\n")); */ @@ -1524,7 +1524,7 @@ main ( int argc, char **argv) set_debug (); - /* Although we alwasy use gpgsm_exit, we better install a regualr + /* Although we always use gpgsm_exit, we better install a regualr exit handler so that at least the secure memory gets wiped out. */ if (atexit (emergency_cleanup)) diff --git a/sm/import.c b/sm/import.c index 3635525..b2ad839 100644 --- a/sm/import.c +++ b/sm/import.c @@ -747,7 +747,7 @@ parse_p12 (ctrl_t ctrl, ksba_reader_t reader, struct stats_s *stats) goto leave; } - /* GnuPG 2.0.4 accidently created binary P12 files with the string + /* GnuPG 2.0.4 accidentally created binary P12 files with the string "The passphrase is %s encoded.\n\n" prepended to the ASN.1 data. We fix that here. */ if (p12buflen > 29 && !memcmp (p12buffer, "The passphrase is ", 18)) diff --git a/sm/keydb.c b/sm/keydb.c index b3363c4..02b353a 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -478,7 +478,7 @@ keydb_get_resource_name (KEYDB_HANDLE hd) return s? s: ""; } -/* Switch the handle into ephemeral mode and return the orginal value. */ +/* Switch the handle into ephemeral mode and return the original value. */ int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes) { diff --git a/sm/minip12.c b/sm/minip12.c index c70de8a..0e94753 100644 --- a/sm/minip12.c +++ b/sm/minip12.c @@ -273,7 +273,7 @@ parse_tag (unsigned char const **buffer, size_t *size, struct tag_info *ti) -- two bytes in INPUT. Create a new buffer with the content of that octet string. INPUT - is the orginal buffer with a length as stored at LENGTH. Returns + is the original buffer with a length as stored at LENGTH. Returns NULL on error or a new malloced buffer with the length of this new buffer stored at LENGTH and the number of bytes parsed from input are added to the value stored at INPUT_CONSUMED. INPUT_CONSUMED is @@ -679,7 +679,7 @@ parse_bag_encrypted_data (const unsigned char *buffer, size_t length, unsigned char *plain = NULL; int bad_pass = 0; unsigned char *cram_buffer = NULL; - size_t consumed = 0; /* Number of bytes consumed from the orginal buffer. */ + size_t consumed = 0; /* Number of bytes consumed from the original buffer. */ int is_3des = 0; int is_pbes2 = 0; gcry_mpi_t *result = NULL; @@ -1193,7 +1193,7 @@ parse_bag_data (const unsigned char *buffer, size_t length, int startoffset, gcry_mpi_t *result = NULL; int result_count, i; unsigned char *cram_buffer = NULL; - size_t consumed = 0; /* Number of bytes consumed from the orginal buffer. */ + size_t consumed = 0; /* Number of bytes consumed from the original buffer. */ int is_pbes2 = 0; where = "start"; diff --git a/sm/qualified.c b/sm/qualified.c index 56f537e..bae03a4 100644 --- a/sm/qualified.c +++ b/sm/qualified.c @@ -184,7 +184,7 @@ gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert, char *country) /* We know that CERT is a qualified certificate. Ask the user for consent to actually create a signature using this certificate. - Returns: 0 for yes, GPG_ERR_CANCEL for no or any otehr error + Returns: 0 for yes, GPG_ERR_CANCEL for no or any other error code. */ gpg_error_t gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert) diff --git a/sm/server.c b/sm/server.c index cdf4a6e..e47861b 100644 --- a/sm/server.c +++ b/sm/server.c @@ -425,7 +425,7 @@ static const char hlp_signer[] = "used, the signing will then not be done for this key. If the policy\n" "is not to sign at all if not all signer keys are valid, the client\n" "has to take care of this. All SIGNER commands are cumulative until\n" - "a RESET but they are *not* reset by an SIGN command becuase it can\n" + "a RESET but they are *not* reset by an SIGN command because it can\n" "be expected that set of signers are used for more than one sign\n" "operation."; static gpg_error_t diff --git a/tools/gpg-check-pattern.c b/tools/gpg-check-pattern.c index 83f6550..fbf30a2 100644 --- a/tools/gpg-check-pattern.c +++ b/tools/gpg-check-pattern.c @@ -319,7 +319,7 @@ get_regerror (int errcode, regex_t *compiled) /* Parse the pattern given in the memory aread DATA/DATALEN and return a new pattern array. The end of the array is indicated by a NULL - entry. On error an error message is printed and the fucntion + entry. On error an error message is printed and the function returns NULL. Note that the function modifies DATA and assumes that data is nul terminated (even if this is one byte past DATALEN). */ @@ -446,7 +446,7 @@ match_p (const char *string, pattern_t *patarray) } -/* Actual processing of the input. This fucntion does not return an +/* Actual processing of the input. This function does not return an error code but exits as soon as a match has been found. */ static void process (FILE *fp, pattern_t *patarray) diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c index b235e22..5e4bd58 100644 --- a/tools/gpgconf-comp.c +++ b/tools/gpgconf-comp.c @@ -1271,7 +1271,7 @@ gc_component_reload (int component) /* More or less Robust version of dgettext. It has the side effect of switching the codeset to utf-8 because this is what we want to - output. In theory it is posible to keep the orginal code set and + output. In theory it is posible to keep the original code set and switch back for regular disgnostic output (redefine "_(" for that) but given the natur of this tool, being something invoked from other pograms, it does not make much sense. */ @@ -3300,7 +3300,7 @@ gc_component_change_options (int component, estream_t in, estream_t out) int i; int saved_errno = errno; - /* An error occured or a dry-run is requested. */ + /* An error occurred or a dry-run is requested. */ for (i = 0; i < GC_BACKEND_NR; i++) { if (src_filename[i]) diff --git a/tools/gpgkey2ssh.c b/tools/gpgkey2ssh.c index 2054150..f12c5f4 100644 --- a/tools/gpgkey2ssh.c +++ b/tools/gpgkey2ssh.c @@ -75,7 +75,7 @@ retrieve_key_material (FILE *fp, const char *hexkeyid, int *algorithm_id, id = 0; /* Loop over all records until we have found the subkey - corresponsing to the fingerprint. Inm general the first record + corresponding to the fingerprint. In general the first record should be the pub record, but we don't rely on that. Given that we only need to look at one key, it is sufficient to compare the keyid so that we don't need to look at "fpr" records. */ diff --git a/tools/gpgparsemail.c b/tools/gpgparsemail.c index b9c18a2..98bbad0 100644 --- a/tools/gpgparsemail.c +++ b/tools/gpgparsemail.c @@ -624,7 +624,7 @@ parse_message (FILE *fp) if (!msg) die ("can't open parser: %s", strerror (errno)); - /* Fixme: We should not use fgets becuase it can't cope with + /* Fixme: We should not use fgets because it can't cope with embedded nul characters. */ while (fgets (line, sizeof (line), fp)) { diff --git a/tools/gpgtar.c b/tools/gpgtar.c index e9a25fb..4d3954b 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -341,7 +341,7 @@ write_record (estream_t stream, const void *record) /* Return true if FP is an unarmored OpenPGP message. Note that this - fucntion reads a few bytes from FP but pushes them back. */ + function reads a few bytes from FP but pushes them back. */ #if 0 static int openpgp_message_p (estream_t fp) diff --git a/tools/rfc822parse.c b/tools/rfc822parse.c index 285e084..f911bd2 100644 --- a/tools/rfc822parse.c +++ b/tools/rfc822parse.c @@ -514,7 +514,7 @@ rfc822parse_finish (rfc822parse_t msg) * part. * * WHICH gives the mode: - * -1 := Take the last occurence + * -1 := Take the last occurrence * n := Take the n-th one. * * Returns a newly allocated buffer or NULL on error. errno is set in @@ -954,7 +954,7 @@ parse_field (HDR_LINE hdr) * Find and parse a header field. * WHICH indicates what to do if there are multiple instance of the same * field (like "Received"); the following value are defined: - * -1 := Take the last occurence + * -1 := Take the last occurrence * 0 := Reserved * n := Take the n-th one. * Returns a handle for further operations on the parse context of the field diff --git a/tools/symcryptrun.c b/tools/symcryptrun.c index 3b73cf4..4b90cd2 100644 --- a/tools/symcryptrun.c +++ b/tools/symcryptrun.c @@ -49,7 +49,7 @@ The possible exit status codes: 0 Success - 1 Some error occured + 1 Some error occurred 2 No valid passphrase was provided 3 The operation was canceled by the user ----------------------------------------------------------------------- Summary of changes: agent/cache.c | 2 +- agent/call-pinentry.c | 2 +- agent/call-scd.c | 2 +- agent/command-ssh.c | 2 +- agent/command.c | 2 +- agent/divert-scd.c | 2 +- agent/findkey.c | 2 +- agent/gpg-agent.c | 2 +- agent/w32main.c | 2 +- common/argparse.c | 2 +- common/audit.c | 2 +- common/audit.h | 2 +- common/convert.c | 6 +++--- common/dotlock.c | 2 +- common/exechelp-posix.c | 2 +- common/exechelp-w32.c | 4 ++-- common/exechelp-w32ce.c | 2 +- common/exechelp.h | 4 ++-- common/helpfile.c | 2 +- common/i18n.h | 2 +- common/iobuf.c | 2 +- common/iobuf.h | 8 ++++---- common/localename.c | 2 +- common/logging.c | 2 +- common/openpgp-oid.c | 2 +- common/session-env.c | 2 +- common/sexputil.c | 2 +- common/sysutils.c | 4 ++-- common/t-sexputil.c | 2 +- common/ttyio.c | 2 +- common/util.h | 2 +- dirmngr/cdblib.c | 6 +++--- dirmngr/certcache.c | 4 ++-- dirmngr/crlcache.c | 4 ++-- dirmngr/dirmngr-client.c | 2 +- dirmngr/dirmngr.c | 2 +- dirmngr/dirmngr_ldap.c | 2 +- dirmngr/dns-stuff.c | 4 ++-- dirmngr/http.c | 2 +- dirmngr/ks-engine-hkp.c | 2 +- dirmngr/ks-engine-ldap.c | 6 +++--- dirmngr/ldap-wrapper.c | 2 +- dirmngr/ldap.c | 4 ++-- dirmngr/misc.c | 2 +- dirmngr/ocsp.c | 4 ++-- dirmngr/validate.c | 4 ++-- g10/encrypt.c | 2 +- g10/getkey.c | 4 ++-- g10/gpg.c | 4 ++-- g10/gpgv.c | 2 +- g10/import.c | 2 +- g10/keydb.c | 2 +- g10/keydb.h | 8 ++++---- g10/keygen.c | 2 +- g10/keyid.c | 2 +- g10/keylist.c | 2 +- g10/keyring.c | 2 +- g10/mainproc.c | 6 +++--- g10/misc.c | 8 ++++---- g10/options.h | 2 +- g10/packet.h | 4 ++-- g10/parse-packet.c | 2 +- g10/pkclist.c | 4 ++-- g10/pkglue.c | 2 +- g10/plaintext.c | 2 +- g10/server.c | 2 +- g10/sig-check.c | 2 +- g10/sqlite.c | 2 +- g10/tdbio.c | 6 +++--- g10/test-stubs.c | 2 +- g10/tofu.c | 2 +- g10/trust.c | 4 ++-- g10/trustdb.c | 2 +- g13/create.c | 2 +- g13/mountinfo.c | 2 +- kbx/keybox-blob.c | 2 +- kbx/keybox-file.c | 2 +- kbx/keybox-init.c | 2 +- kbx/keybox-search-desc.h | 2 +- kbx/keybox-search.c | 2 +- kbx/keybox-update.c | 2 +- scd/apdu.c | 10 +++++----- scd/app-openpgp.c | 8 ++++---- scd/app-p15.c | 2 +- scd/app.c | 2 +- scd/ccid-driver.c | 8 ++++---- scd/command.c | 10 +++++----- scd/iso7816.c | 2 +- sm/base64.c | 4 ++-- sm/call-agent.c | 4 ++-- sm/call-dirmngr.c | 2 +- sm/certchain.c | 4 ++-- sm/gpgsm.c | 6 +++--- sm/import.c | 2 +- sm/keydb.c | 2 +- sm/minip12.c | 6 +++--- sm/qualified.c | 2 +- sm/server.c | 2 +- tools/gpg-check-pattern.c | 4 ++-- tools/gpgconf-comp.c | 4 ++-- tools/gpgkey2ssh.c | 2 +- tools/gpgparsemail.c | 2 +- tools/gpgtar.c | 2 +- tools/rfc822parse.c | 4 ++-- tools/symcryptrun.c | 2 +- 105 files changed, 162 insertions(+), 162 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 14:56:40 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 17 Nov 2015 14:56:40 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-141-g58e4a49 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 58e4a492e2c8e908d16135486ed601f602f1e38d (commit) via 848726f5c02faddb0b0fd24ce1a66893f5325675 (commit) via ad9befab12376b3a49cde410996ac9f0013d0871 (commit) via 8f6099ac510526d89be50309dbeb52f62bbaa7d1 (commit) via 11ec4785df1646643966d872b1b53ef675092c98 (commit) via a052c30d31c0f6b532fea081f4a9bee083f5440f (commit) via eae982ed6d69644258afe9c4ad1be553853d8403 (commit) from a9e0905342e847e8961ec4fe9b3aaedf05e33423 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 58e4a492e2c8e908d16135486ed601f602f1e38d Author: Neal H. Walfield Date: Tue Nov 17 14:38:03 2015 +0100 gpg: Change keydb_search to not return legacy keys. * g10/keyring.c (keyring_search): Take new argument, ignore_legacy. If set, skip any legacy keys. Update callers. * g10/keydb.c (keydb_search): Skip any legacy keys. (keydb_search_first): Don't skip legacy keys. Treat them as an error. (keydb_search_next): Likewise. (keydb_search_fpr): Likewise. * g10/export.c (do_export_stream): Likewise. * g10/getkey.c (lookup): Likewise. (have_secret_key_with_kid): Likewise. * g10/keylist.c (list_all): Likewise. (keyring_rebuild_cache): Likewise. * g10/keyserver.c (keyidlist): Likewise. * g10/trustdb.c (validate_key_list): Likewise. -- Signed-off-by: Neal H. Walfield diff --git a/g10/export.c b/g10/export.c index 3c2aa57..1d71c1c 100644 --- a/g10/export.c +++ b/g10/export.c @@ -940,8 +940,6 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, err = keydb_search (kdbhd, desc, ndesc, &descindex); if (!users) desc[0].mode = KEYDB_SEARCH_MODE_NEXT; - if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY) - continue; /* Skip PGP2 keys. */ if (err) break; @@ -949,8 +947,6 @@ do_export_stream (ctrl_t ctrl, iobuf_t out, strlist_t users, int secret, release_kbnode (keyblock); keyblock = NULL; err = keydb_get_keyblock (kdbhd, &keyblock); - if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY) - continue; /* Skip PGP2 keys. */ if (err) { log_error (_("error reading keyblock: %s\n"), gpg_strerror (err)); diff --git a/g10/getkey.c b/g10/getkey.c index dd6820b..88d8c65 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2679,29 +2679,6 @@ found: } -/* Return true if all the search modes are fingerprints. */ -static int -search_modes_are_fingerprint (getkey_ctx_t ctx) -{ - size_t n, found; - - for (n=found=0; n < ctx->nitems; n++) - { - switch (ctx->items[n].mode) - { - case KEYDB_SEARCH_MODE_FPR16: - case KEYDB_SEARCH_MODE_FPR20: - case KEYDB_SEARCH_MODE_FPR: - found++; - break; - default: - break; - } - } - return found && found == ctx->nitems; -} - - /* A high-level function to lookup keys. This function builds on top of the low-level keydb API. It first @@ -2709,10 +2686,6 @@ search_modes_are_fingerprint (getkey_ctx_t ctx) then it filters the results using CTX and, finally, if WANT_SECRET is set, it ignores any keys for which no secret key is available. - Note: this function skips any legacy keys unless the search mode is - KEYDB_SEARCH_MODE_FIRST or KEYDB_SEARCH_MODE_NEXT or we are - searching by fingerprint. - Unlike the low-level search functions, this function also merges all of the self-signed data into the keys, subkeys and user id packets (see the merge_selfsigs for details). @@ -2730,18 +2703,6 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key, for (;;) { rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems, NULL); - - /* Skip over all legacy keys unless we are iterating over all - keys in the DB or the key was requested by its fingerprint. - - Fixme: The lower level keydb code should actually do that but - then it would be harder to report the number of skipped - legacy keys during import. */ - if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY - && !(ctx->nitems && (ctx->items->mode == KEYDB_SEARCH_MODE_FIRST - || ctx->items->mode == KEYDB_SEARCH_MODE_NEXT)) - && !search_modes_are_fingerprint (ctx)) - continue; if (rc) break; @@ -2789,8 +2750,7 @@ lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key, } found: - if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND - && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY) + if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND) log_error ("keydb_search failed: %s\n", gpg_strerror (rc)); if (!rc) @@ -2798,8 +2758,7 @@ found: *ret_keyblock = keyblock; /* Return the keyblock. */ keyblock = NULL; } - else if ((gpg_err_code (rc) == GPG_ERR_NOT_FOUND - || gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) && no_suitable_key) + else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND && no_suitable_key) rc = want_secret? GPG_ERR_UNUSABLE_SECKEY : GPG_ERR_UNUSABLE_PUBKEY; else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) rc = want_secret? GPG_ERR_NO_SECKEY : GPG_ERR_NO_PUBKEY; @@ -3207,8 +3166,6 @@ have_secret_key_with_kid (u32 *keyid) while (!result) { err = keydb_search (kdbhd, &desc, 1, NULL); - if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY) - continue; if (err) break; diff --git a/g10/keydb.c b/g10/keydb.c index 40fb4c7..8a68980 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1708,12 +1708,14 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, break; case KEYDB_RESOURCE_TYPE_KEYRING: rc = keyring_search (hd->active[hd->current].u.kr, desc, - ndesc, descindex); + ndesc, descindex, 1); break; case KEYDB_RESOURCE_TYPE_KEYBOX: - rc = keybox_search (hd->active[hd->current].u.kb, desc, - ndesc, KEYBOX_BLOBTYPE_PGP, - descindex, &hd->skipped_long_blobs); + do + rc = keybox_search (hd->active[hd->current].u.kb, desc, + ndesc, KEYBOX_BLOBTYPE_PGP, + descindex, &hd->skipped_long_blobs); + while (rc == GPG_ERR_LEGACY_KEY); break; } @@ -1776,28 +1778,18 @@ keydb_search_first (KEYDB_HANDLE hd) memset (&desc, 0, sizeof desc); desc.mode = KEYDB_SEARCH_MODE_FIRST; - err = keydb_search (hd, &desc, 1, NULL); - if (gpg_err_code (err) == GPG_ERR_LEGACY_KEY) - err = keydb_search_next (hd); - return err; + return keydb_search (hd, &desc, 1, NULL); } gpg_error_t keydb_search_next (KEYDB_HANDLE hd) { - gpg_error_t err; KEYDB_SEARCH_DESC desc; - do - { - memset (&desc, 0, sizeof desc); - desc.mode = KEYDB_SEARCH_MODE_NEXT; - err = keydb_search (hd, &desc, 1, NULL); - } - while (gpg_err_code (err) == GPG_ERR_LEGACY_KEY); - - return err; + memset (&desc, 0, sizeof desc); + desc.mode = KEYDB_SEARCH_MODE_NEXT; + return keydb_search (hd, &desc, 1, NULL); } gpg_error_t @@ -1815,17 +1807,10 @@ keydb_search_kid (KEYDB_HANDLE hd, u32 *kid) gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr) { - gpg_error_t err; KEYDB_SEARCH_DESC desc; memset (&desc, 0, sizeof desc); desc.mode = KEYDB_SEARCH_MODE_FPR; memcpy (desc.u.fpr, fpr, MAX_FINGERPRINT_LEN); - do - { - err = keydb_search (hd, &desc, 1, NULL); - } - while (gpg_err_code (err) == GPG_ERR_LEGACY_KEY); - - return err; + return keydb_search (hd, &desc, 1, NULL); } diff --git a/g10/keydb.h b/g10/keydb.h index 203c7ec..1848316 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -296,7 +296,8 @@ unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd); (Currently, this function always returns 0 if HD is valid.) */ gpg_error_t keydb_search_reset (KEYDB_HANDLE hd); -/* Search the database for keys matching the search description. +/* Search the database for keys matching the search description. If + the DB contains any legacy keys, these are silently ignored. DESC is an array of search terms with NDESC entries. The search terms are or'd together. That is, the next entry in the DB that @@ -338,7 +339,7 @@ gpg_error_t keydb_search_next (KEYDB_HANDLE hd); gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid); /* This is a convenience function for searching for keys with a long - (20 byte) fingerprint. This function ignores legacy keys. + (20 byte) fingerprint. Note: this function resumes searching where the last search left off. If you want to search the whole database, then you need to diff --git a/g10/keyring.c b/g10/keyring.c index cd569fd..5ebea99 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -429,7 +429,8 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) } else /* Upper layer needs to handle this. */ - ; + { + } break; } if (rc) { @@ -967,7 +968,7 @@ compare_name (int mode, const char *name, const char *uid, size_t uidlen) */ int keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, - size_t ndesc, size_t *descindex) + size_t ndesc, size_t *descindex, int ignore_legacy) { int rc; PACKET pkt; @@ -1106,11 +1107,20 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, if (DBG_LOOKUP) log_debug ("%s: %ssearching from start of resource.\n", __func__, scanned_from_start ? "" : "not "); - while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid))) + while (1) { byte afp[MAX_FINGERPRINT_LEN]; size_t an; + rc = search_packet (hd->current.iobuf, &pkt, &offset, need_uid); + if (ignore_legacy && gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) + { + free_packet (&pkt); + continue; + } + if (rc) + break; + if (pkt.pkttype == PKT_PUBLIC_KEY || pkt.pkttype == PKT_SECRET_KEY) { main_offset = offset; @@ -1486,8 +1496,8 @@ keyring_rebuild_cache (void *token,int noisy) for (;;) { - rc = keyring_search (hd, &desc, 1, NULL); - if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY) + rc = keyring_search (hd, &desc, 1, NULL, 0); + if (rc) break; /* ready. */ desc.mode = KEYDB_SEARCH_MODE_NEXT; diff --git a/g10/keyring.h b/g10/keyring.h index d97bd4c..14d9f42 100644 --- a/g10/keyring.h +++ b/g10/keyring.h @@ -39,7 +39,7 @@ int keyring_insert_keyblock (KEYRING_HANDLE hd, KBNODE kb); int keyring_delete_keyblock (KEYRING_HANDLE hd); int keyring_search_reset (KEYRING_HANDLE hd); int keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, - size_t ndesc, size_t *descindex); + size_t ndesc, size_t *descindex, int skip_legacy); int keyring_rebuild_cache (void *token,int noisy); #endif /*GPG_KEYRING_H*/ diff --git a/g10/keyserver.c b/g10/keyserver.c index 72c244a..ab0eb62 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -1229,21 +1229,16 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) for (;;) { rc = keydb_search (kdbhd, desc, ndesc, NULL); - if (rc && gpg_err_code (rc) != GPG_ERR_LEGACY_KEY) + if (rc) break; /* ready. */ if (!users) desc[0].mode = KEYDB_SEARCH_MODE_NEXT; - if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) - continue; - /* read the keyblock */ rc = keydb_get_keyblock (kdbhd, &keyblock ); if( rc ) { - if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) - continue; log_error (_("error reading keyblock: %s\n"), gpg_strerror (rc) ); goto leave; } diff --git a/g10/trustdb.c b/g10/trustdb.c index 943357c..386796c 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1732,9 +1732,6 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust, { PKT_public_key *pk; - if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) - continue; - rc = keydb_get_keyblock (hd, &keyblock); if (rc) { @@ -1790,8 +1787,7 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust, release_kbnode (keyblock); keyblock = NULL; } - while (!(rc = keydb_search (hd, &desc, 1, NULL)) - || gpg_err_code (rc) == GPG_ERR_LEGACY_KEY); + while (!(rc = keydb_search (hd, &desc, 1, NULL))); if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND) { commit 848726f5c02faddb0b0fd24ce1a66893f5325675 Author: Neal H. Walfield Date: Tue Nov 17 12:56:55 2015 +0100 gpg: Correctly handle an error. * g10/keyring.c (keyring_search): If a compare function returns an error, treat it as an error. -- Signed-off-by: Neal H. Walfield diff --git a/g10/keyring.c b/g10/keyring.c index e9e3ffc..cd569fd 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -1202,6 +1202,9 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, free_packet (&pkt); continue; found: + if (rc) + goto real_found; + if (DBG_LOOKUP) log_debug ("%s: packet starting at offset %zx matched descriptor %zd\n", __func__, offset, n); commit ad9befab12376b3a49cde410996ac9f0013d0871 Author: Neal H. Walfield Date: Tue Nov 17 12:55:42 2015 +0100 gpg: Correctly handle keyblocks followed by legacy keys. * g10/keyring.c (keyring_get_keyblock): If we encounter a legacy packet after already having some non-legacy packets, then treat the legacy packet as a keyblock boundary, not as part of the keyblock. * g10/t-keydb-get-keyblock.c: New file. * g10/t-keydb-get-keyblock.gpg: New file. * g10/Makefile.am (EXTRA_DIST): Add t-keydb-get-keyblock.gpg. (module_tests): Add t-keydb-get-keyblock. (t_keydb_get_keyblock_SOURCES): New variable. (t_keydb_get_keyblock_LDADD): Likewise. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 2151 diff --git a/g10/Makefile.am b/g10/Makefile.am index 2fe5c9a..10714f6 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -20,7 +20,8 @@ EXTRA_DIST = options.skel dirmngr-conf.skel distsigkey.gpg \ ChangeLog-2011 gpg-w32info.rc \ - gpg.w32-manifest.in test.c t-keydb-keyring.kbx + gpg.w32-manifest.in test.c t-keydb-keyring.kbx \ + t-keydb-get-keyblock.gpg AM_CPPFLAGS = -I$(top_srcdir)/common @@ -157,12 +158,16 @@ gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) \ gpgv2_LDFLAGS = $(extra_bin_ldflags) t_common_ldadd = -module_tests = t-rmd160 t-keydb +module_tests = t-rmd160 t-keydb t-keydb-get-keyblock t_rmd160_SOURCES = t-rmd160.c rmd160.c t_rmd160_LDADD = $(t_common_ldadd) t_keydb_SOURCES = t-keydb.c test-stubs.c $(common_source) t_keydb_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(t_common_ldadd) +t_keydb_get_keyblock_SOURCES = t-keydb-get-keyblock.c test-stubs.c \ + $(common_source) +t_keydb_get_keyblock_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) \ + $(LIBICONV) $(t_common_ldadd) $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a diff --git a/g10/keyring.c b/g10/keyring.c index 9a3638b..e9e3ffc 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -419,7 +419,19 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb) continue; } if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) - break; /* Upper layer needs to handle this. */ + { + if (in_cert) + /* It is not this key that is problematic, but the + following key. */ + { + rc = 0; + hd->found.n_packets --; + } + else + /* Upper layer needs to handle this. */ + ; + break; + } if (rc) { log_error ("keyring_get_keyblock: read error: %s\n", gpg_strerror (rc) ); diff --git a/g10/t-keydb-get-keyblock.c b/g10/t-keydb-get-keyblock.c new file mode 100644 index 0000000..2fbcb73 --- /dev/null +++ b/g10/t-keydb-get-keyblock.c @@ -0,0 +1,60 @@ +/* t-keydb-get-keyblock.c - Tests for keydb.c. + * Copyright (C) 2015 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include "test.c" + +#include "keydb.h" + +static void +do_test (int argc, char *argv[]) +{ + char *fname; + int rc; + KEYDB_HANDLE hd1; + KEYDB_SEARCH_DESC desc1; + KBNODE kb1; + + (void) argc; + (void) argv; + + /* t-keydb-get-keyblock.gpg contains two keys: a modern key followed + by a legacy key. If we get the keyblock for the modern key, we + shouldn't get + + - */ + fname = prepend_srcdir ("t-keydb-get-keyblock.gpg"); + rc = keydb_add_resource (fname, 0); + test_free (fname); + if (rc) + ABORT ("Failed to open keyring."); + + hd1 = keydb_new (); + + rc = classify_user_id ("8061 5870 F5BA D690 3336 86D0 F2AD 85AC 1E42 B367", + &desc1, 0); + if (rc) + ABORT ("Failed to convert fingerprint for 1E42B367"); + + rc = keydb_search (hd1, &desc1, 1, NULL); + if (rc) + ABORT ("Failed to lookup key associated with 1E42B367"); + + rc = keydb_get_keyblock (hd1, &kb1); + TEST_P ("", ! rc); +} diff --git a/g10/t-keydb-get-keyblock.gpg b/g10/t-keydb-get-keyblock.gpg new file mode 100644 index 0000000..521487e Binary files /dev/null and b/g10/t-keydb-get-keyblock.gpg differ commit 8f6099ac510526d89be50309dbeb52f62bbaa7d1 Author: Neal H. Walfield Date: Mon Nov 16 20:55:34 2015 +0100 gpg: Add some debugging output. -- Signed-off-by: Neal H. Walfield diff --git a/g10/gpg.c b/g10/gpg.c index 0cc7038..5ba3a20 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2124,6 +2124,12 @@ check_user_ids (strlist_t *sp, default: log_bug ("Unsupport option: %d\n", t->flags >> 2); } + if (DBG_LOOKUP) + { + log_debug ("\n"); + log_debug ("%s: Checking %s=%s\n", __func__, option, t->d); + } + err = classify_user_id (t->d, &desc, 1); if (err) { @@ -2153,6 +2159,9 @@ check_user_ids (strlist_t *sp, err = keydb_search (hd, &desc, 1, NULL); if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) { + if (DBG_LOOKUP) + log_debug ("%s: '%s' not found.\n", __func__, t->d); + if (error_if_not_found) { if (! rc) @@ -2195,6 +2204,9 @@ check_user_ids (strlist_t *sp, release_kbnode (kb); /* Continue the search. */ + if (DBG_LOOKUP) + log_debug ("%s: Check for duplicates for %s='%s'\n", + __func__, option, t->d); err = keydb_search (hd, &desc, 1, NULL); if (! err) /* Another result! */ diff --git a/g10/keydb.c b/g10/keydb.c index 22fec24..40fb4c7 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -1692,7 +1692,16 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, while ((rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) && hd->current >= 0 && hd->current < hd->used) { - switch (hd->active[hd->current].type) + if (DBG_LOOKUP) + log_debug ("%s: searching %s (resource %d of %d)\n", + __func__, + hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYRING + ? "keyring" + : (hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX + ? "keybox" : "unknown type"), + hd->current, hd->used); + + switch (hd->active[hd->current].type) { case KEYDB_RESOURCE_TYPE_NONE: BUG(); /* we should never see it here */ @@ -1707,6 +1716,17 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, descindex, &hd->skipped_long_blobs); break; } + + if (DBG_LOOKUP) + log_debug ("%s: searched %s (resource %d of %d) => %s\n", + __func__, + hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYRING + ? "keyring" + : (hd->active[hd->current].type == KEYDB_RESOURCE_TYPE_KEYBOX + ? "keybox" : "unknown type"), + hd->current, hd->used, + rc == -1 ? "EOF" : gpg_strerror (rc)); + if (rc == -1 || gpg_err_code (rc) == GPG_ERR_EOF) { /* EOF -> switch to next resource */ diff --git a/g10/keyring.c b/g10/keyring.c index 8ebc2e4..9a3638b 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -699,29 +699,51 @@ prepare_search (KEYRING_HANDLE hd) /* If the last key was a legacy key, we simply ignore the error so that we can easily use search_next. */ if (gpg_err_code (hd->current.error) == GPG_ERR_LEGACY_KEY) + { + if (DBG_LOOKUP) + log_debug ("%s: last error was GPG_ERR_LEGACY_KEY, clearing\n", + __func__); hd->current.error = 0; + } else + { + if (DBG_LOOKUP) + log_debug ("%s: returning last error: %s\n", + __func__, gpg_strerror (hd->current.error)); return hd->current.error; /* still in error state */ + } } if (hd->current.kr && !hd->current.eof) { if ( !hd->current.iobuf ) + { + if (DBG_LOOKUP) + log_debug ("%s: missing iobuf!\n", __func__); return GPG_ERR_GENERAL; /* Position invalid after a modify. */ + } return 0; /* okay */ } if (!hd->current.kr && hd->current.eof) + { + if (DBG_LOOKUP) + log_debug ("%s: EOF!\n", __func__); return -1; /* still EOF */ + } if (!hd->current.kr) { /* start search with first keyring */ hd->current.kr = hd->resource; if (!hd->current.kr) { + if (DBG_LOOKUP) + log_debug ("%s: keyring not available!\n", __func__); hd->current.eof = 1; return -1; /* keyring not available */ } assert (!hd->current.iobuf); } else { /* EOF */ + if (DBG_LOOKUP) + log_debug ("%s: EOF\n", __func__); iobuf_close (hd->current.iobuf); hd->current.iobuf = NULL; hd->current.kr = NULL; @@ -988,22 +1010,44 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, } } + if (DBG_LOOKUP) + log_debug ("%s: need_uid = %d; need_words = %d; need_keyid = %d; need_fpr = %d; any_skip = %d\n", + __func__, need_uid, need_words, need_keyid, need_fpr, any_skip); + rc = prepare_search (hd); if (rc) - return rc; + { + if (DBG_LOOKUP) + log_debug ("%s: prepare_search failed: %s (%d)\n", + __func__, gpg_strerror (rc), gpg_err_code (rc)); + return rc; + } use_offtbl = !!kr_offtbl; if (!use_offtbl) - ; + { + if (DBG_LOOKUP) + log_debug ("%s: no offset table.\n", __func__); + } else if (!kr_offtbl_ready) - need_keyid = 1; + { + if (DBG_LOOKUP) + log_debug ("%s: initializing offset table. (need_keyid: %d => 1)\n", + __func__, need_keyid); + need_keyid = 1; + } else if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID) { struct off_item *oi; + if (DBG_LOOKUP) + log_debug ("%s: look up by long key id, checking cache\n", __func__); + oi = lookup_offset_hash_table (kr_offtbl, desc[0].u.kid); if (!oi) { /* We know that we don't have this key */ + if (DBG_LOOKUP) + log_debug ("%s: cache says not present\n", __func__); hd->found.kr = NULL; hd->current.eof = 1; return -1; @@ -1047,6 +1091,9 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, pk_no = uid_no = 0; initial_skip = 1; /* skip until we see the start of a keyblock */ scanned_from_start = iobuf_tell (hd->current.iobuf) == 0; + if (DBG_LOOKUP) + log_debug ("%s: %ssearching from start of resource.\n", + __func__, scanned_from_start ? "" : "not "); while (!(rc=search_packet (hd->current.iobuf, &pkt, &offset, need_uid))) { byte afp[MAX_FINGERPRINT_LEN]; @@ -1143,6 +1190,10 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, free_packet (&pkt); continue; found: + if (DBG_LOOKUP) + log_debug ("%s: packet starting at offset %zx matched descriptor %zd\n", + __func__, offset, n); + /* Record which desc we matched on. Note this value is only meaningful if this function returns with no errors. */ if(descindex) @@ -1151,7 +1202,12 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, { if (desc[n].skipfnc && desc[n].skipfnc (desc[n].skipfncvalue, aki, uid_no)) - break; + { + if (DBG_LOOKUP) + log_debug ("%s: skipping match: desc %zd's skip function returned TRUE\n", + __func__, n); + break; + } } if (n == ndesc) goto real_found; @@ -1160,6 +1216,8 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, real_found: if (!rc) { + if (DBG_LOOKUP) + log_debug ("%s: returing success\n", __func__); hd->found.offset = main_offset; hd->found.kr = hd->current.kr; hd->found.pk_no = pk? pk_no : 0; @@ -1167,6 +1225,9 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, } else if (rc == -1) { + if (DBG_LOOKUP) + log_debug ("%s: no matches (EOF)\n", __func__); + hd->current.eof = 1; /* if we scanned all keyrings, we are sure that * all known key IDs are in our offtbl, mark that. */ @@ -1195,7 +1256,12 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, } } else - hd->current.error = rc; + { + if (DBG_LOOKUP) + log_debug ("%s: error encountered during search: %s (%d)\n", + __func__, gpg_strerror (rc), rc); + hd->current.error = rc; + } free_packet(&pkt); set_packet_list_mode(save_mode); commit 11ec4785df1646643966d872b1b53ef675092c98 Author: Neal H. Walfield Date: Tue Nov 17 11:36:38 2015 +0100 gpg: Make debugging search descriptors easier. * g10/keydb.c (dump_search_desc): Rename from this... (keydb_search_desc_dump): ... to this. Only process a single search descriptor. Improve output. Don't mark as static. Update callers. -- Signed-off-by: Neal H. Walfield diff --git a/g10/keydb.c b/g10/keydb.c index 1705c71..22fec24 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -465,8 +465,70 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp) return rt; } + +char * +keydb_search_desc_dump (struct keydb_search_desc *desc) +{ + char b[MAX_FORMATTED_FINGERPRINT_LEN + 1]; + char fpr[MAX_FINGERPRINT_LEN + 1]; - + switch (desc->mode) + { + case KEYDB_SEARCH_MODE_EXACT: + return xasprintf ("EXACT: '%s'", desc->u.name); + case KEYDB_SEARCH_MODE_SUBSTR: + return xasprintf ("SUBSTR: '%s'", desc->u.name); + case KEYDB_SEARCH_MODE_MAIL: + return xasprintf ("MAIL: '%s'", desc->u.name); + case KEYDB_SEARCH_MODE_MAILSUB: + return xasprintf ("MAILSUB: '%s'", desc->u.name); + case KEYDB_SEARCH_MODE_MAILEND: + return xasprintf ("MAILEND: '%s'", desc->u.name); + case KEYDB_SEARCH_MODE_WORDS: + return xasprintf ("WORDS: '%s'", desc->u.name); + case KEYDB_SEARCH_MODE_SHORT_KID: + return xasprintf ("SHORT_KID: '%s'", + format_keyid (desc->u.kid, KF_SHORT, b, sizeof (b))); + case KEYDB_SEARCH_MODE_LONG_KID: + return xasprintf ("LONG_KID: '%s'", + format_keyid (desc->u.kid, KF_LONG, b, sizeof (b))); + case KEYDB_SEARCH_MODE_FPR16: + bin2hex (desc->u.fpr, 16, fpr); + return xasprintf ("FPR16: '%s'", + format_hexfingerprint (fpr, b, sizeof (b))); + case KEYDB_SEARCH_MODE_FPR20: + bin2hex (desc->u.fpr, 20, fpr); + return xasprintf ("FPR20: '%s'", + format_hexfingerprint (fpr, b, sizeof (b))); + case KEYDB_SEARCH_MODE_FPR: + bin2hex (desc->u.fpr, 20, fpr); + return xasprintf ("FPR: '%s'", + format_hexfingerprint (fpr, b, sizeof (b))); + case KEYDB_SEARCH_MODE_ISSUER: + return xasprintf ("ISSUER: '%s'", desc->u.name); + case KEYDB_SEARCH_MODE_ISSUER_SN: + return xasprintf ("ISSUER_SN: '%*s'", + (int) (desc->snlen == -1 + ? strlen (desc->sn) : desc->snlen), + desc->sn); + case KEYDB_SEARCH_MODE_SN: + return xasprintf ("SN: '%*s'", + (int) (desc->snlen == -1 + ? strlen (desc->sn) : desc->snlen), + desc->sn); + case KEYDB_SEARCH_MODE_SUBJECT: + return xasprintf ("SUBJECT: '%s'", desc->u.name); + case KEYDB_SEARCH_MODE_KEYGRIP: + return xasprintf ("KEYGRIP: %s", desc->u.grip); + case KEYDB_SEARCH_MODE_FIRST: + return xasprintf ("FIRST"); + case KEYDB_SEARCH_MODE_NEXT: + return xasprintf ("NEXT"); + default: + return xasprintf ("Bad search mode (%d)", desc->mode); + } +} + gpg_error_t keydb_add_resource (const char *url, unsigned int flags) { @@ -1571,57 +1633,11 @@ keydb_search_reset (KEYDB_HANDLE hd) } -static void -dump_search_desc (KEYDB_HANDLE hd, const char *text, - KEYDB_SEARCH_DESC *desc, size_t ndesc) -{ - int n; - const char *s; - - for (n=0; n < ndesc; n++) - { - switch (desc[n].mode) - { - case KEYDB_SEARCH_MODE_NONE: s = "none"; break; - case KEYDB_SEARCH_MODE_EXACT: s = "exact"; break; - case KEYDB_SEARCH_MODE_SUBSTR: s = "substr"; break; - case KEYDB_SEARCH_MODE_MAIL: s = "mail"; break; - case KEYDB_SEARCH_MODE_MAILSUB: s = "mailsub"; break; - case KEYDB_SEARCH_MODE_MAILEND: s = "mailend"; break; - case KEYDB_SEARCH_MODE_WORDS: s = "words"; break; - case KEYDB_SEARCH_MODE_SHORT_KID: s = "short_kid"; break; - case KEYDB_SEARCH_MODE_LONG_KID: s = "long_kid"; break; - case KEYDB_SEARCH_MODE_FPR16: s = "fpr16"; break; - case KEYDB_SEARCH_MODE_FPR20: s = "fpr20"; break; - case KEYDB_SEARCH_MODE_FPR: s = "fpr"; break; - case KEYDB_SEARCH_MODE_ISSUER: s = "issuer"; break; - case KEYDB_SEARCH_MODE_ISSUER_SN: s = "issuer_sn"; break; - case KEYDB_SEARCH_MODE_SN: s = "sn"; break; - case KEYDB_SEARCH_MODE_SUBJECT: s = "subject"; break; - case KEYDB_SEARCH_MODE_KEYGRIP: s = "keygrip"; break; - case KEYDB_SEARCH_MODE_FIRST: s = "first"; break; - case KEYDB_SEARCH_MODE_NEXT: s = "next"; break; - default: s = "?"; break; - } - if (!n) - log_debug ("%s: mode=%s (hd=%p)", text, s, hd); - else - log_debug ("%*s mode=%s", (int)strlen (text), "", s); - if (desc[n].mode == KEYDB_SEARCH_MODE_LONG_KID) - log_printf (" %08lX%08lX", (unsigned long)desc[n].u.kid[0], - (unsigned long)desc[n].u.kid[1]); - else if (desc[n].mode == KEYDB_SEARCH_MODE_SHORT_KID) - log_printf (" %08lX", (unsigned long)desc[n].u.kid[1]); - else if (desc[n].mode == KEYDB_SEARCH_MODE_SUBSTR) - log_printf (" '%s'", desc[n].u.name); - } -} - - gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc, size_t *descindex) { + int i; gpg_error_t rc; int was_reset = hd->is_reset; /* If an entry is already in the cache, then don't add it again. */ @@ -1636,8 +1652,16 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, if (DBG_CLOCK) log_clock ("keydb_search enter"); - if (DBG_CACHE) - dump_search_desc (hd, "keydb_search", desc, ndesc); + if (DBG_LOOKUP) + { + log_debug ("%s: %zd search descriptions:\n", __func__, ndesc); + for (i = 0; i < ndesc; i ++) + { + char *t = keydb_search_desc_dump (&desc[i]); + log_debug ("%s %d: %s\n", __func__, i, t); + xfree (t); + } + } if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID diff --git a/g10/keydb.h b/g10/keydb.h index b1dfa08..203c7ec 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -133,6 +133,10 @@ union pref_hint #define KEYDB_RESOURCE_FLAG_READONLY 8 /* Open in read only mode. */ #define KEYDB_RESOURCE_FLAG_GPGVDEF 16 /* Default file for gpgv. */ +/* Format a search term for debugging output. The caller must free + the result. */ +char *keydb_search_desc_dump (struct keydb_search_desc *desc); + /* Register a resource (keyring or keybox). The first keyring or keybox that is added using this function is created if it does not already exist and the KEYDB_RESOURCE_FLAG_READONLY is not set. commit a052c30d31c0f6b532fea081f4a9bee083f5440f Author: Neal H. Walfield Date: Tue Nov 17 11:47:43 2015 +0100 gpg: Add function format_keyid. * g10/options.h (opt.keyid_format): Add new value KF_DEFAULT. * g10/keyid.c (format_keyid): New function. (keystr): Use it. -- Signed-off-by: Neal H. Walfield diff --git a/g10/keydb.h b/g10/keydb.h index 882af35..b1dfa08 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -786,6 +786,7 @@ char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize); #define PUBKEY_STRING_SIZE 32 u32 v3_keyid (gcry_mpi_t a, u32 *ki); void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk ); +const char *format_keyid (u32 *keyid, int format, char *buffer, int len); size_t keystrlen(void); const char *keystr(u32 *keyid); const char *keystr_with_sub (u32 *main_kid, u32 *sub_kid); diff --git a/g10/keyid.c b/g10/keyid.c index d716985..cb237ef 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -274,65 +274,81 @@ v3_keyid (gcry_mpi_t a, u32 *ki) } -size_t -keystrlen(void) +const char * +format_keyid (u32 *keyid, int format, char *buffer, int len) { - switch(opt.keyid_format) + char tmp[KEYID_STR_SIZE]; + if (! buffer) + buffer = tmp; + + if (format == KF_DEFAULT) + format = opt.keyid_format; + if (format == KF_DEFAULT) + format = KF_0xLONG; + + switch (format) { case KF_SHORT: - return 8; + snprintf (buffer, len, "%08lX", (ulong)keyid[1]); + break; case KF_LONG: - return 16; + if (keyid[0]) + snprintf (buffer, len, "%08lX%08lX", + (ulong)keyid[0], (ulong)keyid[1]); + else + snprintf (buffer, len, "%08lX", (ulong)keyid[1]); + break; case KF_0xSHORT: - return 10; + snprintf (buffer, len, "0x%08lX", (ulong)keyid[1]); + break; case KF_0xLONG: - return 18; + if(keyid[0]) + snprintf (buffer, len, "0x%08lX%08lX", + (ulong)keyid[0],(ulong)keyid[1]); + else + snprintf (buffer, len, "0x%08lX", (ulong)keyid[1]); + break; default: BUG(); } -} + if (buffer == tmp) + return xstrdup (buffer); + return buffer; +} -const char * -keystr (u32 *keyid) +size_t +keystrlen(void) { - static char keyid_str[KEYID_STR_SIZE]; - - switch (opt.keyid_format) + switch(opt.keyid_format) { case KF_SHORT: - snprintf (keyid_str, sizeof keyid_str, "%08lX", (ulong)keyid[1]); - break; + return 8; case KF_LONG: - if (keyid[0]) - snprintf (keyid_str, sizeof keyid_str, "%08lX%08lX", - (ulong)keyid[0], (ulong)keyid[1]); - else - snprintf (keyid_str, sizeof keyid_str, "%08lX", (ulong)keyid[1]); - break; + return 16; case KF_0xSHORT: - snprintf (keyid_str, sizeof keyid_str, "0x%08lX", (ulong)keyid[1]); - break; + return 10; case KF_0xLONG: - if(keyid[0]) - snprintf (keyid_str, sizeof keyid_str, "0x%08lX%08lX", - (ulong)keyid[0],(ulong)keyid[1]); - else - snprintf (keyid_str, sizeof keyid_str, "0x%08lX", (ulong)keyid[1]); - break; + return 18; default: BUG(); } +} + - return keyid_str; +const char * +keystr (u32 *keyid) +{ + static char keyid_str[KEYID_STR_SIZE]; + return format_keyid (keyid, opt.keyid_format, keyid_str, sizeof (keyid_str)); } diff --git a/g10/options.h b/g10/options.h index 6fca714..0bb2aae 100644 --- a/g10/options.h +++ b/g10/options.h @@ -136,7 +136,7 @@ struct } compliance; enum { - KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG + KF_DEFAULT, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG } keyid_format; int shm_coprocess; const char *set_filename; commit eae982ed6d69644258afe9c4ad1be553853d8403 Author: Neal H. Walfield Date: Tue Nov 17 13:42:43 2015 +0100 gpg: Use a more appropriate error code. * g10/gpg.c (check_user_ids): Return a more appropriate error code if a user id is ambiguous. -- Signed-off-by: Neal H. Walfield diff --git a/g10/gpg.c b/g10/gpg.c index dacfa74..0cc7038 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2209,7 +2209,7 @@ check_user_ids (strlist_t *sp, log_info (_("(check argument of option '%s')\n"), option); if (! rc) - rc = GPG_ERR_CONFLICT; + rc = GPG_ERR_AMBIGUOUS_NAME; err = keydb_get_keyblock (hd, &kb); if (err) ----------------------------------------------------------------------- Summary of changes: g10/Makefile.am | 9 ++- g10/export.c | 4 - g10/getkey.c | 47 +---------- g10/gpg.c | 14 +++- g10/keydb.c | 183 +++++++++++++++++++++++++------------------ g10/keydb.h | 10 ++- g10/keyid.c | 76 +++++++++++------- g10/keyring.c | 111 +++++++++++++++++++++++--- g10/keyring.h | 2 +- g10/keyserver.c | 7 +- g10/options.h | 2 +- g10/t-keydb-get-keyblock.c | 60 ++++++++++++++ g10/t-keydb-get-keyblock.gpg | Bin 0 -> 138824 bytes g10/trustdb.c | 6 +- 14 files changed, 347 insertions(+), 184 deletions(-) create mode 100644 g10/t-keydb-get-keyblock.c create mode 100644 g10/t-keydb-get-keyblock.gpg hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 16:10:49 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 17 Nov 2015 16:10:49 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-142-g1e3dbb1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 1e3dbb15affd6d75a477aa17715d8e5470988c08 (commit) from 58e4a492e2c8e908d16135486ed601f602f1e38d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1e3dbb15affd6d75a477aa17715d8e5470988c08 Author: Justus Winter Date: Mon Nov 16 18:18:25 2015 +0100 dirmngr: Fix specifying keyservers by IP address. * dirmngr/ks-engine-hkp.c (map_host): Update the original 'hosttable' entry instead of creating another one. -- Previously, if a keyserver was given using its IP address (e.g. 'hkp://127.0.0.1'), 'map_host' would create two entries in the 'hosttable', one with the name '127.0.0.1', and the second one with the name 'localhost' and 'v4addr' being set to '127.0.0.1'. But the first entry is the one being used for lookups, and since the 'v4' flag is not set, the 'HTTP_FLAG_IGNORE_IPv4' is used when doing the http request, making it fail. Signed-off-by: Justus Winter GnuPG-bug-id: 2012 diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index c856d6c..7bb4ffe 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -378,7 +378,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, } else { - tmpidx = find_hostinfo (tmphost); + if (!is_pool && is_ip_address (name)) + /* Update the original entry. */ + tmpidx = idx; + else + tmpidx = find_hostinfo (tmphost); log_info ("resolve_dns_addr for '%s': '%s'%s\n", name, tmphost, tmpidx == -1? "" : " [already known]"); ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-hkp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 17:07:38 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Tue, 17 Nov 2015 17:07:38 +0100 Subject: [git] GCRYPT - branch, justus/fix-error-handling, created. libgcrypt-1.6.0-282-g6af4a77 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, justus/fix-error-handling has been created at 6af4a773d42d06b503250400221a02e4d43cefed (commit) - Log ----------------------------------------------------------------- commit 6af4a773d42d06b503250400221a02e4d43cefed Author: Justus Winter Date: Tue Nov 17 16:00:16 2015 +0100 cipher: Fix error handling. * cipher/cipher.c (_gcry_cipher_ctl): Fix error handling. -- Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/cipher/cipher.c b/cipher/cipher.c index ab9f0dc..f163bde 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -1359,6 +1359,7 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) (&h->context.c, GCRYCTL_SET_SBOX, buffer, buflen); else rc = GPG_ERR_NOT_SUPPORTED; + break; default: rc = GPG_ERR_INV_OP; ----------------------------------------------------------------------- hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 21:23:20 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 17 Nov 2015 21:23:20 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-143-g0b86c74 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 0b86c7463c8c057496b38e06c00f0ae4288dad49 (commit) from 1e3dbb15affd6d75a477aa17715d8e5470988c08 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0b86c7463c8c057496b38e06c00f0ae4288dad49 Author: Neal H. Walfield Date: Tue Nov 17 21:21:03 2015 +0100 gpg: Allow selecting subkeys using a keyid. * g10/keyedit.c (menu_select_key): Take an additional argument, p. Update callers. If P is a hex string, then assume that P is a key id or fingerprint and select subkeys with matching key ids or fingerprints. * doc/gpg.texi: Update documentation for the key subcommand. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1423 Debian-bug-id: 610336 diff --git a/doc/gpg.texi b/doc/gpg.texi index dcef495..d6ae579 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -613,7 +613,7 @@ line. @item key @code{n} @opindex keyedit:key - Toggle selection of subkey with index @code{n}. + Toggle selection of subkey with index @code{n} or key ID @code{n}. Use @code{*} to select all and @code{0} to deselect all. @item sign diff --git a/g10/keyedit.c b/g10/keyedit.c index 16b0cec..5fc92b2 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -77,7 +77,7 @@ static int menu_set_keyserver_url (const char *url, KBNODE pub_keyblock); static int menu_set_notation (const char *string, KBNODE pub_keyblock); static int menu_select_uid (KBNODE keyblock, int idx); static int menu_select_uid_namehash (KBNODE keyblock, const char *namehash); -static int menu_select_key (KBNODE keyblock, int idx); +static int menu_select_key (KBNODE keyblock, int idx, char *p); static int count_uids (KBNODE keyblock); static int count_uids_with_flag (KBNODE keyblock, unsigned flag); static int count_keys_with_flag (KBNODE keyblock, unsigned flag); @@ -1719,7 +1719,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr, if (*arg_string == '*' && (!arg_string[1] || spacep (arg_string + 1))) arg_number = -1; /* Select all. */ - if (menu_select_key (keyblock, arg_number)) + if (menu_select_key (keyblock, arg_number, p)) redisplay = 1; } break; @@ -4888,10 +4888,67 @@ menu_select_uid_namehash (KBNODE keyblock, const char *namehash) * Returns: True if the selection changed. */ static int -menu_select_key (KBNODE keyblock, int idx) +menu_select_key (KBNODE keyblock, int idx, char *p) { KBNODE node; - int i; + int i, j; + int is_hex_digits = strlen (p) >= 8; + + if (is_hex_digits) + { + for (i = 0, j = 0; p[i]; i ++) + if (('0' <= p[i] && p[i] <= '9') + || ('A' <= p[i] && p[i] <= 'F') + || ('a' <= p[i] && p[i] <= 'f')) + { + p[j] = toupper (p[i]); + j ++; + } + else if (p[i] == ' ') + /* Skip spaces. */ + { + } + else + { + is_hex_digits = 0; + break; + } + if (is_hex_digits) + /* In case we skipped some spaces, add a new NUL terminator. */ + { + p[j] = 0; + /* If we skipped some spaces, make sure that we still have + at least 8 characters. */ + is_hex_digits = strlen (p) >= 8; + } + } + + if (is_hex_digits) + { + int found_one = 0; + for (node = keyblock; node; node = node->next) + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY) + { + char fp[2*MAX_FINGERPRINT_LEN + 1]; + hexfingerprint (node->pkt->pkt.public_key, fp, sizeof (fp)); + if (strcmp (&fp[strlen (fp) - strlen (p)], p) == 0) + { + if ((node->flag & NODFLG_SELKEY)) + node->flag &= ~NODFLG_SELKEY; + else + node->flag |= NODFLG_SELKEY; + + found_one = 1; + } + } + + if (found_one) + return 1; + + tty_printf (_("No subkey with keyid %s\n"), p); + return 0; + } if (idx == -1) /* Select all. */ { ----------------------------------------------------------------------- Summary of changes: doc/gpg.texi | 2 +- g10/keyedit.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 62 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 22:15:41 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 17 Nov 2015 22:15:41 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-144-g84ebf15 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 84ebf15b06e435453b2f58775f97a3a1c61a7e55 (commit) from 0b86c7463c8c057496b38e06c00f0ae4288dad49 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 84ebf15b06e435453b2f58775f97a3a1c61a7e55 Author: Neal H. Walfield Date: Tue Nov 17 22:15:33 2015 +0100 tools: Fix option parsing for gpg-zip. * tools/gpg-zip.in: Correctly set GPG when --gpg is specified. Correctly set TAR when --tar is specified. Pass TAR_ARGS to tar. -- Signed-off-by: Neal H. Walfield Co-authored-by: Michael M?nch GnuPG-bug-id 1351 GnuPG-bug-id 1442 diff --git a/tools/gpg-zip.in b/tools/gpg-zip.in index d27b1f9..a6b4238 100644 --- a/tools/gpg-zip.in +++ b/tools/gpg-zip.in @@ -94,7 +94,8 @@ while test $# -gt 0 ; do exit 0 ;; --gpg) - GPG=$1 + GPG=$2 + shift shift ;; --gpg-args) @@ -103,7 +104,8 @@ while test $# -gt 0 ; do shift ;; --tar) - TAR=$1 + TAR=$2 + shift shift ;; --tar-args) @@ -126,8 +128,8 @@ while test $# -gt 0 ; do done if test x$create = xyes ; then -# echo "$TAR -cf - "$@" | $GPG --set-filename x.tar $gpg_args" 1>&2 - $TAR -cf - "$@" | $GPG --set-filename x.tar $gpg_args +# echo "$TAR $tar_args -cf - "$@" | $GPG --set-filename x.tar $gpg_args" 1>&2 + $TAR $tar_args -cf - "$@" | $GPG --set-filename x.tar $gpg_args elif test x$list = xyes ; then # echo "cat \"$1\" | $GPG $gpg_args | $TAR $tar_args -tf -" 1>&2 cat "$1" | $GPG $gpg_args | $TAR $tar_args -tf - ----------------------------------------------------------------------- Summary of changes: tools/gpg-zip.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 22:30:09 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 17 Nov 2015 22:30:09 +0100 Subject: [git] gnupg-doc - branch, master, updated. bb7d2a7f80fae586d882cf5da59ed40ae64adbe9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via bb7d2a7f80fae586d882cf5da59ed40ae64adbe9 (commit) via 6b996d50b54de83e986a2c85d235b6c7ef67afaf (commit) from 25cd0bed9dc2696ce9abdda560dcd8321d411908 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bb7d2a7f80fae586d882cf5da59ed40ae64adbe9 Author: Neal H. Walfield Date: Tue Nov 17 22:29:13 2015 +0100 blog: Fix typo. diff --git a/misc/blog.gnupg.org/20151103-gnupg-in-october.org b/misc/blog.gnupg.org/20151103-gnupg-in-october.org index 7888c64..42184cf 100644 --- a/misc/blog.gnupg.org/20151103-gnupg-in-october.org +++ b/misc/blog.gnupg.org/20151103-gnupg-in-october.org @@ -136,7 +136,7 @@ user, then it probably is. TOFU, on the other hand, is only able to detect when the key associated with an email address has changed. Despite this, TOFU will be more secure than the WoT for most users in practice. This is because using the WoT requires a lot of manual -support, which most users never both with. In particular, you need to +support, which most users never bother with. In particular, you need to verify fingerprints and set the owner trust to take advantage of friend of friend verification. commit 6b996d50b54de83e986a2c85d235b6c7ef67afaf Author: Neal H. Walfield Date: Tue Nov 17 22:28:30 2015 +0100 web: Remove dead link to the ptbr version of the GnuPG Privacy Handbook. GnuPG-bug-id: 1450 diff --git a/web/documentation/guides.org b/web/documentation/guides.org index a442f3f..9f59d04 100644 --- a/web/documentation/guides.org +++ b/web/documentation/guides.org @@ -35,8 +35,6 @@ GPH is also available in the [[../download/cvs_access.org][source repository]]. - There is also a [[http://geocities.yahoo.com.br/sdiasneto/gnupg/gnupg-manual-ptbr.html][brazilian portuguese version of GPH]]. - ** Replacing PGP 2.x with GnuPG This document demonstrates some of GnuPG's features by showing how ----------------------------------------------------------------------- Summary of changes: misc/blog.gnupg.org/20151103-gnupg-in-october.org | 2 +- web/documentation/guides.org | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 17 23:13:39 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 17 Nov 2015 23:13:39 +0100 Subject: [git] gnupg-doc - branch, master, updated. d4306247707570abc6c4d69260c710ca485832d2 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via d4306247707570abc6c4d69260c710ca485832d2 (commit) from bb7d2a7f80fae586d882cf5da59ed40ae64adbe9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d4306247707570abc6c4d69260c710ca485832d2 Author: Neal H. Walfield Date: Tue Nov 17 23:13:34 2015 +0100 web: Remove dead links to aegypten2 issue tracker. GnuPG-bug-id: 1581 diff --git a/web/aegypten2/index.org b/web/aegypten2/index.org index 4d10989..57bbfbf 100644 --- a/web/aegypten2/index.org +++ b/web/aegypten2/index.org @@ -108,13 +108,6 @@ ** Developers -*** Issue Tracker - - Roundup [[http://intevation.de/roundup/aegypten/][?gypten Issue Tracker]] - - (previously we used an [[http://intevation.de/rt/webrt?q_queue=aegypten][RT-based issues tracker for ?gypten]]. Please - report new bugs only into the new Roundup-based one.) - *** Subversion First make sure you installed ----------------------------------------------------------------------- Summary of changes: web/aegypten2/index.org | 7 ------- 1 file changed, 7 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 18 08:52:43 2015 From: cvs at cvs.gnupg.org (by Jussi Kivilinna) Date: Wed, 18 Nov 2015 08:52:43 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-283-g6571a64 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 6571a64331839d7d952292163afbf34c8bef62e0 (commit) via 15ea0acf8bb0aa307eccc23024a0bd7878fb8080 (commit) from 0e395944b70c7a92a6437f6bcc14f287c19ce9de (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6571a64331839d7d952292163afbf34c8bef62e0 Author: Jussi Kivilinna Date: Wed Nov 18 09:44:18 2015 +0200 Tweak Keccak for small speed-up * cipher/keccak_permute_32.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Track rounds with round constant pointer instead of separate round counter. * cipher/keccak_permute_64.h (KECCAK_F1600_PERMUTE_FUNC_NAME): Ditto. (KECCAK_F1600_ABSORB_FUNC_NAME): Tweak lanes pointer increment for bulk absorb loops. -- Patch makes small tweaks to improve performance. Benchmark on Intel Haswell @ 3.2 Ghz: Before: | nanosecs/byte mebibytes/sec cycles/byte SHAKE128 | 2.27 ns/B 420.5 MiB/s 7.26 c/B SHAKE256 | 2.79 ns/B 341.4 MiB/s 8.94 c/B SHA3-224 | 2.64 ns/B 361.7 MiB/s 8.44 c/B SHA3-256 | 2.79 ns/B 341.4 MiB/s 8.94 c/B SHA3-384 | 3.65 ns/B 261.3 MiB/s 11.68 c/B SHA3-512 | 5.27 ns/B 181.0 MiB/s 16.86 c/B After: | nanosecs/byte mebibytes/sec cycles/byte SHAKE128 | 2.25 ns/B 423.5 MiB/s 7.21 c/B SHAKE256 | 2.77 ns/B 343.9 MiB/s 8.88 c/B SHA3-224 | 2.62 ns/B 364.1 MiB/s 8.38 c/B SHA3-256 | 2.77 ns/B 343.8 MiB/s 8.88 c/B SHA3-384 | 3.63 ns/B 262.6 MiB/s 11.63 c/B SHA3-512 | 5.23 ns/B 182.3 MiB/s 16.75 c/B Signed-off-by: Jussi Kivilinna diff --git a/cipher/keccak_permute_32.h b/cipher/keccak_permute_32.h index fed9383..1ce42a4 100644 --- a/cipher/keccak_permute_32.h +++ b/cipher/keccak_permute_32.h @@ -27,6 +27,7 @@ static unsigned int KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) { const u32 *round_consts = round_consts_32bit; + const u32 *round_consts_end = round_consts_32bit + 2 * 24; u32 Aba0, Abe0, Abi0, Abo0, Abu0; u32 Aba1, Abe1, Abi1, Abo1, Abu1; u32 Aga0, Age0, Agi0, Ago0, Agu0; @@ -52,7 +53,6 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) u32 Esa0, Ese0, Esi0, Eso0, Esu0; u32 Esa1, Ese1, Esi1, Eso1, Esu1; u32 *state = hd->u.state32bi; - unsigned int round; Aba0 = state[0]; Aba1 = state[1]; @@ -105,7 +105,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Asu0 = state[48]; Asu1 = state[49]; - for (round = 0; round < 24; round += 2) + do { /* prepareTheta */ BCa0 = Aba0 ^ Aga0 ^ Aka0 ^ Ama0 ^ Asa0; @@ -142,7 +142,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Asu0 ^= Du0; BCu0 = ROL32(Asu0, 7); Eba0 = BCa0 ^ ANDN32(BCe0, BCi0); - Eba0 ^= round_consts[round * 2 + 0]; + Eba0 ^= *(round_consts++); Ebe0 = BCe0 ^ ANDN32(BCi0, BCo0); Ebi0 = BCi0 ^ ANDN32(BCo0, BCu0); Ebo0 = BCo0 ^ ANDN32(BCu0, BCa0); @@ -159,7 +159,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Asu1 ^= Du1; BCu1 = ROL32(Asu1, 7); Eba1 = BCa1 ^ ANDN32(BCe1, BCi1); - Eba1 ^= round_consts[round * 2 + 1]; + Eba1 ^= *(round_consts++); Ebe1 = BCe1 ^ ANDN32(BCi1, BCo1); Ebi1 = BCi1 ^ ANDN32(BCo1, BCu1); Ebo1 = BCo1 ^ ANDN32(BCu1, BCa1); @@ -328,7 +328,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Esu0 ^= Du0; BCu0 = ROL32(Esu0, 7); Aba0 = BCa0 ^ ANDN32(BCe0, BCi0); - Aba0 ^= round_consts[round * 2 + 2]; + Aba0 ^= *(round_consts++); Abe0 = BCe0 ^ ANDN32(BCi0, BCo0); Abi0 = BCi0 ^ ANDN32(BCo0, BCu0); Abo0 = BCo0 ^ ANDN32(BCu0, BCa0); @@ -345,7 +345,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Esu1 ^= Du1; BCu1 = ROL32(Esu1, 7); Aba1 = BCa1 ^ ANDN32(BCe1, BCi1); - Aba1 ^= round_consts[round * 2 + 3]; + Aba1 ^= *(round_consts++); Abe1 = BCe1 ^ ANDN32(BCi1, BCo1); Abi1 = BCi1 ^ ANDN32(BCo1, BCu1); Abo1 = BCo1 ^ ANDN32(BCu1, BCa1); @@ -479,6 +479,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Aso1 = BCo1 ^ ANDN32(BCu1, BCa1); Asu1 = BCu1 ^ ANDN32(BCa1, BCe1); } + while (round_consts < round_consts_end); state[0] = Aba0; state[1] = Aba1; diff --git a/cipher/keccak_permute_64.h b/cipher/keccak_permute_64.h index 1a80192..b28c871 100644 --- a/cipher/keccak_permute_64.h +++ b/cipher/keccak_permute_64.h @@ -26,6 +26,7 @@ static unsigned int KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) { const u64 *round_consts = _gcry_keccak_round_consts_64bit; + const u64 *round_consts_end = _gcry_keccak_round_consts_64bit + 24; u64 Aba, Abe, Abi, Abo, Abu; u64 Aga, Age, Agi, Ago, Agu; u64 Aka, Ake, Aki, Ako, Aku; @@ -39,7 +40,6 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) u64 Ema, Eme, Emi, Emo, Emu; u64 Esa, Ese, Esi, Eso, Esu; u64 *state = hd->u.state64; - unsigned int round; Aba = state[0]; Abe = state[1]; @@ -67,7 +67,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Aso = state[23]; Asu = state[24]; - for (round = 0; round < 24; round += 2) + do { /* prepareTheta */ BCa = Aba ^ Aga ^ Aka ^ Ama ^ Asa; @@ -94,7 +94,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Asu ^= Du; BCu = ROL64(Asu, 14); Eba = BCa ^ ANDN64(BCe, BCi); - Eba ^= (u64)round_consts[round]; + Eba ^= *(round_consts++); Ebe = BCe ^ ANDN64(BCi, BCo); Ebi = BCi ^ ANDN64(BCo, BCu); Ebo = BCo ^ ANDN64(BCu, BCa); @@ -189,7 +189,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Esu ^= Du; BCu = ROL64(Esu, 14); Aba = BCa ^ ANDN64(BCe, BCi); - Aba ^= (u64)round_consts[round + 1]; + Aba ^= *(round_consts++); Abe = BCe ^ ANDN64(BCi, BCo); Abi = BCi ^ ANDN64(BCo, BCu); Abo = BCo ^ ANDN64(BCu, BCa); @@ -259,6 +259,7 @@ KECCAK_F1600_PERMUTE_FUNC_NAME(KECCAK_STATE *hd) Aso = BCo ^ ANDN64(BCu, BCa); Asu = BCu ^ ANDN64(BCa, BCe); } + while (round_consts < round_consts_end); state[0] = Aba; state[1] = Abe; @@ -303,12 +304,11 @@ KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes, /* SHAKE128 */ while (pos == 0 && nlanes >= 21) { - absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); - absorb_lanes64_4(&hd->u.state64[8], lanes + 8 * 8); - absorb_lanes64_8(&hd->u.state64[12], lanes + 8 * 12); - absorb_lanes64_1(&hd->u.state64[20], lanes + 8 * 20); - lanes += 8 * 21; nlanes -= 21; + absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8; + absorb_lanes64_8(&hd->u.state64[8], lanes); lanes += 8 * 8; + absorb_lanes64_4(&hd->u.state64[16], lanes); lanes += 8 * 4; + absorb_lanes64_1(&hd->u.state64[20], lanes); lanes += 8 * 1; burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); } @@ -318,11 +318,10 @@ KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes, /* SHA3-224 */ while (pos == 0 && nlanes >= 18) { - absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); - absorb_lanes64_2(&hd->u.state64[8], lanes + 8 * 8); - absorb_lanes64_8(&hd->u.state64[10], lanes + 8 * 10); - lanes += 8 * 18; nlanes -= 18; + absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8; + absorb_lanes64_8(&hd->u.state64[8], lanes); lanes += 8 * 8; + absorb_lanes64_2(&hd->u.state64[16], lanes); lanes += 8 * 2; burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); } @@ -332,11 +331,10 @@ KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes, /* SHA3-256 & SHAKE256 */ while (pos == 0 && nlanes >= 17) { - absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); - absorb_lanes64_8(&hd->u.state64[8], lanes + 8 * 8); - absorb_lanes64_1(&hd->u.state64[16], lanes + 8 * 16); - lanes += 8 * 17; nlanes -= 17; + absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8; + absorb_lanes64_8(&hd->u.state64[8], lanes); lanes += 8 * 8; + absorb_lanes64_1(&hd->u.state64[16], lanes); lanes += 8 * 1; burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); } @@ -346,11 +344,10 @@ KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes, /* SHA3-384 */ while (pos == 0 && nlanes >= 13) { - absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); - absorb_lanes64_4(&hd->u.state64[8], lanes + 8 * 8); - absorb_lanes64_1(&hd->u.state64[12], lanes + 8 * 12); - lanes += 8 * 13; nlanes -= 13; + absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8; + absorb_lanes64_4(&hd->u.state64[8], lanes); lanes += 8 * 4; + absorb_lanes64_1(&hd->u.state64[12], lanes); lanes += 8 * 1; burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); } @@ -360,10 +357,9 @@ KECCAK_F1600_ABSORB_FUNC_NAME(KECCAK_STATE *hd, int pos, const byte *lanes, /* SHA3-512 */ while (pos == 0 && nlanes >= 9) { - absorb_lanes64_8(&hd->u.state64[0], lanes + 8 * 0); - absorb_lanes64_1(&hd->u.state64[8], lanes + 8 * 8); - lanes += 8 * 9; nlanes -= 9; + absorb_lanes64_8(&hd->u.state64[0], lanes); lanes += 8 * 8; + absorb_lanes64_1(&hd->u.state64[8], lanes); lanes += 8 * 1; burn = KECCAK_F1600_PERMUTE_FUNC_NAME(hd); } commit 15ea0acf8bb0aa307eccc23024a0bd7878fb8080 Author: Jussi Kivilinna Date: Wed Nov 18 09:44:18 2015 +0200 Update license information for CRC * LICENSES: Remove 'Simple permissive' and 'IETF permissive' licenses for 'cipher/crc.c' as result of rewrite of CRC implementations. -- Signed-off-by: Jussi Kivilinna diff --git a/LICENSES b/LICENSES index 6c09e1f..ff8b7fa 100644 --- a/LICENSES +++ b/LICENSES @@ -54,56 +54,6 @@ with any binary distributions derived from the GNU C Library. SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #+end_quote -* Simple permissive licenses - - For files: - - cipher/crc.c - -#+begin_quote - Copyright (c) 1996 L. Peter Deutsch - - Permission is granted to copy and distribute this document for - any purpose and without charge, including translations into - other languages and incorporation into compilations, provided - that the copyright notice and this notice are preserved, and - that any substantive changes or deletions from the original are - clearly marked. -#+end_quote - -* IETF permissive licenses - - For files: - - cipher/crc.c - -#+begin_quote - Copyright (C) The Internet Society (1998). All Rights Reserved. - - This document and translations of it may be copied and furnished - to others, and derivative works that comment on or otherwise - explain it or assist in its implementation may be prepared, - copied, published and distributed, in whole or in part, without - restriction of any kind, provided that the above copyright notice - and this paragraph are included on all such copies and derivative - works. However, this document itself may not be modified in any - way, such as by removing the copyright notice or references to - the Internet Society or other Internet organizations, except as - needed for the purpose of developing Internet standards in which - case the procedures for copyrights defined in the Internet - Standards process must be followed, or as required to translate - it into languages other than English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assigns. - - This document and the information contained herein is provided on - an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET - ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE - OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY - IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR - PURPOSE. -#+end_quote - * X License For files: ----------------------------------------------------------------------- Summary of changes: LICENSES | 50 ---------------------------------------------- cipher/keccak_permute_32.h | 13 ++++++------ cipher/keccak_permute_64.h | 44 +++++++++++++++++++--------------------- 3 files changed, 27 insertions(+), 80 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 18 13:41:34 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Wed, 18 Nov 2015 13:41:34 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.6-7-gf238a58 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via f238a58772b7d51362ca7d819e1648a64ff50d57 (commit) from f143d216eff4eac3f05a85640b9f91431aec5588 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f238a58772b7d51362ca7d819e1648a64ff50d57 Author: Neal H. Walfield Date: Wed Nov 18 13:40:47 2015 +0100 tty: Flush output. Show an error if an invalid option is selected. * tty/pinentry-tty.c (confirm): Flush the output after printing the prompt. Echo what the user typed. If the user's selection is invalid, indicate as much. -- Signed-off-by: Neal H. Walfield diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 49571ba..76b6865 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -213,23 +213,28 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) return -1; } - if (pinentry->one_button) - fprintf (ttyfo, "Press any key to continue."); - else - { - fputc ('[', ttyfo); - if (ok) - fputc (tolower (ok), ttyfo); - if (cancel) - fputc (tolower (cancel), ttyfo); - if (notok) - fputc (tolower (notok), ttyfo); - fputs("]? ", ttyfo); - } - while (1) { - int input = fgetc (ttyfi); + int input; + + if (pinentry->one_button) + fprintf (ttyfo, "Press any key to continue."); + else + { + fputc ('[', ttyfo); + if (ok) + fputc (tolower (ok), ttyfo); + if (cancel) + fputc (tolower (cancel), ttyfo); + if (notok) + fputc (tolower (notok), ttyfo); + fputs("]? ", ttyfo); + } + fflush (ttyfo); + + input = fgetc (ttyfi); + fprintf (ttyfo, "%c\n", input); + if (input == EOF || input == 0x4) /* End of file or control-d (= end of file). */ { @@ -262,10 +267,12 @@ confirm (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) ret = 1; break; } + else + { + fprintf (ttyfo, "Invalid selection.\n"); + } } - fputc('\n', ttyfo); - tcsetattr (fileno(ttyfi), TCSANOW, &o_term); return ret; ----------------------------------------------------------------------- Summary of changes: tty/pinentry-tty.c | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 18 15:17:11 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 18 Nov 2015 15:17:11 +0100 Subject: [git] GnuPG - branch, fix-1950, created. gnupg-2.1.9-145-geb54fca Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, fix-1950 has been created at eb54fca4bf3ef8e0cd50b01df5b40e0d6d318d7e (commit) - Log ----------------------------------------------------------------- commit eb54fca4bf3ef8e0cd50b01df5b40e0d6d318d7e Author: Justus Winter Date: Wed Nov 18 15:06:48 2015 +0100 dirmngr: Gracefully handle premature termination of TLS streams. * dirmngr/http.c (close_tls_session): New function. (session_unref): Use the new function to close the TLS stream. (cookie_read): If the stream terminated prematurely, close it and return a short read. -- With this patch, I was able to update all the keys in the Debian keyring over hkps. Signed-off-by: Justus Winter GnuPG-bug-id: 1950 diff --git a/dirmngr/http.c b/dirmngr/http.c index e33a594..60dc45f 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -511,6 +511,27 @@ http_register_tls_ca (const char *fname) } +#ifdef USE_TLS +/* Free the TLS session associated with SESS, if any. */ +static void +close_tls_session (http_session_t sess) +{ + if (sess->tls_session) + { +# ifdef HTTP_USE_GNUTLS + my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session); + my_socket_unref (sock, NULL, NULL); + gnutls_deinit (sess->tls_session); + if (sess->certcred) + gnutls_certificate_free_credentials (sess->certcred); +# endif /*HTTP_USE_GNUTLS*/ + xfree (sess->servername); + sess->tls_session = NULL; + } +} +#endif /*USE_TLS*/ + + /* Release a session. Take care not to release it while it is being used by a http context object. */ static void @@ -527,17 +548,7 @@ session_unref (int lnr, http_session_t sess) return; #ifdef USE_TLS -# ifdef HTTP_USE_GNUTLS - if (sess->tls_session) - { - my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session); - my_socket_unref (sock, NULL, NULL); - gnutls_deinit (sess->tls_session); - } - if (sess->certcred) - gnutls_certificate_free_credentials (sess->certcred); -# endif /*HTTP_USE_GNUTLS*/ - xfree (sess->servername); + close_tls_session (sess); #endif /*USE_TLS*/ xfree (sess); @@ -2447,6 +2458,13 @@ cookie_read (void *cookie, void *buffer, size_t size) } if (nread == GNUTLS_E_REHANDSHAKE) goto again; /* A client is allowed to just ignore this request. */ + if (nread == GNUTLS_E_PREMATURE_TERMINATION) + { + /* The server terminated the connection. Close the TLS + session, and indicate EOF using a short read. */ + close_tls_session (c->session); + return 0; + } log_info ("TLS network read failed: %s\n", gnutls_strerror (nread)); gpg_err_set_errno (EIO); return -1; ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 18 15:34:52 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 18 Nov 2015 15:34:52 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-145-geb54fca Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via eb54fca4bf3ef8e0cd50b01df5b40e0d6d318d7e (commit) from 84ebf15b06e435453b2f58775f97a3a1c61a7e55 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: dirmngr/http.c | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 18 17:35:43 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 18 Nov 2015 17:35:43 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-284-g940dc8a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 940dc8adc034a6c6c38742f6bfd7d837a532d537 (commit) from 6571a64331839d7d952292163afbf34c8bef62e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 940dc8adc034a6c6c38742f6bfd7d837a532d537 Author: Justus Winter Date: Tue Nov 17 16:00:16 2015 +0100 cipher: Fix error handling. * cipher/cipher.c (_gcry_cipher_ctl): Fix error handling. -- Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/cipher/cipher.c b/cipher/cipher.c index ab9f0dc..f163bde 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -1359,6 +1359,7 @@ _gcry_cipher_ctl (gcry_cipher_hd_t h, int cmd, void *buffer, size_t buflen) (&h->context.c, GCRYCTL_SET_SBOX, buffer, buflen); else rc = GPG_ERR_NOT_SUPPORTED; + break; default: rc = GPG_ERR_INV_OP; ----------------------------------------------------------------------- Summary of changes: cipher/cipher.c | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 19 11:40:38 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 19 Nov 2015 11:40:38 +0100 Subject: [git] GPG-ERROR - branch, master, updated. libgpg-error-1.20-10-gee05684 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Error codes used by GnuPG et al.". The branch, master has been updated via ee0568476506e54349a38d4bb34bba5635097279 (commit) via 06af687beaa1f8e72a05bd3a057b73fecb158c3d (commit) from a144fa8863846dc3f6d34731741cd63251620837 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ee0568476506e54349a38d4bb34bba5635097279 Author: Justus Winter Date: Thu Nov 19 11:29:33 2015 +0100 Fix typos found by codespell. -- Signed-off-by: Justus Winter diff --git a/src/estream.c b/src/estream.c index 1c3e772..3a89868 100644 --- a/src/estream.c +++ b/src/estream.c @@ -190,7 +190,7 @@ struct _gpgrt_stream_internal gpgrt_cookie_close_function_t func_close; cookie_ioctl_function_t func_ioctl; int strategy; - es_syshd_t syshd; /* A copy of the sytem handle. */ + es_syshd_t syshd; /* A copy of the system handle. */ struct { unsigned int err: 1; @@ -587,7 +587,7 @@ typedef struct estream_cookie_mem supplied buffer with the initial conetnt of the memory buffer. If DATA is NULL, DATA_N and DATA_LEN need to be 0 as well. If DATA is not NULL, DATA_N gives the allocated size of DATA and DATA_LEN the - used length in DATA. If this fucntion succeeds DATA is now owned + used length in DATA. If this function succeeds DATA is now owned by this function. If GROW is false FUNC_REALLOC is not required. */ static int @@ -2965,7 +2965,7 @@ _gpgrt_fopenmem (size_t memlimit, const char *_GPGRT__RESTRICT mode) /* This is the same as es_fopenmem but intializes the memory with a - copy of (DATA,DATALEN). The stream is initally set to the + copy of (DATA,DATALEN). The stream is initially set to the beginning. If MEMLIMIT is not 0 but shorter than DATALEN it DATALEN will be used as the value for MEMLIMIT. */ estream_t diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in index 61b57fc..28581e0 100644 --- a/src/gpg-error.h.in +++ b/src/gpg-error.h.in @@ -119,7 +119,7 @@ typedef enum /* We would really like to use bit-fields in a struct, but using structs as return values can cause binary compatibility issues, in - particular if you want to do it effeciently (also see + particular if you want to do it efficiently (also see -freg-struct-return option to GCC). */ typedef unsigned int gpg_error_t; @@ -501,7 +501,7 @@ enum gpgrt_syshd_types GPGRT_SYSHD_NONE = 0, /* No system handle available. */ GPGRT_SYSHD_FD = 1, /* A file descriptor as returned by open(). */ GPGRT_SYSHD_SOCK = 2, /* A socket as returned by socket(). */ - GPGRT_SYSHD_RVID = 3, /* A rendevous id (see libassuan's gpgcedev.c). */ + GPGRT_SYSHD_RVID = 3, /* A rendezvous id (see libassuan's gpgcedev.c). */ GPGRT_SYSHD_HANDLE = 4 /* A HANDLE object (Windows). */ }; diff --git a/src/w32-gettext.c b/src/w32-gettext.c index 89f505d..2eb0289 100644 --- a/src/w32-gettext.c +++ b/src/w32-gettext.c @@ -108,7 +108,7 @@ MyCreateFileA (LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwSharedMode, /* Written by Ulrich Drepper , 1995. */ /* Win32 code written by Tor Lillqvist . */ -/* Renamed _nl_locale_name, removed unsed args, removed include files, +/* Renamed _nl_locale_name, removed unused args, removed include files, non-W32 code and changed comments . */ /* Mingw headers don't have latest language and sublanguage codes. */ diff --git a/tests/t-lock.c b/tests/t-lock.c index 831e224..1ccf815 100644 --- a/tests/t-lock.c +++ b/tests/t-lock.c @@ -81,7 +81,7 @@ init_accounts (void) } -/* Check that the sum of all accounts matches the intial sum. */ +/* Check that the sum of all accounts matches the initial sum. */ static void check_accounts (void) { @@ -114,7 +114,7 @@ get_rand (int high) } -/* Pick a random account. Note that this fucntion is not +/* Pick a random account. Note that this function is not thread-safe. */ static int pick_account (void) commit 06af687beaa1f8e72a05bd3a057b73fecb158c3d Author: Justus Winter Date: Thu Nov 19 11:21:21 2015 +0100 Avoid 'malloc' corner case. * src/init.c (_gpgrt_realloc): Avoid calling 'malloc(0)'. -- Previously, if '_gpgrt_realloc' was called with both A and N being zero, malloc is invoked with a size of zero. This happens e.g. when calling '_gpgrt_free' with a NULL pointer, which is supposed to be a no-op. Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/src/init.c b/src/init.c index e84b234..7abb6ff 100644 --- a/src/init.c +++ b/src/init.c @@ -171,15 +171,15 @@ _gpgrt_realloc (void *a, size_t n) if (custom_realloc) return custom_realloc (a, n); - if (!a) - return malloc (n); - if (!n) { free (a); return NULL; } + if (!a) + return malloc (n); + return realloc (a, n); } ----------------------------------------------------------------------- Summary of changes: src/estream.c | 6 +++--- src/gpg-error.h.in | 4 ++-- src/init.c | 6 +++--- src/w32-gettext.c | 2 +- tests/t-lock.c | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) hooks/post-receive -- Error codes used by GnuPG et al. http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 19 15:09:25 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 19 Nov 2015 15:09:25 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-146-gf596f8d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via f596f8defa5add33d2b4f381c317e1a006cda1fb (commit) from eb54fca4bf3ef8e0cd50b01df5b40e0d6d318d7e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f596f8defa5add33d2b4f381c317e1a006cda1fb Author: Justus Winter Date: Thu Nov 19 14:38:30 2015 +0100 dirmngr: Fix typo. -- Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 7bb4ffe..8ab0d55 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -90,7 +90,7 @@ struct hostinfo_s NULL if NAME has a numeric IP address or no v4 address is available. */ char *v6addr; /* A string with the v6 IP address of the host. - NULL if NAME has a numeric IP address or no v4 + NULL if NAME has a numeric IP address or no v6 address is available. */ char name[1]; /* The hostname. */ }; ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-hkp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 19 15:11:44 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 19 Nov 2015 15:11:44 +0100 Subject: [git] GnuPG - branch, justus/fix-1788, created. gnupg-2.1.9-150-g1677c6f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, justus/fix-1788 has been created at 1677c6f5d51551882e6c59677a5d73870f9b4e2a (commit) - Log ----------------------------------------------------------------- commit 1677c6f5d51551882e6c59677a5d73870f9b4e2a Author: Justus Winter Date: Thu Nov 19 15:03:30 2015 +0100 dirmngr: Honor ports specified in SRV records. * dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'. (create_new_hostinfo): Initialize 'port'. (add_host): Add host parameter and update the hosttable entry. (map_host): Return port if known, adjust calls to 'add_host'. (make_host_part): Let 'map_host' specify the port if known. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index f015998..9b21233 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -92,6 +92,7 @@ struct hostinfo_s char *v6addr; /* A string with the v6 IP address of the host. NULL if NAME has a numeric IP address or no v6 address is available. */ + unsigned short port; /* The port used by the host, 0 if unknown. */ char name[1]; /* The hostname. */ }; @@ -131,6 +132,7 @@ create_new_hostinfo (const char *name) hi->cname = NULL; hi->v4addr = NULL; hi->v6addr = NULL; + hi->port = 0; /* Add it to the hosttable. */ for (idx=0; idx < hosttable_size; idx++) @@ -256,10 +258,13 @@ arecords_is_pool (dns_addrinfo_t aibuf) } -/* Add the host AI under the NAME into the HOSTTABLE. Updates the - given reference table. */ +/* Add the host AI under the NAME into the HOSTTABLE. If PORT is not + zero, it specifies which port to use to talk to the host. If NAME + specifies a pool (as indicated by IS_POOL), update the given + reference table accordingly. */ static void -add_host (const char *name, const dns_addrinfo_t ai, int is_pool, +add_host (const char *name, int is_pool, + const dns_addrinfo_t ai, unsigned short port, int *reftbl, size_t reftblsize, int *refidx) { gpg_error_t tmperr; @@ -322,6 +327,9 @@ add_host (const char *name, const dns_addrinfo_t ai, int is_pool, { char *ipaddr = NULL; + if (port) + hosttable[tmpidx]->port = port; + if (!is_numeric) { xfree (tmphost); @@ -371,13 +379,16 @@ add_host (const char *name, const dns_addrinfo_t ai, int is_pool, failed for some time and we stick to one host for a time independent of DNS retry times. If FORCE_RESELECT is true a new host is always selected. The selected host is stored as a malloced - string at R_HOST; on error NULL is stored. If R_HTTPFLAGS is not + string at R_HOST; on error NULL is stored. If we know the port + used by the selected host, a string representation is written to + R_PORTSTR, otherwise it is left untouched. If R_HTTPFLAGS is not NULL it will receive flags which are to be passed to http_open. If R_POOLNAME is not NULL a malloced name of the pool is stored or NULL if it is not a pool. */ static gpg_error_t map_host (ctrl_t ctrl, const char *name, int force_reselect, - char **r_host, unsigned int *r_httpflags, char **r_poolname) + char **r_host, char *r_portstr, + unsigned int *r_httpflags, char **r_poolname) { gpg_error_t err = 0; hostinfo_t hi; @@ -465,7 +476,8 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, if (err) continue; dirmngr_tick (ctrl); - add_host (name, ai, is_pool, reftbl, reftblsize, &refidx); + add_host (name, is_pool, ai, srvs[i].port, + reftbl, reftblsize, &refidx); } xfree (srvs); @@ -499,7 +511,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, continue; dirmngr_tick (ctrl); - add_host (name, ai, is_pool, reftbl, reftblsize, &refidx); + add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx); } } reftbl[refidx] = -1; @@ -604,6 +616,9 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, } return err; } + if (hi->port) + snprintf (r_portstr, 6 /* five digits and the sentinel */, + "%hu", hi->port); return 0; } @@ -855,16 +870,24 @@ make_host_part (ctrl_t ctrl, *r_hostport = NULL; + portstr[0] = 0; + err = map_host (ctrl, host, force_reselect, + &hostname, portstr, r_httpflags, r_poolname); + if (err) + return err; + /* Map scheme and port. */ if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https")) { scheme = "https"; - strcpy (portstr, "443"); + if (! *portstr) + strcpy (portstr, "443"); } else /* HKP or HTTP. */ { scheme = "http"; - strcpy (portstr, "11371"); + if (! *portstr) + strcpy (portstr, "11371"); } if (port) snprintf (portstr, sizeof portstr, "%hu", port); @@ -873,11 +896,6 @@ make_host_part (ctrl_t ctrl, /*fixme_do_srv_lookup ()*/ } - err = map_host (ctrl, host, force_reselect, - &hostname, r_httpflags, r_poolname); - if (err) - return err; - *r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL); xfree (hostname); if (!*r_hostport) commit ecbcacfc773a7b71cf5b16d95c6e3b2109e54153 Author: Justus Winter Date: Thu Nov 19 14:29:36 2015 +0100 dirmngr: Support hkp server pools using SRV records. * dirmngr/ks-engine-hkp.c (map_host): Handle SRV records. -- Signed-off-by: Justus Winter GnuPG-bug-id: 1788 diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index d57b577..f015998 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -415,6 +415,9 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, int refidx; int is_pool = 0; char *cname; + char *srvrecord; + struct srventry *srvs; + int srvscount; reftblsize = 100; reftbl = xtrymalloc (reftblsize * sizeof *reftbl); @@ -431,6 +434,43 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, } hi = hosttable[idx]; + /* Check for SRV records. */ + asprintf (&srvrecord, "_hkp._tcp.%s", name); + if (srvrecord == NULL) + { + err = gpg_error_from_syserror (); + xfree (reftbl); + return err; + } + + srvscount = getsrv (srvrecord, &srvs); + xfree (srvrecord); + if (srvscount < 0) + { + err = gpg_error_from_syserror (); + xfree (reftbl); + return err; + } + + if (srvscount > 0) + { + int i; + is_pool = srvscount > 1; + + for (i = 0; i < srvscount; i++) + { + err = resolve_dns_name (srvs[i].target, 0, + AF_UNSPEC, SOCK_STREAM, + &ai, &cname); + if (err) + continue; + dirmngr_tick (ctrl); + add_host (name, ai, is_pool, reftbl, reftblsize, &refidx); + } + + xfree (srvs); + } + /* Find all A records for this entry and put them into the pool list - if any. */ err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname); @@ -446,7 +486,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, the canonical name of the pool as the virtual host along with the IP addresses. If it is not a pool, we use the specified name. */ - is_pool = arecords_is_pool (aibuf); + is_pool |= arecords_is_pool (aibuf); if (is_pool && cname) { hi->cname = cname; commit 24db34445abe2ed90e38a556e7a41cc9c5907c44 Author: Justus Winter Date: Thu Nov 19 13:00:59 2015 +0100 irmngr: Refactor 'map_host'. * dirmngr/ks-engine-hkp.c (add_host): New function. (map_host): Use the new function. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index b9eca0e..d57b577 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -256,6 +256,115 @@ arecords_is_pool (dns_addrinfo_t aibuf) } +/* Add the host AI under the NAME into the HOSTTABLE. Updates the + given reference table. */ +static void +add_host (const char *name, const dns_addrinfo_t ai, int is_pool, + int *reftbl, size_t reftblsize, int *refidx) +{ + gpg_error_t tmperr; + char *tmphost; + int idx, tmpidx; + int is_numeric = 0; + int i; + + idx = find_hostinfo (name); + + if (!is_pool && !is_ip_address (name)) + { + /* This is a hostname but not a pool. Use the name + as given without going through resolve_dns_addr. */ + tmphost = xtrystrdup (name); + if (!tmphost) + tmperr = gpg_error_from_syserror (); + else + tmperr = 0; + } + else + { + tmperr = resolve_dns_addr (ai->addr, ai->addrlen, + DNS_WITHBRACKET, &tmphost); + if (tmphost && is_ip_address (tmphost)) + is_numeric = 1; + } + + if (tmperr) + { + log_info ("resolve_dns_addr failed while checking '%s': %s\n", + name, gpg_strerror (tmperr)); + } + else if ((*refidx) + 1 >= reftblsize) + { + log_error ("resolve_dns_addr for '%s': '%s'" + " [index table full - ignored]\n", name, tmphost); + } + else + { + if (!is_pool && is_ip_address (name)) + /* Update the original entry. */ + tmpidx = idx; + else + tmpidx = find_hostinfo (tmphost); + log_info ("resolve_dns_addr for '%s': '%s'%s\n", + name, tmphost, + tmpidx == -1? "" : " [already known]"); + + if (tmpidx == -1) /* Create a new entry. */ + tmpidx = create_new_hostinfo (tmphost); + + if (tmpidx == -1) + { + log_error ("map_host for '%s' problem: %s - '%s'" + " [ignored]\n", + name, strerror (errno), tmphost); + } + else /* Set or update the entry. */ + { + char *ipaddr = NULL; + + if (!is_numeric) + { + xfree (tmphost); + tmperr = resolve_dns_addr (ai->addr, ai->addrlen, + (DNS_NUMERICHOST + | DNS_WITHBRACKET), + &tmphost); + if (tmperr) + log_info ("resolve_dns_addr failed: %s\n", + gpg_strerror (tmperr)); + else + { + ipaddr = tmphost; + tmphost = NULL; + } + } + + if (ai->family == AF_INET6) + { + hosttable[tmpidx]->v6 = 1; + xfree (hosttable[tmpidx]->v6addr); + hosttable[tmpidx]->v6addr = ipaddr; + } + else if (ai->family == AF_INET) + { + hosttable[tmpidx]->v4 = 1; + xfree (hosttable[tmpidx]->v4addr); + hosttable[tmpidx]->v4addr = ipaddr; + } + else + BUG (); + + for (i=0; i < *refidx; i++) + if (reftbl[i] == tmpidx) + break; + if (!(i < *refidx) && tmpidx != idx) + reftbl[(*refidx)++] = tmpidx; + } + } + xfree (tmphost); +} + + /* Map the host name NAME to the actual to be used host name. This allows us to manage round robin DNS names. We use our own strategy to choose one of the hosts. For example we skip those hosts which @@ -346,109 +455,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, for (ai = aibuf; ai; ai = ai->next) { - gpg_error_t tmperr; - char *tmphost; - int tmpidx; - int is_numeric = 0; - int i; - if (ai->family != AF_INET && ai->family != AF_INET6) continue; - dirmngr_tick (ctrl); - if (!is_pool && !is_ip_address (name)) - { - /* This is a hostname but not a pool. Use the name - as given without going through resolve_dns_addr. */ - tmphost = xtrystrdup (name); - if (!tmphost) - tmperr = gpg_error_from_syserror (); - else - tmperr = 0; - } - else - { - tmperr = resolve_dns_addr (ai->addr, ai->addrlen, - DNS_WITHBRACKET, &tmphost); - if (tmphost && is_ip_address (tmphost)) - is_numeric = 1; - } - - if (tmperr) - { - log_info ("resolve_dns_addr failed while checking '%s': %s\n", - name, gpg_strerror (tmperr)); - } - else if (refidx+1 >= reftblsize) - { - log_error ("resolve_dns_addr for '%s': '%s'" - " [index table full - ignored]\n", name, tmphost); - } - else - { - if (!is_pool && is_ip_address (name)) - /* Update the original entry. */ - tmpidx = idx; - else - tmpidx = find_hostinfo (tmphost); - log_info ("resolve_dns_addr for '%s': '%s'%s\n", - name, tmphost, - tmpidx == -1? "" : " [already known]"); - - if (tmpidx == -1) /* Create a new entry. */ - tmpidx = create_new_hostinfo (tmphost); - - if (tmpidx == -1) - { - log_error ("map_host for '%s' problem: %s - '%s'" - " [ignored]\n", - name, strerror (errno), tmphost); - } - else /* Set or update the entry. */ - { - char *ipaddr = NULL; - - if (!is_numeric) - { - xfree (tmphost); - tmperr = resolve_dns_addr (ai->addr, ai->addrlen, - (DNS_NUMERICHOST - | DNS_WITHBRACKET), - &tmphost); - if (tmperr) - log_info ("resolve_dns_addr failed: %s\n", - gpg_strerror (tmperr)); - else - { - ipaddr = tmphost; - tmphost = NULL; - } - } - - if (ai->family == AF_INET6) - { - hosttable[tmpidx]->v6 = 1; - xfree (hosttable[tmpidx]->v6addr); - hosttable[tmpidx]->v6addr = ipaddr; - } - else if (ai->family == AF_INET) - { - hosttable[tmpidx]->v4 = 1; - xfree (hosttable[tmpidx]->v4addr); - hosttable[tmpidx]->v4addr = ipaddr; - } - else - BUG (); - - for (i=0; i < refidx; i++) - if (reftbl[i] == tmpidx) - break; - if (!(i < refidx) && tmpidx != idx) - reftbl[refidx++] = tmpidx; - } - } - xfree (tmphost); + add_host (name, ai, is_pool, reftbl, reftblsize, &refidx); } } reftbl[refidx] = -1; commit 8c7490eb17e130181d4809ca36c3f66054c42323 Author: Justus Winter Date: Thu Nov 19 12:43:23 2015 +0100 dirmngr: Refactor 'map_host'. * dirmngr/ks-engine-hkp.c (arecords_is_pool): New function. (map_host): Use the new function. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 8ab0d55..b9eca0e 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -236,6 +236,26 @@ select_random_host (int *table) } +/* Figure out if a set of DNS records looks like a pool. */ +static int +arecords_is_pool (dns_addrinfo_t aibuf) +{ + dns_addrinfo_t ai; + int n_v6, n_v4; + + n_v6 = n_v4 = 0; + for (ai = aibuf; ai; ai = ai->next) + { + if (ai->family != AF_INET6) + n_v6++; + else if (ai->family != AF_INET) + n_v4++; + } + + return n_v6 > 1 || n_v4 > 1; +} + + /* Map the host name NAME to the actual to be used host name. This allows us to manage round robin DNS names. We use our own strategy to choose one of the hosts. For example we skip those hosts which @@ -312,23 +332,12 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, } else { - int n_v6, n_v4; - /* First figure out whether this is a pool. For a pool we use a different strategy than for a plain server: We use the canonical name of the pool as the virtual host along with the IP addresses. If it is not a pool, we use the specified name. */ - n_v6 = n_v4 = 0; - for (ai = aibuf; ai; ai = ai->next) - { - if (ai->family != AF_INET6) - n_v6++; - else if (ai->family != AF_INET) - n_v4++; - } - if (n_v6 > 1 || n_v4 > 1) - is_pool = 1; + is_pool = arecords_is_pool (aibuf); if (is_pool && cname) { hi->cname = cname; ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 19 17:50:34 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Thu, 19 Nov 2015 17:50:34 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-108-g1362563 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 1362563c9370cc9c00463293a7f6eeb91b9424de (commit) from 36547fa3ff1c40d6b4b1204f44d3c0966354c73d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1362563c9370cc9c00463293a7f6eeb91b9424de Author: Andre Heinecke Date: Thu Nov 19 17:42:50 2015 +0100 Fix DllCanUnloadNow behavior * src/gpgoladdin.cpp (DllCanUnloadNow): Only return OK if the addin is not connected. -- The addinlocks variable made no sense to use for this. Now we just check if we are connected or not. When we are not connected no callbacks are used and it is safe to unload gpgol. Otherwise we can't be safely unloaded. GnuPG-Bug-Id: 1837 diff --git a/src/gpgoladdin.cpp b/src/gpgoladdin.cpp index 269c2af..5496eed 100644 --- a/src/gpgoladdin.cpp +++ b/src/gpgoladdin.cpp @@ -61,6 +61,8 @@ ULONG addinLocks = 0; +bool can_unload = false; + /* This is the main entry point for the addin Outlook uses this function to query for an Object implementing the IClassFactory interface. @@ -92,7 +94,13 @@ STDAPI DllGetClassObject (REFCLSID rclsid, REFIID riid, LPVOID* ppvObj) STDAPI DllCanUnloadNow() { - return addinLocks == 0 ? S_OK : S_FALSE; + /* This is called regularly to check if memory can be freed + by unloading the dll. The following unload will not call + any addin methods like disconnect etc. It will just + unload the Library. Any callbacks will become invalid. + So we _only_ say it's ok to unload if we were disconnected. + For the epic story behind the next line see GnuPG-Bug-Id 1837 */ + return can_unload ? S_OK : S_FALSE; } /* Class factory */ @@ -228,6 +236,7 @@ GpgolAddin::OnConnection (LPDISPATCH Application, ext_ConnectMode ConnectMode, log_debug ("%s:%s: in Outlook %s\n", SRCNAME, __func__, gpgme_check_version (NULL)); + can_unload = false; m_application = Application; m_application->AddRef(); m_addin = AddInInst; @@ -285,6 +294,7 @@ GpgolAddin::OnDisconnection (ext_DisconnectMode RemoveMode, } write_options(); + can_unload = true; return S_OK; } ----------------------------------------------------------------------- Summary of changes: src/gpgoladdin.cpp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 19 17:58:09 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 19 Nov 2015 17:58:09 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-152-g6b14df5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 6b14df5525777ee0330a34a7b335359f562616a4 (commit) via b223cde311e4e02f7983e33fe3d7214287dfb678 (commit) via a1650b1edf80c2526c0576547b3a574e8d30f1fa (commit) via eb957ffc4797fb019c505510295af244baf5be38 (commit) via 52f7f195b119dc01bdf3ae200fdc8e04a0bb9bcb (commit) via 6a37b45a7f13cf5d2ae7d6c9cd796a4bd197b80d (commit) from f596f8defa5add33d2b4f381c317e1a006cda1fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6b14df5525777ee0330a34a7b335359f562616a4 Author: Justus Winter Date: Thu Nov 19 17:37:32 2015 +0100 dirmngr: Improve error handling. * dirmngr/crlcache.c (crl_cache_cert_isvalid): Add missing break. -- Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/dirmngr/crlcache.c b/dirmngr/crlcache.c index 6d3f8ce..13d8a26 100644 --- a/dirmngr/crlcache.c +++ b/dirmngr/crlcache.c @@ -1512,6 +1512,7 @@ crl_cache_cert_isvalid (ctrl_t ctrl, ksba_cert_t cert, break; case CRL_CACHE_DONTKNOW: err = gpg_error (GPG_ERR_NO_CRL_KNOWN); + break; case CRL_CACHE_CANTUSE: err = gpg_error (GPG_ERR_NO_CRL_KNOWN); break; commit b223cde311e4e02f7983e33fe3d7214287dfb678 Author: Justus Winter Date: Thu Nov 19 16:45:09 2015 +0100 dirmngr: Fix memory leak. * dirmngr/ldap.c (start_cert_fetch_ldap): Avoid leaking all malloc'ed arguments. -- Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index 8a543a4..1fe8a81 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -525,8 +525,9 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, const char *user; const char *pass; const char *base; - const char *argv[50]; + char *argv[50]; int argc; + int argc_malloced; char portbuf[30], timeoutbuf[30]; @@ -583,6 +584,8 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, argv[argc++] = user; } + /* All entries in argv from this index on are malloc'ed. */ + argc_malloced = argc; for (; patterns; patterns = patterns->next) { @@ -602,8 +605,8 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, { log_error (_("start_cert_fetch: invalid pattern '%s'\n"), patterns->d); - /* fixme: cleanup argv. */ - return gpg_error (GPG_ERR_INV_USER_ID); + err = gpg_error (GPG_ERR_INV_USER_ID); + goto leave; } if ((sl->flags & 1)) err = make_url (&url, sl->d, "objectClass=*"); @@ -611,17 +614,17 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, err = make_url (&url, base, sl->d); free_strlist (sl); if (err) - { - /* fixme: cleanup argv. */ - return err; - } + goto leave; argv[argc++] = url; } argv[argc] = NULL; *context = xtrycalloc (1, sizeof **context); if (!*context) - return gpg_error_from_errno (errno); + { + err = gpg_error_from_errno (errno); + goto leave; + } err = ldap_wrapper (ctrl, &(*context)->reader, argv); @@ -631,6 +634,9 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, *context = NULL; } + leave: + for (; argc_malloced < argc; argc_malloced++) + xfree (argv[argc_malloced]); return err; } commit a1650b1edf80c2526c0576547b3a574e8d30f1fa Author: Justus Winter Date: Thu Nov 19 16:18:20 2015 +0100 agent: Improve error handling. * agent/trustlist.c (istrusted_internal): Initialize 'err'. -- There is a plausible path of execution so that a branch condition uses the uninitialized value. Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/agent/trustlist.c b/agent/trustlist.c index 175ebe4..af5f645 100644 --- a/agent/trustlist.c +++ b/agent/trustlist.c @@ -398,7 +398,7 @@ static gpg_error_t istrusted_internal (ctrl_t ctrl, const char *fpr, int *r_disabled, int already_locked) { - gpg_error_t err; + gpg_error_t err = 0; int locked = already_locked; trustitem_t *ti; size_t len; commit eb957ffc4797fb019c505510295af244baf5be38 Author: Justus Winter Date: Thu Nov 19 16:13:55 2015 +0100 common: Avoid undefined behavior. * common/iobuf.c (iobuf_esopen): Initialize 'len' as 'file_es_filter' will make use of it. -- Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/common/iobuf.c b/common/iobuf.c index 12affcb..d49de96 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -1391,7 +1391,7 @@ iobuf_esopen (estream_t estream, const char *mode, int keep_open) { iobuf_t a; file_es_filter_ctx_t *fcx; - size_t len; + size_t len = 0; a = iobuf_alloc (strchr (mode, 'w') ? IOBUF_OUTPUT : IOBUF_INPUT, IOBUF_BUFFER_SIZE); commit 52f7f195b119dc01bdf3ae200fdc8e04a0bb9bcb Author: Justus Winter Date: Thu Nov 19 15:48:01 2015 +0100 g10: Avoid undefined behavior. * g10/trust.c (clean_one_uid): Avoid a computation involving an uninitialized value. -- Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/g10/trust.c b/g10/trust.c index a89b0e5..f46aeea 100644 --- a/g10/trust.c +++ b/g10/trust.c @@ -704,7 +704,7 @@ void clean_one_uid (kbnode_t keyblock, kbnode_t uidnode, int noisy, int self_only, int *uids_cleaned, int *sigs_cleaned) { - int dummy; + int dummy = 0; assert (keyblock->pkt->pkttype==PKT_PUBLIC_KEY); assert (uidnode->pkt->pkttype==PKT_USER_ID); commit 6a37b45a7f13cf5d2ae7d6c9cd796a4bd197b80d Author: Justus Winter Date: Tue Nov 17 18:05:51 2015 +0100 scd: Improve error handling. * scd/app-openpgp.c (get_public_key): Improve error handling. -- Found using the Clang Static Analyzer. Signed-off-by: Justus Winter diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index a7601b8..0fcfffe 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1468,7 +1468,7 @@ get_public_key (app_t app, int keyno) xfree (buffer); xfree (mbuf); xfree (ebuf); - return 0; + return err; } #endif /* GNUPG_MAJOR_VERSION > 1 */ ----------------------------------------------------------------------- Summary of changes: agent/trustlist.c | 2 +- common/iobuf.c | 2 +- dirmngr/crlcache.c | 1 + dirmngr/ldap.c | 22 ++++++++++++++-------- g10/trust.c | 2 +- scd/app-openpgp.c | 2 +- 6 files changed, 19 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 20 12:17:22 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 20 Nov 2015 12:17:22 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-153-g46e128d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 46e128d44a0456dc603bc9e25a4c5d8da903b078 (commit) from 6b14df5525777ee0330a34a7b335359f562616a4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 46e128d44a0456dc603bc9e25a4c5d8da903b078 Author: Neal H. Walfield Date: Fri Nov 20 12:17:13 2015 +0100 gpg: Improve an error message. * g10/revoke.c (gen_revoke): Provide a more descriptive error message if searching for a key fails. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1987 diff --git a/g10/revoke.c b/g10/revoke.c index 460f346..0ed2604 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -614,8 +614,12 @@ gen_revoke (const char *uname) rc = keydb_search (kdbhd, &desc, 1, NULL); if (rc) { - log_error (_("secret key \"%s\" not found: %s\n"), - uname, gpg_strerror (rc)); + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + log_error (_("no secret key matches the search term \"%s\"\n"), + uname); + else + log_error (_("error looking up secret key \"%s\": %s\n"), + uname, gpg_strerror (rc)); goto leave; } ----------------------------------------------------------------------- Summary of changes: g10/revoke.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 20 13:01:14 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 20 Nov 2015 13:01:14 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-155-g178af9c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 178af9c3f56d385fe28a9e5e8bde0ab34c0b260e (commit) via f8a65ac96b27a0963892892ce6e93b37b8df1ad7 (commit) from 46e128d44a0456dc603bc9e25a4c5d8da903b078 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 178af9c3f56d385fe28a9e5e8bde0ab34c0b260e Author: Neal H. Walfield Date: Fri Nov 20 13:00:19 2015 +0100 gpg: Fail if the search description passed to --gen-revoke is ambiguous. * g10/revoke.c (gen_revoke): Error out if the search description is ambiguous. -- Signed-off-by: Neal H. Walfield diff --git a/g10/revoke.c b/g10/revoke.c index 0ed2604..8599d17 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -630,6 +630,47 @@ gen_revoke (const char *uname) goto leave; } + rc = keydb_search (kdbhd, &desc, 1, NULL); + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + /* Not ambiguous. */ + { + } + else if (rc == 0) + /* Ambiguous. */ + { + char *info; + + log_error (_("'%s' matches multiple secret keys:\n"), uname); + + info = format_seckey_info (keyblock->pkt->pkt.public_key); + log_error (" %s\n", info); + xfree (info); + release_kbnode (keyblock); + + rc = keydb_get_keyblock (kdbhd, &keyblock); + while (! rc) + { + info = format_seckey_info (keyblock->pkt->pkt.public_key); + log_error (" %s\n", info); + xfree (info); + release_kbnode (keyblock); + keyblock = NULL; + + rc = keydb_search (kdbhd, &desc, 1, NULL); + if (! rc) + rc = keydb_get_keyblock (kdbhd, &keyblock); + } + + rc = GPG_ERR_AMBIGUOUS_NAME; + + goto leave; + } + else + { + log_error (_("error searching the keyring: %s\n"), gpg_strerror (rc)); + goto leave; + } + /* Get the keyid from the keyblock. */ node = find_kbnode (keyblock, PKT_PUBLIC_KEY); if (!node) commit f8a65ac96b27a0963892892ce6e93b37b8df1ad7 Author: Neal H. Walfield Date: Fri Nov 20 12:52:04 2015 +0100 gpg: Refactor print_seckey_info. * g10/keylist.c (print_seckey_info): Break formatting functionality into... (format_seckey_info): ... this new function. -- Signed-off-by: Neal H. Walfield diff --git a/g10/keylist.c b/g10/keylist.c index 9b2d83f..031612c 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -163,20 +163,31 @@ secret_key_list (ctrl_t ctrl, strlist_t list) list_one (ctrl, list, 1, 0); } -void -print_seckey_info (PKT_public_key *pk) +char * +format_seckey_info (PKT_public_key *pk) { u32 keyid[2]; char *p; char pkstrbuf[PUBKEY_STRING_SIZE]; + char *info; keyid_from_pk (pk, keyid); p = get_user_id_native (keyid); - tty_printf ("\nsec %s/%s %s %s\n", - pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), - keystr (keyid), datestr_from_pk (pk), p); + info = xtryasprintf ("sec %s/%s %s %s", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr (keyid), datestr_from_pk (pk), p); + + xfree (p); + return info; +} + +void +print_seckey_info (PKT_public_key *pk) +{ + char *p = format_seckey_info (pk); + tty_printf ("\n%s\n", p); xfree (p); } diff --git a/g10/main.h b/g10/main.h index be4be29..0c2d1a9 100644 --- a/g10/main.h +++ b/g10/main.h @@ -387,6 +387,7 @@ void show_keyserver_url(PKT_signature *sig,int indent,int mode); void show_notation(PKT_signature *sig,int indent,int mode,int which); void dump_attribs (const PKT_user_id *uid, PKT_public_key *pk); void set_attrib_fd(int fd); +char *format_seckey_info (PKT_public_key *pk); void print_seckey_info (PKT_public_key *pk); void print_pubkey_info (estream_t fp, PKT_public_key *pk); void print_card_key_info (estream_t fp, KBNODE keyblock); ----------------------------------------------------------------------- Summary of changes: g10/keylist.c | 21 ++++++++++++++++----- g10/main.h | 1 + g10/revoke.c | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 20 13:27:16 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 20 Nov 2015 13:27:16 +0100 Subject: [git] GnuPG - branch, STABLE-BRANCH-1-4, updated. gnupg-1.4.19-13-g8b5cb54 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, STABLE-BRANCH-1-4 has been updated via 8b5cb544a8a1d9274a072990b13bb1d3cb2f6ab2 (commit) from 6db18e29eb81b37ed6feb592add77d492c60fc35 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8b5cb544a8a1d9274a072990b13bb1d3cb2f6ab2 Author: Werner Koch Date: Fri May 8 16:30:04 2015 +0200 gpg: Avoid cluttering stdout with trustdb info in verbose mode. * g10/trustdb.c (validate_keys): Call dump_key_array only in debug mode. -- I guess that is a left-over from an early attempt to output information on the trustdb for use by other tools. Maybe related to the former --list-trust-path command. Sending it to stdout is probably useful so we do this now only in debug mode. Signed-off-by: Werner Koch Backported to STABLE-BRANCH-1-4 from b03a2647299a6c8764a2574590cbaccdff9e497d by dkg diff --git a/g10/trustdb.c b/g10/trustdb.c index e4317e2..1e3ef5f 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -2435,7 +2435,7 @@ validate_keys (int interactive) ; /* Store the calculated valididation status somewhere */ - if (opt.verbose > 1) + if (opt.verbose > 1 && DBG_TRUST) dump_key_array (depth, keys); for (kar=keys; kar->keyblock; kar++) ----------------------------------------------------------------------- Summary of changes: g10/trustdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 20 15:36:13 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 20 Nov 2015 15:36:13 +0100 Subject: [git] ADNS-g10 - branch, master, updated. adns-1.4-g10-6-18-g0d2f647 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "ADNS migrated to autotools/libtool". The branch, master has been updated via 0d2f64783f35bbae58a5eeabcaf234d04dccfdbc (commit) via c363fb22d3ce24552ab97572e348d2b024a9f16a (commit) via 07a5efec6709a5d597feac2eb8b3b948761ddcda (commit) via 9ebe8804fea36faf28de7a1ec24eefcd496be1d0 (commit) via fdc5d4de3455aa74b3806575c4aca2437891898e (commit) via f94e51db5a7f2d3e44c7574a86c10ca945b51dfc (commit) from 95b256a42bfbe5df1f60440567e5db2cab438e1f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0d2f64783f35bbae58a5eeabcaf234d04dccfdbc Author: Werner Koch Date: Fri Nov 20 15:32:22 2015 +0100 Post release updates -- diff --git a/NEWS b/NEWS index cd34ee5..819f148 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 1.4-g10-8 (unreleased) [C5/A4/R_] +---------------------------------------------------- + + Noteworthy changes in version 1.4-g10-7 (2015-11-20) [C5/A4/R0] ---------------------------------------------------- diff --git a/configure.ac b/configure.ac index b4e9159..cdaa11f 100644 --- a/configure.ac +++ b/configure.ac @@ -29,7 +29,7 @@ min_automake_version="1.14" # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. # See below for the LT version numbers. -m4_define([mym4_version], [1.4-g10-7]) +m4_define([mym4_version], [1.4-g10-8]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit c363fb22d3ce24552ab97572e348d2b024a9f16a Author: Werner Koch Date: Fri Nov 20 14:41:31 2015 +0100 Release 1.4-g10-7. * configure.ac: Bump LT version to C5/A4/R0. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index c4cd807..cd34ee5 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,13 @@ -Noteworthy changes in version 1.4-g10-7 (unreleased) +Noteworthy changes in version 1.4-g10-7 (2015-11-20) [C5/A4/R0] ---------------------------------------------------- + * Implement a mode to use a public nameserver via Tor. This + introduces two new config options and a new init flag. -Noteworthy changes in version 1.4-g10-6 (2015-04-13) + * Fix use of TCP under Windows. + + +Noteworthy changes in version 1.4-g10-6 (2015-04-13) [C4/A4/R3] ---------------------------------------------------- * Fix building for Windows with newer versions of Mingw. diff --git a/configure.ac b/configure.ac index 45ab374..b4e9159 100644 --- a/configure.ac +++ b/configure.ac @@ -52,9 +52,9 @@ AC_INIT([adns], [mym4_full_version], [bug-adns at g10code.com]) # (Interfaces added: CURRENT++, AGE++, REVISION=0) # (No interfaces changed: REVISION++) # Please remember to document interface changes in the NEWS file. -ADNS_LT_CURRENT=4 -ADNS_LT_AGE=3 -ADNS_LT_REVISION=3 +ADNS_LT_CURRENT=5 +ADNS_LT_AGE=4 +ADNS_LT_REVISION=0 # If the API is changed in an incompatible way: increment this counter. ADNS_CONFIG_API_VERSION=1 commit 07a5efec6709a5d597feac2eb8b3b948761ddcda Author: Werner Koch Date: Fri Nov 20 13:26:35 2015 +0100 w32: Fix printf format mismatch. -- diff --git a/src/setup.c b/src/setup.c index c33e2c5..3c9b13c 100644 --- a/src/setup.c +++ b/src/setup.c @@ -654,7 +654,7 @@ read_w32_init_files (adns_state ads) { case ERROR_INVALID_PARAMETER: network_err_str = "ERROR_INVALID_PARAMETER"; break; case ERROR_NO_DATA: network_err_str = "ERROR_NO_DATA"; break; case ERROR_NOT_SUPPORTED: network_err_str = "ERROR_NOT_SUPPORTED"; break;} - adns__diag(ads,-1,0,"GetNetworkParams() failed with error [%d] %s", + adns__diag(ads,-1,0,"GetNetworkParams() failed with error [%lu] %s", network_info_result,network_err_str); } else { commit 9ebe8804fea36faf28de7a1ec24eefcd496be1d0 Author: Werner Koch Date: Fri Nov 20 12:47:24 2015 +0100 w32: Make adns__sock_writev actually work. * src/w32support.c (adns__sock_writev): No error checking for alloca needed. -- ... and the old error checking was plainly wrong. Signed-off-by: Werner Koch diff --git a/src/w32support.c b/src/w32support.c index 67b6b83..4d7bb64 100644 --- a/src/w32support.c +++ b/src/w32support.c @@ -13,20 +13,20 @@ * Copyright (C) 1999-2000,2003,2006 Tony Finch * Copyright (C) 1991 Massachusetts Institute of Technology * (See the file INSTALL for full details.) - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software Foundation, - * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef HAVE_W32_SYSTEM @@ -63,7 +63,7 @@ DllMain (HINSTANCE hinst, DWORD reason, LPVOID reserved) if (!wsa_startup_failed) WSACleanup (); } - + return TRUE; } @@ -175,26 +175,23 @@ adns__sock_sendto (int fd, void *buffer, size_t size, int flags, [Taken and modified from the adns 1.0 W32 port. Note that the original version never worked; that is adns via TCP did not worked with W32.]. */ -int +int adns__sock_writev (int fd, const struct iovec *iov, int iovcount) { size_t total_len = 0; int rc, i; char *buf, *p; - + for (i=0; i < iovcount; i++) total_len += iov[i].iov_len; - + p = buf = alloca (total_len); - if (buf) - return -1; - for (i=0; i < iovcount; i++) { memcpy (p, iov[i].iov_base, iov[i].iov_len); p += iov[i].iov_len; } - + rc = send (fd, buf, total_len, 0); if (rc) errno = adns__sock_wsa2errno (WSAGetLastError()); @@ -203,7 +200,7 @@ adns__sock_writev (int fd, const struct iovec *iov, int iovcount) int -adns__sock_close (int fd) +adns__sock_close (int fd) { int rc = closesocket(fd); if (rc) @@ -226,18 +223,18 @@ adns__sock_select (int nfds, fd_set *rset, fd_set *wset, fd_set *xset, /* inet_aton implementation. [Taken from the adns 1.0 W32 port. - Copyright (C) 2000, 2004 Jarle (jgaa) Aase ] + Copyright (C) 2000, 2004 Jarle (jgaa) Aase ] Returns true if the address is valid, false if not. */ -int +int adns__inet_aton (const char *cp, struct in_addr *inp) { if (!cp || !*cp || !inp) { errno = EINVAL; - return 0; + return 0; } - + if (!strcmp(cp, "255.255.255.255")) { /* Although this is a valid address, the old inet_addr function @@ -245,7 +242,7 @@ adns__inet_aton (const char *cp, struct in_addr *inp) inp->s_addr = INADDR_NONE; return 1; } - + inp->s_addr = inet_addr (cp); return (inp->s_addr != INADDR_NONE); } commit fdc5d4de3455aa74b3806575c4aca2437891898e Author: Werner Koch Date: Fri Nov 20 13:15:40 2015 +0100 Also try port 9150 in Tor mode. * src/w32support.c (ECONNREFUSED): Define if missing. (adns__sock_wsa2errno): Map WSAECONNREFUSED. * src/event.c (socks_connect): Try port 9150. -- The Tor browser uses this port. Signed-off-by: Werner Koch diff --git a/src/event.c b/src/event.c index 6f5c095..1738ed7 100644 --- a/src/event.c +++ b/src/event.c @@ -194,6 +194,12 @@ socks_connect (adns_state ads, int fd, proxyaddr = (struct sockaddr *)&proxyaddr_in; proxyaddrlen = sizeof proxyaddr_in; ret = adns__sock_connect(fd, proxyaddr, proxyaddrlen); + if (ret && errno == ECONNREFUSED) + { + /* Assume the Tor browser is used. */ + proxyaddr_in.sin_port = htons (9150); + ret = adns__sock_connect(fd, proxyaddr, proxyaddrlen); + } if (ret) return ret; diff --git a/src/w32support.c b/src/w32support.c index fcf86aa..67b6b83 100644 --- a/src/w32support.c +++ b/src/w32support.c @@ -41,6 +41,12 @@ static int wsa_startup_failed; +/* Define missing error codes for older Windows compilers. */ +#ifndef ECONNREFUSED +#define ECONNREFUSED 107 +#endif + + int WINAPI DllMain (HINSTANCE hinst, DWORD reason, LPVOID reserved) @@ -81,6 +87,8 @@ adns__sock_wsa2errno (int err) return ENOBUFS; case WSAEMSGSIZE: return EMSGSIZE; + case WSAECONNREFUSED: + return ECONNREFUSED; default: return EIO; } commit f94e51db5a7f2d3e44c7574a86c10ca945b51dfc Author: Werner Koch Date: Thu Nov 19 11:41:03 2015 +0100 w32: Allow building with older toolchains. * src/event.c [W32]: Add replaement errno values. -- The mingw-w64 toolchain in Debian Wheezy seems to miss a few error codes. Signed-off-by: Werner Koch diff --git a/src/event.c b/src/event.c index 064fbd9..6f5c095 100644 --- a/src/event.c +++ b/src/event.c @@ -43,6 +43,36 @@ #include "internal.h" #include "tvarith.h" + +/* Define missing error codes for older Windows compilers. */ +#ifdef HAVE_W32_SYSTEM +# ifndef ENOTSUP +# define ENOTSUP 129 +# endif +# ifndef EPROTO +# define EPROTO 134 +# endif +# ifndef EPROTONOSUPPORT +# define EPROTONOSUPPORT 135 +# endif +# ifndef ENETDOWN +# define ENETDOWN 116 +# endif +# ifndef ENETUNREACH +# define ENETUNREACH 118 +# endif +# ifndef EHOSTUNREACH +# define EHOSTUNREACH 110 +# endif +# ifndef ECONNREFUSED +# define ECONNREFUSED 107 +# endif +# ifndef ETIMEDOUT +# define ETIMEDOUT 138 +# endif +#endif/*HAVE_W32_SYSTEM*/ + + /* TCP connection management. */ static void tcp_close(adns_state ads) { ----------------------------------------------------------------------- Summary of changes: NEWS | 13 +++++++++++-- configure.ac | 8 ++++---- src/event.c | 36 ++++++++++++++++++++++++++++++++++++ src/setup.c | 2 +- src/w32support.c | 41 +++++++++++++++++++++++------------------ 5 files changed, 75 insertions(+), 25 deletions(-) hooks/post-receive -- ADNS migrated to autotools/libtool http://git.gnupg.org From cvs at cvs.gnupg.org Sun Nov 22 17:16:58 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Sun, 22 Nov 2015 17:16:58 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-115-gf8ccdc6 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via f8ccdc665fa554b70d24b2f606f016986a14652e (commit) via 2d5127b9faebe6677fa335cc8d20f52241fc7eb5 (commit) via 978b651f156049bfb7e35fc931c644acec83b5f3 (commit) via 642fd5b02bd3b0f3545e8bed68e3625663cacab3 (commit) via 9b77ef1253a881ab1c75022b2ad887b4cd2b0489 (commit) via f67f41e0775336225e175f8b22e820b191dc4606 (commit) via 1ee1143f6c00ab35f48651059bca820967d86755 (commit) from 1362563c9370cc9c00463293a7f6eeb91b9424de (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f8ccdc665fa554b70d24b2f606f016986a14652e Author: Andre Heinecke Date: Sun Nov 22 17:13:46 2015 +0100 Use mlang charset conversion in RFC2047 parser * src/rfc2047parse.c (rfc2047_decode_tokens): Use malang-charset conversion. (_rfc2047_token, rfc2047_token_new_encoded_word): Unconstify charset. (rfc2047_token_free): New. Also free charset. (rfc2047_tokens_free): Use token_free. (g_mime_utils_header_decode_phrase): Cleanup redundant code. (rfc2047_parse): Ditto. -- At least with a latin1 encoded mail from Kmail this worked and it's probably the same conversion Outlook uses internally so his should support everything that outlook supports. diff --git a/src/rfc2047parse.c b/src/rfc2047parse.c index 72b195a..d60fc35 100644 --- a/src/rfc2047parse.c +++ b/src/rfc2047parse.c @@ -33,6 +33,7 @@ #include #include "common.h" +#include "mlang-charset.h" #include "gmime-table-private.h" @@ -61,7 +62,7 @@ static unsigned char gmime_base64_rank[256] = { typedef struct _rfc2047_token { struct _rfc2047_token *next; - const char *charset; + char *charset; const char *text; size_t length; char encoding; @@ -86,8 +87,9 @@ rfc2047_token_new_encoded_word (const char *word, size_t len) { rfc2047_token *token; const char *payload; - const char *charset; + char *charset; const char *inptr; + const char *tmpchar; char *buf, *lang; char encoding; size_t n; @@ -98,9 +100,9 @@ rfc2047_token_new_encoded_word (const char *word, size_t len) /* skip over '=?' */ inptr = word + 2; - charset = inptr; + tmpchar = inptr; - if (*charset == '?' || *charset == '*') { + if (*tmpchar == '?' || *tmpchar == '*') { /* this would result in an empty charset */ return NULL; } @@ -110,9 +112,9 @@ rfc2047_token_new_encoded_word (const char *word, size_t len) return NULL; /* copy the charset into a buffer */ - n = (size_t) (inptr - charset); - buf = _alloca (n + 1); - memcpy (buf, charset, n); + n = (size_t) (inptr - tmpchar); + buf = malloc (n + 1); + memcpy (buf, tmpchar, n); buf[n] = '\0'; charset = buf; @@ -156,14 +158,23 @@ rfc2047_token_new_encoded_word (const char *word, size_t len) return NULL; token = rfc2047_token_new (payload, inptr - payload); - /* TODO lookup charset.*/ - log_debug ("%s:%s: Charset name: %p", SRCNAME, __func__, charset); - token->charset = "UTF-8";/* g_mime_charset_iconv_name (charset); */ + token->charset = charset; token->encoding = encoding; return token; } +static void +rfc2047_token_free (rfc2047_token * tok) +{ + if (!tok) + { + return; + } + xfree (tok->charset); + xfree (tok); +} + static rfc2047_token * tokenize_rfc2047_phrase (const char *in, size_t *len) { @@ -248,7 +259,7 @@ non_rfc2047: tail->next = lwsp; tail = lwsp; } else if (lwsp != NULL) { - xfree (lwsp); + rfc2047_token_free (lwsp); } tail->next = token; @@ -305,7 +316,7 @@ rfc2047_token_list_free (rfc2047_token * tokens) while (cur) { rfc2047_token *next = cur->next; - xfree (cur); + rfc2047_token_free (cur); cur = next; } } @@ -506,13 +517,7 @@ rfc2047_decode_tokens (rfc2047_token *tokens, size_t buflen) char encoding; unsigned int save; int state; -#if 0 - TODO Conversion - size_t ninval; - iconv_t cd; char *str; -#endif - decoded = xmalloc (buflen + 1); memset (decoded, 0, buflen + 1); @@ -565,43 +570,29 @@ rfc2047_decode_tokens (rfc2047_token *tokens, size_t buflen) /* convert the raw decoded text into UTF-8 */ if (!strcasecmp (charset, "UTF-8")) { strncat (decoded, (char *) outptr, outlen); - } -#if 0 - /* TODO handle other charsets */ - else if ((cd = g_mime_iconv_open ("UTF-8", charset)) == (iconv_t) -1) { - w(g_warning ("Cannot convert from %s to UTF-8, header display may " - "be corrupt: %s", charset[0] ? charset : "unspecified charset", - g_strerror (errno))); - - str = g_mime_utils_decode_8bit ((char *) outptr, outlen); - g_string_append (decoded, str); - g_free (str); } else { - str = g_malloc (outlen + 1); - len = outlen; - - len = charset_convert (cd, (char *) outptr, outlen, &str, &len, &ninval); - g_mime_iconv_close (cd); - - g_string_append_len (decoded, str, len); - g_free (str); - -#if w(!)0 - if (ninval > 0) { - g_warning ("Failed to completely convert \"%.*s\" to UTF-8, display may be " - "corrupt: %s", outlen, (char *) outptr, g_strerror (errno)); - } -#endif + str = ansi_charset_to_utf8 (charset, outptr, outlen); + + if (!str) + { + log_error ("%s:%s: Failed conversion from: %s for word: %s.", + SRCNAME, __func__, charset, outptr); + } + else + { + strcat (decoded, str); + xfree (str); + } } - } else if (token->is_8bit) { - /* *sigh* I hate broken mailers... */ - str = g_mime_utils_decode_8bit (token->text, token->length); - g_string_append (decoded, str); - g_free (str); -#endif } else { strncat (decoded, token->text, token->length); } + if (token && token->is_8bit) + { + /* We don't support this. */ + log_error ("%s:%s: Unknown 8bit encoding detected.", + SRCNAME, __func__); + } token = next; } @@ -636,16 +627,6 @@ g_mime_utils_header_decode_phrase (const char *phrase) decoded = rfc2047_decode_tokens (tokens, len); rfc2047_token_list_free (tokens); - if (decoded && strlen(decoded)) - { - return decoded; - } - else - { - xfree (decoded); - return strdup (phrase); - } - return decoded; } @@ -662,10 +643,6 @@ rfc2047_parse (const char *input) log_debug ("%s:%s: Input: \"%s\"", SRCNAME, __func__, input); - if (!strncmp (input, "=?", 2)) - { - return strdup (input); - } decoded = g_mime_utils_header_decode_phrase (input); log_debug ("%s:%s: Decoded: \"%s\"", commit 2d5127b9faebe6677fa335cc8d20f52241fc7eb5 Author: Andre Heinecke Date: Sun Nov 22 17:11:07 2015 +0100 Fallback to content-type name if no cd/filename * src/mimeparser.c (t2body): Fallback to ct/name if cd/filename not found or not parsed. -- This is neccessary for enigmail attachments which uses an rfc 2038 (i think) content-dispositon filename but an RFC 2047 content-type / name so that Outlook can understand the filename from the content-type / name. We understand this now, too. diff --git a/src/mimeparser.c b/src/mimeparser.c index 6899e36..be5f4a1 100644 --- a/src/mimeparser.c +++ b/src/mimeparser.c @@ -831,6 +831,15 @@ t2body (mime_context_t ctx, rfc822parse_t msg) if (s) charset = xstrdup (s); + if (!filename) + { + /* Check for Content-Type name if Content-Disposition filename + was not found */ + s = rfc822parse_query_parameter (field, "name", 0); + if (s) + filename = rfc2047_parse (s); + } + /* Update our idea of the entire MIME structure. */ { mimestruct_item_t ms; commit 978b651f156049bfb7e35fc931c644acec83b5f3 Author: Andre Heinecke Date: Sun Nov 22 17:09:36 2015 +0100 Parse RFC2047 attachment names * src/mimeparser.c (start_attachment): Expect filename as utf8 and set it as Unicode property in MAPI. (t2body): Parse the attachment filename. diff --git a/src/mimeparser.c b/src/mimeparser.c index af21ad5..6899e36 100644 --- a/src/mimeparser.c +++ b/src/mimeparser.c @@ -37,6 +37,7 @@ #include "mymapitags.h" #include "rfc822parse.h" +#include "rfc2047parse.h" #include "common.h" #include "engine.h" #include "mapihelp.h" @@ -419,12 +420,17 @@ start_attachment (mime_context_t ctx, int is_body) functions. */ if (ctx->mimestruct_cur && ctx->mimestruct_cur->filename) { - prop.ulPropTag = PR_ATTACH_LONG_FILENAME_A; + prop.ulPropTag = PR_ATTACH_LONG_FILENAME_W; + wchar_t * utf16_str = NULL; if (!strcmp (ctx->mimestruct_cur->filename, "smime.p7m")) - prop.Value.lpszA = "x-smime.p7m"; + prop.Value.lpszW = L"x-smime.p7m"; else - prop.Value.lpszA = ctx->mimestruct_cur->filename; + { + utf16_str = utf8_to_wchar (ctx->mimestruct_cur->filename); + prop.Value.lpszW = utf16_str; + } hr = HrSetOneProp ((LPMAPIPROP)newatt, &prop); + xfree (utf16_str); if (hr) { log_error ("%s:%s: can't set attach long filename: hr=%#lx\n", @@ -757,8 +763,6 @@ finish_message (LPMESSAGE message, gpg_error_t err, int protect_mode, return mapi_save_changes (message, KEEP_OPEN_READWRITE|FORCE_SAVE); } - - /* Process the transition to body event. This means we have received the empty line indicating the body and @@ -799,7 +803,7 @@ t2body (mime_context_t ctx, rfc822parse_t msg) { s = rfc822parse_query_parameter (field, "filename", 0); if (s) - filename = xstrdup (s); + filename = rfc2047_parse (s); s = rfc822parse_query_parameter (field, NULL, 1); if (s && strcmp (s, "inline")) not_inline_text = 1; commit 642fd5b02bd3b0f3545e8bed68e3625663cacab3 Author: Andre Heinecke Date: Sun Nov 22 17:06:45 2015 +0100 Use RFC2047 for attachment names * src/mimemaker.c (utf8_to_rfc2047b): New. Convert utf8 to rfc2047 base64 encoding. -- We always use UTF8 and Base64 for simplicity. (I wish this was everything thats allowed,..) diff --git a/src/mimemaker.c b/src/mimemaker.c index 0d4ddee..0641dff 100644 --- a/src/mimemaker.c +++ b/src/mimemaker.c @@ -784,9 +784,28 @@ infer_content_encoding (const void *data, size_t datalen) } - - - +/* Convert an utf8 input string to RFC2047 base64 encoding which + is the subset of RFC2047 outlook likes. + Return value needs to be freed. + */ +static char * +utf8_to_rfc2047b (const char *input) +{ + char *ret; + if (!input) + { + return NULL; + } + char *b64_encoded = b64_encode (input, strlen (input)); + if (gpgrt_asprintf (&ret, "=?UTF-8?B?%s?=", b64_encoded) == -1) + { + log_error ("%s:%s: Error: %i", SRCNAME, __func__, __LINE__); + xfree (b64_encoded); + return NULL; + } + xfree (b64_encoded); + return ret; +} /* Write a MIME part to SINK. First the BOUNDARY is written (unless it is NULL) then the DATA is analyzed and appropriate headers are @@ -800,6 +819,7 @@ write_part (sink_t sink, const char *data, size_t datalen, int rc; const char *ct; int use_b64, use_qp, is_text; + char *encoded_filename; if (filename) { @@ -858,9 +878,10 @@ write_part (sink_t sink, const char *data, size_t datalen, NULL))) return rc; - if (filename) + encoded_filename = utf8_to_rfc2047b (filename); + if (encoded_filename) if ((rc=write_multistring (sink, - "\tname=\"", filename, "\"\r\n", + "\tname=\"", encoded_filename, "\"\r\n", NULL))) return rc; @@ -873,13 +894,14 @@ write_part (sink_t sink, const char *data, size_t datalen, NULL))) return rc; - if (filename) + if (encoded_filename) if ((rc=write_multistring (sink, "Content-Disposition: attachment;\r\n" - "\tfilename=\"", filename, "\"\r\n", + "\tfilename=\"", encoded_filename, "\"\r\n", NULL))) return rc; + xfree(encoded_filename); /* Write delimiter. */ if ((rc = write_string (sink, "\r\n"))) commit 9b77ef1253a881ab1c75022b2ad887b4cd2b0489 Author: Andre Heinecke Date: Sun Nov 22 17:05:32 2015 +0100 Add base64 encoder * src/common.c, src/common.h (b64_encode): New. -- Will be used to encode RFC2047 strings. diff --git a/src/common.c b/src/common.c index 8473fee..fd53592 100644 --- a/src/common.c +++ b/src/common.c @@ -895,6 +895,49 @@ b64_decode (b64_state_t *state, char *buffer, size_t length) } +/* Base 64 encode the input. If input is null returns NULL otherwise + a pointer to the malloced encoded string. */ +char * +b64_encode (const char *input, size_t length) +{ + size_t out_len = 4 * ((length + 2) / 3); + char *ret; + int i, j; + + if (!length || !input) + { + return NULL; + } + ret = xmalloc (out_len); + + for (i = 0, j = 0; i < length;) + { + unsigned int a = i < length ? (unsigned char)input[i++] : 0; + unsigned int b = i < length ? (unsigned char)input[i++] : 0; + unsigned int c = i < length ? (unsigned char)input[i++] : 0; + + unsigned int triple = (a << 0x10) + (b << 0x08) + c; + + ret[j++] = bintoasc[(triple >> 3 * 6) & 0x3F]; + ret[j++] = bintoasc[(triple >> 2 * 6) & 0x3F]; + ret[j++] = bintoasc[(triple >> 1 * 6) & 0x3F]; + ret[j++] = bintoasc[(triple >> 0 * 6) & 0x3F]; + } + + if (length % 3) + { + ret [j - 1] = '='; + } + if (length % 3 == 1) + { + ret [j - 2] = '='; + } + + ret[++j] = '\0'; + log_debug("Encoded to: %s ", ret); + return ret; +} + /* Create a boundary. Note that mimemaker.c knows about the structure of the boundary (i.e. that it starts with "=-=") so that it can protect against accidently used boundaries within the content. */ diff --git a/src/common.h b/src/common.h index c525a17..1d46515 100644 --- a/src/common.h +++ b/src/common.h @@ -189,6 +189,7 @@ char *get_data_dir (void); size_t qp_decode (char *buffer, size_t length, int *r_slbrk); void b64_init (b64_state_t *state); size_t b64_decode (b64_state_t *state, char *buffer, size_t length); +char * b64_encode (const char *input, size_t length); /* Get a temporary filename with and its name */ wchar_t *get_tmp_outfile (wchar_t *name, HANDLE *outHandle); commit f67f41e0775336225e175f8b22e820b191dc4606 Author: Andre Heinecke Date: Sun Nov 22 17:02:05 2015 +0100 Add MIME language to UTF8 conversion code * src/mlang-charset.cpp, src/mlang-charset.h: New. * src/Makefile.am: Update accordingly. -- This is COM based code but as we are a COM addin anyway we can utilize it to convert MIME strings to unicode and then from unicode to UTF8. Our internal "we do everything in UTF-8" has a bit overhead here but I prefer it. diff --git a/src/Makefile.am b/src/Makefile.am index 2010722..457c7b3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -82,7 +82,8 @@ gpgol_SOURCES = \ windowmessages.h windowmessages.cpp \ gpgolstr.h gpgolstr.cpp \ mail.h mail.cpp \ - rfc2047parse.h rfc2047parse.c + rfc2047parse.h rfc2047parse.c \ + mlang-charset.cpp mlang-charset.h #treeview_SOURCES = treeview.c diff --git a/src/mlang-charset.cpp b/src/mlang-charset.cpp new file mode 100644 index 0000000..221f57f --- /dev/null +++ b/src/mlang-charset.cpp @@ -0,0 +1,98 @@ +/* @file mlang-charset.cpp + * @brief Convert between charsets using Mlang + * + * Copyright (C) 2015 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#include "util.h" +#define INITGUID +#include +DEFINE_GUID (IID_IMultiLanguage, 0x275c23e1,0x3747,0x11d0,0x9f, + 0xea,0x00,0xaa,0x00,0x3f,0x86,0x46); +#include +#undef INITGUID + +#include "mlang-charset.h" + +char *ansi_charset_to_utf8 (const char *charset, char *input, + size_t inlen) +{ + LPMULTILANGUAGE multilang = NULL; + MIMECSETINFO mime_info; + HRESULT err; + DWORD enc; + DWORD mode = 0; + unsigned int wlen = 0; + wchar_t *buf; + char *ret; + + CoCreateInstance(CLSID_CMultiLanguage, NULL, CLSCTX_INPROC_SERVER, + IID_IMultiLanguage, (void**)&multilang); + + if (!multilang) + { + log_error ("%s:%s: Failed to get multilang obj.", + SRCNAME, __func__); + return NULL; + } + + + mime_info.uiCodePage = 0; + mime_info.uiInternetEncoding = 0; + BSTR w_charset = utf8_to_wchar (charset); + err = multilang->GetCharsetInfo (w_charset, &mime_info); + xfree (w_charset); + if (err != S_OK) + { + log_error ("%s:%s: Failed to find charset for: %s", + SRCNAME, __func__, charset); + multilang->Release (); + return NULL; + } + enc = (mime_info.uiInternetEncoding == 0) ? mime_info.uiCodePage : + mime_info.uiInternetEncoding; + + /** Get the size of the result */ + err = multilang->ConvertStringToUnicode(&mode, enc, input, + &inlen, NULL, &wlen); + if (FAILED (err)) + { + log_error ("%s:%s: Failed conversion.", + SRCNAME, __func__); + multilang->Release (); + return NULL; + } + buf = (wchar_t*) xmalloc(sizeof(wchar_t) * (wlen + 1)); + + err = multilang->ConvertStringToUnicode(&mode, enc, input, &inlen, + buf, &wlen); + multilang->Release (); + if (FAILED (err)) + { + log_error ("%s:%s: Failed conversion 2.", + SRCNAME, __func__); + xfree (buf); + return NULL; + } + /* Doc is not clear if this is terminated. */ + buf[wlen] = L'\0'; + + ret = wchar_to_utf8 (buf); + xfree (buf); + return ret; +} diff --git a/src/mlang-charset.h b/src/mlang-charset.h new file mode 100644 index 0000000..3c55fd3 --- /dev/null +++ b/src/mlang-charset.h @@ -0,0 +1,43 @@ +/* @file mlang-charset.h + * @brief Convert between charsets using Mlang + * + * Copyright (C) 2015 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +#include "util.h" +#ifdef __cplusplus +extern "C" { +#if 0 +} +#endif +#endif + +/** @brief convert input to utf8. + * + * @param charset: ANSI name of the charset to decode. + * @param input: The input to convert. + * @param inlen: The size of the input. + * + * @returns NULL on error or an UTF-8 encoded NULL terminated string. + */ + +char *ansi_charset_to_utf8 (const char *charset, char *input, + size_t inlen); +#ifdef __cplusplus +} +#endif commit 1ee1143f6c00ab35f48651059bca820967d86755 Author: Andre Heinecke Date: Sun Nov 22 15:41:35 2015 +0100 Add rfc2047 parser based on GMime * src/rfc2047parse.c, src/rfc2047parse.h: New. * src/Makefile.am: Update accordingly. -- To properly handle attachment names the same way as outlook does we need to be able to parse rfc2047 words at least. From the rfc's I'm not sure if we need to parse multiple words but let's assume we do for added compatibility. And this was an easy part of GMime to extract. For now it only handles UTF8 binary and quoted printable. diff --git a/src/Makefile.am b/src/Makefile.am index e5cb2c4..2010722 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -81,7 +81,8 @@ gpgol_SOURCES = \ attachment.h attachment.cpp \ windowmessages.h windowmessages.cpp \ gpgolstr.h gpgolstr.cpp \ - mail.h mail.cpp + mail.h mail.cpp \ + rfc2047parse.h rfc2047parse.c #treeview_SOURCES = treeview.c diff --git a/src/rfc2047parse.c b/src/rfc2047parse.c new file mode 100644 index 0000000..72b195a --- /dev/null +++ b/src/rfc2047parse.c @@ -0,0 +1,680 @@ +/* @file rfc2047parse.c + * @brief Parsercode for rfc2047 + * + * Copyright (C) 2015 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +/* This code is heavily based (mostly verbatim copy with glib + * dependencies removed) on GMime rev 496313fb + * modified by aheinecke at intevation.de + * + * Copyright (C) 2000-2014 Jeffrey Stedfast + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 + * of the License, or (at your option) any later version. + */ + +#include +#include "common.h" + +#include "gmime-table-private.h" + +/* mabye we need this at some point later? */ +#define G_MIME_RFC2047_WORKAROUNDS false; + + +static unsigned char gmime_base64_rank[256] = { + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255, 62,255,255,255, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,255,255,255, 0,255,255, + 255, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,255,255,255,255,255, + 255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, + 255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255, +}; + +typedef struct _rfc2047_token { + struct _rfc2047_token *next; + const char *charset; + const char *text; + size_t length; + char encoding; + char is_8bit; +} rfc2047_token; + +static rfc2047_token * +rfc2047_token_new (const char *text, size_t len) +{ + rfc2047_token *token; + + token = xmalloc (sizeof (rfc2047_token)); + memset (token, 0, sizeof (rfc2047_token)); + token->length = len; + token->text = text; + + return token; +} + +static rfc2047_token * +rfc2047_token_new_encoded_word (const char *word, size_t len) +{ + rfc2047_token *token; + const char *payload; + const char *charset; + const char *inptr; + char *buf, *lang; + char encoding; + size_t n; + + /* check that this could even be an encoded-word token */ + if (len < 7 || strncmp (word, "=?", 2) != 0 || strncmp (word + len - 2, "?=", 2) != 0) + return NULL; + + /* skip over '=?' */ + inptr = word + 2; + charset = inptr; + + if (*charset == '?' || *charset == '*') { + /* this would result in an empty charset */ + return NULL; + } + + /* skip to the end of the charset */ + if (!(inptr = memchr (inptr, '?', len - 2)) || inptr[2] != '?') + return NULL; + + /* copy the charset into a buffer */ + n = (size_t) (inptr - charset); + buf = _alloca (n + 1); + memcpy (buf, charset, n); + buf[n] = '\0'; + charset = buf; + + /* rfc2231 updates rfc2047 encoded words... + * The ABNF given in RFC 2047 for encoded-words is: + * encoded-word := "=?" charset "?" encoding "?" encoded-text "?=" + * This specification changes this ABNF to: + * encoded-word := "=?" charset ["*" language] "?" encoding "?" encoded-text "?=" + */ + + /* trim off the 'language' part if it's there... */ + if ((lang = strchr (charset, '*'))) + *lang = '\0'; + + /* skip over the '?' */ + inptr++; + + /* make sure the first char after the encoding is another '?' */ + if (inptr[1] != '?') + return NULL; + + switch (*inptr++) { + case 'B': case 'b': + encoding = 'B'; + break; + case 'Q': case 'q': + encoding = 'Q'; + break; + default: + return NULL; + } + + /* the payload begins right after the '?' */ + payload = inptr + 1; + + /* find the end of the payload */ + inptr = word + len - 2; + + /* make sure that we don't have something like: =?iso-8859-1?Q?= */ + if (payload > inptr) + return NULL; + + token = rfc2047_token_new (payload, inptr - payload); + /* TODO lookup charset.*/ + log_debug ("%s:%s: Charset name: %p", SRCNAME, __func__, charset); + token->charset = "UTF-8";/* g_mime_charset_iconv_name (charset); */ + token->encoding = encoding; + + return token; +} + +static rfc2047_token * +tokenize_rfc2047_phrase (const char *in, size_t *len) +{ + bool enable_rfc2047_workarounds = G_MIME_RFC2047_WORKAROUNDS; + rfc2047_token list, *lwsp, *token, *tail; + register const char *inptr = in; + bool encoded = false; + const char *text, *word; + bool ascii; + size_t n; + + tail = (rfc2047_token *) &list; + list.next = NULL; + lwsp = NULL; + + while (*inptr != '\0') { + text = inptr; + while (is_lwsp (*inptr)) + inptr++; + + if (inptr > text) + lwsp = rfc2047_token_new (text, inptr - text); + else + lwsp = NULL; + + word = inptr; + ascii = TRUE; + if (is_atom (*inptr)) { + if (enable_rfc2047_workarounds) { + /* Make an extra effort to detect and + * separate encoded-word tokens that + * have been merged with other + * words. */ + + if (!strncmp (inptr, "=?", 2)) { + inptr += 2; + + /* skip past the charset (if one is even declared, sigh) */ + while (*inptr && *inptr != '?') { + ascii = ascii && is_ascii (*inptr); + inptr++; + } + + /* sanity check encoding type */ + if (inptr[0] != '?' || !strchr ("BbQq", inptr[1]) || inptr[2] != '?') + goto non_rfc2047; + + inptr += 3; + + /* find the end of the rfc2047 encoded word token */ + while (*inptr && strncmp (inptr, "?=", 2) != 0) { + ascii = ascii && is_ascii (*inptr); + inptr++; + } + + if (*inptr == '\0') { + /* didn't find an end marker... */ + inptr = word + 2; + ascii = TRUE; + + goto non_rfc2047; + } + + inptr += 2; + } else { +non_rfc2047: + /* stop if we encounter a possible rfc2047 encoded + * token even if it's inside another word, sigh. */ + while (is_atom (*inptr) && strncmp (inptr, "=?", 2) != 0) + inptr++; + } + } else { + while (is_atom (*inptr)) + inptr++; + } + + n = (size_t) (inptr - word); + if ((token = rfc2047_token_new_encoded_word (word, n))) { + /* rfc2047 states that you must ignore all + * whitespace between encoded words */ + if (!encoded && lwsp != NULL) { + tail->next = lwsp; + tail = lwsp; + } else if (lwsp != NULL) { + xfree (lwsp); + } + + tail->next = token; + tail = token; + + encoded = TRUE; + } else { + /* append the lwsp and atom tokens */ + if (lwsp != NULL) { + tail->next = lwsp; + tail = lwsp; + } + + token = rfc2047_token_new (word, n); + token->is_8bit = ascii ? 0 : 1; + tail->next = token; + tail = token; + + encoded = FALSE; + } + } else { + /* append the lwsp token */ + if (lwsp != NULL) { + tail->next = lwsp; + tail = lwsp; + } + + ascii = TRUE; + while (*inptr && !is_lwsp (*inptr) && !is_atom (*inptr)) { + ascii = ascii && is_ascii (*inptr); + inptr++; + } + + n = (size_t) (inptr - word); + token = rfc2047_token_new (word, n); + token->is_8bit = ascii ? 0 : 1; + + tail->next = token; + tail = token; + + encoded = FALSE; + } + } + + *len = (size_t) (inptr - in); + + return list.next; +} + +static void +rfc2047_token_list_free (rfc2047_token * tokens) +{ + rfc2047_token * cur = tokens; + while (cur) + { + rfc2047_token *next = cur->next; + xfree (cur); + cur = next; + } +} + +/* this decodes rfc2047's version of quoted-printable */ +static size_t +quoted_decode (const unsigned char *in, size_t len, unsigned char *out, int *state, unsigned int *save) +{ + register const unsigned char *inptr; + register unsigned char *outptr; + const unsigned char *inend; + unsigned char c, c1; + unsigned int saved; + int need; + + if (len == 0) + return 0; + + inend = in + len; + outptr = out; + inptr = in; + + need = *state; + saved = *save; + + if (need > 0) { + if (isxdigit ((int) *inptr)) { + if (need == 1) { + c = toupper ((int) (saved & 0xff)); + c1 = toupper ((int) *inptr++); + saved = 0; + need = 0; + + goto decode; + } + + saved = 0; + need = 0; + + goto equals; + } + + /* last encoded-word ended in a malformed quoted-printable sequence */ + *outptr++ = '='; + + if (need == 1) + *outptr++ = (char) (saved & 0xff); + + saved = 0; + need = 0; + } + + while (inptr < inend) { + c = *inptr++; + if (c == '=') { +equals: + if (inend - inptr >= 2) { + if (isxdigit ((int) inptr[0]) && isxdigit ((int) inptr[1])) { + c = toupper (*inptr++); + c1 = toupper (*inptr++); +decode: + *outptr++ = (((c >= 'A' ? c - 'A' + 10 : c - '0') & 0x0f) << 4) + | ((c1 >= 'A' ? c1 - 'A' + 10 : c1 - '0') & 0x0f); + } else { + /* malformed quoted-printable sequence? */ + *outptr++ = '='; + } + } else { + /* truncated payload, maybe it was split across encoded-words? */ + if (inptr < inend) { + if (isxdigit ((int) *inptr)) { + saved = *inptr; + need = 1; + break; + } else { + /* malformed quoted-printable sequence? */ + *outptr++ = '='; + } + } else { + saved = 0; + need = 2; + break; + } + } + } else if (c == '_') { + /* _'s are an rfc2047 shortcut for encoding spaces */ + *outptr++ = ' '; + } else { + *outptr++ = c; + } + } + + *state = need; + *save = saved; + + return (size_t) (outptr - out); +} + +/** + * g_mime_encoding_base64_decode_step: + * @inbuf: input buffer + * @inlen: input buffer length + * @outbuf: output buffer + * @state: holds the number of bits that are stored in @save + * @save: leftover bits that have not yet been decoded + * + * Decodes a chunk of base64 encoded data. + * + * Returns: the number of bytes decoded (which have been dumped in + * @outbuf). + **/ +size_t +g_mime_encoding_base64_decode_step (const unsigned char *inbuf, size_t inlen, unsigned char *outbuf, int *state, unsigned int *save) +{ + register const unsigned char *inptr; + register unsigned char *outptr; + const unsigned char *inend; + register unsigned int saved; + unsigned char c; + int npad, n, i; + + inend = inbuf + inlen; + outptr = outbuf; + inptr = inbuf; + + npad = (*state >> 8) & 0xff; + n = *state & 0xff; + saved = *save; + + /* convert 4 base64 bytes to 3 normal bytes */ + while (inptr < inend) { + c = gmime_base64_rank[*inptr++]; + if (c != 0xff) { + saved = (saved << 6) | c; + n++; + if (n == 4) { + *outptr++ = saved >> 16; + *outptr++ = saved >> 8; + *outptr++ = saved; + n = 0; + + if (npad > 0) { + outptr -= npad; + npad = 0; + } + } + } + } + + /* quickly scan back for '=' on the end somewhere */ + /* fortunately we can drop 1 output char for each trailing '=' (up to 2) */ + for (i = 2; inptr > inbuf && i; ) { + inptr--; + if (gmime_base64_rank[*inptr] != 0xff) { + if (*inptr == '=' && outptr > outbuf) { + if (n == 0) { + /* we've got a complete quartet so it's + safe to drop an output character. */ + outptr--; + } else if (npad < 2) { + /* keep a record of the number of ='s at + the end of the input stream, up to 2 */ + npad++; + } + } + + i--; + } + } + + *state = (npad << 8) | n; + *save = n ? saved : 0; + + return (outptr - outbuf); +} + +static size_t +rfc2047_token_decode (rfc2047_token *token, unsigned char *outbuf, int *state, unsigned int *save) +{ + const unsigned char *inbuf = (const unsigned char *) token->text; + size_t len = token->length; + + if (token->encoding == 'B') + return g_mime_encoding_base64_decode_step (inbuf, len, outbuf, state, save); + else + return quoted_decode (inbuf, len, outbuf, state, save); +} + +static char * +rfc2047_decode_tokens (rfc2047_token *tokens, size_t buflen) +{ + rfc2047_token *token, *next; + size_t outlen, len, tmplen; + unsigned char *outptr; + const char *charset; + char *outbuf; + char *decoded; + char encoding; + unsigned int save; + int state; +#if 0 + TODO Conversion + size_t ninval; + iconv_t cd; + char *str; +#endif + + + decoded = xmalloc (buflen + 1); + memset (decoded, 0, buflen + 1); + tmplen = 76; + outbuf = xmalloc (tmplen); + + token = tokens; + while (token != NULL) { + next = token->next; + + if (token->encoding) { + /* In order to work around broken mailers, we need to combine + * the raw decoded content of runs of identically encoded word + * tokens before converting into UTF-8. */ + encoding = token->encoding; + charset = token->charset; + len = token->length; + state = 0; + save = 0; + + /* find the end of the run (and measure the buffer length we'll need) */ + while (next && next->encoding == encoding && !strcmp (next->charset, charset)) { + len += next->length; + next = next->next; + } + + /* make sure our temporary output buffer is large enough... */ + if (len > tmplen) + { + xrealloc (outbuf, len + 1); + tmplen = len + 1; + } + + /* base64 / quoted-printable decode each of the tokens... */ + outptr = outbuf; + outlen = 0; + do { + /* Note: by not resetting state/save each loop, we effectively + * treat the payloads as one continuous block, thus allowing + * us to handle cases where a hex-encoded triplet of a + * quoted-printable encoded payload is split between 2 or more + * encoded-word tokens. */ + len = rfc2047_token_decode (token, outptr, &state, &save); + token = token->next; + outptr += len; + outlen += len; + } while (token != next); + outptr = outbuf; + + /* convert the raw decoded text into UTF-8 */ + if (!strcasecmp (charset, "UTF-8")) { + strncat (decoded, (char *) outptr, outlen); + } +#if 0 + /* TODO handle other charsets */ + else if ((cd = g_mime_iconv_open ("UTF-8", charset)) == (iconv_t) -1) { + w(g_warning ("Cannot convert from %s to UTF-8, header display may " + "be corrupt: %s", charset[0] ? charset : "unspecified charset", + g_strerror (errno))); + + str = g_mime_utils_decode_8bit ((char *) outptr, outlen); + g_string_append (decoded, str); + g_free (str); + } else { + str = g_malloc (outlen + 1); + len = outlen; + + len = charset_convert (cd, (char *) outptr, outlen, &str, &len, &ninval); + g_mime_iconv_close (cd); + + g_string_append_len (decoded, str, len); + g_free (str); + +#if w(!)0 + if (ninval > 0) { + g_warning ("Failed to completely convert \"%.*s\" to UTF-8, display may be " + "corrupt: %s", outlen, (char *) outptr, g_strerror (errno)); + } +#endif + } + } else if (token->is_8bit) { + /* *sigh* I hate broken mailers... */ + str = g_mime_utils_decode_8bit (token->text, token->length); + g_string_append (decoded, str); + g_free (str); +#endif + } else { + strncat (decoded, token->text, token->length); + } + + token = next; + } + + xfree (outbuf); + + return decoded; +} + + +/** + * g_mime_utils_header_decode_phrase: + * @phrase: header to decode + * + * Decodes an rfc2047 encoded 'phrase' header. + * + * Note: See g_mime_set_user_charsets() for details on how charset + * conversion is handled for unencoded 8bit text and/or wrongly + * specified rfc2047 encoded-word tokens. + * + * Returns: a newly allocated UTF-8 string representing the the decoded + * header. + **/ +static char * +g_mime_utils_header_decode_phrase (const char *phrase) +{ + rfc2047_token *tokens; + char *decoded; + size_t len; + + tokens = tokenize_rfc2047_phrase (phrase, &len); + decoded = rfc2047_decode_tokens (tokens, len); + rfc2047_token_list_free (tokens); + + if (decoded && strlen(decoded)) + { + return decoded; + } + else + { + xfree (decoded); + return strdup (phrase); + } + + return decoded; +} + +/* Try to parse an rfc 2047 filename for attachment handling. + returns the parsed string. On errors the input string is just + copied with strdup */ +char * +rfc2047_parse (const char *input) +{ + char *decoded; + if (!input) + return strdup (""); + + log_debug ("%s:%s: Input: \"%s\"", + SRCNAME, __func__, input); + + if (!strncmp (input, "=?", 2)) + { + return strdup (input); + } + decoded = g_mime_utils_header_decode_phrase (input); + + log_debug ("%s:%s: Decoded: \"%s\"", + SRCNAME, __func__, decoded); + + if (!decoded || !strlen (decoded)) + { + xfree (decoded); + return strdup (input); + } + return decoded; +} diff --git a/src/rfc2047parse.h b/src/rfc2047parse.h new file mode 100644 index 0000000..593b6fd --- /dev/null +++ b/src/rfc2047parse.h @@ -0,0 +1,31 @@ +/* @file rfc2047parse.h + * @brief Parser for filenames encoded according to rfc2047 + * + * Copyright (C) 2015 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see . + */ + +/** @brief Try to parse a string according to rfc2047. + * + * On error the error is logged and a copy of the original + * input string returned. + * + * @returns a malloced string in UTF-8 encoding or a copy + * of the input string. + */ +char * +rfc2047_parse (const char *input); ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 4 +- src/common.c | 43 +++ src/common.h | 1 + src/mimemaker.c | 36 +- src/mimeparser.c | 25 +- src/mlang-charset.cpp | 98 ++++++ src/{xmalloc.h => mlang-charset.h} | 35 +- src/rfc2047parse.c | 657 +++++++++++++++++++++++++++++++++++ src/{eventsinks.h => rfc2047parse.h} | 23 +- 9 files changed, 881 insertions(+), 41 deletions(-) create mode 100644 src/mlang-charset.cpp copy src/{xmalloc.h => mlang-charset.h} (60%) create mode 100644 src/rfc2047parse.c copy src/{eventsinks.h => rfc2047parse.h} (66%) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Sun Nov 22 17:25:08 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Sun, 22 Nov 2015 17:25:08 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-116-ga1a88e9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via a1a88e9d68d8e298c07a3c20835c5017927640e7 (commit) from f8ccdc665fa554b70d24b2f606f016986a14652e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a1a88e9d68d8e298c07a3c20835c5017927640e7 Author: Andre Heinecke Date: Sun Nov 22 17:24:10 2015 +0100 Add gmime-table-private header * src/gmime-table-private.h: New, from GMime * src/Makefile.am: Update accordingly. -- Neccessary file for rfc2047parser. Forgot to add this with the according commit. diff --git a/src/Makefile.am b/src/Makefile.am index 457c7b3..d830d36 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -83,7 +83,8 @@ gpgol_SOURCES = \ gpgolstr.h gpgolstr.cpp \ mail.h mail.cpp \ rfc2047parse.h rfc2047parse.c \ - mlang-charset.cpp mlang-charset.h + mlang-charset.cpp mlang-charset.h \ + gmime-table-private.h #treeview_SOURCES = treeview.c diff --git a/src/gmime-table-private.h b/src/gmime-table-private.h new file mode 100644 index 0000000..75af9f9 --- /dev/null +++ b/src/gmime-table-private.h @@ -0,0 +1,86 @@ +/* @file gmime-table-private.h + * @brief character tables fro gmime. + * + * This file was copied from GMime rev. 496313fb + * + * Copyright (C) 2000-2014 Jeffrey Stedfast + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 + * of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free + * Software Foundation, 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +static unsigned short gmime_special_table[256] = { + 1029,1029,1029,1029,1029,1029,1029,1029,1029,3175,1031,1029,1029,1063,1029,1029, + 1029,1029,1029,1029,1029,1029,1029,1029,1029,1029,1029,1029,1029,1029,1029,1029, + 3314,1984,1100,1728,1728,1216,1728,1216,1100,1100,1472,1984,1100,1984,1608,1348, + 1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1100,1100,1100,1284,1100,1092, + 1100,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984, + 1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1132,1260,1132,1728,1856, + 1728,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984, + 1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1984,1728,1728,1728,1728,1029, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +enum { + IS_CTRL = (1 << 0), + IS_LWSP = (1 << 1), + IS_TSPECIAL = (1 << 2), + IS_SPECIAL = (1 << 3), + IS_SPACE = (1 << 4), + IS_DSPECIAL = (1 << 5), + IS_QPSAFE = (1 << 6), + IS_ESAFE = (1 << 7), /* encoded word safe */ + IS_PSAFE = (1 << 8), /* encode word in phrase safe */ + IS_ATTRCHAR = (1 << 9), /* attribute-char from rfc2184 */ + + /* ctype replacements */ + IS_ASCII = (1 << 10), /* ascii */ + IS_BLANK = (1 << 11), /* space or tab */ +}; + +#define is_ctrl(x) ((gmime_special_table[(unsigned char)(x)] & IS_CTRL) != 0) +#define is_lwsp(x) ((gmime_special_table[(unsigned char)(x)] & IS_LWSP) != 0) +#define is_tspecial(x) ((gmime_special_table[(unsigned char)(x)] & IS_TSPECIAL) != 0) +#define is_type(x, t) ((gmime_special_table[(unsigned char)(x)] & (t)) != 0) +#define is_ttoken(x) ((gmime_special_table[(unsigned char)(x)] & (IS_TSPECIAL|IS_LWSP|IS_CTRL)) == 0) +#define is_atom(x) ((gmime_special_table[(unsigned char)(x)] & (IS_SPECIAL|IS_SPACE|IS_CTRL)) == 0) +#define is_dtext(x) ((gmime_special_table[(unsigned char)(x)] & IS_DSPECIAL) == 0) +#define is_fieldname(x) ((gmime_special_table[(unsigned char)(x)] & (IS_CTRL|IS_SPACE)) == 0) +#define is_qpsafe(x) ((gmime_special_table[(unsigned char)(x)] & IS_QPSAFE) != 0) +#define is_especial(x) ((gmime_special_table[(unsigned char)(x)] & IS_ESAFE) != 0) +#define is_psafe(x) ((gmime_special_table[(unsigned char)(x)] & IS_PSAFE) != 0) +#define is_attrchar(x) ((gmime_special_table[(unsigned char)(x)] & IS_ATTRCHAR) != 0) + +/* ctype replacements */ +#define is_ascii(x) ((gmime_special_table[(unsigned char)(x)] & IS_ASCII) != 0) +#define is_blank(x) ((gmime_special_table[(unsigned char)(x)] & IS_BLANK) != 0) + +#define CHARS_LWSP " \t\n\r" /* linear whitespace chars */ +#define CHARS_TSPECIAL "()<>@,;:\\\"/[]?=" +#define CHARS_SPECIAL "()<>@,;:\\\".[]" +#define CHARS_CSPECIAL "()\\\r" /* not in comments */ +#define CHARS_DSPECIAL "[]\\\r \t" /* not in domains */ +#define CHARS_ESPECIAL "()<>@,;:\"/[]?.=_" /* encoded word specials (rfc2047 5.1) */ +#define CHARS_PSPECIAL "!*+-/=_" /* encoded phrase specials (rfc2047 5.3) */ +#define CHARS_ATTRCHAR "*'% " /* attribute-char from rfc2184 */ + +#define GMIME_FOLD_LEN 78 ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 3 +- src/gmime-table-private.h | 86 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 src/gmime-table-private.h hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 11:21:32 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 23 Nov 2015 11:21:32 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-156-g19f0994 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 19f099463c82c119288a05eaefc42bf09d617377 (commit) from 178af9c3f56d385fe28a9e5e8bde0ab34c0b260e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 19f099463c82c119288a05eaefc42bf09d617377 Author: Neal H. Walfield Date: Mon Nov 23 11:21:24 2015 +0100 gpg: Don't crash if key is not passed an argument. * g10/keyedit.c (menu_select_key): Don't crash if P is NULL. -- Signed-off-by: Neal H. Walfield diff --git a/g10/keyedit.c b/g10/keyedit.c index 5fc92b2..8320aa4 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -4892,8 +4892,9 @@ menu_select_key (KBNODE keyblock, int idx, char *p) { KBNODE node; int i, j; - int is_hex_digits = strlen (p) >= 8; + int is_hex_digits; + is_hex_digits = p && strlen (p) >= 8; if (is_hex_digits) { for (i = 0, j = 0; p[i]; i ++) ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 12:16:44 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 23 Nov 2015 12:16:44 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-157-gb64b33b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b64b33bb80a8cf5dcc1fdbc62023d019fe2c8cb1 (commit) from 19f099463c82c119288a05eaefc42bf09d617377 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b64b33bb80a8cf5dcc1fdbc62023d019fe2c8cb1 Author: Neal H. Walfield Date: Mon Nov 23 12:16:33 2015 +0100 gpg: Allow updating the expiration time of multiple subkeys at once. * g10/keyedit.c (menu_expire): Allow updating the expiration time of multiple subkeys at once. -- Signed-off-by: Neal H. Walfield GnuPG-bug-id: 1944 diff --git a/g10/keyedit.c b/g10/keyedit.c index 8320aa4..1511c17 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -4003,8 +4003,23 @@ menu_expire (KBNODE pub_keyblock) n1 = count_selected_keys (pub_keyblock); if (n1 > 1) { - tty_printf (_("Please select at most one subkey.\n")); - return 0; + char *s = xtryasprintf (_("Are you sure you want to change the" + " expiration time %d subkeys? (y/N) "), n1); + int s_need_free; + if (s) + s_need_free = 0; + else + { + s = _("Are you sure you want to change the" + " expiration time for multiple subkeys? (y/N) "); + s_need_free = 0; + } + + rc = cpr_get_answer_is_yes ("keyedit.expire_multiple_subkeys.okay", s); + if (s_need_free) + xfree (s); + if (! rc) + return 0; } else if (n1) tty_printf (_("Changing expiration time for a subkey.\n")); @@ -4029,11 +4044,15 @@ menu_expire (KBNODE pub_keyblock) keyid_from_pk (main_pk, keyid); main_pk->expiredate = expiredate; } - else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY - && (node->flag & NODFLG_SELKEY)) + else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) { - sub_pk = node->pkt->pkt.public_key; - sub_pk->expiredate = expiredate; + if (node->flag & NODFLG_SELKEY) + { + sub_pk = node->pkt->pkt.public_key; + sub_pk->expiredate = expiredate; + } + else + sub_pk = NULL; } else if (node->pkt->pkttype == PKT_USER_ID) uid = node->pkt->pkt.user_id; ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 12:22:47 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 23 Nov 2015 12:22:47 +0100 Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.1-9-g6fff6e5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnupG extension for the Windows Explorer". The branch, master has been updated via 6fff6e5479a9f77f6721fd082a2dcab0ed0cb35a (commit) via 360e0fb0491ad202d6929b735ae05e587fe4aee1 (commit) via 7bbe5fc48b51203e335fed6f48aed1b73b4acfe7 (commit) from 9947021737dff89896f3b4ed5186429ccef802a1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6fff6e5479a9f77f6721fd082a2dcab0ed0cb35a Author: Andre Heinecke Date: Mon Nov 23 12:20:49 2015 +0100 Add french translation * NEWS: Mention new translations. * po/LINGUAS: Add fr * po/fr.po: New. -- Translation proivded by Oliver Serve on gpg4win-devel at wald.intevation.org (2015-09-11) diff --git a/NEWS b/NEWS index 8d48701..a025573 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ Noteworthy changes for version 1.0.3 (unreleased) ------------------------------------------------- +* Added Chinese translation. + +* Added French translation. Noteworthy changes for version 1.0.2 (2014-11-05) ------------------------------------------------- diff --git a/po/LINGUAS b/po/LINGUAS index 2e70707..3641d8d 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -1,2 +1,2 @@ # Set of available languages. -de ar es pl pt ru zh_CN zh_TW +de ar es pl pt ru zh_CN zh_TW fr diff --git a/po/fr.po b/po/fr.po new file mode 100644 index 0000000..ef09b2b --- /dev/null +++ b/po/fr.po @@ -0,0 +1,127 @@ +# French translations for gpgex package. +# Copyright (C) 2015 g10 Code GmbH +# This file is distributed under the same license as the gpgex package. +# +# Olivier Serve , 2015. +msgid "" +msgstr "" +"Project-Id-Version: gpgex 1.0.0\n" +"Report-Msgid-Bugs-To: http://bugs.gnupg.org\n" +"PO-Revision-Date: 2015-09-09 12:19+0200\n" +"Last-Translator: Olivier Serve \n" +"Language-Team: French \n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" +"X-Generator: Lokalize 1.5\n" + +#, c-format +msgid "" +"Can not connect to the GnuPG user interface%s%s%s:\r\n" +"%s" +msgstr "" +"Impossible de se connecter ? l'interface utilisateur GnuPG%s%s%s:\r\n" +"%s" + +#, c-format +msgid "" +"Error returned by the GnuPG user interface%s%s%s:\r\n" +"%s" +msgstr "" +"Erreur retourn?e par l'interface utilisateur GnuPG%s%s%s:\r\n" +"%s" + +msgid "Help on GpgEX" +msgstr "Aide sur GpgEX" + +msgid "About GpgEX" +msgstr "? propos de GpgEX" + +msgid "Decrypt and verify" +msgstr "D?chiffrer et v?rifier" + +msgid "Decrypt" +msgstr "D?chiffrer" + +msgid "Verify" +msgstr "V?rifier" + +msgid "Sign and encrypt" +msgstr "Signer et chiffrer" + +msgid "Encrypt" +msgstr "Chiffrer" + +msgid "Sign" +msgstr "Signer" + +msgid "Import keys" +msgstr "Importer des cl?s" + +msgid "Create checksums" +msgstr "Cr?er des sommes de contr?le" + +msgid "Verify checksums" +msgstr "V?rifier les sommes de contr?le" + +msgid "More GpgEX options" +msgstr "Plus d'options GpgEX" + +msgid "Invoke the GpgEX documentation." +msgstr "Appel ? la documentation GpgEX." + +msgid "Show the version of GpgEX." +msgstr "Voir la version de GpgEX." + +msgid "Decrypt and verify the marked files." +msgstr "D?chiffrer et v?rifier les fichiers marqu?s." + +msgid "Decrypt the marked files." +msgstr "D?chiffrer les fichiers marqu?s." + +msgid "Verify the marked files." +msgstr "V?rifier les fichiers marqu?s." + +msgid "Sign and encrypt the marked files." +msgstr "Signer et chiffrer les fichiers marqu?s." + +msgid "Encrypt the marked files." +msgstr "Chiffrer les fichier marqu?s" + +msgid "Sign the marked files." +msgstr "Signer les fichiers marqu?s." + +msgid "Import the marked files." +msgstr "Importer les fichiers marqu?s." + +msgid "Create checksums." +msgstr "Cr?er des sommes de contr?le." + +msgid "Verify checksums." +msgstr "V?rifier des sommes de contr?le." + +msgid "Show more GpgEX options." +msgstr "Montrer plus d'options GpgEX." + +#. TRANSLATORS: See the source for the full english text. +msgid "-#GpgEXFullHelpText#-" +msgstr "" +"GpgEX est une extension de l'Explorateur qui lui permet\n" +"de chiffrer ou signer num?riquement les donn?es ? l'aide de\n" +"PGP / MIME ou du standard Internet S / MIME sur la base\n" +"du logiciel GnuPG ().\n" +"\n" +"GpgEX est un logiciel libre. Vous pouvez l'utiliser dans les conditions\n" +"GNU Lesser General Public License telle que publi?e par la Free Software\n" +"Fondation, le redistribuer et / ou le modifier;\n" +"soit la version 2.1 de la Licence, ou (? votre choix)\n" +"toute version ult?rieure.\n" +"\n" +"Vous pouvez acc?der ? la licence GNU Lesser General Public License\n" +"? l'adresse WEB : ." + +#, c-format +msgid "This is GpgEX version %s (%s)" +msgstr "GpgEX Version %s (%s)" commit 360e0fb0491ad202d6929b735ae05e587fe4aee1 Author: Andre Heinecke Date: Mon Nov 23 12:15:07 2015 +0100 Add traditonal / simplified chinese translation * po/LINGUAS: Add zh_TW and zh_CN * po/zh_CN.po, po/zh_TW.po: New. -- Translations contributed by Mingye Wang (Arthur2e5) on gpg4win-devel at wald.intevation.org (2015-09-20). diff --git a/po/LINGUAS b/po/LINGUAS index 3201b69..2e70707 100644 --- a/po/LINGUAS +++ b/po/LINGUAS @@ -1,2 +1,2 @@ # Set of available languages. -de ar es pl pt ru +de ar es pl pt ru zh_CN zh_TW diff --git a/po/zh_CN.po b/po/zh_CN.po new file mode 100644 index 0000000..12bd6e9 --- /dev/null +++ b/po/zh_CN.po @@ -0,0 +1,125 @@ +# Chinese (China) Translation. +# Copyright (C) 2015 Free Software Foundation, Inc. +# This file is distributed under the same license as the GpgEx package. +# Mingye Wang (Arthur2e5) ?2015. +# +msgid "" +msgstr "" +"Project-Id-Version: GpgEX\n" +"Report-Msgid-Bugs-To: http://bugs.gnupg.org\n" +"PO-Revision-Date: 2015-08-15 20:50+0800\n" +"Last-Translator: Mingye Wang (Arthur2e5) \n" +"Language-Team: \n" +"Language: zh_CN\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.8.4\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#, c-format +msgid "" +"Can not connect to the GnuPG user interface%s%s%s:\r\n" +"%s" +msgstr "" +"????? GnuPG ????%s%s%s?\n" +"%s" + +#, c-format +msgid "" +"Error returned by the GnuPG user interface%s%s%s:\r\n" +"%s" +msgstr "" +"GnuPG ?????????%s%s%s?\n" +"%s" + +msgid "Help on GpgEX" +msgstr "GpgEX ??" + +msgid "About GpgEX" +msgstr "?? GpgEX" + +msgid "Decrypt and verify" +msgstr "?????" + +msgid "Decrypt" +msgstr "??" + +msgid "Verify" +msgstr "??" + +msgid "Sign and encrypt" +msgstr "?????" + +msgid "Encrypt" +msgstr "??" + +msgid "Sign" +msgstr "??" + +msgid "Import keys" +msgstr "????" + +msgid "Create checksums" +msgstr "?????" + +msgid "Verify checksums" +msgstr "?????" + +msgid "More GpgEX options" +msgstr "?? GpgEX ??" + +msgid "Invoke the GpgEX documentation." +msgstr "?? GpgEx ???" + +msgid "Show the version of GpgEX." +msgstr "?? GpgEx ???" + +msgid "Decrypt and verify the marked files." +msgstr "???????????" + +msgid "Decrypt the marked files." +msgstr "????????" + +msgid "Verify the marked files." +msgstr "????????" + +msgid "Sign and encrypt the marked files." +msgstr "???????????" + +msgid "Encrypt the marked files." +msgstr "????????" + +msgid "Sign the marked files." +msgstr "????????" + +msgid "Import the marked files." +msgstr "????????" + +msgid "Create checksums." +msgstr "??????" + +msgid "Verify checksums." +msgstr "??????" + +msgid "Show more GpgEX options." +msgstr "???? GpgEX ???" + +#. TRANSLATORS: See the source for the full english text. +msgid "-#GpgEXFullHelpText#-" +msgstr "" +"GpgEX ???????????????????\n" +"??? GnuPG ?? (http://www.gnupg.org)?\n" +"\n" +"GpgEX ??????????? GNU Lesser General Public License\n" +"??????????????????? 2.1 ??????????????\n" +"???????\n" +"\n" +"GpgEX ???????????????????????????????\n" +"?????????????????????????????? GNU LGPL?\n" +"?????????????? GNU Lesser General Public Licence ????\n" +"??????? ?" + +#, c-format +msgid "This is GpgEX version %s (%s)" +msgstr "??? GpgEX ?? %s (%s)" diff --git a/po/zh_TW.po b/po/zh_TW.po new file mode 100644 index 0000000..4e059be --- /dev/null +++ b/po/zh_TW.po @@ -0,0 +1,125 @@ +# Chinese (Taiwan) Translation. +# Copyright (C) 2015 Free Software Foundation, Inc. +# This file is distributed under the same license as the GpgEx package. +# Mingye Wang (Arthur2e5) ?2015. +# +msgid "" +msgstr "" +"Project-Id-Version: GpgEX\n" +"Report-Msgid-Bugs-To: http://bugs.gnupg.org\n" +"PO-Revision-Date: 2015-08-15 20:50+0800\n" +"Last-Translator: Mingye Wang (Arthur2e5) \n" +"Language-Team: \n" +"Language: zh_TW\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.8.4\n" +"Plural-Forms: nplurals=1; plural=0;\n" + +#, c-format +msgid "" +"Can not connect to the GnuPG user interface%s%s%s:\r\n" +"%s" +msgstr "" +"????? GnuPG ?????%s%s%s?\n" +"%s" + +#, c-format +msgid "" +"Error returned by the GnuPG user interface%s%s%s:\r\n" +"%s" +msgstr "" +"GnuPG ??????????%s%s%s?\n" +"%s" + +msgid "Help on GpgEX" +msgstr "GpgEX ??" + +msgid "About GpgEX" +msgstr "?? GpgEX" + +msgid "Decrypt and verify" +msgstr "?????" + +msgid "Decrypt" +msgstr "??" + +msgid "Verify" +msgstr "??" + +msgid "Sign and encrypt" +msgstr "?????" + +msgid "Encrypt" +msgstr "??" + +msgid "Sign" +msgstr "??" + +msgid "Import keys" +msgstr "????" + +msgid "Create checksums" +msgstr "?????" + +msgid "Verify checksums" +msgstr "?????" + +msgid "More GpgEX options" +msgstr "?? GpgEX ??" + +msgid "Invoke the GpgEX documentation." +msgstr "?? GpgEx ???" + +msgid "Show the version of GpgEX." +msgstr "?? GpgEx ???" + +msgid "Decrypt and verify the marked files." +msgstr "???????????" + +msgid "Decrypt the marked files." +msgstr "????????" + +msgid "Verify the marked files." +msgstr "????????" + +msgid "Sign and encrypt the marked files." +msgstr "???????????" + +msgid "Encrypt the marked files." +msgstr "????????" + +msgid "Sign the marked files." +msgstr "????????" + +msgid "Import the marked files." +msgstr "????????" + +msgid "Create checksums." +msgstr "??????" + +msgid "Verify checksums." +msgstr "??????" + +msgid "Show more GpgEX options." +msgstr "???? GpgEX ???" + +#. TRANSLATORS: See the source for the full english text. +msgid "-#GpgEXFullHelpText#-" +msgstr "" +"GpgEX ???????????????????\n" +"??? GnuPG ?? (http://www.gnupg.org)?\n" +"\n" +"GpgEX ??????????? GNU Lesser General Public License\n" +"??????????????????? 2.1 ??????????????\n" +"???????\n" +"\n" +"GpgEX ???????????????????????????????\n" +"?????????????????????????????? GNU LGPL?\n" +"?????????????? GNU Lesser General Public Licence ????\n" +"??????? ?" + +#, c-format +msgid "This is GpgEX version %s (%s)" +msgstr "??? GpgEX ?? %s (%s)" commit 7bbe5fc48b51203e335fed6f48aed1b73b4acfe7 Author: Andre Heinecke Date: Mon Nov 23 12:12:56 2015 +0100 Update gpl.texi to compile with texinfo 5.2 * doc/gpl.texi: Update with Version from GnuPG diff --git a/doc/gpl.texi b/doc/gpl.texi index 7f9a48a..d13e9e4 100644 --- a/doc/gpl.texi +++ b/doc/gpl.texi @@ -228,7 +228,7 @@ terms of section 4, provided that you also meet all of these conditions: @enumerate a - at item + at item The work must carry prominent notices stating that you modified it, and giving a relevant date. @@ -659,12 +659,15 @@ an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + at end enumerate + @iftex @heading END OF TERMS AND CONDITIONS @end iftex @ifinfo @center END OF TERMS AND CONDITIONS @end ifinfo + @unnumberedsec How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest @@ -675,9 +678,11 @@ terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least -the ``copyright'' line and a pointer to where the full notice is found. - at smallexample - at var{one line to give the program's name and a brief idea of what it does.} +the ``copyright'' line and a pointer to where the full notice is +found. + + at example + at var{one line to give the program's name and a brief idea of what it does.} Copyright (C) @var{year} @var{name of author} This program is free software: you can redistribute it and/or modify @@ -692,17 +697,21 @@ General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see @url{http://www.gnu.org/licenses/}. - at end smallexample + at end example + at noindent Also add information on how to contact you by electronic and paper mail. + at noindent If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: @smallexample - at var{program} Copyright (C) @var{year} @var{name of author} -This program comes with ABSOLUTELY NO WARRANTY; for details type @samp{show w}. -This is free software, and you are welcome to redistribute it under certain conditions; type @samp{show c} for details. + at var{program} Copyright (C) @var{year} @var{name of author} +This program comes with ABSOLUTELY NO WARRANTY; for details +type @samp{show w}. This is free software, and you are +welcome to redistribute it under certain conditions; +type @samp{show c} for details. @end smallexample The hypothetical commands @samp{show w} and @samp{show c} should show @@ -721,5 +730,3 @@ library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read @url{http://www.gnu.org/philosophy/why-not-lgpl.html}. - - at end enumerate ----------------------------------------------------------------------- Summary of changes: NEWS | 3 ++ doc/gpl.texi | 27 ++++++++----- po/LINGUAS | 2 +- po/fr.po | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_CN.po | 125 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ po/zh_TW.po | 125 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 398 insertions(+), 11 deletions(-) create mode 100644 po/fr.po create mode 100644 po/zh_CN.po create mode 100644 po/zh_TW.po hooks/post-receive -- GnupG extension for the Windows Explorer http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 12:40:55 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Nov 2015 12:40:55 +0100 Subject: [git] GpgEX - branch, master, updated. gpgex-1.0.1-11-g76e044f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnupG extension for the Windows Explorer". The branch, master has been updated via 76e044f8b2627c409efd574f42a507f35361134f (commit) via 50a79c0eebdd72a7c15770d9b9f8bd0599ae2292 (commit) from 6fff6e5479a9f77f6721fd082a2dcab0ed0cb35a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 76e044f8b2627c409efd574f42a507f35361134f Author: Werner Koch Date: Mon Nov 23 12:35:07 2015 +0100 Post release updates -- diff --git a/NEWS b/NEWS index 84f5d8d..58b7609 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes for version 1.0.4 (unreleased) +------------------------------------------------- + + Noteworthy changes for version 1.0.3 (2015-11-23) ------------------------------------------------- diff --git a/configure.ac b/configure.ac index 8d02a0f..aae95e4 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ min_automake_version="1.10" # (git tag -s gnupg-2.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.0.3]) +m4_define([mym4_version], [1.0.4]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit 50a79c0eebdd72a7c15770d9b9f8bd0599ae2292 Author: Werner Koch Date: Mon Nov 23 12:26:52 2015 +0100 Release 1.0.3 diff --git a/NEWS b/NEWS index a025573..84f5d8d 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,11 @@ -Noteworthy changes for version 1.0.3 (unreleased) +Noteworthy changes for version 1.0.3 (2015-11-23) ------------------------------------------------- * Added Chinese translation. * Added French translation. + Noteworthy changes for version 1.0.2 (2014-11-05) ------------------------------------------------- diff --git a/build-aux/compile b/build-aux/compile new file mode 100755 index 0000000..531136b --- /dev/null +++ b/build-aux/compile @@ -0,0 +1,347 @@ +#! /bin/sh +# Wrapper for compilers which do not understand '-c -o'. + +scriptversion=2012-10-14.11; # UTC + +# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Written by Tom Tromey . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: ----------------------------------------------------------------------- Summary of changes: NEWS | 7 +- build-aux/compile | 347 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ configure.ac | 2 +- 3 files changed, 354 insertions(+), 2 deletions(-) create mode 100755 build-aux/compile hooks/post-receive -- GnupG extension for the Windows Explorer http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 12:48:44 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 23 Nov 2015 12:48:44 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-158-g770c06e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 770c06ed4e6c1097d6e305a0a9427c3c783b787c (commit) from b64b33bb80a8cf5dcc1fdbc62023d019fe2c8cb1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 770c06ed4e6c1097d6e305a0a9427c3c783b787c Author: Neal H. Walfield Date: Mon Nov 23 12:39:22 2015 +0100 gpg: If sqlite is not available, don't build things depending on it. * configure.ac: Define the automake conditional SQLITE3. * tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests to... (sqlite3_dependent_tests): ... this new variable. If SQLITE3 is not defined, then clear this variable. -- Signed-off-by: Neal H. Walfield diff --git a/configure.ac b/configure.ac index 57bf85e..d9aac71 100644 --- a/configure.ac +++ b/configure.ac @@ -820,6 +820,8 @@ if test x"$use_tofu" = xyes ; then fi fi +AM_CONDITIONAL(SQLITE3, test "$have_sqlite" = "yes") + if test x"$use_tofu" = xyes ; then AC_DEFINE(USE_TOFU, 1, [Enable to build the TOFU code]) fi diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index f82fc1d..7263cd8 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -25,6 +25,12 @@ required_pgms = ../../g10/gpg2 ../../agent/gpg-agent \ TESTS_ENVIRONMENT = GNUPGHOME=$(abs_builddir) GPG_AGENT_INFO= LC_ALL=C +if SQLITE3 +sqlite3_dependent_tests = tofu.test +else +sqlite3_dependent_tests = +endif + # Note: version.test needs to be the first test to run and finish.test # the last one TESTS = version.test mds.test \ @@ -38,7 +44,8 @@ TESTS = version.test mds.test \ armdetachm.test detachm.test genkey1024.test \ conventional.test conventional-mdc.test \ multisig.test verify.test armor.test \ - import.test ecc.test 4gb-packet.test tofu.test \ + import.test ecc.test 4gb-packet.test \ + $(sqlite3_dependent_tests) \ finish.test ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 ++ tests/openpgp/Makefile.am | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 13:43:22 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 23 Nov 2015 13:43:22 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-159-ga9e0b1d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via a9e0b1dd6c106e243e3fbbaa1838b56a1f1c8584 (commit) from 770c06ed4e6c1097d6e305a0a9427c3c783b787c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a9e0b1dd6c106e243e3fbbaa1838b56a1f1c8584 Author: Justus Winter Date: Mon Nov 23 11:44:50 2015 +0100 dirmngr: Start dirmngr on demand. * common/asshelp.h: Include 'util.h'. * dirmngr/dirmngr-client.c (main): Use 'start_new_dirmngr' to connect to the dirmngr. (start_dirmngr): Drop now unused declaration and function. -- Signed-off-by: Justus Winter GnuPG-bug-id: 1843 diff --git a/common/asshelp.h b/common/asshelp.h index 6a52172..35d2115 100644 --- a/common/asshelp.h +++ b/common/asshelp.h @@ -34,6 +34,7 @@ #include #include "session-env.h" +#include "util.h" /*-- asshelp.c --*/ diff --git a/dirmngr/dirmngr-client.c b/dirmngr/dirmngr-client.c index 8e280f6..02920d6 100644 --- a/dirmngr/dirmngr-client.c +++ b/dirmngr/dirmngr-client.c @@ -36,6 +36,7 @@ #include "../common/stringhelp.h" #include "../common/mischelp.h" #include "../common/strlist.h" +#include "../common/asshelp.h" #include "i18n.h" #include "util.h" @@ -89,7 +90,6 @@ static struct int quiet; int verbose; const char *dirmngr_program; - int force_pipe_server; int force_default_responder; int pem; int escaped_pem; /* PEM is additional percent encoded. */ @@ -117,7 +117,6 @@ static unsigned char asctobin[256]; /* runtime initialized */ /* Prototypes. */ -static assuan_context_t start_dirmngr (int only_daemon); static gpg_error_t read_certificate (const char *fname, unsigned char **rbuf, size_t *rbuflen); static gpg_error_t do_check (assuan_context_t ctx, @@ -291,9 +290,21 @@ main (int argc, char **argv ) exit (2); } - ctx = start_dirmngr (1); - if (!ctx) - exit (2); + err = start_new_dirmngr (&ctx, + GPG_ERR_SOURCE_DEFAULT, + default_homedir (), + opt.dirmngr_program + ? opt.dirmngr_program + : gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR), + ! cmd_ping, + opt.verbose, + 0, + NULL, NULL); + if (err) + { + log_error (_("can't connect to the dirmngr: %s\n"), gpg_strerror (err)); + exit (2); + } if (cmd_ping) ; @@ -431,131 +442,6 @@ data_cb (void *opaque, const void *buffer, size_t length) } -/* Try to connect to the dirmngr via socket or fork it off and work by - pipes. Handle the server's initial greeting */ -static assuan_context_t -start_dirmngr (int only_daemon) -{ - int rc; - char *infostr, *p; - assuan_context_t ctx; - int try_default = 0; - - infostr = opt.force_pipe_server? NULL : getenv (DIRMNGR_INFO_NAME); - if (only_daemon && (!infostr || !*infostr)) - { - if (dirmngr_user_socket_name ()) - infostr = xstrdup (dirmngr_user_socket_name ()); - else - infostr = xstrdup (dirmngr_sys_socket_name ()); - try_default = 1; - } - - rc = assuan_new (&ctx); - if (rc) - { - log_error (_("failed to allocate assuan context: %s\n"), - gpg_strerror (rc)); - return NULL; - } - - if (!infostr || !*infostr) - { - const char *pgmname; - const char *argv[3]; - assuan_fd_t no_close_list[3]; - int i; - - if (only_daemon) - { - log_error (_("apparently no running dirmngr\n")); - return NULL; - } - - if (opt.verbose) - log_info (_("no running dirmngr - starting one\n")); - - if (!opt.dirmngr_program || !*opt.dirmngr_program) - opt.dirmngr_program = "./dirmngr"; - if ( !(pgmname = strrchr (opt.dirmngr_program, '/'))) - pgmname = opt.dirmngr_program; - else - pgmname++; - - argv[0] = pgmname; - argv[1] = "--server"; - argv[2] = NULL; - - i=0; - if (log_get_fd () != -1) - no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); - no_close_list[i++] = assuan_fd_from_posix_fd (es_fileno (es_stderr)); - no_close_list[i] = ASSUAN_INVALID_FD; - - /* Connect to the agent and perform initial handshaking. */ - rc = assuan_pipe_connect (ctx, opt.dirmngr_program, argv, - no_close_list, NULL, NULL, 0); - } - else /* Connect to a daemon. */ - { - int prot; - int pid; - - infostr = xstrdup (infostr); - if (!try_default && *infostr) - { - if ( !(p = strchr (infostr, ':')) || p == infostr) - { - log_error (_("malformed %s environment variable\n"), - DIRMNGR_INFO_NAME); - xfree (infostr); - if (only_daemon) - return NULL; - /* Try again by starting a new instance. */ - opt.force_pipe_server = 1; - return start_dirmngr (0); - } - *p++ = 0; - pid = atoi (p); - while (*p && *p != ':') - p++; - prot = *p? atoi (p+1) : 0; - if (prot != 1) - { - log_error (_("dirmngr protocol version %d is not supported\n"), - prot); - xfree (infostr); - if (only_daemon) - return NULL; - opt.force_pipe_server = 1; - return start_dirmngr (0); - } - } - else - pid = -1; - - rc = assuan_socket_connect (ctx, infostr, pid, 0); - xfree (infostr); - if (gpg_err_code(rc) == GPG_ERR_ASS_CONNECT_FAILED && !only_daemon) - { - log_error (_("can't connect to the dirmngr - trying fall back\n")); - opt.force_pipe_server = 1; - return start_dirmngr (0); - } - } - - if (rc) - { - assuan_release (ctx); - log_error (_("can't connect to the dirmngr: %s\n"), - gpg_strerror (rc)); - return NULL; - } - - return ctx; -} - - /* Read the first PEM certificate from the file FNAME. If fname is NULL the next certificate is read from stdin. The certificate is returned in an alloced buffer whose address will be returned in ----------------------------------------------------------------------- Summary of changes: common/asshelp.h | 1 + dirmngr/dirmngr-client.c | 146 ++++++----------------------------------------- 2 files changed, 17 insertions(+), 130 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 14:06:53 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 23 Nov 2015 14:06:53 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-164-g73c1a86 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 73c1a86ad937d7be027eece991c69aaeb6a1f092 (commit) via c9f5aa15793b3c05c1b92af401b23ab34d3e6196 (commit) via 3f52f6bcacfe3877d30a21464e93e9240bc75085 (commit) via 23ea641ba2a063cc99c82869061703d48bc674b2 (commit) via 2b43a0515868b8720009e48d7a1f32d571767f14 (commit) from a9e0b1dd6c106e243e3fbbaa1838b56a1f1c8584 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 73c1a86ad937d7be027eece991c69aaeb6a1f092 Author: Justus Winter Date: Thu Nov 19 15:03:30 2015 +0100 dirmngr: Honor ports specified in SRV records. * dirmngr/ks-engine-hkp.c (struct hostinfo_s): New field 'port'. (create_new_hostinfo): Initialize 'port'. (add_host): Add host parameter and update the hosttable entry. (map_host): Return port if known, adjust calls to 'add_host'. (make_host_part): Let 'map_host' specify the port if known. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 3ea3245..e458899 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -92,6 +92,7 @@ struct hostinfo_s char *v6addr; /* A string with the v6 IP address of the host. NULL if NAME has a numeric IP address or no v6 address is available. */ + unsigned short port; /* The port used by the host, 0 if unknown. */ char name[1]; /* The hostname. */ }; @@ -131,6 +132,7 @@ create_new_hostinfo (const char *name) hi->cname = NULL; hi->v4addr = NULL; hi->v6addr = NULL; + hi->port = 0; /* Add it to the hosttable. */ for (idx=0; idx < hosttable_size; idx++) @@ -256,10 +258,13 @@ arecords_is_pool (dns_addrinfo_t aibuf) } -/* Add the host AI under the NAME into the HOSTTABLE. Updates the - given reference table. */ +/* Add the host AI under the NAME into the HOSTTABLE. If PORT is not + zero, it specifies which port to use to talk to the host. If NAME + specifies a pool (as indicated by IS_POOL), update the given + reference table accordingly. */ static void -add_host (const char *name, const dns_addrinfo_t ai, int is_pool, +add_host (const char *name, int is_pool, + const dns_addrinfo_t ai, unsigned short port, int *reftbl, size_t reftblsize, int *refidx) { gpg_error_t tmperr; @@ -322,6 +327,9 @@ add_host (const char *name, const dns_addrinfo_t ai, int is_pool, { char *ipaddr = NULL; + if (port) + hosttable[tmpidx]->port = port; + if (!is_numeric) { xfree (tmphost); @@ -371,13 +379,16 @@ add_host (const char *name, const dns_addrinfo_t ai, int is_pool, failed for some time and we stick to one host for a time independent of DNS retry times. If FORCE_RESELECT is true a new host is always selected. The selected host is stored as a malloced - string at R_HOST; on error NULL is stored. If R_HTTPFLAGS is not + string at R_HOST; on error NULL is stored. If we know the port + used by the selected host, a string representation is written to + R_PORTSTR, otherwise it is left untouched. If R_HTTPFLAGS is not NULL it will receive flags which are to be passed to http_open. If R_POOLNAME is not NULL a malloced name of the pool is stored or NULL if it is not a pool. */ static gpg_error_t map_host (ctrl_t ctrl, const char *name, int force_reselect, - char **r_host, unsigned int *r_httpflags, char **r_poolname) + char **r_host, char *r_portstr, + unsigned int *r_httpflags, char **r_poolname) { gpg_error_t err = 0; hostinfo_t hi; @@ -468,7 +479,8 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, if (err) continue; dirmngr_tick (ctrl); - add_host (name, ai, is_pool, reftbl, reftblsize, &refidx); + add_host (name, is_pool, ai, srvs[i].port, + reftbl, reftblsize, &refidx); } xfree (srvs); @@ -504,7 +516,7 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, continue; dirmngr_tick (ctrl); - add_host (name, ai, is_pool, reftbl, reftblsize, &refidx); + add_host (name, is_pool, ai, 0, reftbl, reftblsize, &refidx); } } reftbl[refidx] = -1; @@ -609,6 +621,9 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, } return err; } + if (hi->port) + snprintf (r_portstr, 6 /* five digits and the sentinel */, + "%hu", hi->port); return 0; } @@ -860,16 +875,24 @@ make_host_part (ctrl_t ctrl, *r_hostport = NULL; + portstr[0] = 0; + err = map_host (ctrl, host, force_reselect, + &hostname, portstr, r_httpflags, r_poolname); + if (err) + return err; + /* Map scheme and port. */ if (!strcmp (scheme, "hkps") || !strcmp (scheme,"https")) { scheme = "https"; - strcpy (portstr, "443"); + if (! *portstr) + strcpy (portstr, "443"); } else /* HKP or HTTP. */ { scheme = "http"; - strcpy (portstr, "11371"); + if (! *portstr) + strcpy (portstr, "11371"); } if (port) snprintf (portstr, sizeof portstr, "%hu", port); @@ -878,11 +901,6 @@ make_host_part (ctrl_t ctrl, /*fixme_do_srv_lookup ()*/ } - err = map_host (ctrl, host, force_reselect, - &hostname, r_httpflags, r_poolname); - if (err) - return err; - *r_hostport = strconcat (scheme, "://", hostname, ":", portstr, NULL); xfree (hostname); if (!*r_hostport) commit c9f5aa15793b3c05c1b92af401b23ab34d3e6196 Author: Justus Winter Date: Thu Nov 19 14:29:36 2015 +0100 dirmngr: Support hkp server pools using SRV records. * dirmngr/ks-engine-hkp.c (map_host): Handle SRV records. -- Signed-off-by: Justus Winter GnuPG-bug-id: 1788 diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index be0280b..3ea3245 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -415,6 +415,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, int refidx; int is_pool = 0; char *cname; +#ifdef USE_DNS_SRV + char *srvrecord; + struct srventry *srvs; + int srvscount; +#endif /* USE_DNS_SRV */ reftblsize = 100; reftbl = xtrymalloc (reftblsize * sizeof *reftbl); @@ -431,6 +436,45 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, } hi = hosttable[idx]; +#ifdef USE_DNS_SRV + /* Check for SRV records. */ + srvrecord = xtryasprintf ("_hkp._tcp.%s", name); + if (srvrecord == NULL) + { + err = gpg_error_from_syserror (); + xfree (reftbl); + return err; + } + + srvscount = getsrv (srvrecord, &srvs); + xfree (srvrecord); + if (srvscount < 0) + { + err = gpg_error_from_syserror (); + xfree (reftbl); + return err; + } + + if (srvscount > 0) + { + int i; + is_pool = srvscount > 1; + + for (i = 0; i < srvscount; i++) + { + err = resolve_dns_name (srvs[i].target, 0, + AF_UNSPEC, SOCK_STREAM, + &ai, &cname); + if (err) + continue; + dirmngr_tick (ctrl); + add_host (name, ai, is_pool, reftbl, reftblsize, &refidx); + } + + xfree (srvs); + } +#endif /* USE_DNS_SRV */ + /* Find all A records for this entry and put them into the pool list - if any. */ err = resolve_dns_name (name, 0, 0, SOCK_STREAM, &aibuf, &cname); @@ -446,7 +490,8 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, the canonical name of the pool as the virtual host along with the IP addresses. If it is not a pool, we use the specified name. */ - is_pool = arecords_is_pool (aibuf); + if (! is_pool) + is_pool = arecords_is_pool (aibuf); if (is_pool && cname) { hi->cname = cname; commit 3f52f6bcacfe3877d30a21464e93e9240bc75085 Author: Justus Winter Date: Thu Nov 19 13:00:59 2015 +0100 dirmngr: Refactor 'map_host'. * dirmngr/ks-engine-hkp.c (add_host): New function. (map_host): Use the new function. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index a08043f..be0280b 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -256,6 +256,115 @@ arecords_is_pool (dns_addrinfo_t aibuf) } +/* Add the host AI under the NAME into the HOSTTABLE. Updates the + given reference table. */ +static void +add_host (const char *name, const dns_addrinfo_t ai, int is_pool, + int *reftbl, size_t reftblsize, int *refidx) +{ + gpg_error_t tmperr; + char *tmphost; + int idx, tmpidx; + int is_numeric = 0; + int i; + + idx = find_hostinfo (name); + + if (!is_pool && !is_ip_address (name)) + { + /* This is a hostname but not a pool. Use the name + as given without going through resolve_dns_addr. */ + tmphost = xtrystrdup (name); + if (!tmphost) + tmperr = gpg_error_from_syserror (); + else + tmperr = 0; + } + else + { + tmperr = resolve_dns_addr (ai->addr, ai->addrlen, + DNS_WITHBRACKET, &tmphost); + if (tmphost && is_ip_address (tmphost)) + is_numeric = 1; + } + + if (tmperr) + { + log_info ("resolve_dns_addr failed while checking '%s': %s\n", + name, gpg_strerror (tmperr)); + } + else if ((*refidx) + 1 >= reftblsize) + { + log_error ("resolve_dns_addr for '%s': '%s'" + " [index table full - ignored]\n", name, tmphost); + } + else + { + if (!is_pool && is_ip_address (name)) + /* Update the original entry. */ + tmpidx = idx; + else + tmpidx = find_hostinfo (tmphost); + log_info ("resolve_dns_addr for '%s': '%s'%s\n", + name, tmphost, + tmpidx == -1? "" : " [already known]"); + + if (tmpidx == -1) /* Create a new entry. */ + tmpidx = create_new_hostinfo (tmphost); + + if (tmpidx == -1) + { + log_error ("map_host for '%s' problem: %s - '%s'" + " [ignored]\n", + name, strerror (errno), tmphost); + } + else /* Set or update the entry. */ + { + char *ipaddr = NULL; + + if (!is_numeric) + { + xfree (tmphost); + tmperr = resolve_dns_addr (ai->addr, ai->addrlen, + (DNS_NUMERICHOST + | DNS_WITHBRACKET), + &tmphost); + if (tmperr) + log_info ("resolve_dns_addr failed: %s\n", + gpg_strerror (tmperr)); + else + { + ipaddr = tmphost; + tmphost = NULL; + } + } + + if (ai->family == AF_INET6) + { + hosttable[tmpidx]->v6 = 1; + xfree (hosttable[tmpidx]->v6addr); + hosttable[tmpidx]->v6addr = ipaddr; + } + else if (ai->family == AF_INET) + { + hosttable[tmpidx]->v4 = 1; + xfree (hosttable[tmpidx]->v4addr); + hosttable[tmpidx]->v4addr = ipaddr; + } + else + BUG (); + + for (i=0; i < *refidx; i++) + if (reftbl[i] == tmpidx) + break; + if (!(i < *refidx) && tmpidx != idx) + reftbl[(*refidx)++] = tmpidx; + } + } + xfree (tmphost); +} + + /* Map the host name NAME to the actual to be used host name. This allows us to manage round robin DNS names. We use our own strategy to choose one of the hosts. For example we skip those hosts which @@ -346,109 +455,11 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, for (ai = aibuf; ai; ai = ai->next) { - gpg_error_t tmperr; - char *tmphost; - int tmpidx; - int is_numeric = 0; - int i; - if (ai->family != AF_INET && ai->family != AF_INET6) continue; - dirmngr_tick (ctrl); - if (!is_pool && !is_ip_address (name)) - { - /* This is a hostname but not a pool. Use the name - as given without going through resolve_dns_addr. */ - tmphost = xtrystrdup (name); - if (!tmphost) - tmperr = gpg_error_from_syserror (); - else - tmperr = 0; - } - else - { - tmperr = resolve_dns_addr (ai->addr, ai->addrlen, - DNS_WITHBRACKET, &tmphost); - if (tmphost && is_ip_address (tmphost)) - is_numeric = 1; - } - - if (tmperr) - { - log_info ("resolve_dns_addr failed while checking '%s': %s\n", - name, gpg_strerror (tmperr)); - } - else if (refidx+1 >= reftblsize) - { - log_error ("resolve_dns_addr for '%s': '%s'" - " [index table full - ignored]\n", name, tmphost); - } - else - { - if (!is_pool && is_ip_address (name)) - /* Update the original entry. */ - tmpidx = idx; - else - tmpidx = find_hostinfo (tmphost); - log_info ("resolve_dns_addr for '%s': '%s'%s\n", - name, tmphost, - tmpidx == -1? "" : " [already known]"); - - if (tmpidx == -1) /* Create a new entry. */ - tmpidx = create_new_hostinfo (tmphost); - - if (tmpidx == -1) - { - log_error ("map_host for '%s' problem: %s - '%s'" - " [ignored]\n", - name, strerror (errno), tmphost); - } - else /* Set or update the entry. */ - { - char *ipaddr = NULL; - - if (!is_numeric) - { - xfree (tmphost); - tmperr = resolve_dns_addr (ai->addr, ai->addrlen, - (DNS_NUMERICHOST - | DNS_WITHBRACKET), - &tmphost); - if (tmperr) - log_info ("resolve_dns_addr failed: %s\n", - gpg_strerror (tmperr)); - else - { - ipaddr = tmphost; - tmphost = NULL; - } - } - - if (ai->family == AF_INET6) - { - hosttable[tmpidx]->v6 = 1; - xfree (hosttable[tmpidx]->v6addr); - hosttable[tmpidx]->v6addr = ipaddr; - } - else if (ai->family == AF_INET) - { - hosttable[tmpidx]->v4 = 1; - xfree (hosttable[tmpidx]->v4addr); - hosttable[tmpidx]->v4addr = ipaddr; - } - else - BUG (); - - for (i=0; i < refidx; i++) - if (reftbl[i] == tmpidx) - break; - if (!(i < refidx) && tmpidx != idx) - reftbl[refidx++] = tmpidx; - } - } - xfree (tmphost); + add_host (name, ai, is_pool, reftbl, reftblsize, &refidx); } } reftbl[refidx] = -1; commit 23ea641ba2a063cc99c82869061703d48bc674b2 Author: Justus Winter Date: Mon Nov 23 13:59:01 2015 +0100 dirmngr: Fix pool detection. * dirmngr/ks-engine-hkp (arecords_is_pool): Fix counting IP addresses. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index b9eca0e..a08043f 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -246,9 +246,9 @@ arecords_is_pool (dns_addrinfo_t aibuf) n_v6 = n_v4 = 0; for (ai = aibuf; ai; ai = ai->next) { - if (ai->family != AF_INET6) + if (ai->family == AF_INET6) n_v6++; - else if (ai->family != AF_INET) + else if (ai->family == AF_INET) n_v4++; } commit 2b43a0515868b8720009e48d7a1f32d571767f14 Author: Justus Winter Date: Thu Nov 19 12:43:23 2015 +0100 dirmngr: Refactor 'map_host'. * dirmngr/ks-engine-hkp.c (arecords_is_pool): New function. (map_host): Use the new function. Signed-off-by: Justus Winter diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c index 8ab0d55..b9eca0e 100644 --- a/dirmngr/ks-engine-hkp.c +++ b/dirmngr/ks-engine-hkp.c @@ -236,6 +236,26 @@ select_random_host (int *table) } +/* Figure out if a set of DNS records looks like a pool. */ +static int +arecords_is_pool (dns_addrinfo_t aibuf) +{ + dns_addrinfo_t ai; + int n_v6, n_v4; + + n_v6 = n_v4 = 0; + for (ai = aibuf; ai; ai = ai->next) + { + if (ai->family != AF_INET6) + n_v6++; + else if (ai->family != AF_INET) + n_v4++; + } + + return n_v6 > 1 || n_v4 > 1; +} + + /* Map the host name NAME to the actual to be used host name. This allows us to manage round robin DNS names. We use our own strategy to choose one of the hosts. For example we skip those hosts which @@ -312,23 +332,12 @@ map_host (ctrl_t ctrl, const char *name, int force_reselect, } else { - int n_v6, n_v4; - /* First figure out whether this is a pool. For a pool we use a different strategy than for a plain server: We use the canonical name of the pool as the virtual host along with the IP addresses. If it is not a pool, we use the specified name. */ - n_v6 = n_v4 = 0; - for (ai = aibuf; ai; ai = ai->next) - { - if (ai->family != AF_INET6) - n_v6++; - else if (ai->family != AF_INET) - n_v4++; - } - if (n_v6 > 1 || n_v4 > 1) - is_pool = 1; + is_pool = arecords_is_pool (aibuf); if (is_pool && cname) { hi->cname = cname; ----------------------------------------------------------------------- Summary of changes: dirmngr/ks-engine-hkp.c | 323 ++++++++++++++++++++++++++++++------------------ 1 file changed, 203 insertions(+), 120 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 15:02:59 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 23 Nov 2015 15:02:59 +0100 Subject: [git] GnuPG - branch, neal/kdb, created. gnupg-2.1.9-165-g68be39b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, neal/kdb has been created at 68be39bdc474e77c533b3320541206084efa525d (commit) - Log ----------------------------------------------------------------- commit 68be39bdc474e77c533b3320541206084efa525d Author: Neal H. Walfield Date: Thu Oct 29 10:18:13 2015 +0100 New key db. diff --git a/g10/Makefile.am b/g10/Makefile.am index 10714f6..16e9ce9 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -30,7 +30,7 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \ $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) -needed_libs = ../kbx/libkeybox.a $(libcommon) +needed_libs = ../kbx/libkeybox.a $(libcommon) $(SQLITE3_LIBS) bin_PROGRAMS = gpg2 if !HAVE_W32CE_SYSTEM @@ -58,7 +58,7 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h endif if USE_TOFU -tofu_source = tofu.h tofu.c sqlite.c sqlite.h +tofu_source = tofu.h tofu.c else tofu_source = endif @@ -102,7 +102,9 @@ common_source = \ sig-check.c \ keylist.c \ pkglue.c pkglue.h \ - ecdh.c + ecdh.c \ + kdb.c kdb.h \ + sqlite.c sqlite.h gpg2_SOURCES = gpg.c \ server.c \ @@ -148,7 +150,7 @@ gpgv2_SOURCES = gpgv.c \ LDADD = $(needed_libs) ../common/libgpgrl.a \ $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS) -gpg2_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ +gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(resource_objs) $(extra_sys_libs) gpg2_LDFLAGS = $(extra_bin_ldflags) diff --git a/g10/import.c b/g10/import.c index e1577b8..7555cc6 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1154,6 +1154,9 @@ import_one (ctrl_t ctrl, goto leave; } + assert (strcmp (keystr_from_pk(keyblock_orig->pkt->pkt.public_key), + keystr_from_pk(pk)) == 0); + /* Make sure the original direct key sigs are all sane. */ n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid); if (n_sigs_cleaned) diff --git a/g10/kdb.c b/g10/kdb.c new file mode 100644 index 0000000..da99573 --- /dev/null +++ b/g10/kdb.c @@ -0,0 +1,1349 @@ +#include +#include +#include + +#include "gpg.h" +#include "util.h" +#include "logging.h" +#include "i18n.h" +#include "mbox-util.h" +#include "sqlite.h" + +#include "kdb.h" + +#if 0 +# define DEBUG(fmt, ...) \ + do { \ + log_debug("%s:%d: "fmt, __func__, __LINE__, ##__VA_ARGS__); \ + } while (0) +#else +# define DEBUG(fmt, ...) do {} while (0) +#endif + + +struct kdb_resource +{ + struct kdb_resource *next; + int read_only; + sqlite3 *db; + + long long int key; + char *kb; + int kb_len; + u32 *sigstatus; + + char fname[1]; +}; +typedef struct kdb_resource *KDB_RESOURCE; +typedef struct kdb_resource const * CONST_KDB_RESOURCE; + +/* All registered resources. */ +static KDB_RESOURCE kdb_resources; + +static void +hdr_cache_clear (KDB_RESOURCE resource) +{ + xfree (resource->kb); + resource->kb = NULL; + + xfree (resource->sigstatus); + resource->sigstatus = NULL; + + resource->key = -1; +} + +struct key +{ + unsigned long int key; + char *kb; + size_t kb_len; + u32 *sigstatus; + struct key *next; +}; + +struct keydb_handle +{ + KDB_RESOURCE resource; + /* Current key. */ + long long int key; + int eof; + + struct key *full_scan; + + struct { + long long int key; + int pk_no; + int uid_no; + } found, saved_found; +}; + +/* Perform an in-place reversal. Returns the new head. */ +static struct key * +key_list_reverse (struct key *list) +{ + struct key *list_rev = NULL; + + while (list) + { + struct key *list_next_orig = list->next; + list->next = list_rev; + list_rev = list; + list = list_next_orig; + } + return list_rev; +} + +static struct key * +key_free (struct key *key) +{ + struct key *key_next; + + if (! key) + return NULL; + + key_next = key->next; + xfree (key->kb); + xfree (key->sigstatus); + xfree (key); + + return key_next; +} + +static void +hd_cache_clear (KDB_HANDLE hd) +{ + struct key *key_next; + + if (! hd->full_scan) + return; + + key_next = hd->full_scan; + while (key_next) + key_next = key_free (key_next); + + hd->full_scan = NULL; +} + +/* RESOURCE is a value returned by a previous call to + kdb_register_file in *RESOURCEP. */ +KDB_HANDLE +kdb_new (void *resource) +{ + KDB_RESOURCE r; + KDB_HANDLE hd; + + /* Assert that the resource was indeed previously registered. */ + for (r = kdb_resources; r; r = r->next) + if (r == resource) + break; + assert (r); + + hd = xmalloc_clear (sizeof (*hd)); + hd->resource = resource; + hd->key = -1; + return hd; +} + + +/* Collect a series of integers from a query. Aborts if the argument + is not a valid integer (or real of the form X.0). COOKIE points to + an array of unsigned long ints, which has enough space for ARGC + values. */ +static int +get_unsigned_longs_cb (void *cookie, int argc, char **argv, char **azColName) +{ + unsigned long int *values = cookie; + int i; + char *tail = NULL; + + (void) azColName; + + for (i = 0; i < argc; i ++) + { + if (! argv[i]) + values[i] = 0; + else + { + errno = 0; + values[i] = strtoul (argv[i], &tail, 0); + if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0')) + /* Abort. */ + return 1; + } + } + + return 0; +} + +static int +get_unsigned_longs_cb2 (void *cookie, int argc, char **argv, char **azColName, + sqlite3_stmt *stmt) +{ + (void) stmt; + return get_unsigned_longs_cb (cookie, argc, argv, azColName); +} + +/* We expect a single integer column whose name is "version". COOKIE + must point to an int. This function always aborts. On error or a + if the version is bad, sets *VERSION to -1. */ +static int +version_check_cb (void *cookie, int argc, char **argv, char **azColName) +{ + int *version = cookie; + + if (argc != 1 || strcmp (azColName[0], "version") != 0) + { + *version = -1; + return 1; + } + + if (strcmp (argv[0], "1") == 0) + *version = 1; + else + { + log_error (_("unsupported kdb version: %s\n"), argv[0]); + *version = -1; + } + + /* Don't run again. */ + return 1; +} + +/* Register a new file. If the file has already been registered then + returns NULL otherwise returns */ +gpg_error_t +kdb_register_file (const char *fname, int read_only, void **resourcep) +{ + KDB_RESOURCE resource; + int rc; + sqlite3 *db = NULL; + char *err; + unsigned long int count; + int need_init = 1; + + for (resource = kdb_resources; resource; resource = resource->next) + if (same_file_p (resource->fname, fname)) + { + if (resourcep) + *resourcep = resource; + if (read_only) + resource->read_only = 1; + return 0; + } + + rc = sqlite3_open_v2 (fname, &db, + read_only + ? SQLITE_OPEN_READONLY + : (SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE), + NULL); + if (rc) + { + log_error ("Failed to open the key db '%s': %s\n", + fname, sqlite3_errstr (rc)); + return rc; + } + + /* If the DB has no tables, then assume this is a new DB that needs + to be initialized. */ + rc = sqlite3_exec (db, + "select count(*) from sqlite_master where type='table';", + get_unsigned_longs_cb, &count, &err); + if (rc) + { + log_error (_("error querying kdb's available tables: %s\n"), + err); + sqlite3_free (err); + goto out; + } + else if (count != 0) + /* Assume that the DB is already initialized. Make sure the + version is okay. */ + { + int version = -1; + rc = sqlite3_exec (db, "select version from version;", version_check_cb, + &version, &err); + if (rc == SQLITE_ABORT && version == 1) + /* Happy, happy, joy, joy. */ + { + sqlite3_free (err); + rc = 0; + need_init = 0; + } + else if (rc == SQLITE_ABORT && version == -1) + /* Unsupported version. */ + { + /* An error message was already displayed. */ + sqlite3_free (err); + goto out; + } + else if (rc) + /* Some error. */ + { + log_error (_("error determining kdb's version: %s\n"), err); + sqlite3_free (err); + goto out; + } + else + /* Unexpected success. This can only happen if there are no + rows. */ + { + log_error (_("error determining kdb's version: %s\n"), + "select returned 0, but expected ABORT"); + rc = 1; + goto out; + } + } + + if (need_init) + { + /* Create the version table. */ + rc = sqlite3_exec (db, + "create table version (version INTEGER);", + NULL, NULL, &err); + if (rc) + { + log_error (_("error initializing kdb database (%s): %s\n"), + "version", err); + sqlite3_free (err); + goto out; + } + + /* Initialize the version table, which contains a single integer + value. */ + rc = sqlite3_exec (db, + "insert into version values (1);", + NULL, NULL, &err); + if (rc) + { + log_error (_("error initializing kdb database (%s): %s\n"), + "version, init", err); + sqlite3_free (err); + goto out; + } + + /* We have 3 tables: + + primaries - the list of all primary keys and the key block. + + keys - the list of all keys and subkeys. + + user ids - the list of all user ids. */ + + rc = sqlite3_exec + (db, + /* Enable foreign key constraints. */ + "pragma foreign_keys = on;\n" + "create table primaries\n" + " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n" + " fingerprint_rev TEXT COLLATE NOCASE, keyblock BLOB,\n" + " sigstatus TEXT);\n" + "create index primaries_fingerprint on primaries\n" + " (fingerprint_rev COLLATE NOCASE);\n" + "\n" + "create table keys\n" + " (primary_key INTEGER, fingerprint_rev TEXT COLLATE NOCASE,\n" + " pk_no INTEGER,\n" + " unique (primary_key, pk_no),\n" + " foreign key (primary_key) references primaries(oid));\n" + "create index keys_fingerprint_primary_key_pk_no on keys\n" + " (fingerprint_rev COLLATE NOCASE, primary_key, pk_no);\n" + "create index keys_primary_key_pk_no on keys (primary_key, pk_no);\n" + "\n" + /* XXX: Is COLLATE NOCASE reasonable? */ + "create table uids\n" + " (primary_key INTEGER, uid TEXT COLLATE NOCASE,\n" + " email TEXT COLLATE NOCASE, uid_no INTEGER,\n" + " unique (primary_key, uid_no),\n" + " foreign key (primary_key) references primaries(oid));\n" + "create index uids_ordered on uids (primary_key, uid_no);\n" + /* In most cases, we search for a substring (like + '%foo at bar.com%'. This can't exploit an index so the + following indices mostly represent overhead. */ +#if 0 + "create index uids_uid_ordered on uids\n" + " (uid COLLATE NOCASE, primary_key, uid_no);\n" + "create index uids_email_ordered on uids\n" + " (email COLLATE NOCASE, primary_key, uid_no);\n" +#endif + , + NULL, NULL, &err); + if (rc) + { + log_error (_("error initializing kdb database: %s\n"), err); + sqlite3_free (err); + goto out; + } + } + + resource = xmalloc_clear (sizeof *resource + strlen (fname)); + strcpy (resource->fname, fname); + resource->read_only = read_only; + resource->db = db; + resource->next = kdb_resources; + kdb_resources = resource; + + if (resourcep) + *resourcep = resource; + + out: + if (rc) + { + if (resourcep) + *resourcep = NULL; + + sqlite3_close (db); + return gpg_error (GPG_ERR_GENERAL); + } + + return 0; +} + +int +kdb_is_writable (void *token) +{ + KDB_RESOURCE resource = token; + if (resource->read_only) + return 0; + return 1; +} + +/* Release the handle. */ +void +kdb_release (KDB_HANDLE hd) +{ + KDB_RESOURCE r; + + if (! hd) + return; + + /* Check for double frees. */ + assert (hd->resource); + for (r = kdb_resources; r; r = r->next) + if (r == hd->resource) + break; + assert (r); + + hd_cache_clear (hd); + + hd->resource = NULL; + + xfree (hd); +} + +void +kdb_push_found_state (KDB_HANDLE hd) +{ + hd->saved_found = hd->found; + hd->found.key = -1; +} + +void +kdb_pop_found_state (KDB_HANDLE hd) +{ + hd->found = hd->saved_found; + hd->saved_found.key = -1; +} + +const char * +kdb_get_resource_name (KDB_HANDLE hd) +{ + if (!hd || !hd->resource) + return NULL; + return hd->resource->fname; +} + +/* If YES is 1, lock the DB. Otherwise, unlock it. Returns an error + code if locking failed. */ +int +kdb_lock (KDB_HANDLE hd, int yes) +{ + int rc; + char *err; + + if (yes) + /* Lock. */ + { + rc = sqlite3_exec (hd->resource->db, "savepoint lock;", + NULL, NULL, &err); + if (rc) + { + log_error (_("error beginning transaction on KDB database: %s\n"), + err); + sqlite3_free (err); + return 1; + } + + return 0; + } + else + /* Unlock. */ + { + rc = sqlite3_exec (hd->resource->db, "release lock;", NULL, NULL, &err); + if (rc) + { + log_error (_("error ending transaction on KDB database: %s\n"), + err); + sqlite3_free (err); + return 1; + } + + return 0; + } +} + +static u32 * +sigstatus_parse (const char *sigstatus_str) +{ + int entries; + int i; + u32 *sigstatus; + char *tail; + + /* Count the number of values (= # of semicolons plus 1). */ + entries = 1; + for (i = 0; i < strlen (sigstatus_str); i ++) + if (sigstatus_str[i] == ';') + entries ++; + + /* The first entry is the number of entries. */ + sigstatus = xmalloc (sizeof (sigstatus[0]) * (1 + entries)); + sigstatus[0] = entries; + + for (i = 0; i < entries; i ++) + { + errno = 0; + sigstatus[i + 1] = strtoul (sigstatus_str, &tail, 0); + if (errno || ! ((i < entries - 1 && *tail == ';') + || (i == entries - 1 && *tail == '\0'))) + /* Abort. */ + { + log_info ("%s: Failed to parse %s\n", __func__, sigstatus_str); + return NULL; + } + + sigstatus_str = tail; + if (i < entries - 1) + { + assert (*tail == ';'); + sigstatus_str ++; + } + else + assert (*tail == '\0'); + } + + return sigstatus; +} + +static int keyblock_cached; +static int keyblock_cache_hit; +static int keyblock_cache_miss; + +/* The caller needs to make sure that hd->resource->key is updated! */ +static int +keyblock_cb (void *cookie, int cols, char **values, char **names, + sqlite3_stmt *stmt) +{ + KDB_HANDLE hd = cookie; + + (void) cols; + (void) values; + (void) names; + + assert (cols == 2); + assert (strcmp (names[0], "keyblock") == 0); + assert (strcmp (names[1], "sigstatus") == 0); + + xfree (hd->resource->kb); + hd->resource->kb_len = sqlite3_column_bytes (stmt, 0); + hd->resource->kb = xmalloc (hd->resource->kb_len); + memcpy (hd->resource->kb, sqlite3_column_blob (stmt, 0), + hd->resource->kb_len); + hd->resource->sigstatus = sigstatus_parse (values[1]); + + keyblock_cached ++; + + /* Abort to indicate success. */ + return 1; +} + +int +kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf, + int *pk_no, int *uid_no, u32 **sigstatus) +{ + int rc; + char *err; + sqlite3_stmt *stmt = NULL; + + if (pk_no) + *pk_no = 0; + if (uid_no) + *uid_no = 0; + if (sigstatus) + *sigstatus = NULL; + + if (hd->found.key == -1) + /* Got nothing. */ + return gpg_error (GPG_ERR_EOF); + + DEBUG ("getting keyblock for key #%lld\n", hd->found.key); + + if (keyblock_cache_hit || keyblock_cache_miss) + DEBUG ("keyblock cache: %d fills, %d hits (%d%%), %d misses\n", + keyblock_cached, keyblock_cache_hit, + (keyblock_cache_hit * 100) + / (keyblock_cache_hit + keyblock_cache_miss), + keyblock_cache_miss); + + if (hd->resource->kb && hd->resource->key == hd->found.key) + { + DEBUG("read keyblock from resource cache.\n"); + keyblock_cache_hit ++; + *iobuf = iobuf_temp_with_content (hd->resource->kb, hd->resource->kb_len); + if (hd->resource->sigstatus) + { + size_t s = (sizeof (hd->resource->sigstatus[0]) + * (1 + hd->resource->sigstatus[0])); + *sigstatus = xmalloc (s); + memcpy (*sigstatus, hd->resource->sigstatus, s); + } + return 0; + } + else if (hd->full_scan && hd->full_scan->key == hd->found.key) + { + DEBUG("read keyblock from full scan cache.\n"); + *iobuf = iobuf_temp_with_content (hd->full_scan->kb, + hd->full_scan->kb_len); + if (hd->full_scan->sigstatus) + { + size_t s = (sizeof (hd->full_scan->sigstatus[0]) + * (1 + hd->full_scan->sigstatus[0])); + *sigstatus = xmalloc (s); + memcpy (*sigstatus, hd->full_scan->sigstatus, s); + } + return 0; + } + else + keyblock_cache_miss ++; + + rc = sqlite3_stepx + (hd->resource->db, + &stmt, keyblock_cb, hd, &err, + "select keyblock, sigstatus from primaries where oid = ?", + SQLITE_ARG_LONG_LONG, hd->found.key, SQLITE_ARG_END); + if (rc == SQLITE_ABORT) + /* Success. */ + { + assert (hd->resource->kb); + hd->resource->key = hd->found.key; + *iobuf = iobuf_temp_with_content (hd->resource->kb, hd->resource->kb_len); + + rc = 0; + if (uid_no) + *uid_no = hd->found.uid_no; + if (pk_no) + *pk_no = hd->found.pk_no; + if (sigstatus && hd->resource->sigstatus) + { + size_t s = (sizeof (hd->resource->sigstatus[0]) + * (1 + hd->resource->sigstatus[0])); + *sigstatus = xmalloc (s); + memcpy (*sigstatus, hd->resource->sigstatus, s); + } + } + else if (! rc) + /* If we don't get an abort, then we didn't find the record. */ + rc = gpg_error (GPG_ERR_NOT_FOUND); + else + { + log_error (_("reading keyblock from keydb DB: %s\n"), err); + sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); + } + + sqlite3_finalize (stmt); + return rc; +} + +int +kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb, + const void *image, size_t imagelen) +{ + (void) hd; + (void) kb; + (void) image; + (void) imagelen; + + log_fatal ("Implement %s.", __func__); +} + +static char * +strrev (char *str) +{ + int i; + int l = strlen (str); + + for (i = 0; i < l / 2; i ++) + { + char t = str[i]; + str[i] = str[l - 1 - i]; + str[l - 1 - i] = t; + } + + return str; +} + +static char * +fingerprint_ascii_rev (char *fingerprint_bin, int len) +{ + char *fingerprint = xmalloc (2 * len + 1); + bin2hex (fingerprint_bin, len, fingerprint); + return strrev (fingerprint); +} + +gpg_error_t +kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t root, + const void *image, size_t imagelen, u32 *sigstatus) +{ + PKT_public_key *mainpk = root->pkt->pkt.public_key; + char fingerprint_bin[MAX_FINGERPRINT_LEN]; + size_t fingerprint_bin_len = sizeof (fingerprint_bin); + char *fingerprint_rev = NULL; + + char *sigstatus_str = NULL; + + int rc; + char *err; + + sqlite3_stmt *uid_stmt = NULL; + sqlite3_stmt *key_stmt = NULL; + + long long oid; + int uid_no; + int pk_no; + kbnode_t k; + + if (!hd) + return gpg_error (GPG_ERR_INV_VALUE); + + hdr_cache_clear (hd->resource); + hd_cache_clear (hd); + + /* XXX: If we have a search result (hd->found), are we supposed to + replace it even if it isn't for the same key? */ + /* See if we are replacing or adding this record to the + database. */ + fingerprint_from_pk (mainpk, fingerprint_bin, &fingerprint_bin_len); + assert (fingerprint_bin_len == sizeof (fingerprint_bin)); + fingerprint_rev = + fingerprint_ascii_rev (fingerprint_bin, fingerprint_bin_len); + + if (sigstatus) + { + int i; + char *p; + p = sigstatus_str = xmalloc ((10 + 1) * sigstatus[0]); + for (i = 0; i < sigstatus[0]; i ++) + { + p += sprintf (p, "%d", sigstatus[i + 1]); + if (i != sigstatus[0] - 1) + *p ++ = ';'; + } + } + + oid = -1; + rc = sqlite3_stepx + (hd->resource->db, NULL, get_unsigned_longs_cb2, &oid, &err, + "select oid from primaries where fingerprint_rev = ?;", + SQLITE_ARG_STRING, fingerprint_rev, SQLITE_ARG_END); + if (rc) + { + log_error (_("looking up key in keydb DB: %s\n"), err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + + if (oid != -1) + /* This key is already in the DB. Replace it. */ + { + DEBUG ("%s already in DB (oid = %lld), updating.\n", + fingerprint_rev, oid); + + hdr_cache_clear (hd->resource); + + rc = sqlite3_exec_printf + (hd->resource->db, NULL, NULL, &err, + "delete from primaries where oid = %lld;" + "delete from keys where primary_key = %lld;" + "delete from uids where primary_key = %lld;", + oid, oid, oid); + if (rc) + { + log_error (_("updating key in keydb DB: %s\n"), err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + + /* Reuse the oid. So that any extant search won't return the + new record. */ + rc = sqlite3_stepx + (hd->resource->db, NULL, NULL, NULL, &err, + "insert into primaries (oid, fingerprint_rev, keyblock, sigstatus)\n" + " values (?, ?, ?, ?);", + SQLITE_ARG_LONG_LONG, oid, + SQLITE_ARG_STRING, fingerprint_rev, + SQLITE_ARG_BLOB, image, (long long) imagelen, + SQLITE_ARG_STRING, sigstatus_str, + SQLITE_ARG_END); + } + else + { + DEBUG ("New keyblock for %s.\n", fingerprint_rev); + rc = sqlite3_stepx + (hd->resource->db, NULL, NULL, NULL, &err, + "insert into primaries (fingerprint_rev, keyblock, sigstatus)\n" + " values (?, ?, ?);", + SQLITE_ARG_STRING, fingerprint_rev, + SQLITE_ARG_BLOB, image, (long long) imagelen, + SQLITE_ARG_STRING, sigstatus_str, + SQLITE_ARG_END); + } + + xfree (sigstatus_str); + xfree (fingerprint_rev); + fingerprint_rev = NULL; + + if (rc) + { + log_error (_("inserting %s record into keydb DB: %s\n"), + "primary key", err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + + oid = sqlite3_last_insert_rowid (hd->resource->db); + + uid_no = 0; + pk_no = 0; + for (k = root; k; k = k->next) + { + if (k->pkt->pkttype == PKT_USER_ID) + { + PKT_user_id *uid = k->pkt->pkt.user_id; + const char *user_id = uid->name; + char *email = mailbox_from_userid (user_id); + + uid_no ++; + + rc = sqlite3_stepx + (hd->resource->db, &uid_stmt, NULL, NULL, &err, + "insert into uids (primary_key, uid, email, uid_no)" + " values (?, ?, ?, ?);", + SQLITE_ARG_LONG_LONG, oid, + SQLITE_ARG_STRING, user_id, SQLITE_ARG_STRING, email, + SQLITE_ARG_INT, uid_no, + SQLITE_ARG_END); + xfree (email); + if (rc) + { + log_error (_("inserting %s record into keydb DB: %s\n"), + "uid", err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + } + else if (k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + PKT_public_key *pk = k->pkt->pkt.public_key; + + pk_no ++; + + fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); + assert (fingerprint_bin_len == sizeof (fingerprint_bin)); + fingerprint_rev = fingerprint_ascii_rev (fingerprint_bin, + fingerprint_bin_len); + + rc = sqlite3_stepx + (hd->resource->db, &key_stmt, NULL, NULL, &err, + "insert into keys (primary_key, fingerprint_rev, pk_no)" + " values (?, ?, ?);", + SQLITE_ARG_LONG_LONG, oid, + SQLITE_ARG_STRING, fingerprint_rev, + SQLITE_ARG_INT, pk_no, + SQLITE_ARG_END); + + xfree (fingerprint_rev); + fingerprint_rev = NULL; + + if (rc) + { + log_error (_("inserting %s record into keydb DB: %s\n"), + "key", err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + } + } + + sqlite3_finalize (uid_stmt); + sqlite3_finalize (key_stmt); + + return 0; +} + +int +kdb_delete (KDB_HANDLE hd) +{ + int rc; + char *err; + + if (!hd) + return gpg_error (GPG_ERR_INV_VALUE); + + if (hd->found.key == -1) + /* No search result. */ + return gpg_error (GPG_ERR_NOTHING_FOUND); + + hdr_cache_clear (hd->resource); + hd_cache_clear (hd); + + rc = sqlite3_exec_printf + (hd->resource->db, NULL, NULL, &err, + "delete from keys where primary = %d;\n" + "delete from uids where primary = %d;\n" + "delete from primaries where oid = %d;\n", + hd->found.key, hd->found.key, hd->found.key); + if (rc) + { + log_error (_("error deleting key from kdb database: %s\n"), err); + sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); + } + + return rc; +} + +int +kdb_search_reset (KDB_HANDLE hd) +{ + hd->key = -1; + hd->eof = 0; + + hd->found.key = -1; + + hd_cache_clear (hd); + + return 0; +} + +struct key_array +{ + long int count; + /* The maximum amount of memory to use before aborting. If 0, + unlimited. */ + size_t memory; + struct key *keys; +}; + +static int +get_keyblock_array_cb (void *cookie, int argc, char **argv, + char **azColName, sqlite3_stmt *stmt) +{ + struct key_array *a = cookie; + struct key *entry; + size_t len = sqlite3_column_bytes (stmt, 0); + char *tail; + + assert (argc == 3); + + (void) azColName; + + entry = xmalloc_clear (sizeof (*entry)); + entry->kb_len = len; + entry->kb = xmalloc (len); + memcpy (entry->kb, sqlite3_column_blob (stmt, 0), len); + + entry->sigstatus = sigstatus_parse (argv[1]); + + errno = 0; + entry->key = strtoul (argv[2], &tail, 0); + if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0')) + /* Abort. */ + { + xfree (entry); + return 1; + } + + /* Attach it. */ + entry->next = a->keys; + a->keys = entry; + + a->count ++; + + if (len >= a->memory) + /* Don't read another record. We're out of memory. */ + { + log_debug ("%s: Stopped prefilling read-ahead cache (%zd bytes larger than %zd bytes of available memory.\n", + __func__, len, a->memory); + return 1; + } + else + log_debug ("%s: Used %zd bytes of remaining %zd.\n", + __func__, len, a->memory); + + a->memory -= len; + + return 0; +} + +static gpg_error_t +key_list_load (struct keydb_handle *hd) +{ + int rc; + char *err = NULL; + struct key_array a; + a.count = 0; + /* Don't read much more than 20 MB of keyblocks into memory at a + time. */ + a.memory = 20 * 1024 * 1024; + a.keys = NULL; + + hd_cache_clear (hd); + + if (hd->key == -1) + /* From the beginning. */ + rc = sqlite3_stepx + (hd->resource->db, NULL, + get_keyblock_array_cb, &a, &err, + "select keyblock, sigstatus, oid from primaries" + " order by oid", + SQLITE_ARG_END); + else + rc = sqlite3_stepx + (hd->resource->db, NULL, + get_keyblock_array_cb, &a, &err, + "select keyblock, sigstatus, oid from primaries" + " where oid > ?" + " order by oid", + SQLITE_ARG_LONG_LONG, hd->key, + SQLITE_ARG_END); + + if (! rc) + /* We got the whole thing. */ + { + /* Add an EOF record. */ + struct key *k = xmalloc_clear (sizeof (*k)); + k->key = -1; + k->next = a.keys; + hd->full_scan = k; + } + else if (rc == SQLITE_ABORT) + /* Partial list. */ + { + rc = 0; + hd->full_scan = a.keys; + } + else + /* It is possible that we got a partial listing. */ + { + log_fatal ("error listing primary table: %s\n", err); + sqlite3_free (err); + } + + log_debug ("%s: Got %ld records.\n", __func__, a.count); + + hd->full_scan = key_list_reverse (hd->full_scan); + + if (rc) + return gpg_error (GPG_ERR_GENERAL); + return 0; +} + +static int +kdb_search_cb (void *cookie, int argc, char **argv, char **azColName, + sqlite3_stmt *stmt) +{ + KDB_HANDLE hd = cookie; + int i = 0; + unsigned long int values[argc]; + int got_keyblock = 0; + + /* Get the keyblock. */ + if (argc >= 2 + && strcmp (azColName[0], "keyblock") == 0 + && strcmp (azColName[1], "sigstatus") == 0) + { + /* When we do: select keyblock, min(oid) and we don't have any + results, then keyblock will be NULL. */ + if (argv[0]) + { + keyblock_cb (hd, 2, argv, azColName, stmt); + got_keyblock = 1; + } + i = 2; + } + + get_unsigned_longs_cb (&values[i], argc - i, &argv[i], &azColName[i]); + hd->found.uid_no = hd->found.pk_no = 0; + for (; i < argc; i ++) + if (strcmp (azColName[i], "oid") == 0) + { + hd->key = hd->found.key = values[i]; + if (got_keyblock) + hd->resource->key = hd->key; + } + else if (strcmp (azColName[i], "uid_no") == 0) + hd->found.uid_no = values[i]; + else if (strcmp (azColName[i], "pk_no") == 0) + hd->found.pk_no = values[i]; + else + log_bug ("%s: Bad column name: %s\n", __func__, azColName[i]); + + /* Abort. */ + return 1; +} + +int +kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + size_t ndesc, size_t *descindex) +{ + int n; + int have_next = 0; + char *where_uid = NULL; + char *where_key = NULL; + char *text; + int anyskip = 0; + int rc = 0; + char *err = NULL; + char *sql = NULL; + + hd->found.key = -1; + + for (n = 0; n < ndesc; n ++) + { + if (desc[n].mode == KEYDB_SEARCH_MODE_FIRST) + { + kdb_search_reset (hd); + desc[n].mode = KEYDB_SEARCH_MODE_NEXT; + have_next = 1; + } + if (desc[n].mode == KEYDB_SEARCH_MODE_NEXT) + have_next = 1; + } + + if (have_next) + { + if (hd->full_scan && hd->full_scan->key == hd->key) + /* The head of the full_scan list is the current key. + Remove the current key from the full_scan list and + return the next one. */ + hd->full_scan = key_free (hd->full_scan); + else + hd_cache_clear (hd); + + if (! hd->full_scan) + { + rc = key_list_load (hd); + if (rc) + goto out; + } + + /* We always add an EOF record. So, this can't be NULL. */ + assert (hd->full_scan); + + if (hd->full_scan->key == -1) + /* EOF! */ + hd->eof = 1; + else + hd->key = hd->found.key = hd->full_scan->key; + + goto out; + } + + hd_cache_clear (hd); + + if (hd->eof) + /* We're at the end of the file. There is nothing else to get. */ + return gpg_error (GPG_ERR_EOF); + +#define ADD_TERM(thing, op, fmt, ...) do { \ + char *t = sqlite3_mprintf \ + ("%s%s("fmt")", \ + thing ? thing : "", thing ? "\n "op" " : "", \ + ##__VA_ARGS__); \ + sqlite3_free (thing); \ + thing = t; \ + } while (0) +#define O(thing, fmt, ...) ADD_TERM(thing, "OR", fmt, ##__VA_ARGS__) +#define A(thing, fmt, ...) ADD_TERM(thing, "AND", fmt, ##__VA_ARGS__) + + if (descindex) + log_fatal ("Implement descindex\n"); + + for (n = 0; n < ndesc; n ++) + { + KEYDB_SEARCH_DESC *d = &desc[n]; + + switch (d->mode) + { + case KEYDB_SEARCH_MODE_EXACT: + O(where_uid, "uids.uid = %Q", desc[n].u.name); + break; + + case KEYDB_SEARCH_MODE_SUBSTR: + case KEYDB_SEARCH_MODE_MAIL: + case KEYDB_SEARCH_MODE_MAILSUB: + case KEYDB_SEARCH_MODE_MAILEND: + { + char *escaped = xmalloc (1 + 2 * strlen (d->u.name) + 1 + 1); + int i, j = 0; + + if (d->mode == KEYDB_SEARCH_MODE_SUBSTR + || d->mode == KEYDB_SEARCH_MODE_MAILSUB + || d->mode == KEYDB_SEARCH_MODE_MAILEND) + escaped[j ++] = '%'; + + for (i = 0; i < strlen (d->u.name); i ++) + { + if (d->u.name[i] == '%' || d->u.name[i] == '_' + || d->u.name[i] == '\'' || d->u.name[i] == '\\') + escaped[j ++] = '\\'; + escaped[j ++] = d->u.name[i]; + } + + if (d->mode == KEYDB_SEARCH_MODE_SUBSTR + || d->mode == KEYDB_SEARCH_MODE_MAILSUB) + escaped[j ++] = '%'; + + escaped[j] = 0; + + O(where_uid, "uids.%s like %Q", + d->mode == KEYDB_SEARCH_MODE_SUBSTR ? "uid" : "email", + escaped); + } + break; + + + case KEYDB_SEARCH_MODE_WORDS: + log_fatal ("Implement me!\n"); + break; + + + case KEYDB_SEARCH_MODE_SHORT_KID: + text = xmalloc (8 + 1); + snprintf (text, 9, "%08lX", (ulong) d->u.kid[1]); + O(where_key, "keys.fingerprint_rev like '%s%%'", strrev (text)); + xfree (text); + break; + + case KEYDB_SEARCH_MODE_LONG_KID: + text = xmalloc (8 * 2 + 1); + snprintf (text, 8 * 2 + 1, "%08lX%08lX", + (ulong) d->u.kid[0], (ulong) d->u.kid[1]); + O(where_key, "keys.fingerprint_rev like '%s%%'", strrev (text)); + xfree (text); + break; + + case KEYDB_SEARCH_MODE_FPR16: + if (d->mode == KEYDB_SEARCH_MODE_FPR16) + text = bin2hex (d->u.fpr, 16, NULL); + /* Fall through. */ + + case KEYDB_SEARCH_MODE_FPR20: + case KEYDB_SEARCH_MODE_FPR: + if (d->mode == KEYDB_SEARCH_MODE_FPR20 + || d->mode == KEYDB_SEARCH_MODE_FPR) + text = bin2hex (d->u.fpr, 20, NULL); + + strrev (text); + O(where_key, "keys.fingerprint_rev = '%s'", text); + xfree (text); + break; + + case KEYDB_SEARCH_MODE_FIRST: + case KEYDB_SEARCH_MODE_NEXT: + /* Already handled above. */ + break; + + default: + break; + } + + if (d->skipfnc) + anyskip = 1; + } + + if (anyskip) + log_fatal ("Implement anyskip."); + + DEBUG ("uid: %s\n", where_uid); + DEBUG ("key: %s\n", where_key); + + assert (where_uid || where_key); + if (where_uid && where_key) + sql = sqlite3_mprintf + ("select keyblock, sigstatus,\n" + " keys.primary_key oid, keys.pk_no, uids.uid_no\n" + " from primaries\n" + " left join keys on primaries.oid = keys.primary_key\n" + " left join uids on primaries.oid = uids.primary_key\n" + " where %s%lld and (%s and %s)\n" + " order by keys.primary_key, keys.pk_no, uids.uid_no\n" + " limit 1\n", + hd->key == -1 ? "" : "keys.primary_key > ", hd->key, + where_uid, where_key); + else if (where_key) + sql = sqlite3_mprintf + ("select primary_key oid, pk_no\n" + " from keys\n" + " where %s%lld and (%s)\n" + " order by primary_key, pk_no\n" + " limit 1;\n", + hd->key == -1 ? "" : "primary_key > ", hd->key, where_key); + else + sql = sqlite3_mprintf + ("select primary_key oid, uid_no\n" + " from uids\n" + " where %s%lld and (%s)\n" + " order by primary_key, uid_no\n" + " limit 1;\n", + hd->key == -1 ? "" : "primary_key > ", hd->key, where_uid); + DEBUG ("Running '%s'\n", sql); + rc = sqlite3_stepx (hd->resource->db, NULL, kdb_search_cb, hd, &err, + sql, SQLITE_ARG_END); + if (rc == SQLITE_ABORT) + /* Success. */ + rc = 0; + else if (rc) + { + log_fatal ("error search DB: %s\n", err); + sqlite3_free (err); + goto out; + } + else + /* EOF. */ + { + assert (hd->found.key == -1); + hd->eof = 1; + } + + out: + sqlite3_free (sql); + sqlite3_free (where_uid); + sqlite3_free (where_key); + + if (rc) + { + DEBUG ("Search result: Error.\n"); + return gpg_error (GPG_ERR_GENERAL); + } + if (hd->eof) + { + DEBUG ("Search result: ENOENT.\n"); + return gpg_error (GPG_ERR_EOF); + } + + DEBUG ("Search result: key #%lld.\n", hd->key); + + return 0; +} diff --git a/g10/kdb.h b/g10/kdb.h new file mode 100644 index 0000000..55e6962 --- /dev/null +++ b/g10/kdb.h @@ -0,0 +1,29 @@ +#ifndef GNUPG_KDB_H +#define GNUPG_KDB_H + +#include "keydb.h" + +typedef struct keydb_handle *KDB_HANDLE; + +gpg_error_t kdb_register_file (const char *fname, int read_only, void **ptr); +int kdb_is_writable (void *token); + +KDB_HANDLE kdb_new (void *token); +void kdb_release (KDB_HANDLE hd); +void kdb_push_found_state (KDB_HANDLE hd); +void kdb_pop_found_state (KDB_HANDLE hd); +const char *kdb_get_resource_name (KDB_HANDLE hd); +int kdb_lock (KDB_HANDLE hd, int yes); +int kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf, + int *pk_no, int *uid_no, u32 **sigstatus); +int kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb, + const void *image, size_t imagelen); +gpg_error_t kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t kb, + const void *image, size_t imagelen, + u32 *sigstatus); +int kdb_delete (KDB_HANDLE hd); +int kdb_search_reset (KDB_HANDLE hd); +int kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + size_t ndesc, size_t *descindex); + +#endif diff --git a/g10/keydb.c b/g10/keydb.c index 8a68980..2540af8 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -37,6 +37,7 @@ #include "../kbx/keybox.h" #include "keydb.h" #include "i18n.h" +#include "kdb.h" static int active_handles; @@ -44,7 +45,8 @@ typedef enum { KEYDB_RESOURCE_TYPE_NONE = 0, KEYDB_RESOURCE_TYPE_KEYRING, - KEYDB_RESOURCE_TYPE_KEYBOX + KEYDB_RESOURCE_TYPE_KEYBOX, + KEYDB_RESOURCE_TYPE_KEYDB } KeydbResourceType; #define MAX_KEYDB_RESOURCES 40 @@ -54,6 +56,7 @@ struct resource_item union { KEYRING_HANDLE kr; KEYBOX_HANDLE kb; + KDB_HANDLE kdb; } u; void *token; }; @@ -251,13 +254,14 @@ keyblock_cache_clear (struct keydb_handle *hd) /* Handle the creation of a keyring or a keybox if it does not yet exist. Take into account that other processes might have the keyring/keybox already locked. This lock check does not work if - the directory itself is not yet available. If IS_BOX is true the - filename is expected to refer to a keybox. If FORCE_CREATE is true - the keyring or keybox will be created. + the directory itself is not yet available. RT is the type of + resource being created. If FORCE_CREATE is true the keyring or + keybox will be created. Return 0 if it is okay to access the specified file. */ static int -maybe_create_keyring_or_box (char *filename, int is_box, int force_create) +maybe_create_resource (char *filename, KeydbResourceType rt, + int force_create) { dotlock_t lockhd = NULL; IOBUF iobuf; @@ -361,12 +365,25 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) if (!iobuf) { rc = gpg_error_from_syserror (); - if (is_box) - log_error (_("error creating keybox '%s': %s\n"), - filename, gpg_strerror (rc)); - else - log_error (_("error creating keyring '%s': %s\n"), - filename, gpg_strerror (rc)); + switch (rt) + { + case KEYDB_RESOURCE_TYPE_NONE: + log_fatal ("Bad value for resource type: %d\n", rt); + break; + + case KEYDB_RESOURCE_TYPE_KEYRING: + log_error (_("error creating keyring '%s': %s\n"), + filename, gpg_strerror (rc)); + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + log_error (_("error creating keybox '%s': %s\n"), + filename, gpg_strerror (rc)); + break; + case KEYDB_RESOURCE_TYPE_KEYDB: + log_error (_("error creating keydb '%s': %s\n"), + filename, gpg_strerror (rc)); + break; + } goto leave; } @@ -376,7 +393,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) /* Make sure that at least one record is in a new keybox file, so that the detection magic will work the next time it is used. */ - if (is_box) + if (rt == KEYDB_RESOURCE_TYPE_KEYBOX) { FILE *fp = fopen (filename, "w"); if (!fp) @@ -388,22 +405,29 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) } if (rc) { - if (is_box) - log_error (_("error creating keybox '%s': %s\n"), - filename, gpg_strerror (rc)); - else - log_error (_("error creating keyring '%s': %s\n"), - filename, gpg_strerror (rc)); + log_error (_("error creating keybox '%s': %s\n"), + filename, gpg_strerror (rc)); goto leave; } } if (!opt.quiet) { - if (is_box) - log_info (_("keybox '%s' created\n"), filename); - else - log_info (_("keyring '%s' created\n"), filename); + switch (rt) + { + case KEYDB_RESOURCE_TYPE_NONE: + log_fatal ("Bad value for resource type: %d\n", rt); + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + log_info (_("keyring '%s' created\n"), filename); + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + log_info (_("keybox '%s' created\n"), filename); + break; + case KEYDB_RESOURCE_TYPE_KEYDB: + log_info (_("keydb '%s' created\n"), filename); + break; + } } rc = 0; @@ -445,6 +469,8 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp) { if (magic == 0x13579ace || magic == 0xce9a5713) ; /* GDBM magic - not anymore supported. */ + else if (memcmp (&magic, "SQLi", 4) == 0) + rt = KEYDB_RESOURCE_TYPE_KEYDB; else if (fread (&verbuf, 4, 1, fp) == 1 && verbuf[0] == 1 && fread (&magic, 4, 1, fp) == 1 @@ -559,6 +585,11 @@ keydb_add_resource (const char *url, unsigned int flags) rt = KEYDB_RESOURCE_TYPE_KEYBOX; resname += 10; } + else if (strlen (resname) > 10 && !strncmp (resname, "gnupg-kdb:", 10) ) + { + rt = KEYDB_RESOURCE_TYPE_KEYDB; + resname += 10; + } #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__) else if (strchr (resname, ':')) { @@ -662,7 +693,8 @@ keydb_add_resource (const char *url, unsigned int flags) goto leave; case KEYDB_RESOURCE_TYPE_KEYRING: - rc = maybe_create_keyring_or_box (filename, 0, create); + rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYRING, + create); if (rc) goto leave; @@ -692,7 +724,8 @@ keydb_add_resource (const char *url, unsigned int flags) case KEYDB_RESOURCE_TYPE_KEYBOX: { - rc = maybe_create_keyring_or_box (filename, 1, create); + rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYBOX, + create); if (rc) goto leave; @@ -727,6 +760,36 @@ keydb_add_resource (const char *url, unsigned int flags) } break; + case KEYDB_RESOURCE_TYPE_KEYDB: + { + rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYDB, create); + if (rc) + goto leave; + + rc = kdb_register_file (filename, read_only, &token); + if (rc == 0) + { + if (used_resources >= MAX_KEYDB_RESOURCES) + rc = gpg_error (GPG_ERR_RESOURCE_LIMIT); + else + { + /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */ + /* primary_keyring = token; */ + all_resources[used_resources].type = rt; + all_resources[used_resources].u.kb = NULL; /* Not used here */ + all_resources[used_resources].token = token; + + used_resources++; + } + } + + /* XXX: How to mark this as a primary if it was already + registered. */ + /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */ + /* primary_keyring = token; */ + } + break; + default: log_error ("resource type of '%s' not supported\n", url); rc = gpg_error (GPG_ERR_GENERAL); @@ -792,6 +855,14 @@ keydb_new (void) die = 1; j++; break; + case KEYDB_RESOURCE_TYPE_KEYDB: + hd->active[j].type = all_resources[i].type; + hd->active[j].token = all_resources[i].token; + hd->active[j].u.kdb = kdb_new (all_resources[i].token); + if (!hd->active[j].u.kdb) + die = 1; + j++; + break; } } hd->used = j; @@ -831,6 +902,9 @@ keydb_release (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_release (hd->active[i].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + kdb_release (hd->active[i].u.kdb); + break; } } @@ -873,6 +947,9 @@ keydb_get_resource_name (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: s = keybox_get_resource_name (hd->active[idx].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + s = kdb_get_resource_name (hd->active[idx].u.kdb); + break; } return s? s: ""; @@ -904,6 +981,9 @@ lock_all (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: rc = keybox_lock (hd->active[i].u.kb, 1); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_lock (hd->active[i].u.kdb, 1); + break; } } @@ -922,6 +1002,9 @@ lock_all (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: rc = keybox_lock (hd->active[i].u.kb, 0); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_lock (hd->active[i].u.kdb, 0); + break; } } } @@ -952,6 +1035,9 @@ unlock_all (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_lock (hd->active[i].u.kb, 0); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + kdb_lock (hd->active[i].u.kdb, 0); + break; } } hd->locked = 0; @@ -981,6 +1067,9 @@ keydb_push_found_state (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_push_found_state (hd->active[hd->found].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + kdb_push_found_state (hd->active[hd->found].u.kdb); + break; } hd->saved_found = hd->found; @@ -1009,6 +1098,9 @@ keydb_pop_found_state (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_pop_found_state (hd->active[hd->found].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + kdb_pop_found_state (hd->active[hd->found].u.kdb); + break; } } @@ -1254,6 +1346,23 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) } } break; + case KEYDB_RESOURCE_TYPE_KEYDB: + { + iobuf_t iobuf; + u32 *sigstatus; + int pk_no, uid_no; + + err = kdb_get_keyblock (hd->active[hd->found].u.kdb, &iobuf, + &pk_no, &uid_no, &sigstatus); + if (!err) + { + err = parse_keyblock_image (iobuf, pk_no, uid_no, sigstatus, + ret_kb); + xfree (sigstatus); + iobuf_close (iobuf); + } + break; + } } if (hd->keyblock_cache.state != KEYBLOCK_CACHE_FILLED) @@ -1399,6 +1508,20 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb) } } break; + case KEYDB_RESOURCE_TYPE_KEYDB: + { + iobuf_t iobuf; + + err = build_keyblock_image (kb, &iobuf, NULL); + if (!err) + { + err = kdb_update_keyblock (hd->active[hd->found].u.kdb, kb, + iobuf_get_temp_buffer (iobuf), + iobuf_get_temp_length (iobuf)); + iobuf_close (iobuf); + } + } + break; } unlock_all (hd); @@ -1460,6 +1583,23 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb) } } break; + case KEYDB_RESOURCE_TYPE_KEYDB: + { + iobuf_t iobuf; + u32 *sigstatus; + + err = build_keyblock_image (kb, &iobuf, &sigstatus); + if (!err) + { + err = kdb_insert_keyblock (hd->active[idx].u.kdb, kb, + iobuf_get_temp_buffer (iobuf), + iobuf_get_temp_length (iobuf), + sigstatus); + xfree (sigstatus); + iobuf_close (iobuf); + } + } + break; } unlock_all (hd); @@ -1499,6 +1639,9 @@ keydb_delete_keyblock (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: rc = keybox_delete (hd->active[hd->found].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_delete (hd->active[hd->found].u.kdb); + break; } unlock_all (hd); @@ -1553,6 +1696,10 @@ keydb_locate_writable (KEYDB_HANDLE hd) if (keybox_is_writable (hd->active[hd->current].token)) return 0; /* found (hd->current is set to it) */ break; + case KEYDB_RESOURCE_TYPE_KEYDB: + if (kdb_is_writable (hd->active[hd->current].token)) + return 0; /* found (hd->current is set to it) */ + break; } } @@ -1581,6 +1728,9 @@ keydb_rebuild_caches (int noisy) case KEYDB_RESOURCE_TYPE_KEYBOX: /* N/A. */ break; + case KEYDB_RESOURCE_TYPE_KEYDB: + /* N/A. */ + break; } } } @@ -1626,6 +1776,9 @@ keydb_search_reset (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: rc = keybox_search_reset (hd->active[i].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_search_reset (hd->active[i].u.kdb); + break; } } hd->is_reset = 1; @@ -1717,6 +1870,10 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, descindex, &hd->skipped_long_blobs); while (rc == GPG_ERR_LEGACY_KEY); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_search (hd->active[hd->current].u.kdb, desc, + ndesc, descindex); + break; } if (DBG_LOOKUP) diff --git a/g10/trustdb.c b/g10/trustdb.c index 386796c..f59fa1a 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1716,7 +1716,8 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust, desc.skipfnc = search_skipfnc; desc.skipfncvalue = full_trust; rc = keydb_search (hd, &desc, 1, NULL); - if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND + || gpg_err_code (rc) == GPG_ERR_EOF) { keys[nkeys].keyblock = NULL; return keys; ----------------------------------------------------------------------- hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 15:51:06 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Nov 2015 15:51:06 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.0-6-g7d836d5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 7d836d5126b5399f3d76f5fa2d7ede7905b39304 (commit) via add6953a916dafa93ae152bffc937a93ab5b55f8 (commit) via 429ff31fe72db8afedaad3f2d089c9c3b5dae41e (commit) via 5b927b3dcffa2918e6b503c4907923aadbad0865 (commit) via cef28d96debcf94003f94f3ea2181e80aff0b665 (commit) from c2fca26e2d9fb9ba7a9d87300e735a53e2615a7a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7d836d5126b5399f3d76f5fa2d7ede7905b39304 Author: Werner Koch Date: Mon Nov 23 15:47:16 2015 +0100 Post release updates -- diff --git a/NEWS b/NEWS index 314c8d7..786297b 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes in version 2.4.2 (unreleased) [C7/A7/R_] +------------------------------------------------ + + Noteworthy changes in version 2.4.1 (2015-11-23) [C7/A7/R1] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index fa02ba7..6f47d4e 100644 --- a/configure.ac +++ b/configure.ac @@ -32,7 +32,7 @@ min_automake_version="1.14" m4_define([mym4_package],[libassuan]) m4_define([mym4_major], [2]) m4_define([mym4_minor], [4]) -m4_define([mym4_micro], [1]) +m4_define([mym4_micro], [2]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release commit add6953a916dafa93ae152bffc937a93ab5b55f8 Author: Werner Koch Date: Mon Nov 23 15:42:51 2015 +0100 Release 2.4.1. * configure.ac: Bump LT version to C7/A7/R1. diff --git a/NEWS b/NEWS index 63b6e64..314c8d7 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,10 @@ -Noteworthy changes in version 2.4.1 (unreleased) [C7/A7/R_] +Noteworthy changes in version 2.4.1 (2015-11-23) [C7/A7/R1] ------------------------------------------------ + * In Tor mode fallback to port 9150 if 9050 is not listening. + + * Allow building with older mingw-w64 versions. + Noteworthy changes in version 2.4.0 (2015-11-03) [C7/A7/R0] ------------------------------------------------ diff --git a/configure.ac b/configure.ac index 313dafc..fa02ba7 100644 --- a/configure.ac +++ b/configure.ac @@ -61,7 +61,7 @@ AC_INIT([mym4_package],[mym4_version], [http://bugs.gnupg.org]) # LIBASSUAN_LT_CURRENT=7 LIBASSUAN_LT_AGE=7 -LIBASSUAN_LT_REVISION=0 +LIBASSUAN_LT_REVISION=1 # If the API is changed in an incompatible way: increment the next counter. LIBASSUAN_CONFIG_API_VERSION=2 commit 429ff31fe72db8afedaad3f2d089c9c3b5dae41e Author: Werner Koch Date: Mon Nov 23 15:04:11 2015 +0100 Make socks5 test case a bit more robust. * tests/socks5.c (main): Call gpgrt_init. Check for write and read errors. Allow building of some parts even w/o getaddrinfo. diff --git a/tests/socks5.c b/tests/socks5.c index 68659fc..7ab0438 100644 --- a/tests/socks5.c +++ b/tests/socks5.c @@ -39,16 +39,7 @@ #include "../src/assuan.h" #include "common.h" -#ifndef HAVE_GETADDRINFO -int -main (void) -{ - fputs ("socks5: getaddrinfo not supported\n", stderr); - return 77; /* Skip test. */ -} -#else /* HAVE_GETADDRINFO */ - /* M A I N @@ -71,6 +62,7 @@ main (int argc, char **argv) int c; int lf_seen; + gpgrt_init (); if (argc) { log_set_prefix (*argv); @@ -210,6 +202,7 @@ main (int argc, char **argv) } else { +#ifdef HAVE_GETADDRINFO struct addrinfo hints, *res, *ai; int ret; int anyok = 0; @@ -262,6 +255,12 @@ main (int argc, char **argv) freeaddrinfo (res); if (!anyok) exit (1); +#else /*!HAVE_GETADDRINFO*/ + (void)only_v4; + (void)only_v6; + fputs ("socks5: getaddrinfo not supported\n", stderr); + exit (77); /* Skip test. */ +#endif /*!HAVE_GETADDRINFO*/ } infp = es_fdopen_nc (sock, "rb"); @@ -279,9 +278,12 @@ main (int argc, char **argv) assuan_sock_close (sock); log_fatal ("opening outbound stream failed: %s\n", gpg_strerror (err)); } - es_fputs ("GET / HTTP/1.0\r\n\r\n", outfp); - es_fflush (outfp); + if (es_fflush (outfp)) + { + err = gpg_error_from_syserror (); + log_error ("es_fflush failed: %s\n", gpg_strerror (err)); + } lf_seen = 0; while ((c = es_fgetc (infp)) != EOF) { @@ -297,9 +299,13 @@ main (int argc, char **argv) else lf_seen = 0; } + if (es_ferror (infp)) + { + err = gpg_error_from_syserror (); + log_error ("es_fgetc failed: %s\n", gpg_strerror (err)); + } es_fclose (infp); es_fclose (outfp); return errorcount ? 1 : 0; } -#endif /*HAVE_GETADDRINFO*/ commit 5b927b3dcffa2918e6b503c4907923aadbad0865 Author: Werner Koch Date: Sat Nov 21 13:13:52 2015 +0100 Also try port 9150 in Tor mode. * src/assuan-socket.c (TOR_PORT2): New. (_assuan_sock_wsa2errno): Map WSAECONNREFUSED. (socks5_connect): Fall back to TOR_PORT2. Signed-off-by: Werner Koch diff --git a/src/assuan-socket.c b/src/assuan-socket.c index 5ad7299..9f9f155 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -110,6 +110,7 @@ /* The standard SOCKS and TOR port. */ #define SOCKS_PORT 1080 #define TOR_PORT 9050 +#define TOR_PORT2 9150 /* The Tor browser is listening there. */ /* In the future, we can allow access to sock_ctx, if that context's hook functions need to be overridden. There can only be one global @@ -300,6 +301,8 @@ _assuan_sock_wsa2errno (int err) return EPIPE; case WSANOTINITIALISED: return ENOSYS; + case WSAECONNREFUSED: + return ECONNREFUSED; default: return EIO; } @@ -730,6 +733,13 @@ socks5_connect (assuan_context_t ctx, assuan_fd_t sock, proxyaddr = (struct sockaddr *)&proxyaddr_in; proxyaddrlen = sizeof proxyaddr_in; ret = _assuan_connect (ctx, HANDLE2SOCKET (sock), proxyaddr, proxyaddrlen); + if (ret && socksport == TOR_PORT && errno == ECONNREFUSED) + { + /* Standard Tor port failed - try the Tor browser port. */ + proxyaddr_in.sin_port = htons (TOR_PORT2); + ret = _assuan_connect (ctx, HANDLE2SOCKET (sock), + proxyaddr, proxyaddrlen); + } if (ret) return ret; buffer[0] = 5; /* RFC-1928 VER field. */ commit cef28d96debcf94003f94f3ea2181e80aff0b665 Author: Andre Heinecke Date: Fri Nov 13 15:53:00 2015 +0100 Fix windows build with mingw-w64 2.0.x * src/assuan-socket.c: Add errno values not defined by mingw-w64 2.0 diff --git a/src/assuan-socket.c b/src/assuan-socket.c index 89723b3..5ad7299 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -70,6 +70,30 @@ # define S_IRGRP 0 # define S_IWGRP 0 #endif +#ifndef ENOTSUP +#define ENOTSUP 129 +#endif +#ifndef EPROTO +#define EPROTO 134 +#endif +#ifndef EPROTONOSUPPORT +#define EPROTONOSUPPORT 135 +#endif +#ifndef ENETDOWN +#define ENETDOWN 116 +#endif +#ifndef ENETUNREACH +#define ENETUNREACH 118 +#endif +#ifndef EHOSTUNREACH +#define EHOSTUNREACH 110 +#endif +#ifndef ECONNREFUSED +#define ECONNREFUSED 107 +#endif +#ifndef ETIMEDOUT +#define ETIMEDOUT 138 +#endif #endif #ifndef ENAMETOOLONG ----------------------------------------------------------------------- Summary of changes: NEWS | 10 +++++++++- configure.ac | 4 ++-- src/assuan-socket.c | 34 ++++++++++++++++++++++++++++++++++ tests/socks5.c | 30 ++++++++++++++++++------------ 4 files changed, 63 insertions(+), 15 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 15:54:41 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 23 Nov 2015 15:54:41 +0100 Subject: [git] gnupg-doc - branch, master, updated. a7cb96cf8a14560ee8f31525553cae6cad6ace1b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via a7cb96cf8a14560ee8f31525553cae6cad6ace1b (commit) from d4306247707570abc6c4d69260c710ca485832d2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a7cb96cf8a14560ee8f31525553cae6cad6ace1b Author: Werner Koch Date: Mon Nov 23 15:49:33 2015 +0100 swdb: Release libassuan, gpgex, and adns-g10 diff --git a/web/swdb.mac b/web/swdb.mac index 6d25cab..ba4e78d 100644 --- a/web/swdb.mac +++ b/web/swdb.mac @@ -103,9 +103,9 @@ # # LIBASSUAN # -#+macro: libassuan_ver 2.4.0 -#+macro: libassuan_size 572k -#+macro: libassuan_sha1 8b00866b3b0386e996cc6bdcb902c727f0d190a5 +#+macro: libassuan_ver 2.4.1 +#+macro: libassuan_size 573k +#+macro: libassuan_sha1 54982bf7ecf42c0c4d4251d49614ba18edb18264 # @@ -118,15 +118,15 @@ # # GpgEX # -#+macro: gpgex_ver 1.0.2 -#+macro: gpgex_sha1 8892dafc405255731b82a0c299960a5da59d3191 +#+macro: gpgex_ver 1.0.3 +#+macro: gpgex_sha1 52c803434b3d861ae68e93bf68852bed81c70166 # # ADNS # -#+macro: adns_ver 1.4-g10-6 -#+macro: adns_sha1 cc124d58828ab1d6fa7df49aaeb37985c5225de5 +#+macro: adns_ver 1.4-g10-7 +#+macro: adns_sha1 d2e089d98d3faed6cad009477cc0bc030b35c646 # ----------------------------------------------------------------------- Summary of changes: web/swdb.mac | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 15:56:23 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Mon, 23 Nov 2015 15:56:23 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-166-gb75e1b3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b75e1b3d8b1643640d046f7f8e89adf5b1caa7a3 (commit) via 946faaff04f3340ed6db9e89c5036dc5f9beca6a (commit) from 73c1a86ad937d7be027eece991c69aaeb6a1f092 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b75e1b3d8b1643640d046f7f8e89adf5b1caa7a3 Author: Justus Winter Date: Mon Nov 23 15:41:36 2015 +0100 dirmngr: Fix http lookups when libadns is used. * dirmngr/dns-stuff.c (resolve_name_adns): Fill in the port. -- Previously, sin_port was set to zero, making connect fail. Signed-off-by: Justus Winter diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 694c04b..b3ad9bc 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -253,7 +253,6 @@ resolve_name_adns (const char *name, unsigned short port, adns_answer *answer = NULL; int count; - (void)port; (void)want_family; *r_dai = NULL; @@ -319,6 +318,7 @@ resolve_name_adns (const char *name, unsigned short port, dai->protocol = want_socktype == SOCK_STREAM? IPPROTO_TCP : IPPROTO_UDP; dai->addrlen = len; memcpy (dai->addr, &addr->addr.sa, len); + ((struct sockaddr_in *) dai->addr)->sin_port = htons (port); dai->next = daihead; daihead = dai; err = 0; commit 946faaff04f3340ed6db9e89c5036dc5f9beca6a Author: Justus Winter Date: Mon Nov 23 15:46:33 2015 +0100 dirmngr: Fix SRV record lookups when using the system resolver. * dirmngr/dns-stuff.c (getsrv): Fix error handling. -- This fixes hkp server pools not using SRV records. Signed-off-by: Justus Winter diff --git a/dirmngr/dns-stuff.c b/dirmngr/dns-stuff.c index 2af4dec..694c04b 100644 --- a/dirmngr/dns-stuff.c +++ b/dirmngr/dns-stuff.c @@ -1086,10 +1086,10 @@ getsrv (const char *name,struct srventry **list) return -1; r = res_query (name, C_IN, T_SRV, answer, sizeof answer); - if (r < sizeof (HEADER) || r > sizeof answer) - return -1; if (header->rcode != NOERROR || !(count=ntohs (header->ancount))) return 0; /* Error or no record found. */ + if (r < sizeof (HEADER) || r > sizeof answer) + return -1; emsg = &answer[r]; pt = &answer[sizeof(HEADER)]; ----------------------------------------------------------------------- Summary of changes: dirmngr/dns-stuff.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 16:28:35 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 23 Nov 2015 16:28:35 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-117-g25fc98f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 25fc98f914e0935f06924918c03420c98d98cf37 (commit) from a1a88e9d68d8e298c07a3c20835c5017927640e7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 25fc98f914e0935f06924918c03420c98d98cf37 Author: Andre Heinecke Date: Mon Nov 23 16:25:34 2015 +0100 Be more tolerant when parsing RFC2047 * src/rfc2047parse.c (G_MIME_RFC2047_WORKAROUNDS): Enable. -- With enabling the workarounds we try to treat everything between the =? ?= markers of a word as an encoded word and don't bail if there are not correctly encoded chaacters in there. Enigmail does not encode dots in filenames. GMimes understanding of the RFC differes about that point. diff --git a/src/rfc2047parse.c b/src/rfc2047parse.c index d60fc35..8ba9085 100644 --- a/src/rfc2047parse.c +++ b/src/rfc2047parse.c @@ -38,7 +38,7 @@ #include "gmime-table-private.h" /* mabye we need this at some point later? */ -#define G_MIME_RFC2047_WORKAROUNDS false; +#define G_MIME_RFC2047_WORKAROUNDS 1 static unsigned char gmime_base64_rank[256] = { ----------------------------------------------------------------------- Summary of changes: src/rfc2047parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 17:08:10 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Mon, 23 Nov 2015 17:08:10 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-118-g0ce38a9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 0ce38a94a0944079256bc87baaf6f53d592c15b2 (commit) from 25fc98f914e0935f06924918c03420c98d98cf37 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0ce38a94a0944079256bc87baaf6f53d592c15b2 Author: Andre Heinecke Date: Mon Nov 23 17:07:31 2015 +0100 News for 1.3.0 release * NEWS: Add some news. diff --git a/NEWS b/NEWS index 69c56b7..c166fe6 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,18 @@ Noteworthy changes for version 1.3.0 (unreleased) ================================================= + * Outlook 2010 and later now handle recieved MIME mails. + + * A class of random crashes in Outlook 2010 and later has been + fixed. Bug#1837 + + * Attachments of mime mails with non ASCII characters are + now handled correctly. + + * Outlook 2016 is now supported. + + * Added translations for Chinese and French. + Noteworthy changes for version 1.2.1 (2014-08-13) ================================================= ----------------------------------------------------------------------- Summary of changes: NEWS | 12 ++++++++++++ 1 file changed, 12 insertions(+) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 22:26:27 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 23 Nov 2015 22:26:27 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-168-g19362a8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 19362a8dd7ee986c082a5afc5a446f939991ec0f (commit) via 5b84b0d660c8329e184d98682665aaea7e1703d2 (commit) from b75e1b3d8b1643640d046f7f8e89adf5b1caa7a3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 19362a8dd7ee986c082a5afc5a446f939991ec0f Author: Neal H. Walfield Date: Mon Nov 23 22:20:28 2015 +0100 gpg: Reflow long texts. * common/stringhelp.c (format_text): New function. * common/t-stringhelp.c (stresc): New function. (test_format_text): New function. Test format_text. * g10/tofu.c (get_trust): Use format_text to reflow long texts. (show_statistics): Likewise. -- Signed-off-by: Neal H. Walfield diff --git a/common/stringhelp.c b/common/stringhelp.c index d0b5561..6748d1e 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -1327,3 +1327,132 @@ strtokenize (const char *string, const char *delim) return result; } + +char * +format_text (char *text, int in_place, int target_cols, int max_cols) +{ + const int do_debug = 0; + + /* The character under consideration. */ + char *p; + /* The start of the current line. */ + char *line; + /* The last space that we saw. */ + char *last_space = NULL; + int last_space_cols = 0; + int copied_last_space = 0; + + if (! in_place) + text = xstrdup (text); + + p = line = text; + while (1) + { + /* The number of columns including any trailing space. */ + int cols; + + p = p + strcspn (p, "\n "); + if (! p) + /* P now points to the NUL character. */ + p = &text[strlen (text)]; + + if (*p == '\n') + /* Pass through any newlines. */ + { + p ++; + line = p; + last_space = NULL; + last_space_cols = 0; + copied_last_space = 1; + continue; + } + + /* Have a space or a NUL. Note: we don't count the trailing + space. */ + cols = utf8_charcount (line, (uintptr_t) p - (uintptr_t) line); + if (cols < target_cols) + { + if (! *p) + /* Nothing left to break. */ + break; + + last_space = p; + last_space_cols = cols; + p ++; + /* Skip any immediately following spaces. If we break: + "... foo bar ..." between "foo" and "bar" then we want: + "... foo\nbar ...", which means that the left space has + to be the first space after foo, not the last space + before bar. */ + while (*p == ' ') + p ++; + } + else + { + int cols_with_left_space; + int cols_with_right_space; + int left_penalty; + int right_penalty; + + cols_with_left_space = last_space_cols; + cols_with_right_space = cols; + + if (do_debug) + log_debug ("Breaking: '%.*s'\n", + (int) ((uintptr_t) p - (uintptr_t) line), line); + + /* The number of columns away from TARGET_COLS. We prefer + to underflow than to overflow. */ + left_penalty = target_cols - cols_with_left_space; + right_penalty = 2 * (cols_with_right_space - target_cols); + + if (cols_with_right_space > max_cols) + /* Add a large penalty for each column that exceeds + max_cols. */ + right_penalty += 4 * (cols_with_right_space - max_cols); + + if (do_debug) + log_debug ("Left space => %d cols (penalty: %d); right space => %d cols (penalty: %d)\n", + cols_with_left_space, left_penalty, + cols_with_right_space, right_penalty); + if (last_space_cols && left_penalty <= right_penalty) + /* Prefer the left space. */ + { + if (do_debug) + log_debug ("Breaking at left space.\n"); + p = last_space; + } + else + { + if (do_debug) + log_debug ("Breaking at right space.\n"); + } + + if (! *p) + break; + + *p = '\n'; + p ++; + if (*p == ' ') + { + int spaces; + for (spaces = 1; p[spaces] == ' '; spaces ++) + ; + memmove (p, &p[spaces], strlen (&p[spaces]) + 1); + } + line = p; + last_space = NULL; + last_space_cols = 0; + copied_last_space = 0; + } + } + + /* Chop off any trailing space. */ + while (text[strlen (text) - 1] == ' ') + text[strlen (text) - 1] = '\0'; + /* If we inserted the trailing newline, then remove it. */ + if (! copied_last_space && text[strlen (text) - 1] == '\n') + text[strlen (text) - 1] = '\0'; + + return text; +} diff --git a/common/stringhelp.h b/common/stringhelp.h index b34d28b..9ff062b 100644 --- a/common/stringhelp.h +++ b/common/stringhelp.h @@ -148,6 +148,11 @@ char **strsplit (char *string, char delim, char replacement, int *count); /* Tokenize STRING using the set of delimiters in DELIM. */ char **strtokenize (const char *string, const char *delim); +/* Format a string so that it fits within about TARGET_COLS columns. + If IN_PLACE is 0, then TEXT is copied to a new buffer, which is + returned. Otherwise, TEXT is modified in place and returned. + Normally, target_cols will be 72 and max_cols is 80. */ +char *format_text (char *text, int in_place, int target_cols, int max_cols); /*-- mapstrings.c --*/ const char *map_static_macro_string (const char *string); diff --git a/common/t-stringhelp.c b/common/t-stringhelp.c index 13f3afa..9e5410b 100644 --- a/common/t-stringhelp.c +++ b/common/t-stringhelp.c @@ -677,6 +677,142 @@ test_strtokenize (void) } } +static char * +stresc (char *s) +{ + char *p; + int l = strlen (s) + 1; + + for (p = s; *p; p ++) + if (*p == '\n') + l ++; + + p = xmalloc (l); + for (l = 0; *s; s ++, l ++) + { + if (*s == ' ') + p[l] = '_'; + else if (*p == '\n') + { + p[l ++] = '\\'; + p[l ++] = 'n'; + p[l] = '\n'; + } + else + p[l] = *s; + } + p[l] = *s; + + return p; +} + +static void +test_format_text (void) +{ + struct test + { + int target_cols, max_cols; + char *input; + char *expected; + }; + + struct test tests[] = { + { + 10, 12, + "", + "", + }, + { + 10, 12, + " ", + "", + }, + { + 10, 12, + " ", + "", + }, + { + 10, 12, + " \n ", + " \n", + }, + { + 10, 12, + " \n \n ", + " \n \n", + }, + { + 10, 12, + "0123456789 0123456789 0", + "0123456789\n0123456789\n0", + }, + { + 10, 12, + " 0123456789 0123456789 0 ", + " 0123456789\n0123456789\n0", + }, + { + 10, 12, + "01 34 67 90 23 56 89 12 45 67 89 1", + "01 34 67\n90 23 56\n89 12 45\n67 89 1" + }, + { + 10, 12, + "01 34 67 90 23 56 89 12 45 67 89 1", + "01 34 67\n90 23 56\n89 12 45\n67 89 1" + }, + { + 72, 80, + "Warning: if you think you've seen more than 10 messages " + "signed by this key, then this key might be a forgery! " + "Carefully examine the email address for small variations " + "(e.g., additional white space). If the key is suspect, " + "then use 'gpg --tofu-policy bad \"FINGERPRINT\"' to mark it as being bad.\n", + "Warning: if you think you've seen more than 10 messages signed by this\n" + "key, then this key might be a forgery! Carefully examine the email\n" + "address for small variations (e.g., additional white space). If the key\n" + "is suspect, then use 'gpg --tofu-policy bad \"FINGERPRINT\"' to mark it as\n" + "being bad.\n" + + }, + { + 72, 80, + "Normally, there is only a single key associated with an email " + "address. However, people sometimes generate a new key if " + "their key is too old or they think it might be compromised. " + "Alternatively, a new key may indicate a man-in-the-middle " + "attack! Before accepting this key, you should talk to or " + "call the person to make sure this new key is legitimate.", + "Normally, there is only a single key associated with an email " + "address.\nHowever, people sometimes generate a new key if " + "their key is too old or\nthey think it might be compromised. " + "Alternatively, a new key may indicate\na man-in-the-middle " + "attack! Before accepting this key, you should talk\nto or " + "call the person to make sure this new key is legitimate.", + } + }; + + int i; + int failed = 0; + + for (i = 0; i < sizeof (tests) / sizeof (tests[0]); i ++) + { + struct test *test = &tests[i]; + char *result = + format_text (test->input, 0, test->target_cols, test->max_cols); + if (strcmp (result, test->expected) != 0) + { + printf ("%s: Test #%d failed.\nExpected: '%s'\nResult: '%s'\n", + __func__, i + 1, stresc (test->expected), stresc (result)); + failed ++; + } + xfree (result); + } + + if (failed) + fail(0); +} int main (int argc, char **argv) @@ -692,6 +828,7 @@ main (int argc, char **argv) test_make_absfilename_try (); test_strsplit (); test_strtokenize (); + test_format_text (); xfree (home_buffer); return 0; diff --git a/g10/tofu.c b/g10/tofu.c index 5e38d21..d340bfe 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2038,7 +2038,9 @@ get_trust (struct dbs *dbs, const char *fingerprint, const char *email, "Alternatively, a new key may indicate a man-in-the-middle " "attack! Before accepting this key, you should talk to or " "call the person to make sure this new key is legitimate."; + text = format_text (text, 0, 72, 80); es_fprintf (fp, "\n%s\n", text); + xfree (text); } es_fputc ('\n', fp); @@ -2440,7 +2442,8 @@ show_statistics (struct dbs *dbs, const char *fingerprint, if (policy == TOFU_POLICY_AUTO && messages < 10) { char *set_policy_command; - const char *text; + char *text; + char *tmp; if (messages == 0) log_info (_("Warning: we've have yet to see" @@ -2462,9 +2465,14 @@ show_statistics (struct dbs *dbs, const char *fingerprint, "Carefully examine the email address for small variations " "(e.g., additional white space). If the key is suspect, " "then use '%s' to mark it as being bad.\n"; - log_info (text, - messages, messages == 1 ? _("message") : _("message"), - set_policy_command); + tmp = xasprintf + (text, + messages, messages == 1 ? _("message") : _("message"), + set_policy_command); + text = format_text (tmp, 0, 72, 80); + xfree (tmp); + log_info ("%s", text); + xfree (text); free (set_policy_command); } } commit 5b84b0d660c8329e184d98682665aaea7e1703d2 Author: Neal H. Walfield Date: Mon Nov 23 22:13:56 2015 +0100 common: Extend utf8_charcount to include the string's length. * common/stringhelp.c (utf8_charcount): Take additional parameter, len. Process at most LEN bytes. -- Signed-off-by: Neal H. Walfield diff --git a/agent/genkey.c b/agent/genkey.c index b780c50..2eec974 100644 --- a/agent/genkey.c +++ b/agent/genkey.c @@ -221,7 +221,7 @@ check_passphrase_constraints (ctrl_t ctrl, const char *pw, /* Now check the constraints and collect the error messages unless in in silent mode which returns immediately. */ - if (utf8_charcount (pw) < minlen ) + if (utf8_charcount (pw, -1) < minlen ) { if (!failed_constraint) { diff --git a/common/stringhelp.c b/common/stringhelp.c index 38c3832..d0b5561 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -746,16 +746,30 @@ sanitize_buffer (const void *p_arg, size_t n, int delim) /* Given a string containing an UTF-8 encoded text, return the number of characters in this string. It differs from strlen in that it - only counts complete UTF-8 characters. Note, that this function - does not take combined characters into account. */ + only counts complete UTF-8 characters. SIZE is the maximum length + of the string in bytes. If SIZE is -1, then a NUL character is + taken to be the end of the string. Note, that this function does + not take combined characters into account. */ size_t -utf8_charcount (const char *s) +utf8_charcount (const char *s, int len) { size_t n; + if (len == 0) + return 0; + for (n=0; *s; s++) - if ( (*s&0xc0) != 0x80 ) /* Exclude continuation bytes: 10xxxxxx */ - n++; + { + if ( (*s&0xc0) != 0x80 ) /* Exclude continuation bytes: 10xxxxxx */ + n++; + + if (len != -1) + { + len --; + if (len == 0) + break; + } + } return n; } diff --git a/common/stringhelp.h b/common/stringhelp.h index a84c81b..b34d28b 100644 --- a/common/stringhelp.h +++ b/common/stringhelp.h @@ -64,7 +64,7 @@ int hextobyte (const char *s); char *sanitize_buffer (const void *p, size_t n, int delim); -size_t utf8_charcount (const char *s); +size_t utf8_charcount (const char *s, int len); #ifdef HAVE_W32_SYSTEM diff --git a/g10/gpg.c b/g10/gpg.c index 5ba3a20..5c5afa6 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -1043,7 +1043,7 @@ build_list (const char *text, char letter, if (maybe_setuid) gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ - indent = utf8_charcount (text); + indent = utf8_charcount (text, -1); len = 0; init_membuf (&mb, 512); ----------------------------------------------------------------------- Summary of changes: agent/genkey.c | 2 +- common/stringhelp.c | 153 ++++++++++++++++++++++++++++++++++++++++++++++++-- common/stringhelp.h | 7 ++- common/t-stringhelp.c | 137 ++++++++++++++++++++++++++++++++++++++++++++ g10/gpg.c | 2 +- g10/tofu.c | 16 ++++-- 6 files changed, 305 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 23 22:39:17 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Mon, 23 Nov 2015 22:39:17 +0100 Subject: [git] GnuPG - branch, neal/kdb, updated. gnupg-2.1.9-169-g6da0e52 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, neal/kdb has been updated discards 68be39bdc474e77c533b3320541206084efa525d (commit) via 6da0e52af3e53469f50f0623f12a7d09521fdad8 (commit) via 19362a8dd7ee986c082a5afc5a446f939991ec0f (commit) via 5b84b0d660c8329e184d98682665aaea7e1703d2 (commit) via b75e1b3d8b1643640d046f7f8e89adf5b1caa7a3 (commit) via 946faaff04f3340ed6db9e89c5036dc5f9beca6a (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (68be39bdc474e77c533b3320541206084efa525d) \ N -- N -- N (6da0e52af3e53469f50f0623f12a7d09521fdad8) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6da0e52af3e53469f50f0623f12a7d09521fdad8 Author: Neal H. Walfield Date: Thu Oct 29 10:18:13 2015 +0100 New key db. diff --git a/g10/Makefile.am b/g10/Makefile.am index 10714f6..16e9ce9 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -30,7 +30,7 @@ include $(top_srcdir)/am/cmacros.am AM_CFLAGS = $(SQLITE3_CFLAGS) $(LIBGCRYPT_CFLAGS) \ $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) -needed_libs = ../kbx/libkeybox.a $(libcommon) +needed_libs = ../kbx/libkeybox.a $(libcommon) $(SQLITE3_LIBS) bin_PROGRAMS = gpg2 if !HAVE_W32CE_SYSTEM @@ -58,7 +58,7 @@ trust_source = trustdb.c trustdb.h tdbdump.c tdbio.c tdbio.h endif if USE_TOFU -tofu_source = tofu.h tofu.c sqlite.c sqlite.h +tofu_source = tofu.h tofu.c else tofu_source = endif @@ -102,7 +102,9 @@ common_source = \ sig-check.c \ keylist.c \ pkglue.c pkglue.h \ - ecdh.c + ecdh.c \ + kdb.c kdb.h \ + sqlite.c sqlite.h gpg2_SOURCES = gpg.c \ server.c \ @@ -148,7 +150,7 @@ gpgv2_SOURCES = gpgv.c \ LDADD = $(needed_libs) ../common/libgpgrl.a \ $(ZLIBS) $(LIBINTL) $(CAPLIBS) $(NETLIBS) -gpg2_LDADD = $(LDADD) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ +gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBREADLINE) \ $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) $(resource_objs) $(extra_sys_libs) gpg2_LDFLAGS = $(extra_bin_ldflags) diff --git a/g10/import.c b/g10/import.c index e1577b8..7555cc6 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1154,6 +1154,9 @@ import_one (ctrl_t ctrl, goto leave; } + assert (strcmp (keystr_from_pk(keyblock_orig->pkt->pkt.public_key), + keystr_from_pk(pk)) == 0); + /* Make sure the original direct key sigs are all sane. */ n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid); if (n_sigs_cleaned) diff --git a/g10/kdb.c b/g10/kdb.c new file mode 100644 index 0000000..b1c5544 --- /dev/null +++ b/g10/kdb.c @@ -0,0 +1,1349 @@ +#include +#include +#include + +#include "gpg.h" +#include "util.h" +#include "logging.h" +#include "i18n.h" +#include "mbox-util.h" +#include "sqlite.h" + +#include "kdb.h" + +#if 0 +# define DEBUG(fmt, ...) \ + do { \ + log_debug("%s:%d: "fmt, __func__, __LINE__, ##__VA_ARGS__); \ + } while (0) +#else +# define DEBUG(fmt, ...) do {} while (0) +#endif + + +struct kdb_resource +{ + struct kdb_resource *next; + int read_only; + sqlite3 *db; + + long long int key; + char *kb; + int kb_len; + u32 *sigstatus; + + char fname[1]; +}; +typedef struct kdb_resource *KDB_RESOURCE; +typedef struct kdb_resource const * CONST_KDB_RESOURCE; + +/* All registered resources. */ +static KDB_RESOURCE kdb_resources; + +static void +hdr_cache_clear (KDB_RESOURCE resource) +{ + xfree (resource->kb); + resource->kb = NULL; + + xfree (resource->sigstatus); + resource->sigstatus = NULL; + + resource->key = -1; +} + +struct key +{ + unsigned long int key; + char *kb; + size_t kb_len; + u32 *sigstatus; + struct key *next; +}; + +struct keydb_handle +{ + KDB_RESOURCE resource; + /* Current key. */ + long long int key; + int eof; + + struct key *full_scan; + + struct { + long long int key; + int pk_no; + int uid_no; + } found, saved_found; +}; + +/* Perform an in-place reversal. Returns the new head. */ +static struct key * +key_list_reverse (struct key *list) +{ + struct key *list_rev = NULL; + + while (list) + { + struct key *list_next_orig = list->next; + list->next = list_rev; + list_rev = list; + list = list_next_orig; + } + return list_rev; +} + +static struct key * +key_free (struct key *key) +{ + struct key *key_next; + + if (! key) + return NULL; + + key_next = key->next; + xfree (key->kb); + xfree (key->sigstatus); + xfree (key); + + return key_next; +} + +static void +hd_cache_clear (KDB_HANDLE hd) +{ + struct key *key_next; + + if (! hd->full_scan) + return; + + key_next = hd->full_scan; + while (key_next) + key_next = key_free (key_next); + + hd->full_scan = NULL; +} + +/* RESOURCE is a value returned by a previous call to + kdb_register_file in *RESOURCEP. */ +KDB_HANDLE +kdb_new (void *resource) +{ + KDB_RESOURCE r; + KDB_HANDLE hd; + + /* Assert that the resource was indeed previously registered. */ + for (r = kdb_resources; r; r = r->next) + if (r == resource) + break; + assert (r); + + hd = xmalloc_clear (sizeof (*hd)); + hd->resource = resource; + hd->key = -1; + return hd; +} + + +/* Collect a series of integers from a query. Aborts if the argument + is not a valid integer (or real of the form X.0). COOKIE points to + an array of unsigned long ints, which has enough space for ARGC + values. */ +static int +get_unsigned_longs_cb (void *cookie, int argc, char **argv, char **azColName) +{ + unsigned long int *values = cookie; + int i; + char *tail = NULL; + + (void) azColName; + + for (i = 0; i < argc; i ++) + { + if (! argv[i]) + values[i] = 0; + else + { + errno = 0; + values[i] = strtoul (argv[i], &tail, 0); + if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0')) + /* Abort. */ + return 1; + } + } + + return 0; +} + +static int +get_unsigned_longs_cb2 (void *cookie, int argc, char **argv, char **azColName, + sqlite3_stmt *stmt) +{ + (void) stmt; + return get_unsigned_longs_cb (cookie, argc, argv, azColName); +} + +/* We expect a single integer column whose name is "version". COOKIE + must point to an int. This function always aborts. On error or a + if the version is bad, sets *VERSION to -1. */ +static int +version_check_cb (void *cookie, int argc, char **argv, char **azColName) +{ + int *version = cookie; + + if (argc != 1 || strcmp (azColName[0], "version") != 0) + { + *version = -1; + return 1; + } + + if (strcmp (argv[0], "1") == 0) + *version = 1; + else + { + log_error (_("unsupported kdb version: %s\n"), argv[0]); + *version = -1; + } + + /* Don't run again. */ + return 1; +} + +/* Register a new file. If the file has already been registered then + returns NULL otherwise returns */ +gpg_error_t +kdb_register_file (const char *fname, int read_only, void **resourcep) +{ + KDB_RESOURCE resource; + int rc; + sqlite3 *db = NULL; + char *err; + unsigned long int count; + int need_init = 1; + + for (resource = kdb_resources; resource; resource = resource->next) + if (same_file_p (resource->fname, fname)) + { + if (resourcep) + *resourcep = resource; + if (read_only) + resource->read_only = 1; + return 0; + } + + rc = sqlite3_open_v2 (fname, &db, + read_only + ? SQLITE_OPEN_READONLY + : (SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE), + NULL); + if (rc) + { + log_error ("Failed to open the key db '%s': %s\n", + fname, sqlite3_errstr (rc)); + return rc; + } + + /* If the DB has no tables, then assume this is a new DB that needs + to be initialized. */ + rc = sqlite3_exec (db, + "select count(*) from sqlite_master where type='table';", + get_unsigned_longs_cb, &count, &err); + if (rc) + { + log_error (_("error querying kdb's available tables: %s\n"), + err); + sqlite3_free (err); + goto out; + } + else if (count != 0) + /* Assume that the DB is already initialized. Make sure the + version is okay. */ + { + int version = -1; + rc = sqlite3_exec (db, "select version from version;", version_check_cb, + &version, &err); + if (rc == SQLITE_ABORT && version == 1) + /* Happy, happy, joy, joy. */ + { + sqlite3_free (err); + rc = 0; + need_init = 0; + } + else if (rc == SQLITE_ABORT && version == -1) + /* Unsupported version. */ + { + /* An error message was already displayed. */ + sqlite3_free (err); + goto out; + } + else if (rc) + /* Some error. */ + { + log_error (_("error determining kdb's version: %s\n"), err); + sqlite3_free (err); + goto out; + } + else + /* Unexpected success. This can only happen if there are no + rows. */ + { + log_error (_("error determining kdb's version: %s\n"), + "select returned 0, but expected ABORT"); + rc = 1; + goto out; + } + } + + if (need_init) + { + /* Create the version table. */ + rc = sqlite3_exec (db, + "create table version (version INTEGER);", + NULL, NULL, &err); + if (rc) + { + log_error (_("error initializing kdb database (%s): %s\n"), + "version", err); + sqlite3_free (err); + goto out; + } + + /* Initialize the version table, which contains a single integer + value. */ + rc = sqlite3_exec (db, + "insert into version values (1);", + NULL, NULL, &err); + if (rc) + { + log_error (_("error initializing kdb database (%s): %s\n"), + "version, init", err); + sqlite3_free (err); + goto out; + } + + /* We have 3 tables: + + primaries - the list of all primary keys and the key block. + + keys - the list of all keys and subkeys. + + user ids - the list of all user ids. */ + + rc = sqlite3_exec + (db, + /* Enable foreign key constraints. */ + "pragma foreign_keys = on;\n" + "create table primaries\n" + " (oid INTEGER PRIMARY KEY AUTOINCREMENT,\n" + " fingerprint_rev TEXT COLLATE NOCASE, keyblock BLOB,\n" + " sigstatus TEXT);\n" + "create index primaries_fingerprint on primaries\n" + " (fingerprint_rev COLLATE NOCASE);\n" + "\n" + "create table keys\n" + " (primary_key INTEGER, fingerprint_rev TEXT COLLATE NOCASE,\n" + " pk_no INTEGER,\n" + " unique (primary_key, pk_no),\n" + " foreign key (primary_key) references primaries(oid));\n" + "create index keys_fingerprint_primary_key_pk_no on keys\n" + " (fingerprint_rev COLLATE NOCASE, primary_key, pk_no);\n" + "create index keys_primary_key_pk_no on keys (primary_key, pk_no);\n" + "\n" + /* XXX: Is COLLATE NOCASE reasonable? */ + "create table uids\n" + " (primary_key INTEGER, uid TEXT COLLATE NOCASE,\n" + " email TEXT COLLATE NOCASE, uid_no INTEGER,\n" + " unique (primary_key, uid_no),\n" + " foreign key (primary_key) references primaries(oid));\n" + "create index uids_ordered on uids (primary_key, uid_no);\n" + /* In most cases, we search for a substring (like + '%foo at bar.com%'. This can't exploit an index so the + following indices mostly represent overhead. */ +#if 0 + "create index uids_uid_ordered on uids\n" + " (uid COLLATE NOCASE, primary_key, uid_no);\n" + "create index uids_email_ordered on uids\n" + " (email COLLATE NOCASE, primary_key, uid_no);\n" +#endif + , + NULL, NULL, &err); + if (rc) + { + log_error (_("error initializing kdb database: %s\n"), err); + sqlite3_free (err); + goto out; + } + } + + resource = xmalloc_clear (sizeof *resource + strlen (fname)); + strcpy (resource->fname, fname); + resource->read_only = read_only; + resource->db = db; + resource->next = kdb_resources; + kdb_resources = resource; + + if (resourcep) + *resourcep = resource; + + out: + if (rc) + { + if (resourcep) + *resourcep = NULL; + + sqlite3_close (db); + return gpg_error (GPG_ERR_GENERAL); + } + + return 0; +} + +int +kdb_is_writable (void *token) +{ + KDB_RESOURCE resource = token; + if (resource->read_only) + return 0; + return 1; +} + +/* Release the handle. */ +void +kdb_release (KDB_HANDLE hd) +{ + KDB_RESOURCE r; + + if (! hd) + return; + + /* Check for double frees. */ + assert (hd->resource); + for (r = kdb_resources; r; r = r->next) + if (r == hd->resource) + break; + assert (r); + + hd_cache_clear (hd); + + hd->resource = NULL; + + xfree (hd); +} + +void +kdb_push_found_state (KDB_HANDLE hd) +{ + hd->saved_found = hd->found; + hd->found.key = -1; +} + +void +kdb_pop_found_state (KDB_HANDLE hd) +{ + hd->found = hd->saved_found; + hd->saved_found.key = -1; +} + +const char * +kdb_get_resource_name (KDB_HANDLE hd) +{ + if (!hd || !hd->resource) + return NULL; + return hd->resource->fname; +} + +/* If YES is 1, lock the DB. Otherwise, unlock it. Returns an error + code if locking failed. */ +int +kdb_lock (KDB_HANDLE hd, int yes) +{ + int rc; + char *err; + + if (yes) + /* Lock. */ + { + rc = sqlite3_exec (hd->resource->db, "savepoint lock;", + NULL, NULL, &err); + if (rc) + { + log_error (_("error beginning transaction on KDB database: %s\n"), + err); + sqlite3_free (err); + return 1; + } + + return 0; + } + else + /* Unlock. */ + { + rc = sqlite3_exec (hd->resource->db, "release lock;", NULL, NULL, &err); + if (rc) + { + log_error (_("error ending transaction on KDB database: %s\n"), + err); + sqlite3_free (err); + return 1; + } + + return 0; + } +} + +static u32 * +sigstatus_parse (const char *sigstatus_str) +{ + int entries; + int i; + u32 *sigstatus; + char *tail; + + /* Count the number of values (= # of semicolons plus 1). */ + entries = 1; + for (i = 0; i < strlen (sigstatus_str); i ++) + if (sigstatus_str[i] == ';') + entries ++; + + /* The first entry is the number of entries. */ + sigstatus = xmalloc (sizeof (sigstatus[0]) * (1 + entries)); + sigstatus[0] = entries; + + for (i = 0; i < entries; i ++) + { + errno = 0; + sigstatus[i + 1] = strtoul (sigstatus_str, &tail, 0); + if (errno || ! ((i < entries - 1 && *tail == ';') + || (i == entries - 1 && *tail == '\0'))) + /* Abort. */ + { + log_info ("%s: Failed to parse %s\n", __func__, sigstatus_str); + return NULL; + } + + sigstatus_str = tail; + if (i < entries - 1) + { + assert (*tail == ';'); + sigstatus_str ++; + } + else + assert (*tail == '\0'); + } + + return sigstatus; +} + +static int keyblock_cached; +static int keyblock_cache_hit; +static int keyblock_cache_miss; + +/* The caller needs to make sure that hd->resource->key is updated! */ +static int +keyblock_cb (void *cookie, int cols, char **values, char **names, + sqlite3_stmt *stmt) +{ + KDB_HANDLE hd = cookie; + + (void) cols; + (void) values; + (void) names; + + assert (cols == 2); + assert (strcmp (names[0], "keyblock") == 0); + assert (strcmp (names[1], "sigstatus") == 0); + + xfree (hd->resource->kb); + hd->resource->kb_len = sqlite3_column_bytes (stmt, 0); + hd->resource->kb = xmalloc (hd->resource->kb_len); + memcpy (hd->resource->kb, sqlite3_column_blob (stmt, 0), + hd->resource->kb_len); + hd->resource->sigstatus = sigstatus_parse (values[1]); + + keyblock_cached ++; + + /* Abort to indicate success. */ + return 1; +} + +int +kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf, + int *pk_no, int *uid_no, u32 **sigstatus) +{ + int rc; + char *err; + sqlite3_stmt *stmt = NULL; + + if (pk_no) + *pk_no = 0; + if (uid_no) + *uid_no = 0; + if (sigstatus) + *sigstatus = NULL; + + if (hd->found.key == -1) + /* Got nothing. */ + return gpg_error (GPG_ERR_EOF); + + DEBUG ("getting keyblock for key #%lld\n", hd->found.key); + + if (keyblock_cache_hit || keyblock_cache_miss) + DEBUG ("keyblock cache: %d fills, %d hits (%d%%), %d misses\n", + keyblock_cached, keyblock_cache_hit, + (keyblock_cache_hit * 100) + / (keyblock_cache_hit + keyblock_cache_miss), + keyblock_cache_miss); + + if (hd->resource->kb && hd->resource->key == hd->found.key) + { + DEBUG("read keyblock from resource cache.\n"); + keyblock_cache_hit ++; + *iobuf = iobuf_temp_with_content (hd->resource->kb, hd->resource->kb_len); + if (hd->resource->sigstatus) + { + size_t s = (sizeof (hd->resource->sigstatus[0]) + * (1 + hd->resource->sigstatus[0])); + *sigstatus = xmalloc (s); + memcpy (*sigstatus, hd->resource->sigstatus, s); + } + return 0; + } + else if (hd->full_scan && hd->full_scan->key == hd->found.key) + { + DEBUG("read keyblock from full scan cache.\n"); + *iobuf = iobuf_temp_with_content (hd->full_scan->kb, + hd->full_scan->kb_len); + if (hd->full_scan->sigstatus) + { + size_t s = (sizeof (hd->full_scan->sigstatus[0]) + * (1 + hd->full_scan->sigstatus[0])); + *sigstatus = xmalloc (s); + memcpy (*sigstatus, hd->full_scan->sigstatus, s); + } + return 0; + } + else + keyblock_cache_miss ++; + + rc = sqlite3_stepx + (hd->resource->db, + &stmt, keyblock_cb, hd, &err, + "select keyblock, sigstatus from primaries where oid = ?", + SQLITE_ARG_LONG_LONG, hd->found.key, SQLITE_ARG_END); + if (rc == SQLITE_ABORT) + /* Success. */ + { + assert (hd->resource->kb); + hd->resource->key = hd->found.key; + *iobuf = iobuf_temp_with_content (hd->resource->kb, hd->resource->kb_len); + + rc = 0; + if (uid_no) + *uid_no = hd->found.uid_no; + if (pk_no) + *pk_no = hd->found.pk_no; + if (sigstatus && hd->resource->sigstatus) + { + size_t s = (sizeof (hd->resource->sigstatus[0]) + * (1 + hd->resource->sigstatus[0])); + *sigstatus = xmalloc (s); + memcpy (*sigstatus, hd->resource->sigstatus, s); + } + } + else if (! rc) + /* If we don't get an abort, then we didn't find the record. */ + rc = gpg_error (GPG_ERR_NOT_FOUND); + else + { + log_error (_("reading keyblock from keydb DB: %s\n"), err); + sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); + } + + sqlite3_finalize (stmt); + return rc; +} + +int +kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb, + const void *image, size_t imagelen) +{ + (void) hd; + (void) kb; + (void) image; + (void) imagelen; + + log_fatal ("Implement %s.", __func__); +} + +static char * +strrev (char *str) +{ + int i; + int l = strlen (str); + + for (i = 0; i < l / 2; i ++) + { + char t = str[i]; + str[i] = str[l - 1 - i]; + str[l - 1 - i] = t; + } + + return str; +} + +static char * +fingerprint_ascii_rev (char *fingerprint_bin, int len) +{ + char *fingerprint = xmalloc (2 * len + 1); + bin2hex (fingerprint_bin, len, fingerprint); + return strrev (fingerprint); +} + +gpg_error_t +kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t root, + const void *image, size_t imagelen, u32 *sigstatus) +{ + PKT_public_key *mainpk = root->pkt->pkt.public_key; + char fingerprint_bin[MAX_FINGERPRINT_LEN]; + size_t fingerprint_bin_len = sizeof (fingerprint_bin); + char *fingerprint_rev = NULL; + + char *sigstatus_str = NULL; + + int rc; + char *err; + + sqlite3_stmt *uid_stmt = NULL; + sqlite3_stmt *key_stmt = NULL; + + long long oid; + int uid_no; + int pk_no; + kbnode_t k; + + if (!hd) + return gpg_error (GPG_ERR_INV_VALUE); + + hdr_cache_clear (hd->resource); + hd_cache_clear (hd); + + /* XXX: If we have a search result (hd->found), are we supposed to + replace it even if it isn't for the same key? */ + /* See if we are replacing or adding this record to the + database. */ + fingerprint_from_pk (mainpk, fingerprint_bin, &fingerprint_bin_len); + assert (fingerprint_bin_len == sizeof (fingerprint_bin)); + fingerprint_rev = + fingerprint_ascii_rev (fingerprint_bin, fingerprint_bin_len); + + if (sigstatus) + { + int i; + char *p; + p = sigstatus_str = xmalloc ((10 + 1) * sigstatus[0]); + for (i = 0; i < sigstatus[0]; i ++) + { + p += sprintf (p, "%d", sigstatus[i + 1]); + if (i != sigstatus[0] - 1) + *p ++ = ';'; + } + } + + oid = -1; + rc = sqlite3_stepx + (hd->resource->db, NULL, get_unsigned_longs_cb2, &oid, &err, + "select oid from primaries where fingerprint_rev = ?;", + SQLITE_ARG_STRING, fingerprint_rev, SQLITE_ARG_END); + if (rc) + { + log_error (_("looking up key in keydb DB: %s\n"), err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + + if (oid != -1) + /* This key is already in the DB. Replace it. */ + { + DEBUG ("%s already in DB (oid = %lld), updating.\n", + fingerprint_rev, oid); + + hdr_cache_clear (hd->resource); + + rc = sqlite3_exec_printf + (hd->resource->db, NULL, NULL, &err, + "delete from primaries where oid = %lld;" + "delete from keys where primary_key = %lld;" + "delete from uids where primary_key = %lld;", + oid, oid, oid); + if (rc) + { + log_error (_("updating key in keydb DB: %s\n"), err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + + /* Reuse the oid. So that any extant search won't return the + new record. */ + rc = sqlite3_stepx + (hd->resource->db, NULL, NULL, NULL, &err, + "insert into primaries (oid, fingerprint_rev, keyblock, sigstatus)\n" + " values (?, ?, ?, ?);", + SQLITE_ARG_LONG_LONG, oid, + SQLITE_ARG_STRING, fingerprint_rev, + SQLITE_ARG_BLOB, image, (long long) imagelen, + SQLITE_ARG_STRING, sigstatus_str, + SQLITE_ARG_END); + } + else + { + DEBUG ("New keyblock for %s.\n", fingerprint_rev); + rc = sqlite3_stepx + (hd->resource->db, NULL, NULL, NULL, &err, + "insert into primaries (fingerprint_rev, keyblock, sigstatus)\n" + " values (?, ?, ?);", + SQLITE_ARG_STRING, fingerprint_rev, + SQLITE_ARG_BLOB, image, (long long) imagelen, + SQLITE_ARG_STRING, sigstatus_str, + SQLITE_ARG_END); + } + + xfree (sigstatus_str); + xfree (fingerprint_rev); + fingerprint_rev = NULL; + + if (rc) + { + log_error (_("inserting %s record into keydb DB: %s\n"), + "primary key", err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + + oid = sqlite3_last_insert_rowid (hd->resource->db); + + uid_no = 0; + pk_no = 0; + for (k = root; k; k = k->next) + { + if (k->pkt->pkttype == PKT_USER_ID) + { + PKT_user_id *uid = k->pkt->pkt.user_id; + const char *user_id = uid->name; + char *email = mailbox_from_userid (user_id); + + uid_no ++; + + rc = sqlite3_stepx + (hd->resource->db, &uid_stmt, NULL, NULL, &err, + "insert into uids (primary_key, uid, email, uid_no)" + " values (?, ?, ?, ?);", + SQLITE_ARG_LONG_LONG, oid, + SQLITE_ARG_STRING, user_id, SQLITE_ARG_STRING, email, + SQLITE_ARG_INT, uid_no, + SQLITE_ARG_END); + xfree (email); + if (rc) + { + log_error (_("inserting %s record into keydb DB: %s\n"), + "uid", err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + } + else if (k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + PKT_public_key *pk = k->pkt->pkt.public_key; + + pk_no ++; + + fingerprint_from_pk (pk, fingerprint_bin, &fingerprint_bin_len); + assert (fingerprint_bin_len == sizeof (fingerprint_bin)); + fingerprint_rev = fingerprint_ascii_rev (fingerprint_bin, + fingerprint_bin_len); + + rc = sqlite3_stepx + (hd->resource->db, &key_stmt, NULL, NULL, &err, + "insert into keys (primary_key, fingerprint_rev, pk_no)" + " values (?, ?, ?);", + SQLITE_ARG_LONG_LONG, oid, + SQLITE_ARG_STRING, fingerprint_rev, + SQLITE_ARG_INT, pk_no, + SQLITE_ARG_END); + + xfree (fingerprint_rev); + fingerprint_rev = NULL; + + if (rc) + { + log_error (_("inserting %s record into keydb DB: %s\n"), + "key", err); + sqlite3_free (err); + return gpg_error (GPG_ERR_GENERAL); + } + } + } + + sqlite3_finalize (uid_stmt); + sqlite3_finalize (key_stmt); + + return 0; +} + +int +kdb_delete (KDB_HANDLE hd) +{ + int rc; + char *err; + + if (!hd) + return gpg_error (GPG_ERR_INV_VALUE); + + if (hd->found.key == -1) + /* No search result. */ + return gpg_error (GPG_ERR_NOTHING_FOUND); + + hdr_cache_clear (hd->resource); + hd_cache_clear (hd); + + rc = sqlite3_exec_printf + (hd->resource->db, NULL, NULL, &err, + "delete from keys where primary_key = %d;\n" + "delete from uids where primary_key = %d;\n" + "delete from primaries where oid = %d;\n", + hd->found.key, hd->found.key, hd->found.key); + if (rc) + { + log_error (_("error deleting key from kdb database: %s\n"), err); + sqlite3_free (err); + rc = gpg_error (GPG_ERR_GENERAL); + } + + return rc; +} + +int +kdb_search_reset (KDB_HANDLE hd) +{ + hd->key = -1; + hd->eof = 0; + + hd->found.key = -1; + + hd_cache_clear (hd); + + return 0; +} + +struct key_array +{ + long int count; + /* The maximum amount of memory to use before aborting. If 0, + unlimited. */ + size_t memory; + struct key *keys; +}; + +static int +get_keyblock_array_cb (void *cookie, int argc, char **argv, + char **azColName, sqlite3_stmt *stmt) +{ + struct key_array *a = cookie; + struct key *entry; + size_t len = sqlite3_column_bytes (stmt, 0); + char *tail; + + assert (argc == 3); + + (void) azColName; + + entry = xmalloc_clear (sizeof (*entry)); + entry->kb_len = len; + entry->kb = xmalloc (len); + memcpy (entry->kb, sqlite3_column_blob (stmt, 0), len); + + entry->sigstatus = sigstatus_parse (argv[1]); + + errno = 0; + entry->key = strtoul (argv[2], &tail, 0); + if (errno || ! (strcmp (tail, ".0") == 0 || *tail == '\0')) + /* Abort. */ + { + xfree (entry); + return 1; + } + + /* Attach it. */ + entry->next = a->keys; + a->keys = entry; + + a->count ++; + + if (len >= a->memory) + /* Don't read another record. We're out of memory. */ + { + log_debug ("%s: Stopped prefilling read-ahead cache (%zd bytes larger than %zd bytes of available memory.\n", + __func__, len, a->memory); + return 1; + } + else + log_debug ("%s: Used %zd bytes of remaining %zd.\n", + __func__, len, a->memory); + + a->memory -= len; + + return 0; +} + +static gpg_error_t +key_list_load (struct keydb_handle *hd) +{ + int rc; + char *err = NULL; + struct key_array a; + a.count = 0; + /* Don't read much more than 20 MB of keyblocks into memory at a + time. */ + a.memory = 20 * 1024 * 1024; + a.keys = NULL; + + hd_cache_clear (hd); + + if (hd->key == -1) + /* From the beginning. */ + rc = sqlite3_stepx + (hd->resource->db, NULL, + get_keyblock_array_cb, &a, &err, + "select keyblock, sigstatus, oid from primaries" + " order by oid", + SQLITE_ARG_END); + else + rc = sqlite3_stepx + (hd->resource->db, NULL, + get_keyblock_array_cb, &a, &err, + "select keyblock, sigstatus, oid from primaries" + " where oid > ?" + " order by oid", + SQLITE_ARG_LONG_LONG, hd->key, + SQLITE_ARG_END); + + if (! rc) + /* We got the whole thing. */ + { + /* Add an EOF record. */ + struct key *k = xmalloc_clear (sizeof (*k)); + k->key = -1; + k->next = a.keys; + hd->full_scan = k; + } + else if (rc == SQLITE_ABORT) + /* Partial list. */ + { + rc = 0; + hd->full_scan = a.keys; + } + else + /* It is possible that we got a partial listing. */ + { + log_fatal ("error listing primary table: %s\n", err); + sqlite3_free (err); + } + + log_debug ("%s: Got %ld records.\n", __func__, a.count); + + hd->full_scan = key_list_reverse (hd->full_scan); + + if (rc) + return gpg_error (GPG_ERR_GENERAL); + return 0; +} + +static int +kdb_search_cb (void *cookie, int argc, char **argv, char **azColName, + sqlite3_stmt *stmt) +{ + KDB_HANDLE hd = cookie; + int i = 0; + unsigned long int values[argc]; + int got_keyblock = 0; + + /* Get the keyblock. */ + if (argc >= 2 + && strcmp (azColName[0], "keyblock") == 0 + && strcmp (azColName[1], "sigstatus") == 0) + { + /* When we do: select keyblock, min(oid) and we don't have any + results, then keyblock will be NULL. */ + if (argv[0]) + { + keyblock_cb (hd, 2, argv, azColName, stmt); + got_keyblock = 1; + } + i = 2; + } + + get_unsigned_longs_cb (&values[i], argc - i, &argv[i], &azColName[i]); + hd->found.uid_no = hd->found.pk_no = 0; + for (; i < argc; i ++) + if (strcmp (azColName[i], "oid") == 0) + { + hd->key = hd->found.key = values[i]; + if (got_keyblock) + hd->resource->key = hd->key; + } + else if (strcmp (azColName[i], "uid_no") == 0) + hd->found.uid_no = values[i]; + else if (strcmp (azColName[i], "pk_no") == 0) + hd->found.pk_no = values[i]; + else + log_bug ("%s: Bad column name: %s\n", __func__, azColName[i]); + + /* Abort. */ + return 1; +} + +int +kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + size_t ndesc, size_t *descindex) +{ + int n; + int have_next = 0; + char *where_uid = NULL; + char *where_key = NULL; + char *text; + int anyskip = 0; + int rc = 0; + char *err = NULL; + char *sql = NULL; + + hd->found.key = -1; + + for (n = 0; n < ndesc; n ++) + { + if (desc[n].mode == KEYDB_SEARCH_MODE_FIRST) + { + kdb_search_reset (hd); + desc[n].mode = KEYDB_SEARCH_MODE_NEXT; + have_next = 1; + } + if (desc[n].mode == KEYDB_SEARCH_MODE_NEXT) + have_next = 1; + } + + if (have_next) + { + if (hd->full_scan && hd->full_scan->key == hd->key) + /* The head of the full_scan list is the current key. + Remove the current key from the full_scan list and + return the next one. */ + hd->full_scan = key_free (hd->full_scan); + else + hd_cache_clear (hd); + + if (! hd->full_scan) + { + rc = key_list_load (hd); + if (rc) + goto out; + } + + /* We always add an EOF record. So, this can't be NULL. */ + assert (hd->full_scan); + + if (hd->full_scan->key == -1) + /* EOF! */ + hd->eof = 1; + else + hd->key = hd->found.key = hd->full_scan->key; + + goto out; + } + + hd_cache_clear (hd); + + if (hd->eof) + /* We're at the end of the file. There is nothing else to get. */ + return gpg_error (GPG_ERR_EOF); + +#define ADD_TERM(thing, op, fmt, ...) do { \ + char *t = sqlite3_mprintf \ + ("%s%s("fmt")", \ + thing ? thing : "", thing ? "\n "op" " : "", \ + ##__VA_ARGS__); \ + sqlite3_free (thing); \ + thing = t; \ + } while (0) +#define O(thing, fmt, ...) ADD_TERM(thing, "OR", fmt, ##__VA_ARGS__) +#define A(thing, fmt, ...) ADD_TERM(thing, "AND", fmt, ##__VA_ARGS__) + + if (descindex) + log_fatal ("Implement descindex\n"); + + for (n = 0; n < ndesc; n ++) + { + KEYDB_SEARCH_DESC *d = &desc[n]; + + switch (d->mode) + { + case KEYDB_SEARCH_MODE_EXACT: + O(where_uid, "uids.uid = %Q", desc[n].u.name); + break; + + case KEYDB_SEARCH_MODE_SUBSTR: + case KEYDB_SEARCH_MODE_MAIL: + case KEYDB_SEARCH_MODE_MAILSUB: + case KEYDB_SEARCH_MODE_MAILEND: + { + char *escaped = xmalloc (1 + 2 * strlen (d->u.name) + 1 + 1); + int i, j = 0; + + if (d->mode == KEYDB_SEARCH_MODE_SUBSTR + || d->mode == KEYDB_SEARCH_MODE_MAILSUB + || d->mode == KEYDB_SEARCH_MODE_MAILEND) + escaped[j ++] = '%'; + + for (i = 0; i < strlen (d->u.name); i ++) + { + if (d->u.name[i] == '%' || d->u.name[i] == '_' + || d->u.name[i] == '\'' || d->u.name[i] == '\\') + escaped[j ++] = '\\'; + escaped[j ++] = d->u.name[i]; + } + + if (d->mode == KEYDB_SEARCH_MODE_SUBSTR + || d->mode == KEYDB_SEARCH_MODE_MAILSUB) + escaped[j ++] = '%'; + + escaped[j] = 0; + + O(where_uid, "uids.%s like %Q", + d->mode == KEYDB_SEARCH_MODE_SUBSTR ? "uid" : "email", + escaped); + } + break; + + + case KEYDB_SEARCH_MODE_WORDS: + log_fatal ("Implement me!\n"); + break; + + + case KEYDB_SEARCH_MODE_SHORT_KID: + text = xmalloc (8 + 1); + snprintf (text, 9, "%08lX", (ulong) d->u.kid[1]); + O(where_key, "keys.fingerprint_rev like '%s%%'", strrev (text)); + xfree (text); + break; + + case KEYDB_SEARCH_MODE_LONG_KID: + text = xmalloc (8 * 2 + 1); + snprintf (text, 8 * 2 + 1, "%08lX%08lX", + (ulong) d->u.kid[0], (ulong) d->u.kid[1]); + O(where_key, "keys.fingerprint_rev like '%s%%'", strrev (text)); + xfree (text); + break; + + case KEYDB_SEARCH_MODE_FPR16: + if (d->mode == KEYDB_SEARCH_MODE_FPR16) + text = bin2hex (d->u.fpr, 16, NULL); + /* Fall through. */ + + case KEYDB_SEARCH_MODE_FPR20: + case KEYDB_SEARCH_MODE_FPR: + if (d->mode == KEYDB_SEARCH_MODE_FPR20 + || d->mode == KEYDB_SEARCH_MODE_FPR) + text = bin2hex (d->u.fpr, 20, NULL); + + strrev (text); + O(where_key, "keys.fingerprint_rev = '%s'", text); + xfree (text); + break; + + case KEYDB_SEARCH_MODE_FIRST: + case KEYDB_SEARCH_MODE_NEXT: + /* Already handled above. */ + break; + + default: + break; + } + + if (d->skipfnc) + anyskip = 1; + } + + if (anyskip) + log_fatal ("Implement anyskip."); + + DEBUG ("uid: %s\n", where_uid); + DEBUG ("key: %s\n", where_key); + + assert (where_uid || where_key); + if (where_uid && where_key) + sql = sqlite3_mprintf + ("select keyblock, sigstatus,\n" + " keys.primary_key oid, keys.pk_no, uids.uid_no\n" + " from primaries\n" + " left join keys on primaries.oid = keys.primary_key\n" + " left join uids on primaries.oid = uids.primary_key\n" + " where %s%lld and (%s and %s)\n" + " order by keys.primary_key, keys.pk_no, uids.uid_no\n" + " limit 1\n", + hd->key == -1 ? "" : "keys.primary_key > ", hd->key, + where_uid, where_key); + else if (where_key) + sql = sqlite3_mprintf + ("select primary_key oid, pk_no\n" + " from keys\n" + " where %s%lld and (%s)\n" + " order by primary_key, pk_no\n" + " limit 1;\n", + hd->key == -1 ? "" : "primary_key > ", hd->key, where_key); + else + sql = sqlite3_mprintf + ("select primary_key oid, uid_no\n" + " from uids\n" + " where %s%lld and (%s)\n" + " order by primary_key, uid_no\n" + " limit 1;\n", + hd->key == -1 ? "" : "primary_key > ", hd->key, where_uid); + DEBUG ("Running '%s'\n", sql); + rc = sqlite3_stepx (hd->resource->db, NULL, kdb_search_cb, hd, &err, + sql, SQLITE_ARG_END); + if (rc == SQLITE_ABORT) + /* Success. */ + rc = 0; + else if (rc) + { + log_fatal ("error search DB: %s\n", err); + sqlite3_free (err); + goto out; + } + else + /* EOF. */ + { + assert (hd->found.key == -1); + hd->eof = 1; + } + + out: + sqlite3_free (sql); + sqlite3_free (where_uid); + sqlite3_free (where_key); + + if (rc) + { + DEBUG ("Search result: Error.\n"); + return gpg_error (GPG_ERR_GENERAL); + } + if (hd->eof) + { + DEBUG ("Search result: ENOENT.\n"); + return gpg_error (GPG_ERR_EOF); + } + + DEBUG ("Search result: key #%lld.\n", hd->key); + + return 0; +} diff --git a/g10/kdb.h b/g10/kdb.h new file mode 100644 index 0000000..55e6962 --- /dev/null +++ b/g10/kdb.h @@ -0,0 +1,29 @@ +#ifndef GNUPG_KDB_H +#define GNUPG_KDB_H + +#include "keydb.h" + +typedef struct keydb_handle *KDB_HANDLE; + +gpg_error_t kdb_register_file (const char *fname, int read_only, void **ptr); +int kdb_is_writable (void *token); + +KDB_HANDLE kdb_new (void *token); +void kdb_release (KDB_HANDLE hd); +void kdb_push_found_state (KDB_HANDLE hd); +void kdb_pop_found_state (KDB_HANDLE hd); +const char *kdb_get_resource_name (KDB_HANDLE hd); +int kdb_lock (KDB_HANDLE hd, int yes); +int kdb_get_keyblock (KDB_HANDLE hd, iobuf_t *iobuf, + int *pk_no, int *uid_no, u32 **sigstatus); +int kdb_update_keyblock (KDB_HANDLE hd, kbnode_t kb, + const void *image, size_t imagelen); +gpg_error_t kdb_insert_keyblock (KDB_HANDLE hd, kbnode_t kb, + const void *image, size_t imagelen, + u32 *sigstatus); +int kdb_delete (KDB_HANDLE hd); +int kdb_search_reset (KDB_HANDLE hd); +int kdb_search (KDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + size_t ndesc, size_t *descindex); + +#endif diff --git a/g10/keydb.c b/g10/keydb.c index 8a68980..2540af8 100644 --- a/g10/keydb.c +++ b/g10/keydb.c @@ -37,6 +37,7 @@ #include "../kbx/keybox.h" #include "keydb.h" #include "i18n.h" +#include "kdb.h" static int active_handles; @@ -44,7 +45,8 @@ typedef enum { KEYDB_RESOURCE_TYPE_NONE = 0, KEYDB_RESOURCE_TYPE_KEYRING, - KEYDB_RESOURCE_TYPE_KEYBOX + KEYDB_RESOURCE_TYPE_KEYBOX, + KEYDB_RESOURCE_TYPE_KEYDB } KeydbResourceType; #define MAX_KEYDB_RESOURCES 40 @@ -54,6 +56,7 @@ struct resource_item union { KEYRING_HANDLE kr; KEYBOX_HANDLE kb; + KDB_HANDLE kdb; } u; void *token; }; @@ -251,13 +254,14 @@ keyblock_cache_clear (struct keydb_handle *hd) /* Handle the creation of a keyring or a keybox if it does not yet exist. Take into account that other processes might have the keyring/keybox already locked. This lock check does not work if - the directory itself is not yet available. If IS_BOX is true the - filename is expected to refer to a keybox. If FORCE_CREATE is true - the keyring or keybox will be created. + the directory itself is not yet available. RT is the type of + resource being created. If FORCE_CREATE is true the keyring or + keybox will be created. Return 0 if it is okay to access the specified file. */ static int -maybe_create_keyring_or_box (char *filename, int is_box, int force_create) +maybe_create_resource (char *filename, KeydbResourceType rt, + int force_create) { dotlock_t lockhd = NULL; IOBUF iobuf; @@ -361,12 +365,25 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) if (!iobuf) { rc = gpg_error_from_syserror (); - if (is_box) - log_error (_("error creating keybox '%s': %s\n"), - filename, gpg_strerror (rc)); - else - log_error (_("error creating keyring '%s': %s\n"), - filename, gpg_strerror (rc)); + switch (rt) + { + case KEYDB_RESOURCE_TYPE_NONE: + log_fatal ("Bad value for resource type: %d\n", rt); + break; + + case KEYDB_RESOURCE_TYPE_KEYRING: + log_error (_("error creating keyring '%s': %s\n"), + filename, gpg_strerror (rc)); + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + log_error (_("error creating keybox '%s': %s\n"), + filename, gpg_strerror (rc)); + break; + case KEYDB_RESOURCE_TYPE_KEYDB: + log_error (_("error creating keydb '%s': %s\n"), + filename, gpg_strerror (rc)); + break; + } goto leave; } @@ -376,7 +393,7 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) /* Make sure that at least one record is in a new keybox file, so that the detection magic will work the next time it is used. */ - if (is_box) + if (rt == KEYDB_RESOURCE_TYPE_KEYBOX) { FILE *fp = fopen (filename, "w"); if (!fp) @@ -388,22 +405,29 @@ maybe_create_keyring_or_box (char *filename, int is_box, int force_create) } if (rc) { - if (is_box) - log_error (_("error creating keybox '%s': %s\n"), - filename, gpg_strerror (rc)); - else - log_error (_("error creating keyring '%s': %s\n"), - filename, gpg_strerror (rc)); + log_error (_("error creating keybox '%s': %s\n"), + filename, gpg_strerror (rc)); goto leave; } } if (!opt.quiet) { - if (is_box) - log_info (_("keybox '%s' created\n"), filename); - else - log_info (_("keyring '%s' created\n"), filename); + switch (rt) + { + case KEYDB_RESOURCE_TYPE_NONE: + log_fatal ("Bad value for resource type: %d\n", rt); + break; + case KEYDB_RESOURCE_TYPE_KEYRING: + log_info (_("keyring '%s' created\n"), filename); + break; + case KEYDB_RESOURCE_TYPE_KEYBOX: + log_info (_("keybox '%s' created\n"), filename); + break; + case KEYDB_RESOURCE_TYPE_KEYDB: + log_info (_("keydb '%s' created\n"), filename); + break; + } } rc = 0; @@ -445,6 +469,8 @@ rt_from_file (const char *filename, int *r_found, int *r_openpgp) { if (magic == 0x13579ace || magic == 0xce9a5713) ; /* GDBM magic - not anymore supported. */ + else if (memcmp (&magic, "SQLi", 4) == 0) + rt = KEYDB_RESOURCE_TYPE_KEYDB; else if (fread (&verbuf, 4, 1, fp) == 1 && verbuf[0] == 1 && fread (&magic, 4, 1, fp) == 1 @@ -559,6 +585,11 @@ keydb_add_resource (const char *url, unsigned int flags) rt = KEYDB_RESOURCE_TYPE_KEYBOX; resname += 10; } + else if (strlen (resname) > 10 && !strncmp (resname, "gnupg-kdb:", 10) ) + { + rt = KEYDB_RESOURCE_TYPE_KEYDB; + resname += 10; + } #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__) else if (strchr (resname, ':')) { @@ -662,7 +693,8 @@ keydb_add_resource (const char *url, unsigned int flags) goto leave; case KEYDB_RESOURCE_TYPE_KEYRING: - rc = maybe_create_keyring_or_box (filename, 0, create); + rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYRING, + create); if (rc) goto leave; @@ -692,7 +724,8 @@ keydb_add_resource (const char *url, unsigned int flags) case KEYDB_RESOURCE_TYPE_KEYBOX: { - rc = maybe_create_keyring_or_box (filename, 1, create); + rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYBOX, + create); if (rc) goto leave; @@ -727,6 +760,36 @@ keydb_add_resource (const char *url, unsigned int flags) } break; + case KEYDB_RESOURCE_TYPE_KEYDB: + { + rc = maybe_create_resource (filename, KEYDB_RESOURCE_TYPE_KEYDB, create); + if (rc) + goto leave; + + rc = kdb_register_file (filename, read_only, &token); + if (rc == 0) + { + if (used_resources >= MAX_KEYDB_RESOURCES) + rc = gpg_error (GPG_ERR_RESOURCE_LIMIT); + else + { + /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */ + /* primary_keyring = token; */ + all_resources[used_resources].type = rt; + all_resources[used_resources].u.kb = NULL; /* Not used here */ + all_resources[used_resources].token = token; + + used_resources++; + } + } + + /* XXX: How to mark this as a primary if it was already + registered. */ + /* if ((flags & KEYDB_RESOURCE_FLAG_PRIMARY)) */ + /* primary_keyring = token; */ + } + break; + default: log_error ("resource type of '%s' not supported\n", url); rc = gpg_error (GPG_ERR_GENERAL); @@ -792,6 +855,14 @@ keydb_new (void) die = 1; j++; break; + case KEYDB_RESOURCE_TYPE_KEYDB: + hd->active[j].type = all_resources[i].type; + hd->active[j].token = all_resources[i].token; + hd->active[j].u.kdb = kdb_new (all_resources[i].token); + if (!hd->active[j].u.kdb) + die = 1; + j++; + break; } } hd->used = j; @@ -831,6 +902,9 @@ keydb_release (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_release (hd->active[i].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + kdb_release (hd->active[i].u.kdb); + break; } } @@ -873,6 +947,9 @@ keydb_get_resource_name (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: s = keybox_get_resource_name (hd->active[idx].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + s = kdb_get_resource_name (hd->active[idx].u.kdb); + break; } return s? s: ""; @@ -904,6 +981,9 @@ lock_all (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: rc = keybox_lock (hd->active[i].u.kb, 1); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_lock (hd->active[i].u.kdb, 1); + break; } } @@ -922,6 +1002,9 @@ lock_all (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: rc = keybox_lock (hd->active[i].u.kb, 0); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_lock (hd->active[i].u.kdb, 0); + break; } } } @@ -952,6 +1035,9 @@ unlock_all (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_lock (hd->active[i].u.kb, 0); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + kdb_lock (hd->active[i].u.kdb, 0); + break; } } hd->locked = 0; @@ -981,6 +1067,9 @@ keydb_push_found_state (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_push_found_state (hd->active[hd->found].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + kdb_push_found_state (hd->active[hd->found].u.kdb); + break; } hd->saved_found = hd->found; @@ -1009,6 +1098,9 @@ keydb_pop_found_state (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: keybox_pop_found_state (hd->active[hd->found].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + kdb_pop_found_state (hd->active[hd->found].u.kdb); + break; } } @@ -1254,6 +1346,23 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb) } } break; + case KEYDB_RESOURCE_TYPE_KEYDB: + { + iobuf_t iobuf; + u32 *sigstatus; + int pk_no, uid_no; + + err = kdb_get_keyblock (hd->active[hd->found].u.kdb, &iobuf, + &pk_no, &uid_no, &sigstatus); + if (!err) + { + err = parse_keyblock_image (iobuf, pk_no, uid_no, sigstatus, + ret_kb); + xfree (sigstatus); + iobuf_close (iobuf); + } + break; + } } if (hd->keyblock_cache.state != KEYBLOCK_CACHE_FILLED) @@ -1399,6 +1508,20 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb) } } break; + case KEYDB_RESOURCE_TYPE_KEYDB: + { + iobuf_t iobuf; + + err = build_keyblock_image (kb, &iobuf, NULL); + if (!err) + { + err = kdb_update_keyblock (hd->active[hd->found].u.kdb, kb, + iobuf_get_temp_buffer (iobuf), + iobuf_get_temp_length (iobuf)); + iobuf_close (iobuf); + } + } + break; } unlock_all (hd); @@ -1460,6 +1583,23 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb) } } break; + case KEYDB_RESOURCE_TYPE_KEYDB: + { + iobuf_t iobuf; + u32 *sigstatus; + + err = build_keyblock_image (kb, &iobuf, &sigstatus); + if (!err) + { + err = kdb_insert_keyblock (hd->active[idx].u.kdb, kb, + iobuf_get_temp_buffer (iobuf), + iobuf_get_temp_length (iobuf), + sigstatus); + xfree (sigstatus); + iobuf_close (iobuf); + } + } + break; } unlock_all (hd); @@ -1499,6 +1639,9 @@ keydb_delete_keyblock (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: rc = keybox_delete (hd->active[hd->found].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_delete (hd->active[hd->found].u.kdb); + break; } unlock_all (hd); @@ -1553,6 +1696,10 @@ keydb_locate_writable (KEYDB_HANDLE hd) if (keybox_is_writable (hd->active[hd->current].token)) return 0; /* found (hd->current is set to it) */ break; + case KEYDB_RESOURCE_TYPE_KEYDB: + if (kdb_is_writable (hd->active[hd->current].token)) + return 0; /* found (hd->current is set to it) */ + break; } } @@ -1581,6 +1728,9 @@ keydb_rebuild_caches (int noisy) case KEYDB_RESOURCE_TYPE_KEYBOX: /* N/A. */ break; + case KEYDB_RESOURCE_TYPE_KEYDB: + /* N/A. */ + break; } } } @@ -1626,6 +1776,9 @@ keydb_search_reset (KEYDB_HANDLE hd) case KEYDB_RESOURCE_TYPE_KEYBOX: rc = keybox_search_reset (hd->active[i].u.kb); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_search_reset (hd->active[i].u.kdb); + break; } } hd->is_reset = 1; @@ -1717,6 +1870,10 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, descindex, &hd->skipped_long_blobs); while (rc == GPG_ERR_LEGACY_KEY); break; + case KEYDB_RESOURCE_TYPE_KEYDB: + rc = kdb_search (hd->active[hd->current].u.kdb, desc, + ndesc, descindex); + break; } if (DBG_LOOKUP) diff --git a/g10/trustdb.c b/g10/trustdb.c index 386796c..f59fa1a 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1716,7 +1716,8 @@ validate_key_list (KEYDB_HANDLE hd, KeyHashTable full_trust, desc.skipfnc = search_skipfnc; desc.skipfncvalue = full_trust; rc = keydb_search (hd, &desc, 1, NULL); - if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND) + if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND + || gpg_err_code (rc) == GPG_ERR_EOF) { keys[nkeys].keyblock = NULL; return keys; ----------------------------------------------------------------------- Summary of changes: agent/genkey.c | 2 +- common/stringhelp.c | 153 ++++++++++++++++++++++++++++++++++++++++++++++++-- common/stringhelp.h | 7 ++- common/t-stringhelp.c | 137 ++++++++++++++++++++++++++++++++++++++++++++ dirmngr/dns-stuff.c | 6 +- g10/gpg.c | 2 +- g10/kdb.c | 4 +- g10/tofu.c | 16 ++++-- 8 files changed, 310 insertions(+), 17 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 24 09:46:14 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Tue, 24 Nov 2015 09:46:14 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.2.0-122-ge287529 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via e287529cc4e5fc96538a7684c925d11da6640f3c (commit) via bcd8f7c7ff5a15f73482622008e118c2e1cc849a (commit) via 9c8012fa8155ee10bbb91d79b0406cac223e7ad9 (commit) via 351429bdf9fe83370e22e1bf720785146f607ef0 (commit) from 0ce38a94a0944079256bc87baaf6f53d592c15b2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e287529cc4e5fc96538a7684c925d11da6640f3c Author: Werner Koch Date: Tue Nov 24 09:42:23 2015 +0100 Post release updates -- diff --git a/NEWS b/NEWS index 60a7b49..d962389 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +Noteworthy changes for version 1.3.1 (unreleased) +================================================= + + Noteworthy changes for version 1.3.0 (2015-11-24) ================================================= diff --git a/configure.ac b/configure.ac index 874969d..c1daef2 100644 --- a/configure.ac +++ b/configure.ac @@ -17,7 +17,7 @@ min_automake_version="1.14" # (git tag -s gpgol-k.n.m) and run "./autogen.sh --force". Please # bump the version number immediately *after* the release and do # another commit and push so that the git magic is able to work. -m4_define([mym4_version], [1.3.0]) +m4_define([mym4_version], [1.3.1]) # Below is m4 magic to extract and compute the git revision number, # the decimalized short revision number, a beta version string and a commit bcd8f7c7ff5a15f73482622008e118c2e1cc849a Author: Werner Koch Date: Tue Nov 24 09:36:01 2015 +0100 Release 1.3.0 diff --git a/NEWS b/NEWS index c166fe6..60a7b49 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -Noteworthy changes for version 1.3.0 (unreleased) +Noteworthy changes for version 1.3.0 (2015-11-24) ================================================= * Outlook 2010 and later now handle recieved MIME mails. commit 9c8012fa8155ee10bbb91d79b0406cac223e7ad9 Author: Werner Koch Date: Tue Nov 24 09:35:31 2015 +0100 po: Auto-update -- diff --git a/po/de.po b/po/de.po index 7a8399b..831bc00 100644 --- a/po/de.po +++ b/po/de.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: GpgOL 1.0.0\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" -"POT-Creation-Date: 2015-11-12 12:50+0100\n" +"POT-Creation-Date: 2015-11-23 18:51+0100\n" "PO-Revision-Date: 2009-06-18 19:18+0200\n" "Last-Translator: Werner Koch \n" "Language-Team: de\n" @@ -58,17 +58,17 @@ msgstr "" "rechtzeitig gestartet werden. Sie sollten es noch einmal versuchen." #: src/engine.c:377 src/main.c:708 src/main.c:714 src/message.cpp:300 -#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:281 -#: src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 src/gpgoladdin.cpp:870 -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:944 src/gpgoladdin.cpp:947 -#: src/ribbon-callbacks.cpp:119 src/ribbon-callbacks.cpp:233 -#: src/ribbon-callbacks.cpp:248 src/ribbon-callbacks.cpp:260 -#: src/ribbon-callbacks.cpp:297 src/ribbon-callbacks.cpp:309 -#: src/ribbon-callbacks.cpp:654 src/ribbon-callbacks.cpp:671 -#: src/ribbon-callbacks.cpp:688 src/ribbon-callbacks.cpp:702 -#: src/ribbon-callbacks.cpp:715 src/ribbon-callbacks.cpp:777 -#: src/ribbon-callbacks.cpp:1077 src/ribbon-callbacks.cpp:1111 -#: src/ribbon-callbacks.cpp:1123 src/ribbon-callbacks.cpp:1148 +#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:292 +#: src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 src/gpgoladdin.cpp:882 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:956 src/gpgoladdin.cpp:959 +#: src/ribbon-callbacks.cpp:121 src/ribbon-callbacks.cpp:235 +#: src/ribbon-callbacks.cpp:250 src/ribbon-callbacks.cpp:262 +#: src/ribbon-callbacks.cpp:299 src/ribbon-callbacks.cpp:311 +#: src/ribbon-callbacks.cpp:656 src/ribbon-callbacks.cpp:673 +#: src/ribbon-callbacks.cpp:687 src/ribbon-callbacks.cpp:700 +#: src/ribbon-callbacks.cpp:723 src/ribbon-callbacks.cpp:783 +#: src/ribbon-callbacks.cpp:1083 src/ribbon-callbacks.cpp:1117 +#: src/ribbon-callbacks.cpp:1129 src/ribbon-callbacks.cpp:1154 msgid "GpgOL" msgstr "GpgOL" @@ -90,11 +90,11 @@ msgstr "" "\n" "geschrieben." -#: src/mapihelp.cpp:1542 src/mapihelp.cpp:1550 src/mapihelp.cpp:1558 +#: src/mapihelp.cpp:1552 src/mapihelp.cpp:1560 src/mapihelp.cpp:1568 msgid "[no subject]" msgstr "[Kein Betreff]" -#: src/mapihelp.cpp:2167 +#: src/mapihelp.cpp:2177 msgid "" "[The content of this message is not visible because it has been decrypted by " "another Outlook session. Use the \"decrypt/verify\" command to make it " @@ -104,7 +104,7 @@ msgstr "" "Outlook Sitzung entschl??sselt wurde. Verwenden Sie den Men??punkt " "\"entschl??sseln/??berpr??fen\" um den Inhalt wieder sichtbar zu machen.]" -#: src/mapihelp.cpp:3062 +#: src/mapihelp.cpp:3072 msgid "" "[The content of this message is not visible due to an processing error in " "GpgOL.]" @@ -201,16 +201,16 @@ msgstr "Verschl??sselungsfehler (%s)" msgid "Signing failed (%s)" msgstr "Signaturerstellungsfehler (%s)" -#: src/mimeparser.c:1200 +#: src/mimeparser.c:1213 msgid "Error writing to stream" msgstr "Dateischreibfehler" -#: src/mimeparser.c:1201 +#: src/mimeparser.c:1214 msgid "I/O-Error" msgstr "Ein-/Ausgabefehler" -#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 -#: src/gpgoladdin.cpp:870 src/gpgoladdin.cpp:944 +#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 +#: src/gpgoladdin.cpp:882 src/gpgoladdin.cpp:956 msgid "General" msgstr "Allgemein" @@ -431,7 +431,7 @@ msgstr "" msgid "Do you want to revert this folder?" msgstr "M??chten Sie diesen Ordner von GpgOL befreien?" -#: src/gpgoladdin.cpp:277 +#: src/gpgoladdin.cpp:288 msgid "" "Failed to remove plaintext from at least one message.\n" "\n" @@ -439,11 +439,11 @@ msgid "" "decrypted in this Session is saved or transfered back to your mailserver." msgstr "" -#: src/gpgoladdin.cpp:580 src/gpgoladdin.cpp:669 +#: src/gpgoladdin.cpp:592 src/gpgoladdin.cpp:681 msgid "Start the Certificate Management Software" msgstr "Starten der Zertifikatsverwaltung" -#: src/gpgoladdin.cpp:582 src/gpgoladdin.cpp:671 +#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:683 msgid "" "Open GPA or Kleopatra to manage your certificates. You can use this you to " "generate your own certificates. " @@ -451,46 +451,46 @@ msgstr "" "??ffnet GPA oder Kleopatra um Zertifikate zu verwalten. Dies kann genutzt " "werden um eigene Zertifikate zu generieren." -#: src/gpgoladdin.cpp:586 +#: src/gpgoladdin.cpp:598 #, fuzzy msgid "Encrypt the message." msgstr "Entschl??sseln der Nachricht." -#: src/gpgoladdin.cpp:588 +#: src/gpgoladdin.cpp:600 msgid "Encrypts the message and all attachments before sending." msgstr "" -#: src/gpgoladdin.cpp:590 +#: src/gpgoladdin.cpp:602 #, fuzzy msgid "Sign the message." msgstr "Entschl??sseln der Nachricht." -#: src/gpgoladdin.cpp:592 +#: src/gpgoladdin.cpp:604 msgid "Sign the message and all attchments before sending." msgstr "" -#: src/gpgoladdin.cpp:638 src/gpgoladdin.cpp:793 src/gpgoladdin.cpp:871 -#: src/gpgoladdin.cpp:945 +#: src/gpgoladdin.cpp:650 src/gpgoladdin.cpp:805 src/gpgoladdin.cpp:883 +#: src/gpgoladdin.cpp:957 msgid "Start Certificate Manager" msgstr "Zertifikatsverwaltung starten" -#: src/gpgoladdin.cpp:639 +#: src/gpgoladdin.cpp:651 msgid "GnuPG" msgstr "" -#: src/gpgoladdin.cpp:640 src/gpgoladdin.cpp:795 src/gpgoladdin.cpp:802 +#: src/gpgoladdin.cpp:652 src/gpgoladdin.cpp:807 src/gpgoladdin.cpp:814 msgid "Encrypt" msgstr "Verschl??sseln" -#: src/gpgoladdin.cpp:641 src/gpgoladdin.cpp:797 +#: src/gpgoladdin.cpp:653 src/gpgoladdin.cpp:809 msgid "Sign" msgstr "Signieren" -#: src/gpgoladdin.cpp:675 +#: src/gpgoladdin.cpp:687 msgid "Encrypt the text of the message" msgstr "Verschl??sselt den Text der Nachricht" -#: src/gpgoladdin.cpp:677 +#: src/gpgoladdin.cpp:689 msgid "" "Choose the certificates for which the message should be encrypted and " "replace the text with the encrypted message." @@ -498,19 +498,19 @@ msgstr "" "Ausw??hlen der Empf??ngerzertifikate und ersetzen des Nachrichtentexts durch " "die verschl??sselte Nachricht." -#: src/gpgoladdin.cpp:681 +#: src/gpgoladdin.cpp:693 msgid "Add a file as an encrypted attachment" msgstr "Hinzuf??gen einer Datei als verschl??sselter Anhang" -#: src/gpgoladdin.cpp:683 +#: src/gpgoladdin.cpp:695 msgid "Encrypts a file and adds it as an attachment to the message. " msgstr "Verschl??sselt eine Datei und f??gt diese als Anhang hinzu" -#: src/gpgoladdin.cpp:686 +#: src/gpgoladdin.cpp:698 msgid "Add a file as an encrypted attachment with a signature" msgstr "Hinzuf??gen einer Datei als verschl??sselter Anhang mit Signatur" -#: src/gpgoladdin.cpp:688 +#: src/gpgoladdin.cpp:700 msgid "" "Encrypts a file, signs it and adds both the encrypted file and the signature " "as attachments to the message. " @@ -518,22 +518,22 @@ msgstr "" "Verschl??sselt eine Datei, signiert diese und f??gt die Signatur und die " "Verschl??sselte Datei als Anhang an." -#: src/gpgoladdin.cpp:691 +#: src/gpgoladdin.cpp:703 msgid "Decrypt the message" msgstr "Entschl??sseln der Nachricht." -#: src/gpgoladdin.cpp:693 +#: src/gpgoladdin.cpp:705 msgid "" "Look for PGP or S/MIME encrypted data in the message text and decrypt it." msgstr "" "Sucht nach PGP oder S/MIME verschl??sselten Daten im Nachrichtentext und " "entschl??sselt diese." -#: src/gpgoladdin.cpp:696 +#: src/gpgoladdin.cpp:708 msgid "Add a signature of the message" msgstr "Hinzuf??gen einer Signierten Nachricht" -#: src/gpgoladdin.cpp:698 +#: src/gpgoladdin.cpp:710 msgid "" "Appends a signed copy of the message text in an opaque signature. An opaque " "signature ensures that the signed text is not modified by embedding it in " @@ -546,68 +546,68 @@ msgstr "" "und Nachricht wird unterhalb des Textes angef??gt. Die Nachricht wird " "hierdurch nicht verschl??sselt!" -#: src/gpgoladdin.cpp:794 src/gpgoladdin.cpp:872 +#: src/gpgoladdin.cpp:806 src/gpgoladdin.cpp:884 msgid "Textbody" msgstr "Textk??rper" -#: src/gpgoladdin.cpp:796 src/gpgoladdin.cpp:802 src/gpgoladdin.cpp:873 -#: src/gpgoladdin.cpp:876 src/gpgoladdin.cpp:877 +#: src/gpgoladdin.cpp:808 src/gpgoladdin.cpp:814 src/gpgoladdin.cpp:885 +#: src/gpgoladdin.cpp:888 src/gpgoladdin.cpp:889 msgid "Decrypt" msgstr "Entschl??sseln" -#: src/gpgoladdin.cpp:798 src/gpgoladdin.cpp:874 +#: src/gpgoladdin.cpp:810 src/gpgoladdin.cpp:886 msgid "Verify" msgstr "Signatur pr??fen" -#: src/gpgoladdin.cpp:799 +#: src/gpgoladdin.cpp:811 msgid "Attachments" msgstr "Anh??nge" -#: src/gpgoladdin.cpp:800 +#: src/gpgoladdin.cpp:812 msgid "Encrypted file" msgstr "Verschl??sselte Datei" -#: src/gpgoladdin.cpp:801 +#: src/gpgoladdin.cpp:813 msgid "Encrypted file and Signature" msgstr "Verschl??sselte Datei mit Signatur" -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:947 src/gpgoladdin.cpp:948 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:959 src/gpgoladdin.cpp:960 msgid "Save and decrypt" msgstr "Speichern und Entschl??sseln" -#: src/ribbon-callbacks.cpp:247 +#: src/ribbon-callbacks.cpp:249 msgid "Please select text to encrypt." msgstr "Bitte selektieren Sie den zu verschl??sselnden Text." -#: src/ribbon-callbacks.cpp:259 +#: src/ribbon-callbacks.cpp:261 msgid "Textbody empty." msgstr "Textk??rper leer." -#: src/ribbon-callbacks.cpp:308 src/ribbon-callbacks.cpp:1076 +#: src/ribbon-callbacks.cpp:310 src/ribbon-callbacks.cpp:1082 msgid "Please add at least one recipent." msgstr "Bitte f??gen Sie mindestens einen Empf??nger hinzu." -#: src/ribbon-callbacks.cpp:670 +#: src/ribbon-callbacks.cpp:672 msgid "Please select a Mail." msgstr "Bitte w??hlen Sie eine Mail aus." -#: src/ribbon-callbacks.cpp:701 +#: src/ribbon-callbacks.cpp:686 msgid "Please select the data you wish to decrypt." msgstr "Bitte selektieren Sie die zu entschl??sselnden Daten." -#: src/ribbon-callbacks.cpp:714 +#: src/ribbon-callbacks.cpp:699 msgid "Nothing to decrypt." msgstr "Nichts zu entschl??sseln." -#: src/ribbon-callbacks.cpp:872 +#: src/ribbon-callbacks.cpp:878 msgid "Plain text" msgstr "Klartext" -#: src/ribbon-callbacks.cpp:873 +#: src/ribbon-callbacks.cpp:879 msgid "Signed text" msgstr "Signierter Text" -#: src/ribbon-callbacks.cpp:1083 +#: src/ribbon-callbacks.cpp:1089 msgid "Select file to encrypt" msgstr "Ausw??hlen der zu verschl??sselnden Datei" diff --git a/po/fr.po b/po/fr.po index 0b39be9..e7d02bb 100644 --- a/po/fr.po +++ b/po/fr.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" -"POT-Creation-Date: 2015-11-12 12:50+0100\n" +"POT-Creation-Date: 2015-11-23 18:51+0100\n" "PO-Revision-Date: 2015-10-01 17:05+0200\n" "Last-Translator: Olivier Serve \n" "Language-Team: French \n" @@ -58,17 +58,17 @@ msgstr "" "r??-essayer." #: src/engine.c:377 src/main.c:708 src/main.c:714 src/message.cpp:300 -#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:281 -#: src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 src/gpgoladdin.cpp:870 -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:944 src/gpgoladdin.cpp:947 -#: src/ribbon-callbacks.cpp:119 src/ribbon-callbacks.cpp:233 -#: src/ribbon-callbacks.cpp:248 src/ribbon-callbacks.cpp:260 -#: src/ribbon-callbacks.cpp:297 src/ribbon-callbacks.cpp:309 -#: src/ribbon-callbacks.cpp:654 src/ribbon-callbacks.cpp:671 -#: src/ribbon-callbacks.cpp:688 src/ribbon-callbacks.cpp:702 -#: src/ribbon-callbacks.cpp:715 src/ribbon-callbacks.cpp:777 -#: src/ribbon-callbacks.cpp:1077 src/ribbon-callbacks.cpp:1111 -#: src/ribbon-callbacks.cpp:1123 src/ribbon-callbacks.cpp:1148 +#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:292 +#: src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 src/gpgoladdin.cpp:882 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:956 src/gpgoladdin.cpp:959 +#: src/ribbon-callbacks.cpp:121 src/ribbon-callbacks.cpp:235 +#: src/ribbon-callbacks.cpp:250 src/ribbon-callbacks.cpp:262 +#: src/ribbon-callbacks.cpp:299 src/ribbon-callbacks.cpp:311 +#: src/ribbon-callbacks.cpp:656 src/ribbon-callbacks.cpp:673 +#: src/ribbon-callbacks.cpp:687 src/ribbon-callbacks.cpp:700 +#: src/ribbon-callbacks.cpp:723 src/ribbon-callbacks.cpp:783 +#: src/ribbon-callbacks.cpp:1083 src/ribbon-callbacks.cpp:1117 +#: src/ribbon-callbacks.cpp:1129 src/ribbon-callbacks.cpp:1154 msgid "GpgOL" msgstr "GpgOL" @@ -88,11 +88,11 @@ msgstr "" "\n" "\"%s\"" -#: src/mapihelp.cpp:1542 src/mapihelp.cpp:1550 src/mapihelp.cpp:1558 +#: src/mapihelp.cpp:1552 src/mapihelp.cpp:1560 src/mapihelp.cpp:1568 msgid "[no subject]" msgstr "[pas de sujet]" -#: src/mapihelp.cpp:2167 +#: src/mapihelp.cpp:2177 msgid "" "[The content of this message is not visible because it has been decrypted by " "another Outlook session. Use the \"decrypt/verify\" command to make it " @@ -102,7 +102,7 @@ msgstr "" "autre session Outlook. Utiliser la commande \"d??chiffrer/v??rifier\" afin de " "le rendre visible]" -#: src/mapihelp.cpp:3062 +#: src/mapihelp.cpp:3072 msgid "" "[The content of this message is not visible due to an processing error in " "GpgOL.]" @@ -194,16 +194,16 @@ msgstr "??chec du chiffrement (%s)" msgid "Signing failed (%s)" msgstr "??chec de la signature (%s)" -#: src/mimeparser.c:1200 +#: src/mimeparser.c:1213 msgid "Error writing to stream" msgstr "Erreur d'??criture dans le flux" -#: src/mimeparser.c:1201 +#: src/mimeparser.c:1214 msgid "I/O-Error" msgstr "Erreur d'entr??e/sortie" -#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 -#: src/gpgoladdin.cpp:870 src/gpgoladdin.cpp:944 +#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 +#: src/gpgoladdin.cpp:882 src/gpgoladdin.cpp:956 msgid "General" msgstr "G??n??ral" @@ -400,7 +400,7 @@ msgstr "" msgid "Do you want to revert this folder?" msgstr "Voulez-vous r??cup??rer ce dossier ?" -#: src/gpgoladdin.cpp:277 +#: src/gpgoladdin.cpp:288 msgid "" "Failed to remove plaintext from at least one message.\n" "\n" @@ -408,11 +408,11 @@ msgid "" "decrypted in this Session is saved or transfered back to your mailserver." msgstr "" -#: src/gpgoladdin.cpp:580 src/gpgoladdin.cpp:669 +#: src/gpgoladdin.cpp:592 src/gpgoladdin.cpp:681 msgid "Start the Certificate Management Software" msgstr "Lancer le gestionnaire de certificats" -#: src/gpgoladdin.cpp:582 src/gpgoladdin.cpp:671 +#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:683 msgid "" "Open GPA or Kleopatra to manage your certificates. You can use this you to " "generate your own certificates. " @@ -420,46 +420,46 @@ msgstr "" "Ouvre GPA ou Kleopatra pour la gestion de vos certificats. Vous pouvez " "utiliser ces outils pour g??n??rer vos propres certificats." -#: src/gpgoladdin.cpp:586 +#: src/gpgoladdin.cpp:598 #, fuzzy msgid "Encrypt the message." msgstr "D??chiffrer le message" -#: src/gpgoladdin.cpp:588 +#: src/gpgoladdin.cpp:600 msgid "Encrypts the message and all attachments before sending." msgstr "" -#: src/gpgoladdin.cpp:590 +#: src/gpgoladdin.cpp:602 #, fuzzy msgid "Sign the message." msgstr "D??chiffrer le message" -#: src/gpgoladdin.cpp:592 +#: src/gpgoladdin.cpp:604 msgid "Sign the message and all attchments before sending." msgstr "" -#: src/gpgoladdin.cpp:638 src/gpgoladdin.cpp:793 src/gpgoladdin.cpp:871 -#: src/gpgoladdin.cpp:945 +#: src/gpgoladdin.cpp:650 src/gpgoladdin.cpp:805 src/gpgoladdin.cpp:883 +#: src/gpgoladdin.cpp:957 msgid "Start Certificate Manager" msgstr "D??marrer le gestionnaire de certificats" -#: src/gpgoladdin.cpp:639 +#: src/gpgoladdin.cpp:651 msgid "GnuPG" msgstr "" -#: src/gpgoladdin.cpp:640 src/gpgoladdin.cpp:795 src/gpgoladdin.cpp:802 +#: src/gpgoladdin.cpp:652 src/gpgoladdin.cpp:807 src/gpgoladdin.cpp:814 msgid "Encrypt" msgstr "Chiffrer" -#: src/gpgoladdin.cpp:641 src/gpgoladdin.cpp:797 +#: src/gpgoladdin.cpp:653 src/gpgoladdin.cpp:809 msgid "Sign" msgstr "Signer" -#: src/gpgoladdin.cpp:675 +#: src/gpgoladdin.cpp:687 msgid "Encrypt the text of the message" msgstr "Chiffrer le texte du message" -#: src/gpgoladdin.cpp:677 +#: src/gpgoladdin.cpp:689 msgid "" "Choose the certificates for which the message should be encrypted and " "replace the text with the encrypted message." @@ -467,19 +467,19 @@ msgstr "" "Veuillez choisir les certificats avec lesquels le message sera chiffr??. Le " "texte sera remplac?? par le message chiffr??." -#: src/gpgoladdin.cpp:681 +#: src/gpgoladdin.cpp:693 msgid "Add a file as an encrypted attachment" msgstr "Chiffrer un fichier joint" -#: src/gpgoladdin.cpp:683 +#: src/gpgoladdin.cpp:695 msgid "Encrypts a file and adds it as an attachment to the message. " msgstr "Chiffre un fichier et le joint au message." -#: src/gpgoladdin.cpp:686 +#: src/gpgoladdin.cpp:698 msgid "Add a file as an encrypted attachment with a signature" msgstr "Chiffrer et signer un fichier joint" -#: src/gpgoladdin.cpp:688 +#: src/gpgoladdin.cpp:700 msgid "" "Encrypts a file, signs it and adds both the encrypted file and the signature " "as attachments to the message. " @@ -487,20 +487,20 @@ msgstr "" "Chiffre un fichier, le signe puis joint au message le fichier chiffr?? et la " "signature." -#: src/gpgoladdin.cpp:691 +#: src/gpgoladdin.cpp:703 msgid "Decrypt the message" msgstr "D??chiffrer le message" -#: src/gpgoladdin.cpp:693 +#: src/gpgoladdin.cpp:705 msgid "" "Look for PGP or S/MIME encrypted data in the message text and decrypt it." msgstr "D??chiffre les donn??es du message chiffr??es avec PGP ou S/MIME." -#: src/gpgoladdin.cpp:696 +#: src/gpgoladdin.cpp:708 msgid "Add a signature of the message" msgstr "Ajouter une signature au message" -#: src/gpgoladdin.cpp:698 +#: src/gpgoladdin.cpp:710 msgid "" "Appends a signed copy of the message text in an opaque signature. An opaque " "signature ensures that the signed text is not modified by embedding it in " @@ -512,68 +512,68 @@ msgstr "" "signature elle-m??me. La combinaison du message sign?? et de votre signature " "est ajout??e ?? la fin du message. Le message ne sera pas chiffr????!" -#: src/gpgoladdin.cpp:794 src/gpgoladdin.cpp:872 +#: src/gpgoladdin.cpp:806 src/gpgoladdin.cpp:884 msgid "Textbody" msgstr "Corps du message" -#: src/gpgoladdin.cpp:796 src/gpgoladdin.cpp:802 src/gpgoladdin.cpp:873 -#: src/gpgoladdin.cpp:876 src/gpgoladdin.cpp:877 +#: src/gpgoladdin.cpp:808 src/gpgoladdin.cpp:814 src/gpgoladdin.cpp:885 +#: src/gpgoladdin.cpp:888 src/gpgoladdin.cpp:889 msgid "Decrypt" msgstr "D??chiffrer" -#: src/gpgoladdin.cpp:798 src/gpgoladdin.cpp:874 +#: src/gpgoladdin.cpp:810 src/gpgoladdin.cpp:886 msgid "Verify" msgstr "V??rifier" -#: src/gpgoladdin.cpp:799 +#: src/gpgoladdin.cpp:811 msgid "Attachments" msgstr "Fichiers joints" -#: src/gpgoladdin.cpp:800 +#: src/gpgoladdin.cpp:812 msgid "Encrypted file" msgstr "Chiffrer un fichier" -#: src/gpgoladdin.cpp:801 +#: src/gpgoladdin.cpp:813 msgid "Encrypted file and Signature" msgstr "Chiffrer et signer un fichier" -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:947 src/gpgoladdin.cpp:948 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:959 src/gpgoladdin.cpp:960 msgid "Save and decrypt" msgstr "Enregistrer et d??chiffrer" -#: src/ribbon-callbacks.cpp:247 +#: src/ribbon-callbacks.cpp:249 msgid "Please select text to encrypt." msgstr "Veuillez s??lectionner le texte ?? chiffrer." -#: src/ribbon-callbacks.cpp:259 +#: src/ribbon-callbacks.cpp:261 msgid "Textbody empty." msgstr "Corps du texte vide." -#: src/ribbon-callbacks.cpp:308 src/ribbon-callbacks.cpp:1076 +#: src/ribbon-callbacks.cpp:310 src/ribbon-callbacks.cpp:1082 msgid "Please add at least one recipent." msgstr "Veuillez ajouter au moins un destinataire." -#: src/ribbon-callbacks.cpp:670 +#: src/ribbon-callbacks.cpp:672 msgid "Please select a Mail." msgstr "Veuillez s??lectionner un mail." -#: src/ribbon-callbacks.cpp:701 +#: src/ribbon-callbacks.cpp:686 msgid "Please select the data you wish to decrypt." msgstr "Veuillez s??lectionner les donn??es ?? d??chiffrer." -#: src/ribbon-callbacks.cpp:714 +#: src/ribbon-callbacks.cpp:699 msgid "Nothing to decrypt." msgstr "Rien ?? d??chiffrer." -#: src/ribbon-callbacks.cpp:872 +#: src/ribbon-callbacks.cpp:878 msgid "Plain text" msgstr "\"Plain text\"" -#: src/ribbon-callbacks.cpp:873 +#: src/ribbon-callbacks.cpp:879 msgid "Signed text" msgstr "Texte sign??" -#: src/ribbon-callbacks.cpp:1083 +#: src/ribbon-callbacks.cpp:1089 msgid "Select file to encrypt" msgstr "S??lectionner le fichier ?? chiffrer" diff --git a/po/pt.po b/po/pt.po index a67c045..18cac49 100644 --- a/po/pt.po +++ b/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: GpgOL 1.1.1\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" -"POT-Creation-Date: 2015-11-12 12:50+0100\n" +"POT-Creation-Date: 2015-11-23 18:51+0100\n" "PO-Revision-Date: 2010-07-18 20:41-0000\n" "Last-Translator: Marco A.G.Pinto \n" "Language-Team: Portuguese \n" @@ -61,17 +61,17 @@ msgstr "" "iniciado a tempo. Podes querer tentar novamente. " #: src/engine.c:377 src/main.c:708 src/main.c:714 src/message.cpp:300 -#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:281 -#: src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 src/gpgoladdin.cpp:870 -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:944 src/gpgoladdin.cpp:947 -#: src/ribbon-callbacks.cpp:119 src/ribbon-callbacks.cpp:233 -#: src/ribbon-callbacks.cpp:248 src/ribbon-callbacks.cpp:260 -#: src/ribbon-callbacks.cpp:297 src/ribbon-callbacks.cpp:309 -#: src/ribbon-callbacks.cpp:654 src/ribbon-callbacks.cpp:671 -#: src/ribbon-callbacks.cpp:688 src/ribbon-callbacks.cpp:702 -#: src/ribbon-callbacks.cpp:715 src/ribbon-callbacks.cpp:777 -#: src/ribbon-callbacks.cpp:1077 src/ribbon-callbacks.cpp:1111 -#: src/ribbon-callbacks.cpp:1123 src/ribbon-callbacks.cpp:1148 +#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:292 +#: src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 src/gpgoladdin.cpp:882 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:956 src/gpgoladdin.cpp:959 +#: src/ribbon-callbacks.cpp:121 src/ribbon-callbacks.cpp:235 +#: src/ribbon-callbacks.cpp:250 src/ribbon-callbacks.cpp:262 +#: src/ribbon-callbacks.cpp:299 src/ribbon-callbacks.cpp:311 +#: src/ribbon-callbacks.cpp:656 src/ribbon-callbacks.cpp:673 +#: src/ribbon-callbacks.cpp:687 src/ribbon-callbacks.cpp:700 +#: src/ribbon-callbacks.cpp:723 src/ribbon-callbacks.cpp:783 +#: src/ribbon-callbacks.cpp:1083 src/ribbon-callbacks.cpp:1117 +#: src/ribbon-callbacks.cpp:1129 src/ribbon-callbacks.cpp:1154 msgid "GpgOL" msgstr "GpgOL" @@ -91,11 +91,11 @@ msgstr "" "\n" "\"%s\"" -#: src/mapihelp.cpp:1542 src/mapihelp.cpp:1550 src/mapihelp.cpp:1558 +#: src/mapihelp.cpp:1552 src/mapihelp.cpp:1560 src/mapihelp.cpp:1568 msgid "[no subject]" msgstr "[sem assunto]" -#: src/mapihelp.cpp:2167 +#: src/mapihelp.cpp:2177 msgid "" "[The content of this message is not visible because it has been decrypted by " "another Outlook session. Use the \"decrypt/verify\" command to make it " @@ -105,7 +105,7 @@ msgstr "" "sess?o do Outlook. Usa o comando \"Desencriptar/Verificar\" para torn?-lo " "vis?vel]" -#: src/mapihelp.cpp:3062 +#: src/mapihelp.cpp:3072 msgid "" "[The content of this message is not visible due to an processing error in " "GpgOL.]" @@ -196,16 +196,16 @@ msgstr "A encripta msgid "Signing failed (%s)" msgstr "A assinatura falhou (%s)" -#: src/mimeparser.c:1200 +#: src/mimeparser.c:1213 msgid "Error writing to stream" msgstr "Erro ao escrever no stream" -#: src/mimeparser.c:1201 +#: src/mimeparser.c:1214 msgid "I/O-Error" msgstr "I/O-Erro" -#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 -#: src/gpgoladdin.cpp:870 src/gpgoladdin.cpp:944 +#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 +#: src/gpgoladdin.cpp:882 src/gpgoladdin.cpp:956 msgid "General" msgstr "Geral" @@ -423,7 +423,7 @@ msgstr "" msgid "Do you want to revert this folder?" msgstr "Queres reverter esta pasta?" -#: src/gpgoladdin.cpp:277 +#: src/gpgoladdin.cpp:288 msgid "" "Failed to remove plaintext from at least one message.\n" "\n" @@ -431,101 +431,101 @@ msgid "" "decrypted in this Session is saved or transfered back to your mailserver." msgstr "" -#: src/gpgoladdin.cpp:580 src/gpgoladdin.cpp:669 +#: src/gpgoladdin.cpp:592 src/gpgoladdin.cpp:681 #, fuzzy msgid "Start the Certificate Management Software" msgstr "GnuPG Zertifikats&verwaltung" -#: src/gpgoladdin.cpp:582 src/gpgoladdin.cpp:671 +#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:683 msgid "" "Open GPA or Kleopatra to manage your certificates. You can use this you to " "generate your own certificates. " msgstr "" -#: src/gpgoladdin.cpp:586 +#: src/gpgoladdin.cpp:598 #, fuzzy msgid "Encrypt the message." msgstr "Entschl?sseln und Pr?fen der Nachricht." -#: src/gpgoladdin.cpp:588 +#: src/gpgoladdin.cpp:600 msgid "Encrypts the message and all attachments before sending." msgstr "" -#: src/gpgoladdin.cpp:590 +#: src/gpgoladdin.cpp:602 #, fuzzy msgid "Sign the message." msgstr "Entschl?sseln und Pr?fen der Nachricht." -#: src/gpgoladdin.cpp:592 +#: src/gpgoladdin.cpp:604 msgid "Sign the message and all attchments before sending." msgstr "" -#: src/gpgoladdin.cpp:638 src/gpgoladdin.cpp:793 src/gpgoladdin.cpp:871 -#: src/gpgoladdin.cpp:945 +#: src/gpgoladdin.cpp:650 src/gpgoladdin.cpp:805 src/gpgoladdin.cpp:883 +#: src/gpgoladdin.cpp:957 #, fuzzy msgid "Start Certificate Manager" msgstr "GnuPG Zertifikats&verwaltung" -#: src/gpgoladdin.cpp:639 +#: src/gpgoladdin.cpp:651 msgid "GnuPG" msgstr "" -#: src/gpgoladdin.cpp:640 src/gpgoladdin.cpp:795 src/gpgoladdin.cpp:802 +#: src/gpgoladdin.cpp:652 src/gpgoladdin.cpp:807 src/gpgoladdin.cpp:814 #, fuzzy msgid "Encrypt" msgstr "Encripta??o" -#: src/gpgoladdin.cpp:641 src/gpgoladdin.cpp:797 +#: src/gpgoladdin.cpp:653 src/gpgoladdin.cpp:809 msgid "Sign" msgstr "" -#: src/gpgoladdin.cpp:675 +#: src/gpgoladdin.cpp:687 #, fuzzy msgid "Encrypt the text of the message" msgstr "Entschl?sseln und Pr?fen der Nachricht." -#: src/gpgoladdin.cpp:677 +#: src/gpgoladdin.cpp:689 msgid "" "Choose the certificates for which the message should be encrypted and " "replace the text with the encrypted message." msgstr "" -#: src/gpgoladdin.cpp:681 +#: src/gpgoladdin.cpp:693 #, fuzzy msgid "Add a file as an encrypted attachment" msgstr "Apresentar mensagem encriptada como anexo" -#: src/gpgoladdin.cpp:683 +#: src/gpgoladdin.cpp:695 msgid "Encrypts a file and adds it as an attachment to the message. " msgstr "" -#: src/gpgoladdin.cpp:686 +#: src/gpgoladdin.cpp:698 #, fuzzy msgid "Add a file as an encrypted attachment with a signature" msgstr "Apresentar mensagem encriptada como anexo" -#: src/gpgoladdin.cpp:688 +#: src/gpgoladdin.cpp:700 msgid "" "Encrypts a file, signs it and adds both the encrypted file and the signature " "as attachments to the message. " msgstr "" -#: src/gpgoladdin.cpp:691 +#: src/gpgoladdin.cpp:703 #, fuzzy msgid "Decrypt the message" msgstr "Entschl?sseln und Pr?fen der Nachricht." -#: src/gpgoladdin.cpp:693 +#: src/gpgoladdin.cpp:705 msgid "" "Look for PGP or S/MIME encrypted data in the message text and decrypt it." msgstr "" -#: src/gpgoladdin.cpp:696 +#: src/gpgoladdin.cpp:708 #, fuzzy msgid "Add a signature of the message" msgstr "Entschl?sseln und Pr?fen der Nachricht." -#: src/gpgoladdin.cpp:698 +#: src/gpgoladdin.cpp:710 msgid "" "Appends a signed copy of the message text in an opaque signature. An opaque " "signature ensures that the signed text is not modified by embedding it in " @@ -533,75 +533,75 @@ msgid "" "signature is added below the plain text. The message will not be encrypted!" msgstr "" -#: src/gpgoladdin.cpp:794 src/gpgoladdin.cpp:872 +#: src/gpgoladdin.cpp:806 src/gpgoladdin.cpp:884 msgid "Textbody" msgstr "" -#: src/gpgoladdin.cpp:796 src/gpgoladdin.cpp:802 src/gpgoladdin.cpp:873 -#: src/gpgoladdin.cpp:876 src/gpgoladdin.cpp:877 +#: src/gpgoladdin.cpp:808 src/gpgoladdin.cpp:814 src/gpgoladdin.cpp:885 +#: src/gpgoladdin.cpp:888 src/gpgoladdin.cpp:889 #, fuzzy msgid "Decrypt" msgstr "Entschl?sselung" -#: src/gpgoladdin.cpp:798 src/gpgoladdin.cpp:874 +#: src/gpgoladdin.cpp:810 src/gpgoladdin.cpp:886 msgid "Verify" msgstr "" -#: src/gpgoladdin.cpp:799 +#: src/gpgoladdin.cpp:811 #, fuzzy msgid "Attachments" msgstr "Entschl?sselung eines Anhangs" -#: src/gpgoladdin.cpp:800 +#: src/gpgoladdin.cpp:812 #, fuzzy msgid "Encrypted file" msgstr "Encripta??o" -#: src/gpgoladdin.cpp:801 +#: src/gpgoladdin.cpp:813 msgid "Encrypted file and Signature" msgstr "" -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:947 src/gpgoladdin.cpp:948 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:959 src/gpgoladdin.cpp:960 msgid "Save and decrypt" msgstr "" -#: src/ribbon-callbacks.cpp:247 +#: src/ribbon-callbacks.cpp:249 #, fuzzy msgid "Please select text to encrypt." msgstr "Por favor selecciona pelo menos um certificado de destinat?rio." -#: src/ribbon-callbacks.cpp:259 +#: src/ribbon-callbacks.cpp:261 msgid "Textbody empty." msgstr "" -#: src/ribbon-callbacks.cpp:308 src/ribbon-callbacks.cpp:1076 +#: src/ribbon-callbacks.cpp:310 src/ribbon-callbacks.cpp:1082 #, fuzzy msgid "Please add at least one recipent." msgstr "Por favor selecciona pelo menos um certificado de destinat?rio." -#: src/ribbon-callbacks.cpp:670 +#: src/ribbon-callbacks.cpp:672 #, fuzzy msgid "Please select a Mail." msgstr "Por favor selecciona pelo menos um certificado de destinat?rio." -#: src/ribbon-callbacks.cpp:701 +#: src/ribbon-callbacks.cpp:686 #, fuzzy msgid "Please select the data you wish to decrypt." msgstr "Por favor selecciona pelo menos um certificado de destinat?rio." -#: src/ribbon-callbacks.cpp:714 +#: src/ribbon-callbacks.cpp:699 msgid "Nothing to decrypt." msgstr "" -#: src/ribbon-callbacks.cpp:872 +#: src/ribbon-callbacks.cpp:878 msgid "Plain text" msgstr "" -#: src/ribbon-callbacks.cpp:873 +#: src/ribbon-callbacks.cpp:879 msgid "Signed text" msgstr "" -#: src/ribbon-callbacks.cpp:1083 +#: src/ribbon-callbacks.cpp:1089 #, fuzzy msgid "Select file to encrypt" msgstr "Por favor selecciona pelo menos um certificado de destinat?rio." diff --git a/po/zh_CN.po b/po/zh_CN.po index a7e285f..65b0355 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: GpgOL\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" -"POT-Creation-Date: 2015-11-12 12:50+0100\n" +"POT-Creation-Date: 2015-11-23 18:51+0100\n" "PO-Revision-Date: 2015-08-15 21:58+0800\n" "Last-Translator: Mingye Wang (Arthur2e5) \n" "Language-Team: \n" @@ -57,17 +57,17 @@ msgid "" msgstr "????????????????????????????????????????????????????????????????????????????????????" #: src/engine.c:377 src/main.c:708 src/main.c:714 src/message.cpp:300 -#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:281 -#: src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 src/gpgoladdin.cpp:870 -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:944 src/gpgoladdin.cpp:947 -#: src/ribbon-callbacks.cpp:119 src/ribbon-callbacks.cpp:233 -#: src/ribbon-callbacks.cpp:248 src/ribbon-callbacks.cpp:260 -#: src/ribbon-callbacks.cpp:297 src/ribbon-callbacks.cpp:309 -#: src/ribbon-callbacks.cpp:654 src/ribbon-callbacks.cpp:671 -#: src/ribbon-callbacks.cpp:688 src/ribbon-callbacks.cpp:702 -#: src/ribbon-callbacks.cpp:715 src/ribbon-callbacks.cpp:777 -#: src/ribbon-callbacks.cpp:1077 src/ribbon-callbacks.cpp:1111 -#: src/ribbon-callbacks.cpp:1123 src/ribbon-callbacks.cpp:1148 +#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:292 +#: src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 src/gpgoladdin.cpp:882 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:956 src/gpgoladdin.cpp:959 +#: src/ribbon-callbacks.cpp:121 src/ribbon-callbacks.cpp:235 +#: src/ribbon-callbacks.cpp:250 src/ribbon-callbacks.cpp:262 +#: src/ribbon-callbacks.cpp:299 src/ribbon-callbacks.cpp:311 +#: src/ribbon-callbacks.cpp:656 src/ribbon-callbacks.cpp:673 +#: src/ribbon-callbacks.cpp:687 src/ribbon-callbacks.cpp:700 +#: src/ribbon-callbacks.cpp:723 src/ribbon-callbacks.cpp:783 +#: src/ribbon-callbacks.cpp:1083 src/ribbon-callbacks.cpp:1117 +#: src/ribbon-callbacks.cpp:1129 src/ribbon-callbacks.cpp:1154 msgid "GpgOL" msgstr "GpgOL" @@ -87,11 +87,11 @@ msgstr "" "\n" "\"%s\"" -#: src/mapihelp.cpp:1542 src/mapihelp.cpp:1550 src/mapihelp.cpp:1558 +#: src/mapihelp.cpp:1552 src/mapihelp.cpp:1560 src/mapihelp.cpp:1568 msgid "[no subject]" msgstr "[?????????]" -#: src/mapihelp.cpp:2167 +#: src/mapihelp.cpp:2177 msgid "" "[The content of this message is not visible because it has been decrypted by " "another Outlook session. Use the \"decrypt/verify\" command to make it " @@ -100,7 +100,7 @@ msgstr "" "[???????????????????????????????????????????????? Outlook ???????????????????????????/????????????????????????" "???]" -#: src/mapihelp.cpp:3062 +#: src/mapihelp.cpp:3072 msgid "" "[The content of this message is not visible due to an processing error in " "GpgOL.]" @@ -186,16 +186,16 @@ msgstr "???????????? (%s)" msgid "Signing failed (%s)" msgstr "???????????? (%s)" -#: src/mimeparser.c:1200 +#: src/mimeparser.c:1213 msgid "Error writing to stream" msgstr "?????????????????????" -#: src/mimeparser.c:1201 +#: src/mimeparser.c:1214 msgid "I/O-Error" msgstr "??????????????????" -#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 -#: src/gpgoladdin.cpp:870 src/gpgoladdin.cpp:944 +#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 +#: src/gpgoladdin.cpp:882 src/gpgoladdin.cpp:956 msgid "General" msgstr "??????" @@ -393,7 +393,7 @@ msgstr "" msgid "Do you want to revert this folder?" msgstr "????????????????????????????????????" -#: src/gpgoladdin.cpp:277 +#: src/gpgoladdin.cpp:288 msgid "" "Failed to remove plaintext from at least one message.\n" "\n" @@ -401,93 +401,93 @@ msgid "" "decrypted in this Session is saved or transfered back to your mailserver." msgstr "" -#: src/gpgoladdin.cpp:580 src/gpgoladdin.cpp:669 +#: src/gpgoladdin.cpp:592 src/gpgoladdin.cpp:681 msgid "Start the Certificate Management Software" msgstr "????????????????????????" -#: src/gpgoladdin.cpp:582 src/gpgoladdin.cpp:671 +#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:683 msgid "" "Open GPA or Kleopatra to manage your certificates. You can use this you to " "generate your own certificates. " msgstr "?????? GPA ??? Kleopatra ?????????????????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:586 +#: src/gpgoladdin.cpp:598 #, fuzzy msgid "Encrypt the message." msgstr "????????????" -#: src/gpgoladdin.cpp:588 +#: src/gpgoladdin.cpp:600 msgid "Encrypts the message and all attachments before sending." msgstr "" -#: src/gpgoladdin.cpp:590 +#: src/gpgoladdin.cpp:602 #, fuzzy msgid "Sign the message." msgstr "????????????" -#: src/gpgoladdin.cpp:592 +#: src/gpgoladdin.cpp:604 msgid "Sign the message and all attchments before sending." msgstr "" -#: src/gpgoladdin.cpp:638 src/gpgoladdin.cpp:793 src/gpgoladdin.cpp:871 -#: src/gpgoladdin.cpp:945 +#: src/gpgoladdin.cpp:650 src/gpgoladdin.cpp:805 src/gpgoladdin.cpp:883 +#: src/gpgoladdin.cpp:957 msgid "Start Certificate Manager" msgstr "?????????????????????" -#: src/gpgoladdin.cpp:639 +#: src/gpgoladdin.cpp:651 msgid "GnuPG" msgstr "" -#: src/gpgoladdin.cpp:640 src/gpgoladdin.cpp:795 src/gpgoladdin.cpp:802 +#: src/gpgoladdin.cpp:652 src/gpgoladdin.cpp:807 src/gpgoladdin.cpp:814 msgid "Encrypt" msgstr "??????" -#: src/gpgoladdin.cpp:641 src/gpgoladdin.cpp:797 +#: src/gpgoladdin.cpp:653 src/gpgoladdin.cpp:809 msgid "Sign" msgstr "??????" -#: src/gpgoladdin.cpp:675 +#: src/gpgoladdin.cpp:687 msgid "Encrypt the text of the message" msgstr "??????????????????" -#: src/gpgoladdin.cpp:677 +#: src/gpgoladdin.cpp:689 msgid "" "Choose the certificates for which the message should be encrypted and " "replace the text with the encrypted message." msgstr "???????????????????????????????????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:681 +#: src/gpgoladdin.cpp:693 msgid "Add a file as an encrypted attachment" msgstr "???????????????????????????" -#: src/gpgoladdin.cpp:683 +#: src/gpgoladdin.cpp:695 msgid "Encrypts a file and adds it as an attachment to the message. " msgstr "?????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:686 +#: src/gpgoladdin.cpp:698 msgid "Add a file as an encrypted attachment with a signature" msgstr "??????????????????????????????" -#: src/gpgoladdin.cpp:688 +#: src/gpgoladdin.cpp:700 msgid "" "Encrypts a file, signs it and adds both the encrypted file and the signature " "as attachments to the message. " msgstr "???????????????????????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:691 +#: src/gpgoladdin.cpp:703 msgid "Decrypt the message" msgstr "????????????" -#: src/gpgoladdin.cpp:693 +#: src/gpgoladdin.cpp:705 msgid "" "Look for PGP or S/MIME encrypted data in the message text and decrypt it." msgstr "???????????????????????? PGP ??? S/MIME ??????????????????" -#: src/gpgoladdin.cpp:696 +#: src/gpgoladdin.cpp:708 msgid "Add a signature of the message" msgstr "????????????????????????" -#: src/gpgoladdin.cpp:698 +#: src/gpgoladdin.cpp:710 msgid "" "Appends a signed copy of the message text in an opaque signature. An opaque " "signature ensures that the signed text is not modified by embedding it in " @@ -497,68 +497,68 @@ msgstr "" "??????????????????????????????????????????????????????????????????????????????????????????????????????????????????" "???????????????????????????????????????????????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:794 src/gpgoladdin.cpp:872 +#: src/gpgoladdin.cpp:806 src/gpgoladdin.cpp:884 msgid "Textbody" msgstr "????????????" -#: src/gpgoladdin.cpp:796 src/gpgoladdin.cpp:802 src/gpgoladdin.cpp:873 -#: src/gpgoladdin.cpp:876 src/gpgoladdin.cpp:877 +#: src/gpgoladdin.cpp:808 src/gpgoladdin.cpp:814 src/gpgoladdin.cpp:885 +#: src/gpgoladdin.cpp:888 src/gpgoladdin.cpp:889 msgid "Decrypt" msgstr "??????" -#: src/gpgoladdin.cpp:798 src/gpgoladdin.cpp:874 +#: src/gpgoladdin.cpp:810 src/gpgoladdin.cpp:886 msgid "Verify" msgstr "??????" -#: src/gpgoladdin.cpp:799 +#: src/gpgoladdin.cpp:811 msgid "Attachments" msgstr "??????" -#: src/gpgoladdin.cpp:800 +#: src/gpgoladdin.cpp:812 msgid "Encrypted file" msgstr "??????????????????" -#: src/gpgoladdin.cpp:801 +#: src/gpgoladdin.cpp:813 msgid "Encrypted file and Signature" msgstr "???????????????????????????" -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:947 src/gpgoladdin.cpp:948 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:959 src/gpgoladdin.cpp:960 msgid "Save and decrypt" msgstr "???????????????" -#: src/ribbon-callbacks.cpp:247 +#: src/ribbon-callbacks.cpp:249 msgid "Please select text to encrypt." msgstr "???????????????????????????" -#: src/ribbon-callbacks.cpp:259 +#: src/ribbon-callbacks.cpp:261 msgid "Textbody empty." msgstr "??????????????????" -#: src/ribbon-callbacks.cpp:308 src/ribbon-callbacks.cpp:1076 +#: src/ribbon-callbacks.cpp:310 src/ribbon-callbacks.cpp:1082 msgid "Please add at least one recipent." msgstr "?????????????????????????????????" -#: src/ribbon-callbacks.cpp:670 +#: src/ribbon-callbacks.cpp:672 msgid "Please select a Mail." msgstr "????????????????????????" -#: src/ribbon-callbacks.cpp:701 +#: src/ribbon-callbacks.cpp:686 msgid "Please select the data you wish to decrypt." msgstr "???????????????????????????" -#: src/ribbon-callbacks.cpp:714 +#: src/ribbon-callbacks.cpp:699 msgid "Nothing to decrypt." msgstr "??????????????????????????????" -#: src/ribbon-callbacks.cpp:872 +#: src/ribbon-callbacks.cpp:878 msgid "Plain text" msgstr "?????????" -#: src/ribbon-callbacks.cpp:873 +#: src/ribbon-callbacks.cpp:879 msgid "Signed text" msgstr "??????????????????" -#: src/ribbon-callbacks.cpp:1083 +#: src/ribbon-callbacks.cpp:1089 msgid "Select file to encrypt" msgstr "????????????????????????" diff --git a/po/zh_TW.po b/po/zh_TW.po index 883d5e0..76c41c5 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: GpgOL\n" "Report-Msgid-Bugs-To: bug-gpgol at g10code.com\n" -"POT-Creation-Date: 2015-11-12 12:50+0100\n" +"POT-Creation-Date: 2015-11-23 18:51+0100\n" "PO-Revision-Date: 2015-08-15 21:58+0800\n" "Last-Translator: Mingye Wang (Arthur2e5) \n" "Language-Team: \n" @@ -57,17 +57,17 @@ msgid "" msgstr "???????????????????????????????????????????????????????????????????????????????????????" #: src/engine.c:377 src/main.c:708 src/main.c:714 src/message.cpp:300 -#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:281 -#: src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 src/gpgoladdin.cpp:870 -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:944 src/gpgoladdin.cpp:947 -#: src/ribbon-callbacks.cpp:119 src/ribbon-callbacks.cpp:233 -#: src/ribbon-callbacks.cpp:248 src/ribbon-callbacks.cpp:260 -#: src/ribbon-callbacks.cpp:297 src/ribbon-callbacks.cpp:309 -#: src/ribbon-callbacks.cpp:654 src/ribbon-callbacks.cpp:671 -#: src/ribbon-callbacks.cpp:688 src/ribbon-callbacks.cpp:702 -#: src/ribbon-callbacks.cpp:715 src/ribbon-callbacks.cpp:777 -#: src/ribbon-callbacks.cpp:1077 src/ribbon-callbacks.cpp:1111 -#: src/ribbon-callbacks.cpp:1123 src/ribbon-callbacks.cpp:1148 +#: src/explorers.cpp:204 src/explorers.cpp:209 src/gpgoladdin.cpp:292 +#: src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 src/gpgoladdin.cpp:882 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:956 src/gpgoladdin.cpp:959 +#: src/ribbon-callbacks.cpp:121 src/ribbon-callbacks.cpp:235 +#: src/ribbon-callbacks.cpp:250 src/ribbon-callbacks.cpp:262 +#: src/ribbon-callbacks.cpp:299 src/ribbon-callbacks.cpp:311 +#: src/ribbon-callbacks.cpp:656 src/ribbon-callbacks.cpp:673 +#: src/ribbon-callbacks.cpp:687 src/ribbon-callbacks.cpp:700 +#: src/ribbon-callbacks.cpp:723 src/ribbon-callbacks.cpp:783 +#: src/ribbon-callbacks.cpp:1083 src/ribbon-callbacks.cpp:1117 +#: src/ribbon-callbacks.cpp:1129 src/ribbon-callbacks.cpp:1154 msgid "GpgOL" msgstr "GpgOL" @@ -87,11 +87,11 @@ msgstr "" "\n" "\"%s\"" -#: src/mapihelp.cpp:1542 src/mapihelp.cpp:1550 src/mapihelp.cpp:1558 +#: src/mapihelp.cpp:1552 src/mapihelp.cpp:1560 src/mapihelp.cpp:1568 msgid "[no subject]" msgstr "[?????????]" -#: src/mapihelp.cpp:2167 +#: src/mapihelp.cpp:2177 msgid "" "[The content of this message is not visible because it has been decrypted by " "another Outlook session. Use the \"decrypt/verify\" command to make it " @@ -100,7 +100,7 @@ msgstr "" "[???????????????????????????????????????????????? Outlook ???????????????????????????/????????????????????????" "???]" -#: src/mapihelp.cpp:3062 +#: src/mapihelp.cpp:3072 msgid "" "[The content of this message is not visible due to an processing error in " "GpgOL.]" @@ -186,16 +186,16 @@ msgstr "???????????? (%s)" msgid "Signing failed (%s)" msgstr "???????????? (%s)" -#: src/mimeparser.c:1200 +#: src/mimeparser.c:1213 msgid "Error writing to stream" msgstr "?????????????????????" -#: src/mimeparser.c:1201 +#: src/mimeparser.c:1214 msgid "I/O-Error" msgstr "??????????????????" -#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:637 src/gpgoladdin.cpp:792 -#: src/gpgoladdin.cpp:870 src/gpgoladdin.cpp:944 +#: src/olflange-dlgs.cpp:43 src/gpgoladdin.cpp:649 src/gpgoladdin.cpp:804 +#: src/gpgoladdin.cpp:882 src/gpgoladdin.cpp:956 msgid "General" msgstr "??????" @@ -395,7 +395,7 @@ msgstr "" msgid "Do you want to revert this folder?" msgstr "????????????????????????????????????" -#: src/gpgoladdin.cpp:277 +#: src/gpgoladdin.cpp:288 msgid "" "Failed to remove plaintext from at least one message.\n" "\n" @@ -403,93 +403,93 @@ msgid "" "decrypted in this Session is saved or transfered back to your mailserver." msgstr "" -#: src/gpgoladdin.cpp:580 src/gpgoladdin.cpp:669 +#: src/gpgoladdin.cpp:592 src/gpgoladdin.cpp:681 msgid "Start the Certificate Management Software" msgstr "????????????????????????" -#: src/gpgoladdin.cpp:582 src/gpgoladdin.cpp:671 +#: src/gpgoladdin.cpp:594 src/gpgoladdin.cpp:683 msgid "" "Open GPA or Kleopatra to manage your certificates. You can use this you to " "generate your own certificates. " msgstr "?????? GPA ??? Kleopatra ?????????????????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:586 +#: src/gpgoladdin.cpp:598 #, fuzzy msgid "Encrypt the message." msgstr "????????????" -#: src/gpgoladdin.cpp:588 +#: src/gpgoladdin.cpp:600 msgid "Encrypts the message and all attachments before sending." msgstr "" -#: src/gpgoladdin.cpp:590 +#: src/gpgoladdin.cpp:602 #, fuzzy msgid "Sign the message." msgstr "????????????" -#: src/gpgoladdin.cpp:592 +#: src/gpgoladdin.cpp:604 msgid "Sign the message and all attchments before sending." msgstr "" -#: src/gpgoladdin.cpp:638 src/gpgoladdin.cpp:793 src/gpgoladdin.cpp:871 -#: src/gpgoladdin.cpp:945 +#: src/gpgoladdin.cpp:650 src/gpgoladdin.cpp:805 src/gpgoladdin.cpp:883 +#: src/gpgoladdin.cpp:957 msgid "Start Certificate Manager" msgstr "?????????????????????" -#: src/gpgoladdin.cpp:639 +#: src/gpgoladdin.cpp:651 msgid "GnuPG" msgstr "" -#: src/gpgoladdin.cpp:640 src/gpgoladdin.cpp:795 src/gpgoladdin.cpp:802 +#: src/gpgoladdin.cpp:652 src/gpgoladdin.cpp:807 src/gpgoladdin.cpp:814 msgid "Encrypt" msgstr "??????" -#: src/gpgoladdin.cpp:641 src/gpgoladdin.cpp:797 +#: src/gpgoladdin.cpp:653 src/gpgoladdin.cpp:809 msgid "Sign" msgstr "??????" -#: src/gpgoladdin.cpp:675 +#: src/gpgoladdin.cpp:687 msgid "Encrypt the text of the message" msgstr "??????????????????" -#: src/gpgoladdin.cpp:677 +#: src/gpgoladdin.cpp:689 msgid "" "Choose the certificates for which the message should be encrypted and " "replace the text with the encrypted message." msgstr "???????????????????????????????????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:681 +#: src/gpgoladdin.cpp:693 msgid "Add a file as an encrypted attachment" msgstr "???????????????????????????" -#: src/gpgoladdin.cpp:683 +#: src/gpgoladdin.cpp:695 msgid "Encrypts a file and adds it as an attachment to the message. " msgstr "?????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:686 +#: src/gpgoladdin.cpp:698 msgid "Add a file as an encrypted attachment with a signature" msgstr "??????????????????????????????" -#: src/gpgoladdin.cpp:688 +#: src/gpgoladdin.cpp:700 msgid "" "Encrypts a file, signs it and adds both the encrypted file and the signature " "as attachments to the message. " msgstr "???????????????????????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:691 +#: src/gpgoladdin.cpp:703 msgid "Decrypt the message" msgstr "????????????" -#: src/gpgoladdin.cpp:693 +#: src/gpgoladdin.cpp:705 msgid "" "Look for PGP or S/MIME encrypted data in the message text and decrypt it." msgstr "???????????????????????? PGP ??? S/MIME ??????????????????" -#: src/gpgoladdin.cpp:696 +#: src/gpgoladdin.cpp:708 msgid "Add a signature of the message" msgstr "????????????????????????" -#: src/gpgoladdin.cpp:698 +#: src/gpgoladdin.cpp:710 msgid "" "Appends a signed copy of the message text in an opaque signature. An opaque " "signature ensures that the signed text is not modified by embedding it in " @@ -499,68 +499,68 @@ msgstr "" "??????????????????????????????????????????????????????????????????????????????????????????????????????????????????" "???????????????????????????????????????????????????????????????????????????????????????????????????" -#: src/gpgoladdin.cpp:794 src/gpgoladdin.cpp:872 +#: src/gpgoladdin.cpp:806 src/gpgoladdin.cpp:884 msgid "Textbody" msgstr "????????????" -#: src/gpgoladdin.cpp:796 src/gpgoladdin.cpp:802 src/gpgoladdin.cpp:873 -#: src/gpgoladdin.cpp:876 src/gpgoladdin.cpp:877 +#: src/gpgoladdin.cpp:808 src/gpgoladdin.cpp:814 src/gpgoladdin.cpp:885 +#: src/gpgoladdin.cpp:888 src/gpgoladdin.cpp:889 msgid "Decrypt" msgstr "??????" -#: src/gpgoladdin.cpp:798 src/gpgoladdin.cpp:874 +#: src/gpgoladdin.cpp:810 src/gpgoladdin.cpp:886 msgid "Verify" msgstr "??????" -#: src/gpgoladdin.cpp:799 +#: src/gpgoladdin.cpp:811 msgid "Attachments" msgstr "??????" -#: src/gpgoladdin.cpp:800 +#: src/gpgoladdin.cpp:812 msgid "Encrypted file" msgstr "??????????????????" -#: src/gpgoladdin.cpp:801 +#: src/gpgoladdin.cpp:813 msgid "Encrypted file and Signature" msgstr "???????????????????????????" -#: src/gpgoladdin.cpp:875 src/gpgoladdin.cpp:947 src/gpgoladdin.cpp:948 +#: src/gpgoladdin.cpp:887 src/gpgoladdin.cpp:959 src/gpgoladdin.cpp:960 msgid "Save and decrypt" msgstr "???????????????" -#: src/ribbon-callbacks.cpp:247 +#: src/ribbon-callbacks.cpp:249 msgid "Please select text to encrypt." msgstr "???????????????????????????" -#: src/ribbon-callbacks.cpp:259 +#: src/ribbon-callbacks.cpp:261 msgid "Textbody empty." msgstr "??????????????????" -#: src/ribbon-callbacks.cpp:308 src/ribbon-callbacks.cpp:1076 +#: src/ribbon-callbacks.cpp:310 src/ribbon-callbacks.cpp:1082 msgid "Please add at least one recipent." msgstr "?????????????????????????????????" -#: src/ribbon-callbacks.cpp:670 +#: src/ribbon-callbacks.cpp:672 msgid "Please select a Mail." msgstr "????????????????????????" -#: src/ribbon-callbacks.cpp:701 +#: src/ribbon-callbacks.cpp:686 msgid "Please select the data you wish to decrypt." msgstr "???????????????????????????" -#: src/ribbon-callbacks.cpp:714 +#: src/ribbon-callbacks.cpp:699 msgid "Nothing to decrypt." msgstr "??????????????????????????????" -#: src/ribbon-callbacks.cpp:872 +#: src/ribbon-callbacks.cpp:878 msgid "Plain text" msgstr "?????????" -#: src/ribbon-callbacks.cpp:873 +#: src/ribbon-callbacks.cpp:879 msgid "Signed text" msgstr "??????????????????" -#: src/ribbon-callbacks.cpp:1083 +#: src/ribbon-callbacks.cpp:1089 msgid "Select file to encrypt" msgstr "????????????????????????" commit 351429bdf9fe83370e22e1bf720785146f607ef0 Author: Werner Koch Date: Tue Nov 24 09:34:47 2015 +0100 Fix make distcheck. * Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Improve. diff --git a/Makefile.am b/Makefile.am index febea9d..5098644 100644 --- a/Makefile.am +++ b/Makefile.am @@ -13,9 +13,10 @@ ACLOCAL_AMFLAGS = -I m4 AUTOMAKE_OPTIONS = dist-bzip2 -# Because we can only build the w32 version e need to help automake here a bit. -DISTCHECK_CONFIGURE_FLAGS = --host=i586-mingw32msvc --build=i686-pc-linux-gnu \ - --prefix=@prefix@ \ +# Because we can only build the w32 version we need to help automake here a bit. +DISTCHECK_CONFIGURE_FLAGS = --host=@host@ --build=@build@ \ + SYSROOT=@prefix@ \ + PKG_CONFIG_LIBDIR=@prefix@ \ --with-gpg-error-prefix=@prefix@ \ --with-gpgme-prefix=@prefix@ \ --with-libassuan-prefix=@prefix@ ----------------------------------------------------------------------- Summary of changes: Makefile.am | 7 ++-- NEWS | 6 +++- configure.ac | 2 +- po/de.po | 116 +++++++++++++++++++++++++++++------------------------------ po/fr.po | 116 +++++++++++++++++++++++++++++------------------------------ po/pt.po | 116 +++++++++++++++++++++++++++++------------------------------ po/zh_CN.po | 116 +++++++++++++++++++++++++++++------------------------------ po/zh_TW.po | 116 +++++++++++++++++++++++++++++------------------------------ 8 files changed, 300 insertions(+), 295 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 24 11:45:10 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 24 Nov 2015 11:45:10 +0100 Subject: [git] gnupg-doc - branch, master, updated. fa61217e26a97c4b9f3294746a581aee5eb47ad8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GnuPG website and other docs". The branch, master has been updated via fa61217e26a97c4b9f3294746a581aee5eb47ad8 (commit) from a7cb96cf8a14560ee8f31525553cae6cad6ace1b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fa61217e26a97c4b9f3294746a581aee5eb47ad8 Author: Neal H. Walfield Date: Tue Nov 24 11:44:33 2015 +0100 web: Improve the text describing how to check a file's integrity. GnuPG-bug-id: 1648 diff --git a/web/download/integrity_check.org b/web/download/integrity_check.org index 3825fbb..f9ef2d4 100644 --- a/web/download/integrity_check.org +++ b/web/download/integrity_check.org @@ -6,36 +6,87 @@ * Integrity Check #+index: integrity check - In order to check that the version of GnuPG which you are going to - install is an original and unmodified one, you can do it in one of - the following ways. + You can check that the version of GnuPG that you want to install is + original and unmodified by either verifying the file's signature or + comparing the checksum with the one published in the release + announcement. -** Using gpg +** Verifying the File's Signature If you already have a trusted version of GnuPG installed, you can - simply check the supplied signature. For example to check the - signature of the file gnupg-{{{gnupg_ver}}}.tar.bz2 you would use - this command: + check the supplied signature. For example, to check the signature + of the file gnupg-{{{gnupg_ver}}}.tar.bz2, you can use this command: {{{begin_example}}} - gpg {{{twodashes}}}verify gnupg-{{{gnupg_ver}}}.tar.bz2.sig gnupg-{{{gnupg_ver}}}.tar.bz2 + $ gpg {{{twodashes}}}verify gnupg-{{{gnupg_ver}}}.tar.bz2.sig gnupg-{{{gnupg_ver}}}.tar.bz2 {{{end_example}}} - This checks whether the signature file matches the source file. You - should see a message indicating that the signature is good and made - by of the [[../signature_key.org][signing keys]]. Make sure that you have the right key, either - by checking the fingerprint of that key with other sources or by - checking that the key has been signed by a trustworthy other key. + *Note: you should never use a GnuPG version you just downloaded to + check the integrity of the source* --- use an existing, trusted GnuPG + installation, e.g., the one provided by your distribution. - Never use a GnuPG version you just downloaded to check the integrity - of the source --- use an existing GnuPG installation. + If the output of the above command is similar to the following, then + either you don't have our distribution keys (our [[../signature_key.org][signing keys are + here]]) or the signature was generated by someone else and the file + should be treated suspiciously. -** Using sha1sum + {{{begin_example}}} + gpg: Signature made Fri 09 Oct 2015 05:41:55 PM CEST using RSA key ID 4F25E3B6 + gpg: Can't check signature: No public key + gpg: Signature made Tue 13 Oct 2015 10:18:01 AM CEST using RSA key ID 33BD3F06 + gpg: Can't check signature: No public key + {{{end_example}}} + + If you instead see: + + {{{begin_example}}} + gpg: Good signature from "Werner Koch (dist sig)" [unknown] + gpg: WARNING: This key is not certified with a trusted signature! + gpg: There is no indication that the signature belongs to the owner. + Primary key fingerprint: D869 2123 C406 5DEA 5E0F 3AB5 249B 39D2 4F25 E3B6 + gpg: Signature made Tue 13 Oct 2015 10:18:01 AM CEST using RSA key ID 33BD3F06 + gpg: Good signature from "NIIBE Yutaka (GnuPG Release Key) " [unknown] + gpg: WARNING: This key is not certified with a trusted signature! + gpg: There is no indication that the signature belongs to the owner. + Primary key fingerprint: 031E C253 6E58 0D8E A286 A9F2 2071 B08A 33BD 3F06 + {{{end_example}}} - If you are not able to use an old version of GnuPG, you have to - verify the SHA1 checksum. Assuming you downloaded the file - gnupg-{{{gnupg_ver}}}.tar.bz2, you would run the =sha1sum= - command like this: + then you have a copy of our keys and the signatures are valid, but + either you have not marked the keys as trusted or the keys are a + forgery. In this case, at the very least, you should compare the + fingerprints that are shown to those on the [[../signature_key.org][signing keys page]]. Even + better is to compare the fingerprints with those shown on our + business cards, which we handout at events that we attend. + + Ideally, you'll see something like: + + {{{begin_example}}} + gpg: Signature made Fri 09 Oct 2015 05:41:55 PM CEST using RSA key ID 4F25E3B6 + gpg: Good signature from "Werner Koch (dist sig)" [full] + gpg: Signature made Tue 13 Oct 2015 10:18:01 AM CEST using RSA key ID 33BD3F06 + gpg: Good signature from "NIIBE Yutaka (GnuPG Release Key) " [full] + {{{end_example}}} + + This means that the signature is valid and that you trust this key + (either you signed it or someone you trusted did). + +** Comparing Checksums + + If you are not able to use an old version of GnuPG, you can still + verify the file's SHA1 checksum. This is less secure, because if + someone modified the files as they were transferred to you, it + would not be much more effort to modify the checksums that you see + on this webpage. As such, if you use this method, you should + compare the checksums with those in release announcement. This is + sent to the gnupg-announce mailing list (among others), which is + widely mirrored. Don't use the mailing list archive on this + website, but find the announcement on several other websites and + make sure the checksum is consistent. This makes it more difficult + for an attacker to trick you into installing a modified version of + the software. + + Assuming you downloaded the file gnupg-{{{gnupg_ver}}}.tar.bz2, you + can run the =sha1sum= command like this: {{{begin_chksum}}} sha1sum gnupg-{{{gnupg_ver}}}.tar.bz2 @@ -48,10 +99,6 @@ {{{gnupg_sha1}}} gnupg-{{{gnupg_ver}}}.tar.bz2 {{{end_chksum}}} - To be sure that this page has not been tampered, you may want to - compare the list below with the one included in the announcement - mail posted to several mailing list. - ** List of SHA-1 check-sums For your convenience, all SHA-1 check-sums available for software ----------------------------------------------------------------------- Summary of changes: web/download/integrity_check.org | 95 ++++++++++++++++++++++++++++++---------- 1 file changed, 71 insertions(+), 24 deletions(-) hooks/post-receive -- The GnuPG website and other docs http://git.gnupg.org From cvs at cvs.gnupg.org Tue Nov 24 13:03:30 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Tue, 24 Nov 2015 13:03:30 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-169-ge9c16fe Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via e9c16fee2576c772de9d4fb5d53fee28e4b84202 (commit) from 19362a8dd7ee986c082a5afc5a446f939991ec0f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e9c16fee2576c772de9d4fb5d53fee28e4b84202 Author: Neal H. Walfield Date: Tue Nov 24 13:03:24 2015 +0100 gpg: When comparing keyids, use the keyid, not the fingerprint's suffix. * g10/keyedit.c (menu_select_key): Use spacep and hexdigitp instead of inline tests. Don't compare P to the suffix of the fingerprint. If P appears to be a keyid, do an exact compare against the keyid. If it appears to be a fingerprint, do an exact compare against the fingerprint. -- Signed-off-by: Neal H. Walfield diff --git a/g10/keyedit.c b/g10/keyedit.c index 1511c17..9cf6f44 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -4916,15 +4916,20 @@ menu_select_key (KBNODE keyblock, int idx, char *p) is_hex_digits = p && strlen (p) >= 8; if (is_hex_digits) { + /* Skip initial spaces. */ + while (spacep (p)) + p ++; + /* If the id starts with 0x accept and ignore it. */ + if (p[0] == '0' && p[1] == 'x') + p += 2; + for (i = 0, j = 0; p[i]; i ++) - if (('0' <= p[i] && p[i] <= '9') - || ('A' <= p[i] && p[i] <= 'F') - || ('a' <= p[i] && p[i] <= 'f')) + if (hexdigitp (&p[i])) { p[j] = toupper (p[i]); j ++; } - else if (p[i] == ' ') + else if (spacep (&p[i])) /* Skip spaces. */ { } @@ -4939,7 +4944,13 @@ menu_select_key (KBNODE keyblock, int idx, char *p) p[j] = 0; /* If we skipped some spaces, make sure that we still have at least 8 characters. */ - is_hex_digits = strlen (p) >= 8; + is_hex_digits = (/* Short keyid. */ + strlen (p) == 8 + /* Long keyid. */ + || strlen (p) == 16 + /* Fingerprints are (currently) 32 or 40 + characters. */ + || strlen (p) >= 32); } } @@ -4950,14 +4961,32 @@ menu_select_key (KBNODE keyblock, int idx, char *p) if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY || node->pkt->pkttype == PKT_SECRET_SUBKEY) { - char fp[2*MAX_FINGERPRINT_LEN + 1]; - hexfingerprint (node->pkt->pkt.public_key, fp, sizeof (fp)); - if (strcmp (&fp[strlen (fp) - strlen (p)], p) == 0) + int match = 0; + if (strlen (p) == 8 || strlen (p) == 16) { - if ((node->flag & NODFLG_SELKEY)) - node->flag &= ~NODFLG_SELKEY; - else - node->flag |= NODFLG_SELKEY; + u32 kid[2]; + char kid_str[17]; + keyid_from_pk (node->pkt->pkt.public_key, kid); + format_keyid (kid, strlen (p) == 8 ? KF_SHORT : KF_LONG, + kid_str, sizeof (kid_str)); + + if (strcmp (p, kid_str) == 0) + match = 1; + } + else + { + char fp[2*MAX_FINGERPRINT_LEN + 1]; + hexfingerprint (node->pkt->pkt.public_key, fp, sizeof (fp)); + if (strcmp (fp, p) == 0) + match = 1; + } + + if (match) + { + if ((node->flag & NODFLG_SELKEY)) + node->flag &= ~NODFLG_SELKEY; + else + node->flag |= NODFLG_SELKEY; found_one = 1; } ----------------------------------------------------------------------- Summary of changes: g10/keyedit.c | 53 +++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 41 insertions(+), 12 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 25 04:48:27 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Wed, 25 Nov 2015 04:48:27 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-289-g88e1358 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 88e1358962e902ff1cbec8d53ba3eee46407851a (commit) via f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f (commit) via 8ad682c412047d3b9196950709dbd7bd14ac8732 (commit) via 295b1c3540752af4fc5e6f41480e6db215222fba (commit) via b6015176df6bfae107ac82f9baa29ef2c175c9f9 (commit) from 940dc8adc034a6c6c38742f6bfd7d837a532d537 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 88e1358962e902ff1cbec8d53ba3eee46407851a Author: NIIBE Yutaka Date: Wed Nov 25 12:46:19 2015 +0900 ecc: Constant-time multiplication for Weierstrass curve. * mpi/ec.c (_gcry_mpi_ec_mul_point): Use simple left-to-right binary method for Weierstrass curve when SCALAR is secure. diff --git a/mpi/ec.c b/mpi/ec.c index 9394d89..4d59a7e 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1236,16 +1236,27 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, unsigned int i, loops; mpi_point_struct p1, p2, p1inv; - if (ctx->model == MPI_EC_EDWARDS) + if (ctx->model == MPI_EC_EDWARDS + || (ctx->model == MPI_EC_WEIERSTRASS + && mpi_is_secure (scalar))) { /* Simple left to right binary method. GECC Algorithm 3.27 */ unsigned int nbits; int j; nbits = mpi_get_nbits (scalar); - mpi_set_ui (result->x, 0); - mpi_set_ui (result->y, 1); - mpi_set_ui (result->z, 1); + if (ctx->model == MPI_EC_WEIERSTRASS) + { + mpi_set_ui (result->x, 1); + mpi_set_ui (result->y, 1); + mpi_set_ui (result->z, 0); + } + else + { + mpi_set_ui (result->x, 0); + mpi_set_ui (result->y, 1); + mpi_set_ui (result->z, 1); + } if (mpi_is_secure (scalar)) { commit f88adee3e1f3e2de7d63f92f90bfb3078afd3b4f Author: NIIBE Yutaka Date: Wed Nov 25 12:13:04 2015 +0900 mpi: fix gcry_mpi_swap_cond. * mpi/mpiutil.c (_gcry_mpi_swap_cond): Relax the condition. diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index d3264c7..99402b8 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -582,11 +582,15 @@ void _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap) { mpi_size_t i; - mpi_size_t nlimbs = a->alloced; + mpi_size_t nlimbs; mpi_limb_t mask = ((mpi_limb_t)0) - swap; mpi_limb_t x; - if (a->alloced != b->alloced) + if (a->alloced > b->alloced) + nlimbs = b->alloced; + else + nlimbs = a->alloced; + if (a->nlimbs > nlimbs || b->nlimbs > nlimbs) log_bug ("mpi_swap_cond: different sizes\n"); for (i = 0; i < nlimbs; i++) commit 8ad682c412047d3b9196950709dbd7bd14ac8732 Author: NIIBE Yutaka Date: Wed Nov 25 10:52:57 2015 +0900 mpi: Fix mpi_set_cond and mpi_swap_cond . * mpi/mpiutil.c (_gcry_mpi_set_cond, _gcry_mpi_swap_cond): Don't use the operator of !!, but assume SET/SWAP is 0 or 1. -- If the code for !! would include a branch, it spoils the purpose of mpi_set_cond/mpi_swap_cond at all. It's better to make sure the use of this function to be called with 0 or 1 for SET/SWAP. Note that it conforms when SET/SWAP is the result of conditional expression of mpi_test_bit. Reported-by: Taylor R Campbell. diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index 71b3f1c..d3264c7 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -483,12 +483,17 @@ _gcry_mpi_set (gcry_mpi_t w, gcry_mpi_t u) return w; } +/**************** + * Set the value of W by the one of U, when SET is 1. + * Leave the value when SET is 0. + * This implementation should be constant-time regardless of SET. + */ gcry_mpi_t _gcry_mpi_set_cond (gcry_mpi_t w, const gcry_mpi_t u, unsigned long set) { mpi_size_t i; mpi_size_t nlimbs = u->alloced; - mpi_limb_t mask = ((mpi_limb_t)0) - !!set; + mpi_limb_t mask = ((mpi_limb_t)0) - set; mpi_limb_t x; if (w->alloced != u->alloced) @@ -568,12 +573,17 @@ _gcry_mpi_swap (gcry_mpi_t a, gcry_mpi_t b) } +/**************** + * Swap the value of A and B, when SWAP is 1. + * Leave the value when SWAP is 0. + * This implementation should be constant-time regardless of SWAP. + */ void _gcry_mpi_swap_cond (gcry_mpi_t a, gcry_mpi_t b, unsigned long swap) { mpi_size_t i; mpi_size_t nlimbs = a->alloced; - mpi_limb_t mask = ((mpi_limb_t)0) - !!swap; + mpi_limb_t mask = ((mpi_limb_t)0) - swap; mpi_limb_t x; if (a->alloced != b->alloced) commit 295b1c3540752af4fc5e6f41480e6db215222fba Author: NIIBE Yutaka Date: Wed Nov 25 10:42:47 2015 +0900 ecc: multiplication of Edwards curve to be constant-time. * mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond. -- Reported-by: Taylor R Campbell. diff --git a/mpi/ec.c b/mpi/ec.c index 1644942..9394d89 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1254,12 +1254,13 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, mpi_point_struct tmppnt; point_init (&tmppnt); + point_resize (result, ctx); + point_resize (&tmppnt, ctx); for (j=nbits-1; j >= 0; j--) { _gcry_mpi_ec_dup_point (result, result, ctx); _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx); - if (mpi_test_bit (scalar, j)) - point_set (result, &tmppnt); + point_swap_cond (result, &tmppnt, mpi_test_bit (scalar, j), ctx); } point_free (&tmppnt); } commit b6015176df6bfae107ac82f9baa29ef2c175c9f9 Author: NIIBE Yutaka Date: Wed Nov 25 10:19:39 2015 +0900 ecc: Add point_resize and point_swap_cond. * mpi/ec.c (point_resize, point_swap_cond): New. (_gcry_mpi_ec_mul_point): Use point_resize and point_swap_cond. -- Thanks to Taylor R Campbell who suggests. diff --git a/mpi/ec.c b/mpi/ec.c index 7266f2a..1644942 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -139,6 +139,34 @@ point_set (mpi_point_t d, mpi_point_t s) } +static void +point_resize (mpi_point_t p, mpi_ec_t ctx) +{ + /* + * For now, we allocate enough limbs for our EC computation of ec_*. + * Once we will improve ec_* to be constant size (and constant + * time), NLIMBS can be ctx->p->nlimbs. + */ + size_t nlimbs = 2*ctx->p->nlimbs+1; + + mpi_resize (p->x, nlimbs); + if (ctx->model != MPI_EC_MONTGOMERY) + mpi_resize (p->y, nlimbs); + mpi_resize (p->z, nlimbs); +} + + +static void +point_swap_cond (mpi_point_t d, mpi_point_t s, unsigned long swap, + mpi_ec_t ctx) +{ + mpi_swap_cond (d->x, s->x, swap); + if (ctx->model != MPI_EC_MONTGOMERY) + mpi_swap_cond (d->y, s->y, swap); + mpi_swap_cond (d->z, s->z, swap); +} + + /* Set the projective coordinates from POINT into X, Y, and Z. If a coordinate is not required, X, Y, or Z may be passed as NULL. */ void @@ -1253,7 +1281,6 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, mpi_point_struct p1_, p2_; mpi_point_t q1, q2, prd, sum; unsigned long sw; - size_t nlimbs; /* Compute scalar point multiplication with Montgomery Ladder. Note that we don't use Y-coordinate in the points at all. @@ -1269,15 +1296,10 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, p2.x = mpi_copy (point->x); mpi_set_ui (p2.z, 1); - nlimbs = 2*(nbits+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB+1; - mpi_resize (p1.x, nlimbs); - mpi_resize (p1.z, nlimbs); - mpi_resize (p2.x, nlimbs); - mpi_resize (p2.z, nlimbs); - mpi_resize (p1_.x, nlimbs); - mpi_resize (p1_.z, nlimbs); - mpi_resize (p2_.x, nlimbs); - mpi_resize (p2_.z, nlimbs); + point_resize (&p1, ctx); + point_resize (&p2, ctx); + point_resize (&p1_, ctx); + point_resize (&p2_, ctx); q1 = &p1; q2 = &p2; @@ -1289,19 +1311,16 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, mpi_point_t t; sw = mpi_test_bit (scalar, j); - mpi_swap_cond (q1->x, q2->x, sw); - mpi_swap_cond (q1->z, q2->z, sw); + point_swap_cond (q1, q2, sw, ctx); montgomery_ladder (prd, sum, q1, q2, point->x, ctx); - mpi_swap_cond (prd->x, sum->x, sw); - mpi_swap_cond (prd->z, sum->z, sw); + point_swap_cond (prd, sum, sw, ctx); t = q1; q1 = prd; prd = t; t = q2; q2 = sum; sum = t; } mpi_clear (result->y); sw = (nbits & 1); - mpi_swap_cond (p1.x, p1_.x, sw); - mpi_swap_cond (p1.z, p1_.z, sw); + point_swap_cond (&p1, &p1_, sw, ctx); if (p1.z->nlimbs == 0) { ----------------------------------------------------------------------- Summary of changes: mpi/ec.c | 75 +++++++++++++++++++++++++++++++++++++++++------------------ mpi/mpiutil.c | 22 ++++++++++++++---- 2 files changed, 71 insertions(+), 26 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 25 12:25:36 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 25 Nov 2015 12:25:36 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-173-g40dbee8 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 40dbee86f3043aff8a8c2055521e270318e33068 (commit) via 03bf88f32c8d203d5b3bfbbc48cc45e6c08cc187 (commit) via cb18d802308bde4e28219417bb4d107a4c0001b4 (commit) via ba1a5cc17d43d9cba32447876f06a8ab8f97e5ae (commit) from e9c16fee2576c772de9d4fb5d53fee28e4b84202 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 40dbee86f3043aff8a8c2055521e270318e33068 Author: Justus Winter Date: Tue Nov 24 18:39:30 2015 +0100 tools: Add encryption and decryption support to gpgtar. * tools/Makefile.am: Amend CFLAGS and LDADD. * tools/gpgtar-create.c (gpgtar_create): Add encrypt flag and encrypt stream if requested. * tools/gpgtar-extract.c (gpgtar_extract): Likewise for decryption. * tools/gpgtar-list.c (gpgtar_list): Likewise. * tools/gpgtar.c (main): Initialize npth and assuan. Parse recipient and local user, and note which flags are currently ignored. Adapt calls to gpgtar_list and friends. (tar_and_encrypt): Drop stub function and prototype. (decrypt_and_untar): Likewise. (decrypt_and_list): Likewise. * tools/gpgtar.h (gpgtar_{create,extract,list}): Add encryption or decryption argument. Signed-off-by: Justus Winter diff --git a/tools/Makefile.am b/tools/Makefile.am index 496b1a6..a793cca 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -142,9 +142,9 @@ gpgtar_SOURCES = \ gpgtar-extract.c \ gpgtar-list.c \ no-libgcrypt.c -gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS) $(PTH_CFLAGS) -#gpgtar_LDADD = $(commonpth_libs) $(PTH_LIBS) $(GPG_ERROR_LIBS) -gpgtar_LDADD = $(common_libs) $(GPG_ERROR_LIBS) \ +gpgtar_CFLAGS = $(GPG_ERROR_CFLAGS) $(NPTH_CFLAGS) $(LIBASSUAN_CFLAGS) +gpgtar_LDADD = $(libcommonpth) $(GPG_ERROR_LIBS) \ + $(NPTH_LIBS) $(LIBASSUAN_LIBS) \ $(LIBINTL) $(NETLIBS) $(LIBICONV) $(W32SOCKLIBS) diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index fad6d57..59b88bf 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -36,6 +36,7 @@ #include #include "i18n.h" +#include "../common/call-gpg.h" #include "../common/sysutils.h" #include "gpgtar.h" @@ -740,13 +741,14 @@ write_eof_mark (estream_t stream) INPATTERN is NULL take the pattern as null terminated strings from stdin. */ void -gpgtar_create (char **inpattern) +gpgtar_create (char **inpattern, int encrypt) { gpg_error_t err = 0; struct scanctrl_s scanctrl_buffer; scanctrl_t scanctrl = &scanctrl_buffer; tar_header_t hdr, *start_tail; estream_t outstream = NULL; + estream_t cipher_stream = NULL; int eof_seen = 0; if (!inpattern) @@ -863,6 +865,17 @@ gpgtar_create (char **inpattern) if (outstream == es_stdout) es_set_binary (es_stdout); + if (encrypt) + { + cipher_stream = outstream; + outstream = es_fopenmem (0, "rwb"); + if (! outstream) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + for (hdr = scanctrl->flist; hdr; hdr = hdr->next) { err = write_file (outstream, hdr); @@ -870,6 +883,22 @@ gpgtar_create (char **inpattern) goto leave; } err = write_eof_mark (outstream); + if (err) + goto leave; + + if (encrypt) + { + err = es_fseek (outstream, 0, SEEK_SET); + if (err) + goto leave; + + err = gpg_encrypt_stream (NULL, NULL, + outstream, + opt.recipients, + cipher_stream); + if (err) + goto leave; + } leave: if (!err) @@ -879,6 +908,11 @@ gpgtar_create (char **inpattern) else err = es_fflush (outstream); outstream = NULL; + if (cipher_stream != es_stdout) + err = es_fclose (cipher_stream); + else + err = es_fflush (cipher_stream); + cipher_stream = NULL; } if (err) { @@ -886,6 +920,8 @@ gpgtar_create (char **inpattern) es_fname_get (outstream), gpg_strerror (err)); if (outstream && outstream != es_stdout) es_fclose (outstream); + if (cipher_stream && cipher_stream != es_stdout) + es_fclose (cipher_stream); if (opt.outfile) gnupg_remove (opt.outfile); } diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 6e506d9..19db0eb 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -28,6 +28,7 @@ #include #include "i18n.h" +#include "../common/call-gpg.h" #include "../common/sysutils.h" #include "gpgtar.h" @@ -265,10 +266,11 @@ create_directory (const char *dirprefix) void -gpgtar_extract (const char *filename) +gpgtar_extract (const char *filename, int decrypt) { gpg_error_t err; estream_t stream; + estream_t cipher_stream = NULL; tar_header_t header = NULL; const char *dirprefix = NULL; char *dirname = NULL; @@ -292,6 +294,24 @@ gpgtar_extract (const char *filename) if (stream == es_stdin) es_set_binary (es_stdin); + if (decrypt) + { + cipher_stream = stream; + stream = es_fopenmem (0, "rwb"); + if (! stream) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = gpg_decrypt_stream (NULL, NULL, cipher_stream, stream); + if (err) + goto leave; + + err = es_fseek (stream, 0, SEEK_SET); + if (err) + goto leave; + } + if (filename) { dirprefix = strrchr (filename, '/'); @@ -340,5 +360,7 @@ gpgtar_extract (const char *filename) xfree (dirname); if (stream != es_stdin) es_fclose (stream); + if (stream != cipher_stream) + es_fclose (cipher_stream); return; } diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index d525d24..41e08db 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -26,6 +26,7 @@ #include "i18n.h" #include "gpgtar.h" +#include "../common/call-gpg.h" @@ -267,10 +268,11 @@ print_header (tar_header_t header, estream_t out) /* List the tarball FILENAME or, if FILENAME is NULL, the tarball read from stdin. */ void -gpgtar_list (const char *filename) +gpgtar_list (const char *filename, int decrypt) { gpg_error_t err; estream_t stream; + estream_t cipher_stream = NULL; tar_header_t header; if (filename) @@ -292,6 +294,24 @@ gpgtar_list (const char *filename) if (stream == es_stdin) es_set_binary (es_stdin); + if (decrypt) + { + cipher_stream = stream; + stream = es_fopenmem (0, "rwb"); + if (! stream) + { + err = gpg_error_from_syserror (); + goto leave; + } + err = gpg_decrypt_stream (NULL, NULL, cipher_stream, stream); + if (err) + goto leave; + + err = es_fseek (stream, 0, SEEK_SET); + if (err) + goto leave; + } + for (;;) { header = read_header (stream); @@ -311,6 +331,8 @@ gpgtar_list (const char *filename) xfree (header); if (stream != es_stdin) es_fclose (stream); + if (stream != cipher_stream) + es_fclose (cipher_stream); return; } diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 4d3954b..a86aafe 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -27,7 +27,9 @@ gpg. So here we go. */ #include +#include #include +#include #include #include #include @@ -100,13 +102,6 @@ static ARGPARSE_OPTS opts[] = { -static void tar_and_encrypt (char **inpattern); -static void decrypt_and_untar (const char *fname); -static void decrypt_and_list (const char *fname); - - - - /* Print usage information and and provide strings for help. */ static const char * my_strusage( int level ) @@ -156,6 +151,7 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd) *ret_cmd = cmd; } +ASSUAN_SYSTEM_NPTH_IMPL; /* gpgtar main. */ @@ -179,6 +175,11 @@ main (int argc, char **argv) /* Make sure that our subsystems are ready. */ i18n_init(); init_common_subsystems (&argc, &argv); + npth_init (); + assuan_set_assuan_log_prefix (log_get_prefix (NULL)); + assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); + assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); + assuan_sock_init (); /* Parse the command line. */ pargs.argc = &argc; @@ -203,7 +204,17 @@ main (int argc, char **argv) set_cmd (&cmd, pargs.r_opt); break; + case oRecipient: + add_to_strlist (&opt.recipients, pargs.r.ret_str); + break; + + case oUser: + log_info ("note: ignoring option --user\n"); + opt.user = pargs.r.ret_str; + break; + case oSymmetric: + log_info ("note: ignoring option --symmetric\n"); set_cmd (&cmd, aEncrypt); opt.symmetric = 1; break; @@ -237,6 +248,10 @@ main (int argc, char **argv) log_info (_("NOTE: '%s' is not considered an option\n"), argv[i]); } + if (opt.verbose > 1) + opt.debug_level = 1024; + setup_libassuan_logging (&opt.debug_level); + switch (cmd) { case aList: @@ -247,10 +262,7 @@ main (int argc, char **argv) log_info ("note: ignoring option --set-filename\n"); if (files_from) log_info ("note: ignoring option --files-from\n"); - if (skip_crypto) - gpgtar_list (fname); - else - decrypt_and_list (fname); + gpgtar_list (fname, !skip_crypto); break; case aEncrypt: @@ -259,10 +271,7 @@ main (int argc, char **argv) usage (1); if (opt.filename) log_info ("note: ignoring option --set-filename\n"); - if (skip_crypto) - gpgtar_create (null_names? NULL :argv); - else - tar_and_encrypt (null_names? NULL : argv); + gpgtar_create (null_names? NULL :argv, !skip_crypto); break; case aDecrypt: @@ -273,10 +282,7 @@ main (int argc, char **argv) if (files_from) log_info ("note: ignoring option --files-from\n"); fname = argc ? *argv : NULL; - if (skip_crypto) - gpgtar_extract (fname); - else - decrypt_and_untar (fname); + gpgtar_extract (fname, !skip_crypto); break; default: @@ -378,31 +384,3 @@ openpgp_message_p (estream_t fp) return 0; } #endif - - - - -static void -tar_and_encrypt (char **inpattern) -{ - (void)inpattern; - log_error ("tar_and_encrypt has not yet been implemented\n"); -} - - - -static void -decrypt_and_untar (const char *fname) -{ - (void)fname; - log_error ("decrypt_and_untar has not yet been implemented\n"); -} - - - -static void -decrypt_and_list (const char *fname) -{ - (void)fname; - log_error ("decrypt_and_list has not yet been implemented\n"); -} diff --git a/tools/gpgtar.h b/tools/gpgtar.h index 08dfcf8..a96ee09 100644 --- a/tools/gpgtar.h +++ b/tools/gpgtar.h @@ -21,13 +21,17 @@ #define GPGTAR_H #include "../common/util.h" +#include "../common/strlist.h" /* We keep all global options in the structure OPT. */ struct { int verbose; + unsigned int debug_level; int quiet; const char *outfile; + strlist_t recipients; + const char *user; int symmetric; const char *filename; } opt; @@ -111,13 +115,13 @@ gpg_error_t read_record (estream_t stream, void *record); gpg_error_t write_record (estream_t stream, const void *record); /*-- gpgtar-create.c --*/ -void gpgtar_create (char **inpattern); +void gpgtar_create (char **inpattern, int encrypt); /*-- gpgtar-extract.c --*/ -void gpgtar_extract (const char *filename); +void gpgtar_extract (const char *filename, int decrypt); /*-- gpgtar-list.c --*/ -void gpgtar_list (const char *filename); +void gpgtar_list (const char *filename, int decrypt); tar_header_t gpgtar_read_header (estream_t stream); void gpgtar_print_header (tar_header_t header, estream_t out); commit 03bf88f32c8d203d5b3bfbbc48cc45e6c08cc187 Author: Justus Winter Date: Tue Nov 24 18:31:14 2015 +0100 common: Add stream interface to call-pgp. * common/call-gpg.c (struct writer_thread_parms): Add field 'stream'. (writer_thread_main): Support reading from a stream. (start_writer): Add stream argument. (struct reader_thread_parms): Add field 'stream'. (reader_thread_main): Support writing to a stream. (start_reader): Add stream argument. (_gpg_encrypt): Add stream api. (gpg_encrypt_blob): Adapt accordingly. (gpg_encrypt_stream): New function. (_gpg_decrypt): Add stream api. (gpg_decrypt_blob): Adapt accordingly. (gpg_decrypt_stream): New function. * common/call-gpg.h (gpg_encrypt_stream): New prototype. (gpg_decrypt_stream): Likewise. Signed-off-by: Justus Winter diff --git a/common/call-gpg.c b/common/call-gpg.c index cc6b1e8..8258b83 100644 --- a/common/call-gpg.c +++ b/common/call-gpg.c @@ -151,6 +151,7 @@ struct writer_thread_parms int fd; const void *data; size_t datalen; + estream_t stream; gpg_error_t *err_addr; }; @@ -159,9 +160,27 @@ struct writer_thread_parms static void * writer_thread_main (void *arg) { + gpg_error_t err = 0; struct writer_thread_parms *parm = arg; - const char *buffer = parm->data; - size_t length = parm->datalen; + char _buffer[4096]; + char *buffer; + size_t length; + + if (parm->stream) + { + buffer = _buffer; + err = es_read (parm->stream, buffer, sizeof _buffer, &length); + if (err) + { + log_error ("reading stream failed: %s\n", gpg_strerror (err)); + goto leave; + } + } + else + { + buffer = (char *) parm->data; + length = parm->datalen; + } while (length) { @@ -172,13 +191,33 @@ writer_thread_main (void *arg) { if (errno == EINTR) continue; - *parm->err_addr = gpg_error_from_syserror (); + err = gpg_error_from_syserror (); break; /* Write error. */ } length -= nwritten; - buffer += nwritten; + + if (parm->stream) + { + if (length == 0) + { + err = es_read (parm->stream, buffer, sizeof _buffer, &length); + if (err) + { + log_error ("reading stream failed: %s\n", + gpg_strerror (err)); + break; + } + if (length == 0) + /* We're done. */ + break; + } + } + else + buffer += nwritten; } + leave: + *parm->err_addr = err; if (close (parm->fd)) log_error ("closing writer fd %d failed: %s\n", parm->fd, strerror (errno)); xfree (parm); @@ -192,7 +231,7 @@ writer_thread_main (void *arg) variable to receive a possible write error after the thread has finished. */ static gpg_error_t -start_writer (int fd, const void *data, size_t datalen, +start_writer (int fd, const void *data, size_t datalen, estream_t stream, npth_t *r_thread, gpg_error_t *err_addr) { gpg_error_t err; @@ -210,6 +249,7 @@ start_writer (int fd, const void *data, size_t datalen, parm->fd = fd; parm->data = data; parm->datalen = datalen; + parm->stream = stream; parm->err_addr = err_addr; npth_attr_init (&tattr); @@ -239,6 +279,7 @@ struct reader_thread_parms { int fd; membuf_t *mb; + estream_t stream; gpg_error_t *err_addr; }; @@ -247,6 +288,7 @@ struct reader_thread_parms static void * reader_thread_main (void *arg) { + gpg_error_t err = 0; struct reader_thread_parms *parm = arg; char buffer[4096]; int nread; @@ -257,13 +299,33 @@ reader_thread_main (void *arg) { if (errno == EINTR) continue; - *parm->err_addr = gpg_error_from_syserror (); + err = gpg_error_from_syserror (); break; /* Read error. */ } - put_membuf (parm->mb, buffer, nread); + if (parm->stream) + { + const char *p = buffer; + size_t nwritten; + while (nread) + { + err = es_write (parm->stream, p, nread, &nwritten); + if (err) + { + log_error ("writing stream failed: %s\n", + gpg_strerror (err)); + goto leave; + } + nread -= nwritten; + p += nwritten; + } + } + else + put_membuf (parm->mb, buffer, nread); } + leave: + *parm->err_addr = err; if (close (parm->fd)) log_error ("closing reader fd %d failed: %s\n", parm->fd, strerror (errno)); xfree (parm); @@ -276,7 +338,8 @@ reader_thread_main (void *arg) is stored at R_TID. After the thread has finished an error from the thread will be stored at ERR_ADDR. */ static gpg_error_t -start_reader (int fd, membuf_t *mb, npth_t *r_thread, gpg_error_t *err_addr) +start_reader (int fd, membuf_t *mb, estream_t stream, + npth_t *r_thread, gpg_error_t *err_addr) { gpg_error_t err; struct reader_thread_parms *parm; @@ -292,6 +355,7 @@ start_reader (int fd, membuf_t *mb, npth_t *r_thread, gpg_error_t *err_addr) return gpg_error_from_syserror (); parm->fd = fd; parm->mb = mb; + parm->stream = stream; parm->err_addr = err_addr; npth_attr_init (&tattr); @@ -324,8 +388,10 @@ start_reader (int fd, membuf_t *mb, npth_t *r_thread, gpg_error_t *err_addr) static gpg_error_t _gpg_encrypt (ctrl_t ctrl, const char *gpg_program, const void *plain, size_t plainlen, + estream_t plain_stream, strlist_t keys, - membuf_t *reader_mb) + membuf_t *reader_mb, + estream_t cipher_stream) { gpg_error_t err; assuan_context_t ctx = NULL; @@ -338,6 +404,11 @@ _gpg_encrypt (ctrl_t ctrl, const char *gpg_program, strlist_t sl; int ret; + /* Make sure that either the stream interface xor the buffer + interface is used. */ + assert ((plain == NULL) != (plain_stream == NULL)); + assert ((reader_mb == NULL) != (cipher_stream == NULL)); + /* Create two pipes. */ err = gnupg_create_outbound_pipe (outbound_fds); if (!err) @@ -356,7 +427,7 @@ _gpg_encrypt (ctrl_t ctrl, const char *gpg_program, close (inbound_fds[1]); inbound_fds[1] = -1; /* Start a writer thread to feed the INPUT command of the server. */ - err = start_writer (outbound_fds[1], plain, plainlen, + err = start_writer (outbound_fds[1], plain, plainlen, plain_stream, &writer_thread, &writer_err); if (err) return err; @@ -364,7 +435,7 @@ _gpg_encrypt (ctrl_t ctrl, const char *gpg_program, /* Start a reader thread to eat from the OUTPUT command of the server. */ - err = start_reader (inbound_fds[0], reader_mb, + err = start_reader (inbound_fds[0], reader_mb, cipher_stream, &reader_thread, &reader_err); if (err) return err; @@ -458,9 +529,9 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, init_membuf (&reader_mb, 4096); err = _gpg_encrypt (ctrl, gpg_program, - plain, plainlen, + plain, plainlen, NULL, keys, - &reader_mb); + &reader_mb, NULL); if (! err) { @@ -478,6 +549,17 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, return err; } +gpg_error_t +gpg_encrypt_stream (ctrl_t ctrl, const char *gpg_program, + estream_t plain_stream, + strlist_t keys, + estream_t cipher_stream) +{ + return _gpg_encrypt (ctrl, gpg_program, + NULL, 0, plain_stream, + keys, + NULL, cipher_stream); +} /* Call GPG to decrypt a block of data. @@ -486,7 +568,9 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, static gpg_error_t _gpg_decrypt (ctrl_t ctrl, const char *gpg_program, const void *ciph, size_t ciphlen, - membuf_t *reader_mb) + estream_t cipher_stream, + membuf_t *reader_mb, + estream_t plain_stream) { gpg_error_t err; assuan_context_t ctx = NULL; @@ -497,6 +581,11 @@ _gpg_decrypt (ctrl_t ctrl, const char *gpg_program, gpg_error_t writer_err, reader_err; int ret; + /* Make sure that either the stream interface xor the buffer + interface is used. */ + assert ((ciph == NULL) != (cipher_stream == NULL)); + assert ((reader_mb == NULL) != (plain_stream == NULL)); + /* Create two pipes. */ err = gnupg_create_outbound_pipe (outbound_fds); if (!err) @@ -515,7 +604,7 @@ _gpg_decrypt (ctrl_t ctrl, const char *gpg_program, close (inbound_fds[1]); inbound_fds[1] = -1; /* Start a writer thread to feed the INPUT command of the server. */ - err = start_writer (outbound_fds[1], ciph, ciphlen, + err = start_writer (outbound_fds[1], ciph, ciphlen, cipher_stream, &writer_thread, &writer_err); if (err) return err; @@ -523,7 +612,7 @@ _gpg_decrypt (ctrl_t ctrl, const char *gpg_program, /* Start a reader thread to eat from the OUTPUT command of the server. */ - err = start_reader (inbound_fds[0], reader_mb, + err = start_reader (inbound_fds[0], reader_mb, plain_stream, &reader_thread, &reader_err); if (err) return err; @@ -602,8 +691,8 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, init_membuf_secure (&reader_mb, 1024); err = _gpg_decrypt (ctrl, gpg_program, - ciph, ciphlen, - &reader_mb); + ciph, ciphlen, NULL, + &reader_mb, NULL); if (! err) { @@ -620,3 +709,13 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, xfree (get_membuf (&reader_mb, NULL)); return err; } + +gpg_error_t +gpg_decrypt_stream (ctrl_t ctrl, const char *gpg_program, + estream_t cipher_stream, + estream_t plain_stream) +{ + return _gpg_decrypt (ctrl, gpg_program, + NULL, 0, cipher_stream, + NULL, plain_stream); +} diff --git a/common/call-gpg.h b/common/call-gpg.h index 606473d..2c5854d 100644 --- a/common/call-gpg.h +++ b/common/call-gpg.h @@ -20,6 +20,8 @@ #ifndef G13_CALL_GPG_H #define G13_CALL_GPG_H +#include + #include "strlist.h" typedef struct server_control_s *ctrl_t; @@ -28,10 +30,18 @@ gpg_error_t gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, const void *plain, size_t plainlen, strlist_t keys, void **r_ciph, size_t *r_ciphlen); + +gpg_error_t gpg_encrypt_stream (ctrl_t ctrl, const char *gpg_program, + estream_t plain_stream, + strlist_t keys, + estream_t cipher_stream); + gpg_error_t gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, const void *ciph, size_t ciphlen, void **r_plain, size_t *r_plainlen); - +gpg_error_t gpg_decrypt_stream (ctrl_t ctrl, const char *gpg_program, + estream_t cipher_stream, + estream_t plain_stream); #endif /*G13_CALL_GPG_H*/ commit cb18d802308bde4e28219417bb4d107a4c0001b4 Author: Justus Winter Date: Tue Nov 24 14:58:31 2015 +0100 common: Refactor the call-gpg code. * common/call-gpg.c (gpg_{en,de}crypt_blob): Move most of the code into two new functions, _gpg_encrypt and _gpg_decrypt. Signed-off-by: Justus Winter diff --git a/common/call-gpg.c b/common/call-gpg.c index bcad1d6..cc6b1e8 100644 --- a/common/call-gpg.c +++ b/common/call-gpg.c @@ -321,11 +321,11 @@ start_reader (int fd, membuf_t *mb, npth_t *r_thread, gpg_error_t *err_addr) */ -gpg_error_t -gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, - const void *plain, size_t plainlen, - strlist_t keys, - void **r_ciph, size_t *r_ciphlen) +static gpg_error_t +_gpg_encrypt (ctrl_t ctrl, const char *gpg_program, + const void *plain, size_t plainlen, + strlist_t keys, + membuf_t *reader_mb) { gpg_error_t err; assuan_context_t ctx = NULL; @@ -334,17 +334,10 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, npth_t writer_thread = (npth_t)0; npth_t reader_thread = (npth_t)0; gpg_error_t writer_err, reader_err; - membuf_t reader_mb; char line[ASSUAN_LINELENGTH]; strlist_t sl; int ret; - *r_ciph = NULL; - *r_ciphlen = 0; - - /* Init the memory buffer to receive the encrypted stuff. */ - init_membuf (&reader_mb, 4096); - /* Create two pipes. */ err = gnupg_create_outbound_pipe (outbound_fds); if (!err) @@ -371,7 +364,7 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, /* Start a reader thread to eat from the OUTPUT command of the server. */ - err = start_reader (inbound_fds[0], &reader_mb, + err = start_reader (inbound_fds[0], reader_mb, &reader_thread, &reader_err); if (err) return err; @@ -431,16 +424,6 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, goto leave; } - /* Return the data. */ - *r_ciph = get_membuf (&reader_mb, r_ciphlen); - if (!*r_ciph) - { - err = gpg_error_from_syserror (); - log_error ("error while storing the data in the reader thread: %s\n", - gpg_strerror (err)); - goto leave; - } - leave: /* FIXME: Not valid, as npth_t is an opaque type. */ if (reader_thread) @@ -456,20 +439,54 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, if (inbound_fds[1] != -1) close (inbound_fds[1]); release_gpg (ctx); - xfree (get_membuf (&reader_mb, NULL)); return err; } +gpg_error_t +gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, + const void *plain, size_t plainlen, + strlist_t keys, + void **r_ciph, size_t *r_ciphlen) +{ + gpg_error_t err; + membuf_t reader_mb; + + *r_ciph = NULL; + *r_ciphlen = 0; + + /* Init the memory buffer to receive the encrypted stuff. */ + init_membuf (&reader_mb, 4096); + + err = _gpg_encrypt (ctrl, gpg_program, + plain, plainlen, + keys, + &reader_mb); + + if (! err) + { + /* Return the data. */ + *r_ciph = get_membuf (&reader_mb, r_ciphlen); + if (!*r_ciph) + { + err = gpg_error_from_syserror (); + log_error ("error while storing the data in the reader thread: %s\n", + gpg_strerror (err)); + } + } + + xfree (get_membuf (&reader_mb, NULL)); + return err; +} /* Call GPG to decrypt a block of data. */ -gpg_error_t -gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, - const void *ciph, size_t ciphlen, - void **r_plain, size_t *r_plainlen) +static gpg_error_t +_gpg_decrypt (ctrl_t ctrl, const char *gpg_program, + const void *ciph, size_t ciphlen, + membuf_t *reader_mb) { gpg_error_t err; assuan_context_t ctx = NULL; @@ -478,15 +495,8 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, npth_t writer_thread = (npth_t)0; npth_t reader_thread = (npth_t)0; gpg_error_t writer_err, reader_err; - membuf_t reader_mb; int ret; - *r_plain = NULL; - *r_plainlen = 0; - - /* Init the memory buffer to receive the encrypted stuff. */ - init_membuf_secure (&reader_mb, 1024); - /* Create two pipes. */ err = gnupg_create_outbound_pipe (outbound_fds); if (!err) @@ -513,7 +523,7 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, /* Start a reader thread to eat from the OUTPUT command of the server. */ - err = start_reader (inbound_fds[0], &reader_mb, + err = start_reader (inbound_fds[0], reader_mb, &reader_thread, &reader_err); if (err) return err; @@ -560,16 +570,6 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, goto leave; } - /* Return the data. */ - *r_plain = get_membuf (&reader_mb, r_plainlen); - if (!*r_plain) - { - err = gpg_error_from_syserror (); - log_error ("error while storing the data in the reader thread: %s\n", - gpg_strerror (err)); - goto leave; - } - leave: if (reader_thread) npth_detach (reader_thread); @@ -584,6 +584,39 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, if (inbound_fds[1] != -1) close (inbound_fds[1]); release_gpg (ctx); + return err; +} + +gpg_error_t +gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, + const void *ciph, size_t ciphlen, + void **r_plain, size_t *r_plainlen) +{ + gpg_error_t err; + membuf_t reader_mb; + + *r_plain = NULL; + *r_plainlen = 0; + + /* Init the memory buffer to receive the encrypted stuff. */ + init_membuf_secure (&reader_mb, 1024); + + err = _gpg_decrypt (ctrl, gpg_program, + ciph, ciphlen, + &reader_mb); + + if (! err) + { + /* Return the data. */ + *r_plain = get_membuf (&reader_mb, r_plainlen); + if (!*r_plain) + { + err = gpg_error_from_syserror (); + log_error ("error while storing the data in the reader thread: %s\n", + gpg_strerror (err)); + } + } + xfree (get_membuf (&reader_mb, NULL)); return err; } commit ba1a5cc17d43d9cba32447876f06a8ab8f97e5ae Author: Justus Winter Date: Tue Nov 24 13:40:56 2015 +0100 g13: Move 'call-gpg.c' to common. * common/Makefile.am (common_sources): Add files. * g13/call-gpg.c: Move to 'common' and adapt slightly. Add a parameter to let callees override the gpg program to execute. * g13/call-gpg.h: Likewise. * g13/Makefile.am (g13_SOURCES): Drop files. * g13/create.c (encrypt_keyblob): Hand in the gpg program to execute. * g13/mount.c (decrypt_keyblob): Likewise. Signed-off-by: Justus Winter diff --git a/common/Makefile.am b/common/Makefile.am index 678e1a2..c02c60e 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -86,7 +86,8 @@ common_sources = \ agent-opt.c \ helpfile.c \ mkdir_p.c mkdir_p.h \ - strlist.c strlist.h + strlist.c strlist.h \ + call-gpg.c call-gpg.h if HAVE_W32_SYSTEM common_sources += w32-reg.c w32-afunix.c w32-afunix.h diff --git a/g13/call-gpg.c b/common/call-gpg.c similarity index 93% rename from g13/call-gpg.c rename to common/call-gpg.c index 0bd935c..bcad1d6 100644 --- a/g13/call-gpg.c +++ b/common/call-gpg.c @@ -18,27 +18,29 @@ */ #include -#include + +#include +#include +#include +#include #include +#include #include -#include #include -#include -#include -#include "g13.h" -#include -#include "i18n.h" #include "call-gpg.h" -#include "utils.h" -#include "../common/exechelp.h" - +#include "exechelp.h" +#include "i18n.h" +#include "logging.h" +#include "membuf.h" +#include "util.h" /* Fire up a new GPG. Handle the server's initial greeting. Returns 0 on success and stores the assuan context at R_CTX. */ static gpg_error_t -start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx) +start_gpg (ctrl_t ctrl, const char *gpg_program, + int input_fd, int output_fd, assuan_context_t *r_ctx) { gpg_error_t err; assuan_context_t ctx = NULL; @@ -60,15 +62,12 @@ start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx) } /* The first time we are used, intialize the gpg_program variable. */ - if ( !opt.gpg_program || !*opt.gpg_program ) - opt.gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG); - - if (opt.verbose) - log_info (_("no running gpg - starting '%s'\n"), opt.gpg_program); + if ( !gpg_program || !*gpg_program ) + gpg_program = gnupg_module_name (GNUPG_MODULE_NAME_GPG); /* Compute argv[0]. */ - if ( !(pgmname = strrchr (opt.gpg_program, '/'))) - pgmname = opt.gpg_program; + if ( !(pgmname = strrchr (gpg_program, '/'))) + pgmname = gpg_program; else pgmname++; @@ -82,8 +81,6 @@ start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx) i = 0; argv[i++] = pgmname; argv[i++] = "--server"; - if ((opt.debug & 1024)) - argv[i++] = "--debug=1024"; argv[i++] = "-z"; argv[i++] = "0"; argv[i++] = "--trust-model"; @@ -101,7 +98,7 @@ start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx) no_close_list[i] = -1; /* Connect to GPG and perform initial handshaking. */ - err = assuan_pipe_connect (ctx, opt.gpg_program, argv, no_close_list, + err = assuan_pipe_connect (ctx, gpg_program, argv, no_close_list, NULL, NULL, 0); if (err) { @@ -135,9 +132,6 @@ start_gpg (ctrl_t ctrl, int input_fd, int output_fd, assuan_context_t *r_ctx) } *r_ctx = ctx; - - if (DBG_IPC) - log_debug ("connection to GPG established\n"); return 0; } @@ -328,8 +322,10 @@ start_reader (int fd, membuf_t *mb, npth_t *r_thread, gpg_error_t *err_addr) */ gpg_error_t -gpg_encrypt_blob (ctrl_t ctrl, const void *plain, size_t plainlen, - strlist_t keys, void **r_ciph, size_t *r_ciphlen) +gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, + const void *plain, size_t plainlen, + strlist_t keys, + void **r_ciph, size_t *r_ciphlen) { gpg_error_t err; assuan_context_t ctx = NULL; @@ -360,7 +356,7 @@ gpg_encrypt_blob (ctrl_t ctrl, const void *plain, size_t plainlen, } /* Start GPG and send the INPUT and OUTPUT commands. */ - err = start_gpg (ctrl, outbound_fds[0], inbound_fds[1], &ctx); + err = start_gpg (ctrl, gpg_program, outbound_fds[0], inbound_fds[1], &ctx); if (err) goto leave; close (outbound_fds[0]); outbound_fds[0] = -1; @@ -471,7 +467,8 @@ gpg_encrypt_blob (ctrl_t ctrl, const void *plain, size_t plainlen, */ gpg_error_t -gpg_decrypt_blob (ctrl_t ctrl, const void *ciph, size_t ciphlen, +gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, + const void *ciph, size_t ciphlen, void **r_plain, size_t *r_plainlen) { gpg_error_t err; @@ -501,7 +498,7 @@ gpg_decrypt_blob (ctrl_t ctrl, const void *ciph, size_t ciphlen, } /* Start GPG and send the INPUT and OUTPUT commands. */ - err = start_gpg (ctrl, outbound_fds[0], inbound_fds[1], &ctx); + err = start_gpg (ctrl, gpg_program, outbound_fds[0], inbound_fds[1], &ctx); if (err) goto leave; close (outbound_fds[0]); outbound_fds[0] = -1; diff --git a/g13/call-gpg.h b/common/call-gpg.h similarity index 82% rename from g13/call-gpg.h rename to common/call-gpg.h index 339544d..606473d 100644 --- a/g13/call-gpg.h +++ b/common/call-gpg.h @@ -20,11 +20,16 @@ #ifndef G13_CALL_GPG_H #define G13_CALL_GPG_H -gpg_error_t gpg_encrypt_blob (ctrl_t ctrl, +#include "strlist.h" + +typedef struct server_control_s *ctrl_t; + +gpg_error_t gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, const void *plain, size_t plainlen, strlist_t keys, void **r_ciph, size_t *r_ciphlen); -gpg_error_t gpg_decrypt_blob (ctrl_t ctrl, const void *ciph, size_t ciphlen, +gpg_error_t gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, + const void *ciph, size_t ciphlen, void **r_plain, size_t *r_plainlen); diff --git a/g13/Makefile.am b/g13/Makefile.am index 152cf36..e17d099 100644 --- a/g13/Makefile.am +++ b/g13/Makefile.am @@ -37,7 +37,6 @@ g13_SOURCES = \ create.c create.h \ mount.c mount.h \ mountinfo.c mountinfo.h \ - call-gpg.c call-gpg.h \ runner.c runner.h \ backend.c backend.h \ be-encfs.c be-encfs.h \ diff --git a/g13/create.c b/g13/create.c index 6c09c2e..c4e94b8 100644 --- a/g13/create.c +++ b/g13/create.c @@ -33,7 +33,7 @@ #include "keyblob.h" #include "backend.h" #include "utils.h" -#include "call-gpg.h" +#include "../common/call-gpg.h" /* Create a new blob with all the session keys and other meta information which are to be stored encrypted in the crypto @@ -111,7 +111,7 @@ encrypt_keyblob (ctrl_t ctrl, void *keyblob, size_t keybloblen, gpg_error_t err; /* FIXME: For now we only implement OpenPGP. */ - err = gpg_encrypt_blob (ctrl, keyblob, keybloblen, keys, + err = gpg_encrypt_blob (ctrl, opt.gpg_program, keyblob, keybloblen, keys, r_encblob, r_encbloblen); return err; diff --git a/g13/mount.c b/g13/mount.c index 8d1c015..1f7fbcc 100644 --- a/g13/mount.c +++ b/g13/mount.c @@ -34,7 +34,7 @@ #include "backend.h" #include "utils.h" #include "../common/sysutils.h" -#include "call-gpg.h" +#include "../common/call-gpg.h" #include "mountinfo.h" #include "runner.h" #include "host2net.h" @@ -202,7 +202,7 @@ decrypt_keyblob (ctrl_t ctrl, const void *enckeyblob, size_t enckeybloblen, gpg_error_t err; /* FIXME: For now we only implement OpenPGP. */ - err = gpg_decrypt_blob (ctrl, enckeyblob, enckeybloblen, + err = gpg_decrypt_blob (ctrl, opt.gpg_program, enckeyblob, enckeybloblen, r_keyblob, r_keybloblen); return err; ----------------------------------------------------------------------- Summary of changes: common/Makefile.am | 3 +- {g13 => common}/call-gpg.c | 283 +++++++++++++++++++++++++++++++++------------ {g13 => common}/call-gpg.h | 21 +++- g13/Makefile.am | 1 - g13/create.c | 4 +- g13/mount.c | 4 +- tools/Makefile.am | 6 +- tools/gpgtar-create.c | 38 +++++- tools/gpgtar-extract.c | 24 +++- tools/gpgtar-list.c | 24 +++- tools/gpgtar.c | 72 ++++-------- tools/gpgtar.h | 10 +- 12 files changed, 348 insertions(+), 142 deletions(-) rename {g13 => common}/call-gpg.c (70%) rename {g13 => common}/call-gpg.h (67%) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Wed Nov 25 18:49:04 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Wed, 25 Nov 2015 18:49:04 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-177-g556e8c4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 556e8c44267fe3b829ca06286e9b5637ca1a6a73 (commit) via 127aba9a4d6c1aabb4a18a74b16d3bddc6eb5c54 (commit) via 89e104eb38c3a6896892ff09db11cb1bae2bb0d3 (commit) via f76fb047c15914ba44dc9423d235484758bcd721 (commit) from 40dbee86f3043aff8a8c2055521e270318e33068 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 556e8c44267fe3b829ca06286e9b5637ca1a6a73 Author: Justus Winter Date: Wed Nov 25 18:32:09 2015 +0100 tests: Add tests for gpgtar and gpg-zip. * tests/openpgp/Makefile.am (TESTS): Add new file. * tests/openpgp/gpgtar.test: New file. Signed-off-by: Justus Winter diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am index 7263cd8..aa13be9 100644 --- a/tests/openpgp/Makefile.am +++ b/tests/openpgp/Makefile.am @@ -46,6 +46,7 @@ TESTS = version.test mds.test \ multisig.test verify.test armor.test \ import.test ecc.test 4gb-packet.test \ $(sqlite3_dependent_tests) \ + gpgtar.test \ finish.test @@ -108,7 +109,7 @@ CLEANFILES = prepared.stamp x y yy z out err $(data_files) \ gnupg-test.stop random_seed gpg-agent.log tofu.db clean-local: - -rm -rf private-keys-v1.d openpgp-revocs.d tofu.d + -rm -rf private-keys-v1.d openpgp-revocs.d tofu.d gpgtar.d # We need to depend on a couple of programs so that the tests don't diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test new file mode 100755 index 0000000..7d55862 --- /dev/null +++ b/tests/openpgp/gpgtar.test @@ -0,0 +1,59 @@ +#!/bin/sh + +#set -x + +# Make sure $srcdir is set. +if test "x$srcdir" = x +then + echo srcdir environment variable not set! + exit 1 +fi + +. $srcdir/defs.inc || exit 3 + +set -e + +# Make sure $GNUPGHOME is set. +if test "x$GNUPGHOME" = x +then + echo "GNUPGHOME not set." + exit 1 +fi + +TESTFILES="$plain_files $data_files" + +TESTDIR=gpgtar.d +FILELIST="${TESTDIR}/filelist" +GPG=../../g10/gpg2 +GPGTAR="../../tools/gpgtar" +GPGZIP="sh ../../tools/gpg-zip --gpg-args --trust-model=always" + +for TOOL in "$GPGTAR" "$GPGZIP" +do + rm -rf -- "${TESTDIR}" + mkdir "${TESTDIR}" + + $TOOL --gpg "$GPG" --encrypt --recipient "$usrname2" \ + --output "${TESTDIR}/test.tar.pgp" $TESTFILES + + $TOOL --gpg "$GPG" --list-archive "${TESTDIR}/test.tar.pgp" >"$FILELIST" + for F in $TESTFILES + do + grep -qe "\\b${F}\\b" "$FILELIST" + done + + EXTRACT_FLAGS="--directory=${TESTDIR}" + if [ "$TOOL" = "$GPGZIP" ] + then + EXTRACT_FLAGS="--tar-args $EXTRACT_FLAGS" + fi + $TOOL --gpg "$GPG" $EXTRACT_FLAGS --decrypt "${TESTDIR}/test.tar.pgp" + for F in $TESTFILES + do + diff -q "$F" "${TESTDIR}/$F" + done +done + +# Success! + +exit 0 commit 127aba9a4d6c1aabb4a18a74b16d3bddc6eb5c54 Author: Justus Winter Date: Wed Nov 25 18:29:22 2015 +0100 tools/gpgtar: Handle '--directory' argument. * tools/gpgtar-extract.c (gpgtar_extract): Only generate a directory name if none is given via arguments. * tools/gpgtar.c (enum cmd_and_opt_values): New constant. (opts): Add argument. (main): Parse argument. * tools/gpgtar.h (opt): New field 'directory'. Signed-off-by: Justus Winter diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 92346b0..fa2f362 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -312,31 +312,36 @@ gpgtar_extract (const char *filename, int decrypt) goto leave; } - if (filename) - { - dirprefix = strrchr (filename, '/'); - if (dirprefix) - dirprefix++; - else - dirprefix = filename; - } - else if (opt.filename) + if (opt.directory) + dirname = xtrystrdup (opt.directory); + else { - dirprefix = strrchr (opt.filename, '/'); - if (dirprefix) - dirprefix++; - else - dirprefix = opt.filename; - } + if (filename) + { + dirprefix = strrchr (filename, '/'); + if (dirprefix) + dirprefix++; + else + dirprefix = filename; + } + else if (opt.filename) + { + dirprefix = strrchr (opt.filename, '/'); + if (dirprefix) + dirprefix++; + else + dirprefix = opt.filename; + } - if (!dirprefix || !*dirprefix) - dirprefix = "GPGARCH"; + if (!dirprefix || !*dirprefix) + dirprefix = "GPGARCH"; - dirname = create_directory (dirprefix); - if (!dirname) - { - err = gpg_error (GPG_ERR_GENERAL); - goto leave; + dirname = create_directory (dirprefix); + if (!dirname) + { + err = gpg_error (GPG_ERR_GENERAL); + goto leave; + } } if (opt.verbose) diff --git a/tools/gpgtar.c b/tools/gpgtar.c index c4bf855..991fbed 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -58,6 +58,7 @@ enum cmd_and_opt_values oRecipient = 'r', oUser = 'u', oOutput = 'o', + oDirectory = 'C', oQuiet = 'q', oVerbose = 'v', oFilesFrom = 'T', @@ -89,6 +90,8 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oUser, "local-user", N_("|USER-ID|use USER-ID to sign or decrypt")), ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")), + ARGPARSE_s_s (oDirectory, "directory", + N_("|DIRECTORY|extract files into DIRECTORY")), ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), ARGPARSE_s_s (oGpgProgram, "gpg", "@"), @@ -194,6 +197,7 @@ main (int argc, char **argv) switch (pargs.r_opt) { case oOutput: opt.outfile = pargs.r.ret_str; break; + case oDirectory: opt.directory = pargs.r.ret_str; break; case oSetFilename: opt.filename = pargs.r.ret_str; break; case oQuiet: opt.quiet = 1; break; case oVerbose: opt.verbose++; break; diff --git a/tools/gpgtar.h b/tools/gpgtar.h index 98fd51c..66a8ae1 100644 --- a/tools/gpgtar.h +++ b/tools/gpgtar.h @@ -35,6 +35,7 @@ struct const char *user; int symmetric; const char *filename; + const char *directory; } opt; commit 89e104eb38c3a6896892ff09db11cb1bae2bb0d3 Author: Justus Winter Date: Wed Nov 25 14:57:14 2015 +0100 tools/gpgtar: Handle '--gpg' argument. * tools/gpgtar-create.c (gpgtar_create): Use given gpg program. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. * tools/gpgtar.c (enum cmd_and_opt_values): New constant. (opts): Add argument. (main): Handle argument. * tools/gpgtar.h (opt): Add field 'gpg_program'. Signed-off-by: Justus Winter diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index 69ba440..92c1fb8 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -892,7 +892,8 @@ gpgtar_create (char **inpattern, int encrypt) if (err) goto leave; - err = gpg_encrypt_stream (NULL, NULL, + err = gpg_encrypt_stream (NULL, + opt.gpg_program, outstream, opt.recipients, cipher_stream); diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 594f257..92346b0 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -303,7 +303,7 @@ gpgtar_extract (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, NULL, cipher_stream, stream); + err = gpg_decrypt_stream (NULL, opt.gpg_program, cipher_stream, stream); if (err) goto leave; diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index 1f917ad..cdc7fc4 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -306,7 +306,7 @@ gpgtar_list (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, NULL, cipher_stream, stream); + err = gpg_decrypt_stream (NULL, opt.gpg_program, cipher_stream, stream); if (err) goto leave; diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 714b216..c4bf855 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -64,6 +64,7 @@ enum cmd_and_opt_values oNoVerbose = 500, aSignEncrypt, + oGpgProgram, oSkipCrypto, oOpenPGP, oCMS, @@ -90,6 +91,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")), ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), + ARGPARSE_s_s (oGpgProgram, "gpg", "@"), ARGPARSE_s_n (oSkipCrypto, "skip-crypto", N_("skip the crypto processing")), ARGPARSE_s_s (oSetFilename, "set-filename", "@"), ARGPARSE_s_s (oFilesFrom, "files-from", @@ -221,6 +223,10 @@ main (int argc, char **argv) opt.symmetric = 1; break; + case oGpgProgram: + opt.gpg_program = pargs.r.ret_str; + break; + case oSkipCrypto: skip_crypto = 1; break; diff --git a/tools/gpgtar.h b/tools/gpgtar.h index ab2ccec..98fd51c 100644 --- a/tools/gpgtar.h +++ b/tools/gpgtar.h @@ -29,6 +29,7 @@ struct int verbose; unsigned int debug_level; int quiet; + const char *gpg_program; const char *outfile; strlist_t recipients; const char *user; commit f76fb047c15914ba44dc9423d235484758bcd721 Author: Justus Winter Date: Wed Nov 25 13:39:50 2015 +0100 tools/gpgtar: Improve error handling. * tools/gpgtar-create.c (gpgtar_create): Return an error code, fix error handling. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (read_header): Return an error code. (gpgtar_list): Return an error code, fix error handling. (gpgtar_read_header): Return an error code. * tools/gpgtar.c: Add missing include. (main): Print an generic error message if a command failed and no error has been printed yet. * tools/gpgtar.h (gpgtar_{create,extract,list,read_header}): Fix the prototypes accordingly. Signed-off-by: Justus Winter diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index 59b88bf..69ba440 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -740,7 +740,7 @@ write_eof_mark (estream_t stream) /* Create a new tarball using the names in the array INPATTERN. If INPATTERN is NULL take the pattern as null terminated strings from stdin. */ -void +gpg_error_t gpgtar_create (char **inpattern, int encrypt) { gpg_error_t err = 0; @@ -903,16 +903,19 @@ gpgtar_create (char **inpattern, int encrypt) leave: if (!err) { + gpg_error_t first_err; if (outstream != es_stdout) - err = es_fclose (outstream); + first_err = es_fclose (outstream); else - err = es_fflush (outstream); + first_err = es_fflush (outstream); outstream = NULL; if (cipher_stream != es_stdout) err = es_fclose (cipher_stream); else err = es_fflush (cipher_stream); cipher_stream = NULL; + if (! err) + err = first_err; } if (err) { @@ -931,4 +934,5 @@ gpgtar_create (char **inpattern, int encrypt) scanctrl->flist = hdr->next; xfree (hdr); } + return err; } diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 19db0eb..594f257 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -265,7 +265,7 @@ create_directory (const char *dirprefix) -void +gpg_error_t gpgtar_extract (const char *filename, int decrypt) { gpg_error_t err; @@ -285,7 +285,7 @@ gpgtar_extract (const char *filename, int decrypt) { err = gpg_error_from_syserror (); log_error ("error opening '%s': %s\n", filename, gpg_strerror (err)); - return; + return err; } } else @@ -344,11 +344,12 @@ gpgtar_extract (const char *filename, int decrypt) for (;;) { - header = gpgtar_read_header (stream); - if (!header) + err = gpgtar_read_header (stream, &header); + if (err || header == NULL) goto leave; - if (extract (stream, dirname, header)) + err = extract (stream, dirname, header); + if (err) goto leave; xfree (header); header = NULL; @@ -362,5 +363,5 @@ gpgtar_extract (const char *filename, int decrypt) es_fclose (stream); if (stream != cipher_stream) es_fclose (cipher_stream); - return; + return err; } diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index 41e08db..1f917ad 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -169,10 +169,11 @@ parse_header (const void *record, const char *filename) /* Read the next block, assming it is a tar header. Returns a header - object on success or NULL one error. In case of an error an error + object on success in R_HEADER, or an error. If the stream is + consumed, R_HEADER is set to NULL. In case of an error an error message has been printed. */ -static tar_header_t -read_header (estream_t stream) +static gpg_error_t +read_header (estream_t stream, tar_header_t *r_header) { gpg_error_t err; char record[RECORDSIZE]; @@ -180,7 +181,7 @@ read_header (estream_t stream) err = read_record (stream, record); if (err) - return NULL; + return err; for (i=0; i < RECORDSIZE && !record[i]; i++) ; @@ -190,8 +191,8 @@ read_header (estream_t stream) end of archive mark. */ err = read_record (stream, record); if (err) - return NULL; - + return err; + for (i=0; i < RECORDSIZE && !record[i]; i++) ; if (i != RECORDSIZE) @@ -200,11 +201,13 @@ read_header (estream_t stream) else { /* End of archive - FIXME: we might want to check for garbage. */ - return NULL; + *r_header = NULL; + return 0; } } - return parse_header (record, es_fname_get (stream)); + *r_header = parse_header (record, es_fname_get (stream)); + return *r_header ? 0 : gpg_error_from_syserror (); } @@ -267,13 +270,13 @@ print_header (tar_header_t header, estream_t out) /* List the tarball FILENAME or, if FILENAME is NULL, the tarball read from stdin. */ -void +gpg_error_t gpgtar_list (const char *filename, int decrypt) { gpg_error_t err; estream_t stream; estream_t cipher_stream = NULL; - tar_header_t header; + tar_header_t header = NULL; if (filename) { @@ -285,7 +288,7 @@ gpgtar_list (const char *filename, int decrypt) { err = gpg_error_from_syserror (); log_error ("error opening '%s': %s\n", filename, gpg_strerror (err)); - return; + return err; } } else @@ -314,12 +317,12 @@ gpgtar_list (const char *filename, int decrypt) for (;;) { - header = read_header (stream); - if (!header) + err = read_header (stream, &header); + if (err || header == NULL) goto leave; - + print_header (header, es_stdout); - + if (skip_data (stream, header)) goto leave; xfree (header); @@ -333,14 +336,13 @@ gpgtar_list (const char *filename, int decrypt) es_fclose (stream); if (stream != cipher_stream) es_fclose (cipher_stream); - return; + return err; } -tar_header_t -gpgtar_read_header (estream_t stream) +gpg_error_t +gpgtar_read_header (estream_t stream, tar_header_t *r_header) { - /*FIXME: Change to return an error code. */ - return read_header (stream); + return read_header (stream, r_header); } void diff --git a/tools/gpgtar.c b/tools/gpgtar.c index a86aafe..714b216 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -38,6 +38,7 @@ #include "util.h" #include "i18n.h" #include "sysutils.h" +#include "../common/asshelp.h" #include "../common/openpgpdefs.h" #include "../common/init.h" @@ -158,6 +159,7 @@ ASSUAN_SYSTEM_NPTH_IMPL; int main (int argc, char **argv) { + gpg_error_t err; ARGPARSE_ARGS pargs; const char *fname; int no_more_options = 0; @@ -262,7 +264,9 @@ main (int argc, char **argv) log_info ("note: ignoring option --set-filename\n"); if (files_from) log_info ("note: ignoring option --files-from\n"); - gpgtar_list (fname, !skip_crypto); + err = gpgtar_list (fname, !skip_crypto); + if (err && log_get_errorcount (0) == 0) + log_error ("listing archive failed: %s\n", gpg_strerror (err)); break; case aEncrypt: @@ -271,7 +275,9 @@ main (int argc, char **argv) usage (1); if (opt.filename) log_info ("note: ignoring option --set-filename\n"); - gpgtar_create (null_names? NULL :argv, !skip_crypto); + err = gpgtar_create (null_names? NULL :argv, !skip_crypto); + if (err && log_get_errorcount (0) == 0) + log_error ("creating archive failed: %s\n", gpg_strerror (err)); break; case aDecrypt: @@ -282,7 +288,9 @@ main (int argc, char **argv) if (files_from) log_info ("note: ignoring option --files-from\n"); fname = argc ? *argv : NULL; - gpgtar_extract (fname, !skip_crypto); + err = gpgtar_extract (fname, !skip_crypto); + if (err && log_get_errorcount (0) == 0) + log_error ("extracting archive failed: %s\n", gpg_strerror (err)); break; default: diff --git a/tools/gpgtar.h b/tools/gpgtar.h index a96ee09..ab2ccec 100644 --- a/tools/gpgtar.h +++ b/tools/gpgtar.h @@ -115,14 +115,14 @@ gpg_error_t read_record (estream_t stream, void *record); gpg_error_t write_record (estream_t stream, const void *record); /*-- gpgtar-create.c --*/ -void gpgtar_create (char **inpattern, int encrypt); +gpg_error_t gpgtar_create (char **inpattern, int encrypt); /*-- gpgtar-extract.c --*/ -void gpgtar_extract (const char *filename, int decrypt); +gpg_error_t gpgtar_extract (const char *filename, int decrypt); /*-- gpgtar-list.c --*/ -void gpgtar_list (const char *filename, int decrypt); -tar_header_t gpgtar_read_header (estream_t stream); +gpg_error_t gpgtar_list (const char *filename, int decrypt); +gpg_error_t gpgtar_read_header (estream_t stream, tar_header_t *r_header); void gpgtar_print_header (tar_header_t header, estream_t out); ----------------------------------------------------------------------- Summary of changes: tests/openpgp/Makefile.am | 3 ++- tests/openpgp/gpgtar.test | 59 +++++++++++++++++++++++++++++++++++++++++++ tools/gpgtar-create.c | 13 +++++++--- tools/gpgtar-extract.c | 64 ++++++++++++++++++++++++++--------------------- tools/gpgtar-list.c | 44 ++++++++++++++++---------------- tools/gpgtar.c | 24 +++++++++++++++--- tools/gpgtar.h | 10 +++++--- 7 files changed, 155 insertions(+), 62 deletions(-) create mode 100755 tests/openpgp/gpgtar.test hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 26 03:41:00 2015 From: cvs at cvs.gnupg.org (by NIIBE Yutaka) Date: Thu, 26 Nov 2015 03:41:00 +0100 Subject: [git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-290-g3658afd Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU crypto library". The branch, master has been updated via 3658afd09c3b03b4398aaa5748387220c93b1a94 (commit) from 88e1358962e902ff1cbec8d53ba3eee46407851a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3658afd09c3b03b4398aaa5748387220c93b1a94 Author: NIIBE Yutaka Date: Thu Nov 26 11:37:47 2015 +0900 ecc: minor improvement of point multiplication. * mpi/ec.c (_gcry_mpi_ec_mul_point): Move ec_subm out of the loop. diff --git a/mpi/ec.c b/mpi/ec.c index 4d59a7e..40e09be 100644 --- a/mpi/ec.c +++ b/mpi/ec.c @@ -1415,6 +1415,10 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, point_init (&p2); point_init (&p1inv); + /* Invert point: y = p - y mod p */ + point_set (&p1inv, &p1); + ec_subm (p1inv.y, ctx->p, p1inv.y, ctx); + for (i=loops-2; i > 0; i--) { _gcry_mpi_ec_dup_point (result, result, ctx); @@ -1426,9 +1430,6 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, if (mpi_test_bit (h, i) == 0 && mpi_test_bit (k, i) == 1) { point_set (&p2, result); - /* Invert point: y = p - y mod p */ - point_set (&p1inv, &p1); - ec_subm (p1inv.y, ctx->p, p1inv.y, ctx); _gcry_mpi_ec_add_points (result, &p2, &p1inv, ctx); } } ----------------------------------------------------------------------- Summary of changes: mpi/ec.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) hooks/post-receive -- The GNU crypto library http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 26 17:58:50 2015 From: cvs at cvs.gnupg.org (by Justus Winter) Date: Thu, 26 Nov 2015 17:58:50 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-182-g676b2d7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 676b2d7081291f7e47a66755ab07af259fea130b (commit) via 69a8440f44fa025e33a4cc32d17695c9ac385043 (commit) via 1a045b1324efabe7423a8d00245f01718ed72556 (commit) via 2eb3248058330dd5c37560d9887db5b5266c54fe (commit) via 35c0c8b211bc891335e822379b33ea34fbc1f84f (commit) from 556e8c44267fe3b829ca06286e9b5637ca1a6a73 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 676b2d7081291f7e47a66755ab07af259fea130b Author: Justus Winter Date: Thu Nov 26 17:05:12 2015 +0100 tools/gpgtar: Add '--dry-run'. * tools/gpgtar-extract.c (extract_{regular,directory}): Honor '--dry-run'. * tools/gpgtar.c (enum cmd_and_opt_values): New value. (opts): Add '--dry-run'. (parse_arguments): Handle '--dry-run'. * tools/gpgtar.h (opt): Add field 'dry_run'. Signed-off-by: Justus Winter diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 3b73c85..728737d 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -53,7 +53,10 @@ extract_regular (estream_t stream, const char *dirname, else err = 0; - outfp = es_fopen (fname, "wb"); + if (opt.dry_run) + outfp = es_fopenmem (0, "wb"); + else + outfp = es_fopen (fname, "wb"); if (!outfp) { err = gpg_error_from_syserror (); @@ -120,7 +123,7 @@ extract_directory (const char *dirname, tar_header_t hdr) /* Note that we don't need to care about EEXIST because we always extract into a new hierarchy. */ - if (gnupg_mkdir (fname, "-rwx------")) + if (! opt.dry_run && gnupg_mkdir (fname, "-rwx------")) { err = gpg_error_from_syserror (); if (gpg_err_code (err) == GPG_ERR_ENOENT) diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 90fee05..a46a339 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -77,6 +77,9 @@ enum cmd_and_opt_values /* Compatibility with gpg-zip. */ oGpgArgs, oTarArgs, + + /* Debugging. */ + oDryRun, }; @@ -100,6 +103,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), ARGPARSE_s_s (oGpgProgram, "gpg", "@"), ARGPARSE_s_n (oSkipCrypto, "skip-crypto", N_("skip the crypto processing")), + ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), ARGPARSE_s_s (oSetFilename, "set-filename", "@"), ARGPARSE_s_n (oOpenPGP, "openpgp", "@"), ARGPARSE_s_n (oCMS, "cms", "@"), @@ -377,6 +381,10 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) } break; + case oDryRun: + opt.dry_run = 1; + break; + default: pargs->err = 2; break; } } diff --git a/tools/gpgtar.h b/tools/gpgtar.h index f130c94..eadbcac 100644 --- a/tools/gpgtar.h +++ b/tools/gpgtar.h @@ -29,6 +29,7 @@ struct int verbose; unsigned int debug_level; int quiet; + int dry_run; const char *gpg_program; strlist_t gpg_arguments; const char *outfile; commit 69a8440f44fa025e33a4cc32d17695c9ac385043 Author: Justus Winter Date: Thu Nov 26 15:36:52 2015 +0100 tools/gpgtar: Handle '--gpg-args'. * tools/gpgtar-create.c (gpgtar_create): Use given arguments. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. * tools/gpgtar.c (enum cmd_and_opt_values): New value. (opts): Add 'gpg-args'. (parse_arguments): Handle arguments. * tools/gpgtar.h (opt): Add field 'gpg_arguments'. * tests/openpgp/gpgtar.test: Simplify accordingly. Signed-off-by: Justus Winter diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test index 5cb2353..acfaf3f 100755 --- a/tests/openpgp/gpgtar.test +++ b/tests/openpgp/gpgtar.test @@ -25,24 +25,30 @@ TESTFILES="$plain_files $data_files" TESTDIR=gpgtar.d FILELIST="${TESTDIR}/filelist" GPG=../../g10/gpg2 +GPGARGS="--trust-model=always" + GPGTAR="../../tools/gpgtar" -GPGZIP="sh ../../tools/gpg-zip --gpg-args --trust-model=always" +GPGZIP="sh ../../tools/gpg-zip" for TOOL in "$GPGTAR" "$GPGZIP" do rm -rf -- "${TESTDIR}" mkdir "${TESTDIR}" - $TOOL --gpg "$GPG" --encrypt --recipient "$usrname2" \ + $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \ + --encrypt --recipient "$usrname2" \ --output "${TESTDIR}/test.tar.pgp" $TESTFILES - $TOOL --gpg "$GPG" --list-archive "${TESTDIR}/test.tar.pgp" >"$FILELIST" + $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \ + --list-archive "${TESTDIR}/test.tar.pgp" \ + >"$FILELIST" for F in $TESTFILES do grep -qe "\\b${F}\\b" "$FILELIST" done - $TOOL --gpg "$GPG" --tar-args --directory="${TESTDIR}" \ + $TOOL --gpg "$GPG" --gpg-args "$GPGARGS" \ + --tar-args --directory="${TESTDIR}" \ --decrypt "${TESTDIR}/test.tar.pgp" for F in $TESTFILES do diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index 774fcd3..cc82889 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -894,7 +894,7 @@ gpgtar_create (char **inpattern, int encrypt) err = gpg_encrypt_stream (NULL, opt.gpg_program, - NULL, + opt.gpg_arguments, outstream, opt.recipients, cipher_stream); diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index 7e7a351..3b73c85 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -303,7 +303,7 @@ gpgtar_extract (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, opt.gpg_program, NULL, + err = gpg_decrypt_stream (NULL, opt.gpg_program, opt.gpg_arguments, cipher_stream, stream); if (err) goto leave; diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index 1eab7e5..cb2ca5d 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -306,7 +306,7 @@ gpgtar_list (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, opt.gpg_program, NULL, + err = gpg_decrypt_stream (NULL, opt.gpg_program, opt.gpg_arguments, cipher_stream, stream); if (err) goto leave; diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 2968fb5..90fee05 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -75,6 +75,7 @@ enum cmd_and_opt_values oNull, /* Compatibility with gpg-zip. */ + oGpgArgs, oTarArgs, }; @@ -111,6 +112,7 @@ static ARGPARSE_OPTS opts[] = { N_("|FILE|get names to create from FILE")), ARGPARSE_s_n (oNull, "null", N_("-T reads null-terminated names")), + ARGPARSE_s_s (oGpgArgs, "gpg-args", "@"), ARGPARSE_s_s (oTarArgs, "tar-args", "@"), ARGPARSE_end () @@ -340,6 +342,20 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case oOpenPGP: /* Dummy option for now. */ break; case oCMS: /* Dummy option for now. */ break; + case oGpgArgs:; + strlist_t list; + if (shell_parse_stringlist (pargs->r.ret_str, &list)) + log_error ("failed to parse gpg arguments '%s'\n", + pargs->r.ret_str); + else + { + if (opt.gpg_arguments) + strlist_last (opt.gpg_arguments)->next = list; + else + opt.gpg_arguments = list; + } + break; + case oTarArgs:; int tar_argc; char **tar_argv; diff --git a/tools/gpgtar.h b/tools/gpgtar.h index 66a8ae1..f130c94 100644 --- a/tools/gpgtar.h +++ b/tools/gpgtar.h @@ -30,6 +30,7 @@ struct unsigned int debug_level; int quiet; const char *gpg_program; + strlist_t gpg_arguments; const char *outfile; strlist_t recipients; const char *user; commit 1a045b1324efabe7423a8d00245f01718ed72556 Author: Justus Winter Date: Thu Nov 26 15:01:40 2015 +0100 common: Make the GPG arguments configurable in call-gpg. * common/call-gpg.c (start_gpg): Add parameter 'gpg_arguments'. (_gpg_encrypt, gpg_encrypt_blob, gpg_encrypt_stream): Likewise. (_gpg_decrypt, gpg_decrypt_blob, gpg_decrypt_stream): Likewise. * common/call-gpg.h: Adapt prototypes. * g13/create.c (encrypt_keyblob): Adapt callsite. * g13/g13-common.h (opt): Add field 'gpg_arguments'. * g13/g13.c (main): Construct default arguments. * g13/mount.c (decrypt_keyblob): Adapt callsite. * tools/gpgtar-create.c (gpgtar_create): Likewise. * tools/gpgtar-extract.c (gpgtar_extract): Likewise. * tools/gpgtar-list.c (gpgtar_list): Likewise. Signed-off-by: Justus Winter diff --git a/common/call-gpg.c b/common/call-gpg.c index 8258b83..4a32c88 100644 --- a/common/call-gpg.c +++ b/common/call-gpg.c @@ -33,19 +33,20 @@ #include "i18n.h" #include "logging.h" #include "membuf.h" +#include "strlist.h" #include "util.h" /* Fire up a new GPG. Handle the server's initial greeting. Returns 0 on success and stores the assuan context at R_CTX. */ static gpg_error_t -start_gpg (ctrl_t ctrl, const char *gpg_program, +start_gpg (ctrl_t ctrl, const char *gpg_program, strlist_t gpg_arguments, int input_fd, int output_fd, assuan_context_t *r_ctx) { gpg_error_t err; assuan_context_t ctx = NULL; const char *pgmname; - const char *argv[10]; + const char **argv; int no_close_list[5]; int i; char line[ASSUAN_LINELENGTH]; @@ -78,13 +79,17 @@ start_gpg (ctrl_t ctrl, const char *gpg_program, return err; } + argv = xtrycalloc (strlist_length (gpg_arguments) + 3, sizeof *argv); + if (argv == NULL) + { + err = gpg_error_from_syserror (); + return err; + } i = 0; argv[i++] = pgmname; argv[i++] = "--server"; - argv[i++] = "-z"; - argv[i++] = "0"; - argv[i++] = "--trust-model"; - argv[i++] = "always"; + for (; gpg_arguments; gpg_arguments = gpg_arguments->next) + argv[i++] = gpg_arguments->d; argv[i++] = NULL; i = 0; @@ -386,7 +391,9 @@ start_reader (int fd, membuf_t *mb, estream_t stream, */ static gpg_error_t -_gpg_encrypt (ctrl_t ctrl, const char *gpg_program, +_gpg_encrypt (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *plain, size_t plainlen, estream_t plain_stream, strlist_t keys, @@ -420,7 +427,8 @@ _gpg_encrypt (ctrl_t ctrl, const char *gpg_program, } /* Start GPG and send the INPUT and OUTPUT commands. */ - err = start_gpg (ctrl, gpg_program, outbound_fds[0], inbound_fds[1], &ctx); + err = start_gpg (ctrl, gpg_program, gpg_arguments, + outbound_fds[0], inbound_fds[1], &ctx); if (err) goto leave; close (outbound_fds[0]); outbound_fds[0] = -1; @@ -514,7 +522,9 @@ _gpg_encrypt (ctrl_t ctrl, const char *gpg_program, } gpg_error_t -gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, +gpg_encrypt_blob (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *plain, size_t plainlen, strlist_t keys, void **r_ciph, size_t *r_ciphlen) @@ -528,7 +538,7 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, /* Init the memory buffer to receive the encrypted stuff. */ init_membuf (&reader_mb, 4096); - err = _gpg_encrypt (ctrl, gpg_program, + err = _gpg_encrypt (ctrl, gpg_program, gpg_arguments, plain, plainlen, NULL, keys, &reader_mb, NULL); @@ -550,12 +560,14 @@ gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, } gpg_error_t -gpg_encrypt_stream (ctrl_t ctrl, const char *gpg_program, +gpg_encrypt_stream (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, estream_t plain_stream, strlist_t keys, estream_t cipher_stream) { - return _gpg_encrypt (ctrl, gpg_program, + return _gpg_encrypt (ctrl, gpg_program, gpg_arguments, NULL, 0, plain_stream, keys, NULL, cipher_stream); @@ -566,7 +578,9 @@ gpg_encrypt_stream (ctrl_t ctrl, const char *gpg_program, */ static gpg_error_t -_gpg_decrypt (ctrl_t ctrl, const char *gpg_program, +_gpg_decrypt (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *ciph, size_t ciphlen, estream_t cipher_stream, membuf_t *reader_mb, @@ -597,7 +611,8 @@ _gpg_decrypt (ctrl_t ctrl, const char *gpg_program, } /* Start GPG and send the INPUT and OUTPUT commands. */ - err = start_gpg (ctrl, gpg_program, outbound_fds[0], inbound_fds[1], &ctx); + err = start_gpg (ctrl, gpg_program, gpg_arguments, + outbound_fds[0], inbound_fds[1], &ctx); if (err) goto leave; close (outbound_fds[0]); outbound_fds[0] = -1; @@ -677,7 +692,9 @@ _gpg_decrypt (ctrl_t ctrl, const char *gpg_program, } gpg_error_t -gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, +gpg_decrypt_blob (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *ciph, size_t ciphlen, void **r_plain, size_t *r_plainlen) { @@ -690,7 +707,7 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, /* Init the memory buffer to receive the encrypted stuff. */ init_membuf_secure (&reader_mb, 1024); - err = _gpg_decrypt (ctrl, gpg_program, + err = _gpg_decrypt (ctrl, gpg_program, gpg_arguments, ciph, ciphlen, NULL, &reader_mb, NULL); @@ -711,11 +728,13 @@ gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, } gpg_error_t -gpg_decrypt_stream (ctrl_t ctrl, const char *gpg_program, +gpg_decrypt_stream (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, estream_t cipher_stream, estream_t plain_stream) { - return _gpg_decrypt (ctrl, gpg_program, + return _gpg_decrypt (ctrl, gpg_program, gpg_arguments, NULL, 0, cipher_stream, NULL, plain_stream); } diff --git a/common/call-gpg.h b/common/call-gpg.h index 2c5854d..74d3819 100644 --- a/common/call-gpg.h +++ b/common/call-gpg.h @@ -26,21 +26,29 @@ typedef struct server_control_s *ctrl_t; -gpg_error_t gpg_encrypt_blob (ctrl_t ctrl, const char *gpg_program, +gpg_error_t gpg_encrypt_blob (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *plain, size_t plainlen, strlist_t keys, void **r_ciph, size_t *r_ciphlen); -gpg_error_t gpg_encrypt_stream (ctrl_t ctrl, const char *gpg_program, +gpg_error_t gpg_encrypt_stream (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, estream_t plain_stream, strlist_t keys, estream_t cipher_stream); -gpg_error_t gpg_decrypt_blob (ctrl_t ctrl, const char *gpg_program, +gpg_error_t gpg_decrypt_blob (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, const void *ciph, size_t ciphlen, void **r_plain, size_t *r_plainlen); -gpg_error_t gpg_decrypt_stream (ctrl_t ctrl, const char *gpg_program, +gpg_error_t gpg_decrypt_stream (ctrl_t ctrl, + const char *gpg_program, + strlist_t gpg_arguments, estream_t cipher_stream, estream_t plain_stream); diff --git a/g13/create.c b/g13/create.c index c4e94b8..91b290c 100644 --- a/g13/create.c +++ b/g13/create.c @@ -111,7 +111,9 @@ encrypt_keyblob (ctrl_t ctrl, void *keyblob, size_t keybloblen, gpg_error_t err; /* FIXME: For now we only implement OpenPGP. */ - err = gpg_encrypt_blob (ctrl, opt.gpg_program, keyblob, keybloblen, keys, + err = gpg_encrypt_blob (ctrl, opt.gpg_program, opt.gpg_arguments, + keyblob, keybloblen, + keys, r_encblob, r_encbloblen); return err; diff --git a/g13/g13-common.h b/g13/g13-common.h index f27dca4..316b94a 100644 --- a/g13/g13-common.h +++ b/g13/g13-common.h @@ -30,6 +30,7 @@ #include "../common/util.h" #include "../common/status.h" #include "../common/session-env.h" +#include "../common/strlist.h" /* Debug values and macros. */ @@ -65,6 +66,9 @@ struct filename. */ const char *gpg_program; + /* GPG arguments. XXX: Currently it is not possible to set them. */ + strlist_t gpg_arguments; + /* Environment variables passed along to the engine. */ char *display; char *ttyname; diff --git a/g13/g13.c b/g13/g13.c index e6c7613..7fe207a 100644 --- a/g13/g13.c +++ b/g13/g13.c @@ -577,6 +577,16 @@ main ( int argc, char **argv) } } + /* XXX Construct GPG arguments. */ + { + strlist_t last; + last = strlist_append (&opt.gpg_arguments, "-z"); + last = strlist_append (&last, "0"); + last = strlist_append (&last, "--trust-model"); + last = strlist_append (&last, "always"); + (void) last; + } + if (configfp) { fclose (configfp); diff --git a/g13/mount.c b/g13/mount.c index 1f7fbcc..e9b9c1b 100644 --- a/g13/mount.c +++ b/g13/mount.c @@ -202,7 +202,8 @@ decrypt_keyblob (ctrl_t ctrl, const void *enckeyblob, size_t enckeybloblen, gpg_error_t err; /* FIXME: For now we only implement OpenPGP. */ - err = gpg_decrypt_blob (ctrl, opt.gpg_program, enckeyblob, enckeybloblen, + err = gpg_decrypt_blob (ctrl, opt.gpg_program, opt.gpg_arguments, + enckeyblob, enckeybloblen, r_keyblob, r_keybloblen); return err; diff --git a/tools/gpgtar-create.c b/tools/gpgtar-create.c index 92c1fb8..774fcd3 100644 --- a/tools/gpgtar-create.c +++ b/tools/gpgtar-create.c @@ -894,6 +894,7 @@ gpgtar_create (char **inpattern, int encrypt) err = gpg_encrypt_stream (NULL, opt.gpg_program, + NULL, outstream, opt.recipients, cipher_stream); diff --git a/tools/gpgtar-extract.c b/tools/gpgtar-extract.c index fa2f362..7e7a351 100644 --- a/tools/gpgtar-extract.c +++ b/tools/gpgtar-extract.c @@ -303,7 +303,8 @@ gpgtar_extract (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, opt.gpg_program, cipher_stream, stream); + err = gpg_decrypt_stream (NULL, opt.gpg_program, NULL, + cipher_stream, stream); if (err) goto leave; diff --git a/tools/gpgtar-list.c b/tools/gpgtar-list.c index cdc7fc4..1eab7e5 100644 --- a/tools/gpgtar-list.c +++ b/tools/gpgtar-list.c @@ -306,7 +306,8 @@ gpgtar_list (const char *filename, int decrypt) err = gpg_error_from_syserror (); goto leave; } - err = gpg_decrypt_stream (NULL, opt.gpg_program, cipher_stream, stream); + err = gpg_decrypt_stream (NULL, opt.gpg_program, NULL, + cipher_stream, stream); if (err) goto leave; commit 2eb3248058330dd5c37560d9887db5b5266c54fe Author: Justus Winter Date: Thu Nov 26 14:08:48 2015 +0100 tools/gpgtar: Handle '--tar-args' for compatibility with gpg-zip. * tools/gpgtar.c (enum cmd_and_opt_values): New value. (opts): Add new group for tar options, rearrange a little, add '--tar-args'. (tar_opts): New variable. (shell_parse_stringlist): New function. (shell_parse_argv): Likewise. (parse_arguments): Add option argument, handle '--tar-args'. (main): Fix invokation of 'parse_arguments'. * tests/openpgp/gpgtar.test: Simplify decryption. Signed-off-by: Justus Winter diff --git a/tests/openpgp/gpgtar.test b/tests/openpgp/gpgtar.test index 7d55862..5cb2353 100755 --- a/tests/openpgp/gpgtar.test +++ b/tests/openpgp/gpgtar.test @@ -42,12 +42,8 @@ do grep -qe "\\b${F}\\b" "$FILELIST" done - EXTRACT_FLAGS="--directory=${TESTDIR}" - if [ "$TOOL" = "$GPGZIP" ] - then - EXTRACT_FLAGS="--tar-args $EXTRACT_FLAGS" - fi - $TOOL --gpg "$GPG" $EXTRACT_FLAGS --decrypt "${TESTDIR}/test.tar.pgp" + $TOOL --gpg "$GPG" --tar-args --directory="${TESTDIR}" \ + --decrypt "${TESTDIR}/test.tar.pgp" for F in $TESTFILES do diff -q "$F" "${TESTDIR}/$F" diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 04d23b5..2968fb5 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -28,6 +28,7 @@ #include #include +#include #include #include #include @@ -41,6 +42,7 @@ #include "../common/asshelp.h" #include "../common/openpgpdefs.h" #include "../common/init.h" +#include "../common/strlist.h" #include "gpgtar.h" @@ -70,7 +72,10 @@ enum cmd_and_opt_values oOpenPGP, oCMS, oSetFilename, - oNull + oNull, + + /* Compatibility with gpg-zip. */ + oTarArgs, }; @@ -90,18 +95,35 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_s (oUser, "local-user", N_("|USER-ID|use USER-ID to sign or decrypt")), ARGPARSE_s_s (oOutput, "output", N_("|FILE|write output to FILE")), - ARGPARSE_s_s (oDirectory, "directory", - N_("|DIRECTORY|extract files into DIRECTORY")), ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), ARGPARSE_s_s (oGpgProgram, "gpg", "@"), ARGPARSE_s_n (oSkipCrypto, "skip-crypto", N_("skip the crypto processing")), ARGPARSE_s_s (oSetFilename, "set-filename", "@"), + ARGPARSE_s_n (oOpenPGP, "openpgp", "@"), + ARGPARSE_s_n (oCMS, "cms", "@"), + + ARGPARSE_group (302, N_("@\nTar options:\n ")), + + ARGPARSE_s_s (oDirectory, "directory", + N_("|DIRECTORY|extract files into DIRECTORY")), + ARGPARSE_s_s (oFilesFrom, "files-from", + N_("|FILE|get names to create from FILE")), + ARGPARSE_s_n (oNull, "null", N_("-T reads null-terminated names")), + + ARGPARSE_s_s (oTarArgs, "tar-args", "@"), + + ARGPARSE_end () +}; + + +/* The list of commands and options for tar that we understand. */ +static ARGPARSE_OPTS tar_opts[] = { + ARGPARSE_s_s (oDirectory, "directory", + N_("|DIRECTORY|extract files into DIRECTORY")), ARGPARSE_s_s (oFilesFrom, "files-from", N_("|FILE|get names to create from FILE")), ARGPARSE_s_n (oNull, "null", N_("-T reads null-terminated names")), - ARGPARSE_s_n (oOpenPGP, "openpgp", "@"), - ARGPARSE_s_n (oCMS, "cms", "@"), ARGPARSE_end () }; @@ -156,6 +178,105 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd) *ret_cmd = cmd; } + +/* Shell-like argument splitting. + + For compatibility with gpg-zip we accept arguments for GnuPG and + tar given as a string argument to '--gpg-args' and '--tar-args'. + gpg-zip was implemented as a Bourne Shell script, and therefore, we + need to split the string the same way the shell would. */ +static int +shell_parse_stringlist (const char *str, strlist_t *r_list) +{ + strlist_t list = NULL; + const char *s = str; + char quoted = 0; + char arg[1024]; + char *p = arg; +#define addchar(c) \ + do { if (p - arg + 2 < sizeof arg) *p++ = (c); else return 1; } while (0) +#define addargument() \ + do { \ + if (p > arg) \ + { \ + *p = 0; \ + append_to_strlist (&list, arg); \ + p = arg; \ + } \ + } while (0) + +#define unquoted 0 +#define singlequote '\'' +#define doublequote '"' + + for (; *s; s++) + { + switch (quoted) + { + case unquoted: + if (isspace (*s)) + addargument (); + else if (*s == singlequote || *s == doublequote) + quoted = *s; + else + addchar (*s); + break; + + case singlequote: + if (*s == singlequote) + quoted = unquoted; + else + addchar (*s); + break; + + case doublequote: + assert (s > str || !"cannot be quoted at first char"); + if (*s == doublequote && *(s - 1) != '\\') + quoted = unquoted; + else + addchar (*s); + break; + + default: + assert (! "reached"); + } + } + + /* Append the last argument. */ + addargument (); + +#undef doublequote +#undef singlequote +#undef unquoted +#undef addargument +#undef addchar + *r_list = list; + return 0; +} + + +/* Like shell_parse_stringlist, but returns an argv vector + instead of a strlist. */ +static int +shell_parse_argv (const char *s, int *r_argc, char ***r_argv) +{ + int i; + strlist_t list; + + if (shell_parse_stringlist (s, &list)) + return 1; + + *r_argc = strlist_length (list); + *r_argv = xtrycalloc (*r_argc, sizeof **r_argv); + if (*r_argv == NULL) + return 1; + + for (i = 0; list; i++) + (*r_argv)[i] = list->d, list = list->next; + return 0; +} + +/* Define Assuan hooks for NPTH. */ ASSUAN_SYSTEM_NPTH_IMPL; @@ -169,11 +290,11 @@ int null_names = 0; /* Command line parsing. */ static void -parse_arguments (ARGPARSE_ARGS *pargs) +parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) { int no_more_options = 0; - while (!no_more_options && optfile_parse (NULL, NULL, NULL, pargs, opts)) + while (!no_more_options && optfile_parse (NULL, NULL, NULL, pargs, popts)) { switch (pargs->r_opt) { @@ -219,6 +340,27 @@ parse_arguments (ARGPARSE_ARGS *pargs) case oOpenPGP: /* Dummy option for now. */ break; case oCMS: /* Dummy option for now. */ break; + case oTarArgs:; + int tar_argc; + char **tar_argv; + + if (shell_parse_argv (pargs->r.ret_str, &tar_argc, &tar_argv)) + log_error ("failed to parse tar arguments '%s'\n", + pargs->r.ret_str); + else + { + ARGPARSE_ARGS tar_args; + tar_args.argc = &tar_argc; + tar_args.argv = &tar_argv; + tar_args.flags = ARGPARSE_FLAG_ARG0; + parse_arguments (&tar_args, tar_opts); + if (tar_args.err) + log_error ("unsupported tar arguments '%s'\n", + pargs->r.ret_str); + pargs->err = tar_args.err; + } + break; + default: pargs->err = 2; break; } } @@ -252,7 +394,7 @@ main (int argc, char **argv) pargs.argc = &argc; pargs.argv = &argv; pargs.flags = ARGPARSE_FLAG_KEEP; - parse_arguments (&pargs); + parse_arguments (&pargs, opts); if ((files_from && !null_names) || (!files_from && null_names)) log_error ("--files-from and --null may only be used in conjunction\n"); commit 35c0c8b211bc891335e822379b33ea34fbc1f84f Author: Justus Winter Date: Thu Nov 26 11:46:35 2015 +0100 tools/gpgtar: Rework argument parsing. * tools/gpgtar.c (main): Move argument parsing into its own function. Signed-off-by: Justus Winter diff --git a/tools/gpgtar.c b/tools/gpgtar.c index 991fbed..04d23b5 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -160,65 +160,46 @@ set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd) ASSUAN_SYSTEM_NPTH_IMPL; -/* gpgtar main. */ -int -main (int argc, char **argv) -{ - gpg_error_t err; - ARGPARSE_ARGS pargs; - const char *fname; - int no_more_options = 0; - enum cmd_and_opt_values cmd = 0; - int skip_crypto = 0; - const char *files_from = NULL; - int null_names = 0; +/* Global flags. */ +enum cmd_and_opt_values cmd = 0; +int skip_crypto = 0; +const char *files_from = NULL; +int null_names = 0; - assert (sizeof (struct ustar_raw_header) == 512); - gnupg_reopen_std (GPGTAR_NAME); - set_strusage (my_strusage); - log_set_prefix (GPGTAR_NAME, 1); - - /* Make sure that our subsystems are ready. */ - i18n_init(); - init_common_subsystems (&argc, &argv); - npth_init (); - assuan_set_assuan_log_prefix (log_get_prefix (NULL)); - assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); - assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); - assuan_sock_init (); +/* Command line parsing. */ +static void +parse_arguments (ARGPARSE_ARGS *pargs) +{ + int no_more_options = 0; - /* Parse the command line. */ - pargs.argc = &argc; - pargs.argv = &argv; - pargs.flags = ARGPARSE_FLAG_KEEP; - while (!no_more_options && optfile_parse (NULL, NULL, NULL, &pargs, opts)) + while (!no_more_options && optfile_parse (NULL, NULL, NULL, pargs, opts)) { - switch (pargs.r_opt) + switch (pargs->r_opt) { - case oOutput: opt.outfile = pargs.r.ret_str; break; - case oDirectory: opt.directory = pargs.r.ret_str; break; - case oSetFilename: opt.filename = pargs.r.ret_str; break; + case oOutput: opt.outfile = pargs->r.ret_str; break; + case oDirectory: opt.directory = pargs->r.ret_str; break; + case oSetFilename: opt.filename = pargs->r.ret_str; break; case oQuiet: opt.quiet = 1; break; case oVerbose: opt.verbose++; break; case oNoVerbose: opt.verbose = 0; break; - case oFilesFrom: files_from = pargs.r.ret_str; break; + case oFilesFrom: files_from = pargs->r.ret_str; break; case oNull: null_names = 1; break; case aList: case aDecrypt: case aEncrypt: case aSign: - set_cmd (&cmd, pargs.r_opt); + set_cmd (&cmd, pargs->r_opt); break; case oRecipient: - add_to_strlist (&opt.recipients, pargs.r.ret_str); + add_to_strlist (&opt.recipients, pargs->r.ret_str); break; case oUser: log_info ("note: ignoring option --user\n"); - opt.user = pargs.r.ret_str; + opt.user = pargs->r.ret_str; break; case oSymmetric: @@ -228,7 +209,7 @@ main (int argc, char **argv) break; case oGpgProgram: - opt.gpg_program = pargs.r.ret_str; + opt.gpg_program = pargs->r.ret_str; break; case oSkipCrypto: @@ -238,9 +219,40 @@ main (int argc, char **argv) case oOpenPGP: /* Dummy option for now. */ break; case oCMS: /* Dummy option for now. */ break; - default: pargs.err = 2; break; + default: pargs->err = 2; break; } } +} + + +/* gpgtar main. */ +int +main (int argc, char **argv) +{ + gpg_error_t err; + const char *fname; + ARGPARSE_ARGS pargs; + + assert (sizeof (struct ustar_raw_header) == 512); + + gnupg_reopen_std (GPGTAR_NAME); + set_strusage (my_strusage); + log_set_prefix (GPGTAR_NAME, 1); + + /* Make sure that our subsystems are ready. */ + i18n_init(); + init_common_subsystems (&argc, &argv); + npth_init (); + assuan_set_assuan_log_prefix (log_get_prefix (NULL)); + assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); + assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH); + assuan_sock_init (); + + /* Parse the command line. */ + pargs.argc = &argc; + pargs.argv = &argv; + pargs.flags = ARGPARSE_FLAG_KEEP; + parse_arguments (&pargs); if ((files_from && !null_names) || (!files_from && null_names)) log_error ("--files-from and --null may only be used in conjunction\n"); ----------------------------------------------------------------------- Summary of changes: common/call-gpg.c | 55 ++++++---- common/call-gpg.h | 16 ++- g13/create.c | 4 +- g13/g13-common.h | 4 + g13/g13.c | 10 ++ g13/mount.c | 3 +- tests/openpgp/gpgtar.test | 20 ++-- tools/gpgtar-create.c | 1 + tools/gpgtar-extract.c | 10 +- tools/gpgtar-list.c | 3 +- tools/gpgtar.c | 268 ++++++++++++++++++++++++++++++++++++++-------- tools/gpgtar.h | 2 + 12 files changed, 314 insertions(+), 82 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 26 18:14:34 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Nov 2015 18:14:34 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-186-g82f6abb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 82f6abb4807c89388052ab442368d9e09fb84aea (commit) via 61941a984964308b09c7fc1b3438fb99d0b3c917 (commit) via d226e67856e7197c581dcd2cef0f1e687bee0ac9 (commit) via f95cff1cc9e7a4d9f6b7c45188ec47e70f9874dc (commit) from 676b2d7081291f7e47a66755ab07af259fea130b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 82f6abb4807c89388052ab442368d9e09fb84aea Author: Werner Koch Date: Thu Nov 26 18:10:05 2015 +0100 g13: Fix commit 1a045b13. * g13/g13.c (main): Use existsing function. Signed-off-by: Werner Koch diff --git a/g13/g13.c b/g13/g13.c index 7fe207a..7a8d775 100644 --- a/g13/g13.c +++ b/g13/g13.c @@ -580,10 +580,10 @@ main ( int argc, char **argv) /* XXX Construct GPG arguments. */ { strlist_t last; - last = strlist_append (&opt.gpg_arguments, "-z"); - last = strlist_append (&last, "0"); - last = strlist_append (&last, "--trust-model"); - last = strlist_append (&last, "always"); + last = append_to_strlist (&opt.gpg_arguments, "-z"); + last = append_to_strlist (&last, "0"); + last = append_to_strlist (&last, "--trust-model"); + last = append_to_strlist (&last, "always"); (void) last; } commit 61941a984964308b09c7fc1b3438fb99d0b3c917 Author: Werner Koch Date: Thu Nov 26 18:04:54 2015 +0100 common: Fix off-by-one access in the new format_text. * common/stringhelp.c (format_text): Use existsing fucntion to trim trailing spaces. Fix off-by-one access. Signed-off-by: Werner Koch diff --git a/common/stringhelp.c b/common/stringhelp.c index 6748d1e..e8b990a 100644 --- a/common/stringhelp.c +++ b/common/stringhelp.c @@ -1328,6 +1328,11 @@ strtokenize (const char *string, const char *delim) return result; } + +/* Format a string so that it fits within about TARGET_COLS columns. + If IN_PLACE is 0, then TEXT is copied to a new buffer, which is + returned. Otherwise, TEXT is modified in place and returned. + Normally, target_cols will be 72 and max_cols is 80. */ char * format_text (char *text, int in_place, int target_cols, int max_cols) { @@ -1448,10 +1453,9 @@ format_text (char *text, int in_place, int target_cols, int max_cols) } /* Chop off any trailing space. */ - while (text[strlen (text) - 1] == ' ') - text[strlen (text) - 1] = '\0'; + trim_trailing_chars (text, strlen (text), " "); /* If we inserted the trailing newline, then remove it. */ - if (! copied_last_space && text[strlen (text) - 1] == '\n') + if (! copied_last_space && *text && text[strlen (text) - 1] == '\n') text[strlen (text) - 1] = '\0'; return text; diff --git a/common/stringhelp.h b/common/stringhelp.h index 9ff062b..c813662 100644 --- a/common/stringhelp.h +++ b/common/stringhelp.h @@ -148,12 +148,10 @@ char **strsplit (char *string, char delim, char replacement, int *count); /* Tokenize STRING using the set of delimiters in DELIM. */ char **strtokenize (const char *string, const char *delim); -/* Format a string so that it fits within about TARGET_COLS columns. - If IN_PLACE is 0, then TEXT is copied to a new buffer, which is - returned. Otherwise, TEXT is modified in place and returned. - Normally, target_cols will be 72 and max_cols is 80. */ +/* Format a string so that it fits within about TARGET_COLS columns. */ char *format_text (char *text, int in_place, int target_cols, int max_cols); + /*-- mapstrings.c --*/ const char *map_static_macro_string (const char *string); commit d226e67856e7197c581dcd2cef0f1e687bee0ac9 Author: Werner Koch Date: Thu Nov 26 17:35:56 2015 +0100 dirmngr: Improve output of "getinfo tor". * dirmngr/server.c (cmd_getinfo): Print a message along with OK. Signed-off-by: Werner Koch diff --git a/dirmngr/server.c b/dirmngr/server.c index ba37508..8954ba8 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2121,7 +2121,13 @@ cmd_getinfo (assuan_context_t ctx, char *line) } else if (!strcmp (line, "tor")) { - err = opt.use_tor? 0:set_error (GPG_ERR_GENERAL, "Tor mode not enabled"); + if (opt.use_tor) + { + err = 0; + assuan_set_okay_line (ctx, " - Tor mode is enabled"); + } + else + err = set_error (GPG_ERR_FALSE, "Tor mode is NOT enabled"); } else err = set_error (GPG_ERR_ASS_PARAMETER, "unknown value for WHAT"); commit f95cff1cc9e7a4d9f6b7c45188ec47e70f9874dc Author: Werner Koch Date: Thu Nov 26 17:15:08 2015 +0100 dirmngr: Let Libassuan employ nPth wrappers for connect. * dirmngr/http.c (my_unprotect, my_protect): Remove. (connect_server): Do not use these wrappers. -- Since Libassuan version 2.4.2 the macro ASSUAN_SYSTEM_NPTH_IMPL protects the low-level connect calls with npth_unprotect and npth_protect. This is better than the high-level kludge we used here. Signed-off-by: Werner Koch diff --git a/dirmngr/http.c b/dirmngr/http.c index 60dc45f..02854e4 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -105,13 +105,9 @@ #ifdef USE_NPTH # define my_select(a,b,c,d,e) npth_select ((a), (b), (c), (d), (e)) # define my_accept(a,b,c) npth_accept ((a), (b), (c)) -# define my_unprotect() npth_unprotect () -# define my_protect() npth_protect () #else # define my_select(a,b,c,d,e) select ((a), (b), (c), (d), (e)) # define my_accept(a,b,c) accept ((a), (b), (c)) -# define my_unprotect() do { } while(0) -# define my_protect() do { } while(0) #endif #ifdef HAVE_W32_SYSTEM @@ -2228,11 +2224,8 @@ connect_server (const char *server, unsigned short port, { #ifdef ASSUAN_SOCK_TOR - my_unprotect (); sock = assuan_sock_connect_byname (server, port, 0, NULL, ASSUAN_SOCK_TOR); - my_protect (); - if (sock == ASSUAN_INVALID_FD) { if (errno == EHOSTUNREACH) @@ -2327,9 +2320,7 @@ connect_server (const char *server, unsigned short port, } anyhostaddr = 1; - my_unprotect (); ret = assuan_sock_connect (sock, ai->addr, ai->addrlen); - my_protect (); if (ret) last_errno = errno; else ----------------------------------------------------------------------- Summary of changes: common/stringhelp.c | 10 +++++++--- common/stringhelp.h | 6 ++---- dirmngr/http.c | 9 --------- dirmngr/server.c | 8 +++++++- g13/g13.c | 8 ++++---- 5 files changed, 20 insertions(+), 21 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Thu Nov 26 18:20:23 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Thu, 26 Nov 2015 18:20:23 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.1-3-g18ca159 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 18ca1593c62d62bb72b4e7e14347cd221c187138 (commit) via 9f24377f9f19983926233af8b475328bb7fe9e65 (commit) from 7d836d5126b5399f3d76f5fa2d7ede7905b39304 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 18ca1593c62d62bb72b4e7e14347cd221c187138 Author: Werner Koch Date: Thu Nov 26 18:16:13 2015 +0100 Protect connect system hook against blocking (nPth). * src/assuan.h.in (ASSUAN_SYSTEM_NPTH_IMPL): Add wrapper for connect. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 786297b..7168207 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,9 @@ Noteworthy changes in version 2.4.2 (unreleased) [C7/A7/R_] ------------------------------------------------ + * The nPth version of the connect system hook does now wrap the call + with npth_unprotec/npth_protect to avoid blocking during a connect. + Noteworthy changes in version 2.4.1 (2015-11-23) [C7/A7/R1] ------------------------------------------------ diff --git a/src/assuan.h.in b/src/assuan.h.in index 67a1c20..da1af25 100644 --- a/src/assuan.h.in +++ b/src/assuan.h.in @@ -571,13 +571,18 @@ extern struct assuan_system_hooks _assuan_system_pth; { pid_t res; (void) ctx; npth_unprotect(); \ res = __assuan_waitpid (ctx, pid, nowait, status, options); \ npth_protect(); return res; } \ + static int _assuan_npth_connect (assuan_context_t ctx, int sock, \ + struct sockaddr *addr, socklen_t len)\ + { int res; npth_unprotect(); \ + res = __assuan_connect (ctx, sock, addr, len); \ + npth_protect(); return res; } \ \ struct assuan_system_hooks _assuan_system_npth = \ { ASSUAN_SYSTEM_HOOKS_VERSION, _assuan_npth_usleep, __assuan_pipe, \ __assuan_close, _assuan_npth_read, _assuan_npth_write, \ _assuan_npth_recvmsg, _assuan_npth_sendmsg, \ __assuan_spawn, _assuan_npth_waitpid, __assuan_socketpair, \ - __assuan_socket, __assuan_connect } + __assuan_socket, _assuan_npth_connect } extern struct assuan_system_hooks _assuan_system_npth; #define ASSUAN_SYSTEM_NPTH &_assuan_system_npth commit 9f24377f9f19983926233af8b475328bb7fe9e65 Author: Werner Koch Date: Thu Nov 26 16:33:42 2015 +0100 Do not use size_t with _assuan_read. * src/assuan-socket.c (do_readn): Use ssize_t for N. diff --git a/src/assuan-socket.c b/src/assuan-socket.c index 9f9f155..bb0e610 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -637,7 +637,7 @@ do_readn (assuan_context_t ctx, assuan_fd_t sockfd, void *buffer, size_t nbytes) { char *p = buffer; - size_t n; + ssize_t n; while (nbytes) { ----------------------------------------------------------------------- Summary of changes: NEWS | 3 +++ src/assuan-socket.c | 2 +- src/assuan.h.in | 7 ++++++- 3 files changed, 10 insertions(+), 2 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 27 10:27:14 2015 From: cvs at cvs.gnupg.org (by Neal H. Walfield) Date: Fri, 27 Nov 2015 10:27:14 +0100 Subject: [git] Pinentry - branch, master, updated. pinentry-0.9.6-8-g999162e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The standard pinentry collection". The branch, master has been updated via 999162e7c38d4b8c76270e7b6790417fd6439ef3 (commit) from f238a58772b7d51362ca7d819e1648a64ff50d57 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 999162e7c38d4b8c76270e7b6790417fd6439ef3 Author: Neal H. Walfield Date: Fri Nov 27 10:26:46 2015 +0100 tty: Fix formatting. * tty/pinentry-tty.c (password): Remove trailing space. diff --git a/tty/pinentry-tty.c b/tty/pinentry-tty.c index 76b6865..4e71edf 100644 --- a/tty/pinentry-tty.c +++ b/tty/pinentry-tty.c @@ -371,7 +371,7 @@ password (pinentry_t pinentry, FILE *ttyfi, FILE *ttyfo) dump_error_text (ttyfo, pinentry->error); - fprintf (ttyfo, "%s\n ", msg); + fprintf (ttyfo, "%s\n", msg); while (! done) { ----------------------------------------------------------------------- Summary of changes: tty/pinentry-tty.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- The standard pinentry collection http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 27 12:04:05 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 27 Nov 2015 12:04:05 +0100 Subject: [git] Assuan - branch, master, updated. libassuan-2.4.1-4-g05ac2dc Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPC library used by GnuPG". The branch, master has been updated via 05ac2dc5c77fa4b87e98508c1b15fd254806b1ce (commit) from 18ca1593c62d62bb72b4e7e14347cd221c187138 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 05ac2dc5c77fa4b87e98508c1b15fd254806b1ce Author: Werner Koch Date: Fri Nov 27 11:54:52 2015 +0100 New feature to test for SOCKS5 proxy availability. * src/assuan-socket.c (socks5_connect): Add special treatment for empty hostnames. (_assuan_sock_connect_byname): Add feature to test for proxy availibility. * tests/socks5.c (main): Add option --have-proxy. Signed-off-by: Werner Koch diff --git a/NEWS b/NEWS index 7168207..a7e4237 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,9 @@ Noteworthy changes in version 2.4.2 (unreleased) [C7/A7/R_] * The nPth version of the connect system hook does now wrap the call with npth_unprotec/npth_protect to avoid blocking during a connect. + * Add feature to assuan_sock_connect_byname to test for SOCKS5 + availability. + Noteworthy changes in version 2.4.1 (2015-11-23) [C7/A7/R1] ------------------------------------------------ diff --git a/doc/assuan.texi b/doc/assuan.texi index 131ffc1..aae3de7 100644 --- a/doc/assuan.texi +++ b/doc/assuan.texi @@ -1995,7 +1995,12 @@ current implementation requires that @var{flags} has either new TCP STREAM socket is returned; on error @code{ASSUAN_INVALID_FD} and ERRNO set. If @var{credentials} is not @code{NULL}, it is a string used for password based SOCKS authentication. Username and -password are separated by a colon. @var{reserved} should be 0. +password are separated by a colon. @var{reserved} should be 0. To +test whether the proxy is available @var{host} and @var{port} may be +given as NULL/0: If the proxy is available the function returns a +valid socket which is in the state after credentials sub-negotiation. +The caller now knows that the SOCKS proxy is available and has been +authenticated; normally the caller closes the socket then. @end deftypefun diff --git a/src/assuan-socket.c b/src/assuan-socket.c index bb0e610..d5e4ee4 100644 --- a/src/assuan-socket.c +++ b/src/assuan-socket.c @@ -814,6 +814,13 @@ socks5_connect (assuan_context_t ctx, assuan_fd_t sock, } } + if (hostname && !*hostname && !hostport) + { + /* Empty hostname given. Stop right here to allow the caller to + do the actual proxy request. */ + return 0; + } + /* Send request details (rfc-1928, 4). */ buffer[0] = 5; /* VER */ buffer[1] = 1; /* CMD = CONNECT */ @@ -1059,11 +1066,13 @@ _assuan_sock_connect (assuan_context_t ctx, assuan_fd_t sockfd, /* Connect to HOST specified as host name on PORT. The current implementation requires that either the flags ASSUAN_SOCK_SOCKS or - ASSUAN_SOCK_TOR are give in FLAGS. On success a new socket is + ASSUAN_SOCK_TOR are given in FLAGS. On success a new socket is returned; on error ASSUAN_INVALID_FD is returned and ERRNO set. If CREDENTIALS is not NULL, it is a string used for password based - authentication. Username and password are separated by a - colon. RESERVED must be 0. */ + authentication. Username and password are separated by a colon. + RESERVED must be 0. By passing HOST and PORT as 0 the function can + be used to check for proxy availability: If the proxy is available + a socket will be returned which the caller should then close. */ assuan_fd_t _assuan_sock_connect_byname (assuan_context_t ctx, const char *host, unsigned short port, int reserved, @@ -1082,12 +1091,23 @@ _assuan_sock_connect_byname (assuan_context_t ctx, const char *host, return ASSUAN_INVALID_FD; } + if (host && !*host) + { + /* Error out early on an empty host name. See below. */ + gpg_err_set_errno (EINVAL); + return ASSUAN_INVALID_FD; + } + fd = _assuan_sock_new (ctx, AF_INET, SOCK_STREAM, 0); if (fd == ASSUAN_INVALID_FD) return fd; + /* For HOST being NULL we pass an empty string which indicates to + socks5_connect to stop midway during the proxy negotiation. Note + that we can't pass NULL directly as this indicates IP address + mode to the called function. */ if (socks5_connect (ctx, fd, socksport, - credentials, host, port, NULL, 0)) + credentials, host? host:"", port, NULL, 0)) { int save_errno = errno; assuan_sock_close (fd); diff --git a/tests/socks5.c b/tests/socks5.c index 7ab0438..b3754b8 100644 --- a/tests/socks5.c +++ b/tests/socks5.c @@ -53,6 +53,7 @@ main (int argc, char **argv) int only_v6 = 0; int only_v4 = 0; int use_tor = 0; + int opt_have_proxy = 0; int disable_socks = 0; int opt_byname = 0; const char *user = NULL; @@ -87,6 +88,7 @@ main (int argc, char **argv) " --inet6-only Use only IPv6\n" " --inet4-only Use only IPv4\n" " --disable-socks Connect w/o SOCKS\n" + " --have-proxy Check whether the proxy is available\n" " --byname Use assuan_sock_connect_byname\n" " --user STRING Use STRING as user for authentication\n" " --pass STRING Use STRING as password for authentication\n" @@ -128,6 +130,11 @@ main (int argc, char **argv) opt_byname = 1; argc--; argv++; } + else if (!strcmp (*argv, "--have-proxy")) + { + opt_have_proxy = 1; + argc--; argv++; + } else if (!strcmp (*argv, "--user")) { argc--; argv++; @@ -153,7 +160,7 @@ main (int argc, char **argv) } } - if (argc != 2) + if (argc != 2 && !opt_have_proxy) { fputs ("usage: socks5 HOST PORT\n", stderr); exit (1); @@ -175,7 +182,30 @@ main (int argc, char **argv) use_tor? "TOR": "SOCKS", gpg_strerror (err)); } - if (opt_byname) + if (opt_have_proxy) + { + char *cred; + + if (user || pass) + cred = xstrconcat (user?user:"", ":", pass, NULL); + else + cred = NULL; + + sock = assuan_sock_connect_byname + (NULL, 0, 0, cred, use_tor? ASSUAN_SOCK_TOR : ASSUAN_SOCK_SOCKS); + if (sock == ASSUAN_INVALID_FD) + { + err = gpg_error_from_syserror (); + log_error ("SOCKS proxy is not available (%s)\n", gpg_strerror (err)); + exit (1); + } + xfree (cred); + assuan_sock_close (sock); + if (verbose) + log_info ("SOCKS proxy available\n"); + exit (0); + } + else if (opt_byname) { unsigned short port; char *cred; ----------------------------------------------------------------------- Summary of changes: NEWS | 3 +++ doc/assuan.texi | 7 ++++++- src/assuan-socket.c | 28 ++++++++++++++++++++++++---- tests/socks5.c | 34 ++++++++++++++++++++++++++++++++-- 4 files changed, 65 insertions(+), 7 deletions(-) hooks/post-receive -- IPC library used by GnuPG http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 27 12:26:16 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 27 Nov 2015 12:26:16 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-187-gda5a232 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via da5a232199ef93be219e933a7eaf4ccfc6d24d61 (commit) from 82f6abb4807c89388052ab442368d9e09fb84aea (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit da5a232199ef93be219e933a7eaf4ccfc6d24d61 Author: Werner Koch Date: Fri Nov 27 12:21:45 2015 +0100 dirmngr: Allow testing for a running Tor via "getinfo tor". * dirmngr/server.c (cmd_getinfo): Print an S line if Tor is not running. Signed-off-by: Werner Koch diff --git a/dirmngr/server.c b/dirmngr/server.c index 8954ba8..e08afd4 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2123,8 +2123,25 @@ cmd_getinfo (assuan_context_t ctx, char *line) { if (opt.use_tor) { - err = 0; - assuan_set_okay_line (ctx, " - Tor mode is enabled"); +#if ASSUAN_VERSION_NUMBER >= 0x020402 + /* Check whether we can connect to the proxy. We use a + special feature introduced with libassuan 2.4.2. */ + int sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, + ASSUAN_SOCK_TOR); + if (sock == ASSUAN_INVALID_FD) + { + err = assuan_write_status + (ctx, "NO_TOR", + errno == ECONNREFUSED? "Tor not running" : strerror (errno)); + } + else + { + assuan_sock_close (sock); + err = 0; + } + if (!err) +#endif /* Libassuan >= 2.4.2 */ + assuan_set_okay_line (ctx, "- Tor mode is enabled"); } else err = set_error (GPG_ERR_FALSE, "Tor mode is NOT enabled"); ----------------------------------------------------------------------- Summary of changes: dirmngr/server.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 27 15:37:44 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 27 Nov 2015 15:37:44 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-3-geb8f1fb Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via eb8f1fbb6af9f9114e718c5ceaf4b62662fccc45 (commit) via 85bd4e17ec6c4ce79f55090d3647489ef9b5ec72 (commit) from e287529cc4e5fc96538a7684c925d11da6640f3c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit eb8f1fbb6af9f9114e718c5ceaf4b62662fccc45 Author: Andre Heinecke Date: Fri Nov 27 15:34:10 2015 +0100 Generate libmapi32 for 64 bit systems corecctly * configure.ac: Add conditional for 64 bit build * src/Makefile.am: Add 64 bit flags for dlltool if necessary. * src/mapi32.def: Add C calling convention names where necessary. diff --git a/configure.ac b/configure.ac index c1daef2..06d7fd1 100644 --- a/configure.ac +++ b/configure.ac @@ -157,7 +157,7 @@ if test "$have_w32_system" = yes; then fi AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes) - +AM_CONDITIONAL(BUILD_W64, test "$host" = "x86_64-w64-mingw32") # # Checks for libraries. diff --git a/src/Makefile.am b/src/Makefile.am index d830d36..cc0aea8 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -97,8 +97,12 @@ gpgol_SOURCES = \ # them). gpgol_DEPENDENCIES = libmapi32.a libgpg-error.a libgpgme.a libassuan.a +if BUILD_W64 + DLLTOOLFLAGS64=--as-flags=--64 -m i386:x86-64 +endif + libmapi32.a: mapi32.def - $(DLLTOOL) --output-lib $@ --def $< + $(DLLTOOL) $(DLLTOOLFLAGS64) --output-lib $@ --def $< libgpg-error.a: ln -s $$($(GPG_ERROR_CONFIG) --prefix)/lib/libgpg-error.a . diff --git a/src/mapi32.def b/src/mapi32.def index 2e4fe42..00c9e12 100644 --- a/src/mapi32.def +++ b/src/mapi32.def @@ -29,6 +29,7 @@ FPropCompareProp at 12 FPropContainsProp at 12 FPropExists at 8 FreePadrlist at 4 +FreeProws FreeProws at 4 FtAdcFt at 20 FtAddFt at 16 @@ -51,9 +52,12 @@ HrDecomposeEID at 28 HrDecomposeMsgID at 24 HrDispatchNotifications at 4 HrEntryIDFromSz at 12 +HrGetOneProp HrGetOneProp at 12 HrIStorageFromStream at 16 +HrQueryAllRows HrQueryAllRows at 24 +HrSetOneProp HrSetOneProp at 8 HrSzFromEntryID at 12 HrThisThreadAdviseSink at 8 @@ -155,6 +159,7 @@ UNKOBJ_ScSzFromIdsAlloc at 20 UlAddRef at 4 UlFromSzHex at 4 UlPropSize at 4 +UlRelease UlRelease at 4 WrapCompressedRTFStream WrapCompressedRTFStream at 12 commit 85bd4e17ec6c4ce79f55090d3647489ef9b5ec72 Author: Andre Heinecke Date: Fri Nov 27 15:26:42 2015 +0100 Fix size_t / unsigned int conversion for x64 * src/mlang-charset.cpp (ansi_charset_to_utf8): Fix call to ConvertStringToUnicode to use unsigned int for size. diff --git a/src/mlang-charset.cpp b/src/mlang-charset.cpp index 221f57f..3c71d1d 100644 --- a/src/mlang-charset.cpp +++ b/src/mlang-charset.cpp @@ -37,7 +37,8 @@ char *ansi_charset_to_utf8 (const char *charset, char *input, HRESULT err; DWORD enc; DWORD mode = 0; - unsigned int wlen = 0; + unsigned int wlen = 0, + uinlen = 0; wchar_t *buf; char *ret; @@ -51,6 +52,15 @@ char *ansi_charset_to_utf8 (const char *charset, char *input, return NULL; } + if (inlen > UINT_MAX) + { + log_error ("%s:%s: Inlen too long. Bug.", + SRCNAME, __func__); + multilang->Release(); + return NULL; + } + + uinlen = (unsigned int) inlen; mime_info.uiCodePage = 0; mime_info.uiInternetEncoding = 0; @@ -69,7 +79,7 @@ char *ansi_charset_to_utf8 (const char *charset, char *input, /** Get the size of the result */ err = multilang->ConvertStringToUnicode(&mode, enc, input, - &inlen, NULL, &wlen); + &uinlen, NULL, &wlen); if (FAILED (err)) { log_error ("%s:%s: Failed conversion.", @@ -79,7 +89,7 @@ char *ansi_charset_to_utf8 (const char *charset, char *input, } buf = (wchar_t*) xmalloc(sizeof(wchar_t) * (wlen + 1)); - err = multilang->ConvertStringToUnicode(&mode, enc, input, &inlen, + err = multilang->ConvertStringToUnicode(&mode, enc, input, &uinlen, buf, &wlen); multilang->Release (); if (FAILED (err)) ----------------------------------------------------------------------- Summary of changes: configure.ac | 2 +- src/Makefile.am | 6 +++++- src/mapi32.def | 5 +++++ src/mlang-charset.cpp | 16 +++++++++++++--- 4 files changed, 24 insertions(+), 5 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 27 16:27:34 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 27 Nov 2015 16:27:34 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-6-ged11229 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via ed1122988eddb34e22ac37344a1ca2b328abdd4d (commit) via 2deba0f8820d2d1fd9c42dbb3ff37f1ccd765e4b (commit) via e5be7ebd8e4c61c70f4c307f3faa63a81c1a213b (commit) from eb8f1fbb6af9f9114e718c5ceaf4b62662fccc45 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ed1122988eddb34e22ac37344a1ca2b328abdd4d Author: Andre Heinecke Date: Fri Nov 27 16:23:57 2015 +0100 Start UIServer on demand * src/engine-assuan.c (op_assuan_init): Don't test connection. -- The old spawning code with the retry counter made this unfeasible. Starting on demand has the charm that it is properly handled if the user stops the UIServer or the UIServer crashes (which of course only Kleo does). This should also give us a big boost in the startup timing benchmark Outlook runs to suggest "Addins that are making Outlook slow". GnuPG-Bug-Id: 2137 diff --git a/src/engine-assuan.c b/src/engine-assuan.c index 633dd2e..ffb8cee 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -597,27 +597,10 @@ int op_assuan_init (void) { static int init_done; - gpgme_error_t err; - assuan_context_t ctx; - pid_t pid; - ULONG cmdid; if (init_done) return 0; - - /* Reset the retry counter. */ - connect_uiserver (NULL, NULL, NULL, NULL); - /* Run a test connection to see whether the UI server is available. */ - err = connect_uiserver (&ctx, &pid, &cmdid, NULL); - if (!err) - { - err = assuan_transact (ctx, "NOP", NULL, NULL, NULL, NULL, NULL, NULL); - assuan_release (ctx); - } - if (err) - return err; - /* Fire up the pipe worker thread. */ { HANDLE th; commit 2deba0f8820d2d1fd9c42dbb3ff37f1ccd765e4b Author: Andre Heinecke Date: Fri Nov 27 16:22:13 2015 +0100 Rework connect_uiserver call based on gpgex * src/engine-assuan.c (connect_uiserver): Use proper locking. Improve retry handling. diff --git a/src/engine-assuan.c b/src/engine-assuan.c index f3422e3..633dd2e 100644 --- a/src/engine-assuan.c +++ b/src/engine-assuan.c @@ -32,6 +32,7 @@ #include "engine.h" #include "engine-assuan.h" #include "util.h" +#include "exechelp.h" /* Debug macros. */ #define debug_ioworker (opt.enable_debug & DBG_IOWORKER) @@ -469,92 +470,93 @@ static gpg_error_t connect_uiserver (assuan_context_t *r_ctx, pid_t *r_pid, ULONG *r_cmdid, void *hwnd) { - static ULONG retry_counter; - ULONG retry_count; - gpg_error_t err; - assuan_context_t ctx; - - if (!r_ctx && !r_pid && !r_cmdid && !hwnd) - { - InterlockedExchange (&retry_counter, 0); - return 0; - } - + gpg_error_t rc; + const char *socket_name = NULL; + lock_spawn_t lock; *r_ctx = NULL; *r_pid = (pid_t)(-1); *r_cmdid = 0; - err = assuan_new (&ctx); - if (err) + + socket_name = get_socket_name(); + if (!socket_name || !*socket_name) { - InterlockedExchange (&retry_counter, 0); - return 0; + log_error ("%s:%s: Invalid socket name", + SRCNAME, __func__); + return gpg_error (GPG_ERR_INV_ARG); } - - retry: - err = assuan_socket_connect (ctx, get_socket_name (), -1, 0); - if (err) + + rc = assuan_new (r_ctx); + if (rc) { - /* Let only one thread start an UI server but all allow threads - to check for a connection. Note that this is not really - correct as the maximum waiting time decreases with the number - of threads. However, it is unlikely that we have more than 2 - or 3 threads here - if at all more than one. */ - retry_count = InterlockedExchangeAdd (&retry_counter, 1); - if (retry_count < FIREUP_RETRIES) + log_error ("%s:%s: Could not allocate context", + SRCNAME, __func__); + return rc; + } + + rc = assuan_socket_connect (*r_ctx, socket_name, -1, 0); + if (rc) + { + int count; + + log_debug ("%s:%s: UI server not running at: \"%s\", starting it", + SRCNAME, __func__, socket_name); + + /* Now try to connect again with the spawn lock taken. */ + if (!(rc = gpgol_lock_spawning (&lock)) + && assuan_socket_connect (*r_ctx, socket_name, -1, 0)) { - if (!retry_count) + char *uiserver = get_uiserver_name (); + if (!uiserver) { - char *uiserver = get_uiserver_name (); - if (!uiserver) - { - log_error ("%s:%s: UI server not installed", - SRCNAME, __func__); - InterlockedExchange (&retry_counter, FIREUP_RETRIES); - retry_count = FIREUP_RETRIES; - } - else - { - log_debug ("%s:%s: UI server not running, starting `%s'", - SRCNAME, __func__, uiserver); - if (gpgol_spawn_detached (uiserver)) - { - /* Error; try again to connect in case the - server has been started in the meantime. - Make sure that we don't get here a second - time. */ - InterlockedExchange (&retry_counter, FIREUP_RETRIES); - } - xfree (uiserver); - } + log_error ("%s:%s: UI server not installed", + SRCNAME, __func__); + assuan_release (*r_ctx); + *r_ctx = NULL; + return GPG_ERR_GENERAL; } - if (retry_count < FIREUP_RETRIES) + rc = gpgol_spawn_detached (uiserver); + xfree (uiserver); + if (!rc) { - log_debug ("%s:%s: waiting for UI server to come up", - SRCNAME, __func__); - Sleep (1000); - goto retry; + /* Give it a bit of time to start up and try a couple of + times. */ + for (count = 0; count < 10; count++) + { + Sleep (1000); + rc = assuan_socket_connect (*r_ctx, socket_name, -1, 0); + if (!rc) + break; + } } - } - else - { - /* Avoid a retry counter overflow by limiting to the limit. */ - InterlockedExchange (&retry_counter, FIREUP_RETRIES); - } - log_error ("%s:%s: error connecting `%s': %s\n", SRCNAME, __func__, - get_socket_name (), gpg_strerror (err)); + } + gpgol_unlock_spawning (&lock); } - else if ((err = send_options (ctx, hwnd, r_pid))) + + if (rc) { - assuan_release (ctx); + log_error ("%s:%s: UI Server failed to start", + SRCNAME, __func__); + assuan_release (*r_ctx); + *r_ctx = NULL; + return rc; } - else +#if 0 + // Something for later + if (debug_flags & DEBUG_ASSUAN) + assuan_set_log_stream (*ctx, debug_file); +#endif + rc = send_options (*r_ctx, hwnd, r_pid); + if (rc) { - *r_cmdid = create_command_id (); - *r_ctx = ctx; + assuan_release (*r_ctx); + *r_ctx = NULL; + return rc; } - return err; + *r_cmdid = create_command_id (); + + return 0; } commit e5be7ebd8e4c61c70f4c307f3faa63a81c1a213b Author: Andre Heinecke Date: Fri Nov 27 16:15:47 2015 +0100 Add process spawning code from gpgex * src/common.c, src/common.h (gpgol_spawn_detached): New. * src/exechelp.h, src/exechelp.c: New. * src/Makefile.am: Add exechelp files. -- While the spawning in gpgol_spawn_detached was quite similar it makes sense to move that out in it's own source file and use the same mutex that gpgex uses. diff --git a/src/Makefile.am b/src/Makefile.am index cc0aea8..6e02fb4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -84,7 +84,8 @@ gpgol_SOURCES = \ mail.h mail.cpp \ rfc2047parse.h rfc2047parse.c \ mlang-charset.cpp mlang-charset.h \ - gmime-table-private.h + gmime-table-private.h \ + exechelp.c exechelp.h #treeview_SOURCES = treeview.c diff --git a/src/common.c b/src/common.c index fd53592..bf1c9e9 100644 --- a/src/common.c +++ b/src/common.c @@ -965,57 +965,6 @@ generate_boundary (char *buffer) } -/* Fork and exec the program given in CMDLINE with /dev/null as - stdin, stdout and stderr. Returns 0 on success. */ -int -gpgol_spawn_detached (const char *cmdline) -{ - int rc; - SECURITY_ATTRIBUTES sec_attr; - PROCESS_INFORMATION pi = { NULL, 0, 0, 0 }; - STARTUPINFO si; - int cr_flags; - char *cmdline_copy; - - memset (&sec_attr, 0, sizeof sec_attr); - sec_attr.nLength = sizeof sec_attr; - - memset (&si, 0, sizeof si); - si.cb = sizeof (si); - si.dwFlags = STARTF_USESHOWWINDOW; - si.wShowWindow = SW_SHOW; - - cr_flags = (CREATE_DEFAULT_ERROR_MODE - | GetPriorityClass (GetCurrentProcess ()) - | CREATE_NEW_PROCESS_GROUP - | DETACHED_PROCESS); - - cmdline_copy = xstrdup (cmdline); - rc = CreateProcess (NULL, /* No appliactionname, use CMDLINE. */ - cmdline_copy, /* Command line arguments. */ - &sec_attr, /* Process security attributes. */ - &sec_attr, /* Thread security attributes. */ - FALSE, /* Inherit handles. */ - cr_flags, /* Creation flags. */ - NULL, /* Environment. */ - NULL, /* Use current drive/directory. */ - &si, /* Startup information. */ - &pi /* Returns process information. */ - ); - xfree (cmdline_copy); - if (!rc) - { - log_error_w32 (-1, "%s:%s: CreateProcess failed", SRCNAME, __func__); - return -1; - } - - CloseHandle (pi.hThread); - CloseHandle (pi.hProcess); - return 0; -} - - - /* Percent-escape the string STR by replacing colons with '%3a'. If EXTRA is not NULL all characters in it are also escaped. */ char * diff --git a/src/common.h b/src/common.h index 1d46515..379a55c 100644 --- a/src/common.h +++ b/src/common.h @@ -202,8 +202,6 @@ wchar_t *get_pretty_attachment_name (wchar_t *path, protocol_t protocol, #define BOUNDARYSIZE 20 char *generate_boundary (char *buffer); -int gpgol_spawn_detached (const char *cmdline); - /*-- recipient-dialog.c --*/ unsigned int recipient_dialog_box (gpgme_key_t **ret_rset); unsigned int recipient_dialog_box2 (gpgme_key_t *fnd, char **unknown, diff --git a/src/exechelp.c b/src/exechelp.c new file mode 100644 index 0000000..5d2a5bf --- /dev/null +++ b/src/exechelp.c @@ -0,0 +1,145 @@ +/* exechelp.c - fork and exec helpers + * Copyright (C) 2004, 2007, 2014 g10 Code GmbH + * Copyright (C) 2015 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include +#include +#include +#include + +#include + +#include + +#include "common.h" +#include "exechelp.h" + +/* Define to 1 do enable debugging. */ +#define DEBUG_W32_SPAWN 0 + + + + +/* Lock a spawning process. The caller needs to provide the address + of a variable to store the lock information and the name or the + process. */ +gpg_error_t +gpgol_lock_spawning (lock_spawn_t *lock) +{ + int waitrc; + int timeout = 5; + + *lock = CreateMutexW (NULL, FALSE, L"spawn_gnupg_uiserver_sentinel"); + if (!*lock) + { + log_error ("failed to create the spawn mutex: rc=%ld", GetLastError ()); + return gpg_error (GPG_ERR_GENERAL); + } + + retry: + waitrc = WaitForSingleObject (*lock, 1000); + if (waitrc == WAIT_OBJECT_0) + return 0; + + if (waitrc == WAIT_TIMEOUT && timeout) + { + timeout--; + goto retry; + } + if (waitrc == WAIT_TIMEOUT) + log_error ("error waiting for the spawn mutex: timeout"); + else + log_error ("error waiting for the spawn mutex: (code=%d) rc=%ld", + waitrc, GetLastError ()); + return gpg_error (GPG_ERR_GENERAL); +} + + +/* Unlock the spawning process. */ +void +gpgol_unlock_spawning (lock_spawn_t *lock) +{ + if (*lock) + { + if (!ReleaseMutex (*lock)) + log_error ("failed to release the spawn mutex: rc=%ld", GetLastError()); + CloseHandle (*lock); + *lock = NULL; + } +} + + +/* Fork and exec the program with /dev/null as stdin, stdout and + stderr. Returns 0 on success or an error code. */ +gpg_error_t +gpgol_spawn_detached (const char *cmdline) +{ + SECURITY_ATTRIBUTES sec_attr; + PROCESS_INFORMATION pi = + { + NULL, /* Returns process handle. */ + 0, /* Returns primary thread handle. */ + 0, /* Returns pid. */ + 0 /* Returns tid. */ + }; + STARTUPINFO si; + int cr_flags; + + log_debug ("gpgol_spawn_detached cmdline=%s", cmdline); + + /* Prepare security attributes. */ + memset (&sec_attr, 0, sizeof sec_attr); + sec_attr.nLength = sizeof sec_attr; + sec_attr.bInheritHandle = FALSE; + + /* Start the process. Note that we can't run the PREEXEC function + because this would change our own environment. */ + memset (&si, 0, sizeof si); + si.cb = sizeof (si); + si.dwFlags = STARTF_USESHOWWINDOW; + si.wShowWindow = DEBUG_W32_SPAWN ? SW_SHOW : SW_MINIMIZE; + + cr_flags = (CREATE_DEFAULT_ERROR_MODE + | GetPriorityClass (GetCurrentProcess ()) + | CREATE_NEW_PROCESS_GROUP + | DETACHED_PROCESS); + + if (!CreateProcess (NULL, /* pgmname; Program to start. */ + (char *) cmdline, /* Command line arguments. */ + &sec_attr, /* Process security attributes. */ + &sec_attr, /* Thread security attributes. */ + TRUE, /* Inherit handles. */ + cr_flags, /* Creation flags. */ + NULL, /* Environment. */ + NULL, /* Use current drive/directory. */ + &si, /* Startup information. */ + &pi /* Returns process information. */ + )) + { + log_error ("CreateProcess failed: %ld\n", GetLastError ()); + return gpg_error (GPG_ERR_GENERAL); + } + + /* Process has been created suspended; resume it now. */ + CloseHandle (pi.hThread); + CloseHandle (pi.hProcess); + + return 0; +} diff --git a/src/exechelp.h b/src/exechelp.h new file mode 100644 index 0000000..5f4c9f4 --- /dev/null +++ b/src/exechelp.h @@ -0,0 +1,50 @@ +/* exechelp.h - fork and exec helpers + * Copyright (C) 2004, 2007 g10 Code GmbH + * Copyright (C) 2015 Intevation GmbH + * + * This file is part of GpgOL. + * + * GpgOL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GpgOL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#ifndef GPGOL_EXECHELP_H +#define GPGOL_EXECHELP_H + +#include + +#ifdef __cplusplus +extern "C" { +#if 0 +} +#endif +#endif + +#define lock_spawn_t HANDLE + +gpg_error_t gpgol_lock_spawning (lock_spawn_t *lock); +void gpgol_unlock_spawning (lock_spawn_t *lock); + +/* Fork and exec CMDLINE with /dev/null as stdin, stdout and stderr. + Returns 0 on success or an error code. */ +gpg_error_t gpgol_spawn_detached (const char *cmdline); + +#ifdef __cplusplus +#if 0 +{ +#endif +} +#endif + +#endif /* GPGOL_EXECHELP_H */ ----------------------------------------------------------------------- Summary of changes: src/Makefile.am | 3 +- src/common.c | 51 ----------------- src/common.h | 2 - src/engine-assuan.c | 155 ++++++++++++++++++++++++---------------------------- src/exechelp.c | 145 ++++++++++++++++++++++++++++++++++++++++++++++++ src/exechelp.h | 50 +++++++++++++++++ 6 files changed, 267 insertions(+), 139 deletions(-) create mode 100644 src/exechelp.c create mode 100644 src/exechelp.h hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 27 17:24:10 2015 From: cvs at cvs.gnupg.org (by Andre Heinecke) Date: Fri, 27 Nov 2015 17:24:10 +0100 Subject: [git] GpgOL - branch, master, updated. gpgol-1.3.0-7-g3268854 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GnuPG extension for MS Outlook". The branch, master has been updated via 32688545e91e84d88cab9837da715861420acfd7 (commit) from ed1122988eddb34e22ac37344a1ca2b328abdd4d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 32688545e91e84d88cab9837da715861420acfd7 Author: Andre Heinecke Date: Fri Nov 27 17:22:41 2015 +0100 Fix reg key lookup for x64 and prep for new key * src/common.h (GNUPG_REGKEY): Use 32 bit key on 64 bit. Prepare for gpg4win 3. Key layout diff --git a/src/common.h b/src/common.h index 379a55c..ea003b9 100644 --- a/src/common.h +++ b/src/common.h @@ -34,9 +34,19 @@ extern "C" { #endif /* The Registry key used by GnuPg and closley related software. */ -#define GNUPG_REGKEY "Software\\GNU\\GnuPG" - - +#ifndef NEW_STYLE_REG_KEYS /* Gpg4win 3 changed the key */ +# ifdef WIN64 +# define GNUPG_REGKEY "Software\\Wow6432Node\\GNU\\GnuPG" +# else +# define GNUPG_REGKEY "Software\\GNU\\GnuPG" +# endif +# else +# ifdef WIN64 +# define GNUPG_REGKEY "Software\\Wow6432Node\\Gpg4win" +# else +# define GNUPG_REGKEY "Software\\Gpg4win" +# endif +#endif /* Identifiers for the protocol. We use different one than those use by gpgme. FIXME: We might want to define an unknown protocol to non-null and define such a value also in gpgme. */ ----------------------------------------------------------------------- Summary of changes: src/common.h | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) hooks/post-receive -- GnuPG extension for MS Outlook http://git.gnupg.org From cvs at cvs.gnupg.org Fri Nov 27 18:37:15 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Fri, 27 Nov 2015 18:37:15 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-195-g686f31c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via 686f31c3d5aee0d2825265869ae92ca95cdcabae (commit) via 436a154ea85e4dffbde7c3b316fbfca1b066aa2a (commit) via 7c856f99144b84ac30e0c9a192f09dc36d93190a (commit) via 501436ab0f9d8e7d56b2f5e344006be5f5a3c653 (commit) via 022342e2845834ec35269d23491e9fa573d5c028 (commit) via 64e87083394d38998feab359caac917bcc6139d3 (commit) via 100f34e869df899a695f5e5ef1b8e092baf91751 (commit) via 6501741d2c1beb8060198a39a1aa950cb11b386f (commit) from da5a232199ef93be219e933a7eaf4ccfc6d24d61 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 686f31c3d5aee0d2825265869ae92ca95cdcabae Author: Werner Koch Date: Fri Nov 27 18:23:33 2015 +0100 gpg: Avoid extra translation strings. * g10/keyedit.c (menu_expire): Use only one prompt. -- The old code was anyway not fully i18n because it did not used ngettext. Further we ran into const char*/char* conflicts on Windows where we use a different gettext implementation. FWIW: A better pattern in the case of a static and a malloced string w/o error return on malloc failure would be: const char *s; char *s_buf; s_buf = xtryasprintf ("%d foo", n); if (!s_buf) s = "several foo"; else s = s_buf; bar (s); xfree (s_buf); diff --git a/g10/keyedit.c b/g10/keyedit.c index 9cf6f44..d7c70e6 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -4003,22 +4003,10 @@ menu_expire (KBNODE pub_keyblock) n1 = count_selected_keys (pub_keyblock); if (n1 > 1) { - char *s = xtryasprintf (_("Are you sure you want to change the" - " expiration time %d subkeys? (y/N) "), n1); - int s_need_free; - if (s) - s_need_free = 0; - else - { - s = _("Are you sure you want to change the" - " expiration time for multiple subkeys? (y/N) "); - s_need_free = 0; - } - - rc = cpr_get_answer_is_yes ("keyedit.expire_multiple_subkeys.okay", s); - if (s_need_free) - xfree (s); - if (! rc) + if (!cpr_get_answer_is_yes + ("keyedit.expire_multiple_subkeys.okay", + _("Are you sure you want to change the" + " expiration time for multiple subkeys? (y/N) "))) return 0; } else if (n1) commit 436a154ea85e4dffbde7c3b316fbfca1b066aa2a Author: Werner Koch Date: Fri Nov 27 18:10:31 2015 +0100 kbx: Include gpg-error prior to mischelp.h. * kbx/keybox-init.c: Change order of includes. -- This is to avoid redefintion warnings about GPGRT_ATTR_PRINTF. Signed-off-by: Werner Koch diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index 618966f..e91911c 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -24,8 +24,8 @@ #include #include -#include "../common/mischelp.h" #include "keybox-defs.h" +#include "../common/mischelp.h" static KB_NAME kb_names; commit 7c856f99144b84ac30e0c9a192f09dc36d93190a Author: Werner Koch Date: Fri Nov 27 17:59:52 2015 +0100 gpg,w32: Fix a format string error. * g10/keyring.c (keyring_search): Fix format string for off_t. Signed-off-by: Werner Koch diff --git a/g10/keyring.c b/g10/keyring.c index 5ebea99..cf67eb0 100644 --- a/g10/keyring.c +++ b/g10/keyring.c @@ -1216,8 +1216,8 @@ keyring_search (KEYRING_HANDLE hd, KEYDB_SEARCH_DESC *desc, goto real_found; if (DBG_LOOKUP) - log_debug ("%s: packet starting at offset %zx matched descriptor %zd\n", - __func__, offset, n); + log_debug ("%s: packet starting at offset %lld matched descriptor %zu\n" + , __func__, (long long)offset, n); /* Record which desc we matched on. Note this value is only meaningful if this function returns with no errors. */ commit 501436ab0f9d8e7d56b2f5e344006be5f5a3c653 Author: Werner Koch Date: Fri Nov 27 17:58:51 2015 +0100 Silence compiler warnings related to not using assuan_fd_t. * common/call-gpg.c (start_gpg): Use assuan_fd_t. Note that the declaration was already fixed by a previous change. * dirmngr/server.c (cmd_getinfo): Use assuan_fd_t. -- Note that this matters only for Windows and it does not harm as long as we can only build for 32 bit Windows withsizeof(int)==sizeof(void*). Signed-off-by: Werner Koch diff --git a/common/call-gpg.c b/common/call-gpg.c index 4a32c88..cd865ef 100644 --- a/common/call-gpg.c +++ b/common/call-gpg.c @@ -47,7 +47,7 @@ start_gpg (ctrl_t ctrl, const char *gpg_program, strlist_t gpg_arguments, assuan_context_t ctx = NULL; const char *pgmname; const char **argv; - int no_close_list[5]; + assuan_fd_t no_close_list[5]; int i; char line[ASSUAN_LINELENGTH]; @@ -100,7 +100,7 @@ start_gpg (ctrl_t ctrl, const char *gpg_program, strlist_t gpg_arguments, no_close_list[i++] = assuan_fd_from_posix_fd (input_fd); if (output_fd != -1) no_close_list[i++] = assuan_fd_from_posix_fd (output_fd); - no_close_list[i] = -1; + no_close_list[i] = ASSUAN_INVALID_FD; /* Connect to GPG and perform initial handshaking. */ err = assuan_pipe_connect (ctx, gpg_program, argv, no_close_list, diff --git a/dirmngr/server.c b/dirmngr/server.c index 536354c..32c265b 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -2126,8 +2126,8 @@ cmd_getinfo (assuan_context_t ctx, char *line) #if ASSUAN_VERSION_NUMBER >= 0x020402 /* Check whether we can connect to the proxy. We use a special feature introduced with libassuan 2.4.2. */ - int sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, - ASSUAN_SOCK_TOR); + assuan_fd_t sock = assuan_sock_connect_byname (NULL, 0, 0, NULL, + ASSUAN_SOCK_TOR); if (sock == ASSUAN_INVALID_FD) { err = assuan_write_status commit 022342e2845834ec35269d23491e9fa573d5c028 Author: Werner Koch Date: Fri Nov 27 17:53:52 2015 +0100 Silence unused variable or parameter warnings. -- diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 4de897a..33e3ec3 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -717,6 +717,8 @@ setup_qualitybar (ctrl_t ctrl) char *tmpstr, *tmpstr2; const char *tooltip; + (void)ctrl; + /* TRANSLATORS: This string is displayed by Pinentry as the label for the quality bar. */ tmpstr = try_percent_escape (L_("Quality:"), "\t\r\n\f\v"); diff --git a/agent/gpg-agent.c b/agent/gpg-agent.c index 3a5abbb..04b03d3 100644 --- a/agent/gpg-agent.c +++ b/agent/gpg-agent.c @@ -1178,7 +1178,9 @@ main (int argc, char **argv ) gnupg_fd_t fd_extra = GNUPG_INVALID_FD; gnupg_fd_t fd_browser = GNUPG_INVALID_FD; gnupg_fd_t fd_ssh = GNUPG_INVALID_FD; +#ifndef HAVE_W32_SYSTEM pid_t pid; +#endif /* Remove the DISPLAY variable so that a pinentry does not default to a specific display. There is still a default @@ -1237,7 +1239,6 @@ main (int argc, char **argv ) #ifdef HAVE_W32_SYSTEM (void)csh_style; (void)nodetach; - pid = getpid (); #else /*!HAVE_W32_SYSTEM*/ pid = fork (); if (pid == (pid_t)-1) diff --git a/common/iobuf.c b/common/iobuf.c index d49de96..e8b4a03 100644 --- a/common/iobuf.c +++ b/common/iobuf.c @@ -267,6 +267,7 @@ direct_open (const char *fname, const char *mode, int mode700) unsigned long da, cd, sm; HANDLE hfile; + (void)mode700; /* Note, that we do not handle all mode combinations */ /* According to the ReactOS source it seems that open() of the @@ -2271,8 +2272,6 @@ iobuf_set_limit (iobuf_t a, off_t nlimit) off_t iobuf_get_filelength (iobuf_t a, int *overflow) { - struct stat st; - if (overflow) *overflow = 0; @@ -2330,11 +2329,15 @@ iobuf_get_filelength (iobuf_t a, int *overflow) } log_error ("GetFileSize for handle %p failed: %s\n", fp, w32_strerror (0)); -#else - if ( !fstat (FD2INT (fp), &st) ) - return st.st_size; - log_error("fstat() failed: %s\n", strerror(errno) ); -#endif +#else /*!HAVE_W32_SYSTEM*/ + { + struct stat st; + + if ( !fstat (FD2INT (fp), &st) ) + return st.st_size; + log_error("fstat() failed: %s\n", strerror(errno) ); + } +#endif /*!HAVE_W32_SYSTEM*/ } return 0; diff --git a/common/w32-afunix.h b/common/w32-afunix.h index f6282a3..7025a49 100644 --- a/common/w32-afunix.h +++ b/common/w32-afunix.h @@ -38,7 +38,7 @@ #include /* We can easiliy replace this code by the socket wrappers from libassuan. */ -#warning Please do not use this module anymore +#warning Remove this code; it is only used on w32 by symcryptrun. #define DIRSEP_C '\\' diff --git a/g10/keylist.c b/g10/keylist.c index 031612c..58c0a96 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -870,7 +870,7 @@ list_keyblock_pka (ctrl_t ctrl, kbnode_t keyblock) char pkstrbuf[PUBKEY_STRING_SIZE]; char *hexfpr; char *hexkeyblock = NULL; - unsigned int hexkeyblocklen; + unsigned int hexkeyblocklen = 0; /* Init to avoid -Wmaybe-uninitialized. */ const char *s; /* Get the keyid from the keyblock. */ diff --git a/g10/trustdb.c b/g10/trustdb.c index 386796c..fbb806d 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -992,9 +992,16 @@ tdb_get_validity_core (PKT_public_key *pk, PKT_user_id *uid, TRUSTREC trec, vrec; gpg_error_t err; ulong recno; +#ifdef USE_TOFU unsigned int tofu_validity = TRUST_UNKNOWN; +#endif unsigned int validity = TRUST_UNKNOWN; +#ifndef USE_TOFU + (void)sig; + (void)may_ask; +#endif + init_trustdb (); /* If we have no trustdb (which also means it has not been created) commit 64e87083394d38998feab359caac917bcc6139d3 Author: Werner Koch Date: Fri Nov 27 18:30:14 2015 +0100 Avoid incompatible pointer assignment warnings on Windows. * common/logging.c (fun_writer): Use gpgrt_ssize_t instead of ssize_t. * dirmngr/server.c (data_line_cookie_write): Ditto. * sm/certdump.c (format_name_writer): Ditto. * sm/server.c (data_line_cookie_write): Ditto. * dirmngr/http.c (cookie_read, cookie_write): Ditto. -- See the release notes of libgpg-error 1.15 for background info on gpgrt_ssize_t. Signed-off-by: Werner Koch diff --git a/common/logging.c b/common/logging.c index 54b8c89..b7f1419 100644 --- a/common/logging.c +++ b/common/logging.c @@ -195,7 +195,7 @@ parse_portno (const char *str, unsigned short *r_port) } -static ssize_t +static gpgrt_ssize_t fun_writer (void *cookie_arg, const void *buffer, size_t size) { struct fun_cookie_s *cookie = cookie_arg; @@ -391,11 +391,11 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size) DWORD nwritten; WriteFile ((HANDLE)cookie->fd, buffer, size, &nwritten, NULL); - return (ssize_t)size; /* Okay. */ + return (gpgrt_ssize_t)size; /* Okay. */ } #endif if (!writen (cookie->fd, buffer, size, cookie->is_socket)) - return (ssize_t)size; /* Okay. */ + return (gpgrt_ssize_t)size; /* Okay. */ } if (!running_detached && cookie->fd != -1 @@ -415,7 +415,7 @@ fun_writer (void *cookie_arg, const void *buffer, size_t size) log_socket = -1; } - return (ssize_t)size; + return (gpgrt_ssize_t)size; } diff --git a/dirmngr/http.c b/dirmngr/http.c index 02854e4..d623f7e 100644 --- a/dirmngr/http.c +++ b/dirmngr/http.c @@ -169,8 +169,9 @@ static assuan_fd_t connect_server (const char *server, unsigned short port, int *r_host_not_found); static gpg_error_t write_server (int sock, const char *data, size_t length); -static ssize_t cookie_read (void *cookie, void *buffer, size_t size); -static ssize_t cookie_write (void *cookie, const void *buffer, size_t size); +static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size); +static gpgrt_ssize_t cookie_write (void *cookie, + const void *buffer, size_t size); static int cookie_close (void *cookie); @@ -2415,7 +2416,7 @@ write_server (int sock, const char *data, size_t length) /* Read handler for estream. */ -static ssize_t +static gpgrt_ssize_t cookie_read (void *cookie, void *buffer, size_t size) { cookie_t c = cookie; @@ -2497,11 +2498,11 @@ cookie_read (void *cookie, void *buffer, size_t size) c->content_length = 0; } - return nread; + return (gpgrt_ssize_t)nread; } /* Write handler for estream. */ -static ssize_t +static gpgrt_ssize_t cookie_write (void *cookie, const void *buffer_arg, size_t size) { const char *buffer = buffer_arg; @@ -2550,7 +2551,7 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size) nwritten = size; } - return nwritten; + return (gpgrt_ssize_t)nwritten; } diff --git a/dirmngr/server.c b/dirmngr/server.c index e08afd4..536354c 100644 --- a/dirmngr/server.c +++ b/dirmngr/server.c @@ -95,8 +95,8 @@ struct server_local_s /* Cookie definition for assuan data line output. */ -static ssize_t data_line_cookie_write (void *cookie, - const void *buffer, size_t size); +static gpgrt_ssize_t data_line_cookie_write (void *cookie, + const void *buffer, size_t size); static int data_line_cookie_close (void *cookie); static es_cookie_io_functions_t data_line_cookie_functions = { @@ -210,14 +210,14 @@ data_line_write (assuan_context_t ctx, const void *buffer_arg, size_t size) /* A write handler used by es_fopencookie to write assuan data lines. */ -static ssize_t +static gpgrt_ssize_t data_line_cookie_write (void *cookie, const void *buffer, size_t size) { assuan_context_t ctx = cookie; if (data_line_write (ctx, buffer, size)) return -1; - return (ssize_t)size; + return (gpgrt_ssize_t)size; } diff --git a/sm/certdump.c b/sm/certdump.c index f32a27c..0cc492a 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -652,7 +652,7 @@ struct format_name_cookie }; /* The writer function for the memory stream. */ -static ssize_t +static gpgrt_ssize_t format_name_writer (void *cookie, const void *buffer, size_t size) { struct format_name_cookie *c = cookie; @@ -696,7 +696,7 @@ format_name_writer (void *cookie, const void *buffer, size_t size) c->len += size; p[c->len] = 0; /* Terminate string. */ - return (ssize_t)size; + return (gpgrt_ssize_t)size; } diff --git a/sm/server.c b/sm/server.c index e47861b..f0512ef 100644 --- a/sm/server.c +++ b/sm/server.c @@ -55,8 +55,8 @@ struct server_local_s { /* Cookie definition for assuan data line output. */ -static ssize_t data_line_cookie_write (void *cookie, - const void *buffer, size_t size); +static gpgrt_ssize_t data_line_cookie_write (void *cookie, + const void *buffer, size_t size); static int data_line_cookie_close (void *cookie); static es_cookie_io_functions_t data_line_cookie_functions = { @@ -129,7 +129,7 @@ has_option (const char *line, const char *name) /* A write handler used by es_fopencookie to write assuan data lines. */ -static ssize_t +static gpgrt_ssize_t data_line_cookie_write (void *cookie, const void *buffer, size_t size) { assuan_context_t ctx = cookie; @@ -140,7 +140,7 @@ data_line_cookie_write (void *cookie, const void *buffer, size_t size) return -1; } - return size; + return (gpgrt_ssize_t)size; } static int commit 100f34e869df899a695f5e5ef1b8e092baf91751 Author: Werner Koch Date: Fri Nov 27 17:12:56 2015 +0100 dirmngr: Avoid a declarations after statements. * tools/gpgtar.c (parse_arguments): Use a block for a local varibale definition. Signed-off-by: Werner Koch diff --git a/tools/gpgtar.c b/tools/gpgtar.c index a46a339..a09d2f0 100644 --- a/tools/gpgtar.c +++ b/tools/gpgtar.c @@ -347,38 +347,42 @@ parse_arguments (ARGPARSE_ARGS *pargs, ARGPARSE_OPTS *popts) case oCMS: /* Dummy option for now. */ break; case oGpgArgs:; - strlist_t list; - if (shell_parse_stringlist (pargs->r.ret_str, &list)) - log_error ("failed to parse gpg arguments '%s'\n", - pargs->r.ret_str); - else - { - if (opt.gpg_arguments) - strlist_last (opt.gpg_arguments)->next = list; - else - opt.gpg_arguments = list; - } + { + strlist_t list; + if (shell_parse_stringlist (pargs->r.ret_str, &list)) + log_error ("failed to parse gpg arguments '%s'\n", + pargs->r.ret_str); + else + { + if (opt.gpg_arguments) + strlist_last (opt.gpg_arguments)->next = list; + else + opt.gpg_arguments = list; + } + } break; case oTarArgs:; - int tar_argc; - char **tar_argv; - - if (shell_parse_argv (pargs->r.ret_str, &tar_argc, &tar_argv)) - log_error ("failed to parse tar arguments '%s'\n", - pargs->r.ret_str); - else - { - ARGPARSE_ARGS tar_args; - tar_args.argc = &tar_argc; - tar_args.argv = &tar_argv; - tar_args.flags = ARGPARSE_FLAG_ARG0; - parse_arguments (&tar_args, tar_opts); - if (tar_args.err) - log_error ("unsupported tar arguments '%s'\n", - pargs->r.ret_str); - pargs->err = tar_args.err; - } + { + int tar_argc; + char **tar_argv; + + if (shell_parse_argv (pargs->r.ret_str, &tar_argc, &tar_argv)) + log_error ("failed to parse tar arguments '%s'\n", + pargs->r.ret_str); + else + { + ARGPARSE_ARGS tar_args; + tar_args.argc = &tar_argc; + tar_args.argv = &tar_argv; + tar_args.flags = ARGPARSE_FLAG_ARG0; + parse_arguments (&tar_args, tar_opts); + if (tar_args.err) + log_error ("unsupported tar arguments '%s'\n", + pargs->r.ret_str); + pargs->err = tar_args.err; + } + } break; case oDryRun: commit 6501741d2c1beb8060198a39a1aa950cb11b386f Author: Werner Koch Date: Fri Nov 27 17:10:59 2015 +0100 dirmngr: Avoid casting away a const from an char**. * dirmngr/ldap.c (start_cert_fetch_ldap): Do not use pointers from global variables. Signed-off-by: Werner Koch diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c index 1fe8a81..20cbbd8 100644 --- a/dirmngr/ldap.c +++ b/dirmngr/ldap.c @@ -520,33 +520,54 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, strlist_t patterns, const ldap_server_t server) { gpg_error_t err; - const char *host; + char *proxy = NULL; + char *host = NULL; int port; - const char *user; - const char *pass; + char *user = NULL; + char *pass = NULL; const char *base; char *argv[50]; - int argc; - int argc_malloced; + int argc = 0; + int argc_malloced = 0; char portbuf[30], timeoutbuf[30]; *context = NULL; + + if (opt.ldap_proxy && !(proxy = xtrystrdup (opt.ldap_proxy))) + { + err = gpg_error_from_syserror (); + goto leave; + } + if (server) { - host = server->host; + if (server->host && !(host = xtrystrdup (server->host))) + { + err = gpg_error_from_syserror (); + goto leave; + } port = server->port; - user = server->user; - pass = server->pass; + if (server->user && !(user = xtrystrdup (server->user))) + { + err = gpg_error_from_syserror (); + goto leave; + } + if (server->pass && !(pass = xtrystrdup (server->pass))) + { + err = gpg_error_from_syserror (); + goto leave; + } base = server->base; + } else /* Use a default server. */ return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + if (!base) base = ""; - argc = 0; if (pass) /* Note: Must be the first item. */ { argv[argc++] = "--pass"; @@ -558,14 +579,14 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, argv[argc++] = "--multi"; if (opt.ldaptimeout) { - sprintf (timeoutbuf, "%u", opt.ldaptimeout); + snprintf (timeoutbuf, sizeof timeoutbuf, "%u", opt.ldaptimeout); argv[argc++] = "--timeout"; argv[argc++] = timeoutbuf; } if (opt.ldap_proxy) { argv[argc++] = "--proxy"; - argv[argc++] = opt.ldap_proxy; + argv[argc++] = proxy; } if (host) { @@ -574,7 +595,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, } if (port) { - sprintf (portbuf, "%d", port); + snprintf (portbuf, sizeof portbuf, "%d", port); argv[argc++] = "--port"; argv[argc++] = portbuf; } @@ -626,7 +647,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, goto leave; } - err = ldap_wrapper (ctrl, &(*context)->reader, argv); + err = ldap_wrapper (ctrl, &(*context)->reader, (const char**)argv); if (err) { @@ -637,6 +658,10 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context, leave: for (; argc_malloced < argc; argc_malloced++) xfree (argv[argc_malloced]); + xfree (proxy); + xfree (host); + xfree (user); + xfree (pass); return err; } ----------------------------------------------------------------------- Summary of changes: agent/call-pinentry.c | 2 ++ agent/gpg-agent.c | 3 ++- common/call-gpg.c | 4 ++-- common/iobuf.c | 17 ++++++++------ common/logging.c | 8 +++---- common/w32-afunix.h | 2 +- dirmngr/http.c | 13 ++++++----- dirmngr/ldap.c | 51 +++++++++++++++++++++++++++++++----------- dirmngr/server.c | 12 +++++----- g10/keyedit.c | 20 ++++------------- g10/keylist.c | 2 +- g10/keyring.c | 4 ++-- g10/trustdb.c | 7 ++++++ kbx/keybox-init.c | 2 +- sm/certdump.c | 4 ++-- sm/server.c | 8 +++---- tools/gpgtar.c | 62 +++++++++++++++++++++++++++------------------------ 17 files changed, 126 insertions(+), 95 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 30 11:51:39 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 30 Nov 2015 11:51:39 +0100 Subject: [git] GnuPG - branch, master, updated. gnupg-2.1.9-200-gb2b079c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, master has been updated via b2b079cb2f06067012e311434000d1cb5d6de8a2 (commit) via 4ecb5db804003c10c57bdc0dc7f1d9649c5ba6f8 (commit) via b4756a54a55fcd51717c149e19191a2eeaa6a919 (commit) via 081c902f16a2f251df4593f090b3978dfa473a26 (commit) via 75eb071354d1f862bac09c56c8ab81dae8883270 (commit) from 686f31c3d5aee0d2825265869ae92ca95cdcabae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b2b079cb2f06067012e311434000d1cb5d6de8a2 Author: Werner Koch Date: Mon Nov 30 11:47:23 2015 +0100 doc: Typo fix. -- diff --git a/doc/gnupg.texi b/doc/gnupg.texi index 42d9dc0..d0e5199 100644 --- a/doc/gnupg.texi +++ b/doc/gnupg.texi @@ -36,7 +36,7 @@ Published by The GnuPG Project@* @copyright{} 2002, 2004, 2005, 2006, 2007, 2010 Free Software Foundation, Inc.@* @copyright{} 2013, 2014, 2015 Werner Koch.@* - at copyright{} 2015 g10code Gmbh. + at copyright{} 2015 g10 Code GmbH. @quotation Permission is granted to copy, distribute and/or modify this document commit 4ecb5db804003c10c57bdc0dc7f1d9649c5ba6f8 Author: Werner Koch Date: Mon Nov 30 11:45:28 2015 +0100 doc: Make make distcheck work again. * doc/Makefile.am (DISTCLEANFILES): Add gpgkey2ssh.1 Signed-off-by: Werner Koch diff --git a/doc/Makefile.am b/doc/Makefile.am index 50d4725..44e9957 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -82,7 +82,7 @@ watchgnupg_SOURCE = gnupg.texi CLEANFILES = yat2m mkdefsinc defs.inc DISTCLEANFILES = gnupg.tmp gnupg.ops yat2m-stamp.tmp yat2m-stamp \ - $(myman_pages) gpg-zip.1 gnupg.7 + $(myman_pages) gpg-zip.1 gpgkey2ssh.1 gnupg.7 yat2m: yat2m.c $(CC_FOR_BUILD) -o $@ $(srcdir)/yat2m.c commit b4756a54a55fcd51717c149e19191a2eeaa6a919 Author: Werner Koch Date: Mon Nov 30 11:32:00 2015 +0100 yat2m: Add keyword @url. * doc/yat2m.c (proc_texi_cmd): Add keyword @url. Signed-off-by: Werner Koch diff --git a/doc/yat2m.c b/doc/yat2m.c index 6a7291f..1634985 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -684,6 +684,7 @@ proc_texi_cmd (FILE *fp, const char *command, const char *rest, size_t len, } cmdtbl[] = { { "command", 0, "\\fB", "\\fR" }, { "code", 0, "\\fB", "\\fR" }, + { "url", 0, "\\fB", "\\fR" }, { "sc", 0, "\\fB", "\\fR" }, { "var", 0, "\\fI", "\\fR" }, { "samp", 0, "\\(aq", "\\(aq" }, commit 081c902f16a2f251df4593f090b3978dfa473a26 Author: Werner Koch Date: Mon Nov 30 11:27:30 2015 +0100 doc: Build man pages with the same date as the info files. * doc/Makefile.am (yat2m-stamp): Use option --date. -- This changes allows reproducible builds. Debian-bug-id: 806494 diff --git a/doc/Makefile.am b/doc/Makefile.am index c6a5e25..50d4725 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -108,8 +108,10 @@ mkdefsinc: mkdefsinc.c Makefile ../config.h yat2m-stamp: $(myman_sources) defs.inc @rm -f yat2m-stamp.tmp @touch yat2m-stamp.tmp + incd="`test -f defsincdate || echo '$(srcdir)/'`defsincdate"; \ for file in $(myman_sources) ; do \ ./yat2m $(YAT2M_OPTIONS) --store \ + --date "`cat $$incd 2>/dev/null`" \ `test -f '$$file' || echo '$(srcdir)/'`$$file ; done @mv -f yat2m-stamp.tmp $@ commit 75eb071354d1f862bac09c56c8ab81dae8883270 Author: Werner Koch Date: Mon Nov 30 11:25:37 2015 +0100 yat2m: New option --date. * doc/yat2m.c (opt_date): new. (isodatestring): Use it if set. (main): New option --date. diff --git a/doc/yat2m.c b/doc/yat2m.c index e2ab86e..6a7291f 100644 --- a/doc/yat2m.c +++ b/doc/yat2m.c @@ -1,5 +1,5 @@ /* yat2m.c - Yet Another Texi 2 Man converter - * Copyright (C) 2005, 2013 g10 Code GmbH + * Copyright (C) 2005, 2013, 2015 g10 Code GmbH * Copyright (C) 2006, 2008, 2011 Free Software Foundation, Inc. * * This program is free software; you can redistribute it and/or modify @@ -120,6 +120,7 @@ static int quiet; static int debug; static const char *opt_source; static const char *opt_release; +static const char *opt_date; static const char *opt_select; static const char *opt_include; static int opt_store; @@ -323,8 +324,12 @@ isodatestring (void) { static char buffer[11+5]; struct tm *tp; - time_t atime = time (NULL); + time_t atime; + if (opt_date && *opt_date) + atime = strtoul (opt_date, NULL, 10); + else + atime = time (NULL); if (atime < 0) strcpy (buffer, "????" "-??" "-??"); else @@ -1466,13 +1471,14 @@ main (int argc, char **argv) "Extract man pages from a Texinfo source.\n\n" " --source NAME use NAME as source field\n" " --release STRING use STRING as the release field\n" + " --date EPOCH use EPOCH as publication date\n" " --store write output using @manpage name\n" " --select NAME only output pages with @manpage NAME\n" " --verbose enable extra informational output\n" " --debug enable additional debug output\n" " --help display this help and exit\n" " -I DIR also search in include DIR\n" - " -D gpgone the only useable define\n\n" + " -D gpgone the only usable define\n\n" "With no FILE, or when FILE is -, read standard input.\n\n" "Report bugs to ."); exit (0); @@ -1519,6 +1525,15 @@ main (int argc, char **argv) argc--; argv++; } } + else if (!strcmp (*argv, "--date")) + { + argc--; argv++; + if (argc) + { + opt_date = *argv; + argc--; argv++; + } + } else if (!strcmp (*argv, "--store")) { opt_store = 1; ----------------------------------------------------------------------- Summary of changes: doc/Makefile.am | 4 +++- doc/gnupg.texi | 2 +- doc/yat2m.c | 22 +++++++++++++++++++--- 3 files changed, 23 insertions(+), 5 deletions(-) hooks/post-receive -- The GNU Privacy Guard http://git.gnupg.org From cvs at cvs.gnupg.org Mon Nov 30 12:36:52 2015 From: cvs at cvs.gnupg.org (by Werner Koch) Date: Mon, 30 Nov 2015 12:36:52 +0100 Subject: [git] GnuPG - branch, wk/g13work, created. gnupg-2.1.9-201-g286a89d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The GNU Privacy Guard". The branch, wk/g13work has been created at 286a89da7c39333e0883c2050cf798905d48c4f5 (commit) - Log ----------------------------------------------------------------- commit 286a89da7c39333e0883c2050cf798905d48c4f5 Author: Werner Koch Date: Wed Oct 21 08:38:10 2015 +0200 g13: First chunk of code to support dm-crypt. * g13/call-syshelp.c, g13/call-syshelp.h: New. * g13/g13-syshelp.c, g13/g13-syshelp.h: New. * g13/sh-cmd.c: New. * g13/sh-blockdev.c: New. * g13/sh-exectool.c: New. * g13/sh-dmcrypt.c: New. * g13/Makefile.am (sbin_PROGRAMS): Add g13-syshelp.c (g13_syshelp_SOURCES): New. (g13_syshelp_LDADD): New. * g13/g13.c (opts): Add option --type. (g13_deinit_default_ctrl): New. (main): Implement that option. Call g13_deinit_default_ctrl. * g13/g13.h (struct call_syshelp_s): New declaration. (server_control_s): Add field syshelp_local. * g13/keyblob.h (KEYBLOB_TAG_CREATED): New. (KEYBLOB_TAG_ALGOSTR): New. (KEYBLOB_TAG_HDRCOPY): New. * g13/backend.c (be_parse_conttype_name): New. (be_get_detached_name): Add CONTTYPE_DM_CRYPT. Signed-off-by: Werner Koch diff --git a/g13/Makefile.am b/g13/Makefile.am index e17d099..a3cd133 100644 --- a/g13/Makefile.am +++ b/g13/Makefile.am @@ -21,6 +21,7 @@ EXTRA_DIST = ChangeLog-2011 bin_PROGRAMS = g13 +sbin_PROGRAMS = g13-syshelp AM_CPPFLAGS = -I$(top_srcdir)/common @@ -37,6 +38,7 @@ g13_SOURCES = \ create.c create.h \ mount.c mount.h \ mountinfo.c mountinfo.h \ + call-syshelp.c call-syshelp.h \ runner.c runner.h \ backend.c backend.h \ be-encfs.c be-encfs.h \ @@ -45,3 +47,18 @@ g13_SOURCES = \ g13_LDADD = $(libcommonpth) \ $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(NPTH_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) + + +g13_syshelp_SOURCES = \ + g13-syshelp.c g13-syshelp.h \ + g13-common.c g13-common.h \ + keyblob.h \ + utils.c utils.h \ + sh-cmd.c \ + sh-exectool.c \ + sh-blockdev.c \ + sh-dmcrypt.c + +g13_syshelp_LDADD = $(libcommon) \ + $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \ + $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) diff --git a/g13/backend.c b/g13/backend.c index 7b08cd5..52e1e0a 100644 --- a/g13/backend.c +++ b/g13/backend.c @@ -41,6 +41,38 @@ no_such_backend (int conttype) } +/* Parse NAME and return the corresponding content type. If the name + is not known, a error message is printed and zero returned. If + NAME is NULL the supported backend types are listed and 0 is + returned. */ +int +be_parse_conttype_name (const char *name) +{ + static struct { const char *name; int conttype; } names[] = { + { "encfs", CONTTYPE_ENCFS }, + { "dm-crypt", CONTTYPE_DM_CRYPT } + }; + int i; + + if (!name) + { + log_info ("Known backend types:\n"); + for (i=0; i < DIM (names); i++) + log_info (" %s\n", names[i].name); + return 0; + } + + for (i=0; i < DIM (names); i++) + { + if (!strcmp (names[i].name, name)) + return names[i].conttype; + } + + log_error ("invalid backend type '%s' given\n", name); + return 0; +} + + /* Return true if CONTTYPE is supported by us. */ int be_is_supported_conttype (int conttype) @@ -75,6 +107,9 @@ be_get_detached_name (int conttype, const char *fname, case CONTTYPE_ENCFS: return be_encfs_get_detached_name (fname, r_name, r_isdir); + case CONTTYPE_DM_CRYPT: + return 0; + default: return no_such_backend (conttype); } diff --git a/g13/backend.h b/g13/backend.h index 20d2966..e570fc5 100644 --- a/g13/backend.h +++ b/g13/backend.h @@ -23,7 +23,8 @@ #include "../common/membuf.h" #include "utils.h" /* For tupledesc_t */ -int be_is_supported_conttype (int conttype); +int be_parse_conttype_name (const char *name); +int be_is_supported_conttype (int conttype); gpg_error_t be_get_detached_name (int conttype, const char *fname, char **r_name, int *r_isdir); gpg_error_t be_create_new_keys (int conttype, membuf_t *mb); diff --git a/g13/call-syshelp.c b/g13/call-syshelp.c new file mode 100644 index 0000000..2086dd1 --- /dev/null +++ b/g13/call-syshelp.c @@ -0,0 +1,124 @@ +/* call-syshelp.c - Communication with g13-syshelp + * Copyright (C) 2015 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "g13.h" +#include +#include "i18n.h" +#include "utils.h" + +/* Local data for this module. A pointer to this is stored in the + CTRL object of each connection. */ +struct call_syshelp_s +{ + assuan_context_t assctx; /* The Assuan context for the current + g13-syshep connection. */ +}; + + +/* Fork off the syshelp tool if this has not already been done. */ +static gpg_error_t +start_syshelp (ctrl_t ctrl) +{ + gpg_error_t err; + assuan_context_t ctx; + assuan_fd_t no_close_list[3]; + int i; + + if (ctrl->syshelp_local->assctx) + return 0; /* Already set. */ + + if (opt.verbose) + log_info ("starting a new syshelp\n"); + + if (es_fflush (NULL)) + { + err = gpg_error_from_syserror (); + log_error ("error flushing pending output: %s\n", gpg_strerror (err)); + return err; + } + + i = 0; + if (log_get_fd () != -1) + no_close_list[i++] = assuan_fd_from_posix_fd (log_get_fd ()); + no_close_list[i++] = assuan_fd_from_posix_fd (es_fileno (es_stderr)); + no_close_list[i] = ASSUAN_INVALID_FD; + + err = assuan_new (&ctx); + if (err) + { + log_error ("can't allocate assuan context: %s\n", gpg_strerror (err)); + return err; + } + + /* Call userv to start g13-syshelp. This userv script needs tpo be + installed under the name "gnupg-g13-syshelp": + + if ( glob service-user root + ) + reset + suppress-args + execute /home/wk/b/gnupg/g13/g13-syshelp -v + else + error Nothing to do for this service-user + fi + quit + */ + { + const char *argv[3]; + + argv[0] = "userv"; + argv[1] = "gnupg-g13-syshelp"; + argv[2] = NULL; + + err = assuan_pipe_connect (ctx, "/usr/bin/userv", argv, + no_close_list, NULL, NULL, 0); + } + if (err) + { + log_error ("can't connect to '%s' - : %s\n", + "g13-syshelp", gpg_strerror (err)); + log_info ("(is userv and its gnupg-g13-syshelp script installed?)\n"); + assuan_release (ctx); + return err; + } + ctrl->syshelp_local->assctx = ctx; + + if (DBG_IPC) + log_debug ("connection to g13-syshelp established\n"); + + return 0; +} + + +/* Release local resources associated with CTRL. */ +void +call_syshelp_release (ctrl_t ctrl) +{ + assuan_release (ctrl->syshelp_local->assctx); + ctrl->syshelp_local->assctx = NULL; +} diff --git a/g13/call-syshelp.h b/g13/call-syshelp.h new file mode 100644 index 0000000..c78d53b --- /dev/null +++ b/g13/call-syshelp.h @@ -0,0 +1,26 @@ +/* call-syshelp.h - Communication with g13-syshelp + * Copyright (C) 2015 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef GNUPG_G13_CALL_SYSHELP_H +#define GNUPG_G13_CALL_SYSHELP_H + +void call_syshelp_release (ctrl_t ctrl); + + +#endif /*GNUPG_G13_CALL_SYSHELP_H*/ diff --git a/g13/g13-syshelp.c b/g13/g13-syshelp.c new file mode 100644 index 0000000..c09a5e9 --- /dev/null +++ b/g13/g13-syshelp.c @@ -0,0 +1,720 @@ +/* g13-syshelp.c - Helper for disk key management with GnuPG + * Copyright (C) 2015 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_PWD_H +# include +#endif +#include + +#include "g13-syshelp.h" + +#include +#include + +#include "i18n.h" +#include "sysutils.h" +#include "asshelp.h" +#include "../common/init.h" +#include "keyblob.h" + + +enum cmd_and_opt_values { + aNull = 0, + oQuiet = 'q', + oVerbose = 'v', + oRecipient = 'r', + + aGPGConfList = 500, + + oDebug, + oDebugLevel, + oDebugAll, + oDebugNone, + oDebugWait, + oDebugAllowCoreDump, + oLogFile, + oNoLogFile, + oAuditLog, + + oOutput, + + oAgentProgram, + oGpgProgram, + oType, + + oDisplay, + oTTYname, + oTTYtype, + oLCctype, + oLCmessages, + oXauthority, + + oStatusFD, + oLoggerFD, + + oNoVerbose, + oNoSecmemWarn, + oHomedir, + oDryRun, + oNoDetach, + + oNoRandomSeedFile, + oFakedSystemTime + }; + + +static ARGPARSE_OPTS opts[] = { + + ARGPARSE_s_n (oDryRun, "dry-run", N_("do not make any changes")), + + ARGPARSE_s_n (oVerbose, "verbose", N_("verbose")), + ARGPARSE_s_n (oQuiet, "quiet", N_("be somewhat more quiet")), + + ARGPARSE_s_s (oDebug, "debug", "@"), + ARGPARSE_s_s (oDebugLevel, "debug-level", + N_("|LEVEL|set the debugging level to LEVEL")), + ARGPARSE_s_n (oDebugAll, "debug-all", "@"), + ARGPARSE_s_n (oDebugNone, "debug-none", "@"), + ARGPARSE_s_i (oDebugWait, "debug-wait", "@"), + ARGPARSE_s_n (oDebugAllowCoreDump, "debug-allow-core-dump", "@"), + + ARGPARSE_end () +}; + + +/* The list of supported debug flags. */ +static struct debug_flags_s debug_flags [] = + { + { DBG_MOUNT_VALUE , "mount" }, + { DBG_CRYPTO_VALUE , "crypto" }, + { DBG_MEMORY_VALUE , "memory" }, + { DBG_MEMSTAT_VALUE, "memstat" }, + { DBG_IPC_VALUE , "ipc" }, + { 0, NULL } + }; + + +/* The timer tick interval used by the idle task. */ +#define TIMERTICK_INTERVAL_SEC (1) + +/* It is possible that we are currently running under setuid permissions. */ +static int maybe_setuid = 1; + +/* Helper to implement --debug-level and --debug. */ +static const char *debug_level; +static unsigned int debug_value; + + +/* Local prototypes. */ +static void g13_syshelp_deinit_default_ctrl (ctrl_t ctrl); +static void release_tab_items (tab_item_t tab); +static tab_item_t parse_g13tab (const char *username); + + + +static const char * +my_strusage( int level ) +{ + const char *p; + + switch (level) + { + case 11: p = "@G13 at -syshelp (@GNUPG@)"; + break; + case 13: p = VERSION; break; + case 17: p = PRINTABLE_OS_NAME; break; + case 19: p = _("Please report bugs to <" PACKAGE_BUGREPORT ">.\n"); + break; + case 1: + case 40: p = _("Usage: @G13 at -syshelp [options] [files] (-h for help)"); + break; + case 41: + p = _("Syntax: @G13 at -syshelp [options] [files]\n" + "Helper to perform root-only tasks for g13\n"); + break; + + case 31: p = "\nHome: "; break; + case 32: p = opt.homedir; break; + + default: p = NULL; break; + } + return p; +} + + +/* Setup the debugging. With a DEBUG_LEVEL of NULL only the active + debug flags are propagated to the subsystems. With DEBUG_LEVEL + set, a specific set of debug flags is set; and individual debugging + flags will be added on top. */ +static void +set_debug (void) +{ + int numok = (debug_level && digitp (debug_level)); + int numlvl = numok? atoi (debug_level) : 0; + + if (!debug_level) + ; + else if (!strcmp (debug_level, "none") || (numok && numlvl < 1)) + opt.debug = 0; + else if (!strcmp (debug_level, "basic") || (numok && numlvl <= 2)) + opt.debug = DBG_IPC_VALUE|DBG_MOUNT_VALUE; + else if (!strcmp (debug_level, "advanced") || (numok && numlvl <= 5)) + opt.debug = DBG_IPC_VALUE|DBG_MOUNT_VALUE; + else if (!strcmp (debug_level, "expert") || (numok && numlvl <= 8)) + opt.debug = (DBG_IPC_VALUE|DBG_MOUNT_VALUE|DBG_CRYPTO_VALUE); + else if (!strcmp (debug_level, "guru") || numok) + { + opt.debug = ~0; + /* if (numok) */ + /* opt.debug &= ~(DBG_HASHING_VALUE); */ + } + else + { + log_error (_("invalid debug-level '%s' given\n"), debug_level); + g13_exit(2); + } + + opt.debug |= debug_value; + + if (opt.debug && !opt.verbose) + opt.verbose = 1; + if (opt.debug) + opt.quiet = 0; + + if (opt.debug & DBG_CRYPTO_VALUE ) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1); + gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + + if (opt.debug) + parse_debug_flag (NULL, &opt.debug, debug_flags); +} + + +int +main ( int argc, char **argv) +{ + ARGPARSE_ARGS pargs; + int orig_argc; + char **orig_argv; + gpg_error_t err = 0; + /* const char *fname; */ + int may_coredump; + FILE *configfp = NULL; + char *configname = NULL; + unsigned configlineno; + int parse_debug = 0; + int no_more_options = 0; + int default_config =1; + char *logfile = NULL; + /* int debug_wait = 0; */ + int use_random_seed = 1; + /* int nodetach = 0; */ + /* int nokeysetup = 0; */ + struct server_control_s ctrl; + + /*mtrace();*/ + + early_system_init (); + gnupg_reopen_std (G13_NAME "-syshelp"); + set_strusage (my_strusage); + gcry_control (GCRYCTL_SUSPEND_SECMEM_WARN); + + log_set_prefix (G13_NAME "-syshelp", 1); + + /* Make sure that our subsystems are ready. */ + i18n_init (); + init_common_subsystems (&argc, &argv); + + /* Check that the Libgcrypt is suitable. */ + if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) ) + log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt", + NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) ); + + /* Take extra care of the random pool. */ + gcry_control (GCRYCTL_USE_SECURE_RNDPOOL); + + may_coredump = disable_core_dumps (); + + g13_init_signals (); + + dotlock_create (NULL, 0); /* Register locking cleanup. */ + + opt.session_env = session_env_new (); + if (!opt.session_env) + log_fatal ("error allocating session environment block: %s\n", + strerror (errno)); + + opt.homedir = default_homedir (); + + /* First check whether we have a debug option on the commandline. */ + orig_argc = argc; + orig_argv = argv; + pargs.argc = &argc; + pargs.argv = &argv; + pargs.flags= (ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION); + while (arg_parse( &pargs, opts)) + { + if (pargs.r_opt == oDebug || pargs.r_opt == oDebugAll) + parse_debug++; + } + + /* Initialize the secure memory. */ + gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); + maybe_setuid = 0; + + /* + Now we are now working under our real uid + */ + + /* Setup malloc hooks. */ + { + struct assuan_malloc_hooks malloc_hooks; + + malloc_hooks.malloc = gcry_malloc; + malloc_hooks.realloc = gcry_realloc; + malloc_hooks.free = gcry_free; + assuan_set_malloc_hooks (&malloc_hooks); + } + + /* Prepare libassuan. */ + assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT); + /*assuan_set_system_hooks (ASSUAN_SYSTEM_NPTH);*/ + setup_libassuan_logging (&opt.debug); + + /* Setup a default control structure for command line mode. */ + memset (&ctrl, 0, sizeof ctrl); + g13_syshelp_init_default_ctrl (&ctrl); + ctrl.no_server = 1; + ctrl.status_fd = -1; /* No status output. */ + + if (default_config ) + configname = make_filename (gnupg_sysconfdir (), + G13_NAME"-syshelp.conf", NULL); + + argc = orig_argc; + argv = orig_argv; + pargs.argc = &argc; + pargs.argv = &argv; + pargs.flags = 1; /* Do not remove the args. */ + + next_pass: + if (configname) + { + configlineno = 0; + configfp = fopen (configname, "r"); + if (!configfp) + { + if (default_config) + { + if (parse_debug) + log_info (_("NOTE: no default option file '%s'\n"), configname); + } + else + { + log_error (_("option file '%s': %s\n"), + configname, strerror(errno)); + g13_exit(2); + } + xfree (configname); + configname = NULL; + } + if (parse_debug && configname) + log_info (_("reading options from '%s'\n"), configname); + default_config = 0; + } + + while (!no_more_options + && optfile_parse (configfp, configname, &configlineno, &pargs, opts)) + { + switch (pargs.r_opt) + { + case oQuiet: opt.quiet = 1; break; + + case oDryRun: opt.dry_run = 1; break; + + case oVerbose: + opt.verbose++; + gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + break; + case oNoVerbose: + opt.verbose = 0; + gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose); + break; + + case oLogFile: logfile = pargs.r.ret_str; break; + case oNoLogFile: logfile = NULL; break; + + case oNoDetach: /*nodetach = 1; */break; + + case oDebug: + if (parse_debug_flag (pargs.r.ret_str, &opt.debug, debug_flags)) + { + pargs.r_opt = ARGPARSE_INVALID_ARG; + pargs.err = ARGPARSE_PRINT_ERROR; + } + break; + case oDebugAll: debug_value = ~0; break; + case oDebugNone: debug_value = 0; break; + case oDebugLevel: debug_level = pargs.r.ret_str; break; + case oDebugWait: /*debug_wait = pargs.r.ret_int; */break; + case oDebugAllowCoreDump: + may_coredump = enable_core_dumps (); + break; + + case oStatusFD: ctrl.status_fd = pargs.r.ret_int; break; + case oLoggerFD: log_set_fd (pargs.r.ret_int ); break; + + case oHomedir: opt.homedir = pargs.r.ret_str; break; + + case oFakedSystemTime: + { + time_t faked_time = isotime2epoch (pargs.r.ret_str); + if (faked_time == (time_t)(-1)) + faked_time = (time_t)strtoul (pargs.r.ret_str, NULL, 10); + gnupg_set_time (faked_time, 0); + } + break; + + case oNoSecmemWarn: gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); break; + + case oNoRandomSeedFile: use_random_seed = 0; break; + + default: + pargs.err = configfp? ARGPARSE_PRINT_WARNING:ARGPARSE_PRINT_ERROR; + break; + } + } + + if (configfp) + { + fclose (configfp); + configfp = NULL; + /* Keep a copy of the config filename. */ + opt.config_filename = configname; + configname = NULL; + goto next_pass; + } + xfree (configname); + configname = NULL; + + if (!opt.config_filename) + opt.config_filename = make_filename (opt.homedir, G13_NAME".conf", NULL); + + if (log_get_errorcount(0)) + g13_exit(2); + + /* Now that we have the options parsed we need to update the default + control structure. */ + g13_syshelp_init_default_ctrl (&ctrl); + + if (may_coredump && !opt.quiet) + log_info (_("WARNING: program may create a core file!\n")); + + if (logfile) + { + log_set_file (logfile); + log_set_prefix (NULL, 1|2|4); + } + + if (gnupg_faked_time_p ()) + { + gnupg_isotime_t tbuf; + + log_info (_("WARNING: running with faked system time: ")); + gnupg_get_isotime (tbuf); + dump_isotime (tbuf); + log_printf ("\n"); + } + + /* Print any pending secure memory warnings. */ + gcry_control (GCRYCTL_RESUME_SECMEM_WARN); + + /* Setup the debug flags for all subsystems. */ + set_debug (); + + /* Install a regular exit handler to make real sure that the secure + memory gets wiped out. */ + g13_install_emergency_cleanup (); + + /* Terminate if we found any error until now. */ + if (log_get_errorcount(0)) + g13_exit (2); + + /* Set the standard GnuPG random seed file. */ + if (use_random_seed) + { + char *p = make_filename (opt.homedir, "random_seed", NULL); + gcry_control (GCRYCTL_SET_RANDOM_SEED_FILE, p); + xfree(p); + } + + /* Get the UID of the caller. */ +#if defined(HAVE_PWD_H) && defined(HAVE_GETPWUID) + { + const char *uidstr; + struct passwd *pwd = NULL; + + uidstr = getenv ("USERV_UID"); + + /* Print a quick note if we are not started via userv. */ + if (!uidstr) + { + if (getuid ()) + { + log_info ("WARNING: Not started via userv\n"); + ctrl.fail_all_cmds = 1; + } + ctrl.client.uid = getuid (); + } + else + { + unsigned long myuid; + + errno = 0; + myuid = strtoul (uidstr, NULL, 10); + if (myuid == ULONG_MAX && errno) + { + log_info ("WARNING: Started via broken userv: %s\n", + strerror (errno)); + ctrl.fail_all_cmds = 1; + ctrl.client.uid = getuid (); + } + else + ctrl.client.uid = (uid_t)myuid; + } + + pwd = getpwuid (ctrl.client.uid); + if (!pwd || !*pwd->pw_name) + { + log_info ("WARNING: Name for UID not found: %s\n", strerror (errno)); + ctrl.fail_all_cmds = 1; + ctrl.client.uname = xstrdup ("?"); + } + else + ctrl.client.uname = xstrdup (pwd->pw_name); + } +#else /*!HAVE_PWD_H || !HAVE_GETPWUID*/ + log_info ("WARNING: System does not support required syscalls\n"); + ctrl.fail_all_cmds = 1; + ctrl.client.uid = getuid (); + ctrl.client.uname = xstrdup ("?"); +#endif /*!HAVE_PWD_H || !HAVE_GETPWUID*/ + + /* Read the table entries for this user. */ + if (!ctrl.fail_all_cmds + && !(ctrl.client.tab = parse_g13tab (ctrl.client.uname))) + ctrl.fail_all_cmds = 1; + + /* Start the server. */ + err = syshelp_server (&ctrl); + if (err) + log_error ("server exited with error: %s <%s>\n", + gpg_strerror (err), gpg_strsource (err)); + + /* Cleanup. */ + g13_syshelp_deinit_default_ctrl (&ctrl); + g13_exit (0); + return 8; /*NOTREACHED*/ +} + + +/* Store defaults into the per-connection CTRL object. */ +void +g13_syshelp_init_default_ctrl (ctrl_t ctrl) +{ + ctrl->conttype = CONTTYPE_DM_CRYPT; +} + +/* Release all resources allocated by default in the CTRl object. */ +static void +g13_syshelp_deinit_default_ctrl (ctrl_t ctrl) +{ + xfree (ctrl->client.uname); + release_tab_items (ctrl->client.tab); +} + + +/* Release the list of g13tab itejms at TAB. */ +static void +release_tab_items (tab_item_t tab) +{ + while (tab) + { + tab_item_t next = tab->next; + xfree (tab->mountpoint); + xfree (tab); + tab = next; + } +} + + +/* Parse the /etc/gnupg/g13tab for user USERNAME. Return a table for + the user on success. Return NULL on error and print + diagnostics. */ +static tab_item_t +parse_g13tab (const char *username) +{ + gpg_error_t err; + int c, n; + char line[512]; + char *p; + char *fname; + estream_t fp; + int lnr; + char **words = NULL; + tab_item_t table = NULL; + tab_item_t *tabletail, ti; + + fname = make_filename (gnupg_sysconfdir (), G13_NAME"tab", NULL); + fp = es_fopen (fname, "r"); + if (!fp) + { + err = gpg_error_from_syserror (); + log_error (_("error opening '%s': %s\n"), fname, gpg_strerror (err)); + goto leave; + } + + tabletail = &table; + err = 0; + lnr = 0; + while (es_fgets (line, DIM(line)-1, fp)) + { + lnr++; + n = strlen (line); + if (!n || line[n-1] != '\n') + { + /* Eat until end of line. */ + while ((c=es_getc (fp)) != EOF && c != '\n') + ; + err = gpg_error (*line? GPG_ERR_LINE_TOO_LONG + : GPG_ERR_INCOMPLETE_LINE); + log_error (_("file '%s', line %d: %s\n"), + fname, lnr, gpg_strerror (err)); + continue; + } + line[--n] = 0; /* Chop the LF. */ + if (n && line[n-1] == '\r') + line[--n] = 0; /* Chop an optional CR. */ + + /* Allow for empty lines and spaces */ + for (p=line; spacep (p); p++) + ; + if (!*p || *p == '#') + continue; + + /* Parse the line. The format is + * [