[git] GnuPG - branch, master, updated. gnupg-2.1.11-27-g9663b08
by Neal H. Walfield
cvs at cvs.gnupg.org
Sun Feb 14 14:51:14 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 9663b088480cef6734a3c5892d5ddbbd60ecc1a4 (commit)
via 5cdde08ea869ef02111f618ad782d392a296eb7f (commit)
via c0268c449d0f3d23be5ec7b92fe92e7e078166cf (commit)
via ad43dc6cfc2b610a4e34fe55811bd937f9c3238b (commit)
from 86f3bb144ad75461eb9b7ac1e59046ac75efccac (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9663b088480cef6734a3c5892d5ddbbd60ecc1a4
Author: Neal H. Walfield <neal at g10code.com>
Date: Wed Feb 3 14:23:51 2016 +0100
gpg: Improve API documentation.
* g10/seskey.c (make_session_key): Improve documentation.
(encode_session_key): Improve documentation.
* g10/encrypt.c (encrypt_seskey): Remove gratuitous initialization.
* g10/dek.h (DEK): Improve documenation.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/dek.h b/g10/dek.h
index 31ebbb6..1a879e3 100644
--- a/g10/dek.h
+++ b/g10/dek.h
@@ -22,10 +22,16 @@
typedef struct
{
+ /* The algorithm (e.g., CIPHER_ALGO_AES). */
int algo;
+ /* The length of the key (in bytes). */
int keylen;
+ /* Whether we've already printed information about this key. This
+ is currently only used in decrypt_data() and only if we are in
+ verbose mode. */
int algo_info_printed;
int use_mdc;
+ /* This key was read from a SK-ESK packet (see proc_symkey_enc). */
int symmetric;
byte key[32]; /* This is the largest used keylen (256 bit). */
char s2k_cacheid[1+16+1];
diff --git a/g10/encrypt.c b/g10/encrypt.c
index abd8002..46b0be0 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -75,7 +75,6 @@ encrypt_seskey (DEK *dek, DEK **seskey, byte *enckey)
if (!*seskey)
{
*seskey=xmalloc_clear(sizeof(DEK));
- (*seskey)->keylen=dek->keylen;
(*seskey)->algo=dek->algo;
make_session_key(*seskey);
/*log_hexdump( "thekey", c->key, c->keylen );*/
@@ -326,7 +325,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
if (!opt.no_literal)
{
- /* Note that PT has been initialized above in no_literal mode. */
+ /* Note that PT has been initialized above in !no_literal mode. */
pt->timestamp = make_timestamp();
pt->mode = opt.textmode? 't' : 'b';
pt->len = filesize;
diff --git a/g10/seskey.c b/g10/seskey.c
index e79faf8..507eea1 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -31,9 +31,11 @@
#include "i18n.h"
-/****************
- * Make a session key and put it into DEK
- */
+/* Generate a new session key in *DEK that is appropriate for the
+ algorithm DEK->ALGO (i.e., ensure that the key is not weak).
+
+ This function overwrites DEK->KEYLEN, DEK->KEY. The rest of the
+ fields are left as is. */
void
make_session_key( DEK *dek )
{
@@ -67,11 +69,12 @@ make_session_key( DEK *dek )
}
-/****************
- * Encode the session key. NBITS is the number of bits which should be used
- * for packing the session key.
- * returns: A mpi with the session key (caller must free)
- */
+/* Encode the session key stored in DEK as an MPI in preparation to
+ encrypt it with the public key algorithm OPENPGP_PK_ALGO with a key
+ whose length (the size of the public key) is NBITS.
+
+ On success, returns an MPI, which the caller must free using
+ gcry_mpi_release(). */
gcry_mpi_t
encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
{
@@ -136,14 +139,15 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
log_bug ("can't encode a %d bit key in a %d bits frame\n",
dek->keylen*8, nbits );
- /* We encode the session key in this way:
+ /* We encode the session key according to PKCS#1 v1.5 (see section
+ * 13.1.1 of RFC 4880):
*
- * 0 2 RND(n bytes) 0 A DEK(k bytes) CSUM(2 bytes)
+ * 0 2 RND(i bytes) 0 A DEK(k bytes) CSUM(2 bytes)
*
* (But how can we store the leading 0 - the external representaion
* of MPIs doesn't allow leading zeroes =:-)
*
- * RND are non-zero random bytes.
+ * RND are (at least 1) non-zero random bytes.
* A is the cipher algorithm
* DEK is the encryption key (session key) length k depends on the
* cipher algorithm (20 is used with blowfish160).
@@ -154,6 +158,8 @@ encode_session_key (int openpgp_pk_algo, DEK *dek, unsigned int nbits)
n = 0;
frame[n++] = 0;
frame[n++] = 2;
+ /* The number of random bytes are the number of otherwise unused
+ bytes. See diagram above. */
i = nframe - 6 - dek->keylen;
assert( i > 0 );
p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
commit 5cdde08ea869ef02111f618ad782d392a296eb7f
Author: Neal H. Walfield <neal at g10code.com>
Date: Tue Feb 2 20:05:45 2016 +0100
gpg: Fix calc_header_length when LEN is 0 and improve documentation.
* g10/build-packet.c (calc_header_length): Return the correct haeder
size when LEN is 0. Fix documentation.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
GnuPG-bug-id: 2240
diff --git a/g10/build-packet.c b/g10/build-packet.c
index 269c63c..4245208 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -1215,14 +1215,18 @@ write_32(IOBUF out, u32 a)
/****************
- * calculate the length of a header
+ * calculate the length of a header.
+ *
+ * LEN is the length of the packet's body. NEW_CTB is whether we are
+ * using a new or old format packet.
+ *
+ * This function does not handle indeterminate lengths or partial body
+ * lengths. (If you pass LEN as 0, then this function assumes you
+ * really mean an empty body.)
*/
static int
calc_header_length( u32 len, int new_ctb )
{
- if( !len )
- return 1; /* only the ctb */
-
if( new_ctb ) {
if( len < 192 )
return 2;
commit c0268c449d0f3d23be5ec7b92fe92e7e078166cf
Author: Neal H. Walfield <neal at g10code.com>
Date: Mon Feb 8 00:31:35 2016 +0100
gpg: Fix format_keyid when dynamically allocating the buffer.
* g10/keyid.c (format_keyid): Return a char *, not a const char *. If
BUFFER is NULL, then set LEN to the static buffer's size.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/g10/keydb.h b/g10/keydb.h
index e679d94..9b4a1cf 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -399,7 +399,7 @@ char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize);
#define PUBKEY_STRING_SIZE 32
u32 v3_keyid (gcry_mpi_t a, u32 *ki);
void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk );
-const char *format_keyid (u32 *keyid, int format, char *buffer, int len);
+char *format_keyid (u32 *keyid, int format, char *buffer, int len);
size_t keystrlen(void);
const char *keystr(u32 *keyid);
const char *keystr_with_sub (u32 *main_kid, u32 *sub_kid);
diff --git a/g10/keyid.c b/g10/keyid.c
index f684276..49eb5f6 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -274,12 +274,15 @@ v3_keyid (gcry_mpi_t a, u32 *ki)
}
-const char *
+char *
format_keyid (u32 *keyid, int format, char *buffer, int len)
{
char tmp[KEYID_STR_SIZE];
if (! buffer)
- buffer = tmp;
+ {
+ buffer = tmp;
+ len = sizeof (tmp);
+ }
if (format == KF_DEFAULT)
format = opt.keyid_format;
commit ad43dc6cfc2b610a4e34fe55811bd937f9c3238b
Author: Neal H. Walfield <neal at g10code.com>
Date: Mon Feb 8 00:30:10 2016 +0100
common: Fix comment.
* common/iobuf.c (iobuf_flush_temp): Fix comment.
--
Signed-off-by: Neal H. Walfield <neal at g10code.com>
diff --git a/common/iobuf.c b/common/iobuf.c
index b6e7885..00d1b8d 100644
--- a/common/iobuf.c
+++ b/common/iobuf.c
@@ -2260,7 +2260,7 @@ void
iobuf_flush_temp (iobuf_t temp)
{
if (temp->use == IOBUF_INPUT || temp->use == IOBUF_INPUT_TEMP)
- log_bug ("iobuf_writestr called on an input pipeline!\n");
+ log_bug ("iobuf_flush_temp called on an input pipeline!\n");
while (temp->chain)
pop_filter (temp, temp->filter, NULL);
}
-----------------------------------------------------------------------
Summary of changes:
common/iobuf.c | 2 +-
g10/build-packet.c | 12 ++++++++----
g10/dek.h | 6 ++++++
g10/encrypt.c | 3 +--
g10/keydb.h | 2 +-
g10/keyid.c | 7 +++++--
g10/seskey.c | 28 +++++++++++++++++-----------
7 files changed, 39 insertions(+), 21 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list