[git] GnuPG - branch, master, updated. gnupg-2.1.11-133-g8c3fb23
by Werner Koch
cvs at cvs.gnupg.org
Thu Apr 14 12:33:13 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 8c3fb2360f154a971d2a390e4937acb22a44a8c2 (commit)
via 6df75ec70afeb1a5ad9a00557e1245e1514c37b5 (commit)
via 94504b3d5af126abb591dedda1ca0f0970822f55 (commit)
from 4159567f7ed7a1139fdc3a6c92988e1648ad84ab (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8c3fb2360f154a971d2a390e4937acb22a44a8c2
Author: Werner Koch <wk at gnupg.org>
Date: Thu Apr 14 12:16:51 2016 +0200
agent: Fix regression due to recent commit 4159567.
* agent/protect.c (do_encryption): Fix CBC hashing.
--
The buggy code included an extra closing parenthesis before
the (protected-at) term in the CBC hashing. We now do it by
explicitly hashing the protected stuff and append the rest of the
expression instead of a fixed closing parenthesis. Note that the OCB
hashing only differs that it does no include the protected part.
Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/protect.c b/agent/protect.c
index a78d5a5..ee08e57 100644
--- a/agent/protect.c
+++ b/agent/protect.c
@@ -464,9 +464,11 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 );
if (!rc)
{
- gcry_md_write (md, hashbegin, hashlen);
+ gcry_md_write (md, hashbegin, protbegin - hashbegin);
+ gcry_md_write (md, protbegin, protlen);
gcry_md_write (md, timestamp_exp, timestamp_exp_len);
- gcry_md_write (md, ")", 1);
+ gcry_md_write (md, protbegin+protlen,
+ hashlen - (protbegin+protlen - hashbegin));
memcpy (hashvalue, gcry_md_read (md, GCRY_MD_SHA1), 20);
gcry_md_close (md);
}
commit 6df75ec70afeb1a5ad9a00557e1245e1514c37b5
Author: Werner Koch <wk at gnupg.org>
Date: Thu Apr 14 12:28:48 2016 +0200
agent: Allow gpg-protect-tool to handle openpgp-native protection.
* agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
agent_unprotect.
(main): Allocate a simple CTRL object and pass it to
read_and_unprotect.
(convert_from_openpgp_native): Remove stub.
(agent_key_available, agent_get_cache): New stubs.
(agent_askpin): New emulation for the one in call-pinentry.c.
(agent_write_private_key): New to dump key.
* agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/Makefile.am b/agent/Makefile.am
index b33593d..4be9090 100644
--- a/agent/Makefile.am
+++ b/agent/Makefile.am
@@ -74,7 +74,7 @@ gpg_agent_DEPENDENCIES = $(resource_objs)
gpg_protect_tool_SOURCES = \
protect-tool.c \
- protect.c
+ protect.c cvt-openpgp.c
gpg_protect_tool_CFLAGS = $(AM_CFLAGS) $(LIBASSUAN_CFLAGS)
gpg_protect_tool_LDADD = $(common_libs) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) \
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index 1871ac7..ad036ee 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -363,7 +363,7 @@ read_and_protect (const char *fname)
static void
-read_and_unprotect (const char *fname)
+read_and_unprotect (ctrl_t ctrl, const char *fname)
{
int rc;
unsigned char *key;
@@ -376,7 +376,7 @@ read_and_unprotect (const char *fname)
if (!key)
return;
- rc = agent_unprotect (NULL, key, (pw=get_passphrase (1)),
+ rc = agent_unprotect (ctrl, key, (pw=get_passphrase (1)),
protected_at, &result, &resultlen);
release_passphrase (pw);
xfree (key);
@@ -388,10 +388,14 @@ read_and_unprotect (const char *fname)
return;
}
if (opt.verbose)
- log_info ("key protection done at %.4s-%.2s-%.2s %.2s:%.2s:%s\n",
- protected_at, protected_at+4, protected_at+6,
- protected_at+9, protected_at+11, protected_at+13);
-
+ {
+ if (*protected_at)
+ log_info ("key protection done at %.4s-%.2s-%.2s %.2s:%.2s:%s\n",
+ protected_at, protected_at+4, protected_at+6,
+ protected_at+9, protected_at+11, protected_at+13);
+ else
+ log_info ("key protection done at [unknown]\n");
+ }
if (opt_armor)
{
@@ -552,6 +556,7 @@ main (int argc, char **argv )
ARGPARSE_ARGS pargs;
int cmd = 0;
const char *fname;
+ ctrl_t ctrl;
early_system_init ();
set_strusage (my_strusage);
@@ -617,6 +622,15 @@ main (int argc, char **argv )
else if (argc > 1)
usage (1);
+ /* Allocate an CTRL object. An empty object should sufficent. */
+ ctrl = xtrycalloc (1, sizeof *ctrl);
+ if (!ctrl)
+ {
+ log_error ("error allocating connection control data: %s\n",
+ strerror (errno));
+ agent_exit (1);
+ }
+
/* Set the information which can't be taken from envvars. */
gnupg_prepare_get_passphrase (GPG_ERR_SOURCE_DEFAULT,
opt.verbose,
@@ -630,7 +644,7 @@ main (int argc, char **argv )
if (cmd == oProtect)
read_and_protect (fname);
else if (cmd == oUnprotect)
- read_and_unprotect (fname);
+ read_and_unprotect (ctrl, fname);
else if (cmd == oShadow)
read_and_shadow (fname);
else if (cmd == oShowShadowInfo)
@@ -646,6 +660,8 @@ main (int argc, char **argv )
else
show_file (fname);
+ xfree (ctrl);
+
agent_exit (0);
return 8; /*NOTREACHED*/
}
@@ -737,12 +753,79 @@ release_passphrase (char *pw)
/* Stub function. */
+int
+agent_key_available (const unsigned char *grip)
+{
+ (void)grip;
+ return -1; /* Not available. */
+}
+
+char *
+agent_get_cache (const char *key, cache_mode_t cache_mode)
+{
+ (void)key;
+ (void)cache_mode;
+ return NULL;
+}
+
gpg_error_t
-convert_from_openpgp_native (gcry_sexp_t s_pgp, const char *passphrase,
- unsigned char **r_key)
+agent_askpin (ctrl_t ctrl,
+ const char *desc_text, const char *prompt_text,
+ const char *initial_errtext,
+ struct pin_entry_info_s *pininfo,
+ const char *keyinfo, cache_mode_t cache_mode)
{
- (void)s_pgp;
- (void)passphrase;
- (void)r_key;
- return gpg_error (GPG_ERR_BUG);
+ gpg_error_t err;
+ unsigned char *passphrase;
+ size_t size;
+
+ (void)ctrl;
+ (void)desc_text;
+ (void)prompt_text;
+ (void)initial_errtext;
+ (void)keyinfo;
+ (void)cache_mode;
+
+ *pininfo->pin = 0; /* Reset the PIN. */
+ passphrase = get_passphrase (0);
+ size = strlen (passphrase);
+ if (size >= pininfo->max_length)
+ return gpg_error (GPG_ERR_TOO_LARGE);
+
+ memcpy (&pininfo->pin, passphrase, size);
+ xfree (passphrase);
+ pininfo->pin[size] = 0;
+ if (pininfo->check_cb)
+ {
+ /* More checks by utilizing the optional callback. */
+ pininfo->cb_errtext = NULL;
+ err = pininfo->check_cb (pininfo);
+ }
+ else
+ err = 0;
+ return err;
+}
+
+/* Replacement for the function in findkey.c. Here we write the key
+ * to stdout. */
+int
+agent_write_private_key (const unsigned char *grip,
+ const void *buffer, size_t length, int force)
+{
+ char hexgrip[40+4+1];
+ char *p;
+
+ (void)force;
+
+ bin2hex (grip, 20, hexgrip);
+ strcpy (hexgrip+40, ".key");
+ p = make_advanced (buffer, length);
+ if (p)
+ {
+ printf ("# Begin dump of %s\n%s%s# End dump of %s\n",
+ hexgrip, p, (*p && p[strlen(p)-1] == '\n')? "":"\n", hexgrip);
+ xfree (p);
+ }
+
+ return 0;
}
commit 94504b3d5af126abb591dedda1ca0f0970822f55
Author: Werner Koch <wk at gnupg.org>
Date: Thu Apr 14 09:08:50 2016 +0200
tests: Set fake-pinentry's stdout and stdin to _IOLBF.
* tests/openpgp/fake-pinentry.c (main): Call setvbuf. Show passphrase
at startup. Increase buffer.
--
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/tests/openpgp/fake-pinentry.c b/tests/openpgp/fake-pinentry.c
index c906370..b8aa848 100644
--- a/tests/openpgp/fake-pinentry.c
+++ b/tests/openpgp/fake-pinentry.c
@@ -25,19 +25,36 @@
int
main (int argc, char **argv)
{
+ static char *passphrase;
+ char *p;
+
(void) argc, (void) argv;
+ setvbuf (stdin, NULL, _IOLBF, BUFSIZ);
+ setvbuf (stdout, NULL, _IOLBF, BUFSIZ);
+
+ if (!passphrase)
+ {
+ passphrase = getenv ("PINENTRY_USER_DATA");
+ if (!passphrase)
+ passphrase = "";
+ for (p=passphrase; *p; p++)
+ if (*p == '\r' || *p == '\n')
+ *p = '.';
+ printf ("# Passphrase='%s'\n", passphrase);
+ }
+
printf ("OK - what's up?\n");
while (! feof (stdin))
{
- char buffer[128];
+ char buffer[1024];
if (fgets (buffer, sizeof buffer, stdin) == NULL)
break;
if (strncmp (buffer, "GETPIN", 6) == 0)
- printf ("D %s\nOK\n", getenv ("PINENTRY_USER_DATA") ?: "");
+ printf ("D %s\nOK\n", passphrase);
else if (strncmp (buffer, "BYE", 3) == 0)
{
printf ("OK\n");
-----------------------------------------------------------------------
Summary of changes:
agent/Makefile.am | 2 +-
agent/protect-tool.c | 109 +++++++++++++++++++++++++++++++++++++-----
agent/protect.c | 6 ++-
tests/openpgp/fake-pinentry.c | 21 +++++++-
4 files changed, 120 insertions(+), 18 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list